@openape/nuxt-auth-sp 0.5.1 → 0.6.0

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "@openape/nuxt-auth-sp",
   "configKey": "openapeSp",
-  "version": "0.5.1",
+  "version": "0.6.0",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "unknown"

package/dist/module.mjs

@@ -1,5 +1,5 @@
 import crypto from 'node:crypto';
-import { useLogger, defineNuxtModule, createResolver, addServerImportsDir, addImportsDir, addComponentsDir, addServerHandler } from '@nuxt/kit';
+import { useLogger, defineNuxtModule, createResolver, addServerPlugin, addServerImportsDir, addImportsDir, addComponentsDir, addServerHandler } from '@nuxt/kit';
 import { defu } from 'defu';
 
 const logger = useLogger("@openape/nuxt-auth-sp");
@@ -44,6 +44,7 @@ const module$1 = defineNuxtModule({
         logger.warn("clientId is empty in production! Set openapeSp.clientId or NUXT_OPENAPE_SP_CLIENT_ID.");
       }
     }
+    addServerPlugin(resolve("./runtime/server/plugins/problem-details"));
     addServerImportsDir(resolve("./runtime/server/utils"));
     addImportsDir(resolve("./runtime/composables"));
     addComponentsDir({ path: resolve(runtimeDir, "components") });
@@ -52,7 +53,7 @@ const module$1 = defineNuxtModule({
       addServerHandler({ route: "/api/callback", handler: resolve("./runtime/server/api/callback.get") });
       addServerHandler({ route: "/api/logout", method: "post", handler: resolve("./runtime/server/api/logout.post") });
       addServerHandler({ route: "/api/me", handler: resolve("./runtime/server/api/me.get") });
-      addServerHandler({ route: "/.well-known/sp-manifest.json", handler: resolve("./runtime/server/routes/well-known/sp-manifest.json.get") });
+      addServerHandler({ route: "/.well-known/oauth-client-metadata", handler: resolve("./runtime/server/routes/well-known/oauth-client-metadata.get") });
       addServerHandler({ route: "/.well-known/auth.md", handler: resolve("./runtime/server/routes/well-known/auth.md.get") });
       addServerHandler({ route: "/.well-known/openape.json", handler: resolve("./runtime/server/routes/well-known/openape.json.get") });
     }

package/dist/runtime/server/handlers.d.ts

@@ -0,0 +1,21 @@
+import type { H3Event } from 'h3';
+import type { DDISAAssertionClaims } from '@openape/core';
+export interface LoginHandlerOptions {
+    callbackPath: string;
+}
+export interface CallbackHandlerOptions {
+    onSuccess: (event: H3Event, result: {
+        claims: DDISAAssertionClaims;
+        rawAssertion: string;
+    }) => Promise<void>;
+    onError?: (event: H3Event, error: Error) => Promise<void>;
+}
+export interface ClientMetadataHandlerOptions {
+    callbackPath: string;
+    clientUri?: string;
+}
+export declare function defineOpenApeLoginHandler(options: LoginHandlerOptions): import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    redirectUrl: string;
+}>>;
+export declare function defineOpenApeCallbackHandler(options: CallbackHandlerOptions): import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<void>>;
+export declare function defineOpenApeClientMetadataHandler(options: ClientMetadataHandlerOptions): import("h3").EventHandler<import("h3").EventHandlerRequest, import("@openape/core").SPClientMetadata>;

package/dist/runtime/server/handlers.js

@@ -1,5 +1,5 @@
 import { createError, defineEventHandler, getQuery, getRequestURL, readBody, sendRedirect } from "h3";
-import { createAuthorizationURL, createSPManifest, discoverIdP, handleCallback } from "@openape/auth";
+import { createAuthorizationURL, createClientMetadata, discoverIdP, handleCallback } from "@openape/auth";
 import { getSpConfig, saveFlowState, getFlowState, clearFlowState } from "./utils/sp-config.js";
 export function defineOpenApeLoginHandler(options) {
   return defineEventHandler(async (event) => {
@@ -86,15 +86,16 @@ export function defineOpenApeCallbackHandler(options) {
     }
   });
 }
-export function defineOpenApeSPManifestHandler(options) {
+export function defineOpenApeClientMetadataHandler(options) {
   return defineEventHandler((event) => {
     const { clientId, spName } = getSpConfig();
     const origin = getRequestURL(event).origin;
-    return createSPManifest({
+    return createClientMetadata({
       client_id: clientId,
-      name: spName,
+      client_name: spName,
       redirect_uris: [`${origin}${options.callbackPath}`],
-      description: options.description || `${spName} \u2014 OpenApe Service Provider`
+      client_uri: options.clientUri || origin,
+      contacts: []
     });
   });
 }

package/dist/runtime/server/plugins/problem-details.d.ts

@@ -0,0 +1,3 @@
+import type { NitroApp } from 'nitropack';
+declare const _default: (nitroApp: NitroApp) => void;
+export default _default;

package/dist/runtime/server/plugins/problem-details.js

@@ -0,0 +1,24 @@
+import { setResponseHeader } from "h3";
+export default (nitroApp) => {
+  nitroApp.hooks.hook("error", (error, { event }) => {
+    if (!event)
+      return;
+    if (error.data?.type && error.data?.status) {
+      setResponseHeader(event, "Content-Type", "application/problem+json");
+      event.node.res.statusCode = error.data.status;
+      event.node.res.end(JSON.stringify(error.data));
+      return;
+    }
+    const status = error.statusCode || 500;
+    const title = error.statusMessage || "Internal Server Error";
+    const body = {
+      type: "about:blank",
+      title,
+      status,
+      ...error.message && error.message !== title ? { detail: error.message } : {}
+    };
+    setResponseHeader(event, "Content-Type", "application/problem+json");
+    event.node.res.statusCode = status;
+    event.node.res.end(JSON.stringify(body));
+  });
+};

package/dist/runtime/server/routes/well-known/auth.md.get.js

@@ -21,7 +21,7 @@ DDISA v1 (DNS-Discoverable Identity & Service Authorization)
 | GET | /api/callback | OAuth callback (automatic) |
 | GET | /api/me | Get current session (returns 401 if not authenticated) |
 | POST | /api/logout | End session |
-| GET | /.well-known/sp-manifest.json | SP metadata |
+| GET | /.well-known/oauth-client-metadata | SP client metadata (RFC 7591) |
 
 ## How to Authenticate
 

package/dist/runtime/server/routes/well-known/oauth-client-metadata.get.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, import("@openape/core").SPClientMetadata>;
+export default _default;

package/dist/runtime/server/routes/well-known/{sp-manifest.json.get.js → oauth-client-metadata.get.js}

@@ -1,13 +1,14 @@
 import { defineEventHandler, getRequestURL } from "h3";
-import { createSPManifest } from "@openape/auth";
+import { createClientMetadata } from "@openape/auth";
 import { getSpConfig } from "../../utils/sp-config.js";
 export default defineEventHandler((event) => {
   const { clientId, spName } = getSpConfig();
   const origin = getRequestURL(event).origin;
-  return createSPManifest({
+  return createClientMetadata({
     client_id: clientId,
-    name: spName,
+    client_name: spName,
     redirect_uris: [`${origin}/api/callback`],
-    description: `${spName} \u2014 OpenApe Service Provider`
+    client_uri: origin,
+    contacts: []
   });
 });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@openape/nuxt-auth-sp",
   "type": "module",
-  "version": "0.5.1",
+  "version": "0.6.0",
   "description": "OpenAPE Service Provider Nuxt module — adds OIDC login via DNS-based IdP discovery",
   "author": "Delta Mind GmbH",
   "license": "AGPL-3.0-or-later",
@@ -29,7 +29,7 @@
     "test": "vitest run --passWithNoTests",
     "changeset": "changeset",
     "version-packages": "changeset version",
-    "release": "npm pack --dry-run && npm publish --provenance --access public"
+    "release": "changeset publish"
   },
   "dependencies": {
     "@nuxt/kit": "^3.21.1",
@@ -56,5 +56,6 @@
   },
   "engines": {
     "node": ">=22"
-  }
+  },
+  "packageManager": "pnpm@10.29.3"
 }