@dainprotocol/oauth2-token-manager 0.1.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +224 -694
  2. package/dist/index.cjs +2 -2
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +121 -775
  5. package/dist/index.d.ts +121 -775
  6. package/dist/index.js +2 -2
  7. package/dist/index.js.map +1 -1
  8. package/package.json +2 -1
package/dist/index.d.cts CHANGED
@@ -24,140 +24,62 @@ interface OAuth2Token {
24
24
  createdAt?: number;
25
25
  raw?: Record<string, any>;
26
26
  }
27
- interface User {
28
- id: string;
29
- systemId: string;
30
- metadata?: Record<string, any>;
31
- createdAt: Date;
32
- updatedAt: Date;
33
- }
34
- interface UserToken {
35
- id: string;
36
- userId: string;
37
- systemId: string;
38
- scopeId: string;
39
- provider: string;
40
- email?: string;
41
- token: OAuth2Token;
42
- createdAt: Date;
43
- updatedAt: Date;
44
- }
45
- interface System {
46
- id: string;
47
- name: string;
48
- description?: string;
49
- scopes: Scope[];
50
- metadata?: Record<string, any>;
51
- createdAt: Date;
52
- updatedAt: Date;
53
- }
54
- interface Scope {
55
- id: string;
56
- systemId: string;
57
- name: string;
58
- type: 'authentication' | 'access' | 'custom';
59
- permissions: string[];
60
- isolated: boolean;
61
- metadata?: Record<string, any>;
62
- }
63
27
  interface AuthorizationState {
64
28
  state: string;
65
29
  codeVerifier?: string;
66
30
  config: OAuth2Config;
67
- timestamp: Date;
31
+ createdAt: Date;
68
32
  metadata?: Record<string, any>;
69
33
  }
70
34
 
71
- interface CreateUserInput {
72
- systemId: string;
73
- metadata?: Record<string, any>;
74
- email?: string;
75
- externalId?: string;
35
+ /**
36
+ * Simplified storage adapter interface
37
+ * Only stores tokens with provider, userId, and email as key fields
38
+ * Enforces uniqueness on provider + email combination
39
+ */
40
+ interface StorageAdapter {
41
+ saveToken(input: SaveTokenInput): Promise<StoredToken>;
42
+ getToken(provider: string, email: string): Promise<StoredToken | null>;
43
+ getTokenById(id: string): Promise<StoredToken | null>;
44
+ getTokensByUserId(userId: string): Promise<StoredToken[]>;
45
+ getTokensByEmail(email: string): Promise<StoredToken[]>;
46
+ getTokensByProvider(provider: string): Promise<StoredToken[]>;
47
+ getAccounts(userId: string, provider: string): Promise<StoredToken[]>;
48
+ updateToken(id: string, update: UpdateTokenInput): Promise<StoredToken | null>;
49
+ deleteToken(id: string): Promise<boolean>;
50
+ deleteTokenByProviderEmail(provider: string, email: string): Promise<boolean>;
51
+ deleteExpiredTokens(): Promise<number>;
52
+ saveAuthorizationState(state: Omit<AuthorizationState, 'createdAt'>): Promise<AuthorizationState>;
53
+ getAuthorizationState(state: string): Promise<AuthorizationState | null>;
54
+ deleteAuthorizationState(state: string): Promise<boolean>;
55
+ cleanupExpiredStates(): Promise<number>;
76
56
  }
77
- interface UserTokenWithProfile {
57
+ interface StoredToken {
78
58
  id: string;
79
- userId: string;
80
- systemId: string;
81
- scopeId: string;
82
59
  provider: string;
83
- token: {
84
- accessToken: string;
85
- refreshToken?: string;
86
- expiresAt: Date;
87
- expiresIn?: number;
88
- tokenType: string;
89
- scope?: string;
90
- createdAt?: number;
91
- raw?: Record<string, any>;
92
- };
60
+ userId: string;
61
+ email: string;
62
+ token: OAuth2Token;
63
+ metadata?: Record<string, any>;
93
64
  createdAt: Date;
94
65
  updatedAt: Date;
95
- user: {
96
- email?: string;
97
- name?: string;
98
- externalId?: string;
99
- metadata?: Record<string, any>;
100
- };
66
+ }
67
+ interface SaveTokenInput {
68
+ provider: string;
69
+ userId: string;
70
+ email: string;
71
+ token: OAuth2Token;
72
+ metadata?: Record<string, any>;
73
+ }
74
+ interface UpdateTokenInput {
75
+ token?: OAuth2Token;
76
+ metadata?: Record<string, any>;
101
77
  }
102
78
  interface ProfileBasedTokenOptions {
103
79
  checkProfileEmail?: boolean;
104
80
  replaceConflictingTokens?: boolean;
105
81
  mergeUserData?: boolean;
106
82
  }
107
- interface StorageAdapter {
108
- createSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
109
- getOrCreateSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
110
- getSystem(id: string): Promise<System | null>;
111
- updateSystem(id: string, system: Partial<System>): Promise<System>;
112
- deleteSystem(id: string): Promise<void>;
113
- listSystems(): Promise<System[]>;
114
- createScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
115
- getOrCreateScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
116
- getScope(id: string): Promise<Scope | null>;
117
- getScopesBySystem(systemId: string): Promise<Scope[]>;
118
- updateScope(id: string, scope: Partial<Scope>): Promise<Scope>;
119
- deleteScope(id: string): Promise<void>;
120
- createUser(user: Omit<User, 'id' | 'createdAt' | 'updatedAt'>): Promise<User>;
121
- getOrCreateUser(input: CreateUserInput): Promise<User>;
122
- findUserByEmail(systemId: string, email: string): Promise<User | null>;
123
- findUserByExternalId(systemId: string, externalId: string): Promise<User | null>;
124
- getUser(id: string): Promise<User | null>;
125
- getUsersBySystem(systemId: string): Promise<User[]>;
126
- updateUser(id: string, user: Partial<User>): Promise<User>;
127
- deleteUser(id: string): Promise<void>;
128
- saveToken(token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
129
- saveTokenWithEmailValidation(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
130
- getTokensByUser(userId: string): Promise<UserToken[]>;
131
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
132
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
133
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
134
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
135
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
136
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
137
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
138
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
139
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
140
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
141
- getTokensByUserWithProfile(userId: string): Promise<UserTokenWithProfile[]>;
142
- getTokensByUserAndScopeWithProfile(userId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
143
- getTokensByUserAndProviderWithProfile(userId: string, provider: string): Promise<UserTokenWithProfile[]>;
144
- getTokensByUserScopeProviderWithProfile(userId: string, scopeId: string, provider: string): Promise<UserTokenWithProfile[]>;
145
- getTokensByScopeWithProfile(systemId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
146
- getTokensBySystemWithProfile(systemId: string): Promise<UserTokenWithProfile[]>;
147
- findTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<UserToken[]>;
148
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
149
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, newToken: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
150
- getTokenById(id: string): Promise<UserToken | null>;
151
- updateToken(id: string, token: Partial<UserToken>): Promise<UserToken>;
152
- deleteToken(id: string): Promise<void>;
153
- deleteTokensByUser(userId: string): Promise<void>;
154
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
155
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
156
- saveAuthorizationState(state: AuthorizationState): Promise<void>;
157
- getAuthorizationState(state: string): Promise<AuthorizationState | null>;
158
- deleteAuthorizationState(state: string): Promise<void>;
159
- cleanupExpiredStates(expiryMs: number): Promise<void>;
160
- }
161
83
 
162
84
  interface UserProfile {
163
85
  email: string;
@@ -181,339 +103,17 @@ interface ProfileFetcher {
181
103
  getProfileEndpoint(): string;
182
104
  }
183
105
 
184
- interface AuthorizationUrlStrategy {
185
- generateAuthorizationUrl(config: OAuth2Config, state: string, codeChallenge?: string): string;
186
- }
187
-
188
- interface TokenExchangeStrategy {
189
- exchangeCodeForToken(code: string, config: OAuth2Config, codeVerifier?: string): Promise<OAuth2Token>;
190
- refreshToken(refreshToken: string, config: OAuth2Config): Promise<OAuth2Token>;
191
- }
192
-
193
- declare abstract class BaseProfileFetcher {
194
- protected profileEndpoint: string;
195
- constructor(profileEndpoint: string);
196
- /**
197
- * Fetch user profile information from the OAuth provider
198
- * @param accessToken The OAuth access token
199
- * @returns Promise resolving to standardized user profile
200
- */
201
- fetchUserInfo(accessToken: string): Promise<UserProfile>;
202
- /**
203
- * Map the raw API response to our standardized UserProfile structure
204
- * Override this method to customize mapping for different providers
205
- */
206
- protected abstract mapToUserProfile(rawData: any): UserProfile;
207
- /**
208
- * Get additional headers if needed for the profile request
209
- * Override this method to add provider-specific headers
210
- */
211
- protected getAdditionalHeaders(): Record<string, string>;
212
- /**
213
- * Get the profile endpoint URL
214
- */
215
- getEndpoint(): string;
216
- }
217
-
218
- declare abstract class OAuth2Provider {
219
- protected config: OAuth2Config;
220
- protected authUrlStrategy: AuthorizationUrlStrategy;
221
- protected tokenStrategy: TokenExchangeStrategy;
222
- protected profileFetcher?: BaseProfileFetcher;
223
- constructor(config: OAuth2Config, authUrlStrategy?: AuthorizationUrlStrategy, tokenStrategy?: TokenExchangeStrategy, profileFetcher?: BaseProfileFetcher);
224
- protected abstract createAuthorizationUrlStrategy(): AuthorizationUrlStrategy;
225
- protected abstract createTokenExchangeStrategy(): TokenExchangeStrategy;
226
- fetchProfile(accessToken: string): Promise<UserProfile>;
227
- getProfileEndpoint(): string;
228
- setProfileFetcher(profileFetcher: BaseProfileFetcher): void;
229
- hasProfileFetcher(): boolean;
230
- generateAuthorizationUrl(state: string, codeChallenge?: string): string;
231
- exchangeCodeForToken(code: string, codeVerifier?: string): Promise<OAuth2Token>;
232
- refreshToken(refreshToken: string): Promise<OAuth2Token>;
233
- }
234
-
235
- interface OAuth2GranularOperations {
236
- createUserInSystem(systemId: string, options: UserCreationOptions): Promise<User>;
237
- getOrCreateUserInSystem(systemId: string, options: UserCreationOptions): Promise<User>;
238
- getUserById(userId: string): Promise<User | null>;
239
- findUserByEmailInSystem(systemId: string, email: string): Promise<User | null>;
240
- findUserByExternalIdInSystem(systemId: string, externalId: string): Promise<User | null>;
241
- getUsersBySystem(systemId: string): Promise<User[]>;
242
- saveTokenForUser(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
243
- getTokensByUser(userId: string): Promise<UserToken[]>;
244
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
245
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
246
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
247
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
248
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
249
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
250
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
251
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
252
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
253
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
254
- getValidTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<OAuth2Token>;
255
- getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
256
- withValidTokenByEmail<T>(email: string, systemId: string, scopeId: string, provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
257
- getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
258
- provider: string;
259
- scopeId: string;
260
- token: OAuth2Token;
261
- userToken: UserToken;
262
- }[]>;
263
- getAllValidTokensForUserScopeProvider(userId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<{
264
- email: string;
265
- token: OAuth2Token;
266
- userToken: UserToken;
267
- }[]>;
268
- getAllValidTokensForEmail(email: string, systemId: string, options?: TokenOptions): Promise<{
269
- provider: string;
270
- scopeId: string;
271
- token: OAuth2Token;
272
- userToken: UserToken;
273
- }[]>;
274
- hasTokensForUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<boolean>;
275
- hasTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<boolean>;
276
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
277
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
278
- deleteTokensByUser(userId: string): Promise<void>;
279
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
280
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
281
- deleteTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<void>;
282
- deleteTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<void>;
283
- createSystem(name: string, description?: string): Promise<System>;
284
- getSystem(systemId: string): Promise<System | null>;
285
- createScopeInSystem(systemId: string, name: string, options?: {
286
- type?: 'authentication' | 'access' | 'custom';
287
- permissions?: string[];
288
- isolated?: boolean;
289
- }): Promise<Scope>;
290
- getScope(scopeId: string): Promise<Scope | null>;
291
- getScopesBySystem(systemId: string): Promise<Scope[]>;
292
- }
293
- declare class OAuth2GranularClient implements OAuth2GranularOperations {
294
- private storage;
295
- private providers;
296
- private now;
297
- constructor(storage: StorageAdapter, providers: Map<string, OAuth2Provider>, now?: () => number);
298
- createUserInSystem(systemId: string, options?: UserCreationOptions): Promise<User>;
299
- getOrCreateUserInSystem(systemId: string, options?: UserCreationOptions): Promise<User>;
300
- getUserById(userId: string): Promise<User | null>;
301
- findUserByEmailInSystem(systemId: string, email: string): Promise<User | null>;
302
- findUserByExternalIdInSystem(systemId: string, externalId: string): Promise<User | null>;
303
- getUsersBySystem(systemId: string): Promise<User[]>;
304
- saveTokenForUser(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
305
- getTokensByUser(userId: string): Promise<UserToken[]>;
306
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
307
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
308
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
309
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
310
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
311
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
312
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
313
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
314
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
315
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
316
- getValidTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<OAuth2Token>;
317
- getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
318
- getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
319
- provider: string;
320
- scopeId: string;
321
- token: OAuth2Token;
322
- userToken: UserToken;
323
- }[]>;
324
- getAllValidTokensForUserScopeProvider(userId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<{
325
- email: string;
326
- token: OAuth2Token;
327
- userToken: UserToken;
328
- }[]>;
329
- getAllValidTokensForEmail(email: string, systemId: string, options?: TokenOptions): Promise<{
330
- provider: string;
331
- scopeId: string;
332
- token: OAuth2Token;
333
- userToken: UserToken;
334
- }[]>;
335
- withValidTokenByEmail<T>(email: string, systemId: string, scopeId: string, provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
336
- hasTokensForUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<boolean>;
337
- hasTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<boolean>;
338
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
339
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, token: OAuth2Token): Promise<UserToken>;
340
- deleteTokensByUser(userId: string): Promise<void>;
341
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
342
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
343
- deleteTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<void>;
344
- deleteTokenByEmail(email: string, systemId: string, scopeId: string, provider: string): Promise<void>;
345
- createSystem(name: string, description?: string): Promise<System>;
346
- getSystem(systemId: string): Promise<System | null>;
347
- createScopeInSystem(systemId: string, name: string, options?: {
348
- type?: 'authentication' | 'access' | 'custom';
349
- permissions?: string[];
350
- isolated?: boolean;
351
- }): Promise<Scope>;
352
- getScope(scopeId: string): Promise<Scope | null>;
353
- getScopesBySystem(systemId: string): Promise<Scope[]>;
354
- private isTokenExpired;
355
- }
356
-
357
- interface UserOperationParams {
358
- systemId?: string;
359
- email?: string;
360
- externalId?: string;
361
- options?: UserCreationOptions;
362
- }
363
- interface TokenQueryParams {
364
- userId?: string;
365
- systemId?: string;
366
- scopeId?: string;
367
- provider?: string;
368
- email?: string;
369
- }
370
- interface TokenSaveParams {
371
- userId: string;
372
- systemId?: string;
373
- scopeId?: string;
374
- provider: string;
375
- email: string;
376
- token: OAuth2Token;
377
- }
378
- interface EmailTokenParams {
379
- email: string;
380
- systemId?: string;
381
- scopeId?: string;
382
- provider: string;
383
- options?: TokenOptions;
384
- }
385
- interface UserTokenParams {
386
- userId: string;
387
- systemId?: string;
388
- scopeId?: string;
389
- provider: string;
390
- options?: TokenOptions;
391
- }
392
- interface TokenExistenceParams {
393
- userId?: string;
394
- systemId?: string;
395
- scopeId?: string;
396
- provider: string;
397
- email?: string;
398
- }
399
- interface TokenDeletionParams {
400
- userId?: string;
401
- systemId?: string;
402
- scopeId?: string;
403
- provider?: string;
404
- email?: string;
405
- }
406
- interface ScopeCreationParams {
407
- systemId?: string;
408
- name: string;
409
- type?: 'authentication' | 'access' | 'custom';
410
- permissions?: string[];
411
- isolated?: boolean;
412
- }
413
- interface ValidTokenResult {
414
- provider: string;
415
- scopeId: string;
416
- token: OAuth2Token;
417
- userToken: UserToken;
418
- }
419
- interface BulkTokenQueryParams {
420
- userId?: string;
421
- email?: string;
422
- systemId?: string;
423
- scopeId?: string;
424
- provider?: string;
425
- options?: TokenOptions;
426
- }
427
- interface OAuth2GranularOperationsV2 {
428
- ensureDefaults(): Promise<{
429
- system: System;
430
- scope: Scope;
431
- }>;
432
- createUser(params: UserOperationParams): Promise<User>;
433
- getOrCreateUser(params: UserOperationParams): Promise<User>;
434
- getUserById(userId: string): Promise<User | null>;
435
- findUserByEmail(params: {
436
- systemId?: string;
437
- email: string;
438
- }): Promise<User | null>;
439
- findUserByExternalId(params: {
440
- systemId?: string;
441
- externalId: string;
442
- }): Promise<User | null>;
443
- getUsersBySystem(systemId?: string): Promise<User[]>;
444
- saveToken(params: TokenSaveParams): Promise<UserToken>;
445
- getTokens(params: TokenQueryParams): Promise<UserToken[]>;
446
- getValidToken(params: EmailTokenParams | UserTokenParams): Promise<OAuth2Token>;
447
- getAccessToken(params: EmailTokenParams | UserTokenParams): Promise<string>;
448
- withValidToken<T>(params: EmailTokenParams | UserTokenParams, callback: (accessToken: string) => Promise<T>): Promise<T>;
449
- getAllValidTokens(params: BulkTokenQueryParams): Promise<ValidTokenResult[]>;
450
- hasToken(params: TokenExistenceParams): Promise<boolean>;
451
- deleteTokens(params: TokenDeletionParams): Promise<void>;
452
- createSystem(name: string, description?: string): Promise<System>;
453
- getSystem(systemId?: string): Promise<System | null>;
454
- createScope(params: ScopeCreationParams): Promise<Scope>;
455
- getScope(scopeId?: string): Promise<Scope | null>;
456
- getScopesBySystem(systemId?: string): Promise<Scope[]>;
457
- }
458
-
459
- declare class OAuth2GranularClientV2 implements OAuth2GranularOperationsV2 {
460
- private storage;
461
- private providers;
462
- private getContext;
463
- private now;
464
- private defaultSystem;
465
- private defaultScope;
466
- private defaultsInitialized;
467
- constructor(storage: StorageAdapter, providers: Map<string, OAuth2Provider>, getContext: () => {
468
- currentSystem?: System;
469
- currentUser?: User;
470
- defaultScope?: Scope;
471
- }, now?: () => number);
472
- ensureDefaults(): Promise<{
473
- system: System;
474
- scope: Scope;
475
- }>;
476
- private resolveSystemId;
477
- private resolveScopeId;
478
- createUser(params: UserOperationParams): Promise<User>;
479
- getOrCreateUser(params: UserOperationParams): Promise<User>;
480
- getUserById(userId: string): Promise<User | null>;
481
- findUserByEmail(params: {
482
- systemId?: string;
483
- email: string;
484
- }): Promise<User | null>;
485
- findUserByExternalId(params: {
486
- systemId?: string;
487
- externalId: string;
488
- }): Promise<User | null>;
489
- getUsersBySystem(systemId?: string): Promise<User[]>;
490
- saveToken(params: TokenSaveParams): Promise<UserToken>;
491
- getTokens(params: TokenQueryParams): Promise<UserToken[]>;
492
- getValidToken(params: EmailTokenParams | UserTokenParams): Promise<OAuth2Token>;
493
- getAccessToken(params: EmailTokenParams | UserTokenParams): Promise<string>;
494
- withValidToken<T>(params: EmailTokenParams | UserTokenParams, callback: (accessToken: string) => Promise<T>): Promise<T>;
495
- getAllValidTokens(params: BulkTokenQueryParams): Promise<ValidTokenResult[]>;
496
- hasToken(params: TokenExistenceParams): Promise<boolean>;
497
- deleteTokens(params: TokenDeletionParams): Promise<void>;
498
- createSystem(name: string, description?: string): Promise<System>;
499
- getSystem(systemId?: string): Promise<System | null>;
500
- createScope(params: ScopeCreationParams): Promise<Scope>;
501
- getScope(scopeId?: string): Promise<Scope | null>;
502
- getScopesBySystem(systemId?: string): Promise<Scope[]>;
503
- private isTokenExpired;
504
- }
505
-
506
106
  interface OAuth2Options {
507
107
  storage?: StorageAdapter;
508
- sealKey?: string;
509
108
  providers?: Record<string, OAuth2Config>;
510
109
  }
511
110
  interface AuthorizationOptions {
512
111
  provider: string;
112
+ userId: string;
113
+ email: string;
513
114
  scopes?: string[];
514
115
  metadata?: Record<string, any>;
515
116
  usePKCE?: boolean;
516
- userId?: string;
517
117
  }
518
118
  interface TokenOptions {
519
119
  autoRefresh?: boolean;
@@ -521,22 +121,8 @@ interface TokenOptions {
521
121
  expirationBuffer?: number;
522
122
  defaultExpiresIn?: number;
523
123
  }
524
- interface UserCreationOptions {
525
- email?: string;
526
- externalId?: string;
527
- metadata?: Record<string, any>;
528
- }
529
- interface CallbackOptions {
530
- userId?: string;
531
- scopeId?: string;
532
- profileOptions?: ProfileBasedTokenOptions;
533
- }
534
124
  interface CallbackResult {
535
- userToken: UserToken;
536
- userId: string;
537
- systemId: string;
538
- scopeId: string;
539
- provider: string;
125
+ token: StoredToken;
540
126
  profile?: UserProfile;
541
127
  }
542
128
  declare class OAuth2Client {
@@ -545,347 +131,126 @@ declare class OAuth2Client {
545
131
  private providers;
546
132
  private providerConfigs;
547
133
  private now;
548
- private currentSystem?;
549
- private currentUser?;
550
- private defaultScope?;
551
- /**
552
- * @deprecated Use granularV2 instead for better developer experience with optional system/scope
553
- */
554
- readonly granular: OAuth2GranularOperations;
555
- readonly granularV2: OAuth2GranularClientV2;
556
134
  constructor(options?: OAuth2Options);
557
- /**
558
- * Quick setup for common use cases
559
- */
560
- static quickSetup(appName: string, providers: Record<string, OAuth2Config>): Promise<OAuth2Client>;
561
135
  /**
562
136
  * Register a provider configuration
563
137
  */
564
138
  registerProvider(name: string, config: OAuth2Config): void;
565
139
  /**
566
- * Initialize default system and scope if they don't exist
567
- */
568
- initializeDefaults(): Promise<{
569
- system: System;
570
- scope: Scope;
571
- }>;
572
- /**
573
- * Get the default system if it exists
574
- */
575
- getDefaultSystem(): Promise<System | null>;
576
- /**
577
- * Get the default scope if it exists
578
- */
579
- getDefaultScope(): Promise<Scope | null>;
580
- /**
581
- * Create or select a system to work with
582
- */
583
- createSystem(name: string, description?: string): Promise<System>;
584
- useSystem(systemId: string): Promise<void>;
585
- /**
586
- * Create a scope within the current system
587
- */
588
- createScope(name: string, options?: {
589
- type?: 'authentication' | 'access' | 'custom';
590
- permissions?: string[];
591
- isolated?: boolean;
592
- }): Promise<Scope>;
593
- setDefaultScope(scopeId: string): void;
594
- /**
595
- * Create a user (legacy method - always creates new user)
596
- * @deprecated Use getOrCreateUser for better user management
597
- */
598
- createUser(metadata?: Record<string, any>): Promise<User>;
599
- /**
600
- * Get or create a user (recommended method)
601
- */
602
- getOrCreateUser(options?: UserCreationOptions): Promise<User>;
603
- /**
604
- * Get or create a user (stateless version for backend APIs)
605
- */
606
- getOrCreateUserStateless(systemId: string, options?: UserCreationOptions): Promise<User>;
607
- /**
608
- * Start authorization flow for a specific user (stateless backend API method)
609
- */
610
- authorizeForUser(userId: string, provider: string, options?: {
611
- systemId?: string;
612
- scopeId?: string;
613
- scopes?: string[];
614
- metadata?: Record<string, any>;
615
- usePKCE?: boolean;
616
- }): Promise<{
617
- url: string;
618
- state: string;
619
- }>;
620
- /**
621
- * Complete workflow: get/create user and start authorization (for backend APIs)
622
- */
623
- createUserAndAuthorize(systemId: string, provider: string, userOptions: UserCreationOptions, authOptions?: {
624
- scopeId?: string;
625
- scopes?: string[];
626
- metadata?: Record<string, any>;
627
- usePKCE?: boolean;
628
- }): Promise<{
629
- user: User;
630
- authUrl: string;
631
- state: string;
632
- }>;
633
- /**
634
- * Find user by email
635
- */
636
- findUserByEmail(email: string): Promise<User | null>;
637
- /**
638
- * Find user by email (stateless version)
639
- */
640
- findUserByEmailStateless(systemId: string, email: string): Promise<User | null>;
641
- /**
642
- * Find user by external ID
643
- */
644
- findUserByExternalId(externalId: string): Promise<User | null>;
645
- /**
646
- * Find user by external ID (stateless version)
647
- */
648
- findUserByExternalIdStateless(systemId: string, externalId: string): Promise<User | null>;
649
- useUser(userId: string): Promise<void>;
650
- /**
651
- * Start the OAuth authorization flow
140
+ * Start OAuth2 authorization flow
652
141
  */
653
142
  authorize(options: AuthorizationOptions): Promise<{
654
143
  url: string;
655
144
  state: string;
656
145
  }>;
657
146
  /**
658
- * Handle the OAuth callback
659
- */
660
- handleCallback(code: string, state: string, options?: CallbackOptions): Promise<CallbackResult>;
661
- /**
662
- * Merge user data from OAuth profile
663
- */
664
- private mergeUserDataFromProfile;
665
- /**
666
- * Fetch user profile for a given provider and user
667
- * Note: If user has multiple tokens for the provider, this will fail.
668
- * Use fetchUserProfileByEmail() for unambiguous profile fetching.
669
- */
670
- fetchUserProfile(provider: string, userId?: string): Promise<UserProfile>;
671
- /**
672
- * Fetch user profile by email (unambiguous)
673
- */
674
- fetchUserProfileByEmail(provider: string, email: string, systemId?: string, scopeId?: string): Promise<UserProfile>;
675
- /**
676
- * Replace tokens for users with conflicting email addresses
147
+ * Handle OAuth2 callback
677
148
  */
678
- replaceConflictingTokensByEmail(email: string, provider: string, newUserId: string, newToken: OAuth2Token): Promise<UserToken>;
679
- /**
680
- * Check if a token is expired
681
- */
682
- isTokenExpired(token: OAuth2Token, options?: TokenOptions): boolean;
149
+ handleCallback(code: string, state: string): Promise<CallbackResult>;
683
150
  /**
684
151
  * Get a valid access token (auto-refresh if needed)
685
- * Uses current context (user + default scope)
686
- */
687
- getAccessToken(provider: string, options?: TokenOptions): Promise<string>;
688
- /**
689
- * Get access token by email (unambiguous)
690
- */
691
- getAccessTokenByEmail(email: string, systemId: string, scopeId: string, provider: string, options?: TokenOptions): Promise<string>;
692
- /**
693
- * Ensure we have a valid token, refreshing if needed
694
- * Uses current context (user + default scope)
695
- */
696
- ensureValidToken(provider: string, options?: TokenOptions): Promise<OAuth2Token>;
697
- /**
698
- * Execute a callback with a valid access token
699
- * Uses current context (user + default scope)
700
- */
701
- withValidToken<T>(provider: string, callback: (accessToken: string) => Promise<T>, options?: TokenOptions): Promise<T>;
702
- /**
703
- * Get user token entity (includes all metadata) for specific user
704
- */
705
- getUserTokenForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
706
- /**
707
- * Check if token exists for specific user/provider combination
708
- */
709
- hasTokenForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<boolean>;
710
- /**
711
- * Revoke tokens for a specific user and provider (stateless method)
712
- * This removes ALL tokens for the user/scope/provider combination
713
- */
714
- revokeTokensForUser(userId: string, _systemId: string, scopeId: string, provider: string): Promise<void>;
715
- /**
716
- * Revoke tokens for a provider
717
- */
718
- revokeTokens(provider: string): Promise<void>;
719
- /**
720
- * Get all tokens for the current user
721
- */
722
- getUserTokens(): Promise<UserToken[]>;
723
- /**
724
- * Get all tokens for a user by ID with validation and auto-refresh
725
- */
726
- getAllValidTokensForUser(userId: string, options?: TokenOptions): Promise<{
727
- provider: string;
728
- scopeId: string;
729
- token: OAuth2Token;
730
- userToken: UserToken;
731
- }[]>;
732
- /**
733
- * Get all valid tokens for a user by email with validation and auto-refresh
734
- */
735
- getAllValidTokensForEmail(email: string, systemId?: string, options?: TokenOptions): Promise<{
736
- provider: string;
737
- scopeId: string;
738
- token: OAuth2Token;
739
- userToken: UserToken;
740
- }[]>;
741
- /**
742
- * Get specific token for an email
743
- */
744
- getTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken | null>;
745
- /**
746
- * Get valid token for an email (with auto-refresh)
747
152
  */
748
- getValidTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<OAuth2Token>;
153
+ getAccessToken(provider: string, email: string, options?: TokenOptions): Promise<string>;
749
154
  /**
750
- * Get valid access token for an email (with auto-refresh)
155
+ * Get a valid token (auto-refresh if needed)
751
156
  */
752
- getAccessTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<string>;
157
+ getValidToken(provider: string, email: string, options?: TokenOptions): Promise<OAuth2Token>;
753
158
  /**
754
- * Execute a callback with a valid access token for an email
159
+ * Get all tokens for a user
755
160
  */
756
- withValidTokenForEmail<T>(email: string, provider: string, callback: (accessToken: string) => Promise<T>, systemId?: string, scopeId?: string, options?: TokenOptions): Promise<T>;
161
+ getTokensByUserId(userId: string): Promise<StoredToken[]>;
757
162
  /**
758
- * Check if token exists for specific email/provider combination
163
+ * Get all tokens for an email
759
164
  */
760
- hasTokenForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<boolean>;
165
+ getTokensByEmail(email: string): Promise<StoredToken[]>;
761
166
  /**
762
- * Revoke tokens for a specific email and provider
167
+ * Delete a token
763
168
  */
764
- revokeTokensForEmail(email: string, provider: string, systemId?: string, scopeId?: string): Promise<void>;
169
+ deleteToken(provider: string, email: string): Promise<boolean>;
765
170
  /**
766
- * Get tokens by scope (stateless method)
171
+ * Delete all expired tokens
767
172
  */
768
- getTokensByScope(systemId?: string, scopeId?: string): Promise<UserToken[]>;
769
- /**
770
- * Find token by email and scope
771
- */
772
- findTokenByEmailAndScope(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken | null>;
773
- /**
774
- * Find all tokens by email and scope
775
- */
776
- findAllTokensByEmailAndScope(email: string, provider: string, systemId?: string, scopeId?: string): Promise<UserToken[]>;
777
- private detectProviderType;
173
+ cleanupExpiredTokens(): Promise<number>;
778
174
  /**
779
175
  * Clean up expired authorization states
780
176
  */
781
- cleanup(expiryMs?: number): Promise<void>;
782
- /**
783
- * Get all valid tokens for a user with OAuth provider profile information (RECOMMENDED FOR UI)
784
- * This fetches the actual email/profile from each OAuth provider using the access token
785
- */
786
- getAllValidTokensWithProviderProfiles(userId: string, options?: TokenOptions): Promise<{
787
- provider: string;
788
- scopeId: string;
789
- token: OAuth2Token;
790
- userToken: UserToken;
791
- profile?: UserProfile;
792
- }[]>;
177
+ cleanupExpiredStates(): Promise<number>;
178
+ private isTokenExpired;
179
+ private detectProviderType;
180
+ }
181
+
182
+ declare class InMemoryStorageAdapter implements StorageAdapter {
183
+ private tokens;
184
+ private states;
185
+ private generateId;
186
+ saveToken(input: SaveTokenInput): Promise<StoredToken>;
187
+ getToken(provider: string, email: string): Promise<StoredToken | null>;
188
+ getTokenById(id: string): Promise<StoredToken | null>;
189
+ getTokensByUserId(userId: string): Promise<StoredToken[]>;
190
+ getTokensByEmail(email: string): Promise<StoredToken[]>;
191
+ getTokensByProvider(provider: string): Promise<StoredToken[]>;
192
+ getAccounts(userId: string, provider: string): Promise<StoredToken[]>;
193
+ updateToken(id: string, update: UpdateTokenInput): Promise<StoredToken | null>;
194
+ deleteToken(id: string): Promise<boolean>;
195
+ deleteTokenByProviderEmail(provider: string, email: string): Promise<boolean>;
196
+ deleteExpiredTokens(): Promise<number>;
197
+ saveAuthorizationState(state: Omit<AuthorizationState, 'createdAt'>): Promise<AuthorizationState>;
198
+ getAuthorizationState(state: string): Promise<AuthorizationState | null>;
199
+ deleteAuthorizationState(state: string): Promise<boolean>;
200
+ cleanupExpiredStates(): Promise<number>;
201
+ }
202
+
203
+ interface AuthorizationUrlStrategy {
204
+ generateAuthorizationUrl(config: OAuth2Config, state: string, codeChallenge?: string): string;
205
+ }
206
+
207
+ interface TokenExchangeStrategy {
208
+ exchangeCodeForToken(code: string, config: OAuth2Config, codeVerifier?: string): Promise<OAuth2Token>;
209
+ refreshToken(refreshToken: string, config: OAuth2Config): Promise<OAuth2Token>;
210
+ }
211
+
212
+ declare abstract class BaseProfileFetcher {
213
+ protected profileEndpoint: string;
214
+ constructor(profileEndpoint: string);
793
215
  /**
794
- * Get all valid tokens for a user and scope with OAuth provider profile information
216
+ * Fetch user profile information from the OAuth provider
217
+ * @param accessToken The OAuth access token
218
+ * @returns Promise resolving to standardized user profile
795
219
  */
796
- getAllValidTokensForUserAndScopeWithProviderProfiles(userId: string, scopeId: string, options?: TokenOptions): Promise<{
797
- provider: string;
798
- token: OAuth2Token;
799
- userToken: UserToken;
800
- profile?: UserProfile;
801
- }[]>;
220
+ fetchUserInfo(accessToken: string): Promise<UserProfile>;
802
221
  /**
803
- * Get all valid tokens for a user and provider with OAuth provider profile information
222
+ * Map the raw API response to our standardized UserProfile structure
223
+ * Override this method to customize mapping for different providers
804
224
  */
805
- getAllValidTokensForUserAndProviderWithProviderProfiles(userId: string, provider: string, options?: TokenOptions): Promise<{
806
- scopeId: string;
807
- token: OAuth2Token;
808
- userToken: UserToken;
809
- profile?: UserProfile;
810
- }[]>;
225
+ protected abstract mapToUserProfile(rawData: any): UserProfile;
811
226
  /**
812
- * Get OAuth provider profile for a specific token
813
- * This fetches the actual email/profile from the OAuth provider using the access token
227
+ * Get additional headers if needed for the profile request
228
+ * Override this method to add provider-specific headers
814
229
  */
815
- getTokenProfile(token: OAuth2Token, provider: string): Promise<UserProfile | null>;
230
+ protected getAdditionalHeaders(): Record<string, string>;
816
231
  /**
817
- * Get OAuth provider profile for a specific user token
818
- * This fetches the actual email/profile from the OAuth provider using the access token
232
+ * Get the profile endpoint URL
819
233
  */
820
- getUserTokenProfile(userToken: UserToken): Promise<UserProfile | null>;
234
+ getEndpoint(): string;
821
235
  }
822
236
 
823
- declare class InMemoryStorageAdapter implements StorageAdapter {
824
- private systems;
825
- private scopes;
826
- private users;
827
- private tokens;
828
- private states;
829
- private generateId;
830
- createSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
831
- getOrCreateSystem(system: Omit<System, 'id' | 'createdAt' | 'updatedAt'>): Promise<System>;
832
- getSystem(id: string): Promise<System | null>;
833
- updateSystem(id: string, updates: Partial<System>): Promise<System>;
834
- deleteSystem(id: string): Promise<void>;
835
- listSystems(): Promise<System[]>;
836
- createScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
837
- getOrCreateScope(scope: Omit<Scope, 'id'>): Promise<Scope>;
838
- getScope(id: string): Promise<Scope | null>;
839
- getScopesBySystem(systemId: string): Promise<Scope[]>;
840
- updateScope(id: string, updates: Partial<Scope>): Promise<Scope>;
841
- deleteScope(id: string): Promise<void>;
842
- createUser(user: Omit<User, 'id' | 'createdAt' | 'updatedAt'>): Promise<User>;
843
- getOrCreateUser(input: CreateUserInput): Promise<User>;
844
- findUserByEmail(systemId: string, email: string): Promise<User | null>;
845
- findUserByExternalId(systemId: string, externalId: string): Promise<User | null>;
846
- getUser(id: string): Promise<User | null>;
847
- getUsersBySystem(systemId: string): Promise<User[]>;
848
- updateUser(id: string, updates: Partial<User>): Promise<User>;
849
- deleteUser(id: string): Promise<void>;
850
- saveToken(token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
851
- saveTokenWithEmailValidation(userId: string, systemId: string, scopeId: string, provider: string, email: string, token: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
852
- getTokensByUser(userId: string): Promise<UserToken[]>;
853
- getTokensByUserAndScope(userId: string, scopeId: string): Promise<UserToken[]>;
854
- getTokensByUserAndProvider(userId: string, provider: string): Promise<UserToken[]>;
855
- getTokensByUserScopeProvider(userId: string, scopeId: string, provider: string): Promise<UserToken[]>;
856
- getTokensByScope(systemId: string, scopeId: string): Promise<UserToken[]>;
857
- getTokensByProvider(systemId: string, provider: string): Promise<UserToken[]>;
858
- getTokensBySystem(systemId: string): Promise<UserToken[]>;
859
- findTokensByEmail(email: string, systemId: string): Promise<UserToken[]>;
860
- findTokensByEmailAndScope(email: string, systemId: string, scopeId: string): Promise<UserToken[]>;
861
- findTokensByEmailAndProvider(email: string, systemId: string, provider: string): Promise<UserToken[]>;
862
- findTokenByEmailScopeProvider(email: string, systemId: string, scopeId: string, provider: string): Promise<UserToken | null>;
863
- findTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<UserToken[]>;
864
- hasTokenWithEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string): Promise<boolean>;
865
- replaceTokensByEmailInUserScopeProvider(userId: string, scopeId: string, provider: string, email: string, newToken: Omit<UserToken, 'id' | 'createdAt' | 'updatedAt'>): Promise<UserToken>;
866
- getTokenById(id: string): Promise<UserToken | null>;
867
- updateToken(id: string, updates: Partial<UserToken>): Promise<UserToken>;
868
- deleteToken(id: string): Promise<void>;
869
- deleteTokensByUser(userId: string): Promise<void>;
870
- deleteTokensByUserAndScope(userId: string, scopeId: string): Promise<void>;
871
- deleteTokensByUserAndProvider(userId: string, provider: string): Promise<void>;
872
- saveAuthorizationState(state: AuthorizationState): Promise<void>;
873
- getAuthorizationState(state: string): Promise<AuthorizationState | null>;
874
- deleteAuthorizationState(state: string): Promise<void>;
875
- cleanupExpiredStates(expiryMs: number): Promise<void>;
876
- getTokensByUserWithProfile(userId: string): Promise<UserTokenWithProfile[]>;
877
- getTokensByUserAndScopeWithProfile(userId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
878
- getTokensByUserAndProviderWithProfile(userId: string, provider: string): Promise<UserTokenWithProfile[]>;
879
- getTokensByUserScopeProviderWithProfile(userId: string, scopeId: string, provider: string): Promise<UserTokenWithProfile[]>;
880
- getTokensByScopeWithProfile(systemId: string, scopeId: string): Promise<UserTokenWithProfile[]>;
881
- getTokensBySystemWithProfile(systemId: string): Promise<UserTokenWithProfile[]>;
237
+ declare abstract class OAuth2Provider {
238
+ protected config: OAuth2Config;
239
+ protected authUrlStrategy: AuthorizationUrlStrategy;
240
+ protected tokenStrategy: TokenExchangeStrategy;
241
+ protected profileFetcher?: BaseProfileFetcher;
242
+ constructor(config: OAuth2Config, authUrlStrategy?: AuthorizationUrlStrategy, tokenStrategy?: TokenExchangeStrategy, profileFetcher?: BaseProfileFetcher);
243
+ protected abstract createAuthorizationUrlStrategy(): AuthorizationUrlStrategy;
244
+ protected abstract createTokenExchangeStrategy(): TokenExchangeStrategy;
245
+ fetchProfile(accessToken: string): Promise<UserProfile>;
246
+ getProfileEndpoint(): string;
247
+ setProfileFetcher(profileFetcher: BaseProfileFetcher): void;
248
+ hasProfileFetcher(): boolean;
249
+ generateAuthorizationUrl(state: string, codeChallenge?: string): string;
250
+ exchangeCodeForToken(code: string, codeVerifier?: string): Promise<OAuth2Token>;
251
+ refreshToken(refreshToken: string): Promise<OAuth2Token>;
882
252
  }
883
253
 
884
- declare const DEFAULT_SYSTEM_NAME = "oauth2-token-manager-default-system";
885
- declare const DEFAULT_SCOPE_NAME = "oauth2-token-manager-default-scope";
886
- declare const DEFAULT_SYSTEM_CONFIG: Omit<System, 'id' | 'createdAt' | 'updatedAt'>;
887
- declare const DEFAULT_SCOPE_CONFIG: Omit<Scope, 'id' | 'systemId'>;
888
-
889
254
  type ProviderType = 'google' | 'github' | 'microsoft' | 'outlook' | 'facebook' | 'generic';
890
255
  interface ProviderFactory {
891
256
  createProvider(type: ProviderType, config: OAuth2Config): OAuth2Provider;
@@ -959,23 +324,4 @@ declare const generateState: () => string;
959
324
  declare const seal: <T>(d: T, key: string) => Promise<string>;
960
325
  declare const unseal: <T>(s: string, key: string) => Promise<T>;
961
326
 
962
- /**
963
- * Initializes the default system and scope if they don't exist.
964
- * Uses getOrCreateSystem and getOrCreateScope to ensure unique names.
965
- */
966
- declare function initializeDefaults(storage: StorageAdapter): Promise<{
967
- system: System;
968
- scope: Scope;
969
- }>;
970
- /**
971
- * Gets the default system if it exists.
972
- * Returns null if the default system hasn't been initialized.
973
- */
974
- declare function getDefaultSystem(storage: StorageAdapter): Promise<System | null>;
975
- /**
976
- * Gets the default scope if it exists.
977
- * Returns null if the default scope hasn't been initialized.
978
- */
979
- declare function getDefaultScope(storage: StorageAdapter): Promise<Scope | null>;
980
-
981
- export { type AuthorizationState, type AuthorizationUrlStrategy, BaseProfileFetcher, type BulkTokenQueryParams, type CreateUserInput, DEFAULT_SCOPE_CONFIG, DEFAULT_SCOPE_NAME, DEFAULT_SYSTEM_CONFIG, DEFAULT_SYSTEM_NAME, type EmailTokenParams, GenericOAuth2Provider, GenericProfileFetcher, GitHubProfileFetcher, GoogleProfileFetcher, InMemoryStorageAdapter, MicrosoftProfileFetcher, OAuth2Client, type OAuth2Config, OAuth2GranularClient, OAuth2GranularClientV2, type OAuth2GranularOperationsV2, OAuth2Provider, type OAuth2Token, type ProfileFetcher, ProfileFetcherFactory, type ProfileFetcherOptions, type ProfileMapping, type ProviderFactory, type ProviderType, type Scope, type ScopeCreationParams, StandardAuthorizationUrlStrategy, StandardTokenExchangeStrategy, type StorageAdapter, type System, type TokenDeletionParams, type TokenExchangeStrategy, type TokenExistenceParams, type TokenQueryParams, type TokenSaveParams, type User, type UserOperationParams, type UserProfile, type UserToken, type UserTokenParams, type UserTokenWithProfile, type ValidTokenResult, createCodeChallenge, createCodeVerifier, generateState, getDefaultScope, getDefaultSystem, initializeDefaults, seal, unseal };
327
+ export { type AuthorizationOptions, type AuthorizationState, type AuthorizationUrlStrategy, BaseProfileFetcher, type CallbackResult, GenericOAuth2Provider, GenericProfileFetcher, GitHubProfileFetcher, GoogleProfileFetcher, InMemoryStorageAdapter, MicrosoftProfileFetcher, OAuth2Client, type OAuth2Config, type OAuth2Options, OAuth2Provider, type OAuth2Token, type ProfileBasedTokenOptions, type ProfileFetcher, ProfileFetcherFactory, type ProfileFetcherOptions, type ProfileMapping, type ProviderFactory, type ProviderType, type SaveTokenInput, StandardAuthorizationUrlStrategy, StandardTokenExchangeStrategy, type StorageAdapter, type StoredToken, type TokenExchangeStrategy, type TokenOptions, type UpdateTokenInput, type UserProfile, createCodeChallenge, createCodeVerifier, generateState, seal, unseal };