@keycardai/oauth 0.13.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/clientCredentials.d.ts +33 -0
- package/dist/cjs/clientCredentials.d.ts.map +1 -0
- package/dist/cjs/clientCredentials.js +127 -0
- package/dist/cjs/clientCredentials.js.map +1 -0
- package/dist/cjs/index.d.ts +2 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +3 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/tokenExchange.d.ts +1 -0
- package/dist/cjs/tokenExchange.d.ts.map +1 -1
- package/dist/cjs/tokenExchange.js +3 -2
- package/dist/cjs/tokenExchange.js.map +1 -1
- package/dist/esm/clientCredentials.d.ts +33 -0
- package/dist/esm/clientCredentials.d.ts.map +1 -0
- package/dist/esm/clientCredentials.js +123 -0
- package/dist/esm/clientCredentials.js.map +1 -0
- package/dist/esm/index.d.ts +2 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/tokenExchange.d.ts +1 -0
- package/dist/esm/tokenExchange.d.ts.map +1 -1
- package/dist/esm/tokenExchange.js +2 -2
- package/dist/esm/tokenExchange.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import type { ApplicationCredential } from "./credentials.js";
|
|
2
|
+
import { type TokenResponse } from "./tokenExchange.js";
|
|
3
|
+
export interface ClientCredentialsRequest {
|
|
4
|
+
resource?: string;
|
|
5
|
+
scope?: string;
|
|
6
|
+
clientAssertion?: string;
|
|
7
|
+
clientAssertionType?: string;
|
|
8
|
+
}
|
|
9
|
+
export interface ClientCredentialsClientOptions {
|
|
10
|
+
clientId?: string;
|
|
11
|
+
clientSecret?: string;
|
|
12
|
+
/**
|
|
13
|
+
* Application credential provider. When set, takes precedence over
|
|
14
|
+
* static `clientId`/`clientSecret` and resolves the per-request
|
|
15
|
+
* Authorization header from the credential's `getAuth(zoneId)`.
|
|
16
|
+
*/
|
|
17
|
+
credential?: ApplicationCredential;
|
|
18
|
+
}
|
|
19
|
+
export interface RequestTokenOptions {
|
|
20
|
+
zoneId?: string;
|
|
21
|
+
}
|
|
22
|
+
export declare class ClientCredentialsClient {
|
|
23
|
+
#private;
|
|
24
|
+
constructor(issuer: string, options?: ClientCredentialsClientOptions);
|
|
25
|
+
requestToken(request?: ClientCredentialsRequest, options?: RequestTokenOptions): Promise<TokenResponse>;
|
|
26
|
+
/**
|
|
27
|
+
* Resolve the authorization server's token endpoint (discovered from metadata
|
|
28
|
+
* and cached). Exposed so a caller can build a credential assertion whose
|
|
29
|
+
* `aud` is the token endpoint before invoking {@link requestToken}.
|
|
30
|
+
*/
|
|
31
|
+
getTokenEndpoint(): Promise<string>;
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=clientCredentials.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientCredentials.d.ts","sourceRoot":"","sources":["../../src/clientCredentials.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAA4B,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMlF,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAuBD,qBAAa,uBAAuB;;gBAQtB,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,8BAA8B;IAO9D,YAAY,CAChB,OAAO,CAAC,EAAE,wBAAwB,EAClC,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,aAAa,CAAC;IA0DzB;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;CAuB1C"}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
3
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
4
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
5
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
6
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
7
|
+
};
|
|
8
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
9
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
10
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
|
+
};
|
|
13
|
+
var _ClientCredentialsClient_instances, _ClientCredentialsClient_issuer, _ClientCredentialsClient_clientId, _ClientCredentialsClient_clientSecret, _ClientCredentialsClient_credential, _ClientCredentialsClient_tokenEndpoint, _ClientCredentialsClient_discoveryPromise, _ClientCredentialsClient_resolveBasicAuth, _ClientCredentialsClient_getTokenEndpoint;
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.ClientCredentialsClient = void 0;
|
|
16
|
+
const discovery_js_1 = require("./discovery.js");
|
|
17
|
+
const errors_js_1 = require("./errors.js");
|
|
18
|
+
const tokenExchange_js_1 = require("./tokenExchange.js");
|
|
19
|
+
// =============================================================================
|
|
20
|
+
// Wire format helpers (camelCase <-> snake_case at the boundary)
|
|
21
|
+
// =============================================================================
|
|
22
|
+
function serializeRequest(request) {
|
|
23
|
+
const params = new URLSearchParams();
|
|
24
|
+
params.set("grant_type", "client_credentials");
|
|
25
|
+
if (request.resource)
|
|
26
|
+
params.set("resource", request.resource);
|
|
27
|
+
if (request.scope)
|
|
28
|
+
params.set("scope", request.scope);
|
|
29
|
+
if (request.clientAssertion)
|
|
30
|
+
params.set("client_assertion", request.clientAssertion);
|
|
31
|
+
if (request.clientAssertionType)
|
|
32
|
+
params.set("client_assertion_type", request.clientAssertionType);
|
|
33
|
+
return params;
|
|
34
|
+
}
|
|
35
|
+
// =============================================================================
|
|
36
|
+
// Client Credentials Client
|
|
37
|
+
// =============================================================================
|
|
38
|
+
class ClientCredentialsClient {
|
|
39
|
+
constructor(issuer, options) {
|
|
40
|
+
_ClientCredentialsClient_instances.add(this);
|
|
41
|
+
_ClientCredentialsClient_issuer.set(this, void 0);
|
|
42
|
+
_ClientCredentialsClient_clientId.set(this, void 0);
|
|
43
|
+
_ClientCredentialsClient_clientSecret.set(this, void 0);
|
|
44
|
+
_ClientCredentialsClient_credential.set(this, void 0);
|
|
45
|
+
_ClientCredentialsClient_tokenEndpoint.set(this, void 0);
|
|
46
|
+
_ClientCredentialsClient_discoveryPromise.set(this, void 0);
|
|
47
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_issuer, issuer, "f");
|
|
48
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_clientId, options?.clientId, "f");
|
|
49
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_clientSecret, options?.clientSecret, "f");
|
|
50
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_credential, options?.credential, "f");
|
|
51
|
+
}
|
|
52
|
+
async requestToken(request, options) {
|
|
53
|
+
const tokenEndpoint = await __classPrivateFieldGet(this, _ClientCredentialsClient_instances, "m", _ClientCredentialsClient_getTokenEndpoint).call(this);
|
|
54
|
+
const body = serializeRequest(request ?? {});
|
|
55
|
+
const headers = {
|
|
56
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
57
|
+
};
|
|
58
|
+
const basicAuth = __classPrivateFieldGet(this, _ClientCredentialsClient_instances, "m", _ClientCredentialsClient_resolveBasicAuth).call(this, options?.zoneId);
|
|
59
|
+
if (basicAuth) {
|
|
60
|
+
const credentials = btoa(`${basicAuth.clientId}:${basicAuth.clientSecret}`);
|
|
61
|
+
headers["Authorization"] = `Basic ${credentials}`;
|
|
62
|
+
}
|
|
63
|
+
const response = await fetch(tokenEndpoint, {
|
|
64
|
+
method: "POST",
|
|
65
|
+
headers,
|
|
66
|
+
body: body.toString(),
|
|
67
|
+
});
|
|
68
|
+
if (!response.ok) {
|
|
69
|
+
try {
|
|
70
|
+
const errorBody = await response.json();
|
|
71
|
+
if (typeof errorBody.error === "string") {
|
|
72
|
+
const errorCode = errorBody.error;
|
|
73
|
+
const description = typeof errorBody.error_description === "string"
|
|
74
|
+
? errorBody.error_description
|
|
75
|
+
: errorCode;
|
|
76
|
+
const errorUri = typeof errorBody.error_uri === "string"
|
|
77
|
+
? errorBody.error_uri
|
|
78
|
+
: undefined;
|
|
79
|
+
throw new errors_js_1.OAuthError(errorCode, description, errorUri);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
catch (e) {
|
|
83
|
+
if (e instanceof errors_js_1.OAuthError)
|
|
84
|
+
throw e;
|
|
85
|
+
// non-JSON or no "error" key: fall through
|
|
86
|
+
}
|
|
87
|
+
throw new Error(`Client credentials request failed (HTTP ${response.status})`);
|
|
88
|
+
}
|
|
89
|
+
const json = await response.json();
|
|
90
|
+
return (0, tokenExchange_js_1.deserializeTokenResponse)(json);
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Resolve the authorization server's token endpoint (discovered from metadata
|
|
94
|
+
* and cached). Exposed so a caller can build a credential assertion whose
|
|
95
|
+
* `aud` is the token endpoint before invoking {@link requestToken}.
|
|
96
|
+
*/
|
|
97
|
+
async getTokenEndpoint() {
|
|
98
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_instances, "m", _ClientCredentialsClient_getTokenEndpoint).call(this);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.ClientCredentialsClient = ClientCredentialsClient;
|
|
102
|
+
_ClientCredentialsClient_issuer = new WeakMap(), _ClientCredentialsClient_clientId = new WeakMap(), _ClientCredentialsClient_clientSecret = new WeakMap(), _ClientCredentialsClient_credential = new WeakMap(), _ClientCredentialsClient_tokenEndpoint = new WeakMap(), _ClientCredentialsClient_discoveryPromise = new WeakMap(), _ClientCredentialsClient_instances = new WeakSet(), _ClientCredentialsClient_resolveBasicAuth = function _ClientCredentialsClient_resolveBasicAuth(zoneId) {
|
|
103
|
+
if (__classPrivateFieldGet(this, _ClientCredentialsClient_credential, "f")) {
|
|
104
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_credential, "f").getAuth(zoneId);
|
|
105
|
+
}
|
|
106
|
+
if (__classPrivateFieldGet(this, _ClientCredentialsClient_clientId, "f") && __classPrivateFieldGet(this, _ClientCredentialsClient_clientSecret, "f")) {
|
|
107
|
+
return { clientId: __classPrivateFieldGet(this, _ClientCredentialsClient_clientId, "f"), clientSecret: __classPrivateFieldGet(this, _ClientCredentialsClient_clientSecret, "f") };
|
|
108
|
+
}
|
|
109
|
+
return null;
|
|
110
|
+
}, _ClientCredentialsClient_getTokenEndpoint = async function _ClientCredentialsClient_getTokenEndpoint() {
|
|
111
|
+
if (__classPrivateFieldGet(this, _ClientCredentialsClient_tokenEndpoint, "f")) {
|
|
112
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_tokenEndpoint, "f");
|
|
113
|
+
}
|
|
114
|
+
// Promise-based lock: only one concurrent discovery
|
|
115
|
+
if (!__classPrivateFieldGet(this, _ClientCredentialsClient_discoveryPromise, "f")) {
|
|
116
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_discoveryPromise, (async () => {
|
|
117
|
+
const metadata = await (0, discovery_js_1.fetchAuthorizationServerMetadata)(__classPrivateFieldGet(this, _ClientCredentialsClient_issuer, "f"));
|
|
118
|
+
if (!metadata.token_endpoint) {
|
|
119
|
+
throw new Error(`Authorization server "${__classPrivateFieldGet(this, _ClientCredentialsClient_issuer, "f")}" does not advertise a token_endpoint`);
|
|
120
|
+
}
|
|
121
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_tokenEndpoint, metadata.token_endpoint, "f");
|
|
122
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_tokenEndpoint, "f");
|
|
123
|
+
})(), "f");
|
|
124
|
+
}
|
|
125
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_discoveryPromise, "f");
|
|
126
|
+
};
|
|
127
|
+
//# sourceMappingURL=clientCredentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientCredentials.js","sourceRoot":"","sources":["../../src/clientCredentials.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,iDAAkE;AAClE,2CAAyC;AAEzC,yDAAkF;AA4BlF,gFAAgF;AAChF,iEAAiE;AACjE,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,OAAiC;IACzD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;IAE/C,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,eAAe;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,mBAAmB;QAAE,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAElG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAChF,4BAA4B;AAC5B,gFAAgF;AAEhF,MAAa,uBAAuB;IAQlC,YAAY,MAAc,EAAE,OAAwC;;QAPpE,kDAAgB;QAChB,oDAAmB;QACnB,wDAAuB;QACvB,sDAAoC;QACpC,yDAAwB;QACxB,4DAAoC;QAGlC,uBAAA,IAAI,mCAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,qCAAa,OAAO,EAAE,QAAQ,MAAA,CAAC;QACnC,uBAAA,IAAI,yCAAiB,OAAO,EAAE,YAAY,MAAA,CAAC;QAC3C,uBAAA,IAAI,uCAAe,OAAO,EAAE,UAAU,MAAA,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,OAAkC,EAClC,OAA6B;QAE7B,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,CAAoB,CAAC;QACrD,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAE7C,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,MAAM,SAAS,GAAG,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,EAAmB,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,WAAW,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACtB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;gBACnE,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACxC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC;oBAClC,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,QAAQ;wBACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB;wBAC7B,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ;wBACtD,CAAC,CAAC,SAAS,CAAC,SAAS;wBACrB,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,IAAI,sBAAU,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,sBAAU;oBAAE,MAAM,CAAC,CAAC;gBACrC,2CAA2C;YAC7C,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2CAA2C,QAAQ,CAAC,MAAM,GAAG,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;QAC9D,OAAO,IAAA,2CAAwB,EAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAcD;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,OAAO,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,CAAoB,CAAC;IAClC,CAAC;CAqBF;AAxGD,0DAwGC;sdAvCG,MAA0B;IAE1B,IAAI,uBAAA,IAAI,2CAAY,EAAE,CAAC;QACrB,OAAO,uBAAA,IAAI,2CAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,uBAAA,IAAI,yCAAU,IAAI,uBAAA,IAAI,6CAAc,EAAE,CAAC;QACzC,OAAO,EAAE,QAAQ,EAAE,uBAAA,IAAI,yCAAU,EAAE,YAAY,EAAE,uBAAA,IAAI,6CAAc,EAAE,CAAC;IACxE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,8CAWD,KAAK;IACH,IAAI,uBAAA,IAAI,8CAAe,EAAE,CAAC;QACxB,OAAO,uBAAA,IAAI,8CAAe,CAAC;IAC7B,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,uBAAA,IAAI,iDAAkB,EAAE,CAAC;QAC5B,uBAAA,IAAI,6CAAqB,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,QAAQ,GAAG,MAAM,IAAA,+CAAgC,EAAC,uBAAA,IAAI,uCAAQ,CAAC,CAAC;YACtE,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,uBAAA,IAAI,uCAAQ,uCAAuC,CAAC,CAAC;YAChG,CAAC;YACD,uBAAA,IAAI,0CAAkB,QAAQ,CAAC,cAAc,MAAA,CAAC;YAC9C,OAAO,uBAAA,IAAI,8CAAe,CAAC;QAC7B,CAAC,CAAC,EAAE,MAAA,CAAC;IACP,CAAC;IAED,OAAO,uBAAA,IAAI,iDAAkB,CAAC;AAChC,CAAC"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -10,6 +10,8 @@ export { JWTVerifier } from "./jwt/verifier.js";
|
|
|
10
10
|
export { buildSubstituteUserToken } from "./jwt/substituteUser.js";
|
|
11
11
|
export { TokenExchangeClient, TokenType } from "./tokenExchange.js";
|
|
12
12
|
export type { TokenExchangeRequest, TokenResponse, TokenExchangeClientOptions, ExchangeOptions, ImpersonateRequest, } from "./tokenExchange.js";
|
|
13
|
+
export { ClientCredentialsClient } from "./clientCredentials.js";
|
|
14
|
+
export type { ClientCredentialsRequest, ClientCredentialsClientOptions, RequestTokenOptions, } from "./clientCredentials.js";
|
|
13
15
|
export type { ApplicationCredential } from "./credentials.js";
|
|
14
16
|
export { registerClient } from "./registration.js";
|
|
15
17
|
export type { ClientRegistrationRequest, ClientRegistrationResponse, RegisterClientOptions, } from "./registration.js";
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC3G,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,YAAY,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EACL,SAAS,EACT,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,8BAA8B,EAC9B,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,0BAA0B,EAC1B,eAAe,EACf,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EACV,yBAAyB,EACzB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/E,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,WAAW,EACX,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,GACb,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,IAAI,EACJ,gCAAgC,EAChC,mBAAmB,GACpB,MAAM,WAAW,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC3G,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,YAAY,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EACL,SAAS,EACT,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,8BAA8B,EAC9B,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,0BAA0B,EAC1B,eAAe,EACf,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,YAAY,EACV,wBAAwB,EACxB,8BAA8B,EAC9B,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EACV,yBAAyB,EACzB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/E,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,WAAW,EACX,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,GACb,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,IAAI,EACJ,gCAAgC,EAChC,mBAAmB,GACpB,MAAM,WAAW,CAAC"}
|
package/dist/cjs/index.js
CHANGED
|
@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.authenticate = exports.exchangeAuthorizationCode = exports.generatePkcePair = exports.generateCodeChallenge = exports.generateCodeVerifier = exports.ClientSecret = exports.TokenVerifier = exports.AccessContext = exports.registerClient = exports.TokenType = exports.TokenExchangeClient = exports.buildSubstituteUserToken = exports.JWTVerifier = exports.JWTSigner = exports.JWKSKeyNotFoundError = exports.JWKSFetchError = exports.JWKSUriValidationError = exports.JWKSDiscoveryError = exports.JWKSError = exports.AuthProviderConfigurationError = exports.ResourceAccessError = exports.InsufficientScopeError = exports.InvalidTokenError = exports.OAuthError = exports.UnauthorizedError = exports.BadRequestError = exports.HTTPError = exports.fetchAuthorizationServerMetadata = exports.base64url = exports.JWKSOAuthKeyring = void 0;
|
|
6
|
+
exports.authenticate = exports.exchangeAuthorizationCode = exports.generatePkcePair = exports.generateCodeChallenge = exports.generateCodeVerifier = exports.ClientSecret = exports.TokenVerifier = exports.AccessContext = exports.registerClient = exports.ClientCredentialsClient = exports.TokenType = exports.TokenExchangeClient = exports.buildSubstituteUserToken = exports.JWTVerifier = exports.JWTSigner = exports.JWKSKeyNotFoundError = exports.JWKSFetchError = exports.JWKSUriValidationError = exports.JWKSDiscoveryError = exports.JWKSError = exports.AuthProviderConfigurationError = exports.ResourceAccessError = exports.InsufficientScopeError = exports.InvalidTokenError = exports.OAuthError = exports.UnauthorizedError = exports.BadRequestError = exports.HTTPError = exports.fetchAuthorizationServerMetadata = exports.base64url = exports.JWKSOAuthKeyring = void 0;
|
|
7
7
|
var keyring_js_1 = require("./keyring.js");
|
|
8
8
|
Object.defineProperty(exports, "JWKSOAuthKeyring", { enumerable: true, get: function () { return keyring_js_1.JWKSOAuthKeyring; } });
|
|
9
9
|
var base64url_js_1 = require("./base64url.js");
|
|
@@ -33,6 +33,8 @@ Object.defineProperty(exports, "buildSubstituteUserToken", { enumerable: true, g
|
|
|
33
33
|
var tokenExchange_js_1 = require("./tokenExchange.js");
|
|
34
34
|
Object.defineProperty(exports, "TokenExchangeClient", { enumerable: true, get: function () { return tokenExchange_js_1.TokenExchangeClient; } });
|
|
35
35
|
Object.defineProperty(exports, "TokenType", { enumerable: true, get: function () { return tokenExchange_js_1.TokenType; } });
|
|
36
|
+
var clientCredentials_js_1 = require("./clientCredentials.js");
|
|
37
|
+
Object.defineProperty(exports, "ClientCredentialsClient", { enumerable: true, get: function () { return clientCredentials_js_1.ClientCredentialsClient; } });
|
|
36
38
|
var registration_js_1 = require("./registration.js");
|
|
37
39
|
Object.defineProperty(exports, "registerClient", { enumerable: true, get: function () { return registration_js_1.registerClient; } });
|
|
38
40
|
var index_js_1 = require("./server/index.js");
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;AACA,2CAAgD;AAAvC,8GAAA,gBAAgB,OAAA;AACzB,+CAAsD;AAA7C,0HAAA,OAAO,OAAa;AAC7B,+CAAkE;AAAzD,gIAAA,gCAAgC,OAAA;AAEzC,yCAcqB;AAbnB,sGAAA,SAAS,OAAA;AACT,4GAAA,eAAe,OAAA;AACf,8GAAA,iBAAiB,OAAA;AACjB,uGAAA,UAAU,OAAA;AACV,8GAAA,iBAAiB,OAAA;AACjB,mHAAA,sBAAsB,OAAA;AACtB,gHAAA,mBAAmB,OAAA;AACnB,2HAAA,8BAA8B,OAAA;AAC9B,sGAAA,SAAS,OAAA;AACT,+GAAA,kBAAkB,OAAA;AAClB,mHAAA,sBAAsB,OAAA;AACtB,2GAAA,cAAc,OAAA;AACd,iHAAA,oBAAoB,OAAA;AAEtB,6CAA4C;AAAnC,sGAAA,SAAS,OAAA;AAElB,iDAAgD;AAAvC,0GAAA,WAAW,OAAA;AACpB,6DAAmE;AAA1D,6HAAA,wBAAwB,OAAA;AACjC,uDAAoE;AAA3D,uHAAA,mBAAmB,OAAA;AAAE,6GAAA,SAAS,OAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;AACA,2CAAgD;AAAvC,8GAAA,gBAAgB,OAAA;AACzB,+CAAsD;AAA7C,0HAAA,OAAO,OAAa;AAC7B,+CAAkE;AAAzD,gIAAA,gCAAgC,OAAA;AAEzC,yCAcqB;AAbnB,sGAAA,SAAS,OAAA;AACT,4GAAA,eAAe,OAAA;AACf,8GAAA,iBAAiB,OAAA;AACjB,uGAAA,UAAU,OAAA;AACV,8GAAA,iBAAiB,OAAA;AACjB,mHAAA,sBAAsB,OAAA;AACtB,gHAAA,mBAAmB,OAAA;AACnB,2HAAA,8BAA8B,OAAA;AAC9B,sGAAA,SAAS,OAAA;AACT,+GAAA,kBAAkB,OAAA;AAClB,mHAAA,sBAAsB,OAAA;AACtB,2GAAA,cAAc,OAAA;AACd,iHAAA,oBAAoB,OAAA;AAEtB,6CAA4C;AAAnC,sGAAA,SAAS,OAAA;AAElB,iDAAgD;AAAvC,0GAAA,WAAW,OAAA;AACpB,6DAAmE;AAA1D,6HAAA,wBAAwB,OAAA;AACjC,uDAAoE;AAA3D,uHAAA,mBAAmB,OAAA;AAAE,6GAAA,SAAS,OAAA;AAQvC,+DAAiE;AAAxD,+HAAA,uBAAuB,OAAA;AAOhC,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AAMvB,8CAA+E;AAAtE,yGAAA,aAAa,OAAA;AAAE,yGAAA,aAAa,OAAA;AAAE,wGAAA,YAAY,OAAA;AAQnD,qCAMmB;AALjB,+GAAA,oBAAoB,OAAA;AACpB,gHAAA,qBAAqB,OAAA;AACrB,2GAAA,gBAAgB,OAAA;AAChB,oHAAA,yBAAyB,OAAA;AACzB,uGAAA,YAAY,OAAA"}
|
|
@@ -48,6 +48,7 @@ export interface ImpersonateRequest {
|
|
|
48
48
|
scope?: string;
|
|
49
49
|
zoneId?: string;
|
|
50
50
|
}
|
|
51
|
+
export declare function deserializeTokenResponse(json: Record<string, unknown>): TokenResponse;
|
|
51
52
|
export declare class TokenExchangeClient {
|
|
52
53
|
#private;
|
|
53
54
|
constructor(issuer: string, options?: TokenExchangeClientOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenExchange.d.ts","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAO9D,eAAO,MAAM,SAAS;;IAEpB;;;OAGG;;CAEK,CAAC;AACX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEnE,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;
|
|
1
|
+
{"version":3,"file":"tokenExchange.d.ts","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAO9D,eAAO,MAAM,SAAS;;IAEpB;;;OAGG;;CAEK,CAAC;AACX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEnE,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAyBD,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa,CAmBrF;AAMD,qBAAa,mBAAmB;;gBAQlB,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,0BAA0B;IAO1D,aAAa,CACjB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,aAAa,CAAC;IA8CnB,WAAW,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IA+BlE;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;CAuB1C"}
|
|
@@ -13,6 +13,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
13
13
|
var _TokenExchangeClient_instances, _TokenExchangeClient_issuer, _TokenExchangeClient_clientId, _TokenExchangeClient_clientSecret, _TokenExchangeClient_credential, _TokenExchangeClient_tokenEndpoint, _TokenExchangeClient_discoveryPromise, _TokenExchangeClient_resolveBasicAuth, _TokenExchangeClient_getTokenEndpoint;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.TokenExchangeClient = exports.TokenType = void 0;
|
|
16
|
+
exports.deserializeTokenResponse = deserializeTokenResponse;
|
|
16
17
|
const discovery_js_1 = require("./discovery.js");
|
|
17
18
|
const errors_js_1 = require("./errors.js");
|
|
18
19
|
const substituteUser_js_1 = require("./jwt/substituteUser.js");
|
|
@@ -53,7 +54,7 @@ function serializeRequest(request) {
|
|
|
53
54
|
params.set("client_assertion_type", request.clientAssertionType);
|
|
54
55
|
return params;
|
|
55
56
|
}
|
|
56
|
-
function
|
|
57
|
+
function deserializeTokenResponse(json) {
|
|
57
58
|
const accessToken = json.access_token;
|
|
58
59
|
if (typeof accessToken !== "string" || !accessToken) {
|
|
59
60
|
throw new Error("Token exchange response missing access_token");
|
|
@@ -128,7 +129,7 @@ class TokenExchangeClient {
|
|
|
128
129
|
throw new Error(`Token exchange failed (HTTP ${response.status})`);
|
|
129
130
|
}
|
|
130
131
|
const json = await response.json();
|
|
131
|
-
return
|
|
132
|
+
return deserializeTokenResponse(json);
|
|
132
133
|
}
|
|
133
134
|
async impersonate(req) {
|
|
134
135
|
if (!req.userIdentifier) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenExchange.js","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"tokenExchange.js","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAuFA,4DAmBC;AA1GD,iDAAkE;AAClE,2CAAyC;AAEzC,+DAAmE;AAEnE,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEnE,QAAA,SAAS,GAAG;IACvB,YAAY,EAAE,+CAA+C;IAC7D;;;OAGG;IACH,eAAe,EAAE,qDAAqD;CAC9D,CAAC;AAgDX,gFAAgF;AAChF,iEAAiE;AACjE,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,OAA6B;IACrD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,IAAI,iDAAiD,CAAC,CAAC;IACjG,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAC,gBAAgB,IAAI,+CAA+C,CAAC,CAAC;IAE9G,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,kBAAkB;QAAE,MAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/F,IAAI,OAAO,CAAC,UAAU;QAAE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACtE,IAAI,OAAO,CAAC,cAAc;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IACnF,IAAI,OAAO,CAAC,eAAe;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,mBAAmB;QAAE,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAElG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,wBAAwB,CAAC,IAA6B;IACpE,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;IACtC,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,QAAQ,GAAkB;QAC9B,WAAW;QACX,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;KAC5E,CAAC;IAEF,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9E,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QAAE,QAAQ,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;IACvF,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ;QAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC,iBAAiB,CAAC;IAClG,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnC,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF,MAAa,mBAAmB;IAQ9B,YAAY,MAAc,EAAE,OAAoC;;QAPhE,8CAAgB;QAChB,gDAAmB;QACnB,oDAAuB;QACvB,kDAAoC;QACpC,qDAAwB;QACxB,wDAAoC;QAGlC,uBAAA,IAAI,+BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,iCAAa,OAAO,EAAE,QAAQ,MAAA,CAAC;QACnC,uBAAA,IAAI,qCAAiB,OAAO,EAAE,YAAY,MAAA,CAAC;QAC3C,uBAAA,IAAI,mCAAe,OAAO,EAAE,UAAU,MAAA,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAA6B,EAC7B,OAAyB;QAEzB,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,6EAAkB,MAAtB,IAAI,CAAoB,CAAC;QACrD,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,MAAM,SAAS,GAAG,uBAAA,IAAI,6EAAkB,MAAtB,IAAI,EAAmB,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,WAAW,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACtB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;gBACnE,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACxC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC;oBAClC,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,QAAQ;wBACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB;wBAC7B,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ;wBACtD,CAAC,CAAC,SAAS,CAAC,SAAS;wBACrB,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,IAAI,sBAAU,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,sBAAU;oBAAE,MAAM,CAAC,CAAC;gBACrC,4CAA4C;YAC9C,CAAC;YACD,MAAM,IAAI,KAAK,CACb,+BAA+B,QAAQ,CAAC,MAAM,GAAG,CAClD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;QAC9D,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAuB;QACvC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,YAAY,GAAG,IAAA,4CAAwB,EAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,aAAa,CACvB;YACE,YAAY;YACZ,gBAAgB,EAAE,iBAAS,CAAC,eAAe;YAC3C,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,KAAK,EAAE,GAAG,CAAC,KAAK;SACjB,EACD,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CACvB,CAAC;IACJ,CAAC;IAcD;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,OAAO,uBAAA,IAAI,6EAAkB,MAAtB,IAAI,CAAoB,CAAC;IAClC,CAAC;CAqBF;AA3HD,kDA2HC;kbAvCG,MAA0B;IAE1B,IAAI,uBAAA,IAAI,uCAAY,EAAE,CAAC;QACrB,OAAO,uBAAA,IAAI,uCAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,uBAAA,IAAI,qCAAU,IAAI,uBAAA,IAAI,yCAAc,EAAE,CAAC;QACzC,OAAO,EAAE,QAAQ,EAAE,uBAAA,IAAI,qCAAU,EAAE,YAAY,EAAE,uBAAA,IAAI,yCAAc,EAAE,CAAC;IACxE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,0CAWD,KAAK;IACH,IAAI,uBAAA,IAAI,0CAAe,EAAE,CAAC;QACxB,OAAO,uBAAA,IAAI,0CAAe,CAAC;IAC7B,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,uBAAA,IAAI,6CAAkB,EAAE,CAAC;QAC5B,uBAAA,IAAI,yCAAqB,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,QAAQ,GAAG,MAAM,IAAA,+CAAgC,EAAC,uBAAA,IAAI,mCAAQ,CAAC,CAAC;YACtE,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,uBAAA,IAAI,mCAAQ,uCAAuC,CAAC,CAAC;YAChG,CAAC;YACD,uBAAA,IAAI,sCAAkB,QAAQ,CAAC,cAAc,MAAA,CAAC;YAC9C,OAAO,uBAAA,IAAI,0CAAe,CAAC;QAC7B,CAAC,CAAC,EAAE,MAAA,CAAC;IACP,CAAC;IAED,OAAO,uBAAA,IAAI,6CAAkB,CAAC;AAChC,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import type { ApplicationCredential } from "./credentials.js";
|
|
2
|
+
import { type TokenResponse } from "./tokenExchange.js";
|
|
3
|
+
export interface ClientCredentialsRequest {
|
|
4
|
+
resource?: string;
|
|
5
|
+
scope?: string;
|
|
6
|
+
clientAssertion?: string;
|
|
7
|
+
clientAssertionType?: string;
|
|
8
|
+
}
|
|
9
|
+
export interface ClientCredentialsClientOptions {
|
|
10
|
+
clientId?: string;
|
|
11
|
+
clientSecret?: string;
|
|
12
|
+
/**
|
|
13
|
+
* Application credential provider. When set, takes precedence over
|
|
14
|
+
* static `clientId`/`clientSecret` and resolves the per-request
|
|
15
|
+
* Authorization header from the credential's `getAuth(zoneId)`.
|
|
16
|
+
*/
|
|
17
|
+
credential?: ApplicationCredential;
|
|
18
|
+
}
|
|
19
|
+
export interface RequestTokenOptions {
|
|
20
|
+
zoneId?: string;
|
|
21
|
+
}
|
|
22
|
+
export declare class ClientCredentialsClient {
|
|
23
|
+
#private;
|
|
24
|
+
constructor(issuer: string, options?: ClientCredentialsClientOptions);
|
|
25
|
+
requestToken(request?: ClientCredentialsRequest, options?: RequestTokenOptions): Promise<TokenResponse>;
|
|
26
|
+
/**
|
|
27
|
+
* Resolve the authorization server's token endpoint (discovered from metadata
|
|
28
|
+
* and cached). Exposed so a caller can build a credential assertion whose
|
|
29
|
+
* `aud` is the token endpoint before invoking {@link requestToken}.
|
|
30
|
+
*/
|
|
31
|
+
getTokenEndpoint(): Promise<string>;
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=clientCredentials.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientCredentials.d.ts","sourceRoot":"","sources":["../../src/clientCredentials.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAA4B,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMlF,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAuBD,qBAAa,uBAAuB;;gBAQtB,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,8BAA8B;IAO9D,YAAY,CAChB,OAAO,CAAC,EAAE,wBAAwB,EAClC,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,aAAa,CAAC;IA0DzB;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;CAuB1C"}
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
2
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
3
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
4
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
5
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
6
|
+
};
|
|
7
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
8
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
9
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
10
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
11
|
+
};
|
|
12
|
+
var _ClientCredentialsClient_instances, _ClientCredentialsClient_issuer, _ClientCredentialsClient_clientId, _ClientCredentialsClient_clientSecret, _ClientCredentialsClient_credential, _ClientCredentialsClient_tokenEndpoint, _ClientCredentialsClient_discoveryPromise, _ClientCredentialsClient_resolveBasicAuth, _ClientCredentialsClient_getTokenEndpoint;
|
|
13
|
+
import { fetchAuthorizationServerMetadata } from "./discovery.js";
|
|
14
|
+
import { OAuthError } from "./errors.js";
|
|
15
|
+
import { deserializeTokenResponse } from "./tokenExchange.js";
|
|
16
|
+
// =============================================================================
|
|
17
|
+
// Wire format helpers (camelCase <-> snake_case at the boundary)
|
|
18
|
+
// =============================================================================
|
|
19
|
+
function serializeRequest(request) {
|
|
20
|
+
const params = new URLSearchParams();
|
|
21
|
+
params.set("grant_type", "client_credentials");
|
|
22
|
+
if (request.resource)
|
|
23
|
+
params.set("resource", request.resource);
|
|
24
|
+
if (request.scope)
|
|
25
|
+
params.set("scope", request.scope);
|
|
26
|
+
if (request.clientAssertion)
|
|
27
|
+
params.set("client_assertion", request.clientAssertion);
|
|
28
|
+
if (request.clientAssertionType)
|
|
29
|
+
params.set("client_assertion_type", request.clientAssertionType);
|
|
30
|
+
return params;
|
|
31
|
+
}
|
|
32
|
+
// =============================================================================
|
|
33
|
+
// Client Credentials Client
|
|
34
|
+
// =============================================================================
|
|
35
|
+
export class ClientCredentialsClient {
|
|
36
|
+
constructor(issuer, options) {
|
|
37
|
+
_ClientCredentialsClient_instances.add(this);
|
|
38
|
+
_ClientCredentialsClient_issuer.set(this, void 0);
|
|
39
|
+
_ClientCredentialsClient_clientId.set(this, void 0);
|
|
40
|
+
_ClientCredentialsClient_clientSecret.set(this, void 0);
|
|
41
|
+
_ClientCredentialsClient_credential.set(this, void 0);
|
|
42
|
+
_ClientCredentialsClient_tokenEndpoint.set(this, void 0);
|
|
43
|
+
_ClientCredentialsClient_discoveryPromise.set(this, void 0);
|
|
44
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_issuer, issuer, "f");
|
|
45
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_clientId, options?.clientId, "f");
|
|
46
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_clientSecret, options?.clientSecret, "f");
|
|
47
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_credential, options?.credential, "f");
|
|
48
|
+
}
|
|
49
|
+
async requestToken(request, options) {
|
|
50
|
+
const tokenEndpoint = await __classPrivateFieldGet(this, _ClientCredentialsClient_instances, "m", _ClientCredentialsClient_getTokenEndpoint).call(this);
|
|
51
|
+
const body = serializeRequest(request ?? {});
|
|
52
|
+
const headers = {
|
|
53
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
54
|
+
};
|
|
55
|
+
const basicAuth = __classPrivateFieldGet(this, _ClientCredentialsClient_instances, "m", _ClientCredentialsClient_resolveBasicAuth).call(this, options?.zoneId);
|
|
56
|
+
if (basicAuth) {
|
|
57
|
+
const credentials = btoa(`${basicAuth.clientId}:${basicAuth.clientSecret}`);
|
|
58
|
+
headers["Authorization"] = `Basic ${credentials}`;
|
|
59
|
+
}
|
|
60
|
+
const response = await fetch(tokenEndpoint, {
|
|
61
|
+
method: "POST",
|
|
62
|
+
headers,
|
|
63
|
+
body: body.toString(),
|
|
64
|
+
});
|
|
65
|
+
if (!response.ok) {
|
|
66
|
+
try {
|
|
67
|
+
const errorBody = await response.json();
|
|
68
|
+
if (typeof errorBody.error === "string") {
|
|
69
|
+
const errorCode = errorBody.error;
|
|
70
|
+
const description = typeof errorBody.error_description === "string"
|
|
71
|
+
? errorBody.error_description
|
|
72
|
+
: errorCode;
|
|
73
|
+
const errorUri = typeof errorBody.error_uri === "string"
|
|
74
|
+
? errorBody.error_uri
|
|
75
|
+
: undefined;
|
|
76
|
+
throw new OAuthError(errorCode, description, errorUri);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
catch (e) {
|
|
80
|
+
if (e instanceof OAuthError)
|
|
81
|
+
throw e;
|
|
82
|
+
// non-JSON or no "error" key: fall through
|
|
83
|
+
}
|
|
84
|
+
throw new Error(`Client credentials request failed (HTTP ${response.status})`);
|
|
85
|
+
}
|
|
86
|
+
const json = await response.json();
|
|
87
|
+
return deserializeTokenResponse(json);
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Resolve the authorization server's token endpoint (discovered from metadata
|
|
91
|
+
* and cached). Exposed so a caller can build a credential assertion whose
|
|
92
|
+
* `aud` is the token endpoint before invoking {@link requestToken}.
|
|
93
|
+
*/
|
|
94
|
+
async getTokenEndpoint() {
|
|
95
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_instances, "m", _ClientCredentialsClient_getTokenEndpoint).call(this);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
_ClientCredentialsClient_issuer = new WeakMap(), _ClientCredentialsClient_clientId = new WeakMap(), _ClientCredentialsClient_clientSecret = new WeakMap(), _ClientCredentialsClient_credential = new WeakMap(), _ClientCredentialsClient_tokenEndpoint = new WeakMap(), _ClientCredentialsClient_discoveryPromise = new WeakMap(), _ClientCredentialsClient_instances = new WeakSet(), _ClientCredentialsClient_resolveBasicAuth = function _ClientCredentialsClient_resolveBasicAuth(zoneId) {
|
|
99
|
+
if (__classPrivateFieldGet(this, _ClientCredentialsClient_credential, "f")) {
|
|
100
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_credential, "f").getAuth(zoneId);
|
|
101
|
+
}
|
|
102
|
+
if (__classPrivateFieldGet(this, _ClientCredentialsClient_clientId, "f") && __classPrivateFieldGet(this, _ClientCredentialsClient_clientSecret, "f")) {
|
|
103
|
+
return { clientId: __classPrivateFieldGet(this, _ClientCredentialsClient_clientId, "f"), clientSecret: __classPrivateFieldGet(this, _ClientCredentialsClient_clientSecret, "f") };
|
|
104
|
+
}
|
|
105
|
+
return null;
|
|
106
|
+
}, _ClientCredentialsClient_getTokenEndpoint = async function _ClientCredentialsClient_getTokenEndpoint() {
|
|
107
|
+
if (__classPrivateFieldGet(this, _ClientCredentialsClient_tokenEndpoint, "f")) {
|
|
108
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_tokenEndpoint, "f");
|
|
109
|
+
}
|
|
110
|
+
// Promise-based lock: only one concurrent discovery
|
|
111
|
+
if (!__classPrivateFieldGet(this, _ClientCredentialsClient_discoveryPromise, "f")) {
|
|
112
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_discoveryPromise, (async () => {
|
|
113
|
+
const metadata = await fetchAuthorizationServerMetadata(__classPrivateFieldGet(this, _ClientCredentialsClient_issuer, "f"));
|
|
114
|
+
if (!metadata.token_endpoint) {
|
|
115
|
+
throw new Error(`Authorization server "${__classPrivateFieldGet(this, _ClientCredentialsClient_issuer, "f")}" does not advertise a token_endpoint`);
|
|
116
|
+
}
|
|
117
|
+
__classPrivateFieldSet(this, _ClientCredentialsClient_tokenEndpoint, metadata.token_endpoint, "f");
|
|
118
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_tokenEndpoint, "f");
|
|
119
|
+
})(), "f");
|
|
120
|
+
}
|
|
121
|
+
return __classPrivateFieldGet(this, _ClientCredentialsClient_discoveryPromise, "f");
|
|
122
|
+
};
|
|
123
|
+
//# sourceMappingURL=clientCredentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientCredentials.js","sourceRoot":"","sources":["../../src/clientCredentials.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,wBAAwB,EAAsB,MAAM,oBAAoB,CAAC;AA4BlF,gFAAgF;AAChF,iEAAiE;AACjE,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,OAAiC;IACzD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;IAE/C,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,eAAe;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,mBAAmB;QAAE,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAElG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAChF,4BAA4B;AAC5B,gFAAgF;AAEhF,MAAM,OAAO,uBAAuB;IAQlC,YAAY,MAAc,EAAE,OAAwC;;QAPpE,kDAAgB;QAChB,oDAAmB;QACnB,wDAAuB;QACvB,sDAAoC;QACpC,yDAAwB;QACxB,4DAAoC;QAGlC,uBAAA,IAAI,mCAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,qCAAa,OAAO,EAAE,QAAQ,MAAA,CAAC;QACnC,uBAAA,IAAI,yCAAiB,OAAO,EAAE,YAAY,MAAA,CAAC;QAC3C,uBAAA,IAAI,uCAAe,OAAO,EAAE,UAAU,MAAA,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,OAAkC,EAClC,OAA6B;QAE7B,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,CAAoB,CAAC;QACrD,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAE7C,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,MAAM,SAAS,GAAG,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,EAAmB,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,WAAW,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACtB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;gBACnE,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACxC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC;oBAClC,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,QAAQ;wBACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB;wBAC7B,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ;wBACtD,CAAC,CAAC,SAAS,CAAC,SAAS;wBACrB,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,IAAI,UAAU,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU;oBAAE,MAAM,CAAC,CAAC;gBACrC,2CAA2C;YAC7C,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2CAA2C,QAAQ,CAAC,MAAM,GAAG,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;QAC9D,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAcD;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,OAAO,uBAAA,IAAI,qFAAkB,MAAtB,IAAI,CAAoB,CAAC;IAClC,CAAC;CAqBF;sdAvCG,MAA0B;IAE1B,IAAI,uBAAA,IAAI,2CAAY,EAAE,CAAC;QACrB,OAAO,uBAAA,IAAI,2CAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,uBAAA,IAAI,yCAAU,IAAI,uBAAA,IAAI,6CAAc,EAAE,CAAC;QACzC,OAAO,EAAE,QAAQ,EAAE,uBAAA,IAAI,yCAAU,EAAE,YAAY,EAAE,uBAAA,IAAI,6CAAc,EAAE,CAAC;IACxE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,8CAWD,KAAK;IACH,IAAI,uBAAA,IAAI,8CAAe,EAAE,CAAC;QACxB,OAAO,uBAAA,IAAI,8CAAe,CAAC;IAC7B,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,uBAAA,IAAI,iDAAkB,EAAE,CAAC;QAC5B,uBAAA,IAAI,6CAAqB,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CAAC,uBAAA,IAAI,uCAAQ,CAAC,CAAC;YACtE,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,uBAAA,IAAI,uCAAQ,uCAAuC,CAAC,CAAC;YAChG,CAAC;YACD,uBAAA,IAAI,0CAAkB,QAAQ,CAAC,cAAc,MAAA,CAAC;YAC9C,OAAO,uBAAA,IAAI,8CAAe,CAAC;QAC7B,CAAC,CAAC,EAAE,MAAA,CAAC;IACP,CAAC;IAED,OAAO,uBAAA,IAAI,iDAAkB,CAAC;AAChC,CAAC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -10,6 +10,8 @@ export { JWTVerifier } from "./jwt/verifier.js";
|
|
|
10
10
|
export { buildSubstituteUserToken } from "./jwt/substituteUser.js";
|
|
11
11
|
export { TokenExchangeClient, TokenType } from "./tokenExchange.js";
|
|
12
12
|
export type { TokenExchangeRequest, TokenResponse, TokenExchangeClientOptions, ExchangeOptions, ImpersonateRequest, } from "./tokenExchange.js";
|
|
13
|
+
export { ClientCredentialsClient } from "./clientCredentials.js";
|
|
14
|
+
export type { ClientCredentialsRequest, ClientCredentialsClientOptions, RequestTokenOptions, } from "./clientCredentials.js";
|
|
13
15
|
export type { ApplicationCredential } from "./credentials.js";
|
|
14
16
|
export { registerClient } from "./registration.js";
|
|
15
17
|
export type { ClientRegistrationRequest, ClientRegistrationResponse, RegisterClientOptions, } from "./registration.js";
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC3G,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,YAAY,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EACL,SAAS,EACT,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,8BAA8B,EAC9B,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,0BAA0B,EAC1B,eAAe,EACf,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EACV,yBAAyB,EACzB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/E,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,WAAW,EACX,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,GACb,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,IAAI,EACJ,gCAAgC,EAChC,mBAAmB,GACpB,MAAM,WAAW,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC3G,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,YAAY,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EACL,SAAS,EACT,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,8BAA8B,EAC9B,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,0BAA0B,EAC1B,eAAe,EACf,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,YAAY,EACV,wBAAwB,EACxB,8BAA8B,EAC9B,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EACV,yBAAyB,EACzB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/E,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,WAAW,EACX,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,GACb,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,IAAI,EACJ,gCAAgC,EAChC,mBAAmB,GACpB,MAAM,WAAW,CAAC"}
|
package/dist/esm/index.js
CHANGED
|
@@ -6,6 +6,7 @@ export { JWTSigner } from "./jwt/signer.js";
|
|
|
6
6
|
export { JWTVerifier } from "./jwt/verifier.js";
|
|
7
7
|
export { buildSubstituteUserToken } from "./jwt/substituteUser.js";
|
|
8
8
|
export { TokenExchangeClient, TokenType } from "./tokenExchange.js";
|
|
9
|
+
export { ClientCredentialsClient } from "./clientCredentials.js";
|
|
9
10
|
export { registerClient } from "./registration.js";
|
|
10
11
|
export { AccessContext, TokenVerifier, ClientSecret } from "./server/index.js";
|
|
11
12
|
export { generateCodeVerifier, generateCodeChallenge, generatePkcePair, exchangeAuthorizationCode, authenticate, } from "./pkce.js";
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EACL,SAAS,EACT,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,8BAA8B,EAC9B,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EACL,SAAS,EACT,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,8BAA8B,EAC9B,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAQpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAOjE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAMnD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAQ/E,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,GACb,MAAM,WAAW,CAAC"}
|
|
@@ -48,6 +48,7 @@ export interface ImpersonateRequest {
|
|
|
48
48
|
scope?: string;
|
|
49
49
|
zoneId?: string;
|
|
50
50
|
}
|
|
51
|
+
export declare function deserializeTokenResponse(json: Record<string, unknown>): TokenResponse;
|
|
51
52
|
export declare class TokenExchangeClient {
|
|
52
53
|
#private;
|
|
53
54
|
constructor(issuer: string, options?: TokenExchangeClientOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenExchange.d.ts","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAO9D,eAAO,MAAM,SAAS;;IAEpB;;;OAGG;;CAEK,CAAC;AACX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEnE,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;
|
|
1
|
+
{"version":3,"file":"tokenExchange.d.ts","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAO9D,eAAO,MAAM,SAAS;;IAEpB;;;OAGG;;CAEK,CAAC;AACX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEnE,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAyBD,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa,CAmBrF;AAMD,qBAAa,mBAAmB;;gBAQlB,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,0BAA0B;IAO1D,aAAa,CACjB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,aAAa,CAAC;IA8CnB,WAAW,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IA+BlE;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;CAuB1C"}
|
|
@@ -50,7 +50,7 @@ function serializeRequest(request) {
|
|
|
50
50
|
params.set("client_assertion_type", request.clientAssertionType);
|
|
51
51
|
return params;
|
|
52
52
|
}
|
|
53
|
-
function
|
|
53
|
+
export function deserializeTokenResponse(json) {
|
|
54
54
|
const accessToken = json.access_token;
|
|
55
55
|
if (typeof accessToken !== "string" || !accessToken) {
|
|
56
56
|
throw new Error("Token exchange response missing access_token");
|
|
@@ -125,7 +125,7 @@ export class TokenExchangeClient {
|
|
|
125
125
|
throw new Error(`Token exchange failed (HTTP ${response.status})`);
|
|
126
126
|
}
|
|
127
127
|
const json = await response.json();
|
|
128
|
-
return
|
|
128
|
+
return deserializeTokenResponse(json);
|
|
129
129
|
}
|
|
130
130
|
async impersonate(req) {
|
|
131
131
|
if (!req.userIdentifier) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenExchange.js","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AAEnE,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,YAAY,EAAE,+CAA+C;IAC7D;;;OAGG;IACH,eAAe,EAAE,qDAAqD;CAC9D,CAAC;AAgDX,gFAAgF;AAChF,iEAAiE;AACjE,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,OAA6B;IACrD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,IAAI,iDAAiD,CAAC,CAAC;IACjG,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAC,gBAAgB,IAAI,+CAA+C,CAAC,CAAC;IAE9G,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,kBAAkB;QAAE,MAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/F,IAAI,OAAO,CAAC,UAAU;QAAE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACtE,IAAI,OAAO,CAAC,cAAc;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IACnF,IAAI,OAAO,CAAC,eAAe;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,mBAAmB;QAAE,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAElG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,
|
|
1
|
+
{"version":3,"file":"tokenExchange.js","sourceRoot":"","sources":["../../src/tokenExchange.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AAEnE,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,YAAY,EAAE,+CAA+C;IAC7D;;;OAGG;IACH,eAAe,EAAE,qDAAqD;CAC9D,CAAC;AAgDX,gFAAgF;AAChF,iEAAiE;AACjE,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,OAA6B;IACrD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,IAAI,iDAAiD,CAAC,CAAC;IACjG,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAC,gBAAgB,IAAI,+CAA+C,CAAC,CAAC;IAE9G,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,QAAQ;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,kBAAkB;QAAE,MAAM,CAAC,GAAG,CAAC,sBAAsB,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/F,IAAI,OAAO,CAAC,UAAU;QAAE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACtE,IAAI,OAAO,CAAC,cAAc;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IACnF,IAAI,OAAO,CAAC,eAAe;QAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,mBAAmB;QAAE,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAElG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,IAA6B;IACpE,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;IACtC,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,QAAQ,GAAkB;QAC9B,WAAW;QACX,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;KAC5E,CAAC;IAEF,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9E,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QAAE,QAAQ,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;IACvF,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ;QAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC,iBAAiB,CAAC;IAClG,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnC,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF,MAAM,OAAO,mBAAmB;IAQ9B,YAAY,MAAc,EAAE,OAAoC;;QAPhE,8CAAgB;QAChB,gDAAmB;QACnB,oDAAuB;QACvB,kDAAoC;QACpC,qDAAwB;QACxB,wDAAoC;QAGlC,uBAAA,IAAI,+BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,iCAAa,OAAO,EAAE,QAAQ,MAAA,CAAC;QACnC,uBAAA,IAAI,qCAAiB,OAAO,EAAE,YAAY,MAAA,CAAC;QAC3C,uBAAA,IAAI,mCAAe,OAAO,EAAE,UAAU,MAAA,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAA6B,EAC7B,OAAyB;QAEzB,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,6EAAkB,MAAtB,IAAI,CAAoB,CAAC;QACrD,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,MAAM,SAAS,GAAG,uBAAA,IAAI,6EAAkB,MAAtB,IAAI,EAAmB,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,WAAW,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACtB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;gBACnE,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACxC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC;oBAClC,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,QAAQ;wBACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB;wBAC7B,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ;wBACtD,CAAC,CAAC,SAAS,CAAC,SAAS;wBACrB,CAAC,CAAC,SAAS,CAAC;oBACd,MAAM,IAAI,UAAU,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU;oBAAE,MAAM,CAAC,CAAC;gBACrC,4CAA4C;YAC9C,CAAC;YACD,MAAM,IAAI,KAAK,CACb,+BAA+B,QAAQ,CAAC,MAAM,GAAG,CAClD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;QAC9D,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAuB;QACvC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,aAAa,CACvB;YACE,YAAY;YACZ,gBAAgB,EAAE,SAAS,CAAC,eAAe;YAC3C,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,KAAK,EAAE,GAAG,CAAC,KAAK;SACjB,EACD,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CACvB,CAAC;IACJ,CAAC;IAcD;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,OAAO,uBAAA,IAAI,6EAAkB,MAAtB,IAAI,CAAoB,CAAC;IAClC,CAAC;CAqBF;kbAvCG,MAA0B;IAE1B,IAAI,uBAAA,IAAI,uCAAY,EAAE,CAAC;QACrB,OAAO,uBAAA,IAAI,uCAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,uBAAA,IAAI,qCAAU,IAAI,uBAAA,IAAI,yCAAc,EAAE,CAAC;QACzC,OAAO,EAAE,QAAQ,EAAE,uBAAA,IAAI,qCAAU,EAAE,YAAY,EAAE,uBAAA,IAAI,yCAAc,EAAE,CAAC;IACxE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,0CAWD,KAAK;IACH,IAAI,uBAAA,IAAI,0CAAe,EAAE,CAAC;QACxB,OAAO,uBAAA,IAAI,0CAAe,CAAC;IAC7B,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,uBAAA,IAAI,6CAAkB,EAAE,CAAC;QAC5B,uBAAA,IAAI,yCAAqB,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CAAC,uBAAA,IAAI,mCAAQ,CAAC,CAAC;YACtE,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,yBAAyB,uBAAA,IAAI,mCAAQ,uCAAuC,CAAC,CAAC;YAChG,CAAC;YACD,uBAAA,IAAI,sCAAkB,QAAQ,CAAC,cAAc,MAAA,CAAC;YAC9C,OAAO,uBAAA,IAAI,0CAAe,CAAC;QAC7B,CAAC,CAAC,EAAE,MAAA,CAAC;IACP,CAAC;IAED,OAAO,uBAAA,IAAI,6CAAkB,CAAC;AAChC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@keycardai/oauth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.14.0",
|
|
4
4
|
"description": "[Preview] OAuth 2.0 primitives for Keycard: JWKS keyring, JWT signing/verification, server-tier token verifier, AccessContext, ClientSecret credentials, and impersonation via RFC 8693 token exchange",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": {
|