@minimaltech/node-infra 0.5.10-20 → 0.5.10-22

package/dist/components/authenticate/oauth2-handlers/base.js

@@ -10,17 +10,74 @@ const utilities_1 = require("../../../utilities");
 const security_1 = require("@loopback/security");
 const get_1 = __importDefault(require("lodash/get"));
 const common_2 = require("../common");
+const services_1 = require("../services");
+const data_1 = require("./data");
+const scope_1 = require("./scope");
 class AbstractOAuth2AuthenticationHandler {
     constructor(opts) {
+        this.scopeManager = null;
+        this.userDataFetcher = null;
+        this.initPromise = null;
         this.logger = helpers_1.LoggerFactory.getLogger([
             opts?.scope ?? AbstractOAuth2AuthenticationHandler.name,
         ]);
         this.injectionGetter = opts.injectionGetter;
         this.authServiceKey = opts.authServiceKey;
+        // Initialize scope service
+        this.scopeService = new services_1.OAuth2ScopeService({
+            options: { injectionGetter: this.injectionGetter },
+            scope: `${this.constructor.name}:OAuth2ScopeService`,
+        });
+        // Start async initialization but don't wait
+        this.initPromise = this.initializeServices();
+    }
+    async initializeServices() {
+        try {
+            const oauth2Options = this.injectionGetter(common_2.AuthenticateKeys.OAUTH2_OPTIONS);
+            // Try to load scopes from database first
+            let availableScopes = await this.scopeService.loadScopes(true);
+            // Fallback to config if database is empty
+            if (availableScopes.length === 0) {
+                this.logger.warn('[initializeServices] No scopes found in database, falling back to config');
+                availableScopes = oauth2Options?.restOptions?.availableScopes ?? [];
+            }
+            const defaultScopes = oauth2Options?.restOptions?.defaultScopes ?? [];
+            // Initialize scope manager
+            this.scopeManager = new scope_1.ScopeManager({
+                availableScopes,
+                defaultScopes,
+                scope: `${this.constructor.name}:ScopeManager`,
+            });
+            // Initialize user data fetcher
+            this.userDataFetcher = new data_1.UserDataFetcher({
+                options: {
+                    injectionGetter: this.injectionGetter,
+                    scopeManager: this.scopeManager,
+                },
+                scope: `${this.constructor.name}:UserDataFetcher`,
+            });
+            this.logger.info('[initializeServices] Services initialized successfully');
+        }
+        catch (error) {
+            this.logger.error('[initializeServices] Failed to initialize services: %s', (0, utilities_1.getError)(error).message);
+            throw error;
+        }
+    }
+    /**
+     * Ensure services are initialized before use
+     * Should be called at the start of async methods
+     */
+    async ensureInitialized() {
+        if (this.initPromise) {
+            await this.initPromise;
+        }
+        if (!this.scopeManager || !this.userDataFetcher) {
+            throw (0, utilities_1.getError)({ message: 'OAuth2 services not initialized' });
+        }
     }
     getClient(clientId, clientSecret) {
         return new Promise((resolve, reject) => {
-            this.logger.debug('[getClient] Retreiving application client | client_id: %s | client_secret: %s', clientId, clientSecret);
+            this.logger.debug('[getClient] Retrieving application client | client_id: %s', clientId);
             const clientRepository = this.injectionGetter('repositories.OAuth2ClientRepository');
             clientRepository
                 .findOne({
@@ -60,7 +117,7 @@ class AbstractOAuth2AuthenticationHandler {
                 .catch(reject);
         });
     }
-    async generateAccessToken(client, user, scopes) {
+    async generateAccessToken(client, user, _scope) {
         const service = this.injectionGetter('services.JWTTokenService');
         const userId = (0, get_1.default)(user, 'id');
         if (!userId) {
@@ -77,13 +134,12 @@ class AbstractOAuth2AuthenticationHandler {
                 roles: userInformation?.roles ?? [],
                 provider: client.provider,
                 clientId: client.id,
-                scopes,
             },
         });
         return Promise.resolve(tokenValue);
     }
     _saveToken(opts) {
-        const { type, token, client, user, details } = opts;
+        const { type, token, client, user, details, scopes } = opts;
         const oauth2TokenRepository = this.injectionGetter('repositories.OAuth2TokenRepository');
         return oauth2TokenRepository.create({
             token,
@@ -91,26 +147,26 @@ class AbstractOAuth2AuthenticationHandler {
             status: common_1.OAuth2TokenStatuses.ACTIVATED,
             clientId: (0, utilities_1.int)(client.id),
             userId: (0, utilities_1.int)(user.id),
+            scopes: scopes ?? [],
             details,
         });
     }
-    saveToken(token, client, user) {
-        return new Promise((resolve, reject) => {
-            this._saveToken({
-                token: token.accessToken,
-                type: common_2.AuthenticationTokenTypes.TYPE_ACCESS_TOKEN,
-                client,
-                user,
-                details: token,
-            })
-                .then(() => {
-                resolve({ ...token, client, user });
-            })
-                .catch(reject);
+    async saveToken(token, client, user) {
+        await this.ensureInitialized();
+        const scopes = this.scopeManager.normalizeScopes(token.scope);
+        await this._saveToken({
+            token: token.accessToken,
+            type: common_2.AuthenticationTokenTypes.TYPE_ACCESS_TOKEN,
+            client,
+            user,
+            scopes,
+            details: token,
         });
+        return { ...token, client, user };
     }
     async _getToken(opts) {
         const { type, token } = opts;
+        await this.ensureInitialized();
         const oauth2TokenRepository = this.injectionGetter('repositories.OAuth2TokenRepository');
         const oauth2Token = await oauth2TokenRepository.findOne({
             where: { type, token },
@@ -127,12 +183,11 @@ class AbstractOAuth2AuthenticationHandler {
                 message: `[_getToken] Invalid OAuth2Token status: ${oauth2Token.status}`,
             });
         }
-        const userRepository = this.injectionGetter('repositories.UserRepository');
-        const user = await userRepository.findOne({
-            where: { id: (0, utilities_1.int)(oauth2Token.userId) },
-            fields: ['id'],
-        });
-        if (!user) {
+        // Fetch user data using UserDataFetcher
+        const userId = (0, utilities_1.int)(oauth2Token.userId);
+        const grantedScopes = oauth2Token.scopes ?? [];
+        const user = await this.userDataFetcher.fetchByScopes({ userId, grantedScopes });
+        if (!user?.id) {
             this.logger.error('[_getToken] Not found User | type: %s | token: %s | oauth2Token: %j', type, token, oauth2Token);
             throw (0, utilities_1.getError)({
                 message: `[_getToken] Not found any User with type: ${type} | token: ${token}`,
@@ -187,11 +242,31 @@ class AbstractOAuth2AuthenticationHandler {
             user: { id: tokenPayload.userId },
         };
     }
-    verifyScope(token, scopes) {
-        return new Promise(resolve => {
-            this.logger.info('[verifyScope] Token: %j | Scopes: %s', token, scopes);
-            resolve(token !== null);
-        });
+    async verifyScope(token, requiredScopes) {
+        await this.ensureInitialized();
+        this.logger.info('[verifyScope] Token: %j | Required scopes: %s', token, requiredScopes ?? []);
+        if (!token) {
+            return false;
+        }
+        // If no scopes required, allow access
+        if (!requiredScopes || requiredScopes.length === 0) {
+            return true;
+        }
+        const tokenScopes = this.scopeManager.normalizeScopes(token.scope);
+        // Check if token has all required scopes
+        const hasAllScopes = requiredScopes.every(scope => tokenScopes.includes(scope));
+        this.logger.info('[verifyScope] Token scopes: %s | Has all required scopes: %s', tokenScopes.join(', '), hasAllScopes);
+        return hasAllScopes;
+    }
+    async validateScopes(requestedScopes) {
+        await this.ensureInitialized();
+        return this.scopeManager.validateScopes(requestedScopes ?? []);
+    }
+    getScopeManager() {
+        return this.scopeManager;
+    }
+    getUserDataFetcher() {
+        return this.userDataFetcher;
     }
 }
 exports.AbstractOAuth2AuthenticationHandler = AbstractOAuth2AuthenticationHandler;

package/dist/components/authenticate/oauth2-handlers/base.js.map

@@ -1 +1 @@
-{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../src/components/authenticate/oauth2-handlers/base.ts"],"names":[],"mappings":";;;;;;AAAA,qCAA2F;AAC3F,uCAA6D;AAC7D,2CAA4C;AAC5C,iDAAgD;AAehD,qDAA6B;AAC7B,sCAAmF;AAInF,MAAsB,mCAAmC;IAKvD,YAAY,IAAmF;QAC7F,IAAI,CAAC,MAAM,GAAG,uBAAa,CAAC,SAAS,CAAC;YACpC,IAAI,EAAE,KAAK,IAAI,mCAAmC,CAAC,IAAI;SACxD,CAAC,CAAC;QACH,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;QAC5C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC;IAC5C,CAAC;IAED,SAAS,CAAC,QAAgB,EAAE,YAAoB;QAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,+EAA+E,EAC/E,QAAQ,EACR,YAAY,CACb,CAAC;YAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAC3C,qCAAqC,CACtC,CAAC;YACF,gBAAgB;iBACb,OAAO,CAAC;gBACP,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,EAAE;gBACzD,MAAM,EAAE;oBACN,IAAI;oBACJ,UAAU;oBACV,YAAY;oBACZ,UAAU;oBACV,MAAM;oBACN,aAAa;oBACb,QAAQ;oBACR,QAAQ;oBACR,WAAW;iBACZ;aACF,CAAC;iBACD,IAAI,CAAC,YAAY,CAAC,EAAE;gBACnB,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,CACJ,IAAA,oBAAQ,EAAC;wBACP,OAAO,EAAE,mDAAmD,QAAQ,EAAE;qBACvE,CAAC,CACH,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC;oBACN,EAAE,EAAE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE;oBAC9B,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,IAAI,EAAE,YAAY,CAAC,IAAI;oBACvB,WAAW,EAAE,YAAY,CAAC,WAAW;oBACrC,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,IAAI,EAAE;oBACzD,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,IAAI,EAAE;iBAC1D,CAAC,CAAC;YACL,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,IAAU,EAAE,MAAgB;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAkB,0BAA0B,CAAC,CAAC;QAElF,MAAM,MAAM,GAAG,IAAA,aAAG,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EACL,mFAAmF;aACtF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAe,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5E,MAAM,eAAe,GAAG,MAAM,WAAW,EAAE,kBAAkB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAE5E,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,OAAO,EAAE;gBACP,CAAC,qBAAU,CAAC,EAAE,MAAM,CAAC,QAAQ,EAAE;gBAC/B,MAAM,EAAE,eAAe,EAAE,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE;gBACpD,KAAK,EAAE,eAAe,EAAE,KAAK,IAAI,EAAE;gBACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,MAAM;aACP;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;IAED,UAAU,CAAC,IAMV;QACC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QACpD,MAAM,qBAAqB,GAAG,IAAI,CAAC,eAAe,CAChD,oCAAoC,CACrC,CAAC;QAEF,OAAO,qBAAqB,CAAC,MAAM,CAAC;YAClC,KAAK;YACL,IAAI;YACJ,MAAM,EAAE,4BAAmB,CAAC,SAAS;YACrC,QAAQ,EAAE,IAAA,eAAG,EAAC,MAAM,CAAC,EAAE,CAAC;YACxB,MAAM,EAAE,IAAA,eAAG,EAAC,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CAAC,KAAY,EAAE,MAAc,EAAE,IAAU;QAChD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,UAAU,CAAC;gBACd,KAAK,EAAE,KAAK,CAAC,WAAW;gBACxB,IAAI,EAAE,iCAAwB,CAAC,iBAAiB;gBAChD,MAAM;gBACN,IAAI;gBACJ,OAAO,EAAE,KAAK;aACf,CAAC;iBACC,IAAI,CAAC,GAAG,EAAE;gBACT,OAAO,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YACtC,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,IAAqC;QACnD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAE7B,MAAM,qBAAqB,GAAG,IAAI,CAAC,eAAe,CAChD,oCAAoC,CACrC,CAAC;QACF,MAAM,WAAW,GAAuB,MAAM,qBAAqB,CAAC,OAAO,CAAC;YAC1E,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;SACvB,CAAC,CAAC;QACH,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC3F,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,oDAAoD,IAAI,aAAa,KAAK,EAAE;aACtF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,4BAAmB,CAAC,SAAS,EAAE,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,EAAE,WAAW,CAAC,CAAC;YACrF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,2CAA2C,WAAW,CAAC,MAAM,EAAE;aACzE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CACzC,6BAA6B,CAC9B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,IAAA,eAAG,EAAC,WAAW,CAAC,MAAM,CAAC,EAAE;YACtC,MAAM,EAAE,CAAC,IAAI,CAAC;SACf,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qEAAqE,EACrE,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;YACF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,6CAA6C,IAAI,aAAa,KAAK,EAAE;aAC/E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CACjD,qCAAqC,CACtC,CAAC;QACF,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC;YACxD,KAAK,EAAE,EAAE,EAAE,EAAE,IAAA,eAAG,EAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;YACxC,MAAM,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC;SACtF,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,6EAA6E,EAC7E,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;YACF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,qDAAqD,IAAI,aAAa,KAAK,EAAE;aACvF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW;YAClB,MAAM,EAAE,YAAY;YACpB,IAAI;SACL,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAkB,0BAA0B,CAAC,CAAC;QAClF,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;YAClC,IAAI,EAAE,uBAAc,CAAC,WAAW;YAChC,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QAE1C,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,sEAAsE,EACtE,YAAY,CACb,CAAC;YACF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,qDAAqD;aAC/D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CACjD,qCAAqC,CACtC,CAAC;QACF,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC;YACxD,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC;SACtF,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,wDAAwD,QAAQ,EAAE;aAC5E,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,WAAW;YACX,oBAAoB,EAAE,IAAI,IAAI,CAAC,IAAA,eAAG,EAAC,YAAY,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC;YAC/D,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,YAAa,CAAC,QAAQ,EAAkB,EAAE;gBAClE,EAAE,EAAE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE;aAC/B,CAAC;YACF,IAAI,EAAE,EAAE,EAAE,EAAE,YAAY,CAAC,MAAM,EAAE;SAClC,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,KAAY,EAAE,MAAgB;QACxC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;YAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACxE,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAxPD,kFAwPC"}
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../src/components/authenticate/oauth2-handlers/base.ts"],"names":[],"mappings":";;;;;;AAAA,qCAA4E;AAC5E,uCAA6D;AAC7D,2CAA4C;AAC5C,iDAAgD;AAUhD,qDAA6B;AAC7B,sCAOmB;AAGnB,0CAAkE;AAClE,iCAAyC;AACzC,mCAAuC;AAIvC,MAAsB,mCAAmC;IASvD,YAAY,IAAmF;QALrF,iBAAY,GAAwB,IAAI,CAAC;QACzC,oBAAe,GAA2B,IAAI,CAAC;QAEjD,gBAAW,GAAyB,IAAI,CAAC;QAG/C,IAAI,CAAC,MAAM,GAAG,uBAAa,CAAC,SAAS,CAAC;YACpC,IAAI,EAAE,KAAK,IAAI,mCAAmC,CAAC,IAAI;SACxD,CAAC,CAAC;QACH,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;QAC5C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC;QAE1C,2BAA2B;QAC3B,IAAI,CAAC,YAAY,GAAG,IAAI,6BAAkB,CAAC;YACzC,OAAO,EAAE,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE;YAClD,KAAK,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,qBAAqB;SACrD,CAAC,CAAC;QAEH,4CAA4C;QAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CACxC,yBAAgB,CAAC,cAAc,CAChC,CAAC;YAEF,yCAAyC;YACzC,IAAI,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAE/D,0CAA0C;YAC1C,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0EAA0E,CAC3E,CAAC;gBACF,eAAe,GAAG,aAAa,EAAE,WAAW,EAAE,eAAe,IAAI,EAAE,CAAC;YACtE,CAAC;YAED,MAAM,aAAa,GAAG,aAAa,EAAE,WAAW,EAAE,aAAa,IAAI,EAAE,CAAC;YAEtE,2BAA2B;YAC3B,IAAI,CAAC,YAAY,GAAG,IAAI,oBAAY,CAAC;gBACnC,eAAe;gBACf,aAAa;gBACb,KAAK,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,eAAe;aAC/C,CAAC,CAAC;YAEH,+BAA+B;YAC/B,IAAI,CAAC,eAAe,GAAG,IAAI,sBAAe,CAAC;gBACzC,OAAO,EAAE;oBACP,eAAe,EAAE,IAAI,CAAC,eAAe;oBACrC,YAAY,EAAE,IAAI,CAAC,YAAY;iBAChC;gBACD,KAAK,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,kBAAkB;aAClD,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAC7E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,wDAAwD,EACxD,IAAA,oBAAQ,EAAC,KAAK,CAAC,CAAC,OAAO,CACxB,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,iBAAiB;QAC/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAChD,MAAM,IAAA,oBAAQ,EAAC,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,SAAS,CAAC,QAAgB,EAAE,YAAoB;QAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2DAA2D,EAAE,QAAQ,CAAC,CAAC;YAEzF,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAC3C,qCAAqC,CACtC,CAAC;YAEF,gBAAgB;iBACb,OAAO,CAAC;gBACP,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,EAAE;gBACzD,MAAM,EAAE;oBACN,IAAI;oBACJ,UAAU;oBACV,YAAY;oBACZ,UAAU;oBACV,MAAM;oBACN,aAAa;oBACb,QAAQ;oBACR,QAAQ;oBACR,WAAW;iBACZ;aACF,CAAC;iBACD,IAAI,CAAC,YAAY,CAAC,EAAE;gBACnB,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,CACJ,IAAA,oBAAQ,EAAC;wBACP,OAAO,EAAE,mDAAmD,QAAQ,EAAE;qBACvE,CAAC,CACH,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC;oBACN,EAAE,EAAE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE;oBAC9B,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,IAAI,EAAE,YAAY,CAAC,IAAI;oBACvB,WAAW,EAAE,YAAY,CAAC,WAAW;oBACrC,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,IAAI,EAAE;oBACzD,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,IAAI,EAAE;iBAC1D,CAAC,CAAC;YACL,CAAC,CAAC;iBACD,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,IAAU,EAAE,MAAgB;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAkB,0BAA0B,CAAC,CAAC;QAElF,MAAM,MAAM,GAAG,IAAA,aAAG,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EACL,mFAAmF;aACtF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAe,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5E,MAAM,eAAe,GAAG,MAAM,WAAW,EAAE,kBAAkB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAE5E,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;YAClC,OAAO,EAAE;gBACP,CAAC,qBAAU,CAAC,EAAE,MAAM,CAAC,QAAQ,EAAE;gBAC/B,MAAM,EAAE,eAAe,EAAE,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE;gBACpD,KAAK,EAAE,eAAe,EAAE,KAAK,IAAI,EAAE;gBACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,EAAE;aACpB;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;IAES,UAAU,CAAC,IAOpB;QACC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAC5D,MAAM,qBAAqB,GAAG,IAAI,CAAC,eAAe,CAChD,oCAAoC,CACrC,CAAC;QAEF,OAAO,qBAAqB,CAAC,MAAM,CAAC;YAClC,KAAK;YACL,IAAI;YACJ,MAAM,EAAE,4BAAmB,CAAC,SAAS;YACrC,QAAQ,EAAE,IAAA,eAAG,EAAC,MAAM,CAAC,EAAE,CAAC;YACxB,MAAM,EAAE,IAAA,eAAG,EAAC,IAAI,CAAC,EAAE,CAAC;YACpB,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAY,EAAE,MAAc,EAAE,IAAU;QACtD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAa,CAAC,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,UAAU,CAAC;YACpB,KAAK,EAAE,KAAK,CAAC,WAAW;YACxB,IAAI,EAAE,iCAAwB,CAAC,iBAAiB;YAChD,MAAM;YACN,IAAI;YACJ,MAAM;YACN,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,IAAqC;QACnD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAE7B,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,qBAAqB,GAAG,IAAI,CAAC,eAAe,CAChD,oCAAoC,CACrC,CAAC;QAEF,MAAM,WAAW,GAAuB,MAAM,qBAAqB,CAAC,OAAO,CAAC;YAC1E,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC3F,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,oDAAoD,IAAI,aAAa,KAAK,EAAE;aACtF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,4BAAmB,CAAC,SAAS,EAAE,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,EAAE,WAAW,CAAC,CAAC;YACrF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,2CAA2C,WAAW,CAAC,MAAM,EAAE;aACzE,CAAC,CAAC;QACL,CAAC;QAED,wCAAwC;QACxC,MAAM,MAAM,GAAG,IAAA,eAAG,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,IAAI,EAAE,CAAC;QAE/C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;QAEjF,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qEAAqE,EACrE,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;YACF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,6CAA6C,IAAI,aAAa,KAAK,EAAE;aAC/E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CACjD,qCAAqC,CACtC,CAAC;QACF,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC;YACxD,KAAK,EAAE,EAAE,EAAE,EAAE,IAAA,eAAG,EAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;YACxC,MAAM,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC;SACtF,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,6EAA6E,EAC7E,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;YACF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,qDAAqD,IAAI,aAAa,KAAK,EAAE;aACvF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW;YAClB,MAAM,EAAE,YAAY;YACpB,IAAI;SACL,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAkB,0BAA0B,CAAC,CAAC;QAClF,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;YAClC,IAAI,EAAE,uBAAc,CAAC,WAAW;YAChC,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QAE1C,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,sEAAsE,EACtE,YAAY,CACb,CAAC;YACF,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,qDAAqD;aAC/D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CACjD,qCAAqC,CACtC,CAAC;QACF,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC;YACxD,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC;SACtF,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAA,oBAAQ,EAAC;gBACb,OAAO,EAAE,wDAAwD,QAAQ,EAAE;aAC5E,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,WAAW;YACX,oBAAoB,EAAE,IAAI,IAAI,CAAC,IAAA,eAAG,EAAC,YAAY,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC;YAC/D,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,YAAa,CAAC,QAAQ,EAAkB,EAAE;gBAClE,EAAE,EAAE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE;aAC/B,CAAC;YACF,IAAI,EAAE,EAAE,EAAE,EAAE,YAAY,CAAC,MAAM,EAAE;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAY,EAAE,cAAyB;QACvD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE,KAAK,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC;QAE/F,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,KAAK,CAAC;QACf,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,YAAa,CAAC,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEpE,yCAAyC;QACzC,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAEhF,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,8DAA8D,EAC9D,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EACtB,YAAY,CACb,CAAC;QAEF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,eAA0B;QAC7C,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,YAAa,CAAC,cAAc,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IAES,eAAe;QACvB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAES,kBAAkB;QAC1B,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;CACF;AAvWD,kFAuWC"}

package/dist/components/authenticate/oauth2-handlers/config/index.d.ts

@@ -0,0 +1,2 @@
+export * from './scope-config-validator';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/authenticate/oauth2-handlers/config/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/config/index.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAC"}

package/dist/components/authenticate/oauth2-handlers/config/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./scope-config-validator"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/authenticate/oauth2-handlers/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/config/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2DAAyC"}

package/dist/components/authenticate/oauth2-handlers/config/scope-config-validator.d.ts

@@ -0,0 +1,46 @@
+import { IAuthenticateOAuth2Options } from '../../common';
+export interface IScopeConfigValidationError {
+    field: string;
+    message: string;
+    scopeIdentifier?: string;
+}
+export interface IScopeConfigValidationResult {
+    valid: boolean;
+    errors: IScopeConfigValidationError[];
+    warnings: string[];
+}
+/**
+ * ScopeConfigValidator validates OAuth2 scope configuration at startup
+ * Ensures configuration is well-formed and consistent
+ */
+export declare class ScopeConfigValidator {
+    private logger;
+    constructor(opts: {
+        scope?: string;
+    });
+    /**
+     * Validate OAuth2 configuration
+     * @param config - OAuth2 options configuration
+     * @returns Validation result with errors and warnings
+     */
+    validate(config: IAuthenticateOAuth2Options): IScopeConfigValidationResult;
+    /**
+     * Validate available scopes configuration
+     */
+    private validateAvailableScopes;
+    /**
+     * Validate relations in a scope definition
+     */
+    private validateRelations;
+    /**
+     * Validate default scopes
+     */
+    private validateDefaultScopes;
+    /**
+     * Validate configuration and throw if invalid
+     * @param config - OAuth2 configuration
+     * @throws Error if configuration is invalid
+     */
+    validateOrThrow(config: IAuthenticateOAuth2Options): void;
+}
+//# sourceMappingURL=scope-config-validator.d.ts.map

package/dist/components/authenticate/oauth2-handlers/config/scope-config-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-config-validator.d.ts","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/config/scope-config-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAoB,MAAM,cAAc,CAAC;AAG5E,MAAM,WAAW,2BAA2B;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,2BAA2B,EAAE,CAAC;IACtC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,CAAoB;gBAEtB,IAAI,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAKpC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,EAAE,0BAA0B,GAAG,4BAA4B;IA8D1E;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAoCzB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAmE7B;;;;OAIG;IACH,eAAe,CAAC,MAAM,EAAE,0BAA0B,GAAG,IAAI;CAQ1D"}

package/dist/components/authenticate/oauth2-handlers/config/scope-config-validator.js

@@ -0,0 +1,199 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeConfigValidator = void 0;
+const helpers_1 = require("../../../../helpers");
+const constants_1 = require("../constants");
+/**
+ * ScopeConfigValidator validates OAuth2 scope configuration at startup
+ * Ensures configuration is well-formed and consistent
+ */
+class ScopeConfigValidator {
+    constructor(opts) {
+        const { scope } = opts;
+        this.logger = helpers_1.LoggerFactory.getLogger([scope ?? ScopeConfigValidator.name]);
+    }
+    /**
+     * Validate OAuth2 configuration
+     * @param config - OAuth2 options configuration
+     * @returns Validation result with errors and warnings
+     */
+    validate(config) {
+        const errors = [];
+        const warnings = [];
+        if (!config.enable) {
+            this.logger.info('[validate] OAuth2 is disabled, skipping validation');
+            return { valid: true, errors: [], warnings: [] };
+        }
+        const restOptions = config.restOptions;
+        if (!restOptions) {
+            warnings.push('No restOptions configured for OAuth2');
+            return { valid: true, errors, warnings };
+        }
+        // Validate available scopes
+        if (restOptions.availableScopes) {
+            this.validateAvailableScopes(restOptions.availableScopes, errors, warnings);
+        }
+        else {
+            warnings.push('No availableScopes configured - all scopes will be allowed (backward compatibility mode)');
+        }
+        // Validate default scopes
+        if (restOptions.defaultScopes) {
+            this.validateDefaultScopes(restOptions.defaultScopes, restOptions.availableScopes, errors, warnings);
+        }
+        else {
+            warnings.push('No defaultScopes configured - empty scopes will result in no data access');
+        }
+        const isValid = errors.length === 0;
+        if (isValid) {
+            this.logger.info('[validate] Configuration valid | Warnings: %d | Available scopes: %d | Default scopes: %s', warnings.length, restOptions.availableScopes?.length ?? 0, restOptions.defaultScopes?.join(', ') ?? 'none');
+        }
+        else {
+            this.logger.error('[validate] Configuration invalid | Errors: %d', errors.length);
+            errors.forEach(error => {
+                this.logger.error('[validate] Error: %s - %s', error.field, error.message);
+            });
+        }
+        if (warnings.length > 0) {
+            warnings.forEach(warning => {
+                this.logger.warn('[validate] Warning: %s', warning);
+            });
+        }
+        return { valid: isValid, errors, warnings };
+    }
+    /**
+     * Validate available scopes configuration
+     */
+    validateAvailableScopes(scopes, errors, warnings) {
+        const identifiers = new Set();
+        for (const scope of scopes) {
+            // Check for duplicate identifiers
+            if (identifiers.has(scope.identifier)) {
+                errors.push({
+                    field: 'availableScopes',
+                    message: `Duplicate scope identifier: ${scope.identifier}`,
+                    scopeIdentifier: scope.identifier,
+                });
+            }
+            identifiers.add(scope.identifier);
+            // Validate identifier format
+            if (!scope.identifier || scope.identifier.trim() === '') {
+                errors.push({
+                    field: 'availableScopes',
+                    message: 'Scope identifier cannot be empty',
+                    scopeIdentifier: scope.identifier,
+                });
+            }
+            // Validate name
+            if (!scope.name || scope.name.trim() === '') {
+                errors.push({
+                    field: 'availableScopes',
+                    message: `Scope name cannot be empty for identifier: ${scope.identifier}`,
+                    scopeIdentifier: scope.identifier,
+                });
+            }
+            // Check if scope has either fields or relations
+            if ((!scope.fields || scope.fields.length === 0) &&
+                (!scope.relations || scope.relations.length === 0)) {
+                warnings.push(`Scope '${scope.identifier}' has no fields or relations - it will not provide any data`);
+            }
+            // Validate relations
+            if (scope.relations) {
+                this.validateRelations(scope, errors, warnings);
+            }
+        }
+    }
+    /**
+     * Validate relations in a scope definition
+     */
+    validateRelations(scope, errors, warnings) {
+        const relationNames = new Set();
+        for (const relation of scope.relations) {
+            // Check for duplicate relation names
+            if (relationNames.has(relation.relation)) {
+                errors.push({
+                    field: 'availableScopes.relations',
+                    message: `Duplicate relation name '${relation.relation}' in scope: ${scope.identifier}`,
+                    scopeIdentifier: scope.identifier,
+                });
+            }
+            relationNames.add(relation.relation);
+            // Validate relation name
+            if (!relation.relation || relation.relation.trim() === '') {
+                errors.push({
+                    field: 'availableScopes.relations',
+                    message: `Relation name cannot be empty in scope: ${scope.identifier}`,
+                    scopeIdentifier: scope.identifier,
+                });
+            }
+            // Warn if relation has no fields
+            if (!relation.fields || relation.fields.length === 0) {
+                warnings.push(`Relation '${relation.relation}' in scope '${scope.identifier}' has no fields specified`);
+            }
+        }
+    }
+    /**
+     * Validate default scopes
+     */
+    validateDefaultScopes(defaultScopes, availableScopes, errors, warnings) {
+        if (defaultScopes.length === 0) {
+            warnings.push('Default scopes array is empty');
+            return;
+        }
+        // If no available scopes, can't validate default scopes
+        if (!availableScopes || availableScopes.length === 0) {
+            return;
+        }
+        // Check if default scopes are valid hierarchical scopes
+        for (const defaultScope of defaultScopes) {
+            const parts = defaultScope.split(':');
+            if (parts.length < 3) {
+                errors.push({
+                    field: 'defaultScopes',
+                    message: `Invalid scope format: ${defaultScope} (expected resource:action:path)`,
+                });
+                continue;
+            }
+            const [resource, action, ...path] = parts;
+            // Validate resource
+            if (resource !== constants_1.OAuth2Resources.USER) {
+                errors.push({
+                    field: 'defaultScopes',
+                    message: `Unsupported resource in default scope: ${defaultScope} (only 'user' is supported)`,
+                });
+            }
+            // Validate action
+            if (action !== constants_1.OAuth2Actions.READ) {
+                errors.push({
+                    field: 'defaultScopes',
+                    message: `Unsupported action in default scope: ${defaultScope} (only 'read' is supported)`,
+                });
+            }
+            // Check if path refers to an existing scope identifier
+            if (path.length > 0) {
+                const [firstPart] = path;
+                const isScopeFound = availableScopes.some(s => s.identifier === firstPart);
+                if (!isScopeFound && path.length > 1) {
+                    // Check if it's a valid relation
+                    const isRelationFound = availableScopes.some(s => s.relations?.some(r => r.relation === firstPart));
+                    if (!isRelationFound) {
+                        warnings.push(`Default scope '${defaultScope}' references unknown scope/relation: ${firstPart}`);
+                    }
+                }
+            }
+        }
+    }
+    /**
+     * Validate configuration and throw if invalid
+     * @param config - OAuth2 configuration
+     * @throws Error if configuration is invalid
+     */
+    validateOrThrow(config) {
+        const result = this.validate(config);
+        if (!result.valid) {
+            const errorMessages = result.errors.map(e => `${e.field}: ${e.message}`).join('\n');
+            throw new Error(`Invalid OAuth2 configuration:\n${errorMessages}`);
+        }
+    }
+}
+exports.ScopeConfigValidator = ScopeConfigValidator;
+//# sourceMappingURL=scope-config-validator.js.map

package/dist/components/authenticate/oauth2-handlers/config/scope-config-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-config-validator.js","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/config/scope-config-validator.ts"],"names":[],"mappings":";;;AAAA,uCAA6D;AAE7D,4CAA8D;AAc9D;;;GAGG;AACH,MAAa,oBAAoB;IAG/B,YAAY,IAAwB;QAClC,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,uBAAa,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED;;;;OAIG;IACH,QAAQ,CAAC,MAAkC;QACzC,MAAM,MAAM,GAAkC,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YACvE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnD,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QAEvC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACtD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;QAC3C,CAAC;QAED,4BAA4B;QAC5B,IAAI,WAAW,CAAC,eAAe,EAAE,CAAC;YAChC,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC9E,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CACX,0FAA0F,CAC3F,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,IAAI,WAAW,CAAC,aAAa,EAAE,CAAC;YAC9B,IAAI,CAAC,qBAAqB,CACxB,WAAW,CAAC,aAAa,EACzB,WAAW,CAAC,eAAe,EAC3B,MAAM,EACN,QAAQ,CACT,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;QAEpC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2FAA2F,EAC3F,QAAQ,CAAC,MAAM,EACf,WAAW,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,EACxC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAChD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YAClF,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;gBACrB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7E,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;gBACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IAC9C,CAAC;IAED;;OAEG;IACK,uBAAuB,CAC7B,MAA0B,EAC1B,MAAqC,EACrC,QAAkB;QAElB,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QAEtC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,kCAAkC;YAClC,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,+BAA+B,KAAK,CAAC,UAAU,EAAE;oBAC1D,eAAe,EAAE,KAAK,CAAC,UAAU;iBAClC,CAAC,CAAC;YACL,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAElC,6BAA6B;YAC7B,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACxD,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,kCAAkC;oBAC3C,eAAe,EAAE,KAAK,CAAC,UAAU;iBAClC,CAAC,CAAC;YACL,CAAC;YAED,gBAAgB;YAChB,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,8CAA8C,KAAK,CAAC,UAAU,EAAE;oBACzE,eAAe,EAAE,KAAK,CAAC,UAAU;iBAClC,CAAC,CAAC;YACL,CAAC;YAED,gDAAgD;YAChD,IACE,CAAC,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;gBAC5C,CAAC,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,EAClD,CAAC;gBACD,QAAQ,CAAC,IAAI,CACX,UAAU,KAAK,CAAC,UAAU,6DAA6D,CACxF,CAAC;YACJ,CAAC;YAED,qBAAqB;YACrB,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpB,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,KAAuB,EACvB,MAAqC,EACrC,QAAkB;QAElB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QAExC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,SAAU,EAAE,CAAC;YACxC,qCAAqC;YACrC,IAAI,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,2BAA2B;oBAClC,OAAO,EAAE,4BAA4B,QAAQ,CAAC,QAAQ,eAAe,KAAK,CAAC,UAAU,EAAE;oBACvF,eAAe,EAAE,KAAK,CAAC,UAAU;iBAClC,CAAC,CAAC;YACL,CAAC;YACD,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAErC,yBAAyB;YACzB,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC1D,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,2BAA2B;oBAClC,OAAO,EAAE,2CAA2C,KAAK,CAAC,UAAU,EAAE;oBACtE,eAAe,EAAE,KAAK,CAAC,UAAU;iBAClC,CAAC,CAAC;YACL,CAAC;YAED,iCAAiC;YACjC,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrD,QAAQ,CAAC,IAAI,CACX,aAAa,QAAQ,CAAC,QAAQ,eAAe,KAAK,CAAC,UAAU,2BAA2B,CACzF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC3B,aAAuB,EACvB,eAA+C,EAC/C,MAAqC,EACrC,QAAkB;QAElB,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,wDAAwD;QACxD,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrD,OAAO;QACT,CAAC;QAED,wDAAwD;QACxD,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAEtC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,yBAAyB,YAAY,kCAAkC;iBACjF,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC;YAE1C,oBAAoB;YACpB,IAAI,QAAQ,KAAK,2BAAe,CAAC,IAAI,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,0CAA0C,YAAY,6BAA6B;iBAC7F,CAAC,CAAC;YACL,CAAC;YAED,kBAAkB;YAClB,IAAI,MAAM,KAAK,yBAAa,CAAC,IAAI,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,wCAAwC,YAAY,6BAA6B;iBAC3F,CAAC,CAAC;YACL,CAAC;YAED,uDAAuD;YACvD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;gBACzB,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC;gBAE3E,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrC,iCAAiC;oBACjC,MAAM,eAAe,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC/C,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CACjD,CAAC;oBAEF,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,QAAQ,CAAC,IAAI,CACX,kBAAkB,YAAY,wCAAwC,SAAS,EAAE,CAClF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,eAAe,CAAC,MAAkC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAErC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpF,MAAM,IAAI,KAAK,CAAC,kCAAkC,aAAa,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;CACF;AA7PD,oDA6PC"}

package/dist/components/authenticate/oauth2-handlers/constants/index.d.ts

@@ -0,0 +1,2 @@
+export * from './scope-constants';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/authenticate/oauth2-handlers/constants/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/constants/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC"}

package/dist/components/authenticate/oauth2-handlers/constants/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./scope-constants"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/authenticate/oauth2-handlers/constants/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/constants/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC"}

package/dist/components/authenticate/oauth2-handlers/constants/scope-constants.d.ts

@@ -0,0 +1,79 @@
+export declare const OAuth2Resources: {
+    readonly USER: "user";
+};
+export declare const OAuth2Actions: {
+    readonly READ: "read";
+};
+export declare class ScopeBuilder {
+    private scopes;
+    /**
+     * Add a scope to the builder
+     * @param scope - Scope string (e.g., "user:read:basic")
+     * @returns This builder for chaining
+     */
+    add(scope: string): this;
+    /**
+     * Add multiple scopes at once
+     * @param scopes - Array of scope strings
+     * @returns This builder for chaining
+     */
+    addMultiple(scopes: string[]): this;
+    /**
+     * Build a scope string from resource, action, and path components
+     * @param resource - Resource name (e.g., 'user')
+     * @param action - Action name (e.g., 'read')
+     * @param path - Path components (e.g., ['basic'] or ['profile', 'firstName'])
+     * @returns This builder for chaining
+     */
+    buildScope(resource: string, action: string, ...path: string[]): this;
+    /**
+     * Build the final scope string (space-separated)
+     * @returns Space-separated scope string
+     */
+    build(): string;
+    /**
+     * Get scopes as array
+     * @returns Array of scope strings
+     */
+    toArray(): string[];
+    /**
+     * Clear all scopes
+     * @returns This builder for chaining
+     */
+    clear(): this;
+    /**
+     * Get number of scopes
+     * @returns Number of scopes
+     */
+    count(): number;
+}
+/**
+ * Helper function to create a new scope builder
+ * @returns New ScopeBuilder instance
+ */
+export declare function createScopeBuilder(): ScopeBuilder;
+/**
+ * Helper function to build scope string from array
+ * @param scopes - Array of scope strings
+ * @returns Space-separated scope string
+ */
+export declare function buildScopeString(...scopes: string[]): string;
+/**
+ * Helper function to build a single scope string
+ * @param resource - Resource name
+ * @param action - Action name
+ * @param path - Path components
+ * @returns Scope string in format "resource:action:path1:path2:..."
+ */
+export declare function buildScope(resource: string, action: string, ...path: string[]): string;
+/**
+ * Helper function to parse scope string into components
+ * @param scope - Scope string (e.g., "user:read:basic")
+ * @returns Object with resource, action, and path components or null if invalid
+ */
+export declare function parseScopeString(scope: string): {
+    resource: string;
+    action: string;
+    path: string[];
+} | null;
+//# sourceMappingURL=scope-constants.d.ts.map

package/dist/components/authenticate/oauth2-handlers/constants/scope-constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-constants.d.ts","sourceRoot":"","sources":["../../../../../src/components/authenticate/oauth2-handlers/constants/scope-constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe;;CAElB,CAAC;AAEX,eAAO,MAAM,aAAa;;CAEhB,CAAC;AAEX,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAA0B;IAExC;;;;OAIG;IACH,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKxB;;;;OAIG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI;IAKnC;;;;;;OAMG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAMrE;;;OAGG;IACH,KAAK,IAAI,MAAM;IAIf;;;OAGG;IACH,OAAO,IAAI,MAAM,EAAE;IAInB;;;OAGG;IACH,KAAK,IAAI,IAAI;IAKb;;;OAGG;IACH,KAAK,IAAI,MAAM;CAGhB;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,YAAY,CAEjD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAE5D;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAEtF;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,GAAG,IAAI,CAOP"}