@nauth-toolkit/social-apple 0.1.13 → 0.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/nestjs/apple-social-auth.module.d.ts +37 -0
- package/dist/nestjs/apple-social-auth.module.d.ts.map +1 -1
- package/dist/nestjs/apple-social-auth.module.js +48 -4
- package/dist/nestjs/apple-social-auth.module.js.map +1 -1
- package/dist/nestjs/index.d.ts +5 -0
- package/dist/nestjs/index.d.ts.map +1 -1
- package/dist/nestjs/index.js +6 -0
- package/dist/nestjs/index.js.map +1 -1
- package/dist/src/apple-oauth.client.d.ts +59 -0
- package/dist/src/apple-oauth.client.d.ts.map +1 -1
- package/dist/src/apple-oauth.client.js +63 -2
- package/dist/src/apple-oauth.client.js.map +1 -1
- package/dist/src/apple-social-auth.service.d.ts +57 -1
- package/dist/src/apple-social-auth.service.d.ts.map +1 -1
- package/dist/src/apple-social-auth.service.js +80 -3
- package/dist/src/apple-social-auth.service.js.map +1 -1
- package/dist/src/dto/social-login.dto.d.ts +219 -0
- package/dist/src/dto/social-login.dto.d.ts.map +1 -1
- package/dist/src/dto/social-login.dto.js +219 -0
- package/dist/src/dto/social-login.dto.js.map +1 -1
- package/dist/src/index.d.ts +6 -0
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +6 -0
- package/dist/src/index.js.map +1 -1
- package/dist/src/token-verifier.service.d.ts +45 -0
- package/dist/src/token-verifier.service.d.ts.map +1 -1
- package/dist/src/token-verifier.service.js +41 -1
- package/dist/src/token-verifier.service.js.map +1 -1
- package/dist/src/verified-token-profile.interface.d.ts +19 -0
- package/dist/src/verified-token-profile.interface.d.ts.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"apple-social-auth.service.js","sourceRoot":"","sources":["../../src/apple-social-auth.service.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"apple-social-auth.service.js","sourceRoot":"","sources":["../../src/apple-social-auth.service.ts"],"names":[],"mappings":";;;AAAA,qBAAqB;AACrB,8CAa6B;AAC7B,sDAAsD;AACtD,2DAOsC;AAEtC,6DAAwD;AACxD,qEAA6F;AAG7F;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAa,sBAAuB,SAAQ,wCAA6B;IAC9D,YAAY,GAAG,OAAO,CAAC;IACf,WAAW,CAA0B;IACrC,aAAa,CAA+B;IAE7D,YACE,MAAmB,EACnB,MAAmB,EACnB,WAAwB,EACxB,iBAAoC,EACpC,UAAsB,EACtB,cAA8B,EAC9B,eAA2C,EAC3C,iBAAoC;IACpC,0CAA0C;IAC1C,UAAgE,EAChE,cAAoC;IACpC,yFAAyF;IACzF,wBAAmD;IACnD,2EAA2E;IAC3E,YAA+B;IAC/B,qFAAqF;IACrF,oBAA2C;IAC3C,uEAAuE;IACvE,aAAqC;QAErC,KAAK,CACH,MAAM,EACN,MAAM,EACN,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,wBAAwB,EACxB,YAAY,EACZ,oBAAoB,CACrB,CAAC;QAEF,gCAAgC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC/C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO,CAAC,qCAAqC;QAC/C,CAAC;QAED,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC;QAClH,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,6DAA6D;YAC7D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,mFAAmF;QACnF,yEAAyE;QACzE,IAAI,CAAC,WAAW,GAAG,IAAI,qCAAgB,CAAC;YACtC,QAAQ,EAAE,WAAW;YACrB,YAAY,EAAE,cAAc,CAAC,YAAY,IAAI,EAAE;YAC/C,WAAW,EAAE,cAAc,CAAC,WAAW,IAAI,EAAE;YAC7C,MAAM,EAAE,cAAc,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;SACnD,CAAC,CAAC;QAEH,oDAAoD;QACpD,IAAI,CAAC,aAAa;YAChB,aAAa;gBACb,IAAI,6CAAyB,CAAC,MAAM,CAAC;gBACpC,IAAI,CAAC,MAAoD,CAAC,aAAa;gBACxE,IAAI,CAAC;QAEP,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oCAAoC,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,KAAc;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,UAAU,GAAG,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;;;;OASG;IACO,KAAK,CAAC,eAAe,CAAC,IAAY,EAAE,MAAc;QAC1D,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4CAA4C,CAAC,CAAC;QAC9G,CAAC;QAED,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,WAAW,CAAC,CAAC;QAE7F,8BAA8B;QAC9B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC;IAED;;;;;;;;OAQG;IACO,KAAK,CAAC,iBAAiB,CAC/B,OAAe,EACf,YAAqB,EACrB,WAAqB;QAErB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,+BAA+B,CAAC,CAAC;QACjG,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC;QACrH,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,EAAE,CAAC;YACzC,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,uCAAuC,CAAC,CAAC;QACzG,CAAC;QAED,gDAAgD;QAChD,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAA8B,CAAC;QAC7G,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,6BAA6B,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;QAEpE,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,kDAAkD,CAAC,CAAC;QACpH,CAAC;QAED,sFAAsF;QACtF,MAAM,gBAAgB,GAAG,WAAoE,CAAC;QAC9F,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,GAAG;YAChB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,gBAAgB,EAAE,SAAS,IAAI,IAAI;YAC9C,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,IAAI,IAAI;YAC5C,OAAO,EAAE,IAAI,EAAE,yCAAyC;YACxD,QAAQ,EAAE,QAAQ,CAAC,cAAc;YACjC,GAAG,EAAE;gBACH,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,cAAc,EAAE,QAAQ,CAAC,cAAc;gBACvC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aACN;SACxC,CAAC;IACJ,CAAC;CACF;AA1KD,wDA0KC"}
|
|
@@ -1,32 +1,229 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Social provider enum
|
|
3
|
+
*/
|
|
1
4
|
export declare enum SocialProvider {
|
|
2
5
|
GOOGLE = "google",
|
|
3
6
|
APPLE = "apple",
|
|
4
7
|
FACEBOOK = "facebook"
|
|
5
8
|
}
|
|
9
|
+
/**
|
|
10
|
+
* DTO for initiating social login
|
|
11
|
+
* Used to generate OAuth URLs for social providers
|
|
12
|
+
*
|
|
13
|
+
* @example
|
|
14
|
+
* ```typescript
|
|
15
|
+
* // Generate Google OAuth URL
|
|
16
|
+
* const dto = new SocialLoginDTO();
|
|
17
|
+
* dto.provider = 'google';
|
|
18
|
+
* dto.state = 'random-state-string';
|
|
19
|
+
* ```
|
|
20
|
+
*/
|
|
6
21
|
export declare class SocialLoginDTO {
|
|
22
|
+
/**
|
|
23
|
+
* Social provider name
|
|
24
|
+
* Must be one of the configured providers
|
|
25
|
+
*
|
|
26
|
+
* Validation:
|
|
27
|
+
* - Must be a valid SocialProvider enum value
|
|
28
|
+
*/
|
|
7
29
|
provider: SocialProvider;
|
|
30
|
+
/**
|
|
31
|
+
* Optional state parameter for OAuth flow
|
|
32
|
+
* Used to prevent CSRF attacks and maintain state
|
|
33
|
+
* If not provided, a random state will be generated
|
|
34
|
+
*
|
|
35
|
+
* Validation:
|
|
36
|
+
* - Must be a string if present
|
|
37
|
+
* - Max 500 characters (typical OAuth state length)
|
|
38
|
+
*/
|
|
8
39
|
state?: string;
|
|
9
40
|
}
|
|
41
|
+
/**
|
|
42
|
+
* DTO for handling OAuth callback
|
|
43
|
+
* Used to process the authorization code from OAuth providers
|
|
44
|
+
*
|
|
45
|
+
* @example
|
|
46
|
+
* ```typescript
|
|
47
|
+
* // Handle Google OAuth callback
|
|
48
|
+
* const dto = new SocialCallbackDTO();
|
|
49
|
+
* dto.provider = 'google';
|
|
50
|
+
* dto.code = 'authorization-code-from-google';
|
|
51
|
+
* dto.state = 'state-from-initial-request';
|
|
52
|
+
* ```
|
|
53
|
+
*/
|
|
10
54
|
export declare class SocialCallbackDTO {
|
|
55
|
+
/**
|
|
56
|
+
* Social provider name
|
|
57
|
+
* Must match the provider used in the initial request
|
|
58
|
+
*
|
|
59
|
+
* Validation:
|
|
60
|
+
* - Must be a valid SocialProvider enum value
|
|
61
|
+
*/
|
|
11
62
|
provider: SocialProvider;
|
|
63
|
+
/**
|
|
64
|
+
* Authorization code from OAuth provider
|
|
65
|
+
* This code is exchanged for access token and user info
|
|
66
|
+
*
|
|
67
|
+
* Validation:
|
|
68
|
+
* - Must be a string
|
|
69
|
+
* - Max 1000 characters (typical OAuth code length)
|
|
70
|
+
*/
|
|
12
71
|
code: string;
|
|
72
|
+
/**
|
|
73
|
+
* State parameter from OAuth flow
|
|
74
|
+
* Must match the state sent in the initial request
|
|
75
|
+
*
|
|
76
|
+
* Validation:
|
|
77
|
+
* - Must be a string
|
|
78
|
+
* - Max 500 characters (typical OAuth state length)
|
|
79
|
+
*/
|
|
13
80
|
state: string;
|
|
81
|
+
/**
|
|
82
|
+
* Optional error parameter from OAuth provider
|
|
83
|
+
* Used when user denies permission or other errors occur
|
|
84
|
+
*
|
|
85
|
+
* Validation:
|
|
86
|
+
* - Must be a string if present
|
|
87
|
+
* - Max 100 characters
|
|
88
|
+
*/
|
|
14
89
|
error?: string;
|
|
90
|
+
/**
|
|
91
|
+
* Optional error description from OAuth provider
|
|
92
|
+
* Provides more details about the error
|
|
93
|
+
*
|
|
94
|
+
* Validation:
|
|
95
|
+
* - Must be a string if present
|
|
96
|
+
* - Max 500 characters
|
|
97
|
+
*/
|
|
15
98
|
error_description?: string;
|
|
16
99
|
}
|
|
100
|
+
/**
|
|
101
|
+
* DTO for linking social account to existing user
|
|
102
|
+
* Used when an authenticated user wants to link a social provider
|
|
103
|
+
*
|
|
104
|
+
* @example
|
|
105
|
+
* ```typescript
|
|
106
|
+
* // Link Google account to current user
|
|
107
|
+
* const dto = new LinkSocialAccountDTO();
|
|
108
|
+
* dto.provider = 'google';
|
|
109
|
+
* dto.code = 'authorization-code-from-google';
|
|
110
|
+
* dto.state = 'state-from-initial-request';
|
|
111
|
+
* ```
|
|
112
|
+
*/
|
|
17
113
|
export declare class LinkSocialAccountDTO {
|
|
114
|
+
/**
|
|
115
|
+
* Social provider name
|
|
116
|
+
* Must be one of the configured providers
|
|
117
|
+
*
|
|
118
|
+
* Validation:
|
|
119
|
+
* - Must be a valid SocialProvider enum value
|
|
120
|
+
*/
|
|
18
121
|
provider: SocialProvider;
|
|
122
|
+
/**
|
|
123
|
+
* Authorization code from OAuth provider
|
|
124
|
+
* This code is exchanged for access token and user info
|
|
125
|
+
*
|
|
126
|
+
* Validation:
|
|
127
|
+
* - Must be a string
|
|
128
|
+
* - Max 1000 characters (typical OAuth code length)
|
|
129
|
+
*/
|
|
19
130
|
code: string;
|
|
131
|
+
/**
|
|
132
|
+
* State parameter from OAuth flow
|
|
133
|
+
* Must match the state sent in the initial request
|
|
134
|
+
*
|
|
135
|
+
* Validation:
|
|
136
|
+
* - Must be a string
|
|
137
|
+
* - Max 500 characters (typical OAuth state length)
|
|
138
|
+
*/
|
|
20
139
|
state: string;
|
|
21
140
|
}
|
|
141
|
+
/**
|
|
142
|
+
* DTO for unlinking social account
|
|
143
|
+
* Used when an authenticated user wants to remove a social provider
|
|
144
|
+
*
|
|
145
|
+
* @example
|
|
146
|
+
* ```typescript
|
|
147
|
+
* // Unlink Google account from current user
|
|
148
|
+
* const dto = new UnlinkSocialAccountDTO();
|
|
149
|
+
* dto.provider = 'google';
|
|
150
|
+
* ```
|
|
151
|
+
*/
|
|
22
152
|
export declare class UnlinkSocialAccountDTO {
|
|
153
|
+
/**
|
|
154
|
+
* Social provider name to unlink
|
|
155
|
+
* Must be one of the currently linked providers
|
|
156
|
+
*
|
|
157
|
+
* Validation:
|
|
158
|
+
* - Must be a valid SocialProvider enum value
|
|
159
|
+
*/
|
|
23
160
|
provider: SocialProvider;
|
|
24
161
|
}
|
|
162
|
+
/**
|
|
163
|
+
* Response DTO for social login
|
|
164
|
+
* Contains authentication tokens and user information
|
|
165
|
+
*
|
|
166
|
+
* @example
|
|
167
|
+
* ```typescript
|
|
168
|
+
* // Response after successful social login
|
|
169
|
+
* {
|
|
170
|
+
* "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
|
|
171
|
+
* "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
|
|
172
|
+
* "expiresIn": 900,
|
|
173
|
+
* "user": {
|
|
174
|
+
* "sub": "user-uuid",
|
|
175
|
+
* "email": "user@example.com",
|
|
176
|
+
* "firstName": "John",
|
|
177
|
+
* "lastName": "Doe",
|
|
178
|
+
* "isEmailVerified": true,
|
|
179
|
+
* "socialProviders": ["google"]
|
|
180
|
+
* }
|
|
181
|
+
* }
|
|
182
|
+
* ```
|
|
183
|
+
*/
|
|
25
184
|
export declare class SocialLoginResponseDTO {
|
|
185
|
+
/**
|
|
186
|
+
* JWT access token for API authentication
|
|
187
|
+
*
|
|
188
|
+
* Validation:
|
|
189
|
+
* - Must be a string
|
|
190
|
+
* - Max 2048 characters (typical JWT length)
|
|
191
|
+
*/
|
|
26
192
|
accessToken: string;
|
|
193
|
+
/**
|
|
194
|
+
* JWT refresh token for token renewal
|
|
195
|
+
*
|
|
196
|
+
* Validation:
|
|
197
|
+
* - Must be a string
|
|
198
|
+
* - Max 2048 characters (typical JWT length)
|
|
199
|
+
*/
|
|
27
200
|
refreshToken: string;
|
|
201
|
+
/**
|
|
202
|
+
* Access token expiration timestamp (Unix timestamp in seconds)
|
|
203
|
+
*
|
|
204
|
+
* Validation:
|
|
205
|
+
* - Must be a number
|
|
206
|
+
*/
|
|
28
207
|
accessTokenExpiresAt: number;
|
|
208
|
+
/**
|
|
209
|
+
* Refresh token expiration timestamp (Unix timestamp in seconds)
|
|
210
|
+
*
|
|
211
|
+
* Validation:
|
|
212
|
+
* - Must be a number
|
|
213
|
+
*/
|
|
29
214
|
refreshTokenExpiresAt: number;
|
|
215
|
+
/**
|
|
216
|
+
* User information
|
|
217
|
+
*
|
|
218
|
+
* Validation:
|
|
219
|
+
* - Nested fields validated in service layer:
|
|
220
|
+
* - sub: UUID v4 format, max 36 chars
|
|
221
|
+
* - email: Valid email format, max 255 chars
|
|
222
|
+
* - firstName: String, max 100 chars
|
|
223
|
+
* - lastName: String, max 100 chars
|
|
224
|
+
* - isEmailVerified: Boolean
|
|
225
|
+
* - socialProviders: Array of strings, each max 50 chars
|
|
226
|
+
*/
|
|
30
227
|
user: {
|
|
31
228
|
sub: string;
|
|
32
229
|
email: string;
|
|
@@ -36,7 +233,29 @@ export declare class SocialLoginResponseDTO {
|
|
|
36
233
|
socialProviders?: string[];
|
|
37
234
|
};
|
|
38
235
|
}
|
|
236
|
+
/**
|
|
237
|
+
* Response DTO for social account information
|
|
238
|
+
* Contains details about linked social accounts
|
|
239
|
+
*
|
|
240
|
+
* @example
|
|
241
|
+
* ```typescript
|
|
242
|
+
* // Response for user's linked social accounts
|
|
243
|
+
* {
|
|
244
|
+
* "accounts": [
|
|
245
|
+
* {
|
|
246
|
+
* "provider": "google",
|
|
247
|
+
* "providerEmail": "user@gmail.com",
|
|
248
|
+
* "linkedAt": "2023-01-01T00:00:00Z",
|
|
249
|
+
* "lastUsedAt": "2023-01-15T12:00:00Z"
|
|
250
|
+
* }
|
|
251
|
+
* ]
|
|
252
|
+
* }
|
|
253
|
+
* ```
|
|
254
|
+
*/
|
|
39
255
|
export declare class SocialAccountsResponseDTO {
|
|
256
|
+
/**
|
|
257
|
+
* Array of linked social accounts
|
|
258
|
+
*/
|
|
40
259
|
accounts: Array<{
|
|
41
260
|
provider: string;
|
|
42
261
|
providerEmail?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"social-login.dto.d.ts","sourceRoot":"","sources":["../../../src/dto/social-login.dto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"social-login.dto.d.ts","sourceRoot":"","sources":["../../../src/dto/social-login.dto.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,oBAAY,cAAc;IACxB,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,QAAQ,aAAa;CACtB;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,cAAc;IACzB;;;;;;OAMG;IAEH,QAAQ,EAAG,cAAc,CAAC;IAE1B;;;;;;;;OAQG;IAIH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;OAMG;IAEH,QAAQ,EAAG,cAAc,CAAC;IAE1B;;;;;;;OAOG;IAIH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;OAOG;IAIH,KAAK,EAAG,MAAM,CAAC;IAEf;;;;;;;OAOG;IAIH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;OAOG;IAIH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;OAMG;IAEH,QAAQ,EAAG,cAAc,CAAC;IAE1B;;;;;;;OAOG;IAIH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;OAOG;IAIH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,sBAAsB;IACjC;;;;;;OAMG;IAEH,QAAQ,EAAG,cAAc,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,sBAAsB;IACjC;;;;;;OAMG;IAGH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;OAMG;IAGH,YAAY,EAAG,MAAM,CAAC;IAEtB;;;;;OAKG;IAEH,oBAAoB,EAAG,MAAM,CAAC;IAE9B;;;;;OAKG;IAEH,qBAAqB,EAAG,MAAM,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,IAAI,EAAG;QACL,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,OAAO,CAAC;QACzB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;CACH;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,QAAQ,EAAG,KAAK,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC;QACf,UAAU,CAAC,EAAE,IAAI,CAAC;KACnB,CAAC,CAAC;CACJ"}
|
|
@@ -11,14 +11,45 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.SocialAccountsResponseDTO = exports.SocialLoginResponseDTO = exports.UnlinkSocialAccountDTO = exports.LinkSocialAccountDTO = exports.SocialCallbackDTO = exports.SocialLoginDTO = exports.SocialProvider = void 0;
|
|
13
13
|
const class_validator_1 = require("class-validator");
|
|
14
|
+
/**
|
|
15
|
+
* Social provider enum
|
|
16
|
+
*/
|
|
14
17
|
var SocialProvider;
|
|
15
18
|
(function (SocialProvider) {
|
|
16
19
|
SocialProvider["GOOGLE"] = "google";
|
|
17
20
|
SocialProvider["APPLE"] = "apple";
|
|
18
21
|
SocialProvider["FACEBOOK"] = "facebook";
|
|
19
22
|
})(SocialProvider || (exports.SocialProvider = SocialProvider = {}));
|
|
23
|
+
/**
|
|
24
|
+
* DTO for initiating social login
|
|
25
|
+
* Used to generate OAuth URLs for social providers
|
|
26
|
+
*
|
|
27
|
+
* @example
|
|
28
|
+
* ```typescript
|
|
29
|
+
* // Generate Google OAuth URL
|
|
30
|
+
* const dto = new SocialLoginDTO();
|
|
31
|
+
* dto.provider = 'google';
|
|
32
|
+
* dto.state = 'random-state-string';
|
|
33
|
+
* ```
|
|
34
|
+
*/
|
|
20
35
|
class SocialLoginDTO {
|
|
36
|
+
/**
|
|
37
|
+
* Social provider name
|
|
38
|
+
* Must be one of the configured providers
|
|
39
|
+
*
|
|
40
|
+
* Validation:
|
|
41
|
+
* - Must be a valid SocialProvider enum value
|
|
42
|
+
*/
|
|
21
43
|
provider;
|
|
44
|
+
/**
|
|
45
|
+
* Optional state parameter for OAuth flow
|
|
46
|
+
* Used to prevent CSRF attacks and maintain state
|
|
47
|
+
* If not provided, a random state will be generated
|
|
48
|
+
*
|
|
49
|
+
* Validation:
|
|
50
|
+
* - Must be a string if present
|
|
51
|
+
* - Max 500 characters (typical OAuth state length)
|
|
52
|
+
*/
|
|
22
53
|
state;
|
|
23
54
|
}
|
|
24
55
|
exports.SocialLoginDTO = SocialLoginDTO;
|
|
@@ -32,11 +63,63 @@ __decorate([
|
|
|
32
63
|
(0, class_validator_1.MaxLength)(500, { message: 'State must not exceed 500 characters' }),
|
|
33
64
|
__metadata("design:type", String)
|
|
34
65
|
], SocialLoginDTO.prototype, "state", void 0);
|
|
66
|
+
/**
|
|
67
|
+
* DTO for handling OAuth callback
|
|
68
|
+
* Used to process the authorization code from OAuth providers
|
|
69
|
+
*
|
|
70
|
+
* @example
|
|
71
|
+
* ```typescript
|
|
72
|
+
* // Handle Google OAuth callback
|
|
73
|
+
* const dto = new SocialCallbackDTO();
|
|
74
|
+
* dto.provider = 'google';
|
|
75
|
+
* dto.code = 'authorization-code-from-google';
|
|
76
|
+
* dto.state = 'state-from-initial-request';
|
|
77
|
+
* ```
|
|
78
|
+
*/
|
|
35
79
|
class SocialCallbackDTO {
|
|
80
|
+
/**
|
|
81
|
+
* Social provider name
|
|
82
|
+
* Must match the provider used in the initial request
|
|
83
|
+
*
|
|
84
|
+
* Validation:
|
|
85
|
+
* - Must be a valid SocialProvider enum value
|
|
86
|
+
*/
|
|
36
87
|
provider;
|
|
88
|
+
/**
|
|
89
|
+
* Authorization code from OAuth provider
|
|
90
|
+
* This code is exchanged for access token and user info
|
|
91
|
+
*
|
|
92
|
+
* Validation:
|
|
93
|
+
* - Must be a string
|
|
94
|
+
* - Max 1000 characters (typical OAuth code length)
|
|
95
|
+
*/
|
|
37
96
|
code;
|
|
97
|
+
/**
|
|
98
|
+
* State parameter from OAuth flow
|
|
99
|
+
* Must match the state sent in the initial request
|
|
100
|
+
*
|
|
101
|
+
* Validation:
|
|
102
|
+
* - Must be a string
|
|
103
|
+
* - Max 500 characters (typical OAuth state length)
|
|
104
|
+
*/
|
|
38
105
|
state;
|
|
106
|
+
/**
|
|
107
|
+
* Optional error parameter from OAuth provider
|
|
108
|
+
* Used when user denies permission or other errors occur
|
|
109
|
+
*
|
|
110
|
+
* Validation:
|
|
111
|
+
* - Must be a string if present
|
|
112
|
+
* - Max 100 characters
|
|
113
|
+
*/
|
|
39
114
|
error;
|
|
115
|
+
/**
|
|
116
|
+
* Optional error description from OAuth provider
|
|
117
|
+
* Provides more details about the error
|
|
118
|
+
*
|
|
119
|
+
* Validation:
|
|
120
|
+
* - Must be a string if present
|
|
121
|
+
* - Max 500 characters
|
|
122
|
+
*/
|
|
40
123
|
error_description;
|
|
41
124
|
}
|
|
42
125
|
exports.SocialCallbackDTO = SocialCallbackDTO;
|
|
@@ -68,9 +151,45 @@ __decorate([
|
|
|
68
151
|
(0, class_validator_1.MaxLength)(500, { message: 'Error description must not exceed 500 characters' }),
|
|
69
152
|
__metadata("design:type", String)
|
|
70
153
|
], SocialCallbackDTO.prototype, "error_description", void 0);
|
|
154
|
+
/**
|
|
155
|
+
* DTO for linking social account to existing user
|
|
156
|
+
* Used when an authenticated user wants to link a social provider
|
|
157
|
+
*
|
|
158
|
+
* @example
|
|
159
|
+
* ```typescript
|
|
160
|
+
* // Link Google account to current user
|
|
161
|
+
* const dto = new LinkSocialAccountDTO();
|
|
162
|
+
* dto.provider = 'google';
|
|
163
|
+
* dto.code = 'authorization-code-from-google';
|
|
164
|
+
* dto.state = 'state-from-initial-request';
|
|
165
|
+
* ```
|
|
166
|
+
*/
|
|
71
167
|
class LinkSocialAccountDTO {
|
|
168
|
+
/**
|
|
169
|
+
* Social provider name
|
|
170
|
+
* Must be one of the configured providers
|
|
171
|
+
*
|
|
172
|
+
* Validation:
|
|
173
|
+
* - Must be a valid SocialProvider enum value
|
|
174
|
+
*/
|
|
72
175
|
provider;
|
|
176
|
+
/**
|
|
177
|
+
* Authorization code from OAuth provider
|
|
178
|
+
* This code is exchanged for access token and user info
|
|
179
|
+
*
|
|
180
|
+
* Validation:
|
|
181
|
+
* - Must be a string
|
|
182
|
+
* - Max 1000 characters (typical OAuth code length)
|
|
183
|
+
*/
|
|
73
184
|
code;
|
|
185
|
+
/**
|
|
186
|
+
* State parameter from OAuth flow
|
|
187
|
+
* Must match the state sent in the initial request
|
|
188
|
+
*
|
|
189
|
+
* Validation:
|
|
190
|
+
* - Must be a string
|
|
191
|
+
* - Max 500 characters (typical OAuth state length)
|
|
192
|
+
*/
|
|
74
193
|
state;
|
|
75
194
|
}
|
|
76
195
|
exports.LinkSocialAccountDTO = LinkSocialAccountDTO;
|
|
@@ -90,7 +209,25 @@ __decorate([
|
|
|
90
209
|
(0, class_validator_1.MaxLength)(500, { message: 'State must not exceed 500 characters' }),
|
|
91
210
|
__metadata("design:type", String)
|
|
92
211
|
], LinkSocialAccountDTO.prototype, "state", void 0);
|
|
212
|
+
/**
|
|
213
|
+
* DTO for unlinking social account
|
|
214
|
+
* Used when an authenticated user wants to remove a social provider
|
|
215
|
+
*
|
|
216
|
+
* @example
|
|
217
|
+
* ```typescript
|
|
218
|
+
* // Unlink Google account from current user
|
|
219
|
+
* const dto = new UnlinkSocialAccountDTO();
|
|
220
|
+
* dto.provider = 'google';
|
|
221
|
+
* ```
|
|
222
|
+
*/
|
|
93
223
|
class UnlinkSocialAccountDTO {
|
|
224
|
+
/**
|
|
225
|
+
* Social provider name to unlink
|
|
226
|
+
* Must be one of the currently linked providers
|
|
227
|
+
*
|
|
228
|
+
* Validation:
|
|
229
|
+
* - Must be a valid SocialProvider enum value
|
|
230
|
+
*/
|
|
94
231
|
provider;
|
|
95
232
|
}
|
|
96
233
|
exports.UnlinkSocialAccountDTO = UnlinkSocialAccountDTO;
|
|
@@ -98,11 +235,71 @@ __decorate([
|
|
|
98
235
|
(0, class_validator_1.IsEnum)(SocialProvider, { message: 'Provider must be one of: google, apple, facebook' }),
|
|
99
236
|
__metadata("design:type", String)
|
|
100
237
|
], UnlinkSocialAccountDTO.prototype, "provider", void 0);
|
|
238
|
+
/**
|
|
239
|
+
* Response DTO for social login
|
|
240
|
+
* Contains authentication tokens and user information
|
|
241
|
+
*
|
|
242
|
+
* @example
|
|
243
|
+
* ```typescript
|
|
244
|
+
* // Response after successful social login
|
|
245
|
+
* {
|
|
246
|
+
* "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
|
|
247
|
+
* "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
|
|
248
|
+
* "expiresIn": 900,
|
|
249
|
+
* "user": {
|
|
250
|
+
* "sub": "user-uuid",
|
|
251
|
+
* "email": "user@example.com",
|
|
252
|
+
* "firstName": "John",
|
|
253
|
+
* "lastName": "Doe",
|
|
254
|
+
* "isEmailVerified": true,
|
|
255
|
+
* "socialProviders": ["google"]
|
|
256
|
+
* }
|
|
257
|
+
* }
|
|
258
|
+
* ```
|
|
259
|
+
*/
|
|
101
260
|
class SocialLoginResponseDTO {
|
|
261
|
+
/**
|
|
262
|
+
* JWT access token for API authentication
|
|
263
|
+
*
|
|
264
|
+
* Validation:
|
|
265
|
+
* - Must be a string
|
|
266
|
+
* - Max 2048 characters (typical JWT length)
|
|
267
|
+
*/
|
|
102
268
|
accessToken;
|
|
269
|
+
/**
|
|
270
|
+
* JWT refresh token for token renewal
|
|
271
|
+
*
|
|
272
|
+
* Validation:
|
|
273
|
+
* - Must be a string
|
|
274
|
+
* - Max 2048 characters (typical JWT length)
|
|
275
|
+
*/
|
|
103
276
|
refreshToken;
|
|
277
|
+
/**
|
|
278
|
+
* Access token expiration timestamp (Unix timestamp in seconds)
|
|
279
|
+
*
|
|
280
|
+
* Validation:
|
|
281
|
+
* - Must be a number
|
|
282
|
+
*/
|
|
104
283
|
accessTokenExpiresAt;
|
|
284
|
+
/**
|
|
285
|
+
* Refresh token expiration timestamp (Unix timestamp in seconds)
|
|
286
|
+
*
|
|
287
|
+
* Validation:
|
|
288
|
+
* - Must be a number
|
|
289
|
+
*/
|
|
105
290
|
refreshTokenExpiresAt;
|
|
291
|
+
/**
|
|
292
|
+
* User information
|
|
293
|
+
*
|
|
294
|
+
* Validation:
|
|
295
|
+
* - Nested fields validated in service layer:
|
|
296
|
+
* - sub: UUID v4 format, max 36 chars
|
|
297
|
+
* - email: Valid email format, max 255 chars
|
|
298
|
+
* - firstName: String, max 100 chars
|
|
299
|
+
* - lastName: String, max 100 chars
|
|
300
|
+
* - isEmailVerified: Boolean
|
|
301
|
+
* - socialProviders: Array of strings, each max 50 chars
|
|
302
|
+
*/
|
|
106
303
|
user;
|
|
107
304
|
}
|
|
108
305
|
exports.SocialLoginResponseDTO = SocialLoginResponseDTO;
|
|
@@ -124,7 +321,29 @@ __decorate([
|
|
|
124
321
|
(0, class_validator_1.IsNumber)({}, { message: 'Refresh token expiration must be a number' }),
|
|
125
322
|
__metadata("design:type", Number)
|
|
126
323
|
], SocialLoginResponseDTO.prototype, "refreshTokenExpiresAt", void 0);
|
|
324
|
+
/**
|
|
325
|
+
* Response DTO for social account information
|
|
326
|
+
* Contains details about linked social accounts
|
|
327
|
+
*
|
|
328
|
+
* @example
|
|
329
|
+
* ```typescript
|
|
330
|
+
* // Response for user's linked social accounts
|
|
331
|
+
* {
|
|
332
|
+
* "accounts": [
|
|
333
|
+
* {
|
|
334
|
+
* "provider": "google",
|
|
335
|
+
* "providerEmail": "user@gmail.com",
|
|
336
|
+
* "linkedAt": "2023-01-01T00:00:00Z",
|
|
337
|
+
* "lastUsedAt": "2023-01-15T12:00:00Z"
|
|
338
|
+
* }
|
|
339
|
+
* ]
|
|
340
|
+
* }
|
|
341
|
+
* ```
|
|
342
|
+
*/
|
|
127
343
|
class SocialAccountsResponseDTO {
|
|
344
|
+
/**
|
|
345
|
+
* Array of linked social accounts
|
|
346
|
+
*/
|
|
128
347
|
accounts;
|
|
129
348
|
}
|
|
130
349
|
exports.SocialAccountsResponseDTO = SocialAccountsResponseDTO;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"social-login.dto.js","sourceRoot":"","sources":["../../../src/dto/social-login.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAgG;
|
|
1
|
+
{"version":3,"file":"social-login.dto.js","sourceRoot":"","sources":["../../../src/dto/social-login.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAgG;AAEhG;;GAEG;AACH,IAAY,cAIX;AAJD,WAAY,cAAc;IACxB,mCAAiB,CAAA;IACjB,iCAAe,CAAA;IACf,uCAAqB,CAAA;AACvB,CAAC,EAJW,cAAc,8BAAd,cAAc,QAIzB;AAED;;;;;;;;;;;GAWG;AACH,MAAa,cAAc;IACzB;;;;;;OAMG;IAEH,QAAQ,CAAkB;IAE1B;;;;;;;;OAQG;IAIH,KAAK,CAAU;CAChB;AAxBD,wCAwBC;AAfC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;gDAC9D;AAc1B;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;6CACrD;AAGjB;;;;;;;;;;;;GAYG;AACH,MAAa,iBAAiB;IAC5B;;;;;;OAMG;IAEH,QAAQ,CAAkB;IAE1B;;;;;;;OAOG;IAIH,IAAI,CAAU;IAEd;;;;;;;OAOG;IAIH,KAAK,CAAU;IAEf;;;;;;;OAOG;IAIH,KAAK,CAAU;IAEf;;;;;;;OAOG;IAIH,iBAAiB,CAAU;CAC5B;AA9DD,8CA8DC;AArDC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;mDAC9D;AAa1B;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IAC5D,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACzD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;;+CACrE;AAad;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;IAC5C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;gDACrD;AAaf;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;gDACrD;AAaf;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;IAC3D,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;4DACrD;AAG7B;;;;;;;;;;;;GAYG;AACH,MAAa,oBAAoB;IAC/B;;;;;;OAMG;IAEH,QAAQ,CAAkB;IAE1B;;;;;;;OAOG;IAIH,IAAI,CAAU;IAEd;;;;;;;OAOG;IAIH,KAAK,CAAU;CAChB;AApCD,oDAoCC;AA3BC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;sDAC9D;AAa1B;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IAC5D,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACzD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;;kDACrE;AAad;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;IAC5C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;mDACrD;AAGjB;;;;;;;;;;GAUG;AACH,MAAa,sBAAsB;IACjC;;;;;;OAMG;IAEH,QAAQ,CAAkB;CAC3B;AAVD,wDAUC;AADC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;wDAC9D;AAG5B;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAa,sBAAsB;IACjC;;;;;;OAMG;IAGH,WAAW,CAAU;IAErB;;;;;;OAMG;IAGH,YAAY,CAAU;IAEtB;;;;;OAKG;IAEH,oBAAoB,CAAU;IAE9B;;;;;OAKG;IAEH,qBAAqB,CAAU;IAE/B;;;;;;;;;;;OAWG;IACH,IAAI,CAOF;CACH;AA7DD,wDA6DC;AAnDC;IAFC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;;2DACxD;AAWrB;IAFC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACvD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;4DACxD;AAStB;IADC,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;;oEACxC;AAS9B;IADC,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;;qEACxC;AAwBjC;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,QAAQ,CAKL;CACJ;AAVD,8DAUC"}
|
package/dist/src/index.d.ts
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @nauth-toolkit/social-apple
|
|
3
|
+
*
|
|
4
|
+
* Platform-agnostic Apple OAuth provider for nauth-toolkit.
|
|
5
|
+
* For NestJS integration, use '@nauth-toolkit/social-apple/nestjs'
|
|
6
|
+
*/
|
|
1
7
|
export { AppleOAuthClient } from './apple-oauth.client';
|
|
2
8
|
export { TokenVerifierService } from './token-verifier.service';
|
|
3
9
|
export { AppleSocialAuthService } from './apple-social-auth.service';
|
package/dist/src/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,cAAc,wBAAwB,CAAC"}
|
package/dist/src/index.js
CHANGED
|
@@ -1,4 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @nauth-toolkit/social-apple
|
|
4
|
+
*
|
|
5
|
+
* Platform-agnostic Apple OAuth provider for nauth-toolkit.
|
|
6
|
+
* For NestJS integration, use '@nauth-toolkit/social-apple/nestjs'
|
|
7
|
+
*/
|
|
2
8
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
9
|
if (k2 === undefined) k2 = k;
|
|
4
10
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
package/dist/src/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;AAEH,2DAAwD;AAA/C,sHAAA,gBAAgB,OAAA;AACzB,mEAAgE;AAAvD,8HAAA,oBAAoB,OAAA;AAC7B,yEAAqE;AAA5D,mIAAA,sBAAsB,OAAA;AAE/B,yDAAuC"}
|
|
@@ -1,6 +1,30 @@
|
|
|
1
1
|
import { NAuthConfig, ITokenVerifierService } from '@nauth-toolkit/core';
|
|
2
2
|
import { VerifiedAppleTokenProfile } from './verified-token-profile.interface';
|
|
3
|
+
/**
|
|
4
|
+
* jose module type (ESM-only dependency).
|
|
5
|
+
*
|
|
6
|
+
* IMPORTANT: `jose@6` is ESM-only. This package is compiled to CommonJS by default,
|
|
7
|
+
* so we load jose via dynamic import to avoid `ERR_REQUIRE_ESM` at runtime.
|
|
8
|
+
*/
|
|
3
9
|
type JoseModule = typeof import('jose');
|
|
10
|
+
/**
|
|
11
|
+
* Token Verifier Service for Apple OAuth (Platform-Agnostic)
|
|
12
|
+
*
|
|
13
|
+
* Handles secure verification of Apple ID tokens using JWKS public keys.
|
|
14
|
+
* Uses cryptographic signature verification to ensure tokens are authentic.
|
|
15
|
+
*
|
|
16
|
+
* Security Features:
|
|
17
|
+
* - Apple: Verifies JWT signature with Apple's JWKS public keys
|
|
18
|
+
*
|
|
19
|
+
* This is a plain TypeScript class with no framework dependencies.
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```typescript
|
|
23
|
+
* const verifier = new TokenVerifierService(config);
|
|
24
|
+
* const profile = await verifier.verifyAppleToken(idToken, clientId);
|
|
25
|
+
* console.log(profile.email); // Verified email from Apple
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
4
28
|
export declare class TokenVerifierService implements ITokenVerifierService {
|
|
5
29
|
private appleJWKS;
|
|
6
30
|
private readonly logger;
|
|
@@ -9,6 +33,27 @@ export declare class TokenVerifierService implements ITokenVerifierService {
|
|
|
9
33
|
constructor(config: NAuthConfig, loadJose?: () => Promise<JoseModule>);
|
|
10
34
|
private getJose;
|
|
11
35
|
private getAppleJWKS;
|
|
36
|
+
/**
|
|
37
|
+
* Verify Apple ID token with JWT signature validation
|
|
38
|
+
*
|
|
39
|
+
* Fetches Apple's public keys from their JWKS endpoint and verifies the
|
|
40
|
+
* JWT signature to ensure authenticity.
|
|
41
|
+
*
|
|
42
|
+
* @param idToken - ID token from Apple Sign In
|
|
43
|
+
* @param clientId - Apple Services ID (client ID) for audience validation
|
|
44
|
+
* @returns Verified user profile data
|
|
45
|
+
* @throws {BadRequestException} When token is invalid, expired, or signature fails
|
|
46
|
+
*
|
|
47
|
+
* @example
|
|
48
|
+
* ```typescript
|
|
49
|
+
* try {
|
|
50
|
+
* const profile = await verifier.verifyAppleToken(idToken, 'com.yourapp.service');
|
|
51
|
+
* console.log(`Verified email: ${profile.email}`);
|
|
52
|
+
* } catch (error) {
|
|
53
|
+
* console.error('Token verification failed:', error.message);
|
|
54
|
+
* }
|
|
55
|
+
* ```
|
|
56
|
+
*/
|
|
12
57
|
verifyAppleToken(idToken: string, clientId: string): Promise<VerifiedAppleTokenProfile>;
|
|
13
58
|
}
|
|
14
59
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-verifier.service.d.ts","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAA8C,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"token-verifier.service.d.ts","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAA8C,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAE/E;;;;;GAKG;AACH,KAAK,UAAU,GAAG,cAAc,MAAM,CAAC,CAAC;AAExC;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,OAAO,CAAC,SAAS,CAA6D;IAC9E,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4B;IACrD,OAAO,CAAC,iBAAiB,CAAoC;gBAEjD,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;YAKvD,OAAO;YAOP,YAAY;IAQ1B;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC;CAiC9F"}
|