@nauth-toolkit/social-apple 0.1.3

package/dist/src/dto/social-login.dto.js

@@ -0,0 +1,131 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SocialAccountsResponseDTO = exports.SocialLoginResponseDTO = exports.UnlinkSocialAccountDTO = exports.LinkSocialAccountDTO = exports.SocialCallbackDTO = exports.SocialLoginDTO = exports.SocialProvider = void 0;
+const class_validator_1 = require("class-validator");
+var SocialProvider;
+(function (SocialProvider) {
+    SocialProvider["GOOGLE"] = "google";
+    SocialProvider["APPLE"] = "apple";
+    SocialProvider["FACEBOOK"] = "facebook";
+})(SocialProvider || (exports.SocialProvider = SocialProvider = {}));
+class SocialLoginDTO {
+    provider;
+    state;
+}
+exports.SocialLoginDTO = SocialLoginDTO;
+__decorate([
+    (0, class_validator_1.IsEnum)(SocialProvider, { message: 'Provider must be one of: google, apple, facebook' }),
+    __metadata("design:type", String)
+], SocialLoginDTO.prototype, "provider", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'State must be a string' }),
+    (0, class_validator_1.MaxLength)(500, { message: 'State must not exceed 500 characters' }),
+    __metadata("design:type", String)
+], SocialLoginDTO.prototype, "state", void 0);
+class SocialCallbackDTO {
+    provider;
+    code;
+    state;
+    error;
+    error_description;
+}
+exports.SocialCallbackDTO = SocialCallbackDTO;
+__decorate([
+    (0, class_validator_1.IsEnum)(SocialProvider, { message: 'Provider must be one of: google, apple, facebook' }),
+    __metadata("design:type", String)
+], SocialCallbackDTO.prototype, "provider", void 0);
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'Authorization code must be a string' }),
+    (0, class_validator_1.IsNotEmpty)({ message: 'Authorization code is required' }),
+    (0, class_validator_1.MaxLength)(1000, { message: 'Authorization code must not exceed 1000 characters' }),
+    __metadata("design:type", String)
+], SocialCallbackDTO.prototype, "code", void 0);
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'State must be a string' }),
+    (0, class_validator_1.IsNotEmpty)({ message: 'State is required' }),
+    (0, class_validator_1.MaxLength)(500, { message: 'State must not exceed 500 characters' }),
+    __metadata("design:type", String)
+], SocialCallbackDTO.prototype, "state", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'Error must be a string' }),
+    (0, class_validator_1.MaxLength)(100, { message: 'Error must not exceed 100 characters' }),
+    __metadata("design:type", String)
+], SocialCallbackDTO.prototype, "error", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'Error description must be a string' }),
+    (0, class_validator_1.MaxLength)(500, { message: 'Error description must not exceed 500 characters' }),
+    __metadata("design:type", String)
+], SocialCallbackDTO.prototype, "error_description", void 0);
+class LinkSocialAccountDTO {
+    provider;
+    code;
+    state;
+}
+exports.LinkSocialAccountDTO = LinkSocialAccountDTO;
+__decorate([
+    (0, class_validator_1.IsEnum)(SocialProvider, { message: 'Provider must be one of: google, apple, facebook' }),
+    __metadata("design:type", String)
+], LinkSocialAccountDTO.prototype, "provider", void 0);
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'Authorization code must be a string' }),
+    (0, class_validator_1.IsNotEmpty)({ message: 'Authorization code is required' }),
+    (0, class_validator_1.MaxLength)(1000, { message: 'Authorization code must not exceed 1000 characters' }),
+    __metadata("design:type", String)
+], LinkSocialAccountDTO.prototype, "code", void 0);
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'State must be a string' }),
+    (0, class_validator_1.IsNotEmpty)({ message: 'State is required' }),
+    (0, class_validator_1.MaxLength)(500, { message: 'State must not exceed 500 characters' }),
+    __metadata("design:type", String)
+], LinkSocialAccountDTO.prototype, "state", void 0);
+class UnlinkSocialAccountDTO {
+    provider;
+}
+exports.UnlinkSocialAccountDTO = UnlinkSocialAccountDTO;
+__decorate([
+    (0, class_validator_1.IsEnum)(SocialProvider, { message: 'Provider must be one of: google, apple, facebook' }),
+    __metadata("design:type", String)
+], UnlinkSocialAccountDTO.prototype, "provider", void 0);
+class SocialLoginResponseDTO {
+    accessToken;
+    refreshToken;
+    accessTokenExpiresAt;
+    refreshTokenExpiresAt;
+    user;
+}
+exports.SocialLoginResponseDTO = SocialLoginResponseDTO;
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'Access token must be a string' }),
+    (0, class_validator_1.MaxLength)(2048, { message: 'Access token must not exceed 2048 characters' }),
+    __metadata("design:type", String)
+], SocialLoginResponseDTO.prototype, "accessToken", void 0);
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'Refresh token must be a string' }),
+    (0, class_validator_1.MaxLength)(2048, { message: 'Refresh token must not exceed 2048 characters' }),
+    __metadata("design:type", String)
+], SocialLoginResponseDTO.prototype, "refreshToken", void 0);
+__decorate([
+    (0, class_validator_1.IsNumber)({}, { message: 'Access token expiration must be a number' }),
+    __metadata("design:type", Number)
+], SocialLoginResponseDTO.prototype, "accessTokenExpiresAt", void 0);
+__decorate([
+    (0, class_validator_1.IsNumber)({}, { message: 'Refresh token expiration must be a number' }),
+    __metadata("design:type", Number)
+], SocialLoginResponseDTO.prototype, "refreshTokenExpiresAt", void 0);
+class SocialAccountsResponseDTO {
+    accounts;
+}
+exports.SocialAccountsResponseDTO = SocialAccountsResponseDTO;
+//# sourceMappingURL=social-login.dto.js.map

package/dist/src/dto/social-login.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"social-login.dto.js","sourceRoot":"","sources":["../../../src/dto/social-login.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAgG;AAKhG,IAAY,cAIX;AAJD,WAAY,cAAc;IACxB,mCAAiB,CAAA;IACjB,iCAAe,CAAA;IACf,uCAAqB,CAAA;AACvB,CAAC,EAJW,cAAc,8BAAd,cAAc,QAIzB;AAcD,MAAa,cAAc;IASzB,QAAQ,CAAkB;IAc1B,KAAK,CAAU;CAChB;AAxBD,wCAwBC;AAfC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;gDAC9D;AAc1B;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;6CACrD;AAgBjB,MAAa,iBAAiB;IAS5B,QAAQ,CAAkB;IAa1B,IAAI,CAAU;IAad,KAAK,CAAU;IAaf,KAAK,CAAU;IAaf,iBAAiB,CAAU;CAC5B;AA9DD,8CA8DC;AArDC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;mDAC9D;AAa1B;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IAC5D,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACzD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;;+CACrE;AAad;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;IAC5C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;gDACrD;AAaf;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;gDACrD;AAaf;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;IAC3D,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;4DACrD;AAgB7B,MAAa,oBAAoB;IAS/B,QAAQ,CAAkB;IAa1B,IAAI,CAAU;IAad,KAAK,CAAU;CAChB;AApCD,oDAoCC;AA3BC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;sDAC9D;AAa1B;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IAC5D,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACzD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;;kDACrE;AAad;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;IAC5C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;mDACrD;AAcjB,MAAa,sBAAsB;IASjC,QAAQ,CAAkB;CAC3B;AAVD,wDAUC;AADC;IADC,IAAA,wBAAM,EAAC,cAAc,EAAE,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;;wDAC9D;AAyB5B,MAAa,sBAAsB;IAUjC,WAAW,CAAU;IAWrB,YAAY,CAAU;IAStB,oBAAoB,CAAU;IAS9B,qBAAqB,CAAU;IAc/B,IAAI,CAOF;CACH;AA7DD,wDA6DC;AAnDC;IAFC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;;2DACxD;AAWrB;IAFC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACvD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;4DACxD;AAStB;IADC,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;;oEACxC;AAS9B;IADC,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;;qEACxC;AA2CjC,MAAa,yBAAyB;IAIpC,QAAQ,CAKL;CACJ;AAVD,8DAUC"}

package/dist/src/index.d.ts

@@ -0,0 +1,6 @@
+export { AppleOAuthClient } from './apple-oauth.client';
+export { TokenVerifierService } from './token-verifier.service';
+export { AppleSocialAuthService } from './apple-social-auth.service';
+export { VerifiedAppleTokenProfile } from './verified-token-profile.interface';
+export * from './dto/social-login.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,cAAc,wBAAwB,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppleSocialAuthService = exports.TokenVerifierService = exports.AppleOAuthClient = void 0;
+var apple_oauth_client_1 = require("./apple-oauth.client");
+Object.defineProperty(exports, "AppleOAuthClient", { enumerable: true, get: function () { return apple_oauth_client_1.AppleOAuthClient; } });
+var token_verifier_service_1 = require("./token-verifier.service");
+Object.defineProperty(exports, "TokenVerifierService", { enumerable: true, get: function () { return token_verifier_service_1.TokenVerifierService; } });
+var apple_social_auth_service_1 = require("./apple-social-auth.service");
+Object.defineProperty(exports, "AppleSocialAuthService", { enumerable: true, get: function () { return apple_social_auth_service_1.AppleSocialAuthService; } });
+__exportStar(require("./dto/social-login.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAOA,2DAAwD;AAA/C,sHAAA,gBAAgB,OAAA;AACzB,mEAAgE;AAAvD,8HAAA,oBAAoB,OAAA;AAC7B,yEAAqE;AAA5D,mIAAA,sBAAsB,OAAA;AAE/B,yDAAuC"}

package/dist/src/token-verifier.service.d.ts

@@ -0,0 +1,9 @@
+import { NAuthConfig, ITokenVerifierService } from '@nauth-toolkit/core';
+import { VerifiedAppleTokenProfile } from './verified-token-profile.interface';
+export declare class TokenVerifierService implements ITokenVerifierService {
+    private appleJWKS;
+    private readonly logger;
+    constructor(config: NAuthConfig);
+    verifyAppleToken(idToken: string, clientId: string): Promise<VerifiedAppleTokenProfile>;
+}
+//# sourceMappingURL=token-verifier.service.d.ts.map

package/dist/src/token-verifier.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-verifier.service.d.ts","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAA8C,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAoB/E,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,OAAO,CAAC,SAAS,CAAwC;IACzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;gBAEzB,MAAM,EAAE,WAAW;IA2BzB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC;CA8B9F"}

package/dist/src/token-verifier.service.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenVerifierService = void 0;
+const jose_1 = require("jose");
+const core_1 = require("@nauth-toolkit/core");
+class TokenVerifierService {
+    appleJWKS;
+    logger;
+    constructor(config) {
+        this.logger = config.logger;
+        this.appleJWKS = (0, jose_1.createRemoteJWKSet)(new URL('https://appleid.apple.com/auth/keys'));
+    }
+    async verifyAppleToken(idToken, clientId) {
+        try {
+            this.logger?.debug?.(`[TokenVerifier] Verifying Apple token`);
+            const { payload } = await (0, jose_1.jwtVerify)(idToken, this.appleJWKS, {
+                issuer: 'https://appleid.apple.com',
+                audience: clientId,
+                clockTolerance: 300,
+            });
+            const p = payload;
+            this.logger?.log?.(`[TokenVerifier] Apple token verified (secure): ${p.email}`);
+            return {
+                sub: p.sub,
+                email: p.email || '',
+                email_verified: p.email_verified === 'true' || p.email_verified === true,
+                is_private_email: p.is_private_email,
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger?.error?.(`[TokenVerifier] Apple token verification FAILED: ${errorMessage}`);
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_TOKEN_INVALID, `Apple token verification failed: ${errorMessage}`);
+        }
+    }
+}
+exports.TokenVerifierService = TokenVerifierService;
+//# sourceMappingURL=token-verifier.service.js.map

package/dist/src/token-verifier.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-verifier.service.js","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":";;;AAAA,+BAAiE;AACjE,8CAAqH;AAqBrH,MAAa,oBAAoB;IACvB,SAAS,CAAwC;IACxC,MAAM,CAAc;IAErC,YAAY,MAAmB;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAqB,CAAC;QAE3C,IAAI,CAAC,SAAS,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,qCAAqC,CAAC,CAAC,CAAC;IACtF,CAAC;IAuBD,KAAK,CAAC,gBAAgB,CAAC,OAAe,EAAE,QAAgB;QACtD,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,uCAAuC,CAAC,CAAC;YAE9D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE;gBAC3D,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,QAAQ;gBAClB,cAAc,EAAE,GAAG;aACpB,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,OAIT,CAAC;YAEF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,kDAAkD,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAEhF,OAAO;gBACL,GAAG,EAAE,CAAC,CAAC,GAAa;gBACpB,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE;gBACpB,cAAc,EAAE,CAAC,CAAC,cAAc,KAAK,MAAM,IAAI,CAAC,CAAC,cAAc,KAAK,IAAI;gBACxE,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;aACrC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oDAAoD,YAAY,EAAE,CAAC,CAAC;YACzF,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,oCAAoC,YAAY,EAAE,CAAC,CAAC;QACnH,CAAC;IACH,CAAC;CACF;AA7DD,oDA6DC"}

package/dist/src/verified-token-profile.interface.d.ts

@@ -0,0 +1,7 @@
+export interface VerifiedAppleTokenProfile {
+    sub: string;
+    email: string;
+    email_verified: boolean;
+    is_private_email?: boolean;
+}
+//# sourceMappingURL=verified-token-profile.interface.d.ts.map

package/dist/src/verified-token-profile.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verified-token-profile.interface.d.ts","sourceRoot":"","sources":["../../src/verified-token-profile.interface.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,yBAAyB;IAIxC,GAAG,EAAE,MAAM,CAAC;IAMZ,KAAK,EAAE,MAAM,CAAC;IAKd,cAAc,EAAE,OAAO,CAAC;IAKxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B"}

package/dist/src/verified-token-profile.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=verified-token-profile.interface.js.map

package/dist/src/verified-token-profile.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verified-token-profile.interface.js","sourceRoot":"","sources":["../../src/verified-token-profile.interface.ts"],"names":[],"mappings":""}