@qlover/oauth-wrapper 0.2.0 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/dist/client.cjs +3 -1
- package/dist/client.d.ts +1 -1
- package/dist/client.js +3 -1
- package/dist/core.cjs +8 -8
- package/dist/core.d.ts +59 -141
- package/dist/core.js +8 -8
- package/dist/index.cjs +483 -433
- package/dist/index.d.ts +106 -42
- package/dist/index.js +482 -433
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
|
@@ -1,8 +1,81 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
1
|
+
import { LoginParams } from '@qlover/corekit-bridge/core';
|
|
2
|
+
import { OAuthSessionPayload, OAuthProviderInterface, OAuthTokenRequest, OAuthTokenResponse, OAuthWrapperRepositoryInterface, OAuthUserInfoResponse, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthTokenServiceInterface, OAuthSessionInterface, OAuthRfcCodeType, OAuthClientRow } from './core.js';
|
|
3
|
+
export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState } from './core.js';
|
|
3
4
|
import { EncryptorInterface, ExecutorError } from '@qlover/fe-corekit';
|
|
4
5
|
import 'zod';
|
|
5
6
|
|
|
7
|
+
type OAuthUserProfile = {
|
|
8
|
+
id: string | number;
|
|
9
|
+
email?: string | null;
|
|
10
|
+
name?: string | null;
|
|
11
|
+
roles?: string[];
|
|
12
|
+
[key: string]: unknown;
|
|
13
|
+
};
|
|
14
|
+
type OAuthUserCredentials = {
|
|
15
|
+
token: string;
|
|
16
|
+
[key: string]: unknown;
|
|
17
|
+
};
|
|
18
|
+
type OAuthUserAccessToken = {
|
|
19
|
+
access_token: string;
|
|
20
|
+
expires_in: number;
|
|
21
|
+
refresh_token?: string | null;
|
|
22
|
+
[key: string]: unknown;
|
|
23
|
+
};
|
|
24
|
+
declare abstract class OAuthAbstractProvider<SessionPayload extends OAuthSessionPayload> implements OAuthProviderInterface<SessionPayload> {
|
|
25
|
+
protected authCodeTTLMs: number;
|
|
26
|
+
/**
|
|
27
|
+
* @override
|
|
28
|
+
*/
|
|
29
|
+
abstract exchangeToken(_rawFields: Record<string, string> | OAuthTokenRequest): Promise<OAuthTokenResponse>;
|
|
30
|
+
/**
|
|
31
|
+
* @override
|
|
32
|
+
*/
|
|
33
|
+
abstract revokeToken(_rawFields: Record<string, string>): Promise<void>;
|
|
34
|
+
/**
|
|
35
|
+
* @override
|
|
36
|
+
*/
|
|
37
|
+
abstract getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
38
|
+
/**
|
|
39
|
+
* @override
|
|
40
|
+
*/
|
|
41
|
+
abstract clearSession(): Promise<void>;
|
|
42
|
+
/**
|
|
43
|
+
* @override
|
|
44
|
+
*/
|
|
45
|
+
abstract getSession(): Promise<SessionPayload | null>;
|
|
46
|
+
/**
|
|
47
|
+
* @override
|
|
48
|
+
*/
|
|
49
|
+
abstract login(params: LoginParams): Promise<SessionPayload>;
|
|
50
|
+
/**
|
|
51
|
+
* @override
|
|
52
|
+
*/
|
|
53
|
+
abstract getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
54
|
+
protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
|
|
55
|
+
protected isValidateConsent(value: unknown): value is OAuthConsentBody;
|
|
56
|
+
protected generageSessionPayload(userInfo: OAuthUserProfile & {
|
|
57
|
+
sessionToken: string;
|
|
58
|
+
}): SessionPayload;
|
|
59
|
+
/**
|
|
60
|
+
* @override
|
|
61
|
+
*/
|
|
62
|
+
logout(userId: string): Promise<void>;
|
|
63
|
+
/**
|
|
64
|
+
* @override
|
|
65
|
+
*/
|
|
66
|
+
resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
|
|
67
|
+
ok: true;
|
|
68
|
+
data: OAuthAuthorizePageData;
|
|
69
|
+
} | {
|
|
70
|
+
ok: false;
|
|
71
|
+
error: OAuthAuthorizeValidationError;
|
|
72
|
+
}>;
|
|
73
|
+
/**
|
|
74
|
+
* @override
|
|
75
|
+
*/
|
|
76
|
+
processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
|
|
77
|
+
}
|
|
78
|
+
|
|
6
79
|
/**
|
|
7
80
|
* Business logic for OAuth client management in developer console.
|
|
8
81
|
*/
|
|
@@ -13,35 +86,39 @@ declare class OAuthClientsService implements OAuthClientsInterface {
|
|
|
13
86
|
* List all OAuth clients owned by a user
|
|
14
87
|
* @override
|
|
15
88
|
*/
|
|
16
|
-
listForOwner(ownerUserId:
|
|
89
|
+
listForOwner(ownerUserId: string): Promise<OAuthClientListItem[]>;
|
|
17
90
|
/**
|
|
18
91
|
* Get detailed information about a specific OAuth client
|
|
19
92
|
* @override
|
|
20
93
|
*/
|
|
21
|
-
getByClientId(ownerUserId:
|
|
94
|
+
getByClientId(ownerUserId: string, clientId: string): Promise<OAuthClientDetail>;
|
|
22
95
|
/**
|
|
23
96
|
* Create a new OAuth client
|
|
24
97
|
* @override
|
|
25
98
|
*/
|
|
26
|
-
create(ownerUserId:
|
|
99
|
+
create(ownerUserId: string, input: OAuthClientCreate): Promise<OAuthClientCreateResponse>;
|
|
27
100
|
/**
|
|
28
101
|
* Update an existing OAuth client
|
|
29
102
|
* @override
|
|
30
103
|
*/
|
|
31
|
-
update(ownerUserId:
|
|
104
|
+
update(ownerUserId: string, clientId: string, input: OAuthClientUpdate): Promise<OAuthClientDetail>;
|
|
32
105
|
/**
|
|
33
106
|
* Rotate the client secret
|
|
34
107
|
* @override
|
|
35
108
|
*/
|
|
36
|
-
rotateSecret(ownerUserId:
|
|
109
|
+
rotateSecret(ownerUserId: string, clientId: string): Promise<OAuthClientSecretRotateResponse>;
|
|
37
110
|
/**
|
|
38
111
|
* Delete an OAuth client
|
|
39
112
|
* @override
|
|
40
113
|
*/
|
|
41
|
-
delete(ownerUserId:
|
|
114
|
+
delete(ownerUserId: string, clientId: string): Promise<void>;
|
|
42
115
|
private mapToDetail;
|
|
43
116
|
}
|
|
44
117
|
|
|
118
|
+
type ExchangeProviderAccessToken = (params: {
|
|
119
|
+
token: string;
|
|
120
|
+
lang?: string;
|
|
121
|
+
}) => Promise<OAuthUserAccessToken>;
|
|
45
122
|
/**
|
|
46
123
|
* OAuth 2.0 token endpoint (`POST /oauth/token`).
|
|
47
124
|
*
|
|
@@ -54,10 +131,10 @@ declare class OAuthClientsService implements OAuthClientsInterface {
|
|
|
54
131
|
*/
|
|
55
132
|
declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
56
133
|
protected tokenEncryption: EncryptorInterface<string, string>;
|
|
57
|
-
protected
|
|
134
|
+
protected exchangeProviderAccessToken: ExchangeProviderAccessToken;
|
|
58
135
|
protected oauthRepo: OAuthWrapperRepositoryInterface;
|
|
59
136
|
protected static REFRESH_TOKEN_TTL_MS: number;
|
|
60
|
-
constructor(tokenEncryption: EncryptorInterface<string, string>,
|
|
137
|
+
constructor(tokenEncryption: EncryptorInterface<string, string>, exchangeProviderAccessToken: ExchangeProviderAccessToken, oauthRepo: OAuthWrapperRepositoryInterface);
|
|
61
138
|
/**
|
|
62
139
|
* @override
|
|
63
140
|
*/
|
|
@@ -74,11 +151,11 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
|
74
151
|
protected exchangeRefreshToken(request: Extract<OAuthTokenRequest, {
|
|
75
152
|
grant_type: 'refresh_token';
|
|
76
153
|
}>, verifiedClientId: string): Promise<OAuthTokenResponse>;
|
|
77
|
-
protected fetchProviderAccessToken(userId:
|
|
154
|
+
protected fetchProviderAccessToken(userId: string): Promise<{
|
|
78
155
|
access_token: string;
|
|
79
156
|
expires_in: number;
|
|
80
157
|
}>;
|
|
81
|
-
protected issueMiddlewareRefreshToken(clientId: string, userId:
|
|
158
|
+
protected issueMiddlewareRefreshToken(clientId: string, userId: string): Promise<string>;
|
|
82
159
|
/**
|
|
83
160
|
* @override
|
|
84
161
|
* RFC 7009 — revoke middleware refresh tokens. Idempotent: unknown tokens are ignored.
|
|
@@ -86,60 +163,47 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
|
86
163
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
87
164
|
}
|
|
88
165
|
|
|
89
|
-
declare class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload>
|
|
166
|
+
declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> extends OAuthAbstractProvider<SessionPayload> {
|
|
90
167
|
protected oauthSession: OAuthSessionInterface<SessionPayload>;
|
|
91
|
-
protected userAdapter: OAuthUserAdapterInterface;
|
|
92
|
-
protected tokenService: OAuthTokenServiceInterface;
|
|
93
168
|
protected oauthRepo: OAuthWrapperRepositoryInterface;
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
169
|
+
protected tokenService: OAuthTokenServiceInterface;
|
|
170
|
+
constructor(oauthSession: OAuthSessionInterface<SessionPayload>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
|
|
171
|
+
protected abstract providerLogin(params: LoginParams): Promise<OAuthUserCredentials>;
|
|
172
|
+
protected abstract providerExchangeAccessToken(params: {
|
|
173
|
+
token: string;
|
|
174
|
+
lang?: string;
|
|
175
|
+
}): Promise<OAuthUserAccessToken>;
|
|
176
|
+
protected abstract providerGetUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
|
|
177
|
+
protected abstract providerGetUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
|
|
103
178
|
/**
|
|
104
179
|
* @override
|
|
105
180
|
*/
|
|
106
|
-
|
|
181
|
+
login(params: LoginParams): Promise<SessionPayload>;
|
|
107
182
|
/**
|
|
108
183
|
* @override
|
|
109
184
|
*/
|
|
110
185
|
getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
111
|
-
protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
|
|
112
|
-
protected isValidateConsent(value: unknown): value is OAuthConsentBody;
|
|
113
186
|
/**
|
|
114
187
|
* @override
|
|
115
188
|
*/
|
|
116
|
-
|
|
117
|
-
ok: true;
|
|
118
|
-
data: OAuthAuthorizePageData;
|
|
119
|
-
} | {
|
|
120
|
-
ok: false;
|
|
121
|
-
error: OAuthAuthorizeValidationError;
|
|
122
|
-
}>;
|
|
189
|
+
exchangeToken(rawFields: Record<string, string>): Promise<OAuthTokenResponse>;
|
|
123
190
|
/**
|
|
124
191
|
* @override
|
|
125
192
|
*/
|
|
126
|
-
|
|
193
|
+
getSession(): Promise<SessionPayload | null>;
|
|
127
194
|
/**
|
|
128
195
|
* @override
|
|
129
196
|
*/
|
|
130
|
-
|
|
197
|
+
clearSession(): Promise<void>;
|
|
131
198
|
/**
|
|
132
199
|
* @override
|
|
133
200
|
*/
|
|
134
201
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
202
|
+
logoutUser(userId: string): Promise<void>;
|
|
135
203
|
/**
|
|
136
204
|
* @override
|
|
137
205
|
*/
|
|
138
|
-
|
|
139
|
-
/**
|
|
140
|
-
* @override
|
|
141
|
-
*/
|
|
142
|
-
getUserInfo(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
206
|
+
getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
143
207
|
protected toUserInfoResponse(profile: OAuthUserProfile): OAuthUserInfoResponse;
|
|
144
208
|
}
|
|
145
209
|
|
|
@@ -191,4 +255,4 @@ declare function computeS256CodeChallenge(verifier: string): string;
|
|
|
191
255
|
*/
|
|
192
256
|
declare function verifyPkceS256(verifier: string, challenge: string): boolean;
|
|
193
257
|
|
|
194
|
-
export { OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult,
|
|
258
|
+
export { type ExchangeProviderAccessToken, OAuthAbstractProvider, OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthProviderInterface, OAuthRfcCodeType, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, type OAuthUserAccessToken, type OAuthUserCredentials, OAuthUserInfoResponse, type OAuthUserProfile, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };
|