@jezweb/oauth-token-manager 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors.d.ts +12 -0
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +18 -0
- package/dist/errors.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/providers/github.d.ts +4 -4
- package/dist/providers/github.d.ts.map +1 -1
- package/dist/providers/github.js +9 -6
- package/dist/providers/github.js.map +1 -1
- package/dist/providers/google.d.ts +2 -2
- package/dist/providers/google.d.ts.map +1 -1
- package/dist/providers/google.js +33 -36
- package/dist/providers/google.js.map +1 -1
- package/dist/providers/microsoft.d.ts +2 -2
- package/dist/providers/microsoft.d.ts.map +1 -1
- package/dist/providers/microsoft.js +40 -36
- package/dist/providers/microsoft.js.map +1 -1
- package/dist/token-manager.d.ts +9 -0
- package/dist/token-manager.d.ts.map +1 -1
- package/dist/token-manager.js +27 -8
- package/dist/token-manager.js.map +1 -1
- package/dist/types.d.ts +17 -6
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/errors.d.ts
CHANGED
|
@@ -32,6 +32,18 @@ export declare class TokenExpiredError extends TokenManagerError {
|
|
|
32
32
|
readonly reason: 'no_refresh_token' | 'refresh_failed' | 'refresh_token_expired';
|
|
33
33
|
constructor(userId: string, provider: string, reason: 'no_refresh_token' | 'refresh_failed' | 'refresh_token_expired');
|
|
34
34
|
}
|
|
35
|
+
/**
|
|
36
|
+
* Token was revoked by the user or admin
|
|
37
|
+
*
|
|
38
|
+
* This is a permanent failure - the token has been deleted from storage.
|
|
39
|
+
* Recovery: Redirect user to OAuth flow to re-authenticate
|
|
40
|
+
*/
|
|
41
|
+
export declare class TokenRevokedError extends TokenManagerError {
|
|
42
|
+
readonly userId: string;
|
|
43
|
+
readonly provider: string;
|
|
44
|
+
readonly providerError?: string | undefined;
|
|
45
|
+
constructor(userId: string, provider: string, providerError?: string | undefined);
|
|
46
|
+
}
|
|
35
47
|
/**
|
|
36
48
|
* Token exists but doesn't have the required scopes
|
|
37
49
|
*
|
package/dist/errors.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;aAGxB,IAAI,EAAE,MAAM;gBAD5B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM;CAK/B;AAED;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;aAErC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;gBADhB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM;CAQnC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,iBAAiB;aAEpC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;gBAFvE,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;CAa1F;AAED;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,iBAAiB;aAE1C,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,cAAc,EAAE,MAAM,EAAE;aACxB,aAAa,EAAE,MAAM,EAAE;gBAHvB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EAAE,EACxB,aAAa,EAAE,MAAM,EAAE;IAUzC,IAAI,aAAa,IAAI,MAAM,EAAE,CAE5B;CACF;AAED;;;;GAIG;AACH,qBAAa,0BAA2B,SAAQ,iBAAiB;aACnC,QAAQ,EAAE,MAAM;gBAAhB,QAAQ,EAAE,MAAM;CAO7C;AAED;;;;GAIG;AACH,qBAAa,WAAY,SAAQ,iBAAiB;aAG9B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,SAAS,GAAG,SAAS,EAChB,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC;AAED;;;;GAIG;AACH,qBAAa,YAAa,SAAQ,iBAAiB;aAG/B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,EAC5B,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC"}
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;aAGxB,IAAI,EAAE,MAAM;gBAD5B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM;CAK/B;AAED;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;aAErC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;gBADhB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM;CAQnC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,iBAAiB;aAEpC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;gBAFvE,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;CAa1F;AAED;;;;;GAKG;AACH,qBAAa,iBAAkB,SAAQ,iBAAiB;aAEpC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,aAAa,CAAC,EAAE,MAAM;gBAFtB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,aAAa,CAAC,EAAE,MAAM,YAAA;CAQzC;AAED;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,iBAAiB;aAE1C,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,cAAc,EAAE,MAAM,EAAE;aACxB,aAAa,EAAE,MAAM,EAAE;gBAHvB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EAAE,EACxB,aAAa,EAAE,MAAM,EAAE;IAUzC,IAAI,aAAa,IAAI,MAAM,EAAE,CAE5B;CACF;AAED;;;;GAIG;AACH,qBAAa,0BAA2B,SAAQ,iBAAiB;aACnC,QAAQ,EAAE,MAAM;gBAAhB,QAAQ,EAAE,MAAM;CAO7C;AAED;;;;GAIG;AACH,qBAAa,WAAY,SAAQ,iBAAiB;aAG9B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,SAAS,GAAG,SAAS,EAChB,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC;AAED;;;;GAIG;AACH,qBAAa,YAAa,SAAQ,iBAAiB;aAG/B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,EAC5B,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC"}
|
package/dist/errors.js
CHANGED
|
@@ -52,6 +52,24 @@ export class TokenExpiredError extends TokenManagerError {
|
|
|
52
52
|
this.name = 'TokenExpiredError';
|
|
53
53
|
}
|
|
54
54
|
}
|
|
55
|
+
/**
|
|
56
|
+
* Token was revoked by the user or admin
|
|
57
|
+
*
|
|
58
|
+
* This is a permanent failure - the token has been deleted from storage.
|
|
59
|
+
* Recovery: Redirect user to OAuth flow to re-authenticate
|
|
60
|
+
*/
|
|
61
|
+
export class TokenRevokedError extends TokenManagerError {
|
|
62
|
+
userId;
|
|
63
|
+
provider;
|
|
64
|
+
providerError;
|
|
65
|
+
constructor(userId, provider, providerError) {
|
|
66
|
+
super(`Token for user "${userId}" and provider "${provider}" was revoked. ${providerError ? `Provider error: ${providerError}. ` : ''}User needs to re-authenticate.`, 'TOKEN_REVOKED');
|
|
67
|
+
this.userId = userId;
|
|
68
|
+
this.provider = provider;
|
|
69
|
+
this.providerError = providerError;
|
|
70
|
+
this.name = 'TokenRevokedError';
|
|
71
|
+
}
|
|
72
|
+
}
|
|
55
73
|
/**
|
|
56
74
|
* Token exists but doesn't have the required scopes
|
|
57
75
|
*
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAGxB;IAFlB,YACE,OAAe,EACC,IAAY;QAE5B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,SAAI,GAAJ,IAAI,CAAQ;QAG5B,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,iBAAiB;IAErC;IACA;IAFlB,YACkB,MAAc,EACd,QAAgB;QAEhC,KAAK,CACH,4BAA4B,MAAM,mBAAmB,QAAQ,yCAAyC,EACtG,iBAAiB,CAClB,CAAC;QANc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAMhC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IAEpC;IACA;IACA;IAHlB,YACkB,MAAc,EACd,QAAgB,EAChB,MAAuE;QAEvF,MAAM,OAAO,GAAG;YACd,gBAAgB,EAAE,4BAA4B;YAC9C,cAAc,EAAE,8BAA8B;YAC9C,qBAAqB,EAAE,2BAA2B;SACnD,CAAC;QACF,KAAK,CACH,2BAA2B,MAAM,mBAAmB,QAAQ,MAAM,OAAO,CAAC,MAAM,CAAC,kCAAkC,EACnH,eAAe,CAChB,CAAC;QAZc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAiE;QAWvF,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,uBAAwB,SAAQ,iBAAiB;IAE1C;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,QAAgB,EAChB,cAAwB,EACxB,aAAuB;QAEvC,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,KAAK,CACH,mBAAmB,MAAM,mBAAmB,QAAQ,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,+CAA+C,EACtJ,qBAAqB,CACtB,CAAC;QATc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,mBAAc,GAAd,cAAc,CAAU;QACxB,kBAAa,GAAb,aAAa,CAAU;QAOvC,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,iBAAiB;IACnC;IAA5B,YAA4B,QAAgB;QAC1C,KAAK,CACH,aAAa,QAAQ,mEAAmE,EACxF,yBAAyB,CAC1B,CAAC;QAJwB,aAAQ,GAAR,QAAQ,CAAQ;QAK1C,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,WAAY,SAAQ,iBAAiB;IAG9B;IAFlB,YACE,SAAgC,EAChB,KAAa;QAE7B,KAAK,CACH,aAAa,SAAS,+EAA+E,EACrG,cAAc,CACf,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,iBAAiB;IAG/B;IAFlB,YACE,SAA4C,EAC5B,KAAa;QAE7B,KAAK,CACH,sBAAsB,SAAS,qDAAqD,EACpF,eAAe,CAChB,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAGxB;IAFlB,YACE,OAAe,EACC,IAAY;QAE5B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,SAAI,GAAJ,IAAI,CAAQ;QAG5B,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,iBAAiB;IAErC;IACA;IAFlB,YACkB,MAAc,EACd,QAAgB;QAEhC,KAAK,CACH,4BAA4B,MAAM,mBAAmB,QAAQ,yCAAyC,EACtG,iBAAiB,CAClB,CAAC;QANc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAMhC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IAEpC;IACA;IACA;IAHlB,YACkB,MAAc,EACd,QAAgB,EAChB,MAAuE;QAEvF,MAAM,OAAO,GAAG;YACd,gBAAgB,EAAE,4BAA4B;YAC9C,cAAc,EAAE,8BAA8B;YAC9C,qBAAqB,EAAE,2BAA2B;SACnD,CAAC;QACF,KAAK,CACH,2BAA2B,MAAM,mBAAmB,QAAQ,MAAM,OAAO,CAAC,MAAM,CAAC,kCAAkC,EACnH,eAAe,CAChB,CAAC;QAZc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAiE;QAWvF,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IAEpC;IACA;IACA;IAHlB,YACkB,MAAc,EACd,QAAgB,EAChB,aAAsB;QAEtC,KAAK,CACH,mBAAmB,MAAM,mBAAmB,QAAQ,kBAAkB,aAAa,CAAC,CAAC,CAAC,mBAAmB,aAAa,IAAI,CAAC,CAAC,CAAC,EAAE,gCAAgC,EAC/J,eAAe,CAChB,CAAC;QAPc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,kBAAa,GAAb,aAAa,CAAS;QAMtC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,uBAAwB,SAAQ,iBAAiB;IAE1C;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,QAAgB,EAChB,cAAwB,EACxB,aAAuB;QAEvC,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,KAAK,CACH,mBAAmB,MAAM,mBAAmB,QAAQ,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,+CAA+C,EACtJ,qBAAqB,CACtB,CAAC;QATc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,mBAAc,GAAd,cAAc,CAAU;QACxB,kBAAa,GAAb,aAAa,CAAU;QAOvC,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,iBAAiB;IACnC;IAA5B,YAA4B,QAAgB;QAC1C,KAAK,CACH,aAAa,QAAQ,mEAAmE,EACxF,yBAAyB,CAC1B,CAAC;QAJwB,aAAQ,GAAR,QAAQ,CAAQ;QAK1C,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,WAAY,SAAQ,iBAAiB;IAG9B;IAFlB,YACE,SAAgC,EAChB,KAAa;QAE7B,KAAK,CACH,aAAa,SAAS,+EAA+E,EACrG,cAAc,CACf,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,iBAAiB;IAG/B;IAFlB,YACE,SAA4C,EAC5B,KAAa;QAE7B,KAAK,CACH,sBAAsB,SAAS,qDAAqD,EACpF,eAAe,CAChB,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -44,8 +44,8 @@
|
|
|
44
44
|
* @packageDocumentation
|
|
45
45
|
*/
|
|
46
46
|
export { TokenManager } from './token-manager';
|
|
47
|
-
export type { TokenManagerConfig, TokenStorage, TokenProvider, ProviderConfig, StoredToken, TokenData, StoreTokenOptions, GetTokenOptions, ListTokensOptions, ConnectedProvider, RevokeTokenOptions, RefreshResult, } from './types';
|
|
48
|
-
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
47
|
+
export type { TokenManagerConfig, TokenStorage, TokenProvider, ProviderConfig, StoredToken, TokenData, StoreTokenOptions, GetTokenOptions, ListTokensOptions, ConnectedProvider, RevokeTokenOptions, RefreshResult, RefreshFailure, } from './types';
|
|
48
|
+
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, TokenRevokedError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
49
49
|
export { encrypt, decrypt, encryptObject, decryptObject } from './crypto';
|
|
50
50
|
export { KVStorage, type KVStorageOptions } from './storage/kv';
|
|
51
51
|
export { GoogleProvider, googleProvider } from './providers/google';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,cAAc,EACd,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,aAAa,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,cAAc,EACd,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,YAAY,GACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG1E,OAAO,EAAE,SAAS,EAAE,KAAK,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EACL,cAAc,EACd,cAAc,EACd,iBAAiB,GAClB,MAAM,oBAAoB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
// Main class
|
|
47
47
|
export { TokenManager } from './token-manager';
|
|
48
48
|
// Errors
|
|
49
|
-
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
49
|
+
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, TokenRevokedError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
50
50
|
// Crypto utilities (for advanced usage)
|
|
51
51
|
export { encrypt, decrypt, encryptObject, decryptObject } from './crypto';
|
|
52
52
|
// Storage adapters (re-exported for convenience)
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAmB/C,SAAS;AACT,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,wCAAwC;AACxC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE1E,iDAAiD;AACjD,OAAO,EAAE,SAAS,EAAyB,MAAM,cAAc,CAAC;AAEhE,2CAA2C;AAC3C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EACL,cAAc,EACd,cAAc,EACd,iBAAiB,GAClB,MAAM,oBAAoB,CAAC"}
|
|
@@ -14,17 +14,17 @@
|
|
|
14
14
|
* To revoke a token programmatically, use the GitHub API:
|
|
15
15
|
* DELETE /applications/{client_id}/token
|
|
16
16
|
*/
|
|
17
|
-
import type { TokenProvider, ProviderConfig, RefreshResult } from '../types';
|
|
17
|
+
import type { TokenProvider, ProviderConfig, RefreshResult, RefreshFailure } from '../types';
|
|
18
18
|
/**
|
|
19
19
|
* GitHub OAuth token provider
|
|
20
20
|
*
|
|
21
|
-
* Note: GitHub tokens don't expire, so refresh()
|
|
22
|
-
*
|
|
21
|
+
* Note: GitHub tokens don't expire, so refresh() should never be called.
|
|
22
|
+
* If it is called, the token must have been revoked.
|
|
23
23
|
*/
|
|
24
24
|
export declare class GitHubProvider implements TokenProvider {
|
|
25
25
|
readonly id = "github";
|
|
26
26
|
readonly supportsRefresh = false;
|
|
27
|
-
refresh(_refreshToken: string, _config: ProviderConfig): Promise<RefreshResult |
|
|
27
|
+
refresh(_refreshToken: string, _config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
28
28
|
}
|
|
29
29
|
/**
|
|
30
30
|
* Default GitHub provider instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE7F;;;;;GAKG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,eAAe,SAAS;IAE3B,OAAO,CACX,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;CAY3C;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,gBAAuB,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,CAuBlB"}
|
package/dist/providers/github.js
CHANGED
|
@@ -17,18 +17,21 @@
|
|
|
17
17
|
/**
|
|
18
18
|
* GitHub OAuth token provider
|
|
19
19
|
*
|
|
20
|
-
* Note: GitHub tokens don't expire, so refresh()
|
|
21
|
-
*
|
|
20
|
+
* Note: GitHub tokens don't expire, so refresh() should never be called.
|
|
21
|
+
* If it is called, the token must have been revoked.
|
|
22
22
|
*/
|
|
23
23
|
export class GitHubProvider {
|
|
24
24
|
id = 'github';
|
|
25
25
|
supportsRefresh = false;
|
|
26
26
|
async refresh(_refreshToken, _config) {
|
|
27
|
-
// GitHub tokens don't expire -
|
|
28
|
-
// If a token is invalid, user needs to re-authenticate
|
|
27
|
+
// GitHub tokens don't expire - if we're here, the token was revoked
|
|
29
28
|
console.warn('[GitHubProvider] refresh() called but GitHub tokens do not expire. ' +
|
|
30
|
-
'
|
|
31
|
-
return
|
|
29
|
+
'The token must have been revoked.');
|
|
30
|
+
return {
|
|
31
|
+
revoked: true,
|
|
32
|
+
errorCode: 'github_tokens_dont_expire',
|
|
33
|
+
errorMessage: 'GitHub tokens do not expire. If invalid, the token was revoked.',
|
|
34
|
+
};
|
|
32
35
|
}
|
|
33
36
|
}
|
|
34
37
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,KAAK,CAAC;IAEjC,KAAK,CAAC,OAAO,CACX,aAAqB,EACrB,OAAuB;QAEvB,
|
|
1
|
+
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,KAAK,CAAC;IAEjC,KAAK,CAAC,OAAO,CACX,aAAqB,EACrB,OAAuB;QAEvB,oEAAoE;QACpE,OAAO,CAAC,IAAI,CACV,qEAAqE;YACnE,mCAAmC,CACtC,CAAC;QACF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,2BAA2B;YACtC,YAAY,EAAE,iEAAiE;SAChF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAmB,EACnB,QAAgB,EAChB,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,uCAAuC,QAAQ,QAAQ,EACvD;YACE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE;gBACP,MAAM,EAAE,6BAA6B;gBACrC,sBAAsB,EAAE,YAAY;gBACpC,aAAa,EAAE,SAAS,IAAI,CAAC,GAAG,QAAQ,IAAI,YAAY,EAAE,CAAC,EAAE;gBAC7D,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;SACpD,CACF,CAAC;QAEF,2BAA2B;QAC3B,sCAAsC;QACtC,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -8,14 +8,14 @@
|
|
|
8
8
|
*
|
|
9
9
|
* Requires `access_type=offline` during initial OAuth to get refresh token
|
|
10
10
|
*/
|
|
11
|
-
import type { TokenProvider, ProviderConfig, RefreshResult } from '../types';
|
|
11
|
+
import type { TokenProvider, ProviderConfig, RefreshResult, RefreshFailure } from '../types';
|
|
12
12
|
/**
|
|
13
13
|
* Google OAuth token provider
|
|
14
14
|
*/
|
|
15
15
|
export declare class GoogleProvider implements TokenProvider {
|
|
16
16
|
readonly id = "google";
|
|
17
17
|
readonly supportsRefresh = true;
|
|
18
|
-
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult |
|
|
18
|
+
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
19
19
|
}
|
|
20
20
|
/**
|
|
21
21
|
* Default Google provider instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAoB7F;;GAEG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,eAAe,QAAQ;IAE1B,OAAO,CACX,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;CA0C3C;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,gBAAuB,CAAC"}
|
package/dist/providers/google.js
CHANGED
|
@@ -9,6 +9,8 @@
|
|
|
9
9
|
* Requires `access_type=offline` during initial OAuth to get refresh token
|
|
10
10
|
*/
|
|
11
11
|
const TOKEN_URL = 'https://oauth2.googleapis.com/token';
|
|
12
|
+
/** Google error codes that indicate permanent token revocation */
|
|
13
|
+
const REVOCATION_ERRORS = ['invalid_grant', 'unauthorized_client'];
|
|
12
14
|
/**
|
|
13
15
|
* Google OAuth token provider
|
|
14
16
|
*/
|
|
@@ -16,44 +18,39 @@ export class GoogleProvider {
|
|
|
16
18
|
id = 'google';
|
|
17
19
|
supportsRefresh = true;
|
|
18
20
|
async refresh(refreshToken, config) {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
}
|
|
41
|
-
// Other errors - throw to retry later
|
|
42
|
-
throw new Error(`Token refresh failed: ${error.error}`);
|
|
21
|
+
const response = await fetch(TOKEN_URL, {
|
|
22
|
+
method: 'POST',
|
|
23
|
+
headers: {
|
|
24
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
25
|
+
},
|
|
26
|
+
body: new URLSearchParams({
|
|
27
|
+
client_id: config.clientId,
|
|
28
|
+
client_secret: config.clientSecret,
|
|
29
|
+
refresh_token: refreshToken,
|
|
30
|
+
grant_type: 'refresh_token',
|
|
31
|
+
}).toString(),
|
|
32
|
+
});
|
|
33
|
+
if (!response.ok) {
|
|
34
|
+
const error = (await response.json());
|
|
35
|
+
console.error(`[GoogleProvider] Token refresh failed: ${error.error} - ${error.error_description}`);
|
|
36
|
+
// Check for permanent revocation errors
|
|
37
|
+
if (REVOCATION_ERRORS.includes(error.error)) {
|
|
38
|
+
return {
|
|
39
|
+
revoked: true,
|
|
40
|
+
errorCode: error.error,
|
|
41
|
+
errorMessage: error.error_description,
|
|
42
|
+
};
|
|
43
43
|
}
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
accessToken: data.access_token,
|
|
47
|
-
// Google may return a new refresh token (rare, but handle it)
|
|
48
|
-
refreshToken: data.refresh_token,
|
|
49
|
-
expiresAt: Date.now() + data.expires_in * 1000,
|
|
50
|
-
};
|
|
51
|
-
}
|
|
52
|
-
catch (error) {
|
|
53
|
-
console.error('[GoogleProvider] Refresh error:', error);
|
|
54
|
-
// Network errors or unexpected issues - return null to trigger re-auth
|
|
55
|
-
return null;
|
|
44
|
+
// Other errors (rate limit, server error) - throw for retry
|
|
45
|
+
throw new Error(`Token refresh failed: ${error.error} - ${error.error_description || ''}`);
|
|
56
46
|
}
|
|
47
|
+
const data = (await response.json());
|
|
48
|
+
return {
|
|
49
|
+
accessToken: data.access_token,
|
|
50
|
+
// Google may return a new refresh token (rare, but handle it)
|
|
51
|
+
refreshToken: data.refresh_token,
|
|
52
|
+
expiresAt: Date.now() + data.expires_in * 1000,
|
|
53
|
+
};
|
|
57
54
|
}
|
|
58
55
|
}
|
|
59
56
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAexD;;GAEG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,IAAI,CAAC;IAEhC,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,
|
|
1
|
+
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAexD,kEAAkE;AAClE,MAAM,iBAAiB,GAAG,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;AAEnE;;GAEG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,IAAI,CAAC;IAEhC,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,eAAe;aAC5B,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;YAC7D,OAAO,CAAC,KAAK,CACX,0CAA0C,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,EAAE,CACrF,CAAC;YAEF,wCAAwC;YACxC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,KAAK,CAAC,KAAK;oBACtB,YAAY,EAAE,KAAK,CAAC,iBAAiB;iBACtC,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;QAE5D,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,8DAA8D;YAC9D,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC/C,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC"}
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
* - 'consumers': Personal Microsoft accounts only
|
|
13
13
|
* - '{tenant-id}': Specific organization only
|
|
14
14
|
*/
|
|
15
|
-
import type { TokenProvider, ProviderConfig, RefreshResult } from '../types';
|
|
15
|
+
import type { TokenProvider, ProviderConfig, RefreshResult, RefreshFailure } from '../types';
|
|
16
16
|
/**
|
|
17
17
|
* Microsoft OAuth token provider
|
|
18
18
|
*/
|
|
@@ -20,7 +20,7 @@ export declare class MicrosoftProvider implements TokenProvider {
|
|
|
20
20
|
readonly id = "microsoft";
|
|
21
21
|
readonly supportsRefresh = true;
|
|
22
22
|
private getTokenUrl;
|
|
23
|
-
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult |
|
|
23
|
+
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
24
24
|
}
|
|
25
25
|
/**
|
|
26
26
|
* Default Microsoft provider instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AA0B7F;;GAEG;AACH,qBAAa,iBAAkB,YAAW,aAAa;IACrD,QAAQ,CAAC,EAAE,eAAe;IAC1B,QAAQ,CAAC,eAAe,QAAQ;IAEhC,OAAO,CAAC,WAAW;IAIb,OAAO,CACX,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;CAiD3C;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,mBAA0B,CAAC"}
|
|
@@ -13,6 +13,13 @@
|
|
|
13
13
|
* - '{tenant-id}': Specific organization only
|
|
14
14
|
*/
|
|
15
15
|
const DEFAULT_TENANT = 'common';
|
|
16
|
+
/**
|
|
17
|
+
* Microsoft AADSTS error codes that indicate permanent token revocation
|
|
18
|
+
* - 70000: Refresh token expired
|
|
19
|
+
* - 50173: Refresh token expired (password change)
|
|
20
|
+
* - 700082: Refresh token expired (inactivity)
|
|
21
|
+
*/
|
|
22
|
+
const REVOCATION_ERROR_CODES = [70000, 50173, 700082];
|
|
16
23
|
/**
|
|
17
24
|
* Microsoft OAuth token provider
|
|
18
25
|
*/
|
|
@@ -25,44 +32,41 @@ export class MicrosoftProvider {
|
|
|
25
32
|
async refresh(refreshToken, config) {
|
|
26
33
|
const tenantId = config.tenantId ?? DEFAULT_TENANT;
|
|
27
34
|
const tokenUrl = this.getTokenUrl(tenantId);
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
error.
|
|
50
|
-
|
|
51
|
-
}
|
|
52
|
-
throw new Error(`Token refresh failed: ${error.error}`);
|
|
35
|
+
const response = await fetch(tokenUrl, {
|
|
36
|
+
method: 'POST',
|
|
37
|
+
headers: {
|
|
38
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
39
|
+
},
|
|
40
|
+
body: new URLSearchParams({
|
|
41
|
+
client_id: config.clientId,
|
|
42
|
+
client_secret: config.clientSecret,
|
|
43
|
+
refresh_token: refreshToken,
|
|
44
|
+
grant_type: 'refresh_token',
|
|
45
|
+
}).toString(),
|
|
46
|
+
});
|
|
47
|
+
if (!response.ok) {
|
|
48
|
+
const error = (await response.json());
|
|
49
|
+
console.error(`[MicrosoftProvider] Token refresh failed: ${error.error} - ${error.error_description}`);
|
|
50
|
+
// Check for permanent revocation errors
|
|
51
|
+
const isRevoked = error.error === 'invalid_grant' ||
|
|
52
|
+
error.error_codes?.some((code) => REVOCATION_ERROR_CODES.includes(code));
|
|
53
|
+
if (isRevoked) {
|
|
54
|
+
return {
|
|
55
|
+
revoked: true,
|
|
56
|
+
errorCode: error.error,
|
|
57
|
+
errorMessage: error.error_description,
|
|
58
|
+
};
|
|
53
59
|
}
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
accessToken: data.access_token,
|
|
57
|
-
// Microsoft typically returns a new refresh token - always use it!
|
|
58
|
-
refreshToken: data.refresh_token,
|
|
59
|
-
expiresAt: Date.now() + data.expires_in * 1000,
|
|
60
|
-
};
|
|
61
|
-
}
|
|
62
|
-
catch (error) {
|
|
63
|
-
console.error('[MicrosoftProvider] Refresh error:', error);
|
|
64
|
-
return null;
|
|
60
|
+
// Other errors (rate limit, server error) - throw for retry
|
|
61
|
+
throw new Error(`Token refresh failed: ${error.error} - ${error.error_description || ''}`);
|
|
65
62
|
}
|
|
63
|
+
const data = (await response.json());
|
|
64
|
+
return {
|
|
65
|
+
accessToken: data.access_token,
|
|
66
|
+
// Microsoft typically returns a new refresh token - always use it!
|
|
67
|
+
refreshToken: data.refresh_token,
|
|
68
|
+
expiresAt: Date.now() + data.expires_in * 1000,
|
|
69
|
+
};
|
|
66
70
|
}
|
|
67
71
|
}
|
|
68
72
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"microsoft.js","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,MAAM,cAAc,GAAG,QAAQ,CAAC;AAgBhC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACnB,EAAE,GAAG,WAAW,CAAC;IACjB,eAAe,GAAG,IAAI,CAAC;IAExB,WAAW,CAAC,QAAgB;QAClC,OAAO,qCAAqC,QAAQ,oBAAoB,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,
|
|
1
|
+
{"version":3,"file":"microsoft.js","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,MAAM,cAAc,GAAG,QAAQ,CAAC;AAgBhC;;;;;GAKG;AACH,MAAM,sBAAsB,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;AAEtD;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACnB,EAAE,GAAG,WAAW,CAAC;IACjB,eAAe,GAAG,IAAI,CAAC;IAExB,WAAW,CAAC,QAAgB;QAClC,OAAO,qCAAqC,QAAQ,oBAAoB,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,eAAe;aAC5B,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;YAChE,OAAO,CAAC,KAAK,CACX,6CAA6C,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,EAAE,CACxF,CAAC;YAEF,wCAAwC;YACxC,MAAM,SAAS,GACb,KAAK,CAAC,KAAK,KAAK,eAAe;gBAC/B,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAE3E,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,KAAK,CAAC,KAAK;oBACtB,YAAY,EAAE,KAAK,CAAC,iBAAiB;iBACtC,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;QAE/D,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,mEAAmE;YACnE,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC/C,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,iBAAiB,EAAE,CAAC"}
|
package/dist/token-manager.d.ts
CHANGED
|
@@ -76,8 +76,17 @@ export declare class TokenManager {
|
|
|
76
76
|
has(userId: string, provider: string): Promise<boolean>;
|
|
77
77
|
/**
|
|
78
78
|
* Refresh an expired token
|
|
79
|
+
*
|
|
80
|
+
* Handles three outcomes:
|
|
81
|
+
* 1. Success: Returns new token data, updates storage
|
|
82
|
+
* 2. Revoked: Deletes token from storage, throws TokenRevokedError
|
|
83
|
+
* 3. Temporary error: Re-throws error (caller can retry)
|
|
79
84
|
*/
|
|
80
85
|
private refreshToken;
|
|
86
|
+
/**
|
|
87
|
+
* Type guard for RefreshFailure
|
|
88
|
+
*/
|
|
89
|
+
private isRefreshFailure;
|
|
81
90
|
/**
|
|
82
91
|
* Register a custom provider implementation
|
|
83
92
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAElB,aAAa,EAGb,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,
|
|
1
|
+
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAElB,aAAa,EAGb,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAEnB,MAAM,SAAS,CAAC;AA0BjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA8B;IACxD,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;gBAElC,MAAM,EAAE,kBAAkB;IAMtC;;;;OAIG;IACG,KAAK,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBtD;;;;;;;;;;;OAWG;IACG,GAAG,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC;IA0CvD;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAIpE;;;;;;OAMG;IACG,MAAM,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxD;;OAEG;IACG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7D;;;;;;;OAOG;YACW,YAAY;IA8D1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IASxB;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;CAGvD"}
|
package/dist/token-manager.js
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Main entry point for storing, retrieving, and refreshing OAuth tokens
|
|
5
5
|
* for downstream API access in Cloudflare Workers.
|
|
6
6
|
*/
|
|
7
|
-
import { TokenNotFoundError, TokenExpiredError, InsufficientScopesError, ProviderNotConfiguredError, } from './errors';
|
|
7
|
+
import { TokenNotFoundError, TokenExpiredError, TokenRevokedError, InsufficientScopesError, ProviderNotConfiguredError, } from './errors';
|
|
8
8
|
import { GoogleProvider } from './providers/google';
|
|
9
9
|
import { MicrosoftProvider } from './providers/microsoft';
|
|
10
10
|
import { GitHubProvider } from './providers/github';
|
|
@@ -141,6 +141,11 @@ export class TokenManager {
|
|
|
141
141
|
}
|
|
142
142
|
/**
|
|
143
143
|
* Refresh an expired token
|
|
144
|
+
*
|
|
145
|
+
* Handles three outcomes:
|
|
146
|
+
* 1. Success: Returns new token data, updates storage
|
|
147
|
+
* 2. Revoked: Deletes token from storage, throws TokenRevokedError
|
|
148
|
+
* 3. Temporary error: Re-throws error (caller can retry)
|
|
144
149
|
*/
|
|
145
150
|
async refreshToken(stored) {
|
|
146
151
|
const { userId, provider, refreshToken } = stored;
|
|
@@ -166,17 +171,22 @@ export class TokenManager {
|
|
|
166
171
|
// If we got here, the token must be invalid
|
|
167
172
|
throw new TokenExpiredError(userId, provider, 'refresh_failed');
|
|
168
173
|
}
|
|
169
|
-
// Attempt refresh
|
|
170
|
-
const
|
|
171
|
-
if
|
|
172
|
-
|
|
174
|
+
// Attempt refresh - may throw for temporary errors (network, rate limit)
|
|
175
|
+
const result = await providerImpl.refresh(refreshToken, providerConfig);
|
|
176
|
+
// Check if token was revoked
|
|
177
|
+
if (this.isRefreshFailure(result)) {
|
|
178
|
+
// Auto-delete the dead token from storage
|
|
179
|
+
await this.storage.delete(userId, provider);
|
|
180
|
+
console.log(`[TokenManager] Token revoked for ${userId}/${provider}, deleted from storage. ` +
|
|
181
|
+
`Error: ${result.errorCode}`);
|
|
182
|
+
throw new TokenRevokedError(userId, provider, result.errorCode);
|
|
173
183
|
}
|
|
174
184
|
// Update stored token with new values
|
|
175
185
|
const updatedToken = {
|
|
176
186
|
...stored,
|
|
177
|
-
accessToken:
|
|
178
|
-
refreshToken:
|
|
179
|
-
expiresAt:
|
|
187
|
+
accessToken: result.accessToken,
|
|
188
|
+
refreshToken: result.refreshToken ?? stored.refreshToken,
|
|
189
|
+
expiresAt: result.expiresAt,
|
|
180
190
|
updatedAt: Date.now(),
|
|
181
191
|
};
|
|
182
192
|
await this.storage.set(updatedToken);
|
|
@@ -187,6 +197,15 @@ export class TokenManager {
|
|
|
187
197
|
scopes: updatedToken.scopes,
|
|
188
198
|
};
|
|
189
199
|
}
|
|
200
|
+
/**
|
|
201
|
+
* Type guard for RefreshFailure
|
|
202
|
+
*/
|
|
203
|
+
isRefreshFailure(result) {
|
|
204
|
+
return (typeof result === 'object' &&
|
|
205
|
+
result !== null &&
|
|
206
|
+
'revoked' in result &&
|
|
207
|
+
result.revoked === true);
|
|
208
|
+
}
|
|
190
209
|
/**
|
|
191
210
|
* Register a custom provider implementation
|
|
192
211
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,kDAAkD;AAClD,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhD;;GAEG;AACH,MAAM,gBAAgB,GAAkC;IACtD,MAAM,EAAE,IAAI,cAAc,EAAE;IAC5B,SAAS,EAAE,IAAI,iBAAiB,EAAE;IAClC,MAAM,EAAE,IAAI,cAAc,EAAE;CAC7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,OAAO,YAAY;IACN,OAAO,CAAe;IACtB,SAAS,CAA8B;IACvC,oBAAoB,CAAS;IAE9C,YAAY,MAA0B;QACpC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAA+B,CAAC,CAAC;QAC5H,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,IAAI,yBAAyB,CAAC;IACvF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,OAA0B;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,mDAAmD;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE1E,MAAM,KAAK,GAAgB;YACzB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,GAAG;YACrC,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,GAAG,CAAC,OAAwB;QAChC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;QAEpE,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAExD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,wBAAwB;QACxB,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAClD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC9B,CAAC;YACF,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,uBAAuB,CAC/B,MAAM,EACN,QAAQ,EACR,cAAc,EACd,MAAM,CAAC,MAAM,CACd,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,aAAa,IAAI,IAAI,CAAC,oBAAoB,CAAC;QAC5D,MAAM,YAAY,GAChB,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC;QAEhE,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,OAAO;YACL,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAA0B;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,OAA2B;QACtC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,QAAgB;QACxC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvD,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,YAAY,CAAC,MAAmB;QAC5C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAElD,0BAA0B;QAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QACpE,CAAC;QAED,sBAAsB;QACtB,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,8BAA8B;QAC9B,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,wDAAwD;YACxD,mDAAmD;YACnD,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAClE,CAAC;QAED,qCAAqC;QACrC,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAClC,8CAA8C;YAC9C,4CAA4C;YAC5C,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAClE,CAAC;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QAExE,6BAA6B;QAC7B,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,0CAA0C;YAC1C,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CACT,oCAAoC,MAAM,IAAI,QAAQ,0BAA0B;gBAC9E,UAAU,MAAM,CAAC,SAAS,EAAE,CAC/B,CAAC;YACF,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAClE,CAAC;QAED,sCAAsC;QACtC,MAAM,YAAY,GAAgB;YAChC,GAAG,MAAM;YACT,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY;YACxD,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAErC,OAAO;YACL,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,YAAY,EAAE,YAAY,CAAC,YAAY;YACvC,SAAS,EAAE,YAAY,CAAC,SAAS;YACjC,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,MAAe;QACtC,OAAO,CACL,OAAO,MAAM,KAAK,QAAQ;YAC1B,MAAM,KAAK,IAAI;YACf,SAAS,IAAI,MAAM;YAClB,MAAyB,CAAC,OAAO,KAAK,IAAI,CAC5C,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,QAAuB;QAC7C,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC;IAC3C,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -132,13 +132,13 @@ export interface TokenProvider {
|
|
|
132
132
|
readonly id: string;
|
|
133
133
|
/**
|
|
134
134
|
* Refresh an expired access token
|
|
135
|
-
*
|
|
135
|
+
*
|
|
136
|
+
* @returns
|
|
137
|
+
* - RefreshResult: New token data on success
|
|
138
|
+
* - RefreshFailure: Token was permanently revoked (auto-cleanup recommended)
|
|
139
|
+
* - throws Error: Temporary failure (network, rate limit) - retry later
|
|
136
140
|
*/
|
|
137
|
-
refresh(refreshToken: string, config: ProviderConfig): Promise<
|
|
138
|
-
accessToken: string;
|
|
139
|
-
refreshToken?: string;
|
|
140
|
-
expiresAt?: number;
|
|
141
|
-
} | null>;
|
|
141
|
+
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
142
142
|
/**
|
|
143
143
|
* Whether this provider supports token refresh
|
|
144
144
|
* (GitHub tokens don't expire, so no refresh needed)
|
|
@@ -155,4 +155,15 @@ export interface RefreshResult {
|
|
|
155
155
|
/** New expiration time */
|
|
156
156
|
expiresAt?: number;
|
|
157
157
|
}
|
|
158
|
+
/**
|
|
159
|
+
* Result when token refresh fails
|
|
160
|
+
*/
|
|
161
|
+
export interface RefreshFailure {
|
|
162
|
+
/** Token was permanently invalidated (revoked by user/admin) - should delete from storage */
|
|
163
|
+
revoked: true;
|
|
164
|
+
/** Error code from provider (e.g., 'invalid_grant') */
|
|
165
|
+
errorCode?: string;
|
|
166
|
+
/** Human-readable error message */
|
|
167
|
+
errorMessage?: string;
|
|
168
|
+
}
|
|
158
169
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,OAAO,EAAE,YAAY,CAAC;IACtB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,SAAS,EAAE;QACT,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,SAAS,CAAC,EAAE,cAAc,CAAC;QAC3B,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAAC;KAC3C,CAAC;IACF,gFAAgF;IAChF,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAEnE;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvC;;OAEG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExD;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;CACpD;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,OAAO,EAAE,YAAY,CAAC;IACtB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,SAAS,EAAE;QACT,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,SAAS,CAAC,EAAE,cAAc,CAAC;QAC3B,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAAC;KAC3C,CAAC;IACF,gFAAgF;IAChF,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAEnE;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvC;;OAEG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExD;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;CACpD;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,OAAO,CACL,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC,CAAC;IAE3C;;;OAGG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,6FAA6F;IAC7F,OAAO,EAAE,IAAI,CAAC;IACd,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}
|
package/package.json
CHANGED