@qlever-llc/trellis 0.10.18-rc.1 → 0.10.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/auth/browser/login.d.ts +8 -7
- package/esm/auth/browser/login.d.ts.map +1 -1
- package/esm/auth/browser/logout.d.ts +23 -0
- package/esm/auth/browser/logout.d.ts.map +1 -0
- package/esm/auth/browser/logout.js +80 -0
- package/esm/auth/browser/portal.d.ts.map +1 -1
- package/esm/auth/browser/portal.js +2 -0
- package/esm/auth/browser/session.d.ts +2 -0
- package/esm/auth/browser/session.d.ts.map +1 -1
- package/esm/auth/browser/session.js +6 -0
- package/esm/auth/browser.d.ts +5 -2
- package/esm/auth/browser.d.ts.map +1 -1
- package/esm/auth/browser.js +4 -2
- package/esm/auth/browser_recovery.d.ts +22 -0
- package/esm/auth/browser_recovery.d.ts.map +1 -0
- package/esm/auth/browser_recovery.js +238 -0
- package/esm/auth/mod.d.ts +2 -2
- package/esm/auth/mod.d.ts.map +1 -1
- package/esm/auth/mod.js +2 -2
- package/esm/auth/protocol.d.ts +1 -0
- package/esm/auth/protocol.d.ts.map +1 -1
- package/esm/auth/protocol.js +1 -0
- package/esm/auth/schemas.d.ts +26 -0
- package/esm/auth/schemas.d.ts.map +1 -1
- package/esm/auth/schemas.js +35 -0
- package/esm/browser.d.ts +2 -2
- package/esm/browser.d.ts.map +1 -1
- package/esm/browser.js +1 -1
- package/esm/client_connect.js +1 -1
- package/esm/generated-sdk/auth/api.d.ts +1 -4
- package/esm/generated-sdk/auth/api.d.ts.map +1 -1
- package/esm/generated-sdk/auth/api.js +1 -6
- package/esm/generated-sdk/auth/client.d.ts +0 -15
- package/esm/generated-sdk/auth/client.d.ts.map +1 -1
- package/esm/generated-sdk/auth/contract.d.ts +1 -1
- package/esm/generated-sdk/auth/contract.d.ts.map +1 -1
- package/esm/generated-sdk/auth/contract.js +11 -3
- package/esm/generated-sdk/auth/schemas.d.ts +2 -0
- package/esm/generated-sdk/auth/schemas.d.ts.map +1 -1
- package/esm/generated-sdk/auth/schemas.js +2 -0
- package/esm/generated-sdk/auth/types.d.ts +4 -2
- package/esm/generated-sdk/auth/types.d.ts.map +1 -1
- package/esm/generated-sdk/auth/types.js +1 -1
- package/esm/generated-sdk/trellis-core/api.d.ts +1 -4
- package/esm/generated-sdk/trellis-core/api.d.ts.map +1 -1
- package/esm/generated-sdk/trellis-core/api.js +1 -6
- package/esm/generated-sdk/trellis-core/client.d.ts +3 -28
- package/esm/generated-sdk/trellis-core/client.d.ts.map +1 -1
- package/esm/models/auth/rpc/Logout.d.ts.map +1 -1
- package/esm/models/auth/rpc/Logout.js +2 -2
- package/package.json +2 -2
- package/script/auth/browser/login.d.ts +8 -7
- package/script/auth/browser/login.d.ts.map +1 -1
- package/script/auth/browser/logout.d.ts +23 -0
- package/script/auth/browser/logout.d.ts.map +1 -0
- package/script/auth/browser/logout.js +84 -0
- package/script/auth/browser/portal.d.ts.map +1 -1
- package/script/auth/browser/portal.js +2 -0
- package/script/auth/browser/session.d.ts +2 -0
- package/script/auth/browser/session.d.ts.map +1 -1
- package/script/auth/browser/session.js +7 -0
- package/script/auth/browser.d.ts +5 -2
- package/script/auth/browser.d.ts.map +1 -1
- package/script/auth/browser.js +12 -1
- package/script/auth/browser_recovery.d.ts +22 -0
- package/script/auth/browser_recovery.d.ts.map +1 -0
- package/script/auth/browser_recovery.js +242 -0
- package/script/auth/mod.d.ts +2 -2
- package/script/auth/mod.d.ts.map +1 -1
- package/script/auth/mod.js +14 -5
- package/script/auth/protocol.d.ts +1 -0
- package/script/auth/protocol.d.ts.map +1 -1
- package/script/auth/protocol.js +1 -0
- package/script/auth/schemas.d.ts +26 -0
- package/script/auth/schemas.d.ts.map +1 -1
- package/script/auth/schemas.js +37 -1
- package/script/browser.d.ts +2 -2
- package/script/browser.d.ts.map +1 -1
- package/script/browser.js +4 -2
- package/script/client_connect.js +1 -1
- package/script/generated-sdk/auth/api.d.ts +1 -4
- package/script/generated-sdk/auth/api.d.ts.map +1 -1
- package/script/generated-sdk/auth/api.js +1 -6
- package/script/generated-sdk/auth/client.d.ts +0 -15
- package/script/generated-sdk/auth/client.d.ts.map +1 -1
- package/script/generated-sdk/auth/contract.d.ts +1 -1
- package/script/generated-sdk/auth/contract.d.ts.map +1 -1
- package/script/generated-sdk/auth/contract.js +11 -3
- package/script/generated-sdk/auth/schemas.d.ts +2 -0
- package/script/generated-sdk/auth/schemas.d.ts.map +1 -1
- package/script/generated-sdk/auth/schemas.js +2 -0
- package/script/generated-sdk/auth/types.d.ts +4 -2
- package/script/generated-sdk/auth/types.d.ts.map +1 -1
- package/script/generated-sdk/auth/types.js +1 -1
- package/script/generated-sdk/trellis-core/api.d.ts +1 -4
- package/script/generated-sdk/trellis-core/api.d.ts.map +1 -1
- package/script/generated-sdk/trellis-core/api.js +1 -6
- package/script/generated-sdk/trellis-core/client.d.ts +3 -28
- package/script/generated-sdk/trellis-core/client.d.ts.map +1 -1
- package/script/models/auth/rpc/Logout.d.ts.map +1 -1
- package/script/models/auth/rpc/Logout.js +2 -2
- package/src/auth/browser/login.ts +12 -8
- package/src/auth/browser/logout.ts +114 -0
- package/src/auth/browser/portal.ts +1 -0
- package/src/auth/browser/session.ts +15 -0
- package/src/auth/browser.ts +22 -0
- package/src/auth/browser_recovery.ts +319 -0
- package/src/auth/mod.ts +16 -0
- package/src/auth/protocol.ts +1 -0
- package/src/auth/schemas.ts +58 -0
- package/src/browser.ts +4 -0
- package/src/client_connect.ts +1 -1
- package/src/models/auth/rpc/Logout.ts +2 -0
- package/src/sdk/_generated/auth/api.ts +2 -9
- package/src/sdk/_generated/auth/client.ts +0 -37
- package/src/sdk/_generated/auth/contract.ts +11 -3
- package/src/sdk/_generated/auth/schemas.ts +2 -0
- package/src/sdk/_generated/auth/types.ts +2 -2
- package/src/sdk/_generated/core/api.ts +2 -9
- package/src/sdk/_generated/core/client.ts +2 -41
|
@@ -4,31 +4,32 @@ export type { AuthStartFlowResponse, AuthStartRequest, AuthStartResponse, BindRe
|
|
|
4
4
|
export type AuthConfig = {
|
|
5
5
|
authUrl: string;
|
|
6
6
|
};
|
|
7
|
-
|
|
8
|
-
export declare function buildLoginUrl(args: {
|
|
7
|
+
type StartAuthRequestArgs = {
|
|
9
8
|
authUrl: string;
|
|
10
9
|
provider?: string;
|
|
11
10
|
redirectTo: string;
|
|
12
11
|
handle: SessionKeyHandle;
|
|
13
12
|
contract: Record<string, unknown>;
|
|
14
13
|
context?: unknown;
|
|
15
|
-
}
|
|
14
|
+
};
|
|
15
|
+
export declare function buildLoginUrl(config: AuthConfig, provider: string | undefined, redirectTo: string, handle: SessionKeyHandle, contract: Record<string, unknown>, context?: unknown): Promise<string>;
|
|
16
16
|
export declare function buildLoginUrl(args: {
|
|
17
|
-
|
|
17
|
+
authUrl: string;
|
|
18
18
|
provider?: string;
|
|
19
19
|
redirectTo: string;
|
|
20
20
|
handle: SessionKeyHandle;
|
|
21
21
|
contract: Record<string, unknown>;
|
|
22
22
|
context?: unknown;
|
|
23
23
|
}): Promise<string>;
|
|
24
|
-
export declare function
|
|
25
|
-
|
|
24
|
+
export declare function buildLoginUrl(args: {
|
|
25
|
+
config: AuthConfig;
|
|
26
26
|
provider?: string;
|
|
27
27
|
redirectTo: string;
|
|
28
28
|
handle: SessionKeyHandle;
|
|
29
29
|
contract: Record<string, unknown>;
|
|
30
30
|
context?: unknown;
|
|
31
|
-
}): Promise<
|
|
31
|
+
}): Promise<string>;
|
|
32
|
+
export declare function startAuthRequest(args: StartAuthRequestArgs): Promise<AuthStartResponse>;
|
|
32
33
|
export declare function isBindSuccessResponse(response: BindResponse): response is BindSuccessResponse;
|
|
33
34
|
export declare function bindFlow(config: AuthConfig, handle: SessionKeyHandle, flowId: string): Promise<BindResponse>;
|
|
34
35
|
//# sourceMappingURL=login.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAGL,KAAK,iBAAiB,EAEtB,KAAK,YAAY,EAEjB,KAAK,mBAAmB,EAEzB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;
|
|
1
|
+
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAGL,KAAK,iBAAiB,EAEtB,KAAK,YAAY,EAEjB,KAAK,mBAAmB,EAEzB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAoBF,KAAK,oBAAoB,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AASF,wBAAsB,aAAa,CACjC,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,EACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,MAAM,CAAC,CAAC;AACnB,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;AACnB,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;AA0CnB,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,iBAAiB,CAAC,CAqD5B;AA0ED,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,YAAY,GACrB,QAAQ,IAAI,mBAAmB,CAEjC;AAED,wBAAsB,QAAQ,CAC5B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CAwBvB"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { type AuthLogoutResponse } from "../schemas.js";
|
|
2
|
+
import { type SessionKeyHandle } from "./session.js";
|
|
3
|
+
type LogoutLocation = Pick<Location, "href"> & Partial<Pick<Location, "assign">>;
|
|
4
|
+
export type CompleteSessionLogoutArgs = {
|
|
5
|
+
authUrl: string;
|
|
6
|
+
handle: SessionKeyHandle;
|
|
7
|
+
returnTo?: string;
|
|
8
|
+
providerLogout?: boolean;
|
|
9
|
+
federatedProviderLogout?: boolean;
|
|
10
|
+
location?: LogoutLocation;
|
|
11
|
+
};
|
|
12
|
+
export declare function logoutSession(args: {
|
|
13
|
+
authUrl: string;
|
|
14
|
+
handle: SessionKeyHandle;
|
|
15
|
+
returnTo?: string;
|
|
16
|
+
providerLogout?: boolean;
|
|
17
|
+
federatedProviderLogout?: boolean;
|
|
18
|
+
responseMode?: "json";
|
|
19
|
+
fetch?: typeof fetch;
|
|
20
|
+
}): Promise<AuthLogoutResponse>;
|
|
21
|
+
export declare function completeSessionLogout(args: CompleteSessionLogoutArgs): Promise<never>;
|
|
22
|
+
export {};
|
|
23
|
+
//# sourceMappingURL=logout.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/logout.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,eAAe,CAAC;AACvB,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,cAAc,CAAC;AAEtB,KAAK,cAAc,GACf,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,GACtB,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;AAEtC,MAAM,MAAM,yBAAyB,GAAG;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B,CAAC;AAEF,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAgD9B;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,KAAK,CAAC,CAuBhB"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import { Value } from "typebox/value";
|
|
2
|
+
import { AuthLogoutResponseSchema, } from "../schemas.js";
|
|
3
|
+
import { clearSessionKey, logoutSessionSig, } from "./session.js";
|
|
4
|
+
export async function logoutSession(args) {
|
|
5
|
+
const iat = Math.floor(Date.now() / 1000);
|
|
6
|
+
const responseMode = args.responseMode ?? "json";
|
|
7
|
+
const sig = await logoutSessionSig(args.handle, {
|
|
8
|
+
iat,
|
|
9
|
+
...(args.providerLogout === undefined
|
|
10
|
+
? {}
|
|
11
|
+
: { providerLogout: args.providerLogout }),
|
|
12
|
+
...(args.federatedProviderLogout === undefined
|
|
13
|
+
? {}
|
|
14
|
+
: { federatedProviderLogout: args.federatedProviderLogout }),
|
|
15
|
+
...(args.returnTo === undefined ? {} : { returnTo: args.returnTo }),
|
|
16
|
+
responseMode,
|
|
17
|
+
});
|
|
18
|
+
const body = {
|
|
19
|
+
sessionKey: args.handle.sessionKey,
|
|
20
|
+
iat,
|
|
21
|
+
sig,
|
|
22
|
+
...(args.providerLogout === undefined
|
|
23
|
+
? {}
|
|
24
|
+
: { providerLogout: args.providerLogout }),
|
|
25
|
+
...(args.federatedProviderLogout === undefined
|
|
26
|
+
? {}
|
|
27
|
+
: { federatedProviderLogout: args.federatedProviderLogout }),
|
|
28
|
+
...(args.returnTo === undefined ? {} : { returnTo: args.returnTo }),
|
|
29
|
+
responseMode,
|
|
30
|
+
};
|
|
31
|
+
const fetchImpl = args.fetch ?? globalThis.fetch;
|
|
32
|
+
const response = await fetchImpl(logoutUrl(args.authUrl), {
|
|
33
|
+
method: "POST",
|
|
34
|
+
headers: { "content-type": "application/json" },
|
|
35
|
+
body: JSON.stringify(body),
|
|
36
|
+
});
|
|
37
|
+
if (!response.ok) {
|
|
38
|
+
throw new Error(`Logout request failed with HTTP ${response.status}`);
|
|
39
|
+
}
|
|
40
|
+
let parsed;
|
|
41
|
+
try {
|
|
42
|
+
parsed = await response.json();
|
|
43
|
+
}
|
|
44
|
+
catch (cause) {
|
|
45
|
+
throw new Error("Logout response was not valid JSON", { cause });
|
|
46
|
+
}
|
|
47
|
+
if (!Value.Check(AuthLogoutResponseSchema, parsed)) {
|
|
48
|
+
throw new Error("Logout response did not match expected schema");
|
|
49
|
+
}
|
|
50
|
+
return parsed;
|
|
51
|
+
}
|
|
52
|
+
export async function completeSessionLogout(args) {
|
|
53
|
+
let response;
|
|
54
|
+
try {
|
|
55
|
+
response = await logoutSession(args);
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
response = undefined;
|
|
59
|
+
}
|
|
60
|
+
finally {
|
|
61
|
+
try {
|
|
62
|
+
await clearSessionKey();
|
|
63
|
+
}
|
|
64
|
+
catch {
|
|
65
|
+
// Preserve logout completion in non-browser/test runtimes without IndexedDB.
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
const target = response?.redirectTo ?? args.returnTo ?? "/";
|
|
69
|
+
const location = args.location ?? globalThis.location;
|
|
70
|
+
if (typeof location.assign === "function") {
|
|
71
|
+
location.assign(target);
|
|
72
|
+
}
|
|
73
|
+
else {
|
|
74
|
+
location.href = target;
|
|
75
|
+
}
|
|
76
|
+
throw new Error("Redirecting after logout");
|
|
77
|
+
}
|
|
78
|
+
function logoutUrl(authUrl) {
|
|
79
|
+
return `${authUrl.replace(/\/+$/, "")}/auth/sessions/logout`;
|
|
80
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAMtD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAE3D;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,CAKR;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkB1B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,eAAe,GAAG,IAAI,GAC5B,MAAM,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAMtD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAE3D;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,CAKR;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkB1B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,eAAe,GAAG,IAAI,GAC5B,MAAM,GAAG,IAAI,CAKf"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { type LogoutSignaturePayloadInput } from "../schemas.js";
|
|
1
2
|
export type SessionKeyHandle = {
|
|
2
3
|
privateKey: CryptoKey;
|
|
3
4
|
publicKey: CryptoKey;
|
|
@@ -23,6 +24,7 @@ export declare function getPublicSessionKey(handle: SessionKeyHandle): string;
|
|
|
23
24
|
export declare function oauthInitSig(handle: SessionKeyHandle, redirectTo: string, context?: unknown, provider?: string, contract?: Record<string, unknown> | string): Promise<string>;
|
|
24
25
|
export declare function bindFlowSig(handle: SessionKeyHandle, flowId: string): Promise<string>;
|
|
25
26
|
export declare function natsConnectSigForIat(handle: SessionKeyHandle, iat: number, contractDigest: string): Promise<string>;
|
|
27
|
+
export declare function logoutSessionSig(handle: SessionKeyHandle, input: LogoutSignaturePayloadInput): Promise<string>;
|
|
26
28
|
export declare function createRpcProof(handle: SessionKeyHandle, subject: string, payload: Uint8Array, requestId: string, iat: number): Promise<string>;
|
|
27
29
|
export declare function clearSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<void>;
|
|
28
30
|
export declare function hasSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/session.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/session.ts"],"names":[],"mappings":"AAQA,OAAO,EAEL,KAAK,2BAA2B,EACjC,MAAM,eAAe,CAAC;AASvB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gDAAgD;IAChD,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,0EAA0E;IAC1E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAWF,wBAAsB,kBAAkB,CACtC,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CA8B3B;AAED,wBAAsB,cAAc,CAClC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAalC;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CAI3B;AAED,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAOrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAEpE;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,OAAO,EACjB,QAAQ,CAAC,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAC1C,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED,wBAAsB,WAAW,CAC/B,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC,CAQjB;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,gBAAgB,EACxB,KAAK,EAAE,2BAA2B,GACjC,OAAO,CAAC,MAAM,CAAC,CAMjB;AAED,wBAAsB,cAAc,CAClC,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,wBAAsB,eAAe,CACnC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,aAAa,CACjC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,OAAO,CAAC,CAIlB"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { base64urlEncode, canonicalizeJsonValue, sha256, toArrayBuffer, utf8, } from "../utils.js";
|
|
2
2
|
import { createProof } from "../proof.js";
|
|
3
|
+
import { buildLogoutSignaturePayload, } from "../schemas.js";
|
|
3
4
|
import { buildNatsConnectSignaturePayload } from "../session_auth.js";
|
|
4
5
|
import { deleteKeyPair, hasKeyPair, loadKeyPair, storeKeyPair, } from "./storage.js";
|
|
5
6
|
let temporarySessionKey = null;
|
|
@@ -82,6 +83,11 @@ export async function natsConnectSigForIat(handle, iat, contractDigest) {
|
|
|
82
83
|
const sig = await signBytes(handle, digest);
|
|
83
84
|
return base64urlEncode(sig);
|
|
84
85
|
}
|
|
86
|
+
export async function logoutSessionSig(handle, input) {
|
|
87
|
+
const digest = await sha256(utf8(`logout-session:${buildLogoutSignaturePayload(input)}`));
|
|
88
|
+
const sig = await signBytes(handle, digest);
|
|
89
|
+
return base64urlEncode(sig);
|
|
90
|
+
}
|
|
85
91
|
export async function createRpcProof(handle, subject, payload, requestId, iat) {
|
|
86
92
|
const payloadHash = await sha256(payload);
|
|
87
93
|
return await createProof(handle.privateKey, {
|
package/esm/auth/browser.d.ts
CHANGED
|
@@ -5,10 +5,13 @@
|
|
|
5
5
|
*/
|
|
6
6
|
import "../_dnt.polyfills.js";
|
|
7
7
|
export { type AuthConfig, type AuthStartFlowResponse, type AuthStartRequest, type AuthStartResponse, bindFlow, type BindResponse, type BindSuccessResponse, buildLoginUrl, isBindSuccessResponse, type SentinelCreds, startAuthRequest, } from "./browser/login.js";
|
|
8
|
+
export { completeSessionLogout, type CompleteSessionLogoutArgs, logoutSession, } from "./browser/logout.js";
|
|
8
9
|
export { type ApprovalDecision, fetchPortalFlowState, portalFlowIdFromUrl, type PortalFlowState, type PortalFlowState as BrowserPortalFlowState, portalProviderLoginUrl, portalRedirectLocation, submitPortalApproval, } from "./browser/portal.js";
|
|
9
|
-
export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, natsConnectSigForIat, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, } from "./browser/session.js";
|
|
10
|
+
export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, logoutSessionSig, natsConnectSigForIat, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, } from "./browser/session.js";
|
|
10
11
|
export { deleteKeyPair, hasKeyPair } from "./browser/storage.js";
|
|
11
|
-
export {
|
|
12
|
+
export { classifyBrowserAuthError, isRecoverableBrowserAuthError, } from "./browser_recovery.js";
|
|
13
|
+
export type { BrowserAuthRecoveryClassification, BrowserAuthRecoveryKind, } from "./browser_recovery.js";
|
|
14
|
+
export { approvalCapabilityKeys, type ApprovalDecision as ApprovalDecisionData, ApprovalDecisionSchema, type AuthLogoutRequest as AuthLogoutRequestData, AuthLogoutRequestSchema, type AuthLogoutResponse as AuthLogoutResponseData, type AuthLogoutResponseMode as AuthLogoutResponseModeData, AuthLogoutResponseModeSchema, AuthLogoutResponseSchema, type AuthStartFlowResponse as AuthStartFlowResponseData, AuthStartFlowResponseSchema, type AuthStartRequest as AuthStartRequestData, AuthStartRequestSchema, type AuthStartResponse as AuthStartResponseData, AuthStartResponseSchema, type BindResponse as BindResponseData, BindResponseSchema, type BindSuccessResponse as BindSuccessResponseData, BindSuccessResponseSchema, buildLogoutSignaturePayload, type ClientTransportEndpoints as ClientTransportEndpointsData, ClientTransportEndpointsSchema, type ClientTransports as ClientTransportsData, ClientTransportsSchema, type ContractApproval as ContractApprovalData, type ContractApprovalCapability as ContractApprovalCapabilityData, ContractApprovalSchema, type LogoutSignaturePayloadInput as LogoutSignaturePayloadInputData, type NatsAuthTokenV1 as NatsAuthTokenV1Data, NatsAuthTokenV1Schema, type SentinelCreds as SentinelCredsData, SentinelCredsSchema, } from "./schemas.js";
|
|
12
15
|
export type { NatsAuthTokenV1 } from "./types.js";
|
|
13
16
|
export { base64urlDecode, base64urlEncode, sha256, toArrayBuffer, utf8, } from "./utils.js";
|
|
14
17
|
//# sourceMappingURL=browser.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/auth/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,aAAa,EACb,qBAAqB,EACrB,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,KAAK,gBAAgB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,IAAI,sBAAsB,EAC9C,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,qBAAqB,IAAI,yBAAyB,EACvD,2BAA2B,EAC3B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,YAAY,IAAI,gBAAgB,EACrC,kBAAkB,EAClB,KAAK,mBAAmB,IAAI,uBAAuB,EACnD,yBAAyB,EACzB,KAAK,wBAAwB,IAAI,4BAA4B,EAC7D,8BAA8B,EAC9B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,0BAA0B,IAAI,8BAA8B,EACjE,sBAAsB,EACtB,KAAK,eAAe,IAAI,mBAAmB,EAC3C,qBAAqB,EACrB,KAAK,aAAa,IAAI,iBAAiB,EACvC,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,eAAe,EACf,eAAe,EACf,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/auth/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,aAAa,EACb,qBAAqB,EACrB,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,aAAa,GACd,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,KAAK,gBAAgB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,IAAI,sBAAsB,EAC9C,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EACL,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EACV,iCAAiC,EACjC,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,kBAAkB,IAAI,sBAAsB,EACjD,KAAK,sBAAsB,IAAI,0BAA0B,EACzD,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,qBAAqB,IAAI,yBAAyB,EACvD,2BAA2B,EAC3B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,YAAY,IAAI,gBAAgB,EACrC,kBAAkB,EAClB,KAAK,mBAAmB,IAAI,uBAAuB,EACnD,yBAAyB,EACzB,2BAA2B,EAC3B,KAAK,wBAAwB,IAAI,4BAA4B,EAC7D,8BAA8B,EAC9B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,0BAA0B,IAAI,8BAA8B,EACjE,sBAAsB,EACtB,KAAK,2BAA2B,IAAI,+BAA+B,EACnE,KAAK,eAAe,IAAI,mBAAmB,EAC3C,qBAAqB,EACrB,KAAK,aAAa,IAAI,iBAAiB,EACvC,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,eAAe,EACf,eAAe,EACf,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
package/esm/auth/browser.js
CHANGED
|
@@ -4,8 +4,10 @@
|
|
|
4
4
|
* Uses WebCrypto API and IndexedDB for secure key storage.
|
|
5
5
|
*/
|
|
6
6
|
export { bindFlow, buildLoginUrl, isBindSuccessResponse, startAuthRequest, } from "./browser/login.js";
|
|
7
|
+
export { completeSessionLogout, logoutSession, } from "./browser/logout.js";
|
|
7
8
|
export { fetchPortalFlowState, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, submitPortalApproval, } from "./browser/portal.js";
|
|
8
|
-
export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, natsConnectSigForIat, signBytes, } from "./browser/session.js";
|
|
9
|
+
export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, logoutSessionSig, natsConnectSigForIat, signBytes, } from "./browser/session.js";
|
|
9
10
|
export { deleteKeyPair, hasKeyPair } from "./browser/storage.js";
|
|
10
|
-
export {
|
|
11
|
+
export { classifyBrowserAuthError, isRecoverableBrowserAuthError, } from "./browser_recovery.js";
|
|
12
|
+
export { approvalCapabilityKeys, ApprovalDecisionSchema, AuthLogoutRequestSchema, AuthLogoutResponseModeSchema, AuthLogoutResponseSchema, AuthStartFlowResponseSchema, AuthStartRequestSchema, AuthStartResponseSchema, BindResponseSchema, BindSuccessResponseSchema, buildLogoutSignaturePayload, ClientTransportEndpointsSchema, ClientTransportsSchema, ContractApprovalSchema, NatsAuthTokenV1Schema, SentinelCredsSchema, } from "./schemas.js";
|
|
11
13
|
export { base64urlDecode, base64urlEncode, sha256, toArrayBuffer, utf8, } from "./utils.js";
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/** Browser auth recovery classification helpers. */
|
|
2
|
+
/** Stable browser-auth recovery categories for app-owned recovery flows. */
|
|
3
|
+
export type BrowserAuthRecoveryKind = "recoverable_stale_session" | "recoverable_expired_flow" | "recoverable_auth_required" | "policy_denied" | "insufficient_capabilities" | "runtime_unavailable" | "unknown";
|
|
4
|
+
/** Classification result for a browser-auth related failure. */
|
|
5
|
+
export type BrowserAuthRecoveryClassification = {
|
|
6
|
+
kind: BrowserAuthRecoveryKind;
|
|
7
|
+
recoverable: boolean;
|
|
8
|
+
reason?: string;
|
|
9
|
+
code?: string;
|
|
10
|
+
};
|
|
11
|
+
/**
|
|
12
|
+
* Classifies browser auth, bootstrap, callback, and transport-like failures.
|
|
13
|
+
*
|
|
14
|
+
* The classifier accepts raw errors, serialized Trellis errors, nested causes,
|
|
15
|
+
* and nested remote errors. Recoverable classifications are intended for
|
|
16
|
+
* app-owned flows that can clear stale auth and restart sign-in without showing a
|
|
17
|
+
* user-facing terminal error.
|
|
18
|
+
*/
|
|
19
|
+
export declare function classifyBrowserAuthError(error: unknown): BrowserAuthRecoveryClassification;
|
|
20
|
+
/** Returns whether a browser auth error can silently restart sign-in. */
|
|
21
|
+
export declare function isRecoverableBrowserAuthError(error: unknown): boolean;
|
|
22
|
+
//# sourceMappingURL=browser_recovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"browser_recovery.d.ts","sourceRoot":"","sources":["../../src/auth/browser_recovery.ts"],"names":[],"mappings":"AAAA,oDAAoD;AAEpD,4EAA4E;AAC5E,MAAM,MAAM,uBAAuB,GAC/B,2BAA2B,GAC3B,0BAA0B,GAC1B,2BAA2B,GAC3B,eAAe,GACf,2BAA2B,GAC3B,qBAAqB,GACrB,SAAS,CAAC;AAEd,gEAAgE;AAChE,MAAM,MAAM,iCAAiC,GAAG;IAC9C,IAAI,EAAE,uBAAuB,CAAC;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAsNF;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,OAAO,GACb,iCAAiC,CAuEnC;AAED,yEAAyE;AACzE,wBAAgB,6BAA6B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAErE"}
|
|
@@ -0,0 +1,238 @@
|
|
|
1
|
+
/** Browser auth recovery classification helpers. */
|
|
2
|
+
const MAX_ERROR_DEPTH = 8;
|
|
3
|
+
function isRecord(value) {
|
|
4
|
+
return value !== null && typeof value === "object";
|
|
5
|
+
}
|
|
6
|
+
function stringProperty(record, property) {
|
|
7
|
+
const value = record[property];
|
|
8
|
+
return typeof value === "string" ? value : undefined;
|
|
9
|
+
}
|
|
10
|
+
function normalize(value) {
|
|
11
|
+
return value.trim().toLowerCase().replaceAll("-", "_").replaceAll(" ", "_");
|
|
12
|
+
}
|
|
13
|
+
function signalValue(signal) {
|
|
14
|
+
return signal.code ?? signal.reason ?? signal.message;
|
|
15
|
+
}
|
|
16
|
+
function classification(kind, recoverable, signal) {
|
|
17
|
+
const reason = signal?.reason ?? signalValue(signal ?? {});
|
|
18
|
+
return {
|
|
19
|
+
kind,
|
|
20
|
+
recoverable,
|
|
21
|
+
...(reason ? { reason } : {}),
|
|
22
|
+
...(signal?.code ? { code: signal.code } : {}),
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
function maybeSerializable(value) {
|
|
26
|
+
if (!isRecord(value))
|
|
27
|
+
return undefined;
|
|
28
|
+
const toSerializable = value.toSerializable;
|
|
29
|
+
if (typeof toSerializable !== "function")
|
|
30
|
+
return undefined;
|
|
31
|
+
try {
|
|
32
|
+
return toSerializable.call(value);
|
|
33
|
+
}
|
|
34
|
+
catch {
|
|
35
|
+
return undefined;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
function pushRecordSignals(record, signals, queue) {
|
|
39
|
+
const message = stringProperty(record, "message");
|
|
40
|
+
const code = stringProperty(record, "code") ??
|
|
41
|
+
stringProperty(record, "error");
|
|
42
|
+
const reason = stringProperty(record, "reason") ??
|
|
43
|
+
stringProperty(record, "status");
|
|
44
|
+
if (message || code || reason) {
|
|
45
|
+
signals.push({
|
|
46
|
+
...(code ? { code } : {}),
|
|
47
|
+
...(reason ? { reason } : {}),
|
|
48
|
+
...(message ? { message } : {}),
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
const context = record.context;
|
|
52
|
+
if (isRecord(context)) {
|
|
53
|
+
const contextReason = stringProperty(context, "reason");
|
|
54
|
+
const causeMessage = stringProperty(context, "causeMessage");
|
|
55
|
+
const contextCode = stringProperty(context, "code");
|
|
56
|
+
const contextMessage = stringProperty(context, "message");
|
|
57
|
+
if (contextReason || causeMessage || contextCode || contextMessage) {
|
|
58
|
+
signals.push({
|
|
59
|
+
...(contextCode ? { code: contextCode } : {}),
|
|
60
|
+
...(contextReason ? { reason: contextReason } : {}),
|
|
61
|
+
...(causeMessage ?? contextMessage
|
|
62
|
+
? { message: causeMessage ?? contextMessage }
|
|
63
|
+
: {}),
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
for (const nested of [context.cause, context.error, context.remoteError]) {
|
|
67
|
+
if (nested !== undefined)
|
|
68
|
+
queue.push(nested);
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
for (const nested of [record.cause, record.error, record.remoteError]) {
|
|
72
|
+
if (nested !== undefined)
|
|
73
|
+
queue.push(nested);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
function collectErrorSignals(error) {
|
|
77
|
+
const signals = [];
|
|
78
|
+
const queue = [error];
|
|
79
|
+
const seen = new WeakSet();
|
|
80
|
+
let depth = 0;
|
|
81
|
+
while (queue.length > 0 && depth < MAX_ERROR_DEPTH) {
|
|
82
|
+
depth += 1;
|
|
83
|
+
const value = queue.shift();
|
|
84
|
+
if (typeof value === "string") {
|
|
85
|
+
signals.push({ message: value });
|
|
86
|
+
continue;
|
|
87
|
+
}
|
|
88
|
+
if (!isRecord(value))
|
|
89
|
+
continue;
|
|
90
|
+
if (seen.has(value))
|
|
91
|
+
continue;
|
|
92
|
+
seen.add(value);
|
|
93
|
+
if (value instanceof Error) {
|
|
94
|
+
signals.push({ message: value.message });
|
|
95
|
+
}
|
|
96
|
+
pushRecordSignals(value, signals, queue);
|
|
97
|
+
const serialized = maybeSerializable(value);
|
|
98
|
+
if (serialized && serialized !== value)
|
|
99
|
+
queue.push(serialized);
|
|
100
|
+
}
|
|
101
|
+
return signals;
|
|
102
|
+
}
|
|
103
|
+
function hasNormalizedValue(signals, values) {
|
|
104
|
+
for (const signal of signals) {
|
|
105
|
+
for (const value of [signal.code, signal.reason]) {
|
|
106
|
+
if (value && values.has(normalize(value)))
|
|
107
|
+
return signal;
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
return undefined;
|
|
111
|
+
}
|
|
112
|
+
function hasMessagePattern(signals, patterns) {
|
|
113
|
+
for (const signal of signals) {
|
|
114
|
+
const message = signal.message;
|
|
115
|
+
if (!message)
|
|
116
|
+
continue;
|
|
117
|
+
const normalized = message.toLowerCase();
|
|
118
|
+
if (patterns.some((pattern) => pattern.test(normalized)))
|
|
119
|
+
return signal;
|
|
120
|
+
}
|
|
121
|
+
return undefined;
|
|
122
|
+
}
|
|
123
|
+
function insufficientPermissionsAuthSignal(signals) {
|
|
124
|
+
for (const signal of signals) {
|
|
125
|
+
const reason = signal.reason ? normalize(signal.reason) : undefined;
|
|
126
|
+
const code = signal.code ? normalize(signal.code) : undefined;
|
|
127
|
+
if (reason !== "insufficient_permissions")
|
|
128
|
+
continue;
|
|
129
|
+
if (code === "trellis.bootstrap.auth_required")
|
|
130
|
+
return signal;
|
|
131
|
+
const message = signal.message?.toLowerCase() ?? "";
|
|
132
|
+
if (message.includes("auth required") ||
|
|
133
|
+
message.includes("requires sign-in") ||
|
|
134
|
+
message.includes("requires signin") ||
|
|
135
|
+
message.includes("stale") ||
|
|
136
|
+
message.includes("session")) {
|
|
137
|
+
return signal;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
return undefined;
|
|
141
|
+
}
|
|
142
|
+
const APPROVAL_DENIED_VALUES = new Set([
|
|
143
|
+
"approval_denied",
|
|
144
|
+
"trellis.auth.approval_denied",
|
|
145
|
+
]);
|
|
146
|
+
const INSUFFICIENT_CAPABILITIES_VALUES = new Set([
|
|
147
|
+
"insufficient_capabilities",
|
|
148
|
+
"trellis.auth.insufficient_capabilities",
|
|
149
|
+
]);
|
|
150
|
+
const RUNTIME_UNAVAILABLE_VALUES = new Set([
|
|
151
|
+
"trellis.bootstrap.not_ready",
|
|
152
|
+
"trellis.runtime.unavailable",
|
|
153
|
+
"runtime_unavailable",
|
|
154
|
+
]);
|
|
155
|
+
const EXPIRED_FLOW_VALUES = new Set([
|
|
156
|
+
"flow_expired",
|
|
157
|
+
"expired",
|
|
158
|
+
"trellis.auth.bind_expired",
|
|
159
|
+
"trellis.auth.flow_expired",
|
|
160
|
+
]);
|
|
161
|
+
const STALE_SESSION_VALUES = new Set([
|
|
162
|
+
"session_not_found",
|
|
163
|
+
"session_expired",
|
|
164
|
+
"user_not_found",
|
|
165
|
+
"contract_not_active",
|
|
166
|
+
"trellis.auth.session_not_found",
|
|
167
|
+
"trellis.auth.session_expired",
|
|
168
|
+
"trellis.auth.user_not_found",
|
|
169
|
+
"trellis.auth.contract_not_active",
|
|
170
|
+
]);
|
|
171
|
+
const AUTH_REQUIRED_VALUES = new Set([
|
|
172
|
+
"auth_required",
|
|
173
|
+
"trellis.bootstrap.auth_required",
|
|
174
|
+
"trellis.auth.login_failed",
|
|
175
|
+
]);
|
|
176
|
+
/**
|
|
177
|
+
* Classifies browser auth, bootstrap, callback, and transport-like failures.
|
|
178
|
+
*
|
|
179
|
+
* The classifier accepts raw errors, serialized Trellis errors, nested causes,
|
|
180
|
+
* and nested remote errors. Recoverable classifications are intended for
|
|
181
|
+
* app-owned flows that can clear stale auth and restart sign-in without showing a
|
|
182
|
+
* user-facing terminal error.
|
|
183
|
+
*/
|
|
184
|
+
export function classifyBrowserAuthError(error) {
|
|
185
|
+
const signals = collectErrorSignals(error);
|
|
186
|
+
const approvalDenied = hasNormalizedValue(signals, APPROVAL_DENIED_VALUES) ??
|
|
187
|
+
hasMessagePattern(signals, [/approval .*denied/, /access .*denied/]);
|
|
188
|
+
if (approvalDenied) {
|
|
189
|
+
return classification("policy_denied", false, approvalDenied);
|
|
190
|
+
}
|
|
191
|
+
const inactiveOrInvalid = hasNormalizedValue(signals, new Set(["invalid_credentials", "user_inactive", "inactive_account"])) ?? hasMessagePattern(signals, [
|
|
192
|
+
/invalid credential/,
|
|
193
|
+
/inactive account/,
|
|
194
|
+
/user inactive/,
|
|
195
|
+
]);
|
|
196
|
+
if (inactiveOrInvalid) {
|
|
197
|
+
return classification("policy_denied", false, inactiveOrInvalid);
|
|
198
|
+
}
|
|
199
|
+
const insufficientCapabilities = hasNormalizedValue(signals, INSUFFICIENT_CAPABILITIES_VALUES) ?? hasMessagePattern(signals, [/insufficient capabilit/]);
|
|
200
|
+
if (insufficientCapabilities) {
|
|
201
|
+
return classification("insufficient_capabilities", false, insufficientCapabilities);
|
|
202
|
+
}
|
|
203
|
+
const runtimeUnavailable = hasNormalizedValue(signals, RUNTIME_UNAVAILABLE_VALUES) ?? hasMessagePattern(signals, [/runtime unavailable/]);
|
|
204
|
+
if (runtimeUnavailable) {
|
|
205
|
+
return classification("runtime_unavailable", false, runtimeUnavailable);
|
|
206
|
+
}
|
|
207
|
+
const expiredFlow = hasNormalizedValue(signals, EXPIRED_FLOW_VALUES) ??
|
|
208
|
+
hasMessagePattern(signals, [/flow .*expired/, /sign\-in .*expired/]);
|
|
209
|
+
if (expiredFlow) {
|
|
210
|
+
return classification("recoverable_expired_flow", true, expiredFlow);
|
|
211
|
+
}
|
|
212
|
+
const staleSession = hasNormalizedValue(signals, STALE_SESSION_VALUES) ??
|
|
213
|
+
hasMessagePattern(signals, [
|
|
214
|
+
/session .*expired/,
|
|
215
|
+
/session .*not found/,
|
|
216
|
+
/user .*not found/,
|
|
217
|
+
/contract .*not active/,
|
|
218
|
+
]);
|
|
219
|
+
if (staleSession) {
|
|
220
|
+
return classification("recoverable_stale_session", true, staleSession);
|
|
221
|
+
}
|
|
222
|
+
const authRequired = hasNormalizedValue(signals, AUTH_REQUIRED_VALUES) ??
|
|
223
|
+
insufficientPermissionsAuthSignal(signals) ??
|
|
224
|
+
hasMessagePattern(signals, [
|
|
225
|
+
/auth required/,
|
|
226
|
+
/requires sign\-in/,
|
|
227
|
+
/requires signin/,
|
|
228
|
+
/requires authentication/,
|
|
229
|
+
]);
|
|
230
|
+
if (authRequired) {
|
|
231
|
+
return classification("recoverable_auth_required", true, authRequired);
|
|
232
|
+
}
|
|
233
|
+
return classification("unknown", false);
|
|
234
|
+
}
|
|
235
|
+
/** Returns whether a browser auth error can silently restart sign-in. */
|
|
236
|
+
export function isRecoverableBrowserAuthError(error) {
|
|
237
|
+
return classifyBrowserAuthError(error).recoverable;
|
|
238
|
+
}
|
package/esm/auth/mod.d.ts
CHANGED
|
@@ -8,10 +8,10 @@
|
|
|
8
8
|
* - Services load their session key seed from `TRELLIS_SESSION_KEY_SEED`.
|
|
9
9
|
*/
|
|
10
10
|
export { type AuthDeviceUserAuthoritiesListInput, type AuthDeviceUserAuthoritiesListOutput, type AuthDeviceUserAuthoritiesRevokeInput, type AuthDeviceUserAuthoritiesRevokeResponse, type AuthResolveDeviceUserAuthoritiesInput, type AuthResolveDeviceUserAuthoritiesOperation, type AuthResolveDeviceUserAuthoritiesOutput, type AuthResolveDeviceUserAuthoritiesProgress, buildDeviceActivationPayload, buildDeviceWaitProofInput, createDeviceActivationClient, createDeviceNatsAuthToken, deriveDeviceConfirmationCode, deriveDeviceIdentity, deriveDeviceQrMac, type DeviceActivationPayload, type DeviceActivationTransport, type DeviceActivationWaitRequest, type DeviceIdentity, encodeDeviceActivationPayload, getDeviceConnectInfo, type GetDeviceConnectInfoInput, type GetDeviceConnectInfoOutput, parseDeviceActivationPayload, signDeviceWaitRequest, startDeviceActivationRequest, verifyDeviceConfirmationCode, verifyDeviceWaitSignature, waitForDeviceActivation, type WaitForDeviceActivationResponse, } from "./device_activation.js";
|
|
11
|
-
export { type AuthConfig, bindFlow, buildLoginUrl, clearSessionKey, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, loadSessionKey, natsConnectSigForIat, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, startAuthRequest, submitPortalApproval, } from "./browser.js";
|
|
11
|
+
export { type AuthConfig, bindFlow, type BrowserAuthRecoveryClassification, type BrowserAuthRecoveryKind, buildLoginUrl, classifyBrowserAuthError, clearSessionKey, completeSessionLogout, type CompleteSessionLogoutArgs, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, isRecoverableBrowserAuthError, loadSessionKey, logoutSession, logoutSessionSig, natsConnectSigForIat, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, startAuthRequest, submitPortalApproval, } from "./browser.js";
|
|
12
12
|
export { buildProofInput, createProof, type ProofParams, verifyProof, } from "./proof.js";
|
|
13
13
|
export { ApprovalRecordViewSchema, AuthCapabilitiesListResponseSchema, AuthCapabilitiesListSchema, AuthCapabilityGroupsDeleteResponseSchema, AuthCapabilityGroupsDeleteSchema, AuthCapabilityGroupsGetResponseSchema, AuthCapabilityGroupsGetSchema, AuthCapabilityGroupsListResponseSchema, AuthCapabilityGroupsListSchema, AuthCapabilityGroupsPutResponseSchema, AuthCapabilityGroupsPutSchema, type AuthDeployment, type AuthDeploymentAuthorityAcceptMigrationInput, AuthDeploymentAuthorityAcceptMigrationSchema, type AuthDeploymentAuthorityAcceptResponse, AuthDeploymentAuthorityAcceptResponseSchema, type AuthDeploymentAuthorityAcceptUpdateInput, AuthDeploymentAuthorityAcceptUpdateSchema, type AuthDeploymentAuthorityGetInput, type AuthDeploymentAuthorityGetResponse, AuthDeploymentAuthorityGetResponseSchema, AuthDeploymentAuthorityGetSchema, type AuthDeploymentAuthorityGrantOverridesListInput, type AuthDeploymentAuthorityGrantOverridesListResponse, AuthDeploymentAuthorityGrantOverridesListResponseSchema, AuthDeploymentAuthorityGrantOverridesListSchema, type AuthDeploymentAuthorityGrantOverridesPutInput, AuthDeploymentAuthorityGrantOverridesPutSchema, type AuthDeploymentAuthorityGrantOverridesRemoveInput, AuthDeploymentAuthorityGrantOverridesRemoveSchema, type AuthDeploymentAuthorityGrantOverridesResponse, AuthDeploymentAuthorityGrantOverridesResponseSchema, type AuthDeploymentAuthorityListInput, type AuthDeploymentAuthorityListResponse, AuthDeploymentAuthorityListResponseSchema, AuthDeploymentAuthorityListSchema, type AuthDeploymentAuthorityPlanInput, type AuthDeploymentAuthorityPlanResponse, AuthDeploymentAuthorityPlanResponseSchema, AuthDeploymentAuthorityPlanSchema, type AuthDeploymentAuthorityPlansGetInput, type AuthDeploymentAuthorityPlansGetResponse, AuthDeploymentAuthorityPlansGetResponseSchema, AuthDeploymentAuthorityPlansGetSchema, type AuthDeploymentAuthorityPlansListInput, type AuthDeploymentAuthorityPlansListResponse, AuthDeploymentAuthorityPlansListResponseSchema, AuthDeploymentAuthorityPlansListSchema, type AuthDeploymentAuthorityReconcileInput, type AuthDeploymentAuthorityReconcileResponse, AuthDeploymentAuthorityReconcileResponseSchema, AuthDeploymentAuthorityReconcileSchema, type AuthDeploymentAuthorityRejectInput, type AuthDeploymentAuthorityRejectResponse, AuthDeploymentAuthorityRejectResponseSchema, AuthDeploymentAuthorityRejectSchema, type AuthDeploymentKind, AuthDeploymentKindSchema, AuthDeploymentSchema, AuthDeploymentsCreateResponseSchema, AuthDeploymentsCreateSchema, AuthDeploymentsDisableResponseSchema, AuthDeploymentsDisableSchema, AuthDeploymentsEnableResponseSchema, AuthDeploymentsEnableSchema, AuthDeploymentsListResponseSchema, AuthDeploymentsListSchema, AuthDeploymentsRemoveResponseSchema, AuthDeploymentsRemoveSchema, AuthDevicesConnectInfoGetResponseSchema, AuthDevicesConnectInfoGetSchema, AuthDevicesDisableResponseSchema, AuthDevicesDisableSchema, AuthDevicesEnableResponseSchema, AuthDevicesEnableSchema, AuthDevicesListResponseSchema, AuthDevicesListSchema, AuthDevicesProvisionResponseSchema, AuthDevicesProvisionSchema, AuthDevicesRemoveResponseSchema, AuthDevicesRemoveSchema, AuthDeviceUserAuthoritiesApprovedEventSchema, AuthDeviceUserAuthoritiesListResponseSchema, AuthDeviceUserAuthoritiesListSchema, AuthDeviceUserAuthoritiesRequestedEventSchema, AuthDeviceUserAuthoritiesResolvedEventSchema, AuthDeviceUserAuthoritiesReviewRequestedEventSchema, AuthDeviceUserAuthoritiesReviewsDecideResponseSchema, AuthDeviceUserAuthoritiesReviewsDecideSchema, AuthDeviceUserAuthoritiesReviewsListResponseSchema, AuthDeviceUserAuthoritiesReviewsListSchema, AuthDeviceUserAuthoritiesRevokeResponseSchema, AuthDeviceUserAuthoritiesRevokeSchema, type AuthenticatedDevice, AuthenticatedDeviceSchema, type AuthenticatedService, type AuthenticatedUser, AuthIdentitiesListResponseSchema, AuthIdentitiesListSchema, AuthIdentityGrantsListResponseSchema, AuthIdentityGrantsListSchema, AuthIdentityGrantsRevokeResponseSchema, AuthIdentityGrantsRevokeSchema, AuthPortalsGetResponseSchema, AuthPortalsGetSchema, AuthPortalsListResponseSchema, AuthPortalsListSchema, AuthPortalsLoginSettingsGetSchema, AuthPortalsLoginSettingsResponseSchema, AuthPortalsLoginSettingsUpdateSchema, AuthPortalsRoutesPutResponseSchema, AuthPortalsRoutesPutSchema, AuthPortalsRoutesRemoveResponseSchema, AuthPortalsRoutesRemoveSchema, AuthRequestsValidateResponseSchema, AuthRequestsValidateSchema, AuthResolveDeviceUserAuthoritiesProgressSchema, AuthResolveDeviceUserAuthoritiesResponseSchema, AuthResolveDeviceUserAuthoritiesSchema, AuthServiceInstancesDisableResponseSchema, AuthServiceInstancesDisableSchema, AuthServiceInstancesEnableResponseSchema, AuthServiceInstancesEnableSchema, AuthServiceInstancesListResponseSchema, AuthServiceInstancesListSchema, AuthServiceInstancesProvisionResponseSchema, AuthServiceInstancesProvisionSchema, AuthServiceInstancesRemoveResponseSchema, AuthServiceInstancesRemoveSchema, type AuthSessionsMeResponse, AuthSessionsMeResponseSchema, AuthSessionsMeSchema, AuthUserIdentitiesListResponseSchema, AuthUserIdentitiesListSchema, AuthUserIdentitiesUnlinkResponseSchema, AuthUserIdentitiesUnlinkSchema, AuthUsersAccountFlowCreateResponseSchema, AuthUsersCreateResponseSchema, AuthUsersCreateSchema, AuthUsersGetResponseSchema, AuthUsersGetSchema, AuthUsersIdentityLinkCreateSchema, AuthUsersListResponseSchema, AuthUsersListSchema, AuthUsersPasswordChangeResponseSchema, AuthUsersPasswordChangeSchema, AuthUsersPasswordResetCreateSchema, AuthUsersUpdateResponseSchema, AuthUsersUpdateSchema, CallerViewSchema, ContractAnalysisSchema, ContractAnalysisSummarySchema, type DeploymentAuthority, type DeploymentAuthorityCapability, type DeploymentAuthorityCapabilityNeed, DeploymentAuthorityCapabilityNeedSchema, DeploymentAuthorityCapabilitySchema, type DeploymentAuthorityContractNeed, DeploymentAuthorityContractNeedSchema, type DeploymentAuthorityGrantOverride, DeploymentAuthorityGrantOverrideSchema, type DeploymentAuthorityKind, DeploymentAuthorityKindSchema, type DeploymentAuthorityMaterialization, DeploymentAuthorityMaterializationSchema, type DeploymentAuthorityMigration, DeploymentAuthorityMigrationSchema, type DeploymentAuthorityNeeds, DeploymentAuthorityNeedsSchema, type DeploymentAuthorityPlan, DeploymentAuthorityPlanSchema, type DeploymentAuthorityProposal, DeploymentAuthorityProposalSchema, type DeploymentAuthorityReconciliationStatus, DeploymentAuthorityReconciliationStatusSchema, type DeploymentAuthorityResource, DeploymentAuthorityResourceKindSchema, type DeploymentAuthorityResourceNeed, DeploymentAuthorityResourceNeedSchema, DeploymentAuthorityResourceSchema, DeploymentAuthoritySchema, type DeploymentAuthoritySurface, DeploymentAuthoritySurfaceActionSchema, DeploymentAuthoritySurfaceKindSchema, type DeploymentAuthoritySurfaceNeed, DeploymentAuthoritySurfaceNeedSchema, DeploymentAuthoritySurfaceSchema, type DeploymentAuthorityUpdate, DeploymentAuthorityUpdateSchema, DeploymentPortalRouteSchema, DeploymentResourceBindingSchema, type DeviceActivationRecord, DeviceActivationRecordSchema, DeviceActivationReviewSchema, DeviceConnectInfoSchema, DeviceDeploymentSchema, DeviceSchema, DigestSchema, type FlowRegistrationAvailability, FlowRegistrationAvailabilitySchema, IdentityGrantViewSchema, ImplementationOfferSchema, type LoginPortalRecord, LoginPortalRecordSchema, type LoginPortalRoute, LoginPortalRouteSchema, type LoginPortalSettings, LoginPortalSettingsSchema, type LoginPortalSummary, LoginPortalSummarySchema, type MaterializedAuthorityCapabilityGrant, MaterializedAuthorityCapabilityGrantSchema, type MaterializedAuthorityGrant, type MaterializedAuthorityGrants, MaterializedAuthorityGrantsSchema, type MaterializedAuthorityNatsGrant, MaterializedAuthorityNatsGrantSchema, type MaterializedAuthorityNatsGrantSource, MaterializedAuthorityNatsGrantSourceSchema, type MaterializedAuthoritySurfaceGrant, MaterializedAuthoritySurfaceGrantSchema, OpenObjectSchema, type ParticipantKind, ParticipantKindSchema, type PortalFlowApp, type PortalFlowApproval, type PortalFlowApprovalDeniedState, type PortalFlowApprovalRequiredState, type PortalFlowChooseProviderState, type PortalFlowExpiredState, type PortalFlowInsufficientCapabilitiesState, type PortalFlowProvider, type PortalFlowRedirectState, type PortalFlowState, PortalFlowStateSchema, type PortalFlowUser, ServiceDeploymentSchema, ServiceInstanceSchema, UserViewSchema, WaitForDeviceActivationRequestSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.js";
|
|
14
|
-
export { approvalCapabilityKeys, type ApprovalDecision, ApprovalDecisionSchema, type AuthStartFlowResponse, AuthStartFlowResponseSchema, type AuthStartRequest, AuthStartRequestSchema, type AuthStartResponse, AuthStartResponseSchema, type BindResponse, BindResponseSchema, type BindSuccessResponse, BindSuccessResponseSchema, type ClientTransportEndpoints, ClientTransportEndpointsSchema, type ClientTransports, ClientTransportsSchema, type ContractApproval, type ContractApprovalCapability, ContractApprovalSchema, type NatsAuthTokenV1, NatsAuthTokenV1Schema, type SentinelCreds, SentinelCredsSchema, type UserParticipantKind, UserParticipantKindSchema, } from "./schemas.js";
|
|
14
|
+
export { approvalCapabilityKeys, type ApprovalDecision, ApprovalDecisionSchema, type AuthLogoutRequest, AuthLogoutRequestSchema, type AuthLogoutResponse, type AuthLogoutResponseMode, AuthLogoutResponseModeSchema, AuthLogoutResponseSchema, type AuthStartFlowResponse, AuthStartFlowResponseSchema, type AuthStartRequest, AuthStartRequestSchema, type AuthStartResponse, AuthStartResponseSchema, type BindResponse, BindResponseSchema, type BindSuccessResponse, BindSuccessResponseSchema, buildLogoutSignaturePayload, type ClientTransportEndpoints, ClientTransportEndpointsSchema, type ClientTransports, ClientTransportsSchema, type ContractApproval, type ContractApprovalCapability, ContractApprovalSchema, type LogoutSignaturePayloadInput, type NatsAuthTokenV1, NatsAuthTokenV1Schema, type SentinelCreds, SentinelCredsSchema, type UserParticipantKind, UserParticipantKindSchema, } from "./schemas.js";
|
|
15
15
|
export { buildNatsConnectSignaturePayload, createAuth, type NatsConnectOptions, type TrellisAuth, } from "./session_auth.js";
|
|
16
16
|
export { correctedIatSeconds, estimateMidpointClockOffsetMs } from "./time.js";
|
|
17
17
|
export { trellisIdFromOriginId } from "./trellis_id.js";
|
package/esm/auth/mod.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,KAAK,qCAAqC,EAC1C,KAAK,yCAAyC,EAC9C,KAAK,sCAAsC,EAC3C,KAAK,wCAAwC,EAC7C,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,EACpB,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,cAAc,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,+BAA+B,GACrC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,UAAU,EACf,QAAQ,EACR,aAAa,EACb,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,EACT,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,WAAW,EACX,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,kCAAkC,EAClC,0BAA0B,EAC1B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACrC,6BAA6B,EAC7B,sCAAsC,EACtC,8BAA8B,EAC9B,qCAAqC,EACrC,6BAA6B,EAC7B,KAAK,cAAc,EACnB,KAAK,2CAA2C,EAChD,4CAA4C,EAC5C,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,KAAK,wCAAwC,EAC7C,yCAAyC,EACzC,KAAK,+BAA+B,EACpC,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,8CAA8C,EACnD,KAAK,iDAAiD,EACtD,uDAAuD,EACvD,+CAA+C,EAC/C,KAAK,6CAA6C,EAClD,8CAA8C,EAC9C,KAAK,gDAAgD,EACrD,iDAAiD,EACjD,KAAK,6CAA6C,EAClD,mDAAmD,EACnD,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,kCAAkC,EACvC,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,mCAAmC,EACnC,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,oBAAoB,EACpB,mCAAmC,EACnC,2BAA2B,EAC3B,oCAAoC,EACpC,4BAA4B,EAC5B,mCAAmC,EACnC,2BAA2B,EAC3B,iCAAiC,EACjC,yBAAyB,EACzB,mCAAmC,EACnC,2BAA2B,EAC3B,uCAAuC,EACvC,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,qBAAqB,EACrB,kCAAkC,EAClC,0BAA0B,EAC1B,+BAA+B,EAC/B,uBAAuB,EACvB,4CAA4C,EAC5C,2CAA2C,EAC3C,mCAAmC,EACnC,6CAA6C,EAC7C,4CAA4C,EAC5C,mDAAmD,EACnD,oDAAoD,EACpD,4CAA4C,EAC5C,kDAAkD,EAClD,0CAA0C,EAC1C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,gCAAgC,EAChC,wBAAwB,EACxB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,4BAA4B,EAC5B,oBAAoB,EACpB,6BAA6B,EAC7B,qBAAqB,EACrB,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,EACpC,kCAAkC,EAClC,0BAA0B,EAC1B,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,0BAA0B,EAC1B,8CAA8C,EAC9C,8CAA8C,EAC9C,sCAAsC,EACtC,yCAAyC,EACzC,iCAAiC,EACjC,wCAAwC,EACxC,gCAAgC,EAChC,sCAAsC,EACtC,8BAA8B,EAC9B,2CAA2C,EAC3C,mCAAmC,EACnC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,oBAAoB,EACpB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,wCAAwC,EACxC,6BAA6B,EAC7B,qBAAqB,EACrB,0BAA0B,EAC1B,kBAAkB,EAClB,iCAAiC,EACjC,2BAA2B,EAC3B,mBAAmB,EACnB,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,6BAA6B,EAC7B,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,mBAAmB,EACxB,KAAK,6BAA6B,EAClC,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,mCAAmC,EACnC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,KAAK,gCAAgC,EACrC,sCAAsC,EACtC,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,KAAK,2BAA2B,EAChC,qCAAqC,EACrC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,iCAAiC,EACjC,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,sCAAsC,EACtC,oCAAoC,EACpC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,gCAAgC,EAChC,KAAK,yBAAyB,EAC9B,+BAA+B,EAC/B,2BAA2B,EAC3B,+BAA+B,EAC/B,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,uBAAuB,EACvB,yBAAyB,EACzB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,gBAAgB,EAChB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uCAAuC,EAC5C,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,cAAc,EACnB,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,EACd,oCAAoC,EACpC,qCAAqC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,YAAY,EACjB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,sBAAsB,EACtB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,EACxB,yBAAyB,GAC1B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,gCAAgC,EAChC,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,KAAK,qCAAqC,EAC1C,KAAK,yCAAyC,EAC9C,KAAK,sCAAsC,EAC3C,KAAK,wCAAwC,EAC7C,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,EACpB,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,cAAc,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,+BAA+B,GACrC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,UAAU,EACf,QAAQ,EACR,KAAK,iCAAiC,EACtC,KAAK,uBAAuB,EAC5B,aAAa,EACb,wBAAwB,EACxB,eAAe,EACf,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,6BAA6B,EAC7B,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,EACT,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,WAAW,EACX,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,kCAAkC,EAClC,0BAA0B,EAC1B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACrC,6BAA6B,EAC7B,sCAAsC,EACtC,8BAA8B,EAC9B,qCAAqC,EACrC,6BAA6B,EAC7B,KAAK,cAAc,EACnB,KAAK,2CAA2C,EAChD,4CAA4C,EAC5C,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,KAAK,wCAAwC,EAC7C,yCAAyC,EACzC,KAAK,+BAA+B,EACpC,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,8CAA8C,EACnD,KAAK,iDAAiD,EACtD,uDAAuD,EACvD,+CAA+C,EAC/C,KAAK,6CAA6C,EAClD,8CAA8C,EAC9C,KAAK,gDAAgD,EACrD,iDAAiD,EACjD,KAAK,6CAA6C,EAClD,mDAAmD,EACnD,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,kCAAkC,EACvC,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,mCAAmC,EACnC,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,oBAAoB,EACpB,mCAAmC,EACnC,2BAA2B,EAC3B,oCAAoC,EACpC,4BAA4B,EAC5B,mCAAmC,EACnC,2BAA2B,EAC3B,iCAAiC,EACjC,yBAAyB,EACzB,mCAAmC,EACnC,2BAA2B,EAC3B,uCAAuC,EACvC,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,qBAAqB,EACrB,kCAAkC,EAClC,0BAA0B,EAC1B,+BAA+B,EAC/B,uBAAuB,EACvB,4CAA4C,EAC5C,2CAA2C,EAC3C,mCAAmC,EACnC,6CAA6C,EAC7C,4CAA4C,EAC5C,mDAAmD,EACnD,oDAAoD,EACpD,4CAA4C,EAC5C,kDAAkD,EAClD,0CAA0C,EAC1C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,gCAAgC,EAChC,wBAAwB,EACxB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,4BAA4B,EAC5B,oBAAoB,EACpB,6BAA6B,EAC7B,qBAAqB,EACrB,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,EACpC,kCAAkC,EAClC,0BAA0B,EAC1B,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,0BAA0B,EAC1B,8CAA8C,EAC9C,8CAA8C,EAC9C,sCAAsC,EACtC,yCAAyC,EACzC,iCAAiC,EACjC,wCAAwC,EACxC,gCAAgC,EAChC,sCAAsC,EACtC,8BAA8B,EAC9B,2CAA2C,EAC3C,mCAAmC,EACnC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,oBAAoB,EACpB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,wCAAwC,EACxC,6BAA6B,EAC7B,qBAAqB,EACrB,0BAA0B,EAC1B,kBAAkB,EAClB,iCAAiC,EACjC,2BAA2B,EAC3B,mBAAmB,EACnB,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,6BAA6B,EAC7B,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,mBAAmB,EACxB,KAAK,6BAA6B,EAClC,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,mCAAmC,EACnC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,KAAK,gCAAgC,EACrC,sCAAsC,EACtC,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,KAAK,2BAA2B,EAChC,qCAAqC,EACrC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,iCAAiC,EACjC,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,sCAAsC,EACtC,oCAAoC,EACpC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,gCAAgC,EAChC,KAAK,yBAAyB,EAC9B,+BAA+B,EAC/B,2BAA2B,EAC3B,+BAA+B,EAC/B,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,uBAAuB,EACvB,yBAAyB,EACzB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,gBAAgB,EAChB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uCAAuC,EAC5C,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,cAAc,EACnB,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,EACd,oCAAoC,EACpC,qCAAqC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,YAAY,EACjB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,2BAA2B,EAC3B,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,sBAAsB,EACtB,KAAK,2BAA2B,EAChC,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,EACxB,yBAAyB,GAC1B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,gCAAgC,EAChC,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
package/esm/auth/mod.js
CHANGED
|
@@ -8,10 +8,10 @@
|
|
|
8
8
|
* - Services load their session key seed from `TRELLIS_SESSION_KEY_SEED`.
|
|
9
9
|
*/
|
|
10
10
|
export { buildDeviceActivationPayload, buildDeviceWaitProofInput, createDeviceActivationClient, createDeviceNatsAuthToken, deriveDeviceConfirmationCode, deriveDeviceIdentity, deriveDeviceQrMac, encodeDeviceActivationPayload, getDeviceConnectInfo, parseDeviceActivationPayload, signDeviceWaitRequest, startDeviceActivationRequest, verifyDeviceConfirmationCode, verifyDeviceWaitSignature, waitForDeviceActivation, } from "./device_activation.js";
|
|
11
|
-
export { bindFlow, buildLoginUrl, clearSessionKey, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, loadSessionKey, natsConnectSigForIat, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, signBytes, startAuthRequest, submitPortalApproval, } from "./browser.js";
|
|
11
|
+
export { bindFlow, buildLoginUrl, classifyBrowserAuthError, clearSessionKey, completeSessionLogout, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, isRecoverableBrowserAuthError, loadSessionKey, logoutSession, logoutSessionSig, natsConnectSigForIat, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, signBytes, startAuthRequest, submitPortalApproval, } from "./browser.js";
|
|
12
12
|
export { buildProofInput, createProof, verifyProof, } from "./proof.js";
|
|
13
13
|
export { ApprovalRecordViewSchema, AuthCapabilitiesListResponseSchema, AuthCapabilitiesListSchema, AuthCapabilityGroupsDeleteResponseSchema, AuthCapabilityGroupsDeleteSchema, AuthCapabilityGroupsGetResponseSchema, AuthCapabilityGroupsGetSchema, AuthCapabilityGroupsListResponseSchema, AuthCapabilityGroupsListSchema, AuthCapabilityGroupsPutResponseSchema, AuthCapabilityGroupsPutSchema, AuthDeploymentAuthorityAcceptMigrationSchema, AuthDeploymentAuthorityAcceptResponseSchema, AuthDeploymentAuthorityAcceptUpdateSchema, AuthDeploymentAuthorityGetResponseSchema, AuthDeploymentAuthorityGetSchema, AuthDeploymentAuthorityGrantOverridesListResponseSchema, AuthDeploymentAuthorityGrantOverridesListSchema, AuthDeploymentAuthorityGrantOverridesPutSchema, AuthDeploymentAuthorityGrantOverridesRemoveSchema, AuthDeploymentAuthorityGrantOverridesResponseSchema, AuthDeploymentAuthorityListResponseSchema, AuthDeploymentAuthorityListSchema, AuthDeploymentAuthorityPlanResponseSchema, AuthDeploymentAuthorityPlanSchema, AuthDeploymentAuthorityPlansGetResponseSchema, AuthDeploymentAuthorityPlansGetSchema, AuthDeploymentAuthorityPlansListResponseSchema, AuthDeploymentAuthorityPlansListSchema, AuthDeploymentAuthorityReconcileResponseSchema, AuthDeploymentAuthorityReconcileSchema, AuthDeploymentAuthorityRejectResponseSchema, AuthDeploymentAuthorityRejectSchema, AuthDeploymentKindSchema, AuthDeploymentSchema, AuthDeploymentsCreateResponseSchema, AuthDeploymentsCreateSchema, AuthDeploymentsDisableResponseSchema, AuthDeploymentsDisableSchema, AuthDeploymentsEnableResponseSchema, AuthDeploymentsEnableSchema, AuthDeploymentsListResponseSchema, AuthDeploymentsListSchema, AuthDeploymentsRemoveResponseSchema, AuthDeploymentsRemoveSchema, AuthDevicesConnectInfoGetResponseSchema, AuthDevicesConnectInfoGetSchema, AuthDevicesDisableResponseSchema, AuthDevicesDisableSchema, AuthDevicesEnableResponseSchema, AuthDevicesEnableSchema, AuthDevicesListResponseSchema, AuthDevicesListSchema, AuthDevicesProvisionResponseSchema, AuthDevicesProvisionSchema, AuthDevicesRemoveResponseSchema, AuthDevicesRemoveSchema, AuthDeviceUserAuthoritiesApprovedEventSchema, AuthDeviceUserAuthoritiesListResponseSchema, AuthDeviceUserAuthoritiesListSchema, AuthDeviceUserAuthoritiesRequestedEventSchema, AuthDeviceUserAuthoritiesResolvedEventSchema, AuthDeviceUserAuthoritiesReviewRequestedEventSchema, AuthDeviceUserAuthoritiesReviewsDecideResponseSchema, AuthDeviceUserAuthoritiesReviewsDecideSchema, AuthDeviceUserAuthoritiesReviewsListResponseSchema, AuthDeviceUserAuthoritiesReviewsListSchema, AuthDeviceUserAuthoritiesRevokeResponseSchema, AuthDeviceUserAuthoritiesRevokeSchema, AuthenticatedDeviceSchema, AuthIdentitiesListResponseSchema, AuthIdentitiesListSchema, AuthIdentityGrantsListResponseSchema, AuthIdentityGrantsListSchema, AuthIdentityGrantsRevokeResponseSchema, AuthIdentityGrantsRevokeSchema, AuthPortalsGetResponseSchema, AuthPortalsGetSchema, AuthPortalsListResponseSchema, AuthPortalsListSchema, AuthPortalsLoginSettingsGetSchema, AuthPortalsLoginSettingsResponseSchema, AuthPortalsLoginSettingsUpdateSchema, AuthPortalsRoutesPutResponseSchema, AuthPortalsRoutesPutSchema, AuthPortalsRoutesRemoveResponseSchema, AuthPortalsRoutesRemoveSchema, AuthRequestsValidateResponseSchema, AuthRequestsValidateSchema, AuthResolveDeviceUserAuthoritiesProgressSchema, AuthResolveDeviceUserAuthoritiesResponseSchema, AuthResolveDeviceUserAuthoritiesSchema, AuthServiceInstancesDisableResponseSchema, AuthServiceInstancesDisableSchema, AuthServiceInstancesEnableResponseSchema, AuthServiceInstancesEnableSchema, AuthServiceInstancesListResponseSchema, AuthServiceInstancesListSchema, AuthServiceInstancesProvisionResponseSchema, AuthServiceInstancesProvisionSchema, AuthServiceInstancesRemoveResponseSchema, AuthServiceInstancesRemoveSchema, AuthSessionsMeResponseSchema, AuthSessionsMeSchema, AuthUserIdentitiesListResponseSchema, AuthUserIdentitiesListSchema, AuthUserIdentitiesUnlinkResponseSchema, AuthUserIdentitiesUnlinkSchema, AuthUsersAccountFlowCreateResponseSchema, AuthUsersCreateResponseSchema, AuthUsersCreateSchema, AuthUsersGetResponseSchema, AuthUsersGetSchema, AuthUsersIdentityLinkCreateSchema, AuthUsersListResponseSchema, AuthUsersListSchema, AuthUsersPasswordChangeResponseSchema, AuthUsersPasswordChangeSchema, AuthUsersPasswordResetCreateSchema, AuthUsersUpdateResponseSchema, AuthUsersUpdateSchema, CallerViewSchema, ContractAnalysisSchema, ContractAnalysisSummarySchema, DeploymentAuthorityCapabilityNeedSchema, DeploymentAuthorityCapabilitySchema, DeploymentAuthorityContractNeedSchema, DeploymentAuthorityGrantOverrideSchema, DeploymentAuthorityKindSchema, DeploymentAuthorityMaterializationSchema, DeploymentAuthorityMigrationSchema, DeploymentAuthorityNeedsSchema, DeploymentAuthorityPlanSchema, DeploymentAuthorityProposalSchema, DeploymentAuthorityReconciliationStatusSchema, DeploymentAuthorityResourceKindSchema, DeploymentAuthorityResourceNeedSchema, DeploymentAuthorityResourceSchema, DeploymentAuthoritySchema, DeploymentAuthoritySurfaceActionSchema, DeploymentAuthoritySurfaceKindSchema, DeploymentAuthoritySurfaceNeedSchema, DeploymentAuthoritySurfaceSchema, DeploymentAuthorityUpdateSchema, DeploymentPortalRouteSchema, DeploymentResourceBindingSchema, DeviceActivationRecordSchema, DeviceActivationReviewSchema, DeviceConnectInfoSchema, DeviceDeploymentSchema, DeviceSchema, DigestSchema, FlowRegistrationAvailabilitySchema, IdentityGrantViewSchema, ImplementationOfferSchema, LoginPortalRecordSchema, LoginPortalRouteSchema, LoginPortalSettingsSchema, LoginPortalSummarySchema, MaterializedAuthorityCapabilityGrantSchema, MaterializedAuthorityGrantsSchema, MaterializedAuthorityNatsGrantSchema, MaterializedAuthorityNatsGrantSourceSchema, MaterializedAuthoritySurfaceGrantSchema, OpenObjectSchema, ParticipantKindSchema, PortalFlowStateSchema, ServiceDeploymentSchema, ServiceInstanceSchema, UserViewSchema, WaitForDeviceActivationRequestSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.js";
|
|
14
|
-
export { approvalCapabilityKeys, ApprovalDecisionSchema, AuthStartFlowResponseSchema, AuthStartRequestSchema, AuthStartResponseSchema, BindResponseSchema, BindSuccessResponseSchema, ClientTransportEndpointsSchema, ClientTransportsSchema, ContractApprovalSchema, NatsAuthTokenV1Schema, SentinelCredsSchema, UserParticipantKindSchema, } from "./schemas.js";
|
|
14
|
+
export { approvalCapabilityKeys, ApprovalDecisionSchema, AuthLogoutRequestSchema, AuthLogoutResponseModeSchema, AuthLogoutResponseSchema, AuthStartFlowResponseSchema, AuthStartRequestSchema, AuthStartResponseSchema, BindResponseSchema, BindSuccessResponseSchema, buildLogoutSignaturePayload, ClientTransportEndpointsSchema, ClientTransportsSchema, ContractApprovalSchema, NatsAuthTokenV1Schema, SentinelCredsSchema, UserParticipantKindSchema, } from "./schemas.js";
|
|
15
15
|
export { buildNatsConnectSignaturePayload, createAuth, } from "./session_auth.js";
|
|
16
16
|
export { correctedIatSeconds, estimateMidpointClockOffsetMs } from "./time.js";
|
|
17
17
|
export { trellisIdFromOriginId } from "./trellis_id.js";
|