npm - @harperfast/oauth - Versions diffs - 1.2.1 - Mend

@harperfast/oauth 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/LICENSE +201 -0
package/README.md +219 -0
package/assets/test.html +321 -0
package/config.yaml +23 -0
package/dist/index.d.ts +43 -0
package/dist/index.js +241 -0
package/dist/index.js.map +1 -0
package/dist/lib/CSRFTokenManager.d.ts +32 -0
package/dist/lib/CSRFTokenManager.js +90 -0
package/dist/lib/CSRFTokenManager.js.map +1 -0
package/dist/lib/OAuthProvider.d.ts +59 -0
package/dist/lib/OAuthProvider.js +370 -0
package/dist/lib/OAuthProvider.js.map +1 -0
package/dist/lib/config.d.ts +31 -0
package/dist/lib/config.js +138 -0
package/dist/lib/config.js.map +1 -0
package/dist/lib/handlers.d.ts +56 -0
package/dist/lib/handlers.js +386 -0
package/dist/lib/handlers.js.map +1 -0
package/dist/lib/hookManager.d.ts +52 -0
package/dist/lib/hookManager.js +114 -0
package/dist/lib/hookManager.js.map +1 -0
package/dist/lib/providers/auth0.d.ts +8 -0
package/dist/lib/providers/auth0.js +34 -0
package/dist/lib/providers/auth0.js.map +1 -0
package/dist/lib/providers/azure.d.ts +7 -0
package/dist/lib/providers/azure.js +33 -0
package/dist/lib/providers/azure.js.map +1 -0
package/dist/lib/providers/generic.d.ts +7 -0
package/dist/lib/providers/generic.js +20 -0
package/dist/lib/providers/generic.js.map +1 -0
package/dist/lib/providers/github.d.ts +7 -0
package/dist/lib/providers/github.js +73 -0
package/dist/lib/providers/github.js.map +1 -0
package/dist/lib/providers/google.d.ts +7 -0
package/dist/lib/providers/google.js +27 -0
package/dist/lib/providers/google.js.map +1 -0
package/dist/lib/providers/index.d.ts +17 -0
package/dist/lib/providers/index.js +49 -0
package/dist/lib/providers/index.js.map +1 -0
package/dist/lib/providers/okta.d.ts +8 -0
package/dist/lib/providers/okta.js +45 -0
package/dist/lib/providers/okta.js.map +1 -0
package/dist/lib/providers/validation.d.ts +67 -0
package/dist/lib/providers/validation.js +156 -0
package/dist/lib/providers/validation.js.map +1 -0
package/dist/lib/resource.d.ts +102 -0
package/dist/lib/resource.js +368 -0
package/dist/lib/resource.js.map +1 -0
package/dist/lib/sessionValidator.d.ts +38 -0
package/dist/lib/sessionValidator.js +162 -0
package/dist/lib/sessionValidator.js.map +1 -0
package/dist/lib/tenantManager.d.ts +102 -0
package/dist/lib/tenantManager.js +177 -0
package/dist/lib/tenantManager.js.map +1 -0
package/dist/lib/withOAuthValidation.d.ts +64 -0
package/dist/lib/withOAuthValidation.js +188 -0
package/dist/lib/withOAuthValidation.js.map +1 -0
package/dist/types.d.ts +326 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/package.json +89 -0
package/schema/oauth.graphql +21 -0

package/dist/lib/CSRFTokenManager.js ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * CSRF Token Manager for OAuth flows
+ *
+ * Manages CSRF protection tokens that prevent cross-site request forgery
+ * during OAuth authorization flows. Tokens are stored in Harper table
+ * for distributed access across workers and cluster nodes.
+ */
+// Lazy-load the CSRF token table
+let csrfTable;
+function getCSRFTable() {
+    if (!csrfTable) {
+        // Check if oauth database and table exist
+        if (!databases?.oauth?.csrf_tokens) {
+            throw new Error('OAuth CSRF tokens table (oauth.csrf_tokens) not found. ' +
+                'Please ensure the OAuth plugin is properly installed with its schema.');
+        }
+        csrfTable = databases.oauth.csrf_tokens;
+    }
+    return csrfTable;
+}
+/**
+ * Reset the cached CSRF table reference (for testing only)
+ * @internal
+ */
+export function resetCSRFTableCache() {
+    csrfTable = undefined;
+}
+export class CSRFTokenManager {
+    logger;
+    constructor(logger) {
+        this.logger = logger;
+    }
+    /**
+     * Store CSRF token with metadata
+     * Table expiration is handled by Harper (10 minutes)
+     */
+    async set(token, data) {
+        const table = getCSRFTable();
+        try {
+            await table.put({
+                token_id: token,
+                data: JSON.stringify(data),
+                created_at: Date.now(),
+            });
+            this.logger?.debug?.(`Stored CSRF token: ${token}`);
+        }
+        catch (error) {
+            this.logger?.error?.('Failed to store CSRF token:', error);
+            throw error;
+        }
+    }
+    /**
+     * Retrieve CSRF token
+     * Harper automatically handles expiration via table-level setting
+     */
+    async get(token) {
+        const table = getCSRFTable();
+        try {
+            const record = await table.get(token);
+            if (!record || !record.data) {
+                this.logger?.debug?.(`CSRF token not found: ${token}`);
+                return null;
+            }
+            const data = JSON.parse(record.data);
+            this.logger?.debug?.(`Retrieved CSRF token: ${token}`);
+            return data;
+        }
+        catch (error) {
+            this.logger?.error?.('Failed to retrieve CSRF token:', error);
+            return null;
+        }
+    }
+    /**
+     * Delete CSRF token (after successful verification)
+     */
+    async delete(token) {
+        const table = getCSRFTable();
+        try {
+            await table.delete(token);
+            this.logger?.debug?.(`Deleted CSRF token: ${token}`);
+        }
+        catch (error) {
+            // Not critical if delete fails (expiration will clean it up)
+            this.logger?.warn?.('Failed to delete CSRF token:', error);
+        }
+    }
+}
+// Singleton instance that can be shared across providers
+export const csrfTokenManager = new CSRFTokenManager();
+//# sourceMappingURL=CSRFTokenManager.js.map

package/dist/lib/CSRFTokenManager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CSRFTokenManager.js","sourceRoot":"","sources":["../../src/lib/CSRFTokenManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,iCAAiC;AACjC,IAAI,SAAgB,CAAC;AAErB,SAAS,YAAY;IACpB,IAAI,CAAC,SAAS,EAAE,CAAC;QAChB,0CAA0C;QAC1C,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACd,yDAAyD;gBACxD,uEAAuE,CACxE,CAAC;QACH,CAAC;QACD,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IAClC,SAAS,GAAG,SAAgB,CAAC;AAC9B,CAAC;AAED,MAAM,OAAO,gBAAgB;IACpB,MAAM,CAAU;IAExB,YAAY,MAAe;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,GAAG,CAAC,KAAa,EAAE,IAAmB;QAC3C,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;QAE7B,IAAI,CAAC;YACJ,MAAM,KAAK,CAAC,GAAG,CAAC;gBACf,QAAQ,EAAE,KAAK;gBACf,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YAC3D,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,GAAG,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;QAE7B,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEtC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC7B,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;gBACvD,OAAO,IAAI,CAAC;YACb,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACzB,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;QAE7B,IAAI,CAAC;YACJ,MAAM,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,6DAA6D;YAC7D,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;IACF,CAAC;CACD;AAED,yDAAyD;AACzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAC"}

package/dist/lib/OAuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * OAuth Provider Base Class
+ *
+ * Handles OAuth 2.0 authentication flow with any compliant provider
+ */
+import type { OAuthProviderConfig, Logger, CSRFTokenData, TokenResponse, OAuthUser, IOAuthProvider } from '../types.ts';
+export declare class OAuthProvider implements IOAuthProvider {
+    config: OAuthProviderConfig;
+    logger?: Logger;
+    private jwksClient?;
+    constructor(config: OAuthProviderConfig, logger?: Logger);
+    private initializeJwksClient;
+    private validateConfig;
+    /**
+     * Generate authorization URL for OAuth login
+     */
+    getAuthorizationUrl(state: string, redirectUri?: string): string;
+    /**
+     * Exchange authorization code for access token
+     */
+    exchangeCodeForToken(code: string, redirectUri?: string): Promise<TokenResponse>;
+    /**
+     * Get user info using access token
+     */
+    getUserInfo(accessToken: string, idTokenClaims?: any): Promise<any>;
+    /**
+     * Fetch user info from the provider's userinfo endpoint
+     */
+    fetchUserInfo(accessToken: string): Promise<any>;
+    /**
+     * Verify ID token with proper signature verification using JWKS
+     */
+    verifyIdToken(idToken: string): Promise<any>;
+    /**
+     * Verify ID token claims without signature verification
+     * Used as fallback when JWKS is not available
+     */
+    private verifyIdTokenClaims;
+    /**
+     * Map OAuth user info to Harper user object
+     */
+    mapUserToHarper(userInfo: any): OAuthUser;
+    /**
+     * Extract a claim from user info (supports nested paths)
+     */
+    private extractClaim;
+    /**
+     * Generate and store CSRF token for protection
+     */
+    generateCSRFToken(metadata?: Record<string, any>): Promise<string>;
+    /**
+     * Verify and consume CSRF token
+     */
+    verifyCSRFToken(token: string): Promise<CSRFTokenData | null>;
+    /**
+     * Refresh an access token using a refresh token
+     */
+    refreshAccessToken(refreshToken: string): Promise<TokenResponse>;
+}

package/dist/lib/OAuthProvider.js ADDED Viewed

@@ -0,0 +1,370 @@
+/**
+ * OAuth Provider Base Class
+ *
+ * Handles OAuth 2.0 authentication flow with any compliant provider
+ */
+import crypto from 'node:crypto';
+import jwt from 'jsonwebtoken';
+import jwksClient from 'jwks-rsa';
+import { csrfTokenManager } from "./CSRFTokenManager.js";
+export class OAuthProvider {
+    config;
+    logger;
+    jwksClient;
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+        // Pass logger to the singleton csrfTokenManager if not already set
+        if (!csrfTokenManager['logger']) {
+            csrfTokenManager['logger'] = logger;
+        }
+        this.validateConfig();
+        this.initializeJwksClient();
+    }
+    initializeJwksClient() {
+        // Only initialize if we have a JWKS URI
+        if (this.config.jwksUri) {
+            this.jwksClient = jwksClient({
+                jwksUri: this.config.jwksUri,
+                cache: true, // Cache keys to avoid repeated fetches
+                cacheMaxEntries: 5, // Max number of keys to cache
+                cacheMaxAge: 10 * 60 * 60 * 1000, // 10 hours
+                rateLimit: true, // Rate limit to prevent abuse
+                jwksRequestsPerMinute: 10,
+                // Timeout for JWKS fetch
+                timeout: 5000,
+            });
+            this.logger?.info?.(`JWKS client initialized for ${this.config.provider}`);
+        }
+        else if (this.config.provider !== 'generic') {
+            this.logger?.warn?.(`No JWKS URI configured for ${this.config.provider} - ID token signatures will not be verified`);
+        }
+    }
+    validateConfig() {
+        const required = ['clientId', 'clientSecret', 'authorizationUrl', 'tokenUrl', 'userInfoUrl'];
+        const missing = required.filter((key) => !this.config[key]);
+        if (missing.length > 0) {
+            throw new Error(`OAuth configuration missing required fields: ${missing.join(', ')}`);
+        }
+    }
+    /**
+     * Generate authorization URL for OAuth login
+     */
+    getAuthorizationUrl(state, redirectUri) {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: redirectUri || this.config.redirectUri || '',
+            response_type: 'code',
+            scope: this.config.scope || '',
+            state: state,
+        });
+        // Add provider-specific parameters
+        if (this.config.additionalParams) {
+            Object.entries(this.config.additionalParams).forEach(([key, value]) => {
+                params.set(key, value);
+            });
+        }
+        return `${this.config.authorizationUrl}?${params}`;
+    }
+    /**
+     * Exchange authorization code for access token
+     */
+    async exchangeCodeForToken(code, redirectUri) {
+        const params = new URLSearchParams({
+            grant_type: 'authorization_code',
+            code: code,
+            redirect_uri: redirectUri || this.config.redirectUri || '',
+            client_id: this.config.clientId,
+            client_secret: this.config.clientSecret,
+        });
+        const response = await fetch(this.config.tokenUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                'Accept': 'application/json',
+            },
+            body: params.toString(),
+        });
+        if (!response.ok) {
+            const contentType = response.headers.get('content-type');
+            if (contentType?.includes('application/json')) {
+                try {
+                    const errorBody = await response.json();
+                    const detail = errorBody.error_description || errorBody.error || response.statusText;
+                    throw new Error(`Token exchange failed: ${detail}`);
+                }
+                catch (parseError) {
+                    if (parseError instanceof Error && parseError.message.startsWith('Token exchange failed'))
+                        throw parseError;
+                    // JSON parse failed despite content-type header — fall through to generic error
+                }
+            }
+            // Drain unconsumed body to free the underlying socket (undici connection pool)
+            await response.body?.cancel();
+            throw new Error(`Token exchange failed: provider returned ${response.status} ${response.statusText}`);
+        }
+        const contentType = response.headers.get('content-type');
+        if (contentType?.includes('application/json')) {
+            return response.json();
+        }
+        else {
+            // Some providers (like GitHub) return form-encoded data
+            const text = await response.text();
+            const tokenParams = new URLSearchParams(text);
+            return Object.fromEntries(tokenParams);
+        }
+    }
+    /**
+     * Get user info using access token
+     */
+    async getUserInfo(accessToken, idTokenClaims = null) {
+        // Check if provider has custom getUserInfo implementation
+        if (typeof this.config.getUserInfo === 'function') {
+            const helpers = {
+                getUserInfo: this.fetchUserInfo.bind(this),
+                logger: this.logger,
+            };
+            return this.config.getUserInfo.call(this, accessToken, helpers);
+        }
+        // If we have verified ID token claims and config says to prefer them
+        if (idTokenClaims && this.config.preferIdToken !== false) {
+            this.logger?.debug?.('Using verified ID token claims for user info');
+            // Some providers don't include email in ID token, fetch it separately
+            if (!idTokenClaims.email && this.config.fetchEmail) {
+                try {
+                    const additionalInfo = await this.fetchUserInfo(accessToken);
+                    return { ...idTokenClaims, ...additionalInfo };
+                }
+                catch (error) {
+                    this.logger?.warn?.('Failed to fetch additional user info:', error.message);
+                }
+            }
+            return idTokenClaims;
+        }
+        // Fetch from userinfo endpoint
+        return this.fetchUserInfo(accessToken);
+    }
+    /**
+     * Fetch user info from the provider's userinfo endpoint
+     */
+    async fetchUserInfo(accessToken) {
+        const response = await fetch(this.config.userInfoUrl, {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+                Accept: 'application/json',
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Failed to fetch user info: ${response.statusText}`);
+        }
+        return response.json();
+    }
+    /**
+     * Verify ID token with proper signature verification using JWKS
+     */
+    async verifyIdToken(idToken) {
+        // First decode to get the header and payload
+        const decoded = jwt.decode(idToken, { complete: true });
+        if (!decoded || !decoded.payload || !decoded.header) {
+            throw new Error('Invalid ID token format');
+        }
+        // If we have a JWKS client, verify the signature
+        if (this.jwksClient) {
+            try {
+                // Get the signing key from JWKS
+                const kid = decoded.header.kid;
+                if (!kid) {
+                    throw new Error('ID token missing key ID (kid) in header');
+                }
+                // This fetches the key from JWKS endpoint (with caching)
+                const key = await this.jwksClient.getSigningKey(kid);
+                const publicKey = key.getPublicKey();
+                // Verify signature and claims
+                const verified = jwt.verify(idToken, publicKey, {
+                    algorithms: ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512'],
+                    audience: this.config.clientId,
+                    issuer: this.config.issuer || undefined,
+                    clockTolerance: 60, // Allow 60 seconds clock skew
+                });
+                this.logger?.debug?.('ID token signature verified successfully');
+                return verified;
+            }
+            catch (error) {
+                // Signature verification failed - this is a security issue
+                this.logger?.error?.('ID token signature verification failed:', error.message);
+                throw new Error(`ID token verification failed: ${error.message}`);
+            }
+        }
+        else {
+            // No JWKS client - fall back to claims validation only
+            this.logger?.warn?.('JWKS not configured - verifying claims only, not signature');
+            return this.verifyIdTokenClaims(decoded.payload);
+        }
+    }
+    /**
+     * Verify ID token claims without signature verification
+     * Used as fallback when JWKS is not available
+     */
+    verifyIdTokenClaims(payload) {
+        const now = Math.floor(Date.now() / 1000);
+        // Critical validations
+        if (!payload.exp || payload.exp < now) {
+            throw new Error('ID token expired');
+        }
+        if (!payload.iat || payload.iat > now + 60) {
+            throw new Error('ID token issued in the future');
+        }
+        if (!payload.aud) {
+            throw new Error('ID token missing audience');
+        }
+        const audience = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
+        if (!audience.includes(this.config.clientId)) {
+            throw new Error(`ID token audience mismatch`);
+        }
+        if (this.config.issuer && payload.iss !== this.config.issuer) {
+            throw new Error(`ID token issuer mismatch`);
+        }
+        if (!payload.sub) {
+            throw new Error('ID token missing subject');
+        }
+        return payload;
+    }
+    /**
+     * Map OAuth user info to Harper user object
+     */
+    mapUserToHarper(userInfo) {
+        const username = this.extractClaim(userInfo, this.config.usernameClaim);
+        if (!username) {
+            throw new Error(`Username claim '${this.config.usernameClaim}' not found in user info`);
+        }
+        const role = this.extractClaim(userInfo, this.config.roleClaim) || this.config.defaultRole || 'user';
+        return {
+            username,
+            role,
+            provider: this.config.provider,
+            providerUserId: userInfo.sub || userInfo.id || userInfo.user_id,
+            email: userInfo.email,
+            name: userInfo.name || userInfo.display_name || userInfo.full_name,
+            metadata: {
+                oauthProvider: this.config.provider,
+                oauthClaims: userInfo,
+            },
+        };
+    }
+    /**
+     * Extract a claim from user info (supports nested paths)
+     */
+    extractClaim(userInfo, claimPath) {
+        if (!claimPath)
+            return null;
+        // Support nested paths like "profile.email"
+        const parts = claimPath.split('.');
+        let value = userInfo;
+        for (const part of parts) {
+            if (value && typeof value === 'object') {
+                value = value[part];
+            }
+            else {
+                return null;
+            }
+        }
+        return value;
+    }
+    /**
+     * Generate and store CSRF token for protection
+     */
+    async generateCSRFToken(metadata = {}) {
+        const token = crypto.randomBytes(32).toString('hex');
+        const tokenData = {
+            timestamp: Date.now(),
+            ...metadata,
+        };
+        // Store token (Harper handles expiration via table-level setting)
+        await csrfTokenManager.set(token, tokenData);
+        return token;
+    }
+    /**
+     * Verify and consume CSRF token
+     */
+    async verifyCSRFToken(token) {
+        // Always use distributed storage
+        const tokenData = await csrfTokenManager.get(token);
+        if (tokenData) {
+            // Delete for one-time use
+            await csrfTokenManager.delete(token);
+        }
+        if (!tokenData) {
+            return null;
+        }
+        return tokenData;
+    }
+    /**
+     * Refresh an access token using a refresh token
+     */
+    async refreshAccessToken(refreshToken) {
+        if (!refreshToken) {
+            throw new Error('Refresh token is required');
+        }
+        const params = new URLSearchParams({
+            grant_type: 'refresh_token',
+            refresh_token: refreshToken,
+            client_id: this.config.clientId,
+            client_secret: this.config.clientSecret,
+        });
+        // Some providers require scope to be included in refresh
+        if (this.config.scope) {
+            params.append('scope', this.config.scope);
+        }
+        const response = await fetch(this.config.tokenUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                'Accept': 'application/json',
+            },
+            body: params.toString(),
+        });
+        if (!response.ok) {
+            const contentType = response.headers.get('content-type');
+            let detail = `${response.status} ${response.statusText}`;
+            if (contentType?.includes('application/json')) {
+                try {
+                    const errorBody = await response.json();
+                    detail = errorBody.error_description || errorBody.error || response.statusText;
+                }
+                catch {
+                    // JSON parse failed despite content-type header — use status/statusText
+                }
+            }
+            // Drain unconsumed body to free the underlying socket (undici connection pool)
+            await response.body?.cancel();
+            this.logger?.error?.('Token refresh HTTP error:', {
+                status: response.status,
+                statusText: response.statusText,
+                detail,
+            });
+            throw new Error(`Token refresh failed: ${detail}`);
+        }
+        const contentType = response.headers.get('content-type');
+        let tokenData;
+        if (contentType?.includes('application/json')) {
+            tokenData = await response.json();
+        }
+        else {
+            // Some providers return form-encoded data
+            const text = await response.text();
+            const tokenParams = new URLSearchParams(text);
+            tokenData = Object.fromEntries(tokenParams);
+        }
+        // Check if response contains an error (some providers return 200 with error object)
+        if (tokenData.error) {
+            this.logger?.error?.('Token refresh returned error in response:', {
+                error: tokenData.error,
+                error_description: tokenData.error_description,
+                error_uri: tokenData.error_uri,
+            });
+            throw new Error(`Token refresh failed: ${tokenData.error_description || tokenData.error}`);
+        }
+        return tokenData;
+    }
+}
+//# sourceMappingURL=OAuthProvider.js.map

package/dist/lib/OAuthProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OAuthProvider.js","sourceRoot":"","sources":["../../src/lib/OAuthProvider.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,UAAU,MAAM,UAAU,CAAC;AAUlC,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,MAAM,OAAO,aAAa;IAClB,MAAM,CAAsB;IAC5B,MAAM,CAAU;IACf,UAAU,CAAyB;IAE3C,YAAY,MAA2B,EAAE,MAAe;QACvD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,mEAAmE;QACnE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;QACrC,CAAC;QACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAC7B,CAAC;IAEO,oBAAoB;QAC3B,wCAAwC;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;gBAC5B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,KAAK,EAAE,IAAI,EAAE,uCAAuC;gBACpD,eAAe,EAAE,CAAC,EAAE,8BAA8B;gBAClD,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;gBAC7C,SAAS,EAAE,IAAI,EAAE,8BAA8B;gBAC/C,qBAAqB,EAAE,EAAE;gBACzB,yBAAyB;gBACzB,OAAO,EAAE,IAAI;aACb,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,+BAA+B,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5E,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC/C,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAClB,8BAA8B,IAAI,CAAC,MAAM,CAAC,QAAQ,6CAA6C,CAC/F,CAAC;QACH,CAAC;IACF,CAAC;IAEO,cAAc;QACrB,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,cAAc,EAAE,kBAAkB,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;QAC7F,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAgC,CAAC,CAAC,CAAC;QAEzF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,gDAAgD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,KAAa,EAAE,WAAoB;QACtD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YAClC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE;YAC1D,aAAa,EAAE,MAAM;YACrB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;YAC9B,KAAK,EAAE,KAAK;SACZ,CAAC,CAAC;QAEH,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAClC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;gBACrE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;QACJ,CAAC;QAED,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,MAAM,EAAE,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,IAAY,EAAE,WAAoB;QAC5D,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YAClC,UAAU,EAAE,oBAAoB;YAChC,IAAI,EAAE,IAAI;YACV,YAAY,EAAE,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE;YAC1D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACvC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAClD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACR,cAAc,EAAE,mCAAmC;gBACnD,QAAQ,EAAE,kBAAkB;aAC5B;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC/C,IAAI,CAAC;oBACJ,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACxC,MAAM,MAAM,GAAG,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,IAAI,QAAQ,CAAC,UAAU,CAAC;oBACrF,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;gBACrD,CAAC;gBAAC,OAAO,UAAU,EAAE,CAAC;oBACrB,IAAI,UAAU,YAAY,KAAK,IAAI,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,uBAAuB,CAAC;wBAAE,MAAM,UAAU,CAAC;oBAC5G,gFAAgF;gBACjF,CAAC;YACF,CAAC;YACD,+EAA+E;YAC/E,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,4CAA4C,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACvG,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/C,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;QAClD,CAAC;aAAM,CAAC;YACP,wDAAwD;YACxD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;YAC9C,OAAO,MAAM,CAAC,WAAW,CAAC,WAAW,CAA6B,CAAC;QACpE,CAAC;IACF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB,EAAE,gBAAqB,IAAI;QAC/D,0DAA0D;QAC1D,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACnD,MAAM,OAAO,GAAuB;gBACnC,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC1C,MAAM,EAAE,IAAI,CAAC,MAAM;aACnB,CAAC;YACF,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QACjE,CAAC;QAED,qEAAqE;QACrE,IAAI,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YAC1D,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8CAA8C,CAAC,CAAC;YACrE,sEAAsE;YACtE,IAAI,CAAC,aAAa,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBACpD,IAAI,CAAC;oBACJ,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;oBAC7D,OAAO,EAAE,GAAG,aAAa,EAAE,GAAG,cAAc,EAAE,CAAC;gBAChD,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBAChB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,uCAAuC,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;gBACxF,CAAC;YACF,CAAC;YACD,OAAO,aAAa,CAAC;QACtB,CAAC;QAED,+BAA+B;QAC/B,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,WAAmB;QACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;YACrD,OAAO,EAAE;gBACR,aAAa,EAAE,UAAU,WAAW,EAAE;gBACtC,MAAM,EAAE,kBAAkB;aAC1B;SACD,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,OAAe;QAClC,6CAA6C;QAC7C,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAExD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC5C,CAAC;QAED,iDAAiD;QACjD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC;gBACJ,gCAAgC;gBAChC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAa,CAAC;gBACzC,IAAI,CAAC,GAAG,EAAE,CAAC;oBACV,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;gBAC5D,CAAC;gBAED,yDAAyD;gBACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;gBACrD,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;gBAErC,8BAA8B;gBAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE;oBAC/C,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;oBAClE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;oBAC9B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,SAAS;oBACvC,cAAc,EAAE,EAAE,EAAE,8BAA8B;iBAClD,CAAC,CAAC;gBAEH,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,0CAA0C,CAAC,CAAC;gBACjE,OAAO,QAAQ,CAAC;YACjB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,2DAA2D;gBAC3D,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,yCAAyC,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;gBAC1F,MAAM,IAAI,KAAK,CAAC,iCAAkC,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACF,CAAC;aAAM,CAAC;YACP,uDAAuD;YACvD,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,4DAA4D,CAAC,CAAC;YAClF,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,CAAC;IACF,CAAC;IAED;;;OAGG;IACK,mBAAmB,CAAC,OAAY;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,uBAAuB;QACvB,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1E,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,OAAO,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,QAAa;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,CAAC,MAAM,CAAC,aAAa,0BAA0B,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC;QAErG,OAAO;YACN,QAAQ;YACR,IAAI;YACJ,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC9B,cAAc,EAAE,QAAQ,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,OAAO;YAC/D,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,SAAS;YAClE,QAAQ,EAAE;gBACT,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACnC,WAAW,EAAE,QAAQ;aACrB;SACD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,QAAa,EAAE,SAAkB;QACrD,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,4CAA4C;QAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,KAAK,GAAQ,QAAQ,CAAC;QAE1B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACb,CAAC;QACF,CAAC;QAED,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,WAAgC,EAAE;QACzD,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACrD,MAAM,SAAS,GAAkB;YAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,GAAG,QAAQ;SACX,CAAC;QAEF,kEAAkE;QAClE,MAAM,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAE7C,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,KAAa;QAClC,iCAAiC;QACjC,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpD,IAAI,SAAS,EAAE,CAAC;YACf,0BAA0B;YAC1B,MAAM,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACb,CAAC;QAED,OAAO,SAAS,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,YAAoB;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YAClC,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,YAAY;YAC3B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACvC,CAAC,CAAC;QAEH,yDAAyD;QACzD,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACvB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAClD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACR,cAAc,EAAE,mCAAmC;gBACnD,QAAQ,EAAE,kBAAkB;aAC5B;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACzD,IAAI,MAAM,GAAW,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACjE,IAAI,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC/C,IAAI,CAAC;oBACJ,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACxC,MAAM,GAAG,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,IAAI,QAAQ,CAAC,UAAU,CAAC;gBAChF,CAAC;gBAAC,MAAM,CAAC;oBACR,wEAAwE;gBACzE,CAAC;YACF,CAAC;YACD,+EAA+E;YAC/E,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,2BAA2B,EAAE;gBACjD,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,MAAM;aACN,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,SAAwB,CAAC;QAE7B,IAAI,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/C,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,CAAC;aAAM,CAAC;YACP,0CAA0C;YAC1C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;YAC9C,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAA6B,CAAC;QACzE,CAAC;QAED,oFAAoF;QACpF,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,2CAA2C,EAAE;gBACjE,KAAK,EAAE,SAAS,CAAC,KAAK;gBACtB,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;gBAC9C,SAAS,EAAE,SAAS,CAAC,SAAS;aAC9B,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,yBAAyB,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;QAC5F,CAAC;QAED,OAAO,SAAS,CAAC;IAClB,CAAC;CACD"}

package/dist/lib/config.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * OAuth Configuration
+ *
+ * Provider configuration and initialization utilities
+ */
+import type { OAuthProviderConfig, OAuthPluginConfig, ProviderRegistry, Logger } from '../types.ts';
+/**
+ * Expand environment variable in a string value
+ *
+ * If the value is a string in the format `${VAR_NAME}`, it will be replaced
+ * with the value of the environment variable. Non-string values are returned unchanged.
+ *
+ * @example
+ * expandEnvVar('${MY_VAR}') // Returns process.env.MY_VAR or '${MY_VAR}' if undefined
+ * expandEnvVar('literal')   // Returns 'literal'
+ * expandEnvVar(123)         // Returns 123
+ * expandEnvVar(true)        // Returns true
+ */
+export declare function expandEnvVar(value: any): any;
+/**
+ * Build configuration for a specific provider
+ */
+export declare function buildProviderConfig(providerConfig: Record<string, any>, providerName: string, pluginDefaults?: Partial<OAuthProviderConfig>): OAuthProviderConfig;
+/**
+ * Extract plugin-level defaults from options
+ */
+export declare function extractPluginDefaults(options: OAuthPluginConfig): Partial<OAuthProviderConfig>;
+/**
+ * Initialize OAuth providers from configuration
+ */
+export declare function initializeProviders(options: OAuthPluginConfig, logger?: Logger): ProviderRegistry;