@civic/auth 0.0.1-beta.31 → 0.0.1-beta.5

package/dist/cjs/src/shared/providers/TokenProvider.js

@@ -1,80 +0,0 @@
-"use strict";
-"use client";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenContext = exports.TokenProvider = void 0;
-const react_1 = __importStar(require("react"));
-const react_query_1 = require("@tanstack/react-query");
-const useAuth_js_1 = require("../../shared/hooks/useAuth.js");
-const useSession_js_1 = require("../../shared/hooks/useSession.js");
-const jwt_1 = require("oslo/jwt");
-const jwt_js_1 = require("../../lib/jwt.js");
-const TokenContext = (0, react_1.createContext)(undefined);
-exports.TokenContext = TokenContext;
-const TokenProvider = ({ children }) => {
-    const { isLoading, error: authError } = (0, useAuth_js_1.useAuth)();
-    const session = (0, useSession_js_1.useSession)();
-    const queryClient = (0, react_query_1.useQueryClient)();
-    const refreshTokenMutation = (0, react_query_1.useMutation)({
-        mutationFn: async () => {
-            // Implement token refresh logic here
-            throw new Error("Method not implemented.");
-        },
-        onSuccess: () => {
-            // Invalidate and refetch queries that depend on the auth session
-            queryClient.invalidateQueries({ queryKey: ["session"] });
-        },
-    });
-    const decodeTokens = (0, react_1.useMemo)(() => {
-        if (!session?.idToken)
-            return null;
-        const parsedJWT = (0, jwt_1.parseJWT)(session.idToken);
-        if (!parsedJWT)
-            return null;
-        const { forwardedTokens } = parsedJWT.payload;
-        return forwardedTokens
-            ? (0, jwt_js_1.convertForwardedTokenFormat)(forwardedTokens)
-            : null;
-    }, [session?.idToken]);
-    const value = (0, react_1.useMemo)(() => ({
-        accessToken: session.accessToken || null,
-        idToken: session.idToken || null,
-        forwardedTokens: decodeTokens || {},
-        refreshToken: refreshTokenMutation.mutateAsync,
-        isLoading,
-        error: (authError || refreshTokenMutation.error),
-    }), [
-        session.accessToken,
-        session.idToken,
-        decodeTokens,
-        refreshTokenMutation.mutateAsync,
-        refreshTokenMutation.error,
-        isLoading,
-        authError,
-    ]);
-    return (react_1.default.createElement(TokenContext.Provider, { value: value }, children));
-};
-exports.TokenProvider = TokenProvider;
-//# sourceMappingURL=TokenProvider.js.map

package/dist/cjs/src/shared/providers/TokenProvider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"TokenProvider.js","sourceRoot":"","sources":["../../../../../src/shared/providers/TokenProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AAEb,+CAAsD;AACtD,uDAAoE;AACpE,0DAAoD;AACpD,gEAA0D;AAE1D,kCAAoC;AACpC,yCAA2D;AAW3D,MAAM,YAAY,GAAG,IAAA,qBAAa,EAA+B,SAAS,CAAC,CAAC;AA0DpD,oCAAY;AAxDpC,MAAM,aAAa,GAAG,CAAC,EAAE,QAAQ,EAA2B,EAAE,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IAClD,MAAM,OAAO,GAAG,IAAA,0BAAU,GAAE,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAA,4BAAc,GAAE,CAAC;IAErC,MAAM,oBAAoB,GAAG,IAAA,yBAAW,EAAC;QACvC,UAAU,EAAE,KAAK,IAAI,EAAE;YACrB,qCAAqC;YACrC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,SAAS,EAAE,GAAG,EAAE;YACd,iEAAiE;YACjE,WAAW,CAAC,iBAAiB,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,IAAA,eAAO,EAAC,GAAG,EAAE;QAChC,IAAI,CAAC,OAAO,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,OAAO,CAAC,OAAO,CAAmB,CAAC;QAE9D,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,EAAE,eAAe,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC;QAE9C,OAAO,eAAe;YACpB,CAAC,CAAC,IAAA,oCAA2B,EAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvB,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC;QACL,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;QACxC,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,IAAI;QAChC,eAAe,EAAE,YAAY,IAAI,EAAE;QACnC,YAAY,EAAE,oBAAoB,CAAC,WAAW;QAC9C,SAAS;QACT,KAAK,EAAE,CAAC,SAAS,IAAI,oBAAoB,CAAC,KAAK,CAAiB;KACjE,CAAC,EACF;QACE,OAAO,CAAC,WAAW;QACnB,OAAO,CAAC,OAAO;QACf,YAAY;QACZ,oBAAoB,CAAC,WAAW;QAChC,oBAAoB,CAAC,KAAK;QAC1B,SAAS;QACT,SAAS;KACV,CACF,CAAC;IAEF,OAAO,CACL,8BAAC,YAAY,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,IAAG,QAAQ,CAAyB,CACxE,CAAC;AACJ,CAAC,CAAC;AAGO,sCAAa","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, { createContext, useMemo } from \"react\";\nimport { useMutation, useQueryClient } from \"@tanstack/react-query\";\nimport { useAuth } from \"@/shared/hooks/useAuth.js\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { ForwardedTokens, IdToken } from \"@/types.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\ntype TokenContextType = {\n  accessToken: string | null;\n  idToken: string | null;\n  forwardedTokens: ForwardedTokens;\n  refreshToken: () => Promise<void>;\n  isLoading: boolean;\n  error: Error | null;\n};\n\nconst TokenContext = createContext<TokenContextType | undefined>(undefined);\n\nconst TokenProvider = ({ children }: { children: ReactNode }) => {\n  const { isLoading, error: authError } = useAuth();\n  const session = useSession();\n  const queryClient = useQueryClient();\n\n  const refreshTokenMutation = useMutation({\n    mutationFn: async () => {\n      // Implement token refresh logic here\n      throw new Error(\"Method not implemented.\");\n    },\n    onSuccess: () => {\n      // Invalidate and refetch queries that depend on the auth session\n      queryClient.invalidateQueries({ queryKey: [\"session\"] });\n    },\n  });\n\n  const decodeTokens = useMemo(() => {\n    if (!session?.idToken) return null;\n\n    const parsedJWT = parseJWT(session.idToken) as IdToken | null;\n\n    if (!parsedJWT) return null;\n\n    const { forwardedTokens } = parsedJWT.payload;\n\n    return forwardedTokens\n      ? convertForwardedTokenFormat(forwardedTokens)\n      : null;\n  }, [session?.idToken]);\n\n  const value = useMemo(\n    () => ({\n      accessToken: session.accessToken || null,\n      idToken: session.idToken || null,\n      forwardedTokens: decodeTokens || {},\n      refreshToken: refreshTokenMutation.mutateAsync,\n      isLoading,\n      error: (authError || refreshTokenMutation.error) as Error | null,\n    }),\n    [\n      session.accessToken,\n      session.idToken,\n      decodeTokens,\n      refreshTokenMutation.mutateAsync,\n      refreshTokenMutation.error,\n      isLoading,\n      authError,\n    ],\n  );\n\n  return (\n    <TokenContext.Provider value={value}>{children}</TokenContext.Provider>\n  );\n};\n\nexport type { TokenContextType };\nexport { TokenProvider, TokenContext };\n"]}

package/dist/cjs/src/shared/providers/UserProvider.d.ts

@@ -1,18 +0,0 @@
-import React from "react";
-import type { ReactNode } from "react";
-import type { JWT } from "oslo/jwt";
-import type { AuthStorage, EmptyObject, User } from "../../types.js";
-import type { AuthContextType } from "../../shared/providers/AuthContext.js";
-type UserContextType<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
-    user: User<T> | null;
-} & Omit<AuthContextType, "isAuthenticated">;
-declare const UserContext: React.Context<UserContextType<Record<string, unknown> & object> | null>;
-declare const UserProvider: <T extends EmptyObject>({ children, storage, user: inputUser, signOut: inputSignOut, }: {
-    children: ReactNode;
-    storage: AuthStorage;
-    user?: User<T> | null;
-    signOut?: () => Promise<void>;
-}) => React.JSX.Element;
-export type { UserContextType };
-export { UserProvider, UserContext };
-//# sourceMappingURL=UserProvider.d.ts.map

package/dist/cjs/src/shared/providers/UserProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"UserProvider.d.ts","sourceRoot":"","sources":["../../../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAwB,MAAM,OAAO,CAAC;AAC7C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAGvC,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAIjE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGzE,KAAK,eAAe,CAClB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC1E,GAAG,CAAC,SAAS,CAAC,IACd;IACF,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;CACtB,GAAG,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;AAE7C,QAAA,MAAM,WAAW,yEAA8C,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAI,CAAC,SAAS,WAAW,kEAKxC;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/B,sBA0CA,CAAC;AAEF,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC"}

package/dist/cjs/src/shared/providers/UserProvider.js

@@ -1,65 +0,0 @@
-"use strict";
-"use client";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserContext = exports.UserProvider = void 0;
-const react_1 = __importStar(require("react"));
-const react_query_1 = require("@tanstack/react-query");
-const useAuth_js_1 = require("../../shared/hooks/useAuth.js");
-const useToken_js_1 = require("../../shared/hooks/useToken.js");
-const useSession_js_1 = require("../../shared/hooks/useSession.js");
-const UserSession_js_1 = require("../../shared/lib/UserSession.js");
-const UserContext = (0, react_1.createContext)(null);
-exports.UserContext = UserContext;
-const UserProvider = ({ children, storage, user: inputUser, signOut: inputSignOut, }) => {
-    const { isLoading: authLoading, error: authError } = (0, useAuth_js_1.useAuth)();
-    const session = (0, useSession_js_1.useSession)();
-    const { accessToken, idToken } = (0, useToken_js_1.useToken)();
-    const { signIn, signOut } = (0, useAuth_js_1.useAuth)();
-    const fetchUser = async () => {
-        if (!accessToken) {
-            return null;
-        }
-        const userSession = new UserSession_js_1.GenericUserSession(storage);
-        return userSession.get();
-    };
-    const { data: user, isLoading: userLoading, error: userError, } = (0, react_query_1.useQuery)({
-        queryKey: ["user", session?.idToken],
-        queryFn: fetchUser,
-        enabled: !!session?.idToken, // Only run the query if we have an access token
-    });
-    const isLoading = authLoading || userLoading;
-    const error = authError || userError;
-    const userWithIdToken = user ? { ...user, idToken } : null;
-    return (react_1.default.createElement(UserContext.Provider, { value: {
-            user: (inputUser || userWithIdToken) ?? null,
-            isLoading,
-            error,
-            signIn,
-            signOut: inputSignOut || signOut,
-        } }, children));
-};
-exports.UserProvider = UserProvider;
-//# sourceMappingURL=UserProvider.js.map

package/dist/cjs/src/shared/providers/UserProvider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"UserProvider.js","sourceRoot":"","sources":["../../../../../src/shared/providers/UserProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AAEb,+CAA6C;AAG7C,uDAAiD;AAGjD,0DAAoD;AACpD,4DAAsD;AACtD,gEAA0D;AAE1D,gEAAiE;AASjE,MAAM,WAAW,GAAG,IAAA,qBAAa,EAAyB,IAAI,CAAC,CAAC;AA0DzC,kCAAW;AAxDlC,MAAM,YAAY,GAAG,CAAwB,EAC3C,QAAQ,EACR,OAAO,EACP,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,YAAY,GAMtB,EAAE,EAAE;IACH,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IAC/D,MAAM,OAAO,GAAG,IAAA,0BAAU,GAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,IAAA,sBAAQ,GAAE,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,IAA0B,EAAE;QACjD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC;IAC3B,CAAC,CAAC;IAEF,MAAM,EACJ,IAAI,EAAE,IAAI,EACV,SAAS,EAAE,WAAW,EACtB,KAAK,EAAE,SAAS,GACjB,GAA0C,IAAA,sBAAQ,EAAC;QAClD,QAAQ,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;QACpC,OAAO,EAAE,SAAS;QAClB,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,gDAAgD;KAC9E,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,WAAW,IAAI,WAAW,CAAC;IAC7C,MAAM,KAAK,GAAG,SAAS,IAAI,SAAS,CAAC;IAErC,MAAM,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3D,OAAO,CACL,8BAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI,EAAE,CAAC,SAAS,IAAI,eAAe,CAAC,IAAI,IAAI;YAC5C,SAAS;YACT,KAAK;YACL,MAAM;YACN,OAAO,EAAE,YAAY,IAAI,OAAO;SACjC,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAIO,oCAAY","sourcesContent":["\"use client\";\n\nimport React, { createContext } from \"react\";\nimport type { ReactNode } from \"react\";\nimport type { UseQueryResult } from \"@tanstack/react-query\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport type { JWT } from \"oslo/jwt\";\nimport type { AuthStorage, EmptyObject, User } from \"@/types.js\";\nimport { useAuth } from \"@/shared/hooks/useAuth.js\";\nimport { useToken } from \"@/shared/hooks/useToken.js\";\nimport { useSession } from \"@/shared/hooks/useSession.js\";\nimport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\ntype UserContextType<\n  T extends Record<string, unknown> & JWT[\"payload\"] = Record<string, unknown> &\n    JWT[\"payload\"],\n> = {\n  user: User<T> | null;\n} & Omit<AuthContextType, \"isAuthenticated\">;\n\nconst UserContext = createContext<UserContextType | null>(null);\n\nconst UserProvider = <T extends EmptyObject>({\n  children,\n  storage,\n  user: inputUser,\n  signOut: inputSignOut,\n}: {\n  children: ReactNode;\n  storage: AuthStorage;\n  user?: User<T> | null;\n  signOut?: () => Promise<void>;\n}) => {\n  const { isLoading: authLoading, error: authError } = useAuth();\n  const session = useSession();\n  const { accessToken, idToken } = useToken();\n  const { signIn, signOut } = useAuth();\n\n  const fetchUser = async (): Promise<User | null> => {\n    if (!accessToken) {\n      return null;\n    }\n    const userSession = new GenericUserSession(storage);\n    return userSession.get();\n  };\n\n  const {\n    data: user,\n    isLoading: userLoading,\n    error: userError,\n  }: UseQueryResult<User<T> | null, Error> = useQuery({\n    queryKey: [\"user\", session?.idToken],\n    queryFn: fetchUser,\n    enabled: !!session?.idToken, // Only run the query if we have an access token\n  });\n\n  const isLoading = authLoading || userLoading;\n  const error = authError || userError;\n\n  const userWithIdToken = user ? { ...user, idToken } : null;\n\n  return (\n    <UserContext.Provider\n      value={{\n        user: (inputUser || userWithIdToken) ?? null,\n        isLoading,\n        error,\n        signIn,\n        signOut: inputSignOut || signOut,\n      }}\n    >\n      {children}\n    </UserContext.Provider>\n  );\n};\n\nexport type { UserContextType };\n\nexport { UserProvider, UserContext };\n"]}

package/dist/cjs/src/shared/session.d.ts

@@ -1,3 +0,0 @@
-import type { AuthStorage, User } from "../types.js";
-export declare function getUser(storage: AuthStorage): Promise<User | null>;
-//# sourceMappingURL=session.d.ts.map

package/dist/cjs/src/shared/session.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/shared/session.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEpD,wBAAsB,OAAO,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAMxE"}

package/dist/cjs/src/shared/session.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getUser = getUser;
-const util_js_js_1 = require("../shared/lib/util.js.js");
-const jwt_1 = require("oslo/jwt");
-async function getUser(storage) {
-    const tokens = await (0, util_js_js_1.retrieveTokens)(storage);
-    if (!tokens)
-        return null;
-    // Assumes all information is in the ID token
-    return (0, jwt_1.parseJWT)(tokens.id_token)?.payload ?? null;
-}
-//# sourceMappingURL=session.js.map

package/dist/cjs/src/shared/session.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../../src/shared/session.ts"],"names":[],"mappings":";;AAIA,0BAMC;AAVD,wDAAyD;AACzD,kCAAoC;AAG7B,KAAK,UAAU,OAAO,CAAC,OAAoB;IAChD,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAc,EAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,6CAA6C;IAC7C,OAAQ,IAAA,cAAQ,EAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAgB,IAAI,IAAI,CAAC;AAC9D,CAAC","sourcesContent":["import { retrieveTokens } from \"@/shared/lib/util.js.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport type { AuthStorage, User } from \"@/types.js\";\n\nexport async function getUser(storage: AuthStorage): Promise<User | null> {\n  const tokens = await retrieveTokens(storage);\n  if (!tokens) return null;\n\n  // Assumes all information is in the ID token\n  return (parseJWT(tokens.id_token)?.payload as User) ?? null;\n}\n"]}

package/dist/cjs/src/shared/util.d.ts

@@ -1,39 +0,0 @@
-import type { AuthStorage, Endpoints, OIDCTokenResponseBody, ParsedTokens } from "../types.js";
-import { OAuth2Client } from "oslo/oauth2";
-import type { PKCEConsumer, PKCEProducer } from "../services/types.js";
-/**
- * Given a PKCE code verifier, derive the code challenge using SHA
- */
-export declare function deriveCodeChallenge(codeVerifier: string, method?: "Plain" | "S256"): Promise<string>;
-export declare function getEndpointsWithOverrides(oauthServer: string, endpointOverrides?: Partial<Endpoints>): Promise<{
-    jwks: string;
-    auth: string;
-    token: string;
-    userinfo: string;
-    challenge?: string;
-}>;
-export declare function generateOauthLoginUrl(config: {
-    clientId: string;
-    scopes: string[];
-    state: string;
-    redirectUrl: string;
-    oauthServer: string;
-    nonce?: string;
-    endpointOverrides?: Partial<Endpoints>;
-    pkceConsumer: PKCEConsumer;
-}): Promise<URL>;
-export declare function generateOauthLogoutUrl(config: {
-    clientId: string;
-    scopes: string[];
-    oauthServer: string;
-    endpointOverrides?: Partial<Endpoints>;
-    pkceConsumer: PKCEConsumer;
-}): Promise<URL>;
-export declare function buildOauth2Client(clientId: string, redirectUri: string, endpoints: Endpoints): OAuth2Client;
-export declare function exchangeTokens(code: string, state: string, pkceProducer: PKCEProducer, oauth2Client: OAuth2Client, oauthServer: string, endpoints: Endpoints): Promise<OIDCTokenResponseBody>;
-export declare function storeTokens(storage: AuthStorage, tokens: OIDCTokenResponseBody): void;
-export declare function clearTokens(storage: AuthStorage): void;
-export declare function clearUser(storage: AuthStorage): void;
-export declare function retrieveTokens(storage: AuthStorage): Promise<OIDCTokenResponseBody | null>;
-export declare function validateOauth2Tokens(tokens: OIDCTokenResponseBody, endpoints: Endpoints, oauth2Client: OAuth2Client, issuer: string): Promise<ParsedTokens>;
-//# sourceMappingURL=util.d.ts.map

package/dist/cjs/src/shared/util.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../src/shared/util.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM;;;;;;GAO3C;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA2Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CAGf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAqBrB;AAED,wBAAgB,WAAW,CACzB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,QAO9B;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,QAO/C;AACD,wBAAgB,SAAS,CAAC,OAAO,EAAE,WAAW,QAG7C;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAYvC;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CA2BvB"}

package/dist/cjs/src/shared/util.js

@@ -1,162 +0,0 @@
-"use strict";
-// Utility functions shared by auth server and client integrations
-// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.deriveCodeChallenge = deriveCodeChallenge;
-exports.getEndpointsWithOverrides = getEndpointsWithOverrides;
-exports.generateOauthLoginUrl = generateOauthLoginUrl;
-exports.generateOauthLogoutUrl = generateOauthLogoutUrl;
-exports.buildOauth2Client = buildOauth2Client;
-exports.exchangeTokens = exchangeTokens;
-exports.storeTokens = storeTokens;
-exports.clearTokens = clearTokens;
-exports.clearUser = clearUser;
-exports.retrieveTokens = retrieveTokens;
-exports.validateOauth2Tokens = validateOauth2Tokens;
-const types_js_1 = require("./types.js");
-const oauth2_1 = require("oslo/oauth2");
-const oauth_js_1 = require("../lib/oauth.js");
-const jose = __importStar(require("jose"));
-const utils_js_1 = require("../utils.js");
-const UserSession_js_1 = require("./UserSession.js");
-/**
- * Given a PKCE code verifier, derive the code challenge using SHA
- */
-async function deriveCodeChallenge(codeVerifier, method = "S256") {
-    if (method === "Plain") {
-        console.warn("Using insecure plain code challenge method");
-        return codeVerifier;
-    }
-    const encoder = new TextEncoder();
-    const data = encoder.encode(codeVerifier);
-    const digest = await crypto.subtle.digest("SHA-256", data);
-    return btoa(String.fromCharCode(...new Uint8Array(digest)))
-        .replace(/\+/g, "-")
-        .replace(/\//g, "_")
-        .replace(/=+$/, "");
-}
-async function getEndpointsWithOverrides(oauthServer, endpointOverrides = {}) {
-    const endpoints = await (0, oauth_js_1.getOauthEndpoints)(oauthServer);
-    return {
-        ...endpoints,
-        ...endpointOverrides,
-    };
-}
-async function generateOauthLoginUrl(config) {
-    const endpoints = await getEndpointsWithOverrides(config.oauthServer, config.endpointOverrides);
-    const oauth2Client = buildOauth2Client(config.clientId, config.redirectUrl, endpoints);
-    const challenge = await config.pkceConsumer.getCodeChallenge();
-    const oAuthUrl = await oauth2Client.createAuthorizationURL({
-        state: config.state,
-        scopes: config.scopes,
-    });
-    // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source
-    // It only allows passing in a code verifier which it then hashes itself.
-    oAuthUrl.searchParams.append("code_challenge", challenge);
-    oAuthUrl.searchParams.append("code_challenge_method", "S256");
-    if (config.nonce) {
-        // nonce isn't supported by oslo, so we add it manually
-        oAuthUrl.searchParams.append("nonce", config.nonce);
-    }
-    // Required by the auth server for offline_access scope
-    oAuthUrl.searchParams.append("prompt", "consent");
-    return oAuthUrl;
-}
-async function generateOauthLogoutUrl(config) {
-    // TODO
-    return new URL("http://localhost");
-}
-function buildOauth2Client(clientId, redirectUri, endpoints) {
-    return new oauth2_1.OAuth2Client(clientId, endpoints.auth, endpoints.token, {
-        redirectURI: redirectUri,
-    });
-}
-async function exchangeTokens(code, state, pkceProducer, oauth2Client, oauthServer, endpoints) {
-    const codeVerifier = await pkceProducer.getCodeVerifier();
-    if (!codeVerifier)
-        throw new Error("Code verifier not found in state");
-    const tokens = await oauth2Client.validateAuthorizationCode(code, {
-        codeVerifier,
-    });
-    // Validate relevant tokens
-    try {
-        await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);
-    }
-    catch (error) {
-        console.error("tokenExchange error", { error, tokens });
-        throw new Error(`OIDC tokens validation failed: ${error.message}`);
-    }
-    return tokens;
-}
-function storeTokens(storage, tokens) {
-    // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )
-    storage.set(types_js_1.OAuthTokens.ID_TOKEN, tokens.id_token);
-    storage.set(types_js_1.OAuthTokens.ACCESS_TOKEN, tokens.access_token);
-    if (tokens.refresh_token)
-        storage.set(types_js_1.OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);
-}
-function clearTokens(storage) {
-    Object.values(types_js_1.OAuthTokens).forEach((cookie) => {
-        storage.set(cookie, "");
-    });
-    Object.values(types_js_1.CodeVerifier.COOKIE_NAME).forEach((cookie) => {
-        storage.set(cookie, "");
-    });
-}
-function clearUser(storage) {
-    const userSession = new UserSession_js_1.GenericUserSession(storage);
-    userSession.set(null);
-}
-async function retrieveTokens(storage) {
-    const idToken = await storage.get(types_js_1.OAuthTokens.ID_TOKEN);
-    const accessToken = await storage.get(types_js_1.OAuthTokens.ACCESS_TOKEN);
-    const refreshToken = await storage.get(types_js_1.OAuthTokens.REFRESH_TOKEN);
-    if (!idToken || !accessToken)
-        return null;
-    return {
-        id_token: idToken,
-        access_token: accessToken,
-        refresh_token: refreshToken ?? undefined,
-    };
-}
-async function validateOauth2Tokens(tokens, endpoints, oauth2Client, issuer) {
-    const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));
-    // validate the ID token
-    const idTokenResponse = await jose.jwtVerify(tokens.id_token, JWKS, {
-        issuer: (0, oauth_js_1.getIssuerVariations)(issuer),
-        audience: oauth2Client.clientId,
-    });
-    // validate the access token
-    const accessTokenResponse = await jose.jwtVerify(tokens.access_token, JWKS, {
-        issuer: (0, oauth_js_1.getIssuerVariations)(issuer),
-    });
-    return (0, utils_js_1.withoutUndefined)({
-        id_token: idTokenResponse.payload,
-        access_token: accessTokenResponse.payload,
-        refresh_token: tokens.refresh_token,
-    });
-}
-//# sourceMappingURL=util.js.map

package/dist/cjs/src/shared/util.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/shared/util.ts"],"names":[],"mappings":";AAAA,kEAAkE;AAClE,qHAAqH;;;;;;;;;;;;;;;;;;;;;;;;;AAoBrH,kDAgBC;AAED,8DASC;AAED,sDAqCC;AAED,wDAUC;AAED,8CAQC;AAED,wCA2BC;AAED,kCASC;AAED,kCAOC;AACD,8BAGC;AAED,wCAcC;AAED,oDAgCC;AA1MD,yCAAuD;AACvD,wCAA2C;AAC3C,6CAAwE;AACxE,2CAA6B;AAC7B,yCAA8C;AAE9C,qDAAsD;AAEtD;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,OAAO;IACP,OAAO,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,WAAW,CACzB,OAAoB,EACpB,MAA6B;IAE7B,4GAA4G;IAC5G,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,aAAa;QACtB,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;AACjE,CAAC;AAED,SAAgB,WAAW,CAAC,OAAoB;IAC9C,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,MAAM,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AACD,SAAgB,SAAS,CAAC,OAAoB;IAC5C,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAElE,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;KACzC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\n\nimport type {\n  AuthStorage,\n  Endpoints,\n  JWTPayload,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n} from \"@/types.js\";\nimport { CodeVerifier, OAuthTokens } from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"./UserSession.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n  codeVerifier: string,\n  method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n  if (method === \"Plain\") {\n    console.warn(\"Using insecure plain code challenge method\");\n    return codeVerifier;\n  }\n\n  const encoder = new TextEncoder();\n  const data = encoder.encode(codeVerifier);\n  const digest = await crypto.subtle.digest(\"SHA-256\", data);\n  return btoa(String.fromCharCode(...new Uint8Array(digest)))\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n  oauthServer: string,\n  endpointOverrides: Partial<Endpoints> = {},\n) {\n  const endpoints = await getOauthEndpoints(oauthServer);\n  return {\n    ...endpoints,\n    ...endpointOverrides,\n  };\n}\n\nexport async function generateOauthLoginUrl(config: {\n  clientId: string;\n  scopes: string[];\n  state: string;\n  redirectUrl: string;\n  oauthServer: string;\n  nonce?: string;\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n  const endpoints = await getEndpointsWithOverrides(\n    config.oauthServer,\n    config.endpointOverrides,\n  );\n  const oauth2Client = buildOauth2Client(\n    config.clientId,\n    config.redirectUrl,\n    endpoints,\n  );\n  const challenge = await config.pkceConsumer.getCodeChallenge();\n  const oAuthUrl = await oauth2Client.createAuthorizationURL({\n    state: config.state,\n    scopes: config.scopes,\n  });\n  // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n  // It only allows passing in a code verifier which it then hashes itself.\n  oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n  oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n  if (config.nonce) {\n    // nonce isn't supported by oslo, so we add it manually\n    oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n  }\n  // Required by the auth server for offline_access scope\n  oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n  return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n  clientId: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n  // TODO\n  return new URL(\"http://localhost\");\n}\n\nexport function buildOauth2Client(\n  clientId: string,\n  redirectUri: string,\n  endpoints: Endpoints,\n): OAuth2Client {\n  return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n    redirectURI: redirectUri,\n  });\n}\n\nexport async function exchangeTokens(\n  code: string,\n  state: string,\n  pkceProducer: PKCEProducer,\n  oauth2Client: OAuth2Client,\n  oauthServer: string,\n  endpoints: Endpoints,\n) {\n  const codeVerifier = await pkceProducer.getCodeVerifier();\n  if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n  const tokens =\n    await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n      codeVerifier,\n    });\n\n  // Validate relevant tokens\n  try {\n    await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n  } catch (error) {\n    console.error(\"tokenExchange error\", { error, tokens });\n    throw new Error(\n      `OIDC tokens validation failed: ${(error as Error).message}`,\n    );\n  }\n\n  return tokens;\n}\n\nexport function storeTokens(\n  storage: AuthStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n  storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n  storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n  if (tokens.refresh_token)\n    storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n}\n\nexport function clearTokens(storage: AuthStorage) {\n  Object.values(OAuthTokens).forEach((cookie) => {\n    storage.set(cookie, \"\");\n  });\n  Object.values(CodeVerifier.COOKIE_NAME).forEach((cookie) => {\n    storage.set(cookie, \"\");\n  });\n}\nexport function clearUser(storage: AuthStorage) {\n  const userSession = new GenericUserSession(storage);\n  userSession.set(null);\n}\n\nexport async function retrieveTokens(\n  storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n  const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n\n  if (!idToken || !accessToken) return null;\n\n  return {\n    id_token: idToken,\n    access_token: accessToken,\n    refresh_token: refreshToken ?? undefined,\n  };\n}\n\nexport async function validateOauth2Tokens(\n  tokens: OIDCTokenResponseBody,\n  endpoints: Endpoints,\n  oauth2Client: OAuth2Client,\n  issuer: string,\n): Promise<ParsedTokens> {\n  const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n  // validate the ID token\n  const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.id_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(issuer),\n      audience: oauth2Client.clientId,\n    },\n  );\n\n  // validate the access token\n  const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.access_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(issuer),\n    },\n  );\n\n  return withoutUndefined({\n    id_token: idTokenResponse.payload,\n    access_token: accessTokenResponse.payload,\n    refresh_token: tokens.refresh_token,\n  });\n}\n"]}

package/dist/cjs/src/types.d.ts

@@ -1,146 +0,0 @@
-import type { TokenResponseBody } from "oslo/oauth2";
-import type { JWT } from "oslo/jwt";
-type UnknownObject = Record<string, unknown>;
-type EmptyObject = Record<string, never>;
-type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
-interface AuthSessionService {
-    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
-    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
-    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
-    tokenExchange(responseUrl: string): Promise<SessionData>;
-    getSessionData(): SessionData;
-    updateSessionData(data: SessionData): void;
-    getUserInfoService(): Promise<UserInfoService>;
-}
-interface TokenService {
-    exchangeCodeForTokens(authCode: string): Promise<Tokens>;
-    validateIdToken(idToken: string, nonce: string): boolean;
-    refreshAccessToken(refreshToken: string): Promise<Tokens>;
-}
-interface UserInfoService {
-    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
-}
-interface ResourceService {
-    getProtectedResource(accessToken: string): Promise<unknown>;
-}
-type AuthRequest = {
-    clientId: string;
-    redirectUri: string;
-    state: string;
-    nonce: string;
-    scope: string;
-};
-type Endpoints = {
-    jwks: string;
-    auth: string;
-    token: string;
-    userinfo: string;
-    challenge?: string;
-};
-type Config = {
-    oauthServer: string;
-    endpoints?: Endpoints;
-};
-type SessionData = {
-    authenticated: boolean;
-    state?: string;
-    accessToken?: string;
-    refreshToken?: string;
-    idToken?: string;
-    timestamp?: number;
-    expiresIn?: number;
-    codeVerifier?: string;
-    displayMode?: DisplayMode;
-    openerUrl?: string;
-};
-type OIDCTokenResponseBody = TokenResponseBody & {
-    id_token: string;
-};
-type ParsedTokens = {
-    id_token: JWTPayload;
-    access_token: JWTPayload;
-    refresh_token?: string;
-};
-type ForwardedTokens = Record<string, {
-    idToken?: string;
-    accessToken?: string;
-    refreshToken?: string;
-}>;
-type ForwardedTokensJWT = Record<string, {
-    id_token?: string;
-    access_token?: string;
-    refresh_token?: string;
-    scope?: string;
-}>;
-type JWTPayload = JWT["payload"] & {
-    iss: string;
-    aud: string;
-    sub: string;
-    iat: number;
-    exp: number;
-};
-type IdTokenPayload = JWTPayload & {
-    forwardedTokens?: ForwardedTokensJWT;
-    email?: string;
-    name?: string;
-    picture?: string;
-    nonce: string;
-    at_hash: string;
-};
-type IdToken = Omit<JWT, "payload"> & {
-    payload: IdTokenPayload;
-};
-type Tokens = {
-    idToken: string;
-    accessToken: string;
-    refreshToken: string;
-    forwardedTokens: ForwardedTokens;
-};
-type BaseUser = {
-    id: string;
-    email?: string;
-    name?: string;
-    given_name?: string;
-    family_name?: string;
-    picture?: string;
-    updated_at?: Date;
-};
-type User<T extends UnknownObject = EmptyObject> = BaseUser & Partial<Tokens> & T;
-type OpenIdConfiguration = {
-    authorization_endpoint: string;
-    claims_parameter_supported: boolean;
-    claims_supported: string[];
-    code_challenge_methods_supported: string[];
-    end_session_endpoint: string;
-    grant_types_supported: string[];
-    issuer: string;
-    jwks_uri: string;
-    authorization_response_iss_parameter_supported: boolean;
-    response_modes_supported: string[];
-    response_types_supported: string[];
-    scopes_supported: string[];
-    subject_types_supported: string[];
-    token_endpoint_auth_methods_supported: string[];
-    token_endpoint_auth_signing_alg_values_supported: string[];
-    token_endpoint: string;
-    id_token_signing_alg_values_supported: string[];
-    pushed_authorization_request_endpoint: string;
-    request_parameter_supported: boolean;
-    request_uri_parameter_supported: boolean;
-    userinfo_endpoint: string;
-    claim_types_supported: string[];
-};
-type LoginPostMessage = {
-    source: string;
-    type: string;
-    clientId: string;
-    data: {
-        url: string;
-    };
-};
-export type { LoginPostMessage, AuthSessionService, TokenService, UserInfoService, ResourceService, AuthRequest, Tokens, Endpoints, Config, SessionData, OIDCTokenResponseBody, ParsedTokens, BaseUser, User, DisplayMode, UnknownObject, EmptyObject, ForwardedTokens, ForwardedTokensJWT, JWTPayload, IdTokenPayload, IdToken, OpenIdConfiguration, };
-export interface AuthStorage {
-    get(key: string): Promise<string | null>;
-    set(key: string, value: string): Promise<void>;
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/cjs/src/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAGzC,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtE,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,eAAe,CAAC;CAClC,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GACzD,OAAO,CAAC,MAAM,CAAC,GACf,CAAC,CAAC;AAEJ,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD"}

package/dist/cjs/src/types.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=types.js.map

package/dist/cjs/src/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  timestamp?: number;\n  expiresIn?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & { id_token: string };\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\ntype Tokens = {\n  idToken: string;\n  accessToken: string;\n  refreshToken: string;\n  forwardedTokens: ForwardedTokens;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser &\n  Partial<Tokens> &\n  T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\n\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n}\n"]}