@portaidentity/cli 1.4.0 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"browser-flow.d.ts","sourceRoot":"","sources":["../../src/auth/browser-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAaH,OAAO,KAAK,EAAE,cAAc,EAAiB,MAAM,YAAY,CAAC;AAahE,mCAAmC;AACnC,MAAM,WAAW,kBAAkB;IACjC,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAsDD;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,kBAAkB,EAC3B,GAAG,GAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAkB,GAC3C,OAAO,CAAC,cAAc,CAAC,
|
|
1
|
+
{"version":3,"file":"browser-flow.d.ts","sourceRoot":"","sources":["../../src/auth/browser-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAaH,OAAO,KAAK,EAAE,cAAc,EAAiB,MAAM,YAAY,CAAC;AAahE,mCAAmC;AACnC,MAAM,WAAW,kBAAkB;IACjC,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAsDD;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,kBAAkB,EAC3B,GAAG,GAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAkB,GAC3C,OAAO,CAAC,cAAc,CAAC,CAsJzB"}
|
|
@@ -17,12 +17,12 @@
|
|
|
17
17
|
*
|
|
18
18
|
* @module auth/browser-flow
|
|
19
19
|
*/
|
|
20
|
-
import { URL } from 'node:url';
|
|
21
20
|
import { decodeJwt } from 'jose';
|
|
22
|
-
import {
|
|
23
|
-
import { fetchAdminMetadata } from './metadata.js';
|
|
24
|
-
import { startCallbackServer, parseCallbackUrl, MANUAL_REDIRECT_URI, isContainerized, } from './callback-server.js';
|
|
21
|
+
import { URL } from 'node:url';
|
|
25
22
|
import { question } from '../prompt.js';
|
|
23
|
+
import { MANUAL_REDIRECT_URI, isContainerized, parseCallbackUrl, startCallbackServer, } from './callback-server.js';
|
|
24
|
+
import { fetchAdminMetadata } from './metadata.js';
|
|
25
|
+
import { generateCodeChallenge, generateCodeVerifier, generateState } from './pkce.js';
|
|
26
26
|
// ---------------------------------------------------------------------------
|
|
27
27
|
// Constants
|
|
28
28
|
// ---------------------------------------------------------------------------
|
|
@@ -131,7 +131,15 @@ export async function executeBrowserFlow(options, log = console.log) {
|
|
|
131
131
|
authUrl.searchParams.set('code_challenge', codeChallenge);
|
|
132
132
|
authUrl.searchParams.set('code_challenge_method', 'S256');
|
|
133
133
|
authUrl.searchParams.set('state', state);
|
|
134
|
-
|
|
134
|
+
// prompt MUST include `consent` for `offline_access` to survive.
|
|
135
|
+
//
|
|
136
|
+
// Per OIDC Core §3.1.2.1 and node-oidc-provider's check_scope, the provider
|
|
137
|
+
// strips `offline_access` from the request unless `prompt` contains `consent`
|
|
138
|
+
// — so without it no refresh_token is ever issued (the credentials file then
|
|
139
|
+
// lacks `refreshToken`). `login` is kept to force fresh credential entry on
|
|
140
|
+
// every `porta login`. Porta auto-consents first-party clients, so adding
|
|
141
|
+
// `consent` shows no extra UI to the admin.
|
|
142
|
+
authUrl.searchParams.set('prompt', 'login consent');
|
|
135
143
|
// ---------------------------------------------------------------
|
|
136
144
|
// Step 6: Open browser or print URL + collect auth code
|
|
137
145
|
// ---------------------------------------------------------------
|
|
@@ -139,8 +147,8 @@ export async function executeBrowserFlow(options, log = console.log) {
|
|
|
139
147
|
if (manualMode) {
|
|
140
148
|
log('Open this URL in your browser to log in:\n');
|
|
141
149
|
log(` ${authUrl.toString()}\n`);
|
|
142
|
-
log(
|
|
143
|
-
log(
|
|
150
|
+
log("After logging in, your browser will redirect to a page that won't load.");
|
|
151
|
+
log("Copy the full URL from your browser's address bar and paste it below.\n");
|
|
144
152
|
const pastedUrl = await question('Paste the callback URL: ');
|
|
145
153
|
code = parseCallbackUrl(pastedUrl, state);
|
|
146
154
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"browser-flow.js","sourceRoot":"","sources":["../../src/auth/browser-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"browser-flow.js","sourceRoot":"","sources":["../../src/auth/browser-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAGvF,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,kDAAkD;AAClD,MAAM,MAAM,GAAG,qCAAqC,CAAC;AAgBrD,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,KAAK,UAAU,YAAY,CAAC,MAO3B;IACC,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,QAAQ,CAAC;IAE5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,UAAU,EAAE,oBAAoB;YAChC,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;SACnC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1D,MAAM,IAAI,GACP,SAAoC,CAAC,iBAAiB;YACtD,SAAoC,CAAC,KAAK;YAC3C,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAA2B,EAC3B,MAAiC,OAAO,CAAC,GAAG;IAE5C,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAEtC,kEAAkE;IAClE,oDAAoD;IACpD,kEAAkE;IAClE,MAAM,UAAU,GAAG,SAAS,IAAI,eAAe,EAAE,CAAC;IAElD,IAAI,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,GAAG,CAAC,6DAA6D,CAAC,CAAC;IACrE,CAAC;IAED,kEAAkE;IAClE,yDAAyD;IACzD,kEAAkE;IAClE,IAAI,QAAgB,CAAC;IACrB,IAAI,OAAe,CAAC;IAEpB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAC5B,OAAO,GAAG,aAAa,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAClD,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;QAC7B,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED,kEAAkE;IAClE,mCAAmC;IACnC,kEAAkE;IAClE,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAC5C,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAE9B,kEAAkE;IAClE,+CAA+C;IAC/C,kEAAkE;IAClE,IAAI,WAAmB,CAAC;IACxB,IAAI,QAAyB,CAAC;IAE9B,IAAI,UAAU,EAAE,CAAC;QACf,WAAW,GAAG,mBAAmB,CAAC;QAClC,QAAQ,GAAG,SAAuC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,WAAW,GAAG,oBAAoB,cAAc,CAAC,IAAI,WAAW,CAAC;QACjE,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,kEAAkE;IAClE,sCAAsC;IACtC,kEAAkE;IAClE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,IAAI,OAAO,OAAO,CAAC,CAAC;IACrD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,iEAAiE;IACjE,EAAE;IACF,4EAA4E;IAC5E,8EAA8E;IAC9E,6EAA6E;IAC7E,4EAA4E;IAC5E,0EAA0E;IAC1E,4CAA4C;IAC5C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAGpD,kEAAkE;IAClE,wDAAwD;IACxD,kEAAkE;IAClE,IAAI,IAAY,CAAC;IAEjB,IAAI,UAAU,EAAE,CAAC;QACf,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAClD,GAAG,CAAC,KAAK,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACjC,GAAG,CAAC,yEAAyE,CAAC,CAAC;QAC/E,GAAG,CAAC,yEAAyE,CAAC,CAAC;QAE/E,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,0BAA0B,CAAC,CAAC;QAC7D,IAAI,GAAG,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,uCAAuC,CAAC,CAAC;QAC7C,IAAI,CAAC;YACH,iDAAiD;YACjD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClD,MAAM,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,qDAAqD,CAAC,CAAC;YAC3D,GAAG,CAAC,KAAK,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC;QAED,GAAG,CAAC,+BAA+B,CAAC,CAAC;QACrC,IAAI,GAAG,MAAM,QAAQ,CAAC;IACxB,CAAC;IAED,kEAAkE;IAClE,qDAAqD;IACrD,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;QAChC,MAAM;QACN,OAAO;QACP,IAAI;QACJ,WAAW;QACX,QAAQ;QACR,YAAY;KACb,CAAC,CAAC;IAEH,kEAAkE;IAClE,8DAA8D;IAC9D,EAAE;IACF,oEAAoE;IACpE,oEAAoE;IACpE,uEAAuE;IACvE,wEAAwE;IACxE,6EAA6E;IAC7E,kEAAkE;IAClE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC1B,GAAG,CACD,sFAAsF;YACpF,0EAA0E;YAC1E,uDAAuD,CAC1D,CAAC;IACJ,CAAC;IAED,kEAAkE;IAClE,uDAAuD;IACvD,kEAAkE;IAClE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAE1C,kEAAkE;IAClE,gDAAgD;IAChD,kEAAkE;IAClE,OAAO;QACL,MAAM;QACN,OAAO;QACP,QAAQ;QACR,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,OAAO,EAAE,MAAM,CAAC,QAAQ;QACxB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;QACxE,QAAQ,EAAE;YACR,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE;YACrB,KAAK,EAAG,MAAM,CAAC,KAAgB,IAAI,EAAE;YACrC,IAAI,EAAG,MAAM,CAAC,IAAe,IAAI,SAAS;SAC3C;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -17,7 +17,7 @@ import type { GlobalOptions } from '../global-options.js';
|
|
|
17
17
|
* CLI version — read from package.json at build time.
|
|
18
18
|
* This must be kept in sync with package.json version.
|
|
19
19
|
*/
|
|
20
|
-
export declare const CLI_VERSION = "1.
|
|
20
|
+
export declare const CLI_VERSION = "1.5.0";
|
|
21
21
|
/**
|
|
22
22
|
* The version command module — shows version info for CLI, SDK, and server.
|
|
23
23
|
*/
|
package/dist/commands/version.js
CHANGED
|
@@ -22,7 +22,7 @@ import { fetchHealthStatus } from '../auth/metadata.js';
|
|
|
22
22
|
* CLI version — read from package.json at build time.
|
|
23
23
|
* This must be kept in sync with package.json version.
|
|
24
24
|
*/
|
|
25
|
-
export const CLI_VERSION = '1.
|
|
25
|
+
export const CLI_VERSION = '1.5.0';
|
|
26
26
|
// ---------------------------------------------------------------------------
|
|
27
27
|
// Command Definition
|
|
28
28
|
// ---------------------------------------------------------------------------
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@portaidentity/cli",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.5.1",
|
|
4
4
|
"description": "Standalone CLI for the Porta Identity Platform",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -19,12 +19,12 @@
|
|
|
19
19
|
"clean": "rm -rf dist"
|
|
20
20
|
},
|
|
21
21
|
"dependencies": {
|
|
22
|
-
"@portaidentity/sdk": "1.
|
|
22
|
+
"@portaidentity/sdk": "1.5.1",
|
|
23
23
|
"chalk": "^5.6.2",
|
|
24
24
|
"cli-table3": "^0.6.5",
|
|
25
25
|
"jose": "^6.2.3",
|
|
26
26
|
"open": "^11.0.0",
|
|
27
|
-
"yaml": "^2.
|
|
27
|
+
"yaml": "^2.9.0",
|
|
28
28
|
"yargs": "^18.0.0"
|
|
29
29
|
},
|
|
30
30
|
"devDependencies": {
|
|
@@ -34,7 +34,7 @@
|
|
|
34
34
|
"eslint": "^10.4.0",
|
|
35
35
|
"eslint-config-prettier": "^10.1.8",
|
|
36
36
|
"typescript": "^6.0.3",
|
|
37
|
-
"typescript-eslint": "^8.
|
|
37
|
+
"typescript-eslint": "^8.61.0",
|
|
38
38
|
"vitest": "^4.1.6"
|
|
39
39
|
},
|
|
40
40
|
"repository": {
|