@better-auth/oauth-provider 1.5.0-beta.6 → 1.5.0-beta.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client-resource.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as getJwtPlugin, o as getOAuthProviderPlugin, p as handleMcpErrors } from "./utils-
|
|
1
|
+
import { a as getJwtPlugin, o as getOAuthProviderPlugin, p as handleMcpErrors } from "./utils-CUVT0Bep.mjs";
|
|
2
2
|
import { verifyAccessToken } from "better-auth/oauth2";
|
|
3
3
|
import { APIError } from "better-call";
|
|
4
4
|
import { BetterAuthError } from "@better-auth/core/error";
|
package/dist/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as getJwtPlugin, c as parseClientMetadata, d as storeToken, f as validateClientCredentials, i as getClient, l as parsePrompt, m as mcpHandler, n as decryptStoredClientSecret, r as deleteFromPrompt, s as getStoredToken, t as basicToClientCredentials, u as storeClientSecret } from "./utils-
|
|
1
|
+
import { a as getJwtPlugin, c as parseClientMetadata, d as storeToken, f as validateClientCredentials, i as getClient, l as parsePrompt, m as mcpHandler, n as decryptStoredClientSecret, r as deleteFromPrompt, s as getStoredToken, t as basicToClientCredentials, u as storeClientSecret } from "./utils-CUVT0Bep.mjs";
|
|
2
2
|
import { generateCodeChallenge, getJwks, verifyJwsAccessToken } from "better-auth/oauth2";
|
|
3
3
|
import { APIError } from "better-call";
|
|
4
4
|
import { BetterAuthError } from "@better-auth/core/error";
|
|
@@ -643,7 +643,7 @@ async function createRefreshToken(ctx, opts, user, referenceId, client, scopes,
|
|
|
643
643
|
* and returns a valid audience based on the request
|
|
644
644
|
*/
|
|
645
645
|
async function checkResource(ctx, opts, scopes) {
|
|
646
|
-
|
|
646
|
+
const resource = ctx.body.resource;
|
|
647
647
|
const audience = typeof resource === "string" ? [resource] : resource ? [...resource] : void 0;
|
|
648
648
|
if (audience) {
|
|
649
649
|
if (scopes.includes("openid")) audience.push(`${ctx.context.baseURL}/oauth2/userinfo`);
|
|
@@ -1007,7 +1007,7 @@ async function validateJwtAccessToken(ctx, opts, token, clientId) {
|
|
|
1007
1007
|
if (!client || client?.disabled) return { active: false };
|
|
1008
1008
|
if (clientId && jwtPayload.azp !== clientId) return { active: false };
|
|
1009
1009
|
}
|
|
1010
|
-
|
|
1010
|
+
const sessionId = jwtPayload.sid;
|
|
1011
1011
|
if (sessionId) {
|
|
1012
1012
|
const session = await ctx.context.adapter.findOne({
|
|
1013
1013
|
model: "session",
|
|
@@ -1385,7 +1385,7 @@ async function createOAuthClientEndpoint(ctx, opts, settings) {
|
|
|
1385
1385
|
user: session?.user,
|
|
1386
1386
|
session: session?.session
|
|
1387
1387
|
}) : void 0;
|
|
1388
|
-
|
|
1388
|
+
const schema$1 = oauthToSchema({
|
|
1389
1389
|
...body ?? {},
|
|
1390
1390
|
disabled: void 0,
|
|
1391
1391
|
jwks: void 0,
|
|
@@ -1524,9 +1524,9 @@ const SafeUrlSchema = z.url().superRefine((val, ctx) => {
|
|
|
1524
1524
|
async function getClientEndpoint(ctx, opts) {
|
|
1525
1525
|
const session = await getSessionFromCtx(ctx);
|
|
1526
1526
|
if (!session) throw new APIError$1("UNAUTHORIZED");
|
|
1527
|
-
if (!ctx.
|
|
1527
|
+
if (!ctx.headers) throw new APIError$1("BAD_REQUEST");
|
|
1528
1528
|
if (opts.clientPrivileges && !await opts.clientPrivileges({
|
|
1529
|
-
headers: ctx.
|
|
1529
|
+
headers: ctx.headers,
|
|
1530
1530
|
action: "read",
|
|
1531
1531
|
session: session.session,
|
|
1532
1532
|
user: session.user
|
|
@@ -1572,9 +1572,9 @@ async function getClientPublicEndpoint(ctx, opts) {
|
|
|
1572
1572
|
async function getClientsEndpoint(ctx, opts) {
|
|
1573
1573
|
const session = await getSessionFromCtx(ctx);
|
|
1574
1574
|
if (!session) throw new APIError$1("UNAUTHORIZED");
|
|
1575
|
-
if (!ctx.
|
|
1575
|
+
if (!ctx.headers) throw new APIError$1("BAD_REQUEST");
|
|
1576
1576
|
if (opts.clientPrivileges && !await opts.clientPrivileges({
|
|
1577
|
-
headers: ctx.
|
|
1577
|
+
headers: ctx.headers,
|
|
1578
1578
|
action: "list",
|
|
1579
1579
|
session: session.session,
|
|
1580
1580
|
user: session.user
|
|
@@ -1613,9 +1613,9 @@ async function getClientsEndpoint(ctx, opts) {
|
|
|
1613
1613
|
async function deleteClientEndpoint(ctx, opts) {
|
|
1614
1614
|
const session = await getSessionFromCtx(ctx);
|
|
1615
1615
|
if (!session) throw new APIError$1("UNAUTHORIZED");
|
|
1616
|
-
if (!ctx.
|
|
1616
|
+
if (!ctx.headers) throw new APIError$1("BAD_REQUEST");
|
|
1617
1617
|
if (opts.clientPrivileges && !await opts.clientPrivileges({
|
|
1618
|
-
headers: ctx.
|
|
1618
|
+
headers: ctx.headers,
|
|
1619
1619
|
action: "delete",
|
|
1620
1620
|
session: session.session,
|
|
1621
1621
|
user: session.user
|
|
@@ -1646,9 +1646,9 @@ async function deleteClientEndpoint(ctx, opts) {
|
|
|
1646
1646
|
async function updateClientEndpoint(ctx, opts) {
|
|
1647
1647
|
const session = await getSessionFromCtx(ctx);
|
|
1648
1648
|
if (!session) throw new APIError$1("UNAUTHORIZED");
|
|
1649
|
-
if (!ctx.
|
|
1649
|
+
if (!ctx.headers) throw new APIError$1("BAD_REQUEST");
|
|
1650
1650
|
if (opts.clientPrivileges && !await opts.clientPrivileges({
|
|
1651
|
-
headers: ctx.
|
|
1651
|
+
headers: ctx.headers,
|
|
1652
1652
|
action: "update",
|
|
1653
1653
|
session: session.session,
|
|
1654
1654
|
user: session.user
|
|
@@ -1697,9 +1697,9 @@ async function updateClientEndpoint(ctx, opts) {
|
|
|
1697
1697
|
async function rotateClientSecretEndpoint(ctx, opts) {
|
|
1698
1698
|
const session = await getSessionFromCtx(ctx);
|
|
1699
1699
|
if (!session) throw new APIError$1("UNAUTHORIZED");
|
|
1700
|
-
if (!ctx.
|
|
1700
|
+
if (!ctx.headers) throw new APIError$1("BAD_REQUEST");
|
|
1701
1701
|
if (opts.clientPrivileges && !await opts.clientPrivileges({
|
|
1702
|
-
headers: ctx.
|
|
1702
|
+
headers: ctx.headers,
|
|
1703
1703
|
action: "rotate",
|
|
1704
1704
|
session: session.session,
|
|
1705
1705
|
user: session.user
|
|
@@ -283,7 +283,7 @@ function parsePrompt(prompt) {
|
|
|
283
283
|
* @param prompt - the prompt value to delete
|
|
284
284
|
*/
|
|
285
285
|
function deleteFromPrompt(query, prompt) {
|
|
286
|
-
|
|
286
|
+
const prompts = query.get("prompt")?.split(" ");
|
|
287
287
|
const foundPrompt = prompts?.findIndex((v) => v === prompt) ?? -1;
|
|
288
288
|
if (foundPrompt >= 0) {
|
|
289
289
|
prompts?.splice(foundPrompt, 1);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@better-auth/oauth-provider",
|
|
3
|
-
"version": "1.5.0-beta.
|
|
3
|
+
"version": "1.5.0-beta.8",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "An oauth provider plugin for Better Auth",
|
|
6
6
|
"main": "dist/index.mjs",
|
|
@@ -42,8 +42,8 @@
|
|
|
42
42
|
"@modelcontextprotocol/sdk": "^1.25.2",
|
|
43
43
|
"listhen": "^1.9.0",
|
|
44
44
|
"tsdown": "^0.19.0",
|
|
45
|
-
"@better-auth/core": "1.5.0-beta.
|
|
46
|
-
"better-auth": "1.5.0-beta.
|
|
45
|
+
"@better-auth/core": "1.5.0-beta.8",
|
|
46
|
+
"better-auth": "1.5.0-beta.8"
|
|
47
47
|
},
|
|
48
48
|
"dependencies": {
|
|
49
49
|
"jose": "^6.1.0",
|
|
@@ -53,8 +53,8 @@
|
|
|
53
53
|
"@better-auth/utils": "0.3.0",
|
|
54
54
|
"@better-fetch/fetch": "1.1.21",
|
|
55
55
|
"better-call": "1.1.8",
|
|
56
|
-
"@better-auth/core": "1.5.0-beta.
|
|
57
|
-
"better-auth": "1.5.0-beta.
|
|
56
|
+
"@better-auth/core": "1.5.0-beta.8",
|
|
57
|
+
"better-auth": "1.5.0-beta.8"
|
|
58
58
|
},
|
|
59
59
|
"files": [
|
|
60
60
|
"dist"
|