@kaapi/oauth2-auth-design 0.0.13 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/kaukau.config.mjs +20 -0
- package/lib/cli.d.ts +13 -0
- package/lib/cli.js +181 -0
- package/lib/cli.js.map +1 -0
- package/lib/flows/auth-code/authorization-route.d.ts +58 -7
- package/lib/flows/auth-code/authorization-route.js +139 -52
- package/lib/flows/auth-code/authorization-route.js.map +1 -1
- package/lib/flows/auth-code/authorization-utils.d.ts +35 -0
- package/lib/flows/auth-code/authorization-utils.js +44 -0
- package/lib/flows/auth-code/authorization-utils.js.map +1 -0
- package/lib/flows/auth-code/token-route.d.ts +10 -18
- package/lib/flows/auth-code/token-route.js +6 -15
- package/lib/flows/auth-code/token-route.js.map +1 -1
- package/lib/flows/authorization-code.d.ts +112 -0
- package/lib/flows/authorization-code.js +570 -0
- package/lib/flows/authorization-code.js.map +1 -0
- package/lib/flows/client-credentials.d.ts +79 -39
- package/lib/flows/client-credentials.js +324 -257
- package/lib/flows/client-credentials.js.map +1 -1
- package/lib/flows/client-creds/token-route.d.ts +23 -0
- package/lib/flows/client-creds/token-route.js +52 -0
- package/lib/flows/client-creds/token-route.js.map +1 -0
- package/lib/flows/common.d.ts +265 -28
- package/lib/flows/common.js +293 -29
- package/lib/flows/common.js.map +1 -1
- package/lib/flows/device-auth/authorization-route.d.ts +83 -0
- package/lib/flows/device-auth/authorization-route.js +68 -0
- package/lib/flows/device-auth/authorization-route.js.map +1 -0
- package/lib/flows/device-auth/token-route.d.ts +29 -0
- package/lib/flows/device-auth/token-route.js +49 -0
- package/lib/flows/device-auth/token-route.js.map +1 -0
- package/lib/flows/device-authorization.d.ts +112 -0
- package/lib/flows/device-authorization.js +523 -0
- package/lib/flows/device-authorization.js.map +1 -0
- package/lib/flows/oidc-multiple-flows.d.ts +59 -0
- package/lib/flows/oidc-multiple-flows.js +268 -0
- package/lib/flows/oidc-multiple-flows.js.map +1 -0
- package/lib/index.d.ts +12 -6
- package/lib/index.js +12 -6
- package/lib/index.js.map +1 -1
- package/lib/utils/client-auth-methods.d.ts +2 -2
- package/lib/utils/client-auth-methods.js +5 -6
- package/lib/utils/client-auth-methods.js.map +1 -1
- package/lib/utils/in-memory-key-store.d.ts +12 -0
- package/lib/utils/in-memory-key-store.js +46 -0
- package/lib/utils/in-memory-key-store.js.map +1 -0
- package/lib/utils/jwt-authority.d.ts +81 -0
- package/lib/utils/jwt-authority.js +186 -0
- package/lib/utils/jwt-authority.js.map +1 -0
- package/lib/utils/jwt-utils.d.ts +33 -0
- package/lib/utils/jwt-utils.js +24 -0
- package/lib/utils/jwt-utils.js.map +1 -0
- package/lib/utils/replay-store.d.ts +13 -0
- package/lib/utils/{cache-set.js → replay-store.js} +8 -4
- package/lib/utils/replay-store.js.map +1 -0
- package/lib/utils/token-types.d.ts +6 -3
- package/lib/utils/token-types.js +13 -10
- package/lib/utils/token-types.js.map +1 -1
- package/lib/utils/verify-code-verifier.d.ts +4 -0
- package/lib/utils/verify-code-verifier.js +18 -0
- package/lib/utils/verify-code-verifier.js.map +1 -0
- package/package.json +11 -7
- package/lib/flows/auth-code/open-id.d.ts +0 -53
- package/lib/flows/auth-code/open-id.js +0 -199
- package/lib/flows/auth-code/open-id.js.map +0 -1
- package/lib/flows/auth-code.ts/open-id.d.ts +0 -52
- package/lib/flows/auth-code.ts/open-id.js +0 -169
- package/lib/flows/auth-code.ts/open-id.js.map +0 -1
- package/lib/flows/authentication-code.d.ts +0 -53
- package/lib/flows/authentication-code.js +0 -380
- package/lib/flows/authentication-code.js.map +0 -1
- package/lib/utils/cache-set.d.ts +0 -12
- package/lib/utils/cache-set.js.map +0 -1
- package/lib/utils/in-memory-cache.d.ts +0 -5
- package/lib/utils/in-memory-cache.js +0 -30
- package/lib/utils/in-memory-cache.js.map +0 -1
- package/lib/utils/in-memory-jwks-store.d.ts +0 -12
- package/lib/utils/in-memory-jwks-store.js +0 -46
- package/lib/utils/in-memory-jwks-store.js.map +0 -1
- package/lib/utils/jwks-generator.d.ts +0 -58
- package/lib/utils/jwks-generator.js +0 -141
- package/lib/utils/jwks-generator.js.map +0 -1
- package/lib/utils/jwks-store.d.ts +0 -13
- package/lib/utils/jwks-store.js +0 -3
- package/lib/utils/jwks-store.js.map +0 -1
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { defineConfig } from 'kaukau/config'
|
|
2
|
+
|
|
3
|
+
export default defineConfig({
|
|
4
|
+
enableLogs: true,
|
|
5
|
+
exitOnFail: true,
|
|
6
|
+
files: 'test/',
|
|
7
|
+
ext: '.test.ts',
|
|
8
|
+
options: {
|
|
9
|
+
bail: false,
|
|
10
|
+
fullTrace: true,
|
|
11
|
+
grep: '',
|
|
12
|
+
ignoreLeaks: false,
|
|
13
|
+
reporter: 'spec',
|
|
14
|
+
retries: 0,
|
|
15
|
+
slow: 10000,
|
|
16
|
+
timeout: 30000,
|
|
17
|
+
ui: 'bdd',
|
|
18
|
+
color: true,
|
|
19
|
+
}
|
|
20
|
+
});
|
package/lib/cli.d.ts
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { FileGenerator, FileGeneratorType, Question } from '@kaapi/cli/definitions';
|
|
2
|
+
export declare class OAuth2FileGenerator implements FileGenerator {
|
|
3
|
+
#private;
|
|
4
|
+
get type(): FileGeneratorType;
|
|
5
|
+
get name(): 'oauth2-generator';
|
|
6
|
+
get description(): string;
|
|
7
|
+
get options(): Record<string, string>;
|
|
8
|
+
init(options: Record<string, unknown>): void;
|
|
9
|
+
isValid(): boolean;
|
|
10
|
+
getFileContent(): string;
|
|
11
|
+
getQuestions(): Question[];
|
|
12
|
+
getFilename(): string;
|
|
13
|
+
}
|
package/lib/cli.js
ADDED
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var _OAuth2FileGenerator_values;
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.OAuth2FileGenerator = void 0;
|
|
5
|
+
const tslib_1 = require("tslib");
|
|
6
|
+
const definitions_1 = require("@kaapi/cli/definitions");
|
|
7
|
+
const utils_1 = require("@kaapi/cli/utils");
|
|
8
|
+
class OAuth2FileGenerator {
|
|
9
|
+
constructor() {
|
|
10
|
+
_OAuth2FileGenerator_values.set(this, {
|
|
11
|
+
name: ''
|
|
12
|
+
});
|
|
13
|
+
}
|
|
14
|
+
get type() {
|
|
15
|
+
return 'auth-design';
|
|
16
|
+
}
|
|
17
|
+
get name() {
|
|
18
|
+
return 'oauth2-generator';
|
|
19
|
+
}
|
|
20
|
+
get description() {
|
|
21
|
+
return 'Creates an auth design based on OAuth2 specifications.';
|
|
22
|
+
}
|
|
23
|
+
get options() {
|
|
24
|
+
return {
|
|
25
|
+
name: 'The name of the design'
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
init(options) {
|
|
29
|
+
if (typeof options['name'] == 'string') {
|
|
30
|
+
tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name = (0, utils_1.camelCase)(options['name']);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
isValid() {
|
|
34
|
+
return !!tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name;
|
|
35
|
+
}
|
|
36
|
+
getFileContent() {
|
|
37
|
+
return `import Boom from '@hapi/boom'
|
|
38
|
+
import {
|
|
39
|
+
OAuth2ACAuthorizationRoute,
|
|
40
|
+
OAuth2RefreshTokenHandler,
|
|
41
|
+
OAuth2RefreshTokenRoute,
|
|
42
|
+
OAuth2ACTokenRoute,
|
|
43
|
+
OpenIDAuthDesign,
|
|
44
|
+
OpenIDJWKSRoute,
|
|
45
|
+
OAuth2TokenResponse,
|
|
46
|
+
BearerToken
|
|
47
|
+
} from '@kaapi/oauth2-auth-design';
|
|
48
|
+
|
|
49
|
+
const tokenType = new BearerToken()
|
|
50
|
+
|
|
51
|
+
export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name} = new OpenIDAuthDesign(
|
|
52
|
+
{
|
|
53
|
+
strategyName: '${(0, utils_1.kebabCase)(tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name)}',
|
|
54
|
+
openidConfiguration: {
|
|
55
|
+
...tokenType.configuration
|
|
56
|
+
},
|
|
57
|
+
jwksStore: undefined,
|
|
58
|
+
jwksRoute: new OpenIDJWKSRoute('/openid/jwks'),
|
|
59
|
+
authorizationRoute: OAuth2ACAuthorizationRoute.buildDefault<object, { Payload: { user: string, pass: string } }>()
|
|
60
|
+
.setPath('/oauth2/authorize')
|
|
61
|
+
.setEmailField('email')
|
|
62
|
+
.setPasswordField('password')
|
|
63
|
+
.generateCode(async ({ clientId, codeChallenge, scope, nonce }, { payload: { user, pass } }) => {
|
|
64
|
+
// validate and generate code
|
|
65
|
+
if (user == 'janed@example.com' && pass == '1234') {
|
|
66
|
+
return JSON.stringify({ clientId, codeChallenge, scope, nonce, user: '248289761001' })
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
return null
|
|
70
|
+
}),
|
|
71
|
+
tokenRoute: OAuth2ACTokenRoute.buildDefault()
|
|
72
|
+
.setPath('/oauth2/token')
|
|
73
|
+
.generateToken(async ({ clientId, clientSecret, code, codeVerifier, redirectUri, ttl, createIdToken }, _req) => {
|
|
74
|
+
|
|
75
|
+
if (!clientSecret && !codeVerifier) {
|
|
76
|
+
return { error: OAuth2ErrorCode.INVALID_REQUEST, error_description: 'Token Request was missing the \\'client_secret\\' parameter.' }
|
|
77
|
+
}
|
|
78
|
+
try {
|
|
79
|
+
//#region @TODO: validation + token
|
|
80
|
+
const accessToken = 'generated_access_token'
|
|
81
|
+
const refreshToken = 'generated_refresh_token'
|
|
82
|
+
const scope: string[] = ['openid']
|
|
83
|
+
return new OAuth2TokenResponse({ access_token: accessToken })
|
|
84
|
+
.setExpiresIn(ttl)
|
|
85
|
+
.setRefreshToken(refreshToken)
|
|
86
|
+
.setScope(scope)
|
|
87
|
+
.setIdToken(
|
|
88
|
+
await createIdToken?.({
|
|
89
|
+
sub: '248289761001',
|
|
90
|
+
name: 'Jane Doe',
|
|
91
|
+
given_name: 'Jane',
|
|
92
|
+
family_name: 'Doe',
|
|
93
|
+
preferred_username: 'janed',
|
|
94
|
+
email: 'janed@example.com',
|
|
95
|
+
email_verified: true,
|
|
96
|
+
picture: 'https://example.com/janed.jpg'
|
|
97
|
+
})
|
|
98
|
+
)
|
|
99
|
+
.setTokenType(tokenType)
|
|
100
|
+
//#endregion @TODO: validation + token
|
|
101
|
+
} catch (err) {
|
|
102
|
+
console.error(err)
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
return null
|
|
106
|
+
}),
|
|
107
|
+
refreshTokenRoute: new OAuth2RefreshTokenRoute(
|
|
108
|
+
'/oauth2/token',
|
|
109
|
+
(async ({ clientId, clientSecret, refreshToken, scope, ttl }, _req, h) => {
|
|
110
|
+
|
|
111
|
+
//#region @TODO: validation + refresh token
|
|
112
|
+
|
|
113
|
+
//#endregion @TODO: validation + refresh token
|
|
114
|
+
|
|
115
|
+
return h.response({ error: OAuth2ErrorCode.INVALID_GRANT }).code(400)
|
|
116
|
+
}) as OAuth2RefreshTokenHandler,
|
|
117
|
+
),
|
|
118
|
+
options: {
|
|
119
|
+
async validate(req, { token }, h) {
|
|
120
|
+
if (token) {
|
|
121
|
+
//#region @TODO: validation
|
|
122
|
+
if (token != 'generated_access_token') {
|
|
123
|
+
return {}
|
|
124
|
+
}
|
|
125
|
+
//#endregion @TODO: validation
|
|
126
|
+
|
|
127
|
+
// authorized to go further
|
|
128
|
+
return {
|
|
129
|
+
isValid: !!token,
|
|
130
|
+
credentials: {
|
|
131
|
+
user: {
|
|
132
|
+
sub: '248289761001',
|
|
133
|
+
name: 'Jane Doe',
|
|
134
|
+
given_name: 'Jane',
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
return h.unauthenticated(Boom.unauthorized('unauthorized', 'Bearer'))
|
|
141
|
+
},
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
)
|
|
145
|
+
.setDescription('This API uses OAuth 2 with the authentication code grant flow. [More info](https://oauth.net/2/grant-types/authorization-code/)')
|
|
146
|
+
.setScopes({
|
|
147
|
+
profile: 'Access to your profile information',
|
|
148
|
+
email: 'Access to your email address',
|
|
149
|
+
offline_access: 'Access to your data when you are not connected'
|
|
150
|
+
})
|
|
151
|
+
.setTokenType(tokenType)
|
|
152
|
+
.setTokenTTL(36000)
|
|
153
|
+
.clientSecretBasicAuthenticationMethod()
|
|
154
|
+
.clientSecretPostAuthenticationMethod() // to debug (used in SwaggerUI)
|
|
155
|
+
//.withoutPkce() // to remove 'none'
|
|
156
|
+
`;
|
|
157
|
+
}
|
|
158
|
+
getQuestions() {
|
|
159
|
+
const r = [];
|
|
160
|
+
if (!tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name) {
|
|
161
|
+
r.push({
|
|
162
|
+
type: definitions_1.QuestionType.text,
|
|
163
|
+
options: {
|
|
164
|
+
message: 'The name of the auth design?',
|
|
165
|
+
defaultValue: 'oauth2AuthDesign',
|
|
166
|
+
placeholder: 'oauth2AuthDesign'
|
|
167
|
+
},
|
|
168
|
+
setValue: (pluginName) => {
|
|
169
|
+
tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name = (0, utils_1.camelCase)(pluginName);
|
|
170
|
+
}
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
return r;
|
|
174
|
+
}
|
|
175
|
+
getFilename() {
|
|
176
|
+
return (0, utils_1.kebabCase)(`${tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values, "f").name}`) + '.ts';
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
exports.OAuth2FileGenerator = OAuth2FileGenerator;
|
|
180
|
+
_OAuth2FileGenerator_values = new WeakMap();
|
|
181
|
+
//# sourceMappingURL=cli.js.map
|
package/lib/cli.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;AAAA,wDAAiG;AACjG,4CAAuD;AAEvD,MAAa,mBAAmB;IAAhC;QAoBI,sCAAU;YACN,IAAI,EAAE,EAAE;SACX,EAAA;IA8JL,CAAC;IAlLG,IAAI,IAAI;QACJ,OAAO,aAAa,CAAA;IACxB,CAAC;IAED,IAAI,IAAI;QACJ,OAAO,kBAAkB,CAAA;IAC7B,CAAC;IAED,IAAI,WAAW;QACX,OAAO,wDAAwD,CAAA;IACnE,CAAC;IAED,IAAI,OAAO;QACP,OAAO;YACH,IAAI,EAAE,wBAAwB;SACjC,CAAA;IACL,CAAC;IAMD,IAAI,CAAC,OAAgC;QACjC,IAAI,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACrC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,GAAG,IAAA,iBAAS,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAA;QAClD,CAAC;IACL,CAAC;IAED,OAAO;QACH,OAAO,CAAC,CAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,CAAA;IAC9B,CAAC;IAED,cAAc;QACV,OAAO;;;;;;;;;;;;;;eAcA,+BAAA,IAAI,mCAAQ,CAAC,IAAI;;yBAEP,IAAA,iBAAS,EAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuGpD,CAAA;IACG,CAAC;IAED,YAAY;QACR,MAAM,CAAC,GAAe,EAAE,CAAA;QAExB,IAAI,CAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,EAAE,CAAC;YACrB,CAAC,CAAC,IAAI,CAAC;gBACH,IAAI,EAAE,0BAAY,CAAC,IAAI;gBACvB,OAAO,EAAE;oBACL,OAAO,EAAE,8BAA8B;oBACvC,YAAY,EAAE,kBAAkB;oBAChC,WAAW,EAAE,kBAAkB;iBAClC;gBACD,QAAQ,EAAE,CAAC,UAAU,EAAE,EAAE;oBACrB,+BAAA,IAAI,mCAAQ,CAAC,IAAI,GAAG,IAAA,iBAAS,EAAC,UAAU,CAAC,CAAA;gBAC7C,CAAC;aACJ,CAAC,CAAA;QACN,CAAC;QAED,OAAO,CAAC,CAAA;IACZ,CAAC;IAED,WAAW;QACP,OAAO,IAAA,iBAAS,EAAC,GAAG,+BAAA,IAAI,mCAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,KAAK,CAAA;IACpD,CAAC;CACJ;AApLD,kDAoLC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Lifecycle, ReqRef, ReqRefDefaults, Request, ResponseToolkit } from '@kaapi/kaapi';
|
|
2
|
-
import {
|
|
2
|
+
import { AnyOAuth2ErrorCodeType, PathValue } from '../common';
|
|
3
3
|
export interface OAuth2ACAuthorizationParams {
|
|
4
4
|
clientId: string;
|
|
5
5
|
responseType: string;
|
|
@@ -25,27 +25,78 @@ export declare class OAuth2ACAuthorizationRoute<GetRefs extends ReqRef = ReqRefD
|
|
|
25
25
|
get postHandler(): OAuth2ACAuthorizationHandler<PostRefs, Lifecycle.ReturnValue<PostRefs>>;
|
|
26
26
|
constructor(path: string, handler: OAuth2ACAuthorizationHandler<GetRefs>, postHandler: OAuth2ACAuthorizationHandler<PostRefs>);
|
|
27
27
|
}
|
|
28
|
-
export type
|
|
29
|
-
|
|
30
|
-
code: number;
|
|
28
|
+
export type AuthResponseRenderer<Refs extends ReqRef = ReqRefDefaults> = (context: {
|
|
29
|
+
statusCode: number;
|
|
31
30
|
emailField: string;
|
|
32
31
|
passwordField: string;
|
|
33
|
-
error?:
|
|
32
|
+
error?: AnyOAuth2ErrorCodeType;
|
|
34
33
|
errorMessage?: string;
|
|
35
|
-
}, params: OAuth2ACAuthorizationParams, req: Request<Refs>) => Promise<string | object> | string | object;
|
|
34
|
+
}, params: OAuth2ACAuthorizationParams, req: Request<Refs>, h: ResponseToolkit<Refs>) => Promise<string | object> | string | object;
|
|
35
|
+
export type AuthCodeGeneratorResult = {
|
|
36
|
+
type: 'code';
|
|
37
|
+
value: string;
|
|
38
|
+
} | {
|
|
39
|
+
type: 'continue';
|
|
40
|
+
value?: unknown;
|
|
41
|
+
} | {
|
|
42
|
+
type: 'deny';
|
|
43
|
+
value?: unknown;
|
|
44
|
+
};
|
|
36
45
|
/**
|
|
37
46
|
* Return null for invalid code
|
|
38
47
|
*/
|
|
39
|
-
export type AuthCodeGenerator<Refs extends ReqRef = ReqRefDefaults> = (params: OAuth2ACAuthorizationParams, req: Request<Refs>) => Promise<
|
|
48
|
+
export type AuthCodeGenerator<Refs extends ReqRef = ReqRefDefaults> = (params: OAuth2ACAuthorizationParams, req: Request<Refs>, h: ResponseToolkit<Refs>) => Promise<AuthCodeGeneratorResult | null> | AuthCodeGeneratorResult | null;
|
|
49
|
+
export type AuthResponseHandler<Refs extends ReqRef = ReqRefDefaults, R extends Lifecycle.ReturnValue<any> = Lifecycle.ReturnValue<Refs>> = (context: {
|
|
50
|
+
authorizationResult: AuthCodeGeneratorResult;
|
|
51
|
+
emailField: string;
|
|
52
|
+
passwordField: string;
|
|
53
|
+
/**
|
|
54
|
+
* The full redirect URI that the user should be sent to after authorization.
|
|
55
|
+
* This URL includes the appropriate query parameters based on the outcome —
|
|
56
|
+
* either an authorization `code` (on success) or `error`/`error_description` (on failure).
|
|
57
|
+
*
|
|
58
|
+
* Automatically constructed from the original `redirect_uri` and the `authorizationResult`.
|
|
59
|
+
*/
|
|
60
|
+
fullRedirectUri: string;
|
|
61
|
+
}, params: OAuth2ACAuthorizationParams, req: Request<Refs>, h: ResponseToolkit<Refs>) => R;
|
|
40
62
|
export declare class DefaultOAuth2ACAuthorizationRoute<GetRefs extends ReqRef = ReqRefDefaults, PostRefs extends ReqRef = ReqRefDefaults> extends OAuth2ACAuthorizationRoute<GetRefs, PostRefs> {
|
|
41
63
|
#private;
|
|
42
64
|
constructor();
|
|
65
|
+
/**
|
|
66
|
+
* Creates a new `DefaultOAuth2ACAuthorizationRoute` instance from the provided configuration.
|
|
67
|
+
*/
|
|
68
|
+
static fromConfig<GetRefs extends ReqRef = ReqRefDefaults, PostRefs extends ReqRef = ReqRefDefaults>(config: {
|
|
69
|
+
path?: PathValue;
|
|
70
|
+
clientId?: string;
|
|
71
|
+
redirectUri?: string;
|
|
72
|
+
emailField?: string;
|
|
73
|
+
passwordField?: string;
|
|
74
|
+
codeGenerator?: AuthCodeGenerator<PostRefs>;
|
|
75
|
+
responseRenderer?: AuthResponseRenderer<GetRefs>;
|
|
76
|
+
postResponseRenderer?: AuthResponseRenderer<PostRefs>;
|
|
77
|
+
finalizeAuthorization?: AuthResponseHandler<PostRefs>;
|
|
78
|
+
}): DefaultOAuth2ACAuthorizationRoute<GetRefs, PostRefs>;
|
|
79
|
+
private validateClientParams;
|
|
43
80
|
setPath(path: PathValue): this;
|
|
44
81
|
validateGET(handler: OAuth2ACAuthorizationHandler<GetRefs>): this;
|
|
45
82
|
validatePOST(handler: OAuth2ACAuthorizationHandler<PostRefs>): this;
|
|
46
83
|
setGETResponseRenderer(renderer: AuthResponseRenderer<GetRefs>): this;
|
|
47
84
|
setPOSTResponseRenderer(renderer: AuthResponseRenderer<PostRefs>): this;
|
|
48
85
|
generateCode(handler: AuthCodeGenerator<PostRefs>): this;
|
|
86
|
+
/**
|
|
87
|
+
*
|
|
88
|
+
* finalizeAuthorization() is called after the authorization code is generated.
|
|
89
|
+
*
|
|
90
|
+
* It must redirect the user back to the client's redirect_uri, or respond with an OAuth2 error.
|
|
91
|
+
*
|
|
92
|
+
* example:
|
|
93
|
+
* ```ts
|
|
94
|
+
* route.finalizeAuthorization(async (ctx, params, req, h) => {
|
|
95
|
+
* return h.redirect(ctx.fullRedirectUri)
|
|
96
|
+
* })
|
|
97
|
+
* ```
|
|
98
|
+
*/
|
|
99
|
+
finalizeAuthorization(handler: AuthResponseHandler<PostRefs>): this;
|
|
49
100
|
setClientId(value: string | null): this;
|
|
50
101
|
setRedirectUri(value: string | null): this;
|
|
51
102
|
setEmailField(value: string): this;
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var _DefaultOAuth2ACAuthorizationRoute_clientId, _DefaultOAuth2ACAuthorizationRoute_redirectUri, _DefaultOAuth2ACAuthorizationRoute_emailField, _DefaultOAuth2ACAuthorizationRoute_passwordField, _DefaultOAuth2ACAuthorizationRoute_generateCode, _DefaultOAuth2ACAuthorizationRoute_renderResponse, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse;
|
|
2
|
+
var _DefaultOAuth2ACAuthorizationRoute_clientId, _DefaultOAuth2ACAuthorizationRoute_redirectUri, _DefaultOAuth2ACAuthorizationRoute_emailField, _DefaultOAuth2ACAuthorizationRoute_passwordField, _DefaultOAuth2ACAuthorizationRoute_generateCode, _DefaultOAuth2ACAuthorizationRoute_renderResponse, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler;
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
4
|
exports.DefaultOAuth2ACAuthorizationRoute = exports.OAuth2ACAuthorizationRoute = void 0;
|
|
5
5
|
const tslib_1 = require("tslib");
|
|
6
6
|
const html_entities_1 = require("html-entities");
|
|
7
|
+
const common_1 = require("../common");
|
|
7
8
|
class OAuth2ACAuthorizationRoute {
|
|
8
9
|
static buildDefault() {
|
|
9
10
|
return new DefaultOAuth2ACAuthorizationRoute();
|
|
@@ -63,80 +64,93 @@ const render = ({ error, errorMessage, emailField, passwordField }) => {
|
|
|
63
64
|
</body>
|
|
64
65
|
</html>`;
|
|
65
66
|
};
|
|
67
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
68
|
+
const authResponseHandler = (ctx, _params, _req, h) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
|
|
69
|
+
return h.redirect(`${ctx.fullRedirectUri}`);
|
|
70
|
+
});
|
|
71
|
+
function buildRedirectUri(base, params) {
|
|
72
|
+
const searchParams = new URLSearchParams();
|
|
73
|
+
for (const [key, value] of Object.entries(params)) {
|
|
74
|
+
if (value !== undefined && value !== null) {
|
|
75
|
+
searchParams.append(key, value);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
return `${base}?${searchParams.toString()}`;
|
|
79
|
+
}
|
|
66
80
|
class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
67
81
|
constructor() {
|
|
68
82
|
super('/oauth2/authorize', (_a, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
69
83
|
var { clientId, redirectUri } = _a, props = tslib_1.__rest(_a, ["clientId", "redirectUri"]);
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
74
|
-
code: 400,
|
|
75
|
-
error: 'invalid_client',
|
|
76
|
-
errorMessage: 'Bad \'client_id\' parameter'
|
|
77
|
-
}, Object.assign({ clientId, redirectUri }, props), req)).code(400);
|
|
78
|
-
}
|
|
79
|
-
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") != redirectUri) {
|
|
80
|
-
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f").call(this, {
|
|
81
|
-
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
82
|
-
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
83
|
-
code: 400,
|
|
84
|
-
error: 'invalid_client',
|
|
85
|
-
errorMessage: 'Bad \'redirect_uri\' parameter'
|
|
86
|
-
}, Object.assign({ clientId, redirectUri }, props), req)).code(400);
|
|
87
|
-
}
|
|
84
|
+
const validationError = yield this.validateClientParams(clientId, redirectUri, Object.assign({ clientId, redirectUri }, props), req, h, tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f"));
|
|
85
|
+
if (validationError)
|
|
86
|
+
return validationError;
|
|
88
87
|
// render form
|
|
89
88
|
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f").call(this, {
|
|
90
89
|
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
91
90
|
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
92
|
-
|
|
93
|
-
}, Object.assign({ clientId, redirectUri }, props), req)).code(200);
|
|
91
|
+
statusCode: 200
|
|
92
|
+
}, Object.assign({ clientId, redirectUri }, props), req, h)).code(200);
|
|
94
93
|
}), (props, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
errorMessage: 'Bad \'client_id\' parameter'
|
|
102
|
-
}, props, req)).code(400);
|
|
103
|
-
}
|
|
104
|
-
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") != props.redirectUri) {
|
|
105
|
-
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, "f").call(this, {
|
|
106
|
-
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
107
|
-
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
108
|
-
code: 400,
|
|
109
|
-
error: 'invalid_client',
|
|
110
|
-
errorMessage: 'Bad \'redirect_uri\' parameter'
|
|
111
|
-
}, props, req)).code(400);
|
|
112
|
-
}
|
|
113
|
-
let error = 'unknown';
|
|
114
|
-
let errorMessage = 'someting went wrong';
|
|
94
|
+
var _a, _b, _c;
|
|
95
|
+
const validationError = yield this.validateClientParams(props.clientId, props.redirectUri, props, req, h, tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f"));
|
|
96
|
+
if (validationError)
|
|
97
|
+
return validationError;
|
|
98
|
+
let error = common_1.OAuth2ErrorCode.SERVER_ERROR;
|
|
99
|
+
let errorMessage = 'something went wrong';
|
|
115
100
|
if (props.clientId &&
|
|
116
101
|
req.payload &&
|
|
117
102
|
typeof req.payload === 'object' &&
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
103
|
+
!Array.isArray(req.payload) /*&&
|
|
104
|
+
this.#emailField in req.payload &&
|
|
105
|
+
this.#passwordField in req.payload
|
|
106
|
+
*/) {
|
|
107
|
+
const code = yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_generateCode, "f").call(this, props, req, h);
|
|
121
108
|
if (code) {
|
|
122
|
-
|
|
109
|
+
let fullRedirectUri = '';
|
|
110
|
+
if (code.type === 'code' && code.value) {
|
|
111
|
+
fullRedirectUri = buildRedirectUri(props.redirectUri, {
|
|
112
|
+
code: code.value,
|
|
113
|
+
state: (_a = props.state) !== null && _a !== void 0 ? _a : ''
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
else if (code.type === 'deny') {
|
|
117
|
+
fullRedirectUri = buildRedirectUri(props.redirectUri, {
|
|
118
|
+
error: common_1.OAuth2ErrorCode.ACCESS_DENIED,
|
|
119
|
+
error_description: 'User denied consent',
|
|
120
|
+
state: (_b = props.state) !== null && _b !== void 0 ? _b : ''
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
fullRedirectUri = buildRedirectUri(props.redirectUri, {
|
|
125
|
+
error: common_1.OAuth2ErrorCode.INVALID_REQUEST,
|
|
126
|
+
error_description: 'No code',
|
|
127
|
+
state: (_c = props.state) !== null && _c !== void 0 ? _c : ''
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
return tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler, "f").call(this, {
|
|
131
|
+
authorizationResult: code,
|
|
132
|
+
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
133
|
+
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
134
|
+
fullRedirectUri
|
|
135
|
+
}, props, req, h);
|
|
123
136
|
}
|
|
124
137
|
else {
|
|
125
|
-
error =
|
|
138
|
+
error = common_1.OAuth2ErrorCode.ACCESS_DENIED;
|
|
126
139
|
errorMessage = 'wrong credentials';
|
|
127
140
|
}
|
|
128
141
|
}
|
|
129
142
|
else {
|
|
130
|
-
error =
|
|
143
|
+
error = common_1.OAuth2ErrorCode.INVALID_REQUEST;
|
|
144
|
+
errorMessage = 'Missing or invalid request payload';
|
|
131
145
|
}
|
|
132
146
|
// render form
|
|
133
147
|
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, "f").call(this, {
|
|
134
148
|
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
135
149
|
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
136
|
-
|
|
150
|
+
statusCode: 400,
|
|
137
151
|
error: error,
|
|
138
152
|
errorMessage
|
|
139
|
-
}, props, req)).code(400);
|
|
153
|
+
}, props, req, h)).code(400);
|
|
140
154
|
}));
|
|
141
155
|
_DefaultOAuth2ACAuthorizationRoute_clientId.set(this, void 0);
|
|
142
156
|
_DefaultOAuth2ACAuthorizationRoute_redirectUri.set(this, void 0);
|
|
@@ -145,10 +159,66 @@ class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
|
145
159
|
_DefaultOAuth2ACAuthorizationRoute_generateCode.set(this, void 0);
|
|
146
160
|
_DefaultOAuth2ACAuthorizationRoute_renderResponse.set(this, void 0);
|
|
147
161
|
_DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse.set(this, void 0);
|
|
162
|
+
_DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler.set(this, void 0);
|
|
148
163
|
// @TODO: generate id for user, store it in-memory, generate jwt code ?
|
|
149
164
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_generateCode, () => tslib_1.__awaiter(this, void 0, void 0, function* () { return null; }), "f");
|
|
150
165
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, render, "f");
|
|
151
166
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, render, "f");
|
|
167
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler, authResponseHandler, "f");
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Creates a new `DefaultOAuth2ACAuthorizationRoute` instance from the provided configuration.
|
|
171
|
+
*/
|
|
172
|
+
static fromConfig(config) {
|
|
173
|
+
const instance = new DefaultOAuth2ACAuthorizationRoute();
|
|
174
|
+
if (config.path)
|
|
175
|
+
instance.setPath(config.path);
|
|
176
|
+
if (config.clientId)
|
|
177
|
+
instance.setClientId(config.clientId);
|
|
178
|
+
if (config.redirectUri)
|
|
179
|
+
instance.setRedirectUri(config.redirectUri);
|
|
180
|
+
if (config.emailField)
|
|
181
|
+
instance.setEmailField(config.emailField);
|
|
182
|
+
if (config.passwordField)
|
|
183
|
+
instance.setPasswordField(config.passwordField);
|
|
184
|
+
if (config.codeGenerator)
|
|
185
|
+
instance.generateCode(config.codeGenerator);
|
|
186
|
+
if (config.responseRenderer)
|
|
187
|
+
instance.setGETResponseRenderer(config.responseRenderer);
|
|
188
|
+
if (config.postResponseRenderer)
|
|
189
|
+
instance.setPOSTResponseRenderer(config.postResponseRenderer);
|
|
190
|
+
if (config.finalizeAuthorization)
|
|
191
|
+
instance.finalizeAuthorization(config.finalizeAuthorization);
|
|
192
|
+
return instance;
|
|
193
|
+
}
|
|
194
|
+
validateClientParams(clientId, redirectUri, props,
|
|
195
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
196
|
+
req,
|
|
197
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
198
|
+
h,
|
|
199
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
200
|
+
renderer) {
|
|
201
|
+
return tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
202
|
+
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_clientId, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_clientId, "f") !== clientId) {
|
|
203
|
+
return h.response(yield renderer({
|
|
204
|
+
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
205
|
+
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
206
|
+
statusCode: 400,
|
|
207
|
+
error: common_1.OAuth2ErrorCode.INVALID_CLIENT,
|
|
208
|
+
errorMessage: 'Bad \'client_id\' parameter'
|
|
209
|
+
}, props, req, h)).code(400);
|
|
210
|
+
}
|
|
211
|
+
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") !== redirectUri) {
|
|
212
|
+
return h.response(yield renderer({
|
|
213
|
+
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
214
|
+
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
215
|
+
statusCode: 400,
|
|
216
|
+
error: common_1.OAuth2ErrorCode.INVALID_CLIENT,
|
|
217
|
+
errorMessage: 'Bad \'redirect_uri\' parameter'
|
|
218
|
+
}, props, req, h)).code(400);
|
|
219
|
+
}
|
|
220
|
+
return null;
|
|
221
|
+
});
|
|
152
222
|
}
|
|
153
223
|
setPath(path) {
|
|
154
224
|
if (path)
|
|
@@ -175,6 +245,23 @@ class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
|
175
245
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_generateCode, handler, "f");
|
|
176
246
|
return this;
|
|
177
247
|
}
|
|
248
|
+
/**
|
|
249
|
+
*
|
|
250
|
+
* finalizeAuthorization() is called after the authorization code is generated.
|
|
251
|
+
*
|
|
252
|
+
* It must redirect the user back to the client's redirect_uri, or respond with an OAuth2 error.
|
|
253
|
+
*
|
|
254
|
+
* example:
|
|
255
|
+
* ```ts
|
|
256
|
+
* route.finalizeAuthorization(async (ctx, params, req, h) => {
|
|
257
|
+
* return h.redirect(ctx.fullRedirectUri)
|
|
258
|
+
* })
|
|
259
|
+
* ```
|
|
260
|
+
*/
|
|
261
|
+
finalizeAuthorization(handler) {
|
|
262
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler, handler, "f");
|
|
263
|
+
return this;
|
|
264
|
+
}
|
|
178
265
|
setClientId(value) {
|
|
179
266
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_clientId, value, "f");
|
|
180
267
|
return this;
|
|
@@ -184,19 +271,19 @@ class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
|
184
271
|
return this;
|
|
185
272
|
}
|
|
186
273
|
setEmailField(value) {
|
|
187
|
-
const escaped =
|
|
274
|
+
const escaped = (0, html_entities_1.encode)(value); // For HTML rendering, use encode() (from html-entities)
|
|
188
275
|
if (escaped)
|
|
189
276
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, escaped, "f");
|
|
190
277
|
return this;
|
|
191
278
|
}
|
|
192
279
|
setPasswordField(value) {
|
|
193
|
-
const escaped =
|
|
280
|
+
const escaped = (0, html_entities_1.encode)(value); // For HTML rendering, use encode() (from html-entities)
|
|
194
281
|
if (escaped)
|
|
195
282
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, escaped, "f");
|
|
196
283
|
return this;
|
|
197
284
|
}
|
|
198
285
|
}
|
|
199
286
|
exports.DefaultOAuth2ACAuthorizationRoute = DefaultOAuth2ACAuthorizationRoute;
|
|
200
|
-
_DefaultOAuth2ACAuthorizationRoute_clientId = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_redirectUri = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_emailField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_passwordField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_generateCode = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderResponse = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse = new WeakMap();
|
|
287
|
+
_DefaultOAuth2ACAuthorizationRoute_clientId = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_redirectUri = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_emailField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_passwordField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_generateCode = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderResponse = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler = new WeakMap();
|
|
201
288
|
//#endregion Defaults
|
|
202
289
|
//# sourceMappingURL=authorization-route.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-route.js","sourceRoot":"","sources":["../../../src/flows/auth-code/authorization-route.ts"],"names":[],"mappings":";;;;;AAOA,iDAAsC;
|
|
1
|
+
{"version":3,"file":"authorization-route.js","sourceRoot":"","sources":["../../../src/flows/auth-code/authorization-route.ts"],"names":[],"mappings":";;;;;AAOA,iDAAsC;AACtC,sCAA+F;AA6B/F,MAAa,0BAA0B;IAKnC,MAAM,CAAC,YAAY;QAIf,OAAO,IAAI,iCAAiC,EAAqB,CAAA;IACrE,CAAC;IAMD,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,IAAI,WAAW;QACX,OAAO,IAAI,CAAC,YAAY,CAAA;IAC5B,CAAC;IAED,YACI,IAAY,EACZ,OAA8C,EAC9C,WAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IACpC,CAAC;CACJ;AArCD,gEAqCC;AAuDD,8DAA8D;AAC9D,MAAM,MAAM,GAA8B,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,EAAE;IAC7F,IAAI,KAAK,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAqB,CAAA;IACxE,CAAC;IACD,OAAO;;;;;;;;;;;;;;;;;;;MAmBL,YAAY,IAAI,EAAE;;;4BAGI,UAAU,WAAW,UAAU,kBAAkB,UAAU,mBAAmB,UAAU;+BACrF,aAAa,WAAW,aAAa,kBAAkB,aAAa;;;;;;;;;QAS3F,CAAA;AACR,CAAC,CAAA;AAED,8DAA8D;AAC9D,MAAM,mBAAmB,GAA6B,CAAO,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;IAClF,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC,CAAA;AAC/C,CAAC,CAAA,CAAA;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,MAA8B;IAClE,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACxC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACnC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,IAAI,IAAI,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAA;AAC/C,CAAC;AAED,MAAa,iCAGX,SAAQ,0BAA6C;IAYnD;QACI,KAAK,CAAC,mBAAmB,EAAE,CAAO,EAAmC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;gBAA/C,EAAE,QAAQ,EAAE,WAAW,OAAY,EAAP,KAAK,sBAAjC,2BAAmC,CAAF;YAC/D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,WAAW,kBAAI,QAAQ,EAAE,WAAW,IAAK,KAAK,GAAI,GAAG,EAAE,CAAC,EAAE,+BAAA,IAAI,yDAAgB,CAAC,CAAA;YACjJ,IAAI,eAAe;gBAAE,OAAO,eAAe,CAAA;YAE3C,cAAc;YACd,OAAO,CAAC,CAAC,QAAQ,CACb,MAAM,+BAAA,IAAI,yDAAgB,MAApB,IAAI,EAAiB;gBACvB,UAAU,EAAE,+BAAA,IAAI,qDAAY;gBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;gBAClC,UAAU,EAAE,GAAG;aAClB,kBAAI,QAAQ,EAAE,WAAW,IAAK,KAAK,GAAI,GAAG,EAAE,CAAC,CAAC,CAClD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACf,CAAC,CAAA,EAAE,CAAO,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,+BAAA,IAAI,yDAAgB,CAAC,CAAA;YAC/H,IAAI,eAAe;gBAAE,OAAO,eAAe,CAAA;YAE3C,IAAI,KAAK,GAA2B,wBAAe,CAAC,YAAY,CAAA;YAChE,IAAI,YAAY,GAAG,sBAAsB,CAAA;YAEzC,IACI,KAAK,CAAC,QAAQ;gBACd,GAAG,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAC/B,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;;;cAGzB,EACJ,CAAC;gBACC,MAAM,IAAI,GAAG,MAAM,+BAAA,IAAI,uDAAc,MAAlB,IAAI,EAAe,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;gBACrD,IAAI,IAAI,EAAE,CAAC;oBACP,IAAI,eAAe,GAAG,EAAE,CAAC;oBACzB,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBACrC,eAAe,GAAG,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE;4BAClD,IAAI,EAAE,IAAI,CAAC,KAAK;4BAChB,KAAK,EAAE,MAAA,KAAK,CAAC,KAAK,mCAAI,EAAE;yBAC3B,CAAC,CAAC;oBACP,CAAC;yBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;wBAC9B,eAAe,GAAG,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE;4BAClD,KAAK,EAAE,wBAAe,CAAC,aAAa;4BACpC,iBAAiB,EAAE,qBAAqB;4BACxC,KAAK,EAAE,MAAA,KAAK,CAAC,KAAK,mCAAI,EAAE;yBAC3B,CAAC,CAAC;oBACP,CAAC;yBAAM,CAAC;wBACJ,eAAe,GAAG,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE;4BAClD,KAAK,EAAE,wBAAe,CAAC,eAAe;4BACtC,iBAAiB,EAAE,SAAS;4BAC5B,KAAK,EAAE,MAAA,KAAK,CAAC,KAAK,mCAAI,EAAE;yBAC3B,CAAC,CAAC;oBACP,CAAC;oBACD,OAAO,+BAAA,IAAI,uEAA8B,MAAlC,IAAI,EAA+B;wBACtC,mBAAmB,EAAE,IAAI;wBACzB,UAAU,EAAE,+BAAA,IAAI,qDAAY;wBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;wBAClC,eAAe;qBAClB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;gBACrB,CAAC;qBAAM,CAAC;oBACJ,KAAK,GAAG,wBAAe,CAAC,aAAa,CAAA;oBACrC,YAAY,GAAG,mBAAmB,CAAA;gBACtC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACJ,KAAK,GAAG,wBAAe,CAAC,eAAe,CAAA;gBACvC,YAAY,GAAG,oCAAoC,CAAA;YACvD,CAAC;YAED,cAAc;YACd,OAAO,CAAC,CAAC,QAAQ,CACb,MAAM,+BAAA,IAAI,6DAAoB,MAAxB,IAAI,EACN;gBACI,UAAU,EAAE,+BAAA,IAAI,qDAAY;gBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;gBAClC,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,KAAK;gBACZ,YAAY;aACf,EACD,KAAK,EACL,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,CAAC,CAAA,CAAC,CAAA;QAxFN,8DAAyB;QACzB,iEAA4B;QAE5B,wDAAc,OAAO,EAAA;QACrB,2DAAiB,UAAU,EAAA;QAE3B,kEAA0C;QAC1C,oEAA8C;QAC9C,wEAAmD;QACnD,kFAA4D;QAiFxD,uEAAuE;QACvE,+BAAA,IAAI,mDAAiB,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;QACrC,+BAAA,IAAI,qDAAmB,MAAM,MAAA,CAAA;QAC7B,+BAAA,IAAI,yDAAuB,MAAM,MAAA,CAAA;QACjC,+BAAA,IAAI,mEAAiC,mBAAmB,MAAA,CAAA;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU,CAGf,MAUD;QACG,MAAM,QAAQ,GAAG,IAAI,iCAAiC,EAAqB,CAAA;QAC3E,IAAI,MAAM,CAAC,IAAI;YAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAI,MAAM,CAAC,QAAQ;YAAE,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC1D,IAAI,MAAM,CAAC,WAAW;YAAE,QAAQ,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACnE,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAChE,IAAI,MAAM,CAAC,aAAa;YAAE,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QACzE,IAAI,MAAM,CAAC,aAAa;YAAE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QACrE,IAAI,MAAM,CAAC,gBAAgB;YAAE,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;QACrF,IAAI,MAAM,CAAC,oBAAoB;YAAE,QAAQ,CAAC,uBAAuB,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;QAC9F,IAAI,MAAM,CAAC,qBAAqB;YAAE,QAAQ,CAAC,qBAAqB,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAA;QAC9F,OAAO,QAAQ,CAAA;IACnB,CAAC;IAEa,oBAAoB,CAC9B,QAAgB,EAChB,WAAmB,EACnB,KAAkC;IAClC,8DAA8D;IAC9D,GAAiB;IACjB,8DAA8D;IAC9D,CAAuB;IACvB,8DAA8D;IAC9D,QAAmC;;YAEnC,IAAI,+BAAA,IAAI,mDAAU,IAAI,+BAAA,IAAI,mDAAU,KAAK,QAAQ,EAAE,CAAC;gBAChD,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC;oBAC7B,UAAU,EAAE,+BAAA,IAAI,qDAAY;oBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;oBAClC,UAAU,EAAE,GAAG;oBACf,KAAK,EAAE,wBAAe,CAAC,cAAc;oBACrC,YAAY,EAAE,6BAA6B;iBAC9C,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChC,CAAC;YAED,IAAI,+BAAA,IAAI,sDAAa,IAAI,+BAAA,IAAI,sDAAa,KAAK,WAAW,EAAE,CAAC;gBACzD,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC;oBAC7B,UAAU,EAAE,+BAAA,IAAI,qDAAY;oBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;oBAClC,UAAU,EAAE,GAAG;oBACf,KAAK,EAAE,wBAAe,CAAC,cAAc;oBACrC,YAAY,EAAE,gCAAgC;iBACjD,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChC,CAAC;YAED,OAAO,IAAI,CAAA;QACf,CAAC;KAAA;IAED,OAAO,CAAC,IAAe;QACnB,IAAI,IAAI;YACJ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW,CAAC,OAA8C;QACtD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,YAAY,CAAC,OAA+C;QACxD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAA;QAC3B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,sBAAsB,CAAC,QAAuC;QAC1D,+BAAA,IAAI,qDAAmB,QAAQ,MAAA,CAAA;QAC/B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,uBAAuB,CAAC,QAAwC;QAC5D,+BAAA,IAAI,yDAAuB,QAAQ,MAAA,CAAA;QACnC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,YAAY,CAAC,OAAoC;QAC7C,+BAAA,IAAI,mDAAiB,OAAO,MAAA,CAAA;QAC5B,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,qBAAqB,CAAC,OAAsC;QACxD,+BAAA,IAAI,mEAAiC,OAAO,MAAA,CAAA;QAC5C,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW,CAAC,KAAoB;QAC5B,+BAAA,IAAI,+CAAa,KAAK,MAAA,CAAA;QACtB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,cAAc,CAAC,KAAoB;QAC/B,+BAAA,IAAI,kDAAgB,KAAK,MAAA,CAAA;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,KAAa;QACvB,MAAM,OAAO,GAAG,IAAA,sBAAM,EAAC,KAAK,CAAC,CAAA,CAAC,wDAAwD;QACtF,IAAI,OAAO;YACP,+BAAA,IAAI,iDAAe,OAAO,MAAA,CAAA;QAC9B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,gBAAgB,CAAC,KAAa;QAC1B,MAAM,OAAO,GAAG,IAAA,sBAAM,EAAC,KAAK,CAAC,CAAA,CAAC,wDAAwD;QACtF,IAAI,OAAO;YACP,+BAAA,IAAI,oDAAkB,OAAO,MAAA,CAAA;QACjC,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AA7OD,8EA6OC;;AAED,qBAAqB"}
|