npm - @leanmcp/auth - Versions diffs - 0.1.1 → 0.3.0 - Mend

@leanmcp/auth 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +606 -18
package/dist/auth0-54GZT2EI.mjs +102 -0
package/dist/{chunk-NALGJYQB.mjs → chunk-EVD2TRPR.mjs} +63 -15
package/dist/clerk-FR7ITM33.mjs +115 -0
package/dist/{cognito-GBSAAMZI.mjs → cognito-I6V5YNYM.mjs} +1 -1
package/dist/index.d.mts +55 -6
package/dist/index.d.ts +55 -6
package/dist/index.js +289 -15
package/dist/index.mjs +3 -1
package/package.json +1 -1
package/dist/chunk-YC7GFXAO.mjs +0 -193
package/dist/cognito-VCVS77OX.mjs +0 -145

package/dist/cognito-VCVS77OX.mjs DELETED Viewed

@@ -1,145 +0,0 @@
-import {
-  AuthProviderBase,
-  __name
-} from "./chunk-NALGJYQB.mjs";
-// src/providers/cognito.ts
-import { CognitoIdentityProviderClient, InitiateAuthCommand } from "@aws-sdk/client-cognito-identity-provider";
-import { createHmac } from "crypto";
-import axios from "axios";
-import jwt from "jsonwebtoken";
-import jwkToPem from "jwk-to-pem";
-var AuthCognito = class extends AuthProviderBase {
-  static {
-    __name(this, "AuthCognito");
-  }
-  cognito = null;
-  region = "";
-  userPoolId = "";
-  clientId = "";
-  clientSecret = "";
-  jwksCache = null;
-  /**
-  * Initialize the Cognito client with configuration
-  */
-  async init(config) {
-    this.region = config?.region || process.env.AWS_REGION || "";
-    this.userPoolId = config?.userPoolId || process.env.COGNITO_USER_POOL_ID || "";
-    this.clientId = config?.clientId || process.env.COGNITO_CLIENT_ID || "";
-    this.clientSecret = config?.clientSecret || process.env.COGNITO_CLIENT_SECRET || "";
-    if (!this.region || !this.userPoolId || !this.clientId) {
-      throw new Error("Missing required Cognito configuration: region, userPoolId, and clientId are required");
-    }
-    this.cognito = new CognitoIdentityProviderClient({
-      region: this.region
-    });
-  }
-  /**
-  * Refresh access tokens using a refresh token
-  */
-  async refreshToken(refreshToken, username) {
-    if (!this.cognito) {
-      throw new Error("CognitoAuth not initialized. Call init() first.");
-    }
-    const authParameters = {
-      REFRESH_TOKEN: refreshToken
-    };
-    if (this.clientSecret) {
-      const usernameForHash = username;
-      const secretHash = this.calculateSecretHash(usernameForHash);
-      authParameters.SECRET_HASH = secretHash;
-    }
-    const command = new InitiateAuthCommand({
-      AuthFlow: "REFRESH_TOKEN_AUTH",
-      ClientId: this.clientId,
-      AuthParameters: authParameters
-    });
-    return await this.cognito.send(command);
-  }
-  /**
-  * Verify a Cognito JWT token using JWKS
-  */
-  async verifyToken(token) {
-    try {
-      await this.verifyJwt(token);
-      return true;
-    } catch (error) {
-      if (error instanceof Error) {
-        if (error.message.includes("jwt expired")) {
-          throw new Error("Token has expired");
-        } else if (error.message.includes("invalid signature")) {
-          throw new Error("Invalid token signature");
-        } else if (error.message.includes("jwt malformed")) {
-          throw new Error("Malformed token");
-        } else if (error.message.includes("invalid issuer")) {
-          throw new Error("Invalid token issuer");
-        }
-        throw error;
-      }
-      return false;
-    }
-  }
-  /**
-  * Get user information from an ID token
-  */
-  async getUser(idToken) {
-    const decoded = jwt.decode(idToken);
-    if (!decoded) {
-      throw new Error("Invalid ID token");
-    }
-    return {
-      username: decoded["cognito:username"],
-      email: decoded.email,
-      email_verified: decoded.email_verified,
-      sub: decoded.sub,
-      attributes: decoded
-    };
-  }
-  /**
-  * Fetch JWKS from Cognito (cached)
-  */
-  async fetchJWKS() {
-    if (!this.jwksCache) {
-      const jwksUri = `https://cognito-idp.${this.region}.amazonaws.com/${this.userPoolId}/.well-known/jwks.json`;
-      const { data } = await axios.get(jwksUri);
-      this.jwksCache = data.keys;
-    }
-    return this.jwksCache;
-  }
-  /**
-  * Verify JWT token using JWKS
-  */
-  async verifyJwt(token) {
-    const decoded = jwt.decode(token, {
-      complete: true
-    });
-    if (!decoded) {
-      throw new Error("Invalid token");
-    }
-    const jwks = await this.fetchJWKS();
-    const key = jwks.find((k) => k.kid === decoded.header.kid);
-    if (!key) {
-      throw new Error("Signing key not found in JWKS");
-    }
-    const pem = jwkToPem(key);
-    return jwt.verify(token, pem, {
-      algorithms: [
-        "RS256"
-      ],
-      issuer: `https://cognito-idp.${this.region}.amazonaws.com/${this.userPoolId}`
-    });
-  }
-  /**
-  * Calculate SECRET_HASH for Cognito authentication
-  * SECRET_HASH = Base64(HMAC_SHA256(username + clientId, clientSecret))
-  */
-  calculateSecretHash(username) {
-    const message = username + this.clientId;
-    const hmac = createHmac("sha256", this.clientSecret);
-    hmac.update(message);
-    return hmac.digest("base64");
-  }
-};
-export {
-  AuthCognito
-};