@owox/idp-owox 0.0.0

package/README.md

@@ -0,0 +1,93 @@
+# @owox/idp-owox
+
+OWOX Identity Provider implementation for OWOX Data Marts authentication.  
+This package provides the **IdP integration with OWOX Identity Platform**, handling tokens, introspection, and persistence (SQLite/MySQL).
+
+## Setup
+
+### 1. Environment Configuration
+
+Create or update your `.env` file with the required settings:
+
+```env
+# Database (SQLite is default and recommended for getting started)
+IDP_OWOX_DB_TYPE=sqlite
+IDP_OWOX_SQLITE_DB_PATH=./data/auth.db
+IDP_OWOX_SQLITE_PRAGMA=journal_mode=WAL,synchronous=NORMAL
+
+# IdentityOwox client (OWOX Identity Platform backend)
+IDP_OWOX_BASE_URL=https://integrated-backend.bi.owox.com
+IDP_OWOX_TIMEOUT=3s
+# Optional: pass default headers to every request
+IDP_OWOX_DEFAULT_HEADERS={"x-trace-id":"debug-local"}
+
+# IDP App configuration
+IDP_OWOX_CLIENT_ID=app-owox
+IDP_OWOX_PLATFORM_SIGN_IN_URL=https://bi.owox.com/ui/p/signin
+IDP_OWOX_CALLBACK_URL=/auth/callback
+
+# JWT validation
+IDP_OWOX_JWT_ISSUER=https://idp.owox.com
+IDP_OWOX_JWT_CLOCK_TOLERANCE=5s
+IDP_OWOX_JWT_CACHE_TTL=1h
+IDP_OWOX_JWT_ALGORITHM=RS256
+```
+
+#### SQLite Default Path
+
+If `IDP_OWOX_SQLITE_DB_PATH` is not provided, the database file will be created automatically in the system application data directory (using env-paths).
+
+### 2. MySQL Configuration (Alternative)
+
+If you prefer MySQL instead of SQLite:
+
+```env
+IDP_OWOX_DB_TYPE=mysql
+IDP_OWOX_MYSQL_HOST=localhost
+IDP_OWOX_MYSQL_PORT=3306
+IDP_OWOX_MYSQL_USER=idp_user
+IDP_OWOX_MYSQL_PASSWORD=your-secret
+IDP_OWOX_MYSQL_DB=idp_owox
+# Optional
+IDP_OWOX_MYSQL_CONNECTION_LIMIT=10
+IDP_OWOX_MYSQL_SSL={"rejectUnauthorized":true}
+```
+
+### 3. Authentication Flow
+
+1. Sign In: User is redirected to OWOX Platform sign-in page (`IDP_OWOX_PLATFORM_SIGN_IN_URL`)
+2. Callback: On success, user is redirected back to `IDP_OWOX_CALLBACK_URL`
+3. Introspection: Tokens are validated against OWOX Identity Platform
+4. App Sign-In: Application redirects user to Sign-In page
+
+#### Install dependencies
+
+```bash
+npm install
+```
+
+#### Build
+
+```bash
+npm run build
+```
+
+#### Type checking
+
+```bash
+npm run typecheck
+```
+
+#### Linting
+
+```bash
+npm run lint
+npm run lint:fix
+```
+
+#### Formatting
+
+```bash
+npm run format
+npm run format:check
+```

package/dist/auth/AuthorizationStore.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Storage for mapping state -> code_verifier (PKCE).
+ * No ORM usage.
+ */
+export interface AuthorizationStore {
+    /**
+     * Initialize connections/resources and create schema if needed.
+     */
+    initialize(): Promise<void>;
+    /**
+     * Save mapping state -> code_verifier.
+     * Update existing record if it already exists.
+     * @param state unique key (state)
+     * @param codeVerifier PKCE code_verifier value
+     * @param expiresAt optional expiration date (if omitted — stored without TTL)
+     */
+    save(state: string, codeVerifier: string, expiresAt?: Date | null): Promise<void>;
+    /**
+     * Get code_verifier by state.
+     * Must return null if record is missing or expired.
+     */
+    get(state: string): Promise<string | null>;
+    /**
+     * Delete a record by state.
+     */
+    delete(state: string): Promise<void>;
+    /**
+     * Remove expired records.
+     * @returns number of removed records
+     */
+    purgeExpired(): Promise<number>;
+    /**
+     * Graceful shutdown, close connections.
+     */
+    shutdown(): Promise<void>;
+}
+//# sourceMappingURL=AuthorizationStore.d.ts.map

package/dist/auth/AuthorizationStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/AuthorizationStore.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;;;;;OAMG;IACH,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElF;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAE3C;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErC;;;OAGG;IACH,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC;;OAEG;IACH,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B"}

package/dist/auth/AuthorizationStore.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/auth/AuthorizationStoreFactory.d.ts

@@ -0,0 +1,7 @@
+import type { AuthorizationStore } from './AuthorizationStore';
+import type { DbConfig } from '../config';
+/**
+ * Factory that creates AuthorizationStore implementation based on configuration.
+ */
+export declare function createAuthorizationStore(config: DbConfig): AuthorizationStore;
+//# sourceMappingURL=AuthorizationStoreFactory.d.ts.map

package/dist/auth/AuthorizationStoreFactory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationStoreFactory.d.ts","sourceRoot":"","sources":["../../src/auth/AuthorizationStoreFactory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAG/D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAE1C;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,QAAQ,GAAG,kBAAkB,CAS7E"}

package/dist/auth/AuthorizationStoreFactory.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthorizationStore = createAuthorizationStore;
+const MysqlAuthorizationStore_1 = require("./MysqlAuthorizationStore");
+const SqliteAuthorizationStore_1 = require("./SqliteAuthorizationStore");
+/**
+ * Factory that creates AuthorizationStore implementation based on configuration.
+ */
+function createAuthorizationStore(config) {
+    const type = config.type;
+    if (type === 'sqlite') {
+        return new SqliteAuthorizationStore_1.SqliteAuthorizationStore(config.sqlite);
+    }
+    if (type === 'mysql') {
+        return new MysqlAuthorizationStore_1.MysqlAuthorizationStore(config.mysql);
+    }
+    throw new Error(`Unknown store type: ${type}`);
+}

package/dist/auth/MysqlAuthorizationStore.d.ts

@@ -0,0 +1,19 @@
+import type { AuthorizationStore } from './AuthorizationStore';
+import type { MysqlConfig } from '../config';
+/**
+ * MySQL implementation (mysql2/promise, no ORM).
+ */
+export declare class MysqlAuthorizationStore implements AuthorizationStore {
+    private readonly config;
+    private pool?;
+    constructor(config: MysqlConfig);
+    initialize(): Promise<void>;
+    save(state: string, codeVerifier: string, expiresAt?: Date | null): Promise<void>;
+    get(state: string): Promise<string | null>;
+    delete(state: string): Promise<void>;
+    purgeExpired(): Promise<number>;
+    shutdown(): Promise<void>;
+    private getPool;
+}
+export default MysqlAuthorizationStore;
+//# sourceMappingURL=MysqlAuthorizationStore.d.ts.map

package/dist/auth/MysqlAuthorizationStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MysqlAuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/MysqlAuthorizationStore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG7C;;GAEG;AACH,qBAAa,uBAAwB,YAAW,kBAAkB;IAGpD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,IAAI,CAAC,CAAO;gBAES,MAAM,EAAE,WAAW;IAE1C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAgC3B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjF,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAuB1C,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAO/B,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAO/B,OAAO,CAAC,OAAO;CAIhB;AAED,eAAe,uBAAuB,CAAC"}

package/dist/auth/MysqlAuthorizationStore.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MysqlAuthorizationStore = void 0;
+/**
+ * MySQL implementation (mysql2/promise, no ORM).
+ */
+class MysqlAuthorizationStore {
+    config;
+    pool;
+    constructor(config) {
+        this.config = config;
+    }
+    async initialize() {
+        const mysql = await import('mysql2/promise');
+        this.pool = mysql.createPool({
+            host: this.config.host,
+            port: this.config.port ?? 3306,
+            user: this.config.user,
+            password: this.config.password,
+            database: this.config.database,
+            waitForConnections: true,
+            connectionLimit: this.config.connectionLimit ?? 10,
+            ssl: this.config.ssl,
+        });
+        await this.getPool().query(`
+        CREATE TABLE IF NOT EXISTS auth_states (
+            state VARCHAR(255) NOT NULL PRIMARY KEY,
+            code_verifier VARCHAR(255) NOT NULL,
+            created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            expires_at TIMESTAMP NULL
+            )
+    `);
+        try {
+            await this.getPool().query(`CREATE INDEX idx_auth_states_expires_at ON auth_states (expires_at)`);
+        }
+        catch {
+            // index already exists
+        }
+    }
+    async save(state, codeVerifier, expiresAt) {
+        const exp = expiresAt ?? null;
+        await this.getPool().execute(`INSERT INTO auth_states (state, code_verifier, expires_at)
+       VALUES (?, ?, ?)
+       ON DUPLICATE KEY UPDATE
+          code_verifier = VALUES(code_verifier),
+          expires_at    = VALUES(expires_at),
+          created_at    = CURRENT_TIMESTAMP`, [state, codeVerifier, exp]);
+    }
+    async get(state) {
+        await this.purgeExpired();
+        const [rows] = await this.getPool().execute(`SELECT code_verifier, expires_at FROM auth_states WHERE state = ? LIMIT 1`, [state]);
+        const row = Array.isArray(rows) && rows.length > 0
+            ? rows[0]
+            : null;
+        if (!row)
+            return null;
+        const exp = row.expires_at ? new Date(row.expires_at) : null;
+        if (exp && exp.getTime() <= Date.now()) {
+            await this.delete(state);
+            return null;
+        }
+        return row.code_verifier;
+    }
+    async delete(state) {
+        await this.getPool().execute(`DELETE FROM auth_states WHERE state = ?`, [state]);
+    }
+    async purgeExpired() {
+        const [result] = await this.getPool().execute(`DELETE FROM auth_states WHERE expires_at IS NOT NULL AND expires_at <= CURRENT_TIMESTAMP`);
+        return result.affectedRows ?? 0;
+    }
+    async shutdown() {
+        if (this.pool) {
+            await this.pool.end();
+            this.pool = undefined;
+        }
+    }
+    getPool() {
+        if (!this.pool)
+            throw new Error('MysqlAuthorizationStore is not initialized');
+        return this.pool;
+    }
+}
+exports.MysqlAuthorizationStore = MysqlAuthorizationStore;
+exports.default = MysqlAuthorizationStore;

package/dist/auth/SqliteAuthorizationStore.d.ts

@@ -0,0 +1,20 @@
+import type { AuthorizationStore } from './AuthorizationStore';
+import type { SqliteConfig } from '../config';
+/**
+ * SQLite implementation (better-sqlite3, no ORM).
+ */
+export declare class SqliteAuthorizationStore implements AuthorizationStore {
+    private readonly config;
+    private db?;
+    constructor(config: SqliteConfig);
+    initialize(): Promise<void>;
+    save(state: string, codeVerifier: string, expiresAt?: Date | null): Promise<void>;
+    get(state: string): Promise<string | null>;
+    delete(state: string): Promise<void>;
+    purgeExpired(): Promise<number>;
+    shutdown(): Promise<void>;
+    private getTime;
+    private getDb;
+}
+export default SqliteAuthorizationStore;
+//# sourceMappingURL=SqliteAuthorizationStore.d.ts.map

package/dist/auth/SqliteAuthorizationStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqliteAuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/SqliteAuthorizationStore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C;;GAEG;AACH,qBAAa,wBAAyB,YAAW,kBAAkB;IAGrD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,EAAE,CAAC,CAAW;gBAEO,MAAM,EAAE,YAAY;IAE3C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjF,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAmB1C,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAQ/B,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAO/B,OAAO,CAAC,OAAO;IAKf,OAAO,CAAC,KAAK;CAId;AAED,eAAe,wBAAwB,CAAC"}

package/dist/auth/SqliteAuthorizationStore.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SqliteAuthorizationStore = void 0;
+/**
+ * SQLite implementation (better-sqlite3, no ORM).
+ */
+class SqliteAuthorizationStore {
+    config;
+    db;
+    constructor(config) {
+        this.config = config;
+    }
+    async initialize() {
+        // Lazy require to avoid typing/runtime coupling during build
+        const { default: Database } = await import('better-sqlite3');
+        this.db = new Database(this.config.dbPath, { fileMustExist: false });
+        if (this.config.pragma && this.config.pragma.length > 0) {
+            for (const p of this.config.pragma) {
+                this.db.pragma(p);
+            }
+        }
+        else {
+            this.db.pragma('journal_mode = WAL');
+        }
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS auth_states (
+        state TEXT PRIMARY KEY,
+        code_verifier TEXT NOT NULL,
+        created_at INTEGER NOT NULL DEFAULT (strftime('%s','now')),
+        expires_at INTEGER
+      );
+      CREATE INDEX IF NOT EXISTS idx_auth_states_expires_at ON auth_states(expires_at);`);
+    }
+    async save(state, codeVerifier, expiresAt) {
+        this.getDb();
+        const exp = expiresAt ? this.getTime(expiresAt) : null;
+        const stmt = this.getDb().prepare(`INSERT INTO auth_states (state, code_verifier, expires_at)
+       VALUES (?, ?, ?)
+       ON CONFLICT(state) DO UPDATE SET
+         code_verifier = excluded.code_verifier,
+         expires_at   = excluded.expires_at,
+         created_at   = strftime('%s','now')`);
+        stmt.run(state, codeVerifier, exp);
+    }
+    async get(state) {
+        this.getDb();
+        const now = this.getTime();
+        await this.purgeExpired();
+        const row = this.getDb()
+            .prepare(`SELECT code_verifier, expires_at FROM auth_states WHERE state = ?`)
+            .get(state);
+        if (!row)
+            return null;
+        if (row.expires_at != null && row.expires_at <= now) {
+            await this.delete(state);
+            return null;
+        }
+        return row.code_verifier;
+    }
+    async delete(state) {
+        this.getDb().prepare(`DELETE FROM auth_states WHERE state = ?`).run(state);
+    }
+    async purgeExpired() {
+        const now = this.getTime();
+        const res = this.getDb()
+            .prepare(`DELETE FROM auth_states WHERE expires_at IS NOT NULL AND expires_at <= ?`)
+            .run(now);
+        return typeof res.changes === 'number' ? res.changes : 0;
+    }
+    async shutdown() {
+        if (this.db) {
+            this.db.close();
+            this.db = undefined;
+        }
+    }
+    getTime(date) {
+        const ms = date ? date.getTime() : Date.now();
+        return Math.floor(ms / 1000);
+    }
+    getDb() {
+        if (!this.db)
+            throw new Error('SqliteAuthorizationStore is not initialized');
+        return this.db;
+    }
+}
+exports.SqliteAuthorizationStore = SqliteAuthorizationStore;
+exports.default = SqliteAuthorizationStore;

package/dist/client/IdentityOwoxClient.d.ts

@@ -0,0 +1,27 @@
+import { TokenRequest, TokenResponse, RevocationRequest, RevocationResponse, IntrospectionRequest, IntrospectionResponse, JwksResponse } from './dto';
+import { IdentityOwoxClientConfig } from '../config';
+/**
+ * Represents a client for interacting with the Identity OWOX API.
+ * Provides methods for token management, validation, and retrieval of key sets.
+ */
+export declare class IdentityOwoxClient {
+    private readonly http;
+    constructor(config: IdentityOwoxClientConfig);
+    /**
+     * POST /api/idp/token
+     */
+    getToken(req: TokenRequest): Promise<TokenResponse>;
+    /**
+     * POST /api/idp/revocation
+     */
+    revokeToken(req: RevocationRequest): Promise<RevocationResponse>;
+    /**
+     * GET /api/idp/introspection
+     */
+    introspectToken(req: IntrospectionRequest): Promise<IntrospectionResponse>;
+    /**
+     * GET /api/idp/.well-known/jwks.json
+     */
+    getJwks(): Promise<JwksResponse>;
+}
+//# sourceMappingURL=IdentityOwoxClient.d.ts.map

package/dist/client/IdentityOwoxClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IdentityOwoxClient.d.ts","sourceRoot":"","sources":["../../src/client/IdentityOwoxClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EAIb,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,wBAAwB,EAAE,MAAM,WAAW,CAAC;AAGrD;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAgB;gBAEzB,MAAM,EAAE,wBAAwB;IAW5C;;OAEG;IACG,QAAQ,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAKzD;;OAEG;IACG,WAAW,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAKtE;;OAEG;IACG,eAAe,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAUhF;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,YAAY,CAAC;CAIvC"}

package/dist/client/IdentityOwoxClient.js

@@ -0,0 +1,59 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentityOwoxClient = void 0;
+const axios_1 = __importDefault(require("axios"));
+const dto_1 = require("./dto");
+const ms_1 = __importDefault(require("ms"));
+/**
+ * Represents a client for interacting with the Identity OWOX API.
+ * Provides methods for token management, validation, and retrieval of key sets.
+ */
+class IdentityOwoxClient {
+    http;
+    constructor(config) {
+        this.http = axios_1.default.create({
+            baseURL: config.baseUrl,
+            timeout: (0, ms_1.default)(config.clientTimeout),
+            headers: {
+                'Content-Type': 'application/json',
+                ...(config.defaultHeaders ?? {}),
+            },
+        });
+    }
+    /**
+     * POST /api/idp/token
+     */
+    async getToken(req) {
+        const { data } = await this.http.post('/api/idp/token', req);
+        return dto_1.TokenResponseSchema.parse(data);
+    }
+    /**
+     * POST /api/idp/revocation
+     */
+    async revokeToken(req) {
+        const resp = await this.http.post('/api/idp/revocation', req);
+        return { success: resp.status >= 200 && resp.status < 300 };
+    }
+    /**
+     * GET /api/idp/introspection
+     */
+    async introspectToken(req) {
+        const { data } = await this.http.get('/api/idp/introspection', {
+            headers: {
+                Authorization: req.token,
+            },
+        });
+        return dto_1.IntrospectionResponseSchema.parse(data);
+    }
+    /**
+     * GET /api/idp/.well-known/jwks.json
+     */
+    async getJwks() {
+        const { data } = await this.http.get('/api/idp/.well-known/jwks.json');
+        return dto_1.JwksResponseSchema.parse(data);
+    }
+}
+exports.IdentityOwoxClient = IdentityOwoxClient;

package/dist/client/dto/idpOwoxPayloadDto.d.ts

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+export declare const IdpOwoxPayloadSchema: z.ZodObject<{
+    userId: z.ZodString;
+    projectId: z.ZodString;
+    userEmail: z.ZodString;
+    userFullName: z.ZodString;
+    userAvatar: z.ZodString;
+    roles: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodEnum<["admin", "editor", "viewer"]>, "atleastone">, ("admin" | "editor" | "viewer")[], ["admin" | "editor" | "viewer", ...("admin" | "editor" | "viewer")[]]>, ("admin" | "editor" | "viewer")[], unknown>;
+    projectTitle: z.ZodString;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    userId: z.ZodString;
+    projectId: z.ZodString;
+    userEmail: z.ZodString;
+    userFullName: z.ZodString;
+    userAvatar: z.ZodString;
+    roles: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodEnum<["admin", "editor", "viewer"]>, "atleastone">, ("admin" | "editor" | "viewer")[], ["admin" | "editor" | "viewer", ...("admin" | "editor" | "viewer")[]]>, ("admin" | "editor" | "viewer")[], unknown>;
+    projectTitle: z.ZodString;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    userId: z.ZodString;
+    projectId: z.ZodString;
+    userEmail: z.ZodString;
+    userFullName: z.ZodString;
+    userAvatar: z.ZodString;
+    roles: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodEnum<["admin", "editor", "viewer"]>, "atleastone">, ("admin" | "editor" | "viewer")[], ["admin" | "editor" | "viewer", ...("admin" | "editor" | "viewer")[]]>, ("admin" | "editor" | "viewer")[], unknown>;
+    projectTitle: z.ZodString;
+}, z.ZodTypeAny, "passthrough">>;
+export type IdpOwoxPayload = z.infer<typeof IdpOwoxPayloadSchema>;
+//# sourceMappingURL=idpOwoxPayloadDto.d.ts.map

package/dist/client/dto/idpOwoxPayloadDto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"idpOwoxPayloadDto.d.ts","sourceRoot":"","sources":["../../../src/client/dto/idpOwoxPayloadDto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;gCA2BjB,CAAC;AAEjB,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}

package/dist/client/dto/idpOwoxPayloadDto.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdpOwoxPayloadSchema = void 0;
+const zod_1 = require("zod");
+const idp_protocol_1 = require("@owox/idp-protocol");
+exports.IdpOwoxPayloadSchema = zod_1.z
+    .object({
+    userId: zod_1.z.string().min(1, 'userId is required'),
+    projectId: zod_1.z.string().min(1, 'projectId is required'),
+    userEmail: zod_1.z.string().email(),
+    userFullName: zod_1.z.string().min(1, 'userFullName is required'),
+    userAvatar: zod_1.z.string().url(),
+    roles: zod_1.z.preprocess(val => {
+        if (typeof val === 'string') {
+            return val
+                .split(',')
+                .map(r => r.trim().toLowerCase())
+                .filter(Boolean);
+        }
+        if (Array.isArray(val)) {
+            return val.map(r => String(r).trim().toLowerCase()).filter(Boolean);
+        }
+        return [];
+    }, zod_1.z
+        .array(idp_protocol_1.RoleEnum)
+        .nonempty()
+        .transform(arr => Array.from(new Set(arr)))),
+    projectTitle: zod_1.z.string().min(1, 'projectTitle is required'),
+})
+    .passthrough();

package/dist/client/dto/index.d.ts

@@ -0,0 +1,7 @@
+export * from './jwksDto';
+export * from './tokenDto';
+export * from './introspectionDto';
+export * from './revocationDto';
+export * from './tokenType';
+export * from './idpOwoxPayloadDto';
+//# sourceMappingURL=index.d.ts.map

package/dist/client/dto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/dto/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC"}

package/dist/client/dto/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./jwksDto"), exports);
+__exportStar(require("./tokenDto"), exports);
+__exportStar(require("./introspectionDto"), exports);
+__exportStar(require("./revocationDto"), exports);
+__exportStar(require("./tokenType"), exports);
+__exportStar(require("./idpOwoxPayloadDto"), exports);

package/dist/client/dto/introspectionDto.d.ts

@@ -0,0 +1,68 @@
+import { z } from 'zod';
+export interface IntrospectionRequest {
+    token: string;
+}
+export declare const IntrospectionResponseSchema: z.ZodDiscriminatedUnion<"isActive", [z.ZodObject<{
+    userId: z.ZodString;
+    projectId: z.ZodString;
+    userEmail: z.ZodString;
+    userFullName: z.ZodString;
+    userAvatar: z.ZodString;
+    roles: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodEnum<["admin", "editor", "viewer"]>, "atleastone">, ("admin" | "editor" | "viewer")[], ["admin" | "editor" | "viewer", ...("admin" | "editor" | "viewer")[]]>, ("admin" | "editor" | "viewer")[], unknown>;
+    projectTitle: z.ZodString;
+} & {
+    isActive: z.ZodLiteral<true>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    userId: z.ZodString;
+    projectId: z.ZodString;
+    userEmail: z.ZodString;
+    userFullName: z.ZodString;
+    userAvatar: z.ZodString;
+    roles: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodEnum<["admin", "editor", "viewer"]>, "atleastone">, ("admin" | "editor" | "viewer")[], ["admin" | "editor" | "viewer", ...("admin" | "editor" | "viewer")[]]>, ("admin" | "editor" | "viewer")[], unknown>;
+    projectTitle: z.ZodString;
+} & {
+    isActive: z.ZodLiteral<true>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    userId: z.ZodString;
+    projectId: z.ZodString;
+    userEmail: z.ZodString;
+    userFullName: z.ZodString;
+    userAvatar: z.ZodString;
+    roles: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodEnum<["admin", "editor", "viewer"]>, "atleastone">, ("admin" | "editor" | "viewer")[], ["admin" | "editor" | "viewer", ...("admin" | "editor" | "viewer")[]]>, ("admin" | "editor" | "viewer")[], unknown>;
+    projectTitle: z.ZodString;
+} & {
+    isActive: z.ZodLiteral<true>;
+}, z.ZodTypeAny, "passthrough">>, z.ZodObject<{
+    [x: string]: z.ZodNull;
+    userId: z.ZodNull;
+    projectId: z.ZodNull;
+    userEmail: z.ZodNull;
+    userFullName: z.ZodNull;
+    userAvatar: z.ZodNull;
+    roles: z.ZodNull;
+    projectTitle: z.ZodNull;
+} & {
+    isActive: z.ZodLiteral<false>;
+}, "strict", z.ZodTypeAny, {
+    [x: string]: null;
+    userId?: unknown;
+    projectId?: unknown;
+    userEmail?: unknown;
+    userFullName?: unknown;
+    userAvatar?: unknown;
+    roles?: unknown;
+    projectTitle?: unknown;
+    isActive?: unknown;
+}, {
+    [x: string]: null;
+    userId?: unknown;
+    projectId?: unknown;
+    userEmail?: unknown;
+    userFullName?: unknown;
+    userAvatar?: unknown;
+    roles?: unknown;
+    projectTitle?: unknown;
+    isActive?: unknown;
+}>]>;
+export type IntrospectionResponse = z.infer<typeof IntrospectionResponseSchema>;
+//# sourceMappingURL=introspectionDto.d.ts.map

package/dist/client/dto/introspectionDto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"introspectionDto.d.ts","sourceRoot":"","sources":["../../../src/client/dto/introspectionDto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;CACf;AAgBD,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC"}