@dainprotocol/oauth2-token-manager 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +224 -694
  2. package/dist/index.cjs +2 -2
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +119 -775
  5. package/dist/index.d.ts +119 -775
  6. package/dist/index.js +2 -2
  7. package/dist/index.js.map +1 -1
  8. package/package.json +1 -1
package/dist/index.d.cts CHANGED
@@ -24,140 +24,61 @@ interface OAuth2Token {
24
24
  createdAt?: number;
25
25
  raw?: Record<string, any>;
26
26
  }
27
- interface User {
28
- id: string;
29
- systemId: string;
30
- metadata?: Record<string, any>;
31
- createdAt: Date;
32
- updatedAt: Date;
33
- }
34
- interface UserToken {
35
- id: string;
36
- userId: string;
37
- systemId: string;
38
- scopeId: string;
39
- provider: string;
40
- email?: string;
41
- token: OAuth2Token;
42
- createdAt: Date;
43
- updatedAt: Date;
44
- }
45
- interface System {
46
- id: string;
47
- name: string;
48
- description?: string;
49
- scopes: Scope[];
50
- metadata?: Record<string, any>;
51
- createdAt: Date;
52
- updatedAt: Date;
53
- }
54
- interface Scope {
55
- id: string;
56
- systemId: string;
57
- name: string;
58
- type: 'authentication' | 'access' | 'custom';
59
- permissions: string[];
60
- isolated: boolean;
61
- metadata?: Record<string, any>;
62
- }
63
27
  interface AuthorizationState {
64
28
  state: string;
65
29
  codeVerifier?: string;
66
30
  config: OAuth2Config;
67
- timestamp: Date;
31
+ createdAt: Date;
68
32
  metadata?: Record<string, any>;
69
33
  }
70
34
 
71
- interface CreateUserInput {
72
- systemId: string;
73
- metadata?: Record<string, any>;
74
- email?: string;
75
- externalId?: string;
35
+ /**
36
+ * Simplified storage adapter interface
37
+ * Only stores tokens with provider, userId, and email as key fields
38
+ * Enforces uniqueness on provider + email combination
39
+ */
40
+ interface StorageAdapter {
41
+ saveToken(input: SaveTokenInput): Promise<StoredToken>;
42
+ getToken(provider: string, email: string): Promise<StoredToken | null>;
43
+ getTokenById(id: string): Promise<StoredToken | null>;
44
+ getTokensByUserId(userId: string): Promise<StoredToken[]>;
45
+ getTokensByEmail(email: string): Promise<StoredToken[]>;
46
+ getTokensByProvider(provider: string): Promise<StoredToken[]>;
47
+ updateToken(id: string, update: UpdateTokenInput): Promise<StoredToken | null>;
48
+ deleteToken(id: string): Promise<boolean>;
49
+ deleteTokenByProviderEmail(provider: string, email: string): Promise<boolean>;
50
+ deleteExpiredTokens(): Promise<number>;
51
+ saveAuthorizationState(state: Omit<AuthorizationState, 'createdAt'>): Promise<AuthorizationState>;
52
+ getAuthorizationState(state: string): Promise<AuthorizationState | null>;
53
+ deleteAuthorizationState(state: string): Promise<boolean>;
54
+ cleanupExpiredStates(): Promise<number>;
76
55
  }
77
- interface UserTokenWithProfile {
56
+ interface StoredToken {
78
57
  id: string;
79
- userId: string;
80
- systemId: string;
81
- scopeId: string;
82
58
  provider: string;
83
- token: {
84
- accessToken: string;
85
- refreshToken?: string;
86
- expiresAt: Date;
87
- expiresIn?: number;
88
- tokenType: string;
89
- scope?: string;
90
- createdAt?: number;
91
- raw?: Record<string, any>;
92
- };
59
+ userId: string;
60
+ email: string;
61
+ token: OAuth2Token;
62
+ metadata?: Record<string, any>;
93
63
  createdAt: Date;
94
64
  updatedAt: Date;
95
- user: {
96
- email?: string;
97
- name?: string;
98
- externalId?: string;
99
- metadata?: Record<string, any>;
100
- };
65
+ }
66
+ interface SaveTokenInput {
67
+ provider: string;
68
+ userId: string;
69
+ email: string;
70
+ token: OAuth2Token;
71
+ metadata?: Record<string, any>;
72
+ }
73
+ interface UpdateTokenInput {
74
+ token?: OAuth2Token;
75
+ metadata?: Record<string, any>;
101
76
  }
102
77
  interface ProfileBasedTokenOptions {
103
78
  checkProfileEmail?: boolean;
104
79
  replaceConflictingTokens?: boolean;
105
80
  mergeUserData?: boolean;
106
81
  }
107
- interface StorageAdapter {
108
- createSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
109
- getOrCreateSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
110
- getSystem(id: string): Promise<System | null>;
111
- updateSystem(id: string, system: Partial<System>): Promise<System>;
112
- deleteSystem(id: string): Promise<void>;
113
- listSystems(): Promise<System[]>;
114
- createScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
115
- getOrCreateScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
116
- getScope(id: string): Promise<Scope | null>;
117
- getScopesBySystem(systemId: string): Promise<Scope[]>;
118
- updateScope(id: string, scope: Partial<Scope>): Promise<Scope>;
119
- deleteScope(id: string): Promise<void>;
120
- createUser(user: Omit<User, 'id' | 'createdAt' | 'updatedAt'>): Promise<User>;
121
- getOrCreateUser(input: CreateUserInput): Promise<User>;
122
- findUserByEmail(systemId: string, email: string): Promise<User | null>;
123
- findUserByExternalId(systemId: string, externalId: string): Promise<User | null>;
124
- getUser(id: string): Promise<User | null>;
125
- getUsersBySystem(systemId: string): Promise<User[]>;
126
- updateUser(id: string, user: Partial<User>): Promise<User>;
127
- deleteUser(id: string): Promise<void>;
128
- saveToken(token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
129
- saveTokenWithEmailValidation(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
130
- getTokensByUser(userId: string): Promise<UserToken[]>;
131
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
132
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
133
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
134
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
135
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
136
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
137
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
138
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
139
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
140
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
141
- getTokensByUserWithProfile(userId: string): Promise<UserTokenWithProfile[]>;
142
- getTokensByUserAndScopeWithProfile(userId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
143
- getTokensByUserAndProviderWithProfile(userId: string, provider: string): Promise<UserTokenWithProfile[]>;
144
- getTokensByUserScopeProviderWithProfile(userId: string, scopeId: string, provider: string): Promise<UserTokenWithProfile[]>;
145
- getTokensByScopeWithProfile(systemId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
146
- getTokensBySystemWithProfile(systemId: string): Promise<UserTokenWithProfile[]>;
147
- findTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<UserToken[]>;
148
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
149
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, newToken: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
150
- getTokenById(id: string): Promise<UserToken | null>;
151
- updateToken(id: string, token: Partial<UserToken>): Promise<UserToken>;
152
- deleteToken(id: string): Promise<void>;
153
- deleteTokensByUser(userId: string): Promise<void>;
154
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
155
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
156
- saveAuthorizationState(state: AuthorizationState): Promise<void>;
157
- getAuthorizationState(state: string): Promise<AuthorizationState | null>;
158
- deleteAuthorizationState(state: string): Promise<void>;
159
- cleanupExpiredStates(expiryMs: number): Promise<void>;
160
- }
161
82
 
162
83
  interface UserProfile {
163
84
  email: string;
@@ -181,339 +102,17 @@ interface ProfileFetcher {
181
102
  getProfileEndpoint(): string;
182
103
  }
183
104
 
184
- interface AuthorizationUrlStrategy {
185
- generateAuthorizationUrl(config: OAuth2Config, state: string, codeChallenge?: string): string;
186
- }
187
-
188
- interface TokenExchangeStrategy {
189
- exchangeCodeForToken(code: string, config: OAuth2Config, codeVerifier?: string): Promise<OAuth2Token>;
190
- refreshToken(refreshToken: string, config: OAuth2Config): Promise<OAuth2Token>;
191
- }
192
-
193
- declare abstract class BaseProfileFetcher {
194
- protected profileEndpoint: string;
195
- constructor(profileEndpoint: string);
196
- /**
197
- * Fetch user profile information from the OAuth provider
198
- * @param accessToken The OAuth access token
199
- * @returns Promise resolving to standardized user profile
200
- */
201
- fetchUserInfo(accessToken: string): Promise<UserProfile>;
202
- /**
203
- * Map the raw API response to our standardized UserProfile structure
204
- * Override this method to customize mapping for different providers
205
- */
206
- protected abstract mapToUserProfile(rawData: any): UserProfile;
207
- /**
208
- * Get additional headers if needed for the profile request
209
- * Override this method to add provider-specific headers
210
- */
211
- protected getAdditionalHeaders(): Record<string, string>;
212
- /**
213
- * Get the profile endpoint URL
214
- */
215
- getEndpoint(): string;
216
- }
217
-
218
- declare abstract class OAuth2Provider {
219
- protected config: OAuth2Config;
220
- protected authUrlStrategy: AuthorizationUrlStrategy;
221
- protected tokenStrategy: TokenExchangeStrategy;
222
- protected profileFetcher?: BaseProfileFetcher;
223
- constructor(config: OAuth2Config, authUrlStrategy?: AuthorizationUrlStrategy, tokenStrategy?: TokenExchangeStrategy, profileFetcher?: BaseProfileFetcher);
224
- protected abstract createAuthorizationUrlStrategy(): AuthorizationUrlStrategy;
225
- protected abstract createTokenExchangeStrategy(): TokenExchangeStrategy;
226
- fetchProfile(accessToken: string): Promise<UserProfile>;
227
- getProfileEndpoint(): string;
228
- setProfileFetcher(profileFetcher: BaseProfileFetcher): void;
229
- hasProfileFetcher(): boolean;
230
- generateAuthorizationUrl(state: string, codeChallenge?: string): string;
231
- exchangeCodeForToken(code: string, codeVerifier?: string): Promise<OAuth2Token>;
232
- refreshToken(refreshToken: string): Promise<OAuth2Token>;
233
- }
234
-
235
- interface OAuth2GranularOperations {
236
- createUserInSystem(systemId: string, options: UserCreationOptions): Promise<User>;
237
- getOrCreateUserInSystem(systemId: string, options: UserCreationOptions): Promise<User>;
238
- getUserById(userId: string): Promise<User | null>;
239
- findUserByEmailInSystem(systemId: string, email: string): Promise<User | null>;
240
- findUserByExternalIdInSystem(systemId: string, externalId: string): Promise<User | null>;
241
- getUsersBySystem(systemId: string): Promise<User[]>;
242
- saveTokenForUser(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
243
- getTokensByUser(userId: string): Promise<UserToken[]>;
244
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
245
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
246
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
247
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
248
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
249
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
250
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
251
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
252
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
253
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
254
- getValidTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<OAuth2Token>;
255
- getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
256
- withValidTokenByEmail<T>(email: string, systemId: string, scopeId: string, provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
257
- getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
258
- provider: string;
259
- scopeId: string;
260
- token: OAuth2Token;
261
- userToken: UserToken;
262
- }[]>;
263
- getAllValidTokensForUserScopeProvider(userId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<{
264
- email: string;
265
- token: OAuth2Token;
266
- userToken: UserToken;
267
- }[]>;
268
- getAllValidTokensForEmail(email: string, systemId: string, options?: TokenOptions): Promise<{
269
- provider: string;
270
- scopeId: string;
271
- token: OAuth2Token;
272
- userToken: UserToken;
273
- }[]>;
274
- hasTokensForUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<boolean>;
275
- hasTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<boolean>;
276
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
277
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
278
- deleteTokensByUser(userId: string): Promise<void>;
279
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
280
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
281
- deleteTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<void>;
282
- deleteTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<void>;
283
- createSystem(name: string, description?: string): Promise<System>;
284
- getSystem(systemId: string): Promise<System | null>;
285
- createScopeInSystem(systemId: string, name: string, options?: {
286
- type?: 'authentication' | 'access' | 'custom';
287
- permissions?: string[];
288
- isolated?: boolean;
289
- }): Promise<Scope>;
290
- getScope(scopeId: string): Promise<Scope | null>;
291
- getScopesBySystem(systemId: string): Promise<Scope[]>;
292
- }
293
- declare class OAuth2GranularClient implements OAuth2GranularOperations {
294
- private storage;
295
- private providers;
296
- private now;
297
- constructor(storage: StorageAdapter, providers: Map<string, OAuth2Provider>, now?: () => number);
298
- createUserInSystem(systemId: string, options?: UserCreationOptions): Promise<User>;
299
- getOrCreateUserInSystem(systemId: string, options?: UserCreationOptions): Promise<User>;
300
- getUserById(userId: string): Promise<User | null>;
301
- findUserByEmailInSystem(systemId: string, email: string): Promise<User | null>;
302
- findUserByExternalIdInSystem(systemId: string, externalId: string): Promise<User | null>;
303
- getUsersBySystem(systemId: string): Promise<User[]>;
304
- saveTokenForUser(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
305
- getTokensByUser(userId: string): Promise<UserToken[]>;
306
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
307
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
308
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
309
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
310
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
311
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
312
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
313
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
314
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
315
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
316
- getValidTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<OAuth2Token>;
317
- getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
318
- getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
319
- provider: string;
320
- scopeId: string;
321
- token: OAuth2Token;
322
- userToken: UserToken;
323
- }[]>;
324
- getAllValidTokensForUserScopeProvider(userId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<{
325
- email: string;
326
- token: OAuth2Token;
327
- userToken: UserToken;
328
- }[]>;
329
- getAllValidTokensForEmail(email: string, systemId: string, options?: TokenOptions): Promise<{
330
- provider: string;
331
- scopeId: string;
332
- token: OAuth2Token;
333
- userToken: UserToken;
334
- }[]>;
335
- withValidTokenByEmail<T>(email: string, systemId: string, scopeId: string, provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
336
- hasTokensForUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<boolean>;
337
- hasTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<boolean>;
338
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
339
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
340
- deleteTokensByUser(userId: string): Promise<void>;
341
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
342
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
343
- deleteTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<void>;
344
- deleteTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<void>;
345
- createSystem(name: string, description?: string): Promise<System>;
346
- getSystem(systemId: string): Promise<System | null>;
347
- createScopeInSystem(systemId: string, name: string, options?: {
348
- type?: 'authentication' | 'access' | 'custom';
349
- permissions?: string[];
350
- isolated?: boolean;
351
- }): Promise<Scope>;
352
- getScope(scopeId: string): Promise<Scope | null>;
353
- getScopesBySystem(systemId: string): Promise<Scope[]>;
354
- private isTokenExpired;
355
- }
356
-
357
- interface UserOperationParams {
358
- systemId?: string;
359
- email?: string;
360
- externalId?: string;
361
- options?: UserCreationOptions;
362
- }
363
- interface TokenQueryParams {
364
- userId?: string;
365
- systemId?: string;
366
- scopeId?: string;
367
- provider?: string;
368
- email?: string;
369
- }
370
- interface TokenSaveParams {
371
- userId: string;
372
- systemId?: string;
373
- scopeId?: string;
374
- provider: string;
375
- email: string;
376
- token: OAuth2Token;
377
- }
378
- interface EmailTokenParams {
379
- email: string;
380
- systemId?: string;
381
- scopeId?: string;
382
- provider: string;
383
- options?: TokenOptions;
384
- }
385
- interface UserTokenParams {
386
- userId: string;
387
- systemId?: string;
388
- scopeId?: string;
389
- provider: string;
390
- options?: TokenOptions;
391
- }
392
- interface TokenExistenceParams {
393
- userId?: string;
394
- systemId?: string;
395
- scopeId?: string;
396
- provider: string;
397
- email?: string;
398
- }
399
- interface TokenDeletionParams {
400
- userId?: string;
401
- systemId?: string;
402
- scopeId?: string;
403
- provider?: string;
404
- email?: string;
405
- }
406
- interface ScopeCreationParams {
407
- systemId?: string;
408
- name: string;
409
- type?: 'authentication' | 'access' | 'custom';
410
- permissions?: string[];
411
- isolated?: boolean;
412
- }
413
- interface ValidTokenResult {
414
- provider: string;
415
- scopeId: string;
416
- token: OAuth2Token;
417
- userToken: UserToken;
418
- }
419
- interface BulkTokenQueryParams {
420
- userId?: string;
421
- email?: string;
422
- systemId?: string;
423
- scopeId?: string;
424
- provider?: string;
425
- options?: TokenOptions;
426
- }
427
- interface OAuth2GranularOperationsV2 {
428
- ensureDefaults(): Promise<{
429
- system: System;
430
- scope: Scope;
431
- }>;
432
- createUser(params: UserOperationParams): Promise<User>;
433
- getOrCreateUser(params: UserOperationParams): Promise<User>;
434
- getUserById(userId: string): Promise<User | null>;
435
- findUserByEmail(params: {
436
- systemId?: string;
437
- email: string;
438
- }): Promise<User | null>;
439
- findUserByExternalId(params: {
440
- systemId?: string;
441
- externalId: string;
442
- }): Promise<User | null>;
443
- getUsersBySystem(systemId?: string): Promise<User[]>;
444
- saveToken(params: TokenSaveParams): Promise<UserToken>;
445
- getTokens(params: TokenQueryParams): Promise<UserToken[]>;
446
- getValidToken(params: EmailTokenParams | UserTokenParams): Promise<OAuth2Token>;
447
- getAccessToken(params: EmailTokenParams | UserTokenParams): Promise<string>;
448
- withValidToken<T>(params: EmailTokenParams | UserTokenParams, callback: (accessToken: string) => Promise<T>): Promise<T>;
449
- getAllValidTokens(params: BulkTokenQueryParams): Promise<ValidTokenResult[]>;
450
- hasToken(params: TokenExistenceParams): Promise<boolean>;
451
- deleteTokens(params: TokenDeletionParams): Promise<void>;
452
- createSystem(name: string, description?: string): Promise<System>;
453
- getSystem(systemId?: string): Promise<System | null>;
454
- createScope(params: ScopeCreationParams): Promise<Scope>;
455
- getScope(scopeId?: string): Promise<Scope | null>;
456
- getScopesBySystem(systemId?: string): Promise<Scope[]>;
457
- }
458
-
459
- declare class OAuth2GranularClientV2 implements OAuth2GranularOperationsV2 {
460
- private storage;
461
- private providers;
462
- private getContext;
463
- private now;
464
- private defaultSystem;
465
- private defaultScope;
466
- private defaultsInitialized;
467
- constructor(storage: StorageAdapter, providers: Map<string, OAuth2Provider>, getContext: () => {
468
- currentSystem?: System;
469
- currentUser?: User;
470
- defaultScope?: Scope;
471
- }, now?: () => number);
472
- ensureDefaults(): Promise<{
473
- system: System;
474
- scope: Scope;
475
- }>;
476
- private resolveSystemId;
477
- private resolveScopeId;
478
- createUser(params: UserOperationParams): Promise<User>;
479
- getOrCreateUser(params: UserOperationParams): Promise<User>;
480
- getUserById(userId: string): Promise<User | null>;
481
- findUserByEmail(params: {
482
- systemId?: string;
483
- email: string;
484
- }): Promise<User | null>;
485
- findUserByExternalId(params: {
486
- systemId?: string;
487
- externalId: string;
488
- }): Promise<User | null>;
489
- getUsersBySystem(systemId?: string): Promise<User[]>;
490
- saveToken(params: TokenSaveParams): Promise<UserToken>;
491
- getTokens(params: TokenQueryParams): Promise<UserToken[]>;
492
- getValidToken(params: EmailTokenParams | UserTokenParams): Promise<OAuth2Token>;
493
- getAccessToken(params: EmailTokenParams | UserTokenParams): Promise<string>;
494
- withValidToken<T>(params: EmailTokenParams | UserTokenParams, callback: (accessToken: string) => Promise<T>): Promise<T>;
495
- getAllValidTokens(params: BulkTokenQueryParams): Promise<ValidTokenResult[]>;
496
- hasToken(params: TokenExistenceParams): Promise<boolean>;
497
- deleteTokens(params: TokenDeletionParams): Promise<void>;
498
- createSystem(name: string, description?: string): Promise<System>;
499
- getSystem(systemId?: string): Promise<System | null>;
500
- createScope(params: ScopeCreationParams): Promise<Scope>;
501
- getScope(scopeId?: string): Promise<Scope | null>;
502
- getScopesBySystem(systemId?: string): Promise<Scope[]>;
503
- private isTokenExpired;
504
- }
505
-
506
105
  interface OAuth2Options {
507
106
  storage?: StorageAdapter;
508
- sealKey?: string;
509
107
  providers?: Record<string, OAuth2Config>;
510
108
  }
511
109
  interface AuthorizationOptions {
512
110
  provider: string;
111
+ userId: string;
112
+ email: string;
513
113
  scopes?: string[];
514
114
  metadata?: Record<string, any>;
515
115
  usePKCE?: boolean;
516
- userId?: string;
517
116
  }
518
117
  interface TokenOptions {
519
118
  autoRefresh?: boolean;
@@ -521,22 +120,8 @@ interface TokenOptions {
521
120
  expirationBuffer?: number;
522
121
  defaultExpiresIn?: number;
523
122
  }
524
- interface UserCreationOptions {
525
- email?: string;
526
- externalId?: string;
527
- metadata?: Record<string, any>;
528
- }
529
- interface CallbackOptions {
530
- userId?: string;
531
- scopeId?: string;
532
- profileOptions?: ProfileBasedTokenOptions;
533
- }
534
123
  interface CallbackResult {
535
- userToken: UserToken;
536
- userId: string;
537
- systemId: string;
538
- scopeId: string;
539
- provider: string;
124
+ token: StoredToken;
540
125
  profile?: UserProfile;
541
126
  }
542
127
  declare class OAuth2Client {
@@ -545,347 +130,125 @@ declare class OAuth2Client {
545
130
  private providers;
546
131
  private providerConfigs;
547
132
  private now;
548
- private currentSystem?;
549
- private currentUser?;
550
- private defaultScope?;
551
- /**
552
- * @deprecated Use granularV2 instead for better developer experience with optional system/scope
553
- */
554
- readonly granular: OAuth2GranularOperations;
555
- readonly granularV2: OAuth2GranularClientV2;
556
133
  constructor(options?: OAuth2Options);
557
- /**
558
- * Quick setup for common use cases
559
- */
560
- static quickSetup(appName: string, providers: Record<string, OAuth2Config>): Promise<OAuth2Client>;
561
134
  /**
562
135
  * Register a provider configuration
563
136
  */
564
137
  registerProvider(name: string, config: OAuth2Config): void;
565
138
  /**
566
- * Initialize default system and scope if they don't exist
567
- */
568
- initializeDefaults(): Promise<{
569
- system: System;
570
- scope: Scope;
571
- }>;
572
- /**
573
- * Get the default system if it exists
574
- */
575
- getDefaultSystem(): Promise<System | null>;
576
- /**
577
- * Get the default scope if it exists
578
- */
579
- getDefaultScope(): Promise<Scope | null>;
580
- /**
581
- * Create or select a system to work with
582
- */
583
- createSystem(name: string, description?: string): Promise<System>;
584
- useSystem(systemId: string): Promise<void>;
585
- /**
586
- * Create a scope within the current system
587
- */
588
- createScope(name: string, options?: {
589
- type?: 'authentication' | 'access' | 'custom';
590
- permissions?: string[];
591
- isolated?: boolean;
592
- }): Promise<Scope>;
593
- setDefaultScope(scopeId: string): void;
594
- /**
595
- * Create a user (legacy method - always creates new user)
596
- * @deprecated Use getOrCreateUser for better user management
597
- */
598
- createUser(metadata?: Record<string, any>): Promise<User>;
599
- /**
600
- * Get or create a user (recommended method)
601
- */
602
- getOrCreateUser(options?: UserCreationOptions): Promise<User>;
603
- /**
604
- * Get or create a user (stateless version for backend APIs)
605
- */
606
- getOrCreateUserStateless(systemId: string, options?: UserCreationOptions): Promise<User>;
607
- /**
608
- * Start authorization flow for a specific user (stateless backend API method)
609
- */
610
- authorizeForUser(userId: string, provider: string, options?: {
611
- systemId?: string;
612
- scopeId?: string;
613
- scopes?: string[];
614
- metadata?: Record<string, any>;
615
- usePKCE?: boolean;
616
- }): Promise<{
617
- url: string;
618
- state: string;
619
- }>;
620
- /**
621
- * Complete workflow: get/create user and start authorization (for backend APIs)
622
- */
623
- createUserAndAuthorize(systemId: string, provider: string, userOptions: UserCreationOptions, authOptions?: {
624
- scopeId?: string;
625
- scopes?: string[];
626
- metadata?: Record<string, any>;
627
- usePKCE?: boolean;
628
- }): Promise<{
629
- user: User;
630
- authUrl: string;
631
- state: string;
632
- }>;
633
- /**
634
- * Find user by email
635
- */
636
- findUserByEmail(email: string): Promise<User | null>;
637
- /**
638
- * Find user by email (stateless version)
639
- */
640
- findUserByEmailStateless(systemId: string, email: string): Promise<User | null>;
641
- /**
642
- * Find user by external ID
643
- */
644
- findUserByExternalId(externalId: string): Promise<User | null>;
645
- /**
646
- * Find user by external ID (stateless version)
647
- */
648
- findUserByExternalIdStateless(systemId: string, externalId: string): Promise<User | null>;
649
- useUser(userId: string): Promise<void>;
650
- /**
651
- * Start the OAuth authorization flow
139
+ * Start OAuth2 authorization flow
652
140
  */
653
141
  authorize(options: AuthorizationOptions): Promise<{
654
142
  url: string;
655
143
  state: string;
656
144
  }>;
657
145
  /**
658
- * Handle the OAuth callback
659
- */
660
- handleCallback(code: string, state: string, options?: CallbackOptions): Promise<CallbackResult>;
661
- /**
662
- * Merge user data from OAuth profile
663
- */
664
- private mergeUserDataFromProfile;
665
- /**
666
- * Fetch user profile for a given provider and user
667
- * Note: If user has multiple tokens for the provider, this will fail.
668
- * Use fetchUserProfileByEmail() for unambiguous profile fetching.
669
- */
670
- fetchUserProfile(provider: string, userId?: string): Promise<UserProfile>;
671
- /**
672
- * Fetch user profile by email (unambiguous)
673
- */
674
- fetchUserProfileByEmail(provider: string, email: string, systemId?: string, scopeId?: string): Promise<UserProfile>;
675
- /**
676
- * Replace tokens for users with conflicting email addresses
146
+ * Handle OAuth2 callback
677
147
  */
678
- replaceConflictingTokensByEmail(email: string, provider: string, newUserId: string, newToken: OAuth2Token): Promise<UserToken>;
679
- /**
680
- * Check if a token is expired
681
- */
682
- isTokenExpired(token: OAuth2Token, options?: TokenOptions): boolean;
148
+ handleCallback(code: string, state: string): Promise<CallbackResult>;
683
149
  /**
684
150
  * Get a valid access token (auto-refresh if needed)
685
- * Uses current context (user + default scope)
686
- */
687
- getAccessToken(provider: string, options?: TokenOptions): Promise<string>;
688
- /**
689
- * Get access token by email (unambiguous)
690
- */
691
- getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
692
- /**
693
- * Ensure we have a valid token, refreshing if needed
694
- * Uses current context (user + default scope)
695
- */
696
- ensureValidToken(provider: string, options?: TokenOptions): Promise<OAuth2Token>;
697
- /**
698
- * Execute a callback with a valid access token
699
- * Uses current context (user + default scope)
700
- */
701
- withValidToken<T>(provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
702
- /**
703
- * Get user token entity (includes all metadata) for specific user
704
- */
705
- getUserTokenForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
706
- /**
707
- * Check if token exists for specific user/provider combination
708
- */
709
- hasTokenForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<boolean>;
710
- /**
711
- * Revoke tokens for a specific user and provider (stateless method)
712
- * This removes ALL tokens for the user/scope/provider combination
713
- */
714
- revokeTokensForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<void>;
715
- /**
716
- * Revoke tokens for a provider
717
- */
718
- revokeTokens(provider: string): Promise<void>;
719
- /**
720
- * Get all tokens for the current user
721
- */
722
- getUserTokens(): Promise<UserToken[]>;
723
- /**
724
- * Get all tokens for a user by ID with validation and auto-refresh
725
- */
726
- getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
727
- provider: string;
728
- scopeId: string;
729
- token: OAuth2Token;
730
- userToken: UserToken;
731
- }[]>;
732
- /**
733
- * Get all valid tokens for a user by email with validation and auto-refresh
734
- */
735
- getAllValidTokensForEmail(email: string, systemId?: string, options?: TokenOptions): Promise<{
736
- provider: string;
737
- scopeId: string;
738
- token: OAuth2Token;
739
- userToken: UserToken;
740
- }[]>;
741
- /**
742
- * Get specific token for an email
743
- */
744
- getTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken | null>;
745
- /**
746
- * Get valid token for an email (with auto-refresh)
747
151
  */
748
- getValidTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<OAuth2Token>;
152
+ getAccessToken(provider: string, email: string, options?: TokenOptions): Promise<string>;
749
153
  /**
750
- * Get valid access token for an email (with auto-refresh)
154
+ * Get a valid token (auto-refresh if needed)
751
155
  */
752
- getAccessTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<string>;
156
+ getValidToken(provider: string, email: string, options?: TokenOptions): Promise<OAuth2Token>;
753
157
  /**
754
- * Execute a callback with a valid access token for an email
158
+ * Get all tokens for a user
755
159
  */
756
- withValidTokenForEmail<T>(email: string, provider: string, callback: (accessToken: string) => Promise<T>, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<T>;
160
+ getTokensByUserId(userId: string): Promise<StoredToken[]>;
757
161
  /**
758
- * Check if token exists for specific email/provider combination
162
+ * Get all tokens for an email
759
163
  */
760
- hasTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<boolean>;
164
+ getTokensByEmail(email: string): Promise<StoredToken[]>;
761
165
  /**
762
- * Revoke tokens for a specific email and provider
166
+ * Delete a token
763
167
  */
764
- revokeTokensForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<void>;
168
+ deleteToken(provider: string, email: string): Promise<boolean>;
765
169
  /**
766
- * Get tokens by scope (stateless method)
170
+ * Delete all expired tokens
767
171
  */
768
- getTokensByScope(systemId?: string, scopeId?: string): Promise<UserToken[]>;
769
- /**
770
- * Find token by email and scope
771
- */
772
- findTokenByEmailAndScope(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken | null>;
773
- /**
774
- * Find all tokens by email and scope
775
- */
776
- findAllTokensByEmailAndScope(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken[]>;
777
- private detectProviderType;
172
+ cleanupExpiredTokens(): Promise<number>;
778
173
  /**
779
174
  * Clean up expired authorization states
780
175
  */
781
- cleanup(expiryMs?: number): Promise<void>;
782
- /**
783
- * Get all valid tokens for a user with OAuth provider profile information (RECOMMENDED FOR UI)
784
- * This fetches the actual email/profile from each OAuth provider using the access token
785
- */
786
- getAllValidTokensWithProviderProfiles(userId: string, options?: TokenOptions): Promise<{
787
- provider: string;
788
- scopeId: string;
789
- token: OAuth2Token;
790
- userToken: UserToken;
791
- profile?: UserProfile;
792
- }[]>;
176
+ cleanupExpiredStates(): Promise<number>;
177
+ private isTokenExpired;
178
+ private detectProviderType;
179
+ }
180
+
181
+ declare class InMemoryStorageAdapter implements StorageAdapter {
182
+ private tokens;
183
+ private states;
184
+ private generateId;
185
+ saveToken(input: SaveTokenInput): Promise<StoredToken>;
186
+ getToken(provider: string, email: string): Promise<StoredToken | null>;
187
+ getTokenById(id: string): Promise<StoredToken | null>;
188
+ getTokensByUserId(userId: string): Promise<StoredToken[]>;
189
+ getTokensByEmail(email: string): Promise<StoredToken[]>;
190
+ getTokensByProvider(provider: string): Promise<StoredToken[]>;
191
+ updateToken(id: string, update: UpdateTokenInput): Promise<StoredToken | null>;
192
+ deleteToken(id: string): Promise<boolean>;
193
+ deleteTokenByProviderEmail(provider: string, email: string): Promise<boolean>;
194
+ deleteExpiredTokens(): Promise<number>;
195
+ saveAuthorizationState(state: Omit<AuthorizationState, 'createdAt'>): Promise<AuthorizationState>;
196
+ getAuthorizationState(state: string): Promise<AuthorizationState | null>;
197
+ deleteAuthorizationState(state: string): Promise<boolean>;
198
+ cleanupExpiredStates(): Promise<number>;
199
+ }
200
+
201
+ interface AuthorizationUrlStrategy {
202
+ generateAuthorizationUrl(config: OAuth2Config, state: string, codeChallenge?: string): string;
203
+ }
204
+
205
+ interface TokenExchangeStrategy {
206
+ exchangeCodeForToken(code: string, config: OAuth2Config, codeVerifier?: string): Promise<OAuth2Token>;
207
+ refreshToken(refreshToken: string, config: OAuth2Config): Promise<OAuth2Token>;
208
+ }
209
+
210
+ declare abstract class BaseProfileFetcher {
211
+ protected profileEndpoint: string;
212
+ constructor(profileEndpoint: string);
793
213
  /**
794
- * Get all valid tokens for a user and scope with OAuth provider profile information
214
+ * Fetch user profile information from the OAuth provider
215
+ * @param accessToken The OAuth access token
216
+ * @returns Promise resolving to standardized user profile
795
217
  */
796
- getAllValidTokensForUserAndScopeWithProviderProfiles(userId: string, scopeId: string, options?: TokenOptions): Promise<{
797
- provider: string;
798
- token: OAuth2Token;
799
- userToken: UserToken;
800
- profile?: UserProfile;
801
- }[]>;
218
+ fetchUserInfo(accessToken: string): Promise<UserProfile>;
802
219
  /**
803
- * Get all valid tokens for a user and provider with OAuth provider profile information
220
+ * Map the raw API response to our standardized UserProfile structure
221
+ * Override this method to customize mapping for different providers
804
222
  */
805
- getAllValidTokensForUserAndProviderWithProviderProfiles(userId: string, provider: string, options?: TokenOptions): Promise<{
806
- scopeId: string;
807
- token: OAuth2Token;
808
- userToken: UserToken;
809
- profile?: UserProfile;
810
- }[]>;
223
+ protected abstract mapToUserProfile(rawData: any): UserProfile;
811
224
  /**
812
- * Get OAuth provider profile for a specific token
813
- * This fetches the actual email/profile from the OAuth provider using the access token
225
+ * Get additional headers if needed for the profile request
226
+ * Override this method to add provider-specific headers
814
227
  */
815
- getTokenProfile(token: OAuth2Token, provider: string): Promise<UserProfile | null>;
228
+ protected getAdditionalHeaders(): Record<string, string>;
816
229
  /**
817
- * Get OAuth provider profile for a specific user token
818
- * This fetches the actual email/profile from the OAuth provider using the access token
230
+ * Get the profile endpoint URL
819
231
  */
820
- getUserTokenProfile(userToken: UserToken): Promise<UserProfile | null>;
232
+ getEndpoint(): string;
821
233
  }
822
234
 
823
- declare class InMemoryStorageAdapter implements StorageAdapter {
824
- private systems;
825
- private scopes;
826
- private users;
827
- private tokens;
828
- private states;
829
- private generateId;
830
- createSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
831
- getOrCreateSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
832
- getSystem(id: string): Promise<System | null>;
833
- updateSystem(id: string, updates: Partial<System>): Promise<System>;
834
- deleteSystem(id: string): Promise<void>;
835
- listSystems(): Promise<System[]>;
836
- createScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
837
- getOrCreateScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
838
- getScope(id: string): Promise<Scope | null>;
839
- getScopesBySystem(systemId: string): Promise<Scope[]>;
840
- updateScope(id: string, updates: Partial<Scope>): Promise<Scope>;
841
- deleteScope(id: string): Promise<void>;
842
- createUser(user: Omit<User, 'id' | 'createdAt' | 'updatedAt'>): Promise<User>;
843
- getOrCreateUser(input: CreateUserInput): Promise<User>;
844
- findUserByEmail(systemId: string, email: string): Promise<User | null>;
845
- findUserByExternalId(systemId: string, externalId: string): Promise<User | null>;
846
- getUser(id: string): Promise<User | null>;
847
- getUsersBySystem(systemId: string): Promise<User[]>;
848
- updateUser(id: string, updates: Partial<User>): Promise<User>;
849
- deleteUser(id: string): Promise<void>;
850
- saveToken(token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
851
- saveTokenWithEmailValidation(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
852
- getTokensByUser(userId: string): Promise<UserToken[]>;
853
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
854
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
855
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
856
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
857
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
858
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
859
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
860
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
861
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
862
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
863
- findTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<UserToken[]>;
864
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
865
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, newToken: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
866
- getTokenById(id: string): Promise<UserToken | null>;
867
- updateToken(id: string, updates: Partial<UserToken>): Promise<UserToken>;
868
- deleteToken(id: string): Promise<void>;
869
- deleteTokensByUser(userId: string): Promise<void>;
870
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
871
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
872
- saveAuthorizationState(state: AuthorizationState): Promise<void>;
873
- getAuthorizationState(state: string): Promise<AuthorizationState | null>;
874
- deleteAuthorizationState(state: string): Promise<void>;
875
- cleanupExpiredStates(expiryMs: number): Promise<void>;
876
- getTokensByUserWithProfile(userId: string): Promise<UserTokenWithProfile[]>;
877
- getTokensByUserAndScopeWithProfile(userId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
878
- getTokensByUserAndProviderWithProfile(userId: string, provider: string): Promise<UserTokenWithProfile[]>;
879
- getTokensByUserScopeProviderWithProfile(userId: string, scopeId: string, provider: string): Promise<UserTokenWithProfile[]>;
880
- getTokensByScopeWithProfile(systemId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
881
- getTokensBySystemWithProfile(systemId: string): Promise<UserTokenWithProfile[]>;
235
+ declare abstract class OAuth2Provider {
236
+ protected config: OAuth2Config;
237
+ protected authUrlStrategy: AuthorizationUrlStrategy;
238
+ protected tokenStrategy: TokenExchangeStrategy;
239
+ protected profileFetcher?: BaseProfileFetcher;
240
+ constructor(config: OAuth2Config, authUrlStrategy?: AuthorizationUrlStrategy, tokenStrategy?: TokenExchangeStrategy, profileFetcher?: BaseProfileFetcher);
241
+ protected abstract createAuthorizationUrlStrategy(): AuthorizationUrlStrategy;
242
+ protected abstract createTokenExchangeStrategy(): TokenExchangeStrategy;
243
+ fetchProfile(accessToken: string): Promise<UserProfile>;
244
+ getProfileEndpoint(): string;
245
+ setProfileFetcher(profileFetcher: BaseProfileFetcher): void;
246
+ hasProfileFetcher(): boolean;
247
+ generateAuthorizationUrl(state: string, codeChallenge?: string): string;
248
+ exchangeCodeForToken(code: string, codeVerifier?: string): Promise<OAuth2Token>;
249
+ refreshToken(refreshToken: string): Promise<OAuth2Token>;
882
250
  }
883
251
 
884
- declare const DEFAULT_SYSTEM_NAME = "oauth2-token-manager-default-system";
885
- declare const DEFAULT_SCOPE_NAME = "oauth2-token-manager-default-scope";
886
- declare const DEFAULT_SYSTEM_CONFIG: Omit<System, 'id' | 'createdAt' | 'updatedAt'>;
887
- declare const DEFAULT_SCOPE_CONFIG: Omit<Scope, 'id' | 'systemId'>;
888
-
889
252
  type ProviderType = 'google' | 'github' | 'microsoft' | 'outlook' | 'facebook' | 'generic';
890
253
  interface ProviderFactory {
891
254
  createProvider(type: ProviderType, config: OAuth2Config): OAuth2Provider;
@@ -959,23 +322,4 @@ declare const generateState: () => string;
959
322
  declare const seal: <T>(d: T, key: string) => Promise<string>;
960
323
  declare const unseal: <T>(s: string, key: string) => Promise<T>;
961
324
 
962
- /**
963
- * Initializes the default system and scope if they don't exist.
964
- * Uses getOrCreateSystem and getOrCreateScope to ensure unique names.
965
- */
966
- declare function initializeDefaults(storage: StorageAdapter): Promise<{
967
- system: System;
968
- scope: Scope;
969
- }>;
970
- /**
971
- * Gets the default system if it exists.
972
- * Returns null if the default system hasn't been initialized.
973
- */
974
- declare function getDefaultSystem(storage: StorageAdapter): Promise<System | null>;
975
- /**
976
- * Gets the default scope if it exists.
977
- * Returns null if the default scope hasn't been initialized.
978
- */
979
- declare function getDefaultScope(storage: StorageAdapter): Promise<Scope | null>;
980
-
981
- export { type AuthorizationState, type AuthorizationUrlStrategy, BaseProfileFetcher, type BulkTokenQueryParams, type CreateUserInput, DEFAULT_SCOPE_CONFIG, DEFAULT_SCOPE_NAME, DEFAULT_SYSTEM_CONFIG, DEFAULT_SYSTEM_NAME, type EmailTokenParams, GenericOAuth2Provider, GenericProfileFetcher, GitHubProfileFetcher, GoogleProfileFetcher, InMemoryStorageAdapter, MicrosoftProfileFetcher, OAuth2Client, type OAuth2Config, OAuth2GranularClient, OAuth2GranularClientV2, type OAuth2GranularOperationsV2, OAuth2Provider, type OAuth2Token, type ProfileFetcher, ProfileFetcherFactory, type ProfileFetcherOptions, type ProfileMapping, type ProviderFactory, type ProviderType, type Scope, type ScopeCreationParams, StandardAuthorizationUrlStrategy, StandardTokenExchangeStrategy, type StorageAdapter, type System, type TokenDeletionParams, type TokenExchangeStrategy, type TokenExistenceParams, type TokenQueryParams, type TokenSaveParams, type User, type UserOperationParams, type UserProfile, type UserToken, type UserTokenParams, type UserTokenWithProfile, type ValidTokenResult, createCodeChallenge, createCodeVerifier, generateState, getDefaultScope, getDefaultSystem, initializeDefaults, seal, unseal };
325
+ export { type AuthorizationOptions, type AuthorizationState, type AuthorizationUrlStrategy, BaseProfileFetcher, type CallbackResult, GenericOAuth2Provider, GenericProfileFetcher, GitHubProfileFetcher, GoogleProfileFetcher, InMemoryStorageAdapter, MicrosoftProfileFetcher, OAuth2Client, type OAuth2Config, type OAuth2Options, OAuth2Provider, type OAuth2Token, type ProfileBasedTokenOptions, type ProfileFetcher, ProfileFetcherFactory, type ProfileFetcherOptions, type ProfileMapping, type ProviderFactory, type ProviderType, type SaveTokenInput, StandardAuthorizationUrlStrategy, StandardTokenExchangeStrategy, type StorageAdapter, type StoredToken, type TokenExchangeStrategy, type TokenOptions, type UpdateTokenInput, type UserProfile, createCodeChallenge, createCodeVerifier, generateState, seal, unseal };