@codefox-inc/oauth-provider 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +28 -0
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +5 -1
- package/dist/client/index.js.map +1 -1
- package/dist/component/clientManagement.d.ts.map +1 -1
- package/dist/component/clientManagement.js +9 -0
- package/dist/component/clientManagement.js.map +1 -1
- package/dist/component/handlers.d.ts +19 -1
- package/dist/component/handlers.d.ts.map +1 -1
- package/dist/component/handlers.js +79 -16
- package/dist/component/handlers.js.map +1 -1
- package/dist/component/mutations.d.ts +3 -1
- package/dist/component/mutations.d.ts.map +1 -1
- package/dist/component/mutations.js +113 -19
- package/dist/component/mutations.js.map +1 -1
- package/dist/component/queries.d.ts +7 -1
- package/dist/component/queries.d.ts.map +1 -1
- package/dist/component/queries.js +7 -1
- package/dist/component/queries.js.map +1 -1
- package/dist/component/schema.d.ts +7 -1
- package/dist/component/schema.d.ts.map +1 -1
- package/dist/component/schema.js +3 -0
- package/dist/component/schema.js.map +1 -1
- package/dist/lib/oauth.d.ts.map +1 -1
- package/dist/lib/oauth.js +26 -8
- package/dist/lib/oauth.js.map +1 -1
- package/package.json +1 -1
- package/src/client/__tests__/oauth-provider.test.ts +15 -0
- package/src/client/index.ts +6 -1
- package/src/component/__tests__/bugs.test.ts +1001 -0
- package/src/component/__tests__/handlers-protocol.test.ts +182 -0
- package/src/component/__tests__/oauth.test.ts +18 -15
- package/src/component/__tests__/rfc-compliance.test.ts +233 -0
- package/src/component/clientManagement.ts +11 -0
- package/src/component/handlers.ts +119 -19
- package/src/component/mutations.ts +159 -17
- package/src/component/queries.ts +6 -1
- package/src/component/schema.ts +3 -0
- package/src/lib/__tests__/oauth-jwt.test.ts +1 -1
- package/src/lib/oauth.ts +28 -8
package/README.md
CHANGED
|
@@ -71,6 +71,7 @@ This implementation follows [OAuth 2.1](https://datatracker.ietf.org/doc/html/dr
|
|
|
71
71
|
- **Scope Validation**: Only registered scopes are allowed per client
|
|
72
72
|
- **Token Hashing**: Access and refresh tokens are stored as SHA-256 hashes
|
|
73
73
|
- **Client Secret Hashing**: Confidential client secrets use bcrypt
|
|
74
|
+
- **Client Secret Compatibility**: Newly issued confidential client secrets fit within bcrypt's 72-byte input limit; existing longer secrets remain valid for patch-release compatibility and should be rotated when practical
|
|
74
75
|
- **Internal Mutations**: Critical operations like `issueAuthorizationCode` are not directly accessible
|
|
75
76
|
- **DCR Disabled by Default**: Dynamic Client Registration must be explicitly enabled
|
|
76
77
|
|
|
@@ -107,6 +108,7 @@ Refresh tokens are **only issued** when the `offline_access` scope is requested
|
|
|
107
108
|
- The original authorization must have included the `offline_access` scope
|
|
108
109
|
- Refresh tokens are automatically rotated on each use (old token is invalidated)
|
|
109
110
|
- The new refresh token maintains the same scope as the original
|
|
111
|
+
- Reuse of a rotated refresh token revokes the active refresh-token family and its authorization record
|
|
110
112
|
|
|
111
113
|
This follows OAuth 2.1 and OpenID Connect specifications, ensuring that long-lived refresh tokens are only issued with explicit user consent.
|
|
112
114
|
|
|
@@ -621,6 +623,32 @@ interface OAuthConfig {
|
|
|
621
623
|
|
|
622
624
|
## Token Verification
|
|
623
625
|
|
|
626
|
+
### Revocation and Access Token Lifetime
|
|
627
|
+
|
|
628
|
+
Access tokens are JWTs and can be verified statelessly with the JWKS. Stateless verification alone cannot observe authorization revocation, authorization-code replay detection, or refresh-token family revocation until the access token expires.
|
|
629
|
+
|
|
630
|
+
For Convex resource servers, wire `createAuthorizationChecker()` into `createAuthHelper()` so bearer-token requests check the current authorization record:
|
|
631
|
+
|
|
632
|
+
```typescript
|
|
633
|
+
import { createAuthHelper, OAuthProvider } from "@codefox-inc/oauth-provider";
|
|
634
|
+
import { components } from "./_generated/api";
|
|
635
|
+
|
|
636
|
+
const oauthProvider = new OAuthProvider(components.oauthProvider, {
|
|
637
|
+
privateKey: process.env.JWT_PRIVATE_KEY!,
|
|
638
|
+
jwks: process.env.JWKS!,
|
|
639
|
+
siteUrl: process.env.SITE_URL!,
|
|
640
|
+
});
|
|
641
|
+
|
|
642
|
+
export const authHelper = createAuthHelper({
|
|
643
|
+
providers: ["anonymous"],
|
|
644
|
+
checkAuthorization: oauthProvider.createAuthorizationChecker(),
|
|
645
|
+
});
|
|
646
|
+
```
|
|
647
|
+
|
|
648
|
+
If you verify access tokens outside Convex with `verifyAccessToken()` only, revoked access tokens remain valid until their `exp` time. Use short access-token lifetimes and a resource-server authorization check if immediate revocation is required.
|
|
649
|
+
|
|
650
|
+
After upgrading this component, rerun Convex code generation (for example `convex dev --once` or your repository's codegen script). The generated component references and schema must match the package version; `prompt=none` silent authorization also relies on the latest generated `getAuthorization` query reference.
|
|
651
|
+
|
|
624
652
|
### In Convex Functions
|
|
625
653
|
|
|
626
654
|
```typescript
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGxF,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAG/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,YAAY,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAG9D,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACxE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE5F;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,GAAG,CAAoB;IAE/B,OAAO,CAAC,SAAS,CAAM;gBAInB,SAAS,EAAE,GAAG,EACd,MAAM,EAAE,mBAAmB;IAO/B,SAAS,IAAI,mBAAmB;IAKhC,OAAO,CAAC,SAAS;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGxF,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAG/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,YAAY,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAG9D,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACxE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE5F;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,GAAG,CAAoB;IAE/B,OAAO,CAAC,SAAS,CAAM;gBAInB,SAAS,EAAE,GAAG,EACd,MAAM,EAAE,mBAAmB;IAO/B,SAAS,IAAI,mBAAmB;IAKhC,OAAO,CAAC,SAAS;IAmCjB;;;;;OAKG;IACH,IAAI,QAAQ;QAEJ;;;WAGG;mCACwB,YAAY,WAAW,OAAO;QAGzD;;;WAGG;yBACc,YAAY,WAAW,OAAO;QAG/C;;;WAGG;oBACS,YAAY,WAAW,OAAO;QAG1C;;;WAGG;qBACU,YAAY,WAAW,OAAO;QAG3C;;;;WAIG;wBACa,YAAY,WAAW,OAAO,kBAAkB,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;QAG/G;;;WAGG;wBACa,YAAY,WAAW,OAAO;QAG9C;;;WAGG;iCACsB,YAAY,WAAW,OAAO;MAG9D;IAED;;;;OAIG;IACG,sBAAsB,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QACpD,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,MAAM,CAAC;IAyBnB;;OAEG;IACG,SAAS,CAAC,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM;;;;;;;IAIlD;;OAEG;IACG,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QAC5C,IAAI,EAAE,MAAM,CAAC;QACb,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,uBAAuB,CAAC,EAAE,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;KACnF;;;;;IAID;;OAEG;IACG,eAAe,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;;;;;;;;IAQtD;;;OAGG;IACG,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAIzE;;;OAGG;IACG,sBAAsB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;IAI7D;;;OAGG;IACG,mBAAmB,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;QACjD,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB;IAID;;;OAGG;IACG,mBAAmB,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAI/E;;;OAGG;IACG,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAQtH;;;OAGG;IACG,uBAAuB,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUpG;;;;;;;;;;;;OAYG;IACH,0BAA0B,KACR,KAAK,WAAW,EAAE,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CAAC;CAI3F"}
|
package/dist/client/index.js
CHANGED
|
@@ -42,7 +42,7 @@ export class OAuthProvider {
|
|
|
42
42
|
return this.config;
|
|
43
43
|
}
|
|
44
44
|
createAPI(component) {
|
|
45
|
-
|
|
45
|
+
const api = {
|
|
46
46
|
queries: {
|
|
47
47
|
getClient: (ctx, args) => ctx.runQuery(component.queries.getClient, args),
|
|
48
48
|
getRefreshToken: (ctx, args) => ctx.runQuery(component.queries.getRefreshToken, args),
|
|
@@ -61,6 +61,10 @@ export class OAuthProvider {
|
|
|
61
61
|
verifyClientSecret: (ctx, args) => ctx.runMutation(component.clientManagement.verifyClientSecret, args),
|
|
62
62
|
},
|
|
63
63
|
};
|
|
64
|
+
if (component.queries.getAuthorization) {
|
|
65
|
+
api.queries.getAuthorization = (ctx, args) => ctx.runQuery(component.queries.getAuthorization, args);
|
|
66
|
+
}
|
|
67
|
+
return api;
|
|
64
68
|
}
|
|
65
69
|
/**
|
|
66
70
|
* HTTP Handlers for mounting in http.ts
|
package/dist/client/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,0BAA0B,EAC1B,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,6BAA6B,GAChC,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE/E,yCAAyC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,4BAA4B;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,wBAAwB;AACxB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQxE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,aAAa;IACd,MAAM,CAAsB;IAC5B,GAAG,CAAoB;IAEvB,SAAS,CAAM;IAEvB,YAEI,SAAc,EACd,MAA2B;QAE3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,SAAS;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAGO,SAAS,CAAC,SAAc;QAC5B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,0BAA0B,EAC1B,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,6BAA6B,GAChC,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE/E,yCAAyC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,4BAA4B;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,wBAAwB;AACxB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQxE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,aAAa;IACd,MAAM,CAAsB;IAC5B,GAAG,CAAoB;IAEvB,SAAS,CAAM;IAEvB,YAEI,SAAc,EACd,MAA2B;QAE3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,SAAS;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAGO,SAAS,CAAC,SAAc;QAC5B,MAAM,GAAG,GAAsB;YAC3B,OAAO,EAAE;gBACL,SAAS,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;gBACzE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;gBACrF,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;aACxF;YACD,SAAS,EAAE;gBACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAClC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC;gBACrE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC3B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,CAAC;gBAC9D,UAAU,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACtB,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC;gBACzD,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,kBAAkB,EAAE,IAAI,CAAC;gBACjE,mBAAmB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC/B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC;gBAClE,2BAA2B,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACvC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,2BAA2B,EAAE,IAAI,CAAC;aAC7E;YACD,gBAAgB,EAAE;gBACd,cAAc,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC1B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,cAAc,EAAE,IAAI,CAAC;gBACpE,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,CAAC;aAC3E;SACJ,CAAC;QACF,IAAI,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YACrC,GAAG,CAAC,OAAO,CAAC,gBAAgB,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACzC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACH,IAAI,QAAQ;QACR,OAAO;YACH;;;eAGG;YACH,mBAAmB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACzD,0BAA0B,CAAC,GAAuD,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE7G;;;eAGG;YACH,SAAS,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC/C,gBAAgB,CAAC,GAA6C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEnG;;;eAGG;YACH,IAAI,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC1C,WAAW,CAAC,GAAwC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE/E;;;eAGG;YACH,KAAK,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC3C,YAAY,CAAC,GAAyC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAE3F;;;;eAIG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,cAA+D,EAAE,EAAE,CAC/G,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC;YAEvG;;;eAGG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC9C,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEjG;;;eAGG;YACH,iBAAiB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACvD,6BAA6B,CAAC,GAA0D,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;SACtH,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAmB,EAAE,IASjD;QACG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,IAAI,MAAM,CAAC;QAC/D,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC;QAED,yDAAyD;QACzD,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE;YAC9C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;QAEH,kCAAkC;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,GAAG,EAAE;YAClD,GAAG,IAAI;YACP,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,mBAAmB;SACtB,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,GAAgB,EAAE,QAAgB;QAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB,EAAE,IAUzC;QACG,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,MAAc;QAClD,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAE5E;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAgB;QACrE,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IACvF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAgB,EAAE,MAAc;QACzD,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACnF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAmB,EAAE,IAK9C;QACG,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAmB,EAAE,MAAc,EAAE,QAAgB;QAC3E,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAgB,EAAE,cAAwB;QAC/F,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,8CAA8C;QAC9C,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,uBAAuB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAiB;QAC7E,IAAI,QAAQ,EAAE,CAAC;YACX,sCAAsC;YACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACJ,sCAAsC;YACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAChF,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,0BAA0B;QACtB,OAAO,KAAK,EAAE,GAAgB,EAAE,MAAc,EAAE,QAAiB,EAAoB,EAAE;YACnF,OAAO,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC;IACN,CAAC;CACJ"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clientManagement.d.ts","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"clientManagement.d.ts","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"AAkDA;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;GAgGzB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;oBAsB7B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,YAAY;;;;GAiDvB,CAAC"}
|
|
@@ -24,6 +24,7 @@ function isValidRedirectUri(uri) {
|
|
|
24
24
|
const host = parsed.hostname.toLowerCase();
|
|
25
25
|
const isLoopback = host === "localhost" ||
|
|
26
26
|
host === "127.0.0.1" ||
|
|
27
|
+
host === "[::1]" ||
|
|
27
28
|
host === "::1";
|
|
28
29
|
if (parsed.protocol === "https:")
|
|
29
30
|
return true;
|
|
@@ -185,6 +186,14 @@ export const deleteClient = mutation({
|
|
|
185
186
|
for (const code of codes) {
|
|
186
187
|
await ctx.db.delete(code._id);
|
|
187
188
|
}
|
|
189
|
+
// Delete all authorization records for this client
|
|
190
|
+
const authorizations = await ctx.db
|
|
191
|
+
.query("oauthAuthorizations")
|
|
192
|
+
.filter(q => q.eq(q.field("clientId"), args.clientId))
|
|
193
|
+
.collect();
|
|
194
|
+
for (const authorization of authorizations) {
|
|
195
|
+
await ctx.db.delete(authorization._id);
|
|
196
|
+
}
|
|
188
197
|
// Delete the client
|
|
189
198
|
await ctx.db.delete(client._id);
|
|
190
199
|
return { success: true };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clientManagement.js","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD;;;;;GAKG;AAEH,SAAS,kBAAkB,CAAC,GAAW;IACnC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACD,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAErD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,UAAU,GACZ,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,KAAK,CAAC;IAEnB,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,4BAA4B,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtD,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAW;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,kBAAkB,GAAG,6CAA6C,CAAC;IACzE,OAAO,CACH,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC;QAC/B,MAAM,CAAC,QAAQ,KAAK,EAAE;QACtB,MAAM,CAAC,IAAI,KAAK,EAAE;QAClB,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAC/B,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAC7B,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,QAAQ,CAAC;IACnC,IAAI,EAAE;QACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC7D,WAAW;QACX,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CACvC,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAChC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAC/B,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CACpB,CAAC;QACF,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;KACtC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9C,CAAC;QACD,IACI,IAAI,CAAC,IAAI,KAAK,QAAQ;YACtB,IAAI,CAAC,uBAAuB;YAC5B,IAAI,CAAC,uBAAuB,KAAK,MAAM,EACzC,CAAC;YACC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;QAC7G,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;QAClF,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,eAAe,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAErC,uCAAuC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAC/B,qCAAqC;YACrC,MAAM,YAAY,GAAG,oBAAoB,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;YAEhF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YAE3D,+CAA+C;YAC/C,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;gBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ;gBACR,YAAY,EAAE,gBAAgB,EAAE,cAAc;gBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,qBAAqB;gBAC9E,UAAU,EAAE,IAAI,CAAC,UAAU;aAC9B,CAAC,CAAC;YAEH,OAAO;gBACH,QAAQ;gBACR,YAAY,EAAE,gBAAgB;gBAC9B,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aAClD,CAAC;QACN,CAAC;QAED,4BAA4B;QAC5B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;YAChC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ;YACR,YAAY,EAAE,SAAS;YACvB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,MAAM;YAC/D,UAAU,EAAE,IAAI,CAAC,UAAU;SAC9B,CAAC,CAAC;QAEH,OAAO;YACH,QAAQ;YACR,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SAClD,CAAC;IACN,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACD,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,QAAQ,CAAC;IACjC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,aAAa,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE;aACrB,KAAK,CAAC,YAAY,CAAC;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEhC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;CACJ,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"clientManagement.js","sourceRoot":"","sources":["../../src/component/clientManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD;;;;;GAKG;AAEH,SAAS,kBAAkB,CAAC,GAAW;IACnC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACD,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAErD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,UAAU,GACZ,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,OAAO;QAChB,IAAI,KAAK,KAAK,CAAC;IAEnB,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,UAAU;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,4BAA4B,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtD,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAW;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,kBAAkB,GAAG,6CAA6C,CAAC;IACzE,OAAO,CACH,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC;QAC/B,MAAM,CAAC,QAAQ,KAAK,EAAE;QACtB,MAAM,CAAC,IAAI,KAAK,EAAE;QAClB,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAC/B,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAC7B,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,QAAQ,CAAC;IACnC,IAAI,EAAE;QACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC7D,WAAW;QACX,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CACvC,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAChC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAC/B,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CACpB,CAAC;QACF,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;KACtC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9C,CAAC;QACD,IACI,IAAI,CAAC,IAAI,KAAK,QAAQ;YACtB,IAAI,CAAC,uBAAuB;YAC5B,IAAI,CAAC,uBAAuB,KAAK,MAAM,EACzC,CAAC;YACC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;QAC7G,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;QAClF,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,eAAe,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAErC,uCAAuC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAC/B,qCAAqC;YACrC,MAAM,YAAY,GAAG,oBAAoB,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;YAEhF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YAE3D,+CAA+C;YAC/C,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;gBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ;gBACR,YAAY,EAAE,gBAAgB,EAAE,cAAc;gBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM;gBAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,qBAAqB;gBAC9E,UAAU,EAAE,IAAI,CAAC,UAAU;aAC9B,CAAC,CAAC;YAEH,OAAO;gBACH,QAAQ;gBACR,YAAY,EAAE,gBAAgB;gBAC9B,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aAClD,CAAC;QACN,CAAC;QAED,4BAA4B;QAC5B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;YAChC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ;YACR,YAAY,EAAE,SAAS;YACvB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,MAAM;YAC/D,UAAU,EAAE,IAAI,CAAC,UAAU;SAC9B,CAAC,CAAC;QAEH,OAAO;YACH,QAAQ;YACR,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SAClD,CAAC;IACN,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACD,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,QAAQ,CAAC;IACjC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,aAAa,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE;aACrB,KAAK,CAAC,YAAY,CAAC;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,mDAAmD;QACnD,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,EAAE;aAC9B,KAAK,CAAC,qBAAqB,CAAC;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QAEf,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;YACzC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAC3C,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEhC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;CACJ,CAAC,CAAC"}
|
|
@@ -19,6 +19,15 @@ export interface OAuthComponentAPI {
|
|
|
19
19
|
allowedScopes: string[];
|
|
20
20
|
tokenEndpointAuthMethod?: TokenEndpointAuthMethod;
|
|
21
21
|
} | null>;
|
|
22
|
+
getAuthorization?: (ctx: RunQueryCtx, args: {
|
|
23
|
+
userId: string;
|
|
24
|
+
clientId: string;
|
|
25
|
+
}) => Promise<{
|
|
26
|
+
userId: string;
|
|
27
|
+
clientId: string;
|
|
28
|
+
scopes: string[];
|
|
29
|
+
resource?: string;
|
|
30
|
+
} | null>;
|
|
22
31
|
getRefreshToken: (ctx: RunQueryCtx, args: {
|
|
23
32
|
refreshToken: string;
|
|
24
33
|
}) => Promise<{
|
|
@@ -27,8 +36,12 @@ export interface OAuthComponentAPI {
|
|
|
27
36
|
userId: string;
|
|
28
37
|
scopes: string[];
|
|
29
38
|
refreshTokenExpiresAt?: number;
|
|
39
|
+
authorizationCode?: string;
|
|
40
|
+
refreshTokenFamilyId?: string;
|
|
41
|
+
refreshTokenRotatedAt?: number;
|
|
30
42
|
resource?: string;
|
|
31
43
|
audience?: string;
|
|
44
|
+
authTime?: number;
|
|
32
45
|
} | null>;
|
|
33
46
|
getTokensByUser: (ctx: RunQueryCtx, args: {
|
|
34
47
|
userId: string;
|
|
@@ -81,6 +94,7 @@ export interface OAuthComponentAPI {
|
|
|
81
94
|
authorizationCode?: string;
|
|
82
95
|
resource?: string;
|
|
83
96
|
audience?: string;
|
|
97
|
+
authTime?: number;
|
|
84
98
|
}) => Promise<void>;
|
|
85
99
|
rotateRefreshToken: (ctx: RunMutationCtx, args: {
|
|
86
100
|
oldRefreshToken: string;
|
|
@@ -93,7 +107,11 @@ export interface OAuthComponentAPI {
|
|
|
93
107
|
refreshTokenExpiresAt: number;
|
|
94
108
|
resource?: string;
|
|
95
109
|
audience?: string;
|
|
96
|
-
}) => Promise<void
|
|
110
|
+
}) => Promise<void | {
|
|
111
|
+
error: string;
|
|
112
|
+
revokedTokens: number;
|
|
113
|
+
authorizationDeleted: boolean;
|
|
114
|
+
}>;
|
|
97
115
|
upsertAuthorization: (ctx: RunMutationCtx, args: {
|
|
98
116
|
userId: string;
|
|
99
117
|
clientId: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/component/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAexD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAgB,WAAW,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAiBxF,KAAK,uBAAuB,GAAG,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;AAuMrF;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE;QACL,SAAS,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YACjE,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,YAAY,EAAE,MAAM,EAAE,CAAC;YACvB,aAAa,EAAE,MAAM,EAAE,CAAC;YACxB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;SACrD,GAAG,IAAI,CAAC,CAAC;QACV,eAAe,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,YAAY,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,GAAG,IAAI,CAAC,CAAC;QACV,eAAe,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC,KAAK,CAAC;YAC3E,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,oBAAoB,EAAE,MAAM,CAAC;YAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,CAAC;KACP,CAAC;IACF,SAAS,EAAE;QACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAChD,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,WAAW,EAAE,MAAM,CAAC;YACpB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QACtB,eAAe,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,CAAC;YACjB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,YAAY,EAAE,MAAM,CAAC;YACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC;YACV,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,WAAW,EAAE,MAAM,CAAC;YACpB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;QACH,UAAU,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACpC,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,kBAAkB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC5C,eAAe,EAAE,MAAM,CAAC;YACxB,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC;YACrB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,qBAAqB,EAAE,MAAM,CAAC;YAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/component/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAexD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAgB,WAAW,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAiBxF,KAAK,uBAAuB,GAAG,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;AAuMrF;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE;QACL,SAAS,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YACjE,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,YAAY,EAAE,MAAM,EAAE,CAAC;YACvB,aAAa,EAAE,MAAM,EAAE,CAAC;YACxB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;SACrD,GAAG,IAAI,CAAC,CAAC;QACV,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YACzF,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,GAAG,IAAI,CAAC,CAAC;QACV,eAAe,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,YAAY,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC;YAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;YAC9B,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,GAAG,IAAI,CAAC,CAAC;QACV,eAAe,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC,KAAK,CAAC;YAC3E,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,oBAAoB,EAAE,MAAM,CAAC;YAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,CAAC;KACP,CAAC;IACF,SAAS,EAAE;QACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAChD,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,WAAW,EAAE,MAAM,CAAC;YACpB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QACtB,eAAe,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,CAAC;YACjB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,YAAY,EAAE,MAAM,CAAC;YACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC;YACV,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,aAAa,EAAE,MAAM,CAAC;YACtB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,WAAW,EAAE,MAAM,CAAC;YACpB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;QACH,UAAU,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACpC,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,kBAAkB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC5C,eAAe,EAAE,MAAM,CAAC;YACxB,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC;YACrB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;YAClB,qBAAqB,EAAE,MAAM,CAAC;YAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,IAAI,GAAG;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,aAAa,EAAE,MAAM,CAAC;YAAC,oBAAoB,EAAE,OAAO,CAAA;SAAE,CAAC,CAAC;QAC9F,mBAAmB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC7C,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACrB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QACtB,2BAA2B,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACrD,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;SACpB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KACvB,CAAC;IACF,gBAAgB,EAAE;QACd,cAAc,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YACxC,IAAI,EAAE,MAAM,CAAC;YACb,YAAY,EAAE,MAAM,EAAE,CAAC;YACvB,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,IAAI,EAAE,cAAc,GAAG,QAAQ,CAAC;YAChC,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;SACrD,KAAK,OAAO,CAAC;YACV,QAAQ,EAAE,MAAM,CAAC;YACjB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,gBAAgB,EAAE,MAAM,CAAC;SAC5B,CAAC,CAAC;QACH,kBAAkB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE;YAC5C,QAAQ,EAAE,MAAM,CAAC;YACjB,YAAY,EAAE,MAAM,CAAC;SACxB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KAC1B,CAAC;CACL;AAMD;;GAEG;AACH,wBAAsB,gBAAgB,CAClC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,GAAG,EAAE,iBAAiB,GACvB,OAAO,CAAC,QAAQ,CAAC,CAwQnB;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC5C,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,QAAQ,CAAC,CAoCnB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC7B,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,QAAQ,CAAC,CAYnB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAC9B,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,GAAG,EAAE,iBAAiB,GACvB,OAAO,CAAC,QAAQ,CAAC,CAmanB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACjC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,GAChE,OAAO,CAAC,QAAQ,CAAC,CA8FnB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACjC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,EACnB,GAAG,EAAE,iBAAiB,GACvB,OAAO,CAAC,QAAQ,CAAC,CAgHnB;AAED;;GAEG;AACH,wBAAsB,6BAA6B,CAC/C,IAAI,EAAE,SAAS,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,QAAQ,CAAC,CAkBnB"}
|
|
@@ -233,6 +233,9 @@ export async function authorizeHandler(ctx, request, config, api) {
|
|
|
233
233
|
if (resourceValues.length > 1) {
|
|
234
234
|
return buildAuthorizeErrorRedirect(redirectUri, "invalid_target", "Multiple resource parameters are not supported", state);
|
|
235
235
|
}
|
|
236
|
+
if (params.has("request") || params.has("request_uri")) {
|
|
237
|
+
return buildAuthorizeErrorRedirect(redirectUri, "invalid_request", "request and request_uri parameters are not supported", state);
|
|
238
|
+
}
|
|
236
239
|
if (consent === "approve" && !isConsentFromProvider(request, config)) {
|
|
237
240
|
return buildAuthorizeErrorRedirect(redirectUri, "access_denied", "User consent required", state);
|
|
238
241
|
}
|
|
@@ -252,7 +255,9 @@ export async function authorizeHandler(ctx, request, config, api) {
|
|
|
252
255
|
let requestedScopes = scope
|
|
253
256
|
? scope.split(" ").filter(Boolean)
|
|
254
257
|
: [];
|
|
255
|
-
if (requestedScopes.includes("offline_access") &&
|
|
258
|
+
if (requestedScopes.includes("offline_access") &&
|
|
259
|
+
!promptValues.has("consent") &&
|
|
260
|
+
!promptValues.has("none")) {
|
|
256
261
|
requestedScopes = requestedScopes.filter((s) => s !== "offline_access");
|
|
257
262
|
}
|
|
258
263
|
if (requestedScopes.length === 0) {
|
|
@@ -271,13 +276,34 @@ export async function authorizeHandler(ctx, request, config, api) {
|
|
|
271
276
|
if (codeChallengeMethod !== "S256") {
|
|
272
277
|
return buildAuthorizeErrorRedirect(redirectUri, "invalid_request", "code_challenge_method must be S256", state);
|
|
273
278
|
}
|
|
274
|
-
if (consent !== "approve") {
|
|
275
|
-
return buildAuthorizeErrorRedirect(redirectUri, "access_denied", "User consent required", state);
|
|
276
|
-
}
|
|
277
279
|
if (!config.getUserId) {
|
|
278
280
|
return new OAuthError("server_error", "getUserId is not configured", 500).toResponse(headers);
|
|
279
281
|
}
|
|
280
282
|
const userId = await config.getUserId(ctx, request);
|
|
283
|
+
if (promptValues.has("none")) {
|
|
284
|
+
if (promptValues.size > 1) {
|
|
285
|
+
return buildAuthorizeErrorRedirect(redirectUri, "invalid_request", "prompt=none cannot be combined with other prompt values", state);
|
|
286
|
+
}
|
|
287
|
+
if (!userId) {
|
|
288
|
+
return buildAuthorizeErrorRedirect(redirectUri, "login_required", "User not authenticated", state);
|
|
289
|
+
}
|
|
290
|
+
if (consent !== "approve") {
|
|
291
|
+
if (!api.queries.getAuthorization) {
|
|
292
|
+
return buildAuthorizeErrorRedirect(redirectUri, "server_error", "OAuth component API is out of date; regenerate component API references", state);
|
|
293
|
+
}
|
|
294
|
+
const authorization = await api.queries.getAuthorization(ctx, { userId, clientId });
|
|
295
|
+
const hasScopes = authorization !== null &&
|
|
296
|
+
requestedScopes.every((scope) => authorization.scopes.includes(scope));
|
|
297
|
+
const hasResource = authorization !== null &&
|
|
298
|
+
authorization.resource === (resource ?? undefined);
|
|
299
|
+
if (!hasScopes || !hasResource) {
|
|
300
|
+
return buildAuthorizeErrorRedirect(redirectUri, "consent_required", "User consent required", state);
|
|
301
|
+
}
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
else if (consent !== "approve") {
|
|
305
|
+
return buildAuthorizeErrorRedirect(redirectUri, "access_denied", "User consent required", state);
|
|
306
|
+
}
|
|
281
307
|
if (!userId) {
|
|
282
308
|
return buildAuthorizeErrorRedirect(redirectUri, "access_denied", "User not authenticated", state);
|
|
283
309
|
}
|
|
@@ -307,7 +333,7 @@ export async function openIdConfigurationHandler(_ctx, request, config) {
|
|
|
307
333
|
if (corsResponse)
|
|
308
334
|
return corsResponse;
|
|
309
335
|
const headers = createCorsHeaders(request.headers.get("Origin"), config, "GET, OPTIONS");
|
|
310
|
-
const backendUrl = config.convexSiteUrl ?? config.siteUrl;
|
|
336
|
+
const backendUrl = (config.convexSiteUrl ?? config.siteUrl).replace(/\/+$/, "");
|
|
311
337
|
const prefix = normalizePrefix(config.prefix);
|
|
312
338
|
const issuerUrl = getIssuerUrl(config);
|
|
313
339
|
const supportedScopes = config.allowedScopes ?? ["openid", "profile", "email", "offline_access"];
|
|
@@ -324,6 +350,9 @@ export async function openIdConfigurationHandler(_ctx, request, config) {
|
|
|
324
350
|
token_endpoint_auth_methods_supported: ["client_secret_basic", "client_secret_post", "none"],
|
|
325
351
|
grant_types_supported: ["authorization_code", "refresh_token"],
|
|
326
352
|
code_challenge_methods_supported: ["S256"],
|
|
353
|
+
request_uri_parameter_supported: false,
|
|
354
|
+
request_parameter_supported: false,
|
|
355
|
+
claims_parameter_supported: false,
|
|
327
356
|
};
|
|
328
357
|
if (config.allowDynamicClientRegistration) {
|
|
329
358
|
responseBody.registration_endpoint = `${backendUrl}${prefix}/register`;
|
|
@@ -395,12 +424,17 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
395
424
|
throw new OAuthError("invalid_request", "Multiple client authentication methods");
|
|
396
425
|
}
|
|
397
426
|
const basicCredentials = parseBasicClientCredentials(authHeader);
|
|
427
|
+
if (bodyClientId && bodyClientId !== basicCredentials.clientId) {
|
|
428
|
+
throw new OAuthError("invalid_request", "Conflicting client_id");
|
|
429
|
+
}
|
|
398
430
|
clientId = basicCredentials.clientId;
|
|
399
431
|
clientSecret = basicCredentials.clientSecret;
|
|
400
432
|
usedAuthMethod = "client_secret_basic";
|
|
401
433
|
}
|
|
402
434
|
if (!clientId)
|
|
403
435
|
throw new OAuthError("invalid_request", "client_id required");
|
|
436
|
+
if (!grantType)
|
|
437
|
+
throw new OAuthError("invalid_request", "grant_type required");
|
|
404
438
|
// Client existence + confidential client check
|
|
405
439
|
const client = await api.queries.getClient(ctx, { clientId });
|
|
406
440
|
if (!client) {
|
|
@@ -496,6 +530,7 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
496
530
|
authorizationCode: codeData.codeHash, // Link to authorization code
|
|
497
531
|
resource: codeData.resource,
|
|
498
532
|
audience: accessTokenAudience,
|
|
533
|
+
authTime: codeData.authTime,
|
|
499
534
|
});
|
|
500
535
|
// F. Create/Update Authorization Record
|
|
501
536
|
await api.mutations.upsertAuthorization(ctx, {
|
|
@@ -528,6 +563,24 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
528
563
|
const oldToken = await api.queries.getRefreshToken(ctx, { refreshToken });
|
|
529
564
|
if (!oldToken)
|
|
530
565
|
throw new OAuthError("invalid_grant", "Invalid refresh token");
|
|
566
|
+
if (oldToken.refreshTokenRotatedAt !== undefined) {
|
|
567
|
+
// rotateRefreshToken detects tombstones before storing the supplied replacement tokens.
|
|
568
|
+
await api.mutations.rotateRefreshToken(ctx, {
|
|
569
|
+
oldRefreshToken: refreshToken,
|
|
570
|
+
accessToken: "refresh-token-reuse-detected",
|
|
571
|
+
refreshToken: "refresh-token-reuse-detected",
|
|
572
|
+
clientId: oldToken.clientId,
|
|
573
|
+
userId: oldToken.userId,
|
|
574
|
+
scopes: oldToken.scopes,
|
|
575
|
+
expiresAt: Date.now(),
|
|
576
|
+
refreshTokenExpiresAt: Date.now(),
|
|
577
|
+
resource: oldToken.resource,
|
|
578
|
+
audience: oldToken.audience,
|
|
579
|
+
});
|
|
580
|
+
throw new OAuthError("invalid_grant", "Invalid refresh token");
|
|
581
|
+
}
|
|
582
|
+
if (oldToken.clientId !== clientId)
|
|
583
|
+
throw new OAuthError("invalid_grant", "Client mismatch");
|
|
531
584
|
const refreshTokenResource = oldToken.resource;
|
|
532
585
|
const refreshTokenAudience = oldToken.audience ?? refreshTokenResource ?? config.applicationID ?? "convex";
|
|
533
586
|
const accessTokenAudience = refreshTokenResource ?? refreshTokenAudience;
|
|
@@ -540,8 +593,6 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
540
593
|
if (!oldToken.refreshTokenExpiresAt || oldToken.refreshTokenExpiresAt < Date.now()) {
|
|
541
594
|
throw new OAuthError("invalid_grant", "Refresh token expired");
|
|
542
595
|
}
|
|
543
|
-
if (oldToken.clientId !== clientId)
|
|
544
|
-
throw new OAuthError("invalid_grant", "Client mismatch");
|
|
545
596
|
const userId = oldToken.userId;
|
|
546
597
|
// RFC 6749 Section 6: スコープパラメータ処理(アクセストークン用)
|
|
547
598
|
let accessTokenScopes;
|
|
@@ -587,6 +638,7 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
587
638
|
sub: userId,
|
|
588
639
|
iss: issuerUrl,
|
|
589
640
|
aud: clientId,
|
|
641
|
+
auth_time: oldToken.authTime,
|
|
590
642
|
})
|
|
591
643
|
.setProtectedHeader({ alg: "RS256", typ: "JWT", kid: keyId })
|
|
592
644
|
.setIssuedAt()
|
|
@@ -595,7 +647,7 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
595
647
|
}
|
|
596
648
|
// Rotate - 元のスコープ維持
|
|
597
649
|
try {
|
|
598
|
-
await api.mutations.rotateRefreshToken(ctx, {
|
|
650
|
+
const rotationResult = await api.mutations.rotateRefreshToken(ctx, {
|
|
599
651
|
oldRefreshToken: refreshToken,
|
|
600
652
|
accessToken,
|
|
601
653
|
refreshToken: newRefreshToken,
|
|
@@ -607,6 +659,9 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
607
659
|
resource: refreshTokenResource,
|
|
608
660
|
audience: refreshTokenAudience,
|
|
609
661
|
});
|
|
662
|
+
if (rotationResult && "error" in rotationResult && rotationResult.error === "refresh_token_reuse_detected") {
|
|
663
|
+
throw new OAuthError("invalid_grant", "Invalid refresh token");
|
|
664
|
+
}
|
|
610
665
|
// Update authorization lastUsedAt
|
|
611
666
|
await api.mutations.updateAuthorizationLastUsed(ctx, {
|
|
612
667
|
userId,
|
|
@@ -667,8 +722,7 @@ export async function tokenHandler(ctx, request, config, api) {
|
|
|
667
722
|
return new OAuthError("invalid_scope", e.message).toResponse(tokenHeaders);
|
|
668
723
|
}
|
|
669
724
|
}
|
|
670
|
-
|
|
671
|
-
return new OAuthError("invalid_request", message).toResponse(tokenHeaders);
|
|
725
|
+
return new OAuthError("invalid_request", "Invalid request").toResponse(tokenHeaders);
|
|
672
726
|
}
|
|
673
727
|
}
|
|
674
728
|
/**
|
|
@@ -680,7 +734,8 @@ export async function userInfoHandler(ctx, request, config, getUserProfile) {
|
|
|
680
734
|
return corsResponse;
|
|
681
735
|
const headers = createCorsHeaders(request.headers.get("Origin"), config, "GET, POST, OPTIONS");
|
|
682
736
|
const authHeader = request.headers.get("Authorization");
|
|
683
|
-
|
|
737
|
+
const authMatch = authHeader?.match(/^Bearer\s+(.+)$/i);
|
|
738
|
+
if (!authMatch) {
|
|
684
739
|
return new Response(null, {
|
|
685
740
|
status: 401,
|
|
686
741
|
headers: {
|
|
@@ -689,7 +744,7 @@ export async function userInfoHandler(ctx, request, config, getUserProfile) {
|
|
|
689
744
|
},
|
|
690
745
|
});
|
|
691
746
|
}
|
|
692
|
-
const token =
|
|
747
|
+
const token = authMatch[1];
|
|
693
748
|
try {
|
|
694
749
|
const issuerUrl = getIssuerUrl(config);
|
|
695
750
|
const payload = await verifyAccessToken(token, config, issuerUrl);
|
|
@@ -741,7 +796,14 @@ export async function userInfoHandler(ctx, request, config, getUserProfile) {
|
|
|
741
796
|
responseBody.email = user.email;
|
|
742
797
|
responseBody.email_verified = user.email_verified;
|
|
743
798
|
}
|
|
744
|
-
return new Response(JSON.stringify(responseBody), {
|
|
799
|
+
return new Response(JSON.stringify(responseBody), {
|
|
800
|
+
headers: {
|
|
801
|
+
...headers,
|
|
802
|
+
"Content-Type": "application/json",
|
|
803
|
+
"Cache-Control": "no-store",
|
|
804
|
+
"Pragma": "no-cache",
|
|
805
|
+
},
|
|
806
|
+
});
|
|
745
807
|
}
|
|
746
808
|
catch {
|
|
747
809
|
return new Response(null, {
|
|
@@ -779,7 +841,9 @@ export async function registerHandler(ctx, request, config, api) {
|
|
|
779
841
|
if (invalidScopes.length > 0) {
|
|
780
842
|
throw new OAuthError("invalid_scope", `Unsupported scopes: ${invalidScopes.join(", ")}`);
|
|
781
843
|
}
|
|
782
|
-
const scopes = requestedScopes
|
|
844
|
+
const scopes = allowedScopes.includes("offline_access") && !requestedScopes.includes("offline_access")
|
|
845
|
+
? [...requestedScopes, "offline_access"]
|
|
846
|
+
: requestedScopes;
|
|
783
847
|
const authMethod = body.token_endpoint_auth_method;
|
|
784
848
|
if (authMethod &&
|
|
785
849
|
authMethod !== "client_secret_basic" &&
|
|
@@ -848,8 +912,7 @@ export async function registerHandler(ctx, request, config, api) {
|
|
|
848
912
|
if (e instanceof OAuthError) {
|
|
849
913
|
return e.toResponse(headers);
|
|
850
914
|
}
|
|
851
|
-
|
|
852
|
-
return new OAuthError("invalid_request", message).toResponse(headers);
|
|
915
|
+
return new OAuthError("invalid_request", "Invalid client metadata").toResponse(headers);
|
|
853
916
|
}
|
|
854
917
|
}
|
|
855
918
|
/**
|