@dainprotocol/oauth2-token-manager 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +237 -627
- package/dist/index.cjs +2 -2
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +119 -579
- package/dist/index.d.ts +119 -579
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/package.json +28 -31
package/dist/index.d.cts
CHANGED
|
@@ -24,138 +24,61 @@ interface OAuth2Token {
|
|
|
24
24
|
createdAt?: number;
|
|
25
25
|
raw?: Record<string, any>;
|
|
26
26
|
}
|
|
27
|
-
interface User {
|
|
28
|
-
id: string;
|
|
29
|
-
systemId: string;
|
|
30
|
-
metadata?: Record<string, any>;
|
|
31
|
-
createdAt: Date;
|
|
32
|
-
updatedAt: Date;
|
|
33
|
-
}
|
|
34
|
-
interface UserToken {
|
|
35
|
-
id: string;
|
|
36
|
-
userId: string;
|
|
37
|
-
systemId: string;
|
|
38
|
-
scopeId: string;
|
|
39
|
-
provider: string;
|
|
40
|
-
email?: string;
|
|
41
|
-
token: OAuth2Token;
|
|
42
|
-
createdAt: Date;
|
|
43
|
-
updatedAt: Date;
|
|
44
|
-
}
|
|
45
|
-
interface System {
|
|
46
|
-
id: string;
|
|
47
|
-
name: string;
|
|
48
|
-
description?: string;
|
|
49
|
-
scopes: Scope[];
|
|
50
|
-
metadata?: Record<string, any>;
|
|
51
|
-
createdAt: Date;
|
|
52
|
-
updatedAt: Date;
|
|
53
|
-
}
|
|
54
|
-
interface Scope {
|
|
55
|
-
id: string;
|
|
56
|
-
systemId: string;
|
|
57
|
-
name: string;
|
|
58
|
-
type: 'authentication' | 'access' | 'custom';
|
|
59
|
-
permissions: string[];
|
|
60
|
-
isolated: boolean;
|
|
61
|
-
metadata?: Record<string, any>;
|
|
62
|
-
}
|
|
63
27
|
interface AuthorizationState {
|
|
64
28
|
state: string;
|
|
65
29
|
codeVerifier?: string;
|
|
66
30
|
config: OAuth2Config;
|
|
67
|
-
|
|
31
|
+
createdAt: Date;
|
|
68
32
|
metadata?: Record<string, any>;
|
|
69
33
|
}
|
|
70
34
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
35
|
+
/**
|
|
36
|
+
* Simplified storage adapter interface
|
|
37
|
+
* Only stores tokens with provider, userId, and email as key fields
|
|
38
|
+
* Enforces uniqueness on provider + email combination
|
|
39
|
+
*/
|
|
40
|
+
interface StorageAdapter {
|
|
41
|
+
saveToken(input: SaveTokenInput): Promise<StoredToken>;
|
|
42
|
+
getToken(provider: string, email: string): Promise<StoredToken | null>;
|
|
43
|
+
getTokenById(id: string): Promise<StoredToken | null>;
|
|
44
|
+
getTokensByUserId(userId: string): Promise<StoredToken[]>;
|
|
45
|
+
getTokensByEmail(email: string): Promise<StoredToken[]>;
|
|
46
|
+
getTokensByProvider(provider: string): Promise<StoredToken[]>;
|
|
47
|
+
updateToken(id: string, update: UpdateTokenInput): Promise<StoredToken | null>;
|
|
48
|
+
deleteToken(id: string): Promise<boolean>;
|
|
49
|
+
deleteTokenByProviderEmail(provider: string, email: string): Promise<boolean>;
|
|
50
|
+
deleteExpiredTokens(): Promise<number>;
|
|
51
|
+
saveAuthorizationState(state: Omit<AuthorizationState, 'createdAt'>): Promise<AuthorizationState>;
|
|
52
|
+
getAuthorizationState(state: string): Promise<AuthorizationState | null>;
|
|
53
|
+
deleteAuthorizationState(state: string): Promise<boolean>;
|
|
54
|
+
cleanupExpiredStates(): Promise<number>;
|
|
76
55
|
}
|
|
77
|
-
interface
|
|
56
|
+
interface StoredToken {
|
|
78
57
|
id: string;
|
|
79
|
-
userId: string;
|
|
80
|
-
systemId: string;
|
|
81
|
-
scopeId: string;
|
|
82
58
|
provider: string;
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
expiresIn?: number;
|
|
88
|
-
tokenType: string;
|
|
89
|
-
scope?: string;
|
|
90
|
-
createdAt?: number;
|
|
91
|
-
raw?: Record<string, any>;
|
|
92
|
-
};
|
|
59
|
+
userId: string;
|
|
60
|
+
email: string;
|
|
61
|
+
token: OAuth2Token;
|
|
62
|
+
metadata?: Record<string, any>;
|
|
93
63
|
createdAt: Date;
|
|
94
64
|
updatedAt: Date;
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
65
|
+
}
|
|
66
|
+
interface SaveTokenInput {
|
|
67
|
+
provider: string;
|
|
68
|
+
userId: string;
|
|
69
|
+
email: string;
|
|
70
|
+
token: OAuth2Token;
|
|
71
|
+
metadata?: Record<string, any>;
|
|
72
|
+
}
|
|
73
|
+
interface UpdateTokenInput {
|
|
74
|
+
token?: OAuth2Token;
|
|
75
|
+
metadata?: Record<string, any>;
|
|
101
76
|
}
|
|
102
77
|
interface ProfileBasedTokenOptions {
|
|
103
78
|
checkProfileEmail?: boolean;
|
|
104
79
|
replaceConflictingTokens?: boolean;
|
|
105
80
|
mergeUserData?: boolean;
|
|
106
81
|
}
|
|
107
|
-
interface StorageAdapter {
|
|
108
|
-
createSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
|
|
109
|
-
getSystem(id: string): Promise<System | null>;
|
|
110
|
-
updateSystem(id: string, system: Partial<System>): Promise<System>;
|
|
111
|
-
deleteSystem(id: string): Promise<void>;
|
|
112
|
-
listSystems(): Promise<System[]>;
|
|
113
|
-
createScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
|
|
114
|
-
getScope(id: string): Promise<Scope | null>;
|
|
115
|
-
getScopesBySystem(systemId: string): Promise<Scope[]>;
|
|
116
|
-
updateScope(id: string, scope: Partial<Scope>): Promise<Scope>;
|
|
117
|
-
deleteScope(id: string): Promise<void>;
|
|
118
|
-
createUser(user: Omit<User, 'id' | 'createdAt' | 'updatedAt'>): Promise<User>;
|
|
119
|
-
getOrCreateUser(input: CreateUserInput): Promise<User>;
|
|
120
|
-
findUserByEmail(systemId: string, email: string): Promise<User | null>;
|
|
121
|
-
findUserByExternalId(systemId: string, externalId: string): Promise<User | null>;
|
|
122
|
-
getUser(id: string): Promise<User | null>;
|
|
123
|
-
getUsersBySystem(systemId: string): Promise<User[]>;
|
|
124
|
-
updateUser(id: string, user: Partial<User>): Promise<User>;
|
|
125
|
-
deleteUser(id: string): Promise<void>;
|
|
126
|
-
saveToken(token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
|
|
127
|
-
saveTokenWithEmailValidation(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
|
|
128
|
-
getTokensByUser(userId: string): Promise<UserToken[]>;
|
|
129
|
-
getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
|
|
130
|
-
getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
|
|
131
|
-
getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
|
|
132
|
-
getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
133
|
-
getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
|
|
134
|
-
getTokensBySystem(systemId: string): Promise<UserToken[]>;
|
|
135
|
-
findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
|
|
136
|
-
findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
137
|
-
findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
|
|
138
|
-
findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
|
|
139
|
-
getTokensByUserWithProfile(userId: string): Promise<UserTokenWithProfile[]>;
|
|
140
|
-
getTokensByUserAndScopeWithProfile(userId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
|
|
141
|
-
getTokensByUserAndProviderWithProfile(userId: string, provider: string): Promise<UserTokenWithProfile[]>;
|
|
142
|
-
getTokensByUserScopeProviderWithProfile(userId: string, scopeId: string, provider: string): Promise<UserTokenWithProfile[]>;
|
|
143
|
-
getTokensByScopeWithProfile(systemId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
|
|
144
|
-
getTokensBySystemWithProfile(systemId: string): Promise<UserTokenWithProfile[]>;
|
|
145
|
-
findTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<UserToken[]>;
|
|
146
|
-
hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
|
|
147
|
-
replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, newToken: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
|
|
148
|
-
getTokenById(id: string): Promise<UserToken | null>;
|
|
149
|
-
updateToken(id: string, token: Partial<UserToken>): Promise<UserToken>;
|
|
150
|
-
deleteToken(id: string): Promise<void>;
|
|
151
|
-
deleteTokensByUser(userId: string): Promise<void>;
|
|
152
|
-
deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
|
|
153
|
-
deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
|
|
154
|
-
saveAuthorizationState(state: AuthorizationState): Promise<void>;
|
|
155
|
-
getAuthorizationState(state: string): Promise<AuthorizationState | null>;
|
|
156
|
-
deleteAuthorizationState(state: string): Promise<void>;
|
|
157
|
-
cleanupExpiredStates(expiryMs: number): Promise<void>;
|
|
158
|
-
}
|
|
159
82
|
|
|
160
83
|
interface UserProfile {
|
|
161
84
|
email: string;
|
|
@@ -179,190 +102,17 @@ interface ProfileFetcher {
|
|
|
179
102
|
getProfileEndpoint(): string;
|
|
180
103
|
}
|
|
181
104
|
|
|
182
|
-
interface AuthorizationUrlStrategy {
|
|
183
|
-
generateAuthorizationUrl(config: OAuth2Config, state: string, codeChallenge?: string): string;
|
|
184
|
-
}
|
|
185
|
-
|
|
186
|
-
interface TokenExchangeStrategy {
|
|
187
|
-
exchangeCodeForToken(code: string, config: OAuth2Config, codeVerifier?: string): Promise<OAuth2Token>;
|
|
188
|
-
refreshToken(refreshToken: string, config: OAuth2Config): Promise<OAuth2Token>;
|
|
189
|
-
}
|
|
190
|
-
|
|
191
|
-
declare abstract class BaseProfileFetcher {
|
|
192
|
-
protected profileEndpoint: string;
|
|
193
|
-
constructor(profileEndpoint: string);
|
|
194
|
-
/**
|
|
195
|
-
* Fetch user profile information from the OAuth provider
|
|
196
|
-
* @param accessToken The OAuth access token
|
|
197
|
-
* @returns Promise resolving to standardized user profile
|
|
198
|
-
*/
|
|
199
|
-
fetchUserInfo(accessToken: string): Promise<UserProfile>;
|
|
200
|
-
/**
|
|
201
|
-
* Map the raw API response to our standardized UserProfile structure
|
|
202
|
-
* Override this method to customize mapping for different providers
|
|
203
|
-
*/
|
|
204
|
-
protected abstract mapToUserProfile(rawData: any): UserProfile;
|
|
205
|
-
/**
|
|
206
|
-
* Get additional headers if needed for the profile request
|
|
207
|
-
* Override this method to add provider-specific headers
|
|
208
|
-
*/
|
|
209
|
-
protected getAdditionalHeaders(): Record<string, string>;
|
|
210
|
-
/**
|
|
211
|
-
* Get the profile endpoint URL
|
|
212
|
-
*/
|
|
213
|
-
getEndpoint(): string;
|
|
214
|
-
}
|
|
215
|
-
|
|
216
|
-
declare abstract class OAuth2Provider {
|
|
217
|
-
protected config: OAuth2Config;
|
|
218
|
-
protected authUrlStrategy: AuthorizationUrlStrategy;
|
|
219
|
-
protected tokenStrategy: TokenExchangeStrategy;
|
|
220
|
-
protected profileFetcher?: BaseProfileFetcher;
|
|
221
|
-
constructor(config: OAuth2Config, authUrlStrategy?: AuthorizationUrlStrategy, tokenStrategy?: TokenExchangeStrategy, profileFetcher?: BaseProfileFetcher);
|
|
222
|
-
protected abstract createAuthorizationUrlStrategy(): AuthorizationUrlStrategy;
|
|
223
|
-
protected abstract createTokenExchangeStrategy(): TokenExchangeStrategy;
|
|
224
|
-
fetchProfile(accessToken: string): Promise<UserProfile>;
|
|
225
|
-
getProfileEndpoint(): string;
|
|
226
|
-
setProfileFetcher(profileFetcher: BaseProfileFetcher): void;
|
|
227
|
-
hasProfileFetcher(): boolean;
|
|
228
|
-
generateAuthorizationUrl(state: string, codeChallenge?: string): string;
|
|
229
|
-
exchangeCodeForToken(code: string, codeVerifier?: string): Promise<OAuth2Token>;
|
|
230
|
-
refreshToken(refreshToken: string): Promise<OAuth2Token>;
|
|
231
|
-
}
|
|
232
|
-
|
|
233
|
-
interface OAuth2GranularOperations {
|
|
234
|
-
createUserInSystem(systemId: string, options: UserCreationOptions): Promise<User>;
|
|
235
|
-
getOrCreateUserInSystem(systemId: string, options: UserCreationOptions): Promise<User>;
|
|
236
|
-
getUserById(userId: string): Promise<User | null>;
|
|
237
|
-
findUserByEmailInSystem(systemId: string, email: string): Promise<User | null>;
|
|
238
|
-
findUserByExternalIdInSystem(systemId: string, externalId: string): Promise<User | null>;
|
|
239
|
-
getUsersBySystem(systemId: string): Promise<User[]>;
|
|
240
|
-
saveTokenForUser(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
|
|
241
|
-
getTokensByUser(userId: string): Promise<UserToken[]>;
|
|
242
|
-
getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
|
|
243
|
-
getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
|
|
244
|
-
getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
|
|
245
|
-
getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
246
|
-
getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
|
|
247
|
-
getTokensBySystem(systemId: string): Promise<UserToken[]>;
|
|
248
|
-
findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
|
|
249
|
-
findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
250
|
-
findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
|
|
251
|
-
findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
|
|
252
|
-
getValidTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<OAuth2Token>;
|
|
253
|
-
getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
|
|
254
|
-
withValidTokenByEmail<T>(email: string, systemId: string, scopeId: string, provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
|
|
255
|
-
getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
|
|
256
|
-
provider: string;
|
|
257
|
-
scopeId: string;
|
|
258
|
-
token: OAuth2Token;
|
|
259
|
-
userToken: UserToken;
|
|
260
|
-
}[]>;
|
|
261
|
-
getAllValidTokensForUserScopeProvider(userId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<{
|
|
262
|
-
email: string;
|
|
263
|
-
token: OAuth2Token;
|
|
264
|
-
userToken: UserToken;
|
|
265
|
-
}[]>;
|
|
266
|
-
getAllValidTokensForEmail(email: string, systemId: string, options?: TokenOptions): Promise<{
|
|
267
|
-
provider: string;
|
|
268
|
-
scopeId: string;
|
|
269
|
-
token: OAuth2Token;
|
|
270
|
-
userToken: UserToken;
|
|
271
|
-
}[]>;
|
|
272
|
-
hasTokensForUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<boolean>;
|
|
273
|
-
hasTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<boolean>;
|
|
274
|
-
hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
|
|
275
|
-
replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
|
|
276
|
-
deleteTokensByUser(userId: string): Promise<void>;
|
|
277
|
-
deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
|
|
278
|
-
deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
|
|
279
|
-
deleteTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<void>;
|
|
280
|
-
deleteTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<void>;
|
|
281
|
-
createSystem(name: string, description?: string): Promise<System>;
|
|
282
|
-
getSystem(systemId: string): Promise<System | null>;
|
|
283
|
-
createScopeInSystem(systemId: string, name: string, options?: {
|
|
284
|
-
type?: 'authentication' | 'access' | 'custom';
|
|
285
|
-
permissions?: string[];
|
|
286
|
-
isolated?: boolean;
|
|
287
|
-
}): Promise<Scope>;
|
|
288
|
-
getScope(scopeId: string): Promise<Scope | null>;
|
|
289
|
-
getScopesBySystem(systemId: string): Promise<Scope[]>;
|
|
290
|
-
}
|
|
291
|
-
declare class OAuth2GranularClient implements OAuth2GranularOperations {
|
|
292
|
-
private storage;
|
|
293
|
-
private providers;
|
|
294
|
-
private now;
|
|
295
|
-
constructor(storage: StorageAdapter, providers: Map<string, OAuth2Provider>, now?: () => number);
|
|
296
|
-
createUserInSystem(systemId: string, options?: UserCreationOptions): Promise<User>;
|
|
297
|
-
getOrCreateUserInSystem(systemId: string, options?: UserCreationOptions): Promise<User>;
|
|
298
|
-
getUserById(userId: string): Promise<User | null>;
|
|
299
|
-
findUserByEmailInSystem(systemId: string, email: string): Promise<User | null>;
|
|
300
|
-
findUserByExternalIdInSystem(systemId: string, externalId: string): Promise<User | null>;
|
|
301
|
-
getUsersBySystem(systemId: string): Promise<User[]>;
|
|
302
|
-
saveTokenForUser(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
|
|
303
|
-
getTokensByUser(userId: string): Promise<UserToken[]>;
|
|
304
|
-
getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
|
|
305
|
-
getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
|
|
306
|
-
getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
|
|
307
|
-
getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
308
|
-
getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
|
|
309
|
-
getTokensBySystem(systemId: string): Promise<UserToken[]>;
|
|
310
|
-
findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
|
|
311
|
-
findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
312
|
-
findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
|
|
313
|
-
findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
|
|
314
|
-
getValidTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<OAuth2Token>;
|
|
315
|
-
getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
|
|
316
|
-
getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
|
|
317
|
-
provider: string;
|
|
318
|
-
scopeId: string;
|
|
319
|
-
token: OAuth2Token;
|
|
320
|
-
userToken: UserToken;
|
|
321
|
-
}[]>;
|
|
322
|
-
getAllValidTokensForUserScopeProvider(userId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<{
|
|
323
|
-
email: string;
|
|
324
|
-
token: OAuth2Token;
|
|
325
|
-
userToken: UserToken;
|
|
326
|
-
}[]>;
|
|
327
|
-
getAllValidTokensForEmail(email: string, systemId: string, options?: TokenOptions): Promise<{
|
|
328
|
-
provider: string;
|
|
329
|
-
scopeId: string;
|
|
330
|
-
token: OAuth2Token;
|
|
331
|
-
userToken: UserToken;
|
|
332
|
-
}[]>;
|
|
333
|
-
withValidTokenByEmail<T>(email: string, systemId: string, scopeId: string, provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
|
|
334
|
-
hasTokensForUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<boolean>;
|
|
335
|
-
hasTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<boolean>;
|
|
336
|
-
hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
|
|
337
|
-
replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
|
|
338
|
-
deleteTokensByUser(userId: string): Promise<void>;
|
|
339
|
-
deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
|
|
340
|
-
deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
|
|
341
|
-
deleteTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<void>;
|
|
342
|
-
deleteTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<void>;
|
|
343
|
-
createSystem(name: string, description?: string): Promise<System>;
|
|
344
|
-
getSystem(systemId: string): Promise<System | null>;
|
|
345
|
-
createScopeInSystem(systemId: string, name: string, options?: {
|
|
346
|
-
type?: 'authentication' | 'access' | 'custom';
|
|
347
|
-
permissions?: string[];
|
|
348
|
-
isolated?: boolean;
|
|
349
|
-
}): Promise<Scope>;
|
|
350
|
-
getScope(scopeId: string): Promise<Scope | null>;
|
|
351
|
-
getScopesBySystem(systemId: string): Promise<Scope[]>;
|
|
352
|
-
private isTokenExpired;
|
|
353
|
-
}
|
|
354
|
-
|
|
355
105
|
interface OAuth2Options {
|
|
356
106
|
storage?: StorageAdapter;
|
|
357
|
-
sealKey?: string;
|
|
358
107
|
providers?: Record<string, OAuth2Config>;
|
|
359
108
|
}
|
|
360
109
|
interface AuthorizationOptions {
|
|
361
110
|
provider: string;
|
|
111
|
+
userId: string;
|
|
112
|
+
email: string;
|
|
362
113
|
scopes?: string[];
|
|
363
114
|
metadata?: Record<string, any>;
|
|
364
115
|
usePKCE?: boolean;
|
|
365
|
-
userId?: string;
|
|
366
116
|
}
|
|
367
117
|
interface TokenOptions {
|
|
368
118
|
autoRefresh?: boolean;
|
|
@@ -370,22 +120,8 @@ interface TokenOptions {
|
|
|
370
120
|
expirationBuffer?: number;
|
|
371
121
|
defaultExpiresIn?: number;
|
|
372
122
|
}
|
|
373
|
-
interface UserCreationOptions {
|
|
374
|
-
email?: string;
|
|
375
|
-
externalId?: string;
|
|
376
|
-
metadata?: Record<string, any>;
|
|
377
|
-
}
|
|
378
|
-
interface CallbackOptions {
|
|
379
|
-
userId?: string;
|
|
380
|
-
scopeId?: string;
|
|
381
|
-
profileOptions?: ProfileBasedTokenOptions;
|
|
382
|
-
}
|
|
383
123
|
interface CallbackResult {
|
|
384
|
-
|
|
385
|
-
userId: string;
|
|
386
|
-
systemId: string;
|
|
387
|
-
scopeId: string;
|
|
388
|
-
provider: string;
|
|
124
|
+
token: StoredToken;
|
|
389
125
|
profile?: UserProfile;
|
|
390
126
|
}
|
|
391
127
|
declare class OAuth2Client {
|
|
@@ -394,319 +130,123 @@ declare class OAuth2Client {
|
|
|
394
130
|
private providers;
|
|
395
131
|
private providerConfigs;
|
|
396
132
|
private now;
|
|
397
|
-
private currentSystem?;
|
|
398
|
-
private currentUser?;
|
|
399
|
-
private defaultScope?;
|
|
400
|
-
readonly granular: OAuth2GranularOperations;
|
|
401
133
|
constructor(options?: OAuth2Options);
|
|
402
|
-
/**
|
|
403
|
-
* Quick setup for common use cases
|
|
404
|
-
*/
|
|
405
|
-
static quickSetup(appName: string, providers: Record<string, OAuth2Config>): Promise<OAuth2Client>;
|
|
406
134
|
/**
|
|
407
135
|
* Register a provider configuration
|
|
408
136
|
*/
|
|
409
137
|
registerProvider(name: string, config: OAuth2Config): void;
|
|
410
138
|
/**
|
|
411
|
-
*
|
|
412
|
-
*/
|
|
413
|
-
createSystem(name: string, description?: string): Promise<System>;
|
|
414
|
-
useSystem(systemId: string): Promise<void>;
|
|
415
|
-
/**
|
|
416
|
-
* Create a scope within the current system
|
|
417
|
-
*/
|
|
418
|
-
createScope(name: string, options?: {
|
|
419
|
-
type?: 'authentication' | 'access' | 'custom';
|
|
420
|
-
permissions?: string[];
|
|
421
|
-
isolated?: boolean;
|
|
422
|
-
}): Promise<Scope>;
|
|
423
|
-
setDefaultScope(scopeId: string): void;
|
|
424
|
-
/**
|
|
425
|
-
* Create a user (legacy method - always creates new user)
|
|
426
|
-
* @deprecated Use getOrCreateUser for better user management
|
|
427
|
-
*/
|
|
428
|
-
createUser(metadata?: Record<string, any>): Promise<User>;
|
|
429
|
-
/**
|
|
430
|
-
* Get or create a user (recommended method)
|
|
431
|
-
*/
|
|
432
|
-
getOrCreateUser(options?: UserCreationOptions): Promise<User>;
|
|
433
|
-
/**
|
|
434
|
-
* Get or create a user (stateless version for backend APIs)
|
|
435
|
-
*/
|
|
436
|
-
getOrCreateUserStateless(systemId: string, options?: UserCreationOptions): Promise<User>;
|
|
437
|
-
/**
|
|
438
|
-
* Start authorization flow for a specific user (stateless backend API method)
|
|
439
|
-
*/
|
|
440
|
-
authorizeForUser(userId: string, provider: string, options?: {
|
|
441
|
-
systemId?: string;
|
|
442
|
-
scopeId?: string;
|
|
443
|
-
scopes?: string[];
|
|
444
|
-
metadata?: Record<string, any>;
|
|
445
|
-
usePKCE?: boolean;
|
|
446
|
-
}): Promise<{
|
|
447
|
-
url: string;
|
|
448
|
-
state: string;
|
|
449
|
-
}>;
|
|
450
|
-
/**
|
|
451
|
-
* Complete workflow: get/create user and start authorization (for backend APIs)
|
|
452
|
-
*/
|
|
453
|
-
createUserAndAuthorize(systemId: string, provider: string, userOptions: UserCreationOptions, authOptions?: {
|
|
454
|
-
scopeId?: string;
|
|
455
|
-
scopes?: string[];
|
|
456
|
-
metadata?: Record<string, any>;
|
|
457
|
-
usePKCE?: boolean;
|
|
458
|
-
}): Promise<{
|
|
459
|
-
user: User;
|
|
460
|
-
authUrl: string;
|
|
461
|
-
state: string;
|
|
462
|
-
}>;
|
|
463
|
-
/**
|
|
464
|
-
* Find user by email
|
|
465
|
-
*/
|
|
466
|
-
findUserByEmail(email: string): Promise<User | null>;
|
|
467
|
-
/**
|
|
468
|
-
* Find user by email (stateless version)
|
|
469
|
-
*/
|
|
470
|
-
findUserByEmailStateless(systemId: string, email: string): Promise<User | null>;
|
|
471
|
-
/**
|
|
472
|
-
* Find user by external ID
|
|
473
|
-
*/
|
|
474
|
-
findUserByExternalId(externalId: string): Promise<User | null>;
|
|
475
|
-
/**
|
|
476
|
-
* Find user by external ID (stateless version)
|
|
477
|
-
*/
|
|
478
|
-
findUserByExternalIdStateless(systemId: string, externalId: string): Promise<User | null>;
|
|
479
|
-
useUser(userId: string): Promise<void>;
|
|
480
|
-
/**
|
|
481
|
-
* Start the OAuth authorization flow
|
|
139
|
+
* Start OAuth2 authorization flow
|
|
482
140
|
*/
|
|
483
141
|
authorize(options: AuthorizationOptions): Promise<{
|
|
484
142
|
url: string;
|
|
485
143
|
state: string;
|
|
486
144
|
}>;
|
|
487
145
|
/**
|
|
488
|
-
* Handle
|
|
489
|
-
*/
|
|
490
|
-
handleCallback(code: string, state: string, options?: CallbackOptions): Promise<CallbackResult>;
|
|
491
|
-
/**
|
|
492
|
-
* Merge user data from OAuth profile
|
|
493
|
-
*/
|
|
494
|
-
private mergeUserDataFromProfile;
|
|
495
|
-
/**
|
|
496
|
-
* Fetch user profile for a given provider and user
|
|
497
|
-
* Note: If user has multiple tokens for the provider, this will fail.
|
|
498
|
-
* Use fetchUserProfileByEmail() for unambiguous profile fetching.
|
|
499
|
-
*/
|
|
500
|
-
fetchUserProfile(provider: string, userId?: string): Promise<UserProfile>;
|
|
501
|
-
/**
|
|
502
|
-
* Fetch user profile by email (unambiguous)
|
|
503
|
-
*/
|
|
504
|
-
fetchUserProfileByEmail(provider: string, email: string, systemId?: string, scopeId?: string): Promise<UserProfile>;
|
|
505
|
-
/**
|
|
506
|
-
* Replace tokens for users with conflicting email addresses
|
|
507
|
-
*/
|
|
508
|
-
replaceConflictingTokensByEmail(email: string, provider: string, newUserId: string, newToken: OAuth2Token): Promise<UserToken>;
|
|
509
|
-
/**
|
|
510
|
-
* Check if a token is expired
|
|
146
|
+
* Handle OAuth2 callback
|
|
511
147
|
*/
|
|
512
|
-
|
|
148
|
+
handleCallback(code: string, state: string): Promise<CallbackResult>;
|
|
513
149
|
/**
|
|
514
150
|
* Get a valid access token (auto-refresh if needed)
|
|
515
|
-
* Uses current context (user + default scope)
|
|
516
151
|
*/
|
|
517
|
-
getAccessToken(provider: string, options?: TokenOptions): Promise<string>;
|
|
152
|
+
getAccessToken(provider: string, email: string, options?: TokenOptions): Promise<string>;
|
|
518
153
|
/**
|
|
519
|
-
* Get
|
|
154
|
+
* Get a valid token (auto-refresh if needed)
|
|
520
155
|
*/
|
|
521
|
-
|
|
156
|
+
getValidToken(provider: string, email: string, options?: TokenOptions): Promise<OAuth2Token>;
|
|
522
157
|
/**
|
|
523
|
-
*
|
|
524
|
-
* Uses current context (user + default scope)
|
|
158
|
+
* Get all tokens for a user
|
|
525
159
|
*/
|
|
526
|
-
|
|
160
|
+
getTokensByUserId(userId: string): Promise<StoredToken[]>;
|
|
527
161
|
/**
|
|
528
|
-
*
|
|
529
|
-
* Uses current context (user + default scope)
|
|
162
|
+
* Get all tokens for an email
|
|
530
163
|
*/
|
|
531
|
-
|
|
164
|
+
getTokensByEmail(email: string): Promise<StoredToken[]>;
|
|
532
165
|
/**
|
|
533
|
-
*
|
|
166
|
+
* Delete a token
|
|
534
167
|
*/
|
|
535
|
-
|
|
168
|
+
deleteToken(provider: string, email: string): Promise<boolean>;
|
|
536
169
|
/**
|
|
537
|
-
*
|
|
170
|
+
* Delete all expired tokens
|
|
538
171
|
*/
|
|
539
|
-
|
|
540
|
-
/**
|
|
541
|
-
* Revoke tokens for a specific user and provider (stateless method)
|
|
542
|
-
* This removes ALL tokens for the user/scope/provider combination
|
|
543
|
-
*/
|
|
544
|
-
revokeTokensForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<void>;
|
|
545
|
-
/**
|
|
546
|
-
* Revoke tokens for a provider
|
|
547
|
-
*/
|
|
548
|
-
revokeTokens(provider: string): Promise<void>;
|
|
549
|
-
/**
|
|
550
|
-
* Get all tokens for the current user
|
|
551
|
-
*/
|
|
552
|
-
getUserTokens(): Promise<UserToken[]>;
|
|
553
|
-
/**
|
|
554
|
-
* Get all tokens for a user by ID with validation and auto-refresh
|
|
555
|
-
*/
|
|
556
|
-
getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
|
|
557
|
-
provider: string;
|
|
558
|
-
scopeId: string;
|
|
559
|
-
token: OAuth2Token;
|
|
560
|
-
userToken: UserToken;
|
|
561
|
-
}[]>;
|
|
562
|
-
/**
|
|
563
|
-
* Get all valid tokens for a user by email with validation and auto-refresh
|
|
564
|
-
*/
|
|
565
|
-
getAllValidTokensForEmail(email: string, systemId?: string, options?: TokenOptions): Promise<{
|
|
566
|
-
provider: string;
|
|
567
|
-
scopeId: string;
|
|
568
|
-
token: OAuth2Token;
|
|
569
|
-
userToken: UserToken;
|
|
570
|
-
}[]>;
|
|
571
|
-
/**
|
|
572
|
-
* Get specific token for an email
|
|
573
|
-
*/
|
|
574
|
-
getTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken | null>;
|
|
575
|
-
/**
|
|
576
|
-
* Get valid token for an email (with auto-refresh)
|
|
577
|
-
*/
|
|
578
|
-
getValidTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<OAuth2Token>;
|
|
579
|
-
/**
|
|
580
|
-
* Get valid access token for an email (with auto-refresh)
|
|
581
|
-
*/
|
|
582
|
-
getAccessTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<string>;
|
|
583
|
-
/**
|
|
584
|
-
* Execute a callback with a valid access token for an email
|
|
585
|
-
*/
|
|
586
|
-
withValidTokenForEmail<T>(email: string, provider: string, callback: (accessToken: string) => Promise<T>, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<T>;
|
|
587
|
-
/**
|
|
588
|
-
* Check if token exists for specific email/provider combination
|
|
589
|
-
*/
|
|
590
|
-
hasTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<boolean>;
|
|
591
|
-
/**
|
|
592
|
-
* Revoke tokens for a specific email and provider
|
|
593
|
-
*/
|
|
594
|
-
revokeTokensForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<void>;
|
|
595
|
-
/**
|
|
596
|
-
* Get tokens by scope (stateless method)
|
|
597
|
-
*/
|
|
598
|
-
getTokensByScope(systemId?: string, scopeId?: string): Promise<UserToken[]>;
|
|
599
|
-
/**
|
|
600
|
-
* Find token by email and scope
|
|
601
|
-
*/
|
|
602
|
-
findTokenByEmailAndScope(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken | null>;
|
|
603
|
-
/**
|
|
604
|
-
* Find all tokens by email and scope
|
|
605
|
-
*/
|
|
606
|
-
findAllTokensByEmailAndScope(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken[]>;
|
|
607
|
-
private detectProviderType;
|
|
172
|
+
cleanupExpiredTokens(): Promise<number>;
|
|
608
173
|
/**
|
|
609
174
|
* Clean up expired authorization states
|
|
610
175
|
*/
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
176
|
+
cleanupExpiredStates(): Promise<number>;
|
|
177
|
+
private isTokenExpired;
|
|
178
|
+
private detectProviderType;
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
declare class InMemoryStorageAdapter implements StorageAdapter {
|
|
182
|
+
private tokens;
|
|
183
|
+
private states;
|
|
184
|
+
private generateId;
|
|
185
|
+
saveToken(input: SaveTokenInput): Promise<StoredToken>;
|
|
186
|
+
getToken(provider: string, email: string): Promise<StoredToken | null>;
|
|
187
|
+
getTokenById(id: string): Promise<StoredToken | null>;
|
|
188
|
+
getTokensByUserId(userId: string): Promise<StoredToken[]>;
|
|
189
|
+
getTokensByEmail(email: string): Promise<StoredToken[]>;
|
|
190
|
+
getTokensByProvider(provider: string): Promise<StoredToken[]>;
|
|
191
|
+
updateToken(id: string, update: UpdateTokenInput): Promise<StoredToken | null>;
|
|
192
|
+
deleteToken(id: string): Promise<boolean>;
|
|
193
|
+
deleteTokenByProviderEmail(provider: string, email: string): Promise<boolean>;
|
|
194
|
+
deleteExpiredTokens(): Promise<number>;
|
|
195
|
+
saveAuthorizationState(state: Omit<AuthorizationState, 'createdAt'>): Promise<AuthorizationState>;
|
|
196
|
+
getAuthorizationState(state: string): Promise<AuthorizationState | null>;
|
|
197
|
+
deleteAuthorizationState(state: string): Promise<boolean>;
|
|
198
|
+
cleanupExpiredStates(): Promise<number>;
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
interface AuthorizationUrlStrategy {
|
|
202
|
+
generateAuthorizationUrl(config: OAuth2Config, state: string, codeChallenge?: string): string;
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
interface TokenExchangeStrategy {
|
|
206
|
+
exchangeCodeForToken(code: string, config: OAuth2Config, codeVerifier?: string): Promise<OAuth2Token>;
|
|
207
|
+
refreshToken(refreshToken: string, config: OAuth2Config): Promise<OAuth2Token>;
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
declare abstract class BaseProfileFetcher {
|
|
211
|
+
protected profileEndpoint: string;
|
|
212
|
+
constructor(profileEndpoint: string);
|
|
623
213
|
/**
|
|
624
|
-
*
|
|
214
|
+
* Fetch user profile information from the OAuth provider
|
|
215
|
+
* @param accessToken The OAuth access token
|
|
216
|
+
* @returns Promise resolving to standardized user profile
|
|
625
217
|
*/
|
|
626
|
-
|
|
627
|
-
provider: string;
|
|
628
|
-
token: OAuth2Token;
|
|
629
|
-
userToken: UserToken;
|
|
630
|
-
profile?: UserProfile;
|
|
631
|
-
}[]>;
|
|
218
|
+
fetchUserInfo(accessToken: string): Promise<UserProfile>;
|
|
632
219
|
/**
|
|
633
|
-
*
|
|
220
|
+
* Map the raw API response to our standardized UserProfile structure
|
|
221
|
+
* Override this method to customize mapping for different providers
|
|
634
222
|
*/
|
|
635
|
-
|
|
636
|
-
scopeId: string;
|
|
637
|
-
token: OAuth2Token;
|
|
638
|
-
userToken: UserToken;
|
|
639
|
-
profile?: UserProfile;
|
|
640
|
-
}[]>;
|
|
223
|
+
protected abstract mapToUserProfile(rawData: any): UserProfile;
|
|
641
224
|
/**
|
|
642
|
-
* Get
|
|
643
|
-
*
|
|
225
|
+
* Get additional headers if needed for the profile request
|
|
226
|
+
* Override this method to add provider-specific headers
|
|
644
227
|
*/
|
|
645
|
-
|
|
228
|
+
protected getAdditionalHeaders(): Record<string, string>;
|
|
646
229
|
/**
|
|
647
|
-
* Get
|
|
648
|
-
* This fetches the actual email/profile from the OAuth provider using the access token
|
|
230
|
+
* Get the profile endpoint URL
|
|
649
231
|
*/
|
|
650
|
-
|
|
232
|
+
getEndpoint(): string;
|
|
651
233
|
}
|
|
652
234
|
|
|
653
|
-
declare class
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
updateScope(id: string, updates: Partial<Scope>): Promise<Scope>;
|
|
669
|
-
deleteScope(id: string): Promise<void>;
|
|
670
|
-
createUser(user: Omit<User, 'id' | 'createdAt' | 'updatedAt'>): Promise<User>;
|
|
671
|
-
getOrCreateUser(input: CreateUserInput): Promise<User>;
|
|
672
|
-
findUserByEmail(systemId: string, email: string): Promise<User | null>;
|
|
673
|
-
findUserByExternalId(systemId: string, externalId: string): Promise<User | null>;
|
|
674
|
-
getUser(id: string): Promise<User | null>;
|
|
675
|
-
getUsersBySystem(systemId: string): Promise<User[]>;
|
|
676
|
-
updateUser(id: string, updates: Partial<User>): Promise<User>;
|
|
677
|
-
deleteUser(id: string): Promise<void>;
|
|
678
|
-
saveToken(token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
|
|
679
|
-
saveTokenWithEmailValidation(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
|
|
680
|
-
getTokensByUser(userId: string): Promise<UserToken[]>;
|
|
681
|
-
getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
|
|
682
|
-
getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
|
|
683
|
-
getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
|
|
684
|
-
getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
685
|
-
getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
|
|
686
|
-
getTokensBySystem(systemId: string): Promise<UserToken[]>;
|
|
687
|
-
findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
|
|
688
|
-
findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
|
|
689
|
-
findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
|
|
690
|
-
findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
|
|
691
|
-
findTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<UserToken[]>;
|
|
692
|
-
hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
|
|
693
|
-
replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, newToken: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
|
|
694
|
-
getTokenById(id: string): Promise<UserToken | null>;
|
|
695
|
-
updateToken(id: string, updates: Partial<UserToken>): Promise<UserToken>;
|
|
696
|
-
deleteToken(id: string): Promise<void>;
|
|
697
|
-
deleteTokensByUser(userId: string): Promise<void>;
|
|
698
|
-
deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
|
|
699
|
-
deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
|
|
700
|
-
saveAuthorizationState(state: AuthorizationState): Promise<void>;
|
|
701
|
-
getAuthorizationState(state: string): Promise<AuthorizationState | null>;
|
|
702
|
-
deleteAuthorizationState(state: string): Promise<void>;
|
|
703
|
-
cleanupExpiredStates(expiryMs: number): Promise<void>;
|
|
704
|
-
getTokensByUserWithProfile(userId: string): Promise<UserTokenWithProfile[]>;
|
|
705
|
-
getTokensByUserAndScopeWithProfile(userId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
|
|
706
|
-
getTokensByUserAndProviderWithProfile(userId: string, provider: string): Promise<UserTokenWithProfile[]>;
|
|
707
|
-
getTokensByUserScopeProviderWithProfile(userId: string, scopeId: string, provider: string): Promise<UserTokenWithProfile[]>;
|
|
708
|
-
getTokensByScopeWithProfile(systemId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
|
|
709
|
-
getTokensBySystemWithProfile(systemId: string): Promise<UserTokenWithProfile[]>;
|
|
235
|
+
declare abstract class OAuth2Provider {
|
|
236
|
+
protected config: OAuth2Config;
|
|
237
|
+
protected authUrlStrategy: AuthorizationUrlStrategy;
|
|
238
|
+
protected tokenStrategy: TokenExchangeStrategy;
|
|
239
|
+
protected profileFetcher?: BaseProfileFetcher;
|
|
240
|
+
constructor(config: OAuth2Config, authUrlStrategy?: AuthorizationUrlStrategy, tokenStrategy?: TokenExchangeStrategy, profileFetcher?: BaseProfileFetcher);
|
|
241
|
+
protected abstract createAuthorizationUrlStrategy(): AuthorizationUrlStrategy;
|
|
242
|
+
protected abstract createTokenExchangeStrategy(): TokenExchangeStrategy;
|
|
243
|
+
fetchProfile(accessToken: string): Promise<UserProfile>;
|
|
244
|
+
getProfileEndpoint(): string;
|
|
245
|
+
setProfileFetcher(profileFetcher: BaseProfileFetcher): void;
|
|
246
|
+
hasProfileFetcher(): boolean;
|
|
247
|
+
generateAuthorizationUrl(state: string, codeChallenge?: string): string;
|
|
248
|
+
exchangeCodeForToken(code: string, codeVerifier?: string): Promise<OAuth2Token>;
|
|
249
|
+
refreshToken(refreshToken: string): Promise<OAuth2Token>;
|
|
710
250
|
}
|
|
711
251
|
|
|
712
252
|
type ProviderType = 'google' | 'github' | 'microsoft' | 'outlook' | 'facebook' | 'generic';
|
|
@@ -782,4 +322,4 @@ declare const generateState: () => string;
|
|
|
782
322
|
declare const seal: <T>(d: T, key: string) => Promise<string>;
|
|
783
323
|
declare const unseal: <T>(s: string, key: string) => Promise<T>;
|
|
784
324
|
|
|
785
|
-
export { type AuthorizationState, type AuthorizationUrlStrategy, BaseProfileFetcher, type
|
|
325
|
+
export { type AuthorizationOptions, type AuthorizationState, type AuthorizationUrlStrategy, BaseProfileFetcher, type CallbackResult, GenericOAuth2Provider, GenericProfileFetcher, GitHubProfileFetcher, GoogleProfileFetcher, InMemoryStorageAdapter, MicrosoftProfileFetcher, OAuth2Client, type OAuth2Config, type OAuth2Options, OAuth2Provider, type OAuth2Token, type ProfileBasedTokenOptions, type ProfileFetcher, ProfileFetcherFactory, type ProfileFetcherOptions, type ProfileMapping, type ProviderFactory, type ProviderType, type SaveTokenInput, StandardAuthorizationUrlStrategy, StandardTokenExchangeStrategy, type StorageAdapter, type StoredToken, type TokenExchangeStrategy, type TokenOptions, type UpdateTokenInput, type UserProfile, createCodeChallenge, createCodeVerifier, generateState, seal, unseal };
|