@office-ai/aioncli-core 0.30.0 → 0.30.1

package/dist/src/utils/oauth-flow.js

@@ -0,0 +1,370 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/**
+ * Shared OAuth 2.0 Authorization Code flow primitives with PKCE support.
+ *
+ * These utilities are protocol-agnostic and can be used by both MCP OAuth
+ * and A2A OAuth authentication providers.
+ */
+import * as http from 'node:http';
+import * as crypto from 'node:crypto';
+import { URL } from 'node:url';
+import { debugLogger } from './debugLogger.js';
+/** The path the local callback server listens on. */
+export const REDIRECT_PATH = '/oauth/callback';
+const HTTP_OK = 200;
+/**
+ * Generate PKCE parameters for OAuth flow.
+ *
+ * @returns PKCE parameters including code verifier, challenge, and state
+ */
+export function generatePKCEParams() {
+    // Generate code verifier (43-128 characters)
+    // using 64 bytes results in ~86 characters, safely above the minimum of 43
+    const codeVerifier = crypto.randomBytes(64).toString('base64url');
+    // Generate code challenge using SHA256
+    const codeChallenge = crypto
+        .createHash('sha256')
+        .update(codeVerifier)
+        .digest('base64url');
+    // Generate state for CSRF protection
+    const state = crypto.randomBytes(16).toString('base64url');
+    return { codeVerifier, codeChallenge, state };
+}
+/**
+ * Start a local HTTP server to handle OAuth callback.
+ * The server will listen on the specified port (or port 0 for OS assignment).
+ *
+ * @param expectedState The state parameter to validate
+ * @param port Optional preferred port to listen on
+ * @returns Object containing the port (available immediately) and a promise for the auth response
+ */
+export function startCallbackServer(expectedState, port) {
+    let portResolve;
+    let portReject;
+    const portPromise = new Promise((resolve, reject) => {
+        portResolve = resolve;
+        portReject = reject;
+    });
+    const responsePromise = new Promise((resolve, reject) => {
+        let serverPort;
+        const server = http.createServer(async (req, res) => {
+            try {
+                const url = new URL(req.url, `http://localhost:${serverPort}`);
+                if (url.pathname !== REDIRECT_PATH) {
+                    res.writeHead(404);
+                    res.end('Not found');
+                    return;
+                }
+                const code = url.searchParams.get('code');
+                const state = url.searchParams.get('state');
+                const error = url.searchParams.get('error');
+                if (error) {
+                    res.writeHead(HTTP_OK, { 'Content-Type': 'text/html' });
+                    res.end(`
+              <html>
+                <body>
+                  <h1>Authentication Failed</h1>
+                  <p>Error: ${error.replace(/</g, '&lt;').replace(/>/g, '&gt;')}</p>
+                  <p>${(url.searchParams.get('error_description') || '').replace(/</g, '&lt;').replace(/>/g, '&gt;')}</p>
+                  <p>You can close this window.</p>
+                </body>
+              </html>
+            `);
+                    server.close();
+                    reject(new Error(`OAuth error: ${error}`));
+                    return;
+                }
+                if (!code || !state) {
+                    res.writeHead(400);
+                    res.end('Missing code or state parameter');
+                    return;
+                }
+                if (state !== expectedState) {
+                    res.writeHead(400);
+                    res.end('Invalid state parameter');
+                    server.close();
+                    reject(new Error('State mismatch - possible CSRF attack'));
+                    return;
+                }
+                // Send success response to browser
+                res.writeHead(HTTP_OK, { 'Content-Type': 'text/html' });
+                res.end(`
+            <html>
+              <body>
+                <h1>Authentication Successful!</h1>
+                <p>You can close this window and return to Gemini CLI.</p>
+                <script>window.close();</script>
+              </body>
+            </html>
+          `);
+                server.close();
+                resolve({ code, state });
+            }
+            catch (error) {
+                server.close();
+                reject(error);
+            }
+        });
+        server.on('error', (error) => {
+            portReject(error);
+            reject(error);
+        });
+        // Determine which port to use (env var, argument, or OS-assigned)
+        let listenPort = 0; // Default to OS-assigned port
+        const portStr = process.env['OAUTH_CALLBACK_PORT'];
+        if (portStr) {
+            const envPort = parseInt(portStr, 10);
+            if (isNaN(envPort) || envPort <= 0 || envPort > 65535) {
+                const error = new Error(`Invalid value for OAUTH_CALLBACK_PORT: "${portStr}"`);
+                portReject(error);
+                reject(error);
+                return;
+            }
+            listenPort = envPort;
+        }
+        else if (port !== undefined) {
+            listenPort = port;
+        }
+        server.listen(listenPort, () => {
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+            const address = server.address();
+            serverPort = address.port;
+            debugLogger.log(`OAuth callback server listening on port ${serverPort}`);
+            portResolve(serverPort); // Resolve port promise immediately
+        });
+        // Timeout after 5 minutes
+        setTimeout(() => {
+            server.close();
+            reject(new Error('OAuth callback timeout'));
+        }, 5 * 60 * 1000);
+    });
+    return { port: portPromise, response: responsePromise };
+}
+/**
+ * Extract the port number from a URL string if available and valid.
+ *
+ * @param urlString The URL string to parse
+ * @returns The port number or undefined if not found or invalid
+ */
+export function getPortFromUrl(urlString) {
+    if (!urlString) {
+        return undefined;
+    }
+    try {
+        const url = new URL(urlString);
+        if (url.port) {
+            const parsedPort = parseInt(url.port, 10);
+            if (!isNaN(parsedPort) && parsedPort > 0 && parsedPort <= 65535) {
+                return parsedPort;
+            }
+        }
+    }
+    catch {
+        // Ignore invalid URL
+    }
+    return undefined;
+}
+/**
+ * Build the authorization URL for the OAuth flow.
+ *
+ * @param config OAuth flow configuration
+ * @param pkceParams PKCE parameters
+ * @param redirectPort The port to use for the redirect URI
+ * @param resource Optional resource parameter value (RFC 8707)
+ * @returns The authorization URL
+ */
+export function buildAuthorizationUrl(config, pkceParams, redirectPort, resource) {
+    const redirectUri = config.redirectUri || `http://localhost:${redirectPort}${REDIRECT_PATH}`;
+    const params = new URLSearchParams({
+        client_id: config.clientId,
+        response_type: 'code',
+        redirect_uri: redirectUri,
+        state: pkceParams.state,
+        code_challenge: pkceParams.codeChallenge,
+        code_challenge_method: 'S256',
+    });
+    if (config.scopes && config.scopes.length > 0) {
+        params.append('scope', config.scopes.join(' '));
+    }
+    if (config.audiences && config.audiences.length > 0) {
+        params.append('audience', config.audiences.join(' '));
+    }
+    if (resource) {
+        params.append('resource', resource);
+    }
+    const url = new URL(config.authorizationUrl);
+    params.forEach((value, key) => {
+        url.searchParams.append(key, value);
+    });
+    return url.toString();
+}
+/**
+ * Parse a token endpoint response, handling both JSON and form-urlencoded formats.
+ *
+ * @param response The HTTP response from the token endpoint
+ * @param operationName Human-readable operation name for error messages (e.g., "Token exchange", "Token refresh")
+ * @param defaultErrorCode Default error code when access_token is missing (e.g., "no_access_token", "unknown_error")
+ * @returns The parsed token response
+ */
+async function parseTokenEndpointResponse(response, operationName, defaultErrorCode) {
+    const responseText = await response.text();
+    const contentType = response.headers.get('content-type') || '';
+    if (!response.ok) {
+        // Try to parse error from form-urlencoded response
+        let errorMessage = null;
+        try {
+            const errorParams = new URLSearchParams(responseText);
+            const error = errorParams.get('error');
+            const errorDescription = errorParams.get('error_description');
+            if (error) {
+                errorMessage = `${operationName} failed: ${error} - ${errorDescription || 'No description'}`;
+            }
+        }
+        catch {
+            // Fall back to raw error
+        }
+        throw new Error(errorMessage ||
+            `${operationName} failed: ${response.status} - ${responseText}`);
+    }
+    // Log unexpected content types for debugging
+    if (!contentType.includes('application/json') &&
+        !contentType.includes('application/x-www-form-urlencoded')) {
+        debugLogger.warn(`${operationName} endpoint returned unexpected content-type: ${contentType}. ` +
+            `Expected application/json or application/x-www-form-urlencoded. ` +
+            `Will attempt to parse response.`);
+    }
+    // Try to parse as JSON first, fall back to form-urlencoded
+    try {
+        const data = JSON.parse(responseText);
+        if (data &&
+            typeof data === 'object' &&
+            'access_token' in data &&
+            // eslint-disable-next-line no-restricted-syntax
+            typeof data['access_token'] === 'string') {
+            const obj = data;
+            const result = {
+                access_token: String(obj['access_token']),
+                token_type: 
+                // eslint-disable-next-line no-restricted-syntax
+                typeof obj['token_type'] === 'string' ? obj['token_type'] : 'Bearer',
+                expires_in: 
+                // eslint-disable-next-line no-restricted-syntax
+                typeof obj['expires_in'] === 'number' ? obj['expires_in'] : undefined,
+                refresh_token: 
+                // eslint-disable-next-line no-restricted-syntax
+                typeof obj['refresh_token'] === 'string'
+                    ? obj['refresh_token']
+                    : undefined,
+                // eslint-disable-next-line no-restricted-syntax
+                scope: typeof obj['scope'] === 'string' ? obj['scope'] : undefined,
+            };
+            return result;
+        }
+        // JSON parsed but doesn't look like a token response — fall through
+    }
+    catch {
+        // Not JSON — fall through to form-urlencoded parsing
+    }
+    // Parse form-urlencoded response
+    const tokenParams = new URLSearchParams(responseText);
+    const accessToken = tokenParams.get('access_token');
+    const tokenType = tokenParams.get('token_type') || 'Bearer';
+    const expiresIn = tokenParams.get('expires_in');
+    const refreshToken = tokenParams.get('refresh_token');
+    const scope = tokenParams.get('scope');
+    if (!accessToken) {
+        // Check for error in response
+        const error = tokenParams.get('error');
+        const errorDescription = tokenParams.get('error_description');
+        throw new Error(`${operationName} failed: ${error || defaultErrorCode} - ${errorDescription || responseText}`);
+    }
+    return {
+        access_token: accessToken,
+        token_type: tokenType,
+        expires_in: expiresIn ? parseInt(expiresIn, 10) : undefined,
+        refresh_token: refreshToken || undefined,
+        scope: scope || undefined,
+    };
+}
+/**
+ * Exchange an authorization code for tokens.
+ *
+ * @param config OAuth flow configuration
+ * @param code Authorization code
+ * @param codeVerifier PKCE code verifier
+ * @param redirectPort The port to use for the redirect URI
+ * @param resource Optional resource parameter value (RFC 8707)
+ * @returns The token response
+ */
+export async function exchangeCodeForToken(config, code, codeVerifier, redirectPort, resource) {
+    const redirectUri = config.redirectUri || `http://localhost:${redirectPort}${REDIRECT_PATH}`;
+    const params = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code,
+        redirect_uri: redirectUri,
+        code_verifier: codeVerifier,
+        client_id: config.clientId,
+    });
+    if (config.clientSecret) {
+        params.append('client_secret', config.clientSecret);
+    }
+    if (config.audiences && config.audiences.length > 0) {
+        params.append('audience', config.audiences.join(' '));
+    }
+    if (resource) {
+        params.append('resource', resource);
+    }
+    // eslint-disable-next-line no-restricted-syntax -- TODO: Migrate to safeFetch for SSRF protection
+    const response = await fetch(config.tokenUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json, application/x-www-form-urlencoded',
+        },
+        body: params.toString(),
+    });
+    return parseTokenEndpointResponse(response, 'Token exchange', 'no_access_token');
+}
+/**
+ * Refresh an access token using a refresh token.
+ *
+ * @param config OAuth configuration subset needed for refresh
+ * @param refreshToken The refresh token
+ * @param tokenUrl The token endpoint URL
+ * @param resource Optional resource parameter value (RFC 8707)
+ * @returns The new token response
+ */
+export async function refreshAccessToken(config, refreshToken, tokenUrl, resource) {
+    const params = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: config.clientId,
+    });
+    if (config.clientSecret) {
+        params.append('client_secret', config.clientSecret);
+    }
+    if (config.scopes && config.scopes.length > 0) {
+        params.append('scope', config.scopes.join(' '));
+    }
+    if (config.audiences && config.audiences.length > 0) {
+        params.append('audience', config.audiences.join(' '));
+    }
+    if (resource) {
+        params.append('resource', resource);
+    }
+    // eslint-disable-next-line no-restricted-syntax -- TODO: Migrate to safeFetch for SSRF protection
+    const response = await fetch(tokenUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json, application/x-www-form-urlencoded',
+        },
+        body: params.toString(),
+    });
+    return parseTokenEndpointResponse(response, 'Token refresh', 'unknown_error');
+}
+//# sourceMappingURL=oauth-flow.js.map

package/dist/src/utils/oauth-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-flow.js","sourceRoot":"","sources":["../../../src/utils/oauth-flow.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;GAKG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAoD/C,qDAAqD;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAE/C,MAAM,OAAO,GAAG,GAAG,CAAC;AAEpB;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,6CAA6C;IAC7C,2EAA2E;IAC3E,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAElE,uCAAuC;IACvC,MAAM,aAAa,GAAG,MAAM;SACzB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,YAAY,CAAC;SACpB,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,qCAAqC;IACrC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE3D,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;AAChD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,aAAqB,EACrB,IAAa;IAKb,IAAI,WAAmC,CAAC;IACxC,IAAI,UAAkC,CAAC;IACvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1D,WAAW,GAAG,OAAO,CAAC;QACtB,UAAU,GAAG,MAAM,CAAC;IACtB,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,IAAI,OAAO,CACjC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClB,IAAI,UAAkB,CAAC;QAEvB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAC9B,KAAK,EAAE,GAAyB,EAAE,GAAwB,EAAE,EAAE;YAC5D,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,UAAU,EAAE,CAAC,CAAC;gBAEhE,IAAI,GAAG,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;oBACnC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrB,OAAO;gBACT,CAAC;gBAED,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACxD,GAAG,CAAC,GAAG,CAAC;;;;8BAIQ,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;uBACxD,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;;;;aAIvG,CAAC,CAAC;oBACD,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACpB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;oBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;oBACnC,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;oBAC3D,OAAO;gBACT,CAAC;gBAED,mCAAmC;gBACnC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACxD,GAAG,CAAC,GAAG,CAAC;;;;;;;;WAQT,CAAC,CAAC;gBAED,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC3B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC3B,UAAU,CAAC,KAAK,CAAC,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC,8BAA8B;QAElD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACnD,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACtC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC;gBACtD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2CAA2C,OAAO,GAAG,CACtD,CAAC;gBACF,UAAU,CAAC,KAAK,CAAC,CAAC;gBAClB,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,UAAU,GAAG,OAAO,CAAC;QACvB,CAAC;aAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,UAAU,GAAG,IAAI,CAAC;QACpB,CAAC;QAED,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,EAAE;YAC7B,uEAAuE;YACvE,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAqB,CAAC;YACpD,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;YAC1B,WAAW,CAAC,GAAG,CACb,2CAA2C,UAAU,EAAE,CACxD,CAAC;YACF,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,mCAAmC;QAC9D,CAAC,CAAC,CAAC;QAEH,0BAA0B;QAC1B,UAAU,CACR,GAAG,EAAE;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC9C,CAAC,EACD,CAAC,GAAG,EAAE,GAAG,IAAI,CACd,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,SAAkB;IAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACb,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;gBAChE,OAAO,UAAU,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAuB,EACvB,UAAsB,EACtB,YAAoB,EACpB,QAAiB;IAEjB,MAAM,WAAW,GACf,MAAM,CAAC,WAAW,IAAI,oBAAoB,YAAY,GAAG,aAAa,EAAE,CAAC;IAE3E,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,MAAM;QACrB,YAAY,EAAE,WAAW;QACzB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,cAAc,EAAE,UAAU,CAAC,aAAa;QACxC,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAC7C,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5B,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IACH,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,0BAA0B,CACvC,QAAkB,EAClB,aAAqB,EACrB,gBAAwB;IAExB,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC3C,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAE/D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,mDAAmD;QACnD,IAAI,YAAY,GAAkB,IAAI,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,CAAC;YACtD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YAC9D,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,GAAG,GAAG,aAAa,YAAY,KAAK,MAAM,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;YAC/F,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;QACD,MAAM,IAAI,KAAK,CACb,YAAY;YACV,GAAG,aAAa,YAAY,QAAQ,CAAC,MAAM,MAAM,YAAY,EAAE,CAClE,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,IACE,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QACzC,CAAC,WAAW,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAC1D,CAAC;QACD,WAAW,CAAC,IAAI,CACd,GAAG,aAAa,+CAA+C,WAAW,IAAI;YAC5E,kEAAkE;YAClE,iCAAiC,CACpC,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,CAAC;QACH,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC/C,IACE,IAAI;YACJ,OAAO,IAAI,KAAK,QAAQ;YACxB,cAAc,IAAI,IAAI;YACtB,gDAAgD;YAChD,OAAQ,IAAgC,CAAC,cAAc,CAAC,KAAK,QAAQ,EACrE,CAAC;YACD,MAAM,GAAG,GAAG,IAA+B,CAAC;YAC5C,MAAM,MAAM,GAAuB;gBACjC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBACzC,UAAU;gBACR,gDAAgD;gBAChD,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,QAAQ;gBACtE,UAAU;gBACR,gDAAgD;gBAChD,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;gBACvE,aAAa;gBACX,gDAAgD;gBAChD,OAAO,GAAG,CAAC,eAAe,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC;oBACtB,CAAC,CAAC,SAAS;gBACf,gDAAgD;gBAChD,KAAK,EAAE,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;aACnE,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,oEAAoE;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;IACvD,CAAC;IAED,iCAAiC;IACjC,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC;IAC5D,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEvC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,8BAA8B;QAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAC9D,MAAM,IAAI,KAAK,CACb,GAAG,aAAa,YAAY,KAAK,IAAI,gBAAgB,MAAM,gBAAgB,IAAI,YAAY,EAAE,CAC9F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;QAC3D,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,KAAK,EAAE,KAAK,IAAI,SAAS;KACJ,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAuB,EACvB,IAAY,EACZ,YAAoB,EACpB,YAAoB,EACpB,QAAiB;IAEjB,MAAM,WAAW,GACf,MAAM,CAAC,WAAW,IAAI,oBAAoB,YAAY,GAAG,aAAa,EAAE,CAAC;IAE3E,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,oBAAoB;QAChC,IAAI;QACJ,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;KAC3B,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,kGAAkG;IAClG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;QAC5C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,qDAAqD;SAC9D;QACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IAEH,OAAO,0BAA0B,CAC/B,QAAQ,EACR,gBAAgB,EAChB,iBAAiB,CAClB,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAA0B,EAC1B,YAAoB,EACpB,QAAgB,EAChB,QAAiB;IAEjB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,YAAY;QAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;KAC3B,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,kGAAkG;IAClG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,qDAAqD;SAC9D;QACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IAEH,OAAO,0BAA0B,CAAC,QAAQ,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;AAChF,CAAC"}

package/dist/src/utils/oauth-flow.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};