@dotdo/oauth 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/dev.d.ts +10 -1
- package/dist/dev.d.ts.map +1 -1
- package/dist/dev.js +6 -5
- package/dist/dev.js.map +1 -1
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -1
- package/dist/jwt-signing.d.ts +133 -0
- package/dist/jwt-signing.d.ts.map +1 -0
- package/dist/jwt-signing.js +173 -0
- package/dist/jwt-signing.js.map +1 -0
- package/dist/jwt.d.ts +17 -11
- package/dist/jwt.d.ts.map +1 -1
- package/dist/jwt.js.map +1 -1
- package/dist/pkce.d.ts.map +1 -1
- package/dist/pkce.js +33 -19
- package/dist/pkce.js.map +1 -1
- package/dist/server.d.ts +19 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +697 -114
- package/dist/server.js.map +1 -1
- package/dist/storage-collections.d.ts +94 -0
- package/dist/storage-collections.d.ts.map +1 -0
- package/dist/storage-collections.js +291 -0
- package/dist/storage-collections.js.map +1 -0
- package/dist/storage-do.d.ts +97 -0
- package/dist/storage-do.d.ts.map +1 -0
- package/dist/storage-do.js +440 -0
- package/dist/storage-do.js.map +1 -0
- package/dist/stripe.d.ts +127 -0
- package/dist/stripe.d.ts.map +1 -0
- package/dist/stripe.js +262 -0
- package/dist/stripe.js.map +1 -0
- package/dist/types.d.ts +38 -8
- package/dist/types.d.ts.map +1 -1
- package/package.json +10 -10
package/dist/dev.d.ts
CHANGED
|
@@ -28,9 +28,18 @@ export interface DevUser {
|
|
|
28
28
|
}
|
|
29
29
|
/**
|
|
30
30
|
* Development mode configuration
|
|
31
|
+
*
|
|
32
|
+
* @warning SECURITY: devMode should NEVER be enabled in production environments.
|
|
33
|
+
* It bypasses upstream OAuth providers and uses simple password authentication,
|
|
34
|
+
* which is insecure for production use. Only use for local development and testing.
|
|
31
35
|
*/
|
|
32
36
|
export interface DevModeConfig {
|
|
33
|
-
/**
|
|
37
|
+
/**
|
|
38
|
+
* Enable dev mode (disables upstream OAuth)
|
|
39
|
+
*
|
|
40
|
+
* @warning SECURITY: Never enable in production! This bypasses all upstream
|
|
41
|
+
* OAuth security and allows simple password-based authentication.
|
|
42
|
+
*/
|
|
34
43
|
enabled: boolean;
|
|
35
44
|
/** Pre-configured test users */
|
|
36
45
|
users?: DevUser[];
|
package/dist/dev.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAuC,MAAM,YAAY,CAAA;AAChF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAGhD;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,cAAc;IACd,EAAE,EAAE,MAAM,CAAA;IACV,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAA;IACb,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED
|
|
1
|
+
{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAuC,MAAM,YAAY,CAAA;AAChF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAGhD;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,cAAc;IACd,EAAE,EAAE,MAAM,CAAA;IACV,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAA;IACb,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;OAKG;IACH,OAAO,EAAE,OAAO,CAAA;IAChB,gCAAgC;IAChC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAA;IACjB,yDAAyD;IACzD,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,6BAA6B;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAA;IAEvF;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QACxE,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,SAAS,EAAE,MAAM,CAAA;KAClB,CAAC,CAAA;IAEF;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAC/C,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;QACb,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,QAAQ,CAAC,EAAE,OAAO,CAAA;QAClB,MAAM,CAAC,EAAE,OAAO,CAAA;QAChB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;KACrC,CAAC,CAAC,CAAA;IAEH;;OAEG;IACH,uBAAuB,CAAC,MAAM,EAAE;QAC9B,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,CAAA;QACd,WAAW,EAAE,MAAM,CAAA;QACnB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,aAAa,EAAE,MAAM,CAAA;KACtB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAEnB;;OAEG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;CAC9E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,YAAY,EACrB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,OAAO,EAAE;IACP,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,WAAW,EAAE,MAAM,CAAA;IACnB,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B,GACA,WAAW,CAuHb;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE;IAC7C,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,GAAG,MAAM,CAoKT"}
|
package/dist/dev.js
CHANGED
|
@@ -18,9 +18,9 @@ export function createTestHelpers(storage, devUsers, options) {
|
|
|
18
18
|
const user = {
|
|
19
19
|
id: userData.id,
|
|
20
20
|
email: userData.email,
|
|
21
|
-
name: userData.name,
|
|
22
|
-
organizationId: userData.organizationId,
|
|
23
|
-
roles: userData.roles,
|
|
21
|
+
...(userData.name !== undefined && { name: userData.name }),
|
|
22
|
+
...(userData.organizationId !== undefined && { organizationId: userData.organizationId }),
|
|
23
|
+
...(userData.roles !== undefined && { roles: userData.roles }),
|
|
24
24
|
createdAt: Date.now(),
|
|
25
25
|
updatedAt: Date.now(),
|
|
26
26
|
};
|
|
@@ -85,7 +85,7 @@ export function createTestHelpers(storage, devUsers, options) {
|
|
|
85
85
|
clientId: params.clientId,
|
|
86
86
|
userId: params.userId,
|
|
87
87
|
redirectUri: params.redirectUri,
|
|
88
|
-
scope: params.scope,
|
|
88
|
+
...(params.scope !== undefined && { scope: params.scope }),
|
|
89
89
|
codeChallenge: params.codeChallenge,
|
|
90
90
|
codeChallengeMethod: 'S256',
|
|
91
91
|
issuedAt: Date.now(),
|
|
@@ -100,11 +100,12 @@ export function createTestHelpers(storage, devUsers, options) {
|
|
|
100
100
|
}
|
|
101
101
|
// If allowAnyCredentials is enabled, create a new user
|
|
102
102
|
if (allowAnyCredentials) {
|
|
103
|
+
const namePart = email.split('@')[0];
|
|
103
104
|
const newUser = {
|
|
104
105
|
id: `dev_${generateToken(12)}`,
|
|
105
106
|
email,
|
|
106
107
|
password,
|
|
107
|
-
name:
|
|
108
|
+
...(namePart && { name: namePart }),
|
|
108
109
|
};
|
|
109
110
|
devUsers.set(email.toLowerCase(), newUser);
|
|
110
111
|
return newUser;
|
package/dist/dev.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev.js","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAA;
|
|
1
|
+
{"version":3,"file":"dev.js","sourceRoot":"","sources":["../src/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAA;AA4FpE;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAqB,EACrB,QAA8B,EAC9B,OAKC;IAED,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAA;IAErF,OAAO;QACL,KAAK,CAAC,UAAU,CAAC,QAAQ;YACvB,MAAM,IAAI,GAAc;gBACtB,EAAE,EAAE,QAAQ,CAAC,EAAE;gBACf,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3D,GAAG,CAAC,QAAQ,CAAC,cAAc,KAAK,SAAS,IAAI,EAAE,cAAc,EAAE,QAAQ,CAAC,cAAc,EAAE,CAAC;gBACzF,GAAG,CAAC,QAAQ,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAC9D,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAA;YAED,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YAE5B,iDAAiD;YACjD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACtB,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE;oBACzC,GAAG,QAAQ;oBACX,QAAQ,EAAE,QAAQ,CAAC,QAAQ;iBACjB,CAAC,CAAA;YACf,CAAC;YAED,OAAO,IAAI,CAAA;QACb,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,GAAG,sBAAsB;YACnE,MAAM,WAAW,GAAG,aAAa,CAAC,EAAE,CAAC,CAAA;YACrC,MAAM,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC,CAAA;YACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YAEtB,MAAM,cAAc,GAAqB;gBACvC,KAAK,EAAE,WAAW;gBAClB,SAAS,EAAE,QAAQ;gBACnB,MAAM;gBACN,QAAQ;gBACR,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE,GAAG,GAAG,cAAc,GAAG,IAAI;aACvC,CAAA;YAED,MAAM,eAAe,GAAsB;gBACzC,KAAK,EAAE,YAAY;gBACnB,MAAM;gBACN,QAAQ;gBACR,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE,GAAG,GAAG,eAAe,GAAG,IAAI;aACxC,CAAA;YAED,MAAM,OAAO,CAAC,eAAe,CAAC,cAAc,CAAC,CAAA;YAC7C,MAAM,OAAO,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAA;YAE/C,OAAO;gBACL,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,cAAc;aAC1B,CAAA;QACH,CAAC;QAED,KAAK,CAAC,iBAAiB,CAAC,MAAM;YAC5B,mDAAmD;YACnD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;YAExE,OAAO;gBACL;oBACE,IAAI,EAAE,oBAAoB;oBAC1B,KAAK,EAAE,WAAW;oBAClB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,KAAc;oBACxB,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,cAAc;iBAC5C;aACF,CAAA;QACH,CAAC;QAED,KAAK,CAAC,uBAAuB,CAAC,MAAM;YAClC,MAAM,IAAI,GAAG,yBAAyB,EAAE,CAAA;YAExC,MAAM,OAAO,CAAC,qBAAqB,CAAC;gBAClC,IAAI;gBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC1D,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,mBAAmB,EAAE,MAAM;gBAC3B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;gBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,GAAG,IAAI;aAC3C,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;QAED,KAAK,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ;YACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA;YAC9C,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAA;YACb,CAAC;YAED,uDAAuD;YACvD,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,OAAO,GAAY;oBACvB,EAAE,EAAE,OAAO,aAAa,CAAC,EAAE,CAAC,EAAE;oBAC9B,KAAK;oBACL,QAAQ;oBACR,GAAG,CAAC,QAAQ,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;iBACpC,CAAA;gBACD,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAA;gBAC1C,OAAO,OAAO,CAAA;YAChB,CAAC;YAED,OAAO,IAAI,CAAA;QACb,CAAC;KACF,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OASrC;IACC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAE1G,OAAO;;;;;qBAKY,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsHhB,MAAM;;;;MAIX,KAAK,CAAC,CAAC,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;;;8BAGxB,QAAQ;;;;qDAIe,QAAQ;wDACL,WAAW;iDAClB,KAAK,IAAI,EAAE;iDACX,KAAK,IAAI,EAAE;0DACF,aAAa;iEACN,mBAAmB;;;;;;;;;;;;;;;;;;;;;QAqB5E,CAAA;AACR,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -45,8 +45,15 @@ export { createTestHelpers, generateLoginFormHtml } from './dev.js';
|
|
|
45
45
|
export type { DevModeConfig, DevUser, TestHelpers } from './dev.js';
|
|
46
46
|
export { MemoryOAuthStorage } from './storage.js';
|
|
47
47
|
export type { OAuthStorage, ListOptions } from './storage.js';
|
|
48
|
+
export { DOSQLiteStorage } from './storage-do.js';
|
|
49
|
+
export type { SqlStorage, SqlStorageResult, OAuthUserWithStripe, SerializedSigningKeyRow } from './storage-do.js';
|
|
50
|
+
export { CollectionsOAuthStorage } from './storage-collections.js';
|
|
48
51
|
export { generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, generatePkce, generateState, generateToken, generateAuthorizationCode, hashClientSecret, verifyClientSecret, base64UrlEncode, base64UrlDecode, constantTimeEqual, } from './pkce.js';
|
|
49
52
|
export { verifyJWT, decodeJWT, isJWTExpired, clearJWKSCache } from './jwt.js';
|
|
50
53
|
export type { JWTVerifyResult, JWTVerifyOptions, JWTHeader, JWTPayload } from './jwt.js';
|
|
54
|
+
export { SigningKeyManager, generateSigningKey, serializeSigningKey, deserializeSigningKey, exportPublicKeyToJWKS, exportKeysToJWKS, signAccessToken, } from './jwt-signing.js';
|
|
55
|
+
export type { SigningKey, SerializedSigningKey, JWKSPublicKey, JWKS, AccessTokenClaims, } from './jwt-signing.js';
|
|
56
|
+
export { ensureStripeCustomer, getStripeCustomer, linkStripeCustomer, handleStripeWebhook, verifyStripeWebhook, verifyStripeWebhookAsync, createStripeClient, } from './stripe.js';
|
|
57
|
+
export type { StripeCustomer, StripeSubscription, StripeWebhookEventType, StripeWebhookEvent, StripeStorage, StripeClient, OAuthUserWithStripe as StripeUser, } from './stripe.js';
|
|
51
58
|
export type { OAuthUser, OAuthOrganization, OAuthClient, OAuthAuthorizationCode, OAuthAccessToken, OAuthRefreshToken, OAuthGrant, OAuthServerMetadata, OAuthResourceMetadata, TokenResponse, OAuthError, UpstreamOAuthConfig, } from './types.js';
|
|
52
59
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACjD,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAGrE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AACnE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAG7D,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAGlB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAC7E,YAAY,EAAE,eAAe,EAAE,gBAAgB,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAGxF,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,UAAU,EACV,mBAAmB,GACpB,MAAM,YAAY,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACjD,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAGrE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AACnE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAG7D,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAA;AAGjH,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAGlE,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAGlB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAC7E,YAAY,EAAE,eAAe,EAAE,gBAAgB,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAGxF,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,GAChB,MAAM,kBAAkB,CAAA;AACzB,YAAY,EACV,UAAU,EACV,oBAAoB,EACpB,aAAa,EACb,IAAI,EACJ,iBAAiB,GAClB,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,cAAc,EACd,kBAAkB,EAClB,sBAAsB,EACtB,kBAAkB,EAClB,aAAa,EACb,YAAY,EACZ,mBAAmB,IAAI,UAAU,GAClC,MAAM,aAAa,CAAA;AAGpB,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,UAAU,EACV,mBAAmB,GACpB,MAAM,YAAY,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -45,8 +45,16 @@ export { createOAuth21Server } from './server.js';
|
|
|
45
45
|
export { createTestHelpers, generateLoginFormHtml } from './dev.js';
|
|
46
46
|
// Storage
|
|
47
47
|
export { MemoryOAuthStorage } from './storage.js';
|
|
48
|
+
// DO SQLite Storage (legacy - use CollectionsOAuthStorage instead)
|
|
49
|
+
export { DOSQLiteStorage } from './storage-do.js';
|
|
50
|
+
// Collections-based Storage (preferred - no migrations needed)
|
|
51
|
+
export { CollectionsOAuthStorage } from './storage-collections.js';
|
|
48
52
|
// PKCE
|
|
49
53
|
export { generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, generatePkce, generateState, generateToken, generateAuthorizationCode, hashClientSecret, verifyClientSecret, base64UrlEncode, base64UrlDecode, constantTimeEqual, } from './pkce.js';
|
|
50
54
|
// JWT Verification
|
|
51
55
|
export { verifyJWT, decodeJWT, isJWTExpired, clearJWKSCache } from './jwt.js';
|
|
56
|
+
// JWT Signing
|
|
57
|
+
export { SigningKeyManager, generateSigningKey, serializeSigningKey, deserializeSigningKey, exportPublicKeyToJWKS, exportKeysToJWKS, signAccessToken, } from './jwt-signing.js';
|
|
58
|
+
// Stripe Integration
|
|
59
|
+
export { ensureStripeCustomer, getStripeCustomer, linkStripeCustomer, handleStripeWebhook, verifyStripeWebhook, verifyStripeWebhookAsync, createStripeClient, } from './stripe.js';
|
|
52
60
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,SAAS;AACT,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AAGjD,0BAA0B;AAC1B,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AAGnE,UAAU;AACV,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AAGjD,OAAO;AACP,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAElB,mBAAmB;AACnB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,SAAS;AACT,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AAGjD,0BAA0B;AAC1B,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AAGnE,UAAU;AACV,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AAGjD,mEAAmE;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAGjD,+DAA+D;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAElE,OAAO;AACP,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,aAAa,EACb,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAA;AAElB,mBAAmB;AACnB,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAG7E,cAAc;AACd,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,GAChB,MAAM,kBAAkB,CAAA;AASzB,qBAAqB;AACrB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,aAAa,CAAA"}
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @dotdo/oauth - JWT Signing Key Management
|
|
3
|
+
*
|
|
4
|
+
* Manages RSA-2048 signing keys for JWT token issuance.
|
|
5
|
+
* Supports key generation, storage/retrieval, and JWKS export.
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* JWT Signing Key with public/private key pair
|
|
9
|
+
*/
|
|
10
|
+
export interface SigningKey {
|
|
11
|
+
/** Key identifier */
|
|
12
|
+
kid: string;
|
|
13
|
+
/** Algorithm (always RS256) */
|
|
14
|
+
alg: 'RS256';
|
|
15
|
+
/** Private key for signing */
|
|
16
|
+
privateKey: CryptoKey;
|
|
17
|
+
/** Public key for verification */
|
|
18
|
+
publicKey: CryptoKey;
|
|
19
|
+
/** When the key was created */
|
|
20
|
+
createdAt: number;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* JWKS format for public key exposure
|
|
24
|
+
*/
|
|
25
|
+
export interface JWKSPublicKey {
|
|
26
|
+
kty: 'RSA';
|
|
27
|
+
kid: string;
|
|
28
|
+
use: 'sig';
|
|
29
|
+
alg: 'RS256';
|
|
30
|
+
n: string;
|
|
31
|
+
e: string;
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* JWKS document format
|
|
35
|
+
*/
|
|
36
|
+
export interface JWKS {
|
|
37
|
+
keys: JWKSPublicKey[];
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Serialized key for storage
|
|
41
|
+
*/
|
|
42
|
+
export interface SerializedSigningKey {
|
|
43
|
+
kid: string;
|
|
44
|
+
alg: 'RS256';
|
|
45
|
+
privateKeyJwk: JsonWebKey;
|
|
46
|
+
publicKeyJwk: JsonWebKey;
|
|
47
|
+
createdAt: number;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* JWT Claims for access tokens
|
|
51
|
+
*/
|
|
52
|
+
export interface AccessTokenClaims {
|
|
53
|
+
/** Subject (user ID) */
|
|
54
|
+
sub: string;
|
|
55
|
+
/** Client ID */
|
|
56
|
+
client_id: string;
|
|
57
|
+
/** Scopes */
|
|
58
|
+
scope?: string;
|
|
59
|
+
/** Additional claims */
|
|
60
|
+
[key: string]: unknown;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Generate a new RSA-2048 signing key pair
|
|
64
|
+
*/
|
|
65
|
+
export declare function generateSigningKey(kid?: string): Promise<SigningKey>;
|
|
66
|
+
/**
|
|
67
|
+
* Export a signing key to serializable format for storage
|
|
68
|
+
*/
|
|
69
|
+
export declare function serializeSigningKey(key: SigningKey): Promise<SerializedSigningKey>;
|
|
70
|
+
/**
|
|
71
|
+
* Import a signing key from serialized format
|
|
72
|
+
*/
|
|
73
|
+
export declare function deserializeSigningKey(serialized: SerializedSigningKey): Promise<SigningKey>;
|
|
74
|
+
/**
|
|
75
|
+
* Export public key to JWKS format
|
|
76
|
+
*/
|
|
77
|
+
export declare function exportPublicKeyToJWKS(key: SigningKey): Promise<JWKSPublicKey>;
|
|
78
|
+
/**
|
|
79
|
+
* Export multiple keys to JWKS document
|
|
80
|
+
*/
|
|
81
|
+
export declare function exportKeysToJWKS(keys: SigningKey[]): Promise<JWKS>;
|
|
82
|
+
/**
|
|
83
|
+
* Sign a JWT with the given claims
|
|
84
|
+
*/
|
|
85
|
+
export declare function signAccessToken(key: SigningKey, claims: AccessTokenClaims, options: {
|
|
86
|
+
issuer: string;
|
|
87
|
+
audience?: string;
|
|
88
|
+
expiresIn?: number;
|
|
89
|
+
}): Promise<string>;
|
|
90
|
+
/**
|
|
91
|
+
* Signing Key Manager - handles key storage and rotation
|
|
92
|
+
*/
|
|
93
|
+
export declare class SigningKeyManager {
|
|
94
|
+
private options;
|
|
95
|
+
private keys;
|
|
96
|
+
private currentKeyIndex;
|
|
97
|
+
constructor(options?: {
|
|
98
|
+
maxKeys?: number;
|
|
99
|
+
});
|
|
100
|
+
/**
|
|
101
|
+
* Get the current signing key, generating one if needed
|
|
102
|
+
*/
|
|
103
|
+
getCurrentKey(): Promise<SigningKey>;
|
|
104
|
+
/**
|
|
105
|
+
* Get all keys (for JWKS endpoint)
|
|
106
|
+
*/
|
|
107
|
+
getAllKeys(): SigningKey[];
|
|
108
|
+
/**
|
|
109
|
+
* Rotate to a new key
|
|
110
|
+
*/
|
|
111
|
+
rotateKey(): Promise<SigningKey>;
|
|
112
|
+
/**
|
|
113
|
+
* Load keys from serialized format
|
|
114
|
+
*/
|
|
115
|
+
loadKeys(serializedKeys: SerializedSigningKey[]): Promise<void>;
|
|
116
|
+
/**
|
|
117
|
+
* Export keys to serializable format
|
|
118
|
+
*/
|
|
119
|
+
exportKeys(): Promise<SerializedSigningKey[]>;
|
|
120
|
+
/**
|
|
121
|
+
* Export to JWKS format
|
|
122
|
+
*/
|
|
123
|
+
toJWKS(): Promise<JWKS>;
|
|
124
|
+
/**
|
|
125
|
+
* Sign an access token with the current key
|
|
126
|
+
*/
|
|
127
|
+
signAccessToken(claims: AccessTokenClaims, options: {
|
|
128
|
+
issuer: string;
|
|
129
|
+
audience?: string;
|
|
130
|
+
expiresIn?: number;
|
|
131
|
+
}): Promise<string>;
|
|
132
|
+
}
|
|
133
|
+
//# sourceMappingURL=jwt-signing.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-signing.d.ts","sourceRoot":"","sources":["../src/jwt-signing.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,+BAA+B;IAC/B,GAAG,EAAE,OAAO,CAAA;IACZ,8BAA8B;IAC9B,UAAU,EAAE,SAAS,CAAA;IACrB,kCAAkC;IAClC,SAAS,EAAE,SAAS,CAAA;IACpB,+BAA+B;IAC/B,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,KAAK,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,KAAK,CAAA;IACV,GAAG,EAAE,OAAO,CAAA;IACZ,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,aAAa,EAAE,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,OAAO,CAAA;IACZ,aAAa,EAAE,UAAU,CAAA;IACzB,YAAY,EAAE,UAAU,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAA;IACX,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa;IACb,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAmB1E;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAaxF;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,UAAU,EAAE,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC,CAyBjG;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAWnF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAGxE;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,UAAU,EACf,MAAM,EAAE,iBAAiB,EACzB,OAAO,EAAE;IACP,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAgCjB;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAIhB,OAAO,CAAC,OAAO;IAH3B,OAAO,CAAC,IAAI,CAAmB;IAC/B,OAAO,CAAC,eAAe,CAAI;gBAEP,OAAO,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO;IAItD;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC;IAQ1C;;OAEG;IACH,UAAU,IAAI,UAAU,EAAE;IAI1B;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC;IAatC;;OAEG;IACG,QAAQ,CAAC,cAAc,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAKrE;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAInD;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7B;;OAEG;IACG,eAAe,CACnB,MAAM,EAAE,iBAAiB,EACzB,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,MAAM,CAAC;CAInB"}
|
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @dotdo/oauth - JWT Signing Key Management
|
|
3
|
+
*
|
|
4
|
+
* Manages RSA-2048 signing keys for JWT token issuance.
|
|
5
|
+
* Supports key generation, storage/retrieval, and JWKS export.
|
|
6
|
+
*/
|
|
7
|
+
import { base64UrlEncode } from './pkce.js';
|
|
8
|
+
/**
|
|
9
|
+
* Generate a new RSA-2048 signing key pair
|
|
10
|
+
*/
|
|
11
|
+
export async function generateSigningKey(kid) {
|
|
12
|
+
const keyPair = await crypto.subtle.generateKey({
|
|
13
|
+
name: 'RSASSA-PKCS1-v1_5',
|
|
14
|
+
modulusLength: 2048,
|
|
15
|
+
publicExponent: new Uint8Array([1, 0, 1]),
|
|
16
|
+
hash: 'SHA-256',
|
|
17
|
+
}, true, // extractable
|
|
18
|
+
['sign', 'verify']);
|
|
19
|
+
return {
|
|
20
|
+
kid: kid || `oauth-do-key-${Date.now()}`,
|
|
21
|
+
alg: 'RS256',
|
|
22
|
+
privateKey: keyPair.privateKey,
|
|
23
|
+
publicKey: keyPair.publicKey,
|
|
24
|
+
createdAt: Date.now(),
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Export a signing key to serializable format for storage
|
|
29
|
+
*/
|
|
30
|
+
export async function serializeSigningKey(key) {
|
|
31
|
+
const [privateKeyJwk, publicKeyJwk] = await Promise.all([
|
|
32
|
+
crypto.subtle.exportKey('jwk', key.privateKey),
|
|
33
|
+
crypto.subtle.exportKey('jwk', key.publicKey),
|
|
34
|
+
]);
|
|
35
|
+
return {
|
|
36
|
+
kid: key.kid,
|
|
37
|
+
alg: key.alg,
|
|
38
|
+
privateKeyJwk,
|
|
39
|
+
publicKeyJwk,
|
|
40
|
+
createdAt: key.createdAt,
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Import a signing key from serialized format
|
|
45
|
+
*/
|
|
46
|
+
export async function deserializeSigningKey(serialized) {
|
|
47
|
+
const [privateKey, publicKey] = await Promise.all([
|
|
48
|
+
crypto.subtle.importKey('jwk', serialized.privateKeyJwk, { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, true, ['sign']),
|
|
49
|
+
crypto.subtle.importKey('jwk', serialized.publicKeyJwk, { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, true, ['verify']),
|
|
50
|
+
]);
|
|
51
|
+
return {
|
|
52
|
+
kid: serialized.kid,
|
|
53
|
+
alg: serialized.alg,
|
|
54
|
+
privateKey,
|
|
55
|
+
publicKey,
|
|
56
|
+
createdAt: serialized.createdAt,
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Export public key to JWKS format
|
|
61
|
+
*/
|
|
62
|
+
export async function exportPublicKeyToJWKS(key) {
|
|
63
|
+
const jwk = await crypto.subtle.exportKey('jwk', key.publicKey);
|
|
64
|
+
return {
|
|
65
|
+
kty: 'RSA',
|
|
66
|
+
kid: key.kid,
|
|
67
|
+
use: 'sig',
|
|
68
|
+
alg: 'RS256',
|
|
69
|
+
n: jwk.n,
|
|
70
|
+
e: jwk.e,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Export multiple keys to JWKS document
|
|
75
|
+
*/
|
|
76
|
+
export async function exportKeysToJWKS(keys) {
|
|
77
|
+
const publicKeys = await Promise.all(keys.map(exportPublicKeyToJWKS));
|
|
78
|
+
return { keys: publicKeys };
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Sign a JWT with the given claims
|
|
82
|
+
*/
|
|
83
|
+
export async function signAccessToken(key, claims, options) {
|
|
84
|
+
const { issuer, audience, expiresIn = 3600 } = options;
|
|
85
|
+
const now = Math.floor(Date.now() / 1000);
|
|
86
|
+
const header = {
|
|
87
|
+
alg: 'RS256',
|
|
88
|
+
typ: 'JWT',
|
|
89
|
+
kid: key.kid,
|
|
90
|
+
};
|
|
91
|
+
const payload = {
|
|
92
|
+
...claims,
|
|
93
|
+
iss: issuer,
|
|
94
|
+
...(audience && { aud: audience }),
|
|
95
|
+
iat: now,
|
|
96
|
+
exp: now + expiresIn,
|
|
97
|
+
};
|
|
98
|
+
const encoder = new TextEncoder();
|
|
99
|
+
const headerB64 = base64UrlEncode(encoder.encode(JSON.stringify(header)).buffer);
|
|
100
|
+
const payloadB64 = base64UrlEncode(encoder.encode(JSON.stringify(payload)).buffer);
|
|
101
|
+
const data = `${headerB64}.${payloadB64}`;
|
|
102
|
+
const signature = await crypto.subtle.sign({ name: 'RSASSA-PKCS1-v1_5' }, key.privateKey, encoder.encode(data));
|
|
103
|
+
const signatureB64 = base64UrlEncode(signature);
|
|
104
|
+
return `${data}.${signatureB64}`;
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Signing Key Manager - handles key storage and rotation
|
|
108
|
+
*/
|
|
109
|
+
export class SigningKeyManager {
|
|
110
|
+
options;
|
|
111
|
+
keys = [];
|
|
112
|
+
currentKeyIndex = 0;
|
|
113
|
+
constructor(options = {}) {
|
|
114
|
+
this.options = options;
|
|
115
|
+
this.options.maxKeys = options.maxKeys ?? 2;
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* Get the current signing key, generating one if needed
|
|
119
|
+
*/
|
|
120
|
+
async getCurrentKey() {
|
|
121
|
+
if (this.keys.length === 0) {
|
|
122
|
+
const key = await generateSigningKey();
|
|
123
|
+
this.keys.push(key);
|
|
124
|
+
}
|
|
125
|
+
return this.keys[this.currentKeyIndex];
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Get all keys (for JWKS endpoint)
|
|
129
|
+
*/
|
|
130
|
+
getAllKeys() {
|
|
131
|
+
return [...this.keys];
|
|
132
|
+
}
|
|
133
|
+
/**
|
|
134
|
+
* Rotate to a new key
|
|
135
|
+
*/
|
|
136
|
+
async rotateKey() {
|
|
137
|
+
const newKey = await generateSigningKey();
|
|
138
|
+
this.keys.push(newKey);
|
|
139
|
+
// Remove old keys if we exceed maxKeys
|
|
140
|
+
while (this.keys.length > this.options.maxKeys) {
|
|
141
|
+
this.keys.shift();
|
|
142
|
+
}
|
|
143
|
+
this.currentKeyIndex = this.keys.length - 1;
|
|
144
|
+
return newKey;
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Load keys from serialized format
|
|
148
|
+
*/
|
|
149
|
+
async loadKeys(serializedKeys) {
|
|
150
|
+
this.keys = await Promise.all(serializedKeys.map(deserializeSigningKey));
|
|
151
|
+
this.currentKeyIndex = this.keys.length - 1;
|
|
152
|
+
}
|
|
153
|
+
/**
|
|
154
|
+
* Export keys to serializable format
|
|
155
|
+
*/
|
|
156
|
+
async exportKeys() {
|
|
157
|
+
return Promise.all(this.keys.map(serializeSigningKey));
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Export to JWKS format
|
|
161
|
+
*/
|
|
162
|
+
async toJWKS() {
|
|
163
|
+
return exportKeysToJWKS(this.keys);
|
|
164
|
+
}
|
|
165
|
+
/**
|
|
166
|
+
* Sign an access token with the current key
|
|
167
|
+
*/
|
|
168
|
+
async signAccessToken(claims, options) {
|
|
169
|
+
const key = await this.getCurrentKey();
|
|
170
|
+
return signAccessToken(key, claims, options);
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
//# sourceMappingURL=jwt-signing.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-signing.js","sourceRoot":"","sources":["../src/jwt-signing.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AA8D3C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,GAAY;IACnD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C;QACE,IAAI,EAAE,mBAAmB;QACzB,aAAa,EAAE,IAAI;QACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACzC,IAAI,EAAE,SAAS;KAChB,EACD,IAAI,EAAE,cAAc;IACpB,CAAC,MAAM,EAAE,QAAQ,CAAC,CACF,CAAA;IAElB,OAAO;QACL,GAAG,EAAE,GAAG,IAAI,gBAAgB,IAAI,CAAC,GAAG,EAAE,EAAE;QACxC,GAAG,EAAE,OAAO;QACZ,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe;IACvD,MAAM,CAAC,aAAa,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACtD,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,UAAU,CAAwB;QACrE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAwB;KACrE,CAAC,CAAA;IAEF,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,aAAa;QACb,YAAY;QACZ,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,UAAgC;IAC1E,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,SAAS,CACrB,KAAK,EACL,UAAU,CAAC,aAAa,EACxB,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9C,IAAI,EACJ,CAAC,MAAM,CAAC,CACT;QACD,MAAM,CAAC,MAAM,CAAC,SAAS,CACrB,KAAK,EACL,UAAU,CAAC,YAAY,EACvB,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9C,IAAI,EACJ,CAAC,QAAQ,CAAC,CACX;KACF,CAAC,CAAA;IAEF,OAAO;QACL,GAAG,EAAE,UAAU,CAAC,GAAG;QACnB,GAAG,EAAE,UAAU,CAAC,GAAG;QACnB,UAAU;QACV,SAAS;QACT,SAAS,EAAE,UAAU,CAAC,SAAS;KAChC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAe,CAAA;IAE7E,OAAO;QACL,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,OAAO;QACZ,CAAC,EAAE,GAAG,CAAC,CAAE;QACT,CAAC,EAAE,GAAG,CAAC,CAAE;KACV,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAkB;IACvD,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAA;IACrE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,GAAe,EACf,MAAyB,EACzB,OAIC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IAEzC,MAAM,MAAM,GAAG;QACb,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,GAAG,CAAC,GAAG;KACb,CAAA;IAED,MAAM,OAAO,GAAG;QACd,GAAG,MAAM;QACT,GAAG,EAAE,MAAM;QACX,GAAG,CAAC,QAAQ,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;QAClC,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,SAAS;KACrB,CAAA;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,MAAqB,CAAC,CAAA;IAC/F,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,MAAqB,CAAC,CAAA;IACjG,MAAM,IAAI,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;IAEzC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAC7B,GAAG,CAAC,UAAU,EACd,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CACrB,CAAA;IAED,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAA;IAE/C,OAAO,GAAG,IAAI,IAAI,YAAY,EAAE,CAAA;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAIR;IAHZ,IAAI,GAAiB,EAAE,CAAA;IACvB,eAAe,GAAG,CAAC,CAAA;IAE3B,YAAoB,UAAgC,EAAE;QAAlC,YAAO,GAAP,OAAO,CAA2B;QACpD,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,CAAA;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,kBAAkB,EAAE,CAAA;YACtC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACrB,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAE,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,MAAM,MAAM,GAAG,MAAM,kBAAkB,EAAE,CAAA;QACzC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEtB,uCAAuC;QACvC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAQ,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAA;QACnB,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;QAC3C,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,cAAsC;QACnD,IAAI,CAAC,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAA;QACxE,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAA;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,MAAyB,EACzB,OAIC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAA;QACtC,OAAO,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9C,CAAC;CACF"}
|
package/dist/jwt.d.ts
CHANGED
|
@@ -6,18 +6,24 @@
|
|
|
6
6
|
* fetches public keys from JWKS endpoints.
|
|
7
7
|
*/
|
|
8
8
|
/**
|
|
9
|
-
* Result of JWT verification
|
|
9
|
+
* Result of JWT verification - discriminated union based on validity
|
|
10
10
|
*/
|
|
11
|
-
export
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
11
|
+
export type JWTVerifyResult = {
|
|
12
|
+
valid: true;
|
|
13
|
+
payload: JWTPayload;
|
|
14
|
+
header: JWTHeader;
|
|
15
|
+
error?: undefined;
|
|
16
|
+
} | {
|
|
17
|
+
valid: false;
|
|
18
|
+
error: string;
|
|
19
|
+
payload?: undefined;
|
|
20
|
+
header?: undefined;
|
|
21
|
+
} | {
|
|
22
|
+
valid: false;
|
|
23
|
+
error: string;
|
|
24
|
+
payload: JWTPayload;
|
|
25
|
+
header: JWTHeader;
|
|
26
|
+
};
|
|
21
27
|
/**
|
|
22
28
|
* JWT Header
|
|
23
29
|
*/
|
package/dist/jwt.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,SAAS,CAAC;IAAC,KAAK,CAAC,EAAE,SAAS,CAAA;CAAE,GAC1E;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,SAAS,CAAA;CAAE,GACxE;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,SAAS,CAAA;CAAE,CAAA;AAE3E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,mCAAmC;IACnC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,6BAA6B;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,cAAc;IACd,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IACvB,uCAAuC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,kCAAkC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,iCAAiC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,sBAAsB;IACtB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,iDAAiD;IACjD,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IAC5B,qDAAqD;IACrD,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,sEAAsE;IACtE,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,4BAA4B;IAC5B,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B;AA4BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,eAAe,CAAC,CAiH1B;AAED;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GAAG,IAAI,CAc1F;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,GAAE,MAAU,GAAG,OAAO,CAQ/E;AA4MD;;GAEG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAErC"}
|
package/dist/jwt.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAoF3C,2CAA2C;AAC3C,MAAM,SAAS,GAAG,IAAI,GAAG,EAA+D,CAAA;AACxF,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAEjD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,UAA4B,EAAE;IAE9B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,GAAG,EAAE,EAAE,gBAAgB,GAAG,KAAK,EAAE,GAAG,OAAO,CAAA;IAEvG,IAAI,CAAC;QACH,gBAAgB;QAChB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAA;QACxE,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAA;QAEnD,gBAAgB;QAChB,IAAI,MAAiB,CAAA;QACrB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAU,CAAC,CAAC,CAAA;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAA;QACxE,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAmB,CAAA;QACvB,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAW,CAAC,CAAC,CAAA;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAA;QACzE,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,MAAM,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACzF,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAc,CAAA;QAClB,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,GAAG,SAAS,CAAA;QACjB,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;YACxE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YAClF,CAAC;YACD,GAAG,GAAG,UAAU,CAAA;QAClB,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8CAA8C,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACjG,CAAC;QAED,mBAAmB;QACnB,MAAM,cAAc,GAAG,MAAM,eAAe,CAC1C,GAAG,SAAS,IAAI,UAAU,EAAE,EAC5B,YAAa,EACb,GAAG,EACH,MAAM,CAAC,GAAG,CACX,CAAA;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;QACtE,CAAC;QAED,kBAAkB;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QAEzC,mBAAmB;QACnB,IAAI,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnD,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,cAAc,EAAE,CAAC;gBACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YACtE,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,cAAc,EAAE,CAAC;gBACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YAC9E,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,GAAG,cAAc,EAAE,CAAC;gBACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YACrF,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,IAAI,OAAO,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,MAAM,SAAS,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;YAC3G,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAC5F,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;YAEnE,MAAM,gBAAgB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;YAC1E,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,qCAAqC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAChG,MAAM;oBACN,OAAO;iBACR,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,mCAAmC;SAChF,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAc,CAAA;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAe,CAAA;QAEpE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,iBAAyB,CAAC;IACpE,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;IAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAClD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,OAAO,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,GAAG,cAAc,CAAA;AACnD,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAA;IACnC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;AACzC,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,GAAW;IACvC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AAC7E,CAAC;AASD;;GAEG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;QACvD,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;QACvD,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;QACvD,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;QAChE;YACE,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAA;IACpD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,IAAY,EACZ,SAAiB,EACjB,GAAc,EACd,GAAW;IAEX,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACtC,IAAI,cAAc,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAA;IAE/D,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;IAEtC,6DAA6D;IAC7D,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,cAAc,GAAG,8BAA8B,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAA;IAExG,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;AACxE,CAAC;AAED;;;GAGG;AACH,SAAS,8BAA8B,CAAC,SAAkC,EAAE,GAAW;IACrF,iFAAiF;IACjF,4CAA4C;IAC5C,MAAM,cAAc,GAAG,GAAG,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAA;IACxE,IAAI,SAAS,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACxC,2DAA2D;QAC3D,qEAAqE;IACvE,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,OAAe,EAAE,GAAuB,EAAE,GAAW;IACjF,cAAc;IACd,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACrC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC5C,IAAI,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAE,CAAA;QAC9B,CAAC;QACD,sDAAsD;QACtD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACvC,OAAO,GAAG,CAAA,CAAC,6BAA6B;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,aAAa;IACb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAA;IACrC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAA;IACpF,CAAC;IAED,MAAM,IAAI,GAAS,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;IACxC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAqB,CAAA;IAEzC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC3C,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAA;gBACvD,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;YAChC,SAAQ;QACV,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE;QACrB,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc;KACvC,CAAC,CAAA;IAEF,qBAAqB;IACrB,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAE,CAAA;IACvB,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,IAAI,CAAA;IAC3C,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,GAAQ,EAAE,WAAmB;IACpD,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAA;IAE9C,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL;YACE,GAAG,EAAE,KAAK;YACV,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,GAAG,EAAE,WAAW;YAChB,GAAG,EAAE,KAAK;SACX,EACD;YACE,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAK;SACnB,EACD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACjC,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL;YACE,GAAG,EAAE,IAAI;YACT,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,KAAK;SACX,EACD;YACE,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,GAAG,CAAC,GAAG;SACpB,EACD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,SAAS,CAAC,KAAK,EAAE,CAAA;AACnB,CAAC"}
|
package/dist/pkce.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAoBhE;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAK7E;AAED;;;;;;;GAOG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,GAAE,MAAe,GACtB,OAAO,CAAC,OAAO,CAAC,CAQlB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,MAAM,GAAE,MAAW,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAIxG;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAU3D;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAWxD;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAW/D;AA6BD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAEzD;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAEzD;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAKtE;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGvF"}
|