@openverifiable/connector-bluesky 1.0.2 → 1.0.4

package/lib/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAIV,eAAe,EACf,eAAe,EAChB,MAAM,sBAAsB,CAAC;AAupB9B;;GAEG;AACH,QAAA,MAAM,sBAAsB,EAAE,eAAe,CAAC,eAAe,CAW5D,CAAC;AAEF,eAAe,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAIV,eAAe,EACf,eAAe,EAChB,MAAM,sBAAsB,CAAC;AA0pB9B;;GAEG;AACH,QAAA,MAAM,sBAAsB,EAAE,eAAe,CAAC,eAAe,CAW5D,CAAC;AAEF,eAAe,sBAAsB,CAAC"}

package/lib/index.js

@@ -770,8 +770,10 @@ async function exchangeCodeForTokens(code, redirectUri, tokenEndpoint, codeVerif
             };
             // For confidential clients, add client assertion JWT
             if (config.tokenEndpointAuthMethod === 'private_key_jwt') {
+                // Extract issuer origin from token endpoint URL
+                const issuer = new URL(tokenEndpoint).origin;
                 try {
-                    const clientAssertion = await generateClientAssertion(effectiveClientId, tokenEndpoint, config);
+                    const clientAssertion = await generateClientAssertion(effectiveClientId, issuer, config);
                     if (clientAssertion) {
                         params.append('client_assertion', clientAssertion);
                         params.append('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
@@ -781,7 +783,7 @@ async function exchangeCodeForTokens(code, redirectUri, tokenEndpoint, codeVerif
                         const assertionEndpoint = config.assertionEndpoint;
                         if (assertionEndpoint) {
                             const assertionResponse = await got.post(assertionEndpoint, {
-                                json: { clientId: effectiveClientId, tokenEndpoint },
+                                json: { clientId: effectiveClientId, issuer },
                                 headers: {
                                     'X-API-Key': config.assertionApiKey || '',
                                 },
@@ -963,7 +965,7 @@ const getAuthorizationUri = (getConfig) => async ({ state, redirectUri, ...rest
     // Add client assertion for confidential clients (required for PAR)
     if (validatedConfig.tokenEndpointAuthMethod === 'private_key_jwt') {
         try {
-            const clientAssertion = await generateClientAssertion(effectiveClientId, authServerMetadata.pushed_authorization_request_endpoint, validatedConfig);
+            const clientAssertion = await generateClientAssertion(effectiveClientId, authServerMetadata.issuer, validatedConfig);
             if (clientAssertion) {
                 parParams.append('client_assertion', clientAssertion);
                 parParams.append('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
@@ -975,7 +977,7 @@ const getAuthorizationUri = (getConfig) => async ({ state, redirectUri, ...rest
                     const assertionResponse = await got.post(assertionEndpoint, {
                         json: {
                             clientId: effectiveClientId,
-                            tokenEndpoint: authServerMetadata.pushed_authorization_request_endpoint
+                            issuer: authServerMetadata.issuer
                         },
                         headers: {
                             'X-API-Key': config.assertionApiKey || '',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openverifiable/connector-bluesky",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Bluesky/AT Protocol OAuth connector for LogTo with PAR, PKCE, and DPoP support",
   "author": "OpenVerifiable (https://github.com/openverifiable)",
   "homepage": "https://openverifiable.org",

package/lib/__fixtures__/did-documents.d.ts

@@ -1,54 +0,0 @@
-/**
- * DID Document Fixtures
- * Valid DID documents for testing DID resolution and PDS discovery
- */
-export declare const didPlcDocument: {
-    id: string;
-    '@context': string[];
-    service: {
-        id: string;
-        type: string;
-        serviceEndpoint: string;
-    }[];
-    verificationMethod: {
-        id: string;
-        type: string;
-        controller: string;
-        publicKeyMultibase: string;
-    }[];
-};
-export declare const didWebDocument: {
-    id: string;
-    '@context': string[];
-    service: {
-        id: string;
-        type: string;
-        serviceEndpoint: string;
-    }[];
-    verificationMethod: {
-        id: string;
-        type: string;
-        controller: string;
-        publicKeyMultibase: string;
-    }[];
-};
-export declare const didDocumentWithHandle: {
-    alsoKnownAs: string[];
-    id: string;
-    '@context': string[];
-    service: {
-        id: string;
-        type: string;
-        serviceEndpoint: string;
-    }[];
-    verificationMethod: {
-        id: string;
-        type: string;
-        controller: string;
-        publicKeyMultibase: string;
-    }[];
-};
-export declare const invalidDidDocument: {
-    id: string;
-};
-//# sourceMappingURL=did-documents.d.ts.map

package/lib/__fixtures__/did-documents.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"did-documents.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/did-documents.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;CAqB1B,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;CAqB1B,CAAC;AAEF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;CAGjC,CAAC;AAEF,eAAO,MAAM,kBAAkB;;CAG9B,CAAC"}

package/lib/__fixtures__/metadata.d.ts

@@ -1,70 +0,0 @@
-/**
- * OAuth Metadata Fixtures
- * Authorization server and resource server metadata for testing
- */
-export declare const authorizationServerMetadata: {
-    issuer: string;
-    pushed_authorization_request_endpoint: string;
-    authorization_endpoint: string;
-    token_endpoint: string;
-    scopes_supported: string;
-    response_types_supported: string[];
-    grant_types_supported: string[];
-    code_challenge_methods_supported: string[];
-    dpop_signing_alg_values_supported: string[];
-};
-export declare const authorizationServerMetadataWithoutAtproto: {
-    scopes_supported: string;
-    issuer: string;
-    pushed_authorization_request_endpoint: string;
-    authorization_endpoint: string;
-    token_endpoint: string;
-    response_types_supported: string[];
-    grant_types_supported: string[];
-    code_challenge_methods_supported: string[];
-    dpop_signing_alg_values_supported: string[];
-};
-export declare const resourceServerMetadata: {
-    resource: string;
-    authorization_servers: string[];
-};
-export declare const resourceServerMetadataWithEntryway: {
-    resource: string;
-    authorization_servers: string[];
-};
-export declare const clientMetadata: {
-    client_id: string;
-    application_type: string;
-    client_name: string;
-    client_uri: string;
-    dpop_bound_access_tokens: boolean;
-    grant_types: string[];
-    redirect_uris: string[];
-    response_types: string[];
-    scope: string;
-    token_endpoint_auth_method: string;
-};
-export declare const confidentialClientMetadata: {
-    token_endpoint_auth_method: string;
-    token_endpoint_auth_signing_alg: string;
-    jwks_uri: string;
-    jwks: {
-        keys: {
-            kty: string;
-            crv: string;
-            x: string;
-            y: string;
-            kid: string;
-        }[];
-    };
-    client_id: string;
-    application_type: string;
-    client_name: string;
-    client_uri: string;
-    dpop_bound_access_tokens: boolean;
-    grant_types: string[];
-    redirect_uris: string[];
-    response_types: string[];
-    scope: string;
-};
-//# sourceMappingURL=metadata.d.ts.map

package/lib/__fixtures__/metadata.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/metadata.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,2BAA2B;;;;;;;;;;CAUvC,CAAC;AAEF,eAAO,MAAM,yCAAyC;;;;;;;;;;CAGrD,CAAC;AAEF,eAAO,MAAM,sBAAsB;;;CAGlC,CAAC;AAEF,eAAO,MAAM,kCAAkC;;;CAG9C,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;CAW1B,CAAC;AAEF,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;CAgBtC,CAAC"}

package/lib/__fixtures__/oauth-errors.d.ts

@@ -1,42 +0,0 @@
-/**
- * OAuth Error Response Fixtures
- * Standard OAuth error responses for testing error handling
- */
-export declare const useDpopNonceError: {
-    error: string;
-    error_description: string;
-    nonce: string;
-};
-export declare const invalidRequestError: {
-    error: string;
-    error_description: string;
-};
-export declare const invalidClientError: {
-    error: string;
-    error_description: string;
-};
-export declare const invalidGrantError: {
-    error: string;
-    error_description: string;
-};
-export declare const invalidScopeError: {
-    error: string;
-    error_description: string;
-};
-export declare const unauthorizedClientError: {
-    error: string;
-    error_description: string;
-};
-export declare const unsupportedGrantTypeError: {
-    error: string;
-    error_description: string;
-};
-export declare const serverError: {
-    error: string;
-    error_description: string;
-};
-export declare const temporarilyUnavailableError: {
-    error: string;
-    error_description: string;
-};
-//# sourceMappingURL=oauth-errors.d.ts.map

package/lib/__fixtures__/oauth-errors.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-errors.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/oauth-errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;CAG/B,CAAC;AAEF,eAAO,MAAM,kBAAkB;;;CAG9B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;CAG7B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;CAG7B,CAAC;AAEF,eAAO,MAAM,uBAAuB;;;CAGnC,CAAC;AAEF,eAAO,MAAM,yBAAyB;;;CAGrC,CAAC;AAEF,eAAO,MAAM,WAAW;;;CAGvB,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;CAGvC,CAAC"}

package/lib/__fixtures__/profile-responses.d.ts

@@ -1,34 +0,0 @@
-/**
- * Profile Response Fixtures
- * AT Protocol profile responses from PDS for testing
- */
-export declare const profileResponse: {
-    did: string;
-    handle: string;
-    displayName: string;
-    avatar: string;
-    email: string;
-    description: string;
-    createdAt: string;
-};
-export declare const profileResponseMinimal: {
-    did: string;
-    handle: string;
-};
-export declare const profileResponseWithoutEmail: {
-    did: string;
-    handle: string;
-    displayName: string;
-    avatar: string;
-    description: string;
-};
-export declare const profileResponseWithDifferentDID: {
-    did: string;
-    handle: string;
-    displayName: string;
-    avatar: string;
-    email: string;
-    description: string;
-    createdAt: string;
-};
-//# sourceMappingURL=profile-responses.d.ts.map

package/lib/__fixtures__/profile-responses.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"profile-responses.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/profile-responses.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,eAAe;;;;;;;;CAQ3B,CAAC;AAEF,eAAO,MAAM,sBAAsB;;;CAGlC,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;CAMvC,CAAC;AAEF,eAAO,MAAM,+BAA+B;;;;;;;;CAG3C,CAAC"}

package/lib/__fixtures__/token-responses.d.ts

@@ -1,38 +0,0 @@
-/**
- * Token Response Fixtures
- * OAuth token exchange responses for testing
- */
-export declare const tokenResponse: {
-    access_token: string;
-    refresh_token: string;
-    token_type: string;
-    expires_in: number;
-    scope: string;
-    sub: string;
-    did: string;
-};
-export declare const tokenResponseWithoutRefresh: {
-    access_token: string;
-    token_type: string;
-    expires_in: number;
-    scope: string;
-    sub: string;
-};
-export declare const tokenResponseWithDifferentDID: {
-    sub: string;
-    did: string;
-    access_token: string;
-    refresh_token: string;
-    token_type: string;
-    expires_in: number;
-    scope: string;
-};
-export declare const refreshTokenResponse: {
-    access_token: string;
-    refresh_token: string;
-    token_type: string;
-    expires_in: number;
-    scope: string;
-    sub: string;
-};
-//# sourceMappingURL=token-responses.d.ts.map

package/lib/__fixtures__/token-responses.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"token-responses.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/token-responses.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,aAAa;;;;;;;;CAQzB,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;CAMvC,CAAC;AAEF,eAAO,MAAM,6BAA6B;;;;;;;;CAIzC,CAAC;AAEF,eAAO,MAAM,oBAAoB;;;;;;;CAOhC,CAAC"}

package/lib/__tests__/integration/real-account-helpers.d.ts

@@ -1,43 +0,0 @@
-/**
- * Real Account Test Helpers
- * Utilities for testing with real AT Protocol accounts
- *
- * Note: For full token verification, you may need @atproto/api
- * Install it as a dev dependency if needed: npm install --save-dev @atproto/api
- */
-import type { BlueskyConfig } from '../../types.js';
-export interface TestAccount {
-    handle: string;
-    did: string;
-    pdsUrl: string;
-}
-export interface TestSession {
-    accessToken: string;
-    refreshToken?: string;
-    did: string;
-    expiresAt: number;
-}
-/**
- * Get test account from environment variables
- */
-export declare function getTestAccount(): TestAccount;
-/**
- * Verify access token is valid by making an authenticated request
- *
- * Note: This requires @atproto/api. For a simpler check, you can verify
- * the token structure or make a direct HTTP request with DPoP.
- */
-export declare function verifyAccessToken(accessToken: string, did: string, pdsUrl: string): Promise<boolean>;
-/**
- * Create test config from environment variables
- */
-export declare function getTestConfig(): BlueskyConfig;
-/**
- * Check if integration tests should run
- */
-export declare function shouldRunIntegrationTests(): boolean;
-/**
- * Get test redirect URI
- */
-export declare function getTestRedirectUri(): string;
-//# sourceMappingURL=real-account-helpers.d.ts.map

package/lib/__tests__/integration/real-account-helpers.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"real-account-helpers.d.ts","sourceRoot":"","sources":["../../../src/__tests__/integration/real-account-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,WAAW,CAa5C;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,OAAO,CAAC,CAmBlB;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,aAAa,CA0B7C;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAM3C"}

package/lib/__tests__/integration/real-account.test.d.ts

@@ -1,12 +0,0 @@
-/**
- * Real Account Integration Tests
- *
- * These tests require:
- * 1. A real Bluesky test account
- * 2. Publicly accessible client metadata and JWKS
- * 3. Environment variables configured (see INTEGRATION_TESTING.md)
- *
- * These tests are skipped if TEST_BLUESKY_HANDLE is not set.
- */
-export {};
-//# sourceMappingURL=real-account.test.d.ts.map

package/lib/__tests__/integration/real-account.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"real-account.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/integration/real-account.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG"}

package/lib/client-assertion.test.d.ts

@@ -1,6 +0,0 @@
-/**
- * Client Assertion Tests
- * Tests for JWT client assertion generation (RFC 7523)
- */
-export {};
-//# sourceMappingURL=client-assertion.test.d.ts.map

package/lib/client-assertion.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client-assertion.test.d.ts","sourceRoot":"","sources":["../src/client-assertion.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/lib/dpop.test.d.ts

@@ -1,6 +0,0 @@
-/**
- * DPoP Tests
- * Tests for Demonstrating Proof of Possession (RFC 9449) implementation
- */
-export {};
-//# sourceMappingURL=dpop.test.d.ts.map

package/lib/dpop.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"dpop.test.d.ts","sourceRoot":"","sources":["../src/dpop.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/lib/index.test.d.ts

@@ -1,7 +0,0 @@
-/**
- * Bluesky Connector Tests
- *
- * Basic unit tests for Bluesky OAuth connector with PAR, PKCE, and DPoP
- */
-export {};
-//# sourceMappingURL=index.test.d.ts.map

package/lib/index.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../src/index.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/lib/pds-discovery.test.d.ts

@@ -1,6 +0,0 @@
-/**
- * PDS Discovery Tests
- * Tests for PDS resolution, DID resolution, metadata fetching, and SSRF protection
- */
-export {};
-//# sourceMappingURL=pds-discovery.test.d.ts.map

package/lib/pds-discovery.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pds-discovery.test.d.ts","sourceRoot":"","sources":["../src/pds-discovery.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/lib/pkce.test.d.ts

@@ -1,6 +0,0 @@
-/**
- * PKCE Tests
- * Tests for Proof Key for Code Exchange (RFC 7636) implementation
- */
-export {};
-//# sourceMappingURL=pkce.test.d.ts.map

package/lib/pkce.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pkce.test.d.ts","sourceRoot":"","sources":["../src/pkce.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}