@codefox-inc/oauth-provider 0.3.2 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -14
- package/dist/client/index.d.ts +4 -0
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +1 -0
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/component.d.ts +9 -0
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/clientManagement.d.ts +1 -0
- package/dist/component/clientManagement.d.ts.map +1 -1
- package/dist/component/clientManagement.js +24 -0
- package/dist/component/clientManagement.js.map +1 -1
- package/dist/component/handlers.d.ts +16 -0
- package/dist/component/handlers.d.ts.map +1 -1
- package/dist/component/handlers.js +278 -29
- package/dist/component/handlers.js.map +1 -1
- package/dist/component/mutations.d.ts +9 -0
- package/dist/component/mutations.d.ts.map +1 -1
- package/dist/component/mutations.js +112 -40
- package/dist/component/mutations.js.map +1 -1
- package/dist/component/queries.d.ts +8 -0
- package/dist/component/queries.d.ts.map +1 -1
- package/dist/component/schema.d.ts +18 -4
- package/dist/component/schema.d.ts.map +1 -1
- package/dist/component/schema.js +7 -0
- package/dist/component/schema.js.map +1 -1
- package/dist/lib/oauth.d.ts.map +1 -1
- package/dist/lib/oauth.js +5 -2
- package/dist/lib/oauth.js.map +1 -1
- package/package.json +39 -39
- package/src/client/__tests__/oauth-provider.test.ts +39 -0
- package/src/client/index.ts +4 -0
- package/src/component/__tests__/handlers-protocol.test.ts +914 -0
- package/src/component/__tests__/mutations-protocol.test.ts +448 -0
- package/src/component/__tests__/oauth.test.ts +32 -28
- package/src/component/__tests__/rfc-compliance.test.ts +79 -11
- package/src/component/_generated/component.ts +17 -1
- package/src/component/clientManagement.ts +31 -0
- package/src/component/handlers.ts +358 -32
- package/src/component/mutations.ts +133 -40
- package/src/component/schema.ts +11 -0
- package/src/lib/__tests__/oauth-jwt.test.ts +68 -0
- package/src/lib/oauth.ts +8 -4
package/README.md
CHANGED
|
@@ -19,7 +19,7 @@ This component turns your Convex app into a fully compliant OAuth 2.1 provider,
|
|
|
19
19
|
## Installation
|
|
20
20
|
|
|
21
21
|
```bash
|
|
22
|
-
|
|
22
|
+
bun add @codefox-inc/oauth-provider
|
|
23
23
|
```
|
|
24
24
|
|
|
25
25
|
## Features
|
|
@@ -27,6 +27,8 @@ npm install @codefox-inc/oauth-provider
|
|
|
27
27
|
- **OAuth 2.1 compliant** authorization and token endpoints
|
|
28
28
|
- **OpenID Connect Discovery** for automatic client configuration
|
|
29
29
|
- **PKCE required** for all authorization code flows (S256 only)
|
|
30
|
+
- **RFC 8707 resource indicators** for audience-bound access tokens
|
|
31
|
+
- **RFC 9068 JWT access tokens** (`typ: at+jwt`, `client_id`, `scope`, `jti`)
|
|
30
32
|
- **Secure token storage** using SHA-256 hashing for tokens and authorization codes
|
|
31
33
|
- **JWT access tokens** with RS256 signing
|
|
32
34
|
- **Refresh token rotation** for enhanced security
|
|
@@ -37,7 +39,7 @@ npm install @codefox-inc/oauth-provider
|
|
|
37
39
|
<details>
|
|
38
40
|
<summary><strong>OAuth 2.1 Compliance</strong></summary>
|
|
39
41
|
|
|
40
|
-
This implementation follows [OAuth 2.1
|
|
42
|
+
This implementation follows [OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1) and related OAuth/OIDC specifications:
|
|
41
43
|
|
|
42
44
|
### Supported Grant Types
|
|
43
45
|
- ✅ **Authorization Code with PKCE** (public and confidential clients)
|
|
@@ -50,7 +52,9 @@ This implementation follows [OAuth 2.1 (draft-ietf-oauth-v2-1-14)](https://datat
|
|
|
50
52
|
|
|
51
53
|
### Key Security Requirements
|
|
52
54
|
- **PKCE Enforcement**: All authorization code flows require PKCE with S256 method
|
|
53
|
-
- **Redirect URI Validation**: Exact string matching (with
|
|
55
|
+
- **Redirect URI Validation**: Exact string matching (with RFC 8252 loopback variable port exception only)
|
|
56
|
+
- **Resource Binding**: `resource` values are bound to the authorization grant and refresh token
|
|
57
|
+
- **Access Token Audience**: Access token `aud` is the authorized `resource`, or the configured default audience
|
|
54
58
|
- **Authorization Code**: Single-use, expires in 10 minutes
|
|
55
59
|
- **Token Hashing**: All tokens stored as SHA-256 hashes
|
|
56
60
|
- **Refresh Token Rotation**: New refresh token issued on each use, old token invalidated
|
|
@@ -93,7 +97,7 @@ The `/oauth/authorize` endpoint performs comprehensive validation:
|
|
|
93
97
|
|
|
94
98
|
### Refresh Token Requirements
|
|
95
99
|
|
|
96
|
-
Refresh tokens are **only issued** when the `offline_access` scope is requested and granted during the initial authorization:
|
|
100
|
+
Refresh tokens are **only issued** when the `offline_access` scope is requested and granted during the initial authorization. For OpenID Connect requests, `offline_access` requires `prompt=consent` (or a space-delimited prompt value that includes `consent`):
|
|
97
101
|
|
|
98
102
|
- ✅ **With `offline_access`**: Client receives both access token and refresh token
|
|
99
103
|
- ❌ **Without `offline_access`**: Client receives only access token (no refresh token)
|
|
@@ -108,6 +112,22 @@ This follows OAuth 2.1 and OpenID Connect specifications, ensuring that long-liv
|
|
|
108
112
|
|
|
109
113
|
</details>
|
|
110
114
|
|
|
115
|
+
<details>
|
|
116
|
+
<summary><strong>Resource Indicators and Audience Binding</strong></summary>
|
|
117
|
+
|
|
118
|
+
This provider supports RFC 8707 `resource` indicators for MCP and other resource-server flows.
|
|
119
|
+
|
|
120
|
+
- `resource` is optional on the authorization request.
|
|
121
|
+
- If present, it must be an absolute URI without a fragment.
|
|
122
|
+
- The authorization code stores the approved `resource`.
|
|
123
|
+
- The token request may repeat the same `resource`, but cannot add a new one that was not approved.
|
|
124
|
+
- Refresh tokens preserve the same resource/audience binding during rotation.
|
|
125
|
+
- Access tokens use the authorized `resource` as `aud`; otherwise they use `applicationID` or the default `convex` audience.
|
|
126
|
+
|
|
127
|
+
For custom consent UIs, preserve the incoming `resource` parameter and pass it to `issueAuthorizationCode`.
|
|
128
|
+
|
|
129
|
+
</details>
|
|
130
|
+
|
|
111
131
|
## OAuth Token Detection Helper
|
|
112
132
|
|
|
113
133
|
Provides helper functions to distinguish between OAuth tokens and session tokens:
|
|
@@ -141,9 +161,9 @@ If you're using [Convex Auth](https://labs.convex.dev/auth), you already have th
|
|
|
141
161
|
If you're using [@convex-dev/better-auth](https://labs.convex.dev/better-auth), you can share the same keys:
|
|
142
162
|
|
|
143
163
|
```bash
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
164
|
+
bunx convex env set OAUTH_PRIVATE_KEY "$(cat private.pem)" # Or use JWT_PRIVATE_KEY
|
|
165
|
+
bunx convex env set OAUTH_JWKS '{"keys":[...]}' # Or use JWKS
|
|
166
|
+
bunx convex env set SITE_URL "https://your-app.example.com"
|
|
147
167
|
```
|
|
148
168
|
|
|
149
169
|
**Important:** When using Better Auth, set `applicationID: "oauth-provider"` in your OAuthProvider config to distinguish OAuth tokens from Better Auth session tokens.
|
|
@@ -173,9 +193,9 @@ const privateKey = fs.readFileSync('private.pem', 'utf8');
|
|
|
173
193
|
Set environment variables:
|
|
174
194
|
|
|
175
195
|
```bash
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
196
|
+
bunx convex env set JWT_PRIVATE_KEY "-----BEGIN RSA PRIVATE KEY-----\n..."
|
|
197
|
+
bunx convex env set JWKS '{"keys":[...]}'
|
|
198
|
+
bunx convex env set SITE_URL "https://your-app.example.com"
|
|
179
199
|
```
|
|
180
200
|
|
|
181
201
|
</details>
|
|
@@ -434,6 +454,7 @@ GET /oauth/authorize?
|
|
|
434
454
|
&client_id=CLIENT_ID
|
|
435
455
|
&redirect_uri=REDIRECT_URI
|
|
436
456
|
&scope=openid+profile+email
|
|
457
|
+
&resource=https://api.example.com/mcp
|
|
437
458
|
&state=STATE
|
|
438
459
|
&code_challenge=CHALLENGE
|
|
439
460
|
&code_challenge_method=S256
|
|
@@ -445,9 +466,10 @@ The handler:
|
|
|
445
466
|
2. Checks redirect_uri against registered URIs
|
|
446
467
|
3. Validates requested scopes
|
|
447
468
|
4. Requires PKCE (code_challenge)
|
|
448
|
-
5.
|
|
449
|
-
6.
|
|
450
|
-
7.
|
|
469
|
+
5. Validates and binds `resource` when provided
|
|
470
|
+
6. Authenticates the user via `getUserId`
|
|
471
|
+
7. Issues authorization code
|
|
472
|
+
8. Redirects back to the client with the code
|
|
451
473
|
|
|
452
474
|
<details>
|
|
453
475
|
<summary><strong>Custom Authorization Flow (Advanced)</strong></summary>
|
|
@@ -468,6 +490,7 @@ export const approveAuthorization = mutation({
|
|
|
468
490
|
codeChallenge: string;
|
|
469
491
|
codeChallengeMethod: string;
|
|
470
492
|
nonce?: string;
|
|
493
|
+
resource?: string;
|
|
471
494
|
}) => {
|
|
472
495
|
// Verify user is authenticated
|
|
473
496
|
const identity = await ctx.auth.getUserIdentity();
|
|
@@ -488,6 +511,7 @@ export const approveAuthorization = mutation({
|
|
|
488
511
|
codeChallenge: args.codeChallenge,
|
|
489
512
|
codeChallengeMethod: args.codeChallengeMethod,
|
|
490
513
|
nonce: args.nonce,
|
|
514
|
+
resource: args.resource,
|
|
491
515
|
});
|
|
492
516
|
|
|
493
517
|
return authCode;
|
|
@@ -495,6 +519,8 @@ export const approveAuthorization = mutation({
|
|
|
495
519
|
});
|
|
496
520
|
```
|
|
497
521
|
|
|
522
|
+
When the authorization request contains `resource`, show it in the consent UI and pass it through unchanged. If the token request asks for a `resource` that was not stored on the authorization code, the token endpoint returns `invalid_target`.
|
|
523
|
+
|
|
498
524
|
</details>
|
|
499
525
|
|
|
500
526
|
<details>
|
|
@@ -664,7 +690,7 @@ if (identity?.issuer?.includes("/oauth")) {
|
|
|
664
690
|
## Testing
|
|
665
691
|
|
|
666
692
|
```bash
|
|
667
|
-
|
|
693
|
+
bun run test
|
|
668
694
|
```
|
|
669
695
|
|
|
670
696
|
## License
|
package/dist/client/index.d.ts
CHANGED
|
@@ -99,6 +99,7 @@ export declare class OAuthProvider {
|
|
|
99
99
|
codeChallenge?: string;
|
|
100
100
|
codeChallengeMethod?: string;
|
|
101
101
|
nonce?: string;
|
|
102
|
+
resource?: string;
|
|
102
103
|
}): Promise<string>;
|
|
103
104
|
/**
|
|
104
105
|
* Get OAuth Client
|
|
@@ -108,6 +109,7 @@ export declare class OAuthProvider {
|
|
|
108
109
|
type: "confidential" | "public";
|
|
109
110
|
redirectUris: string[];
|
|
110
111
|
allowedScopes: string[];
|
|
112
|
+
tokenEndpointAuthMethod?: "client_secret_basic" | "client_secret_post" | "none";
|
|
111
113
|
} | null>;
|
|
112
114
|
/**
|
|
113
115
|
* Register OAuth Client (for admin use)
|
|
@@ -121,6 +123,7 @@ export declare class OAuthProvider {
|
|
|
121
123
|
logoUrl?: string;
|
|
122
124
|
tosUrl?: string;
|
|
123
125
|
policyUrl?: string;
|
|
126
|
+
tokenEndpointAuthMethod?: "client_secret_basic" | "client_secret_post" | "none";
|
|
124
127
|
}): Promise<{
|
|
125
128
|
clientId: string;
|
|
126
129
|
clientSecret?: string;
|
|
@@ -155,6 +158,7 @@ export declare class OAuthProvider {
|
|
|
155
158
|
userId: string;
|
|
156
159
|
clientId: string;
|
|
157
160
|
scopes: string[];
|
|
161
|
+
resource?: string;
|
|
158
162
|
}): Promise<any>;
|
|
159
163
|
/**
|
|
160
164
|
* Revoke authorization and delete all associated tokens
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGxF,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAG/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,YAAY,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAG9D,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACxE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE5F;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,GAAG,CAAoB;IAE/B,OAAO,CAAC,SAAS,CAAM;gBAInB,SAAS,EAAE,GAAG,EACd,MAAM,EAAE,mBAAmB;IAO/B,SAAS,IAAI,mBAAmB;IAKhC,OAAO,CAAC,SAAS;IA8BjB;;;;;OAKG;IACH,IAAI,QAAQ;QAEJ;;;WAGG;mCACwB,YAAY,WAAW,OAAO;QAGzD;;;WAGG;yBACc,YAAY,WAAW,OAAO;QAG/C;;;WAGG;oBACS,YAAY,WAAW,OAAO;QAG1C;;;WAGG;qBACU,YAAY,WAAW,OAAO;QAG3C;;;;WAIG;wBACa,YAAY,WAAW,OAAO,kBAAkB,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;QAG/G;;;WAGG;wBACa,YAAY,WAAW,OAAO;QAG9C;;;WAGG;iCACsB,YAAY,WAAW,OAAO;MAG9D;IAED;;;;OAIG;IACG,sBAAsB,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QACpD,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGxF,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAG/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,YAAY,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAG9D,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACxE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE5F;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,GAAG,CAAoB;IAE/B,OAAO,CAAC,SAAS,CAAM;gBAInB,SAAS,EAAE,GAAG,EACd,MAAM,EAAE,mBAAmB;IAO/B,SAAS,IAAI,mBAAmB;IAKhC,OAAO,CAAC,SAAS;IA8BjB;;;;;OAKG;IACH,IAAI,QAAQ;QAEJ;;;WAGG;mCACwB,YAAY,WAAW,OAAO;QAGzD;;;WAGG;yBACc,YAAY,WAAW,OAAO;QAG/C;;;WAGG;oBACS,YAAY,WAAW,OAAO;QAG1C;;;WAGG;qBACU,YAAY,WAAW,OAAO;QAG3C;;;;WAIG;wBACa,YAAY,WAAW,OAAO,kBAAkB,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;QAG/G;;;WAGG;wBACa,YAAY,WAAW,OAAO;QAG9C;;;WAGG;iCACsB,YAAY,WAAW,OAAO;MAG9D;IAED;;;;OAIG;IACG,sBAAsB,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QACpD,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,MAAM,CAAC;IAyBnB;;OAEG;IACG,SAAS,CAAC,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM;;;;;;;IAIlD;;OAEG;IACG,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QAC5C,IAAI,EAAE,MAAM,CAAC;QACb,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,uBAAuB,CAAC,EAAE,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;KACnF;;;;;IAID;;OAEG;IACG,eAAe,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;;;;;;;;IAQtD;;;OAGG;IACG,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAIzE;;;OAGG;IACG,sBAAsB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;IAI7D;;;OAGG;IACG,mBAAmB,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QACjD,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB;IAID;;;OAGG;IACG,mBAAmB,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAI/E;;;OAGG;IACG,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAQtH;;;OAGG;IACG,uBAAuB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUpG;;;;;;;;;;;;OAYG;IACH,0BAA0B,KACR,KAAK,WAAW,EAAE,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CAAC;CAI3F"}
|
package/dist/client/index.js
CHANGED
|
@@ -126,6 +126,7 @@ export class OAuthProvider {
|
|
|
126
126
|
userId: args.userId,
|
|
127
127
|
clientId: args.clientId,
|
|
128
128
|
scopes: args.scopes,
|
|
129
|
+
...(args.resource ? { resource: args.resource } : {}),
|
|
129
130
|
});
|
|
130
131
|
// 2. Issue the authorization code
|
|
131
132
|
return this.api.mutations.issueAuthorizationCode(ctx, {
|
package/dist/client/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,0BAA0B,EAC1B,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,6BAA6B,GAChC,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE/E,yCAAyC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,4BAA4B;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,wBAAwB;AACxB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQxE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,aAAa;IACd,MAAM,CAAsB;IAC5B,GAAG,CAAoB;IAEvB,SAAS,CAAM;IAEvB,YAEI,SAAc,EACd,MAA2B;QAE3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,SAAS;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAGO,SAAS,CAAC,SAAc;QAC5B,OAAO;YACH,OAAO,EAAE;gBACL,SAAS,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;gBACzE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;gBACrF,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;aACxF;YACD,SAAS,EAAE;gBACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAClC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC;gBACrE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC3B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,CAAC;gBAC9D,UAAU,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACtB,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC;gBACzD,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,kBAAkB,EAAE,IAAI,CAAC;gBACjE,mBAAmB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC/B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC;gBAClE,2BAA2B,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACvC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,2BAA2B,EAAE,IAAI,CAAC;aAC7E;YACD,gBAAgB,EAAE;gBACd,cAAc,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC1B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,cAAc,EAAE,IAAI,CAAC;gBACpE,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,CAAC;aAC3E;SACJ,CAAC;IACN,CAAC;IAED;;;;;OAKG;IACH,IAAI,QAAQ;QACR,OAAO;YACH;;;eAGG;YACH,mBAAmB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACzD,0BAA0B,CAAC,GAAuD,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE7G;;;eAGG;YACH,SAAS,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC/C,gBAAgB,CAAC,GAA6C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEnG;;;eAGG;YACH,IAAI,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC1C,WAAW,CAAC,GAAwC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE/E;;;eAGG;YACH,KAAK,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC3C,YAAY,CAAC,GAAyC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAE3F;;;;eAIG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,cAA+D,EAAE,EAAE,CAC/G,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC;YAEvG;;;eAGG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC9C,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEjG;;;eAGG;YACH,iBAAiB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACvD,6BAA6B,CAAC,GAA0D,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;SACtH,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAmB,EAAE,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,0BAA0B,EAC1B,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,6BAA6B,GAChC,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE/E,yCAAyC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,4BAA4B;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,wBAAwB;AACxB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQxE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,aAAa;IACd,MAAM,CAAsB;IAC5B,GAAG,CAAoB;IAEvB,SAAS,CAAM;IAEvB,YAEI,SAAc,EACd,MAA2B;QAE3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,SAAS;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAGO,SAAS,CAAC,SAAc;QAC5B,OAAO;YACH,OAAO,EAAE;gBACL,SAAS,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;gBACzE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;gBACrF,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;aACxF;YACD,SAAS,EAAE;gBACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAClC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC;gBACrE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC3B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,CAAC;gBAC9D,UAAU,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACtB,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC;gBACzD,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,kBAAkB,EAAE,IAAI,CAAC;gBACjE,mBAAmB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC/B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC;gBAClE,2BAA2B,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACvC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,2BAA2B,EAAE,IAAI,CAAC;aAC7E;YACD,gBAAgB,EAAE;gBACd,cAAc,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC1B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,cAAc,EAAE,IAAI,CAAC;gBACpE,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,CAAC;aAC3E;SACJ,CAAC;IACN,CAAC;IAED;;;;;OAKG;IACH,IAAI,QAAQ;QACR,OAAO;YACH;;;eAGG;YACH,mBAAmB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACzD,0BAA0B,CAAC,GAAuD,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE7G;;;eAGG;YACH,SAAS,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC/C,gBAAgB,CAAC,GAA6C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEnG;;;eAGG;YACH,IAAI,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC1C,WAAW,CAAC,GAAwC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE/E;;;eAGG;YACH,KAAK,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC3C,YAAY,CAAC,GAAyC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAE3F;;;;eAIG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,cAA+D,EAAE,EAAE,CAC/G,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC;YAEvG;;;eAGG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC9C,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEjG;;;eAGG;YACH,iBAAiB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACvD,6BAA6B,CAAC,GAA0D,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;SACtH,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAmB,EAAE,IASjD;QACG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,IAAI,MAAM,CAAC;QAC/D,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC;QAED,yDAAyD;QACzD,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE;YAC9C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;QAEH,kCAAkC;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,GAAG,EAAE;YAClD,GAAG,IAAI;YACP,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,mBAAmB;SACtB,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,GAAgB,EAAE,QAAgB;QAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB,EAAE,IAUzC;QACG,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,MAAc;QAClD,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAE5E;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAgB;QACrE,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IACvF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAgB,EAAE,MAAc;QACzD,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACnF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAmB,EAAE,IAK9C;QACG,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAmB,EAAE,MAAc,EAAE,QAAgB;QAC3E,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAgB,EAAE,cAAwB;QAC/F,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,8CAA8C;QAC9C,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,uBAAuB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAiB;QAC7E,IAAI,QAAQ,EAAE,CAAC;YACX,sCAAsC;YACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACJ,sCAAsC;YACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAChF,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,0BAA0B;QACtB,OAAO,KAAK,EAAE,GAAgB,EAAE,MAAc,EAAE,QAAiB,EAAoB,EAAE;YACnF,OAAO,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC;IACN,CAAC;CACJ"}
|
|
@@ -31,6 +31,7 @@ export type ComponentApi<Name extends string | undefined = string | undefined> =
|
|
|
31
31
|
policyUrl?: string;
|
|
32
32
|
redirectUris: Array<string>;
|
|
33
33
|
scopes: Array<string>;
|
|
34
|
+
tokenEndpointAuthMethod?: "client_secret_basic" | "client_secret_post" | "none";
|
|
34
35
|
tosUrl?: string;
|
|
35
36
|
type: "confidential" | "public";
|
|
36
37
|
website?: string;
|
|
@@ -46,16 +47,19 @@ export type ComponentApi<Name extends string | undefined = string | undefined> =
|
|
|
46
47
|
code: string;
|
|
47
48
|
codeVerifier: string;
|
|
48
49
|
redirectUri?: string;
|
|
50
|
+
resource?: string;
|
|
49
51
|
}, any, Name>;
|
|
50
52
|
deleteClient: FunctionReference<"mutation", "internal", {
|
|
51
53
|
clientId: string;
|
|
52
54
|
}, any, Name>;
|
|
53
55
|
issueAuthorizationCode: FunctionReference<"mutation", "internal", {
|
|
56
|
+
authTime?: number;
|
|
54
57
|
clientId: string;
|
|
55
58
|
codeChallenge: string;
|
|
56
59
|
codeChallengeMethod: string;
|
|
57
60
|
nonce?: string;
|
|
58
61
|
redirectUri: string;
|
|
62
|
+
resource?: string;
|
|
59
63
|
scopes: Array<string>;
|
|
60
64
|
userId: string;
|
|
61
65
|
}, any, Name>;
|
|
@@ -65,21 +69,25 @@ export type ComponentApi<Name extends string | undefined = string | undefined> =
|
|
|
65
69
|
}, any, Name>;
|
|
66
70
|
rotateRefreshToken: FunctionReference<"mutation", "internal", {
|
|
67
71
|
accessToken: string;
|
|
72
|
+
audience?: string;
|
|
68
73
|
clientId: string;
|
|
69
74
|
expiresAt: number;
|
|
70
75
|
oldRefreshToken: string;
|
|
71
76
|
refreshToken?: string;
|
|
72
77
|
refreshTokenExpiresAt?: number;
|
|
78
|
+
resource?: string;
|
|
73
79
|
scopes: Array<string>;
|
|
74
80
|
userId: string;
|
|
75
81
|
}, any, Name>;
|
|
76
82
|
saveTokens: FunctionReference<"mutation", "internal", {
|
|
77
83
|
accessToken: string;
|
|
84
|
+
audience?: string;
|
|
78
85
|
authorizationCode?: string;
|
|
79
86
|
clientId: string;
|
|
80
87
|
expiresAt: number;
|
|
81
88
|
refreshToken?: string;
|
|
82
89
|
refreshTokenExpiresAt?: number;
|
|
90
|
+
resource?: string;
|
|
83
91
|
scopes: Array<string>;
|
|
84
92
|
userId: string;
|
|
85
93
|
}, any, Name>;
|
|
@@ -89,6 +97,7 @@ export type ComponentApi<Name extends string | undefined = string | undefined> =
|
|
|
89
97
|
}, any, Name>;
|
|
90
98
|
upsertAuthorization: FunctionReference<"mutation", "internal", {
|
|
91
99
|
clientId: string;
|
|
100
|
+
resource?: string;
|
|
92
101
|
scopes: Array<string>;
|
|
93
102
|
userId: string;
|
|
94
103
|
}, any, Name>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"component.d.ts","sourceRoot":"","sources":["../../../src/component/_generated/component.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAEvD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,YAAY,CAAC,IAAI,SAAS,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,IAC3E;IACE,gBAAgB,EAAE;QAChB,YAAY,EAAE,iBAAiB,CAC7B,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,EACpB,GAAG,EACH,IAAI,CACL,CAAC;QACF,cAAc,EAAE,iBAAiB,CAC/B,UAAU,EACV,UAAU,EACV;YACE,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACtB,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,EACD,GAAG,EACH,IAAI,CACL,CAAC;QACF,kBAAkB,EAAE,iBAAiB,CACnC,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,YAAY,EAAE,MAAM,CAAA;SAAE,EAC1C,GAAG,EACH,IAAI,CACL,CAAC;KACH,CAAC;IACF,SAAS,EAAE;QACT,eAAe,EAAE,iBAAiB,CAChC,UAAU,EACV,UAAU,EACV;YACE,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,YAAY,EAAE,MAAM,CAAC;YACrB,WAAW,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"component.d.ts","sourceRoot":"","sources":["../../../src/component/_generated/component.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAEvD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,YAAY,CAAC,IAAI,SAAS,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,IAC3E;IACE,gBAAgB,EAAE;QAChB,YAAY,EAAE,iBAAiB,CAC7B,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,EACpB,GAAG,EACH,IAAI,CACL,CAAC;QACF,cAAc,EAAE,iBAAiB,CAC/B,UAAU,EACV,UAAU,EACV;YACE,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACtB,uBAAuB,CAAC,EACpB,qBAAqB,GACrB,oBAAoB,GACpB,MAAM,CAAC;YACX,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,EACD,GAAG,EACH,IAAI,CACL,CAAC;QACF,kBAAkB,EAAE,iBAAiB,CACnC,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,YAAY,EAAE,MAAM,CAAA;SAAE,EAC1C,GAAG,EACH,IAAI,CACL,CAAC;KACH,CAAC;IACF,SAAS,EAAE;QACT,eAAe,EAAE,iBAAiB,CAChC,UAAU,EACV,UAAU,EACV;YACE,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,YAAY,EAAE,MAAM,CAAC;YACrB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACnB,EACD,GAAG,EACH,IAAI,CACL,CAAC;QACF,YAAY,EAAE,iBAAiB,CAC7B,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,EACpB,GAAG,EACH,IAAI,CACL,CAAC;QACF,sBAAsB,EAAE,iBAAiB,CACvC,UAAU,EACV,UAAU,EACV;YACE,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;YACjB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACtB,MAAM,EAAE,MAAM,CAAC;SAChB,EACD,GAAG,EACH,IAAI,CACL,CAAC;QACF,mBAAmB,EAAE,iBAAiB,CACpC,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,EACpC,GAAG,EACH,IAAI,CACL,CAAC;QACF,kBAAkB,EAAE,iBAAiB,CACnC,UAAU,EACV,UAAU,EACV;YACE,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,eAAe,EAAE,MAAM,CAAC;YACxB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACtB,MAAM,EAAE,MAAM,CAAC;SAChB,EACD,GAAG,EACH,IAAI,CACL,CAAC;QACF,UAAU,EAAE,iBAAiB,CAC3B,UAAU,EACV,UAAU,EACV;YACE,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACtB,MAAM,EAAE,MAAM,CAAC;SAChB,EACD,GAAG,EACH,IAAI,CACL,CAAC;QACF,2BAA2B,EAAE,iBAAiB,CAC5C,UAAU,EACV,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,EACpC,GAAG,EACH,IAAI,CACL,CAAC;QACF,mBAAmB,EAAE,iBAAiB,CACpC,UAAU,EACV,UAAU,EACV;YACE,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACtB,MAAM,EAAE,MAAM,CAAC;SAChB,EACD,GAAG,EACH,IAAI,CACL,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,gBAAgB,EAAE,iBAAiB,CACjC,OAAO,EACP,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,EACpC,GAAG,EACH,IAAI,CACL,CAAC;QACF,SAAS,EAAE,iBAAiB,CAC1B,OAAO,EACP,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,EACpB,GAAG,EACH,IAAI,CACL,CAAC;QACF,eAAe,EAAE,iBAAiB,CAChC,OAAO,EACP,UAAU,EACV;YAAE,YAAY,EAAE,MAAM,CAAA;SAAE,EACxB,GAAG,EACH,IAAI,CACL,CAAC;QACF,eAAe,EAAE,iBAAiB,CAChC,OAAO,EACP,UAAU,EACV;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE,EAClB,GAAG,EACH,IAAI,CACL,CAAC;QACF,mBAAmB,EAAE,iBAAiB,CACpC,OAAO,EACP,UAAU,EACV;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE,EAClB,GAAG,EACH,IAAI,CACL,CAAC;QACF,gBAAgB,EAAE,iBAAiB,CACjC,OAAO,EACP,UAAU,EACV;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,EACpC,GAAG,EACH,IAAI,CACL,CAAC;QACF,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACnE,sBAAsB,EAAE,iBAAiB,CACvC,OAAO,EACP,UAAU,EACV;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE,EAClB,GAAG,EACH,IAAI,CACL,CAAC;KACH,CAAC;CACH,CAAC"}
|
|
@@ -7,6 +7,7 @@ export declare const registerClient: import("convex/server").RegisteredMutation<
|
|
|
7
7
|
website?: string | undefined;
|
|
8
8
|
tosUrl?: string | undefined;
|
|
9
9
|
policyUrl?: string | undefined;
|
|
10
|
+
tokenEndpointAuthMethod?: "client_secret_basic" | "client_secret_post" | "none" | undefined;
|
|
10
11
|
isInternal?: boolean | undefined;
|
|
11
12
|
name: string;
|
|
12
13
|
type: "public" | "confidential";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clientManagement.d.ts","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"clientManagement.d.ts","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"AAiDA;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;GAgGzB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;oBAsB7B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,YAAY;;;;GAuCvB,CAAC"}
|
|
@@ -19,6 +19,8 @@ function isValidRedirectUri(uri) {
|
|
|
19
19
|
}
|
|
20
20
|
if (parsed.hash)
|
|
21
21
|
return false;
|
|
22
|
+
if (parsed.username || parsed.password)
|
|
23
|
+
return false;
|
|
22
24
|
const host = parsed.hostname.toLowerCase();
|
|
23
25
|
const isLoopback = host === "localhost" ||
|
|
24
26
|
host === "127.0.0.1" ||
|
|
@@ -27,8 +29,19 @@ function isValidRedirectUri(uri) {
|
|
|
27
29
|
return true;
|
|
28
30
|
if (parsed.protocol === "http:" && isLoopback)
|
|
29
31
|
return true;
|
|
32
|
+
if (isValidPrivateUseRedirectUri(parsed))
|
|
33
|
+
return true;
|
|
30
34
|
return false;
|
|
31
35
|
}
|
|
36
|
+
function isValidPrivateUseRedirectUri(parsed) {
|
|
37
|
+
const scheme = parsed.protocol.slice(0, -1);
|
|
38
|
+
const reverseDomainStyle = /^[a-z][a-z0-9]*(\.[a-z0-9][a-z0-9-]*){2,}$/i;
|
|
39
|
+
return (reverseDomainStyle.test(scheme) &&
|
|
40
|
+
parsed.hostname === "" &&
|
|
41
|
+
parsed.host === "" &&
|
|
42
|
+
parsed.pathname.startsWith("/") &&
|
|
43
|
+
parsed.pathname.length > 1);
|
|
44
|
+
}
|
|
32
45
|
/**
|
|
33
46
|
* Register OAuth Client
|
|
34
47
|
*/
|
|
@@ -44,12 +57,21 @@ export const registerClient = mutation({
|
|
|
44
57
|
logoUrl: v.optional(v.string()),
|
|
45
58
|
tosUrl: v.optional(v.string()),
|
|
46
59
|
policyUrl: v.optional(v.string()),
|
|
60
|
+
tokenEndpointAuthMethod: v.optional(v.union(v.literal("client_secret_basic"), v.literal("client_secret_post"), v.literal("none"))),
|
|
47
61
|
isInternal: v.optional(v.boolean()),
|
|
48
62
|
},
|
|
49
63
|
handler: async (ctx, args) => {
|
|
50
64
|
if (args.redirectUris.length === 0) {
|
|
51
65
|
throw new Error("redirect_uris required");
|
|
52
66
|
}
|
|
67
|
+
if (args.type === "public" &&
|
|
68
|
+
args.tokenEndpointAuthMethod &&
|
|
69
|
+
args.tokenEndpointAuthMethod !== "none") {
|
|
70
|
+
throw new Error("invalid_client_metadata: public clients must use token_endpoint_auth_method none");
|
|
71
|
+
}
|
|
72
|
+
if (args.type === "confidential" && args.tokenEndpointAuthMethod === "none") {
|
|
73
|
+
throw new Error("invalid_client_metadata: confidential clients must authenticate at the token endpoint");
|
|
74
|
+
}
|
|
53
75
|
const invalidRedirect = args.redirectUris.find((uri) => !isValidRedirectUri(uri));
|
|
54
76
|
if (invalidRedirect) {
|
|
55
77
|
throw new Error(`Invalid redirect_uri: ${invalidRedirect}`);
|
|
@@ -75,6 +97,7 @@ export const registerClient = mutation({
|
|
|
75
97
|
logoUrl: args.logoUrl,
|
|
76
98
|
tosUrl: args.tosUrl,
|
|
77
99
|
policyUrl: args.policyUrl,
|
|
100
|
+
tokenEndpointAuthMethod: args.tokenEndpointAuthMethod ?? "client_secret_basic",
|
|
78
101
|
isInternal: args.isInternal,
|
|
79
102
|
});
|
|
80
103
|
return {
|
|
@@ -97,6 +120,7 @@ export const registerClient = mutation({
|
|
|
97
120
|
logoUrl: args.logoUrl,
|
|
98
121
|
tosUrl: args.tosUrl,
|
|
99
122
|
policyUrl: args.policyUrl,
|
|
123
|
+
tokenEndpointAuthMethod: args.tokenEndpointAuthMethod ?? "none",
|
|
100
124
|
isInternal: args.isInternal,
|
|
101
125
|
});
|
|
102
126
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clientManagement.js","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD;;;;;GAKG;AAEH,SAAS,kBAAkB,CAAC,GAAW;IACnC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACD,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"clientManagement.js","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD;;;;;GAKG;AAEH,SAAS,kBAAkB,CAAC,GAAW;IACnC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACD,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAErD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,UAAU,GACZ,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,KAAK,CAAC;IAEnB,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,4BAA4B,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtD,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAW;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,kBAAkB,GAAG,6CAA6C,CAAC;IACzE,OAAO,CACH,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC;QAC/B,MAAM,CAAC,QAAQ,KAAK,EAAE;QACtB,MAAM,CAAC,IAAI,KAAK,EAAE;QAClB,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAC/B,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAC7B,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,QAAQ,CAAC;IACnC,IAAI,EAAE;QACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC7D,WAAW;QACX,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CACvC,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAChC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAC/B,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CACpB,CAAC;QACF,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;KACtC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9C,CAAC;QACD,IACI,IAAI,CAAC,IAAI,KAAK,QAAQ;YACtB,IAAI,CAAC,uBAAuB;YAC5B,IAAI,CAAC,uBAAuB,KAAK,MAAM,EACzC,CAAC;YACC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;QAC7G,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;QAClF,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,eAAe,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAErC,uCAAuC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAC/B,qCAAqC;YACrC,MAAM,YAAY,GAAG,oBAAoB,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;YAEhF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YAE3D,+CAA+C;YAC/C,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;gBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ;gBACR,YAAY,EAAE,gBAAgB,EAAE,cAAc;gBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,qBAAqB;gBAC9E,UAAU,EAAE,IAAI,CAAC,UAAU;aAC9B,CAAC,CAAC;YAEH,OAAO;gBACH,QAAQ;gBACR,YAAY,EAAE,gBAAgB;gBAC9B,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aAClD,CAAC;QACN,CAAC;QAED,4BAA4B;QAC5B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;YAChC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ;YACR,YAAY,EAAE,SAAS;YACvB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,MAAM;YAC/D,UAAU,EAAE,IAAI,CAAC,UAAU;SAC9B,CAAC,CAAC;QAEH,OAAO;YACH,QAAQ;YACR,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SAClD,CAAC;IACN,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACD,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,QAAQ,CAAC;IACjC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,aAAa,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE;aACrB,KAAK,CAAC,YAAY,CAAC;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEhC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;CACJ,CAAC,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import type { ActionCtx } from "./_generated/server.js";
|
|
2
2
|
import type { OAuthConfig, UserProfile } from "../lib/oauth.js";
|
|
3
3
|
import type { RunQueryCtx, RunMutationCtx } from "../lib/convex-types.js";
|
|
4
|
+
type TokenEndpointAuthMethod = "client_secret_basic" | "client_secret_post" | "none";
|
|
4
5
|
/**
|
|
5
6
|
* Component API references (passed from SDK)
|
|
6
7
|
*
|
|
@@ -16,6 +17,7 @@ export interface OAuthComponentAPI {
|
|
|
16
17
|
type: "confidential" | "public";
|
|
17
18
|
redirectUris: string[];
|
|
18
19
|
allowedScopes: string[];
|
|
20
|
+
tokenEndpointAuthMethod?: TokenEndpointAuthMethod;
|
|
19
21
|
} | null>;
|
|
20
22
|
getRefreshToken: (ctx: RunQueryCtx, args: {
|
|
21
23
|
refreshToken: string;
|
|
@@ -25,6 +27,8 @@ export interface OAuthComponentAPI {
|
|
|
25
27
|
userId: string;
|
|
26
28
|
scopes: string[];
|
|
27
29
|
refreshTokenExpiresAt?: number;
|
|
30
|
+
resource?: string;
|
|
31
|
+
audience?: string;
|
|
28
32
|
} | null>;
|
|
29
33
|
getTokensByUser: (ctx: RunQueryCtx, args: {
|
|
30
34
|
userId: string;
|
|
@@ -46,12 +50,15 @@ export interface OAuthComponentAPI {
|
|
|
46
50
|
codeChallenge: string;
|
|
47
51
|
codeChallengeMethod: string;
|
|
48
52
|
nonce?: string;
|
|
53
|
+
resource?: string;
|
|
54
|
+
authTime?: number;
|
|
49
55
|
}) => Promise<string>;
|
|
50
56
|
consumeAuthCode: (ctx: RunMutationCtx, args: {
|
|
51
57
|
code: string;
|
|
52
58
|
clientId: string;
|
|
53
59
|
redirectUri?: string;
|
|
54
60
|
codeVerifier: string;
|
|
61
|
+
resource?: string;
|
|
55
62
|
}) => Promise<{
|
|
56
63
|
userId: string;
|
|
57
64
|
scopes: string[];
|
|
@@ -60,6 +67,8 @@ export interface OAuthComponentAPI {
|
|
|
60
67
|
redirectUri: string;
|
|
61
68
|
nonce?: string;
|
|
62
69
|
codeHash: string;
|
|
70
|
+
resource?: string;
|
|
71
|
+
authTime?: number;
|
|
63
72
|
}>;
|
|
64
73
|
saveTokens: (ctx: RunMutationCtx, args: {
|
|
65
74
|
accessToken: string;
|
|
@@ -70,6 +79,8 @@ export interface OAuthComponentAPI {
|
|
|
70
79
|
expiresAt: number;
|
|
71
80
|
refreshTokenExpiresAt?: number;
|
|
72
81
|
authorizationCode?: string;
|
|
82
|
+
resource?: string;
|
|
83
|
+
audience?: string;
|
|
73
84
|
}) => Promise<void>;
|
|
74
85
|
rotateRefreshToken: (ctx: RunMutationCtx, args: {
|
|
75
86
|
oldRefreshToken: string;
|
|
@@ -80,11 +91,14 @@ export interface OAuthComponentAPI {
|
|
|
80
91
|
scopes: string[];
|
|
81
92
|
expiresAt: number;
|
|
82
93
|
refreshTokenExpiresAt: number;
|
|
94
|
+
resource?: string;
|
|
95
|
+
audience?: string;
|
|
83
96
|
}) => Promise<void>;
|
|
84
97
|
upsertAuthorization: (ctx: RunMutationCtx, args: {
|
|
85
98
|
userId: string;
|
|
86
99
|
clientId: string;
|
|
87
100
|
scopes: string[];
|
|
101
|
+
resource?: string;
|
|
88
102
|
}) => Promise<string>;
|
|
89
103
|
updateAuthorizationLastUsed: (ctx: RunMutationCtx, args: {
|
|
90
104
|
userId: string;
|
|
@@ -101,6 +115,7 @@ export interface OAuthComponentAPI {
|
|
|
101
115
|
logoUrl?: string;
|
|
102
116
|
tosUrl?: string;
|
|
103
117
|
policyUrl?: string;
|
|
118
|
+
tokenEndpointAuthMethod?: TokenEndpointAuthMethod;
|
|
104
119
|
}) => Promise<{
|
|
105
120
|
clientId: string;
|
|
106
121
|
clientSecret?: string;
|
|
@@ -140,4 +155,5 @@ export declare function registerHandler(ctx: ActionCtx, request: Request, config
|
|
|
140
155
|
* Protected Resource Metadata (RFC 9728)
|
|
141
156
|
*/
|
|
142
157
|
export declare function oauthProtectedResourceHandler(_ctx: ActionCtx, request: Request, config: OAuthConfig): Promise<Response>;
|
|
158
|
+
export {};
|
|
143
159
|
//# sourceMappingURL=handlers.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/component/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAexD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAgB,WAAW,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/component/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAexD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAgB,WAAW,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAiBxF,KAAK,uBAAuB,GAAG,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;AAuMrF;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE;QACL,SAAS,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YACjE,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,YAAY,EAAE,MAAM,EAAE,CAAC;YACvB,aAAa,EAAE,MAAM,EAAE,CAAC;YACxB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;SACrD,GAAG,IAAI,CAAC,CAAC;QACV,eAAe,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,YAAY,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,GAAG,IAAI,CAAC,CAAC;QACV,eAAe,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC,KAAK,CAAC;YAC3E,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,oBAAoB,EAAE,MAAM,CAAC;YAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,CAAC;KACP,CAAC;IACF,SAAS,EAAE;QACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAChD,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,WAAW,EAAE,MAAM,CAAC;YACpB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QACtB,eAAe,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,CAAC;YACjB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,YAAY,EAAE,MAAM,CAAC;YACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC;YACV,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,WAAW,EAAE,MAAM,CAAC;YACpB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;QACH,UAAU,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACpC,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,kBAAkB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC5C,eAAe,EAAE,MAAM,CAAC;YACxB,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC;YACrB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,qBAAqB,EAAE,MAAM,CAAC;YAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,mBAAmB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC7C,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QACtB,2BAA2B,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACrD,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;SACpB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KACvB,CAAC;IACF,gBAAgB,EAAE;QACd,cAAc,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACxC,IAAI,EAAE,MAAM,CAAC;YACb,YAAY,EAAE,MAAM,EAAE,CAAC;YACvB,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;SACrD,KAAK,OAAO,CAAC;YACV,QAAQ,EAAE,MAAM,CAAC;YACjB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,gBAAgB,EAAE,MAAM,CAAC;SAC5B,CAAC,CAAC;QACH,kBAAkB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC5C,QAAQ,EAAE,MAAM,CAAC;YACjB,YAAY,EAAE,MAAM,CAAC;SACxB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KAC1B,CAAC;CACL;AAMD;;GAEG;AACH,wBAAsB,gBAAgB,CAClC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,GAAG,EAAE,iBAAiB,GACvB,OAAO,CAAC,QAAQ,CAAC,CAkNnB;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC5C,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,QAAQ,CAAC,CAiCnB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC7B,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,QAAQ,CAAC,CAYnB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAC9B,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,GAAG,EAAE,iBAAiB,GACvB,OAAO,CAAC,QAAQ,CAAC,CA4YnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACjC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,GAChE,OAAO,CAAC,QAAQ,CAAC,CAsFnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACjC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,GAAG,EAAE,iBAAiB,GACvB,OAAO,CAAC,QAAQ,CAAC,CAiHnB;AAED;;GAEG;AACH,wBAAsB,6BAA6B,CAC/C,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,QAAQ,CAAC,CAkBnB"}
|