@nocobase/plugin-idp-oauth 2.1.0-beta.23 → 2.1.0-beta.25

package/dist/externalVersion.js

@@ -11,10 +11,11 @@ module.exports = {
   "antd": "5.24.2",
   "react": "18.2.0",
   "react-router-dom": "6.30.1",
-  "@nocobase/client": "2.1.0-beta.23",
-  "@nocobase/flow-engine": "2.1.0-beta.23",
-  "@nocobase/server": "2.1.0-beta.23",
-  "@nocobase/cache": "2.1.0-beta.23",
-  "@nocobase/utils": "2.1.0-beta.23",
-  "@nocobase/database": "2.1.0-beta.23"
+  "@nocobase/client": "2.1.0-beta.25",
+  "@nocobase/flow-engine": "2.1.0-beta.25",
+  "@nocobase/server": "2.1.0-beta.25",
+  "@nocobase/cache": "2.1.0-beta.25",
+  "@nocobase/plugin-auth": "2.1.0-beta.25",
+  "@nocobase/utils": "2.1.0-beta.25",
+  "@nocobase/database": "2.1.0-beta.25"
 };

package/dist/node_modules/light-my-request/package.json

@@ -1 +1 @@
-{"name":"light-my-request","version":"6.6.0","description":"Fake HTTP injection library","main":"index.js","type":"commonjs","types":"types/index.d.ts","dependencies":{"cookie":"^1.0.1","process-warning":"^4.0.0","set-cookie-parser":"^2.6.0"},"devDependencies":{"@fastify/ajv-compiler":"^4.0.0","@fastify/pre-commit":"^2.1.0","@types/node":"^22.7.7","c8":"^10.1.2","end-of-stream":"^1.4.4","eslint":"^9.17.0","express":"^4.19.2","form-auto-content":"^3.2.1","form-data":"^4.0.0","formdata-node":"^6.0.3","multer":"^1.4.5-lts.1","neostandard":"^0.12.0","tinybench":"^3.0.0","tsd":"^0.31.0","undici":"^7.0.0"},"scripts":{"benchmark":"node benchmark/benchmark.js","coverage":"npm run unit -- --cov --coverage-report=html","lint":"eslint","lint:fix":"eslint --fix","test":"npm run lint && npm run test:unit && npm run test:typescript","test:typescript":"tsd","test:unit":"c8 --100 node --test"},"repository":{"type":"git","url":"git+https://github.com/fastify/light-my-request.git"},"keywords":["http","inject","fake","request","server"],"author":"Tomas Della Vedova - @delvedor (http://delved.org)","contributors":[{"name":"Matteo Collina","email":"hello@matteocollina.com"},{"name":"Manuel Spigolon","email":"behemoth89@gmail.com"},{"name":"Aras Abbasi","email":"aras.abbasi@gmail.com"},{"name":"Frazer Smith","email":"frazer.dev@icloud.com","url":"https://github.com/fdawgs"}],"license":"BSD-3-Clause","bugs":{"url":"https://github.com/fastify/light-my-request/issues"},"homepage":"https://github.com/fastify/light-my-request#readme","funding":[{"type":"github","url":"https://github.com/sponsors/fastify"},{"type":"opencollective","url":"https://opencollective.com/fastify"}],"_lastModified":"2026-04-28T15:59:08.169Z"}
+{"name":"light-my-request","version":"6.6.0","description":"Fake HTTP injection library","main":"index.js","type":"commonjs","types":"types/index.d.ts","dependencies":{"cookie":"^1.0.1","process-warning":"^4.0.0","set-cookie-parser":"^2.6.0"},"devDependencies":{"@fastify/ajv-compiler":"^4.0.0","@fastify/pre-commit":"^2.1.0","@types/node":"^22.7.7","c8":"^10.1.2","end-of-stream":"^1.4.4","eslint":"^9.17.0","express":"^4.19.2","form-auto-content":"^3.2.1","form-data":"^4.0.0","formdata-node":"^6.0.3","multer":"^1.4.5-lts.1","neostandard":"^0.12.0","tinybench":"^3.0.0","tsd":"^0.31.0","undici":"^7.0.0"},"scripts":{"benchmark":"node benchmark/benchmark.js","coverage":"npm run unit -- --cov --coverage-report=html","lint":"eslint","lint:fix":"eslint --fix","test":"npm run lint && npm run test:unit && npm run test:typescript","test:typescript":"tsd","test:unit":"c8 --100 node --test"},"repository":{"type":"git","url":"git+https://github.com/fastify/light-my-request.git"},"keywords":["http","inject","fake","request","server"],"author":"Tomas Della Vedova - @delvedor (http://delved.org)","contributors":[{"name":"Matteo Collina","email":"hello@matteocollina.com"},{"name":"Manuel Spigolon","email":"behemoth89@gmail.com"},{"name":"Aras Abbasi","email":"aras.abbasi@gmail.com"},{"name":"Frazer Smith","email":"frazer.dev@icloud.com","url":"https://github.com/fdawgs"}],"license":"BSD-3-Clause","bugs":{"url":"https://github.com/fastify/light-my-request/issues"},"homepage":"https://github.com/fastify/light-my-request#readme","funding":[{"type":"github","url":"https://github.com/sponsors/fastify"},{"type":"opencollective","url":"https://opencollective.com/fastify"}],"_lastModified":"2026-05-06T11:08:06.437Z"}

package/dist/node_modules/ms/index.js

@@ -0,0 +1 @@
+(()=>{var e={900:e=>{var r=1e3;var s=r*60;var a=s*60;var n=a*24;var t=n*7;var u=n*365.25;e.exports=function(e,r){r=r||{};var s=typeof e;if(s==="string"&&e.length>0){return parse(e)}else if(s==="number"&&isFinite(e)){return r.long?fmtLong(e):fmtShort(e)}throw new Error("val is not a non-empty string or a valid number. val="+JSON.stringify(e))};function parse(e){e=String(e);if(e.length>100){return}var c=/^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(e);if(!c){return}var i=parseFloat(c[1]);var o=(c[2]||"ms").toLowerCase();switch(o){case"years":case"year":case"yrs":case"yr":case"y":return i*u;case"weeks":case"week":case"w":return i*t;case"days":case"day":case"d":return i*n;case"hours":case"hour":case"hrs":case"hr":case"h":return i*a;case"minutes":case"minute":case"mins":case"min":case"m":return i*s;case"seconds":case"second":case"secs":case"sec":case"s":return i*r;case"milliseconds":case"millisecond":case"msecs":case"msec":case"ms":return i;default:return undefined}}function fmtShort(e){var t=Math.abs(e);if(t>=n){return Math.round(e/n)+"d"}if(t>=a){return Math.round(e/a)+"h"}if(t>=s){return Math.round(e/s)+"m"}if(t>=r){return Math.round(e/r)+"s"}return e+"ms"}function fmtLong(e){var t=Math.abs(e);if(t>=n){return plural(e,t,n,"day")}if(t>=a){return plural(e,t,a,"hour")}if(t>=s){return plural(e,t,s,"minute")}if(t>=r){return plural(e,t,r,"second")}return e+" ms"}function plural(e,r,s,a){var n=r>=s*1.5;return Math.round(e/s)+" "+a+(n?"s":"")}}};var r={};function __nccwpck_require__(s){var a=r[s];if(a!==undefined){return a.exports}var n=r[s]={exports:{}};var t=true;try{e[s](n,n.exports,__nccwpck_require__);t=false}finally{if(t)delete r[s]}return n.exports}if(typeof __nccwpck_require__!=="undefined")__nccwpck_require__.ab=__dirname+"/";var s=__nccwpck_require__(900);module.exports=s})();

package/dist/node_modules/ms/package.json

@@ -0,0 +1 @@
+{"name":"ms","version":"2.1.3","description":"Tiny millisecond conversion utility","repository":"vercel/ms","main":"./index","files":["index.js"],"scripts":{"precommit":"lint-staged","lint":"eslint lib/* bin/*","test":"mocha tests.js"},"eslintConfig":{"extends":"eslint:recommended","env":{"node":true,"es6":true}},"lint-staged":{"*.js":["npm run lint","prettier --single-quote --write","git add"]},"license":"MIT","devDependencies":{"eslint":"4.18.2","expect.js":"0.3.1","husky":"0.14.3","lint-staged":"5.0.0","mocha":"4.0.1","prettier":"2.0.5"},"_lastModified":"2026-05-06T11:08:06.491Z"}

package/dist/server/service.js

@@ -39,12 +39,14 @@ __export(service_exports, {
   IdpOauthService: () => IdpOauthService
 });
 module.exports = __toCommonJS(service_exports);
+var import_plugin_auth = require("@nocobase/plugin-auth");
 var import_server = require("@nocobase/server");
 var import_node_fs = __toESM(require("node:fs"));
 var import_light_my_request = __toESM(require("light-my-request"));
 var import_node_crypto = require("node:crypto");
 var import_node_path = __toESM(require("node:path"));
 var import_utils = require("@nocobase/utils");
+var import_ms = __toESM(require("ms"));
 var import_db_adapter = require("./db-adapter");
 var import_utils2 = require("./utils");
 let oidcModulePromise = null;
@@ -64,6 +66,14 @@ function getJoseModule() {
 const defaultSupportedScopes = ["openid", "offline_access", "profile", "email"];
 const envJwksKeys = ["IDP_OAUTH_JWKS", "OAUTH_JWKS"];
 const MAX_CACHE_TTL_MS = 2147483647;
+const DEFAULT_ACCESS_TOKEN_TTL_SECONDS = Math.floor((0, import_ms.default)(import_plugin_auth.defaultTokenPolicyConfig.tokenExpirationTime) / 1e3);
+const DEFAULT_SESSION_TTL_SECONDS = Math.floor((0, import_ms.default)(import_plugin_auth.defaultTokenPolicyConfig.sessionExpirationTime) / 1e3);
+function policyMillisecondsToSeconds(value, fallback) {
+  if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) {
+    return fallback;
+  }
+  return Math.max(1, Math.floor(value / 1e3));
+}
 class IdpOauthService {
   constructor(app, bridgeTokenCache) {
     this.app = app;
@@ -488,6 +498,12 @@ class IdpOauthService {
       throw new Error("JWT secret is required for plugin-idp-oauth");
     }
     const jwks = await this.getProviderSigningJwks(appName);
+    const tokenPolicy = await this.app.authManager.tokenController.getConfig();
+    const accessTokenTtl = policyMillisecondsToSeconds(
+      tokenPolicy == null ? void 0 : tokenPolicy.tokenExpirationTime,
+      DEFAULT_ACCESS_TOKEN_TTL_SECONDS
+    );
+    const sessionTtl = policyMillisecondsToSeconds(tokenPolicy == null ? void 0 : tokenPolicy.sessionExpirationTime, DEFAULT_SESSION_TTL_SECONDS);
     return {
       adapter: (0, import_db_adapter.createDbAdapter)(this.app, "oidcStates"),
       clients: [],
@@ -552,12 +568,12 @@ class IdpOauthService {
         }
       },
       ttl: {
-        AccessToken: () => 10 * 60,
+        AccessToken: accessTokenTtl,
         AuthorizationCode: 60,
-        Grant: 14 * 24 * 60 * 60,
+        Grant: sessionTtl,
         IdToken: 60 * 60,
-        RefreshToken: () => 30 * 24 * 60 * 60,
-        Session: 14 * 24 * 60 * 60,
+        RefreshToken: sessionTtl,
+        Session: sessionTtl,
         Interaction: 60 * 60
       },
       pkce: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nocobase/plugin-idp-oauth",
-  "version": "2.1.0-beta.23",
+  "version": "2.1.0-beta.25",
   "main": "dist/server/index.js",
   "displayName": "IdP: OAuth",
   "displayName.zh-CN": "IdP: OAuth",
@@ -10,15 +10,17 @@
     "@types/oidc-provider": "^9.5.0",
     "jose": "^6.2.1",
     "light-my-request": "^6.6.0",
+    "ms": "^2.1.3",
     "oidc-provider": "~9.7.0"
   },
   "peerDependencies": {
     "@nocobase/client": "2.x",
+    "@nocobase/plugin-auth": "2.x",
     "@nocobase/server": "2.x",
     "@nocobase/test": "2.x"
   },
   "keywords": [
     "Authentication"
   ],
-  "gitHead": "bb4c0d3551bf9eff505b63756dd24a0813231f16"
+  "gitHead": "824f8b8200e9fe086135768934d3ef427b212446"
 }