@kaapi/oauth2-auth-design 0.0.14 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/kaukau.config.mjs +20 -0
- package/lib/cli.js +6 -6
- package/lib/flows/auth-code/authorization-route.d.ts +58 -7
- package/lib/flows/auth-code/authorization-route.js +139 -52
- package/lib/flows/auth-code/authorization-route.js.map +1 -1
- package/lib/flows/auth-code/authorization-utils.d.ts +35 -0
- package/lib/flows/auth-code/authorization-utils.js +44 -0
- package/lib/flows/auth-code/authorization-utils.js.map +1 -0
- package/lib/flows/auth-code/token-route.d.ts +10 -18
- package/lib/flows/auth-code/token-route.js +6 -15
- package/lib/flows/auth-code/token-route.js.map +1 -1
- package/lib/flows/authorization-code.d.ts +112 -0
- package/lib/flows/authorization-code.js +570 -0
- package/lib/flows/authorization-code.js.map +1 -0
- package/lib/flows/client-credentials.d.ts +79 -39
- package/lib/flows/client-credentials.js +324 -257
- package/lib/flows/client-credentials.js.map +1 -1
- package/lib/flows/client-creds/token-route.d.ts +23 -0
- package/lib/flows/client-creds/token-route.js +52 -0
- package/lib/flows/client-creds/token-route.js.map +1 -0
- package/lib/flows/common.d.ts +265 -28
- package/lib/flows/common.js +293 -29
- package/lib/flows/common.js.map +1 -1
- package/lib/flows/device-auth/authorization-route.d.ts +83 -0
- package/lib/flows/device-auth/authorization-route.js +68 -0
- package/lib/flows/device-auth/authorization-route.js.map +1 -0
- package/lib/flows/device-auth/token-route.d.ts +29 -0
- package/lib/flows/device-auth/token-route.js +49 -0
- package/lib/flows/device-auth/token-route.js.map +1 -0
- package/lib/flows/device-authorization.d.ts +112 -0
- package/lib/flows/device-authorization.js +523 -0
- package/lib/flows/device-authorization.js.map +1 -0
- package/lib/flows/oidc-multiple-flows.d.ts +59 -0
- package/lib/flows/oidc-multiple-flows.js +268 -0
- package/lib/flows/oidc-multiple-flows.js.map +1 -0
- package/lib/index.d.ts +12 -6
- package/lib/index.js +12 -6
- package/lib/index.js.map +1 -1
- package/lib/utils/client-auth-methods.d.ts +2 -2
- package/lib/utils/client-auth-methods.js +5 -6
- package/lib/utils/client-auth-methods.js.map +1 -1
- package/lib/utils/in-memory-key-store.d.ts +12 -0
- package/lib/utils/in-memory-key-store.js +46 -0
- package/lib/utils/in-memory-key-store.js.map +1 -0
- package/lib/utils/jwt-authority.d.ts +81 -0
- package/lib/utils/jwt-authority.js +186 -0
- package/lib/utils/jwt-authority.js.map +1 -0
- package/lib/utils/jwt-utils.d.ts +33 -0
- package/lib/utils/jwt-utils.js +24 -0
- package/lib/utils/jwt-utils.js.map +1 -0
- package/lib/utils/replay-store.d.ts +13 -0
- package/lib/utils/{cache-set.js → replay-store.js} +8 -4
- package/lib/utils/replay-store.js.map +1 -0
- package/lib/utils/token-types.d.ts +6 -3
- package/lib/utils/token-types.js +13 -10
- package/lib/utils/token-types.js.map +1 -1
- package/lib/utils/verify-code-verifier.d.ts +4 -0
- package/lib/utils/verify-code-verifier.js +18 -0
- package/lib/utils/verify-code-verifier.js.map +1 -0
- package/package.json +6 -7
- package/lib/flows/auth-code/open-id.d.ts +0 -53
- package/lib/flows/auth-code/open-id.js +0 -199
- package/lib/flows/auth-code/open-id.js.map +0 -1
- package/lib/flows/auth-code.ts/open-id.d.ts +0 -52
- package/lib/flows/auth-code.ts/open-id.js +0 -169
- package/lib/flows/auth-code.ts/open-id.js.map +0 -1
- package/lib/flows/authentication-code.d.ts +0 -53
- package/lib/flows/authentication-code.js +0 -380
- package/lib/flows/authentication-code.js.map +0 -1
- package/lib/utils/cache-set.d.ts +0 -12
- package/lib/utils/cache-set.js.map +0 -1
- package/lib/utils/in-memory-cache.d.ts +0 -5
- package/lib/utils/in-memory-cache.js +0 -30
- package/lib/utils/in-memory-cache.js.map +0 -1
- package/lib/utils/in-memory-jwks-store.d.ts +0 -12
- package/lib/utils/in-memory-jwks-store.js +0 -46
- package/lib/utils/in-memory-jwks-store.js.map +0 -1
- package/lib/utils/jwks-generator.d.ts +0 -58
- package/lib/utils/jwks-generator.js +0 -141
- package/lib/utils/jwks-generator.js.map +0 -1
- package/lib/utils/jwks-store.d.ts +0 -13
- package/lib/utils/jwks-store.js +0 -3
- package/lib/utils/jwks-store.js.map +0 -1
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { defineConfig } from 'kaukau/config'
|
|
2
|
+
|
|
3
|
+
export default defineConfig({
|
|
4
|
+
enableLogs: true,
|
|
5
|
+
exitOnFail: true,
|
|
6
|
+
files: 'test/',
|
|
7
|
+
ext: '.test.ts',
|
|
8
|
+
options: {
|
|
9
|
+
bail: false,
|
|
10
|
+
fullTrace: true,
|
|
11
|
+
grep: '',
|
|
12
|
+
ignoreLeaks: false,
|
|
13
|
+
reporter: 'spec',
|
|
14
|
+
retries: 0,
|
|
15
|
+
slow: 10000,
|
|
16
|
+
timeout: 30000,
|
|
17
|
+
ui: 'bdd',
|
|
18
|
+
color: true,
|
|
19
|
+
}
|
|
20
|
+
});
|
package/lib/cli.js
CHANGED
|
@@ -70,10 +70,10 @@ export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values,
|
|
|
70
70
|
}),
|
|
71
71
|
tokenRoute: OAuth2ACTokenRoute.buildDefault()
|
|
72
72
|
.setPath('/oauth2/token')
|
|
73
|
-
.generateToken(async ({ clientId, clientSecret, code, codeVerifier, redirectUri, ttl,
|
|
73
|
+
.generateToken(async ({ clientId, clientSecret, code, codeVerifier, redirectUri, ttl, createIdToken }, _req) => {
|
|
74
74
|
|
|
75
75
|
if (!clientSecret && !codeVerifier) {
|
|
76
|
-
return { error:
|
|
76
|
+
return { error: OAuth2ErrorCode.INVALID_REQUEST, error_description: 'Token Request was missing the \\'client_secret\\' parameter.' }
|
|
77
77
|
}
|
|
78
78
|
try {
|
|
79
79
|
//#region @TODO: validation + token
|
|
@@ -84,8 +84,8 @@ export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values,
|
|
|
84
84
|
.setExpiresIn(ttl)
|
|
85
85
|
.setRefreshToken(refreshToken)
|
|
86
86
|
.setScope(scope)
|
|
87
|
-
.
|
|
88
|
-
await
|
|
87
|
+
.setIdToken(
|
|
88
|
+
await createIdToken?.({
|
|
89
89
|
sub: '248289761001',
|
|
90
90
|
name: 'Jane Doe',
|
|
91
91
|
given_name: 'Jane',
|
|
@@ -112,11 +112,11 @@ export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2FileGenerator_values,
|
|
|
112
112
|
|
|
113
113
|
//#endregion @TODO: validation + refresh token
|
|
114
114
|
|
|
115
|
-
return h.response({ error:
|
|
115
|
+
return h.response({ error: OAuth2ErrorCode.INVALID_GRANT }).code(400)
|
|
116
116
|
}) as OAuth2RefreshTokenHandler,
|
|
117
117
|
),
|
|
118
118
|
options: {
|
|
119
|
-
async validate(req, token, h) {
|
|
119
|
+
async validate(req, { token }, h) {
|
|
120
120
|
if (token) {
|
|
121
121
|
//#region @TODO: validation
|
|
122
122
|
if (token != 'generated_access_token') {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Lifecycle, ReqRef, ReqRefDefaults, Request, ResponseToolkit } from '@kaapi/kaapi';
|
|
2
|
-
import {
|
|
2
|
+
import { AnyOAuth2ErrorCodeType, PathValue } from '../common';
|
|
3
3
|
export interface OAuth2ACAuthorizationParams {
|
|
4
4
|
clientId: string;
|
|
5
5
|
responseType: string;
|
|
@@ -25,27 +25,78 @@ export declare class OAuth2ACAuthorizationRoute<GetRefs extends ReqRef = ReqRefD
|
|
|
25
25
|
get postHandler(): OAuth2ACAuthorizationHandler<PostRefs, Lifecycle.ReturnValue<PostRefs>>;
|
|
26
26
|
constructor(path: string, handler: OAuth2ACAuthorizationHandler<GetRefs>, postHandler: OAuth2ACAuthorizationHandler<PostRefs>);
|
|
27
27
|
}
|
|
28
|
-
export type
|
|
29
|
-
|
|
30
|
-
code: number;
|
|
28
|
+
export type AuthResponseRenderer<Refs extends ReqRef = ReqRefDefaults> = (context: {
|
|
29
|
+
statusCode: number;
|
|
31
30
|
emailField: string;
|
|
32
31
|
passwordField: string;
|
|
33
|
-
error?:
|
|
32
|
+
error?: AnyOAuth2ErrorCodeType;
|
|
34
33
|
errorMessage?: string;
|
|
35
|
-
}, params: OAuth2ACAuthorizationParams, req: Request<Refs>) => Promise<string | object> | string | object;
|
|
34
|
+
}, params: OAuth2ACAuthorizationParams, req: Request<Refs>, h: ResponseToolkit<Refs>) => Promise<string | object> | string | object;
|
|
35
|
+
export type AuthCodeGeneratorResult = {
|
|
36
|
+
type: 'code';
|
|
37
|
+
value: string;
|
|
38
|
+
} | {
|
|
39
|
+
type: 'continue';
|
|
40
|
+
value?: unknown;
|
|
41
|
+
} | {
|
|
42
|
+
type: 'deny';
|
|
43
|
+
value?: unknown;
|
|
44
|
+
};
|
|
36
45
|
/**
|
|
37
46
|
* Return null for invalid code
|
|
38
47
|
*/
|
|
39
|
-
export type AuthCodeGenerator<Refs extends ReqRef = ReqRefDefaults> = (params: OAuth2ACAuthorizationParams, req: Request<Refs>) => Promise<
|
|
48
|
+
export type AuthCodeGenerator<Refs extends ReqRef = ReqRefDefaults> = (params: OAuth2ACAuthorizationParams, req: Request<Refs>, h: ResponseToolkit<Refs>) => Promise<AuthCodeGeneratorResult | null> | AuthCodeGeneratorResult | null;
|
|
49
|
+
export type AuthResponseHandler<Refs extends ReqRef = ReqRefDefaults, R extends Lifecycle.ReturnValue<any> = Lifecycle.ReturnValue<Refs>> = (context: {
|
|
50
|
+
authorizationResult: AuthCodeGeneratorResult;
|
|
51
|
+
emailField: string;
|
|
52
|
+
passwordField: string;
|
|
53
|
+
/**
|
|
54
|
+
* The full redirect URI that the user should be sent to after authorization.
|
|
55
|
+
* This URL includes the appropriate query parameters based on the outcome —
|
|
56
|
+
* either an authorization `code` (on success) or `error`/`error_description` (on failure).
|
|
57
|
+
*
|
|
58
|
+
* Automatically constructed from the original `redirect_uri` and the `authorizationResult`.
|
|
59
|
+
*/
|
|
60
|
+
fullRedirectUri: string;
|
|
61
|
+
}, params: OAuth2ACAuthorizationParams, req: Request<Refs>, h: ResponseToolkit<Refs>) => R;
|
|
40
62
|
export declare class DefaultOAuth2ACAuthorizationRoute<GetRefs extends ReqRef = ReqRefDefaults, PostRefs extends ReqRef = ReqRefDefaults> extends OAuth2ACAuthorizationRoute<GetRefs, PostRefs> {
|
|
41
63
|
#private;
|
|
42
64
|
constructor();
|
|
65
|
+
/**
|
|
66
|
+
* Creates a new `DefaultOAuth2ACAuthorizationRoute` instance from the provided configuration.
|
|
67
|
+
*/
|
|
68
|
+
static fromConfig<GetRefs extends ReqRef = ReqRefDefaults, PostRefs extends ReqRef = ReqRefDefaults>(config: {
|
|
69
|
+
path?: PathValue;
|
|
70
|
+
clientId?: string;
|
|
71
|
+
redirectUri?: string;
|
|
72
|
+
emailField?: string;
|
|
73
|
+
passwordField?: string;
|
|
74
|
+
codeGenerator?: AuthCodeGenerator<PostRefs>;
|
|
75
|
+
responseRenderer?: AuthResponseRenderer<GetRefs>;
|
|
76
|
+
postResponseRenderer?: AuthResponseRenderer<PostRefs>;
|
|
77
|
+
finalizeAuthorization?: AuthResponseHandler<PostRefs>;
|
|
78
|
+
}): DefaultOAuth2ACAuthorizationRoute<GetRefs, PostRefs>;
|
|
79
|
+
private validateClientParams;
|
|
43
80
|
setPath(path: PathValue): this;
|
|
44
81
|
validateGET(handler: OAuth2ACAuthorizationHandler<GetRefs>): this;
|
|
45
82
|
validatePOST(handler: OAuth2ACAuthorizationHandler<PostRefs>): this;
|
|
46
83
|
setGETResponseRenderer(renderer: AuthResponseRenderer<GetRefs>): this;
|
|
47
84
|
setPOSTResponseRenderer(renderer: AuthResponseRenderer<PostRefs>): this;
|
|
48
85
|
generateCode(handler: AuthCodeGenerator<PostRefs>): this;
|
|
86
|
+
/**
|
|
87
|
+
*
|
|
88
|
+
* finalizeAuthorization() is called after the authorization code is generated.
|
|
89
|
+
*
|
|
90
|
+
* It must redirect the user back to the client's redirect_uri, or respond with an OAuth2 error.
|
|
91
|
+
*
|
|
92
|
+
* example:
|
|
93
|
+
* ```ts
|
|
94
|
+
* route.finalizeAuthorization(async (ctx, params, req, h) => {
|
|
95
|
+
* return h.redirect(ctx.fullRedirectUri)
|
|
96
|
+
* })
|
|
97
|
+
* ```
|
|
98
|
+
*/
|
|
99
|
+
finalizeAuthorization(handler: AuthResponseHandler<PostRefs>): this;
|
|
49
100
|
setClientId(value: string | null): this;
|
|
50
101
|
setRedirectUri(value: string | null): this;
|
|
51
102
|
setEmailField(value: string): this;
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var _DefaultOAuth2ACAuthorizationRoute_clientId, _DefaultOAuth2ACAuthorizationRoute_redirectUri, _DefaultOAuth2ACAuthorizationRoute_emailField, _DefaultOAuth2ACAuthorizationRoute_passwordField, _DefaultOAuth2ACAuthorizationRoute_generateCode, _DefaultOAuth2ACAuthorizationRoute_renderResponse, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse;
|
|
2
|
+
var _DefaultOAuth2ACAuthorizationRoute_clientId, _DefaultOAuth2ACAuthorizationRoute_redirectUri, _DefaultOAuth2ACAuthorizationRoute_emailField, _DefaultOAuth2ACAuthorizationRoute_passwordField, _DefaultOAuth2ACAuthorizationRoute_generateCode, _DefaultOAuth2ACAuthorizationRoute_renderResponse, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler;
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
4
|
exports.DefaultOAuth2ACAuthorizationRoute = exports.OAuth2ACAuthorizationRoute = void 0;
|
|
5
5
|
const tslib_1 = require("tslib");
|
|
6
6
|
const html_entities_1 = require("html-entities");
|
|
7
|
+
const common_1 = require("../common");
|
|
7
8
|
class OAuth2ACAuthorizationRoute {
|
|
8
9
|
static buildDefault() {
|
|
9
10
|
return new DefaultOAuth2ACAuthorizationRoute();
|
|
@@ -63,80 +64,93 @@ const render = ({ error, errorMessage, emailField, passwordField }) => {
|
|
|
63
64
|
</body>
|
|
64
65
|
</html>`;
|
|
65
66
|
};
|
|
67
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
68
|
+
const authResponseHandler = (ctx, _params, _req, h) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
|
|
69
|
+
return h.redirect(`${ctx.fullRedirectUri}`);
|
|
70
|
+
});
|
|
71
|
+
function buildRedirectUri(base, params) {
|
|
72
|
+
const searchParams = new URLSearchParams();
|
|
73
|
+
for (const [key, value] of Object.entries(params)) {
|
|
74
|
+
if (value !== undefined && value !== null) {
|
|
75
|
+
searchParams.append(key, value);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
return `${base}?${searchParams.toString()}`;
|
|
79
|
+
}
|
|
66
80
|
class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
67
81
|
constructor() {
|
|
68
82
|
super('/oauth2/authorize', (_a, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
69
83
|
var { clientId, redirectUri } = _a, props = tslib_1.__rest(_a, ["clientId", "redirectUri"]);
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
74
|
-
code: 400,
|
|
75
|
-
error: 'invalid_client',
|
|
76
|
-
errorMessage: 'Bad \'client_id\' parameter'
|
|
77
|
-
}, Object.assign({ clientId, redirectUri }, props), req)).code(400);
|
|
78
|
-
}
|
|
79
|
-
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") != redirectUri) {
|
|
80
|
-
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f").call(this, {
|
|
81
|
-
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
82
|
-
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
83
|
-
code: 400,
|
|
84
|
-
error: 'invalid_client',
|
|
85
|
-
errorMessage: 'Bad \'redirect_uri\' parameter'
|
|
86
|
-
}, Object.assign({ clientId, redirectUri }, props), req)).code(400);
|
|
87
|
-
}
|
|
84
|
+
const validationError = yield this.validateClientParams(clientId, redirectUri, Object.assign({ clientId, redirectUri }, props), req, h, tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f"));
|
|
85
|
+
if (validationError)
|
|
86
|
+
return validationError;
|
|
88
87
|
// render form
|
|
89
88
|
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f").call(this, {
|
|
90
89
|
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
91
90
|
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
92
|
-
|
|
93
|
-
}, Object.assign({ clientId, redirectUri }, props), req)).code(200);
|
|
91
|
+
statusCode: 200
|
|
92
|
+
}, Object.assign({ clientId, redirectUri }, props), req, h)).code(200);
|
|
94
93
|
}), (props, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
errorMessage: 'Bad \'client_id\' parameter'
|
|
102
|
-
}, props, req)).code(400);
|
|
103
|
-
}
|
|
104
|
-
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") != props.redirectUri) {
|
|
105
|
-
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, "f").call(this, {
|
|
106
|
-
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
107
|
-
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
108
|
-
code: 400,
|
|
109
|
-
error: 'invalid_client',
|
|
110
|
-
errorMessage: 'Bad \'redirect_uri\' parameter'
|
|
111
|
-
}, props, req)).code(400);
|
|
112
|
-
}
|
|
113
|
-
let error = 'unknown';
|
|
114
|
-
let errorMessage = 'someting went wrong';
|
|
94
|
+
var _a, _b, _c;
|
|
95
|
+
const validationError = yield this.validateClientParams(props.clientId, props.redirectUri, props, req, h, tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, "f"));
|
|
96
|
+
if (validationError)
|
|
97
|
+
return validationError;
|
|
98
|
+
let error = common_1.OAuth2ErrorCode.SERVER_ERROR;
|
|
99
|
+
let errorMessage = 'something went wrong';
|
|
115
100
|
if (props.clientId &&
|
|
116
101
|
req.payload &&
|
|
117
102
|
typeof req.payload === 'object' &&
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
103
|
+
!Array.isArray(req.payload) /*&&
|
|
104
|
+
this.#emailField in req.payload &&
|
|
105
|
+
this.#passwordField in req.payload
|
|
106
|
+
*/) {
|
|
107
|
+
const code = yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_generateCode, "f").call(this, props, req, h);
|
|
121
108
|
if (code) {
|
|
122
|
-
|
|
109
|
+
let fullRedirectUri = '';
|
|
110
|
+
if (code.type === 'code' && code.value) {
|
|
111
|
+
fullRedirectUri = buildRedirectUri(props.redirectUri, {
|
|
112
|
+
code: code.value,
|
|
113
|
+
state: (_a = props.state) !== null && _a !== void 0 ? _a : ''
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
else if (code.type === 'deny') {
|
|
117
|
+
fullRedirectUri = buildRedirectUri(props.redirectUri, {
|
|
118
|
+
error: common_1.OAuth2ErrorCode.ACCESS_DENIED,
|
|
119
|
+
error_description: 'User denied consent',
|
|
120
|
+
state: (_b = props.state) !== null && _b !== void 0 ? _b : ''
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
fullRedirectUri = buildRedirectUri(props.redirectUri, {
|
|
125
|
+
error: common_1.OAuth2ErrorCode.INVALID_REQUEST,
|
|
126
|
+
error_description: 'No code',
|
|
127
|
+
state: (_c = props.state) !== null && _c !== void 0 ? _c : ''
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
return tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler, "f").call(this, {
|
|
131
|
+
authorizationResult: code,
|
|
132
|
+
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
133
|
+
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
134
|
+
fullRedirectUri
|
|
135
|
+
}, props, req, h);
|
|
123
136
|
}
|
|
124
137
|
else {
|
|
125
|
-
error =
|
|
138
|
+
error = common_1.OAuth2ErrorCode.ACCESS_DENIED;
|
|
126
139
|
errorMessage = 'wrong credentials';
|
|
127
140
|
}
|
|
128
141
|
}
|
|
129
142
|
else {
|
|
130
|
-
error =
|
|
143
|
+
error = common_1.OAuth2ErrorCode.INVALID_REQUEST;
|
|
144
|
+
errorMessage = 'Missing or invalid request payload';
|
|
131
145
|
}
|
|
132
146
|
// render form
|
|
133
147
|
return h.response(yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, "f").call(this, {
|
|
134
148
|
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
135
149
|
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
136
|
-
|
|
150
|
+
statusCode: 400,
|
|
137
151
|
error: error,
|
|
138
152
|
errorMessage
|
|
139
|
-
}, props, req)).code(400);
|
|
153
|
+
}, props, req, h)).code(400);
|
|
140
154
|
}));
|
|
141
155
|
_DefaultOAuth2ACAuthorizationRoute_clientId.set(this, void 0);
|
|
142
156
|
_DefaultOAuth2ACAuthorizationRoute_redirectUri.set(this, void 0);
|
|
@@ -145,10 +159,66 @@ class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
|
145
159
|
_DefaultOAuth2ACAuthorizationRoute_generateCode.set(this, void 0);
|
|
146
160
|
_DefaultOAuth2ACAuthorizationRoute_renderResponse.set(this, void 0);
|
|
147
161
|
_DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse.set(this, void 0);
|
|
162
|
+
_DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler.set(this, void 0);
|
|
148
163
|
// @TODO: generate id for user, store it in-memory, generate jwt code ?
|
|
149
164
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_generateCode, () => tslib_1.__awaiter(this, void 0, void 0, function* () { return null; }), "f");
|
|
150
165
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_renderResponse, render, "f");
|
|
151
166
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse, render, "f");
|
|
167
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler, authResponseHandler, "f");
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Creates a new `DefaultOAuth2ACAuthorizationRoute` instance from the provided configuration.
|
|
171
|
+
*/
|
|
172
|
+
static fromConfig(config) {
|
|
173
|
+
const instance = new DefaultOAuth2ACAuthorizationRoute();
|
|
174
|
+
if (config.path)
|
|
175
|
+
instance.setPath(config.path);
|
|
176
|
+
if (config.clientId)
|
|
177
|
+
instance.setClientId(config.clientId);
|
|
178
|
+
if (config.redirectUri)
|
|
179
|
+
instance.setRedirectUri(config.redirectUri);
|
|
180
|
+
if (config.emailField)
|
|
181
|
+
instance.setEmailField(config.emailField);
|
|
182
|
+
if (config.passwordField)
|
|
183
|
+
instance.setPasswordField(config.passwordField);
|
|
184
|
+
if (config.codeGenerator)
|
|
185
|
+
instance.generateCode(config.codeGenerator);
|
|
186
|
+
if (config.responseRenderer)
|
|
187
|
+
instance.setGETResponseRenderer(config.responseRenderer);
|
|
188
|
+
if (config.postResponseRenderer)
|
|
189
|
+
instance.setPOSTResponseRenderer(config.postResponseRenderer);
|
|
190
|
+
if (config.finalizeAuthorization)
|
|
191
|
+
instance.finalizeAuthorization(config.finalizeAuthorization);
|
|
192
|
+
return instance;
|
|
193
|
+
}
|
|
194
|
+
validateClientParams(clientId, redirectUri, props,
|
|
195
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
196
|
+
req,
|
|
197
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
198
|
+
h,
|
|
199
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
200
|
+
renderer) {
|
|
201
|
+
return tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
202
|
+
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_clientId, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_clientId, "f") !== clientId) {
|
|
203
|
+
return h.response(yield renderer({
|
|
204
|
+
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
205
|
+
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
206
|
+
statusCode: 400,
|
|
207
|
+
error: common_1.OAuth2ErrorCode.INVALID_CLIENT,
|
|
208
|
+
errorMessage: 'Bad \'client_id\' parameter'
|
|
209
|
+
}, props, req, h)).code(400);
|
|
210
|
+
}
|
|
211
|
+
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_redirectUri, "f") !== redirectUri) {
|
|
212
|
+
return h.response(yield renderer({
|
|
213
|
+
emailField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, "f"),
|
|
214
|
+
passwordField: tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, "f"),
|
|
215
|
+
statusCode: 400,
|
|
216
|
+
error: common_1.OAuth2ErrorCode.INVALID_CLIENT,
|
|
217
|
+
errorMessage: 'Bad \'redirect_uri\' parameter'
|
|
218
|
+
}, props, req, h)).code(400);
|
|
219
|
+
}
|
|
220
|
+
return null;
|
|
221
|
+
});
|
|
152
222
|
}
|
|
153
223
|
setPath(path) {
|
|
154
224
|
if (path)
|
|
@@ -175,6 +245,23 @@ class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
|
175
245
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_generateCode, handler, "f");
|
|
176
246
|
return this;
|
|
177
247
|
}
|
|
248
|
+
/**
|
|
249
|
+
*
|
|
250
|
+
* finalizeAuthorization() is called after the authorization code is generated.
|
|
251
|
+
*
|
|
252
|
+
* It must redirect the user back to the client's redirect_uri, or respond with an OAuth2 error.
|
|
253
|
+
*
|
|
254
|
+
* example:
|
|
255
|
+
* ```ts
|
|
256
|
+
* route.finalizeAuthorization(async (ctx, params, req, h) => {
|
|
257
|
+
* return h.redirect(ctx.fullRedirectUri)
|
|
258
|
+
* })
|
|
259
|
+
* ```
|
|
260
|
+
*/
|
|
261
|
+
finalizeAuthorization(handler) {
|
|
262
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler, handler, "f");
|
|
263
|
+
return this;
|
|
264
|
+
}
|
|
178
265
|
setClientId(value) {
|
|
179
266
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_clientId, value, "f");
|
|
180
267
|
return this;
|
|
@@ -184,19 +271,19 @@ class DefaultOAuth2ACAuthorizationRoute extends OAuth2ACAuthorizationRoute {
|
|
|
184
271
|
return this;
|
|
185
272
|
}
|
|
186
273
|
setEmailField(value) {
|
|
187
|
-
const escaped =
|
|
274
|
+
const escaped = (0, html_entities_1.encode)(value); // For HTML rendering, use encode() (from html-entities)
|
|
188
275
|
if (escaped)
|
|
189
276
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_emailField, escaped, "f");
|
|
190
277
|
return this;
|
|
191
278
|
}
|
|
192
279
|
setPasswordField(value) {
|
|
193
|
-
const escaped =
|
|
280
|
+
const escaped = (0, html_entities_1.encode)(value); // For HTML rendering, use encode() (from html-entities)
|
|
194
281
|
if (escaped)
|
|
195
282
|
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2ACAuthorizationRoute_passwordField, escaped, "f");
|
|
196
283
|
return this;
|
|
197
284
|
}
|
|
198
285
|
}
|
|
199
286
|
exports.DefaultOAuth2ACAuthorizationRoute = DefaultOAuth2ACAuthorizationRoute;
|
|
200
|
-
_DefaultOAuth2ACAuthorizationRoute_clientId = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_redirectUri = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_emailField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_passwordField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_generateCode = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderResponse = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse = new WeakMap();
|
|
287
|
+
_DefaultOAuth2ACAuthorizationRoute_clientId = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_redirectUri = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_emailField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_passwordField = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_generateCode = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderResponse = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_renderPOSTResponse = new WeakMap(), _DefaultOAuth2ACAuthorizationRoute_authorizationResponseHandler = new WeakMap();
|
|
201
288
|
//#endregion Defaults
|
|
202
289
|
//# sourceMappingURL=authorization-route.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-route.js","sourceRoot":"","sources":["../../../src/flows/auth-code/authorization-route.ts"],"names":[],"mappings":";;;;;AAOA,iDAAsC;
|
|
1
|
+
{"version":3,"file":"authorization-route.js","sourceRoot":"","sources":["../../../src/flows/auth-code/authorization-route.ts"],"names":[],"mappings":";;;;;AAOA,iDAAsC;AACtC,sCAA+F;AA6B/F,MAAa,0BAA0B;IAKnC,MAAM,CAAC,YAAY;QAIf,OAAO,IAAI,iCAAiC,EAAqB,CAAA;IACrE,CAAC;IAMD,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,IAAI,WAAW;QACX,OAAO,IAAI,CAAC,YAAY,CAAA;IAC5B,CAAC;IAED,YACI,IAAY,EACZ,OAA8C,EAC9C,WAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IACpC,CAAC;CACJ;AArCD,gEAqCC;AAuDD,8DAA8D;AAC9D,MAAM,MAAM,GAA8B,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,EAAE;IAC7F,IAAI,KAAK,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAqB,CAAA;IACxE,CAAC;IACD,OAAO;;;;;;;;;;;;;;;;;;;MAmBL,YAAY,IAAI,EAAE;;;4BAGI,UAAU,WAAW,UAAU,kBAAkB,UAAU,mBAAmB,UAAU;+BACrF,aAAa,WAAW,aAAa,kBAAkB,aAAa;;;;;;;;;QAS3F,CAAA;AACR,CAAC,CAAA;AAED,8DAA8D;AAC9D,MAAM,mBAAmB,GAA6B,CAAO,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;IAClF,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC,CAAA;AAC/C,CAAC,CAAA,CAAA;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,MAA8B;IAClE,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACxC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACnC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,IAAI,IAAI,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAA;AAC/C,CAAC;AAED,MAAa,iCAGX,SAAQ,0BAA6C;IAYnD;QACI,KAAK,CAAC,mBAAmB,EAAE,CAAO,EAAmC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;gBAA/C,EAAE,QAAQ,EAAE,WAAW,OAAY,EAAP,KAAK,sBAAjC,2BAAmC,CAAF;YAC/D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,WAAW,kBAAI,QAAQ,EAAE,WAAW,IAAK,KAAK,GAAI,GAAG,EAAE,CAAC,EAAE,+BAAA,IAAI,yDAAgB,CAAC,CAAA;YACjJ,IAAI,eAAe;gBAAE,OAAO,eAAe,CAAA;YAE3C,cAAc;YACd,OAAO,CAAC,CAAC,QAAQ,CACb,MAAM,+BAAA,IAAI,yDAAgB,MAApB,IAAI,EAAiB;gBACvB,UAAU,EAAE,+BAAA,IAAI,qDAAY;gBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;gBAClC,UAAU,EAAE,GAAG;aAClB,kBAAI,QAAQ,EAAE,WAAW,IAAK,KAAK,GAAI,GAAG,EAAE,CAAC,CAAC,CAClD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACf,CAAC,CAAA,EAAE,CAAO,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,+BAAA,IAAI,yDAAgB,CAAC,CAAA;YAC/H,IAAI,eAAe;gBAAE,OAAO,eAAe,CAAA;YAE3C,IAAI,KAAK,GAA2B,wBAAe,CAAC,YAAY,CAAA;YAChE,IAAI,YAAY,GAAG,sBAAsB,CAAA;YAEzC,IACI,KAAK,CAAC,QAAQ;gBACd,GAAG,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAC/B,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;;;cAGzB,EACJ,CAAC;gBACC,MAAM,IAAI,GAAG,MAAM,+BAAA,IAAI,uDAAc,MAAlB,IAAI,EAAe,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;gBACrD,IAAI,IAAI,EAAE,CAAC;oBACP,IAAI,eAAe,GAAG,EAAE,CAAC;oBACzB,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBACrC,eAAe,GAAG,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE;4BAClD,IAAI,EAAE,IAAI,CAAC,KAAK;4BAChB,KAAK,EAAE,MAAA,KAAK,CAAC,KAAK,mCAAI,EAAE;yBAC3B,CAAC,CAAC;oBACP,CAAC;yBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;wBAC9B,eAAe,GAAG,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE;4BAClD,KAAK,EAAE,wBAAe,CAAC,aAAa;4BACpC,iBAAiB,EAAE,qBAAqB;4BACxC,KAAK,EAAE,MAAA,KAAK,CAAC,KAAK,mCAAI,EAAE;yBAC3B,CAAC,CAAC;oBACP,CAAC;yBAAM,CAAC;wBACJ,eAAe,GAAG,gBAAgB,CAAC,KAAK,CAAC,WAAW,EAAE;4BAClD,KAAK,EAAE,wBAAe,CAAC,eAAe;4BACtC,iBAAiB,EAAE,SAAS;4BAC5B,KAAK,EAAE,MAAA,KAAK,CAAC,KAAK,mCAAI,EAAE;yBAC3B,CAAC,CAAC;oBACP,CAAC;oBACD,OAAO,+BAAA,IAAI,uEAA8B,MAAlC,IAAI,EAA+B;wBACtC,mBAAmB,EAAE,IAAI;wBACzB,UAAU,EAAE,+BAAA,IAAI,qDAAY;wBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;wBAClC,eAAe;qBAClB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;gBACrB,CAAC;qBAAM,CAAC;oBACJ,KAAK,GAAG,wBAAe,CAAC,aAAa,CAAA;oBACrC,YAAY,GAAG,mBAAmB,CAAA;gBACtC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACJ,KAAK,GAAG,wBAAe,CAAC,eAAe,CAAA;gBACvC,YAAY,GAAG,oCAAoC,CAAA;YACvD,CAAC;YAED,cAAc;YACd,OAAO,CAAC,CAAC,QAAQ,CACb,MAAM,+BAAA,IAAI,6DAAoB,MAAxB,IAAI,EACN;gBACI,UAAU,EAAE,+BAAA,IAAI,qDAAY;gBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;gBAClC,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,KAAK;gBACZ,YAAY;aACf,EACD,KAAK,EACL,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,CAAC,CAAA,CAAC,CAAA;QAxFN,8DAAyB;QACzB,iEAA4B;QAE5B,wDAAc,OAAO,EAAA;QACrB,2DAAiB,UAAU,EAAA;QAE3B,kEAA0C;QAC1C,oEAA8C;QAC9C,wEAAmD;QACnD,kFAA4D;QAiFxD,uEAAuE;QACvE,+BAAA,IAAI,mDAAiB,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;QACrC,+BAAA,IAAI,qDAAmB,MAAM,MAAA,CAAA;QAC7B,+BAAA,IAAI,yDAAuB,MAAM,MAAA,CAAA;QACjC,+BAAA,IAAI,mEAAiC,mBAAmB,MAAA,CAAA;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU,CAGf,MAUD;QACG,MAAM,QAAQ,GAAG,IAAI,iCAAiC,EAAqB,CAAA;QAC3E,IAAI,MAAM,CAAC,IAAI;YAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC9C,IAAI,MAAM,CAAC,QAAQ;YAAE,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC1D,IAAI,MAAM,CAAC,WAAW;YAAE,QAAQ,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACnE,IAAI,MAAM,CAAC,UAAU;YAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAChE,IAAI,MAAM,CAAC,aAAa;YAAE,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QACzE,IAAI,MAAM,CAAC,aAAa;YAAE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QACrE,IAAI,MAAM,CAAC,gBAAgB;YAAE,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;QACrF,IAAI,MAAM,CAAC,oBAAoB;YAAE,QAAQ,CAAC,uBAAuB,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;QAC9F,IAAI,MAAM,CAAC,qBAAqB;YAAE,QAAQ,CAAC,qBAAqB,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAA;QAC9F,OAAO,QAAQ,CAAA;IACnB,CAAC;IAEa,oBAAoB,CAC9B,QAAgB,EAChB,WAAmB,EACnB,KAAkC;IAClC,8DAA8D;IAC9D,GAAiB;IACjB,8DAA8D;IAC9D,CAAuB;IACvB,8DAA8D;IAC9D,QAAmC;;YAEnC,IAAI,+BAAA,IAAI,mDAAU,IAAI,+BAAA,IAAI,mDAAU,KAAK,QAAQ,EAAE,CAAC;gBAChD,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC;oBAC7B,UAAU,EAAE,+BAAA,IAAI,qDAAY;oBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;oBAClC,UAAU,EAAE,GAAG;oBACf,KAAK,EAAE,wBAAe,CAAC,cAAc;oBACrC,YAAY,EAAE,6BAA6B;iBAC9C,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChC,CAAC;YAED,IAAI,+BAAA,IAAI,sDAAa,IAAI,+BAAA,IAAI,sDAAa,KAAK,WAAW,EAAE,CAAC;gBACzD,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC;oBAC7B,UAAU,EAAE,+BAAA,IAAI,qDAAY;oBAC5B,aAAa,EAAE,+BAAA,IAAI,wDAAe;oBAClC,UAAU,EAAE,GAAG;oBACf,KAAK,EAAE,wBAAe,CAAC,cAAc;oBACrC,YAAY,EAAE,gCAAgC;iBACjD,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChC,CAAC;YAED,OAAO,IAAI,CAAA;QACf,CAAC;KAAA;IAED,OAAO,CAAC,IAAe;QACnB,IAAI,IAAI;YACJ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW,CAAC,OAA8C;QACtD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,YAAY,CAAC,OAA+C;QACxD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAA;QAC3B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,sBAAsB,CAAC,QAAuC;QAC1D,+BAAA,IAAI,qDAAmB,QAAQ,MAAA,CAAA;QAC/B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,uBAAuB,CAAC,QAAwC;QAC5D,+BAAA,IAAI,yDAAuB,QAAQ,MAAA,CAAA;QACnC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,YAAY,CAAC,OAAoC;QAC7C,+BAAA,IAAI,mDAAiB,OAAO,MAAA,CAAA;QAC5B,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,qBAAqB,CAAC,OAAsC;QACxD,+BAAA,IAAI,mEAAiC,OAAO,MAAA,CAAA;QAC5C,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW,CAAC,KAAoB;QAC5B,+BAAA,IAAI,+CAAa,KAAK,MAAA,CAAA;QACtB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,cAAc,CAAC,KAAoB;QAC/B,+BAAA,IAAI,kDAAgB,KAAK,MAAA,CAAA;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,KAAa;QACvB,MAAM,OAAO,GAAG,IAAA,sBAAM,EAAC,KAAK,CAAC,CAAA,CAAC,wDAAwD;QACtF,IAAI,OAAO;YACP,+BAAA,IAAI,iDAAe,OAAO,MAAA,CAAA;QAC9B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,gBAAgB,CAAC,KAAa;QAC1B,MAAM,OAAO,GAAG,IAAA,sBAAM,EAAC,KAAK,CAAC,CAAA,CAAC,wDAAwD;QACtF,IAAI,OAAO;YACP,+BAAA,IAAI,oDAAkB,OAAO,MAAA,CAAA;QACjC,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AA7OD,8EA6OC;;AAED,qBAAqB"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import type { AuthCodeGeneratorResult } from './authorization-route';
|
|
2
|
+
declare function isCode(r: AuthCodeGeneratorResult): r is {
|
|
3
|
+
type: 'code';
|
|
4
|
+
value: string;
|
|
5
|
+
};
|
|
6
|
+
declare function isContinue<Value = unknown>(r: AuthCodeGeneratorResult): r is {
|
|
7
|
+
type: 'continue';
|
|
8
|
+
value?: Value;
|
|
9
|
+
};
|
|
10
|
+
declare function isDeny<Value = unknown>(r: AuthCodeGeneratorResult): r is {
|
|
11
|
+
type: 'deny';
|
|
12
|
+
value?: Value;
|
|
13
|
+
};
|
|
14
|
+
export declare const AuthCodeResult: Readonly<{
|
|
15
|
+
/**
|
|
16
|
+
* Check if result is a 'code' result
|
|
17
|
+
*/
|
|
18
|
+
isCode: typeof isCode;
|
|
19
|
+
/**
|
|
20
|
+
* Check if result is a 'continue' result
|
|
21
|
+
*/
|
|
22
|
+
isContinue: typeof isContinue;
|
|
23
|
+
/**
|
|
24
|
+
* Check if result is a 'deny' result
|
|
25
|
+
*/
|
|
26
|
+
isDeny: typeof isDeny;
|
|
27
|
+
}>;
|
|
28
|
+
export type AuthCodeResultMatchHandlers<Continue = unknown, Deny = unknown, Return = unknown> = {
|
|
29
|
+
code: (value: string) => Return;
|
|
30
|
+
continue: (value?: Continue) => Return;
|
|
31
|
+
deny: (value?: Deny) => Return;
|
|
32
|
+
};
|
|
33
|
+
export declare function matchAuthCodeResult<Continue = unknown, Deny = unknown, Return = unknown>(result: AuthCodeGeneratorResult, handlers: AuthCodeResultMatchHandlers<Continue, Deny, Return>): Return;
|
|
34
|
+
export declare function createMatchAuthCodeResult<Continue, Deny, Return>(handlers: AuthCodeResultMatchHandlers<Continue, Deny, Return>): (result: AuthCodeGeneratorResult) => Return;
|
|
35
|
+
export {};
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthCodeResult = void 0;
|
|
4
|
+
exports.matchAuthCodeResult = matchAuthCodeResult;
|
|
5
|
+
exports.createMatchAuthCodeResult = createMatchAuthCodeResult;
|
|
6
|
+
function isCode(r) {
|
|
7
|
+
return r.type === 'code';
|
|
8
|
+
}
|
|
9
|
+
function isContinue(r) {
|
|
10
|
+
return r.type === 'continue';
|
|
11
|
+
}
|
|
12
|
+
function isDeny(r) {
|
|
13
|
+
return r.type === 'deny';
|
|
14
|
+
}
|
|
15
|
+
exports.AuthCodeResult = Object.freeze({
|
|
16
|
+
/**
|
|
17
|
+
* Check if result is a 'code' result
|
|
18
|
+
*/
|
|
19
|
+
isCode,
|
|
20
|
+
/**
|
|
21
|
+
* Check if result is a 'continue' result
|
|
22
|
+
*/
|
|
23
|
+
isContinue,
|
|
24
|
+
/**
|
|
25
|
+
* Check if result is a 'deny' result
|
|
26
|
+
*/
|
|
27
|
+
isDeny,
|
|
28
|
+
});
|
|
29
|
+
function matchAuthCodeResult(result, handlers) {
|
|
30
|
+
switch (result.type) {
|
|
31
|
+
case 'code':
|
|
32
|
+
return handlers.code(result.value);
|
|
33
|
+
case 'continue':
|
|
34
|
+
return handlers.continue(result.value);
|
|
35
|
+
case 'deny':
|
|
36
|
+
return handlers.deny(result.value);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
function createMatchAuthCodeResult(handlers) {
|
|
40
|
+
return (result) => {
|
|
41
|
+
return matchAuthCodeResult(result, handlers);
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
//# sourceMappingURL=authorization-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorization-utils.js","sourceRoot":"","sources":["../../../src/flows/auth-code/authorization-utils.ts"],"names":[],"mappings":";;;AA0CA,kDAgBC;AAED,8DAUC;AAjED,SAAS,MAAM,CAAC,CAA0B;IACxC,OAAO,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;AAC3B,CAAC;AAED,SAAS,UAAU,CAAkB,CAA0B;IAC7D,OAAO,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC;AAC/B,CAAC;AAED,SAAS,MAAM,CAAkB,CAA0B;IACzD,OAAO,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;AAC3B,CAAC;AAEY,QAAA,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC;IAC1C;;OAEG;IACH,MAAM;IACN;;OAEG;IACH,UAAU;IACV;;OAEG;IACH,MAAM;CACP,CAAC,CAAC;AAYH,SAAgB,mBAAmB,CAKjC,MAA+B,EAC/B,QAA6D;IAE7D,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC,QAAQ,CAAE,MAAmD,CAAC,KAAiB,CAAC,CAAC;QACnG,KAAK,MAAM;YACT,OAAO,QAAQ,CAAC,IAAI,CAAE,MAA+C,CAAC,KAAa,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED,SAAgB,yBAAyB,CAKvC,QAA6D;IAE7D,OAAO,CAAC,MAA+B,EAAU,EAAE;QACjD,OAAO,mBAAmB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1,32 +1,24 @@
|
|
|
1
|
-
import { Lifecycle, ReqRef, ReqRefDefaults
|
|
2
|
-
import {
|
|
3
|
-
|
|
4
|
-
|
|
1
|
+
import { Lifecycle, ReqRef, ReqRefDefaults } from '@kaapi/kaapi';
|
|
2
|
+
import { PathValue, TokenGenerator, OAuth2TokenParams, OAuth2TokenHandler, IOAuth2TokenRoute, OAuth2TokenRoute, DefaultOAuth2TokenRoute } from '../common';
|
|
3
|
+
import { verifyCodeVerifier } from '../../utils/verify-code-verifier';
|
|
4
|
+
export interface OAuth2ACTokenParams extends OAuth2TokenParams {
|
|
5
5
|
code: string;
|
|
6
6
|
clientId: string;
|
|
7
7
|
clientSecret?: string;
|
|
8
8
|
codeVerifier?: string;
|
|
9
9
|
redirectUri?: string;
|
|
10
|
-
|
|
10
|
+
verifyCodeVerifier: typeof verifyCodeVerifier;
|
|
11
11
|
}
|
|
12
|
-
export type OAuth2ACTokenHandler<Refs extends ReqRef = ReqRefDefaults, R extends Lifecycle.ReturnValue<any> = Lifecycle.ReturnValue<Refs>> =
|
|
13
|
-
export
|
|
14
|
-
|
|
15
|
-
handler: OAuth2ACTokenHandler<Refs>;
|
|
16
|
-
}
|
|
17
|
-
export declare class OAuth2ACTokenRoute<Refs extends ReqRef = ReqRefDefaults> implements IOAuth2ACTokenRoute<Refs> {
|
|
12
|
+
export type OAuth2ACTokenHandler<Refs extends ReqRef = ReqRefDefaults, R extends Lifecycle.ReturnValue<any> = Lifecycle.ReturnValue<Refs>> = OAuth2TokenHandler<OAuth2ACTokenParams, Refs, R>;
|
|
13
|
+
export type IOAuth2ACTokenRoute<Refs extends ReqRef = ReqRefDefaults> = IOAuth2TokenRoute<OAuth2ACTokenParams, Refs>;
|
|
14
|
+
export declare class OAuth2ACTokenRoute<Refs extends ReqRef = ReqRefDefaults> extends OAuth2TokenRoute<OAuth2ACTokenParams, Refs> implements IOAuth2ACTokenRoute<Refs> {
|
|
18
15
|
static buildDefault<Refs extends ReqRef = ReqRefDefaults>(): DefaultOAuth2ACTokenRoute<Refs>;
|
|
19
|
-
protected _path: string;
|
|
20
|
-
protected _handler: OAuth2ACTokenHandler<Refs>;
|
|
21
|
-
get path(): string;
|
|
22
|
-
get handler(): OAuth2ACTokenHandler<Refs, Lifecycle.ReturnValue<Refs>>;
|
|
23
|
-
constructor(path: string, handler: OAuth2ACTokenHandler<Refs>);
|
|
24
16
|
}
|
|
25
17
|
/**
|
|
26
18
|
* Return null for invalid request
|
|
27
19
|
*/
|
|
28
|
-
export type AuthCodeTokenGenerator<Refs extends ReqRef = ReqRefDefaults> =
|
|
29
|
-
export declare class DefaultOAuth2ACTokenRoute<Refs extends ReqRef = ReqRefDefaults> extends OAuth2ACTokenRoute<Refs> {
|
|
20
|
+
export type AuthCodeTokenGenerator<Refs extends ReqRef = ReqRefDefaults> = TokenGenerator<OAuth2ACTokenParams, Refs>;
|
|
21
|
+
export declare class DefaultOAuth2ACTokenRoute<Refs extends ReqRef = ReqRefDefaults> extends OAuth2ACTokenRoute<Refs> implements DefaultOAuth2TokenRoute<OAuth2ACTokenParams, Refs> {
|
|
30
22
|
#private;
|
|
31
23
|
constructor();
|
|
32
24
|
setPath(path: PathValue): this;
|