@sentropic/auth-hono 0.2.1 → 0.3.0

package/dist/oauth/token-handler.js

@@ -0,0 +1,176 @@
+import { createJwksService } from './jwks-service.js';
+import { oauthJsonError } from './http-utils.js';
+import { sha256Base64url } from './crypto-utils.js';
+import { OAuthDpopProofError, verifyOAuthDpopProof } from './dpop.js';
+export const createOAuthTokenHandler = (options) => async (c) => {
+    const form = new URLSearchParams(await c.req.text());
+    if (form.get('grant_type') !== 'authorization_code') {
+        return oauthJsonError(c, 400, 'unsupported_grant_type', 'Only authorization_code grant is supported.');
+    }
+    const auth = await authenticateClient(c, form, options.ports);
+    if (auth instanceof Response)
+        return auth;
+    const codePayload = await options.ports.oauthStateStore.consumeAuthCode(form.get('code') ?? '');
+    if (!codePayload || codePayload.clientId !== auth.client.clientId) {
+        return oauthJsonError(c, 400, 'invalid_grant', 'Authorization code is invalid or already used.');
+    }
+    if (form.get('redirect_uri') !== codePayload.redirectUri) {
+        return oauthJsonError(c, 400, 'invalid_grant', 'redirect_uri does not match the authorization request.');
+    }
+    if ((await sha256Base64url(form.get('code_verifier') ?? '')) !== codePayload.codeChallenge) {
+        return oauthJsonError(c, 400, 'invalid_grant', 'PKCE verification failed.');
+    }
+    const dpopJkt = await resolveDpopJkt(c, options, auth.client, codePayload);
+    if (dpopJkt instanceof Response)
+        return dpopJkt;
+    const user = await options.ports.users.findById(codePayload.userId);
+    if (!user)
+        return oauthJsonError(c, 400, 'invalid_grant', 'Authorization code user is invalid.');
+    const tokens = await issueTokens(options, auth.client, codePayload, user, dpopJkt);
+    return c.json(tokens);
+};
+const authenticateClient = async (c, form, ports) => {
+    const credentials = parseClientCredentials(c.req.header('authorization'), form);
+    if (!credentials.clientId) {
+        return oauthJsonError(c, 401, 'invalid_client', 'Client authentication is required.');
+    }
+    const client = await ports.oauthStateStore.findClient(credentials.clientId);
+    if (!client)
+        return oauthJsonError(c, 401, 'invalid_client', 'Client authentication failed.');
+    if (client.tokenEndpointAuthMethod === 'none') {
+        return { client };
+    }
+    if (!credentials.secret || !client.clientSecretHash) {
+        return oauthJsonError(c, 401, 'invalid_client', 'Client secret is required.');
+    }
+    const secretHash = await ports.tokens.hashSecret(credentials.secret);
+    if (secretHash !== client.clientSecretHash) {
+        return oauthJsonError(c, 401, 'invalid_client', 'Client authentication failed.');
+    }
+    return { client, secret: credentials.secret };
+};
+const parseClientCredentials = (authorization, form) => {
+    if (authorization?.startsWith('Basic ')) {
+        const decoded = atob(authorization.slice('Basic '.length));
+        const separator = decoded.indexOf(':');
+        return {
+            clientId: separator >= 0 ? decoded.slice(0, separator) : decoded,
+            secret: separator >= 0 ? decoded.slice(separator + 1) : '',
+        };
+    }
+    return {
+        clientId: form.get('client_id'),
+        secret: form.get('client_secret') ?? undefined,
+    };
+};
+const resolveDpopJkt = async (c, options, client, codePayload) => {
+    if (!client.dpopBoundAccessTokens)
+        return null;
+    const proof = c.req.header('dpop');
+    if (!proof)
+        return oauthJsonError(c, 400, 'invalid_dpop_proof', 'DPoP proof is required.');
+    try {
+        const verified = await verifyOAuthDpopProof({
+            htm: 'POST',
+            htu: c.req.url,
+            iatSkewSeconds: options.dpopIatSkewSeconds,
+            ports: options.ports,
+            proof,
+        });
+        if (codePayload.dpopJkt && codePayload.dpopJkt !== verified.jkt) {
+            return oauthJsonError(c, 400, 'invalid_grant', 'DPoP key does not match the authorization code.');
+        }
+        return verified.jkt;
+    }
+    catch (error) {
+        if (error instanceof OAuthDpopProofError) {
+            return oauthJsonError(c, 400, 'invalid_dpop_proof', error.message);
+        }
+        throw error;
+    }
+};
+const issueTokens = async (options, client, codePayload, user, dpopJkt) => {
+    const accessTokenTtlSeconds = options.accessTokenTtlSeconds ?? 3600;
+    const idTokenTtlSeconds = options.idTokenTtlSeconds ?? 3600;
+    const now = options.ports.clock.now();
+    const accessExpiresAt = options.ports.clock.addSeconds(now, accessTokenTtlSeconds);
+    const idExpiresAt = options.ports.clock.addSeconds(now, idTokenTtlSeconds);
+    const scopes = codePayload.scope.split(/\s+/).filter(Boolean);
+    const cnf = dpopJkt ? { jkt: dpopJkt } : undefined;
+    const jwks = createJwksService({ clock: options.ports.clock, jwksPort: options.ports.jwks });
+    const accessJti = options.ports.random.uuid();
+    const accessAudience = `${trimTrailingSlash(options.issuer)}/api/v1/auth/oauth/userinfo`;
+    const accessToken = await jwks.signJwt({
+        acr: codePayload.acr,
+        auth_time: toEpochSeconds(codePayload.authTime),
+        client_id: client.clientId,
+        ...(cnf ? { cnf } : {}),
+        scope: codePayload.scope,
+    }, {
+        audience: accessAudience,
+        expiresAt: accessExpiresAt,
+        issuer: trimTrailingSlash(options.issuer),
+        jti: accessJti,
+        subject: codePayload.userId,
+        type: 'JWT',
+    });
+    await options.ports.oauthStateStore.saveTokenMeta(accessJti, tokenMeta({
+        audience: accessAudience,
+        client,
+        codePayload,
+        dpopJkt,
+        expiresAt: accessExpiresAt,
+        jti: accessJti,
+        tokenType: 'access_token',
+    }), accessTokenTtlSeconds);
+    const response = {
+        access_token: accessToken,
+        expires_in: accessTokenTtlSeconds,
+        scope: codePayload.scope,
+        token_type: dpopJkt ? 'DPoP' : 'Bearer',
+    };
+    if (scopes.includes('openid')) {
+        const idJti = options.ports.random.uuid();
+        const idToken = await jwks.signJwt({
+            acr: codePayload.acr,
+            auth_time: toEpochSeconds(codePayload.authTime),
+            ...(cnf ? { cnf } : {}),
+            ...(scopes.includes('email') ? { email: user.email, email_verified: user.emailVerified } : {}),
+            ...(scopes.includes('profile') ? { name: user.displayName } : {}),
+            ...(codePayload.nonce ? { nonce: codePayload.nonce } : {}),
+        }, {
+            audience: client.clientId,
+            expiresAt: idExpiresAt,
+            issuer: trimTrailingSlash(options.issuer),
+            jti: idJti,
+            subject: codePayload.userId,
+            type: 'JWT',
+        });
+        response.id_token = idToken;
+        await options.ports.oauthStateStore.saveTokenMeta(idJti, tokenMeta({
+            audience: client.clientId,
+            client,
+            codePayload,
+            dpopJkt,
+            expiresAt: idExpiresAt,
+            jti: idJti,
+            tokenType: 'id_token',
+        }), idTokenTtlSeconds);
+    }
+    return response;
+};
+const tokenMeta = (input) => ({
+    audience: input.audience,
+    clientId: input.client.clientId,
+    createdAt: input.codePayload.createdAt,
+    dpopJkt: input.dpopJkt,
+    expiresAt: input.expiresAt,
+    jti: input.jti,
+    scope: input.codePayload.scope,
+    tenantId: input.codePayload.tenantId,
+    tokenType: input.tokenType,
+    userId: input.codePayload.userId,
+});
+const toEpochSeconds = (date) => Math.floor(date.getTime() / 1000);
+const trimTrailingSlash = (value) => value.replace(/\/+$/u, '');
+//# sourceMappingURL=token-handler.js.map

package/dist/oauth/token-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-handler.js","sourceRoot":"","sources":["../../src/oauth/token-handler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAgBtE,MAAM,CAAC,MAAM,uBAAuB,GAClC,CAAC,OAAiC,EAAE,EAAE,CACtC,KAAK,EAAE,CAAU,EAAqB,EAAE;IACtC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,oBAAoB,EAAE,CAAC;QACpD,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,wBAAwB,EAAE,6CAA6C,CAAC,CAAC;IACzG,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9D,IAAI,IAAI,YAAY,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAChG,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClE,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,gDAAgD,CAAC,CAAC;IACnG,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,WAAW,EAAE,CAAC;QACzD,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,wDAAwD,CAAC,CAAC;IAC3G,CAAC;IACD,IAAI,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,WAAW,CAAC,aAAa,EAAE,CAAC;QAC3F,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC3E,IAAI,OAAO,YAAY,QAAQ;QAAE,OAAO,OAAO,CAAC;IAEhD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,qCAAqC,CAAC,CAAC;IAEjG,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACnF,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC;AAEJ,MAAM,kBAAkB,GAAG,KAAK,EAC9B,CAAU,EACV,IAAqB,EACrB,KAAoB,EACsB,EAAE;IAC5C,MAAM,WAAW,GAAG,sBAAsB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;IAChF,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,oCAAoC,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC5E,IAAI,CAAC,MAAM;QAAE,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,+BAA+B,CAAC,CAAC;IAE9F,IAAI,MAAM,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;QAC9C,OAAO,EAAE,MAAM,EAAE,CAAC;IACpB,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QACpD,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,4BAA4B,CAAC,CAAC;IAChF,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,UAAU,KAAK,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC3C,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,+BAA+B,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC;AAChD,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAC7B,aAAiC,EACjC,IAAqB,EACyB,EAAE;IAChD,IAAI,aAAa,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,OAAO;YACL,QAAQ,EAAE,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO;YAChE,MAAM,EAAE,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;SAC3D,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS;KAC/C,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,KAAK,EAC1B,CAAU,EACV,OAAiC,EACjC,MAAyB,EACzB,WAA4B,EACO,EAAE;IACrC,IAAI,CAAC,MAAM,CAAC,qBAAqB;QAAE,OAAO,IAAI,CAAC;IAE/C,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,CAAC,KAAK;QAAE,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,oBAAoB,EAAE,yBAAyB,CAAC,CAAC;IAE3F,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC;YAC1C,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;YACd,cAAc,EAAE,OAAO,CAAC,kBAAkB;YAC1C,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK;SACN,CAAC,CAAC;QACH,IAAI,WAAW,CAAC,OAAO,IAAI,WAAW,CAAC,OAAO,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;YAChE,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,iDAAiD,CAAC,CAAC;QACpG,CAAC;QACD,OAAO,QAAQ,CAAC,GAAG,CAAC;IACtB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;YACzC,OAAO,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,oBAAoB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,KAAK,EACvB,OAAiC,EACjC,MAAyB,EACzB,WAA4B,EAC5B,IAAwB,EACxB,OAAsB,EACtB,EAAE;IACF,MAAM,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,IAAI,IAAI,CAAC;IACpE,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC;IAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;IACnF,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACnD,MAAM,IAAI,GAAG,iBAAiB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7F,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9C,MAAM,cAAc,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,6BAA6B,CAAC;IACzF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CACpC;QACE,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,SAAS,EAAE,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC;QAC/C,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvB,KAAK,EAAE,WAAW,CAAC,KAAK;KACzB,EACD;QACE,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,eAAe;QAC1B,MAAM,EAAE,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC;QACzC,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,WAAW,CAAC,MAAM;QAC3B,IAAI,EAAE,KAAK;KACZ,CACF,CAAC;IAEF,MAAM,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAC/C,SAAS,EACT,SAAS,CAAC;QACR,QAAQ,EAAE,cAAc;QACxB,MAAM;QACN,WAAW;QACX,OAAO;QACP,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,cAAc;KAC1B,CAAC,EACF,qBAAqB,CACtB,CAAC;IAEF,MAAM,QAAQ,GAA4B;QACxC,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,qBAAqB;QACjC,KAAK,EAAE,WAAW,CAAC,KAAK;QACxB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;KACxC,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAChC;YACE,GAAG,EAAE,WAAW,CAAC,GAAG;YACpB,SAAS,EAAE,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC/C,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9F,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,EACD;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,WAAW;YACtB,MAAM,EAAE,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC;YACzC,GAAG,EAAE,KAAK;YACV,OAAO,EAAE,WAAW,CAAC,MAAM;YAC3B,IAAI,EAAE,KAAK;SACZ,CACF,CAAC;QACF,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC;QAC5B,MAAM,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAC/C,KAAK,EACL,SAAS,CAAC;YACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM;YACN,WAAW;YACX,OAAO;YACP,SAAS,EAAE,WAAW;YACtB,GAAG,EAAE,KAAK;YACV,SAAS,EAAE,UAAU;SACtB,CAAC,EACF,iBAAiB,CAClB,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,KAQlB,EAAa,EAAE,CAAC,CAAC;IAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;IACxB,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ;IAC/B,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS;IACtC,OAAO,EAAE,KAAK,CAAC,OAAO;IACtB,SAAS,EAAE,KAAK,CAAC,SAAS;IAC1B,GAAG,EAAE,KAAK,CAAC,GAAG;IACd,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,KAAK;IAC9B,QAAQ,EAAE,KAAK,CAAC,WAAW,CAAC,QAAQ;IACpC,SAAS,EAAE,KAAK,CAAC,SAAS;IAC1B,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,MAAM;CACjC,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,CAAC,IAAU,EAAU,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAEjF,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAU,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC"}

package/dist/oauth/userinfo-handler.d.ts

@@ -0,0 +1,9 @@
+import type { Context } from 'hono';
+import type { AuthHonoPorts } from '../ports.js';
+export interface OAuthUserInfoHandlerOptions {
+    dpopIatSkewSeconds?: number;
+    issuer: string;
+    ports: AuthHonoPorts;
+}
+export declare const createOAuthUserInfoHandler: (options: OAuthUserInfoHandlerOptions) => (c: Context) => Promise<Response>;
+//# sourceMappingURL=userinfo-handler.d.ts.map

package/dist/oauth/userinfo-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userinfo-handler.d.ts","sourceRoot":"","sources":["../../src/oauth/userinfo-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAMjD,MAAM,WAAW,2BAA2B;IAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,aAAa,CAAC;CACtB;AAED,eAAO,MAAM,0BAA0B,YAC3B,2BAA2B,SAC3B,OAAO,KAAG,QAAQ,QAAQ,CA2BnC,CAAC"}

package/dist/oauth/userinfo-handler.js

@@ -0,0 +1,93 @@
+import { OAuthDpopProofError, verifyOAuthDpopProof } from './dpop.js';
+import { oauthJsonError } from './http-utils.js';
+import { createJwksService } from './jwks-service.js';
+export const createOAuthUserInfoHandler = (options) => async (c) => {
+    const authorization = parseAccessToken(c.req.header('authorization'));
+    if (!authorization)
+        return unauthorized(c, 'Access token is required.');
+    const payload = await verifyAccessToken(c, options, authorization.token);
+    if (payload instanceof Response)
+        return payload;
+    const meta = await resolveActiveTokenMeta(c, options.ports, payload);
+    if (meta instanceof Response)
+        return meta;
+    if (meta.dpopJkt) {
+        const dpop = await verifyBoundDpop(c, options, authorization, meta);
+        if (dpop instanceof Response)
+            return dpop;
+    }
+    const scopes = meta.scope.split(/\s+/).filter(Boolean);
+    if (scopes.some((scope) => !['openid', 'profile', 'email'].includes(scope))) {
+        return unauthorized(c, 'Access token contains unsupported scopes.');
+    }
+    const user = await options.ports.users.findById(meta.userId);
+    if (!user)
+        return unauthorized(c, 'Access token user is invalid.');
+    return c.json({
+        sub: user.id,
+        ...(scopes.includes('profile') ? { name: user.displayName } : {}),
+        ...(scopes.includes('email') ? { email: user.email, email_verified: user.emailVerified } : {}),
+    });
+};
+const verifyAccessToken = async (c, options, token) => {
+    try {
+        const jwks = createJwksService({ clock: options.ports.clock, jwksPort: options.ports.jwks });
+        const result = await jwks.verifyJwt(token, {
+            audience: `${trimTrailingSlash(options.issuer)}/api/v1/auth/oauth/userinfo`,
+            currentDate: options.ports.clock.now(),
+            issuer: trimTrailingSlash(options.issuer),
+        });
+        return result.payload;
+    }
+    catch {
+        return unauthorized(c, 'Access token is invalid.');
+    }
+};
+const resolveActiveTokenMeta = async (c, ports, payload) => {
+    const jti = payload.jti;
+    if (!jti)
+        return unauthorized(c, 'Access token jti is missing.');
+    const meta = await ports.oauthStateStore.findTokenMeta(jti);
+    if (!meta ||
+        meta.tokenType !== 'access_token' ||
+        meta.expiresAt <= ports.clock.now() ||
+        (await ports.oauthStateStore.isTokenRevoked(jti))) {
+        return unauthorized(c, 'Access token is inactive.');
+    }
+    return meta;
+};
+const verifyBoundDpop = async (c, options, authorization, meta) => {
+    const proof = c.req.header('dpop');
+    if (authorization.scheme !== 'DPoP' || !proof) {
+        return unauthorized(c, 'DPoP proof is required for this access token.');
+    }
+    try {
+        const verified = await verifyOAuthDpopProof({
+            accessToken: authorization.token,
+            htm: c.req.method,
+            htu: c.req.url,
+            iatSkewSeconds: options.dpopIatSkewSeconds,
+            ports: options.ports,
+            proof,
+        });
+        if (verified.jkt !== meta.dpopJkt) {
+            return unauthorized(c, 'DPoP proof key does not match the access token.');
+        }
+        return null;
+    }
+    catch (error) {
+        if (error instanceof OAuthDpopProofError) {
+            return unauthorized(c, error.message);
+        }
+        throw error;
+    }
+};
+const parseAccessToken = (authorization) => {
+    const [scheme, token, extra] = authorization?.split(/\s+/) ?? [];
+    if (extra || !token || (scheme !== 'Bearer' && scheme !== 'DPoP'))
+        return null;
+    return { scheme, token };
+};
+const unauthorized = (c, message) => oauthJsonError(c, 401, 'invalid_token', message);
+const trimTrailingSlash = (value) => value.replace(/\/+$/u, '');
+//# sourceMappingURL=userinfo-handler.js.map

package/dist/oauth/userinfo-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userinfo-handler.js","sourceRoot":"","sources":["../../src/oauth/userinfo-handler.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAStD,MAAM,CAAC,MAAM,0BAA0B,GACrC,CAAC,OAAoC,EAAE,EAAE,CACzC,KAAK,EAAE,CAAU,EAAqB,EAAE;IACtC,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;IACtE,IAAI,CAAC,aAAa;QAAE,OAAO,YAAY,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC;IAExE,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,CAAC,EAAE,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC;IACzE,IAAI,OAAO,YAAY,QAAQ;QAAE,OAAO,OAAO,CAAC;IAEhD,MAAM,IAAI,GAAG,MAAM,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACrE,IAAI,IAAI,YAAY,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,CAAC,CAAC;QACpE,IAAI,IAAI,YAAY,QAAQ;YAAE,OAAO,IAAI,CAAC;IAC5C,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC5E,OAAO,YAAY,CAAC,CAAC,EAAE,2CAA2C,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI;QAAE,OAAO,YAAY,CAAC,CAAC,EAAE,+BAA+B,CAAC,CAAC;IAEnE,OAAO,CAAC,CAAC,IAAI,CAAC;QACZ,GAAG,EAAE,IAAI,CAAC,EAAE;QACZ,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/F,CAAC,CAAC;AACL,CAAC,CAAC;AAEJ,MAAM,iBAAiB,GAAG,KAAK,EAC7B,CAAU,EACV,OAAoC,EACpC,KAAa,EACmB,EAAE;IAClC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,iBAAiB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE;YACzC,QAAQ,EAAE,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,6BAA6B;YAC3E,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE;YACtC,MAAM,EAAE,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC;SAC1C,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,YAAY,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC;IACrD,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,KAAK,EAClC,CAAU,EACV,KAAoB,EACpB,OAAmB,EACY,EAAE;IACjC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,IAAI,CAAC,GAAG;QAAE,OAAO,YAAY,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;IAEjE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IAC5D,IACE,CAAC,IAAI;QACL,IAAI,CAAC,SAAS,KAAK,cAAc;QACjC,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE;QACnC,CAAC,MAAM,KAAK,CAAC,eAAe,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,EACjD,CAAC;QACD,OAAO,YAAY,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,KAAK,EAC3B,CAAU,EACV,OAAoC,EACpC,aAA2D,EAC3D,IAAe,EACW,EAAE;IAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,aAAa,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9C,OAAO,YAAY,CAAC,CAAC,EAAE,+CAA+C,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC;YAC1C,WAAW,EAAE,aAAa,CAAC,KAAK;YAChC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;YACjB,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;YACd,cAAc,EAAE,OAAO,CAAC,kBAAkB;YAC1C,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK;SACN,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,OAAO,YAAY,CAAC,CAAC,EAAE,iDAAiD,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;YACzC,OAAO,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,aAAiC,EACoB,EAAE;IACvD,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IACjE,IAAI,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/E,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC,CAAC;AAEF,MAAM,YAAY,GAAG,CAAC,CAAU,EAAE,OAAe,EAAY,EAAE,CAC7D,cAAc,CAAC,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;AAEnD,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAU,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC"}

package/dist/oauth/wellknown-handler.d.ts

@@ -0,0 +1,9 @@
+import { Hono } from 'hono';
+import type { AuthHonoPorts } from '../ports.js';
+export interface CreateWellKnownRouterOptions {
+    issuer: string;
+    oauthPathPrefix?: string;
+    ports: AuthHonoPorts;
+}
+export declare const createWellKnownRouter: (options: CreateWellKnownRouterOptions) => Hono;
+//# sourceMappingURL=wellknown-handler.d.ts.map

package/dist/oauth/wellknown-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wellknown-handler.d.ts","sourceRoot":"","sources":["../../src/oauth/wellknown-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGjD,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,aAAa,CAAC;CACtB;AAED,eAAO,MAAM,qBAAqB,YAAa,4BAA4B,KAAG,IAiC7E,CAAC"}

package/dist/oauth/wellknown-handler.js

@@ -0,0 +1,37 @@
+import { Hono } from 'hono';
+import { createJwksService } from './jwks-service.js';
+export const createWellKnownRouter = (options) => {
+    const router = new Hono();
+    const issuer = trimTrailingSlash(options.issuer);
+    const oauthPrefix = normalizePathPrefix(options.oauthPathPrefix ?? '/api/v1/auth/oauth');
+    router.get('/openid-configuration', (c) => c.json({
+        authorization_endpoint: `${issuer}${oauthPrefix}/authorize`,
+        claims_supported: ['sub', 'aud', 'iss', 'exp', 'iat', 'nonce', 'auth_time', 'acr', 'email', 'email_verified', 'name'],
+        code_challenge_methods_supported: ['S256'],
+        dpop_signing_alg_values_supported: ['EdDSA'],
+        grant_types_supported: ['authorization_code'],
+        id_token_signing_alg_values_supported: ['EdDSA'],
+        introspection_endpoint: `${issuer}${oauthPrefix}/introspect`,
+        issuer,
+        jwks_uri: `${issuer}/.well-known/jwks.json`,
+        response_types_supported: ['code'],
+        revocation_endpoint: `${issuer}${oauthPrefix}/revoke`,
+        scopes_supported: ['openid', 'profile', 'email'],
+        subject_types_supported: ['public'],
+        token_endpoint: `${issuer}${oauthPrefix}/token`,
+        token_endpoint_auth_methods_supported: ['client_secret_basic', 'none'],
+        userinfo_endpoint: `${issuer}${oauthPrefix}/userinfo`,
+    }));
+    router.get('/jwks.json', async (c) => {
+        const jwks = createJwksService({ clock: options.ports.clock, jwksPort: options.ports.jwks });
+        c.header('Cache-Control', 'public, max-age=300');
+        return c.json(await jwks.getPublicJwks());
+    });
+    return router;
+};
+const trimTrailingSlash = (value) => value.replace(/\/+$/u, '');
+const normalizePathPrefix = (value) => {
+    const trimmed = value.replace(/^\/+|\/+$/gu, '');
+    return trimmed ? `/${trimmed}` : '';
+};
+//# sourceMappingURL=wellknown-handler.js.map

package/dist/oauth/wellknown-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wellknown-handler.js","sourceRoot":"","sources":["../../src/oauth/wellknown-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAQtD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,OAAqC,EAAQ,EAAE;IACnF,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,CAAC,eAAe,IAAI,oBAAoB,CAAC,CAAC;IAEzF,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE,CACxC,CAAC,CAAC,IAAI,CAAC;QACL,sBAAsB,EAAE,GAAG,MAAM,GAAG,WAAW,YAAY;QAC3D,gBAAgB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,CAAC;QACrH,gCAAgC,EAAE,CAAC,MAAM,CAAC;QAC1C,iCAAiC,EAAE,CAAC,OAAO,CAAC;QAC5C,qBAAqB,EAAE,CAAC,oBAAoB,CAAC;QAC7C,qCAAqC,EAAE,CAAC,OAAO,CAAC;QAChD,sBAAsB,EAAE,GAAG,MAAM,GAAG,WAAW,aAAa;QAC5D,MAAM;QACN,QAAQ,EAAE,GAAG,MAAM,wBAAwB;QAC3C,wBAAwB,EAAE,CAAC,MAAM,CAAC;QAClC,mBAAmB,EAAE,GAAG,MAAM,GAAG,WAAW,SAAS;QACrD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QAChD,uBAAuB,EAAE,CAAC,QAAQ,CAAC;QACnC,cAAc,EAAE,GAAG,MAAM,GAAG,WAAW,QAAQ;QAC/C,qCAAqC,EAAE,CAAC,qBAAqB,EAAE,MAAM,CAAC;QACtE,iBAAiB,EAAE,GAAG,MAAM,GAAG,WAAW,WAAW;KACtD,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,IAAI,GAAG,iBAAiB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7F,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;QACjD,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAU,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAEhF,MAAM,mBAAmB,GAAG,CAAC,KAAa,EAAU,EAAE;IACpD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IACjD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACtC,CAAC,CAAC"}

package/dist/ports.d.ts

@@ -1,3 +1,5 @@
+import type { JwksPort, OauthStateStorePort } from './oauth/state-store-types.js';
+export type { AuthCodePayload, DpopProofRecord, JwksKeyRecord, JwksPort, JwksPublicJwk, OauthClientRecord, OauthStateStorePort, OauthTokenType, TokenMeta, } from './oauth/state-store-types.js';
 export type AuthHonoAccountStatus = 'active' | 'pending_admin_approval' | 'approval_expired_readonly' | 'disabled_by_user' | 'disabled_by_admin' | (string & {});
 export type AuthHonoChallengeType = 'registration' | 'authentication';
 export interface AuthHonoDeviceInfo {
@@ -275,5 +277,7 @@ export interface AuthHonoPorts {
     clock: AuthHonoClockPort;
     random: AuthHonoRandomPort;
     accountPolicy: AuthHonoAccountPolicyPort;
+    oauthStateStore: OauthStateStorePort;
+    jwks: JwksPort;
 }
 //# sourceMappingURL=ports.d.ts.map

package/dist/ports.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../src/ports.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,qBAAqB,GAC7B,QAAQ,GACR,wBAAwB,GACxB,2BAA2B,GAC3B,kBAAkB,GAClB,mBAAmB,GACnB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,qBAAqB,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAEtE,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,qBAAqB,CAAC;IACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC7D,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACpE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC3F,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1B;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IAC/E,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IACnF,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC,CAAC;IACjE,MAAM,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;IAChF,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvF,MAAM,CAAC,kBAAkB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IAC3G,MAAM,CAAC,kBAAkB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACtE;AAED,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAC9E,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IACnG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,YAAY,CAAC,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,cAAc,EAAE,IAAI,CAAC;IACrB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,UAAU,CAAC,EAAE,kBAAkB,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,GAAG,EAAE,IAAI,CAAC;CACX;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC1E,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACnE,eAAe,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACjF,sBAAsB,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACxF,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,YAAY,CAAC,KAAK,EAAE;QAClB,SAAS,EAAE,IAAI,CAAC;QAChB,gBAAgB,EAAE,MAAM,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,gBAAgB,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5C,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,+BAA+B;IAC9C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,6BAA6B;IAC5C,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,UAAU,CAAC,KAAK,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,IAAI,CAAC;QAChB,GAAG,EAAE,IAAI,CAAC;KACX,GAAG,OAAO,CAAC,+BAA+B,CAAC,CAAC;IAC7C,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,+BAA+B,GAAG,IAAI,CAAC,CAAC;IACjH,6BAA6B,CAAC,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpF,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpF;AAED,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,KAAK,EAAE;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,SAAS,EAAE,IAAI,CAAC;QAChB,GAAG,EAAE,IAAI,CAAC;KACX,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrC,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IAC5F,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7D;AAED,MAAM,WAAW,yBAAyB;IACxC,oBAAoB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7F,aAAa,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrG;AAED,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;IAClD,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;IAClD,sBAAsB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,MAAM,CAAC;IAC1E,sBAAsB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,MAAM,CAAC;IAC1E,6BAA6B,IAAI,MAAM,CAAC;IACxC,6BAA6B,IAAI,MAAM,CAAC;CACzC;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IACrD,gBAAgB,CAAC,MAAM,EAAE,qBAAqB,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACzE,qBAAqB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACnF;AAED,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAErE,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC1G;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,IAAI,IAAI,CAAC;IACZ,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/C;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,IAAI,MAAM,CAAC;IACf,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAAC;IAClC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAAyB;IACxC,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IACtC,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IACzC,uBAAuB,CAAC,CAAC,IAAI,EAAE,kBAAkB,GAAG,aAAa,GAAG,WAAW,GAAG,UAAU,CAAC;IAC7F,cAAc,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IACzF,gBAAgB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,OAAO,CAAC;QAAC,GAAG,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC;QACnF,aAAa,EAAE,qBAAqB,CAAC;QACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;KAC5B,CAAC,GAAG;QACH,aAAa,EAAE,qBAAqB,CAAC;QACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;KAC5B,CAAC;IACF,eAAe,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,6BAA6B,CAAC,GAAG,6BAA6B,CAAC;IAC7H,kBAAkB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAClF,gBAAgB,CAAC,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACnE;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,gBAAgB,CAAC;IACxB,WAAW,EAAE,sBAAsB,CAAC;IACpC,UAAU,EAAE,qBAAqB,CAAC;IAClC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,iBAAiB,EAAE,6BAA6B,CAAC;IACjD,UAAU,EAAE,qBAAqB,CAAC;IAClC,aAAa,EAAE,yBAAyB,CAAC;IACzC,OAAO,EAAE,kBAAkB,CAAC;IAC5B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,KAAK,EAAE,iBAAiB,CAAC;IACzB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,aAAa,EAAE,yBAAyB,CAAC;CAC1C"}
+{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../src/ports.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAElF,YAAY,EACV,eAAe,EACf,eAAe,EACf,aAAa,EACb,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,EACd,SAAS,GACV,MAAM,8BAA8B,CAAC;AAEtC,MAAM,MAAM,qBAAqB,GAC7B,QAAQ,GACR,wBAAwB,GACxB,2BAA2B,GAC3B,kBAAkB,GAClB,mBAAmB,GACnB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,qBAAqB,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAEtE,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,qBAAqB,CAAC;IACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC7D,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACpE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC3F,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1B;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IAC/E,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IACnF,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC,CAAC;IACjE,MAAM,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;IAChF,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvF,MAAM,CAAC,kBAAkB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IAC3G,MAAM,CAAC,kBAAkB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACtE;AAED,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAC9E,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IACnG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,YAAY,CAAC,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,cAAc,EAAE,IAAI,CAAC;IACrB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,UAAU,CAAC,EAAE,kBAAkB,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,GAAG,EAAE,IAAI,CAAC;CACX;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC1E,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACnE,eAAe,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACjF,sBAAsB,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACxF,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,YAAY,CAAC,KAAK,EAAE;QAClB,SAAS,EAAE,IAAI,CAAC;QAChB,gBAAgB,EAAE,MAAM,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,gBAAgB,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5C,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,+BAA+B;IAC9C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,6BAA6B;IAC5C,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,UAAU,CAAC,KAAK,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,IAAI,CAAC;QAChB,GAAG,EAAE,IAAI,CAAC;KACX,GAAG,OAAO,CAAC,+BAA+B,CAAC,CAAC;IAC7C,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,+BAA+B,GAAG,IAAI,CAAC,CAAC;IACjH,6BAA6B,CAAC,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpF,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpF;AAED,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,KAAK,EAAE;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,SAAS,EAAE,IAAI,CAAC;QAChB,GAAG,EAAE,IAAI,CAAC;KACX,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrC,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IAC5F,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7D;AAED,MAAM,WAAW,yBAAyB;IACxC,oBAAoB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7F,aAAa,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrG;AAED,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;IAClD,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;IAClD,sBAAsB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,MAAM,CAAC;IAC1E,sBAAsB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,MAAM,CAAC;IAC1E,6BAA6B,IAAI,MAAM,CAAC;IACxC,6BAA6B,IAAI,MAAM,CAAC;CACzC;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IACrD,gBAAgB,CAAC,MAAM,EAAE,qBAAqB,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACzE,qBAAqB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACnF;AAED,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAErE,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC1G;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,IAAI,IAAI,CAAC;IACZ,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/C;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,IAAI,MAAM,CAAC;IACf,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAAC;IAClC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAAyB;IACxC,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IACtC,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IACzC,uBAAuB,CAAC,CAAC,IAAI,EAAE,kBAAkB,GAAG,aAAa,GAAG,WAAW,GAAG,UAAU,CAAC;IAC7F,cAAc,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IACzF,gBAAgB,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,OAAO,CAAC;QAAC,GAAG,EAAE,IAAI,CAAA;KAAE,GAAG,OAAO,CAAC;QACnF,aAAa,EAAE,qBAAqB,CAAC;QACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;KAC5B,CAAC,GAAG;QACH,aAAa,EAAE,qBAAqB,CAAC;QACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;KAC5B,CAAC;IACF,eAAe,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,6BAA6B,CAAC,GAAG,6BAA6B,CAAC;IAC7H,kBAAkB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAClF,gBAAgB,CAAC,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACnE;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,gBAAgB,CAAC;IACxB,WAAW,EAAE,sBAAsB,CAAC;IACpC,UAAU,EAAE,qBAAqB,CAAC;IAClC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,iBAAiB,EAAE,6BAA6B,CAAC;IACjD,UAAU,EAAE,qBAAqB,CAAC;IAClC,aAAa,EAAE,yBAAyB,CAAC;IACzC,OAAO,EAAE,kBAAkB,CAAC;IAC5B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,KAAK,EAAE,iBAAiB,CAAC;IACzB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,aAAa,EAAE,yBAAyB,CAAC;IACzC,eAAe,EAAE,mBAAmB,CAAC;IACrC,IAAI,EAAE,QAAQ,CAAC;CAChB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentropic/auth-hono",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "Reusable Hono authentication route factories, contracts, and server-side auth helpers for Sentropic-compatible apps.",
   "type": "module",
   "license": "MIT",

package/src/contracts.ts

@@ -94,6 +94,8 @@ export const AUTH_HONO_REQUIRED_PORTS = [
   'clock',
   'random',
   'accountPolicy',
+  'oauthStateStore',
+  'jwks',
 ] as const satisfies readonly (keyof AuthHonoPorts)[];
 
 export type AuthHonoRequiredPort = (typeof AUTH_HONO_REQUIRED_PORTS)[number];

package/src/index.ts

@@ -3,6 +3,21 @@ export * from './credential-route-handlers.js';
 export * from './email-verification.js';
 export * from './magic-link.js';
 export * from './middleware.js';
+export * from './oauth/authorize-handler.js';
+export * from './oauth/consent-decision-handler.js';
+export * from './oauth/crypto-utils.js';
+export * from './oauth/dpop.js';
+export * from './oauth/http-utils.js';
+export * from './oauth/introspect-handler.js';
+export * from './oauth/jwks-service.js';
+export * from './oauth/router.js';
+export * from './oauth/revoke-handler.js';
+export * from './oauth/session-resolver.js';
+export * from './oauth/state-store-types.js';
+export * from './oauth/state-codec.js';
+export * from './oauth/token-handler.js';
+export * from './oauth/userinfo-handler.js';
+export * from './oauth/wellknown-handler.js';
 export * from './ports.js';
 export * from './route-handlers.js';
 export * from './router.js';