@lifeaitools/clauth 1.5.28 → 1.5.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli/commands/serve.js +8 -0
  2. package/package.json +1 -1
package/cli/commands/serve.js CHANGED
@@ -3013,13 +3013,18 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
3013
3013
  return res.end(JSON.stringify({ error: "invalid_request" }));
3014
3014
  }
3015
3015
 
3016
+ const tokenLog = (msg) => { try { fs.appendFileSync(LOG_FILE, `[${new Date().toISOString()}] OAuth /token: ${msg}\n`); } catch {} };
3017
+ tokenLog(`grant_type=${body.grant_type} code=${(body.code||"").slice(0,8)}… verifier=${body.code_verifier ? "present" : "missing"}`);
3018
+
3016
3019
  if (body.grant_type !== "authorization_code") {
3020
+ tokenLog(`REJECT: unsupported_grant_type (${body.grant_type})`);
3017
3021
  res.writeHead(400, { "Content-Type": "application/json", ...CORS });
3018
3022
  return res.end(JSON.stringify({ error: "unsupported_grant_type" }));
3019
3023
  }
3020
3024
 
3021
3025
  const stored = oauthCodes.get(body.code);
3022
3026
  if (!stored || stored.expires < Date.now()) {
3027
+ tokenLog(`REJECT: invalid_grant (stored=${!!stored}, expired=${stored ? stored.expires < Date.now() : "n/a"}, codes_size=${oauthCodes.size})`);
3023
3028
  oauthCodes.delete(body.code);
3024
3029
  res.writeHead(400, { "Content-Type": "application/json", ...CORS });
3025
3030
  return res.end(JSON.stringify({ error: "invalid_grant" }));
@@ -3028,11 +3033,14 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
3028
3033
  // PKCE verification
3029
3034
  if (stored.code_challenge && body.code_verifier) {
3030
3035
  const computed = sha256base64url(body.code_verifier);
3036
+ tokenLog(`PKCE: challenge=${stored.code_challenge.slice(0,12)}… computed=${computed.slice(0,12)}… match=${computed === stored.code_challenge}`);
3031
3037
  if (computed !== stored.code_challenge) {
3032
3038
  oauthCodes.delete(body.code);
3033
3039
  res.writeHead(400, { "Content-Type": "application/json", ...CORS });
3034
3040
  return res.end(JSON.stringify({ error: "invalid_grant", error_description: "PKCE failed" }));
3035
3041
  }
3042
+ } else {
3043
+ tokenLog(`PKCE: skipped (challenge=${!!stored.code_challenge}, verifier=${!!body.code_verifier})`);
3036
3044
  }
3037
3045
 
3038
3046
  oauthCodes.delete(body.code);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lifeaitools/clauth",
3
- "version": "1.5.28",
3
+ "version": "1.5.30",
4
4
  "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
5
5
  "type": "module",
6
6
  "bin": {