@dainprotocol/service-sdk 2.0.2 → 2.0.3

package/dist/client/service-auth.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Service/Agent Authentication - Legacy Keypair-based
+ *
+ * This class is for SERVICE and AGENT authentication using legacy keypair-based signatures.
+ * End users should NOT use this class - they must use DainUserAuth with JWT tokens.
+ */
+import { DainClientAuth } from './client-auth';
+export interface DainServiceAuthConfig {
+    /** Service API key (format: sk_agent_org_<orgId>_<agentId>_<keypair>) */
+    apiKey?: string;
+    /** OR provide individual components: */
+    /** Base58-encoded Ed25519 private key */
+    privateKeyBase58?: string;
+    /** Agent ID */
+    agentId?: string;
+    /** Organization ID */
+    orgId?: string;
+    /** Smart Account PDA on Solana (optional) */
+    smartAccountPDA?: string;
+    /** Webhook URL for async operations (optional) */
+    webhookUrl?: string;
+}
+/**
+ * DainServiceAuth - Legacy keypair-based authentication for services and agents
+ *
+ * @example
+ * ```typescript
+ * // Authenticate as a service with API key
+ * const serviceAuth = new DainServiceAuth({
+ *   apiKey: "sk_agent_org_123_agent_456_<base58key>"
+ * });
+ *
+ * // OR with individual components
+ * const serviceAuth = new DainServiceAuth({
+ *   privateKeyBase58: "49bhyNKM...",
+ *   agentId: "agent_456",
+ *   orgId: "org_123"
+ * });
+ * ```
+ */
+export declare class DainServiceAuth extends DainClientAuth {
+    constructor(config: DainServiceAuthConfig);
+    /**
+     * Get the service's agent ID
+     */
+    getServiceAgentId(): string;
+    /**
+     * Get the service's organization ID
+     */
+    getServiceOrgId(): string;
+    /**
+     * Override to prevent JWT methods
+     * @deprecated Not supported for service authentication
+     */
+    getSmartAccountId(): never;
+    /**
+     * Override to prevent JWT methods
+     * @deprecated Not supported for service authentication
+     */
+    getJWT(): never;
+}

package/dist/client/service-auth.js

@@ -0,0 +1,93 @@
+"use strict";
+//File: src/client/service-auth.ts
+/**
+ * Service/Agent Authentication - Legacy Keypair-based
+ *
+ * This class is for SERVICE and AGENT authentication using legacy keypair-based signatures.
+ * End users should NOT use this class - they must use DainUserAuth with JWT tokens.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DainServiceAuth = void 0;
+const client_auth_1 = require("./client-auth");
+/**
+ * DainServiceAuth - Legacy keypair-based authentication for services and agents
+ *
+ * @example
+ * ```typescript
+ * // Authenticate as a service with API key
+ * const serviceAuth = new DainServiceAuth({
+ *   apiKey: "sk_agent_org_123_agent_456_<base58key>"
+ * });
+ *
+ * // OR with individual components
+ * const serviceAuth = new DainServiceAuth({
+ *   privateKeyBase58: "49bhyNKM...",
+ *   agentId: "agent_456",
+ *   orgId: "org_123"
+ * });
+ * ```
+ */
+class DainServiceAuth extends client_auth_1.DainClientAuth {
+    constructor(config) {
+        if (!config.apiKey && !(config.privateKeyBase58 && config.agentId && config.orgId)) {
+            throw new Error('Invalid service authentication configuration.\n' +
+                'Provide either:\n' +
+                '  - apiKey: "sk_agent_org_<orgId>_<agentId>_<keypair>"\n' +
+                '  OR\n' +
+                '  - privateKeyBase58, agentId, and orgId\n\n' +
+                'Note: This is for SERVICES and AGENTS only.\n' +
+                'If you are authenticating as a user, use DainUserAuth with a JWT token instead.');
+        }
+        // Call parent with legacy auth config
+        super({
+            apiKey: config.apiKey,
+            privateKeyBase58: config.privateKeyBase58,
+            agentId: config.agentId,
+            orgId: config.orgId,
+            smartAccountPDA: config.smartAccountPDA,
+            webhookUrl: config.webhookUrl,
+        });
+        // Verify auth method is legacy
+        if (this.getAuthMethod() !== 'legacy') {
+            throw new Error('DainServiceAuth must use legacy authentication');
+        }
+    }
+    /**
+     * Get the service's agent ID
+     */
+    getServiceAgentId() {
+        const agentId = this.getAgentId();
+        if (!agentId) {
+            throw new Error('Agent ID not available');
+        }
+        return agentId;
+    }
+    /**
+     * Get the service's organization ID
+     */
+    getServiceOrgId() {
+        const orgId = this.getOrgId();
+        if (!orgId) {
+            throw new Error('Organization ID not available');
+        }
+        return orgId;
+    }
+    /**
+     * Override to prevent JWT methods
+     * @deprecated Not supported for service authentication
+     */
+    getSmartAccountId() {
+        throw new Error('getSmartAccountId() is not supported for service authentication.\n' +
+            'Use getServiceAgentId() instead.');
+    }
+    /**
+     * Override to prevent JWT methods
+     * @deprecated Not supported for service authentication
+     */
+    getJWT() {
+        throw new Error('getJWT() is not supported for service authentication.\n' +
+            'Services use keypair-based authentication, not JWT.');
+    }
+}
+exports.DainServiceAuth = DainServiceAuth;
+//# sourceMappingURL=service-auth.js.map

package/dist/client/service-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-auth.js","sourceRoot":"","sources":["../../src/client/service-auth.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC;;;;;GAKG;;;AAEH,+CAA+C;AAqB/C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,eAAgB,SAAQ,4BAAc;IACjD,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACnF,MAAM,IAAI,KAAK,CACb,iDAAiD;gBACjD,mBAAmB;gBACnB,0DAA0D;gBAC1D,QAAQ;gBACR,8CAA8C;gBAC9C,+CAA+C;gBAC/C,iFAAiF,CAClF,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,KAAK,CAAC;YACJ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,IAAI,CAAC,aAAa,EAAE,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,eAAe;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,iBAAiB;QACf,MAAM,IAAI,KAAK,CACb,oEAAoE;YACpE,kCAAkC,CACnC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,MAAM,IAAI,KAAK,CACb,yDAAyD;YACzD,qDAAqD,CACtD,CAAC;IACJ,CAAC;CACF;AAzED,0CAyEC"}

package/dist/client/user-auth.d.ts

@@ -0,0 +1,74 @@
+/**
+ * User Authentication - JWT ONLY
+ *
+ * Users authenticate with JWT tokens from DAIN ID OAuth.
+ * NO orgId, NO agentId, NO keypair - completely removed for users.
+ */
+export interface DainUserAuthConfig {
+    /** JWT access token from DAIN ID OAuth */
+    jwt: string;
+    /** Smart Account ID (optional, will be extracted from JWT if not provided) */
+    smartAccountId?: string;
+    /** Smart Account PDA on Solana (optional) */
+    smartAccountPDA?: string;
+    /** Webhook URL for async operations (optional) */
+    webhookUrl?: string;
+}
+/**
+ * DainUserAuth - JWT-only authentication for end users
+ *
+ * Users have:
+ * - JWT token (for authentication)
+ * - Smart Account ID (their unique identifier)
+ * - NO orgId, NO agentId, NO keypair
+ */
+export declare class DainUserAuth {
+    private jwt;
+    private smartAccountId;
+    private smartAccountPDA?;
+    private webhookUrl?;
+    constructor(config: DainUserAuthConfig);
+    /**
+     * Decode JWT payload (without verification)
+     */
+    private decodeJWTPayload;
+    /**
+     * Sign request - NOT NEEDED for JWT, returns empty
+     */
+    signRequest(_method: string, _path: string, _body: string): Promise<{
+        signature: string;
+        timestamp: string;
+    }>;
+    /**
+     * Get headers for HTTP requests
+     */
+    getHeaders(_signature: string, _timestamp: string): Record<string, string>;
+    /**
+     * Get the user's smart account ID
+     */
+    getSmartAccountId(): string;
+    /**
+     * Get JWT token
+     */
+    getJWT(): string;
+    /**
+     * Get smart account PDA
+     */
+    getSmartAccountPDA(): string | undefined;
+    /**
+     * Get webhook URL
+     */
+    getWebhookUrl(): string | undefined;
+    /**
+     * Check if using JWT authentication (always true for users)
+     */
+    isJWT(): boolean;
+    /**
+     * Serialize user auth
+     */
+    serialize(): string;
+    /**
+     * Deserialize user auth
+     */
+    static deserialize(serialized: string): DainUserAuth;
+}

package/dist/client/user-auth.js

@@ -0,0 +1,137 @@
+"use strict";
+//File: src/client/user-auth.ts
+/**
+ * User Authentication - JWT ONLY
+ *
+ * Users authenticate with JWT tokens from DAIN ID OAuth.
+ * NO orgId, NO agentId, NO keypair - completely removed for users.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DainUserAuth = void 0;
+/**
+ * DainUserAuth - JWT-only authentication for end users
+ *
+ * Users have:
+ * - JWT token (for authentication)
+ * - Smart Account ID (their unique identifier)
+ * - NO orgId, NO agentId, NO keypair
+ */
+class DainUserAuth {
+    jwt;
+    smartAccountId;
+    smartAccountPDA;
+    webhookUrl;
+    constructor(config) {
+        if (!config.jwt) {
+            throw new Error('JWT token is required for user authentication');
+        }
+        this.jwt = config.jwt;
+        // Extract smartAccountId from config or decode from JWT
+        if (config.smartAccountId) {
+            this.smartAccountId = config.smartAccountId;
+        }
+        else {
+            const payload = this.decodeJWTPayload(config.jwt);
+            this.smartAccountId = payload.smart_account_id || payload.sub;
+        }
+        this.smartAccountPDA = config.smartAccountPDA;
+        this.webhookUrl = config.webhookUrl;
+    }
+    /**
+     * Decode JWT payload (without verification)
+     */
+    decodeJWTPayload(jwt) {
+        const parts = jwt.split('.');
+        if (parts.length !== 3) {
+            throw new Error('Invalid JWT format');
+        }
+        const payload = Buffer.from(parts[1], 'base64').toString('utf-8');
+        return JSON.parse(payload);
+    }
+    /**
+     * Sign request - NOT NEEDED for JWT, returns empty
+     */
+    async signRequest(_method, _path, _body) {
+        return { signature: '', timestamp: '' };
+    }
+    /**
+     * Get headers for HTTP requests
+     */
+    getHeaders(_signature, _timestamp) {
+        const headers = {
+            "Authorization": `Bearer ${this.jwt}`,
+        };
+        if (this.smartAccountPDA) {
+            headers["X-DAIN-SMART-ACCOUNT-PDA"] = this.smartAccountPDA;
+        }
+        if (this.webhookUrl) {
+            headers["X-DAIN-WEBHOOK-URL"] = this.webhookUrl;
+        }
+        return headers;
+    }
+    /**
+     * Get the user's smart account ID
+     */
+    getSmartAccountId() {
+        return this.smartAccountId;
+    }
+    /**
+     * Get JWT token
+     */
+    getJWT() {
+        return this.jwt;
+    }
+    /**
+     * Get smart account PDA
+     */
+    getSmartAccountPDA() {
+        return this.smartAccountPDA;
+    }
+    /**
+     * Get webhook URL
+     */
+    getWebhookUrl() {
+        return this.webhookUrl;
+    }
+    /**
+     * Check if using JWT authentication (always true for users)
+     */
+    isJWT() {
+        return true;
+    }
+    /**
+     * Serialize user auth
+     */
+    serialize() {
+        const data = {
+            authMethod: 'jwt',
+            jwt: this.jwt,
+            smartAccountId: this.smartAccountId,
+            smartAccountPDA: this.smartAccountPDA,
+            webhookUrl: this.webhookUrl
+        };
+        return Buffer.from(JSON.stringify(data)).toString('base64');
+    }
+    /**
+     * Deserialize user auth
+     */
+    static deserialize(serialized) {
+        try {
+            const data = JSON.parse(Buffer.from(serialized, 'base64').toString());
+            if (data.authMethod !== 'jwt') {
+                throw new Error('Invalid auth method for user');
+            }
+            return new DainUserAuth({
+                jwt: data.jwt,
+                smartAccountId: data.smartAccountId,
+                smartAccountPDA: data.smartAccountPDA,
+                webhookUrl: data.webhookUrl
+            });
+        }
+        catch (error) {
+            throw new Error('Failed to deserialize DainUserAuth: ' + error.message);
+        }
+    }
+}
+exports.DainUserAuth = DainUserAuth;
+//# sourceMappingURL=user-auth.js.map

package/dist/client/user-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-auth.js","sourceRoot":"","sources":["../../src/client/user-auth.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B;;;;;GAKG;;;AAgBH;;;;;;;GAOG;AACH,MAAa,YAAY;IACf,GAAG,CAAS;IACZ,cAAc,CAAS;IACvB,eAAe,CAAU;IACzB,UAAU,CAAU;IAE5B,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QAEtB,wDAAwD;QACxD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC9C,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACtC,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,GAAW;QAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,OAAe,EACf,KAAa,EACb,KAAa;QAEb,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,UAAkB,EAAE,UAAkB;QAC/C,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE;SACtC,CAAC;QAEF,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,OAAO,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC;QAC7D,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;QAClD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,SAAS;QACP,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,KAAK;YACjB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,UAAkB;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEtE,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YAED,OAAO,IAAI,YAAY,CAAC;gBACtB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAI,KAAe,CAAC,OAAO,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;CACF;AAzID,oCAyIC"}

package/dist/service/auth.js

@@ -112,9 +112,12 @@ function isValidSolanaAddress(address) {
         return false;
     }
 }
-// Simple JWKS cache (public key strings)
+// JWKS cache with kid support
 const jwksCache = new Map();
 const CACHE_TTL = 3600000; // 1 hour
+const MAX_CACHE_SIZE = 100; // Prevent memory exhaustion
+const JWKS_TIMEOUT = 5000; // 5 second timeout
+const MAX_JWKS_SIZE = 10000; // 10KB max response size
 function extractBearerToken(authHeader) {
     if (!authHeader)
         return null;
@@ -124,27 +127,57 @@ function extractBearerToken(authHeader) {
     return parts[1];
 }
 /**
- * Fetch public key from JWKS endpoint (with caching)
+ * Fetch public key from JWKS endpoint (with caching and security)
  */
-async function fetchPublicKey(dainIdUrl) {
-    // Check cache
-    const cached = jwksCache.get(dainIdUrl);
+async function fetchPublicKey(dainIdUrl, kid) {
+    // SECURITY: Enforce HTTPS to prevent MITM attacks
+    if (!dainIdUrl.startsWith('https://') && !dainIdUrl.includes('localhost')) {
+        throw new Error('JWKS URL must use HTTPS');
+    }
+    // Check cache (with kid)
+    const cacheKey = `${dainIdUrl}:${kid || 'default'}`;
+    const cached = jwksCache.get(cacheKey);
     if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
         return cached.publicKey;
     }
-    // Fetch JWKS
+    // Fetch JWKS with timeout
     const jwksUrl = `${dainIdUrl}/api/oauth/.well-known/jwks.json`;
-    const response = await fetch(jwksUrl);
-    if (!response.ok) {
-        throw new Error(`Failed to fetch JWKS: ${response.statusText}`);
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), JWKS_TIMEOUT);
+    try {
+        const response = await fetch(jwksUrl, {
+            signal: controller.signal,
+            headers: { 'Accept': 'application/json' }
+        });
+        if (!response.ok) {
+            throw new Error(`Failed to fetch JWKS: ${response.statusText}`);
+        }
+        // Check response size to prevent memory exhaustion
+        const text = await response.text();
+        if (text.length > MAX_JWKS_SIZE) {
+            throw new Error('JWKS response too large');
+        }
+        const jwks = JSON.parse(text);
+        // Find key by kid (or use first key)
+        let key = kid ? jwks.keys.find((k) => k.kid === kid) : jwks.keys[0];
+        if (!key) {
+            throw new Error(kid ? `No key found with kid: ${kid}` : 'No keys in JWKS');
+        }
+        // Convert JWK to PEM
+        const publicKey = jwkToPem(key);
+        // Cache with LRU eviction
+        jwksCache.set(cacheKey, { publicKey, timestamp: Date.now() });
+        // Evict oldest if cache too large
+        if (jwksCache.size > MAX_CACHE_SIZE) {
+            const oldest = Array.from(jwksCache.entries())
+                .sort((a, b) => a[1].timestamp - b[1].timestamp)[0][0];
+            jwksCache.delete(oldest);
+        }
+        return publicKey;
+    }
+    finally {
+        clearTimeout(timeoutId);
     }
-    const jwks = await response.json();
-    const key = jwks.keys[0]; // Use first key
-    // Convert JWK to PEM
-    const publicKey = jwkToPem(key);
-    // Cache it
-    jwksCache.set(dainIdUrl, { publicKey, timestamp: Date.now() });
-    return publicKey;
 }
 /**
  * Convert JWK to PEM format (simple RSA only)
@@ -156,10 +189,16 @@ function jwkToPem(jwk) {
 }
 async function verifyJWT(token, publicKeyPEMOrUrl, options) {
     try {
-        // Fetch public key if URL provided
-        const publicKey = publicKeyPEMOrUrl.startsWith("http")
-            ? await fetchPublicKey(publicKeyPEMOrUrl)
-            : publicKeyPEMOrUrl;
+        let publicKey;
+        if (publicKeyPEMOrUrl.startsWith("http")) {
+            // Extract kid from JWT header for key matching
+            const header = jsonwebtoken_1.default.decode(token, { complete: true })?.header;
+            const kid = header?.kid;
+            publicKey = await fetchPublicKey(publicKeyPEMOrUrl, kid);
+        }
+        else {
+            publicKey = publicKeyPEMOrUrl;
+        }
         // Verify JWT
         const payload = jsonwebtoken_1.default.verify(token, publicKey, {
             algorithms: ["RS256"],

package/dist/service/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/service/auth.ts"],"names":[],"mappings":";AAAA,4BAA4B;;AAQ5B,0DAMC;AAED,4CAKC;AAED,0CAeC;AAED,0CA8BC;AACD,oCAaC;AAED,wCAmBC;AACD,wDA4BC;AAED,oDAOC;AAkCD,gDAKC;AAwCD,8BA8BC;AAsBD,kCAyBC;AAOD,kDAEC;AAKD,sCAGC;AAQD,gEAmBC;AAaD,4BAeC;AAQD,oCAEC;AAQD,kCAEC;;AArYD,mDAAgD;AAChD,iDAA8C;AAC9C,+CAA0E;AAC1E,wDAAwB;AACxB,wEAA+B;AAE/B,SAAgB,uBAAuB,CAAC,OAAe;IACrD,IAAI,CAAC;QACH,OAAO,cAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,eAAe,CAC7B,SAAiB,EACjB,OAAe,EACf,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QAEpC,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,OAAgC;IAEhC,MAAM,gBAAgB,GAA2B,EAAE,CAAC;IAEpD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IACE,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,KAAK,KAAK,QAAQ,EACzB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACrC,CAAC;aAAM,IACL,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YACpB,KAAK,CAAC,MAAM,GAAG,CAAC,EAChB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAC3F,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC;SACzD,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,GAAG,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAA4B,CAAC,CAAC;IAEnC,OAAO,sBAAsB,CAAC;AAChC,CAAC;AACD,SAAgB,YAAY,CAC1B,UAAsB,EACtB,YAAoB;IAEpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;IACF,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACxD,OAAO,EAAE,SAAS,EAAE,IAAA,kBAAU,EAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAC5B,SAAqB,EACrB,YAAoB,EACpB,SAAiB,EACjB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;QACF,MAAM,cAAc,GAAG,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AACD,SAAgB,sBAAsB,CACpC,SAAiB,EACjB,MAAc,EACd,IAAY,EACZ,OAA+B,EAC/B,IAAY,EACZ,OAAe,EACf,eAAuB;IAEvB,4BAA4B;IAE5B,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uCAAuC;IAEvC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnC,mCAAmC;IAEnC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,IAAI,SAAS,IAC1D,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAChB,EAAE,CAAC;IAEH,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACtD,CAAC;AAED,SAAgB,oBAAoB,CAAC,OAAe;IAClD,IAAI,CAAC;QACH,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AA8BD,yCAAyC;AACzC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAoD,CAAC;AAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,SAAS;AAEpC,SAAgB,kBAAkB,CAAC,UAA8B;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,cAAc;IACd,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS,EAAE,CAAC;QACxD,OAAO,MAAM,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED,aAAa;IACb,MAAM,OAAO,GAAG,GAAG,SAAS,kCAAkC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;IAE1C,qBAAqB;IACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAEhC,WAAW;IACX,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,GAAQ;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,OAAO,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;AACrE,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,iBAAyB,EACzB,OAAgD;IAEhD,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC;YACpD,CAAC,CAAC,MAAM,cAAc,CAAC,iBAAiB,CAAC;YACzC,CAAC,CAAC,iBAAiB,CAAC;QAEtB,aAAa;QACb,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,QAAQ,EAAE,OAAO,EAAE,QAAQ;SAC5B,CAAqB,CAAC;QAEvB,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG;YACvD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAiBD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,mDAAmD;IACnD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;IAE9D,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,OAAO;QACP,KAAK;QACL,MAAM;QACN,GAAG,EAAE,MAAM;KACZ,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,MAAc;IAChD,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,OAA2C;IACvE,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtE,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,eAAe,2CAA2C,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtH,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,+CAA+C;IAC1E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,QAAQ,CAAC,MAAgB,EAAE,aAAqB;IAC9D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjD,eAAe;IACf,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,iBAAiB;IACjB,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACzD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;YAAE,OAAO,IAAI,CAAC;IAClD,CAAC;IAED,6BAA6B;IAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,MAAgB,EAAE,cAAwB;IACrE,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAgB,EAAE,cAAwB;IACpE,OAAO,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/D,CAAC"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/service/auth.ts"],"names":[],"mappings":";AAAA,4BAA4B;;AAQ5B,0DAMC;AAED,4CAKC;AAED,0CAeC;AAED,0CA8BC;AACD,oCAaC;AAED,wCAmBC;AACD,wDA4BC;AAED,oDAOC;AAqCD,gDAKC;AA4ED,8BAqCC;AAsBD,kCAyBC;AAOD,kDAEC;AAKD,sCAGC;AAQD,gEAmBC;AAaD,4BAeC;AAQD,oCAEC;AAQD,kCAEC;;AAnbD,mDAAgD;AAChD,iDAA8C;AAC9C,+CAA0E;AAC1E,wDAAwB;AACxB,wEAA+B;AAE/B,SAAgB,uBAAuB,CAAC,OAAe;IACrD,IAAI,CAAC;QACH,OAAO,cAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,eAAe,CAC7B,SAAiB,EACjB,OAAe,EACf,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QAEpC,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,OAAgC;IAEhC,MAAM,gBAAgB,GAA2B,EAAE,CAAC;IAEpD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IACE,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,KAAK,KAAK,QAAQ,EACzB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACrC,CAAC;aAAM,IACL,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YACpB,KAAK,CAAC,MAAM,GAAG,CAAC,EAChB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAC3F,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC;SACzD,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,GAAG,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAA4B,CAAC,CAAC;IAEnC,OAAO,sBAAsB,CAAC;AAChC,CAAC;AACD,SAAgB,YAAY,CAC1B,UAAsB,EACtB,YAAoB;IAEpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;IACF,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACxD,OAAO,EAAE,SAAS,EAAE,IAAA,kBAAU,EAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAC5B,SAAqB,EACrB,YAAoB,EACpB,SAAiB,EACjB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;QACF,MAAM,cAAc,GAAG,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AACD,SAAgB,sBAAsB,CACpC,SAAiB,EACjB,MAAc,EACd,IAAY,EACZ,OAA+B,EAC/B,IAAY,EACZ,OAAe,EACf,eAAuB;IAEvB,4BAA4B;IAE5B,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uCAAuC;IAEvC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnC,mCAAmC;IAEnC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,IAAI,SAAS,IAC1D,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAChB,EAAE,CAAC;IAEH,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACtD,CAAC;AAED,SAAgB,oBAAoB,CAAC,OAAe;IAClD,IAAI,CAAC;QACH,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AA8BD,8BAA8B;AAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAoD,CAAC;AAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,SAAS;AACpC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,4BAA4B;AACxD,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,mBAAmB;AAC9C,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,yBAAyB;AAEtD,SAAgB,kBAAkB,CAAC,UAA8B;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,GAAY;IAC3D,kDAAkD;IAClD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,GAAG,SAAS,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;IACpD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS,EAAE,CAAC;QACxD,OAAO,MAAM,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED,0BAA0B;IAC1B,MAAM,OAAO,GAAG,GAAG,SAAS,kCAAkC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,YAAY,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,mDAAmD;QACnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,IAAI,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE9B,qCAAqC;QACrC,IAAI,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAC7E,CAAC;QAED,qBAAqB;QACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAEhC,0BAA0B;QAC1B,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE9D,kCAAkC;QAClC,IAAI,SAAS,CAAC,IAAI,GAAG,cAAc,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;iBAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,GAAQ;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,OAAO,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;AACrE,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,iBAAyB,EACzB,OAAgD;IAEhD,IAAI,CAAC;QACH,IAAI,SAAiB,CAAC;QAEtB,IAAI,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzC,+CAA+C;YAC/C,MAAM,MAAM,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC;YAC7D,MAAM,GAAG,GAAG,MAAM,EAAE,GAAG,CAAC;YAExB,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,iBAAiB,CAAC;QAChC,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,QAAQ,EAAE,OAAO,EAAE,QAAQ;SAC5B,CAAqB,CAAC;QAEvB,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG;YACvD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAiBD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,mDAAmD;IACnD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;IAE9D,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,OAAO;QACP,KAAK;QACL,MAAM;QACN,GAAG,EAAE,MAAM;KACZ,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,MAAc;IAChD,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,OAA2C;IACvE,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtE,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,eAAe,2CAA2C,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtH,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,+CAA+C;IAC1E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,QAAQ,CAAC,MAAgB,EAAE,aAAqB;IAC9D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjD,eAAe;IACf,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,iBAAiB;IACjB,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACzD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;YAAE,OAAO,IAAI,CAAC;IAClD,CAAC;IAED,6BAA6B;IAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,MAAgB,EAAE,cAAwB;IACrE,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAgB,EAAE,cAAwB;IACpE,OAAO,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/D,CAAC"}

package/dist/service/index.d.ts

@@ -5,7 +5,9 @@ import { defineDAINService as defineCloudflareService } from "./cloudflareServic
 import { createNextDainService } from "./nextService";
 import { createTool, createService, createToolbox, CoreUtils, createOAuth2Tool, createAgent } from "./core";
 import { ProcessHandler, RedisProcessStore, MemoryProcessStore } from "./processes";
+import { requireScope } from "./server";
+import { hasScope, hasAllScopes, hasAnyScope } from "./auth";
 export declare const defineDAINService: (config: DAINServiceConfig) => DAINService;
-export { defineNodeService, defineDenoService, defineCloudflareService, createNextDainService, createTool, createService, createToolbox, CoreUtils, createOAuth2Tool, createAgent, ProcessHandler, RedisProcessStore, MemoryProcessStore, };
+export { defineNodeService, defineDenoService, defineCloudflareService, createNextDainService, createTool, createService, createToolbox, CoreUtils, createOAuth2Tool, createAgent, ProcessHandler, RedisProcessStore, MemoryProcessStore, requireScope, hasScope, hasAllScopes, hasAnyScope, };
 export * from './types';
 export * from './oauth2Store';

package/dist/service/index.js

@@ -1,7 +1,7 @@
 "use strict";
 // File: src/service/index.ts
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MemoryProcessStore = exports.RedisProcessStore = exports.ProcessHandler = exports.createAgent = exports.createOAuth2Tool = exports.CoreUtils = exports.createToolbox = exports.createService = exports.createTool = exports.createNextDainService = exports.defineCloudflareService = exports.defineDenoService = exports.defineNodeService = exports.defineDAINService = void 0;
+exports.hasAnyScope = exports.hasAllScopes = exports.hasScope = exports.requireScope = exports.MemoryProcessStore = exports.RedisProcessStore = exports.ProcessHandler = exports.createAgent = exports.createOAuth2Tool = exports.CoreUtils = exports.createToolbox = exports.createService = exports.createTool = exports.createNextDainService = exports.defineCloudflareService = exports.defineDenoService = exports.defineNodeService = exports.defineDAINService = void 0;
 const tslib_1 = require("tslib");
 const nodeService_1 = require("./nodeService");
 Object.defineProperty(exports, "defineNodeService", { enumerable: true, get: function () { return nodeService_1.defineDAINService; } });
@@ -22,6 +22,12 @@ const processes_1 = require("./processes");
 Object.defineProperty(exports, "ProcessHandler", { enumerable: true, get: function () { return processes_1.ProcessHandler; } });
 Object.defineProperty(exports, "RedisProcessStore", { enumerable: true, get: function () { return processes_1.RedisProcessStore; } });
 Object.defineProperty(exports, "MemoryProcessStore", { enumerable: true, get: function () { return processes_1.MemoryProcessStore; } });
+const server_1 = require("./server");
+Object.defineProperty(exports, "requireScope", { enumerable: true, get: function () { return server_1.requireScope; } });
+const auth_1 = require("./auth");
+Object.defineProperty(exports, "hasScope", { enumerable: true, get: function () { return auth_1.hasScope; } });
+Object.defineProperty(exports, "hasAllScopes", { enumerable: true, get: function () { return auth_1.hasAllScopes; } });
+Object.defineProperty(exports, "hasAnyScope", { enumerable: true, get: function () { return auth_1.hasAnyScope; } });
 const defineDAINService = (config) => {
     throw new Error("This is a fallback implementation. Use the appropriate runtime-specific import.");
 };

package/dist/service/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/service/index.ts"],"names":[],"mappings":";AAAA,6BAA6B;;;;AAG7B,+CAAuE;AAYrE,kGAZ4B,+BAAiB,OAY5B;AAXnB,+CAAuE;AAYrE,kGAZ4B,+BAAiB,OAY5B;AAXnB,2DAAmF;AAYjF,wGAZ4B,qCAAuB,OAY5B;AAXzB,+CAAsD;AAYpD,sGAZO,mCAAqB,OAYP;AAXvB,iCAA4G;AAY1G,2FAZO,iBAAU,OAYP;AACV,8FAbmB,oBAAa,OAanB;AACb,8FAdkC,oBAAa,OAclC;AACb,0FAfiD,gBAAS,OAejD;AACT,iGAhB4D,uBAAgB,OAgB5D;AAChB,4FAjB8E,kBAAW,OAiB9E;AAhBb,2CAAoF;AAiBlF,+FAjBO,0BAAc,OAiBP;AACd,kGAlBuB,6BAAiB,OAkBvB;AACjB,mGAnB0C,8BAAkB,OAmB1C;AAjBb,MAAM,iBAAiB,GAAG,CAAC,MAAyB,EAAe,EAAE;IAC1E,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;AACrG,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAkBF,sBAAsB;AACtB,kDAAwB;AAExB,wDAA8B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/service/index.ts"],"names":[],"mappings":";AAAA,6BAA6B;;;;AAG7B,+CAAuE;AAcrE,kGAd4B,+BAAiB,OAc5B;AAbnB,+CAAuE;AAcrE,kGAd4B,+BAAiB,OAc5B;AAbnB,2DAAmF;AAcjF,wGAd4B,qCAAuB,OAc5B;AAbzB,+CAAsD;AAcpD,sGAdO,mCAAqB,OAcP;AAbvB,iCAA4G;AAc1G,2FAdO,iBAAU,OAcP;AACV,8FAfmB,oBAAa,OAenB;AACb,8FAhBkC,oBAAa,OAgBlC;AACb,0FAjBiD,gBAAS,OAiBjD;AACT,iGAlB4D,uBAAgB,OAkB5D;AAChB,4FAnB8E,kBAAW,OAmB9E;AAlBb,2CAAoF;AAmBlF,+FAnBO,0BAAc,OAmBP;AACd,kGApBuB,6BAAiB,OAoBvB;AACjB,mGArB0C,8BAAkB,OAqB1C;AApBpB,qCAAwC;AAqBtC,6FArBO,qBAAY,OAqBP;AApBd,iCAA6D;AAqB3D,yFArBO,eAAQ,OAqBP;AACR,6FAtBiB,mBAAY,OAsBjB;AACZ,4FAvB+B,kBAAW,OAuB/B;AArBN,MAAM,iBAAiB,GAAG,CAAC,MAAyB,EAAe,EAAE;IAC1E,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;AACrG,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAsBF,sBAAsB;AACtB,kDAAwB;AAExB,wDAA8B"}

package/dist/service/oauth2Manager.js

@@ -40,7 +40,6 @@ class OAuth2Manager {
             usePKCE: config.usePKCE,
             extraAuthParams: config.extraAuthParams,
             responseRootKey: config.responseRootKey,
-            tokenPaths: config.tokenPaths, // Pass through custom token extraction paths
             // Provide a dummy profile URL since the library requires it for generic providers
             profileUrl: 'https://api.example.com/profile',
             onSuccess: config.onSuccess ?

package/dist/service/oauth2Manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth2Manager.js","sourceRoot":"","sources":["../../src/service/oauth2Manager.ts"],"names":[],"mappings":";;;AAAA,6EAQ4C;AAI5C;;GAEG;AACH,MAAa,aAAa;IACR,MAAM,CAAe;IAC7B,OAAO,CAAS;IAChB,eAAe,GAAyC,EAAE,CAAC;IAEnE,YAAY,OAAe,EAAE,OAAwB;QACnD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,IAAI,mCAAY,CAAC;YAC7B,OAAO,EAAE,OAAO,IAAI,IAAI,6CAAsB,EAAE;YAChD,2DAA2D;YAC3D,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,EAAE,EAAE,2BAA2B;gBAC9C,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;oBAC/B,OAAO,CAAC,KAAK,CAAC,+BAA+B,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;gBAChG,CAAC;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY,EAAE,MAA4B;QACzD,0CAA0C;QAC1C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;QAEpC,yDAAyD;QACzD,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,GAAG,IAAI,CAAC,OAAO,oBAAoB,IAAI,EAAE;YACtD,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,6CAA6C;YAC5E,kFAAkF;YAClF,UAAU,EAAE,iCAAiC;YAC7C,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC3B,KAAK,EAAE,MAAc,EAAE,MAAmB,EAAE,EAAE;oBAC5C,MAAM,UAAU,GAAiB;wBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;wBACjC,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;qBAC1C,CAAC;oBACF,MAAM,MAAM,CAAC,SAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAC9C,CAAC,CAAC,CAAC,CAAC,SAAS;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,OAAe;QACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;YACzC,QAAQ;YACR,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,GAAG,OAAO,aAAa,EAAE,2BAA2B;YAC3D,MAAM,EAAE,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM;SAC/C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,GAAG,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,KAAa;QAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,OAAe;QACpD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAC3C,QAAQ,EACR,GAAG,OAAO,aAAa,CACxB,CAAC;YACF,OAAO,KAAK,KAAK,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,OAAe;QAC/C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAC3C,QAAQ,EACR,GAAG,OAAO,aAAa,CACxB,CAAC;YAEF,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YAExB,OAAO;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,OAAe;QAClD,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,OAAO,aAAa,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,EAAE,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,OAAe;QACjD,IAAI,CAAC;YACH,2CAA2C;YAC3C,kEAAkE;YAClE,MAAM,KAAK,GAAe;gBACxB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,QAAQ;aACnB,CAAC;YACF,MAAM,MAAM,GAAkB,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAEnE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,QAAQ,IAAI,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3E,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA9JD,sCA8JC"}
+{"version":3,"file":"oauth2Manager.js","sourceRoot":"","sources":["../../src/service/oauth2Manager.ts"],"names":[],"mappings":";;;AAAA,6EAQ4C;AAI5C;;GAEG;AACH,MAAa,aAAa;IACR,MAAM,CAAe;IAC7B,OAAO,CAAS;IAChB,eAAe,GAAyC,EAAE,CAAC;IAEnE,YAAY,OAAe,EAAE,OAAwB;QACnD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,IAAI,mCAAY,CAAC;YAC7B,OAAO,EAAE,OAAO,IAAI,IAAI,6CAAsB,EAAE;YAChD,2DAA2D;YAC3D,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,EAAE,EAAE,2BAA2B;gBAC9C,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;oBAC/B,OAAO,CAAC,KAAK,CAAC,+BAA+B,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;gBAChG,CAAC;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY,EAAE,MAA4B;QACzD,0CAA0C;QAC1C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;QAEpC,yDAAyD;QACzD,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,GAAG,IAAI,CAAC,OAAO,oBAAoB,IAAI,EAAE;YACtD,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,kFAAkF;YAClF,UAAU,EAAE,iCAAiC;YAC7C,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC3B,KAAK,EAAE,MAAc,EAAE,MAAmB,EAAE,EAAE;oBAC5C,MAAM,UAAU,GAAiB;wBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;wBACjC,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;qBAC1C,CAAC;oBACF,MAAM,MAAM,CAAC,SAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAC9C,CAAC,CAAC,CAAC,CAAC,SAAS;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,OAAe;QACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;YACzC,QAAQ;YACR,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,GAAG,OAAO,aAAa,EAAE,2BAA2B;YAC3D,MAAM,EAAE,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM;SAC/C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,GAAG,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,KAAa;QAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,OAAe;QACpD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAC3C,QAAQ,EACR,GAAG,OAAO,aAAa,CACxB,CAAC;YACF,OAAO,KAAK,KAAK,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,OAAe;QAC/C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAC3C,QAAQ,EACR,GAAG,OAAO,aAAa,CACxB,CAAC;YAEF,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YAExB,OAAO;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,OAAe;QAClD,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,OAAO,aAAa,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,EAAE,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,OAAe;QACjD,IAAI,CAAC;YACH,2CAA2C;YAC3C,kEAAkE;YAClE,MAAM,KAAK,GAAe;gBACxB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,QAAQ;aACnB,CAAC;YACF,MAAM,MAAM,GAAkB,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAEnE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,QAAQ,IAAI,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3E,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA7JD,sCA6JC"}

package/dist/service/server.d.ts

@@ -1,2 +1,15 @@
+import { Context } from "hono";
 import { DAINServiceConfig, ToolConfig, ServiceConfig, ToolboxConfig, Metadata, ServiceContext, ServiceWidget, DAINHono, ServiceDatasource, ServiceAgent } from "./types";
+/**
+ * Middleware factory to require specific OAuth scopes
+ * Defense-in-depth: Validates scopes even though JWT middleware already checked them
+ *
+ * @param requiredScope Single scope or array of scopes (ANY match required)
+ * @returns Hono middleware
+ *
+ * @example
+ * app.get("/widgets", requireScope("widgets.read"), async (c) => { ... })
+ * app.post("/admin", requireScope(["admin.*", "super.admin"]), async (c) => { ... })
+ */
+export declare function requireScope(requiredScope: string | string[]): (c: Context, next: () => Promise<void>) => Promise<void>;
 export declare function setupHttpServer(config: DAINServiceConfig, tools: ToolConfig[], services: ServiceConfig[], toolboxes: ToolboxConfig[], metadata: Metadata, privateKey: Uint8Array, contexts: ServiceContext[], widgets: ServiceWidget[], datasources?: ServiceDatasource[], agents?: ServiceAgent[]): DAINHono;