@epsbv/oauth-sdk 1.0.1

package/.env

@@ -0,0 +1,4 @@
+NODE_ENV="production"
+
+IDENTITY_DNS="http://localhost:7550"
+OAUTH_DNS="https://localhost:7560"

package/build/client.d.ts

@@ -0,0 +1,10 @@
+import { ClientOptions } from "./types";
+import { FetchMethod, FetchOptions } from "./utils/fetch";
+export declare class ApiClient {
+    private baseUrl;
+    private token;
+    protected constructor({ token, baseUrl }: ClientOptions);
+    protected fetchUrlEncoded<T = never>(endpoint: string, method: FetchMethod, params?: FetchOptions): Promise<T>;
+    protected fetchMultipart<T = never>(endpoint: string, method: FetchMethod, params?: FetchOptions): Promise<T>;
+    protected get options(): ClientOptions;
+}

package/build/client.js

@@ -0,0 +1,24 @@
+import { fetchMultipart, fetchUrlEncoded } from "./utils/fetch";
+export class ApiClient {
+    baseUrl;
+    token;
+    constructor({ token, baseUrl }) {
+        this.token = token;
+        this.baseUrl = baseUrl;
+    }
+    async fetchUrlEncoded(endpoint, method, params) {
+        const headers = new Headers(params?.headers ?? {});
+        headers.append('User-Agent', 'eps/sdk-client');
+        headers.append('Authorization', `Bearer ${this.token}`);
+        return await fetchUrlEncoded(`${this.baseUrl}${endpoint}`, method, { body: params?.body ?? null, headers });
+    }
+    async fetchMultipart(endpoint, method, params) {
+        const headers = new Headers(params?.headers ?? {});
+        headers.append('User-Agent', 'eps/sdk-client');
+        headers.append('Authorization', `Bearer ${this.token}`);
+        return await fetchMultipart(`${this.baseUrl}${endpoint}`, method, { body: params?.body ?? null, headers });
+    }
+    get options() {
+        return { token: this.token, baseUrl: this.baseUrl };
+    }
+}

package/build/const.d.ts

@@ -0,0 +1,2 @@
+export declare const apiUrl = "https://identity.eps-connect.eu";
+export declare const oauthUrl = "https://oauth.eps-connect.eu";

package/build/const.js

@@ -0,0 +1,3 @@
+// This file is auto-generated. Do not edit manually.
+export const apiUrl = "https://identity.eps-connect.eu";
+export const oauthUrl = "https://oauth.eps-connect.eu";

package/build/error.d.ts

@@ -0,0 +1,20 @@
+export declare class FetchError extends Error {
+    constructor(cause: unknown);
+}
+export declare class RequestError extends Error {
+    code: string;
+    description: string | null;
+    uri: string | null;
+    state: string | null;
+    constructor(code: string, description: string | null, uri: string | null, state: string | null);
+    static create(result: object): RequestError;
+}
+export declare class UnexpectedResponseError extends Error {
+    status: number;
+    constructor(responseStatus: number);
+}
+export declare class UnexpectedErrorResponseBodyError extends Error {
+    status: number;
+    data: unknown;
+    constructor(status: number, data: unknown);
+}

package/build/error.js

@@ -0,0 +1,67 @@
+export class FetchError extends Error {
+    constructor(cause) {
+        super("Failed to send request", {
+            cause
+        });
+    }
+}
+export class RequestError extends Error {
+    code;
+    description;
+    uri;
+    state;
+    constructor(code, description, uri, state) {
+        super(`OAuth request error: ${code}`);
+        this.code = code;
+        this.description = description;
+        this.uri = uri;
+        this.state = state;
+    }
+    static create(result) {
+        let code;
+        if ("error" in result && typeof result.error === "string") {
+            code = result.error;
+        }
+        else {
+            throw new Error("Invalid error response");
+        }
+        let description = null;
+        let uri = null;
+        let state = null;
+        if ("error_description" in result) {
+            if (typeof result.error_description !== "string") {
+                throw new Error("Invalid data");
+            }
+            description = result.error_description;
+        }
+        if ("error_uri" in result) {
+            if (typeof result.error_uri !== "string") {
+                throw new Error("Invalid data");
+            }
+            uri = result.error_uri;
+        }
+        if ("state" in result) {
+            if (typeof result.state !== "string") {
+                throw new Error("Invalid data");
+            }
+            state = result.state;
+        }
+        return new RequestError(code, description, uri, state);
+    }
+}
+export class UnexpectedResponseError extends Error {
+    status;
+    constructor(responseStatus) {
+        super("Unexpected error response");
+        this.status = responseStatus;
+    }
+}
+export class UnexpectedErrorResponseBodyError extends Error {
+    status;
+    data;
+    constructor(status, data) {
+        super("Unexpected error response body");
+        this.status = status;
+        this.data = data;
+    }
+}

package/build/identity/index.d.ts

@@ -0,0 +1,35 @@
+import { Device, Identity } from "./types";
+import { ApiClient } from "../client";
+import { ClientOptions, Language } from "../types";
+export * from './types';
+export declare class IdentityClient extends ApiClient {
+    constructor({ token }: Omit<ClientOptions, 'baseUrl'>);
+    get info(): Identity$Info;
+    get avatar(): Identity$Avatar;
+    get devices(): Identity$Devices;
+}
+declare class Identity$Info extends ApiClient {
+    constructor(options: ClientOptions);
+    get(): Promise<Identity>;
+    delete(): Promise<never>;
+    update(body: {
+        first_name: string;
+        last_name: string;
+        language: Language;
+    }): Promise<{}>;
+}
+declare class Identity$Avatar extends ApiClient {
+    constructor(options: ClientOptions);
+    get(): Promise<string>;
+    delete(): Promise<never>;
+    update(body: {
+        avatar: File;
+    }): Promise<{}>;
+}
+declare class Identity$Devices extends ApiClient {
+    constructor(options: ClientOptions);
+    get(): Promise<Device[]>;
+    delete({ id }: {
+        id: string;
+    }): Promise<never>;
+}

package/build/identity/index.js

@@ -0,0 +1,56 @@
+import { ApiClient } from "../client";
+import { apiUrl } from "../const";
+export * from './types';
+export class IdentityClient extends ApiClient {
+    constructor({ token }) {
+        super({ token, baseUrl: apiUrl });
+    }
+    get info() {
+        return new Identity$Info(this.options);
+    }
+    get avatar() {
+        return new Identity$Avatar(this.options);
+    }
+    get devices() {
+        return new Identity$Devices(this.options);
+    }
+}
+class Identity$Info extends ApiClient {
+    constructor(options) {
+        super(options);
+    }
+    async get() {
+        return await this.fetchUrlEncoded('/e/identity', 'GET');
+    }
+    async delete() {
+        return await this.fetchUrlEncoded('/e/identity', 'DELETE');
+    }
+    async update(body) {
+        return await this.fetchUrlEncoded('/e/identity', 'PUT', { body });
+    }
+}
+class Identity$Avatar extends ApiClient {
+    constructor(options) {
+        super(options);
+    }
+    async get() {
+        return await this.fetchUrlEncoded('/e/identity/avatar', 'GET');
+    }
+    async delete() {
+        return await this.fetchUrlEncoded('/e/identity/avatar', 'DELETE');
+    }
+    async update(body) {
+        return await this.fetchMultipart('/e/identity/avatar', 'PUT', { body });
+    }
+}
+class Identity$Devices extends ApiClient {
+    constructor(options) {
+        super(options);
+    }
+    async get() {
+        return await this.fetchUrlEncoded('/e/identity/devices', 'GET');
+    }
+    async delete({ id }) {
+        return await this.fetchUrlEncoded(`/e/identity/devices/${id}`, 'DELETE');
+    }
+}

package/build/identity/types.d.ts

@@ -0,0 +1,22 @@
+import { Language } from "../types";
+export interface Identity {
+    uid: string;
+    admin: boolean;
+    email: string;
+    avatar?: string;
+    first_name: string;
+    last_name: string;
+    language: Language;
+    provider: 'google' | 'internal' | 'microsoft' | 'apple';
+    provider_id: string | undefined;
+    created_at: Date;
+    updated_at: Date;
+    verified_at?: Date;
+}
+export interface Device {
+    id: string;
+    name: string;
+    type: string;
+    created_at: Date;
+    activity_at: Date;
+}

package/build/identity/types.js

@@ -0,0 +1 @@
+export {};

package/build/index.d.ts

@@ -0,0 +1,4 @@
+export * as oauth from './oauth';
+export * as tenant from './tenant';
+export * as identity from './identity';
+export * from './types';

package/build/index.js

@@ -0,0 +1,4 @@
+export * as oauth from './oauth';
+export * as tenant from './tenant';
+export * as identity from './identity';
+export * from './types';

package/build/oauth/index.d.ts

@@ -0,0 +1,15 @@
+import { OAuthTokens, OAuthUrlOptions, type OAuthClientOptions } from "./types";
+import { FetchMethod, FetchOptions } from "../utils/fetch";
+export { generateState, generateCodeVerifier, createS256CodeChallenge } from '../utils/secret';
+export declare class OAuthClient {
+    private clientId;
+    private redirectURI;
+    private credentials;
+    constructor({ clientId, clientSecret, redirectURI }: OAuthClientOptions);
+    createAuthorizationURL(options: OAuthUrlOptions): URL;
+    private createAuthorizationURLWithPKCE;
+    getToken(code: string, codeVerifier?: string): Promise<OAuthTokens>;
+    refreshAccessToken(refresh_token: string): Promise<OAuthTokens>;
+    revokeToken(token: string): Promise<void>;
+    fetch<T>(endpoint: string, method: FetchMethod, params?: FetchOptions): Promise<T>;
+}

package/build/oauth/index.js

@@ -0,0 +1,105 @@
+import { fetchUrlEncoded } from "../utils/fetch";
+import { apiUrl, oauthUrl } from "../const";
+import { encodeCredentials } from "../utils/secret";
+export { generateState, generateCodeVerifier, createS256CodeChallenge } from '../utils/secret';
+const authorizationEndpoint = `${oauthUrl}/oauth/auth`;
+export class OAuthClient {
+    clientId;
+    redirectURI;
+    credentials;
+    constructor({ clientId, clientSecret, redirectURI }) {
+        this.clientId = clientId;
+        this.redirectURI = redirectURI;
+        this.credentials = encodeCredentials(clientId, clientSecret);
+    }
+    // Generate an authorization URL
+    createAuthorizationURL(options) {
+        return this.createAuthorizationURLWithPKCE(options);
+    }
+    createAuthorizationURLWithPKCE({ state, code_challenge_method, code_challenge, scope, response_type, access_type, include_granted_scopes, prompt }) {
+        const url = new URL(authorizationEndpoint);
+        url.searchParams.set('state', state);
+        url.searchParams.set('client_id', this.clientId);
+        url.searchParams.set('access_type', access_type ?? 'online'); // determines 'refresh' or 'access' token
+        url.searchParams.set('response_type', response_type); // determines if parameters returned are in fragment identifier or search params
+        url.searchParams.set('redirect_uri', this.redirectURI);
+        if (prompt) {
+            url.searchParams.set('prompt', prompt);
+        }
+        if (include_granted_scopes != undefined) {
+            url.searchParams.set('include_granted_scopes', `${include_granted_scopes}`);
+        }
+        if (code_challenge_method) {
+            url.searchParams.set('code_challenge_method', code_challenge_method);
+            if (code_challenge) {
+                url.searchParams.set('code_challenge', code_challenge);
+            }
+        }
+        if (scope.length > 0) {
+            url.searchParams.set('scope', scope.join(' '));
+        }
+        return url;
+    }
+    async getToken(code, codeVerifier) {
+        // Retreive the token from the OAuth server
+        try {
+            return await this.fetch('/e/oauth/token', 'POST', {
+                body: {
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: this.redirectURI,
+                    code_verifier: codeVerifier
+                }
+            });
+            // const { header } = jwt.decode(token, { complete: true })
+            // const { keys } = await this.fetch<Jwks>('/oauth/jwks', 'GET')
+            // const certificate = keys[0];
+            // console.log(keys)
+            // if (certificate) {
+            // jwt.verify(
+            //     token,
+            //     `-----BEGIN PUBLIC KEY-----\n${certificate.x5c[0]}\n-----END PUBLIC KEY-----`, {
+            //     algorithms: [certificate.alg]
+            // })
+            // }
+        }
+        catch (error) {
+            throw new Error(error);
+        }
+    }
+    async refreshAccessToken(refresh_token) {
+        try {
+            return await this.fetch('/e/oauth/token', 'POST', {
+                body: {
+                    grant_type: 'refresh_token',
+                    refresh_token: refresh_token,
+                }
+            });
+            // const { header } = jwt.decode(token, { complete: true })
+            // const { keys } = await this.fetch<Jwks>('/oauth/jwks', 'GET')
+            // const certificate = keys[0];
+            // console.log(keys)
+            // if (certificate) {
+            // jwt.verify(
+            //     token,
+            //     `-----BEGIN PUBLIC KEY-----\n${certificate.x5c[0]}\n-----END PUBLIC KEY-----`, {
+            //     algorithms: [certificate.alg]
+            // })
+            // }
+        }
+        catch (error) {
+            throw new Error(error);
+        }
+    }
+    async revokeToken(token) {
+        await fetchUrlEncoded(`${apiUrl}/e/oauth/revoke`, 'POST', {
+            body: { token }
+        });
+    }
+    async fetch(endpoint, method, params) {
+        const headers = new Headers(params?.headers ?? {});
+        headers.append('User-Agent', 'eps/oauth-client');
+        headers.append('Authorization', `Bearer ${this.credentials}`);
+        return await fetchUrlEncoded(`${apiUrl}${endpoint}`, method, { body: params?.body ?? null, headers });
+    }
+}

package/build/oauth/types.d.ts

@@ -0,0 +1,108 @@
+import { Algorithm } from "jsonwebtoken";
+export type OAuthScope = 'email' | 'profile';
+export interface OAuthClientOptions {
+    clientId: string;
+    clientSecret: string;
+    redirectURI: string;
+}
+export interface OAuthUrlOptions {
+    /**
+     * Recommended. Indicates whether your application can refresh access tokens
+     * when the user is not present at the browser. Valid parameter values are
+     * 'online', which is the default value, and 'offline'. Set the value to
+     * 'offline' if your application needs to refresh access tokens when the user
+     * is not present at the browser. This value instructs the Google
+     * authorization server to return a refresh token and an access token the
+     * first time that your application exchanges an authorization code for
+     * tokens.
+     */
+    access_type?: 'online' | 'offline';
+    /**
+     * Defaults back to 'code''.
+     */
+    response_type: 'code' | 'token';
+    /**
+     * Required. A space-delimited list of scopes that identify the resources that
+     * your application could access on the user's behalf. These values inform the
+     * consent screen that Google displays to the user. Scopes enable your
+     * application to only request access to the resources that it needs while
+     * also enabling users to control the amount of access that they grant to your
+     * application. Thus, there is an inverse relationship between the number of
+     * scopes requested and the likelihood of obtaining user consent. The
+     * OAuth 2.0 API Scopes document provides a full list of scopes that you might
+     * use to access Google APIs. We recommend that your application request
+     * access to authorization scopes in context whenever possible. By requesting
+     * access to user data in context, via incremental authorization, you help
+     * users to more easily understand why your application needs the access it is
+     * requesting.
+     */
+    scope?: OAuthScope[];
+    /**
+     * Recommended. Specifies any string value that your application uses to
+     * maintain state between your authorization request and the authorization
+     * server's response. The server returns the exact value that you send as a
+     * name=value pair in the hash (#) fragment of the 'redirect_uri' after the
+     * user consents to or denies your application's access request. You can use
+     * this parameter for several purposes, such as directing the user to the
+     * correct resource in your application, sending nonces, and mitigating
+     * cross-site request forgery. Since your redirect_uri can be guessed, using a
+     * state value can increase your assurance that an incoming connection is the
+     * result of an authentication request. If you generate a random string or
+     * encode the hash of a cookie or another value that captures the client's
+     * state, you can validate the response to additionally ensure that the
+     * request and response originated in the same browser, providing protection
+     * against attacks such as cross-site request forgery. See the OpenID Connect
+     * documentation for an example of how to create and confirm a state token.
+     */
+    state?: string;
+    /**
+     * Optional. Enables applications to use incremental authorization to request
+     * access to additional scopes in context. If you set this parameter's value
+     * to true and the authorization request is granted, then the new access token
+     * will also cover any scopes to which the user previously granted the
+     * application access. See the incremental authorization section for examples.
+     */
+    include_granted_scopes?: boolean;
+    /**
+     * Optional. A space-delimited, case-sensitive list of prompts to present the
+     * user. If you don't specify this parameter, the user will be prompted only
+     * the first time your app requests access.  Possible values are:
+     *
+     * 'none' - Donot display any authentication or consent screens. Must not be
+     *        specified with other values.
+     * 'consent' - 	Prompt the user for consent.
+     * 'select_account' - Prompt the user to select an account.
+     */
+    prompt?: 'consent' | 'select_account';
+    /**
+     * Recommended. Specifies what method was used to encode a 'code_verifier'
+     * that will be used during authorization code exchange. This parameter must
+     * be used with the 'code_challenge' parameter. The value of the
+     * 'code_challenge_method' defaults to "plain" if not present in the request
+     * that includes a 'code_challenge'. The only supported values for this
+     * parameter are "S256" or "plain".
+     */
+    code_challenge_method?: 'S256' | 'plain';
+    /**
+     * Recommended. Specifies an encoded 'code_verifier' that will be used as a
+     * server-side challenge during authorization code exchange. This parameter
+     * must be used with the 'code_challenge' parameter described above.
+     */
+    code_challenge?: string;
+}
+export interface OAuthTokens {
+    access_token: string;
+    refresh_token?: string;
+}
+export interface Jwks {
+    keys: Jwk[];
+}
+export interface Jwk {
+    alg: Algorithm;
+    e: string;
+    kid: string;
+    kty: string;
+    n: string;
+    use: string;
+    x5c: string[];
+}

package/build/oauth/types.js

@@ -0,0 +1 @@
+export {};

package/build/tenant/index.d.ts

@@ -0,0 +1,102 @@
+import { ApiClient } from "../client";
+import { ClientOptions, Language } from "../types";
+import { Tenant, TenantRole, TenantUser } from "./types";
+export * from './types';
+export declare class TenantClient extends ApiClient {
+    constructor({ token }: Omit<ClientOptions, 'baseUrl'>);
+    get info(): Tenant$Info;
+    get avatar(): Tenant$Avatar;
+    get users(): Tenant$Users;
+    get partners(): Tenant$Partners;
+}
+declare class Tenant$Partners extends ApiClient {
+    constructor(options: ClientOptions);
+    get users(): Tenant$Partners$Users;
+    get avatar(): Tenant$Partners$Avatar;
+    list(): Promise<Tenant[]>;
+    get(params: {
+        id: string;
+    }): Promise<Tenant>;
+    update(params: {
+        id: string;
+        data: {
+            name: string;
+            email: string;
+            language: Language;
+        };
+    }): Promise<never>;
+    delete(params: {
+        id: string;
+    }): Promise<never>;
+}
+declare class Tenant$Partners$Avatar extends ApiClient {
+    constructor(options: ClientOptions);
+    get(params: {
+        id: string;
+    }): Promise<string>;
+    delete(params: {
+        id: string;
+    }): Promise<never>;
+    update(params: {
+        id: string;
+        data: {
+            avatar: File;
+        };
+    }): Promise<{}>;
+}
+declare class Tenant$Partners$Users extends ApiClient {
+    constructor(options: ClientOptions);
+    list(params: {
+        id: string;
+    }): Promise<TenantUser>;
+    get(params: {
+        id: string;
+        uid: string;
+    }): Promise<TenantUser>;
+    update(params: {
+        id: string;
+        uid: string;
+        data: {
+            first_name: string;
+            last_name: string;
+            role: TenantRole;
+            language: Language;
+        };
+    }): Promise<never>;
+}
+declare class Tenant$Users extends ApiClient {
+    constructor(options: ClientOptions);
+    list(): Promise<TenantUser>;
+    get(params: {
+        uid: string;
+    }): Promise<TenantUser>;
+    update(params: {
+        uid: string;
+        data: {
+            first_name: string;
+            last_name: string;
+            role: TenantRole;
+            language: Language;
+        };
+    }): Promise<never>;
+    delete(params: {
+        uid: string;
+    }): Promise<never>;
+}
+declare class Tenant$Info extends ApiClient {
+    constructor(options: ClientOptions);
+    get(): Promise<Tenant>;
+    update(data: {
+        name: string;
+        email: string;
+        language: Language;
+    }): Promise<void>;
+}
+declare class Tenant$Avatar extends ApiClient {
+    constructor(options: ClientOptions);
+    get(): Promise<string>;
+    delete(): Promise<never>;
+    update(body: {
+        avatar: File;
+    }): Promise<{}>;
+}