@qlover/oauth-wrapper 0.2.0 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/dist/client.cjs +3 -1
- package/dist/client.d.ts +1 -1
- package/dist/client.js +3 -1
- package/dist/core.cjs +8 -8
- package/dist/core.d.ts +59 -141
- package/dist/core.js +8 -8
- package/dist/index.cjs +483 -433
- package/dist/index.d.ts +106 -42
- package/dist/index.js +482 -433
- package/package.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.2.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
#### ♻️ Refactors
|
|
8
|
+
|
|
9
|
+
- **oauth-wrapper:** change userId type from number to string across interfaces and schemas ([bfe85fa](https://github.com/qlover/fe-base/commit/bfe85fa6e82561164a936dca7e8a9d8e1ca6b7e3)) ([#618](https://github.com/qlover/fe-base/pull/618))
|
|
10
|
+
- Updated the `ownerUserId` and `userId` parameters in various interfaces and schemas to use `string` instead of `number` for better compatibility with string-based identifiers.
|
|
11
|
+
- Adjusted related service methods to reflect the new type, ensuring consistency across the OAuth wrapper implementation.
|
|
12
|
+
- Enhanced the `OAuthClientRowSchema` and other schemas to align with the updated user ID type, improving data validation and integrity.
|
|
13
|
+
|
|
3
14
|
## 0.2.0
|
|
4
15
|
|
|
5
16
|
### Minor Changes
|
package/dist/client.cjs
CHANGED
|
@@ -300,6 +300,7 @@ var OAuthGateway = class {
|
|
|
300
300
|
constructor(options) {
|
|
301
301
|
this.options = options;
|
|
302
302
|
}
|
|
303
|
+
options;
|
|
303
304
|
callbackInflight = /* @__PURE__ */ new Map();
|
|
304
305
|
get localeOptions() {
|
|
305
306
|
return {
|
|
@@ -742,7 +743,8 @@ var OAuthClient = class {
|
|
|
742
743
|
locale: this.config.locale,
|
|
743
744
|
redirectUri,
|
|
744
745
|
statePreview: `${state.slice(0, 8)}\u2026`,
|
|
745
|
-
pkceSaved: this.pkceStore.loadPkceSession() != null
|
|
746
|
+
pkceSaved: this.pkceStore.loadPkceSession() != null,
|
|
747
|
+
authorizeUrl: url
|
|
746
748
|
});
|
|
747
749
|
if (params?.target === "_blank") {
|
|
748
750
|
window.open(url, "_blank", "noopener,noreferrer");
|
package/dist/client.d.ts
CHANGED
|
@@ -296,7 +296,7 @@ declare class OAuthClient<T extends OAuthUserInfo = OAuthUserInfo> implements OA
|
|
|
296
296
|
/**
|
|
297
297
|
* @override
|
|
298
298
|
*/
|
|
299
|
-
startOAuthLogin(params?: OAuthGatewayAuthorizeParams): Promise<void>;
|
|
299
|
+
startOAuthLogin(params?: Partial<OAuthGatewayAuthorizeParams>): Promise<void>;
|
|
300
300
|
completeOAuthCallback(params?: Parameters<OAuthGateway<T>['oAuthWrapperCallback']>[0]): Promise<T>;
|
|
301
301
|
parseOAuthCallbackSearchParams(searchParams: URLSearchParams): Parameters<OAuthGateway<T>['oAuthWrapperCallback']>[0];
|
|
302
302
|
/**
|
package/dist/client.js
CHANGED
|
@@ -257,6 +257,7 @@ var OAuthGateway = class {
|
|
|
257
257
|
constructor(options) {
|
|
258
258
|
this.options = options;
|
|
259
259
|
}
|
|
260
|
+
options;
|
|
260
261
|
callbackInflight = /* @__PURE__ */ new Map();
|
|
261
262
|
get localeOptions() {
|
|
262
263
|
return {
|
|
@@ -699,7 +700,8 @@ var OAuthClient = class {
|
|
|
699
700
|
locale: this.config.locale,
|
|
700
701
|
redirectUri,
|
|
701
702
|
statePreview: `${state.slice(0, 8)}\u2026`,
|
|
702
|
-
pkceSaved: this.pkceStore.loadPkceSession() != null
|
|
703
|
+
pkceSaved: this.pkceStore.loadPkceSession() != null,
|
|
704
|
+
authorizeUrl: url
|
|
703
705
|
});
|
|
704
706
|
if (params?.target === "_blank") {
|
|
705
707
|
window.open(url, "_blank", "noopener,noreferrer");
|
package/dist/core.cjs
CHANGED
|
@@ -64,7 +64,7 @@ function isOAuthRedirectUri(value) {
|
|
|
64
64
|
}
|
|
65
65
|
var oauthRedirectUriSchema = import_zod.z.string().min(1).refine(isOAuthRedirectUri, { message: "Invalid redirect URI" });
|
|
66
66
|
var OAuthClientRowSchema = import_zod.z.object({
|
|
67
|
-
id: import_zod.z.
|
|
67
|
+
id: import_zod.z.string(),
|
|
68
68
|
client_id: import_zod.z.string(),
|
|
69
69
|
client_secret_hash: import_zod.z.string().nullable().optional(),
|
|
70
70
|
client_name: import_zod.z.string(),
|
|
@@ -74,7 +74,7 @@ var OAuthClientRowSchema = import_zod.z.object({
|
|
|
74
74
|
grant_types: import_zod.z.array(import_zod.z.string()),
|
|
75
75
|
scopes: import_zod.z.array(import_zod.z.string()),
|
|
76
76
|
confidential: import_zod.z.boolean(),
|
|
77
|
-
owner_user_id: import_zod.z.
|
|
77
|
+
owner_user_id: import_zod.z.string(),
|
|
78
78
|
created_at: import_zod.z.string(),
|
|
79
79
|
updated_at: import_zod.z.string()
|
|
80
80
|
});
|
|
@@ -147,7 +147,7 @@ var OAuthConsentBodySchema = import_zod.z.object({
|
|
|
147
147
|
var OAuthAuthorizationCodeRowSchema = import_zod.z.object({
|
|
148
148
|
code: import_zod.z.string(),
|
|
149
149
|
client_id: import_zod.z.string(),
|
|
150
|
-
user_id: import_zod.z.
|
|
150
|
+
user_id: import_zod.z.string(),
|
|
151
151
|
redirect_uri: import_zod.z.string(),
|
|
152
152
|
scope: import_zod.z.string().nullable().optional(),
|
|
153
153
|
code_challenge: import_zod.z.string().nullable().optional(),
|
|
@@ -160,16 +160,16 @@ var OAuthAuthorizationCodeRowSchema = import_zod.z.object({
|
|
|
160
160
|
// src/core/schema/OAuthClientSchema.ts
|
|
161
161
|
var import_zod2 = require("zod");
|
|
162
162
|
var OAuthUserCredentialsSchema = import_zod2.z.object({
|
|
163
|
-
user_id: import_zod2.z.
|
|
163
|
+
user_id: import_zod2.z.string(),
|
|
164
164
|
provider_refresh_token: import_zod2.z.string().nullable().optional(),
|
|
165
165
|
provider_session_token: import_zod2.z.string().nullable().optional(),
|
|
166
166
|
updated_at: import_zod2.z.string()
|
|
167
167
|
});
|
|
168
168
|
var OAuthRefreshTokenSchema = import_zod2.z.object({
|
|
169
|
-
id: import_zod2.z.
|
|
169
|
+
id: import_zod2.z.string(),
|
|
170
170
|
refresh_token: import_zod2.z.string(),
|
|
171
171
|
client_id: import_zod2.z.string(),
|
|
172
|
-
user_id: import_zod2.z.
|
|
172
|
+
user_id: import_zod2.z.string(),
|
|
173
173
|
expires_at: import_zod2.z.string(),
|
|
174
174
|
revoked: import_zod2.z.boolean(),
|
|
175
175
|
created_at: import_zod2.z.string()
|
|
@@ -186,12 +186,12 @@ var OAuthTokenResponseSchema = import_zod2.z.object({
|
|
|
186
186
|
var import_zod3 = require("zod");
|
|
187
187
|
var OAuthUserInfoResponseSchema = import_zod3.z.object({
|
|
188
188
|
sub: import_zod3.z.string(),
|
|
189
|
-
email: import_zod3.z.
|
|
189
|
+
email: import_zod3.z.email(),
|
|
190
190
|
name: import_zod3.z.string(),
|
|
191
191
|
roles: import_zod3.z.array(import_zod3.z.string()).optional()
|
|
192
192
|
});
|
|
193
193
|
var OAuthUserInfoErrorResponseSchema = import_zod3.z.object({
|
|
194
|
-
error: import_zod3.z.
|
|
194
|
+
error: import_zod3.z.string(),
|
|
195
195
|
error_id: import_zod3.z.string().optional()
|
|
196
196
|
});
|
|
197
197
|
|
package/dist/core.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
|
+
import { LoginParams } from '@qlover/corekit-bridge/core';
|
|
2
3
|
import { ValueOf } from '@qlover/fe-corekit';
|
|
3
4
|
|
|
4
5
|
/**
|
|
@@ -6,7 +7,7 @@ import { ValueOf } from '@qlover/fe-corekit';
|
|
|
6
7
|
*/
|
|
7
8
|
declare function isOAuthRedirectUri(value: string): boolean;
|
|
8
9
|
declare const OAuthClientRowSchema: z.ZodObject<{
|
|
9
|
-
id: z.
|
|
10
|
+
id: z.ZodString;
|
|
10
11
|
client_id: z.ZodString;
|
|
11
12
|
client_secret_hash: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
12
13
|
client_name: z.ZodString;
|
|
@@ -16,7 +17,7 @@ declare const OAuthClientRowSchema: z.ZodObject<{
|
|
|
16
17
|
grant_types: z.ZodArray<z.ZodString>;
|
|
17
18
|
scopes: z.ZodArray<z.ZodString>;
|
|
18
19
|
confidential: z.ZodBoolean;
|
|
19
|
-
owner_user_id: z.
|
|
20
|
+
owner_user_id: z.ZodString;
|
|
20
21
|
created_at: z.ZodString;
|
|
21
22
|
updated_at: z.ZodString;
|
|
22
23
|
}, z.core.$strip>;
|
|
@@ -100,7 +101,7 @@ type OAuthConsentBody = z.infer<typeof OAuthConsentBodySchema>;
|
|
|
100
101
|
declare const OAuthAuthorizationCodeRowSchema: z.ZodObject<{
|
|
101
102
|
code: z.ZodString;
|
|
102
103
|
client_id: z.ZodString;
|
|
103
|
-
user_id: z.
|
|
104
|
+
user_id: z.ZodString;
|
|
104
105
|
redirect_uri: z.ZodString;
|
|
105
106
|
scope: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
106
107
|
code_challenge: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
@@ -112,12 +113,12 @@ declare const OAuthAuthorizationCodeRowSchema: z.ZodObject<{
|
|
|
112
113
|
type OAuthAuthorizationCodeRow = z.infer<typeof OAuthAuthorizationCodeRowSchema>;
|
|
113
114
|
|
|
114
115
|
interface OAuthClientsInterface {
|
|
115
|
-
listForOwner(ownerUserId:
|
|
116
|
-
getByClientId(ownerUserId:
|
|
117
|
-
create(ownerUserId:
|
|
118
|
-
update(ownerUserId:
|
|
119
|
-
rotateSecret(ownerUserId:
|
|
120
|
-
delete(ownerUserId:
|
|
116
|
+
listForOwner(ownerUserId: string): Promise<OAuthClientListItem[]>;
|
|
117
|
+
getByClientId(ownerUserId: string, clientId: string): Promise<OAuthClientDetail>;
|
|
118
|
+
create(ownerUserId: string, input: OAuthClientCreate): Promise<OAuthClientCreateResponse>;
|
|
119
|
+
update(ownerUserId: string, clientId: string, input: OAuthClientUpdate): Promise<OAuthClientDetail>;
|
|
120
|
+
rotateSecret(ownerUserId: string, clientId: string): Promise<OAuthClientSecretRotateResponse>;
|
|
121
|
+
delete(ownerUserId: string, clientId: string): Promise<void>;
|
|
121
122
|
}
|
|
122
123
|
|
|
123
124
|
/**
|
|
@@ -125,21 +126,21 @@ interface OAuthClientsInterface {
|
|
|
125
126
|
*/
|
|
126
127
|
interface OAuthClientsRepositoryInterface {
|
|
127
128
|
findClientById(clientId: string): Promise<OAuthClientRow | null>;
|
|
128
|
-
listClientByOwner(ownerUserId:
|
|
129
|
-
createClient(ownerUserId:
|
|
129
|
+
listClientByOwner(ownerUserId: string): Promise<OAuthClientListItem[]>;
|
|
130
|
+
createClient(ownerUserId: string, input: OAuthClientCreate): Promise<{
|
|
130
131
|
client: OAuthClientRow;
|
|
131
132
|
clientSecret?: string;
|
|
132
133
|
}>;
|
|
133
|
-
updateClient(ownerUserId:
|
|
134
|
-
rotateClientSecret(ownerUserId:
|
|
134
|
+
updateClient(ownerUserId: string, clientId: string, input: OAuthClientUpdate): Promise<OAuthClientDetail>;
|
|
135
|
+
rotateClientSecret(ownerUserId: string, clientId: string): Promise<{
|
|
135
136
|
clientSecret: string;
|
|
136
137
|
}>;
|
|
137
|
-
deleteClient(ownerUserId:
|
|
138
|
+
deleteClient(ownerUserId: string, clientId: string): Promise<void>;
|
|
138
139
|
verifyClientCredentials(clientId: string, clientSecret: string | undefined): Promise<OAuthClientRow>;
|
|
139
140
|
}
|
|
140
141
|
|
|
141
142
|
type OAuthSessionPayload = {
|
|
142
|
-
userId:
|
|
143
|
+
userId: string;
|
|
143
144
|
email: string;
|
|
144
145
|
name: string;
|
|
145
146
|
providerSessionToken: string;
|
|
@@ -199,116 +200,18 @@ declare const OAuthTokenRevokeSchema: z.ZodObject<{
|
|
|
199
200
|
}, z.core.$strip>;
|
|
200
201
|
type OAuthTokenRevokeRequest = z.infer<typeof OAuthTokenRevokeSchema>;
|
|
201
202
|
|
|
202
|
-
/**
|
|
203
|
-
* OAuth user adapter profile shape.
|
|
204
|
-
*
|
|
205
|
-
* Significance: Keeps OAuth services independent from provider SDK user models.
|
|
206
|
-
* Core idea: Represent only the profile fields required by OAuth login and userinfo.
|
|
207
|
-
* Main function: Provide a canonical user profile contract for adapters.
|
|
208
|
-
* Main purpose: Let the OAuth wrapper switch user providers without changing services.
|
|
209
|
-
*
|
|
210
|
-
* @example
|
|
211
|
-
* const sub = String(profile.id);
|
|
212
|
-
*/
|
|
213
|
-
type OAuthUserProfile = {
|
|
214
|
-
id: string | number;
|
|
215
|
-
email?: string | null;
|
|
216
|
-
name?: string | null;
|
|
217
|
-
first_name?: string | null;
|
|
218
|
-
last_name?: string | null;
|
|
219
|
-
roles?: string[];
|
|
220
|
-
[key: string]: unknown;
|
|
221
|
-
};
|
|
222
|
-
/**
|
|
223
|
-
* OAuth provider login credentials result.
|
|
224
|
-
*
|
|
225
|
-
* Significance: Normalizes provider login responses for middleware sessions.
|
|
226
|
-
* Core idea: Require a session token while allowing provider-specific metadata.
|
|
227
|
-
* Main function: Carry the provider session token after credential verification.
|
|
228
|
-
* Main purpose: Persist the token needed to mint OAuth access tokens later.
|
|
229
|
-
*
|
|
230
|
-
* @example
|
|
231
|
-
* const sessionToken = credentials.token;
|
|
232
|
-
*/
|
|
233
|
-
type OAuthUserCredentials = {
|
|
234
|
-
token: string;
|
|
235
|
-
[key: string]: unknown;
|
|
236
|
-
};
|
|
237
|
-
/**
|
|
238
|
-
* OAuth provider access token result.
|
|
239
|
-
*
|
|
240
|
-
* Significance: Normalizes provider token exchange responses.
|
|
241
|
-
* Core idea: OAuth token services only need access, expiry, and optional refresh token.
|
|
242
|
-
* Main function: Return a provider access token for third-party OAuth clients.
|
|
243
|
-
* Main purpose: Hide provider SDK response details behind the adapter contract.
|
|
244
|
-
*
|
|
245
|
-
* @example
|
|
246
|
-
* return { access_token: token.access_token, expires_in: token.expires_in };
|
|
247
|
-
*/
|
|
248
|
-
type OAuthUserAccessToken = {
|
|
249
|
-
access_token: string;
|
|
250
|
-
expires_in: number;
|
|
251
|
-
refresh_token?: string | null;
|
|
252
|
-
[key: string]: unknown;
|
|
253
|
-
};
|
|
254
|
-
/**
|
|
255
|
-
* User adapter contract for the OAuth wrapper.
|
|
256
|
-
*
|
|
257
|
-
* Significance: Defines the boundary between OAuth core services and user providers.
|
|
258
|
-
* Core idea: Keep provider-specific login, token exchange, and profile lookup behind one port.
|
|
259
|
-
* Main function: Verify credentials, exchange provider tokens, and load user profiles.
|
|
260
|
-
* Main purpose: Allow any upstream user API to be swapped without changing OAuth services.
|
|
261
|
-
*
|
|
262
|
-
* @example
|
|
263
|
-
* const access = await adapter.exchangeAccessToken({ token: sessionToken });
|
|
264
|
-
*/
|
|
265
|
-
interface OAuthUserAdapterInterface {
|
|
266
|
-
/**
|
|
267
|
-
* Verifies user credentials with the backing user provider.
|
|
268
|
-
*
|
|
269
|
-
* @param email - User email or username accepted by the provider.
|
|
270
|
-
* @param password - Plain credential submitted by the login form.
|
|
271
|
-
* @returns Provider credentials containing a session token.
|
|
272
|
-
*/
|
|
273
|
-
login(email: string, password: string): Promise<OAuthUserCredentials>;
|
|
274
|
-
/**
|
|
275
|
-
* Exchanges a provider session token for a provider access token.
|
|
276
|
-
*
|
|
277
|
-
* @param params - Session token and optional language preference.
|
|
278
|
-
* @returns Provider access token payload used as the OAuth access token response.
|
|
279
|
-
*/
|
|
280
|
-
exchangeAccessToken(params: {
|
|
281
|
-
token: string;
|
|
282
|
-
lang?: string;
|
|
283
|
-
}): Promise<OAuthUserAccessToken>;
|
|
284
|
-
/**
|
|
285
|
-
* Loads profile information using a provider session token.
|
|
286
|
-
*
|
|
287
|
-
* @param sessionToken - Provider session token from a successful login.
|
|
288
|
-
* @returns Canonical user profile for session creation.
|
|
289
|
-
*/
|
|
290
|
-
getUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
|
|
291
|
-
/**
|
|
292
|
-
* Loads profile information using a provider access token.
|
|
293
|
-
*
|
|
294
|
-
* @param accessToken - Bearer access token presented to the userinfo endpoint.
|
|
295
|
-
* @returns Canonical user profile for OIDC userinfo claims.
|
|
296
|
-
*/
|
|
297
|
-
getUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
|
|
298
|
-
}
|
|
299
|
-
|
|
300
203
|
declare const OAuthUserCredentialsSchema: z.ZodObject<{
|
|
301
|
-
user_id: z.
|
|
204
|
+
user_id: z.ZodString;
|
|
302
205
|
provider_refresh_token: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
303
206
|
provider_session_token: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
304
207
|
updated_at: z.ZodString;
|
|
305
208
|
}, z.core.$strip>;
|
|
306
209
|
type OAuthUserCredentialsRow = z.infer<typeof OAuthUserCredentialsSchema>;
|
|
307
210
|
declare const OAuthRefreshTokenSchema: z.ZodObject<{
|
|
308
|
-
id: z.
|
|
211
|
+
id: z.ZodString;
|
|
309
212
|
refresh_token: z.ZodString;
|
|
310
213
|
client_id: z.ZodString;
|
|
311
|
-
user_id: z.
|
|
214
|
+
user_id: z.ZodString;
|
|
312
215
|
expires_at: z.ZodString;
|
|
313
216
|
revoked: z.ZodBoolean;
|
|
314
217
|
created_at: z.ZodString;
|
|
@@ -326,7 +229,7 @@ type OAuthTokenResponse = z.infer<typeof OAuthTokenResponseSchema>;
|
|
|
326
229
|
type CreateAuthorizationCodeInput = {
|
|
327
230
|
code: string;
|
|
328
231
|
client_id: string;
|
|
329
|
-
user_id:
|
|
232
|
+
user_id: string;
|
|
330
233
|
redirect_uri: string;
|
|
331
234
|
scope: string | null;
|
|
332
235
|
code_challenge: string | null;
|
|
@@ -336,14 +239,14 @@ type CreateAuthorizationCodeInput = {
|
|
|
336
239
|
type CreateOAuthRefreshTokenInput = {
|
|
337
240
|
refresh_token: string;
|
|
338
241
|
client_id: string;
|
|
339
|
-
user_id:
|
|
242
|
+
user_id: string;
|
|
340
243
|
expires_at: string;
|
|
341
244
|
};
|
|
342
245
|
interface OAuthWrapperRepositoryInterface extends OAuthClientsRepositoryInterface {
|
|
343
246
|
create(input: CreateAuthorizationCodeInput): Promise<void>;
|
|
344
247
|
consumeCode(code: string): Promise<OAuthAuthorizationCodeRow | null>;
|
|
345
|
-
getUserCredentials(userId:
|
|
346
|
-
upsertUserCredentials(userId:
|
|
248
|
+
getUserCredentials(userId: string): Promise<OAuthUserCredentialsRow | null>;
|
|
249
|
+
upsertUserCredentials(userId: string, fields: {
|
|
347
250
|
provider_refresh_token?: string | null;
|
|
348
251
|
provider_session_token?: string | null;
|
|
349
252
|
}): Promise<void>;
|
|
@@ -351,7 +254,7 @@ interface OAuthWrapperRepositoryInterface extends OAuthClientsRepositoryInterfac
|
|
|
351
254
|
upsertRefreshToken(input: {
|
|
352
255
|
refresh_token: string;
|
|
353
256
|
client_id: string;
|
|
354
|
-
user_id:
|
|
257
|
+
user_id: string;
|
|
355
258
|
expires_at: string;
|
|
356
259
|
}): Promise<void>;
|
|
357
260
|
revokeRefreshToken(tokenHash: string): Promise<void>;
|
|
@@ -359,18 +262,18 @@ interface OAuthWrapperRepositoryInterface extends OAuthClientsRepositoryInterfac
|
|
|
359
262
|
createRefreshToken(input: CreateOAuthRefreshTokenInput): Promise<void>;
|
|
360
263
|
revokeByTokenHash(tokenHash: string): Promise<void>;
|
|
361
264
|
/** Revoke all active refresh tokens issued for the given user. */
|
|
362
|
-
revokeRefreshTokensByUserId(userId:
|
|
265
|
+
revokeRefreshTokensByUserId(userId: string): Promise<void>;
|
|
363
266
|
}
|
|
364
267
|
|
|
365
268
|
declare const OAuthUserInfoResponseSchema: z.ZodObject<{
|
|
366
269
|
sub: z.ZodString;
|
|
367
|
-
email: z.
|
|
270
|
+
email: z.ZodEmail;
|
|
368
271
|
name: z.ZodString;
|
|
369
272
|
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
370
273
|
}, z.core.$strip>;
|
|
371
274
|
type OAuthUserInfoResponse = z.infer<typeof OAuthUserInfoResponseSchema>;
|
|
372
275
|
declare const OAuthUserInfoErrorResponseSchema: z.ZodObject<{
|
|
373
|
-
error: z.
|
|
276
|
+
error: z.ZodString;
|
|
374
277
|
error_id: z.ZodOptional<z.ZodString>;
|
|
375
278
|
}, z.core.$strip>;
|
|
376
279
|
type OAuthUserInfoErrorResponse = z.infer<typeof OAuthUserInfoErrorResponseSchema>;
|
|
@@ -414,25 +317,40 @@ interface OAuthTokenServiceInterface {
|
|
|
414
317
|
*/
|
|
415
318
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
416
319
|
}
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
getOAuthTokenService(): OAuthTokenServiceInterface;
|
|
320
|
+
type ResolveAuthorizePageResult = {
|
|
321
|
+
ok: true;
|
|
322
|
+
data: OAuthAuthorizePageData;
|
|
323
|
+
} | {
|
|
324
|
+
ok: false;
|
|
325
|
+
error: OAuthAuthorizeValidationError;
|
|
326
|
+
};
|
|
327
|
+
interface OAuthProviderInterface<SessionPayload extends OAuthSessionPayload> extends OAuthTokenServiceInterface {
|
|
328
|
+
login(params: LoginParams): Promise<SessionPayload>;
|
|
329
|
+
/**
|
|
330
|
+
* Get the OAuth repository
|
|
331
|
+
*/
|
|
430
332
|
getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
431
333
|
/**
|
|
432
|
-
*
|
|
433
|
-
|
|
334
|
+
* Clear the session
|
|
335
|
+
*/
|
|
336
|
+
clearSession(): Promise<void>;
|
|
337
|
+
/**
|
|
338
|
+
* Get the session
|
|
339
|
+
*/
|
|
340
|
+
getSession(): Promise<SessionPayload | null>;
|
|
341
|
+
/**
|
|
342
|
+
* Logout the user
|
|
343
|
+
*/
|
|
344
|
+
logout(userId: string): Promise<void>;
|
|
345
|
+
/**
|
|
346
|
+
* Resolve the authorize page
|
|
434
347
|
*/
|
|
435
|
-
|
|
348
|
+
resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<ResolveAuthorizePageResult>;
|
|
349
|
+
/**
|
|
350
|
+
* Process the consent
|
|
351
|
+
*/
|
|
352
|
+
processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
|
|
353
|
+
getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
436
354
|
}
|
|
437
355
|
|
|
438
356
|
declare const OAuthRfcCodes: {
|
|
@@ -457,4 +375,4 @@ declare function generatePkceVerifier(length?: number): string;
|
|
|
457
375
|
declare function computePkceS256Challenge(verifier: string): Promise<string>;
|
|
458
376
|
declare function randomOAuthState(): string;
|
|
459
377
|
|
|
460
|
-
export { type CreateAuthorizationCodeInput, type CreateOAuthRefreshTokenInput, type OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, type OAuthAuthorizePageData, type OAuthAuthorizeQuery, OAuthAuthorizeQuerySchema, type OAuthAuthorizeValidationError, type OAuthClientCreate, type OAuthClientCreateResponse, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, type OAuthClientDetail, OAuthClientDetailSchema, type OAuthClientListItem, OAuthClientListItemSchema, type OAuthClientRow, OAuthClientRowSchema, type OAuthClientSecretRotateResponse, OAuthClientSecretRotateResponseSchema, type OAuthClientUpdate, OAuthClientUpdateSchema, type OAuthClientsInterface, type OAuthClientsRepositoryInterface, type OAuthConsentBody, OAuthConsentBodySchema, type OAuthConsentResult, type OAuthRefreshTokenRow, OAuthRefreshTokenSchema, type OAuthRfcCodeType, OAuthRfcCodes, type OAuthRfcErrorCodesType, type
|
|
378
|
+
export { type CreateAuthorizationCodeInput, type CreateOAuthRefreshTokenInput, type OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, type OAuthAuthorizePageData, type OAuthAuthorizeQuery, OAuthAuthorizeQuerySchema, type OAuthAuthorizeValidationError, type OAuthClientCreate, type OAuthClientCreateResponse, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, type OAuthClientDetail, OAuthClientDetailSchema, type OAuthClientListItem, OAuthClientListItemSchema, type OAuthClientRow, OAuthClientRowSchema, type OAuthClientSecretRotateResponse, OAuthClientSecretRotateResponseSchema, type OAuthClientUpdate, OAuthClientUpdateSchema, type OAuthClientsInterface, type OAuthClientsRepositoryInterface, type OAuthConsentBody, OAuthConsentBodySchema, type OAuthConsentResult, type OAuthProviderInterface, type OAuthRefreshTokenRow, OAuthRefreshTokenSchema, type OAuthRfcCodeType, OAuthRfcCodes, type OAuthRfcErrorCodesType, type OAuthSessionInterface, type OAuthSessionPayload, type OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, type OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, type OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, type OAuthTokenRequest, OAuthTokenRequestSchema, type OAuthTokenResponse, OAuthTokenResponseSchema, type OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, type OAuthTokenServiceInterface, type OAuthUserCredentialsRow, OAuthUserCredentialsSchema, type OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, type OAuthUserInfoResponse, OAuthUserInfoResponseSchema, type OAuthWrapperRepositoryInterface, type ResolveAuthorizePageResult, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState };
|
package/dist/core.js
CHANGED
|
@@ -14,7 +14,7 @@ function isOAuthRedirectUri(value) {
|
|
|
14
14
|
}
|
|
15
15
|
var oauthRedirectUriSchema = z.string().min(1).refine(isOAuthRedirectUri, { message: "Invalid redirect URI" });
|
|
16
16
|
var OAuthClientRowSchema = z.object({
|
|
17
|
-
id: z.
|
|
17
|
+
id: z.string(),
|
|
18
18
|
client_id: z.string(),
|
|
19
19
|
client_secret_hash: z.string().nullable().optional(),
|
|
20
20
|
client_name: z.string(),
|
|
@@ -24,7 +24,7 @@ var OAuthClientRowSchema = z.object({
|
|
|
24
24
|
grant_types: z.array(z.string()),
|
|
25
25
|
scopes: z.array(z.string()),
|
|
26
26
|
confidential: z.boolean(),
|
|
27
|
-
owner_user_id: z.
|
|
27
|
+
owner_user_id: z.string(),
|
|
28
28
|
created_at: z.string(),
|
|
29
29
|
updated_at: z.string()
|
|
30
30
|
});
|
|
@@ -97,7 +97,7 @@ var OAuthConsentBodySchema = z.object({
|
|
|
97
97
|
var OAuthAuthorizationCodeRowSchema = z.object({
|
|
98
98
|
code: z.string(),
|
|
99
99
|
client_id: z.string(),
|
|
100
|
-
user_id: z.
|
|
100
|
+
user_id: z.string(),
|
|
101
101
|
redirect_uri: z.string(),
|
|
102
102
|
scope: z.string().nullable().optional(),
|
|
103
103
|
code_challenge: z.string().nullable().optional(),
|
|
@@ -110,16 +110,16 @@ var OAuthAuthorizationCodeRowSchema = z.object({
|
|
|
110
110
|
// src/core/schema/OAuthClientSchema.ts
|
|
111
111
|
import { z as z2 } from "zod";
|
|
112
112
|
var OAuthUserCredentialsSchema = z2.object({
|
|
113
|
-
user_id: z2.
|
|
113
|
+
user_id: z2.string(),
|
|
114
114
|
provider_refresh_token: z2.string().nullable().optional(),
|
|
115
115
|
provider_session_token: z2.string().nullable().optional(),
|
|
116
116
|
updated_at: z2.string()
|
|
117
117
|
});
|
|
118
118
|
var OAuthRefreshTokenSchema = z2.object({
|
|
119
|
-
id: z2.
|
|
119
|
+
id: z2.string(),
|
|
120
120
|
refresh_token: z2.string(),
|
|
121
121
|
client_id: z2.string(),
|
|
122
|
-
user_id: z2.
|
|
122
|
+
user_id: z2.string(),
|
|
123
123
|
expires_at: z2.string(),
|
|
124
124
|
revoked: z2.boolean(),
|
|
125
125
|
created_at: z2.string()
|
|
@@ -136,12 +136,12 @@ var OAuthTokenResponseSchema = z2.object({
|
|
|
136
136
|
import { z as z3 } from "zod";
|
|
137
137
|
var OAuthUserInfoResponseSchema = z3.object({
|
|
138
138
|
sub: z3.string(),
|
|
139
|
-
email: z3.
|
|
139
|
+
email: z3.email(),
|
|
140
140
|
name: z3.string(),
|
|
141
141
|
roles: z3.array(z3.string()).optional()
|
|
142
142
|
});
|
|
143
143
|
var OAuthUserInfoErrorResponseSchema = z3.object({
|
|
144
|
-
error: z3.
|
|
144
|
+
error: z3.string(),
|
|
145
145
|
error_id: z3.string().optional()
|
|
146
146
|
});
|
|
147
147
|
|