@crossauth/sveltekit 1.0.1 → 1.1.1

package/dist/tests/sveltesessionhooks.test.js

@@ -0,0 +1,224 @@
+// Copyright (c) 2026 Matthew Baker.  All rights reserved.  Licenced under the Apache Licence 2.0.  See LICENSE file
+import { MockRequestEvent } from './sveltemocks';
+import { JsonOrFormData } from '../utils';
+import { test, expect } from 'vitest';
+import { createSession, makeServer, getCookies, login, loginFactor2, getCsrfToken } from './testshared';
+test('SvelteSessionHooks.hookWithGetNotLoggedIn', async () => {
+    const { server, resolver, handle } = await makeServer();
+    const getRequest = new Request("http://ex.com/test", { method: "GET" });
+    let event = new MockRequestEvent("1", getRequest, { "param1": "value1" });
+    const resp = await handle({ event: event, resolve: resolver.mockResolve });
+    const cookies = getCookies(resp);
+    expect(cookies["CSRFTOKEN"]).toBeDefined();
+    let csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateCsrfCookie(cookies["CSRFTOKEN"]);
+        csrfValid = true;
+    }
+    catch (e) {
+        console.log(e);
+    }
+    expect(csrfValid).toBe(true);
+    expect(event.locals.csrfToken).toBeDefined();
+    csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateDoubleSubmitCsrfToken(cookies["CSRFTOKEN"], event.locals.csrfToken);
+    }
+    catch (e) {
+        console.log(e);
+    }
+});
+test('SvelteSessionHooks.hookWithPostNotLoggedIn', async () => {
+    const { resolver, handle } = await makeServer();
+    const postRequest = new Request("http://ex.com/test", { method: "POST", body: "This is the body" });
+    let event = new MockRequestEvent("1", postRequest, { "param1": "value1" });
+    const resp = await handle({ event: event, resolve: resolver.mockResolve });
+    const cookies = getCookies(resp);
+    expect(cookies["CSRFTOKEN"]).toBeUndefined();
+});
+test('SvelteMocks.hookGetThenPost', async () => {
+    const { server, resolver, handle } = await makeServer();
+    const getRequest = new Request("http://ex.com/test", { method: "GET" });
+    let event = new MockRequestEvent("1", getRequest, { "param1": "value1" });
+    let resp = await handle({ event: event, resolve: resolver.mockResolve });
+    const cookies = getCookies(resp);
+    expect(cookies["CSRFTOKEN"]).toBeDefined();
+    const postRequest = new Request("http://ex.com/test", {
+        method: "POST",
+        body: "csrfToken=" + event.locals.csrfToken,
+        headers: {
+            "cookie": "CSRFTOKEN=" + cookies["CSRFTOKEN"],
+            "content-type": "application/x-www-form-urlencoded",
+        }
+    });
+    event = new MockRequestEvent("1", postRequest, { "param1": "value1" });
+    resp = await handle({ event: event, resolve: resolver.mockResolve });
+    let csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateCsrfCookie(cookies["CSRFTOKEN"]);
+        csrfValid = true;
+    }
+    catch (e) {
+        console.log(e);
+    }
+    expect(csrfValid).toBe(true);
+    expect(event.locals.csrfToken).toBeDefined();
+    csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateDoubleSubmitCsrfToken(cookies["CSRFTOKEN"], event.locals.csrfToken);
+        csrfValid = true;
+    }
+    catch (e) {
+        console.log(e);
+    }
+});
+test('SvelteSessionHooks.formBody', async () => {
+    const postRequest = new Request("http://ex.com/test", {
+        method: "POST",
+        body: "param1=value1&param%262=value+2",
+        headers: {
+            "content-type": "application/x-www-form-urlencoded",
+        }
+    });
+    const event = new MockRequestEvent("1", postRequest, {});
+    const data = new JsonOrFormData();
+    await data.loadData(event);
+    let keys = [...data.keys()];
+    expect(keys.length).toBe(2);
+    expect(["param1", "param&2"]).toContain(keys[0]);
+    expect(["param1", "param&2"]).toContain(keys[1]);
+    expect(data.get("param1")).toBe("value1");
+    expect(data.get("param&2")).toBe("value 2");
+    expect(data.get("X")).toBeUndefined();
+    const obj = data.toObject();
+    expect(obj["param1"]).toBe("value1");
+});
+test('SvelteSessionHooks.jsonBody', async () => {
+    const body = JSON.stringify({ "param1": "value1", "param&2": "value 2" });
+    const postRequest = new Request("http://ex.com/test", {
+        method: "POST",
+        body: body,
+        headers: {
+            "content-type": "application/json",
+        }
+    });
+    const event = new MockRequestEvent("1", postRequest, {});
+    const data = new JsonOrFormData();
+    await data.loadData(event);
+    let keys = [...data.keys()];
+    expect(keys.length).toBe(2);
+    expect(["param1", "param&2"]).toContain(keys[0]);
+    expect(["param1", "param&2"]).toContain(keys[1]);
+    expect(data.get("param1")).toBe("value1");
+    expect(data.get("param&2")).toBe("value 2");
+    expect(data.get("X")).toBeUndefined();
+});
+test('SvelteSessionHooks.hookWithGetIsLoggedIn', async () => {
+    const { server, resolver, handle, userStorage, keyStorage } = await makeServer();
+    const sessionKey = await createSession("bob", userStorage, keyStorage);
+    const getRequest = new Request("http://ex.com/test", {
+        method: "GET", headers: {
+            "cookie": sessionKey.cookie.name + "=" + sessionKey.cookie.value,
+        }
+    });
+    let event = new MockRequestEvent("1", getRequest, { "param1": "value1" });
+    const resp = await handle({ event: event, resolve: resolver.mockResolve });
+    const cookies = getCookies(resp);
+    expect(cookies["CSRFTOKEN"]).toBeDefined();
+    let csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateCsrfCookie(cookies["CSRFTOKEN"]);
+        csrfValid = true;
+    }
+    catch (e) {
+        console.log(e);
+    }
+    expect(csrfValid).toBe(true);
+    expect(event.locals.csrfToken).toBeDefined();
+    expect(event.locals.user).toBeDefined();
+    expect(event.locals.user?.username).toBe("bob");
+    csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateDoubleSubmitCsrfToken(cookies["CSRFTOKEN"], event.locals.csrfToken);
+    }
+    catch (e) {
+        console.log(e);
+    }
+});
+test('SvelteSessionHooks.loginProtectedNotLoggedIn', async () => {
+    const { server, resolver, handle } = await makeServer();
+    let getRequest = new Request("http://ex.com/account", { method: "GET" });
+    let event = new MockRequestEvent("1", getRequest, { "param1": "value1" });
+    let resp = await handle({ event: event, resolve: resolver.mockResolve });
+    expect(resp.status).toBe(302);
+    expect(resp.headers.get('location')).toContain("/login");
+    // log in
+    let { event: loginEvent } = await login(server, resolver, handle);
+    // try again now that we are logged in
+    event.request = getRequest;
+    resp = await handle({ event: loginEvent, resolve: resolver.mockResolve });
+    expect(resp.status).toBe(200);
+});
+test('SvelteSessionHooks.login2FA', async () => {
+    const { server, resolver, handle } = await makeServer();
+    // log in
+    let resp = await login(server, resolver, handle, "alice", "alicePass123");
+    const loginEvent = resp.event;
+    const sessionCookie = loginEvent.cookies.get("SESSIONID");
+    let ret = resp.ret;
+    expect(ret?.factor2Required).toBe(true);
+    const sessionId = server.sessionServer?.sessionManager.getSessionId(sessionCookie ?? "");
+    resp = await loginFactor2(server, resolver, handle, sessionCookie ?? "", sessionId ?? "");
+    ret = resp.ret;
+    expect(ret?.ok).toBe(true);
+    expect(ret?.user?.username).toBe("alice");
+});
+test('SvelteSessionHooks.visitPage2FA', async () => {
+    const { server, resolver, handle } = await makeServer();
+    // log in
+    let resp = await login(server, resolver, handle, "alice", "alicePass123");
+    let loginEvent = resp.event;
+    let sessionCookieValue = loginEvent.cookies.get("SESSIONID");
+    let ret = resp.ret;
+    expect(ret?.factor2Required).toBe(true);
+    let sessionId = server.sessionServer?.sessionManager.getSessionId(sessionCookieValue ?? "");
+    resp = await loginFactor2(server, resolver, handle, sessionCookieValue ?? "", sessionId ?? "");
+    loginEvent = resp.event;
+    ret = resp.ret;
+    expect(ret?.ok).toBe(true);
+    expect(ret?.user?.username).toBe("alice");
+    const { csrfToken, csrfCookieValue } = await getCsrfToken(server, resolver, handle);
+    // visit factor2-protected page
+    let postRequest = new Request("http://ex.com/factor2protected", {
+        method: "POST",
+        body: "csrfToken=" + csrfToken + "&param1=value1",
+        headers: {
+            "cookie": "CSRFTOKEN=" + csrfCookieValue,
+            "content-type": "application/x-www-form-urlencoded",
+        }
+    });
+    let event = new MockRequestEvent("1", postRequest, {});
+    event.locals.csrfToken = csrfToken;
+    event.locals.user = ret?.user;
+    sessionCookieValue = loginEvent.cookies.get("SESSIONID");
+    event.cookies.set("SESSIONID", sessionCookieValue ?? "", { path: "/" });
+    //sessionId = loginEvent.locals.sessionId;
+    sessionId = server.sessionServer?.sessionManager.getSessionId(sessionCookieValue ?? "");
+    event.locals.sessionId = sessionId;
+    let resp1 = await handle({ event: event, resolve: resolver.mockResolve });
+    expect(resp1.status).toBe(302);
+    expect(resp1.headers.get("location")).toBe("/factor2/");
+    // submit factor2
+    postRequest = new Request("http://ex.com/factor2protected", {
+        method: "POST",
+        body: "csrfToken=" + csrfToken + "&otp=0000",
+        headers: [
+            ["cookie", "CSRFTOKEN=" + csrfCookieValue],
+            ["cookie", "SESSIONID=" + sessionCookieValue],
+            ["content-type", "application/x-www-form-urlencoded"],
+        ]
+    });
+    event = new MockRequestEvent("1", postRequest, {});
+    resp1 = await handle({ event: event, resolve: resolver.mockResolve });
+    expect(resp1.status).toBe(200);
+});

package/dist/tests/testshared.d.ts

@@ -1,14 +1,14 @@
 import { MockResolver, MockRequestEvent } from './sveltemocks';
 import { SvelteKitServer } from '../sveltekitserver';
-import { OAuthAuthorizationServer, InMemoryKeyStorage, InMemoryUserStorage, InMemoryOAuthClientStorage, LocalPasswordAuthenticator, ApiKeyManager } from '@crossauth/backend';
-import { OpenIdConfiguration, OAuthClient } from '@crossauth/common';
-import { Handle } from '@sveltejs/kit';
-
+import { OAuthAuthorizationServer } from '@crossauth/backend';
+import { type OpenIdConfiguration, type OAuthClient } from '@crossauth/common';
+import { InMemoryKeyStorage, InMemoryUserStorage, InMemoryOAuthClientStorage, LocalPasswordAuthenticator, ApiKeyManager } from '@crossauth/backend';
+import type { Handle } from '@sveltejs/kit';
 export declare const oidcConfiguration: OpenIdConfiguration;
 export declare function createUsers(userStorage: InMemoryUserStorage): Promise<void>;
 export declare function createSession(userid: string, userStorage: InMemoryUserStorage, keyStorage: InMemoryKeyStorage, options?: {}): Promise<{
-    key: import('@crossauth/common').Key;
-    cookie: import('@crossauth/backend').Cookie;
+    key: import("@crossauth/common").Key;
+    cookie: import("@crossauth/backend").Cookie;
 }>;
 export declare function createClients(clientStorage: InMemoryOAuthClientStorage, secretRequired?: boolean): Promise<OAuthClient>;
 export declare function makeServer(makeSession?: boolean, makeApiKey?: boolean, makeOAuthServer?: boolean, makeOAuthClient?: boolean, options?: {}): Promise<{
@@ -32,13 +32,13 @@ export declare function login(server: SvelteKitServer, resolver: MockResolver, h
     event: MockRequestEvent<{
         param1: string;
     }, "1">;
-    ret: import('..').LoginReturn | undefined;
+    ret: import("..").LoginReturn | undefined;
 }>;
 export declare function loginFactor2(server: SvelteKitServer, resolver: MockResolver, handle: Handle, sessionCookieValue: string, sessionId: string): Promise<{
     event: MockRequestEvent<{
         param1: string;
     }, "1">;
-    ret: import('..').LoginReturn | undefined;
+    ret: import("..").LoginReturn | undefined;
 }>;
 export declare function getAuthServer({ aud, persistAccessToken, emptyScopeIsValid, secretRequired, rollingRefreshToken, }?: {
     challenge?: boolean;

package/dist/tests/testshared.js

@@ -0,0 +1,344 @@
+// Copyright (c) 2026 Matthew Baker.  All rights reserved.  Licenced under the Apache Licence 2.0.  See LICENSE file
+import { MockResolver, MockRequestEvent } from './sveltemocks';
+import { SvelteKitServer } from '../sveltekitserver';
+import { OAuthAuthorizationServer } from '@crossauth/backend';
+import {} from '@crossauth/common';
+import { test, expect } from 'vitest';
+import { InMemoryKeyStorage, InMemoryUserStorage, InMemoryOAuthClientStorage, InMemoryOAuthAuthorizationStorage, LocalPasswordAuthenticator, Crypto, DummyFactor2Authenticator, SessionCookie, EmailAuthenticator, ApiKeyManager } from '@crossauth/backend';
+import { OAuthFlows } from '@crossauth/common';
+import fs from 'node:fs';
+export const oidcConfiguration = {
+    issuer: "http://server.com",
+    authorization_endpoint: "http://server.com/authorize",
+    token_endpoint: "http://server.com/token",
+    token_endpoint_auth_methods_supported: ["client_secret_post"],
+    jwks_uri: "http://server.com/jwks",
+    response_types_supported: ["code"],
+    response_modes_supported: ["query"],
+    grant_types_supported: ["authorization_code", "client_credentials", "password", "refresh_token", "http://auth0.com/oauth/grant-type/mfa-otp", "http://auth0.com/oauth/grant-type/mfa-oob", "urn:ietf:params:oauth:grant-type:device_code"],
+    token_endpoint_auth_signing_alg_values_supported: ["RS256"],
+    subject_types_supported: ["public"],
+    id_token_signing_alg_values_supported: ["RS256"],
+    claims_supported: ["iss", "sub", "aud", "jti", "iat", "type"],
+    request_uri_parameter_supported: true,
+    require_request_uri_registration: true,
+};
+export async function createUsers(userStorage) {
+    let authenticator = new LocalPasswordAuthenticator(userStorage, { pbkdf2Iterations: 1_000 });
+    await Promise.all([
+        userStorage.createUser({
+            username: "bob",
+            email: "bob@bob.com",
+            state: "active",
+            factor1: "localpassword"
+        }, {
+            password: await authenticator.createPasswordHash("bobPass123")
+        }),
+        userStorage.createUser({
+            username: "alice",
+            email: "alice@alice.com",
+            state: "active",
+            factor1: "localpassword",
+            factor2: "dummyFactor2"
+        }, {
+            password: await authenticator.createPasswordHash("alicePass123")
+        }),
+        userStorage.createUser({
+            username: "admin",
+            email: "admin@admin.com",
+            state: "active",
+            factor1: "localpassword",
+            admin: true
+        }, {
+            password: await authenticator.createPasswordHash("adminPass123")
+        }),
+    ]);
+}
+export async function createSession(userid, userStorage, keyStorage, options = {}) {
+    let sessionCookie = new SessionCookie(keyStorage, { userStorage, ...options });
+    const key = await sessionCookie.createSessionKey(userid);
+    const cookie = sessionCookie.makeCookie(key);
+    return { key, cookie };
+}
+export async function createClients(clientStorage, secretRequired = true) {
+    const client_secret = await Crypto.passwordHash("DEF", {
+        encode: true,
+        iterations: 1000,
+        keyLen: 32,
+    });
+    let client = {
+        client_id: "ABC",
+        client_secret: secretRequired ? client_secret : undefined,
+        client_name: "Test",
+        confidential: secretRequired,
+        redirect_uri: ["http://example.com/redirect"],
+        valid_flow: OAuthFlows.allFlows(),
+    };
+    const retClient = client;
+    await clientStorage.createClient(client);
+    client = {
+        client_id: "bob_ABC",
+        client_secret: secretRequired ? client_secret : undefined,
+        client_name: "Test",
+        confidential: secretRequired,
+        redirect_uri: ["http://example.com/redirect"],
+        valid_flow: OAuthFlows.allFlows(),
+        userid: "bob",
+    };
+    await clientStorage.createClient(client);
+    return retClient;
+}
+function redirect(status, location) {
+    throw { status, location };
+}
+;
+function error(status, text) {
+    throw { status, text, message: text };
+}
+;
+export async function makeServer(makeSession = true, makeApiKey = false, makeOAuthServer = false, makeOAuthClient = false, options = {}) {
+    const keyStorage = new InMemoryKeyStorage();
+    const userStorage = new InMemoryUserStorage();
+    const clientStorage = new InMemoryOAuthClientStorage();
+    const authStorage = new InMemoryOAuthAuthorizationStorage();
+    if (makeOAuthServer)
+        await createClients(clientStorage);
+    const authenticator = new LocalPasswordAuthenticator(userStorage);
+    let dummyFactor2Authenticator = new DummyFactor2Authenticator("0000");
+    let emailAuthenticator = new EmailAuthenticator();
+    await createUsers(userStorage);
+    await createClients(clientStorage);
+    let session = makeSession ? {
+        keyStorage: keyStorage,
+        options: {
+            allowedFactor2: ["none", "dummyFactor2"],
+        }
+    } : undefined;
+    let apiKey = makeApiKey ? {
+        keyStorage: keyStorage
+    } : undefined;
+    let oAuthAuthServer = makeOAuthServer ? {
+        clientStorage,
+        keyStorage,
+        authenticators: {
+            localpassword: authenticator,
+            dummyFactor2: dummyFactor2Authenticator,
+            email: emailAuthenticator,
+        },
+        options: {
+            userStorage,
+            authStorage,
+            deviceCodeVerificationUri: "http://localhost:5174/device",
+            userCodeThrottle: 0,
+        }
+    } : undefined;
+    let oAuthClient = makeOAuthClient ? {
+        authServerBaseUrl: "http://server.com",
+    } : undefined;
+    const server = new SvelteKitServer({
+        session: session,
+        apiKey: apiKey,
+        oAuthAuthServer: oAuthAuthServer,
+        oAuthClient: oAuthClient,
+        options: {
+            userStorage,
+            clientStorage,
+            authenticators: {
+                localpassword: authenticator,
+                dummyFactor2: dummyFactor2Authenticator,
+                email: emailAuthenticator,
+            },
+            secret: "ABCDEFG",
+            loginProtectedPageEndpoints: ["/account"],
+            factor2ProtectedPageEndpoints: ["/factor2protected"],
+            validScopes: ["read", "write"],
+            jwtKeyType: "RS256",
+            jwtPublicKeyFile: "keys/rsa-public-key.pem",
+            jwtPrivateKeyFile: "keys/rsa-private-key.pem",
+            tokenResponseType: "sendJson",
+            errorResponseType: "sendJson",
+            client_id: "ABC",
+            client_secret: "DEF",
+            redirect_uri: "http://example.com/redirect",
+            validFlows: ["all"], // activate all OAuth flows
+            bffEndpointName: "/bff",
+            bffBaseUrl: "http://server.com",
+            bffEndpoints: [
+                { url: "method1", methods: ["GET"], matchSubUrls: false },
+                { url: "method2", methods: ["GET"], matchSubUrls: true },
+            ],
+            tokenEndpoints: [
+                "access_token",
+                "have_access_token",
+                "id_token",
+                "have_id_token",
+            ],
+            redirect,
+            error,
+            ...options,
+        }
+    });
+    const handle = server.hooks;
+    const resolver = new MockResolver("Response");
+    const apiKeyManager = makeApiKey ? new ApiKeyManager(keyStorage, { secret: "ABCDEFG", }) : undefined;
+    return { server, resolver, handle, keyStorage, userStorage, authenticator, apiKeyManager, clientStorage };
+}
+export function getCookies(resp) {
+    let cookies = {};
+    for (let pair of resp.headers) {
+        if (pair[0] == "set-cookie") {
+            const parts = pair[1].split("=", 2);
+            const semiColon = parts[1].indexOf(";");
+            if (semiColon > -1) {
+                const value = parts[1].substring(0, semiColon).trim();
+                if (value.length > 0)
+                    cookies[parts[0]] = value;
+            }
+            else {
+                cookies[parts[0]] = parts[1];
+            }
+        }
+    }
+    /*
+    const cookieHeaders = resp.headers.getSetCookie();
+    let cookies : {[key:string]:string} = {};
+    for (let cookie of cookieHeaders) {
+        const parts = cookie.split("=", 2);
+        const semiColon = parts[1].indexOf(";");
+        if (semiColon > -1) {
+            const value = parts[1].substring(0, semiColon).trim();
+            if (value.length > 0) cookies[parts[0]] = value;
+        } else {
+            cookies[parts[0]] = parts[1];
+        }
+    }*/
+    return cookies;
+}
+export async function getCsrfToken(server, resolver, handle) {
+    const getRequest = new Request("http://ex.com/test", { method: "GET" });
+    let event = new MockRequestEvent("1", getRequest, { "param1": "value1" });
+    const resp = await handle({ event: event, resolve: resolver.mockResolve });
+    /*const cookieNames = resp.headers.getSetCookie().map((el) => el.split("=")[0]);
+    expect(cookieNames.length).toBe(2);
+    expect(["TESTCOOKIE", "CSRFTOKEN"]).toContain(cookieNames[0]);*/
+    const cookies = getCookies(resp);
+    expect(cookies["CSRFTOKEN"]).toBeDefined();
+    let csrfValid = false;
+    try {
+        server.sessionServer?.sessionManager.validateCsrfCookie(cookies["CSRFTOKEN"]);
+        csrfValid = true;
+    }
+    catch (e) {
+        console.log(e);
+    }
+    expect(csrfValid).toBe(true);
+    expect(event.locals.csrfToken).toBeDefined();
+    return {
+        csrfToken: event.locals.csrfToken,
+        csrfCookieValue: cookies["CSRFTOKEN"]
+    };
+}
+export async function login(server, resolver, handle, user = "bob", password = "bobPass123") {
+    const { csrfToken, csrfCookieValue } = await getCsrfToken(server, resolver, handle);
+    const postRequest = new Request("http://ex.com/test", {
+        method: "POST",
+        body: "csrfToken=" + csrfToken + "&username=" + user + "&password=" + password,
+        headers: {
+            "cookie": "CSRFTOKEN=" + csrfCookieValue,
+            "content-type": "application/x-www-form-urlencoded",
+        }
+    });
+    let event = new MockRequestEvent("1", postRequest, { "param1": "value1" });
+    event.locals.csrfToken = csrfToken;
+    const ret = await server.sessionServer?.userEndpoints.login(event);
+    expect(ret?.user?.username).toBe(user);
+    expect(event.cookies.get("SESSIONID")).toBeDefined();
+    return { event, ret };
+}
+;
+export async function loginFactor2(server, resolver, handle, sessionCookieValue, sessionId) {
+    const { csrfToken, csrfCookieValue } = await getCsrfToken(server, resolver, handle);
+    const postRequest = new Request("http://ex.com/test", {
+        method: "POST",
+        body: "csrfToken=" + csrfToken + "&otp=0000",
+        headers: [
+            ["set-cookie", "CSRFTOKEN=" + csrfCookieValue],
+            ["set-cookie", "SESSIONID=" + sessionCookieValue],
+            ["content-type", "application/x-www-form-urlencoded"],
+        ]
+    });
+    let event = new MockRequestEvent("1", postRequest, { "param1": "value1" });
+    event.locals.csrfToken = csrfToken;
+    event.locals.sessionId = sessionId;
+    const ret = await server.sessionServer?.userEndpoints.loginFactor2(event);
+    return { event, ret };
+}
+;
+export async function getAuthServer({ aud, persistAccessToken, emptyScopeIsValid, secretRequired, rollingRefreshToken, } = {}) {
+    const clientStorage = new InMemoryOAuthClientStorage();
+    const client = await createClients(clientStorage, secretRequired == undefined || secretRequired == true);
+    const privateKey = fs.readFileSync("keys/rsa-private-key.pem", 'utf8');
+    const userStorage = new InMemoryUserStorage();
+    await createUsers(userStorage);
+    const lpAuthenticator = new LocalPasswordAuthenticator(userStorage);
+    const dummyFactor2 = new DummyFactor2Authenticator("0000");
+    const authenticators = {
+        "localpassword": lpAuthenticator,
+        "dummyFactor2": dummyFactor2,
+    };
+    let options = {
+        jwtKeyType: "RS256",
+        jwtPrivateKey: privateKey,
+        jwtPublicKeyFile: "keys/rsa-public-key.pem",
+        validateScopes: true,
+        validScopes: ["read", "write"],
+        issueRefreshToken: true,
+        emptyScopeIsValid: emptyScopeIsValid,
+        validFlows: ["all"],
+        userStorage,
+        authStorage: new InMemoryOAuthAuthorizationStorage(),
+    };
+    if (aud)
+        options.audience = aud;
+    if (persistAccessToken) {
+        options.persistAccessToken = true;
+    }
+    if (rollingRefreshToken != undefined)
+        options.rollingRefreshToken = rollingRefreshToken;
+    const keyStorage = new InMemoryKeyStorage();
+    const authServer = new OAuthAuthorizationServer(clientStorage, keyStorage, authenticators, options);
+    return { client, clientStorage, authServer, keyStorage, userStorage };
+}
+export async function getAuthorizationCode({ challenge, aud, persistAccessToken, rollingRefreshToken, } = {}) {
+    const secretRequired = challenge == undefined;
+    const { client, clientStorage, authServer, keyStorage, userStorage } = await getAuthServer({ challenge, aud, persistAccessToken, secretRequired, rollingRefreshToken });
+    const { user } = await userStorage.getUserByUsername("bob");
+    const inputState = "ABCXYZ";
+    let codeChallenge;
+    const codeVerifier = "ABC123";
+    if (challenge)
+        codeChallenge = Crypto.hash(codeVerifier);
+    const { code, error, error_description } = await authServer.authorizeGetEndpoint({
+        responseType: "code",
+        client_id: client.client_id,
+        redirect_uri: client.redirect_uri[0],
+        scope: "read write",
+        state: inputState,
+        codeChallenge: codeChallenge,
+        user
+    });
+    expect(error).toBeUndefined();
+    expect(error_description).toBeUndefined();
+    return { code, client, clientStorage, authServer, keyStorage };
+}
+export async function getAccessToken() {
+    const { authServer, client, code, clientStorage } = await getAuthorizationCode();
+    const { access_token, error, error_description, refresh_token, expires_in } = await authServer.tokenEndpoint({
+        grantType: "authorization_code",
+        client_id: client.client_id,
+        code: code,
+        client_secret: "DEF"
+    });
+    return { authServer, client, code, clientStorage, access_token, error, error_description, refresh_token, expires_in };
+}
+;

package/dist/utils.d.ts

@@ -1,5 +1,4 @@
-import { RequestEvent } from '@sveltejs/kit';
-
+import type { RequestEvent } from '@sveltejs/kit';
 export declare class ObjectIterator implements IterableIterator<[string, string]> {
     values: string[];
     keys: string[];