@crossauth/sveltekit 0.0.14 → 0.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +9 -3
- package/dist/index.js +1738 -1576
- package/dist/sveltekitadminclientendpoints.d.ts +7 -7
- package/dist/sveltekitadminendpoints.d.ts +11 -12
- package/dist/sveltekitapikey.d.ts +3 -4
- package/dist/sveltekitoauthclient.d.ts +91 -22
- package/dist/sveltekitoauthserver.d.ts +1 -1
- package/dist/sveltekitresserver.d.ts +32 -3
- package/dist/sveltekitserver.d.ts +4 -3
- package/dist/sveltekitsession.d.ts +19 -11
- package/dist/sveltekitsessionadapter.d.ts +1 -1
- package/dist/sveltekitsharedclientendpoints.d.ts +13 -13
- package/dist/sveltekituserclientendpoints.d.ts +7 -7
- package/dist/sveltekituserendpoints.d.ts +20 -20
- package/dist/tests/sveltekitoauthclient.test.d.ts +1 -1
- package/package.json +3 -3
|
@@ -11,7 +11,7 @@ import { SvelteKitSharedClientEndpoints, SearchClientsPageData, UpdateClientPage
|
|
|
11
11
|
* **Endpoints**
|
|
12
12
|
*
|
|
13
13
|
* These endpoints can only be called if an admin user is logged in, as defined
|
|
14
|
-
* by the {@link
|
|
14
|
+
* by the {@link SvelteKitServer.isAdminFn}. If the user does not
|
|
15
15
|
* have this permission, a 401 error is raised.
|
|
16
16
|
*
|
|
17
17
|
* | Name | Description | PageData (returned by load) | ActionData (return by actions) | Form fields expected by actions | URL param |
|
|
@@ -21,14 +21,14 @@ import { SvelteKitSharedClientEndpoints, SearchClientsPageData, UpdateClientPage
|
|
|
21
21
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
22
22
|
* | searchClientsEndpoint | Returns a paginated set of clients or those matching search | See {@link SearchClientsPageData} | *Not provided* | | |
|
|
23
23
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
24
|
-
* | updateClientEndpoint | Updates a client | See {@link
|
|
25
|
-
* | | | | See {@link
|
|
24
|
+
* | updateClientEndpoint | Updates a client | See {@link UpdateClientPageData} | `default`: | | |
|
|
25
|
+
* | | | | See {@link UpdateClientFormData} | See {@link SvelteKitSharedClientEndpoints.updateClient_internal} | client_id |
|
|
26
26
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
27
|
-
* | createClientEndpoint | Creates a new client | See {@link
|
|
28
|
-
* | | | | See {@link
|
|
27
|
+
* | createClientEndpoint | Creates a new client | See {@link CreateClientPageData} | `default`: | | |
|
|
28
|
+
* | | | | See {@link CreateClientFormData} | See {@link SvelteKitSharedClientEndpoints.createClient_internal} | client_id |
|
|
29
29
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
30
|
-
* | deleteClientEndpoint | Deletes a client | See {@link
|
|
31
|
-
* | | | | See {@link
|
|
30
|
+
* | deleteClientEndpoint | Deletes a client | See {@link DeleteClientPageData} | `default`: | | |
|
|
31
|
+
* | | | | See {@link DeleteClientFormData} | See {@link SvelteKitSharedClientEndpoints.deleteClient_internal} | client_id |
|
|
32
32
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
33
33
|
*/
|
|
34
34
|
export declare class SvelteKitAdminClientEndpoints extends SvelteKitSharedClientEndpoints {
|
|
@@ -94,8 +94,8 @@ export type SearchUsersReturn = {
|
|
|
94
94
|
* Provides endpoints for users to login, logout and maintain their
|
|
95
95
|
* own account.
|
|
96
96
|
*
|
|
97
|
-
* This is created automatically when {@link
|
|
98
|
-
* The endpoints are available through `
|
|
97
|
+
* This is created automatically when {@link SvelteKitServer} is instantiated.
|
|
98
|
+
* The endpoints are available through `SvelteKitServer.sessionServer.adminEndpoints`.
|
|
99
99
|
*
|
|
100
100
|
* The methods in this class are designed to be used in
|
|
101
101
|
* `+*_server.ts` files in the `load` and `actions` exports. You can
|
|
@@ -109,13 +109,13 @@ export type SearchUsersReturn = {
|
|
|
109
109
|
* ```
|
|
110
110
|
* The `?? crossauth.dummyLoad` and `?? crossauth.dummyActions` is to stop
|
|
111
111
|
* typescript complaining as the `sessionServer` member of the
|
|
112
|
-
* {@link
|
|
112
|
+
* {@link SvelteKitServer} object may be undefined, because
|
|
113
113
|
* some application do not have a session server.
|
|
114
114
|
*
|
|
115
115
|
* **Endpoints**
|
|
116
116
|
*
|
|
117
117
|
* These endpoints can only be called if an admin user is logged in, as defined
|
|
118
|
-
* by the {@link
|
|
118
|
+
* by the {@link SvelteKitServer.isAdminFn}. If the user does not
|
|
119
119
|
* have this permission, a 401 error is raised.
|
|
120
120
|
*
|
|
121
121
|
* | Name | Description | PageData (returned by load) | ActionData (return by actions) | Form fields expected by actions | URL param |
|
|
@@ -126,16 +126,16 @@ export type SearchUsersReturn = {
|
|
|
126
126
|
* | searchUsersEndpoint | Returns a paginated set of users or those matchign search | See return of {@link SvelteKitAdminEndpoints.searchUsers} | *Not provided* | | |
|
|
127
127
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
128
128
|
* | updateUserEndpoint | Update a user's details | - `allowedFactor2` see {@link SvelteKitAdminEndpoints}.`signupEndpoint` | `default`: | `default`: | `id` |
|
|
129
|
-
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link
|
|
129
|
+
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link SvelteKitAdminEndpoints.updateUser} return | - see {@link SvelteKitAdminEndpoints.updateUser} event | |
|
|
130
130
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
131
131
|
* | changePasswordEndpoint | Update a user's password | - `next` page to load on szccess | `default`: | `default`: | `id` |
|
|
132
|
-
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link
|
|
132
|
+
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link SvelteKitAdminEndpoints.changePassword} return | - see {@link SvelteKitAdminEndpoints.changePassword} event | |
|
|
133
133
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
134
134
|
* | createUserEndpoint | Creates a new user | - `allowedFactor2` see {@link SvelteKitAdminEndpoints}.`signupEndpoint` | `default`: | `default`: | `id` |
|
|
135
|
-
* | | | | - see {@link
|
|
135
|
+
* | | | | - see {@link SvelteKitAdminEndpoints.createUser} return | - see {@link SvelteKitAdminEndpoints.createUser} event | |
|
|
136
136
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
137
137
|
* | deleteUser | Deletes a user | - `error` error message if user ID doesn't exist | `default`: | `default`: | `id` |
|
|
138
|
-
* | | | | - see {@link
|
|
138
|
+
* | | | | - see {@link SvelteKitAdminEndpoints.deleteUser} return | - see {@link SvelteKitAdminEndpoints.deleteUser} event | |
|
|
139
139
|
*/
|
|
140
140
|
export declare class SvelteKitAdminEndpoints {
|
|
141
141
|
private sessionServer;
|
|
@@ -162,7 +162,7 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
162
162
|
* or the empty string.
|
|
163
163
|
* - `skip` the number to start returning from. 0 if not defined
|
|
164
164
|
* - `take` the maximum number to return. 10 if not defined.
|
|
165
|
-
* @param
|
|
165
|
+
* @param searchTerm overrides the search term from the query.
|
|
166
166
|
* @param skip overrides the skip term from the query
|
|
167
167
|
* @param take overrides the take term from the query
|
|
168
168
|
*
|
|
@@ -198,7 +198,7 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
198
198
|
* - `user_*` anything prefixed with `user` that is also in
|
|
199
199
|
* the `userEditableFields` or `adminEditableFields` options
|
|
200
200
|
* passed when constructing the
|
|
201
|
-
* user storage object will be added to the {@link @
|
|
201
|
+
* user storage object will be added to the {@link @crossauth/common!User}
|
|
202
202
|
* object (with `user_` removed).
|
|
203
203
|
*
|
|
204
204
|
* @returns object with:
|
|
@@ -257,7 +257,7 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
257
257
|
* - `repeat_`*secrets* (eg `repeat_password`)
|
|
258
258
|
* - `user_*` anything prefixed with `user` that is also in
|
|
259
259
|
* - the `userEditableFields` option passed when constructing the
|
|
260
|
-
* user storage object will be added to the {@link @
|
|
260
|
+
* user storage object will be added to the {@link @crossauth/common!User}
|
|
261
261
|
* object (with `user_` removed).
|
|
262
262
|
*
|
|
263
263
|
* @returns object with:
|
|
@@ -282,7 +282,6 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
282
282
|
/**
|
|
283
283
|
* Call this to delete the logged-in user
|
|
284
284
|
*
|
|
285
|
-
* @param userid the user to delete
|
|
286
285
|
* @param event the Sveltekit event.
|
|
287
286
|
|
|
288
287
|
* @returns object with:
|
|
@@ -4,7 +4,7 @@ import { RequestEvent, MaybePromise } from '@sveltejs/kit';
|
|
|
4
4
|
/**
|
|
5
5
|
* Options for {@link SvelteKitApiKeyServer }.
|
|
6
6
|
*
|
|
7
|
-
* See {@link
|
|
7
|
+
* See {@link SvelteKitApiKeyServer } constructor for description of parameters
|
|
8
8
|
*/
|
|
9
9
|
export interface SvelteKitApiKeyServerOptions extends ApiKeyManagerOptions {
|
|
10
10
|
/** Pass the Sveltekit redirect function */
|
|
@@ -22,7 +22,7 @@ export interface SvelteKitApiKeyServerOptions extends ApiKeyManagerOptions {
|
|
|
22
22
|
* They can be used in place of username/password login and session cookies.
|
|
23
23
|
*
|
|
24
24
|
* This class adds a `preHandler` hook that sets the `user` field in the
|
|
25
|
-
*
|
|
25
|
+
* SvelteKit request. It also sets `scopes` in the request object if there
|
|
26
26
|
* is a `scope` field in the JSON object in the `data` field in in the API
|
|
27
27
|
* record in key storage.
|
|
28
28
|
*/
|
|
@@ -39,10 +39,9 @@ export declare class SvelteKitApiKeyServer {
|
|
|
39
39
|
/**
|
|
40
40
|
* Constructor
|
|
41
41
|
*
|
|
42
|
-
* @param app the Fastify app instance
|
|
43
42
|
* @param userStorage the user storage with user accounts
|
|
44
43
|
* @param keyStorage the storage for finding API keys
|
|
45
|
-
* @param options See {@link
|
|
44
|
+
* @param options See {@link SvelteKitApiKeyServerOptions}
|
|
46
45
|
*/
|
|
47
46
|
constructor(userStorage: UserStorage, keyStorage: KeyStorage, options?: SvelteKitApiKeyServerOptions);
|
|
48
47
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { CrossauthError, ErrorCode, OAuthTokenResponse, OAuthDeviceAuthorizationResponse } from '@crossauth/common';
|
|
1
|
+
import { CrossauthError, ErrorCode, OAuthTokenResponse, OAuthDeviceAuthorizationResponse, User } from '@crossauth/common';
|
|
2
2
|
import { OAuthClientBackend, OAuthClientOptions } from '@crossauth/backend';
|
|
3
3
|
import { SvelteKitServer } from './sveltekitserver';
|
|
4
|
-
import { RequestEvent } from '@sveltejs/kit';
|
|
4
|
+
import { RequestEvent, MaybePromise } from '@sveltejs/kit';
|
|
5
5
|
|
|
6
6
|
export type SvelteKitErrorFn = (server: SvelteKitServer, event: RequestEvent, ce: CrossauthError) => Promise<Response>;
|
|
7
7
|
/**
|
|
@@ -41,7 +41,7 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
41
41
|
* logged in here at the client.
|
|
42
42
|
*
|
|
43
43
|
* In most cases you can ignore this and use
|
|
44
|
-
* {@link
|
|
44
|
+
* {@link SvelteKitSessionServerOptions.loginProtectedPageEndpoints}
|
|
45
45
|
* to protect the endpoints that begin the flows.
|
|
46
46
|
*
|
|
47
47
|
* See {@link @crossauth/common!OAuthFlows}.
|
|
@@ -54,9 +54,13 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
54
54
|
* @param client the OAuth client
|
|
55
55
|
* @param event the SvelteKit request event
|
|
56
56
|
* @param silent if true, don't return a Response, only JSON or undefined.
|
|
57
|
+
* @param setUserFn if implementing this function you should call this
|
|
58
|
+
* when you receive a valid ID token
|
|
57
59
|
* @returns a Response, JSON or undefined
|
|
58
60
|
*/
|
|
59
|
-
receiveTokenFn?: (oauthResponse: OAuthTokenResponse, client: SvelteKitOAuthClient, event: RequestEvent, silent: boolean
|
|
61
|
+
receiveTokenFn?: (oauthResponse: OAuthTokenResponse, client: SvelteKitOAuthClient, event: RequestEvent, silent: boolean, setUserFn: (event: RequestEvent, token: {
|
|
62
|
+
[key: string]: any;
|
|
63
|
+
}) => Promise<void>) => Promise<Response | TokenReturn | undefined>;
|
|
60
64
|
/**
|
|
61
65
|
* The function to call when there is an OAuth error and
|
|
62
66
|
* {@link SvelteKitOAuthClientOptions.errorResponseType}
|
|
@@ -114,7 +118,7 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
114
118
|
bffSleepMilliseconds?: number;
|
|
115
119
|
/**
|
|
116
120
|
* Endpoints to provide to acces tokens through the BFF mechanism,
|
|
117
|
-
* See {@link
|
|
121
|
+
* See {@link SvelteKitOAuthClient} class documentation for full description.
|
|
118
122
|
*/
|
|
119
123
|
tokenEndpoints?: ("access_token" | "refresh_token" | "id_token" | "have_access_token" | "have_refresh_token" | "have_id_token")[];
|
|
120
124
|
/** Pass the Sveltekit redirect function */
|
|
@@ -130,6 +134,10 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
130
134
|
* not the other, set this variable.
|
|
131
135
|
*/
|
|
132
136
|
validFlows?: string[];
|
|
137
|
+
/**
|
|
138
|
+
* These token types will be treated as JWT. Default all of them
|
|
139
|
+
*/
|
|
140
|
+
jwtTokens?: ("access" | "id" | "refresh")[];
|
|
133
141
|
}
|
|
134
142
|
/**
|
|
135
143
|
* Returned by the authorize endpoint
|
|
@@ -250,6 +258,18 @@ export interface RedirectUriReturn extends OAuthTokenResponse {
|
|
|
250
258
|
* of these endpoints, eg `method`, you set `matchSubUrls` to true, then
|
|
251
259
|
* `method/XXX`, `method/YYY` will match as well as `method`.
|
|
252
260
|
*
|
|
261
|
+
* **Middleware**
|
|
262
|
+
*
|
|
263
|
+
* This class provides middleware that works with the BFF method.
|
|
264
|
+
*
|
|
265
|
+
* If an ID token is saved in the session and it is valid, the following
|
|
266
|
+
* state attributes are set in the request object:
|
|
267
|
+
*
|
|
268
|
+
* - `idPayload` the payload from the ID token
|
|
269
|
+
* - `user` a :class:`crossauth_backend.User` object created from the ID
|
|
270
|
+
* token
|
|
271
|
+
* - `authType` set to `oidc`
|
|
272
|
+
*
|
|
253
273
|
* **Endpoints provided by this class**
|
|
254
274
|
*
|
|
255
275
|
* | Name | Description | PageData (returned by load) or JSON returned by get/post | ActionData (return by actions) | Form fields expected by actions or post/get input data |
|
|
@@ -285,11 +305,11 @@ export interface RedirectUriReturn extends OAuthTokenResponse {
|
|
|
285
305
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
286
306
|
* | allBffEndpoint | BFF resource server request. See class documentation | As per the corresponding resource server endpoint | As per the correspoinding resource server endpoint | As per the corresponding resource server endpoint |
|
|
287
307
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
288
|
-
* | accessTokenEndpoint | For BFF only, return the access token payload or error | JSON of the access token payload | *Not provided* |
|
|
308
|
+
* | accessTokenEndpoint | For BFF only, return the access token payload or error | JSON of the access token payload | *Not provided* | `decode`, default `true` |
|
|
289
309
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
290
|
-
* | refreshTokenEndpoint | For BFF only, return the refresh token payload or error | JSON of the refresh token payload | *Not provided* |
|
|
310
|
+
* | refreshTokenEndpoint | For BFF only, return the refresh token payload or error | JSON of the refresh token payload | *Not provided* | `decode`, default `true` |
|
|
291
311
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
292
|
-
* | idTokenEndpoint | For BFF only, return the id token payload or error | POST: JSON of the id token payload | *Not provided* |
|
|
312
|
+
* | idTokenEndpoint | For BFF only, return the id token payload or error | POST: JSON of the id token payload | *Not provided* | `decode`, default `true` |
|
|
293
313
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
294
314
|
* | havAeccessTokenEndpoint | For BFF only, return whether access token present | POST: `ok` of false or true | *Not provided* | |
|
|
295
315
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
@@ -297,7 +317,7 @@ export interface RedirectUriReturn extends OAuthTokenResponse {
|
|
|
297
317
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
298
318
|
* | haveIdTokenEndpoint | For BFF only, return whether id token present | POST: `ok` of false or true | *Not provided* | |
|
|
299
319
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
300
|
-
* | tokensEndpoint | For BFF only, return a JSON object of all of the above | POST: All of the above, keyed on `access_token`, `have_access_token`, etc. | *Not provided* |
|
|
320
|
+
* | tokensEndpoint | For BFF only, return a JSON object of all of the above | POST: All of the above, keyed on `access_token`, `have_access_token`, etc. | *Not provided* | `decode`, default `true` |
|
|
301
321
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
302
322
|
* | deleteTokensEndpoint | For BFF only, deletes tokens saved for session | POST: `ok` of false or true | `default`: `ok` of false or true | *None* |
|
|
303
323
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
@@ -314,7 +334,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
314
334
|
readonly redirect: any;
|
|
315
335
|
readonly error: any;
|
|
316
336
|
/**
|
|
317
|
-
* See {@link
|
|
337
|
+
* See {@link SvelteKitOAuthClientOptions}
|
|
318
338
|
*/
|
|
319
339
|
loginProtectedFlows: string[];
|
|
320
340
|
private tokenResponseType;
|
|
@@ -325,13 +345,28 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
325
345
|
private tokenEndpoints;
|
|
326
346
|
private bffMaxTries;
|
|
327
347
|
private bffSleepMilliseconds;
|
|
348
|
+
readonly jwtTokens: string[];
|
|
349
|
+
readonly hook: (input: {
|
|
350
|
+
event: RequestEvent;
|
|
351
|
+
}) => MaybePromise<Response | undefined>;
|
|
352
|
+
private testMiddleware;
|
|
353
|
+
private testEvent;
|
|
328
354
|
/**
|
|
329
355
|
* Constructor
|
|
330
|
-
* @param server the {@link
|
|
356
|
+
* @param server the {@link SvelteKitServer} instance
|
|
331
357
|
* @param authServerBaseUrl the `iss` claim in the access token must match this value
|
|
332
|
-
* @param options See {@link
|
|
358
|
+
* @param options See {@link SvelteKitOAuthClientOptions}
|
|
333
359
|
*/
|
|
334
360
|
constructor(server: SvelteKitServer, authServerBaseUrl: string, options: SvelteKitOAuthClientOptions);
|
|
361
|
+
/**
|
|
362
|
+
* If you implement your own function to receive tokens and you use BFF,
|
|
363
|
+
* use this function to set `event.locals.user`.
|
|
364
|
+
* @param event the Sveltekit request event
|
|
365
|
+
* @param token the ID token
|
|
366
|
+
*/
|
|
367
|
+
setEventLocalsUser(event: RequestEvent, token: {
|
|
368
|
+
[key: string]: any;
|
|
369
|
+
}): Promise<void>;
|
|
335
370
|
private passwordPost;
|
|
336
371
|
private passwordMfa;
|
|
337
372
|
private passwordOtp;
|
|
@@ -385,7 +420,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
385
420
|
status: number;
|
|
386
421
|
body?: {
|
|
387
422
|
[key: string]: any;
|
|
388
|
-
};
|
|
423
|
+
} | string;
|
|
389
424
|
}>;
|
|
390
425
|
tokensResponse(event: RequestEvent, token: string | string[]): Promise<Response>;
|
|
391
426
|
private startDeviceCodeFlow_internal;
|
|
@@ -448,6 +483,17 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
448
483
|
access_token?: string | undefined;
|
|
449
484
|
refresh_token?: string | undefined;
|
|
450
485
|
id_token?: string | undefined;
|
|
486
|
+
/**
|
|
487
|
+
* This function is called after successful authorization to pass the
|
|
488
|
+
* new tokens to.
|
|
489
|
+
* @param oauthResponse the response from the OAuth `token` endpoint.
|
|
490
|
+
* @param client the OAuth client
|
|
491
|
+
* @param event the SvelteKit request event
|
|
492
|
+
* @param silent if true, don't return a Response, only JSON or undefined.
|
|
493
|
+
* @param setUserFn if implementing this function you should call this
|
|
494
|
+
* when you receive a valid ID token
|
|
495
|
+
* @returns a Response, JSON or undefined
|
|
496
|
+
*/
|
|
451
497
|
token_type?: string | undefined;
|
|
452
498
|
expires_in?: number | undefined;
|
|
453
499
|
error?: string | undefined;
|
|
@@ -472,6 +518,17 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
472
518
|
access_token?: string | undefined;
|
|
473
519
|
refresh_token?: string | undefined;
|
|
474
520
|
id_token?: string | undefined;
|
|
521
|
+
/**
|
|
522
|
+
* This function is called after successful authorization to pass the
|
|
523
|
+
* new tokens to.
|
|
524
|
+
* @param oauthResponse the response from the OAuth `token` endpoint.
|
|
525
|
+
* @param client the OAuth client
|
|
526
|
+
* @param event the SvelteKit request event
|
|
527
|
+
* @param silent if true, don't return a Response, only JSON or undefined.
|
|
528
|
+
* @param setUserFn if implementing this function you should call this
|
|
529
|
+
* when you receive a valid ID token
|
|
530
|
+
* @returns a Response, JSON or undefined
|
|
531
|
+
*/
|
|
475
532
|
token_type?: string | undefined;
|
|
476
533
|
expires_in?: number | undefined;
|
|
477
534
|
error?: string | undefined;
|
|
@@ -494,6 +551,17 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
494
551
|
access_token?: string | undefined;
|
|
495
552
|
refresh_token?: string | undefined;
|
|
496
553
|
id_token?: string | undefined;
|
|
554
|
+
/**
|
|
555
|
+
* This function is called after successful authorization to pass the
|
|
556
|
+
* new tokens to.
|
|
557
|
+
* @param oauthResponse the response from the OAuth `token` endpoint.
|
|
558
|
+
* @param client the OAuth client
|
|
559
|
+
* @param event the SvelteKit request event
|
|
560
|
+
* @param silent if true, don't return a Response, only JSON or undefined.
|
|
561
|
+
* @param setUserFn if implementing this function you should call this
|
|
562
|
+
* when you receive a valid ID token
|
|
563
|
+
* @returns a Response, JSON or undefined
|
|
564
|
+
*/
|
|
497
565
|
token_type?: string | undefined;
|
|
498
566
|
expires_in?: number | undefined;
|
|
499
567
|
error?: string | undefined;
|
|
@@ -523,7 +591,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
523
591
|
errorMessage?: undefined;
|
|
524
592
|
} | {
|
|
525
593
|
ok: boolean;
|
|
526
|
-
user:
|
|
594
|
+
user: User | undefined;
|
|
527
595
|
csrfToken: string | undefined;
|
|
528
596
|
errorCode: ErrorCode;
|
|
529
597
|
errorCodeName: string;
|
|
@@ -620,14 +688,14 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
620
688
|
readonly accessTokenEndpoint: {
|
|
621
689
|
post: (event: RequestEvent) => Promise<{
|
|
622
690
|
status: number;
|
|
623
|
-
body?: {
|
|
691
|
+
body?: string | {
|
|
624
692
|
[key: string]: any;
|
|
625
693
|
} | undefined;
|
|
626
694
|
}>;
|
|
627
695
|
actions: {
|
|
628
696
|
default: (event: RequestEvent) => Promise<{
|
|
629
697
|
status: number;
|
|
630
|
-
body?: {
|
|
698
|
+
body?: string | {
|
|
631
699
|
[key: string]: any;
|
|
632
700
|
} | undefined;
|
|
633
701
|
}>;
|
|
@@ -638,7 +706,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
638
706
|
actions: {
|
|
639
707
|
default: (event: RequestEvent) => Promise<{
|
|
640
708
|
status: number;
|
|
641
|
-
body?: {
|
|
709
|
+
body?: string | {
|
|
642
710
|
[key: string]: any;
|
|
643
711
|
} | undefined;
|
|
644
712
|
}>;
|
|
@@ -649,7 +717,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
649
717
|
actions: {
|
|
650
718
|
default: (event: RequestEvent) => Promise<{
|
|
651
719
|
status: number;
|
|
652
|
-
body?: {
|
|
720
|
+
body?: string | {
|
|
653
721
|
[key: string]: any;
|
|
654
722
|
} | undefined;
|
|
655
723
|
}>;
|
|
@@ -660,7 +728,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
660
728
|
actions: {
|
|
661
729
|
default: (event: RequestEvent) => Promise<{
|
|
662
730
|
status: number;
|
|
663
|
-
body?: {
|
|
731
|
+
body?: string | {
|
|
664
732
|
[key: string]: any;
|
|
665
733
|
} | undefined;
|
|
666
734
|
}>;
|
|
@@ -671,7 +739,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
671
739
|
actions: {
|
|
672
740
|
default: (event: RequestEvent) => Promise<{
|
|
673
741
|
status: number;
|
|
674
|
-
body?: {
|
|
742
|
+
body?: string | {
|
|
675
743
|
[key: string]: any;
|
|
676
744
|
} | undefined;
|
|
677
745
|
}>;
|
|
@@ -682,7 +750,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
682
750
|
actions: {
|
|
683
751
|
default: (event: RequestEvent) => Promise<{
|
|
684
752
|
status: number;
|
|
685
|
-
body?: {
|
|
753
|
+
body?: string | {
|
|
686
754
|
[key: string]: any;
|
|
687
755
|
} | undefined;
|
|
688
756
|
}>;
|
|
@@ -693,10 +761,11 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
693
761
|
actions: {
|
|
694
762
|
default: (event: RequestEvent) => Promise<{
|
|
695
763
|
status: number;
|
|
696
|
-
body?: {
|
|
764
|
+
body?: string | {
|
|
697
765
|
[key: string]: any;
|
|
698
766
|
} | undefined;
|
|
699
767
|
}>;
|
|
700
768
|
};
|
|
701
769
|
};
|
|
770
|
+
private errorIfIdTokenInvalid;
|
|
702
771
|
}
|
|
@@ -22,7 +22,7 @@ export interface ReturnBase {
|
|
|
22
22
|
}
|
|
23
23
|
/**
|
|
24
24
|
* Return type for {@link SvelteKitUserEndpoints.verifyEmail}
|
|
25
|
-
* {@link SvelteKitUserEndpoints.
|
|
25
|
+
* {@link SvelteKitUserEndpoints.verifyEmailTokenEndpoint} action.
|
|
26
26
|
*
|
|
27
27
|
* See class documentation for {@link SvelteKitUserEndpoints} for more details.
|
|
28
28
|
*/
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { RequestEvent, MaybePromise } from '@sveltejs/kit';
|
|
2
2
|
import { User } from '@crossauth/common';
|
|
3
3
|
import { OAuthResourceServer, UserStorage, OAuthResourceServerOptions, OAuthTokenConsumer } from '@crossauth/backend';
|
|
4
|
+
import { SvelteKitSessionAdapter } from './sveltekitsessionadapter';
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* Options for {@link SvelteKitOAuthResourceServer}
|
|
@@ -13,7 +14,7 @@ export interface SvelteKitOAuthResourceServerOptions extends OAuthResourceServer
|
|
|
13
14
|
userStorage?: UserStorage;
|
|
14
15
|
/**
|
|
15
16
|
* If you enabled `protectedEndpoints` in
|
|
16
|
-
* {@link
|
|
17
|
+
* {@link SvelteKitOAuthResourceServer.constructor}
|
|
17
18
|
* and the access token is invalid, a 401 reply will be sent before
|
|
18
19
|
* your endpoint is hit. This will be the body, Default {}.
|
|
19
20
|
*/
|
|
@@ -31,6 +32,24 @@ export interface SvelteKitOAuthResourceServerOptions extends OAuthResourceServer
|
|
|
31
32
|
acceptSessionAuthorization?: boolean;
|
|
32
33
|
};
|
|
33
34
|
};
|
|
35
|
+
/**
|
|
36
|
+
* Where access tokens may be found (in this order).
|
|
37
|
+
*
|
|
38
|
+
* If this contains `session`, must also provide the session adapter
|
|
39
|
+
*
|
|
40
|
+
* Default `header`
|
|
41
|
+
*/
|
|
42
|
+
tokenLocations?: ("beader" | "session")[];
|
|
43
|
+
/**
|
|
44
|
+
* If tokenLocations contains `session`, tokens are keyed on this name.
|
|
45
|
+
*
|
|
46
|
+
* Default `oauth`
|
|
47
|
+
*/
|
|
48
|
+
sessionDataName?: string;
|
|
49
|
+
/**
|
|
50
|
+
* If `tokenLocations` contains `session`, must provide a session adapter
|
|
51
|
+
*/
|
|
52
|
+
sessionAdapter?: SvelteKitSessionAdapter;
|
|
34
53
|
}
|
|
35
54
|
/**
|
|
36
55
|
* OAuth resource server.
|
|
@@ -40,17 +59,22 @@ export interface SvelteKitOAuthResourceServerOptions extends OAuthResourceServer
|
|
|
40
59
|
*
|
|
41
60
|
* There are two way of using this class. If you don't set
|
|
42
61
|
* `protectedEndpoints` in
|
|
43
|
-
* {@link
|
|
62
|
+
* {@link SvelteKitOAuthResourceServer.constructor}, then in your
|
|
44
63
|
* protected endpoints, call {@link SvelteKitOAuthResourceServer.authorized}
|
|
45
64
|
* to check if the access token is valid and get any user credentials.
|
|
46
65
|
*
|
|
47
66
|
* If you do set `protectedEndpoints` in
|
|
48
67
|
* {@link SvelteKitOAuthResourceServer.constructor}
|
|
49
68
|
* then a hook is created.
|
|
69
|
+
*
|
|
70
|
+
* **Middleware**
|
|
50
71
|
* The hook
|
|
51
72
|
* hook will set the `accessTokenPayload`, `user` and `scope` fields
|
|
52
73
|
* on the event locals based on the content
|
|
53
74
|
* of the access token in the `Authorization` header if it is valid.
|
|
75
|
+
* If a user storage is provided,
|
|
76
|
+
* it will be used to look the user up. Otherwise a minimal user object
|
|
77
|
+
* is created.
|
|
54
78
|
* If it is not valid it will set the `authError` and `authErrorDescription`.
|
|
55
79
|
* If the access token is invalid, or there is an error, a 401 or 500
|
|
56
80
|
* response is sent before executing your endpoint code. As per
|
|
@@ -61,6 +85,9 @@ export declare class SvelteKitOAuthResourceServer extends OAuthResourceServer {
|
|
|
61
85
|
private userStorage?;
|
|
62
86
|
private errorBody;
|
|
63
87
|
private protectedEndpoints;
|
|
88
|
+
private sessionDataName;
|
|
89
|
+
private tokenLocations;
|
|
90
|
+
private sessionAdapter?;
|
|
64
91
|
/**
|
|
65
92
|
* Hook to check if the user is logged in and set data in `locals`
|
|
66
93
|
* accordingly.
|
|
@@ -70,7 +97,7 @@ export declare class SvelteKitOAuthResourceServer extends OAuthResourceServer {
|
|
|
70
97
|
}) => MaybePromise<Response | undefined>;
|
|
71
98
|
/**
|
|
72
99
|
* Constructor
|
|
73
|
-
* @param tokenConsumers the token consumers, one per issuer
|
|
100
|
+
* @param tokenConsumers the token consumers, one per issuer and audience
|
|
74
101
|
* @param options See {@link SvelteKitOAuthResourceServerOptions}
|
|
75
102
|
*/
|
|
76
103
|
constructor(tokenConsumers: OAuthTokenConsumer[], options?: SvelteKitOAuthResourceServerOptions);
|
|
@@ -98,4 +125,6 @@ export declare class SvelteKitOAuthResourceServer extends OAuthResourceServer {
|
|
|
98
125
|
error?: string;
|
|
99
126
|
error_description?: string;
|
|
100
127
|
} | undefined>;
|
|
128
|
+
private tokenFromHeader;
|
|
129
|
+
private tokenFromSession;
|
|
101
130
|
}
|
|
@@ -72,7 +72,7 @@ export type Resolver = (event: RequestEvent, opts?: ResolveOptions) => MaybeProm
|
|
|
72
72
|
* and CSRF cookies. See {@link SvelteKitSessionServer}.
|
|
73
73
|
* - `sessionAdapter` If you are using only the oAuthClient and don't want
|
|
74
74
|
* to use Crossauth's session server, you can implement
|
|
75
|
-
* a minimal {@link
|
|
75
|
+
* a minimal {@link SvelteKitSessionAdapter} instead.
|
|
76
76
|
* - `oAuthAuthServer` OAuth authorization server. See
|
|
77
77
|
* {@link SvelteKitAuthorizationServer}
|
|
78
78
|
* - `oAuthClient` OAuth client. See {@link SvelteKitOAuthClient}.
|
|
@@ -130,7 +130,7 @@ export type Resolver = (event: RequestEvent, opts?: ResolveOptions) => MaybeProm
|
|
|
130
130
|
* **Use in Pages**
|
|
131
131
|
*
|
|
132
132
|
* For instructions about how to use this class in your endpoints, see
|
|
133
|
-
* {@link
|
|
133
|
+
* {@link SvelteKitUserEndpoints} and {@link SvelteKitAdminEndpoints}
|
|
134
134
|
* for cookie-based session management.
|
|
135
135
|
*/
|
|
136
136
|
export declare class SvelteKitServer {
|
|
@@ -168,6 +168,7 @@ export declare class SvelteKitServer {
|
|
|
168
168
|
readonly oAuthClients?: SvelteKitOAuthClient[];
|
|
169
169
|
/** OAuth resource server instance */
|
|
170
170
|
readonly oAuthResServer?: SvelteKitOAuthResourceServer;
|
|
171
|
+
private audience;
|
|
171
172
|
/**
|
|
172
173
|
* Constructor.
|
|
173
174
|
*
|
|
@@ -182,7 +183,7 @@ export declare class SvelteKitServer {
|
|
|
182
183
|
* documentation). The value is an object with a `keyStorage` field
|
|
183
184
|
* which must be present and should be the {@link KeyStorage} instance
|
|
184
185
|
* where API keys are stored. A field called `options` whose
|
|
185
|
-
* value is an {@link
|
|
186
|
+
* value is an {@link SvelteKitApiKeyServerOptions} may also be
|
|
186
187
|
* provided.
|
|
187
188
|
* - `oAuthAuthServer` if passed, instantiate the session server (see class
|
|
188
189
|
* documentation). The value is an object with a `keyStorage` field
|