@dotdo/oauth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/README.md +171 -0
  2. package/dist/index.d.ts +48 -0
  3. package/dist/index.d.ts.map +1 -0
  4. package/dist/index.js +48 -0
  5. package/dist/index.js.map +1 -0
  6. package/dist/pkce.d.ts +103 -0
  7. package/dist/pkce.d.ts.map +1 -0
  8. package/dist/pkce.js +186 -0
  9. package/dist/pkce.js.map +1 -0
  10. package/dist/server.d.ts +67 -0
  11. package/dist/server.d.ts.map +1 -0
  12. package/dist/server.js +579 -0
  13. package/dist/server.js.map +1 -0
  14. package/dist/storage.d.ts +204 -0
  15. package/dist/storage.d.ts.map +1 -0
  16. package/dist/storage.js +191 -0
  17. package/dist/storage.js.map +1 -0
  18. package/dist/types.d.ts +247 -0
  19. package/dist/types.d.ts.map +1 -0
  20. package/dist/types.js +8 -0
  21. package/dist/types.js.map +1 -0
  22. package/package.json +79 -0
package/dist/storage.d.ts ADDED
@@ -0,0 +1,204 @@
1
+ /**
2
+ * @dotdo/oauth - Storage interface for OAuth 2.1 server
3
+ *
4
+ * This defines the abstract storage interface that must be implemented
5
+ * by concrete storage backends (e.g., DO SQLite, KV, D1, etc.)
6
+ */
7
+ import type { OAuthUser, OAuthOrganization, OAuthClient, OAuthAuthorizationCode, OAuthAccessToken, OAuthRefreshToken, OAuthGrant } from './types';
8
+ /**
9
+ * Storage interface for OAuth 2.1 server
10
+ *
11
+ * Implementations of this interface provide persistence for:
12
+ * - Users and organizations
13
+ * - OAuth clients (registered applications)
14
+ * - Authorization codes, tokens, and grants
15
+ *
16
+ * @example Implementing with DO SQLite
17
+ * ```typescript
18
+ * import type { OAuthStorage } from '@dotdo/oauth'
19
+ * import { DigitalObject } from '@dotdo/do'
20
+ *
21
+ * export class DOAuthStorage implements OAuthStorage {
22
+ * constructor(private do: DigitalObject) {}
23
+ *
24
+ * async getUser(id: string) {
25
+ * return this.do.state.get(`user:${id}`)
26
+ * }
27
+ * // ... implement other methods
28
+ * }
29
+ * ```
30
+ */
31
+ export interface OAuthStorage {
32
+ /**
33
+ * Get a user by ID
34
+ */
35
+ getUser(id: string): Promise<OAuthUser | null>;
36
+ /**
37
+ * Get a user by email
38
+ */
39
+ getUserByEmail(email: string): Promise<OAuthUser | null>;
40
+ /**
41
+ * Save a user (create or update)
42
+ */
43
+ saveUser(user: OAuthUser): Promise<void>;
44
+ /**
45
+ * Delete a user
46
+ */
47
+ deleteUser(id: string): Promise<void>;
48
+ /**
49
+ * List users (with optional pagination)
50
+ */
51
+ listUsers(options?: ListOptions): Promise<OAuthUser[]>;
52
+ /**
53
+ * Get an organization by ID
54
+ */
55
+ getOrganization(id: string): Promise<OAuthOrganization | null>;
56
+ /**
57
+ * Get an organization by slug
58
+ */
59
+ getOrganizationBySlug(slug: string): Promise<OAuthOrganization | null>;
60
+ /**
61
+ * Save an organization (create or update)
62
+ */
63
+ saveOrganization(org: OAuthOrganization): Promise<void>;
64
+ /**
65
+ * Delete an organization
66
+ */
67
+ deleteOrganization(id: string): Promise<void>;
68
+ /**
69
+ * List organizations (with optional pagination)
70
+ */
71
+ listOrganizations(options?: ListOptions): Promise<OAuthOrganization[]>;
72
+ /**
73
+ * Get a client by client ID
74
+ */
75
+ getClient(clientId: string): Promise<OAuthClient | null>;
76
+ /**
77
+ * Save a client (create or update)
78
+ */
79
+ saveClient(client: OAuthClient): Promise<void>;
80
+ /**
81
+ * Delete a client
82
+ */
83
+ deleteClient(clientId: string): Promise<void>;
84
+ /**
85
+ * List clients (with optional pagination)
86
+ */
87
+ listClients(options?: ListOptions): Promise<OAuthClient[]>;
88
+ /**
89
+ * Save an authorization code
90
+ */
91
+ saveAuthorizationCode(code: OAuthAuthorizationCode): Promise<void>;
92
+ /**
93
+ * Get and consume an authorization code (one-time use)
94
+ * Returns null if code doesn't exist or has already been used
95
+ */
96
+ consumeAuthorizationCode(code: string): Promise<OAuthAuthorizationCode | null>;
97
+ /**
98
+ * Save an access token
99
+ */
100
+ saveAccessToken(token: OAuthAccessToken): Promise<void>;
101
+ /**
102
+ * Get an access token
103
+ */
104
+ getAccessToken(token: string): Promise<OAuthAccessToken | null>;
105
+ /**
106
+ * Revoke an access token
107
+ */
108
+ revokeAccessToken(token: string): Promise<void>;
109
+ /**
110
+ * Save a refresh token
111
+ */
112
+ saveRefreshToken(token: OAuthRefreshToken): Promise<void>;
113
+ /**
114
+ * Get a refresh token
115
+ */
116
+ getRefreshToken(token: string): Promise<OAuthRefreshToken | null>;
117
+ /**
118
+ * Revoke a refresh token
119
+ */
120
+ revokeRefreshToken(token: string): Promise<void>;
121
+ /**
122
+ * Revoke all tokens for a user
123
+ */
124
+ revokeAllUserTokens(userId: string): Promise<void>;
125
+ /**
126
+ * Revoke all tokens for a client
127
+ */
128
+ revokeAllClientTokens(clientId: string): Promise<void>;
129
+ /**
130
+ * Get a grant by user and client
131
+ */
132
+ getGrant(userId: string, clientId: string): Promise<OAuthGrant | null>;
133
+ /**
134
+ * Save a grant (create or update)
135
+ */
136
+ saveGrant(grant: OAuthGrant): Promise<void>;
137
+ /**
138
+ * Revoke a grant
139
+ */
140
+ revokeGrant(userId: string, clientId: string): Promise<void>;
141
+ /**
142
+ * List grants for a user
143
+ */
144
+ listUserGrants(userId: string): Promise<OAuthGrant[]>;
145
+ }
146
+ /**
147
+ * Options for list operations
148
+ */
149
+ export interface ListOptions {
150
+ /** Maximum number of results to return */
151
+ limit?: number;
152
+ /** Cursor for pagination */
153
+ cursor?: string;
154
+ /** Filter by organization */
155
+ organizationId?: string;
156
+ }
157
+ /**
158
+ * In-memory storage implementation for testing
159
+ */
160
+ export declare class MemoryOAuthStorage implements OAuthStorage {
161
+ private users;
162
+ private usersByEmail;
163
+ private organizations;
164
+ private organizationsBySlug;
165
+ private clients;
166
+ private authCodes;
167
+ private accessTokens;
168
+ private refreshTokens;
169
+ private grants;
170
+ getUser(id: string): Promise<OAuthUser | null>;
171
+ getUserByEmail(email: string): Promise<OAuthUser | null>;
172
+ saveUser(user: OAuthUser): Promise<void>;
173
+ deleteUser(id: string): Promise<void>;
174
+ listUsers(options?: ListOptions): Promise<OAuthUser[]>;
175
+ getOrganization(id: string): Promise<OAuthOrganization | null>;
176
+ getOrganizationBySlug(slug: string): Promise<OAuthOrganization | null>;
177
+ saveOrganization(org: OAuthOrganization): Promise<void>;
178
+ deleteOrganization(id: string): Promise<void>;
179
+ listOrganizations(options?: ListOptions): Promise<OAuthOrganization[]>;
180
+ getClient(clientId: string): Promise<OAuthClient | null>;
181
+ saveClient(client: OAuthClient): Promise<void>;
182
+ deleteClient(clientId: string): Promise<void>;
183
+ listClients(options?: ListOptions): Promise<OAuthClient[]>;
184
+ saveAuthorizationCode(code: OAuthAuthorizationCode): Promise<void>;
185
+ consumeAuthorizationCode(code: string): Promise<OAuthAuthorizationCode | null>;
186
+ saveAccessToken(token: OAuthAccessToken): Promise<void>;
187
+ getAccessToken(token: string): Promise<OAuthAccessToken | null>;
188
+ revokeAccessToken(token: string): Promise<void>;
189
+ saveRefreshToken(token: OAuthRefreshToken): Promise<void>;
190
+ getRefreshToken(token: string): Promise<OAuthRefreshToken | null>;
191
+ revokeRefreshToken(token: string): Promise<void>;
192
+ revokeAllUserTokens(userId: string): Promise<void>;
193
+ revokeAllClientTokens(clientId: string): Promise<void>;
194
+ private grantKey;
195
+ getGrant(userId: string, clientId: string): Promise<OAuthGrant | null>;
196
+ saveGrant(grant: OAuthGrant): Promise<void>;
197
+ revokeGrant(userId: string, clientId: string): Promise<void>;
198
+ listUserGrants(userId: string): Promise<OAuthGrant[]>;
199
+ /**
200
+ * Clear all data (for testing)
201
+ */
202
+ clear(): void;
203
+ }
204
+ //# sourceMappingURL=storage.d.ts.map
package/dist/storage.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACX,MAAM,SAAS,CAAA;AAEhB;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,WAAW,YAAY;IAK3B;;OAEG;IACH,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAA;IAE9C;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAA;IAExD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAExC;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAErC;;OAEG;IACH,SAAS,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAA;IAMtD;;OAEG;IACH,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAA;IAE9D;;OAEG;IACH,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAA;IAEtE;;OAEG;IACH,gBAAgB,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvD;;OAEG;IACH,kBAAkB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE7C;;OAEG;IACH,iBAAiB,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAA;IAMtE;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;IAExD;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE9C;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE7C;;OAEG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;IAM1D;;OAEG;IACH,qBAAqB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAElE;;;OAGG;IACH,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAA;IAM9E;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvD;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAA;IAE/D;;OAEG;IACH,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE/C;;OAEG;IACH,gBAAgB,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEzD;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAA;IAEjE;;OAEG;IACH,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEhD;;OAEG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAElD;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAMtD;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IAEtE;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE3C;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE5D;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAA;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,4BAA4B;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,6BAA6B;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED;;GAEG;AACH,qBAAa,kBAAmB,YAAW,YAAY;IACrD,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,YAAY,CAA4B;IAChD,OAAO,CAAC,aAAa,CAAuC;IAC5D,OAAO,CAAC,mBAAmB,CAA4B;IACvD,OAAO,CAAC,OAAO,CAAiC;IAChD,OAAO,CAAC,SAAS,CAA4C;IAC7D,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,aAAa,CAAuC;IAC5D,OAAO,CAAC,MAAM,CAAgC;IAGxC,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAI9C,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAKxD,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAOxC,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQrC,SAAS,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAYtD,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAI9D,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAKtE,gBAAgB,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvD,kBAAkB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ7C,iBAAiB,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAStE,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAIxD,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,WAAW,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAS1D,qBAAqB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlE,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAQ9E,eAAe,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvD,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAI/D,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,gBAAgB,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAIjE,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQhD,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAclD,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe5D,OAAO,CAAC,QAAQ;IAIV,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAItE,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ5D,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAI3D;;OAEG;IACH,KAAK,IAAI,IAAI;CAWd"}
package/dist/storage.js ADDED
@@ -0,0 +1,191 @@
1
+ /**
2
+ * @dotdo/oauth - Storage interface for OAuth 2.1 server
3
+ *
4
+ * This defines the abstract storage interface that must be implemented
5
+ * by concrete storage backends (e.g., DO SQLite, KV, D1, etc.)
6
+ */
7
+ /**
8
+ * In-memory storage implementation for testing
9
+ */
10
+ export class MemoryOAuthStorage {
11
+ users = new Map();
12
+ usersByEmail = new Map();
13
+ organizations = new Map();
14
+ organizationsBySlug = new Map();
15
+ clients = new Map();
16
+ authCodes = new Map();
17
+ accessTokens = new Map();
18
+ refreshTokens = new Map();
19
+ grants = new Map();
20
+ // User operations
21
+ async getUser(id) {
22
+ return this.users.get(id) ?? null;
23
+ }
24
+ async getUserByEmail(email) {
25
+ const id = this.usersByEmail.get(email.toLowerCase());
26
+ return id ? this.users.get(id) ?? null : null;
27
+ }
28
+ async saveUser(user) {
29
+ this.users.set(user.id, user);
30
+ if (user.email) {
31
+ this.usersByEmail.set(user.email.toLowerCase(), user.id);
32
+ }
33
+ }
34
+ async deleteUser(id) {
35
+ const user = this.users.get(id);
36
+ if (user?.email) {
37
+ this.usersByEmail.delete(user.email.toLowerCase());
38
+ }
39
+ this.users.delete(id);
40
+ }
41
+ async listUsers(options) {
42
+ let users = Array.from(this.users.values());
43
+ if (options?.organizationId) {
44
+ users = users.filter((u) => u.organizationId === options.organizationId);
45
+ }
46
+ if (options?.limit) {
47
+ users = users.slice(0, options.limit);
48
+ }
49
+ return users;
50
+ }
51
+ // Organization operations
52
+ async getOrganization(id) {
53
+ return this.organizations.get(id) ?? null;
54
+ }
55
+ async getOrganizationBySlug(slug) {
56
+ const id = this.organizationsBySlug.get(slug.toLowerCase());
57
+ return id ? this.organizations.get(id) ?? null : null;
58
+ }
59
+ async saveOrganization(org) {
60
+ this.organizations.set(org.id, org);
61
+ if (org.slug) {
62
+ this.organizationsBySlug.set(org.slug.toLowerCase(), org.id);
63
+ }
64
+ }
65
+ async deleteOrganization(id) {
66
+ const org = this.organizations.get(id);
67
+ if (org?.slug) {
68
+ this.organizationsBySlug.delete(org.slug.toLowerCase());
69
+ }
70
+ this.organizations.delete(id);
71
+ }
72
+ async listOrganizations(options) {
73
+ let orgs = Array.from(this.organizations.values());
74
+ if (options?.limit) {
75
+ orgs = orgs.slice(0, options.limit);
76
+ }
77
+ return orgs;
78
+ }
79
+ // Client operations
80
+ async getClient(clientId) {
81
+ return this.clients.get(clientId) ?? null;
82
+ }
83
+ async saveClient(client) {
84
+ this.clients.set(client.clientId, client);
85
+ }
86
+ async deleteClient(clientId) {
87
+ this.clients.delete(clientId);
88
+ }
89
+ async listClients(options) {
90
+ let clients = Array.from(this.clients.values());
91
+ if (options?.limit) {
92
+ clients = clients.slice(0, options.limit);
93
+ }
94
+ return clients;
95
+ }
96
+ // Authorization code operations
97
+ async saveAuthorizationCode(code) {
98
+ this.authCodes.set(code.code, code);
99
+ }
100
+ async consumeAuthorizationCode(code) {
101
+ const authCode = this.authCodes.get(code);
102
+ if (!authCode)
103
+ return null;
104
+ this.authCodes.delete(code);
105
+ return authCode;
106
+ }
107
+ // Token operations
108
+ async saveAccessToken(token) {
109
+ this.accessTokens.set(token.token, token);
110
+ }
111
+ async getAccessToken(token) {
112
+ return this.accessTokens.get(token) ?? null;
113
+ }
114
+ async revokeAccessToken(token) {
115
+ this.accessTokens.delete(token);
116
+ }
117
+ async saveRefreshToken(token) {
118
+ this.refreshTokens.set(token.token, token);
119
+ }
120
+ async getRefreshToken(token) {
121
+ return this.refreshTokens.get(token) ?? null;
122
+ }
123
+ async revokeRefreshToken(token) {
124
+ const rt = this.refreshTokens.get(token);
125
+ if (rt) {
126
+ rt.revoked = true;
127
+ this.refreshTokens.set(token, rt);
128
+ }
129
+ }
130
+ async revokeAllUserTokens(userId) {
131
+ for (const [key, token] of this.accessTokens) {
132
+ if (token.userId === userId) {
133
+ this.accessTokens.delete(key);
134
+ }
135
+ }
136
+ for (const [key, token] of this.refreshTokens) {
137
+ if (token.userId === userId) {
138
+ token.revoked = true;
139
+ this.refreshTokens.set(key, token);
140
+ }
141
+ }
142
+ }
143
+ async revokeAllClientTokens(clientId) {
144
+ for (const [key, token] of this.accessTokens) {
145
+ if (token.clientId === clientId) {
146
+ this.accessTokens.delete(key);
147
+ }
148
+ }
149
+ for (const [key, token] of this.refreshTokens) {
150
+ if (token.clientId === clientId) {
151
+ token.revoked = true;
152
+ this.refreshTokens.set(key, token);
153
+ }
154
+ }
155
+ }
156
+ // Grant operations
157
+ grantKey(userId, clientId) {
158
+ return `${userId}:${clientId}`;
159
+ }
160
+ async getGrant(userId, clientId) {
161
+ return this.grants.get(this.grantKey(userId, clientId)) ?? null;
162
+ }
163
+ async saveGrant(grant) {
164
+ this.grants.set(this.grantKey(grant.userId, grant.clientId), grant);
165
+ }
166
+ async revokeGrant(userId, clientId) {
167
+ const grant = this.grants.get(this.grantKey(userId, clientId));
168
+ if (grant) {
169
+ grant.revoked = true;
170
+ this.grants.set(this.grantKey(userId, clientId), grant);
171
+ }
172
+ }
173
+ async listUserGrants(userId) {
174
+ return Array.from(this.grants.values()).filter((g) => g.userId === userId && !g.revoked);
175
+ }
176
+ /**
177
+ * Clear all data (for testing)
178
+ */
179
+ clear() {
180
+ this.users.clear();
181
+ this.usersByEmail.clear();
182
+ this.organizations.clear();
183
+ this.organizationsBySlug.clear();
184
+ this.clients.clear();
185
+ this.authCodes.clear();
186
+ this.accessTokens.clear();
187
+ this.refreshTokens.clear();
188
+ this.grants.clear();
189
+ }
190
+ }
191
+ //# sourceMappingURL=storage.js.map
package/dist/storage.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"storage.js","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAsNH;;GAEG;AACH,MAAM,OAAO,kBAAkB;IACrB,KAAK,GAAG,IAAI,GAAG,EAAqB,CAAA;IACpC,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAA;IACxC,aAAa,GAAG,IAAI,GAAG,EAA6B,CAAA;IACpD,mBAAmB,GAAG,IAAI,GAAG,EAAkB,CAAA;IAC/C,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAA;IACxC,SAAS,GAAG,IAAI,GAAG,EAAkC,CAAA;IACrD,YAAY,GAAG,IAAI,GAAG,EAA4B,CAAA;IAClD,aAAa,GAAG,IAAI,GAAG,EAA6B,CAAA;IACpD,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAA;IAE9C,kBAAkB;IAClB,KAAK,CAAC,OAAO,CAAC,EAAU;QACtB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;QACrD,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAe;QAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;QAC7B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,CAAA;QAC1D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAC/B,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;QACpD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;IACvB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAqB;QACnC,IAAI,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;QAC3C,IAAI,OAAO,EAAE,cAAc,EAAE,CAAC;YAC5B,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,cAAc,CAAC,CAAA;QAC1E,CAAC;QACD,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;YACnB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,0BAA0B;IAC1B,KAAK,CAAC,eAAe,CAAC,EAAU;QAC9B,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,MAAM,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;QAC3D,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAsB;QAC3C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;QACnC,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACb,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;QAC9D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACtC,IAAI,GAAG,EAAE,IAAI,EAAE,CAAC;YACd,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;QACzD,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAqB;QAC3C,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAA;QAClD,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;YACnB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;QACrC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,oBAAoB;IACpB,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAmB;QAClC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAqB;QACrC,IAAI,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;QAC/C,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;YACnB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;QAC3C,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,gCAAgC;IAChC,KAAK,CAAC,qBAAqB,CAAC,IAA4B;QACtD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,IAAY;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QACzC,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAA;QAC1B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC3B,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,mBAAmB;IACnB,KAAK,CAAC,eAAe,CAAC,KAAuB;QAC3C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAwB;QAC7C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,KAAa;QACjC,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,CAAA;IAC9C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACxC,IAAI,EAAE,EAAE,CAAC;YACP,EAAE,CAAC,OAAO,GAAG,IAAI,CAAA;YACjB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc;QACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC5B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC9C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC5B,KAAK,CAAC,OAAO,GAAG,IAAI,CAAA;gBACpB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,QAAgB;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7C,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAChC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC9C,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAChC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAA;gBACpB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,mBAAmB;IACX,QAAQ,CAAC,MAAc,EAAE,QAAgB;QAC/C,OAAO,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAA;IAChC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,QAAgB;QAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAA;IACjE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAiB;QAC/B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAA;IACrE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,QAAgB;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC9D,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,OAAO,GAAG,IAAI,CAAA;YACpB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAA;QACzD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;IAC1F,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;QAClB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAA;QACzB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAA;QAC1B,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAA;QAChC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;QACpB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QACtB,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAA;QACzB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAA;QAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAA;IACrB,CAAC;CACF"}
package/dist/types.d.ts ADDED
@@ -0,0 +1,247 @@
1
+ /**
2
+ * @dotdo/oauth - Core types for OAuth 2.1 server
3
+ *
4
+ * These types define the storage interface and data structures
5
+ * for the OAuth 2.1 server implementation.
6
+ */
7
+ /**
8
+ * OAuth 2.1 User - represents an authenticated user
9
+ */
10
+ export interface OAuthUser {
11
+ /** Unique user identifier */
12
+ id: string;
13
+ /** User's email address */
14
+ email?: string;
15
+ /** User's display name */
16
+ name?: string;
17
+ /** Organization/tenant the user belongs to */
18
+ organizationId?: string;
19
+ /** User roles for RBAC */
20
+ roles?: string[];
21
+ /** User permissions for fine-grained access */
22
+ permissions?: string[];
23
+ /** Additional user metadata */
24
+ metadata?: Record<string, unknown>;
25
+ /** When the user was created */
26
+ createdAt: number;
27
+ /** When the user was last updated */
28
+ updatedAt: number;
29
+ /** When the user last logged in */
30
+ lastLoginAt?: number;
31
+ }
32
+ /**
33
+ * OAuth 2.1 Organization - represents a tenant/organization
34
+ */
35
+ export interface OAuthOrganization {
36
+ /** Unique organization identifier */
37
+ id: string;
38
+ /** Organization name */
39
+ name: string;
40
+ /** Organization slug (URL-safe identifier) */
41
+ slug?: string;
42
+ /** Organization metadata */
43
+ metadata?: Record<string, unknown>;
44
+ /** When the organization was created */
45
+ createdAt: number;
46
+ /** When the organization was last updated */
47
+ updatedAt: number;
48
+ }
49
+ /**
50
+ * OAuth 2.1 Client - represents a registered OAuth client (e.g., Claude, ChatGPT)
51
+ */
52
+ export interface OAuthClient {
53
+ /** Unique client identifier */
54
+ clientId: string;
55
+ /** Client secret (hashed) - optional for public clients */
56
+ clientSecretHash?: string;
57
+ /** Client name for display */
58
+ clientName: string;
59
+ /** Allowed redirect URIs */
60
+ redirectUris: string[];
61
+ /** Allowed grant types */
62
+ grantTypes: ('authorization_code' | 'refresh_token' | 'client_credentials')[];
63
+ /** Allowed response types */
64
+ responseTypes: ('code' | 'token')[];
65
+ /** Token endpoint auth method */
66
+ tokenEndpointAuthMethod: 'none' | 'client_secret_basic' | 'client_secret_post';
67
+ /** Allowed scopes */
68
+ scope?: string;
69
+ /** Client metadata (logo, contacts, etc.) */
70
+ metadata?: Record<string, unknown>;
71
+ /** When the client was registered */
72
+ createdAt: number;
73
+ /** When the client registration expires (0 = never) */
74
+ expiresAt?: number;
75
+ }
76
+ /**
77
+ * OAuth 2.1 Authorization Code - short-lived code exchanged for tokens
78
+ */
79
+ export interface OAuthAuthorizationCode {
80
+ /** The authorization code */
81
+ code: string;
82
+ /** Client that requested the code */
83
+ clientId: string;
84
+ /** User who authorized the request */
85
+ userId: string;
86
+ /** Redirect URI used in the authorization request */
87
+ redirectUri: string;
88
+ /** Granted scopes */
89
+ scope?: string;
90
+ /** PKCE code challenge */
91
+ codeChallenge?: string;
92
+ /** PKCE code challenge method (always S256 for OAuth 2.1) */
93
+ codeChallengeMethod?: 'S256';
94
+ /** When the code was issued */
95
+ issuedAt: number;
96
+ /** When the code expires (typically 10 minutes) */
97
+ expiresAt: number;
98
+ /** State parameter for CSRF protection */
99
+ state?: string;
100
+ }
101
+ /**
102
+ * OAuth 2.1 Access Token metadata
103
+ */
104
+ export interface OAuthAccessToken {
105
+ /** The access token (or token identifier) */
106
+ token: string;
107
+ /** Token type (always 'Bearer' for OAuth 2.1) */
108
+ tokenType: 'Bearer';
109
+ /** Client the token was issued to */
110
+ clientId: string;
111
+ /** User the token represents */
112
+ userId: string;
113
+ /** Granted scopes */
114
+ scope?: string;
115
+ /** When the token was issued */
116
+ issuedAt: number;
117
+ /** When the token expires */
118
+ expiresAt: number;
119
+ }
120
+ /**
121
+ * OAuth 2.1 Refresh Token metadata
122
+ */
123
+ export interface OAuthRefreshToken {
124
+ /** The refresh token */
125
+ token: string;
126
+ /** Client the token was issued to */
127
+ clientId: string;
128
+ /** User the token represents */
129
+ userId: string;
130
+ /** Granted scopes */
131
+ scope?: string;
132
+ /** When the token was issued */
133
+ issuedAt: number;
134
+ /** When the token expires (0 = never) */
135
+ expiresAt?: number;
136
+ /** Whether the token has been revoked */
137
+ revoked?: boolean;
138
+ }
139
+ /**
140
+ * OAuth 2.1 Grant - represents a user's authorization grant to a client
141
+ */
142
+ export interface OAuthGrant {
143
+ /** Unique grant identifier */
144
+ id: string;
145
+ /** User who granted authorization */
146
+ userId: string;
147
+ /** Client that received authorization */
148
+ clientId: string;
149
+ /** Granted scopes */
150
+ scope?: string;
151
+ /** When the grant was created */
152
+ createdAt: number;
153
+ /** When the grant was last used */
154
+ lastUsedAt?: number;
155
+ /** Whether the grant has been revoked */
156
+ revoked?: boolean;
157
+ }
158
+ /**
159
+ * OAuth 2.1 Authorization Server Metadata
160
+ * As defined in RFC 8414
161
+ */
162
+ export interface OAuthServerMetadata {
163
+ /** Authorization server's issuer identifier (URL) */
164
+ issuer: string;
165
+ /** URL of the authorization endpoint */
166
+ authorization_endpoint: string;
167
+ /** URL of the token endpoint */
168
+ token_endpoint: string;
169
+ /** URL of the dynamic client registration endpoint */
170
+ registration_endpoint?: string;
171
+ /** URL of the JWKS endpoint */
172
+ jwks_uri?: string;
173
+ /** Supported scopes */
174
+ scopes_supported?: string[];
175
+ /** Supported response types */
176
+ response_types_supported: string[];
177
+ /** Supported grant types */
178
+ grant_types_supported: string[];
179
+ /** Supported token endpoint auth methods */
180
+ token_endpoint_auth_methods_supported: string[];
181
+ /** Supported PKCE code challenge methods */
182
+ code_challenge_methods_supported: string[];
183
+ /** URL of the token revocation endpoint */
184
+ revocation_endpoint?: string;
185
+ /** URL of the token introspection endpoint */
186
+ introspection_endpoint?: string;
187
+ }
188
+ /**
189
+ * OAuth 2.1 Protected Resource Metadata
190
+ * As defined in draft-ietf-oauth-resource-metadata
191
+ */
192
+ export interface OAuthResourceMetadata {
193
+ /** Resource server identifier (URL) */
194
+ resource: string;
195
+ /** Authorization servers that can issue tokens for this resource */
196
+ authorization_servers?: string[];
197
+ /** Scopes required to access this resource */
198
+ scopes_supported?: string[];
199
+ /** Bearer token methods supported */
200
+ bearer_methods_supported?: ('header' | 'body' | 'query')[];
201
+ /** Resource documentation URL */
202
+ resource_documentation?: string;
203
+ }
204
+ /**
205
+ * Token response from the token endpoint
206
+ */
207
+ export interface TokenResponse {
208
+ /** The access token */
209
+ access_token: string;
210
+ /** Token type (always 'Bearer') */
211
+ token_type: 'Bearer';
212
+ /** Token lifetime in seconds */
213
+ expires_in: number;
214
+ /** Refresh token (if granted) */
215
+ refresh_token?: string;
216
+ /** Granted scopes (if different from requested) */
217
+ scope?: string;
218
+ }
219
+ /**
220
+ * Error response from OAuth endpoints
221
+ */
222
+ export interface OAuthError {
223
+ /** Error code */
224
+ error: string;
225
+ /** Human-readable error description */
226
+ error_description?: string;
227
+ /** URI for more information */
228
+ error_uri?: string;
229
+ }
230
+ /**
231
+ * Upstream OAuth provider configuration (e.g., WorkOS)
232
+ */
233
+ export interface UpstreamOAuthConfig {
234
+ /** Provider type */
235
+ provider: 'workos' | 'auth0' | 'okta' | 'custom';
236
+ /** API key or client secret */
237
+ apiKey: string;
238
+ /** Client ID */
239
+ clientId: string;
240
+ /** Authorization endpoint (for custom providers) */
241
+ authorizationEndpoint?: string;
242
+ /** Token endpoint (for custom providers) */
243
+ tokenEndpoint?: string;
244
+ /** JWKS URI (for custom providers) */
245
+ jwksUri?: string;
246
+ }
247
+ //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,2BAA2B;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,8CAA8C;IAC9C,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,0BAA0B;IAC1B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAA;IACjB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAA;IACjB,mCAAmC;IACnC,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,qCAAqC;IACrC,EAAE,EAAE,MAAM,CAAA;IACV,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAA;IACZ,8CAA8C;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAA;IACjB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,4BAA4B;IAC5B,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,0BAA0B;IAC1B,UAAU,EAAE,CAAC,oBAAoB,GAAG,eAAe,GAAG,oBAAoB,CAAC,EAAE,CAAA;IAC7E,6BAA6B;IAC7B,aAAa,EAAE,CAAC,MAAM,GAAG,OAAO,CAAC,EAAE,CAAA;IACnC,iCAAiC;IACjC,uBAAuB,EAAE,MAAM,GAAG,qBAAqB,GAAG,oBAAoB,CAAA;IAC9E,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAA;IACjB,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAA;IAChB,sCAAsC;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAA;IACnB,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,6DAA6D;IAC7D,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAA;IACjB,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,6CAA6C;IAC7C,KAAK,EAAE,MAAM,CAAA;IACb,iDAAiD;IACjD,SAAS,EAAE,QAAQ,CAAA;IACnB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAA;IAChB,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,wBAAwB;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAA;IAChB,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,yCAAyC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAA;IACd,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAA;IAChB,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAA;IACjB,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,yCAAyC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAA;IACd,wCAAwC;IACxC,sBAAsB,EAAE,MAAM,CAAA;IAC9B,gCAAgC;IAChC,cAAc,EAAE,MAAM,CAAA;IACtB,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uBAAuB;IACvB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC3B,+BAA+B;IAC/B,wBAAwB,EAAE,MAAM,EAAE,CAAA;IAClC,4BAA4B;IAC5B,qBAAqB,EAAE,MAAM,EAAE,CAAA;IAC/B,4CAA4C;IAC5C,qCAAqC,EAAE,MAAM,EAAE,CAAA;IAC/C,4CAA4C;IAC5C,gCAAgC,EAAE,MAAM,EAAE,CAAA;IAC1C,2CAA2C;IAC3C,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,8CAA8C;IAC9C,sBAAsB,CAAC,EAAE,MAAM,CAAA;CAChC;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAA;IAChB,oEAAoE;IACpE,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAChC,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC3B,qCAAqC;IACrC,wBAAwB,CAAC,EAAE,CAAC,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC,EAAE,CAAA;IAC1D,iCAAiC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAA;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uBAAuB;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,mCAAmC;IACnC,UAAU,EAAE,QAAQ,CAAA;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAA;IAClB,iCAAiC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,mDAAmD;IACnD,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iBAAiB;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,uCAAuC;IACvC,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,oBAAoB;IACpB,QAAQ,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAA;IAChD,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,oDAAoD;IACpD,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,4CAA4C;IAC5C,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB"}
package/dist/types.js ADDED
@@ -0,0 +1,8 @@
1
+ /**
2
+ * @dotdo/oauth - Core types for OAuth 2.1 server
3
+ *
4
+ * These types define the storage interface and data structures
5
+ * for the OAuth 2.1 server implementation.
6
+ */
7
+ export {};
8
+ //# sourceMappingURL=types.js.map