@qlover/oauth-wrapper 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.cjs +3 -1
- package/dist/client.d.ts +1 -1
- package/dist/client.js +3 -1
- package/dist/core.cjs +2 -2
- package/dist/core.d.ts +34 -117
- package/dist/core.js +2 -2
- package/dist/index.cjs +477 -427
- package/dist/index.d.ts +97 -34
- package/dist/index.js +476 -427
- package/package.json +1 -1
package/dist/client.cjs
CHANGED
|
@@ -300,6 +300,7 @@ var OAuthGateway = class {
|
|
|
300
300
|
constructor(options) {
|
|
301
301
|
this.options = options;
|
|
302
302
|
}
|
|
303
|
+
options;
|
|
303
304
|
callbackInflight = /* @__PURE__ */ new Map();
|
|
304
305
|
get localeOptions() {
|
|
305
306
|
return {
|
|
@@ -742,7 +743,8 @@ var OAuthClient = class {
|
|
|
742
743
|
locale: this.config.locale,
|
|
743
744
|
redirectUri,
|
|
744
745
|
statePreview: `${state.slice(0, 8)}\u2026`,
|
|
745
|
-
pkceSaved: this.pkceStore.loadPkceSession() != null
|
|
746
|
+
pkceSaved: this.pkceStore.loadPkceSession() != null,
|
|
747
|
+
authorizeUrl: url
|
|
746
748
|
});
|
|
747
749
|
if (params?.target === "_blank") {
|
|
748
750
|
window.open(url, "_blank", "noopener,noreferrer");
|
package/dist/client.d.ts
CHANGED
|
@@ -296,7 +296,7 @@ declare class OAuthClient<T extends OAuthUserInfo = OAuthUserInfo> implements OA
|
|
|
296
296
|
/**
|
|
297
297
|
* @override
|
|
298
298
|
*/
|
|
299
|
-
startOAuthLogin(params?: OAuthGatewayAuthorizeParams): Promise<void>;
|
|
299
|
+
startOAuthLogin(params?: Partial<OAuthGatewayAuthorizeParams>): Promise<void>;
|
|
300
300
|
completeOAuthCallback(params?: Parameters<OAuthGateway<T>['oAuthWrapperCallback']>[0]): Promise<T>;
|
|
301
301
|
parseOAuthCallbackSearchParams(searchParams: URLSearchParams): Parameters<OAuthGateway<T>['oAuthWrapperCallback']>[0];
|
|
302
302
|
/**
|
package/dist/client.js
CHANGED
|
@@ -257,6 +257,7 @@ var OAuthGateway = class {
|
|
|
257
257
|
constructor(options) {
|
|
258
258
|
this.options = options;
|
|
259
259
|
}
|
|
260
|
+
options;
|
|
260
261
|
callbackInflight = /* @__PURE__ */ new Map();
|
|
261
262
|
get localeOptions() {
|
|
262
263
|
return {
|
|
@@ -699,7 +700,8 @@ var OAuthClient = class {
|
|
|
699
700
|
locale: this.config.locale,
|
|
700
701
|
redirectUri,
|
|
701
702
|
statePreview: `${state.slice(0, 8)}\u2026`,
|
|
702
|
-
pkceSaved: this.pkceStore.loadPkceSession() != null
|
|
703
|
+
pkceSaved: this.pkceStore.loadPkceSession() != null,
|
|
704
|
+
authorizeUrl: url
|
|
703
705
|
});
|
|
704
706
|
if (params?.target === "_blank") {
|
|
705
707
|
window.open(url, "_blank", "noopener,noreferrer");
|
package/dist/core.cjs
CHANGED
|
@@ -186,12 +186,12 @@ var OAuthTokenResponseSchema = import_zod2.z.object({
|
|
|
186
186
|
var import_zod3 = require("zod");
|
|
187
187
|
var OAuthUserInfoResponseSchema = import_zod3.z.object({
|
|
188
188
|
sub: import_zod3.z.string(),
|
|
189
|
-
email: import_zod3.z.
|
|
189
|
+
email: import_zod3.z.email(),
|
|
190
190
|
name: import_zod3.z.string(),
|
|
191
191
|
roles: import_zod3.z.array(import_zod3.z.string()).optional()
|
|
192
192
|
});
|
|
193
193
|
var OAuthUserInfoErrorResponseSchema = import_zod3.z.object({
|
|
194
|
-
error: import_zod3.z.
|
|
194
|
+
error: import_zod3.z.string(),
|
|
195
195
|
error_id: import_zod3.z.string().optional()
|
|
196
196
|
});
|
|
197
197
|
|
package/dist/core.d.ts
CHANGED
|
@@ -200,104 +200,6 @@ declare const OAuthTokenRevokeSchema: z.ZodObject<{
|
|
|
200
200
|
}, z.core.$strip>;
|
|
201
201
|
type OAuthTokenRevokeRequest = z.infer<typeof OAuthTokenRevokeSchema>;
|
|
202
202
|
|
|
203
|
-
/**
|
|
204
|
-
* OAuth user adapter profile shape.
|
|
205
|
-
*
|
|
206
|
-
* Significance: Keeps OAuth services independent from provider SDK user models.
|
|
207
|
-
* Core idea: Represent only the profile fields required by OAuth login and userinfo.
|
|
208
|
-
* Main function: Provide a canonical user profile contract for adapters.
|
|
209
|
-
* Main purpose: Let the OAuth wrapper switch user providers without changing services.
|
|
210
|
-
*
|
|
211
|
-
* @example
|
|
212
|
-
* const sub = String(profile.id);
|
|
213
|
-
*/
|
|
214
|
-
type OAuthUserProfile = {
|
|
215
|
-
id: string | number;
|
|
216
|
-
email?: string | null;
|
|
217
|
-
name?: string | null;
|
|
218
|
-
first_name?: string | null;
|
|
219
|
-
last_name?: string | null;
|
|
220
|
-
roles?: string[];
|
|
221
|
-
[key: string]: unknown;
|
|
222
|
-
};
|
|
223
|
-
/**
|
|
224
|
-
* OAuth provider login credentials result.
|
|
225
|
-
*
|
|
226
|
-
* Significance: Normalizes provider login responses for middleware sessions.
|
|
227
|
-
* Core idea: Require a session token while allowing provider-specific metadata.
|
|
228
|
-
* Main function: Carry the provider session token after credential verification.
|
|
229
|
-
* Main purpose: Persist the token needed to mint OAuth access tokens later.
|
|
230
|
-
*
|
|
231
|
-
* @example
|
|
232
|
-
* const sessionToken = credentials.token;
|
|
233
|
-
*/
|
|
234
|
-
type OAuthUserCredentials = {
|
|
235
|
-
token: string;
|
|
236
|
-
[key: string]: unknown;
|
|
237
|
-
};
|
|
238
|
-
/**
|
|
239
|
-
* OAuth provider access token result.
|
|
240
|
-
*
|
|
241
|
-
* Significance: Normalizes provider token exchange responses.
|
|
242
|
-
* Core idea: OAuth token services only need access, expiry, and optional refresh token.
|
|
243
|
-
* Main function: Return a provider access token for third-party OAuth clients.
|
|
244
|
-
* Main purpose: Hide provider SDK response details behind the adapter contract.
|
|
245
|
-
*
|
|
246
|
-
* @example
|
|
247
|
-
* return { access_token: token.access_token, expires_in: token.expires_in };
|
|
248
|
-
*/
|
|
249
|
-
type OAuthUserAccessToken = {
|
|
250
|
-
access_token: string;
|
|
251
|
-
expires_in: number;
|
|
252
|
-
refresh_token?: string | null;
|
|
253
|
-
[key: string]: unknown;
|
|
254
|
-
};
|
|
255
|
-
/**
|
|
256
|
-
* User adapter contract for the OAuth wrapper.
|
|
257
|
-
*
|
|
258
|
-
* Significance: Defines the boundary between OAuth core services and user providers.
|
|
259
|
-
* Core idea: Keep provider-specific login, token exchange, and profile lookup behind one port.
|
|
260
|
-
* Main function: Verify credentials, exchange provider tokens, and load user profiles.
|
|
261
|
-
* Main purpose: Allow any upstream user API to be swapped without changing OAuth services.
|
|
262
|
-
*
|
|
263
|
-
* @example
|
|
264
|
-
* const access = await adapter.exchangeAccessToken({ token: sessionToken });
|
|
265
|
-
*/
|
|
266
|
-
interface OAuthUserAdapterInterface {
|
|
267
|
-
/**
|
|
268
|
-
* Verifies user credentials with the backing user provider.
|
|
269
|
-
*
|
|
270
|
-
* @param email - User email or username accepted by the provider.
|
|
271
|
-
* @param password - Plain credential submitted by the login form.
|
|
272
|
-
* @returns Provider credentials containing a session token.
|
|
273
|
-
*/
|
|
274
|
-
login(params: LoginParams): Promise<OAuthUserCredentials>;
|
|
275
|
-
/**
|
|
276
|
-
* Exchanges a provider session token for a provider access token.
|
|
277
|
-
*
|
|
278
|
-
* @param params - Session token and optional language preference.
|
|
279
|
-
* @returns Provider access token payload used as the OAuth access token response.
|
|
280
|
-
*/
|
|
281
|
-
exchangeAccessToken(params: {
|
|
282
|
-
token: string;
|
|
283
|
-
lang?: string;
|
|
284
|
-
}): Promise<OAuthUserAccessToken>;
|
|
285
|
-
/**
|
|
286
|
-
* Loads profile information using a provider session token.
|
|
287
|
-
*
|
|
288
|
-
* @param sessionToken - Provider session token from a successful login.
|
|
289
|
-
* @returns Canonical user profile for session creation.
|
|
290
|
-
*/
|
|
291
|
-
getUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
|
|
292
|
-
/**
|
|
293
|
-
* Loads profile information using a provider access token.
|
|
294
|
-
*
|
|
295
|
-
* @param accessToken - Bearer access token presented to the userinfo endpoint.
|
|
296
|
-
* @returns Canonical user profile for OIDC userinfo claims.
|
|
297
|
-
*/
|
|
298
|
-
getUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
|
|
299
|
-
}
|
|
300
|
-
|
|
301
203
|
declare const OAuthUserCredentialsSchema: z.ZodObject<{
|
|
302
204
|
user_id: z.ZodString;
|
|
303
205
|
provider_refresh_token: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
@@ -365,13 +267,13 @@ interface OAuthWrapperRepositoryInterface extends OAuthClientsRepositoryInterfac
|
|
|
365
267
|
|
|
366
268
|
declare const OAuthUserInfoResponseSchema: z.ZodObject<{
|
|
367
269
|
sub: z.ZodString;
|
|
368
|
-
email: z.
|
|
270
|
+
email: z.ZodEmail;
|
|
369
271
|
name: z.ZodString;
|
|
370
272
|
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
371
273
|
}, z.core.$strip>;
|
|
372
274
|
type OAuthUserInfoResponse = z.infer<typeof OAuthUserInfoResponseSchema>;
|
|
373
275
|
declare const OAuthUserInfoErrorResponseSchema: z.ZodObject<{
|
|
374
|
-
error: z.
|
|
276
|
+
error: z.ZodString;
|
|
375
277
|
error_id: z.ZodOptional<z.ZodString>;
|
|
376
278
|
}, z.core.$strip>;
|
|
377
279
|
type OAuthUserInfoErrorResponse = z.infer<typeof OAuthUserInfoErrorResponseSchema>;
|
|
@@ -415,25 +317,40 @@ interface OAuthTokenServiceInterface {
|
|
|
415
317
|
*/
|
|
416
318
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
417
319
|
}
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
getOAuthTokenService(): OAuthTokenServiceInterface;
|
|
320
|
+
type ResolveAuthorizePageResult = {
|
|
321
|
+
ok: true;
|
|
322
|
+
data: OAuthAuthorizePageData;
|
|
323
|
+
} | {
|
|
324
|
+
ok: false;
|
|
325
|
+
error: OAuthAuthorizeValidationError;
|
|
326
|
+
};
|
|
327
|
+
interface OAuthProviderInterface<SessionPayload extends OAuthSessionPayload> extends OAuthTokenServiceInterface {
|
|
328
|
+
login(params: LoginParams): Promise<SessionPayload>;
|
|
329
|
+
/**
|
|
330
|
+
* Get the OAuth repository
|
|
331
|
+
*/
|
|
431
332
|
getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
432
333
|
/**
|
|
433
|
-
*
|
|
434
|
-
|
|
334
|
+
* Clear the session
|
|
335
|
+
*/
|
|
336
|
+
clearSession(): Promise<void>;
|
|
337
|
+
/**
|
|
338
|
+
* Get the session
|
|
339
|
+
*/
|
|
340
|
+
getSession(): Promise<SessionPayload | null>;
|
|
341
|
+
/**
|
|
342
|
+
* Logout the user
|
|
343
|
+
*/
|
|
344
|
+
logout(userId: string): Promise<void>;
|
|
345
|
+
/**
|
|
346
|
+
* Resolve the authorize page
|
|
435
347
|
*/
|
|
436
|
-
|
|
348
|
+
resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<ResolveAuthorizePageResult>;
|
|
349
|
+
/**
|
|
350
|
+
* Process the consent
|
|
351
|
+
*/
|
|
352
|
+
processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
|
|
353
|
+
getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
437
354
|
}
|
|
438
355
|
|
|
439
356
|
declare const OAuthRfcCodes: {
|
|
@@ -458,4 +375,4 @@ declare function generatePkceVerifier(length?: number): string;
|
|
|
458
375
|
declare function computePkceS256Challenge(verifier: string): Promise<string>;
|
|
459
376
|
declare function randomOAuthState(): string;
|
|
460
377
|
|
|
461
|
-
export { type CreateAuthorizationCodeInput, type CreateOAuthRefreshTokenInput, type OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, type OAuthAuthorizePageData, type OAuthAuthorizeQuery, OAuthAuthorizeQuerySchema, type OAuthAuthorizeValidationError, type OAuthClientCreate, type OAuthClientCreateResponse, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, type OAuthClientDetail, OAuthClientDetailSchema, type OAuthClientListItem, OAuthClientListItemSchema, type OAuthClientRow, OAuthClientRowSchema, type OAuthClientSecretRotateResponse, OAuthClientSecretRotateResponseSchema, type OAuthClientUpdate, OAuthClientUpdateSchema, type OAuthClientsInterface, type OAuthClientsRepositoryInterface, type OAuthConsentBody, OAuthConsentBodySchema, type OAuthConsentResult, type OAuthRefreshTokenRow, OAuthRefreshTokenSchema, type OAuthRfcCodeType, OAuthRfcCodes, type OAuthRfcErrorCodesType, type
|
|
378
|
+
export { type CreateAuthorizationCodeInput, type CreateOAuthRefreshTokenInput, type OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, type OAuthAuthorizePageData, type OAuthAuthorizeQuery, OAuthAuthorizeQuerySchema, type OAuthAuthorizeValidationError, type OAuthClientCreate, type OAuthClientCreateResponse, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, type OAuthClientDetail, OAuthClientDetailSchema, type OAuthClientListItem, OAuthClientListItemSchema, type OAuthClientRow, OAuthClientRowSchema, type OAuthClientSecretRotateResponse, OAuthClientSecretRotateResponseSchema, type OAuthClientUpdate, OAuthClientUpdateSchema, type OAuthClientsInterface, type OAuthClientsRepositoryInterface, type OAuthConsentBody, OAuthConsentBodySchema, type OAuthConsentResult, type OAuthProviderInterface, type OAuthRefreshTokenRow, OAuthRefreshTokenSchema, type OAuthRfcCodeType, OAuthRfcCodes, type OAuthRfcErrorCodesType, type OAuthSessionInterface, type OAuthSessionPayload, type OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, type OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, type OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, type OAuthTokenRequest, OAuthTokenRequestSchema, type OAuthTokenResponse, OAuthTokenResponseSchema, type OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, type OAuthTokenServiceInterface, type OAuthUserCredentialsRow, OAuthUserCredentialsSchema, type OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, type OAuthUserInfoResponse, OAuthUserInfoResponseSchema, type OAuthWrapperRepositoryInterface, type ResolveAuthorizePageResult, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState };
|
package/dist/core.js
CHANGED
|
@@ -136,12 +136,12 @@ var OAuthTokenResponseSchema = z2.object({
|
|
|
136
136
|
import { z as z3 } from "zod";
|
|
137
137
|
var OAuthUserInfoResponseSchema = z3.object({
|
|
138
138
|
sub: z3.string(),
|
|
139
|
-
email: z3.
|
|
139
|
+
email: z3.email(),
|
|
140
140
|
name: z3.string(),
|
|
141
141
|
roles: z3.array(z3.string()).optional()
|
|
142
142
|
});
|
|
143
143
|
var OAuthUserInfoErrorResponseSchema = z3.object({
|
|
144
|
-
error: z3.
|
|
144
|
+
error: z3.string(),
|
|
145
145
|
error_id: z3.string().optional()
|
|
146
146
|
});
|
|
147
147
|
|