@nocobase/plugin-idp-oauth 2.1.0-alpha.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.txt +107 -0
- package/README.md +14 -0
- package/build.config.ts +46 -0
- package/client.d.ts +2 -0
- package/client.js +1 -0
- package/dist/client/ErrorPage.d.ts +11 -0
- package/dist/client/InteractionPage.d.ts +11 -0
- package/dist/client/index.d.ts +9 -0
- package/dist/client/index.js +10 -0
- package/dist/client/locale.d.ts +10 -0
- package/dist/client/models/index.d.ts +11 -0
- package/dist/client/plugin.d.ts +13 -0
- package/dist/externalVersion.js +18 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +48 -0
- package/dist/locale/en-US.json +1 -0
- package/dist/locale/zh-CN.json +1 -0
- package/dist/node_modules/eta/LICENSE +7 -0
- package/dist/node_modules/eta/README.md +185 -0
- package/dist/node_modules/eta/dist/core.d.ts +179 -0
- package/dist/node_modules/eta/dist/core.d.ts.map +1 -0
- package/dist/node_modules/eta/dist/core.js +42 -0
- package/dist/node_modules/eta/dist/core.js.map +1 -0
- package/dist/node_modules/eta/dist/index.cjs +542 -0
- package/dist/node_modules/eta/dist/index.cjs.map +1 -0
- package/dist/node_modules/eta/dist/index.d.cts +187 -0
- package/dist/node_modules/eta/dist/index.d.cts.map +1 -0
- package/dist/node_modules/eta/dist/index.d.mts +187 -0
- package/dist/node_modules/eta/dist/index.d.mts.map +1 -0
- package/dist/node_modules/eta/dist/index.mjs +512 -0
- package/dist/node_modules/eta/dist/index.mjs.map +1 -0
- package/dist/node_modules/eta/package.json +75 -0
- package/dist/node_modules/jose/LICENSE.md +21 -0
- package/dist/node_modules/jose/README.md +153 -0
- package/dist/node_modules/jose/dist/types/index.d.ts +55 -0
- package/dist/node_modules/jose/dist/types/jwe/compact/decrypt.d.ts +31 -0
- package/dist/node_modules/jose/dist/types/jwe/compact/encrypt.d.ts +65 -0
- package/dist/node_modules/jose/dist/types/jwe/flattened/decrypt.d.ts +31 -0
- package/dist/node_modules/jose/dist/types/jwe/flattened/encrypt.d.ts +83 -0
- package/dist/node_modules/jose/dist/types/jwe/general/decrypt.d.ts +38 -0
- package/dist/node_modules/jose/dist/types/jwe/general/encrypt.d.ts +74 -0
- package/dist/node_modules/jose/dist/types/jwk/embedded.d.ts +17 -0
- package/dist/node_modules/jose/dist/types/jwk/thumbprint.d.ts +32 -0
- package/dist/node_modules/jose/dist/types/jwks/local.d.ts +29 -0
- package/dist/node_modules/jose/dist/types/jwks/remote.d.ts +237 -0
- package/dist/node_modules/jose/dist/types/jws/compact/sign.d.ts +36 -0
- package/dist/node_modules/jose/dist/types/jws/compact/verify.d.ts +33 -0
- package/dist/node_modules/jose/dist/types/jws/flattened/sign.d.ts +42 -0
- package/dist/node_modules/jose/dist/types/jws/flattened/verify.d.ts +33 -0
- package/dist/node_modules/jose/dist/types/jws/general/sign.d.ts +53 -0
- package/dist/node_modules/jose/dist/types/jws/general/verify.d.ts +41 -0
- package/dist/node_modules/jose/dist/types/jwt/decrypt.d.ts +35 -0
- package/dist/node_modules/jose/dist/types/jwt/encrypt.d.ts +91 -0
- package/dist/node_modules/jose/dist/types/jwt/sign.d.ts +43 -0
- package/dist/node_modules/jose/dist/types/jwt/unsecured.d.ts +43 -0
- package/dist/node_modules/jose/dist/types/jwt/verify.d.ts +37 -0
- package/dist/node_modules/jose/dist/types/key/export.d.ts +33 -0
- package/dist/node_modules/jose/dist/types/key/generate_key_pair.d.ts +47 -0
- package/dist/node_modules/jose/dist/types/key/generate_secret.d.ts +35 -0
- package/dist/node_modules/jose/dist/types/key/import.d.ts +83 -0
- package/dist/node_modules/jose/dist/types/types.d.ts +852 -0
- package/dist/node_modules/jose/dist/types/util/base64url.d.ts +9 -0
- package/dist/node_modules/jose/dist/types/util/decode_jwt.d.ts +18 -0
- package/dist/node_modules/jose/dist/types/util/decode_protected_header.d.ts +17 -0
- package/dist/node_modules/jose/dist/types/util/errors.d.ts +213 -0
- package/dist/node_modules/jose/dist/webapi/index.js +32 -0
- package/dist/node_modules/jose/dist/webapi/jwe/compact/decrypt.js +27 -0
- package/dist/node_modules/jose/dist/webapi/jwe/compact/encrypt.js +27 -0
- package/dist/node_modules/jose/dist/webapi/jwe/flattened/decrypt.js +155 -0
- package/dist/node_modules/jose/dist/webapi/jwe/flattened/encrypt.js +165 -0
- package/dist/node_modules/jose/dist/webapi/jwe/general/decrypt.js +31 -0
- package/dist/node_modules/jose/dist/webapi/jwe/general/encrypt.js +182 -0
- package/dist/node_modules/jose/dist/webapi/jwk/embedded.js +17 -0
- package/dist/node_modules/jose/dist/webapi/jwk/thumbprint.js +68 -0
- package/dist/node_modules/jose/dist/webapi/jwks/local.js +119 -0
- package/dist/node_modules/jose/dist/webapi/jwks/remote.js +179 -0
- package/dist/node_modules/jose/dist/webapi/jws/compact/sign.js +18 -0
- package/dist/node_modules/jose/dist/webapi/jws/compact/verify.js +21 -0
- package/dist/node_modules/jose/dist/webapi/jws/flattened/sign.js +89 -0
- package/dist/node_modules/jose/dist/webapi/jws/flattened/verify.js +110 -0
- package/dist/node_modules/jose/dist/webapi/jws/general/sign.js +70 -0
- package/dist/node_modules/jose/dist/webapi/jws/general/verify.js +24 -0
- package/dist/node_modules/jose/dist/webapi/jwt/decrypt.js +23 -0
- package/dist/node_modules/jose/dist/webapi/jwt/encrypt.js +101 -0
- package/dist/node_modules/jose/dist/webapi/jwt/sign.js +52 -0
- package/dist/node_modules/jose/dist/webapi/jwt/unsecured.js +63 -0
- package/dist/node_modules/jose/dist/webapi/jwt/verify.js +15 -0
- package/dist/node_modules/jose/dist/webapi/key/export.js +11 -0
- package/dist/node_modules/jose/dist/webapi/key/generate_key_pair.js +97 -0
- package/dist/node_modules/jose/dist/webapi/key/generate_secret.js +40 -0
- package/dist/node_modules/jose/dist/webapi/key/import.js +57 -0
- package/dist/node_modules/jose/dist/webapi/lib/aesgcmkw.js +15 -0
- package/dist/node_modules/jose/dist/webapi/lib/aeskw.js +25 -0
- package/dist/node_modules/jose/dist/webapi/lib/asn1.js +243 -0
- package/dist/node_modules/jose/dist/webapi/lib/base64.js +22 -0
- package/dist/node_modules/jose/dist/webapi/lib/buffer_utils.js +43 -0
- package/dist/node_modules/jose/dist/webapi/lib/check_key_type.js +122 -0
- package/dist/node_modules/jose/dist/webapi/lib/content_encryption.js +217 -0
- package/dist/node_modules/jose/dist/webapi/lib/crypto_key.js +136 -0
- package/dist/node_modules/jose/dist/webapi/lib/deflate.js +44 -0
- package/dist/node_modules/jose/dist/webapi/lib/ecdhes.js +52 -0
- package/dist/node_modules/jose/dist/webapi/lib/helpers.js +19 -0
- package/dist/node_modules/jose/dist/webapi/lib/invalid_key_input.js +27 -0
- package/dist/node_modules/jose/dist/webapi/lib/is_key_like.js +17 -0
- package/dist/node_modules/jose/dist/webapi/lib/jwk_to_key.js +107 -0
- package/dist/node_modules/jose/dist/webapi/lib/jwt_claims_set.js +238 -0
- package/dist/node_modules/jose/dist/webapi/lib/key_management.js +186 -0
- package/dist/node_modules/jose/dist/webapi/lib/key_to_jwk.js +31 -0
- package/dist/node_modules/jose/dist/webapi/lib/normalize_key.js +166 -0
- package/dist/node_modules/jose/dist/webapi/lib/pbes2kw.js +39 -0
- package/dist/node_modules/jose/dist/webapi/lib/rsaes.js +24 -0
- package/dist/node_modules/jose/dist/webapi/lib/signing.js +68 -0
- package/dist/node_modules/jose/dist/webapi/lib/type_checks.js +40 -0
- package/dist/node_modules/jose/dist/webapi/lib/validate_algorithms.js +10 -0
- package/dist/node_modules/jose/dist/webapi/lib/validate_crit.js +33 -0
- package/dist/node_modules/jose/dist/webapi/util/base64url.js +30 -0
- package/dist/node_modules/jose/dist/webapi/util/decode_jwt.js +32 -0
- package/dist/node_modules/jose/dist/webapi/util/decode_protected_header.js +34 -0
- package/dist/node_modules/jose/dist/webapi/util/errors.js +99 -0
- package/dist/node_modules/jose/package.json +200 -0
- package/dist/node_modules/light-my-request/.gitattributes +2 -0
- package/dist/node_modules/light-my-request/.github/dependabot.yml +13 -0
- package/dist/node_modules/light-my-request/.github/stale.yml +21 -0
- package/dist/node_modules/light-my-request/.github/workflows/benchmark.yml +30 -0
- package/dist/node_modules/light-my-request/.github/workflows/ci.yml +23 -0
- package/dist/node_modules/light-my-request/LICENSE +32 -0
- package/dist/node_modules/light-my-request/benchmark/benchmark.js +164 -0
- package/dist/node_modules/light-my-request/build/build-validation.js +100 -0
- package/dist/node_modules/light-my-request/eslint.config.js +9 -0
- package/dist/node_modules/light-my-request/index.js +2 -0
- package/dist/node_modules/light-my-request/lib/config-validator.js +919 -0
- package/dist/node_modules/light-my-request/lib/form-data.js +79 -0
- package/dist/node_modules/light-my-request/lib/parse-url.js +47 -0
- package/dist/node_modules/light-my-request/lib/request.js +290 -0
- package/dist/node_modules/light-my-request/lib/response.js +240 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/.gitattributes +2 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/.github/dependabot.yml +13 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/.github/workflows/ci.yml +24 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/.taprc +2 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/benchmarks/warn.js +25 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/eslint.config.js +6 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/examples/example.js +11 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/index.js +124 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/package.json +73 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/emit-interpolated-string.test.js +29 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/emit-once-only.test.js +28 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/emit-reset.test.js +36 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/emit-set.test.js +30 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/emit-unlimited.test.js +37 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/index.test.js +99 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/issue-88.test.js +33 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/jest.test.js +22 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/test/no-warnings.test.js +80 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/types/index.d.ts +37 -0
- package/dist/node_modules/light-my-request/node_modules/process-warning/types/index.test-d.ts +36 -0
- package/dist/node_modules/light-my-request/package.json +1 -0
- package/dist/node_modules/light-my-request/test/async-await.test.js +55 -0
- package/dist/node_modules/light-my-request/test/index.test.js +2316 -0
- package/dist/node_modules/light-my-request/test/request.test.js +16 -0
- package/dist/node_modules/light-my-request/test/response.test.js +19 -0
- package/dist/node_modules/light-my-request/test/stream.test.js +359 -0
- package/dist/node_modules/light-my-request/types/index.d.ts +128 -0
- package/dist/node_modules/light-my-request/types/index.test-d.ts +149 -0
- package/dist/node_modules/oidc-provider/LICENSE.md +21 -0
- package/dist/node_modules/oidc-provider/README.md +174 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/assign_claims.js +28 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/assign_defaults.js +17 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/authenticated_client_id.js +6 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/backchannel_request_remap_errors.js +17 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/backchannel_request_response.js +41 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_ciba_context.js +12 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_claims.js +68 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_client.js +21 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_client_grant_type.js +21 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_dpop_jkt.js +35 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_extra_params.js +18 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_id_token_hint.js +23 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_max_age.js +25 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_openid_scope.js +47 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_pkce.js +41 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_prompt.js +25 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_redirect_uri.js +41 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_requested_expiry.js +16 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_response_mode.js +54 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_response_type.js +26 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/check_scope.js +53 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/ciba_load_account.js +58 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/ciba_required.js +13 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/device_authorization_response.js +31 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/device_user_flow.js +31 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/device_user_flow_errors.js +37 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/device_user_flow_response.js +55 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/index.js +200 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/interaction_emit.js +9 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/interactions.js +149 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/load_account.js +15 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/load_grant.js +29 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/load_pushed_authorization_request.js +36 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/oauth_required.js +11 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/oidc_required.js +27 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/one_redirect_uri_clients.js +20 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/process_request_object.js +214 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/pushed_authorization_request_remap_errors.js +17 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/pushed_authorization_request_response.js +65 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/reject_registration.js +12 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/reject_request_and_uri.js +12 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/reject_unsupported.js +33 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/respond.js +46 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/resume.js +111 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/strip_outside_jar_params.js +19 -0
- package/dist/node_modules/oidc-provider/lib/actions/authorization/unsupported_rar.js +9 -0
- package/dist/node_modules/oidc-provider/lib/actions/challenge.js +22 -0
- package/dist/node_modules/oidc-provider/lib/actions/code_verification.js +122 -0
- package/dist/node_modules/oidc-provider/lib/actions/discovery.js +151 -0
- package/dist/node_modules/oidc-provider/lib/actions/end_session.js +222 -0
- package/dist/node_modules/oidc-provider/lib/actions/grants/authorization_code.js +144 -0
- package/dist/node_modules/oidc-provider/lib/actions/grants/ciba.js +127 -0
- package/dist/node_modules/oidc-provider/lib/actions/grants/client_credentials.js +79 -0
- package/dist/node_modules/oidc-provider/lib/actions/grants/device_code.js +125 -0
- package/dist/node_modules/oidc-provider/lib/actions/grants/index.js +7 -0
- package/dist/node_modules/oidc-provider/lib/actions/grants/refresh_token.js +229 -0
- package/dist/node_modules/oidc-provider/lib/actions/index.js +25 -0
- package/dist/node_modules/oidc-provider/lib/actions/interaction.js +150 -0
- package/dist/node_modules/oidc-provider/lib/actions/introspection.js +164 -0
- package/dist/node_modules/oidc-provider/lib/actions/jwks.js +7 -0
- package/dist/node_modules/oidc-provider/lib/actions/registration.js +274 -0
- package/dist/node_modules/oidc-provider/lib/actions/revocation.js +81 -0
- package/dist/node_modules/oidc-provider/lib/actions/token.js +74 -0
- package/dist/node_modules/oidc-provider/lib/actions/userinfo.js +183 -0
- package/dist/node_modules/oidc-provider/lib/adapters/memory_adapter.js +95 -0
- package/dist/node_modules/oidc-provider/lib/consts/client_attributes.js +211 -0
- package/dist/node_modules/oidc-provider/lib/consts/dev_keystore.js +18 -0
- package/dist/node_modules/oidc-provider/lib/consts/index.js +13 -0
- package/dist/node_modules/oidc-provider/lib/consts/jwa.js +47 -0
- package/dist/node_modules/oidc-provider/lib/consts/non_rejectable_claims.js +1 -0
- package/dist/node_modules/oidc-provider/lib/consts/param_list.js +23 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/camel_case.js +1 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/defaults.js +28 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/difference.js +1 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/is_plain_object.js +1 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/map_keys.js +9 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/merge.js +25 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/omit_by.js +11 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/pick.js +10 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/pick_by.js +10 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/remove.js +9 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/set.js +18 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/snake_case.js +1 -0
- package/dist/node_modules/oidc-provider/lib/helpers/_/upper_first.js +1 -0
- package/dist/node_modules/oidc-provider/lib/helpers/account_claims.js +6 -0
- package/dist/node_modules/oidc-provider/lib/helpers/add_client.js +14 -0
- package/dist/node_modules/oidc-provider/lib/helpers/als.js +3 -0
- package/dist/node_modules/oidc-provider/lib/helpers/append_www_authenticate.js +9 -0
- package/dist/node_modules/oidc-provider/lib/helpers/attention.js +23 -0
- package/dist/node_modules/oidc-provider/lib/helpers/base64url.js +11 -0
- package/dist/node_modules/oidc-provider/lib/helpers/certificate_thumbprint.js +15 -0
- package/dist/node_modules/oidc-provider/lib/helpers/challenge.js +111 -0
- package/dist/node_modules/oidc-provider/lib/helpers/check_attest_binding.js +10 -0
- package/dist/node_modules/oidc-provider/lib/helpers/claims.js +79 -0
- package/dist/node_modules/oidc-provider/lib/helpers/client_id_metadata_document.js +198 -0
- package/dist/node_modules/oidc-provider/lib/helpers/client_schema.js +700 -0
- package/dist/node_modules/oidc-provider/lib/helpers/combined_scope.js +17 -0
- package/dist/node_modules/oidc-provider/lib/helpers/configuration.js +544 -0
- package/dist/node_modules/oidc-provider/lib/helpers/constant_equals.js +20 -0
- package/dist/node_modules/oidc-provider/lib/helpers/defaults.js +3510 -0
- package/dist/node_modules/oidc-provider/lib/helpers/epoch_time.js +1 -0
- package/dist/node_modules/oidc-provider/lib/helpers/err_out.js +17 -0
- package/dist/node_modules/oidc-provider/lib/helpers/errors.js +161 -0
- package/dist/node_modules/oidc-provider/lib/helpers/features.js +51 -0
- package/dist/node_modules/oidc-provider/lib/helpers/fetch_body_check.js +25 -0
- package/dist/node_modules/oidc-provider/lib/helpers/fetch_request.js +221 -0
- package/dist/node_modules/oidc-provider/lib/helpers/filter_claims.js +16 -0
- package/dist/node_modules/oidc-provider/lib/helpers/formatters.js +24 -0
- package/dist/node_modules/oidc-provider/lib/helpers/grant_common.js +214 -0
- package/dist/node_modules/oidc-provider/lib/helpers/html_safe.js +19 -0
- package/dist/node_modules/oidc-provider/lib/helpers/initialize_adapter.js +24 -0
- package/dist/node_modules/oidc-provider/lib/helpers/initialize_app.js +243 -0
- package/dist/node_modules/oidc-provider/lib/helpers/initialize_clients.js +24 -0
- package/dist/node_modules/oidc-provider/lib/helpers/initialize_keystore.js +310 -0
- package/dist/node_modules/oidc-provider/lib/helpers/interaction_policy/check.js +21 -0
- package/dist/node_modules/oidc-provider/lib/helpers/interaction_policy/index.js +43 -0
- package/dist/node_modules/oidc-provider/lib/helpers/interaction_policy/prompt.js +95 -0
- package/dist/node_modules/oidc-provider/lib/helpers/interaction_policy/prompts/consent.js +105 -0
- package/dist/node_modules/oidc-provider/lib/helpers/interaction_policy/prompts/login.js +162 -0
- package/dist/node_modules/oidc-provider/lib/helpers/jwt.js +211 -0
- package/dist/node_modules/oidc-provider/lib/helpers/keystore.js +301 -0
- package/dist/node_modules/oidc-provider/lib/helpers/nanoid.js +5 -0
- package/dist/node_modules/oidc-provider/lib/helpers/oidc_context.js +284 -0
- package/dist/node_modules/oidc-provider/lib/helpers/params.js +27 -0
- package/dist/node_modules/oidc-provider/lib/helpers/pkce.js +30 -0
- package/dist/node_modules/oidc-provider/lib/helpers/pkce_format.js +17 -0
- package/dist/node_modules/oidc-provider/lib/helpers/process_response_types.js +202 -0
- package/dist/node_modules/oidc-provider/lib/helpers/re_render_errors.js +39 -0
- package/dist/node_modules/oidc-provider/lib/helpers/redirect_uri.js +16 -0
- package/dist/node_modules/oidc-provider/lib/helpers/resolve_resource.js +33 -0
- package/dist/node_modules/oidc-provider/lib/helpers/resolve_response_mode.js +7 -0
- package/dist/node_modules/oidc-provider/lib/helpers/resource_server.js +20 -0
- package/dist/node_modules/oidc-provider/lib/helpers/revoke.js +27 -0
- package/dist/node_modules/oidc-provider/lib/helpers/script_src_sha.js +21 -0
- package/dist/node_modules/oidc-provider/lib/helpers/sector_identifier.js +19 -0
- package/dist/node_modules/oidc-provider/lib/helpers/sector_validate.js +55 -0
- package/dist/node_modules/oidc-provider/lib/helpers/set_rt_bindings.js +21 -0
- package/dist/node_modules/oidc-provider/lib/helpers/token_find.js +51 -0
- package/dist/node_modules/oidc-provider/lib/helpers/type_validators.js +8 -0
- package/dist/node_modules/oidc-provider/lib/helpers/user_code_form.js +19 -0
- package/dist/node_modules/oidc-provider/lib/helpers/user_codes.js +38 -0
- package/dist/node_modules/oidc-provider/lib/helpers/valid_url.js +8 -0
- package/dist/node_modules/oidc-provider/lib/helpers/validate_dpop.js +129 -0
- package/dist/node_modules/oidc-provider/lib/helpers/validate_presence.js +17 -0
- package/dist/node_modules/oidc-provider/lib/helpers/weak_cache.js +11 -0
- package/dist/node_modules/oidc-provider/lib/index.js +21 -0
- package/dist/node_modules/oidc-provider/lib/models/access_token.js +31 -0
- package/dist/node_modules/oidc-provider/lib/models/authorization_code.js +27 -0
- package/dist/node_modules/oidc-provider/lib/models/backchannel_authentication_request.js +26 -0
- package/dist/node_modules/oidc-provider/lib/models/base_model.js +141 -0
- package/dist/node_modules/oidc-provider/lib/models/base_token.js +86 -0
- package/dist/node_modules/oidc-provider/lib/models/client.js +593 -0
- package/dist/node_modules/oidc-provider/lib/models/client_credentials.js +19 -0
- package/dist/node_modules/oidc-provider/lib/models/device_code.js +44 -0
- package/dist/node_modules/oidc-provider/lib/models/formats/dynamic.js +21 -0
- package/dist/node_modules/oidc-provider/lib/models/formats/index.js +14 -0
- package/dist/node_modules/oidc-provider/lib/models/formats/jwt.js +198 -0
- package/dist/node_modules/oidc-provider/lib/models/formats/opaque.js +58 -0
- package/dist/node_modules/oidc-provider/lib/models/grant.js +243 -0
- package/dist/node_modules/oidc-provider/lib/models/id_token.js +271 -0
- package/dist/node_modules/oidc-provider/lib/models/index.js +37 -0
- package/dist/node_modules/oidc-provider/lib/models/initial_access_token.js +12 -0
- package/dist/node_modules/oidc-provider/lib/models/interaction.js +73 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/apply.js +4 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/consumable.js +17 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/has_format.js +46 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/has_grant_id.js +12 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/has_grant_type.js +8 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/has_policies.js +38 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/is_attestation_constrained.js +15 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/is_sender_constrained.js +50 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/is_session_bound.js +38 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/set_audience.js +21 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/stores_auth.js +16 -0
- package/dist/node_modules/oidc-provider/lib/models/mixins/stores_pkce.js +9 -0
- package/dist/node_modules/oidc-provider/lib/models/pushed_authorization_request.js +21 -0
- package/dist/node_modules/oidc-provider/lib/models/refresh_token.js +47 -0
- package/dist/node_modules/oidc-provider/lib/models/registration_access_token.js +8 -0
- package/dist/node_modules/oidc-provider/lib/models/replay_detection.js +31 -0
- package/dist/node_modules/oidc-provider/lib/models/session.js +192 -0
- package/dist/node_modules/oidc-provider/lib/provider.js +453 -0
- package/dist/node_modules/oidc-provider/lib/response_modes/form_post.js +36 -0
- package/dist/node_modules/oidc-provider/lib/response_modes/fragment.js +7 -0
- package/dist/node_modules/oidc-provider/lib/response_modes/index.js +15 -0
- package/dist/node_modules/oidc-provider/lib/response_modes/jwt.js +43 -0
- package/dist/node_modules/oidc-provider/lib/response_modes/query.js +7 -0
- package/dist/node_modules/oidc-provider/lib/response_modes/web_message.js +55 -0
- package/dist/node_modules/oidc-provider/lib/shared/assemble_params.js +7 -0
- package/dist/node_modules/oidc-provider/lib/shared/attest_client_auth.js +111 -0
- package/dist/node_modules/oidc-provider/lib/shared/authorization_error_handler.js +104 -0
- package/dist/node_modules/oidc-provider/lib/shared/check_rar.js +75 -0
- package/dist/node_modules/oidc-provider/lib/shared/check_resource.js +77 -0
- package/dist/node_modules/oidc-provider/lib/shared/client_auth.js +263 -0
- package/dist/node_modules/oidc-provider/lib/shared/conditional_body.js +9 -0
- package/dist/node_modules/oidc-provider/lib/shared/cors.js +49 -0
- package/dist/node_modules/oidc-provider/lib/shared/error_handler.js +59 -0
- package/dist/node_modules/oidc-provider/lib/shared/jwt_client_auth.js +79 -0
- package/dist/node_modules/oidc-provider/lib/shared/no_cache.js +4 -0
- package/dist/node_modules/oidc-provider/lib/shared/reject_dupes.js +45 -0
- package/dist/node_modules/oidc-provider/lib/shared/reject_structured_tokens.js +18 -0
- package/dist/node_modules/oidc-provider/lib/shared/selective_body.js +60 -0
- package/dist/node_modules/oidc-provider/lib/shared/session.js +68 -0
- package/dist/node_modules/oidc-provider/lib/shared/set_www_authenticate_header.js +52 -0
- package/dist/node_modules/oidc-provider/lib/views/index.js +22 -0
- package/dist/node_modules/oidc-provider/lib/views/interaction.js +171 -0
- package/dist/node_modules/oidc-provider/lib/views/layout.js +237 -0
- package/dist/node_modules/oidc-provider/lib/views/login.js +43 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/LICENSE +21 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/README.md +1370 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/dist/index.d.mts +1003 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/dist/index.d.ts +1003 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/dist/index.js +1616 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/dist/index.mjs +1573 -0
- package/dist/node_modules/oidc-provider/node_modules/@koa/router/package.json +122 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/LICENSE +20 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/README.md +481 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/package.json +64 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/src/browser.js +272 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/src/common.js +292 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/src/index.js +10 -0
- package/dist/node_modules/oidc-provider/node_modules/debug/src/node.js +263 -0
- package/dist/node_modules/oidc-provider/node_modules/http-errors/HISTORY.md +186 -0
- package/dist/node_modules/oidc-provider/node_modules/http-errors/LICENSE +23 -0
- package/dist/node_modules/oidc-provider/node_modules/http-errors/README.md +169 -0
- package/dist/node_modules/oidc-provider/node_modules/http-errors/index.js +290 -0
- package/dist/node_modules/oidc-provider/node_modules/http-errors/package.json +54 -0
- package/dist/node_modules/oidc-provider/node_modules/jsesc/LICENSE-MIT.txt +20 -0
- package/dist/node_modules/oidc-provider/node_modules/jsesc/README.md +422 -0
- package/dist/node_modules/oidc-provider/node_modules/jsesc/bin/jsesc +148 -0
- package/dist/node_modules/oidc-provider/node_modules/jsesc/jsesc.js +337 -0
- package/dist/node_modules/oidc-provider/node_modules/jsesc/man/jsesc.1 +94 -0
- package/dist/node_modules/oidc-provider/node_modules/jsesc/package.json +56 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/LICENSE +20 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/README.md +38 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/bin/nanoid.js +55 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/index.browser.js +29 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/index.d.ts +106 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/index.js +47 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/nanoid.js +1 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/non-secure/index.d.ts +48 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/non-secure/index.js +21 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/package.json +46 -0
- package/dist/node_modules/oidc-provider/node_modules/nanoid/url-alphabet/index.js +2 -0
- package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/LICENSE +21 -0
- package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/Readme.md +224 -0
- package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/dist/index.d.ts +144 -0
- package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/dist/index.js +409 -0
- package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/dist/index.js.map +1 -0
- package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/package.json +64 -0
- package/dist/node_modules/oidc-provider/node_modules/statuses/HISTORY.md +87 -0
- package/dist/node_modules/oidc-provider/node_modules/statuses/LICENSE +23 -0
- package/dist/node_modules/oidc-provider/node_modules/statuses/README.md +139 -0
- package/dist/node_modules/oidc-provider/node_modules/statuses/codes.json +65 -0
- package/dist/node_modules/oidc-provider/node_modules/statuses/index.js +146 -0
- package/dist/node_modules/oidc-provider/node_modules/statuses/package.json +49 -0
- package/dist/node_modules/oidc-provider/package.json +95 -0
- package/dist/node_modules/quick-lru/index.d.ts +178 -0
- package/dist/node_modules/quick-lru/index.js +329 -0
- package/dist/node_modules/quick-lru/license +9 -0
- package/dist/node_modules/quick-lru/package.json +54 -0
- package/dist/node_modules/quick-lru/readme.md +236 -0
- package/dist/node_modules/statuses/HISTORY.md +65 -0
- package/dist/node_modules/statuses/LICENSE +23 -0
- package/dist/node_modules/statuses/README.md +127 -0
- package/dist/node_modules/statuses/codes.json +66 -0
- package/dist/node_modules/statuses/index.js +113 -0
- package/dist/node_modules/statuses/package.json +48 -0
- package/dist/server/cache-adapter.d.ts +33 -0
- package/dist/server/cache-adapter.js +159 -0
- package/dist/server/index.d.ts +10 -0
- package/dist/server/index.js +48 -0
- package/dist/server/interaction.d.ts +26 -0
- package/dist/server/interaction.js +172 -0
- package/dist/server/paths.d.ts +19 -0
- package/dist/server/paths.js +64 -0
- package/dist/server/plugin.d.ts +16 -0
- package/dist/server/plugin.js +108 -0
- package/dist/server/provider-dispatch.d.ts +32 -0
- package/dist/server/provider-dispatch.js +252 -0
- package/dist/server/service.d.ts +63 -0
- package/dist/server/service.js +540 -0
- package/dist/server/utils.d.ts +12 -0
- package/dist/server/utils.js +58 -0
- package/package.json +24 -0
- package/server.d.ts +2 -0
- package/server.js +1 -0
|
@@ -0,0 +1,274 @@
|
|
|
1
|
+
import omitBy from '../helpers/_/omit_by.js';
|
|
2
|
+
import constantEquals from '../helpers/constant_equals.js';
|
|
3
|
+
import noCache from '../shared/no_cache.js';
|
|
4
|
+
import { json as parseBody } from '../shared/selective_body.js';
|
|
5
|
+
import epochTime from '../helpers/epoch_time.js';
|
|
6
|
+
import { InvalidToken, InvalidRequest } from '../helpers/errors.js';
|
|
7
|
+
import instance from '../helpers/weak_cache.js';
|
|
8
|
+
import getSetWWWAuthenticateHeader from '../shared/set_www_authenticate_header.js';
|
|
9
|
+
import addClient from '../helpers/add_client.js';
|
|
10
|
+
|
|
11
|
+
const setWWWAuthenticate = getSetWWWAuthenticateHeader({ dpop: false });
|
|
12
|
+
|
|
13
|
+
const FORBIDDEN = [
|
|
14
|
+
'registration_access_token',
|
|
15
|
+
'registration_client_uri',
|
|
16
|
+
'client_secret_expires_at',
|
|
17
|
+
'client_id_issued_at',
|
|
18
|
+
];
|
|
19
|
+
|
|
20
|
+
async function validateRegistrationAccessToken(ctx, next) {
|
|
21
|
+
const regAccessToken = await ctx.oidc.provider.RegistrationAccessToken.find(
|
|
22
|
+
ctx.oidc.getAccessToken(),
|
|
23
|
+
);
|
|
24
|
+
ctx.assert(regAccessToken, new InvalidToken('registration access token not found'));
|
|
25
|
+
|
|
26
|
+
const client = await ctx.oidc.provider.Client.find(ctx.params.clientId);
|
|
27
|
+
|
|
28
|
+
if (client?.clientId !== regAccessToken.clientId) {
|
|
29
|
+
await regAccessToken.destroy();
|
|
30
|
+
throw new InvalidToken('client mismatch');
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
ctx.oidc.entity('Client', client);
|
|
34
|
+
ctx.oidc.entity('RegistrationAccessToken', regAccessToken);
|
|
35
|
+
|
|
36
|
+
await next();
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
export const post = [
|
|
40
|
+
noCache,
|
|
41
|
+
parseBody,
|
|
42
|
+
setWWWAuthenticate,
|
|
43
|
+
async function validateInitialAccessToken(ctx, next) {
|
|
44
|
+
const { oidc: { provider } } = ctx;
|
|
45
|
+
const { initialAccessToken } = instance(provider).features.registration;
|
|
46
|
+
switch (initialAccessToken && typeof initialAccessToken) {
|
|
47
|
+
case 'boolean': {
|
|
48
|
+
const iat = await provider.InitialAccessToken.find(ctx.oidc.getAccessToken());
|
|
49
|
+
ctx.assert(iat, new InvalidToken('initial access token not found'));
|
|
50
|
+
ctx.oidc.entity('InitialAccessToken', iat);
|
|
51
|
+
break;
|
|
52
|
+
}
|
|
53
|
+
case 'string': {
|
|
54
|
+
const valid = constantEquals(
|
|
55
|
+
initialAccessToken,
|
|
56
|
+
ctx.oidc.getAccessToken(),
|
|
57
|
+
1000,
|
|
58
|
+
);
|
|
59
|
+
ctx.assert(valid, new InvalidToken('invalid initial access token value'));
|
|
60
|
+
break;
|
|
61
|
+
}
|
|
62
|
+
default:
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
await next();
|
|
66
|
+
},
|
|
67
|
+
async function registrationResponse(ctx) {
|
|
68
|
+
const { oidc: { provider } } = ctx;
|
|
69
|
+
const {
|
|
70
|
+
idFactory, secretFactory, issueRegistrationAccessToken,
|
|
71
|
+
} = instance(provider).features.registration;
|
|
72
|
+
const properties = {};
|
|
73
|
+
const clientId = idFactory(ctx);
|
|
74
|
+
|
|
75
|
+
let rat;
|
|
76
|
+
|
|
77
|
+
if (
|
|
78
|
+
issueRegistrationAccessToken === true
|
|
79
|
+
|| (typeof issueRegistrationAccessToken === 'function' && issueRegistrationAccessToken(ctx))
|
|
80
|
+
) {
|
|
81
|
+
rat = new provider.RegistrationAccessToken({ clientId });
|
|
82
|
+
ctx.oidc.entity('RegistrationAccessToken', rat);
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
Object.assign(properties, ctx.oidc.body, {
|
|
86
|
+
client_id: clientId,
|
|
87
|
+
client_id_issued_at: epochTime(),
|
|
88
|
+
});
|
|
89
|
+
|
|
90
|
+
const { Client } = provider;
|
|
91
|
+
const secretRequired = Client.needsSecret(properties);
|
|
92
|
+
|
|
93
|
+
if (secretRequired) {
|
|
94
|
+
Object.assign(properties, {
|
|
95
|
+
client_secret: await secretFactory(ctx),
|
|
96
|
+
client_secret_expires_at: 0,
|
|
97
|
+
});
|
|
98
|
+
} else {
|
|
99
|
+
delete properties.client_secret;
|
|
100
|
+
delete properties.client_secret_expires_at;
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
if (
|
|
104
|
+
ctx.oidc.entities.InitialAccessToken?.policies
|
|
105
|
+
) {
|
|
106
|
+
const { policies } = ctx.oidc.entities.InitialAccessToken;
|
|
107
|
+
const implementations = instance(provider).features.registration.policies;
|
|
108
|
+
for (const policy of policies) {
|
|
109
|
+
await implementations[policy](ctx, properties);
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
if (rat && !('policies' in rat)) {
|
|
113
|
+
rat.policies = policies;
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
const client = await addClient(provider, properties, { store: true, ctx });
|
|
118
|
+
ctx.oidc.entity('Client', client);
|
|
119
|
+
|
|
120
|
+
ctx.body = client.metadata();
|
|
121
|
+
|
|
122
|
+
if (rat) {
|
|
123
|
+
Object.assign(ctx.body, {
|
|
124
|
+
registration_client_uri: ctx.oidc.urlFor('client', {
|
|
125
|
+
clientId: properties.client_id,
|
|
126
|
+
}),
|
|
127
|
+
registration_access_token: await rat.save(),
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
ctx.status = 201;
|
|
132
|
+
|
|
133
|
+
provider.emit('registration_create.success', ctx, client);
|
|
134
|
+
},
|
|
135
|
+
];
|
|
136
|
+
|
|
137
|
+
export const get = [
|
|
138
|
+
noCache,
|
|
139
|
+
setWWWAuthenticate,
|
|
140
|
+
validateRegistrationAccessToken,
|
|
141
|
+
|
|
142
|
+
async function clientReadResponse(ctx) {
|
|
143
|
+
if (ctx.oidc.client.noManage) {
|
|
144
|
+
throw new InvalidRequest('client does not have permission to read its record', 403);
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
ctx.body = ctx.oidc.client.metadata();
|
|
148
|
+
|
|
149
|
+
Object.assign(ctx.body, {
|
|
150
|
+
registration_access_token: ctx.oidc.getAccessToken(),
|
|
151
|
+
registration_client_uri: ctx.oidc.urlFor('client', {
|
|
152
|
+
clientId: ctx.params.clientId,
|
|
153
|
+
}),
|
|
154
|
+
});
|
|
155
|
+
},
|
|
156
|
+
];
|
|
157
|
+
|
|
158
|
+
export const put = [
|
|
159
|
+
noCache,
|
|
160
|
+
setWWWAuthenticate,
|
|
161
|
+
validateRegistrationAccessToken,
|
|
162
|
+
parseBody,
|
|
163
|
+
|
|
164
|
+
async function forbiddenFields(ctx, next) {
|
|
165
|
+
const hit = FORBIDDEN.find((field) => ctx.oidc.body[field] !== undefined);
|
|
166
|
+
ctx.assert(!hit, new InvalidRequest(`request MUST NOT include the ${hit} field`));
|
|
167
|
+
await next();
|
|
168
|
+
},
|
|
169
|
+
|
|
170
|
+
async function equalChecks(ctx, next) {
|
|
171
|
+
ctx.assert(ctx.oidc.body.client_id === ctx.oidc.client.clientId, new InvalidRequest('provided client_id does not match the authenticated client\'s one'));
|
|
172
|
+
|
|
173
|
+
if ('client_secret' in ctx.oidc.body) {
|
|
174
|
+
const clientSecretValid = constantEquals(
|
|
175
|
+
typeof ctx.oidc.body.client_secret === 'string' ? ctx.oidc.body.client_secret : '',
|
|
176
|
+
ctx.oidc.client.clientSecret || '',
|
|
177
|
+
1000,
|
|
178
|
+
);
|
|
179
|
+
|
|
180
|
+
ctx.assert(clientSecretValid, new InvalidRequest('provided client_secret does not match the authenticated client\'s one'));
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
await next();
|
|
184
|
+
},
|
|
185
|
+
|
|
186
|
+
async function clientUpdateResponse(ctx) {
|
|
187
|
+
if (ctx.oidc.client.noManage) {
|
|
188
|
+
throw new InvalidRequest('client does not have permission to update its record', 403);
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
const properties = omitBy({
|
|
192
|
+
client_id: ctx.oidc.client.clientId,
|
|
193
|
+
client_id_issued_at: ctx.oidc.client.clientIdIssuedAt,
|
|
194
|
+
...ctx.oidc.body,
|
|
195
|
+
}, (value) => value === null || value === '');
|
|
196
|
+
|
|
197
|
+
const { oidc: { provider } } = ctx;
|
|
198
|
+
const { secretFactory } = instance(provider).features.registration;
|
|
199
|
+
|
|
200
|
+
const secretRequired = !ctx.oidc.client.clientSecret
|
|
201
|
+
&& provider.Client.needsSecret(properties);
|
|
202
|
+
|
|
203
|
+
if (secretRequired) {
|
|
204
|
+
Object.assign(properties, {
|
|
205
|
+
client_secret: await secretFactory(ctx),
|
|
206
|
+
client_secret_expires_at: 0,
|
|
207
|
+
});
|
|
208
|
+
} else {
|
|
209
|
+
Object.assign(properties, {
|
|
210
|
+
client_secret: ctx.oidc.client.clientSecret,
|
|
211
|
+
client_secret_expires_at: ctx.oidc.client.clientSecretExpiresAt,
|
|
212
|
+
});
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
if (ctx.oidc.entities.RegistrationAccessToken.policies) {
|
|
216
|
+
const { policies } = ctx.oidc.entities.RegistrationAccessToken;
|
|
217
|
+
const implementations = instance(provider).features.registration.policies;
|
|
218
|
+
for (const policy of policies) {
|
|
219
|
+
await implementations[policy](ctx, properties);
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
const client = await addClient(provider, properties, { store: true, ctx });
|
|
224
|
+
|
|
225
|
+
ctx.body = client.metadata();
|
|
226
|
+
|
|
227
|
+
Object.assign(ctx.body, {
|
|
228
|
+
registration_access_token: ctx.oidc.getAccessToken(),
|
|
229
|
+
registration_client_uri: ctx.oidc.urlFor('client', {
|
|
230
|
+
clientId: ctx.params.clientId,
|
|
231
|
+
}),
|
|
232
|
+
});
|
|
233
|
+
|
|
234
|
+
const management = instance(provider).features.registrationManagement;
|
|
235
|
+
if (
|
|
236
|
+
management.rotateRegistrationAccessToken === true
|
|
237
|
+
|| (typeof management.rotateRegistrationAccessToken === 'function' && await management.rotateRegistrationAccessToken(ctx))
|
|
238
|
+
) {
|
|
239
|
+
ctx.oidc.entity('RotatedRegistrationAccessToken', ctx.oidc.entities.RegistrationAccessToken);
|
|
240
|
+
const rat = new provider.RegistrationAccessToken({
|
|
241
|
+
client: ctx.oidc.client,
|
|
242
|
+
policies: ctx.oidc.entities.RegistrationAccessToken.policies,
|
|
243
|
+
});
|
|
244
|
+
|
|
245
|
+
await ctx.oidc.registrationAccessToken.destroy();
|
|
246
|
+
|
|
247
|
+
ctx.oidc.entity('RegistrationAccessToken', rat);
|
|
248
|
+
ctx.body.registration_access_token = await rat.save();
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
provider.emit('registration_update.success', ctx, ctx.oidc.client);
|
|
252
|
+
},
|
|
253
|
+
];
|
|
254
|
+
|
|
255
|
+
export const del = [
|
|
256
|
+
noCache,
|
|
257
|
+
setWWWAuthenticate,
|
|
258
|
+
validateRegistrationAccessToken,
|
|
259
|
+
|
|
260
|
+
async function clientRemoveResponse(ctx) {
|
|
261
|
+
if (ctx.oidc.client.noManage) {
|
|
262
|
+
throw new InvalidRequest('client does not have permission to delete its record', 403);
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
const { oidc: { provider } } = ctx;
|
|
266
|
+
|
|
267
|
+
await provider.Client.adapter.destroy(ctx.oidc.client.clientId);
|
|
268
|
+
await ctx.oidc.entities.RegistrationAccessToken.destroy();
|
|
269
|
+
|
|
270
|
+
ctx.status = 204;
|
|
271
|
+
|
|
272
|
+
provider.emit('registration_delete.success', ctx, ctx.oidc.client);
|
|
273
|
+
},
|
|
274
|
+
];
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import presence from '../helpers/validate_presence.js';
|
|
2
|
+
import instance from '../helpers/weak_cache.js';
|
|
3
|
+
import getClientAuth from '../shared/client_auth.js';
|
|
4
|
+
import { urlencoded as parseBody } from '../shared/selective_body.js';
|
|
5
|
+
import rejectDupes from '../shared/reject_dupes.js';
|
|
6
|
+
import paramsMiddleware from '../shared/assemble_params.js';
|
|
7
|
+
import rejectStructuredTokens from '../shared/reject_structured_tokens.js';
|
|
8
|
+
import revoke from '../helpers/revoke.js';
|
|
9
|
+
import { checkAttestBinding } from '../helpers/check_attest_binding.js';
|
|
10
|
+
import { createTokenFinder } from '../helpers/token_find.js';
|
|
11
|
+
|
|
12
|
+
const revokeable = new Set(['AccessToken', 'ClientCredentials', 'RefreshToken']);
|
|
13
|
+
|
|
14
|
+
export default function revocationAction(provider) {
|
|
15
|
+
const { params: authParams, middleware: clientAuth } = getClientAuth(provider);
|
|
16
|
+
const PARAM_LIST = new Set(['token', 'token_type_hint', ...authParams]);
|
|
17
|
+
const { grantTypeHandlers, configuration } = instance(provider);
|
|
18
|
+
const {
|
|
19
|
+
features: {
|
|
20
|
+
revocation: { allowedPolicy },
|
|
21
|
+
},
|
|
22
|
+
} = configuration;
|
|
23
|
+
|
|
24
|
+
const findToken = createTokenFinder(provider, grantTypeHandlers);
|
|
25
|
+
|
|
26
|
+
return [
|
|
27
|
+
parseBody,
|
|
28
|
+
paramsMiddleware.bind(undefined, PARAM_LIST),
|
|
29
|
+
...clientAuth,
|
|
30
|
+
rejectDupes.bind(undefined, {}),
|
|
31
|
+
|
|
32
|
+
async function validateTokenPresence(ctx, next) {
|
|
33
|
+
presence(ctx, 'token');
|
|
34
|
+
await next();
|
|
35
|
+
},
|
|
36
|
+
|
|
37
|
+
rejectStructuredTokens,
|
|
38
|
+
|
|
39
|
+
async function renderTokenResponse(ctx, next) {
|
|
40
|
+
ctx.status = 200;
|
|
41
|
+
ctx.body = '';
|
|
42
|
+
await next();
|
|
43
|
+
},
|
|
44
|
+
|
|
45
|
+
async function revokeToken(ctx) {
|
|
46
|
+
const { params } = ctx.oidc;
|
|
47
|
+
|
|
48
|
+
const token = await findToken(params.token, params.token_type_hint);
|
|
49
|
+
|
|
50
|
+
if (!token) return;
|
|
51
|
+
|
|
52
|
+
if (revokeable.has(token.kind)) {
|
|
53
|
+
ctx.oidc.entity(token.kind, token);
|
|
54
|
+
} else {
|
|
55
|
+
return;
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
if (
|
|
59
|
+
token.kind === 'RefreshToken'
|
|
60
|
+
&& ctx.oidc.client.clientId === token.clientId
|
|
61
|
+
&& ctx.oidc.client.clientAuthMethod === 'attest_jwt_client_auth'
|
|
62
|
+
) {
|
|
63
|
+
try {
|
|
64
|
+
await checkAttestBinding(ctx, token);
|
|
65
|
+
} catch {
|
|
66
|
+
return;
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
if (!(await allowedPolicy(ctx, ctx.oidc.client, token))) {
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
await token.destroy();
|
|
75
|
+
|
|
76
|
+
if (token.kind === 'RefreshToken' || token.kind === 'AccessToken') {
|
|
77
|
+
await revoke(ctx, token.grantId);
|
|
78
|
+
}
|
|
79
|
+
},
|
|
80
|
+
];
|
|
81
|
+
}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import presence from '../helpers/validate_presence.js';
|
|
2
|
+
import instance from '../helpers/weak_cache.js';
|
|
3
|
+
import { UnsupportedGrantType, InvalidRequest } from '../helpers/errors.js';
|
|
4
|
+
import noCache from '../shared/no_cache.js';
|
|
5
|
+
import getClientAuth from '../shared/client_auth.js';
|
|
6
|
+
import { urlencoded as parseBody } from '../shared/selective_body.js';
|
|
7
|
+
import rejectDupes from '../shared/reject_dupes.js';
|
|
8
|
+
import paramsMiddleware from '../shared/assemble_params.js';
|
|
9
|
+
|
|
10
|
+
const grantTypeSet = new Set(['grant_type']);
|
|
11
|
+
|
|
12
|
+
export default function tokenAction(provider) {
|
|
13
|
+
const { params: authParams, middleware: clientAuth } = getClientAuth(provider);
|
|
14
|
+
const { grantTypeParams } = instance(provider);
|
|
15
|
+
|
|
16
|
+
return [
|
|
17
|
+
noCache,
|
|
18
|
+
parseBody,
|
|
19
|
+
paramsMiddleware.bind(undefined, grantTypeParams.get(undefined)),
|
|
20
|
+
...clientAuth,
|
|
21
|
+
|
|
22
|
+
rejectDupes.bind(undefined, { only: grantTypeSet }),
|
|
23
|
+
|
|
24
|
+
async function stripGrantIrrelevantParams(ctx, next) {
|
|
25
|
+
const grantParams = grantTypeParams.get(ctx.oidc.params.grant_type);
|
|
26
|
+
if (grantParams) {
|
|
27
|
+
Object.keys(ctx.oidc.params).forEach((key) => {
|
|
28
|
+
if (!(authParams.has(key) || grantParams.has(key))) {
|
|
29
|
+
delete ctx.oidc.params[key];
|
|
30
|
+
}
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
await next();
|
|
34
|
+
},
|
|
35
|
+
|
|
36
|
+
async function supportedGrantTypeCheck(ctx, next) {
|
|
37
|
+
presence(ctx, 'grant_type');
|
|
38
|
+
|
|
39
|
+
const supported = instance(provider).configuration.grantTypes;
|
|
40
|
+
|
|
41
|
+
if (!supported.has(ctx.oidc.params.grant_type) || ctx.oidc.params.grant_type === 'implicit') {
|
|
42
|
+
throw new UnsupportedGrantType();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
await next();
|
|
46
|
+
},
|
|
47
|
+
|
|
48
|
+
async function allowedGrantTypeCheck(ctx, next) {
|
|
49
|
+
if (!ctx.oidc.client.grantTypeAllowed(ctx.oidc.params.grant_type)) {
|
|
50
|
+
throw new InvalidRequest('requested grant type is not allowed for this client');
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
await next();
|
|
54
|
+
},
|
|
55
|
+
|
|
56
|
+
async function rejectDupesOptionalExcept(ctx, next) {
|
|
57
|
+
const { grantTypeDupes } = instance(provider);
|
|
58
|
+
const grantType = ctx.oidc.params.grant_type;
|
|
59
|
+
if (grantTypeDupes.has(grantType)) {
|
|
60
|
+
return rejectDupes({ except: grantTypeDupes.get(grantType) }, ctx, next);
|
|
61
|
+
}
|
|
62
|
+
return rejectDupes({}, ctx, next);
|
|
63
|
+
},
|
|
64
|
+
|
|
65
|
+
async function callTokenHandler(ctx) {
|
|
66
|
+
const grantType = ctx.oidc.params.grant_type;
|
|
67
|
+
|
|
68
|
+
const { grantTypeHandlers } = instance(provider);
|
|
69
|
+
|
|
70
|
+
await grantTypeHandlers.get(grantType)(ctx);
|
|
71
|
+
provider.emit('grant.success', ctx);
|
|
72
|
+
},
|
|
73
|
+
];
|
|
74
|
+
}
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
import difference from '../helpers/_/difference.js';
|
|
2
|
+
import bodyParser from '../shared/conditional_body.js';
|
|
3
|
+
import rejectDupes from '../shared/reject_dupes.js';
|
|
4
|
+
import paramsMiddleware from '../shared/assemble_params.js';
|
|
5
|
+
import noCache from '../shared/no_cache.js';
|
|
6
|
+
import certificateThumbprint from '../helpers/certificate_thumbprint.js';
|
|
7
|
+
import instance from '../helpers/weak_cache.js';
|
|
8
|
+
import filterClaims from '../helpers/filter_claims.js';
|
|
9
|
+
import dpopValidate, { CHALLENGE_OK_WINDOW } from '../helpers/validate_dpop.js';
|
|
10
|
+
import epochTime from '../helpers/epoch_time.js';
|
|
11
|
+
import { InvalidToken, InsufficientScope } from '../helpers/errors.js';
|
|
12
|
+
import getCtxAccountClaims from '../helpers/account_claims.js';
|
|
13
|
+
import getSetWWWAuthenticateHeader from '../shared/set_www_authenticate_header.js';
|
|
14
|
+
|
|
15
|
+
const PARAM_LIST = new Set([
|
|
16
|
+
'scope',
|
|
17
|
+
'access_token',
|
|
18
|
+
]);
|
|
19
|
+
|
|
20
|
+
const parseBody = bodyParser.bind(undefined, 'application/x-www-form-urlencoded');
|
|
21
|
+
|
|
22
|
+
export default [
|
|
23
|
+
noCache,
|
|
24
|
+
|
|
25
|
+
getSetWWWAuthenticateHeader(),
|
|
26
|
+
|
|
27
|
+
parseBody,
|
|
28
|
+
paramsMiddleware.bind(undefined, PARAM_LIST),
|
|
29
|
+
rejectDupes.bind(undefined, {}),
|
|
30
|
+
|
|
31
|
+
async function validateAccessToken(ctx, next) {
|
|
32
|
+
const accessTokenValue = ctx.oidc.getAccessToken({ acceptDPoP: true });
|
|
33
|
+
|
|
34
|
+
const dPoP = await dpopValidate(ctx, accessTokenValue);
|
|
35
|
+
|
|
36
|
+
const accessToken = await ctx.oidc.provider.AccessToken.find(accessTokenValue);
|
|
37
|
+
|
|
38
|
+
ctx.assert(accessToken, new InvalidToken('access token not found'));
|
|
39
|
+
|
|
40
|
+
ctx.oidc.entity('AccessToken', accessToken);
|
|
41
|
+
|
|
42
|
+
const { scopes } = accessToken;
|
|
43
|
+
if (!scopes.size || !scopes.has('openid')) {
|
|
44
|
+
throw new InsufficientScope('access token missing openid scope', 'openid');
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
if (accessToken['x5t#S256']) {
|
|
48
|
+
const { getCertificate } = instance(ctx.oidc.provider).features.mTLS;
|
|
49
|
+
const cert = getCertificate(ctx);
|
|
50
|
+
if (!cert || accessToken['x5t#S256'] !== certificateThumbprint(cert)) {
|
|
51
|
+
throw new InvalidToken('failed x5t#S256 verification');
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
if (dPoP) {
|
|
56
|
+
const { allowReplay } = instance(ctx.oidc.provider).features.dPoP;
|
|
57
|
+
|
|
58
|
+
if (!allowReplay) {
|
|
59
|
+
const unique = await ctx.oidc.provider.ReplayDetection.unique(
|
|
60
|
+
accessToken.clientId,
|
|
61
|
+
dPoP.jti,
|
|
62
|
+
epochTime() + CHALLENGE_OK_WINDOW,
|
|
63
|
+
);
|
|
64
|
+
|
|
65
|
+
ctx.assert(unique, new InvalidToken('DPoP proof JWT Replay detected'));
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
if (!accessToken.jkt) {
|
|
69
|
+
throw new InvalidToken('access token is not sender-constrained but proof of possession was provided');
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
if (accessToken.jkt && (!dPoP || accessToken.jkt !== dPoP.thumbprint)) {
|
|
74
|
+
throw new InvalidToken('failed jkt verification');
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
await next();
|
|
78
|
+
},
|
|
79
|
+
|
|
80
|
+
function validateAudience(ctx, next) {
|
|
81
|
+
const { oidc: { entities: { AccessToken: accessToken } } } = ctx;
|
|
82
|
+
|
|
83
|
+
if (accessToken.aud !== undefined) {
|
|
84
|
+
throw new InvalidToken('token audience prevents accessing the userinfo endpoint');
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
return next();
|
|
88
|
+
},
|
|
89
|
+
|
|
90
|
+
async function validateScope(ctx, next) {
|
|
91
|
+
if (ctx.oidc.params.scope) {
|
|
92
|
+
const missing = difference(ctx.oidc.params.scope.split(' '), [...ctx.oidc.accessToken.scopes]);
|
|
93
|
+
|
|
94
|
+
if (missing.length !== 0) {
|
|
95
|
+
throw new InsufficientScope('access token missing requested scope', missing.join(' '));
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
await next();
|
|
99
|
+
},
|
|
100
|
+
|
|
101
|
+
async function loadClient(ctx, next) {
|
|
102
|
+
const client = await ctx.oidc.provider.Client.find(ctx.oidc.accessToken.clientId);
|
|
103
|
+
ctx.assert(client, new InvalidToken('associated client not found'));
|
|
104
|
+
|
|
105
|
+
ctx.oidc.entity('Client', client);
|
|
106
|
+
|
|
107
|
+
await next();
|
|
108
|
+
},
|
|
109
|
+
|
|
110
|
+
async function loadAccount(ctx, next) {
|
|
111
|
+
const account = await instance(ctx.oidc.provider).configuration.findAccount(
|
|
112
|
+
ctx,
|
|
113
|
+
ctx.oidc.accessToken.accountId,
|
|
114
|
+
ctx.oidc.accessToken,
|
|
115
|
+
);
|
|
116
|
+
|
|
117
|
+
ctx.assert(account, new InvalidToken('associated account not found'));
|
|
118
|
+
ctx.oidc.entity('Account', account);
|
|
119
|
+
|
|
120
|
+
await next();
|
|
121
|
+
},
|
|
122
|
+
|
|
123
|
+
async function loadGrant(ctx, next) {
|
|
124
|
+
const grant = await ctx.oidc.provider.Grant.find(ctx.oidc.accessToken.grantId, {
|
|
125
|
+
ignoreExpiration: true,
|
|
126
|
+
});
|
|
127
|
+
|
|
128
|
+
if (!grant) {
|
|
129
|
+
throw new InvalidToken('grant not found');
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
if (grant.isExpired) {
|
|
133
|
+
throw new InvalidToken('grant is expired');
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
if (grant.clientId !== ctx.oidc.accessToken.clientId) {
|
|
137
|
+
throw new InvalidToken('clientId mismatch');
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
if (grant.accountId !== ctx.oidc.accessToken.accountId) {
|
|
141
|
+
throw new InvalidToken('accountId mismatch');
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
ctx.oidc.entity('Grant', grant);
|
|
145
|
+
|
|
146
|
+
await next();
|
|
147
|
+
},
|
|
148
|
+
|
|
149
|
+
async function respond(ctx) {
|
|
150
|
+
const claims = filterClaims(ctx.oidc.accessToken.claims, 'userinfo', ctx.oidc.grant);
|
|
151
|
+
const rejected = ctx.oidc.grant.getRejectedOIDCClaims();
|
|
152
|
+
const scope = ctx.oidc.grant.getOIDCScopeFiltered(new Set((ctx.oidc.params.scope || ctx.oidc.accessToken.scope).split(' ')));
|
|
153
|
+
const { client } = ctx.oidc;
|
|
154
|
+
|
|
155
|
+
if (client.userinfoSignedResponseAlg || client.userinfoEncryptedResponseAlg) {
|
|
156
|
+
const token = new ctx.oidc.provider.IdToken(
|
|
157
|
+
await getCtxAccountClaims(ctx, 'userinfo', scope, claims, rejected),
|
|
158
|
+
{ ctx },
|
|
159
|
+
);
|
|
160
|
+
|
|
161
|
+
token.scope = scope;
|
|
162
|
+
token.mask = claims;
|
|
163
|
+
token.rejected = rejected;
|
|
164
|
+
|
|
165
|
+
ctx.body = await token.issue({
|
|
166
|
+
expiresAt: ctx.oidc.accessToken.exp,
|
|
167
|
+
use: 'userinfo',
|
|
168
|
+
});
|
|
169
|
+
ctx.type = 'application/jwt; charset=utf-8';
|
|
170
|
+
} else {
|
|
171
|
+
const mask = new ctx.oidc.provider.Claims(
|
|
172
|
+
await getCtxAccountClaims(ctx, 'userinfo', scope, claims, rejected),
|
|
173
|
+
{ ctx },
|
|
174
|
+
);
|
|
175
|
+
|
|
176
|
+
mask.scope(scope);
|
|
177
|
+
mask.mask(claims);
|
|
178
|
+
mask.rejected(rejected);
|
|
179
|
+
|
|
180
|
+
ctx.body = await mask.result();
|
|
181
|
+
}
|
|
182
|
+
},
|
|
183
|
+
];
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
import QuickLRU from 'quick-lru';
|
|
2
|
+
|
|
3
|
+
import epochTime from '../helpers/epoch_time.js';
|
|
4
|
+
|
|
5
|
+
let storage = new QuickLRU({ maxSize: 1000 });
|
|
6
|
+
|
|
7
|
+
function grantKeyFor(id) {
|
|
8
|
+
return `grant:${id}`;
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
function sessionUidKeyFor(id) {
|
|
12
|
+
return `sessionUid:${id}`;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
function userCodeKeyFor(userCode) {
|
|
16
|
+
return `userCode:${userCode}`;
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
const grantable = new Set([
|
|
20
|
+
'AccessToken',
|
|
21
|
+
'AuthorizationCode',
|
|
22
|
+
'RefreshToken',
|
|
23
|
+
'DeviceCode',
|
|
24
|
+
'BackchannelAuthenticationRequest',
|
|
25
|
+
]);
|
|
26
|
+
|
|
27
|
+
class MemoryAdapter {
|
|
28
|
+
constructor(model) {
|
|
29
|
+
this.model = model;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
key(id) {
|
|
33
|
+
return `${this.model}:${id}`;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
async destroy(id) {
|
|
37
|
+
const key = this.key(id);
|
|
38
|
+
storage.delete(key);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
async consume(id) {
|
|
42
|
+
storage.get(this.key(id)).consumed = epochTime();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
async find(id) {
|
|
46
|
+
return storage.get(this.key(id));
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
async findByUid(uid) {
|
|
50
|
+
const id = storage.get(sessionUidKeyFor(uid));
|
|
51
|
+
return this.find(id);
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
async findByUserCode(userCode) {
|
|
55
|
+
const id = storage.get(userCodeKeyFor(userCode));
|
|
56
|
+
return this.find(id);
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
async upsert(id, payload, expiresIn) {
|
|
60
|
+
const key = this.key(id);
|
|
61
|
+
|
|
62
|
+
if (this.model === 'Session') {
|
|
63
|
+
storage.set(sessionUidKeyFor(payload.uid), id, expiresIn * 1000);
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
const { grantId, userCode } = payload;
|
|
67
|
+
if (grantable.has(this.model) && grantId) {
|
|
68
|
+
const grantKey = grantKeyFor(grantId);
|
|
69
|
+
const grant = storage.get(grantKey);
|
|
70
|
+
if (!grant) {
|
|
71
|
+
storage.set(grantKey, [key]);
|
|
72
|
+
} else {
|
|
73
|
+
grant.push(key);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
if (userCode) {
|
|
78
|
+
storage.set(userCodeKeyFor(userCode), id, expiresIn * 1000);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
storage.set(key, payload, expiresIn * 1000);
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
async revokeByGrantId(grantId) { // eslint-disable-line class-methods-use-this
|
|
85
|
+
const grantKey = grantKeyFor(grantId);
|
|
86
|
+
const grant = storage.get(grantKey);
|
|
87
|
+
if (grant) {
|
|
88
|
+
grant.forEach((token) => storage.delete(token));
|
|
89
|
+
storage.delete(grantKey);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
export default MemoryAdapter;
|
|
95
|
+
export function setStorage(store) { storage = store; }
|