@kaapi/oauth2-auth-design 0.0.14 → 0.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (246) hide show
  1. package/docs/.nojekyll +1 -0
  2. package/docs/assets/hierarchy.js +1 -0
  3. package/docs/assets/highlight.css +78 -0
  4. package/docs/assets/icons.js +18 -0
  5. package/docs/assets/icons.svg +1 -0
  6. package/docs/assets/main.js +60 -0
  7. package/docs/assets/navigation.js +1 -0
  8. package/docs/assets/search.js +1 -0
  9. package/docs/assets/style.css +1633 -0
  10. package/docs/classes/BearerToken.html +7 -0
  11. package/docs/classes/ClientSecretBasic.html +6 -0
  12. package/docs/classes/ClientSecretJwt.html +10 -0
  13. package/docs/classes/ClientSecretPost.html +6 -0
  14. package/docs/classes/DPoPToken.html +12 -0
  15. package/docs/classes/DefaultJWKSRoute.html +9 -0
  16. package/docs/classes/DefaultOAuth2ACAuthorizationRoute.html +28 -0
  17. package/docs/classes/DefaultOAuth2ACTokenRoute.html +10 -0
  18. package/docs/classes/DefaultOAuth2ClientCredentialsTokenRoute.html +10 -0
  19. package/docs/classes/DefaultOAuth2DeviceAuthTokenRoute.html +10 -0
  20. package/docs/classes/DefaultOAuth2DeviceAuthorizationRoute.html +11 -0
  21. package/docs/classes/DefaultOAuth2RefreshTokenRoute.html +10 -0
  22. package/docs/classes/InMemoryKeyStore.html +12 -0
  23. package/docs/classes/InMemoryReplayStore.html +5 -0
  24. package/docs/classes/JWKSRoute.html +7 -0
  25. package/docs/classes/JwksRotator.html +5 -0
  26. package/docs/classes/JwtAuthority.html +18 -0
  27. package/docs/classes/MultipleFlows.html +30 -0
  28. package/docs/classes/MultipleFlowsBuilder.html +15 -0
  29. package/docs/classes/NoneAuthMethod.html +6 -0
  30. package/docs/classes/OAuth2ACAuthorizationRoute.html +9 -0
  31. package/docs/classes/OAuth2ACTokenRoute.html +7 -0
  32. package/docs/classes/OAuth2AuthDesign.html +49 -0
  33. package/docs/classes/OAuth2AuthorizationCode.html +61 -0
  34. package/docs/classes/OAuth2AuthorizationCodeBuilder.html +30 -0
  35. package/docs/classes/OAuth2ClientCredentials.html +53 -0
  36. package/docs/classes/OAuth2ClientCredentialsBuilder.html +28 -0
  37. package/docs/classes/OAuth2ClientCredentialsTokenRoute.html +7 -0
  38. package/docs/classes/OAuth2DeviceAuthTokenRoute.html +7 -0
  39. package/docs/classes/OAuth2DeviceAuthorization.html +57 -0
  40. package/docs/classes/OAuth2DeviceAuthorizationBuilder.html +30 -0
  41. package/docs/classes/OAuth2DeviceAuthorizationRoute.html +7 -0
  42. package/docs/classes/OAuth2RefreshTokenRoute.html +7 -0
  43. package/docs/classes/OAuth2TokenResponse.html +25 -0
  44. package/docs/classes/OAuth2TokenRoute.html +6 -0
  45. package/docs/classes/OIDCAuthUtil.html +117 -0
  46. package/docs/classes/OIDCAuthorizationCode.html +63 -0
  47. package/docs/classes/OIDCAuthorizationCodeBuilder.html +32 -0
  48. package/docs/classes/OIDCClientCredentials.html +55 -0
  49. package/docs/classes/OIDCClientCredentialsBuilder.html +30 -0
  50. package/docs/classes/OIDCDeviceAuthorization.html +59 -0
  51. package/docs/classes/OIDCDeviceAuthorizationBuilder.html +32 -0
  52. package/docs/classes/PrivateKeyJwt.html +10 -0
  53. package/docs/enums/ClientSecretJwtAlgorithms.html +4 -0
  54. package/docs/enums/PrivateKeyJwtAlgorithms.html +11 -0
  55. package/docs/functions/createIdToken.html +1 -0
  56. package/docs/functions/createInMemoryKeyStore.html +1 -0
  57. package/docs/functions/createInMemoryReplayStore.html +1 -0
  58. package/docs/functions/createJwtAccessToken.html +1 -0
  59. package/docs/functions/createMatchAuthCodeResult.html +1 -0
  60. package/docs/functions/createMatchOAuth2ErrorCode.html +1 -0
  61. package/docs/functions/matchAuthCodeResult.html +1 -0
  62. package/docs/functions/sortTokenEndpointAuthMethods.html +1 -0
  63. package/docs/functions/verifyCodeVerifier.html +2 -0
  64. package/docs/functions/verifyJwt.html +1 -0
  65. package/docs/hierarchy.html +1 -0
  66. package/docs/index.html +2 -0
  67. package/docs/interfaces/ClientAuthMethod.html +6 -0
  68. package/docs/interfaces/DefaultOAuth2TokenRoute.html +8 -0
  69. package/docs/interfaces/IBearerToken.html +5 -0
  70. package/docs/interfaces/IDPoPToken.html +5 -0
  71. package/docs/interfaces/IJWKSRoute.html +3 -0
  72. package/docs/interfaces/IOAuth2ACAuthorizationRoute.html +4 -0
  73. package/docs/interfaces/IOAuth2DeviceAuthorizationRoute.html +3 -0
  74. package/docs/interfaces/IOAuth2TokenResponse.html +2 -0
  75. package/docs/interfaces/IOAuth2TokenRoute.html +3 -0
  76. package/docs/interfaces/JWKSParams.html +2 -0
  77. package/docs/interfaces/JwksKeyStore.html +9 -0
  78. package/docs/interfaces/JwksRotationTimestampStore.html +3 -0
  79. package/docs/interfaces/JwksRotatorOptions.html +5 -0
  80. package/docs/interfaces/KeyGenerator.html +2 -0
  81. package/docs/interfaces/MultipleFlowsArg.html +7 -0
  82. package/docs/interfaces/OAuth2ACAuthorizationParams.html +8 -0
  83. package/docs/interfaces/OAuth2ACTokenParams.html +13 -0
  84. package/docs/interfaces/OAuth2AuthDesignBuilder.html +4 -0
  85. package/docs/interfaces/OAuth2AuthDesignOptions.html +6 -0
  86. package/docs/interfaces/OAuth2AuthorizationCodeArg.html +9 -0
  87. package/docs/interfaces/OAuth2AuthorizationCodeBuilderArg.html +10 -0
  88. package/docs/interfaces/OAuth2ClientCredentialsArg.html +7 -0
  89. package/docs/interfaces/OAuth2ClientCredentialsBuilderArg.html +8 -0
  90. package/docs/interfaces/OAuth2ClientCredentialsTokenParams.html +9 -0
  91. package/docs/interfaces/OAuth2DeviceAuthTokenParams.html +9 -0
  92. package/docs/interfaces/OAuth2DeviceAuthorizationArg.html +9 -0
  93. package/docs/interfaces/OAuth2DeviceAuthorizationBuilderArg.html +10 -0
  94. package/docs/interfaces/OAuth2DeviceAuthorizationParams.html +3 -0
  95. package/docs/interfaces/OAuth2JwksOptions.html +6 -0
  96. package/docs/interfaces/OAuth2JwtPayload.html +24 -0
  97. package/docs/interfaces/OAuth2RefreshTokenParams.html +11 -0
  98. package/docs/interfaces/OAuth2SingleAuthFlow.html +6 -0
  99. package/docs/interfaces/OAuth2SingleAuthFlowBuilder.html +5 -0
  100. package/docs/interfaces/OAuth2TokenParams.html +6 -0
  101. package/docs/interfaces/OAuth2TokenResponseBody.html +8 -0
  102. package/docs/interfaces/OpenIDHelpers.html +3 -0
  103. package/docs/interfaces/ReplayStore.html +4 -0
  104. package/docs/interfaces/TokenType.html +5 -0
  105. package/docs/modules.html +1 -0
  106. package/docs/types/AnyOAuth2ErrorCodeType.html +1 -0
  107. package/docs/types/AuthCodeGenerator.html +2 -0
  108. package/docs/types/AuthCodeGeneratorResult.html +1 -0
  109. package/docs/types/AuthCodeResultMatchHandlers.html +4 -0
  110. package/docs/types/AuthCodeTokenGenerator.html +2 -0
  111. package/docs/types/AuthResponseHandler.html +5 -0
  112. package/docs/types/AuthResponseRenderer.html +1 -0
  113. package/docs/types/ClientAuthMethodResponse.html +5 -0
  114. package/docs/types/ClientCredentialsTokenGenerator.html +2 -0
  115. package/docs/types/DefaultOAuth2DeviceAuthRefreshTokenRoute.html +1 -0
  116. package/docs/types/DeviceAuthTokenGenerator.html +2 -0
  117. package/docs/types/DeviceCodeGenerator.html +2 -0
  118. package/docs/types/DeviceCodeResponse.html +23 -0
  119. package/docs/types/DeviceFlowOAuth2ErrorCodeType.html +1 -0
  120. package/docs/types/ExtendedOAuth2ErrorCodeType.html +1 -0
  121. package/docs/types/IOAuth2ACTokenRoute.html +1 -0
  122. package/docs/types/IOAuth2ClientCredentialsTokenRoute.html +1 -0
  123. package/docs/types/IOAuth2DeviceAuthTokenRoute.html +1 -0
  124. package/docs/types/IOAuth2RefreshTokenRoute.html +1 -0
  125. package/docs/types/JWKSHandler.html +1 -0
  126. package/docs/types/MultipleFlowsBuilderArg.html +1 -0
  127. package/docs/types/OAuth2ACAuthorizationHandler.html +1 -0
  128. package/docs/types/OAuth2ACTokenHandler.html +1 -0
  129. package/docs/types/OAuth2AuthOptions.html +7 -0
  130. package/docs/types/OAuth2ClientAuthentication.html +1 -0
  131. package/docs/types/OAuth2ClientCredentialsTokenHandler.html +1 -0
  132. package/docs/types/OAuth2DeviceAuthTokenHandler.html +1 -0
  133. package/docs/types/OAuth2DeviceAuthorizationHandler.html +1 -0
  134. package/docs/types/OAuth2DeviceCodeTokenErrorBody.html +4 -0
  135. package/docs/types/OAuth2ErrorBody.html +4 -0
  136. package/docs/types/OAuth2ErrorCodeType.html +1 -0
  137. package/docs/types/OAuth2RefreshTokenHandler.html +1 -0
  138. package/docs/types/OAuth2TokenErrorCodeType.html +1 -0
  139. package/docs/types/OAuth2TokenHandler.html +1 -0
  140. package/docs/types/OIDCAuthorizationCodeArg.html +2 -0
  141. package/docs/types/OIDCAuthorizationCodeBuilderArg.html +2 -0
  142. package/docs/types/OIDCClientCredentialsArg.html +2 -0
  143. package/docs/types/OIDCClientCredentialsBuilderArg.html +2 -0
  144. package/docs/types/OIDCDeviceAuthorizationArg.html +2 -0
  145. package/docs/types/OIDCDeviceAuthorizationBuilderArg.html +2 -0
  146. package/docs/types/PathValue.html +1 -0
  147. package/docs/types/ReplayDetector.html +1 -0
  148. package/docs/types/SingleCodeFlow.html +1 -0
  149. package/docs/types/StandardOAuth2ErrorCodeType.html +1 -0
  150. package/docs/types/TokenEndpointAuthMethod.html +1 -0
  151. package/docs/types/TokenGenerator.html +1 -0
  152. package/docs/types/TokenRequestValidation.html +1 -0
  153. package/docs/types/TokenTypeValidation.html +1 -0
  154. package/docs/types/TokenTypeValidationResponse.html +3 -0
  155. package/docs/types/WithRequired.html +1 -0
  156. package/docs/variables/AllOAuth2ErrorCode.html +1 -0
  157. package/docs/variables/AuthCodeResult.html +1 -0
  158. package/docs/variables/DeviceFlowOAuth2ErrorCode.html +1 -0
  159. package/docs/variables/ExtendedOAuth2ErrorCode.html +1 -0
  160. package/docs/variables/OAuth2ErrorCode.html +1 -0
  161. package/docs/variables/OAuth2TokenErrorCode.html +1 -0
  162. package/docs/variables/StandardOAuth2ErrorCode.html +1 -0
  163. package/kaukau.config.mjs +20 -0
  164. package/lib/cli.js +7 -7
  165. package/lib/flows/auth-code/authorization-route.d.ts +61 -10
  166. package/lib/flows/auth-code/authorization-route.js +152 -65
  167. package/lib/flows/auth-code/authorization-route.js.map +1 -1
  168. package/lib/flows/auth-code/authorization-utils.d.ts +35 -0
  169. package/lib/flows/auth-code/authorization-utils.js +44 -0
  170. package/lib/flows/auth-code/authorization-utils.js.map +1 -0
  171. package/lib/flows/auth-code/token-route.d.ts +10 -18
  172. package/lib/flows/auth-code/token-route.js +6 -15
  173. package/lib/flows/auth-code/token-route.js.map +1 -1
  174. package/lib/flows/authorization-code.d.ts +112 -0
  175. package/lib/flows/authorization-code.js +570 -0
  176. package/lib/flows/authorization-code.js.map +1 -0
  177. package/lib/flows/client-credentials.d.ts +79 -39
  178. package/lib/flows/client-credentials.js +324 -257
  179. package/lib/flows/client-credentials.js.map +1 -1
  180. package/lib/flows/client-creds/token-route.d.ts +23 -0
  181. package/lib/flows/client-creds/token-route.js +52 -0
  182. package/lib/flows/client-creds/token-route.js.map +1 -0
  183. package/lib/flows/common.d.ts +265 -28
  184. package/lib/flows/common.js +293 -29
  185. package/lib/flows/common.js.map +1 -1
  186. package/lib/flows/device-auth/authorization-route.d.ts +83 -0
  187. package/lib/flows/device-auth/authorization-route.js +68 -0
  188. package/lib/flows/device-auth/authorization-route.js.map +1 -0
  189. package/lib/flows/device-auth/token-route.d.ts +29 -0
  190. package/lib/flows/device-auth/token-route.js +49 -0
  191. package/lib/flows/device-auth/token-route.js.map +1 -0
  192. package/lib/flows/device-authorization.d.ts +112 -0
  193. package/lib/flows/device-authorization.js +523 -0
  194. package/lib/flows/device-authorization.js.map +1 -0
  195. package/lib/flows/oidc-multiple-flows.d.ts +59 -0
  196. package/lib/flows/oidc-multiple-flows.js +268 -0
  197. package/lib/flows/oidc-multiple-flows.js.map +1 -0
  198. package/lib/index.d.ts +12 -6
  199. package/lib/index.js +12 -6
  200. package/lib/index.js.map +1 -1
  201. package/lib/utils/client-auth-methods.d.ts +2 -2
  202. package/lib/utils/client-auth-methods.js +5 -6
  203. package/lib/utils/client-auth-methods.js.map +1 -1
  204. package/lib/utils/in-memory-key-store.d.ts +12 -0
  205. package/lib/utils/in-memory-key-store.js +46 -0
  206. package/lib/utils/in-memory-key-store.js.map +1 -0
  207. package/lib/utils/jwt-authority.d.ts +81 -0
  208. package/lib/utils/jwt-authority.js +186 -0
  209. package/lib/utils/jwt-authority.js.map +1 -0
  210. package/lib/utils/jwt-utils.d.ts +33 -0
  211. package/lib/utils/jwt-utils.js +24 -0
  212. package/lib/utils/jwt-utils.js.map +1 -0
  213. package/lib/utils/replay-store.d.ts +13 -0
  214. package/lib/utils/{cache-set.js → replay-store.js} +8 -4
  215. package/lib/utils/replay-store.js.map +1 -0
  216. package/lib/utils/token-types.d.ts +6 -3
  217. package/lib/utils/token-types.js +13 -10
  218. package/lib/utils/token-types.js.map +1 -1
  219. package/lib/utils/verify-code-verifier.d.ts +4 -0
  220. package/lib/utils/verify-code-verifier.js +18 -0
  221. package/lib/utils/verify-code-verifier.js.map +1 -0
  222. package/package.json +7 -7
  223. package/typedoc.json +11 -0
  224. package/lib/flows/auth-code/open-id.d.ts +0 -53
  225. package/lib/flows/auth-code/open-id.js +0 -199
  226. package/lib/flows/auth-code/open-id.js.map +0 -1
  227. package/lib/flows/auth-code.ts/open-id.d.ts +0 -52
  228. package/lib/flows/auth-code.ts/open-id.js +0 -169
  229. package/lib/flows/auth-code.ts/open-id.js.map +0 -1
  230. package/lib/flows/authentication-code.d.ts +0 -53
  231. package/lib/flows/authentication-code.js +0 -380
  232. package/lib/flows/authentication-code.js.map +0 -1
  233. package/lib/utils/cache-set.d.ts +0 -12
  234. package/lib/utils/cache-set.js.map +0 -1
  235. package/lib/utils/in-memory-cache.d.ts +0 -5
  236. package/lib/utils/in-memory-cache.js +0 -30
  237. package/lib/utils/in-memory-cache.js.map +0 -1
  238. package/lib/utils/in-memory-jwks-store.d.ts +0 -12
  239. package/lib/utils/in-memory-jwks-store.js +0 -46
  240. package/lib/utils/in-memory-jwks-store.js.map +0 -1
  241. package/lib/utils/jwks-generator.d.ts +0 -58
  242. package/lib/utils/jwks-generator.js +0 -141
  243. package/lib/utils/jwks-generator.js.map +0 -1
  244. package/lib/utils/jwks-store.d.ts +0 -13
  245. package/lib/utils/jwks-store.js +0 -3
  246. package/lib/utils/jwks-store.js.map +0 -1
package/lib/flows/device-auth/token-route.js ADDED
@@ -0,0 +1,49 @@
1
+ "use strict";
2
+ var _DefaultOAuth2DeviceAuthTokenRoute_generateToken;
3
+ Object.defineProperty(exports, "__esModule", { value: true });
4
+ exports.DefaultOAuth2DeviceAuthTokenRoute = exports.OAuth2DeviceAuthTokenRoute = void 0;
5
+ const tslib_1 = require("tslib");
6
+ const common_1 = require("../common");
7
+ class OAuth2DeviceAuthTokenRoute extends common_1.OAuth2TokenRoute {
8
+ static buildDefault() {
9
+ return new DefaultOAuth2DeviceAuthTokenRoute();
10
+ }
11
+ }
12
+ exports.OAuth2DeviceAuthTokenRoute = OAuth2DeviceAuthTokenRoute;
13
+ class DefaultOAuth2DeviceAuthTokenRoute extends OAuth2DeviceAuthTokenRoute {
14
+ constructor() {
15
+ super('/oauth2/token', (props, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
16
+ let r = null;
17
+ try {
18
+ r = yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2DeviceAuthTokenRoute_generateToken, "f").call(this, props, req);
19
+ }
20
+ catch (err) {
21
+ return h.response({ error: common_1.DeviceFlowOAuth2ErrorCode.ACCESS_DENIED, error_description: `${err}` }).code(400);
22
+ }
23
+ if (!r)
24
+ return h.response({ error: common_1.DeviceFlowOAuth2ErrorCode.ACCESS_DENIED }).code(400);
25
+ if ('error' in r)
26
+ return h.response(r).code(400);
27
+ return h.response(r).code(200);
28
+ }));
29
+ _DefaultOAuth2DeviceAuthTokenRoute_generateToken.set(this, void 0);
30
+ tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2DeviceAuthTokenRoute_generateToken, () => tslib_1.__awaiter(this, void 0, void 0, function* () { return ({ error: common_1.DeviceFlowOAuth2ErrorCode.ACCESS_DENIED }); }), "f");
31
+ }
32
+ setPath(path) {
33
+ if (path)
34
+ this._path = path;
35
+ return this;
36
+ }
37
+ validate(handler) {
38
+ this._handler = handler;
39
+ return this;
40
+ }
41
+ generateToken(handler) {
42
+ tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2DeviceAuthTokenRoute_generateToken, handler, "f");
43
+ return this;
44
+ }
45
+ }
46
+ exports.DefaultOAuth2DeviceAuthTokenRoute = DefaultOAuth2DeviceAuthTokenRoute;
47
+ _DefaultOAuth2DeviceAuthTokenRoute_generateToken = new WeakMap();
48
+ //#endregion Defaults
49
+ //# sourceMappingURL=token-route.js.map
package/lib/flows/device-auth/token-route.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-route.js","sourceRoot":"","sources":["../../../src/flows/device-auth/token-route.ts"],"names":[],"mappings":";;;;;AAKA,sCAYkB;AA+BlB,MAAa,0BAEX,SAAQ,yBAGT;IAEG,MAAM,CAAC,YAAY;QAGf,OAAO,IAAI,iCAAiC,EAAQ,CAAA;IACxD,CAAC;CACJ;AAZD,gEAYC;AAWD,MAAa,iCAEX,SAAQ,0BAAgC;IAOtC;QACI,KAAK,CAAC,eAAe,EAAE,CAAO,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;YAC3C,IAAI,CAAC,GAA2F,IAAI,CAAA;YAEpG,IAAI,CAAC;gBACD,CAAC,GAAG,MAAM,+BAAA,IAAI,wDAAe,MAAnB,IAAI,EAAgB,KAAK,EAAE,GAAG,CAAC,CAAA;YAC7C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,kCAAyB,CAAC,aAAa,EAAE,iBAAiB,EAAE,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChH,CAAC;YAED,IAAI,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,kCAAyB,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAEvF,IAAI,OAAO,IAAI,CAAC;gBAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAEhD,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAClC,CAAC,CAAA,CAAC,CAAA;QAjBN,mEAA8C;QAmB1C,+BAAA,IAAI,oDAAkB,GAAS,EAAE,wDAAC,OAAA,CAAC,EAAE,KAAK,EAAE,kCAAyB,CAAC,aAAa,EAAE,CAAC,CAAA,GAAA,MAAA,CAAA;IAC1F,CAAC;IAED,OAAO,CAAC,IAAe;QACnB,IAAI,IAAI;YACJ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,QAAQ,CAAC,OAA2C;QAChD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,OAAuC;QACjD,+BAAA,IAAI,oDAAkB,OAAO,MAAA,CAAA;QAC7B,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AA5CD,8EA4CC;;AAED,qBAAqB"}
package/lib/flows/device-authorization.d.ts ADDED
@@ -0,0 +1,112 @@
1
+ import { KaapiTools, Lifecycle, ReqRef, ReqRefDefaults, Request, ResponseToolkit } from '@kaapi/kaapi';
2
+ import { IOAuth2RefreshTokenRoute, OAuth2AuthOptions, OAuth2AuthDesign, OAuth2SingleAuthFlow, DefaultOAuth2RefreshTokenRoute, DefaultJWKSRoute, OAuth2AuthDesignBuilder, OAuth2AuthDesignOptions, OAuth2JwksOptions } from './common';
3
+ import { DefaultOAuth2DeviceAuthorizationRoute, IOAuth2DeviceAuthorizationRoute } from './device-auth/authorization-route';
4
+ import { DefaultOAuth2DeviceAuthTokenRoute, IOAuth2DeviceAuthTokenRoute, OAuth2DeviceCodeTokenErrorBody } from './device-auth/token-route';
5
+ import { TokenType } from '../utils/token-types';
6
+ import { BaseAuthUtil } from '@novice1/api-doc-generator/lib/utils/auth/baseAuthUtils';
7
+ import { ClientAuthMethod, TokenEndpointAuthMethod } from '../utils/client-auth-methods';
8
+ import { JwksKeyStore } from '../utils/jwt-authority';
9
+ export type DefaultOAuth2DeviceAuthRefreshTokenRoute<Refs extends ReqRef = ReqRefDefaults> = DefaultOAuth2RefreshTokenRoute<Refs, OAuth2DeviceCodeTokenErrorBody>;
10
+ export interface OAuth2DeviceAuthorizationArg extends OAuth2AuthDesignOptions {
11
+ authorizationRoute: IOAuth2DeviceAuthorizationRoute<any>;
12
+ tokenRoute: IOAuth2DeviceAuthTokenRoute<any>;
13
+ refreshTokenRoute?: IOAuth2RefreshTokenRoute<any>;
14
+ }
15
+ export declare class OAuth2DeviceAuthorization extends OAuth2AuthDesign implements OAuth2SingleAuthFlow {
16
+ get grantType(): 'urn:ietf:params:oauth:grant-type:device_code';
17
+ protected authorizationRoute: IOAuth2DeviceAuthorizationRoute<any>;
18
+ protected tokenRoute: IOAuth2DeviceAuthTokenRoute<any>;
19
+ protected refreshTokenRoute?: IOAuth2RefreshTokenRoute<any>;
20
+ constructor({ authorizationRoute, tokenRoute, refreshTokenRoute, ...props }: OAuth2DeviceAuthorizationArg);
21
+ protected handleAuthorization<Refs extends ReqRef = ReqRefDefaults>(_t: KaapiTools, request: Request<Refs>, h: ResponseToolkit<Refs>): Promise<Lifecycle.ReturnValueTypes<{
22
+ Payload: {
23
+ client_id?: unknown;
24
+ scope?: unknown;
25
+ };
26
+ }>>;
27
+ registerAuthorizationEndpoint(t: KaapiTools): void;
28
+ handleToken<Refs extends ReqRef = ReqRefDefaults>(t: KaapiTools, request: Request<Refs>, h: ResponseToolkit<Refs>): Promise<Lifecycle.ReturnValueTypes<{
29
+ Payload: {
30
+ device_code?: unknown;
31
+ grant_type?: unknown;
32
+ scope?: unknown;
33
+ refresh_token?: unknown;
34
+ };
35
+ }>>;
36
+ handleRefreshToken<Refs extends ReqRef = ReqRefDefaults>(t: KaapiTools, request: Request<Refs>, h: ResponseToolkit<Refs>): Promise<Lifecycle.ReturnValueTypes<{
37
+ Payload: {
38
+ grant_type?: unknown;
39
+ refresh_token?: unknown;
40
+ scope?: unknown;
41
+ };
42
+ }>>;
43
+ docs(): BaseAuthUtil | undefined;
44
+ integrateHook(t: KaapiTools): void;
45
+ }
46
+ export type OIDCDeviceAuthorizationArg = OAuth2DeviceAuthorizationArg & {
47
+ /**
48
+ * Override the configuration served at the discovery endpoint
49
+ */
50
+ openidConfiguration?: Record<string, unknown>;
51
+ };
52
+ export declare class OIDCDeviceAuthorization extends OAuth2DeviceAuthorization implements OAuth2SingleAuthFlow {
53
+ protected openidConfiguration: Record<string, unknown>;
54
+ constructor(params: OIDCDeviceAuthorizationArg);
55
+ getDiscoveryConfiguration(t: KaapiTools): {
56
+ [x: string]: unknown;
57
+ };
58
+ integrateHook(t: KaapiTools): void;
59
+ }
60
+ export interface OAuth2DeviceAuthorizationBuilderArg extends OAuth2DeviceAuthorizationArg {
61
+ authorizationRoute: DefaultOAuth2DeviceAuthorizationRoute<any>;
62
+ tokenRoute: DefaultOAuth2DeviceAuthTokenRoute<any>;
63
+ refreshTokenRoute?: DefaultOAuth2DeviceAuthRefreshTokenRoute<any>;
64
+ jwksRoute?: DefaultJWKSRoute<any>;
65
+ tokenType?: TokenType<any>;
66
+ }
67
+ export declare class OAuth2DeviceAuthorizationBuilder implements OAuth2AuthDesignBuilder {
68
+ protected params: OAuth2DeviceAuthorizationBuilderArg;
69
+ protected tokenType?: TokenType<any>;
70
+ protected tokenTTL?: number;
71
+ protected description?: string;
72
+ protected scopes?: Record<string, string>;
73
+ protected clientAuthMethods: Record<TokenEndpointAuthMethod, ClientAuthMethod | undefined>;
74
+ constructor(params: OAuth2DeviceAuthorizationBuilderArg);
75
+ static create(params?: Partial<OAuth2DeviceAuthorizationBuilderArg>): OAuth2DeviceAuthorizationBuilder;
76
+ build(): OAuth2DeviceAuthorization;
77
+ setTokenTTL(ttlSeconds?: number): this;
78
+ setDescription(description: string): this;
79
+ setScopes(scopes: Record<string, string>): this;
80
+ setTokenType<Refs extends ReqRef = ReqRefDefaults>(value: TokenType<Refs>): this;
81
+ addClientAuthenticationMethod(value: 'client_secret_basic' | 'client_secret_post' | 'none' | ClientAuthMethod): this;
82
+ strategyName(name: string): this;
83
+ setJwksKeyStore(keyStore: JwksKeyStore): this;
84
+ /**
85
+ *
86
+ * @param ttl seconds
87
+ */
88
+ setPublicKeyExpiry(ttl: number): this;
89
+ setJwksRotatorOptions(jwksRotatorOptions: OAuth2JwksOptions['rotation']): this;
90
+ validate<Refs extends ReqRef = ReqRefDefaults>(handler: OAuth2AuthOptions<Refs>['validate']): this;
91
+ /**
92
+ * Auto-verifies the access token JWT using the configured JWKS before running user validation.
93
+ */
94
+ useAccessTokenJwks(active: boolean): this;
95
+ jwksRoute<Refs extends ReqRef = ReqRefDefaults>(handler: (route: DefaultJWKSRoute<Refs>) => void): this;
96
+ authorizationRoute<PostRefs extends ReqRef = ReqRefDefaults>(handler: (route: DefaultOAuth2DeviceAuthorizationRoute<PostRefs>) => void): this;
97
+ tokenRoute<Refs extends ReqRef = ReqRefDefaults>(handler: (route: DefaultOAuth2DeviceAuthTokenRoute<Refs>) => void): this;
98
+ refreshTokenRoute<Refs extends ReqRef = ReqRefDefaults>(handler: (route: DefaultOAuth2DeviceAuthRefreshTokenRoute<Refs>) => void): this;
99
+ }
100
+ export type OIDCDeviceAuthorizationBuilderArg = OAuth2DeviceAuthorizationBuilderArg & {
101
+ /**
102
+ * Override the configuration served at the discovery endpoint
103
+ */
104
+ openidConfiguration?: Record<string, unknown>;
105
+ };
106
+ export declare class OIDCDeviceAuthorizationBuilder extends OAuth2DeviceAuthorizationBuilder {
107
+ protected openidConfiguration: Record<string, unknown>;
108
+ constructor(params: OIDCDeviceAuthorizationBuilderArg);
109
+ static create(params?: Partial<OIDCDeviceAuthorizationBuilderArg>): OIDCDeviceAuthorizationBuilder;
110
+ additionalConfiguration(openidConfiguration: Record<string, unknown>): this;
111
+ build(): OIDCDeviceAuthorization;
112
+ }