@keycardai/oauth 0.9.1 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/registration.d.ts +6 -0
- package/dist/cjs/registration.d.ts.map +1 -1
- package/dist/cjs/registration.js +8 -4
- package/dist/cjs/registration.js.map +1 -1
- package/dist/cjs/server/webIdentity.d.ts +2 -1
- package/dist/cjs/server/webIdentity.d.ts.map +1 -1
- package/dist/cjs/server/webIdentity.js +22 -2
- package/dist/cjs/server/webIdentity.js.map +1 -1
- package/dist/esm/registration.d.ts +6 -0
- package/dist/esm/registration.d.ts.map +1 -1
- package/dist/esm/registration.js +8 -4
- package/dist/esm/registration.js.map +1 -1
- package/dist/esm/server/webIdentity.d.ts +2 -1
- package/dist/esm/server/webIdentity.d.ts.map +1 -1
- package/dist/esm/server/webIdentity.js +22 -2
- package/dist/esm/server/webIdentity.js.map +1 -1
- package/package.json +1 -1
|
@@ -58,6 +58,12 @@ export interface RegisterClientOptions {
|
|
|
58
58
|
signal?: AbortSignal;
|
|
59
59
|
/** Request timeout in milliseconds. Ignored if `signal` is already provided. */
|
|
60
60
|
timeoutMs?: number;
|
|
61
|
+
/**
|
|
62
|
+
* Initial access token (RFC 7591 §3.1) sent as a `Bearer` credential on the
|
|
63
|
+
* registration request, for an authorization server whose registration
|
|
64
|
+
* endpoint requires authentication.
|
|
65
|
+
*/
|
|
66
|
+
initialAccessToken?: string;
|
|
61
67
|
}
|
|
62
68
|
/**
|
|
63
69
|
* Register a new OAuth 2.0 client with an authorization server (RFC 7591).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/B,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/B,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,yBAAyB,EAClC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,0BAA0B,CAAC,CA8DrC"}
|
package/dist/cjs/registration.js
CHANGED
|
@@ -22,12 +22,16 @@ async function registerClient(issuer, request, options) {
|
|
|
22
22
|
if (!metadata.registration_endpoint) {
|
|
23
23
|
throw new Error(`Authorization server "${issuer}" does not advertise a registration_endpoint`);
|
|
24
24
|
}
|
|
25
|
+
const headers = {
|
|
26
|
+
"Content-Type": "application/json",
|
|
27
|
+
Accept: "application/json",
|
|
28
|
+
};
|
|
29
|
+
if (options?.initialAccessToken) {
|
|
30
|
+
headers.Authorization = `Bearer ${options.initialAccessToken}`;
|
|
31
|
+
}
|
|
25
32
|
const response = await fetch(metadata.registration_endpoint, {
|
|
26
33
|
method: "POST",
|
|
27
|
-
headers
|
|
28
|
-
"Content-Type": "application/json",
|
|
29
|
-
Accept: "application/json",
|
|
30
|
-
},
|
|
34
|
+
headers,
|
|
31
35
|
body: JSON.stringify(serializeRequest(request)),
|
|
32
36
|
signal,
|
|
33
37
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration.js","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"registration.js","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":";;AAqFA,wCAkEC;AAvJD,iDAAkE;AAClE,2CAAyC;AAwEzC;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,cAAc,CAClC,MAAc,EACd,OAAkC,EAClC,OAA+B;IAE/B,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM;QAC5B,CAAC,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAEpF,MAAM,QAAQ,GAAG,MAAM,IAAA,+CAAgC,EAAC,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,yBAAyB,MAAM,8CAA8C,CAC9E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IACF,IAAI,OAAO,EAAE,kBAAkB,EAAE,CAAC;QAChC,OAAO,CAAC,aAAa,GAAG,UAAU,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACjE,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,qBAAqB,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM;KACP,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,IAAI,SAAS,GAAmC,IAAI,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAa,CAAC;YAC9C,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,SAAS,GAAG,IAA+B,CAAC;YAC9C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;QACD,IAAI,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,QAAQ;gBACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB;gBAC7B,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC;YACpB,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAC3F,MAAM,IAAI,sBAAU,CAAC,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,IAAa,CAAC;IAClB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,IAAI,GAAG,IAA+B,CAAC;IAE7C,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,0EAA0E;IAC1E,iFAAiF;IACjF,MAAM,IAAI,GAA4B,EAAE,CAAC;IACzC,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAC5E,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IACzE,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IACnE,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;QAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAChE,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IACzE,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAC5E,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS;QAAE,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAC3F,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IACnE,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS;QAAE,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IACzD,IAAI,OAAO,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;QAClD,IAAI,CAAC,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IACpE,CAAC;IACD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS;QAAE,IAAI,CAAC,aAAa,GAAG,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACvF,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACjF,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS;QAAE,IAAI,CAAC,cAAc,GAAG,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1F,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS;QAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,IAA6B;IACxD,MAAM,QAAQ,GAA+B;QAC3C,QAAQ,EAAE,IAAI,CAAC,SAAmB;QAClC,GAAG,EAAE,IAAI;KACV,CAAC;IACF,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QAAE,QAAQ,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;IACvF,IAAI,OAAO,IAAI,CAAC,mBAAmB,KAAK,QAAQ;QAAE,QAAQ,CAAC,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC;IACvG,IAAI,OAAO,IAAI,CAAC,wBAAwB,KAAK,QAAQ,EAAE,CAAC;QACtD,QAAQ,CAAC,qBAAqB,GAAG,IAAI,CAAC,wBAAwB,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ;QAAE,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;IACjF,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9E,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;IACxE,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;QAAE,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC;IACrE,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9E,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ;QAAE,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;IACjF,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ;QAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAChG,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;IACxE,IAAI,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC,IAA+B,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ,EAAE,CAAC;QACxD,QAAQ,CAAC,uBAAuB,GAAG,IAAI,CAAC,0BAA0B,CAAC;IACrE,CAAC;IACD,QAAQ,CAAC,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACjE,QAAQ,CAAC,UAAU,GAAG,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7D,QAAQ,CAAC,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACnE,QAAQ,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,OAAO,IAAI,CAAC,yBAAyB,KAAK,QAAQ,EAAE,CAAC;QACvD,QAAQ,CAAC,uBAAuB,GAAG,IAAI,CAAC,yBAAyB,CAAC;IACpE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,uBAAuB,KAAK,QAAQ,EAAE,CAAC;QACrD,QAAQ,CAAC,qBAAqB,GAAG,IAAI,CAAC,uBAAuB,CAAC;IAChE,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;QACpE,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC/C,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,CAAC;IACD,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC"}
|
|
@@ -13,7 +13,8 @@ export interface WebIdentityOptions {
|
|
|
13
13
|
* RFC 7523 private_key_jwt client assertion credential provider.
|
|
14
14
|
*
|
|
15
15
|
* Generates and persists an RSA key pair using the supplied storage
|
|
16
|
-
* implementation (default: `FilePrivateKeyStorage("./
|
|
16
|
+
* implementation (default: `FilePrivateKeyStorage("./server_keys")`, falling
|
|
17
|
+
* back to `./mcp_keys` when that directory already exists).
|
|
17
18
|
* On each token exchange the private key signs a client assertion JWT
|
|
18
19
|
* that the authorization server verifies instead of a shared secret.
|
|
19
20
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webIdentity.d.ts","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"webIdentity.d.ts","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAEhE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEzD,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAqBzD,MAAM,WAAW,kBAAkB;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClD;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,WAAY,YAAW,qBAAqB;;gBAI3C,OAAO,GAAE,kBAAuB;IAiBtC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;IAOhC,OAAO,IAAI,IAAI;IAIT,2BAA2B,CAC/B,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GACtE,OAAO,CAAC,oBAAoB,CAAC;IAchC,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAA;KAAE;IAIpD,gBAAgB,CAAC,iBAAiB,EAAE,MAAM,GAAG,MAAM;CAGpD"}
|
|
@@ -13,12 +13,32 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
13
13
|
var _WebIdentity_keyManager, _WebIdentity_bootstrapPromise;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.WebIdentity = void 0;
|
|
16
|
+
const node_fs_1 = require("node:fs");
|
|
16
17
|
const privateKey_js_1 = require("./privateKey.js");
|
|
18
|
+
const DEFAULT_STORAGE_DIR = "./server_keys";
|
|
19
|
+
const LEGACY_STORAGE_DIR = "./mcp_keys";
|
|
20
|
+
/**
|
|
21
|
+
* Prefer `./server_keys`. Fall back to the pre-extraction `./mcp_keys` when it
|
|
22
|
+
* exists and `./server_keys` does not, so a deployment that relied on the
|
|
23
|
+
* implicit default keeps its keys after upgrade.
|
|
24
|
+
*/
|
|
25
|
+
function resolveDefaultStorageDir() {
|
|
26
|
+
try {
|
|
27
|
+
if (!(0, node_fs_1.existsSync)(DEFAULT_STORAGE_DIR) && (0, node_fs_1.existsSync)(LEGACY_STORAGE_DIR)) {
|
|
28
|
+
return LEGACY_STORAGE_DIR;
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
catch {
|
|
32
|
+
// ignore filesystem probe errors; use the default
|
|
33
|
+
}
|
|
34
|
+
return DEFAULT_STORAGE_DIR;
|
|
35
|
+
}
|
|
17
36
|
/**
|
|
18
37
|
* RFC 7523 private_key_jwt client assertion credential provider.
|
|
19
38
|
*
|
|
20
39
|
* Generates and persists an RSA key pair using the supplied storage
|
|
21
|
-
* implementation (default: `FilePrivateKeyStorage("./
|
|
40
|
+
* implementation (default: `FilePrivateKeyStorage("./server_keys")`, falling
|
|
41
|
+
* back to `./mcp_keys` when that directory already exists).
|
|
22
42
|
* On each token exchange the private key signs a client assertion JWT
|
|
23
43
|
* that the authorization server verifies instead of a shared secret.
|
|
24
44
|
*
|
|
@@ -30,7 +50,7 @@ class WebIdentity {
|
|
|
30
50
|
_WebIdentity_keyManager.set(this, void 0);
|
|
31
51
|
_WebIdentity_bootstrapPromise.set(this, void 0);
|
|
32
52
|
const storage = options.storage ??
|
|
33
|
-
new privateKey_js_1.FilePrivateKeyStorage(options.storageDir ??
|
|
53
|
+
new privateKey_js_1.FilePrivateKeyStorage(options.storageDir ?? resolveDefaultStorageDir());
|
|
34
54
|
let keyId = options.keyId;
|
|
35
55
|
if (!keyId && options.serverName) {
|
|
36
56
|
keyId = options.serverName.replace(/[^a-zA-Z0-9\-_]/g, "_");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webIdentity.js","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"webIdentity.js","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,qCAAqC;AAGrC,mDAA2E;AAK3E,MAAM,mBAAmB,GAAG,eAAe,CAAC;AAC5C,MAAM,kBAAkB,GAAG,YAAY,CAAC;AAExC;;;;GAIG;AACH,SAAS,wBAAwB;IAC/B,IAAI,CAAC;QACH,IAAI,CAAC,IAAA,oBAAU,EAAC,mBAAmB,CAAC,IAAI,IAAA,oBAAU,EAAC,kBAAkB,CAAC,EAAE,CAAC;YACvE,OAAO,kBAAkB,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kDAAkD;IACpD,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAUD;;;;;;;;;;;GAWG;AACH,MAAa,WAAW;IAItB,YAAY,UAA8B,EAAE;QAH5C,0CAA+B;QAC/B,gDAAkC;QAGhC,MAAM,OAAO,GACX,OAAO,CAAC,OAAO;YACf,IAAI,qCAAqB,CAAC,OAAO,CAAC,UAAU,IAAI,wBAAwB,EAAE,CAAC,CAAC;QAE9E,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACjC,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;QAC9D,CAAC;QAED,uBAAA,IAAI,2BAAe,IAAI,iCAAiB,CAAC;YACvC,OAAO;YACP,KAAK;YACL,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,MAAA,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,uBAAA,IAAI,qCAAkB,EAAE,CAAC;YAC5B,uBAAA,IAAI,iCAAqB,uBAAA,IAAI,+BAAY,CAAC,iBAAiB,EAAE,MAAA,CAAC;QAChE,CAAC;QACD,OAAO,uBAAA,IAAI,qCAAkB,CAAC;IAChC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,2BAA2B,CAC/B,YAAoB,EACpB,QAAgB,EAChB,OAAuE;QAEvE,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,OAAO,EAAE,QAAQ,EAAE,kBAAkB,IAAI,uBAAA,IAAI,+BAAY,CAAC,WAAW,EAAE,CAAC;QACvF,MAAM,QAAQ,GAAG,OAAO,EAAE,aAAa,IAAI,MAAM,CAAC;QAClD,MAAM,eAAe,GAAG,MAAM,uBAAA,IAAI,+BAAY,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvF,OAAO;YACL,YAAY;YACZ,QAAQ;YACR,gBAAgB,EAAE,+CAA+C;YACjE,mBAAmB,EAAE,wDAAwD;YAC7E,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,aAAa;QACX,OAAO,uBAAA,IAAI,+BAAY,CAAC,aAAa,EAAE,CAAC;IAC1C,CAAC;IAED,gBAAgB,CAAC,iBAAyB;QACxC,OAAO,uBAAA,IAAI,+BAAY,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;IAC9D,CAAC;CACF;AAzDD,kCAyDC"}
|
|
@@ -58,6 +58,12 @@ export interface RegisterClientOptions {
|
|
|
58
58
|
signal?: AbortSignal;
|
|
59
59
|
/** Request timeout in milliseconds. Ignored if `signal` is already provided. */
|
|
60
60
|
timeoutMs?: number;
|
|
61
|
+
/**
|
|
62
|
+
* Initial access token (RFC 7591 §3.1) sent as a `Bearer` credential on the
|
|
63
|
+
* registration request, for an authorization server whose registration
|
|
64
|
+
* endpoint requires authentication.
|
|
65
|
+
*/
|
|
66
|
+
initialAccessToken?: string;
|
|
61
67
|
}
|
|
62
68
|
/**
|
|
63
69
|
* Register a new OAuth 2.0 client with an authorization server (RFC 7591).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/B,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/B,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,yBAAyB,EAClC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,0BAA0B,CAAC,CA8DrC"}
|
package/dist/esm/registration.js
CHANGED
|
@@ -19,12 +19,16 @@ export async function registerClient(issuer, request, options) {
|
|
|
19
19
|
if (!metadata.registration_endpoint) {
|
|
20
20
|
throw new Error(`Authorization server "${issuer}" does not advertise a registration_endpoint`);
|
|
21
21
|
}
|
|
22
|
+
const headers = {
|
|
23
|
+
"Content-Type": "application/json",
|
|
24
|
+
Accept: "application/json",
|
|
25
|
+
};
|
|
26
|
+
if (options?.initialAccessToken) {
|
|
27
|
+
headers.Authorization = `Bearer ${options.initialAccessToken}`;
|
|
28
|
+
}
|
|
22
29
|
const response = await fetch(metadata.registration_endpoint, {
|
|
23
30
|
method: "POST",
|
|
24
|
-
headers
|
|
25
|
-
"Content-Type": "application/json",
|
|
26
|
-
Accept: "application/json",
|
|
27
|
-
},
|
|
31
|
+
headers,
|
|
28
32
|
body: JSON.stringify(serializeRequest(request)),
|
|
29
33
|
signal,
|
|
30
34
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration.js","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"registration.js","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAwEzC;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAc,EACd,OAAkC,EAClC,OAA+B;IAE/B,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM;QAC5B,CAAC,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAEpF,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,yBAAyB,MAAM,8CAA8C,CAC9E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IACF,IAAI,OAAO,EAAE,kBAAkB,EAAE,CAAC;QAChC,OAAO,CAAC,aAAa,GAAG,UAAU,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACjE,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,qBAAqB,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM;KACP,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,IAAI,SAAS,GAAmC,IAAI,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAa,CAAC;YAC9C,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,SAAS,GAAG,IAA+B,CAAC;YAC9C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;QACD,IAAI,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,QAAQ;gBACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB;gBAC7B,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC;YACpB,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAC3F,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,IAAa,CAAC;IAClB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,IAAI,GAAG,IAA+B,CAAC;IAE7C,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,0EAA0E;IAC1E,iFAAiF;IACjF,MAAM,IAAI,GAA4B,EAAE,CAAC;IACzC,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAC5E,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IACzE,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IACnE,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;QAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAChE,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IACzE,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAC5E,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS;QAAE,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAC3F,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IACnE,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS;QAAE,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IACzD,IAAI,OAAO,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;QAClD,IAAI,CAAC,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IACpE,CAAC;IACD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS;QAAE,IAAI,CAAC,aAAa,GAAG,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACvF,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;QAAE,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACjF,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS;QAAE,IAAI,CAAC,cAAc,GAAG,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1F,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS;QAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,IAA6B;IACxD,MAAM,QAAQ,GAA+B;QAC3C,QAAQ,EAAE,IAAI,CAAC,SAAmB;QAClC,GAAG,EAAE,IAAI;KACV,CAAC;IACF,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QAAE,QAAQ,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;IACvF,IAAI,OAAO,IAAI,CAAC,mBAAmB,KAAK,QAAQ;QAAE,QAAQ,CAAC,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC;IACvG,IAAI,OAAO,IAAI,CAAC,wBAAwB,KAAK,QAAQ,EAAE,CAAC;QACtD,QAAQ,CAAC,qBAAqB,GAAG,IAAI,CAAC,wBAAwB,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ;QAAE,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;IACjF,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9E,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;IACxE,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;QAAE,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC;IACrE,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9E,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ;QAAE,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;IACjF,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ;QAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAChG,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;IACxE,IAAI,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC,IAA+B,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,0BAA0B,KAAK,QAAQ,EAAE,CAAC;QACxD,QAAQ,CAAC,uBAAuB,GAAG,IAAI,CAAC,0BAA0B,CAAC;IACrE,CAAC;IACD,QAAQ,CAAC,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACjE,QAAQ,CAAC,UAAU,GAAG,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7D,QAAQ,CAAC,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACnE,QAAQ,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,OAAO,IAAI,CAAC,yBAAyB,KAAK,QAAQ,EAAE,CAAC;QACvD,QAAQ,CAAC,uBAAuB,GAAG,IAAI,CAAC,yBAAyB,CAAC;IACpE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,uBAAuB,KAAK,QAAQ,EAAE,CAAC;QACrD,QAAQ,CAAC,qBAAqB,GAAG,IAAI,CAAC,uBAAuB,CAAC;IAChE,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;QACpE,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC/C,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,CAAC;IACD,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC"}
|
|
@@ -13,7 +13,8 @@ export interface WebIdentityOptions {
|
|
|
13
13
|
* RFC 7523 private_key_jwt client assertion credential provider.
|
|
14
14
|
*
|
|
15
15
|
* Generates and persists an RSA key pair using the supplied storage
|
|
16
|
-
* implementation (default: `FilePrivateKeyStorage("./
|
|
16
|
+
* implementation (default: `FilePrivateKeyStorage("./server_keys")`, falling
|
|
17
|
+
* back to `./mcp_keys` when that directory already exists).
|
|
17
18
|
* On each token exchange the private key signs a client assertion JWT
|
|
18
19
|
* that the authorization server verifies instead of a shared secret.
|
|
19
20
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webIdentity.d.ts","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"webIdentity.d.ts","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAEhE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEzD,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAqBzD,MAAM,WAAW,kBAAkB;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClD;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,WAAY,YAAW,qBAAqB;;gBAI3C,OAAO,GAAE,kBAAuB;IAiBtC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;IAOhC,OAAO,IAAI,IAAI;IAIT,2BAA2B,CAC/B,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GACtE,OAAO,CAAC,oBAAoB,CAAC;IAchC,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAA;KAAE;IAIpD,gBAAgB,CAAC,iBAAiB,EAAE,MAAM,GAAG,MAAM;CAGpD"}
|
|
@@ -10,12 +10,32 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
10
10
|
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
11
11
|
};
|
|
12
12
|
var _WebIdentity_keyManager, _WebIdentity_bootstrapPromise;
|
|
13
|
+
import { existsSync } from "node:fs";
|
|
13
14
|
import { PrivateKeyManager, FilePrivateKeyStorage } from "./privateKey.js";
|
|
15
|
+
const DEFAULT_STORAGE_DIR = "./server_keys";
|
|
16
|
+
const LEGACY_STORAGE_DIR = "./mcp_keys";
|
|
17
|
+
/**
|
|
18
|
+
* Prefer `./server_keys`. Fall back to the pre-extraction `./mcp_keys` when it
|
|
19
|
+
* exists and `./server_keys` does not, so a deployment that relied on the
|
|
20
|
+
* implicit default keeps its keys after upgrade.
|
|
21
|
+
*/
|
|
22
|
+
function resolveDefaultStorageDir() {
|
|
23
|
+
try {
|
|
24
|
+
if (!existsSync(DEFAULT_STORAGE_DIR) && existsSync(LEGACY_STORAGE_DIR)) {
|
|
25
|
+
return LEGACY_STORAGE_DIR;
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
catch {
|
|
29
|
+
// ignore filesystem probe errors; use the default
|
|
30
|
+
}
|
|
31
|
+
return DEFAULT_STORAGE_DIR;
|
|
32
|
+
}
|
|
14
33
|
/**
|
|
15
34
|
* RFC 7523 private_key_jwt client assertion credential provider.
|
|
16
35
|
*
|
|
17
36
|
* Generates and persists an RSA key pair using the supplied storage
|
|
18
|
-
* implementation (default: `FilePrivateKeyStorage("./
|
|
37
|
+
* implementation (default: `FilePrivateKeyStorage("./server_keys")`, falling
|
|
38
|
+
* back to `./mcp_keys` when that directory already exists).
|
|
19
39
|
* On each token exchange the private key signs a client assertion JWT
|
|
20
40
|
* that the authorization server verifies instead of a shared secret.
|
|
21
41
|
*
|
|
@@ -27,7 +47,7 @@ export class WebIdentity {
|
|
|
27
47
|
_WebIdentity_keyManager.set(this, void 0);
|
|
28
48
|
_WebIdentity_bootstrapPromise.set(this, void 0);
|
|
29
49
|
const storage = options.storage ??
|
|
30
|
-
new FilePrivateKeyStorage(options.storageDir ??
|
|
50
|
+
new FilePrivateKeyStorage(options.storageDir ?? resolveDefaultStorageDir());
|
|
31
51
|
let keyId = options.keyId;
|
|
32
52
|
if (!keyId && options.serverName) {
|
|
33
53
|
keyId = options.serverName.replace(/[^a-zA-Z0-9\-_]/g, "_");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webIdentity.js","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"webIdentity.js","sourceRoot":"","sources":["../../../src/server/webIdentity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAGrC,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAK3E,MAAM,mBAAmB,GAAG,eAAe,CAAC;AAC5C,MAAM,kBAAkB,GAAG,YAAY,CAAC;AAExC;;;;GAIG;AACH,SAAS,wBAAwB;IAC/B,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACvE,OAAO,kBAAkB,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kDAAkD;IACpD,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAUD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,WAAW;IAItB,YAAY,UAA8B,EAAE;QAH5C,0CAA+B;QAC/B,gDAAkC;QAGhC,MAAM,OAAO,GACX,OAAO,CAAC,OAAO;YACf,IAAI,qBAAqB,CAAC,OAAO,CAAC,UAAU,IAAI,wBAAwB,EAAE,CAAC,CAAC;QAE9E,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACjC,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;QAC9D,CAAC;QAED,uBAAA,IAAI,2BAAe,IAAI,iBAAiB,CAAC;YACvC,OAAO;YACP,KAAK;YACL,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,MAAA,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,uBAAA,IAAI,qCAAkB,EAAE,CAAC;YAC5B,uBAAA,IAAI,iCAAqB,uBAAA,IAAI,+BAAY,CAAC,iBAAiB,EAAE,MAAA,CAAC;QAChE,CAAC;QACD,OAAO,uBAAA,IAAI,qCAAkB,CAAC;IAChC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,2BAA2B,CAC/B,YAAoB,EACpB,QAAgB,EAChB,OAAuE;QAEvE,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,OAAO,EAAE,QAAQ,EAAE,kBAAkB,IAAI,uBAAA,IAAI,+BAAY,CAAC,WAAW,EAAE,CAAC;QACvF,MAAM,QAAQ,GAAG,OAAO,EAAE,aAAa,IAAI,MAAM,CAAC;QAClD,MAAM,eAAe,GAAG,MAAM,uBAAA,IAAI,+BAAY,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvF,OAAO;YACL,YAAY;YACZ,QAAQ;YACR,gBAAgB,EAAE,+CAA+C;YACjE,mBAAmB,EAAE,wDAAwD;YAC7E,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,aAAa;QACX,OAAO,uBAAA,IAAI,+BAAY,CAAC,aAAa,EAAE,CAAC;IAC1C,CAAC;IAED,gBAAgB,CAAC,iBAAyB;QACxC,OAAO,uBAAA,IAAI,+BAAY,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;IAC9D,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@keycardai/oauth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.11.0",
|
|
4
4
|
"description": "[Preview] OAuth 2.0 primitives for Keycard: JWKS keyring, JWT signing/verification, server-tier token verifier, AccessContext, ClientSecret credentials, and impersonation via RFC 8693 token exchange",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": {
|