@hfunlabs/hypurr-connect 0.1.23 → 0.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hfunlabs/hypurr-connect",
3
- "version": "0.1.23",
3
+ "version": "0.1.24",
4
4
  "type": "module",
5
5
  "packageManager": "pnpm@10.10.0",
6
6
  "main": "./dist/index.js",
@@ -375,19 +375,63 @@ function takeTelegramAuthSession(state: string):
375
375
  return { codeVerifier, returnTo };
376
376
  }
377
377
 
378
- function resolveAuthTokenUrl(authHubUrl?: string, tokenUrl?: string): string {
379
- const configuredTokenUrl = tokenUrl?.trim();
380
- if (configuredTokenUrl) return configuredTokenUrl;
381
-
378
+ function fallbackAuthTokenUrl(authHubUrl?: string): string {
382
379
  const url = new URL(authHubUrl || DEFAULT_AUTH_HUB_URL);
383
- const pathWithoutTrailingSlash = url.pathname.replace(/\/+$/, "");
384
- const basePath = pathWithoutTrailingSlash.replace(/\/[^/]*$/, "");
385
- url.pathname = `${basePath}/token`;
380
+ url.pathname = "/oauth/token";
386
381
  url.search = "";
387
382
  url.hash = "";
388
383
  return url.toString();
389
384
  }
390
385
 
386
+ function authMetadataUrls(authHubUrl?: string): string[] {
387
+ const authUrl = new URL(authHubUrl || DEFAULT_AUTH_HUB_URL);
388
+ const urls = [
389
+ new URL("/.well-known/oauth-authorization-server", authUrl).toString(),
390
+ new URL("/.well-known/openid-configuration", authUrl).toString(),
391
+ ];
392
+
393
+ const authPath = authUrl.pathname.replace(/\/+$/, "");
394
+ const basePath = authPath.replace(/\/[^/]*$/, "");
395
+ if (basePath) {
396
+ urls.push(
397
+ new URL(
398
+ `/.well-known/oauth-authorization-server${basePath}`,
399
+ authUrl,
400
+ ).toString(),
401
+ );
402
+ }
403
+
404
+ return Array.from(new Set(urls));
405
+ }
406
+
407
+ async function tokenUrlFromMetadata(
408
+ authHubUrl?: string,
409
+ ): Promise<string | undefined> {
410
+ for (const metadataUrl of authMetadataUrls(authHubUrl)) {
411
+ try {
412
+ const response = await fetch(metadataUrl, {
413
+ headers: { accept: "application/json" },
414
+ });
415
+ if (!response.ok) continue;
416
+ const metadata = (await response.json()) as { token_endpoint?: unknown };
417
+ const tokenEndpoint = metadata.token_endpoint;
418
+ if (typeof tokenEndpoint === "string" && tokenEndpoint.trim()) {
419
+ return tokenEndpoint.trim();
420
+ }
421
+ } catch {
422
+ // Metadata discovery is best effort; fall back to the conventional route.
423
+ }
424
+ }
425
+
426
+ return undefined;
427
+ }
428
+
429
+ async function resolveAuthTokenUrl(authHubUrl?: string): Promise<string> {
430
+ return (
431
+ (await tokenUrlFromMetadata(authHubUrl)) || fallbackAuthTokenUrl(authHubUrl)
432
+ );
433
+ }
434
+
391
435
  function getTokenFromExchangeResponse(data: unknown): string | null {
392
436
  if (typeof data === "string") {
393
437
  const token = data.trim();
@@ -412,14 +456,12 @@ async function exchangeTelegramAuthCode({
412
456
  code,
413
457
  codeVerifier,
414
458
  returnTo,
415
- tokenUrl,
416
459
  }: {
417
460
  authHubUrl?: string;
418
461
  clientId: string;
419
462
  code: string;
420
463
  codeVerifier: string;
421
464
  returnTo: string;
422
- tokenUrl?: string;
423
465
  }): Promise<string> {
424
466
  const body = new URLSearchParams({
425
467
  client_id: clientId,
@@ -429,7 +471,7 @@ async function exchangeTelegramAuthCode({
429
471
  return_to: returnTo,
430
472
  });
431
473
 
432
- const response = await fetch(resolveAuthTokenUrl(authHubUrl, tokenUrl), {
474
+ const response = await fetch(await resolveAuthTokenUrl(authHubUrl), {
433
475
  method: "POST",
434
476
  headers: {
435
477
  accept: "application/json",
@@ -599,7 +641,6 @@ export function HypurrConnectProvider({
599
641
  code: callback.code,
600
642
  codeVerifier: authSession.codeVerifier,
601
643
  returnTo: authSession.returnTo || currentReturnTo(),
602
- tokenUrl: config.telegram?.tokenUrl,
603
644
  })
604
645
  .then(acceptTelegramToken)
605
646
  .catch((err) =>
@@ -620,7 +661,6 @@ export function HypurrConnectProvider({
620
661
  acceptTelegramToken,
621
662
  config.clientId,
622
663
  config.telegram?.authHubUrl,
623
- config.telegram?.tokenUrl,
624
664
  ],
625
665
  );
626
666
 
package/src/types.ts CHANGED
@@ -33,8 +33,6 @@ export interface HypurrConnectConfig {
33
33
  telegram?: {
34
34
  /** Auth hub login URL. Defaults to https://auth.hypurr.fun/login. */
35
35
  authHubUrl?: string;
36
- /** Auth hub token exchange URL. Defaults to the auth hub login URL with `/login` replaced by `/token`. */
37
- tokenUrl?: string;
38
36
  /** Optional callback URL. Defaults to the current page without auth query params. */
39
37
  returnTo?: string | (() => string);
40
38
  /** Requested hub scopes. Defaults to the scopes required by this SDK. */