@epsbv/oauth-sdk 1.0.1

package/src/error.ts

@@ -0,0 +1,82 @@
+export class FetchError extends Error {
+	constructor(cause: unknown) {
+		super("Failed to send request", {
+			cause
+		});
+	}
+}
+
+export class RequestError extends Error {
+	public code: string;
+	public description: string | null;
+	public uri: string | null;
+	public state: string | null;
+
+	constructor(code: string, description: string | null, uri: string | null, state: string | null) {
+		super(`OAuth request error: ${code}`);
+
+		this.code = code;
+		this.description = description;
+		this.uri = uri;
+		this.state = state;
+	}
+
+	public static create(result: object) : RequestError{
+		let code: string;
+
+		if ("error" in result && typeof result.error === "string") {
+			code = result.error;
+		} 
+		else {
+			throw new Error("Invalid error response");
+		}
+		
+		let description: string | null = null;
+		let uri: string | null = null;
+		let state: string | null = null;
+		
+		if ("error_description" in result) {
+			if (typeof result.error_description !== "string") {
+				throw new Error("Invalid data");
+			}
+			description = result.error_description;
+		}
+		
+		if ("error_uri" in result) {
+			if (typeof result.error_uri !== "string") {
+				throw new Error("Invalid data");
+			}
+		
+			uri = result.error_uri;
+		}
+		if ("state" in result) {
+			if (typeof result.state !== "string") {
+				throw new Error("Invalid data");
+			}
+		
+			state = result.state;
+		}
+
+		return new RequestError(code, description, uri, state)
+	}
+}
+
+export class UnexpectedResponseError extends Error {
+	public status: number;
+
+	constructor(responseStatus: number) {
+		super("Unexpected error response");
+		this.status = responseStatus;
+	}
+}
+
+export class UnexpectedErrorResponseBodyError extends Error {
+	public status: number;
+	public data: unknown;
+
+	constructor(status: number, data: unknown) {
+		super("Unexpected error response body");
+		this.status = status;
+		this.data = data;
+	}
+}

package/src/identity/index.ts

@@ -0,0 +1,74 @@
+import { Device, Identity } from "./types";
+import { ApiClient } from "../client";
+import { ClientOptions, Language } from "../types";
+import { apiUrl } from "../const";
+
+export * from './types'
+
+export class IdentityClient extends ApiClient {
+    constructor({ token }: Omit<ClientOptions, 'baseUrl'>) {
+        super({ token, baseUrl: apiUrl })
+    }
+
+    get info() {
+        return new Identity$Info(this.options)
+    }
+
+    get avatar() {
+        return new Identity$Avatar(this.options)
+    }
+
+    get devices() {
+        return new Identity$Devices(this.options)
+    }
+}
+
+class Identity$Info extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async get() {
+        return await this.fetchUrlEncoded<Identity>('/e/identity', 'GET')
+    }
+
+    async delete() {
+        return await this.fetchUrlEncoded('/e/identity', 'DELETE')
+    }
+
+    async update(body: { first_name: string, last_name: string, language: Language }): Promise<{}> {
+        return await this.fetchUrlEncoded('/e/identity', 'PUT', { body })
+    }
+}
+
+class Identity$Avatar extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async get() {
+        return await this.fetchUrlEncoded<string>('/e/identity/avatar', 'GET')
+    }
+
+    async delete() {
+        return await this.fetchUrlEncoded('/e/identity/avatar', 'DELETE')
+    }
+
+    async update(body: { avatar: File }): Promise<{}> {
+        return await this.fetchMultipart('/e/identity/avatar', 'PUT', { body })
+    }
+}
+
+class Identity$Devices extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async get() {
+        return await this.fetchUrlEncoded<Device[]>('/e/identity/devices', 'GET')
+    }
+
+    async delete({ id }: { id: string }) {
+        return await this.fetchUrlEncoded(`/e/identity/devices/${id}`, 'DELETE')
+    }
+}

package/src/identity/types.ts

@@ -0,0 +1,52 @@
+import { Language, Status } from "../types"
+
+// export enum OrginizationType {
+//     Admin = "admin",
+//     Distributor = "distributor",
+//     Builder = "builder"
+// }
+
+// export enum OrganizationRole {
+//     Ceo = "ceo",
+//     Admin = "admin",
+//     Member = "member"
+// }
+
+// export interface Originization {
+//     id: string
+//     name: string
+//     type: OrginizationType
+//     role: OrganizationRole
+//     email: string
+//     avatar: string | undefined
+//     status: Status
+//     parent: string,
+//     language: Language,
+//     created_at: Date,
+//     updated_at: Date,
+// }
+
+export interface Identity {
+    uid: string,
+    admin: boolean,
+    email: string,
+    avatar?: string,
+    first_name: string,
+    last_name: string,
+    language: Language,
+        
+    provider: 'google' | 'internal' | 'microsoft' | 'apple',
+    provider_id: string | undefined
+    
+    created_at: Date,
+    updated_at: Date,
+    verified_at?: Date,
+}
+
+export interface Device {
+    id: string,
+    name: string,
+    type: string,
+    created_at: Date,
+    activity_at: Date
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export * as oauth from './oauth'
+export * as tenant from './tenant'
+export * as identity from './identity'
+export * from './types'

package/src/oauth/index.ts

@@ -0,0 +1,137 @@
+import { OAuthTokens, OAuthUrlOptions, type OAuthClientOptions } from "./types";
+import { FetchMethod, FetchOptions, fetchUrlEncoded } from "../utils/fetch";
+import { apiUrl, oauthUrl } from "../const";
+import { encodeCredentials } from "../utils/secret";
+
+
+export { generateState, generateCodeVerifier, createS256CodeChallenge } from '../utils/secret'
+
+const authorizationEndpoint = `${oauthUrl}/oauth/auth`;
+
+export class OAuthClient {
+    private clientId: string;
+    private redirectURI: string;
+    private credentials: string
+
+    constructor({ clientId, clientSecret, redirectURI }: OAuthClientOptions) {
+        this.clientId = clientId;
+        this.redirectURI = redirectURI;
+
+         this.credentials = encodeCredentials(clientId, clientSecret);
+    }
+
+    // Generate an authorization URL
+    public createAuthorizationURL(options: OAuthUrlOptions): URL {
+        return this.createAuthorizationURLWithPKCE(options)
+    }
+
+    private createAuthorizationURLWithPKCE({ state, code_challenge_method, code_challenge, scope, response_type, access_type, include_granted_scopes, prompt }: OAuthUrlOptions) {
+        const url = new URL(authorizationEndpoint);
+
+        url.searchParams.set('state', state)
+        url.searchParams.set('client_id', this.clientId);
+        url.searchParams.set('access_type', access_type ?? 'online'); // determines 'refresh' or 'access' token
+        url.searchParams.set('response_type', response_type); // determines if parameters returned are in fragment identifier or search params
+        url.searchParams.set('redirect_uri', this.redirectURI);
+
+        if (prompt) {
+            url.searchParams.set('prompt', prompt);
+        }
+
+        if (include_granted_scopes != undefined) {
+            url.searchParams.set('include_granted_scopes', `${include_granted_scopes}`);
+        }
+
+        if (code_challenge_method) {
+            url.searchParams.set('code_challenge_method', code_challenge_method)
+
+            if (code_challenge) {
+                url.searchParams.set('code_challenge', code_challenge)
+            }
+        }
+
+        if (scope.length > 0) {
+            url.searchParams.set('scope', scope.join(' '))
+        }
+
+        return url;
+    }
+
+    public async getToken(code: string, codeVerifier?: string) {
+        // Retreive the token from the OAuth server
+        try {
+            return await this.fetch<OAuthTokens>('/e/oauth/token', 'POST', {
+                body: {
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: this.redirectURI,
+                    code_verifier: codeVerifier
+                }
+            })
+
+            // const { header } = jwt.decode(token, { complete: true })
+            // const { keys } = await this.fetch<Jwks>('/oauth/jwks', 'GET')
+
+            // const certificate = keys[0];
+
+            // console.log(keys)
+
+            // if (certificate) {
+            // jwt.verify(
+            //     token,
+            //     `-----BEGIN PUBLIC KEY-----\n${certificate.x5c[0]}\n-----END PUBLIC KEY-----`, {
+            //     algorithms: [certificate.alg]
+            // })
+
+            // }
+        }
+        catch (error) {
+            throw new Error(error)
+        }
+    }
+
+    public async refreshAccessToken(refresh_token: string) {
+        try {
+            return await this.fetch<OAuthTokens>('/e/oauth/token', 'POST', {
+                body: {
+                    grant_type: 'refresh_token',
+                    refresh_token: refresh_token,
+                }
+            })
+
+            // const { header } = jwt.decode(token, { complete: true })
+            // const { keys } = await this.fetch<Jwks>('/oauth/jwks', 'GET')
+
+            // const certificate = keys[0];
+
+            // console.log(keys)
+
+            // if (certificate) {
+            // jwt.verify(
+            //     token,
+            //     `-----BEGIN PUBLIC KEY-----\n${certificate.x5c[0]}\n-----END PUBLIC KEY-----`, {
+            //     algorithms: [certificate.alg]
+            // })
+
+            // }
+        }
+        catch (error) {
+            throw new Error(error)
+        }
+    }
+
+    public async revokeToken(token: string) {
+        await fetchUrlEncoded(`${apiUrl}/e/oauth/revoke`, 'POST', {
+            body: { token }
+        })
+    }
+
+    async fetch<T>(endpoint: string, method: FetchMethod, params?: FetchOptions): Promise<T> {
+        const headers = new Headers(params?.headers ?? {});
+
+        headers.append('User-Agent', 'eps/oauth-client')
+        headers.append('Authorization', `Bearer ${this.credentials}`)
+
+        return await fetchUrlEncoded<T>(`${apiUrl}${endpoint}`, method, { body: params?.body ?? null, headers });
+    }
+}

package/src/oauth/types.ts

@@ -0,0 +1,114 @@
+import { Algorithm } from "jsonwebtoken";
+
+export type OAuthScope = 'email' | 'profile'
+
+export interface OAuthClientOptions {
+    clientId: string,
+    clientSecret: string,
+    redirectURI: string
+}
+
+export interface OAuthUrlOptions {
+    /**
+     * Recommended. Indicates whether your application can refresh access tokens
+     * when the user is not present at the browser. Valid parameter values are
+     * 'online', which is the default value, and 'offline'. Set the value to
+     * 'offline' if your application needs to refresh access tokens when the user
+     * is not present at the browser. This value instructs the Google
+     * authorization server to return a refresh token and an access token the
+     * first time that your application exchanges an authorization code for
+     * tokens.
+     */
+    access_type?: 'online' | 'offline';
+    /**
+     * Defaults back to 'code''.
+     */
+    response_type: 'code' | 'token';
+    /**
+     * Required. A space-delimited list of scopes that identify the resources that
+     * your application could access on the user's behalf. These values inform the
+     * consent screen that Google displays to the user. Scopes enable your
+     * application to only request access to the resources that it needs while
+     * also enabling users to control the amount of access that they grant to your
+     * application. Thus, there is an inverse relationship between the number of
+     * scopes requested and the likelihood of obtaining user consent. The
+     * OAuth 2.0 API Scopes document provides a full list of scopes that you might
+     * use to access Google APIs. We recommend that your application request
+     * access to authorization scopes in context whenever possible. By requesting
+     * access to user data in context, via incremental authorization, you help
+     * users to more easily understand why your application needs the access it is
+     * requesting.
+     */
+    scope?: OAuthScope[];
+    /**
+     * Recommended. Specifies any string value that your application uses to
+     * maintain state between your authorization request and the authorization
+     * server's response. The server returns the exact value that you send as a
+     * name=value pair in the hash (#) fragment of the 'redirect_uri' after the
+     * user consents to or denies your application's access request. You can use
+     * this parameter for several purposes, such as directing the user to the
+     * correct resource in your application, sending nonces, and mitigating
+     * cross-site request forgery. Since your redirect_uri can be guessed, using a
+     * state value can increase your assurance that an incoming connection is the
+     * result of an authentication request. If you generate a random string or
+     * encode the hash of a cookie or another value that captures the client's
+     * state, you can validate the response to additionally ensure that the
+     * request and response originated in the same browser, providing protection
+     * against attacks such as cross-site request forgery. See the OpenID Connect
+     * documentation for an example of how to create and confirm a state token.
+     */
+    state?: string;
+    /**
+     * Optional. Enables applications to use incremental authorization to request
+     * access to additional scopes in context. If you set this parameter's value
+     * to true and the authorization request is granted, then the new access token
+     * will also cover any scopes to which the user previously granted the
+     * application access. See the incremental authorization section for examples.
+     */
+    include_granted_scopes?: boolean;
+    /**
+     * Optional. A space-delimited, case-sensitive list of prompts to present the
+     * user. If you don't specify this parameter, the user will be prompted only
+     * the first time your app requests access.  Possible values are:
+     *
+     * 'none' - Donot display any authentication or consent screens. Must not be
+     *        specified with other values.
+     * 'consent' - 	Prompt the user for consent.
+     * 'select_account' - Prompt the user to select an account.
+     */
+    prompt?: 'consent' | 'select_account';
+    /**
+     * Recommended. Specifies what method was used to encode a 'code_verifier'
+     * that will be used during authorization code exchange. This parameter must
+     * be used with the 'code_challenge' parameter. The value of the
+     * 'code_challenge_method' defaults to "plain" if not present in the request
+     * that includes a 'code_challenge'. The only supported values for this
+     * parameter are "S256" or "plain".
+     */
+    code_challenge_method?: 'S256' | 'plain';
+    /**
+     * Recommended. Specifies an encoded 'code_verifier' that will be used as a
+     * server-side challenge during authorization code exchange. This parameter
+     * must be used with the 'code_challenge' parameter described above.
+     */
+    code_challenge?: string;
+}
+
+export interface OAuthTokens {
+    access_token: string,
+    refresh_token?: string
+}
+
+export interface Jwks {
+    keys: Jwk[]
+}
+
+export interface Jwk {
+    alg: Algorithm,
+    e: string,
+    kid: string,
+    kty: string
+    n: string,
+    use: string
+    x5c: string[]
+}

package/src/tenant/index.ts

@@ -0,0 +1,211 @@
+import { ApiClient } from "../client";
+import { apiUrl } from "../const";
+import { ClientOptions, Language } from "../types";
+import { Client, ClientType, Tenant, TenantRole, TenantUser } from "./types";
+
+export * from './types'
+
+// interface List<T> {
+//     page: number,
+//     page_count: number
+//     items: T[]
+// }
+
+export class TenantClient extends ApiClient {
+    constructor({ token }: Omit<ClientOptions, 'baseUrl'>) {
+        super({ token, baseUrl: apiUrl })
+    }
+
+    get info() {
+        return new Tenant$Info(this.options)
+    }
+
+    get avatar() {
+        return new Tenant$Avatar(this.options)
+    }
+
+    get users() {
+        return new Tenant$Users(this.options)
+    }
+
+    get partners() {
+        return new Tenant$Partners(this.options)
+    }
+
+    // get clients() {
+    //     return null
+    // }
+
+
+
+
+
+
+    // async info() {
+    //     return await this.fetchUrlEncoded<Tenant>('/e/tenant/info', 'GET')
+    // }
+
+    // async role() {
+    //     return await this.fetchUrlEncoded<Tenant>('/tenant/role', 'GET')
+    // }
+
+    // async children(page?: number) {
+    //     return await this.fetchUrlEncoded<List<Tenant>>(`/tenant/children?page=${page ?? 0}`, 'GET')
+    // }
+
+    // members() {
+    //     return {
+    //         list: () => this.fetchUrlEncoded<TenantMember[]>('/tenant/members', 'GET'),
+    //         get: (uid: string) => this.fetchUrlEncoded<TenantMember>(`/tenant/members/${uid}`, 'GET'),
+    //     }
+    // }
+
+    // clients() {
+    //     return {
+    //         list: () => this.fetchUrlEncoded<Client[]>('/tenant/clients', 'GET'),
+    //         get: (id: string) => this.fetchUrlEncoded<Client>(`/tenant/clients/${id}`, 'GET'),
+    //         // delete: (id: string) => this.fetch(`/tenant/clients/${id}`, 'DELETE'),
+    //         // create: (name: string, type: ClientType, redirect_uri: string) => this.fetch<Client>(`/tenant/clients`, 'POST', { body: { name, type, redirect_uri } }),
+    //         // update: (id: string, body: { name: string, redirect_uri: string }) => this.fetch<any>(`/tenant/clients/${id}`, 'PUT', { body }),
+    //     }
+    // }
+}
+
+class Tenant$Partners extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    get users() {
+        return new Tenant$Partners$Users(this.options)
+    }
+
+    get avatar() {
+        return new Tenant$Partners$Avatar(this.options)
+    }
+
+    async list() {
+        return await this.fetchUrlEncoded<Tenant[]>(`/e/tenant/partners`, 'GET')
+    }
+
+    async get(params: { id: string }) {
+        return await this.fetchUrlEncoded<Tenant>(`/e/tenant/partners/${params.id}`, 'GET')
+    }
+
+    // async create(params: { email: string, org_name: string, org_email: string, org_language: Language }) {
+    //     return await this.fetchUrlEncoded<Tenant>(`/e/tenant/partners`, 'POST', {
+    //         body: params
+    //     })
+    // }
+
+    async update(params: { id: string, data: { name: string, email: string, language: Language } }) {
+        return await this.fetchUrlEncoded(`/e/tenant/partners/${params.id}`, 'PUT', {
+            body: params.data
+        })
+    }
+
+    async delete(params: { id: string }) {
+        return await this.fetchUrlEncoded(`/e/tenant/partners/${params.id}`, 'DELETE')
+    }
+
+}
+
+class Tenant$Partners$Avatar extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async get(params: { id: string }) {
+        return await this.fetchUrlEncoded<string>(`/e/tenant/partners/${params.id}/avatar`, 'GET')
+    }
+
+    async delete(params: { id: string }) {
+        return await this.fetchUrlEncoded(`/e/tenant/partners/${params.id}/avatar`, 'DELETE')
+    }
+
+    async update(params: { id: string, data: { avatar: File } }): Promise<{}> {
+        return await this.fetchMultipart(`/e/tenant/partners/${params.id}/avatar`, 'PUT', { body: params.data })
+    }
+}
+
+class Tenant$Partners$Users extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async list(params: { id: string }) {
+        return await this.fetchUrlEncoded<TenantUser>(`/e/tenant/partners/${params.id}/users`, 'GET')
+    }
+
+    async get(params: { id: string, uid: string }) {
+        return await this.fetchUrlEncoded<TenantUser>(`/e/tenant/partners/${params.id}/users/${params.uid}`, 'GET')
+    }
+
+    async update(params: { id: string, uid: string, data: { first_name: string, last_name: string, role: TenantRole, language: Language } }) {
+        return await this.fetchUrlEncoded(`/e/tenant/partners/${params.id}/users/${params.uid}`, 'PUT', {
+            body: params.data
+        })
+    }
+
+    // async delete(params: { id: string, uid: string }) {
+    //     return await this.fetchUrlEncoded(`/e/tenant/partners/${params.id}/users/${params.uid}`, 'DELETE')
+    // }
+}
+
+class Tenant$Users extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async list() {
+        return await this.fetchUrlEncoded<TenantUser>(`/e/tenant/users`, 'GET')
+    }
+
+    async get(params: { uid: string }) {
+        return await this.fetchUrlEncoded<TenantUser>(`/e/tenant/users/${params.uid}`, 'GET')
+    }
+
+    async update(params: { uid: string, data: { first_name: string, last_name: string, role: TenantRole, language: Language } }) {
+        return await this.fetchUrlEncoded(`/e/tenant/users/${params.uid}`, 'PUT', {
+            body: params.data
+        })
+    }
+
+    async delete(params: { uid: string }) {
+        return await this.fetchUrlEncoded(`/e/tenant/users/${params.uid}`, 'DELETE')
+    }
+}
+
+class Tenant$Info extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async get() {
+        return await this.fetchUrlEncoded<Tenant>(`/e/tenant`, 'GET')
+    }
+
+    async update(data: { name: string, email: string, language: Language }) {
+        await this.fetchUrlEncoded(`/e/tenant`, 'PUT', {
+            body: data
+        })
+    }
+}
+
+class Tenant$Avatar extends ApiClient {
+    constructor(options: ClientOptions) {
+        super(options)
+    }
+
+    async get() {
+        return await this.fetchUrlEncoded<string>('/e/tenant/avatar', 'GET')
+    }
+
+    async delete() {
+        return await this.fetchUrlEncoded('/e/tenant/avatar', 'DELETE')
+    }
+
+    async update(body: { avatar: File }): Promise<{}> {
+        return await this.fetchMultipart('/e/tenant/avatar', 'PUT', { body })
+    }
+}