@qlover/oauth-wrapper 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.cjs CHANGED
@@ -300,6 +300,7 @@ var OAuthGateway = class {
300
300
  constructor(options) {
301
301
  this.options = options;
302
302
  }
303
+ options;
303
304
  callbackInflight = /* @__PURE__ */ new Map();
304
305
  get localeOptions() {
305
306
  return {
@@ -742,7 +743,8 @@ var OAuthClient = class {
742
743
  locale: this.config.locale,
743
744
  redirectUri,
744
745
  statePreview: `${state.slice(0, 8)}\u2026`,
745
- pkceSaved: this.pkceStore.loadPkceSession() != null
746
+ pkceSaved: this.pkceStore.loadPkceSession() != null,
747
+ authorizeUrl: url
746
748
  });
747
749
  if (params?.target === "_blank") {
748
750
  window.open(url, "_blank", "noopener,noreferrer");
package/dist/client.d.ts CHANGED
@@ -296,7 +296,7 @@ declare class OAuthClient<T extends OAuthUserInfo = OAuthUserInfo> implements OA
296
296
  /**
297
297
  * @override
298
298
  */
299
- startOAuthLogin(params?: OAuthGatewayAuthorizeParams): Promise<void>;
299
+ startOAuthLogin(params?: Partial<OAuthGatewayAuthorizeParams>): Promise<void>;
300
300
  completeOAuthCallback(params?: Parameters<OAuthGateway<T>['oAuthWrapperCallback']>[0]): Promise<T>;
301
301
  parseOAuthCallbackSearchParams(searchParams: URLSearchParams): Parameters<OAuthGateway<T>['oAuthWrapperCallback']>[0];
302
302
  /**
package/dist/client.js CHANGED
@@ -257,6 +257,7 @@ var OAuthGateway = class {
257
257
  constructor(options) {
258
258
  this.options = options;
259
259
  }
260
+ options;
260
261
  callbackInflight = /* @__PURE__ */ new Map();
261
262
  get localeOptions() {
262
263
  return {
@@ -699,7 +700,8 @@ var OAuthClient = class {
699
700
  locale: this.config.locale,
700
701
  redirectUri,
701
702
  statePreview: `${state.slice(0, 8)}\u2026`,
702
- pkceSaved: this.pkceStore.loadPkceSession() != null
703
+ pkceSaved: this.pkceStore.loadPkceSession() != null,
704
+ authorizeUrl: url
703
705
  });
704
706
  if (params?.target === "_blank") {
705
707
  window.open(url, "_blank", "noopener,noreferrer");
package/dist/core.cjs CHANGED
@@ -44,7 +44,9 @@ __export(core_exports, {
44
44
  computePkceS256Challenge: () => computePkceS256Challenge,
45
45
  generatePkceVerifier: () => generatePkceVerifier,
46
46
  isOAuthRedirectUri: () => isOAuthRedirectUri,
47
- randomOAuthState: () => randomOAuthState
47
+ randomOAuthState: () => randomOAuthState,
48
+ signWithEmailOtpSchema: () => signWithEmailOtpSchema,
49
+ signWithPhoneOtpSchema: () => signWithPhoneOtpSchema
48
50
  });
49
51
  module.exports = __toCommonJS(core_exports);
50
52
 
@@ -156,6 +158,18 @@ var OAuthAuthorizationCodeRowSchema = import_zod.z.object({
156
158
  used: import_zod.z.boolean(),
157
159
  created_at: import_zod.z.string()
158
160
  });
161
+ var signWithPhoneOtpSchema = import_zod.z.object({
162
+ /** The user's phone number. */
163
+ phone: import_zod.z.string(),
164
+ /** The otp sent to the user's phone number. */
165
+ token: import_zod.z.string().optional()
166
+ });
167
+ var signWithEmailOtpSchema = import_zod.z.object({
168
+ /** The user's email address. */
169
+ email: import_zod.z.email(),
170
+ /** The otp sent to the user's email address. */
171
+ token: import_zod.z.string().optional()
172
+ });
159
173
 
160
174
  // src/core/schema/OAuthClientSchema.ts
161
175
  var import_zod2 = require("zod");
@@ -186,12 +200,12 @@ var OAuthTokenResponseSchema = import_zod2.z.object({
186
200
  var import_zod3 = require("zod");
187
201
  var OAuthUserInfoResponseSchema = import_zod3.z.object({
188
202
  sub: import_zod3.z.string(),
189
- email: import_zod3.z.string().email(),
203
+ email: import_zod3.z.email(),
190
204
  name: import_zod3.z.string(),
191
205
  roles: import_zod3.z.array(import_zod3.z.string()).optional()
192
206
  });
193
207
  var OAuthUserInfoErrorResponseSchema = import_zod3.z.object({
194
- error: import_zod3.z.literal("invalid_token"),
208
+ error: import_zod3.z.string(),
195
209
  error_id: import_zod3.z.string().optional()
196
210
  });
197
211
 
@@ -297,5 +311,7 @@ function randomOAuthState() {
297
311
  computePkceS256Challenge,
298
312
  generatePkceVerifier,
299
313
  isOAuthRedirectUri,
300
- randomOAuthState
314
+ randomOAuthState,
315
+ signWithEmailOtpSchema,
316
+ signWithPhoneOtpSchema
301
317
  });
package/dist/core.d.ts CHANGED
@@ -111,6 +111,17 @@ declare const OAuthAuthorizationCodeRowSchema: z.ZodObject<{
111
111
  created_at: z.ZodString;
112
112
  }, z.core.$strip>;
113
113
  type OAuthAuthorizationCodeRow = z.infer<typeof OAuthAuthorizationCodeRowSchema>;
114
+ declare const signWithPhoneOtpSchema: z.ZodObject<{
115
+ phone: z.ZodString;
116
+ token: z.ZodOptional<z.ZodString>;
117
+ }, z.core.$strip>;
118
+ declare const signWithEmailOtpSchema: z.ZodObject<{
119
+ email: z.ZodEmail;
120
+ token: z.ZodOptional<z.ZodString>;
121
+ }, z.core.$strip>;
122
+ type SignWithPhoneOtpSchema = z.infer<typeof signWithPhoneOtpSchema>;
123
+ type SignWithEmailOtpSchema = z.infer<typeof signWithEmailOtpSchema>;
124
+ type SignWithOtpSchema = SignWithPhoneOtpSchema | SignWithEmailOtpSchema;
114
125
 
115
126
  interface OAuthClientsInterface {
116
127
  listForOwner(ownerUserId: string): Promise<OAuthClientListItem[]>;
@@ -200,104 +211,6 @@ declare const OAuthTokenRevokeSchema: z.ZodObject<{
200
211
  }, z.core.$strip>;
201
212
  type OAuthTokenRevokeRequest = z.infer<typeof OAuthTokenRevokeSchema>;
202
213
 
203
- /**
204
- * OAuth user adapter profile shape.
205
- *
206
- * Significance: Keeps OAuth services independent from provider SDK user models.
207
- * Core idea: Represent only the profile fields required by OAuth login and userinfo.
208
- * Main function: Provide a canonical user profile contract for adapters.
209
- * Main purpose: Let the OAuth wrapper switch user providers without changing services.
210
- *
211
- * @example
212
- * const sub = String(profile.id);
213
- */
214
- type OAuthUserProfile = {
215
- id: string | number;
216
- email?: string | null;
217
- name?: string | null;
218
- first_name?: string | null;
219
- last_name?: string | null;
220
- roles?: string[];
221
- [key: string]: unknown;
222
- };
223
- /**
224
- * OAuth provider login credentials result.
225
- *
226
- * Significance: Normalizes provider login responses for middleware sessions.
227
- * Core idea: Require a session token while allowing provider-specific metadata.
228
- * Main function: Carry the provider session token after credential verification.
229
- * Main purpose: Persist the token needed to mint OAuth access tokens later.
230
- *
231
- * @example
232
- * const sessionToken = credentials.token;
233
- */
234
- type OAuthUserCredentials = {
235
- token: string;
236
- [key: string]: unknown;
237
- };
238
- /**
239
- * OAuth provider access token result.
240
- *
241
- * Significance: Normalizes provider token exchange responses.
242
- * Core idea: OAuth token services only need access, expiry, and optional refresh token.
243
- * Main function: Return a provider access token for third-party OAuth clients.
244
- * Main purpose: Hide provider SDK response details behind the adapter contract.
245
- *
246
- * @example
247
- * return { access_token: token.access_token, expires_in: token.expires_in };
248
- */
249
- type OAuthUserAccessToken = {
250
- access_token: string;
251
- expires_in: number;
252
- refresh_token?: string | null;
253
- [key: string]: unknown;
254
- };
255
- /**
256
- * User adapter contract for the OAuth wrapper.
257
- *
258
- * Significance: Defines the boundary between OAuth core services and user providers.
259
- * Core idea: Keep provider-specific login, token exchange, and profile lookup behind one port.
260
- * Main function: Verify credentials, exchange provider tokens, and load user profiles.
261
- * Main purpose: Allow any upstream user API to be swapped without changing OAuth services.
262
- *
263
- * @example
264
- * const access = await adapter.exchangeAccessToken({ token: sessionToken });
265
- */
266
- interface OAuthUserAdapterInterface {
267
- /**
268
- * Verifies user credentials with the backing user provider.
269
- *
270
- * @param email - User email or username accepted by the provider.
271
- * @param password - Plain credential submitted by the login form.
272
- * @returns Provider credentials containing a session token.
273
- */
274
- login(params: LoginParams): Promise<OAuthUserCredentials>;
275
- /**
276
- * Exchanges a provider session token for a provider access token.
277
- *
278
- * @param params - Session token and optional language preference.
279
- * @returns Provider access token payload used as the OAuth access token response.
280
- */
281
- exchangeAccessToken(params: {
282
- token: string;
283
- lang?: string;
284
- }): Promise<OAuthUserAccessToken>;
285
- /**
286
- * Loads profile information using a provider session token.
287
- *
288
- * @param sessionToken - Provider session token from a successful login.
289
- * @returns Canonical user profile for session creation.
290
- */
291
- getUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
292
- /**
293
- * Loads profile information using a provider access token.
294
- *
295
- * @param accessToken - Bearer access token presented to the userinfo endpoint.
296
- * @returns Canonical user profile for OIDC userinfo claims.
297
- */
298
- getUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
299
- }
300
-
301
214
  declare const OAuthUserCredentialsSchema: z.ZodObject<{
302
215
  user_id: z.ZodString;
303
216
  provider_refresh_token: z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -365,13 +278,13 @@ interface OAuthWrapperRepositoryInterface extends OAuthClientsRepositoryInterfac
365
278
 
366
279
  declare const OAuthUserInfoResponseSchema: z.ZodObject<{
367
280
  sub: z.ZodString;
368
- email: z.ZodString;
281
+ email: z.ZodEmail;
369
282
  name: z.ZodString;
370
283
  roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
371
284
  }, z.core.$strip>;
372
285
  type OAuthUserInfoResponse = z.infer<typeof OAuthUserInfoResponseSchema>;
373
286
  declare const OAuthUserInfoErrorResponseSchema: z.ZodObject<{
374
- error: z.ZodLiteral<"invalid_token">;
287
+ error: z.ZodString;
375
288
  error_id: z.ZodOptional<z.ZodString>;
376
289
  }, z.core.$strip>;
377
290
  type OAuthUserInfoErrorResponse = z.infer<typeof OAuthUserInfoErrorResponseSchema>;
@@ -415,25 +328,87 @@ interface OAuthTokenServiceInterface {
415
328
  */
416
329
  revokeToken(rawFields: Record<string, string>): Promise<void>;
417
330
  }
418
- interface OAuthServiceInterface<SessionPayload extends OAuthSessionPayload> extends OAuthTokenServiceInterface {
419
- resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
420
- ok: true;
421
- data: OAuthAuthorizePageData;
422
- } | {
423
- ok: false;
424
- error: OAuthAuthorizeValidationError;
425
- }>;
426
- processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
427
- getUserInfo(accessToken: string): Promise<OAuthUserInfoResponse>;
428
- getOAuthSession(): OAuthSessionInterface<SessionPayload>;
429
- getOAuthAdapter(): OAuthUserAdapterInterface;
430
- getOAuthTokenService(): OAuthTokenServiceInterface;
331
+ type ResolveAuthorizePageResult = {
332
+ ok: true;
333
+ data: OAuthAuthorizePageData;
334
+ } | {
335
+ ok: false;
336
+ error: OAuthAuthorizeValidationError;
337
+ };
338
+ interface OAuthProviderInterface<SessionPayload extends OAuthSessionPayload> extends OAuthTokenServiceInterface {
339
+ login(params: LoginParams): Promise<SessionPayload>;
340
+ /**
341
+ * Get the OAuth repository
342
+ */
431
343
  getOAuthRepo(): OAuthWrapperRepositoryInterface;
432
344
  /**
433
- * Application logout: revoke issued refresh tokens, clear stored provider
434
- * credentials, and clear the authorization-server session cookie.
345
+ * Clear the session
346
+ */
347
+ clearSession(): Promise<void>;
348
+ /**
349
+ * Get the session
350
+ */
351
+ getSession(): Promise<SessionPayload | null>;
352
+ /**
353
+ * Logout the user
354
+ */
355
+ logout(userId: string): Promise<void>;
356
+ /**
357
+ * Resolve the authorize page
358
+ */
359
+ resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<ResolveAuthorizePageResult>;
360
+ /**
361
+ * Process the consent
362
+ */
363
+ processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
364
+ getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
365
+ }
366
+ type SignWithOtpParams = {
367
+ email: string;
368
+ } | {
369
+ phone: string;
370
+ };
371
+ interface VerifyMobileOtpParams {
372
+ /** The user's phone number. */
373
+ phone: string;
374
+ /** The otp sent to the user's phone number. */
375
+ token: string;
376
+ }
377
+ interface VerifyEmailOtpParams {
378
+ /** The user's email address. */
379
+ email: string;
380
+ /** The otp sent to the user's email address. */
381
+ token: string;
382
+ }
383
+ type VerifyOtpParams = SignWithOtpSchema;
384
+ type SignOtpResult = {
385
+ expired: number;
386
+ messageId?: string;
387
+ };
388
+ /**
389
+ * Interface for OAuth providers that support OTP-based authentication.
390
+ *
391
+ * This interface extends the base OAuthProviderInterface with methods specific to OTP flows.
392
+ * It allows for signing in with OTP and verifying OTP tokens to establish sessions.
393
+ *
394
+ * The generic SessionPayload type parameter allows implementations to define their own session data structure.
395
+ */
396
+ interface OAuthOTPProviderInterface {
397
+ /**
398
+ * Sign in using OTP. The params can be either email-based or phone-based.
399
+ * The implementation should handle sending the OTP to the user.
400
+ *
401
+ * @param params - Parameters for signing in with OTP, either email or phone.
402
+ * @returns A promise that resolves to the session payload after successful OTP initiation.
403
+ */
404
+ signWithOtp(params: SignWithOtpParams): Promise<SignOtpResult>;
405
+ /**
406
+ * Verify the OTP token provided by the user. This method should validate the OTP and establish a session if valid.
407
+ *
408
+ * @param params - Parameters for verifying the OTP, including the identifier (email or phone) and the OTP token.
409
+ * @returns A promise that resolves to the session payload after successful OTP verification.
435
410
  */
436
- logoutUser(userId: string): Promise<void>;
411
+ verifyOtp(params: VerifyOtpParams): Promise<SignOtpResult>;
437
412
  }
438
413
 
439
414
  declare const OAuthRfcCodes: {
@@ -458,4 +433,4 @@ declare function generatePkceVerifier(length?: number): string;
458
433
  declare function computePkceS256Challenge(verifier: string): Promise<string>;
459
434
  declare function randomOAuthState(): string;
460
435
 
461
- export { type CreateAuthorizationCodeInput, type CreateOAuthRefreshTokenInput, type OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, type OAuthAuthorizePageData, type OAuthAuthorizeQuery, OAuthAuthorizeQuerySchema, type OAuthAuthorizeValidationError, type OAuthClientCreate, type OAuthClientCreateResponse, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, type OAuthClientDetail, OAuthClientDetailSchema, type OAuthClientListItem, OAuthClientListItemSchema, type OAuthClientRow, OAuthClientRowSchema, type OAuthClientSecretRotateResponse, OAuthClientSecretRotateResponseSchema, type OAuthClientUpdate, OAuthClientUpdateSchema, type OAuthClientsInterface, type OAuthClientsRepositoryInterface, type OAuthConsentBody, OAuthConsentBodySchema, type OAuthConsentResult, type OAuthRefreshTokenRow, OAuthRefreshTokenSchema, type OAuthRfcCodeType, OAuthRfcCodes, type OAuthRfcErrorCodesType, type OAuthServiceInterface, type OAuthSessionInterface, type OAuthSessionPayload, type OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, type OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, type OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, type OAuthTokenRequest, OAuthTokenRequestSchema, type OAuthTokenResponse, OAuthTokenResponseSchema, type OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, type OAuthTokenServiceInterface, type OAuthUserAccessToken, type OAuthUserAdapterInterface, type OAuthUserCredentials, type OAuthUserCredentialsRow, OAuthUserCredentialsSchema, type OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, type OAuthUserInfoResponse, OAuthUserInfoResponseSchema, type OAuthUserProfile, type OAuthWrapperRepositoryInterface, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState };
436
+ export { type CreateAuthorizationCodeInput, type CreateOAuthRefreshTokenInput, type OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, type OAuthAuthorizePageData, type OAuthAuthorizeQuery, OAuthAuthorizeQuerySchema, type OAuthAuthorizeValidationError, type OAuthClientCreate, type OAuthClientCreateResponse, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, type OAuthClientDetail, OAuthClientDetailSchema, type OAuthClientListItem, OAuthClientListItemSchema, type OAuthClientRow, OAuthClientRowSchema, type OAuthClientSecretRotateResponse, OAuthClientSecretRotateResponseSchema, type OAuthClientUpdate, OAuthClientUpdateSchema, type OAuthClientsInterface, type OAuthClientsRepositoryInterface, type OAuthConsentBody, OAuthConsentBodySchema, type OAuthConsentResult, type OAuthOTPProviderInterface, type OAuthProviderInterface, type OAuthRefreshTokenRow, OAuthRefreshTokenSchema, type OAuthRfcCodeType, OAuthRfcCodes, type OAuthRfcErrorCodesType, type OAuthSessionInterface, type OAuthSessionPayload, type OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, type OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, type OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, type OAuthTokenRequest, OAuthTokenRequestSchema, type OAuthTokenResponse, OAuthTokenResponseSchema, type OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, type OAuthTokenServiceInterface, type OAuthUserCredentialsRow, OAuthUserCredentialsSchema, type OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, type OAuthUserInfoResponse, OAuthUserInfoResponseSchema, type OAuthWrapperRepositoryInterface, type ResolveAuthorizePageResult, type SignOtpResult, type SignWithEmailOtpSchema, type SignWithOtpParams, type SignWithOtpSchema, type SignWithPhoneOtpSchema, type VerifyEmailOtpParams, type VerifyMobileOtpParams, type VerifyOtpParams, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState, signWithEmailOtpSchema, signWithPhoneOtpSchema };
package/dist/core.js CHANGED
@@ -106,6 +106,18 @@ var OAuthAuthorizationCodeRowSchema = z.object({
106
106
  used: z.boolean(),
107
107
  created_at: z.string()
108
108
  });
109
+ var signWithPhoneOtpSchema = z.object({
110
+ /** The user's phone number. */
111
+ phone: z.string(),
112
+ /** The otp sent to the user's phone number. */
113
+ token: z.string().optional()
114
+ });
115
+ var signWithEmailOtpSchema = z.object({
116
+ /** The user's email address. */
117
+ email: z.email(),
118
+ /** The otp sent to the user's email address. */
119
+ token: z.string().optional()
120
+ });
109
121
 
110
122
  // src/core/schema/OAuthClientSchema.ts
111
123
  import { z as z2 } from "zod";
@@ -136,12 +148,12 @@ var OAuthTokenResponseSchema = z2.object({
136
148
  import { z as z3 } from "zod";
137
149
  var OAuthUserInfoResponseSchema = z3.object({
138
150
  sub: z3.string(),
139
- email: z3.string().email(),
151
+ email: z3.email(),
140
152
  name: z3.string(),
141
153
  roles: z3.array(z3.string()).optional()
142
154
  });
143
155
  var OAuthUserInfoErrorResponseSchema = z3.object({
144
- error: z3.literal("invalid_token"),
156
+ error: z3.string(),
145
157
  error_id: z3.string().optional()
146
158
  });
147
159
 
@@ -246,5 +258,7 @@ export {
246
258
  computePkceS256Challenge,
247
259
  generatePkceVerifier,
248
260
  isOAuthRedirectUri,
249
- randomOAuthState
261
+ randomOAuthState,
262
+ signWithEmailOtpSchema,
263
+ signWithPhoneOtpSchema
250
264
  };