@hearth-auth/sdk 1.0.21 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin.d.ts +60 -0
- package/dist/admin.js +124 -0
- package/dist/admin.js.map +1 -1
- package/dist/errors.d.ts +15 -0
- package/dist/errors.js +17 -0
- package/dist/errors.js.map +1 -1
- package/dist/hearth-client.d.ts +66 -1
- package/dist/hearth-client.js +176 -1
- package/dist/hearth-client.js.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/jwks-client.d.ts +37 -4
- package/dist/jwks-client.js +99 -4
- package/dist/jwks-client.js.map +1 -1
- package/dist/types.d.ts +11 -0
- package/package.json +1 -1
package/dist/admin.d.ts
CHANGED
|
@@ -36,6 +36,66 @@ export declare class AdminClient {
|
|
|
36
36
|
updateRealm(realmId: string, params: UpdateRealmParams): Promise<Realm>;
|
|
37
37
|
/** DELETE /admin/realms/:id — delete a realm. */
|
|
38
38
|
deleteRealm(realmId: string): Promise<void>;
|
|
39
|
+
/** POST /admin/clients — register an OAuth 2.0 client. */
|
|
40
|
+
createClient(params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
41
|
+
/** GET /admin/clients/:id — get a client by ID. */
|
|
42
|
+
getClient(clientId: string): Promise<Record<string, unknown>>;
|
|
43
|
+
/** PATCH /admin/clients/:id — update a client. */
|
|
44
|
+
updateClient(clientId: string, params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
45
|
+
/** DELETE /admin/clients/:id — delete a client. */
|
|
46
|
+
deleteClient(clientId: string): Promise<void>;
|
|
47
|
+
/** GET /admin/clients — list clients with optional pagination. */
|
|
48
|
+
listClients(options?: {
|
|
49
|
+
limit?: number;
|
|
50
|
+
cursor?: string;
|
|
51
|
+
}): Promise<{
|
|
52
|
+
items: Record<string, unknown>[];
|
|
53
|
+
next_cursor: string | null;
|
|
54
|
+
}>;
|
|
55
|
+
/** POST /admin/roles — create a role. */
|
|
56
|
+
createRole(params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
57
|
+
/** GET /admin/roles/:id — get a role by ID. */
|
|
58
|
+
getRole(roleId: string): Promise<Record<string, unknown>>;
|
|
59
|
+
/** PATCH /admin/roles/:id — update a role. */
|
|
60
|
+
updateRole(roleId: string, params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
61
|
+
/** DELETE /admin/roles/:id — delete a role. */
|
|
62
|
+
deleteRole(roleId: string): Promise<void>;
|
|
63
|
+
/** GET /admin/roles — list roles with optional pagination. */
|
|
64
|
+
listRoles(options?: {
|
|
65
|
+
limit?: number;
|
|
66
|
+
cursor?: string;
|
|
67
|
+
}): Promise<{
|
|
68
|
+
items: Record<string, unknown>[];
|
|
69
|
+
next_cursor: string | null;
|
|
70
|
+
}>;
|
|
71
|
+
/** POST /admin/groups — create a group. */
|
|
72
|
+
createGroup(params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
73
|
+
/** GET /admin/groups/:id — get a group by ID. */
|
|
74
|
+
getGroup(groupId: string): Promise<Record<string, unknown>>;
|
|
75
|
+
/** PATCH /admin/groups/:id — update a group. */
|
|
76
|
+
updateGroup(groupId: string, params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
77
|
+
/** DELETE /admin/groups/:id — delete a group. */
|
|
78
|
+
deleteGroup(groupId: string): Promise<void>;
|
|
79
|
+
/** GET /admin/groups — list groups with optional pagination. */
|
|
80
|
+
listGroups(options?: {
|
|
81
|
+
limit?: number;
|
|
82
|
+
cursor?: string;
|
|
83
|
+
}): Promise<{
|
|
84
|
+
items: Record<string, unknown>[];
|
|
85
|
+
next_cursor: string | null;
|
|
86
|
+
}>;
|
|
87
|
+
/** POST /admin/orgs/:orgId/members — add a member to an organization. */
|
|
88
|
+
addOrgMember(orgId: string, params: Record<string, unknown>): Promise<Record<string, unknown>>;
|
|
89
|
+
/** GET /admin/orgs/:orgId/members — list members of an organization. */
|
|
90
|
+
listOrgMembers(orgId: string, options?: {
|
|
91
|
+
limit?: number;
|
|
92
|
+
cursor?: string;
|
|
93
|
+
}): Promise<{
|
|
94
|
+
items: Record<string, unknown>[];
|
|
95
|
+
next_cursor: string | null;
|
|
96
|
+
}>;
|
|
97
|
+
/** DELETE /admin/orgs/:orgId/members/:userId — remove a member from an organization. */
|
|
98
|
+
removeOrgMember(orgId: string, userId: string): Promise<void>;
|
|
39
99
|
private headers;
|
|
40
100
|
private get;
|
|
41
101
|
private post;
|
package/dist/admin.js
CHANGED
|
@@ -92,6 +92,130 @@ export class AdminClient {
|
|
|
92
92
|
throw new HearthError(resp.status, await resp.json());
|
|
93
93
|
}
|
|
94
94
|
}
|
|
95
|
+
// === OAuth Clients ===
|
|
96
|
+
/** POST /admin/clients — register an OAuth 2.0 client. */
|
|
97
|
+
async createClient(params) {
|
|
98
|
+
return this.post("/admin/clients", params);
|
|
99
|
+
}
|
|
100
|
+
/** GET /admin/clients/:id — get a client by ID. */
|
|
101
|
+
async getClient(clientId) {
|
|
102
|
+
return this.get(`/admin/clients/${clientId}`);
|
|
103
|
+
}
|
|
104
|
+
/** PATCH /admin/clients/:id — update a client. */
|
|
105
|
+
async updateClient(clientId, params) {
|
|
106
|
+
return this.request("PATCH", `/admin/clients/${clientId}`, params);
|
|
107
|
+
}
|
|
108
|
+
/** DELETE /admin/clients/:id — delete a client. */
|
|
109
|
+
async deleteClient(clientId) {
|
|
110
|
+
const resp = await fetch(`${this.baseUrl}/admin/clients/${clientId}`, {
|
|
111
|
+
method: "DELETE",
|
|
112
|
+
headers: this.headers(),
|
|
113
|
+
});
|
|
114
|
+
if (!resp.ok) {
|
|
115
|
+
throw new HearthError(resp.status, await resp.json());
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
/** GET /admin/clients — list clients with optional pagination. */
|
|
119
|
+
async listClients(options) {
|
|
120
|
+
const q = new URLSearchParams();
|
|
121
|
+
if (options?.limit)
|
|
122
|
+
q.set("limit", String(options.limit));
|
|
123
|
+
if (options?.cursor)
|
|
124
|
+
q.set("cursor", options.cursor);
|
|
125
|
+
const qs = q.toString();
|
|
126
|
+
return this.get(`/admin/clients${qs ? `?${qs}` : ""}`);
|
|
127
|
+
}
|
|
128
|
+
// === Roles ===
|
|
129
|
+
/** POST /admin/roles — create a role. */
|
|
130
|
+
async createRole(params) {
|
|
131
|
+
return this.post("/admin/roles", params);
|
|
132
|
+
}
|
|
133
|
+
/** GET /admin/roles/:id — get a role by ID. */
|
|
134
|
+
async getRole(roleId) {
|
|
135
|
+
return this.get(`/admin/roles/${roleId}`);
|
|
136
|
+
}
|
|
137
|
+
/** PATCH /admin/roles/:id — update a role. */
|
|
138
|
+
async updateRole(roleId, params) {
|
|
139
|
+
return this.request("PATCH", `/admin/roles/${roleId}`, params);
|
|
140
|
+
}
|
|
141
|
+
/** DELETE /admin/roles/:id — delete a role. */
|
|
142
|
+
async deleteRole(roleId) {
|
|
143
|
+
const resp = await fetch(`${this.baseUrl}/admin/roles/${roleId}`, {
|
|
144
|
+
method: "DELETE",
|
|
145
|
+
headers: this.headers(),
|
|
146
|
+
});
|
|
147
|
+
if (!resp.ok) {
|
|
148
|
+
throw new HearthError(resp.status, await resp.json());
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
/** GET /admin/roles — list roles with optional pagination. */
|
|
152
|
+
async listRoles(options) {
|
|
153
|
+
const q = new URLSearchParams();
|
|
154
|
+
if (options?.limit)
|
|
155
|
+
q.set("limit", String(options.limit));
|
|
156
|
+
if (options?.cursor)
|
|
157
|
+
q.set("cursor", options.cursor);
|
|
158
|
+
const qs = q.toString();
|
|
159
|
+
return this.get(`/admin/roles${qs ? `?${qs}` : ""}`);
|
|
160
|
+
}
|
|
161
|
+
// === Groups ===
|
|
162
|
+
/** POST /admin/groups — create a group. */
|
|
163
|
+
async createGroup(params) {
|
|
164
|
+
return this.post("/admin/groups", params);
|
|
165
|
+
}
|
|
166
|
+
/** GET /admin/groups/:id — get a group by ID. */
|
|
167
|
+
async getGroup(groupId) {
|
|
168
|
+
return this.get(`/admin/groups/${groupId}`);
|
|
169
|
+
}
|
|
170
|
+
/** PATCH /admin/groups/:id — update a group. */
|
|
171
|
+
async updateGroup(groupId, params) {
|
|
172
|
+
return this.request("PATCH", `/admin/groups/${groupId}`, params);
|
|
173
|
+
}
|
|
174
|
+
/** DELETE /admin/groups/:id — delete a group. */
|
|
175
|
+
async deleteGroup(groupId) {
|
|
176
|
+
const resp = await fetch(`${this.baseUrl}/admin/groups/${groupId}`, {
|
|
177
|
+
method: "DELETE",
|
|
178
|
+
headers: this.headers(),
|
|
179
|
+
});
|
|
180
|
+
if (!resp.ok) {
|
|
181
|
+
throw new HearthError(resp.status, await resp.json());
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
/** GET /admin/groups — list groups with optional pagination. */
|
|
185
|
+
async listGroups(options) {
|
|
186
|
+
const q = new URLSearchParams();
|
|
187
|
+
if (options?.limit)
|
|
188
|
+
q.set("limit", String(options.limit));
|
|
189
|
+
if (options?.cursor)
|
|
190
|
+
q.set("cursor", options.cursor);
|
|
191
|
+
const qs = q.toString();
|
|
192
|
+
return this.get(`/admin/groups${qs ? `?${qs}` : ""}`);
|
|
193
|
+
}
|
|
194
|
+
// === Org Members ===
|
|
195
|
+
/** POST /admin/orgs/:orgId/members — add a member to an organization. */
|
|
196
|
+
async addOrgMember(orgId, params) {
|
|
197
|
+
return this.post(`/admin/orgs/${orgId}/members`, params);
|
|
198
|
+
}
|
|
199
|
+
/** GET /admin/orgs/:orgId/members — list members of an organization. */
|
|
200
|
+
async listOrgMembers(orgId, options) {
|
|
201
|
+
const q = new URLSearchParams();
|
|
202
|
+
if (options?.limit)
|
|
203
|
+
q.set("limit", String(options.limit));
|
|
204
|
+
if (options?.cursor)
|
|
205
|
+
q.set("cursor", options.cursor);
|
|
206
|
+
const qs = q.toString();
|
|
207
|
+
return this.get(`/admin/orgs/${orgId}/members${qs ? `?${qs}` : ""}`);
|
|
208
|
+
}
|
|
209
|
+
/** DELETE /admin/orgs/:orgId/members/:userId — remove a member from an organization. */
|
|
210
|
+
async removeOrgMember(orgId, userId) {
|
|
211
|
+
const resp = await fetch(`${this.baseUrl}/admin/orgs/${orgId}/members/${userId}`, {
|
|
212
|
+
method: "DELETE",
|
|
213
|
+
headers: this.headers(),
|
|
214
|
+
});
|
|
215
|
+
if (!resp.ok) {
|
|
216
|
+
throw new HearthError(resp.status, await resp.json());
|
|
217
|
+
}
|
|
218
|
+
}
|
|
95
219
|
headers() {
|
|
96
220
|
return {
|
|
97
221
|
"X-Realm-ID": this.realmId,
|
package/dist/admin.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin.js","sourceRoot":"","sources":["../src/admin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAW1C;;;;;GAKG;AACH,MAAM,OAAO,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,OAAe,EACf,OAAe,EACf,WAAmB;QAFnB,YAAO,GAAP,OAAO,CAAQ;QACf,YAAO,GAAP,OAAO,CAAQ;QACf,gBAAW,GAAX,WAAW,CAAQ;IACnC,CAAC;IAEJ,gBAAgB;IAEhB,yCAAyC;IACzC,KAAK,CAAC,UAAU,CAAC,MAAwB;QACvC,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,qDAAqD;IACrD,KAAK,CAAC,SAAS,CAAC,OAGf;QACC,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAwB;QACvD,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,MAAM,EAAE,EAAE;YACrD,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,MAAM,EAAE,EAAE;YAChE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,iBAAiB;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,WAAW,CAAC,MAAyB;QACzC,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YAChC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,CAAC,UAAU,CAAC,OAGhB;QACC,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,OAAO,IAAI,CAAC,GAAG,CAAC,iBAAiB,OAAO,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,WAAW,CACf,OAAe,EACf,MAAyB;QAEzB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,OAAO,EAAE,EAAE;YACvD,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,iBAAiB,OAAO,EAAE,EAAE;YAClE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,OAAO;QACb,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,OAAO;YAC1B,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,GAAG,CAAI,IAAY;QAC/B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YACjD,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,EAAgB,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAa;QAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1C,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,IAAY,EACZ,IAAa;QAEb,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YACjD,MAAM;YACN,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YACvB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,EAAgB,CAAC;IACnC,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"admin.js","sourceRoot":"","sources":["../src/admin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAW1C;;;;;GAKG;AACH,MAAM,OAAO,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,OAAe,EACf,OAAe,EACf,WAAmB;QAFnB,YAAO,GAAP,OAAO,CAAQ;QACf,YAAO,GAAP,OAAO,CAAQ;QACf,gBAAW,GAAX,WAAW,CAAQ;IACnC,CAAC;IAEJ,gBAAgB;IAEhB,yCAAyC;IACzC,KAAK,CAAC,UAAU,CAAC,MAAwB;QACvC,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAED,qDAAqD;IACrD,KAAK,CAAC,SAAS,CAAC,OAGf;QACC,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAwB;QACvD,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,MAAM,EAAE,EAAE;YACrD,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,MAAM,EAAE,EAAE;YAChE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,iBAAiB;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,WAAW,CAAC,MAAyB;QACzC,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YAChC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,CAAC,UAAU,CAAC,OAGhB;QACC,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,OAAO,IAAI,CAAC,GAAG,CAAC,iBAAiB,OAAO,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,WAAW,CACf,OAAe,EACf,MAAyB;QAEzB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,OAAO,EAAE,EAAE;YACvD,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,iBAAiB,OAAO,EAAE,EAAE;YAClE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,wBAAwB;IAExB,0DAA0D;IAC1D,KAAK,CAAC,YAAY,CAAC,MAA+B;QAChD,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED,mDAAmD;IACnD,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,kBAAkB,QAAQ,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,kDAAkD;IAClD,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,MAA+B;QAClE,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;IACrE,CAAC;IAED,mDAAmD;IACnD,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,QAAQ,EAAE,EAAE;YACpE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,KAAK,CAAC,WAAW,CAAC,OAA6C;QAC7D,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,gBAAgB;IAEhB,yCAAyC;IACzC,KAAK,CAAC,UAAU,CAAC,MAA+B;QAC9C,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAA+B;QAC9D,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC;IACjE,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,MAAM,EAAE,EAAE;YAChE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,KAAK,CAAC,SAAS,CAAC,OAA6C;QAC3D,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,iBAAiB;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,WAAW,CAAC,MAA+B;QAC/C,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,OAAO,IAAI,CAAC,GAAG,CAAC,iBAAiB,OAAO,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,MAA+B;QAChE,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;IACnE,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,iBAAiB,OAAO,EAAE,EAAE;YAClE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,KAAK,CAAC,UAAU,CAAC,OAA6C;QAC5D,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,sBAAsB;IAEtB,yEAAyE;IACzE,KAAK,CAAC,YAAY,CAAC,KAAa,EAAE,MAA+B;QAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,KAAK,UAAU,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,OAA6C;QAC/E,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;QAChC,IAAI,OAAO,EAAE,KAAK;YAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,eAAe,KAAK,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,wFAAwF;IACxF,KAAK,CAAC,eAAe,CAAC,KAAa,EAAE,MAAc;QACjD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,KAAK,YAAY,MAAM,EAAE,EAAE;YAChF,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,OAAO;QACb,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,OAAO;YAC1B,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,GAAG,CAAI,IAAY;QAC/B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YACjD,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,EAAgB,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAa;QAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1C,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAc,EACd,IAAY,EACZ,IAAa;QAEb,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YACjD,MAAM;YACN,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YACvB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,EAAgB,CAAC;IACnC,CAAC;CACF"}
|
package/dist/errors.d.ts
CHANGED
|
@@ -70,6 +70,21 @@ export declare class IntrospectionError extends HearthSdkError {
|
|
|
70
70
|
readonly cause?: unknown | undefined;
|
|
71
71
|
constructor(message: string, cause?: unknown | undefined);
|
|
72
72
|
}
|
|
73
|
+
/**
|
|
74
|
+
* Thrown when an OAuth 2.0 token-endpoint request (code exchange, client credentials,
|
|
75
|
+
* device flow, magic-link, etc.) returns a non-2xx HTTP response.
|
|
76
|
+
*/
|
|
77
|
+
export declare class OAuthFlowError extends HearthSdkError {
|
|
78
|
+
/** HTTP status code returned by the server; 0 for network-level failures. */
|
|
79
|
+
readonly statusCode: number;
|
|
80
|
+
/** OAuth error code from the response body, or a summary message. */
|
|
81
|
+
readonly errorCode: string;
|
|
82
|
+
constructor(
|
|
83
|
+
/** HTTP status code returned by the server; 0 for network-level failures. */
|
|
84
|
+
statusCode: number,
|
|
85
|
+
/** OAuth error code from the response body, or a summary message. */
|
|
86
|
+
errorCode: string, message?: string);
|
|
87
|
+
}
|
|
73
88
|
/**
|
|
74
89
|
* Thrown when the `mode` field echoed in an introspection response does not
|
|
75
90
|
* match the SDK's configured `expectedMode`.
|
package/dist/errors.js
CHANGED
|
@@ -102,6 +102,23 @@ export class IntrospectionError extends HearthSdkError {
|
|
|
102
102
|
this.cause = cause;
|
|
103
103
|
}
|
|
104
104
|
}
|
|
105
|
+
/**
|
|
106
|
+
* Thrown when an OAuth 2.0 token-endpoint request (code exchange, client credentials,
|
|
107
|
+
* device flow, magic-link, etc.) returns a non-2xx HTTP response.
|
|
108
|
+
*/
|
|
109
|
+
export class OAuthFlowError extends HearthSdkError {
|
|
110
|
+
statusCode;
|
|
111
|
+
errorCode;
|
|
112
|
+
constructor(
|
|
113
|
+
/** HTTP status code returned by the server; 0 for network-level failures. */
|
|
114
|
+
statusCode,
|
|
115
|
+
/** OAuth error code from the response body, or a summary message. */
|
|
116
|
+
errorCode, message = `OAuth flow error ${statusCode}: ${errorCode}`) {
|
|
117
|
+
super(message);
|
|
118
|
+
this.statusCode = statusCode;
|
|
119
|
+
this.errorCode = errorCode;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
105
122
|
/**
|
|
106
123
|
* Thrown when the `mode` field echoed in an introspection response does not
|
|
107
124
|
* match the SDK's configured `expectedMode`.
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,4CAA4C;AAC5C,MAAM,OAAO,cAAe,SAAQ,KAAK;IACvC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IACpC,CAAC;CACF;AAED,gFAAgF;AAChF,MAAM,OAAO,kBAAmB,SAAQ,cAAc;IACpD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,2EAA2E;AAC3E,MAAM,OAAO,cAAe,SAAQ,cAAc;IAG9B;IAFlB,YACE,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF;AAED,+DAA+D;AAC/D,MAAM,OAAO,cAAe,SAAQ,cAAc;IAG9B;IAFlB,YACE,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF;AAED,wDAAwD;AACxD,MAAM,OAAO,iBAAkB,SAAQ,cAAc;IAEjC;IADlB,YACkB,SAAe,EAC/B,OAAO,GAAG,oBAAoB,SAAS,CAAC,WAAW,EAAE,EAAE;QAEvD,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,cAAS,GAAT,SAAS,CAAM;IAIjC,CAAC;CACF;AAED,0DAA0D;AAC1D,MAAM,OAAO,qBAAsB,SAAQ,cAAc;IAErC;IADlB,YACkB,SAAe,EAC/B,OAAO,GAAG,6BAA6B,SAAS,CAAC,WAAW,EAAE,EAAE;QAEhE,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,cAAS,GAAT,SAAS,CAAM;IAIjC,CAAC;CACF;AAED,oEAAoE;AACpE,MAAM,OAAO,iBAAkB,SAAQ,cAAc;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,8EAA8E;AAC9E,MAAM,OAAO,gBAAiB,SAAQ,cAAc;IAEhC;IACA;IAFlB,YACkB,QAAgB,EAChB,MAAc,EAC9B,OAAO,GAAG,oCAAoC,QAAQ,WAAW,MAAM,GAAG;QAE1E,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;IAIhC,CAAC;CACF;AAED,kFAAkF;AAClF,MAAM,OAAO,kBAAmB,SAAQ,cAAc;IAElC;IACA;IAFlB,YACkB,QAAgB,EAChB,MAAgB,EAChC,OAAO,GAAG,sCAAsC,QAAQ,WAAW,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAEvF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAU;IAIlC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,mBAAoB,SAAQ,cAAc;IAGnC;IAEA;IAJlB;IACE,sEAAsE;IACtD,eAAyB;IACzC,+EAA+E;IAC/D,WAAoB,EACpC,OAAO,GAAG,6BAA6B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAEnE,KAAK,CAAC,OAAO,CAAC,CAAC;QALC,oBAAe,GAAf,eAAe,CAAU;QAEzB,gBAAW,GAAX,WAAW,CAAS;IAItC,CAAC;CACF;AAED,2EAA2E;AAC3E,MAAM,OAAO,kBAAmB,SAAQ,cAAc;IAGlC;IAFlB,YACE,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,8BAA+B,SAAQ,cAAc;IAE9C;IACA;IAFlB,YACkB,QAAgB,EAChB,MAAc,EAC9B,OAAO,GAAG,0CAA0C,QAAQ,WAAW,MAAM,GAAG;QAEhF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;IAIhC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,0BAA2B,SAAQ,cAAc;IAE1C;IACA;IACA;IAHlB,YACkB,SAAiB,EACjB,OAAe,EACf,KAAa,EAC7B,OAAO,GAAG,gCAAgC,SAAS,QAAQ,OAAO,UAAU,KAAK,EAAE;QAEnF,KAAK,CAAC,OAAO,CAAC,CAAC;QALC,cAAS,GAAT,SAAS,CAAQ;QACjB,YAAO,GAAP,OAAO,CAAQ;QACf,UAAK,GAAL,KAAK,CAAQ;IAI/B,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,6BAA8B,SAAQ,cAAc;IAG7C;IACA;IAHlB;IACE,2EAA2E;IAC3D,KAAa,EACb,UAAmC,QAAQ,EAC3D,OAAO,GAAG,oCAAoC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,EAAE;QAEzF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,UAAK,GAAL,KAAK,CAAQ;QACb,YAAO,GAAP,OAAO,CAAoC;IAI7D,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,4CAA4C;AAC5C,MAAM,OAAO,cAAe,SAAQ,KAAK;IACvC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IACpC,CAAC;CACF;AAED,gFAAgF;AAChF,MAAM,OAAO,kBAAmB,SAAQ,cAAc;IACpD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,2EAA2E;AAC3E,MAAM,OAAO,cAAe,SAAQ,cAAc;IAG9B;IAFlB,YACE,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF;AAED,+DAA+D;AAC/D,MAAM,OAAO,cAAe,SAAQ,cAAc;IAG9B;IAFlB,YACE,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF;AAED,wDAAwD;AACxD,MAAM,OAAO,iBAAkB,SAAQ,cAAc;IAEjC;IADlB,YACkB,SAAe,EAC/B,OAAO,GAAG,oBAAoB,SAAS,CAAC,WAAW,EAAE,EAAE;QAEvD,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,cAAS,GAAT,SAAS,CAAM;IAIjC,CAAC;CACF;AAED,0DAA0D;AAC1D,MAAM,OAAO,qBAAsB,SAAQ,cAAc;IAErC;IADlB,YACkB,SAAe,EAC/B,OAAO,GAAG,6BAA6B,SAAS,CAAC,WAAW,EAAE,EAAE;QAEhE,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,cAAS,GAAT,SAAS,CAAM;IAIjC,CAAC;CACF;AAED,oEAAoE;AACpE,MAAM,OAAO,iBAAkB,SAAQ,cAAc;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,8EAA8E;AAC9E,MAAM,OAAO,gBAAiB,SAAQ,cAAc;IAEhC;IACA;IAFlB,YACkB,QAAgB,EAChB,MAAc,EAC9B,OAAO,GAAG,oCAAoC,QAAQ,WAAW,MAAM,GAAG;QAE1E,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;IAIhC,CAAC;CACF;AAED,kFAAkF;AAClF,MAAM,OAAO,kBAAmB,SAAQ,cAAc;IAElC;IACA;IAFlB,YACkB,QAAgB,EAChB,MAAgB,EAChC,OAAO,GAAG,sCAAsC,QAAQ,WAAW,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAEvF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAU;IAIlC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,mBAAoB,SAAQ,cAAc;IAGnC;IAEA;IAJlB;IACE,sEAAsE;IACtD,eAAyB;IACzC,+EAA+E;IAC/D,WAAoB,EACpC,OAAO,GAAG,6BAA6B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAEnE,KAAK,CAAC,OAAO,CAAC,CAAC;QALC,oBAAe,GAAf,eAAe,CAAU;QAEzB,gBAAW,GAAX,WAAW,CAAS;IAItC,CAAC;CACF;AAED,2EAA2E;AAC3E,MAAM,OAAO,kBAAmB,SAAQ,cAAc;IAGlC;IAFlB,YACE,OAAe,EACC,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,UAAK,GAAL,KAAK,CAAU;IAGjC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,cAAc;IAG9B;IAEA;IAJlB;IACE,6EAA6E;IAC7D,UAAkB;IAClC,qEAAqE;IACrD,SAAiB,EACjC,OAAO,GAAG,oBAAoB,UAAU,KAAK,SAAS,EAAE;QAExD,KAAK,CAAC,OAAO,CAAC,CAAC;QALC,eAAU,GAAV,UAAU,CAAQ;QAElB,cAAS,GAAT,SAAS,CAAQ;IAInC,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,8BAA+B,SAAQ,cAAc;IAE9C;IACA;IAFlB,YACkB,QAAgB,EAChB,MAAc,EAC9B,OAAO,GAAG,0CAA0C,QAAQ,WAAW,MAAM,GAAG;QAEhF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;IAIhC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,0BAA2B,SAAQ,cAAc;IAE1C;IACA;IACA;IAHlB,YACkB,SAAiB,EACjB,OAAe,EACf,KAAa,EAC7B,OAAO,GAAG,gCAAgC,SAAS,QAAQ,OAAO,UAAU,KAAK,EAAE;QAEnF,KAAK,CAAC,OAAO,CAAC,CAAC;QALC,cAAS,GAAT,SAAS,CAAQ;QACjB,YAAO,GAAP,OAAO,CAAQ;QACf,UAAK,GAAL,KAAK,CAAQ;IAI/B,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,6BAA8B,SAAQ,cAAc;IAG7C;IACA;IAHlB;IACE,2EAA2E;IAC3D,KAAa,EACb,UAAmC,QAAQ,EAC3D,OAAO,GAAG,oCAAoC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,EAAE;QAEzF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,UAAK,GAAL,KAAK,CAAQ;QACb,YAAO,GAAP,OAAO,CAAoC;IAI7D,CAAC;CACF"}
|
package/dist/hearth-client.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { JwksClient } from "./jwks-client.js";
|
|
2
2
|
import { IntrospectionClient, type IntrospectionResult } from "./introspection-client.js";
|
|
3
|
-
import type { AccessTokenAuthorizationMode, AuthorizePermissionOptions } from "./types.js";
|
|
3
|
+
import type { AccessTokenAuthorizationMode, AuthorizePermissionOptions, DeviceAuthorizationResponse, TokenResponse } from "./types.js";
|
|
4
|
+
import { Claims } from "./claims.js";
|
|
4
5
|
/** Configuration for {@link HearthClient}. */
|
|
5
6
|
export interface HearthClientConfig {
|
|
6
7
|
/**
|
|
@@ -129,5 +130,69 @@ export declare class HearthClient {
|
|
|
129
130
|
* @throws {@link AuthorizationModeMismatchError} on mode echo mismatch.
|
|
130
131
|
*/
|
|
131
132
|
introspect(token: string): Promise<IntrospectionResult>;
|
|
133
|
+
/**
|
|
134
|
+
* Verify a JWT using JWKS-backed EdDSA/Ed25519 local signature verification (spec §2).
|
|
135
|
+
*
|
|
136
|
+
* Performs all five mandatory validation steps in order:
|
|
137
|
+
* 1. Signature against the JWKS endpoint (EdDSA/OKP/Ed25519 required; RS256/ES256 accepted).
|
|
138
|
+
* 2. `exp` claim (rejects expired tokens).
|
|
139
|
+
* 3. `iss` claim (must match configured `issuerUrl`).
|
|
140
|
+
* 4. `aud` claim (validated when `clientId` is set in config).
|
|
141
|
+
* 5. `iat` claim (within 60-second clock skew tolerance).
|
|
142
|
+
*
|
|
143
|
+
* @throws {@link TokenExpiredError} — token is expired.
|
|
144
|
+
* @throws {@link TokenInvalidError} — signature invalid or JWT malformed.
|
|
145
|
+
* @throws {@link TokenIssuerError} — issuer does not match `issuerUrl`.
|
|
146
|
+
* @throws {@link TokenAudienceError} — audience does not include `clientId`.
|
|
147
|
+
* @throws {@link JWKSFetchError} — JWKS endpoint unreachable.
|
|
148
|
+
*/
|
|
149
|
+
verifyToken(token: string): Promise<Claims>;
|
|
150
|
+
/**
|
|
151
|
+
* Obtain a token via the Client Credentials grant (RFC 6749 §4.4).
|
|
152
|
+
*
|
|
153
|
+
* Sends `client_id` and `client_secret` as `application/x-www-form-urlencoded`
|
|
154
|
+
* body fields — NEVER as URL query parameters. The token endpoint is discovered
|
|
155
|
+
* from the OIDC discovery document.
|
|
156
|
+
*
|
|
157
|
+
* @throws {@link OAuthFlowError} on any non-2xx response.
|
|
158
|
+
*/
|
|
159
|
+
clientCredentials(scope?: string): Promise<TokenResponse>;
|
|
160
|
+
/**
|
|
161
|
+
* Begin a Device Authorization Flow (RFC 8628 §3.1).
|
|
162
|
+
*
|
|
163
|
+
* Returns the `device_code`, `user_code`, `verification_uri`, and polling `interval`.
|
|
164
|
+
* Pass the returned `device_code` and `interval` to `pollDeviceToken()` to await approval.
|
|
165
|
+
*
|
|
166
|
+
* @throws {@link ConfigurationError} when `device_authorization_endpoint` is absent.
|
|
167
|
+
* @throws {@link OAuthFlowError} on any non-2xx response.
|
|
168
|
+
*/
|
|
169
|
+
startDeviceFlow(scope?: string): Promise<DeviceAuthorizationResponse>;
|
|
170
|
+
/**
|
|
171
|
+
* Poll the token endpoint until the device flow completes (RFC 8628 §3.5).
|
|
172
|
+
*
|
|
173
|
+
* Handles `authorization_pending` by continuing to poll transparently.
|
|
174
|
+
* Handles `slow_down` by increasing the interval by 5 s per occurrence.
|
|
175
|
+
* Throws `TokenExpiredError` when the device code expires (`expired_token`).
|
|
176
|
+
*
|
|
177
|
+
* @param deviceCode - The `device_code` from `startDeviceFlow()`.
|
|
178
|
+
* @param intervalSeconds - Initial polling interval (from `startDeviceFlow().interval`).
|
|
179
|
+
* @throws {@link TokenExpiredError} — device code has expired.
|
|
180
|
+
* @throws {@link OAuthFlowError} — non-recoverable error from the server.
|
|
181
|
+
*/
|
|
182
|
+
pollDeviceToken(deviceCode: string, intervalSeconds: number): Promise<TokenResponse>;
|
|
183
|
+
/**
|
|
184
|
+
* Request a magic-link / passwordless authentication email (spec §4.5.3).
|
|
185
|
+
*
|
|
186
|
+
* Always resolves silently on HTTP 202 — per enumeration-resistance requirements,
|
|
187
|
+
* the server always returns 202 whether or not the email is registered.
|
|
188
|
+
* HTTP 429 (rate limit) and other non-2xx responses throw `OAuthFlowError`.
|
|
189
|
+
*
|
|
190
|
+
* Requires `realmId` in `HearthClientConfig`.
|
|
191
|
+
*
|
|
192
|
+
* @throws {@link ConfigurationError} when `realmId` is absent.
|
|
193
|
+
* @throws {@link OAuthFlowError} on non-2xx response.
|
|
194
|
+
*/
|
|
195
|
+
requestMagicLink(email: string): Promise<void>;
|
|
196
|
+
private postForm;
|
|
132
197
|
}
|
|
133
198
|
export {};
|
package/dist/hearth-client.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AuthorizationModeMismatchError, ConfigurationError, DiscoveryError, } from "./errors.js";
|
|
1
|
+
import { AuthorizationModeMismatchError, ConfigurationError, DiscoveryError, OAuthFlowError, TokenExpiredError, } from "./errors.js";
|
|
2
2
|
import { JwksClient } from "./jwks-client.js";
|
|
3
3
|
import { IntrospectionClient, } from "./introspection-client.js";
|
|
4
4
|
/**
|
|
@@ -188,5 +188,180 @@ export class HearthClient {
|
|
|
188
188
|
}
|
|
189
189
|
return result;
|
|
190
190
|
}
|
|
191
|
+
// ── §2 — Token Verification (EdDSA/Ed25519) ─────────────────────────────
|
|
192
|
+
/**
|
|
193
|
+
* Verify a JWT using JWKS-backed EdDSA/Ed25519 local signature verification (spec §2).
|
|
194
|
+
*
|
|
195
|
+
* Performs all five mandatory validation steps in order:
|
|
196
|
+
* 1. Signature against the JWKS endpoint (EdDSA/OKP/Ed25519 required; RS256/ES256 accepted).
|
|
197
|
+
* 2. `exp` claim (rejects expired tokens).
|
|
198
|
+
* 3. `iss` claim (must match configured `issuerUrl`).
|
|
199
|
+
* 4. `aud` claim (validated when `clientId` is set in config).
|
|
200
|
+
* 5. `iat` claim (within 60-second clock skew tolerance).
|
|
201
|
+
*
|
|
202
|
+
* @throws {@link TokenExpiredError} — token is expired.
|
|
203
|
+
* @throws {@link TokenInvalidError} — signature invalid or JWT malformed.
|
|
204
|
+
* @throws {@link TokenIssuerError} — issuer does not match `issuerUrl`.
|
|
205
|
+
* @throws {@link TokenAudienceError} — audience does not include `clientId`.
|
|
206
|
+
* @throws {@link JWKSFetchError} — JWKS endpoint unreachable.
|
|
207
|
+
*/
|
|
208
|
+
async verifyToken(token) {
|
|
209
|
+
const jc = await this.jwksClient();
|
|
210
|
+
return jc.verify(token, {
|
|
211
|
+
issuer: this.issuerUrl,
|
|
212
|
+
audience: this.clientId,
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
// ── §4.5 — OAuth Flows ───────────────────────────────────────────────────
|
|
216
|
+
/**
|
|
217
|
+
* Obtain a token via the Client Credentials grant (RFC 6749 §4.4).
|
|
218
|
+
*
|
|
219
|
+
* Sends `client_id` and `client_secret` as `application/x-www-form-urlencoded`
|
|
220
|
+
* body fields — NEVER as URL query parameters. The token endpoint is discovered
|
|
221
|
+
* from the OIDC discovery document.
|
|
222
|
+
*
|
|
223
|
+
* @throws {@link OAuthFlowError} on any non-2xx response.
|
|
224
|
+
*/
|
|
225
|
+
async clientCredentials(scope) {
|
|
226
|
+
const doc = await this.discover();
|
|
227
|
+
const tokenEndpoint = doc["token_endpoint"];
|
|
228
|
+
if (!tokenEndpoint) {
|
|
229
|
+
throw new ConfigurationError("token_endpoint not found in OIDC discovery document");
|
|
230
|
+
}
|
|
231
|
+
const params = {
|
|
232
|
+
grant_type: "client_credentials",
|
|
233
|
+
client_id: this.clientId ?? "",
|
|
234
|
+
client_secret: this.clientSecret ?? "",
|
|
235
|
+
};
|
|
236
|
+
if (scope !== undefined)
|
|
237
|
+
params.scope = scope;
|
|
238
|
+
return this.postForm(tokenEndpoint, params);
|
|
239
|
+
}
|
|
240
|
+
/**
|
|
241
|
+
* Begin a Device Authorization Flow (RFC 8628 §3.1).
|
|
242
|
+
*
|
|
243
|
+
* Returns the `device_code`, `user_code`, `verification_uri`, and polling `interval`.
|
|
244
|
+
* Pass the returned `device_code` and `interval` to `pollDeviceToken()` to await approval.
|
|
245
|
+
*
|
|
246
|
+
* @throws {@link ConfigurationError} when `device_authorization_endpoint` is absent.
|
|
247
|
+
* @throws {@link OAuthFlowError} on any non-2xx response.
|
|
248
|
+
*/
|
|
249
|
+
async startDeviceFlow(scope) {
|
|
250
|
+
const doc = await this.discover();
|
|
251
|
+
const deviceEndpoint = doc["device_authorization_endpoint"];
|
|
252
|
+
if (!deviceEndpoint) {
|
|
253
|
+
throw new ConfigurationError("device_authorization_endpoint not found in OIDC discovery document");
|
|
254
|
+
}
|
|
255
|
+
const params = { client_id: this.clientId ?? "" };
|
|
256
|
+
if (scope !== undefined)
|
|
257
|
+
params.scope = scope;
|
|
258
|
+
return this.postForm(deviceEndpoint, params);
|
|
259
|
+
}
|
|
260
|
+
/**
|
|
261
|
+
* Poll the token endpoint until the device flow completes (RFC 8628 §3.5).
|
|
262
|
+
*
|
|
263
|
+
* Handles `authorization_pending` by continuing to poll transparently.
|
|
264
|
+
* Handles `slow_down` by increasing the interval by 5 s per occurrence.
|
|
265
|
+
* Throws `TokenExpiredError` when the device code expires (`expired_token`).
|
|
266
|
+
*
|
|
267
|
+
* @param deviceCode - The `device_code` from `startDeviceFlow()`.
|
|
268
|
+
* @param intervalSeconds - Initial polling interval (from `startDeviceFlow().interval`).
|
|
269
|
+
* @throws {@link TokenExpiredError} — device code has expired.
|
|
270
|
+
* @throws {@link OAuthFlowError} — non-recoverable error from the server.
|
|
271
|
+
*/
|
|
272
|
+
async pollDeviceToken(deviceCode, intervalSeconds) {
|
|
273
|
+
const doc = await this.discover();
|
|
274
|
+
const tokenEndpoint = doc["token_endpoint"];
|
|
275
|
+
if (!tokenEndpoint) {
|
|
276
|
+
throw new ConfigurationError("token_endpoint not found in OIDC discovery document");
|
|
277
|
+
}
|
|
278
|
+
let currentIntervalMs = intervalSeconds * 1000;
|
|
279
|
+
// Use while(true) + await-setTimeout so Vitest fake timers can control polling in tests.
|
|
280
|
+
// eslint-disable-next-line no-constant-condition
|
|
281
|
+
while (true) {
|
|
282
|
+
await new Promise((res) => setTimeout(res, currentIntervalMs));
|
|
283
|
+
const body = new URLSearchParams({
|
|
284
|
+
grant_type: "urn:ietf:params:oauth:grant-type:device_code",
|
|
285
|
+
device_code: deviceCode,
|
|
286
|
+
client_id: this.clientId ?? "",
|
|
287
|
+
}).toString();
|
|
288
|
+
const resp = await fetch(tokenEndpoint, {
|
|
289
|
+
method: "POST",
|
|
290
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
291
|
+
body,
|
|
292
|
+
});
|
|
293
|
+
if (resp.ok) {
|
|
294
|
+
return resp.json();
|
|
295
|
+
}
|
|
296
|
+
let errorCode = "unknown";
|
|
297
|
+
try {
|
|
298
|
+
const parsed = (await resp.json());
|
|
299
|
+
errorCode = typeof parsed["error"] === "string" ? parsed["error"] : "unknown";
|
|
300
|
+
}
|
|
301
|
+
catch { /* ignore parse failures */ }
|
|
302
|
+
if (errorCode === "authorization_pending") {
|
|
303
|
+
continue;
|
|
304
|
+
}
|
|
305
|
+
else if (errorCode === "slow_down") {
|
|
306
|
+
currentIntervalMs += 5000;
|
|
307
|
+
continue;
|
|
308
|
+
}
|
|
309
|
+
else if (errorCode === "expired_token") {
|
|
310
|
+
throw new TokenExpiredError(new Date());
|
|
311
|
+
}
|
|
312
|
+
else {
|
|
313
|
+
throw new OAuthFlowError(resp.status, errorCode);
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
/**
|
|
318
|
+
* Request a magic-link / passwordless authentication email (spec §4.5.3).
|
|
319
|
+
*
|
|
320
|
+
* Always resolves silently on HTTP 202 — per enumeration-resistance requirements,
|
|
321
|
+
* the server always returns 202 whether or not the email is registered.
|
|
322
|
+
* HTTP 429 (rate limit) and other non-2xx responses throw `OAuthFlowError`.
|
|
323
|
+
*
|
|
324
|
+
* Requires `realmId` in `HearthClientConfig`.
|
|
325
|
+
*
|
|
326
|
+
* @throws {@link ConfigurationError} when `realmId` is absent.
|
|
327
|
+
* @throws {@link OAuthFlowError} on non-2xx response.
|
|
328
|
+
*/
|
|
329
|
+
async requestMagicLink(email) {
|
|
330
|
+
if (!this.realmId) {
|
|
331
|
+
throw new ConfigurationError("realmId is required for requestMagicLink");
|
|
332
|
+
}
|
|
333
|
+
const url = `${this.issuerUrl}/v1/${this.realmId}/auth/magic-link`;
|
|
334
|
+
const resp = await fetch(url, {
|
|
335
|
+
method: "POST",
|
|
336
|
+
headers: { "Content-Type": "application/json" },
|
|
337
|
+
body: JSON.stringify({ email }),
|
|
338
|
+
signal: AbortSignal.timeout(this.httpTimeout),
|
|
339
|
+
});
|
|
340
|
+
if (resp.status === 202)
|
|
341
|
+
return;
|
|
342
|
+
if (!resp.ok) {
|
|
343
|
+
throw new OAuthFlowError(resp.status, `HTTP ${resp.status}`);
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
// ── Private helpers ──────────────────────────────────────────────────────
|
|
347
|
+
async postForm(endpoint, params) {
|
|
348
|
+
const resp = await fetch(endpoint, {
|
|
349
|
+
method: "POST",
|
|
350
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
351
|
+
body: new URLSearchParams(params).toString(),
|
|
352
|
+
signal: AbortSignal.timeout(this.httpTimeout),
|
|
353
|
+
});
|
|
354
|
+
if (!resp.ok) {
|
|
355
|
+
let errorCode = `HTTP ${resp.status}`;
|
|
356
|
+
try {
|
|
357
|
+
const parsed = (await resp.json());
|
|
358
|
+
if (typeof parsed["error"] === "string")
|
|
359
|
+
errorCode = parsed["error"];
|
|
360
|
+
}
|
|
361
|
+
catch { /* ignore */ }
|
|
362
|
+
throw new OAuthFlowError(resp.status, errorCode);
|
|
363
|
+
}
|
|
364
|
+
return resp.json();
|
|
365
|
+
}
|
|
191
366
|
}
|
|
192
367
|
//# sourceMappingURL=hearth-client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hearth-client.js","sourceRoot":"","sources":["../src/hearth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,cAAc,
|
|
1
|
+
{"version":3,"file":"hearth-client.js","sourceRoot":"","sources":["../src/hearth-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,iBAAiB,GAClB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EACL,mBAAmB,GAEpB,MAAM,2BAA2B,CAAC;AAkEnC;;;;;;;;;GASG;AACH,MAAM,OAAO,YAAY;IACvB,0CAA0C;IACjC,SAAS,CAAS;IAClB,QAAQ,CAAqB;IAC7B,YAAY,CAAqB;IACjC,OAAO,CAAqB;IAC5B,6BAA6B,CAAqB;IAC3D,wEAAwE;IAC/D,WAAW,CAAS;IAC7B,qEAAqE;IAC5D,OAAO,CAAqB;IACrC,6EAA6E;IACpE,YAAY,CAA2C;IAExD,UAAU,GAA6B,IAAI,CAAC;IAC5C,WAAW,GAAsB,IAAI,CAAC;IACtC,oBAAoB,GAA+B,IAAI,CAAC;IAEhE,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,kBAAkB,CAC1B,cAAc,MAAM,CAAC,SAAS,sBAAsB,CACrD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,6BAA6B,GAAG,MAAM,CAAC,qBAAqB,CAAC;QAClE,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC;QAChD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;IAC1C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAE5C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,SAAS,mCAAmC,CAAC;QACjE,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACtB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CACtB,wCAAwC,GAAG,EAAE,EAC7C,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CACtB,gCAAgC,IAAI,CAAC,MAAM,EAAE,CAC9C,CAAC;QACJ,CAAC;QAED,IAAI,GAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAsB,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,sCAAsC,EAAE;gBAC/D,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,cAAc,CACtB,6DAA6D,CAC9D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;QACtB,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,CAAC,WAAW,GAAG,IAAI,UAAU,CAAC;YAChC,OAAO,EAAE,GAAG,CAAC,QAAQ;YACrB,GAAG,EAAE,IAAI,CAAC,OAAO;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,mBAAmB;QACvB,IAAI,IAAI,CAAC,oBAAoB;YAAE,OAAO,IAAI,CAAC,oBAAoB,CAAC;QAEhE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACzC,MAAM,IAAI,kBAAkB,CAC1B,gEAAgE,CACjE,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GACZ,IAAI,CAAC,6BAA6B;YAClC,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,sBAAsB,CAAC;QAEjD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,kBAAkB,CAC1B,uEAAuE;gBACrE,8DAA8D,CACjE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,oBAAoB,GAAG,IAAI,mBAAmB,CAAC;YAClD,qBAAqB,EAAE,QAAQ;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,SAAS,CACb,KAAa,EACb,UAAkB,EAClB,IAAiC;QAEjC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,kBAAkB,CAAC,qCAAqC,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,IAAI,GAA2B,EAAE,UAAU,EAAE,CAAC;QACpD,IAAI,IAAI,EAAE,cAAc;YAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;QACxE,IAAI,IAAI,EAAE,QAAQ;YAAE,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,kBAAkB,EAAE;gBAC5D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,YAAY,EAAE,IAAI,CAAC,OAAO;oBAC1B,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;aAC9C,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,EAAE;gBAAE,OAAO,KAAK,CAAC;YAC3B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA0B,CAAC;YAC1D,OAAO,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC,CAAC,wCAAwC;QACxD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC1C,IACE,IAAI,CAAC,YAAY,KAAK,SAAS;YAC/B,MAAM,CAAC,IAAI,KAAK,SAAS;YACzB,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,YAAY,EACjC,CAAC;YACD,MAAM,IAAI,8BAA8B,CACtC,IAAI,CAAC,YAAY,EACjB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2EAA2E;IAE3E;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACnC,OAAO,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE;YACtB,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;IACL,CAAC;IAED,4EAA4E;IAE5E;;;;;;;;OAQG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAc;QACpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,aAAa,GAAI,GAA+B,CAAC,gBAAgB,CAAuB,CAAC;QAC/F,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,MAAM,GAA2B;YACrC,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;YAC9B,aAAa,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE;SACvC,CAAC;QACF,IAAI,KAAK,KAAK,SAAS;YAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QAC9C,OAAO,IAAI,CAAC,QAAQ,CAAgB,aAAa,EAAE,MAAM,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CAAC,KAAc;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,cAAc,GAAI,GAA+B,CAAC,+BAA+B,CAAuB,CAAC;QAC/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,kBAAkB,CAC1B,oEAAoE,CACrE,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAA2B,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC1E,IAAI,KAAK,KAAK,SAAS;YAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QAC9C,OAAO,IAAI,CAAC,QAAQ,CAA8B,cAAc,EAAE,MAAM,CAAC,CAAC;IAC5E,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,eAAe,CAAC,UAAkB,EAAE,eAAuB;QAC/D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,aAAa,GAAI,GAA+B,CAAC,gBAAgB,CAAuB,CAAC;QAC/F,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,iBAAiB,GAAG,eAAe,GAAG,IAAI,CAAC;QAE/C,yFAAyF;QACzF,iDAAiD;QACjD,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,OAAO,CAAO,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC,CAAC;YAErE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;gBAC/B,UAAU,EAAE,8CAA8C;gBAC1D,WAAW,EAAE,UAAU;gBACvB,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;aAC/B,CAAC,CAAC,QAAQ,EAAE,CAAC;YAEd,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;gBACtC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI;aACL,CAAC,CAAC;YAEH,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,IAAI,EAA4B,CAAC;YAC/C,CAAC;YAED,IAAI,SAAS,GAAG,SAAS,CAAC;YAC1B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAC;gBAC9D,SAAS,GAAG,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;YAEvC,IAAI,SAAS,KAAK,uBAAuB,EAAE,CAAC;gBAC1C,SAAS;YACX,CAAC;iBAAM,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;gBACrC,iBAAiB,IAAI,IAAI,CAAC;gBAC1B,SAAS;YACX,CAAC;iBAAM,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;gBACzC,MAAM,IAAI,iBAAiB,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,kBAAkB,CAAC,0CAA0C,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,SAAS,OAAO,IAAI,CAAC,OAAO,kBAAkB,CAAC;QACnE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;YAC/B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;SAC9C,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO;QAChC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,4EAA4E;IAEpE,KAAK,CAAC,QAAQ,CAAI,QAAgB,EAAE,MAA8B;QACxE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;YAC5C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;SAC9C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,IAAI,SAAS,GAAG,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAC;gBAC9D,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,QAAQ;oBAAE,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;YACvE,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACxB,MAAM,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,EAAgB,CAAC;IACnC,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -3,10 +3,10 @@ export { generateCodeVerifier, generateCodeChallenge, buildAuthorizationUrl, sta
|
|
|
3
3
|
export type { BuildAuthorizationUrlOptions, AuthorizationUrlResult, StartLoginOptions, StartLoginResult, } from "./pkce.js";
|
|
4
4
|
export type { HearthClientConfig } from "./hearth-client.js";
|
|
5
5
|
export { JwksClient } from "./jwks-client.js";
|
|
6
|
-
export type { JwksClientConfig } from "./jwks-client.js";
|
|
6
|
+
export type { JwksClientConfig, VerifyOptions } from "./jwks-client.js";
|
|
7
7
|
export { IntrospectionClient } from "./introspection-client.js";
|
|
8
8
|
export type { IntrospectionClientConfig, IntrospectionResult, } from "./introspection-client.js";
|
|
9
|
-
export { AuthorizationModeMismatchError, ConfigurationError, DiscoveryError, HearthSdkError, IntrospectionError, JWKSFetchError, RequiredActionError, SessionVersionCacheStaleError, SessionVersionRevokedError, TokenAudienceError, TokenExpiredError, TokenInvalidError, TokenIssuerError, TokenNotYetValidError, } from "./errors.js";
|
|
9
|
+
export { AuthorizationModeMismatchError, ConfigurationError, DiscoveryError, HearthSdkError, IntrospectionError, JWKSFetchError, OAuthFlowError, RequiredActionError, SessionVersionCacheStaleError, SessionVersionRevokedError, TokenAudienceError, TokenExpiredError, TokenInvalidError, TokenIssuerError, TokenNotYetValidError, } from "./errors.js";
|
|
10
10
|
export { requirePermission } from "./middleware.js";
|
|
11
11
|
export type { PermissionChecker, RequirePermissionOptions } from "./middleware.js";
|
|
12
12
|
export { Claims } from "./claims.js";
|
|
@@ -17,7 +17,7 @@ export { createHearth } from "./hearth.js";
|
|
|
17
17
|
export type { HearthFacade, HearthHttpClient, HearthOptions, } from "./hearth.js";
|
|
18
18
|
export { HearthContext, HearthProvider, useHasPermission, useHasRole, useInGroup, useInOrg, } from "./react.js";
|
|
19
19
|
export type { HearthProviderProps } from "./react.js";
|
|
20
|
-
export type { AccessTokenAuthorizationMode, AuthorizeParams, AuthorizePermissionOptions, AuthorizeResponse, BootstrapResponse, CreateRealmParams, CreateUserParams, JwksDocument, JsonWebKey, MePermissionsResponse, OAuthClient, PageResponse, RegisterClientParams, Realm, SessionVersionConfig, TokenExchangeParams, TokenResponse, UpdateRealmParams, UpdateUserParams, User, UserInfoResponse, } from "./types.js";
|
|
20
|
+
export type { AccessTokenAuthorizationMode, AuthorizeParams, AuthorizePermissionOptions, AuthorizeResponse, BootstrapResponse, CreateRealmParams, CreateUserParams, JwksDocument, JsonWebKey, MePermissionsResponse, OAuthClient, PageResponse, RegisterClientParams, Realm, SessionVersionConfig, TokenExchangeParams, DeviceAuthorizationResponse, TokenResponse, UpdateRealmParams, UpdateUserParams, User, UserInfoResponse, } from "./types.js";
|
|
21
21
|
export { SessionVersionCache } from "./session-version-cache.js";
|
|
22
22
|
export { getAccessToken, getRefreshToken, getIdToken, isAuthenticated, clearTokens, createHearthAuth, } from "./browser-auth.js";
|
|
23
23
|
export type { AuthConfig, HearthBrowserAuth } from "./browser-auth.js";
|
package/dist/index.js
CHANGED
|
@@ -6,7 +6,7 @@ export { generateCodeVerifier, generateCodeChallenge, buildAuthorizationUrl, sta
|
|
|
6
6
|
export { JwksClient } from "./jwks-client.js";
|
|
7
7
|
export { IntrospectionClient } from "./introspection-client.js";
|
|
8
8
|
// Error types (spec §5).
|
|
9
|
-
export { AuthorizationModeMismatchError, ConfigurationError, DiscoveryError, HearthSdkError, IntrospectionError, JWKSFetchError, RequiredActionError, SessionVersionCacheStaleError, SessionVersionRevokedError, TokenAudienceError, TokenExpiredError, TokenInvalidError, TokenIssuerError, TokenNotYetValidError, } from "./errors.js";
|
|
9
|
+
export { AuthorizationModeMismatchError, ConfigurationError, DiscoveryError, HearthSdkError, IntrospectionError, JWKSFetchError, OAuthFlowError, RequiredActionError, SessionVersionCacheStaleError, SessionVersionRevokedError, TokenAudienceError, TokenExpiredError, TokenInvalidError, TokenIssuerError, TokenNotYetValidError, } from "./errors.js";
|
|
10
10
|
// Mode-aware middleware (HEA-923).
|
|
11
11
|
export { requirePermission } from "./middleware.js";
|
|
12
12
|
// Claims API (spec §4).
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,qCAAqC;AACrC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,GACX,MAAM,WAAW,CAAC;AASnB,mDAAmD;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAMhE,yBAAyB;AACzB,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,6BAA6B,EAC7B,0BAA0B,EAC1B,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAErB,mCAAmC;AACnC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGpD,wBAAwB;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,6DAA6D;AAC7D,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM3C,OAAO,EACL,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,qCAAqC;AACrC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,GACX,MAAM,WAAW,CAAC;AASnB,mDAAmD;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAMhE,yBAAyB;AACzB,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,mBAAmB,EACnB,6BAA6B,EAC7B,0BAA0B,EAC1B,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAErB,mCAAmC;AACnC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGpD,wBAAwB;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,6DAA6D;AAC7D,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM3C,OAAO,EACL,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AA0BpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,0DAA0D;AAC1D,OAAO,EACL,cAAc,EACd,eAAe,EACf,UAAU,EACV,eAAe,EACf,WAAW,EACX,gBAAgB,GACjB,MAAM,mBAAmB,CAAC"}
|
package/dist/jwks-client.d.ts
CHANGED
|
@@ -1,4 +1,14 @@
|
|
|
1
1
|
import type { JsonWebKey } from "./types.js";
|
|
2
|
+
import { Claims } from "./claims.js";
|
|
3
|
+
/** Options for {@link JwksClient.verify}. */
|
|
4
|
+
export interface VerifyOptions {
|
|
5
|
+
/** Expected `iss` claim. When provided, verification fails if the token's issuer differs. */
|
|
6
|
+
issuer?: string;
|
|
7
|
+
/** Expected `aud` claim(s). Skipped when absent. */
|
|
8
|
+
audience?: string | string[];
|
|
9
|
+
/** Clock skew tolerance in seconds. Default: 60. */
|
|
10
|
+
clockSkewSeconds?: number;
|
|
11
|
+
}
|
|
2
12
|
/** Configuration for {@link JwksClient}. */
|
|
3
13
|
export interface JwksClientConfig {
|
|
4
14
|
/** URL of the JWKS endpoint (e.g. from OIDC discovery `jwks_uri`). */
|
|
@@ -6,23 +16,46 @@ export interface JwksClientConfig {
|
|
|
6
16
|
/**
|
|
7
17
|
* Override cache TTL in milliseconds.
|
|
8
18
|
* When absent, the client respects `Cache-Control: max-age` from the JWKS
|
|
9
|
-
* response and falls back to 5 minutes.
|
|
19
|
+
* response and falls back to 5 minutes (300 000 ms).
|
|
10
20
|
*/
|
|
11
21
|
ttl?: number;
|
|
12
22
|
/** Timeout for outbound HTTP calls in milliseconds. Default: 10 000. */
|
|
13
23
|
httpTimeout?: number;
|
|
14
24
|
}
|
|
15
25
|
/**
|
|
16
|
-
*
|
|
26
|
+
* JWKS-backed JWT verifier with key caching, automatic key rotation,
|
|
27
|
+
* and full EdDSA / Ed25519 signature verification (spec §2).
|
|
17
28
|
*
|
|
18
|
-
*
|
|
19
|
-
*
|
|
29
|
+
* Uses `fetchKeys()` (global `fetch`) to retrieve JWKS, then builds a local
|
|
30
|
+
* key set via `createLocalJWKSet`. This makes the JWKS fetch mockable in tests.
|
|
31
|
+
* Keys are cached for `ttl` milliseconds; on a key miss the JWKS is re-fetched once.
|
|
20
32
|
*/
|
|
21
33
|
export declare class JwksClient {
|
|
22
34
|
private readonly jwksUri;
|
|
23
35
|
readonly ttl: number | undefined;
|
|
24
36
|
readonly httpTimeout: number;
|
|
37
|
+
/** Cached local key set and when it was fetched. */
|
|
38
|
+
private _cache;
|
|
25
39
|
constructor(config: JwksClientConfig);
|
|
40
|
+
private getKeySet;
|
|
41
|
+
/**
|
|
42
|
+
* Verify a JWT using Ed25519/EdDSA JWKS-based local signature verification (spec §2).
|
|
43
|
+
*
|
|
44
|
+
* Executes all five spec §2 validation steps in order:
|
|
45
|
+
* 1. Signature against cached JWKS (EdDSA / RS256 / ES256).
|
|
46
|
+
* 2. `exp` — rejects expired tokens.
|
|
47
|
+
* 3. `iss` — when `options.issuer` is provided.
|
|
48
|
+
* 4. `aud` — when `options.audience` is provided.
|
|
49
|
+
* 5. `iat` — within clock skew tolerance.
|
|
50
|
+
*
|
|
51
|
+
* @throws {@link TokenExpiredError} when the token is expired.
|
|
52
|
+
* @throws {@link TokenInvalidError} when the signature or structure is invalid.
|
|
53
|
+
* @throws {@link TokenIssuerError} when the issuer does not match.
|
|
54
|
+
* @throws {@link TokenAudienceError} when the audience does not match.
|
|
55
|
+
* @throws {@link JWKSFetchError} when the JWKS endpoint cannot be reached.
|
|
56
|
+
*/
|
|
57
|
+
verify(token: string, options?: VerifyOptions): Promise<Claims>;
|
|
58
|
+
private mapJoseError;
|
|
26
59
|
/** Fetch the current JWKS keys from the endpoint. */
|
|
27
60
|
fetchKeys(): Promise<JsonWebKey[]>;
|
|
28
61
|
}
|
package/dist/jwks-client.js
CHANGED
|
@@ -1,25 +1,120 @@
|
|
|
1
|
+
import { createLocalJWKSet, jwtVerify, errors as joseErrors, } from "jose";
|
|
2
|
+
import { Claims } from "./claims.js";
|
|
3
|
+
import { JWKSFetchError, TokenExpiredError, TokenInvalidError, TokenIssuerError, TokenAudienceError, } from "./errors.js";
|
|
1
4
|
/**
|
|
2
|
-
*
|
|
5
|
+
* JWKS-backed JWT verifier with key caching, automatic key rotation,
|
|
6
|
+
* and full EdDSA / Ed25519 signature verification (spec §2).
|
|
3
7
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
8
|
+
* Uses `fetchKeys()` (global `fetch`) to retrieve JWKS, then builds a local
|
|
9
|
+
* key set via `createLocalJWKSet`. This makes the JWKS fetch mockable in tests.
|
|
10
|
+
* Keys are cached for `ttl` milliseconds; on a key miss the JWKS is re-fetched once.
|
|
6
11
|
*/
|
|
7
12
|
export class JwksClient {
|
|
8
13
|
jwksUri;
|
|
9
14
|
ttl;
|
|
10
15
|
httpTimeout;
|
|
16
|
+
/** Cached local key set and when it was fetched. */
|
|
17
|
+
_cache = null;
|
|
11
18
|
constructor(config) {
|
|
12
19
|
this.jwksUri = config.jwksUri;
|
|
13
20
|
this.ttl = config.ttl;
|
|
14
21
|
this.httpTimeout = config.httpTimeout ?? 10_000;
|
|
15
22
|
}
|
|
23
|
+
async getKeySet(forceRefresh = false) {
|
|
24
|
+
const now = Date.now();
|
|
25
|
+
const maxAge = this.ttl ?? 5 * 60 * 1000;
|
|
26
|
+
if (!forceRefresh && this._cache && (now - this._cache.fetchedAt) < maxAge) {
|
|
27
|
+
return this._cache.keySet;
|
|
28
|
+
}
|
|
29
|
+
const keys = await this.fetchKeys();
|
|
30
|
+
const keySet = createLocalJWKSet({ keys: keys });
|
|
31
|
+
this._cache = { keySet: keySet, fetchedAt: now };
|
|
32
|
+
return keySet;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Verify a JWT using Ed25519/EdDSA JWKS-based local signature verification (spec §2).
|
|
36
|
+
*
|
|
37
|
+
* Executes all five spec §2 validation steps in order:
|
|
38
|
+
* 1. Signature against cached JWKS (EdDSA / RS256 / ES256).
|
|
39
|
+
* 2. `exp` — rejects expired tokens.
|
|
40
|
+
* 3. `iss` — when `options.issuer` is provided.
|
|
41
|
+
* 4. `aud` — when `options.audience` is provided.
|
|
42
|
+
* 5. `iat` — within clock skew tolerance.
|
|
43
|
+
*
|
|
44
|
+
* @throws {@link TokenExpiredError} when the token is expired.
|
|
45
|
+
* @throws {@link TokenInvalidError} when the signature or structure is invalid.
|
|
46
|
+
* @throws {@link TokenIssuerError} when the issuer does not match.
|
|
47
|
+
* @throws {@link TokenAudienceError} when the audience does not match.
|
|
48
|
+
* @throws {@link JWKSFetchError} when the JWKS endpoint cannot be reached.
|
|
49
|
+
*/
|
|
50
|
+
async verify(token, options) {
|
|
51
|
+
const clockTolerance = options?.clockSkewSeconds ?? 60;
|
|
52
|
+
let keySet = await this.getKeySet();
|
|
53
|
+
const doVerify = async (ks) => {
|
|
54
|
+
const { payload } = await jwtVerify(token, ks, {
|
|
55
|
+
issuer: options?.issuer,
|
|
56
|
+
audience: options?.audience,
|
|
57
|
+
algorithms: ["EdDSA", "RS256", "ES256", "RS384", "ES384"],
|
|
58
|
+
clockTolerance,
|
|
59
|
+
});
|
|
60
|
+
return new Claims(payload);
|
|
61
|
+
};
|
|
62
|
+
try {
|
|
63
|
+
return await doVerify(keySet);
|
|
64
|
+
}
|
|
65
|
+
catch (firstErr) {
|
|
66
|
+
if (firstErr instanceof joseErrors.JWKSNoMatchingKey) {
|
|
67
|
+
// Key miss — re-fetch once to handle key rotation, then retry.
|
|
68
|
+
keySet = await this.getKeySet(true);
|
|
69
|
+
try {
|
|
70
|
+
return await doVerify(keySet);
|
|
71
|
+
}
|
|
72
|
+
catch (retryErr) {
|
|
73
|
+
return this.mapJoseError(retryErr, options);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
return this.mapJoseError(firstErr, options);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
mapJoseError(err, options) {
|
|
80
|
+
if (err instanceof joseErrors.JWTExpired) {
|
|
81
|
+
const exp = err.payload?.exp;
|
|
82
|
+
throw new TokenExpiredError(exp ? new Date(exp * 1000) : new Date(0));
|
|
83
|
+
}
|
|
84
|
+
if (err instanceof joseErrors.JWTClaimValidationFailed) {
|
|
85
|
+
const claim = err.claim;
|
|
86
|
+
if (claim === "iss") {
|
|
87
|
+
const actual = err.payload?.["iss"] ?? "";
|
|
88
|
+
throw new TokenIssuerError(options?.issuer ?? "", actual);
|
|
89
|
+
}
|
|
90
|
+
if (claim === "aud") {
|
|
91
|
+
const raw = err.payload?.["aud"];
|
|
92
|
+
const actual = Array.isArray(raw) ? raw : [String(raw ?? "")];
|
|
93
|
+
const expected = Array.isArray(options?.audience)
|
|
94
|
+
? options.audience[0]
|
|
95
|
+
: (options?.audience ?? "");
|
|
96
|
+
throw new TokenAudienceError(expected, actual);
|
|
97
|
+
}
|
|
98
|
+
throw new TokenInvalidError(`JWT claim validation failed (${claim}): ${err.message}`);
|
|
99
|
+
}
|
|
100
|
+
if (err instanceof joseErrors.JWTInvalid ||
|
|
101
|
+
err instanceof joseErrors.JWSInvalid ||
|
|
102
|
+
err instanceof joseErrors.JWSSignatureVerificationFailed ||
|
|
103
|
+
err instanceof joseErrors.JWKSNoMatchingKey) {
|
|
104
|
+
throw new TokenInvalidError(err instanceof Error ? err.message : "JWT signature verification failed");
|
|
105
|
+
}
|
|
106
|
+
if (err instanceof Error) {
|
|
107
|
+
throw new TokenInvalidError(err.message);
|
|
108
|
+
}
|
|
109
|
+
throw new TokenInvalidError("Unknown token verification error");
|
|
110
|
+
}
|
|
16
111
|
/** Fetch the current JWKS keys from the endpoint. */
|
|
17
112
|
async fetchKeys() {
|
|
18
113
|
const resp = await fetch(this.jwksUri, {
|
|
19
114
|
signal: AbortSignal.timeout(this.httpTimeout),
|
|
20
115
|
});
|
|
21
116
|
if (!resp.ok) {
|
|
22
|
-
throw new
|
|
117
|
+
throw new JWKSFetchError(`JWKS fetch failed with HTTP ${resp.status}`);
|
|
23
118
|
}
|
|
24
119
|
const doc = (await resp.json());
|
|
25
120
|
return doc.keys;
|
package/dist/jwks-client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks-client.js","sourceRoot":"","sources":["../src/jwks-client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"jwks-client.js","sourceRoot":"","sources":["../src/jwks-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,MAAM,IAAI,UAAU,GACrB,MAAM,MAAM,CAAC;AAOd,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AA4BrB;;;;;;;GAOG;AACH,MAAM,OAAO,UAAU;IACJ,OAAO,CAAS;IACxB,GAAG,CAAqB;IACxB,WAAW,CAAS;IAC7B,oDAAoD;IAC5C,MAAM,GAAyD,IAAI,CAAC;IAE5E,YAAY,MAAwB;QAClC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACtB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,YAAY,GAAG,KAAK;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAC5B,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,IAAI,EAAE,IAAuD,EAAE,CAAC,CAAC;QACpG,IAAI,CAAC,MAAM,GAAG,EAAE,MAAM,EAAE,MAAwB,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;QACnE,OAAO,MAAwB,CAAC;IAClC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,OAAuB;QACjD,MAAM,cAAc,GAAG,OAAO,EAAE,gBAAgB,IAAI,EAAE,CAAC;QACvD,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAEpC,MAAM,QAAQ,GAAG,KAAK,EAAE,EAAkB,EAAE,EAAE;YAC5C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,EAAE,EAAE;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;gBACvB,QAAQ,EAAE,OAAO,EAAE,QAAQ;gBAC3B,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;gBACzD,cAAc;aACf,CAAC,CAAC;YACH,OAAO,IAAI,MAAM,CAAC,OAAkC,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YAClB,IAAI,QAAQ,YAAY,UAAU,CAAC,iBAAiB,EAAE,CAAC;gBACrD,+DAA+D;gBAC/D,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC;oBACH,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAChC,CAAC;gBAAC,OAAO,QAAQ,EAAE,CAAC;oBAClB,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,GAAY,EAAE,OAAuB;QACxD,IAAI,GAAG,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC;YAC7B,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,GAAG,YAAY,UAAU,CAAC,wBAAwB,EAAE,CAAC;YACvD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;YACxB,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAI,GAAG,CAAC,OAAmC,EAAE,CAAC,KAAK,CAAW,IAAI,EAAE,CAAC;gBACjF,MAAM,IAAI,gBAAgB,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;YAC5D,CAAC;YACD,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBACpB,MAAM,GAAG,GAAI,GAAG,CAAC,OAAmC,EAAE,CAAC,KAAK,CAAC,CAAC;gBAC9D,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,GAAgB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;gBAC5E,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC;oBAC/C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;oBACrB,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC;gBAC9B,MAAM,IAAI,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACjD,CAAC;YACD,MAAM,IAAI,iBAAiB,CAAC,gCAAgC,KAAK,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxF,CAAC;QACD,IACE,GAAG,YAAY,UAAU,CAAC,UAAU;YACpC,GAAG,YAAY,UAAU,CAAC,UAAU;YACpC,GAAG,YAAY,UAAU,CAAC,8BAA8B;YACxD,GAAG,YAAY,UAAU,CAAC,iBAAiB,EAC3C,CAAC;YACD,MAAM,IAAI,iBAAiB,CACzB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,mCAAmC,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,IAAI,iBAAiB,CAAC,kCAAkC,CAAC,CAAC;IAClE,CAAC;IAED,qDAAqD;IACrD,KAAK,CAAC,SAAS;QACb,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE;YACrC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;SAC9C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,+BAA+B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA2B,CAAC;QAC1D,OAAO,GAAG,CAAC,IAAI,CAAC;IAClB,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -29,6 +29,17 @@ export interface TokenExchangeParams {
|
|
|
29
29
|
redirectUri: string;
|
|
30
30
|
codeVerifier?: string;
|
|
31
31
|
}
|
|
32
|
+
/** RFC 8628 device authorization response. */
|
|
33
|
+
export interface DeviceAuthorizationResponse {
|
|
34
|
+
device_code: string;
|
|
35
|
+
user_code: string;
|
|
36
|
+
verification_uri: string;
|
|
37
|
+
/** Pre-filled URI with user_code (when provided by server). */
|
|
38
|
+
verification_uri_complete?: string;
|
|
39
|
+
expires_in: number;
|
|
40
|
+
/** Minimum polling interval in seconds. */
|
|
41
|
+
interval: number;
|
|
42
|
+
}
|
|
32
43
|
/** Response from the token exchange endpoint. */
|
|
33
44
|
export interface TokenResponse {
|
|
34
45
|
access_token: string;
|