@qlover/oauth-wrapper 0.2.0 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -1,8 +1,81 @@
1
- import { OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthTokenServiceInterface, OAuthUserAdapterInterface, OAuthWrapperRepositoryInterface, OAuthTokenResponse, OAuthTokenRequest, OAuthSessionPayload, OAuthServiceInterface, OAuthSessionInterface, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthUserInfoResponse, OAuthUserProfile, OAuthRfcCodeType, OAuthClientRow } from './core.js';
2
- export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserAccessToken, OAuthUserCredentials, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponseSchema, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState } from './core.js';
1
+ import { LoginParams } from '@qlover/corekit-bridge/core';
2
+ import { OAuthSessionPayload, OAuthProviderInterface, OAuthTokenRequest, OAuthTokenResponse, OAuthWrapperRepositoryInterface, OAuthUserInfoResponse, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthTokenServiceInterface, OAuthSessionInterface, OAuthRfcCodeType, OAuthClientRow } from './core.js';
3
+ export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState } from './core.js';
3
4
  import { EncryptorInterface, ExecutorError } from '@qlover/fe-corekit';
4
5
  import 'zod';
5
6
 
7
+ type OAuthUserProfile = {
8
+ id: string | number;
9
+ email?: string | null;
10
+ name?: string | null;
11
+ roles?: string[];
12
+ [key: string]: unknown;
13
+ };
14
+ type OAuthUserCredentials = {
15
+ token: string;
16
+ [key: string]: unknown;
17
+ };
18
+ type OAuthUserAccessToken = {
19
+ access_token: string;
20
+ expires_in: number;
21
+ refresh_token?: string | null;
22
+ [key: string]: unknown;
23
+ };
24
+ declare abstract class OAuthAbstractProvider<SessionPayload extends OAuthSessionPayload> implements OAuthProviderInterface<SessionPayload> {
25
+ protected authCodeTTLMs: number;
26
+ /**
27
+ * @override
28
+ */
29
+ abstract exchangeToken(_rawFields: Record<string, string> | OAuthTokenRequest): Promise<OAuthTokenResponse>;
30
+ /**
31
+ * @override
32
+ */
33
+ abstract revokeToken(_rawFields: Record<string, string>): Promise<void>;
34
+ /**
35
+ * @override
36
+ */
37
+ abstract getOAuthRepo(): OAuthWrapperRepositoryInterface;
38
+ /**
39
+ * @override
40
+ */
41
+ abstract clearSession(): Promise<void>;
42
+ /**
43
+ * @override
44
+ */
45
+ abstract getSession(): Promise<SessionPayload | null>;
46
+ /**
47
+ * @override
48
+ */
49
+ abstract login(params: LoginParams): Promise<SessionPayload>;
50
+ /**
51
+ * @override
52
+ */
53
+ abstract getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
54
+ protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
55
+ protected isValidateConsent(value: unknown): value is OAuthConsentBody;
56
+ protected generageSessionPayload(userInfo: OAuthUserProfile & {
57
+ sessionToken: string;
58
+ }): SessionPayload;
59
+ /**
60
+ * @override
61
+ */
62
+ logout(userId: string): Promise<void>;
63
+ /**
64
+ * @override
65
+ */
66
+ resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
67
+ ok: true;
68
+ data: OAuthAuthorizePageData;
69
+ } | {
70
+ ok: false;
71
+ error: OAuthAuthorizeValidationError;
72
+ }>;
73
+ /**
74
+ * @override
75
+ */
76
+ processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
77
+ }
78
+
6
79
  /**
7
80
  * Business logic for OAuth client management in developer console.
8
81
  */
@@ -13,35 +86,39 @@ declare class OAuthClientsService implements OAuthClientsInterface {
13
86
  * List all OAuth clients owned by a user
14
87
  * @override
15
88
  */
16
- listForOwner(ownerUserId: number): Promise<OAuthClientListItem[]>;
89
+ listForOwner(ownerUserId: string): Promise<OAuthClientListItem[]>;
17
90
  /**
18
91
  * Get detailed information about a specific OAuth client
19
92
  * @override
20
93
  */
21
- getByClientId(ownerUserId: number, clientId: string): Promise<OAuthClientDetail>;
94
+ getByClientId(ownerUserId: string, clientId: string): Promise<OAuthClientDetail>;
22
95
  /**
23
96
  * Create a new OAuth client
24
97
  * @override
25
98
  */
26
- create(ownerUserId: number, input: OAuthClientCreate): Promise<OAuthClientCreateResponse>;
99
+ create(ownerUserId: string, input: OAuthClientCreate): Promise<OAuthClientCreateResponse>;
27
100
  /**
28
101
  * Update an existing OAuth client
29
102
  * @override
30
103
  */
31
- update(ownerUserId: number, clientId: string, input: OAuthClientUpdate): Promise<OAuthClientDetail>;
104
+ update(ownerUserId: string, clientId: string, input: OAuthClientUpdate): Promise<OAuthClientDetail>;
32
105
  /**
33
106
  * Rotate the client secret
34
107
  * @override
35
108
  */
36
- rotateSecret(ownerUserId: number, clientId: string): Promise<OAuthClientSecretRotateResponse>;
109
+ rotateSecret(ownerUserId: string, clientId: string): Promise<OAuthClientSecretRotateResponse>;
37
110
  /**
38
111
  * Delete an OAuth client
39
112
  * @override
40
113
  */
41
- delete(ownerUserId: number, clientId: string): Promise<void>;
114
+ delete(ownerUserId: string, clientId: string): Promise<void>;
42
115
  private mapToDetail;
43
116
  }
44
117
 
118
+ type ExchangeProviderAccessToken = (params: {
119
+ token: string;
120
+ lang?: string;
121
+ }) => Promise<OAuthUserAccessToken>;
45
122
  /**
46
123
  * OAuth 2.0 token endpoint (`POST /oauth/token`).
47
124
  *
@@ -54,10 +131,10 @@ declare class OAuthClientsService implements OAuthClientsInterface {
54
131
  */
55
132
  declare class OAuthTokenService implements OAuthTokenServiceInterface {
56
133
  protected tokenEncryption: EncryptorInterface<string, string>;
57
- protected userAdapter: OAuthUserAdapterInterface;
134
+ protected exchangeProviderAccessToken: ExchangeProviderAccessToken;
58
135
  protected oauthRepo: OAuthWrapperRepositoryInterface;
59
136
  protected static REFRESH_TOKEN_TTL_MS: number;
60
- constructor(tokenEncryption: EncryptorInterface<string, string>, userAdapter: OAuthUserAdapterInterface, oauthRepo: OAuthWrapperRepositoryInterface);
137
+ constructor(tokenEncryption: EncryptorInterface<string, string>, exchangeProviderAccessToken: ExchangeProviderAccessToken, oauthRepo: OAuthWrapperRepositoryInterface);
61
138
  /**
62
139
  * @override
63
140
  */
@@ -74,11 +151,11 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
74
151
  protected exchangeRefreshToken(request: Extract<OAuthTokenRequest, {
75
152
  grant_type: 'refresh_token';
76
153
  }>, verifiedClientId: string): Promise<OAuthTokenResponse>;
77
- protected fetchProviderAccessToken(userId: number): Promise<{
154
+ protected fetchProviderAccessToken(userId: string): Promise<{
78
155
  access_token: string;
79
156
  expires_in: number;
80
157
  }>;
81
- protected issueMiddlewareRefreshToken(clientId: string, userId: number): Promise<string>;
158
+ protected issueMiddlewareRefreshToken(clientId: string, userId: string): Promise<string>;
82
159
  /**
83
160
  * @override
84
161
  * RFC 7009 — revoke middleware refresh tokens. Idempotent: unknown tokens are ignored.
@@ -86,60 +163,47 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
86
163
  revokeToken(rawFields: Record<string, string>): Promise<void>;
87
164
  }
88
165
 
89
- declare class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> implements OAuthServiceInterface<SessionPayload> {
166
+ declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> extends OAuthAbstractProvider<SessionPayload> {
90
167
  protected oauthSession: OAuthSessionInterface<SessionPayload>;
91
- protected userAdapter: OAuthUserAdapterInterface;
92
- protected tokenService: OAuthTokenServiceInterface;
93
168
  protected oauthRepo: OAuthWrapperRepositoryInterface;
94
- constructor(oauthSession: OAuthSessionInterface<SessionPayload>, userAdapter: OAuthUserAdapterInterface, tokenService: OAuthTokenServiceInterface, oauthRepo: OAuthWrapperRepositoryInterface);
95
- /**
96
- * @override
97
- */
98
- getOAuthSession(): OAuthSessionInterface<SessionPayload>;
99
- /**
100
- * @override
101
- */
102
- getOAuthAdapter(): OAuthUserAdapterInterface;
169
+ protected tokenService: OAuthTokenServiceInterface;
170
+ constructor(oauthSession: OAuthSessionInterface<SessionPayload>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
171
+ protected abstract providerLogin(params: LoginParams): Promise<OAuthUserCredentials>;
172
+ protected abstract providerExchangeAccessToken(params: {
173
+ token: string;
174
+ lang?: string;
175
+ }): Promise<OAuthUserAccessToken>;
176
+ protected abstract providerGetUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
177
+ protected abstract providerGetUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
103
178
  /**
104
179
  * @override
105
180
  */
106
- getOAuthTokenService(): OAuthTokenServiceInterface;
181
+ login(params: LoginParams): Promise<SessionPayload>;
107
182
  /**
108
183
  * @override
109
184
  */
110
185
  getOAuthRepo(): OAuthWrapperRepositoryInterface;
111
- protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
112
- protected isValidateConsent(value: unknown): value is OAuthConsentBody;
113
186
  /**
114
187
  * @override
115
188
  */
116
- resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
117
- ok: true;
118
- data: OAuthAuthorizePageData;
119
- } | {
120
- ok: false;
121
- error: OAuthAuthorizeValidationError;
122
- }>;
189
+ exchangeToken(rawFields: Record<string, string>): Promise<OAuthTokenResponse>;
123
190
  /**
124
191
  * @override
125
192
  */
126
- processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
193
+ getSession(): Promise<SessionPayload | null>;
127
194
  /**
128
195
  * @override
129
196
  */
130
- exchangeToken(rawFields: Record<string, string>): Promise<OAuthTokenResponse>;
197
+ clearSession(): Promise<void>;
131
198
  /**
132
199
  * @override
133
200
  */
134
201
  revokeToken(rawFields: Record<string, string>): Promise<void>;
202
+ logoutUser(userId: string): Promise<void>;
135
203
  /**
136
204
  * @override
137
205
  */
138
- logoutUser(userId: number): Promise<void>;
139
- /**
140
- * @override
141
- */
142
- getUserInfo(accessToken: string): Promise<OAuthUserInfoResponse>;
206
+ getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
143
207
  protected toUserInfoResponse(profile: OAuthUserProfile): OAuthUserInfoResponse;
144
208
  }
145
209
 
@@ -191,4 +255,4 @@ declare function computeS256CodeChallenge(verifier: string): string;
191
255
  */
192
256
  declare function verifyPkceS256(verifier: string, challenge: string): boolean;
193
257
 
194
- export { OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthRfcCodeType, OAuthServiceInterface, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, OAuthUserAdapterInterface, OAuthUserInfoResponse, OAuthUserProfile, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };
258
+ export { type ExchangeProviderAccessToken, OAuthAbstractProvider, OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthProviderInterface, OAuthRfcCodeType, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, type OAuthUserAccessToken, type OAuthUserCredentials, OAuthUserInfoResponse, type OAuthUserProfile, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };