@idealyst/oauth-client 0.0.1 → 1.0.70

package/src/oauth-client.native.ts

@@ -0,0 +1,130 @@
+import type { OAuthClient, OAuthConfig, OAuthResult } from './types'
+import { Linking } from 'react-native'
+
+export class NativeOAuthClient implements OAuthClient {
+  private config: OAuthConfig
+
+  constructor(config: OAuthConfig) {
+    this.config = config
+  }
+
+  async authorize(): Promise<OAuthResult> {
+    const state = this.generateState()
+    const oauthUrl = this.buildOAuthUrl(state)
+    
+    // Open OAuth URL in system browser
+    await Linking.openURL(oauthUrl)
+    
+    // Wait for deep link callback
+    const callbackData = await this.waitForDeepLinkCallback()
+    
+    if (callbackData.error) {
+      throw new Error(`OAuth error: ${callbackData.error}`)
+    }
+    
+    if (callbackData.code) {
+      return {
+        code: callbackData.code,
+        state: callbackData.state
+      }
+    }
+    
+    throw new Error('No authorization code received')
+  }
+
+  private async waitForDeepLinkCallback(): Promise<{ code?: string; error?: string; state?: string }> {
+    return new Promise((resolve, reject) => {
+      let subscription: any
+      
+      const handleUrl = (event: { url: string }) => {
+        const callbackData = this.parseDeepLink(event.url)
+        if (callbackData) {
+          cleanup()
+          resolve(callbackData)
+        }
+      }
+
+      const cleanup = () => {
+        if (subscription?.remove) {
+          subscription.remove()
+        }
+      }
+
+      // Check for initial URL (if app was opened from deep link)
+      Linking.getInitialURL().then((url: string | null) => {
+        if (url) {
+          const callbackData = this.parseDeepLink(url)
+          if (callbackData) {
+            cleanup()
+            resolve(callbackData)
+            return
+          }
+        }
+      })
+
+      // Listen for subsequent deep links
+      subscription = Linking.addEventListener('url', handleUrl)
+
+      // Timeout after 5 minutes
+      setTimeout(() => {
+        cleanup()
+        reject(new Error('OAuth timeout - user did not complete authorization'))
+      }, 5 * 60 * 1000)
+    })
+  }
+
+  private parseDeepLink(url: string): { code?: string; error?: string; state?: string } | null {
+    try {
+      const parsedUrl = new URL(url)
+      
+      // Check if this is our OAuth callback
+      const expectedScheme = new URL(this.config.redirectUrl).protocol.slice(0, -1)
+      if (parsedUrl.protocol.slice(0, -1) !== expectedScheme) {
+        return null
+      }
+
+      // Extract OAuth parameters
+      const code = parsedUrl.searchParams.get('code')
+      const error = parsedUrl.searchParams.get('error')
+      const state = parsedUrl.searchParams.get('state')
+
+      if (!code && !error) {
+        return null
+      }
+
+      return { 
+        code: code || undefined, 
+        error: error || undefined, 
+        state: state || undefined 
+      }
+    } catch (error) {
+      return null
+    }
+  }
+
+  private buildOAuthUrl(state: string): string {
+    const url = new URL(this.config.oauthUrl)
+    
+    url.searchParams.set('redirect_uri', this.config.redirectUrl)
+    url.searchParams.set('state', state)
+
+    // Add additional parameters
+    if (this.config.additionalParameters) {
+      Object.entries(this.config.additionalParameters).forEach(([key, value]) => {
+        url.searchParams.set(key, value)
+      })
+    }
+
+    return url.toString()
+  }
+
+  private generateState(): string {
+    // Generate random state for CSRF protection
+    let result = ''
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~'
+    for (let i = 0; i < 32; i++) {
+      result += chars.charAt(Math.floor(Math.random() * chars.length))
+    }
+    return result
+  }
+}

package/src/oauth-client.web.ts

@@ -0,0 +1,83 @@
+import type { OAuthClient, OAuthConfig, OAuthResult } from './types'
+
+export class WebOAuthClient implements OAuthClient {
+  private config: OAuthConfig
+
+  constructor(config: OAuthConfig) {
+    this.config = config
+  }
+
+  async authorize(): Promise<OAuthResult> {
+    const state = this.generateState()
+
+    // Check if we're already in a callback
+    const callbackData = this.checkForCallback()
+    
+    if (callbackData) {
+      const { code, error, returnedState } = callbackData
+      
+      if (error) {
+        throw new Error(`OAuth error: ${error}`)
+      }
+
+      if (code) {
+        // Clean up URL
+        window.history.replaceState({}, document.title, window.location.pathname)
+        
+        return { 
+          code,
+          state: returnedState || undefined
+        }
+      }
+    }
+
+    // Build OAuth URL and redirect
+    const oauthUrl = this.buildOAuthUrl(state)
+    window.location.href = oauthUrl
+    
+    // This won't be reached due to redirect
+    throw new Error('Authorization flow initiated')
+  }
+
+  private checkForCallback(): { code?: string; error?: string; returnedState?: string } | null {
+    const urlParams = new URLSearchParams(window.location.search)
+    const code = urlParams.get('code')
+    const error = urlParams.get('error')
+    const state = urlParams.get('state')
+    
+    if (code || error) {
+      return {
+        code: code || undefined,
+        error: error || undefined,
+        returnedState: state || undefined,
+      }
+    }
+    
+    return null
+  }
+
+  private buildOAuthUrl(state: string): string {
+    const url = new URL(this.config.oauthUrl)
+    
+    url.searchParams.set('redirect_uri', this.config.redirectUrl)
+    url.searchParams.set('state', state)
+
+    // Add additional parameters
+    if (this.config.additionalParameters) {
+      Object.entries(this.config.additionalParameters).forEach(([key, value]) => {
+        url.searchParams.set(key, value)
+      })
+    }
+
+    return url.toString()
+  }
+
+  private generateState(): string {
+    const array = new Uint8Array(16)
+    crypto.getRandomValues(array)
+    return btoa(String.fromCharCode.apply(null, Array.from(array)))
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=/g, '')
+  }
+}

package/src/types.ts

@@ -1,47 +1,19 @@
 export interface OAuthConfig {
-  clientId: string
-  redirectUrl: string
-  additionalParameters?: Record<string, string>
-  customHeaders?: Record<string, string>
-  scopes?: string[]
+  // OAuth endpoint URL (e.g., "https://api.yourapp.com/auth/google")
+  oauthUrl: string
   
-  // Provider endpoints
-  issuer: string
-  authorizationEndpoint?: string
-  tokenEndpoint?: string
-  revocationEndpoint?: string
-  endSessionEndpoint?: string
+  // Redirect URL for the client app (e.g., "com.yourapp://oauth/callback")
+  redirectUrl: string
   
-  // Mobile-specific  
-  androidPackageName?: string
-  iosUrlScheme?: string
-}
-
-export interface OAuthTokens {
-  accessToken: string
-  refreshToken?: string
-  idToken?: string
-  tokenType?: string
-  expiresAt?: Date
-  scopes?: string[]
+  // Optional additional parameters to send to OAuth endpoint
+  additionalParameters?: Record<string, string>
 }
 
 export interface OAuthResult {
-  tokens: OAuthTokens
-  user?: any
+  code: string
+  state?: string
 }
 
 export interface OAuthClient {
   authorize(): Promise<OAuthResult>
-  refresh(refreshToken: string): Promise<OAuthResult>
-  revoke(token: string): Promise<void>
-  logout(): Promise<void>
-  getStoredTokens(): Promise<OAuthTokens | null>
-  clearStoredTokens(): Promise<void>
-}
-
-export interface StorageAdapter {
-  getItem(key: string): Promise<string | null>
-  setItem(key: string, value: string): Promise<void>
-  removeItem(key: string): Promise<void>
 }

package/src/examples/google-example.ts

@@ -1,108 +0,0 @@
-import { createOAuthClient, providers } from '../index'
-
-// Example: Google OAuth - works on both web and mobile
-export async function setupGoogleOAuth() {
-  const client = createOAuthClient({
-    ...providers.google,
-    clientId: 'your-google-client-id',
-    redirectUrl: 'com.yourapp://oauth/callback', // Mobile
-    // redirectUrl: 'https://yourapp.com/auth/callback', // Web
-    scopes: ['openid', 'profile', 'email'],
-  })
-
-  try {
-    // Authorize user - same API on both platforms!
-    const result = await client.authorize()
-    console.log('Access token:', result.tokens.accessToken)
-    console.log('User info:', result.user)
-
-    // Token management works the same on both platforms
-    const storedTokens = await client.getStoredTokens()
-    if (storedTokens) {
-      console.log('Stored tokens:', storedTokens)
-      
-      // Check if token needs refresh
-      if (storedTokens.expiresAt && storedTokens.expiresAt < new Date()) {
-        if (storedTokens.refreshToken) {
-          const refreshed = await client.refresh(storedTokens.refreshToken)
-          console.log('Refreshed tokens:', refreshed.tokens)
-        }
-      }
-    }
-
-    // Logout when done
-    await client.logout()
-    console.log('Logged out successfully')
-
-  } catch (error) {
-    console.error('OAuth error:', error)
-  }
-}
-
-// Example: Multiple providers
-export async function setupMultipleProviders() {
-  const providers = [
-    { name: 'Google', config: { ...providers.google, clientId: 'google-client-id' } },
-    { name: 'GitHub', config: { ...providers.github, clientId: 'github-client-id' } },
-    { name: 'Microsoft', config: { ...providers.microsoft, clientId: 'ms-client-id' } },
-  ]
-
-  for (const provider of providers) {
-    try {
-      const client = createOAuthClient({
-        ...provider.config,
-        redirectUrl: 'com.yourapp://oauth/callback',
-      })
-      
-      const result = await client.authorize()
-      console.log(`${provider.name} login successful:`, result.tokens.accessToken)
-      return { provider: provider.name, tokens: result.tokens }
-    } catch (error) {
-      console.warn(`${provider.name} login failed:`, error)
-    }
-  }
-  
-  throw new Error('All OAuth providers failed')
-}
-
-// Example: Custom provider configuration
-export async function setupCustomProvider() {
-  const client = createOAuthClient({
-    issuer: 'https://your-oauth-server.com',
-    clientId: 'your-client-id',
-    redirectUrl: 'com.yourapp://oauth/callback',
-    scopes: ['read', 'write'],
-    additionalParameters: {
-      prompt: 'consent',
-    },
-    customHeaders: {
-      'X-Custom-Header': 'value',
-    },
-  })
-
-  try {
-    const result = await client.authorize()
-    return result.tokens
-  } catch (error) {
-    console.error('Custom OAuth error:', error)
-    throw error
-  }
-}
-
-// Example: Platform-specific configuration
-export async function setupPlatformSpecificOAuth() {
-  // Check if we're on mobile or web and configure accordingly
-  const isMobile = typeof navigator !== 'undefined' && navigator.product === 'ReactNative'
-  
-  const client = createOAuthClient({
-    ...providers.google,
-    clientId: 'your-google-client-id',
-    redirectUrl: isMobile 
-      ? 'com.yourapp://oauth/callback'  // Mobile deep link
-      : 'https://yourapp.com/auth/callback', // Web callback
-    scopes: ['openid', 'profile', 'email'],
-    // Note: No client secret needed - PKCE provides security for public clients
-  })
-
-  return await client.authorize()
-}

package/src/native-client.ts

@@ -1,159 +0,0 @@
-import { authorize, refresh, revoke, type AuthConfiguration, type AuthorizeResult } from 'react-native-app-auth'
-import type { OAuthClient, OAuthConfig, OAuthResult, OAuthTokens, StorageAdapter } from './types'
-
-export class NativeOAuthClient implements OAuthClient {
-  private config: OAuthConfig
-  private storage: StorageAdapter
-  private storageKey: string
-  private authConfig: AuthConfiguration
-
-  constructor(config: OAuthConfig, storage: StorageAdapter) {
-    this.config = config
-    this.storage = storage
-    this.storageKey = `oauth_tokens_${config.clientId}`
-    
-    this.authConfig = {
-      issuer: config.issuer,
-      clientId: config.clientId,
-      redirectUrl: config.redirectUrl,
-      scopes: config.scopes || [],
-      additionalParameters: config.additionalParameters || {},
-      customHeaders: config.customHeaders || {},
-      usesPkce: true,
-      usesStateParam: true,
-      
-      // Optional endpoint overrides
-      ...(config.authorizationEndpoint && { 
-        authorizationEndpoint: config.authorizationEndpoint 
-      }),
-      ...(config.tokenEndpoint && { 
-        tokenEndpoint: config.tokenEndpoint 
-      }),
-      ...(config.revocationEndpoint && { 
-        revocationEndpoint: config.revocationEndpoint 
-      }),
-      ...(config.endSessionEndpoint && { 
-        endSessionEndpoint: config.endSessionEndpoint 
-      }),
-    }
-  }
-
-  async authorize(): Promise<OAuthResult> {
-    try {
-      const result: AuthorizeResult = await authorize(this.authConfig)
-      
-      const tokens: OAuthTokens = {
-        accessToken: result.accessToken,
-        refreshToken: result.refreshToken,
-        idToken: result.idToken,
-        tokenType: result.tokenType || 'Bearer',
-        expiresAt: result.accessTokenExpirationDate 
-          ? new Date(result.accessTokenExpirationDate) 
-          : undefined,
-        scopes: result.scopes,
-      }
-
-      await this.storeTokens(tokens)
-
-      return { 
-        tokens,
-        user: result.additionalParameters 
-      }
-    } catch (error: any) {
-      throw new Error(`Authorization failed: ${error.message || error}`)
-    }
-  }
-
-  async refresh(refreshToken: string): Promise<OAuthResult> {
-    try {
-      const result = await refresh(this.authConfig, {
-        refreshToken,
-      })
-
-      const tokens: OAuthTokens = {
-        accessToken: result.accessToken,
-        refreshToken: result.refreshToken || refreshToken, // Keep original if not returned
-        idToken: result.idToken,
-        tokenType: result.tokenType || 'Bearer',
-        expiresAt: result.accessTokenExpirationDate 
-          ? new Date(result.accessTokenExpirationDate)
-          : undefined,
-        scopes: result.scopes,
-      }
-
-      await this.storeTokens(tokens)
-
-      return { 
-        tokens,
-        user: result.additionalParameters 
-      }
-    } catch (error: any) {
-      throw new Error(`Token refresh failed: ${error.message || error}`)
-    }
-  }
-
-  async revoke(token: string): Promise<void> {
-    try {
-      await revoke(this.authConfig, {
-        tokenToRevoke: token,
-        sendClientId: true,
-      })
-    } catch (error: any) {
-      // Some providers return errors for already revoked tokens
-      // Don't throw unless it's a network error
-      if (error.message?.includes('network') || error.message?.includes('connection')) {
-        throw new Error(`Token revocation failed: ${error.message || error}`)
-      }
-    }
-  }
-
-  async logout(): Promise<void> {
-    const tokens = await this.getStoredTokens()
-    
-    // Revoke tokens if available
-    if (tokens?.accessToken) {
-      try {
-        await this.revoke(tokens.accessToken)
-      } catch (error) {
-        console.warn('Failed to revoke access token:', error)
-      }
-    }
-
-    if (tokens?.refreshToken) {
-      try {
-        await this.revoke(tokens.refreshToken)
-      } catch (error) {
-        console.warn('Failed to revoke refresh token:', error)
-      }
-    }
-
-    await this.clearStoredTokens()
-  }
-
-  async getStoredTokens(): Promise<OAuthTokens | null> {
-    const stored = await this.storage.getItem(this.storageKey)
-    if (!stored) return null
-
-    try {
-      const tokens = JSON.parse(stored)
-      return {
-        ...tokens,
-        expiresAt: tokens.expiresAt ? new Date(tokens.expiresAt) : undefined,
-      }
-    } catch {
-      return null
-    }
-  }
-
-  async clearStoredTokens(): Promise<void> {
-    await this.storage.removeItem(this.storageKey)
-  }
-
-  private async storeTokens(tokens: OAuthTokens): Promise<void> {
-    const serializable = {
-      ...tokens,
-      expiresAt: tokens.expiresAt?.toISOString(),
-    }
-    await this.storage.setItem(this.storageKey, JSON.stringify(serializable))
-  }
-}

package/src/storage.ts

@@ -1,60 +0,0 @@
-import type { StorageAdapter } from './types'
-
-export class WebStorage implements StorageAdapter {
-  async getItem(key: string): Promise<string | null> {
-    if (typeof localStorage === 'undefined') {
-      return null
-    }
-    return localStorage.getItem(key)
-  }
-
-  async setItem(key: string, value: string): Promise<void> {
-    if (typeof localStorage === 'undefined') {
-      return
-    }
-    localStorage.setItem(key, value)
-  }
-
-  async removeItem(key: string): Promise<void> {
-    if (typeof localStorage === 'undefined') {
-      return
-    }
-    localStorage.removeItem(key)
-  }
-}
-
-export class ReactNativeStorage implements StorageAdapter {
-  private AsyncStorage: any
-
-  constructor() {
-    try {
-      this.AsyncStorage = require('@react-native-async-storage/async-storage').default
-    } catch {
-      throw new Error(
-        'AsyncStorage is required for React Native. Please install @react-native-async-storage/async-storage'
-      )
-    }
-  }
-
-  async getItem(key: string): Promise<string | null> {
-    return await this.AsyncStorage.getItem(key)
-  }
-
-  async setItem(key: string, value: string): Promise<void> {
-    await this.AsyncStorage.setItem(key, value)
-  }
-
-  async removeItem(key: string): Promise<void> {
-    await this.AsyncStorage.removeItem(key)
-  }
-}
-
-export function createDefaultStorage(): StorageAdapter {
-  // Check if we're in React Native environment
-  if (typeof navigator !== 'undefined' && navigator.product === 'ReactNative') {
-    return new ReactNativeStorage()
-  }
-  
-  // Default to web storage
-  return new WebStorage()
-}