@metaplay/metaplay-auth 1.1.2 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/README.INTERNAL.md +39 -0
- package/dist/auth.js +5 -5
- package/dist/auth.js.map +1 -1
- package/dist/index.js +1 -1
- package/package.json +11 -12
- package/src/auth.ts +5 -5
- package/src/index.ts +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
## Guide for package publishing
|
|
2
|
+
|
|
3
|
+
### Bump package version
|
|
4
|
+
|
|
5
|
+
There are three places where you need to bump the version number:
|
|
6
|
+
- packages.json
|
|
7
|
+
- CHANGELOG
|
|
8
|
+
- src/index.ts
|
|
9
|
+
|
|
10
|
+
### Upgrade outdated dependencies
|
|
11
|
+
|
|
12
|
+
Rememeber to upgrade any outdated dependencies whenever possible to avoid security issues and improve performance.
|
|
13
|
+
|
|
14
|
+
```bash
|
|
15
|
+
# list outdated deps
|
|
16
|
+
pnpm outdated
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
### Build the package
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
# through moon tasks (prefered)
|
|
23
|
+
# moon will automatically do lint/typecheck before building the package
|
|
24
|
+
moon run AuthCLI:build
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
### Publish package
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
# need to define the branch name (if not in main/master) for publishing new version of package
|
|
32
|
+
pnpm publish --publish-branch develop
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## TODOs
|
|
36
|
+
|
|
37
|
+
### Automatic CI/CD
|
|
38
|
+
|
|
39
|
+
Need a GitHub Action which handles the build/publish flow when new release is ready. This can only be done once an Ory machine account is created.
|
package/dist/auth.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/* eslint-disable @typescript-eslint/no-misused-promises */
|
|
2
2
|
import express from 'express';
|
|
3
3
|
import open from 'open';
|
|
4
|
-
import
|
|
4
|
+
import { randomBytes, createHash } from 'node:crypto';
|
|
5
5
|
import jwt from 'jsonwebtoken';
|
|
6
6
|
import jwkToPem from 'jwk-to-pem';
|
|
7
7
|
import { Configuration, WellknownApi } from '@ory/client';
|
|
@@ -22,8 +22,8 @@ const tokenList = ['id_token', 'access_token', 'refresh_token']; // List of comp
|
|
|
22
22
|
* @returns
|
|
23
23
|
*/
|
|
24
24
|
function generateCodeVerifierAndChallenge() {
|
|
25
|
-
const verifier =
|
|
26
|
-
const challenge =
|
|
25
|
+
const verifier = randomBytes(32).toString('hex');
|
|
26
|
+
const challenge = createHash('sha256').update(verifier).digest('base64url');
|
|
27
27
|
return { verifier, challenge };
|
|
28
28
|
}
|
|
29
29
|
/**
|
|
@@ -68,7 +68,7 @@ export async function loginAndSaveTokens() {
|
|
|
68
68
|
const app = express();
|
|
69
69
|
const redirectUri = `http://localhost:${availablePort}/callback`;
|
|
70
70
|
const { verifier, challenge } = generateCodeVerifierAndChallenge();
|
|
71
|
-
const state =
|
|
71
|
+
const state = randomBytes(16).toString('hex');
|
|
72
72
|
// Create a /callback endpoint that exchanges the code for tokens.
|
|
73
73
|
app.get('/callback', async (req, res) => {
|
|
74
74
|
// Check for errors in the callback.
|
|
@@ -101,7 +101,7 @@ export async function loginAndSaveTokens() {
|
|
|
101
101
|
});
|
|
102
102
|
// Start the server.
|
|
103
103
|
const server = app.listen(availablePort, () => {
|
|
104
|
-
const authorizationUrl = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256&scope
|
|
104
|
+
const authorizationUrl = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256&scope=${encodeURIComponent('openid offline_access')}&state=${encodeURIComponent(state)}`;
|
|
105
105
|
console.log(`Attempting to open a browser to log in. If a browser did not open up, you can copy-paste the following URL to authenticate:\n\n${authorizationUrl}\n`);
|
|
106
106
|
void open(authorizationUrl);
|
|
107
107
|
logger.debug(`Listening on port ${availablePort} and waiting for callback...`);
|
package/dist/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,GAAG,MAAM,cAAc,CAAA;AAC9B,OAAO,QAAQ,MAAM,YAAY,CAAA;AACjC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AACzD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AACtE,OAAO,EAAE,YAAY,EAAE,MAAM,KAAK,CAAA;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AAErC,wHAAwH;AACxH,MAAM,QAAQ,GAAG,sCAAsC,CAAA;AACvD,MAAM,OAAO,GAAG,2BAA2B,CAAA;AAC3C,MAAM,qBAAqB,GAAG,GAAG,OAAO,cAAc,CAAA;AACtD,MAAM,aAAa,GAAG,GAAG,OAAO,eAAe,CAAA;AAC/C,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,IAAI,aAAa,CAAC;IACtD,QAAQ,EAAE,OAAO;CAClB,CAAC,CAAC,CAAA;AACH,MAAM,SAAS,GAAa,CAAC,UAAU,EAAE,cAAc,EAAE,eAAe,CAAC,CAAA,CAAC,4BAA4B;AAEtG;;;GAGG;AACH,SAAS,gCAAgC;IACvC,MAAM,QAAQ,GAAW,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACxD,MAAM,SAAS,GAAW,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;IACnF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAA;AAChC,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB;IAC9B,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,yDAAyD;QACzD,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;QACnD,IAAI,KAAK,GAAG,CAAC,CAAA;QAEb,0CAA0C;QAC1C,SAAS,WAAW;YAClB,IAAI,KAAK,IAAI,YAAY,CAAC,MAAM,EAAE;gBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAA;aACvD;YAED,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,CAAC,CAAA;YAChC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;YAE7B,MAAM,CAAC,KAAK,CAAC,eAAe,IAAI,KAAK,CAAC,CAAA;YACtC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACvB,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE;oBACxB,OAAO,CAAC,IAAI,CAAC,CAAA;gBACf,CAAC,CAAC,CAAA;gBACF,MAAM,CAAC,KAAK,EAAE,CAAA;gBACd,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,gBAAgB,CAAC,CAAA;YAC5C,CAAC,CAAC,CAAA;YAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,oBAAoB,CAAC,CAAA;gBAC9C,KAAK,EAAE,CAAA;gBACP,WAAW,EAAE,CAAA;YACf,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,WAAW,EAAE,CAAA;IACf,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,uCAAuC;IACvC,MAAM,aAAa,GAAG,MAAM,iBAAiB,EAAE,CAAA;IAE/C,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;IACrB,MAAM,WAAW,GAAG,oBAAoB,aAAa,WAAW,CAAA;IAChE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,gCAAgC,EAAE,CAAA;IAClE,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAE7C,kEAAkE;IAClE,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,GAAoB,EAAE,GAAqB,EAAE,EAAE;QACzE,oCAAoC;QACpC,MAAM,KAAK,GAAuB,GAAG,CAAC,KAAK,CAAC,KAAe,CAAA;QAC3D,MAAM,gBAAgB,GAAuB,GAAG,CAAC,KAAK,CAAC,iBAA2B,CAAA;QAElF,IAAI,KAAK,EAAE;YACT,OAAO,CAAC,KAAK,CAAC,sDAAsD,KAAK,KAAK,gBAAgB,EAAE,CAAC,CAAA;YACjG,GAAG,CAAC,IAAI,CAAC,0BAA0B,KAAK,KAAK,gBAAgB,EAAE,CAAC,CAAA;YAChE,MAAM,CAAC,KAAK,EAAE,CAAA;YACd,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;SAChB;QAED,IAAI;YACF,MAAM,IAAI,GAAuB,GAAG,CAAC,KAAK,CAAC,IAAc,CAAA;YACzD,MAAM,CAAC,KAAK,CAAC,uCAAuC,IAAI,uCAAuC,CAAC,CAAA;YAEhG,MAAM,MAAM,GAAG,MAAM,8BAA8B,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;YACvF,gEAAgE;YAChE,GAAG,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAA;YAEjE,MAAM,UAAU,CAAC,MAAM,CAAC,CAAA;YAExB,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAA;SACtE;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,KAAK,EAAE;gBAC1B,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;aACzC;SACF;gBAAS;YACR,MAAM,CAAC,KAAK,EAAE,CAAA;SACf;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;IAEF,oBAAoB;IACpB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,EAAE;QAC5C,MAAM,gBAAgB,GAAW,GAAG,qBAAqB,iCAAiC,QAAQ,iBAAiB,kBAAkB,CAAC,WAAW,CAAC,mBAAmB,SAAS,qCAAqC,kBAAkB,CAAC,uBAAuB,CAAC,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAA;QACnS,OAAO,CAAC,GAAG,CAAC,kIAAkI,gBAAgB,IAAI,CAAC,CAAA;QACnK,KAAK,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAE3B,MAAM,CAAC,KAAK,CAAC,qBAAqB,aAAa,8BAA8B,CAAC,CAAA;IAChF,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAA;QAEjC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAA;QAC1C,IAAI,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YAC5C,oDAAoD;YACpD,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAA;YAC5D,OAAM;SACP;QAED,MAAM,CAAC,KAAK,CAAC,6FAA6F,CAAC,CAAA;QAE3G,MAAM,eAAe,GAAG,MAAM,oCAAoC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QAExF,MAAM,UAAU,CAAC,eAAe,CAAC,CAAA;KAClC;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;SAC7B;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;KAChB;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oCAAoC,CAAE,YAAoB;IACvE,gHAAgH;IAChH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,YAAY;QAC3B,KAAK,EAAE,uBAAuB;QAC9B,SAAS,EAAE,QAAQ;KACpB,CAAC,CAAA;IAEF,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAA;IAEpC,wCAAwC;IACxC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAA;IAEF,8BAA8B;IAC9B,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAE1C,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAA;QACzC,MAAM,CAAC,KAAK,CAAC,eAAe,YAAY,CAAC,KAAK,EAAE,CAAC,CAAA;QACjD,MAAM,CAAC,KAAK,CAAC,sBAAsB,YAAY,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAEpE,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAA;QAC9E,MAAM,YAAY,EAAE,CAAA;QACpB,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAA;QAEvD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAA;KACnF;IAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;AAC9B,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,8BAA8B,CAAE,KAAa,EAAE,WAAmB,EAAE,QAAgB,EAAE,IAAY;IAC/G,yIAAyI;IACzI,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,sCAAsC,IAAI,iBAAiB,kBAAkB,CAAC,WAAW,CAAC,cAAc,QAAQ,kBAAkB,QAAQ,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE;SACtL,CAAC,CAAA;QAEF,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;KAC7B;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,MAAM,CAAC,KAAK,CAAC,qCAAqC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SACnE;QAED,OAAO,EAAE,CAAA;KACV;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,CAAA;QAC3C,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,cAAc,CAAC,CAAA;QACnD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,CAAA;QAErD,IAAI,OAAO,IAAI,IAAI,IAAI,WAAW,IAAI,IAAI,IAAI,YAAY,IAAI,IAAI,EAAE;YAClE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAA;SACjE;QAED,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;SAC5B,CAAA;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SAC1D;QACD,MAAM,KAAK,CAAA;KACZ;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAE,MAA8B;IAC9D,IAAI;QACF,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;QAEjD,kCAAkC;QAClC,KAAK,MAAM,SAAS,IAAI,SAAS,EAAE;YACjC,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE;gBACnC,MAAM,IAAI,KAAK,CAAC,kBAAkB,SAAS,6GAA6G,CAAC,CAAA;aAC1J;SACF;QAED,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAA;QAE/D,MAAM,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC5C,MAAM,SAAS,CAAC,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;QACpD,MAAM,SAAS,CAAC,eAAe,EAAE,MAAM,CAAC,aAAa,CAAC,CAAA;QAEtD,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAA;QAE3C,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QACxC,uCAAuC;KACxC;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SAC3D;QACD,MAAM,KAAK,CAAA;KACZ;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,IAAI;QACF,MAAM,YAAY,CAAC,UAAU,CAAC,CAAA;QAC9B,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QACjC,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAClC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAA;QACrC,MAAM,YAAY,CAAC,eAAe,CAAC,CAAA;QACnC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAA;KACvC;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SAC3D;QACD,MAAM,KAAK,CAAA;KACZ;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,aAAa,CAAE,KAAa;IACzC,IAAI;QACF,mBAAmB;QACnB,MAAM,iBAAiB,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QAE/D,oBAAoB;QACpB,IAAI,CAAC,iBAAiB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;SACjC;QAED,gDAAgD;QAChD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAA;QACpD,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAClF,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;SAC3D;QACD,yBAAyB;QACzB,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAmB,CAAC,CAAA;QAEzC,wDAAwD;QACxD,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,CAAA;QAEpE,OAAO,IAAI,CAAA;KACZ;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,MAAM,CAAC,IAAI,CAAC,oBAAoB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SACjD;QACD,OAAO,KAAK,CAAA;KACb;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,aAAa,CAAE,KAAa;IACzC,MAAM,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA;IAC5C,mBAAmB;IACnB,MAAM,iBAAiB,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;IAE/D,oBAAoB;IACpB,IAAI,CAAC,iBAAiB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;KACtC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC,CAAA;AACjD,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -8,7 +8,7 @@ const program = new Command();
|
|
|
8
8
|
program
|
|
9
9
|
.name('metaplay-auth')
|
|
10
10
|
.description('Authenticate with Metaplay and get AWS and Kubernetes credentials for game servers.')
|
|
11
|
-
.version('1.1.
|
|
11
|
+
.version('1.1.3')
|
|
12
12
|
.option('-d, --debug', 'enable debug output')
|
|
13
13
|
.hook('preAction', (thisCommand) => {
|
|
14
14
|
// Handle debug flag for all commands.
|
package/package.json
CHANGED
|
@@ -1,38 +1,37 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@metaplay/metaplay-auth",
|
|
3
3
|
"description": "Utility CLI for authenticating with the Metaplay Auth and making authenticated calls to infrastructure endpoints.",
|
|
4
|
-
"version": "1.1.
|
|
4
|
+
"version": "1.1.4",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "SEE LICENSE IN LICENSE",
|
|
7
7
|
"homepage": "https://metaplay.io",
|
|
8
8
|
"bin": "dist/index.js",
|
|
9
|
+
"scripts": {
|
|
10
|
+
"dev": "tsx src/index.ts",
|
|
11
|
+
"prepublish": "tsc"
|
|
12
|
+
},
|
|
9
13
|
"publishConfig": {
|
|
10
14
|
"access": "public"
|
|
11
15
|
},
|
|
12
16
|
"devDependencies": {
|
|
17
|
+
"@metaplay/eslint-config": "workspace:*",
|
|
18
|
+
"@metaplay/typescript-config": "workspace:*",
|
|
13
19
|
"@types/express": "^4.17.21",
|
|
14
20
|
"@types/jsonwebtoken": "^9.0.5",
|
|
15
21
|
"@types/jwk-to-pem": "^2.0.3",
|
|
16
|
-
"@types/node": "^20.11.
|
|
22
|
+
"@types/node": "^20.11.20",
|
|
17
23
|
"typescript": "^5.1.6",
|
|
18
|
-
"tsx": "^4.7.
|
|
19
|
-
"@metaplay/eslint-config": "1.0.0",
|
|
20
|
-
"@metaplay/typescript-config": "1.0.0"
|
|
24
|
+
"tsx": "^4.7.1"
|
|
21
25
|
},
|
|
22
26
|
"dependencies": {
|
|
23
|
-
"@ory/client": "^1.
|
|
27
|
+
"@ory/client": "^1.6.2",
|
|
24
28
|
"jsonwebtoken": "^9.0.2",
|
|
25
29
|
"jwk-to-pem": "^2.0.5",
|
|
26
|
-
"commander": "^
|
|
27
|
-
"crypto": "^1.0.1",
|
|
30
|
+
"commander": "^12.0.0",
|
|
28
31
|
"express": "^4.18.2",
|
|
29
32
|
"net": "^1.0.2",
|
|
30
33
|
"open": "^10.0.2",
|
|
31
34
|
"process": "^0.11.10",
|
|
32
35
|
"tslog": "^4.9.2"
|
|
33
|
-
},
|
|
34
|
-
"scripts": {
|
|
35
|
-
"dev": "tsx src/index.ts",
|
|
36
|
-
"prepublish": "tsc"
|
|
37
36
|
}
|
|
38
37
|
}
|
package/src/auth.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/* eslint-disable @typescript-eslint/no-misused-promises */
|
|
2
2
|
import express from 'express'
|
|
3
3
|
import open from 'open'
|
|
4
|
-
import
|
|
4
|
+
import { randomBytes, createHash } from 'node:crypto'
|
|
5
5
|
import jwt from 'jsonwebtoken'
|
|
6
6
|
import jwkToPem from 'jwk-to-pem'
|
|
7
7
|
import { Configuration, WellknownApi } from '@ory/client'
|
|
@@ -24,8 +24,8 @@ const tokenList: string[] = ['id_token', 'access_token', 'refresh_token'] // Lis
|
|
|
24
24
|
* @returns
|
|
25
25
|
*/
|
|
26
26
|
function generateCodeVerifierAndChallenge (): { verifier: string, challenge: string } {
|
|
27
|
-
const verifier: string =
|
|
28
|
-
const challenge: string =
|
|
27
|
+
const verifier: string = randomBytes(32).toString('hex')
|
|
28
|
+
const challenge: string = createHash('sha256').update(verifier).digest('base64url')
|
|
29
29
|
return { verifier, challenge }
|
|
30
30
|
}
|
|
31
31
|
|
|
@@ -77,7 +77,7 @@ export async function loginAndSaveTokens () {
|
|
|
77
77
|
const app = express()
|
|
78
78
|
const redirectUri = `http://localhost:${availablePort}/callback`
|
|
79
79
|
const { verifier, challenge } = generateCodeVerifierAndChallenge()
|
|
80
|
-
const state =
|
|
80
|
+
const state = randomBytes(16).toString('hex')
|
|
81
81
|
|
|
82
82
|
// Create a /callback endpoint that exchanges the code for tokens.
|
|
83
83
|
app.get('/callback', async (req: express.Request, res: express.Response) => {
|
|
@@ -116,7 +116,7 @@ export async function loginAndSaveTokens () {
|
|
|
116
116
|
|
|
117
117
|
// Start the server.
|
|
118
118
|
const server = app.listen(availablePort, () => {
|
|
119
|
-
const authorizationUrl: string = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256&scope
|
|
119
|
+
const authorizationUrl: string = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256&scope=${encodeURIComponent('openid offline_access')}&state=${encodeURIComponent(state)}`
|
|
120
120
|
console.log(`Attempting to open a browser to log in. If a browser did not open up, you can copy-paste the following URL to authenticate:\n\n${authorizationUrl}\n`)
|
|
121
121
|
void open(authorizationUrl)
|
|
122
122
|
|
package/src/index.ts
CHANGED
|
@@ -10,7 +10,7 @@ const program = new Command()
|
|
|
10
10
|
program
|
|
11
11
|
.name('metaplay-auth')
|
|
12
12
|
.description('Authenticate with Metaplay and get AWS and Kubernetes credentials for game servers.')
|
|
13
|
-
.version('1.1.
|
|
13
|
+
.version('1.1.3')
|
|
14
14
|
.option('-d, --debug', 'enable debug output')
|
|
15
15
|
.hook('preAction', (thisCommand) => {
|
|
16
16
|
// Handle debug flag for all commands.
|