npm - @jezweb/oauth-token-manager - Versions diffs - 0.1.0 - Mend

@jezweb/oauth-token-manager 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/README.md +184 -0
package/SECURITY.md +162 -0
package/dist/crypto.d.ts +43 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +107 -0
package/dist/crypto.js.map +1 -0
package/dist/errors.d.ts +75 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +117 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +54 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +58 -0
package/dist/index.js.map +1 -0
package/dist/providers/github.d.ts +45 -0
package/dist/providers/github.d.ts.map +1 -0
package/dist/providers/github.js +70 -0
package/dist/providers/github.js.map +1 -0
package/dist/providers/google.d.ts +24 -0
package/dist/providers/google.d.ts.map +1 -0
package/dist/providers/google.js +63 -0
package/dist/providers/google.js.map +1 -0
package/dist/providers/microsoft.d.ts +29 -0
package/dist/providers/microsoft.d.ts.map +1 -0
package/dist/providers/microsoft.js +72 -0
package/dist/providers/microsoft.js.map +1 -0
package/dist/providers/types.d.ts +7 -0
package/dist/providers/types.d.ts.map +1 -0
package/dist/providers/types.js +7 -0
package/dist/providers/types.js.map +1 -0
package/dist/storage/d1.d.ts +22 -0
package/dist/storage/d1.d.ts.map +1 -0
package/dist/storage/d1.js +31 -0
package/dist/storage/d1.js.map +1 -0
package/dist/storage/kv.d.ts +38 -0
package/dist/storage/kv.d.ts.map +1 -0
package/dist/storage/kv.js +143 -0
package/dist/storage/kv.js.map +1 -0
package/dist/storage/types.d.ts +7 -0
package/dist/storage/types.d.ts.map +1 -0
package/dist/storage/types.js +7 -0
package/dist/storage/types.js.map +1 -0
package/dist/token-manager.d.ts +88 -0
package/dist/token-manager.d.ts.map +1 -0
package/dist/token-manager.js +199 -0
package/dist/token-manager.js.map +1 -0
package/dist/types.d.ts +158 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/package.json +88 -0

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,158 @@
+/**
+ * Core types for OAuth Token Manager
+ */
+/**
+ * Stored token data (encrypted at rest)
+ */
+export interface StoredToken {
+    /** User identifier from your auth system */
+    userId: string;
+    /** Provider identifier (e.g., 'google', 'microsoft', 'github') */
+    provider: string;
+    /** OAuth access token (encrypted) */
+    accessToken: string;
+    /** OAuth refresh token (encrypted, optional for providers like GitHub) */
+    refreshToken?: string;
+    /** Token expiration timestamp in milliseconds */
+    expiresAt?: number;
+    /** Scopes granted by the user */
+    scopes: string[];
+    /** When the token was first stored */
+    createdAt: number;
+    /** When the token was last updated */
+    updatedAt: number;
+}
+/**
+ * Token data returned to consumers (decrypted)
+ */
+export interface TokenData {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: number;
+    scopes: string[];
+}
+/**
+ * Options for storing a new token
+ */
+export interface StoreTokenOptions {
+    userId: string;
+    provider: string;
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: number;
+    scopes: string[];
+}
+/**
+ * Options for retrieving a token
+ */
+export interface GetTokenOptions {
+    userId: string;
+    provider: string;
+    /** If specified, verify these scopes are present */
+    requiredScopes?: string[];
+    /** Buffer time in ms before expiry to trigger refresh (default: 5 minutes) */
+    refreshBuffer?: number;
+}
+/**
+ * Options for listing a user's connected providers
+ */
+export interface ListTokensOptions {
+    userId: string;
+}
+/**
+ * Summary of a connected provider
+ */
+export interface ConnectedProvider {
+    provider: string;
+    scopes: string[];
+    connectedAt: number;
+    expiresAt?: number;
+}
+/**
+ * Options for revoking a token
+ */
+export interface RevokeTokenOptions {
+    userId: string;
+    provider: string;
+}
+/**
+ * Provider configuration for token refresh
+ */
+export interface ProviderConfig {
+    clientId: string;
+    clientSecret: string;
+    /** Microsoft-specific: tenant ID (default: 'common') */
+    tenantId?: string;
+}
+/**
+ * Token manager configuration
+ */
+export interface TokenManagerConfig {
+    /** Storage adapter (KV or D1) */
+    storage: TokenStorage;
+    /** @deprecated Encryption is handled by the storage adapter. This field is unused. */
+    encryptionKey?: string;
+    /** Provider configurations for token refresh */
+    providers: {
+        google?: ProviderConfig;
+        microsoft?: ProviderConfig;
+        github?: ProviderConfig;
+        [key: string]: ProviderConfig | undefined;
+    };
+    /** Default buffer time before expiry to trigger refresh (default: 5 minutes) */
+    defaultRefreshBuffer?: number;
+}
+/**
+ * Storage adapter interface
+ * Implement this for custom storage backends
+ */
+export interface TokenStorage {
+    /**
+     * Get a stored token by user and provider
+     */
+    get(userId: string, provider: string): Promise<StoredToken | null>;
+    /**
+     * Store or update a token
+     */
+    set(token: StoredToken): Promise<void>;
+    /**
+     * Delete a token
+     */
+    delete(userId: string, provider: string): Promise<void>;
+    /**
+     * List all providers for a user
+     */
+    list(userId: string): Promise<ConnectedProvider[]>;
+}
+/**
+ * Provider interface for token refresh
+ */
+export interface TokenProvider {
+    /** Provider identifier */
+    readonly id: string;
+    /**
+     * Refresh an expired access token
+     * @returns New token data, or null if refresh failed (user needs to re-auth)
+     */
+    refresh(refreshToken: string, config: ProviderConfig): Promise<{
+        accessToken: string;
+        refreshToken?: string;
+        expiresAt?: number;
+    } | null>;
+    /**
+     * Whether this provider supports token refresh
+     * (GitHub tokens don't expire, so no refresh needed)
+     */
+    readonly supportsRefresh: boolean;
+}
+/**
+ * Result of a token refresh operation
+ */
+export interface RefreshResult {
+    accessToken: string;
+    /** New refresh token (some providers rotate) */
+    refreshToken?: string;
+    /** New expiration time */
+    expiresAt?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,OAAO,EAAE,YAAY,CAAC;IACtB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,SAAS,EAAE;QACT,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,SAAS,CAAC,EAAE,cAAc,CAAC;QAC3B,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAAC;KAC3C,CAAC;IACF,gFAAgF;IAChF,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAEnE;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvC;;OAEG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExD;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;CACpD;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,OAAO,CACL,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GAAG,IAAI,CAAC,CAAC;IAEV;;;OAGG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * Core types for OAuth Token Manager
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/package.json ADDED Viewed

@@ -0,0 +1,88 @@
+{
+  "name": "@jezweb/oauth-token-manager",
+  "version": "0.1.0",
+  "description": "OAuth token management for Cloudflare Workers - store, refresh, and retrieve tokens for downstream API access",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./storage/kv": {
+      "types": "./dist/storage/kv.d.ts",
+      "import": "./dist/storage/kv.js"
+    },
+    "./storage/d1": {
+      "types": "./dist/storage/d1.d.ts",
+      "import": "./dist/storage/d1.js"
+    },
+    "./providers/google": {
+      "types": "./dist/providers/google.d.ts",
+      "import": "./dist/providers/google.js"
+    },
+    "./providers/microsoft": {
+      "types": "./dist/providers/microsoft.d.ts",
+      "import": "./dist/providers/microsoft.js"
+    },
+    "./providers/github": {
+      "types": "./dist/providers/github.d.ts",
+      "import": "./dist/providers/github.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "SECURITY.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "eslint src/",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "keywords": [
+    "oauth",
+    "token",
+    "cloudflare",
+    "workers",
+    "kv",
+    "d1",
+    "mcp",
+    "api",
+    "google",
+    "microsoft",
+    "github"
+  ],
+  "author": "Jezweb <jeremy@jezweb.net>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/jezweb/oauth-token-manager.git"
+  },
+  "homepage": "https://github.com/jezweb/oauth-token-manager#readme",
+  "bugs": {
+    "url": "https://github.com/jezweb/oauth-token-manager/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "^4.20250109.0",
+    "@types/node": "^22.10.5",
+    "typescript": "^5.7.3",
+    "vitest": "^3.0.2"
+  },
+  "peerDependencies": {
+    "@cloudflare/workers-types": ">=4.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@cloudflare/workers-types": {
+      "optional": true
+    }
+  }
+}