@dotdo/oauth 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/dev.d.ts +10 -1
- package/dist/dev.d.ts.map +1 -1
- package/dist/dev.js +6 -5
- package/dist/dev.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/jwt.d.ts +130 -0
- package/dist/jwt.d.ts.map +1 -0
- package/dist/jwt.js +337 -0
- package/dist/jwt.js.map +1 -0
- package/dist/pkce.d.ts.map +1 -1
- package/dist/pkce.js +33 -19
- package/dist/pkce.js.map +1 -1
- package/dist/server.d.ts +4 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +256 -78
- package/dist/server.js.map +1 -1
- package/dist/types.d.ts +36 -8
- package/dist/types.d.ts.map +1 -1
- package/package.json +5 -1
package/dist/dev.d.ts
CHANGED
|
@@ -28,9 +28,18 @@ export interface DevUser {
|
|
|
28
28
|
}
|
|
29
29
|
/**
|
|
30
30
|
* Development mode configuration
|
|
31
|
+
*
|
|
32
|
+
* @warning SECURITY: devMode should NEVER be enabled in production environments.
|
|
33
|
+
* It bypasses upstream OAuth providers and uses simple password authentication,
|
|
34
|
+
* which is insecure for production use. Only use for local development and testing.
|
|
31
35
|
*/
|
|
32
36
|
export interface DevModeConfig {
|
|
33
|
-
/**
|
|
37
|
+
/**
|
|
38
|
+
* Enable dev mode (disables upstream OAuth)
|
|
39
|
+
*
|
|
40
|
+
* @warning SECURITY: Never enable in production! This bypasses all upstream
|
|
41
|
+
* OAuth security and allows simple password-based authentication.
|
|
42
|
+
*/
|
|
34
43
|
enabled: boolean;
|
|
35
44
|
/** Pre-configured test users */
|
|
36
45
|
users?: DevUser[];
|
package/dist/dev.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAuC,MAAM,YAAY,CAAA;AAChF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAGhD;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,cAAc;IACd,EAAE,EAAE,MAAM,CAAA;IACV,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAA;IACb,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED
|
|
1
|
+
{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAuC,MAAM,YAAY,CAAA;AAChF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAGhD;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,cAAc;IACd,EAAE,EAAE,MAAM,CAAA;IACV,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAA;IACb,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;OAKG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,gCAAgC;IAChC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAA;IACjB,yDAAyD;IACzD,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,6BAA6B;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAA;IAEvF;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QACxE,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,SAAS,EAAE,MAAM,CAAA;KAClB,CAAC,CAAA;IAEF;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAC/C,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;QACb,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,QAAQ,CAAC,EAAE,OAAO,CAAA;QAClB,MAAM,CAAC,EAAE,OAAO,CAAA;QAChB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;KACrC,CAAC,CAAC,CAAA;IAEH;;OAEG;IACH,uBAAuB,CAAC,MAAM,EAAE;QAC9B,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,CAAA;QACd,WAAW,EAAE,MAAM,CAAA;QACnB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,aAAa,EAAE,MAAM,CAAA;KACtB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAEnB;;OAEG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;CAC9E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,YAAY,EACrB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,OAAO,EAAE;IACP,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,WAAW,EAAE,MAAM,CAAA;IACnB,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B,GACA,WAAW,CAuHb;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE;IAC7C,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,GAAG,MAAM,CAoKT"}
|
package/dist/dev.js
CHANGED
|
@@ -18,9 +18,9 @@ export function createTestHelpers(storage, devUsers, options) {
|
|
|
18
18
|
const user = {
|
|
19
19
|
id: userData.id,
|
|
20
20
|
email: userData.email,
|
|
21
|
-
name: userData.name,
|
|
22
|
-
organizationId: userData.organizationId,
|
|
23
|
-
roles: userData.roles,
|
|
21
|
+
...(userData.name !== undefined && { name: userData.name }),
|
|
22
|
+
...(userData.organizationId !== undefined && { organizationId: userData.organizationId }),
|
|
23
|
+
...(userData.roles !== undefined && { roles: userData.roles }),
|
|
24
24
|
createdAt: Date.now(),
|
|
25
25
|
updatedAt: Date.now(),
|
|
26
26
|
};
|
|
@@ -85,7 +85,7 @@ export function createTestHelpers(storage, devUsers, options) {
|
|
|
85
85
|
clientId: params.clientId,
|
|
86
86
|
userId: params.userId,
|
|
87
87
|
redirectUri: params.redirectUri,
|
|
88
|
-
scope: params.scope,
|
|
88
|
+
...(params.scope !== undefined && { scope: params.scope }),
|
|
89
89
|
codeChallenge: params.codeChallenge,
|
|
90
90
|
codeChallengeMethod: 'S256',
|
|
91
91
|
issuedAt: Date.now(),
|
|
@@ -100,11 +100,12 @@ export function createTestHelpers(storage, devUsers, options) {
|
|
|
100
100
|
}
|
|
101
101
|
// If allowAnyCredentials is enabled, create a new user
|
|
102
102
|
if (allowAnyCredentials) {
|
|
103
|
+
const namePart = email.split('@')[0];
|
|
103
104
|
const newUser = {
|
|
104
105
|
id: `dev_${generateToken(12)}`,
|
|
105
106
|
email,
|
|
106
107
|
password,
|
|
107
|
-
name:
|
|
108
|
+
...(namePart && { name: namePart }),
|
|
108
109
|
};
|
|
109
110
|
devUsers.set(email.toLowerCase(), newUser);
|
|
110
111
|
return newUser;
|
package/dist/dev.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev.js","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAA;
|
|
1
|
+
{"version":3,"file":"dev.js","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAA;AA4FpE;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAqB,EACrB,QAA8B,EAC9B,OAKC;IAED,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAA;IAErF,OAAO;QACL,KAAK,CAAC,UAAU,CAAC,QAAQ;YACvB,MAAM,IAAI,GAAc;gBACtB,EAAE,EAAE,QAAQ,CAAC,EAAE;gBACf,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3D,GAAG,CAAC,QAAQ,CAAC,cAAc,KAAK,SAAS,IAAI,EAAE,cAAc,EAAE,QAAQ,CAAC,cAAc,EAAE,CAAC;gBACzF,GAAG,CAAC,QAAQ,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAC9D,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAA;YAED,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YAE5B,iDAAiD;YACjD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACtB,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE;oBACzC,GAAG,QAAQ;oBACX,QAAQ,EAAE,QAAQ,CAAC,QAAQ;iBACjB,CAAC,CAAA;YACf,CAAC;YAED,OAAO,IAAI,CAAA;QACb,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,GAAG,sBAAsB;YACnE,MAAM,WAAW,GAAG,aAAa,CAAC,EAAE,CAAC,CAAA;YACrC,MAAM,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC,CAAA;YACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YAEtB,MAAM,cAAc,GAAqB;gBACvC,KAAK,EAAE,WAAW;gBAClB,SAAS,EAAE,QAAQ;gBACnB,MAAM;gBACN,QAAQ;gBACR,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE,GAAG,GAAG,cAAc,GAAG,IAAI;aACvC,CAAA;YAED,MAAM,eAAe,GAAsB;gBACzC,KAAK,EAAE,YAAY;gBACnB,MAAM;gBACN,QAAQ;gBACR,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE,GAAG,GAAG,eAAe,GAAG,IAAI;aACxC,CAAA;YAED,MAAM,OAAO,CAAC,eAAe,CAAC,cAAc,CAAC,CAAA;YAC7C,MAAM,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAA;YAE/C,OAAO;gBACL,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,cAAc;aAC1B,CAAA;QACH,CAAC;QAED,KAAK,CAAC,iBAAiB,CAAC,MAAM;YAC5B,mDAAmD;YACnD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;YAExE,OAAO;gBACL;oBACE,IAAI,EAAE,oBAAoB;oBAC1B,KAAK,EAAE,WAAW;oBAClB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,KAAc;oBACxB,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,cAAc;iBAC5C;aACF,CAAA;QACH,CAAC;QAED,KAAK,CAAC,uBAAuB,CAAC,MAAM;YAClC,MAAM,IAAI,GAAG,yBAAyB,EAAE,CAAA;YAExC,MAAM,OAAO,CAAC,qBAAqB,CAAC;gBAClC,IAAI;gBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC1D,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,mBAAmB,EAAE,MAAM;gBAC3B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;gBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,GAAG,IAAI;aAC3C,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;QAED,KAAK,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ;YACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;YAC9C,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAA;YACb,CAAC;YAED,uDAAuD;YACvD,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,OAAO,GAAY;oBACvB,EAAE,EAAE,OAAO,aAAa,CAAC,EAAE,CAAC,EAAE;oBAC9B,KAAK;oBACL,QAAQ;oBACR,GAAG,CAAC,QAAQ,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;iBACpC,CAAA;gBACD,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAA;gBAC1C,OAAO,OAAO,CAAA;YAChB,CAAC;YAED,OAAO,IAAI,CAAA;QACb,CAAC;KACF,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OASrC;IACC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAE1G,OAAO;;;;;qBAKY,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsHhB,MAAM;;;;MAIX,KAAK,CAAC,CAAC,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;;;8BAGxB,QAAQ;;;;qDAIe,QAAQ;wDACL,WAAW;iDAClB,KAAK,IAAI,EAAE;iDACX,KAAK,IAAI,EAAE;0DACF,aAAa;iEACN,mBAAmB;;;;;;;;;;;;;;;;;;;;;QAqB5E,CAAA;AACR,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -46,5 +46,7 @@ export type { DevModeConfig, DevUser, TestHelpers } from './dev.js';
|
|
|
46
46
|
export { MemoryOAuthStorage } from './storage.js';
|
|
47
47
|
export type { OAuthStorage, ListOptions } from './storage.js';
|
|
48
48
|
export { generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, generatePkce, generateState, generateToken, generateAuthorizationCode, hashClientSecret, verifyClientSecret, base64UrlEncode, base64UrlDecode, constantTimeEqual, } from './pkce.js';
|
|
49
|
+
export { verifyJWT, decodeJWT, isJWTExpired, clearJWKSCache } from './jwt.js';
|
|
50
|
+
export type { JWTVerifyResult, JWTVerifyOptions, JWTHeader, JWTPayload } from './jwt.js';
|
|
49
51
|
export type { OAuthUser, OAuthOrganization, OAuthClient, OAuthAuthorizationCode, OAuthAccessToken, OAuthRefreshToken, OAuthGrant, OAuthServerMetadata, OAuthResourceMetadata, TokenResponse, OAuthError, UpstreamOAuthConfig, } from './types.js';
|
|
50
52
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACjD,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAGrE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AACnE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAG7D,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAGlB,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,UAAU,EACV,mBAAmB,GACpB,MAAM,YAAY,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACjD,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAGrE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AACnE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAG7D,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAGlB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAC7E,YAAY,EAAE,eAAe,EAAE,gBAAgB,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAGxF,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,UAAU,EACV,mBAAmB,GACpB,MAAM,YAAY,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -47,4 +47,6 @@ export { createTestHelpers, generateLoginFormHtml } from './dev.js';
|
|
|
47
47
|
export { MemoryOAuthStorage } from './storage.js';
|
|
48
48
|
// PKCE
|
|
49
49
|
export { generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, generatePkce, generateState, generateToken, generateAuthorizationCode, hashClientSecret, verifyClientSecret, base64UrlEncode, base64UrlDecode, constantTimeEqual, } from './pkce.js';
|
|
50
|
+
// JWT Verification
|
|
51
|
+
export { verifyJWT, decodeJWT, isJWTExpired, clearJWKSCache } from './jwt.js';
|
|
50
52
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,SAAS;AACT,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AAGjD,0BAA0B;AAC1B,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AAGnE,UAAU;AACV,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AAGjD,OAAO;AACP,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,SAAS;AACT,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AAGjD,0BAA0B;AAC1B,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AAGnE,UAAU;AACV,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AAGjD,OAAO;AACP,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAElB,mBAAmB;AACnB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA"}
|
package/dist/jwt.d.ts
ADDED
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @dotdo/oauth - JWT Verification
|
|
3
|
+
*
|
|
4
|
+
* Server-side JWT token validation with JWKS support.
|
|
5
|
+
* Validates standard JWT claims (exp, iat, iss, aud) and
|
|
6
|
+
* fetches public keys from JWKS endpoints.
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Result of JWT verification - discriminated union based on validity
|
|
10
|
+
*/
|
|
11
|
+
export type JWTVerifyResult = {
|
|
12
|
+
valid: true;
|
|
13
|
+
payload: JWTPayload;
|
|
14
|
+
header: JWTHeader;
|
|
15
|
+
error?: undefined;
|
|
16
|
+
} | {
|
|
17
|
+
valid: false;
|
|
18
|
+
error: string;
|
|
19
|
+
payload?: undefined;
|
|
20
|
+
header?: undefined;
|
|
21
|
+
} | {
|
|
22
|
+
valid: false;
|
|
23
|
+
error: string;
|
|
24
|
+
payload: JWTPayload;
|
|
25
|
+
header: JWTHeader;
|
|
26
|
+
};
|
|
27
|
+
/**
|
|
28
|
+
* JWT Header
|
|
29
|
+
*/
|
|
30
|
+
export interface JWTHeader {
|
|
31
|
+
/** Algorithm used for signing */
|
|
32
|
+
alg: string;
|
|
33
|
+
/** Token type (typically 'JWT') */
|
|
34
|
+
typ?: string;
|
|
35
|
+
/** Key ID for JWKS lookup */
|
|
36
|
+
kid?: string;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Standard JWT Payload claims
|
|
40
|
+
*/
|
|
41
|
+
export interface JWTPayload {
|
|
42
|
+
/** Issuer */
|
|
43
|
+
iss?: string;
|
|
44
|
+
/** Subject */
|
|
45
|
+
sub?: string;
|
|
46
|
+
/** Audience (can be string or array) */
|
|
47
|
+
aud?: string | string[];
|
|
48
|
+
/** Expiration time (Unix timestamp) */
|
|
49
|
+
exp?: number;
|
|
50
|
+
/** Not before (Unix timestamp) */
|
|
51
|
+
nbf?: number;
|
|
52
|
+
/** Issued at (Unix timestamp) */
|
|
53
|
+
iat?: number;
|
|
54
|
+
/** JWT ID */
|
|
55
|
+
jti?: string;
|
|
56
|
+
/** Additional claims */
|
|
57
|
+
[key: string]: unknown;
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Options for JWT verification
|
|
61
|
+
*/
|
|
62
|
+
export interface JWTVerifyOptions {
|
|
63
|
+
/** JWKS URL for fetching public keys */
|
|
64
|
+
jwksUrl?: string;
|
|
65
|
+
/** Expected issuer */
|
|
66
|
+
issuer?: string;
|
|
67
|
+
/** Expected audience (can be string or array) */
|
|
68
|
+
audience?: string | string[];
|
|
69
|
+
/** Pre-loaded public key (alternative to jwksUrl) */
|
|
70
|
+
publicKey?: CryptoKey;
|
|
71
|
+
/** Clock tolerance in seconds for exp/nbf/iat checks (default: 60) */
|
|
72
|
+
clockTolerance?: number;
|
|
73
|
+
/** Skip expiration check */
|
|
74
|
+
ignoreExpiration?: boolean;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Verify a JWT token
|
|
78
|
+
*
|
|
79
|
+
* @param token - The JWT token to verify
|
|
80
|
+
* @param options - Verification options
|
|
81
|
+
* @returns Verification result with payload if valid
|
|
82
|
+
*
|
|
83
|
+
* @example With JWKS URL
|
|
84
|
+
* ```typescript
|
|
85
|
+
* const result = await verifyJWT(token, {
|
|
86
|
+
* jwksUrl: 'https://issuer.com/.well-known/jwks.json',
|
|
87
|
+
* issuer: 'https://issuer.com',
|
|
88
|
+
* audience: 'my-api'
|
|
89
|
+
* })
|
|
90
|
+
*
|
|
91
|
+
* if (result.valid) {
|
|
92
|
+
* console.log('User ID:', result.payload?.sub)
|
|
93
|
+
* } else {
|
|
94
|
+
* console.error('Invalid token:', result.error)
|
|
95
|
+
* }
|
|
96
|
+
* ```
|
|
97
|
+
*
|
|
98
|
+
* @example With pre-loaded public key
|
|
99
|
+
* ```typescript
|
|
100
|
+
* const result = await verifyJWT(token, {
|
|
101
|
+
* publicKey: await crypto.subtle.importKey(...),
|
|
102
|
+
* issuer: 'https://issuer.com'
|
|
103
|
+
* })
|
|
104
|
+
* ```
|
|
105
|
+
*/
|
|
106
|
+
export declare function verifyJWT(token: string, options?: JWTVerifyOptions): Promise<JWTVerifyResult>;
|
|
107
|
+
/**
|
|
108
|
+
* Decode a JWT without verifying the signature
|
|
109
|
+
* Useful for inspecting tokens before verification
|
|
110
|
+
*
|
|
111
|
+
* @param token - The JWT token to decode
|
|
112
|
+
* @returns Decoded header and payload, or null if invalid format
|
|
113
|
+
*/
|
|
114
|
+
export declare function decodeJWT(token: string): {
|
|
115
|
+
header: JWTHeader;
|
|
116
|
+
payload: JWTPayload;
|
|
117
|
+
} | null;
|
|
118
|
+
/**
|
|
119
|
+
* Check if a JWT is expired (without full verification)
|
|
120
|
+
*
|
|
121
|
+
* @param token - The JWT token to check
|
|
122
|
+
* @param clockTolerance - Tolerance in seconds (default: 0)
|
|
123
|
+
* @returns true if expired, false if valid or no exp claim
|
|
124
|
+
*/
|
|
125
|
+
export declare function isJWTExpired(token: string, clockTolerance?: number): boolean;
|
|
126
|
+
/**
|
|
127
|
+
* Clear the JWKS cache (useful for testing)
|
|
128
|
+
*/
|
|
129
|
+
export declare function clearJWKSCache(): void;
|
|
130
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,SAAS,CAAC;IAAC,KAAK,CAAC,EAAE,SAAS,CAAA;CAAE,GAC1E;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,SAAS,CAAA;CAAE,GACxE;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,SAAS,CAAA;CAAE,CAAA;AAE3E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,mCAAmC;IACnC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,6BAA6B;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,cAAc;IACd,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IACvB,uCAAuC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,kCAAkC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,iCAAiC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,sBAAsB;IACtB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,iDAAiD;IACjD,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IAC5B,qDAAqD;IACrD,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,sEAAsE;IACtE,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,4BAA4B;IAC5B,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B;AA4BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,eAAe,CAAC,CAiH1B;AAED;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GAAG,IAAI,CAc1F;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,GAAE,MAAU,GAAG,OAAO,CAQ/E;AA4MD;;GAEG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAErC"}
|
package/dist/jwt.js
ADDED
|
@@ -0,0 +1,337 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @dotdo/oauth - JWT Verification
|
|
3
|
+
*
|
|
4
|
+
* Server-side JWT token validation with JWKS support.
|
|
5
|
+
* Validates standard JWT claims (exp, iat, iss, aud) and
|
|
6
|
+
* fetches public keys from JWKS endpoints.
|
|
7
|
+
*/
|
|
8
|
+
import { base64UrlDecode } from './pkce.js';
|
|
9
|
+
// Cache for JWKS to avoid repeated fetches
|
|
10
|
+
const jwksCache = new Map();
|
|
11
|
+
const JWKS_CACHE_TTL = 5 * 60 * 1000; // 5 minutes
|
|
12
|
+
/**
|
|
13
|
+
* Verify a JWT token
|
|
14
|
+
*
|
|
15
|
+
* @param token - The JWT token to verify
|
|
16
|
+
* @param options - Verification options
|
|
17
|
+
* @returns Verification result with payload if valid
|
|
18
|
+
*
|
|
19
|
+
* @example With JWKS URL
|
|
20
|
+
* ```typescript
|
|
21
|
+
* const result = await verifyJWT(token, {
|
|
22
|
+
* jwksUrl: 'https://issuer.com/.well-known/jwks.json',
|
|
23
|
+
* issuer: 'https://issuer.com',
|
|
24
|
+
* audience: 'my-api'
|
|
25
|
+
* })
|
|
26
|
+
*
|
|
27
|
+
* if (result.valid) {
|
|
28
|
+
* console.log('User ID:', result.payload?.sub)
|
|
29
|
+
* } else {
|
|
30
|
+
* console.error('Invalid token:', result.error)
|
|
31
|
+
* }
|
|
32
|
+
* ```
|
|
33
|
+
*
|
|
34
|
+
* @example With pre-loaded public key
|
|
35
|
+
* ```typescript
|
|
36
|
+
* const result = await verifyJWT(token, {
|
|
37
|
+
* publicKey: await crypto.subtle.importKey(...),
|
|
38
|
+
* issuer: 'https://issuer.com'
|
|
39
|
+
* })
|
|
40
|
+
* ```
|
|
41
|
+
*/
|
|
42
|
+
export async function verifyJWT(token, options = {}) {
|
|
43
|
+
const { jwksUrl, issuer, audience, publicKey, clockTolerance = 60, ignoreExpiration = false } = options;
|
|
44
|
+
try {
|
|
45
|
+
// Parse the JWT
|
|
46
|
+
const parts = token.split('.');
|
|
47
|
+
if (parts.length !== 3) {
|
|
48
|
+
return { valid: false, error: 'Invalid JWT format: expected 3 parts' };
|
|
49
|
+
}
|
|
50
|
+
const [headerB64, payloadB64, signatureB64] = parts;
|
|
51
|
+
// Decode header
|
|
52
|
+
let header;
|
|
53
|
+
try {
|
|
54
|
+
header = JSON.parse(decodeBase64Url(headerB64));
|
|
55
|
+
}
|
|
56
|
+
catch {
|
|
57
|
+
return { valid: false, error: 'Invalid JWT header: failed to decode' };
|
|
58
|
+
}
|
|
59
|
+
// Decode payload
|
|
60
|
+
let payload;
|
|
61
|
+
try {
|
|
62
|
+
payload = JSON.parse(decodeBase64Url(payloadB64));
|
|
63
|
+
}
|
|
64
|
+
catch {
|
|
65
|
+
return { valid: false, error: 'Invalid JWT payload: failed to decode' };
|
|
66
|
+
}
|
|
67
|
+
// Validate algorithm
|
|
68
|
+
if (!isSupportedAlgorithm(header.alg)) {
|
|
69
|
+
return { valid: false, error: `Unsupported algorithm: ${header.alg}`, header, payload };
|
|
70
|
+
}
|
|
71
|
+
// Get the public key
|
|
72
|
+
let key;
|
|
73
|
+
if (publicKey) {
|
|
74
|
+
key = publicKey;
|
|
75
|
+
}
|
|
76
|
+
else if (jwksUrl) {
|
|
77
|
+
const fetchedKey = await getKeyFromJWKS(jwksUrl, header.kid, header.alg);
|
|
78
|
+
if (!fetchedKey) {
|
|
79
|
+
return { valid: false, error: 'No matching key found in JWKS', header, payload };
|
|
80
|
+
}
|
|
81
|
+
key = fetchedKey;
|
|
82
|
+
}
|
|
83
|
+
else {
|
|
84
|
+
return { valid: false, error: 'Either jwksUrl or publicKey must be provided', header, payload };
|
|
85
|
+
}
|
|
86
|
+
// Verify signature
|
|
87
|
+
const signatureValid = await verifySignature(`${headerB64}.${payloadB64}`, signatureB64, key, header.alg);
|
|
88
|
+
if (!signatureValid) {
|
|
89
|
+
return { valid: false, error: 'Invalid signature', header, payload };
|
|
90
|
+
}
|
|
91
|
+
// Validate claims
|
|
92
|
+
const now = Math.floor(Date.now() / 1000);
|
|
93
|
+
// Check expiration
|
|
94
|
+
if (!ignoreExpiration && payload.exp !== undefined) {
|
|
95
|
+
if (now > payload.exp + clockTolerance) {
|
|
96
|
+
return { valid: false, error: 'Token has expired', header, payload };
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
// Check not before
|
|
100
|
+
if (payload.nbf !== undefined) {
|
|
101
|
+
if (now < payload.nbf - clockTolerance) {
|
|
102
|
+
return { valid: false, error: 'Token not yet valid (nbf)', header, payload };
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
// Check issued at (prevent tokens issued in the future)
|
|
106
|
+
if (payload.iat !== undefined) {
|
|
107
|
+
if (payload.iat > now + clockTolerance) {
|
|
108
|
+
return { valid: false, error: 'Token issued in the future (iat)', header, payload };
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
// Check issuer
|
|
112
|
+
if (issuer !== undefined) {
|
|
113
|
+
if (payload.iss !== issuer) {
|
|
114
|
+
return { valid: false, error: `Invalid issuer: expected ${issuer}, got ${payload.iss}`, header, payload };
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
// Check audience
|
|
118
|
+
if (audience !== undefined) {
|
|
119
|
+
const tokenAud = Array.isArray(payload.aud) ? payload.aud : payload.aud ? [payload.aud] : [];
|
|
120
|
+
const expectedAud = Array.isArray(audience) ? audience : [audience];
|
|
121
|
+
const hasValidAudience = expectedAud.some((aud) => tokenAud.includes(aud));
|
|
122
|
+
if (!hasValidAudience) {
|
|
123
|
+
return {
|
|
124
|
+
valid: false,
|
|
125
|
+
error: `Invalid audience: expected one of ${expectedAud.join(', ')}, got ${tokenAud.join(', ')}`,
|
|
126
|
+
header,
|
|
127
|
+
payload,
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
return { valid: true, payload, header };
|
|
132
|
+
}
|
|
133
|
+
catch (err) {
|
|
134
|
+
return {
|
|
135
|
+
valid: false,
|
|
136
|
+
error: err instanceof Error ? err.message : 'Unknown error during verification',
|
|
137
|
+
};
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Decode a JWT without verifying the signature
|
|
142
|
+
* Useful for inspecting tokens before verification
|
|
143
|
+
*
|
|
144
|
+
* @param token - The JWT token to decode
|
|
145
|
+
* @returns Decoded header and payload, or null if invalid format
|
|
146
|
+
*/
|
|
147
|
+
export function decodeJWT(token) {
|
|
148
|
+
try {
|
|
149
|
+
const parts = token.split('.');
|
|
150
|
+
if (parts.length !== 3) {
|
|
151
|
+
return null;
|
|
152
|
+
}
|
|
153
|
+
const header = JSON.parse(decodeBase64Url(parts[0]));
|
|
154
|
+
const payload = JSON.parse(decodeBase64Url(parts[1]));
|
|
155
|
+
return { header, payload };
|
|
156
|
+
}
|
|
157
|
+
catch {
|
|
158
|
+
return null;
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Check if a JWT is expired (without full verification)
|
|
163
|
+
*
|
|
164
|
+
* @param token - The JWT token to check
|
|
165
|
+
* @param clockTolerance - Tolerance in seconds (default: 0)
|
|
166
|
+
* @returns true if expired, false if valid or no exp claim
|
|
167
|
+
*/
|
|
168
|
+
export function isJWTExpired(token, clockTolerance = 0) {
|
|
169
|
+
const decoded = decodeJWT(token);
|
|
170
|
+
if (!decoded || decoded.payload.exp === undefined) {
|
|
171
|
+
return false;
|
|
172
|
+
}
|
|
173
|
+
const now = Math.floor(Date.now() / 1000);
|
|
174
|
+
return now > decoded.payload.exp + clockTolerance;
|
|
175
|
+
}
|
|
176
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
177
|
+
// Internal Helper Functions
|
|
178
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
179
|
+
/**
|
|
180
|
+
* Decode a base64url-encoded string to a regular string
|
|
181
|
+
*/
|
|
182
|
+
function decodeBase64Url(str) {
|
|
183
|
+
const buffer = base64UrlDecode(str);
|
|
184
|
+
return new TextDecoder().decode(buffer);
|
|
185
|
+
}
|
|
186
|
+
/**
|
|
187
|
+
* Check if an algorithm is supported
|
|
188
|
+
*/
|
|
189
|
+
function isSupportedAlgorithm(alg) {
|
|
190
|
+
return ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512'].includes(alg);
|
|
191
|
+
}
|
|
192
|
+
/**
|
|
193
|
+
* Get algorithm parameters for Web Crypto API
|
|
194
|
+
*/
|
|
195
|
+
function getAlgorithmParams(alg) {
|
|
196
|
+
switch (alg) {
|
|
197
|
+
case 'RS256':
|
|
198
|
+
return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' };
|
|
199
|
+
case 'RS384':
|
|
200
|
+
return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-384' };
|
|
201
|
+
case 'RS512':
|
|
202
|
+
return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-512' };
|
|
203
|
+
case 'ES256':
|
|
204
|
+
return { name: 'ECDSA', hash: 'SHA-256', namedCurve: 'P-256' };
|
|
205
|
+
case 'ES384':
|
|
206
|
+
return { name: 'ECDSA', hash: 'SHA-384', namedCurve: 'P-384' };
|
|
207
|
+
case 'ES512':
|
|
208
|
+
return { name: 'ECDSA', hash: 'SHA-512', namedCurve: 'P-521' };
|
|
209
|
+
default:
|
|
210
|
+
throw new Error(`Unsupported algorithm: ${alg}`);
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
/**
|
|
214
|
+
* Verify JWT signature
|
|
215
|
+
*/
|
|
216
|
+
async function verifySignature(data, signature, key, alg) {
|
|
217
|
+
const encoder = new TextEncoder();
|
|
218
|
+
const dataBytes = encoder.encode(data);
|
|
219
|
+
let signatureBytes = new Uint8Array(base64UrlDecode(signature));
|
|
220
|
+
const params = getAlgorithmParams(alg);
|
|
221
|
+
// For ECDSA, the signature needs to be in the correct format
|
|
222
|
+
if (params.name === 'ECDSA') {
|
|
223
|
+
signatureBytes = convertJWTSignatureToWebCrypto(signatureBytes, alg);
|
|
224
|
+
}
|
|
225
|
+
const algorithm = params.name === 'ECDSA' ? { name: 'ECDSA', hash: params.hash } : { name: params.name };
|
|
226
|
+
return crypto.subtle.verify(algorithm, key, signatureBytes, dataBytes);
|
|
227
|
+
}
|
|
228
|
+
/**
|
|
229
|
+
* Convert JWT ECDSA signature (r||s concatenation) to WebCrypto format
|
|
230
|
+
* JWT uses IEEE P1363 format, WebCrypto uses the same for ECDSA
|
|
231
|
+
*/
|
|
232
|
+
function convertJWTSignatureToWebCrypto(signature, alg) {
|
|
233
|
+
// JWT signatures for ECDSA are already in the r||s format that WebCrypto expects
|
|
234
|
+
// Just need to verify the length is correct
|
|
235
|
+
const expectedLength = alg === 'ES256' ? 64 : alg === 'ES384' ? 96 : 132;
|
|
236
|
+
if (signature.length !== expectedLength) {
|
|
237
|
+
// If signature is DER encoded, we might need to convert it
|
|
238
|
+
// For now, return as-is and let verification fail if format is wrong
|
|
239
|
+
}
|
|
240
|
+
return signature;
|
|
241
|
+
}
|
|
242
|
+
/**
|
|
243
|
+
* Fetch and cache JWKS from a URL
|
|
244
|
+
*/
|
|
245
|
+
async function getKeyFromJWKS(jwksUrl, kid, alg) {
|
|
246
|
+
// Check cache
|
|
247
|
+
const cached = jwksCache.get(jwksUrl);
|
|
248
|
+
if (cached && cached.expiresAt > Date.now()) {
|
|
249
|
+
if (kid && cached.keys.has(kid)) {
|
|
250
|
+
return cached.keys.get(kid);
|
|
251
|
+
}
|
|
252
|
+
// If no kid specified, try to find a key by algorithm
|
|
253
|
+
if (!kid) {
|
|
254
|
+
for (const key of cached.keys.values()) {
|
|
255
|
+
return key; // Return first available key
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
// Fetch JWKS
|
|
260
|
+
const response = await fetch(jwksUrl);
|
|
261
|
+
if (!response.ok) {
|
|
262
|
+
throw new Error(`Failed to fetch JWKS: ${response.status} ${response.statusText}`);
|
|
263
|
+
}
|
|
264
|
+
const jwks = await response.json();
|
|
265
|
+
const keys = new Map();
|
|
266
|
+
for (const jwk of jwks.keys) {
|
|
267
|
+
try {
|
|
268
|
+
const cryptoKey = await importJWK(jwk, alg);
|
|
269
|
+
if (cryptoKey) {
|
|
270
|
+
const keyId = jwk.kid || `${jwk.kty}-${jwk.alg || alg}`;
|
|
271
|
+
keys.set(keyId, cryptoKey);
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
catch {
|
|
275
|
+
// Skip keys that fail to import
|
|
276
|
+
continue;
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
// Cache the keys
|
|
280
|
+
jwksCache.set(jwksUrl, {
|
|
281
|
+
keys,
|
|
282
|
+
expiresAt: Date.now() + JWKS_CACHE_TTL,
|
|
283
|
+
});
|
|
284
|
+
// Find the right key
|
|
285
|
+
if (kid && keys.has(kid)) {
|
|
286
|
+
return keys.get(kid);
|
|
287
|
+
}
|
|
288
|
+
// If no kid, return first compatible key
|
|
289
|
+
if (!kid && keys.size > 0) {
|
|
290
|
+
return keys.values().next().value ?? null;
|
|
291
|
+
}
|
|
292
|
+
return null;
|
|
293
|
+
}
|
|
294
|
+
/**
|
|
295
|
+
* Import a JWK as a CryptoKey
|
|
296
|
+
*/
|
|
297
|
+
async function importJWK(jwk, expectedAlg) {
|
|
298
|
+
const params = getAlgorithmParams(expectedAlg);
|
|
299
|
+
if (jwk.kty === 'RSA' && params.name.startsWith('RSA')) {
|
|
300
|
+
if (!jwk.n || !jwk.e) {
|
|
301
|
+
return null;
|
|
302
|
+
}
|
|
303
|
+
return crypto.subtle.importKey('jwk', {
|
|
304
|
+
kty: 'RSA',
|
|
305
|
+
n: jwk.n,
|
|
306
|
+
e: jwk.e,
|
|
307
|
+
alg: expectedAlg,
|
|
308
|
+
use: 'sig',
|
|
309
|
+
}, {
|
|
310
|
+
name: params.name,
|
|
311
|
+
hash: params.hash,
|
|
312
|
+
}, false, ['verify']);
|
|
313
|
+
}
|
|
314
|
+
if (jwk.kty === 'EC' && params.name === 'ECDSA') {
|
|
315
|
+
if (!jwk.x || !jwk.y || !jwk.crv) {
|
|
316
|
+
return null;
|
|
317
|
+
}
|
|
318
|
+
return crypto.subtle.importKey('jwk', {
|
|
319
|
+
kty: 'EC',
|
|
320
|
+
x: jwk.x,
|
|
321
|
+
y: jwk.y,
|
|
322
|
+
crv: jwk.crv,
|
|
323
|
+
use: 'sig',
|
|
324
|
+
}, {
|
|
325
|
+
name: 'ECDSA',
|
|
326
|
+
namedCurve: jwk.crv,
|
|
327
|
+
}, false, ['verify']);
|
|
328
|
+
}
|
|
329
|
+
return null;
|
|
330
|
+
}
|
|
331
|
+
/**
|
|
332
|
+
* Clear the JWKS cache (useful for testing)
|
|
333
|
+
*/
|
|
334
|
+
export function clearJWKSCache() {
|
|
335
|
+
jwksCache.clear();
|
|
336
|
+
}
|
|
337
|
+
//# sourceMappingURL=jwt.js.map
|
package/dist/jwt.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAoF3C,2CAA2C;AAC3C,MAAM,SAAS,GAAG,IAAI,GAAG,EAA+D,CAAA;AACxF,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAEjD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,UAA4B,EAAE;IAE9B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,GAAG,EAAE,EAAE,gBAAgB,GAAG,KAAK,EAAE,GAAG,OAAO,CAAA;IAEvG,IAAI,CAAC;QACH,gBAAgB;QAChB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAA;QACxE,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAA;QAEnD,gBAAgB;QAChB,IAAI,MAAiB,CAAA;QACrB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAU,CAAC,CAAC,CAAA;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAA;QACxE,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAmB,CAAA;QACvB,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAW,CAAC,CAAC,CAAA;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAA;QACzE,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,MAAM,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACzF,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAc,CAAA;QAClB,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,GAAG,SAAS,CAAA;QACjB,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;YACxE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YAClF,CAAC;YACD,GAAG,GAAG,UAAU,CAAA;QAClB,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8CAA8C,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACjG,CAAC;QAED,mBAAmB;QACnB,MAAM,cAAc,GAAG,MAAM,eAAe,CAC1C,GAAG,SAAS,IAAI,UAAU,EAAE,EAC5B,YAAa,EACb,GAAG,EACH,MAAM,CAAC,GAAG,CACX,CAAA;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACtE,CAAC;QAED,kBAAkB;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QAEzC,mBAAmB;QACnB,IAAI,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnD,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,cAAc,EAAE,CAAC;gBACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YACtE,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,cAAc,EAAE,CAAC;gBACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YAC9E,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,GAAG,cAAc,EAAE,CAAC;gBACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YACrF,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,IAAI,OAAO,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,MAAM,SAAS,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YAC3G,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAC5F,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;YAEnE,MAAM,gBAAgB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;YAC1E,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,qCAAqC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAChG,MAAM;oBACN,OAAO;iBACR,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,mCAAmC;SAChF,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAc,CAAA;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAe,CAAA;QAEpE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,iBAAyB,CAAC;IACpE,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAClD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,OAAO,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,GAAG,cAAc,CAAA;AACnD,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAA;IACnC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;AACzC,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,GAAW;IACvC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AAC7E,CAAC;AASD;;GAEG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;QACvD,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;QACvD,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;QACvD,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;QAChE;YACE,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAA;IACpD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,IAAY,EACZ,SAAiB,EACjB,GAAc,EACd,GAAW;IAEX,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACtC,IAAI,cAAc,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAA;IAE/D,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;IAEtC,6DAA6D;IAC7D,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,cAAc,GAAG,8BAA8B,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAA;IAExG,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;AACxE,CAAC;AAED;;;GAGG;AACH,SAAS,8BAA8B,CAAC,SAAkC,EAAE,GAAW;IACrF,iFAAiF;IACjF,4CAA4C;IAC5C,MAAM,cAAc,GAAG,GAAG,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAA;IACxE,IAAI,SAAS,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACxC,2DAA2D;QAC3D,qEAAqE;IACvE,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,OAAe,EAAE,GAAuB,EAAE,GAAW;IACjF,cAAc;IACd,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACrC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC5C,IAAI,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAE,CAAA;QAC9B,CAAC;QACD,sDAAsD;QACtD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACvC,OAAO,GAAG,CAAA,CAAC,6BAA6B;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,aAAa;IACb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;IACrC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAA;IACpF,CAAC;IAED,MAAM,IAAI,GAAS,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;IACxC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAqB,CAAA;IAEzC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC3C,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAA;gBACvD,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;YAChC,SAAQ;QACV,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE;QACrB,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc;KACvC,CAAC,CAAA;IAEF,qBAAqB;IACrB,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAE,CAAA;IACvB,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,IAAI,CAAA;IAC3C,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,GAAQ,EAAE,WAAmB;IACpD,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAA;IAE9C,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL;YACE,GAAG,EAAE,KAAK;YACV,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,GAAG,EAAE,WAAW;YAChB,GAAG,EAAE,KAAK;SACX,EACD;YACE,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAK;SACnB,EACD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACjC,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL;YACE,GAAG,EAAE,IAAI;YACT,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,KAAK;SACX,EACD;YACE,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,GAAG,CAAC,GAAG;SACpB,EACD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,SAAS,CAAC,KAAK,EAAE,CAAA;AACnB,CAAC"}
|
package/dist/pkce.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAoBhE;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAK7E;AAED;;;;;;;GAOG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,GAAE,MAAe,GACtB,OAAO,CAAC,OAAO,CAAC,CAQlB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,MAAM,GAAE,MAAW,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAIxG;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAU3D;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAWxD;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAW/D;AA6BD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAEzD;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAEzD;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAKtE;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGvF"}
|