@shad-claiborne/basic-oidc 1.0.1 → 1.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shad-claiborne/basic-oidc",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Basic OpenID Connect library",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -9,10 +9,6 @@
       "import": "./dist/index.js",
       "types": "./dist/index.d.ts"
     },
-    "./identity-provider": {
-      "import": "./dist/identity-provider/index.js",
-      "types": "./dist/identity-provider/index.d.ts"
-    },
     "./package.json": "./package.json"
   },
   "files": [

package/dist/identity-provider/index.d.ts

@@ -1,279 +0,0 @@
-export interface IdentityProviderConfiguration {
-    issuer: string;
-    authorization_endpoint: string;
-    token_endpoint: string;
-    userinfo_endpoint: string;
-    registration_endpoint: string;
-    jwks_uri: string;
-    response_types_supported: string[];
-    response_modes_supported: string[];
-    grant_types_supported: string[];
-    subject_types_supported: string[];
-    id_token_signing_alg_values_supported: string[];
-    scopes_supported: string[];
-    token_endpoint_auth_methods_supported: string[];
-    claims_supported: string[];
-    code_challenge_methods_supported: string[];
-    introspection_endpoint: string;
-    introspection_endpoint_auth_methods_supported: string[];
-    revocation_endpoint: string;
-    revocation_endpoint_auth_methods_supported: string[];
-    end_session_endpoint: string;
-    request_parameter_supported: boolean;
-    request_object_signing_alg_values_supported: string[];
-    device_authorization_endpoint: string;
-    pushed_authorization_request_endpoint: string;
-    backchannel_token_delivery_modes_supported: string[];
-    backchannel_authentication_request_signing_alg_values_supported: string[];
-    dpop_signing_alg_values_supported: string[];
-}
-export interface AuthorizationResponse {
-    code?: string;
-    id_token?: string;
-    state?: string;
-}
-export interface TokenSet {
-    token_type: string;
-    access_token: string;
-    expires_in: number;
-    refresh_token: string;
-    id_token?: string;
-}
-export interface Identity {
-    sub: string;
-    name?: string;
-    email?: string;
-}
-/**
- * class AuthorizationRequest
- */
-export declare class AuthorizationRequest {
-    private client;
-    private responseType;
-    private responseMode;
-    private redirectUri;
-    private scope;
-    private state;
-    private codeChallenge;
-    private codeChallengeMethod;
-    /**
-     * constructor
-     * @param client Client
-     */
-    constructor(client: Client);
-    /**
-     * setRedirectUri
-     * @param uri string
-     */
-    setRedirectUri(uri: string): AuthorizationRequest;
-    /**
-     * setState
-     * @param state string
-     */
-    setState(state: string): AuthorizationRequest;
-    /**
-     * setResponseMode
-     * @param mode string
-     */
-    setResponseMode(mode: string): AuthorizationRequest;
-    /**
-     * setResponseType
-     * @param type string[]
-     */
-    setResponseType(type: string): AuthorizationRequest;
-    /**
-     * setScope
-     * @param scope string[]
-     */
-    setScope(scope: string[]): AuthorizationRequest;
-    /**
-     * setCodeChallenge
-     * @param challenge string
-     * @param method string
-     */
-    setCodeChallenge(challenge: string, method?: string): AuthorizationRequest;
-    /**
-     * toURLSearchParams
-     * @returns URLSearchParams
-     */
-    toURLSearchParams(): URLSearchParams;
-    /**
-     * toURL
-     * @returns URL
-     */
-    toURL(): URL;
-}
-/**
- * class TokenRequest
- */
-export declare class TokenRequest {
-    private client;
-    private code;
-    private codeVerifier;
-    private redirectUri;
-    private grantType;
-    private refreshToken;
-    /**
-     * constructor
-     * @param client Client
-     */
-    constructor(client: Client);
-    /**
-     * setCode
-     * @param code string
-     */
-    setCode(code: string): TokenRequest;
-    /**
-     * setRedirectUri
-     * @param uri string
-     */
-    setRedirectUri(uri: string): TokenRequest;
-    /**
-     * setCodeVerifier
-     * @param verifier string
-     */
-    setCodeVerifier(verifier: string): TokenRequest;
-    /**
-     * setGrantType
-     * @param type string
-     */
-    setGrantType(type: string): TokenRequest;
-    /**
-     * setRefreshToken
-     * @param token string
-     */
-    setRefreshToken(token: string): TokenRequest;
-    /**
-     * toURLSearchParams
-     * @returns URLSearchParams
-     */
-    toURLSearchParams(): URLSearchParams;
-}
-/**
- * class IdentityProvider
- */
-export declare class IdentityProvider {
-    private config;
-    /**
-     * constructor
-     * @param config IdentityProviderConfiguration
-     */
-    constructor(config: IdentityProviderConfiguration);
-    /**
-     * getAuthorizationEndpoint
-     * @returns string
-     */
-    getAuthorizationEndpoint(): string;
-    /**
-     * getTokenEndpoint
-     * @returns string
-     */
-    getTokenEndpoint(): string;
-    /**
-     * getUserinfoEndpoint
-     * @returns string
-     */
-    getUserinfoEndpoint(): string;
-    /**
-     * getRevocationEndpoint
-     * @returns string
-     */
-    getRevocationEndpoint(): string;
-    /**
-     * isResponseModeSupported
-     * @param mode string
-     * @returns boolean
-     */
-    isResponseModeSupported(mode: string): boolean;
-    /**
-     * isResponseTypeSupported
-     * @param type string[]
-     * @returns boolean
-     */
-    isResponseTypeSupported(type: string): boolean;
-    /**
-     * isScopeSupported
-     * @param scope string[]
-     * @returns boolean
-     */
-    isScopeSupported(scope: string[]): boolean;
-    /**
-     * isChallengeMethodSupported
-     * @param method string
-     * @returns boolean
-     */
-    isChallengeMethodSupported(method: string): boolean;
-    /**
-     * isGrantTypeSupported
-     * @param method string
-     * @returns boolean
-     */
-    isGrantTypeSupported(type: string): boolean;
-    /**
-     * createClient
-     * @returns Client
-     */
-    createClient(id: string, secret: string): Client;
-    /**
-     * getIdentity
-     * @param client Client
-     * @param tokenSet TokenSet
-     * @returns Promise<Identity | null>
-     */
-    getIdentity(client: Client, tokenSet: TokenSet): Promise<Identity | null>;
-}
-/**
- * class Client
- */
-export declare class Client {
-    private provider;
-    private clientId;
-    private clientSecret;
-    /**
-     * constructor
-     * @param provider IdentityProvider
-     * @param id string
-     * @param secret string
-     */
-    constructor(provider: IdentityProvider, id: string, secret: string);
-    /**
-     * getProvider
-     * @returns IdentityProvider
-     */
-    getProvider(): IdentityProvider;
-    /**
-     * getClientId
-     * @returns string
-     */
-    getClientId(): string;
-    /**
-     * getClientSecret
-     * @returns string
-     */
-    getClientSecret(): string;
-    /**
-     * newAuthorizationRequest
-     * @returns AuthorizationRequest
-     */
-    newAuthorizationRequest(): AuthorizationRequest;
-    /**
-     * requestAccess
-     * @param authResponse AuthorizationResponse
-     * @param codeVerifier string
-     * @returns Promise<TokenSet>
-     */
-    requestAccess(authResponse: AuthorizationResponse, codeVerifier?: string): Promise<TokenSet>;
-    /**
-     * refreshAccess
-     * @param tokenSet TokenSet
-     * @returns Promise<TokenSet>
-     */
-    refreshAccess(tokenSet: TokenSet): Promise<TokenSet>;
-    /**
-     * revokeAccess
-     * @param tokenSet TokenSet
-     * @returns Promise<void>
-     */
-    revokeAccess(tokenSet: TokenSet): Promise<void>;
-}
-//# sourceMappingURL=index.d.ts.map

package/dist/identity-provider/index.js

@@ -1,478 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Client = exports.IdentityProvider = exports.TokenRequest = exports.AuthorizationRequest = void 0;
-const sha256_1 = __importDefault(require("crypto-js/sha256"));
-const enc_base64_1 = __importDefault(require("crypto-js/enc-base64"));
-const enc_utf8_1 = __importDefault(require("crypto-js/enc-utf8"));
-const enc_base64url_1 = __importDefault(require("crypto-js/enc-base64url"));
-const axios_1 = __importDefault(require("axios"));
-const jose_1 = require("jose");
-/**
- * class AuthorizationRequest
- */
-class AuthorizationRequest {
-    client;
-    responseType;
-    responseMode;
-    redirectUri;
-    scope;
-    state;
-    codeChallenge;
-    codeChallengeMethod;
-    /**
-     * constructor
-     * @param client Client
-     */
-    constructor(client) {
-        this.client = client;
-    }
-    /**
-     * setRedirectUri
-     * @param uri string
-     */
-    setRedirectUri(uri) {
-        this.redirectUri = uri;
-        return this;
-    }
-    /**
-     * setState
-     * @param state string
-     */
-    setState(state) {
-        this.state = state;
-        return this;
-    }
-    /**
-     * setResponseMode
-     * @param mode string
-     */
-    setResponseMode(mode) {
-        if (this.client.getProvider().isResponseModeSupported(mode)) {
-            this.responseMode = mode;
-        }
-        else
-            throw new Error('invalid or unsupported response mode');
-        return this;
-    }
-    /**
-     * setResponseType
-     * @param type string[]
-     */
-    setResponseType(type) {
-        if (this.client.getProvider().isResponseTypeSupported(type)) {
-            this.responseType = type;
-        }
-        else
-            throw new Error('invalid or unsupported response type');
-        return this;
-    }
-    /**
-     * setScope
-     * @param scope string[]
-     */
-    setScope(scope) {
-        if (this.client.getProvider().isScopeSupported(scope)) {
-            this.scope = ['openid', ...scope];
-        }
-        else
-            throw new Error('invalid or unsupported scope');
-        return this;
-    }
-    /**
-     * setCodeChallenge
-     * @param challenge string
-     * @param method string
-     */
-    setCodeChallenge(challenge, method = 'S256') {
-        if (this.client.getProvider().isChallengeMethodSupported(method)) {
-            if (method === 'plain') {
-                this.codeChallenge = challenge;
-            }
-            else if (method === 'S256') {
-                this.codeChallenge = enc_base64url_1.default.stringify((0, sha256_1.default)(challenge));
-            }
-            else
-                throw new Error('code challenge method not yet implemented');
-            this.codeChallengeMethod = method;
-        }
-        else
-            throw new Error('invalid or unsupported code challenge method');
-        return this;
-    }
-    /**
-     * toURLSearchParams
-     * @returns URLSearchParams
-     */
-    toURLSearchParams() {
-        const params = new URLSearchParams();
-        params.append('client_id', this.client.getClientId());
-        if (this.responseType === undefined)
-            throw new Error('response type is required');
-        params.append('response_type', this.responseType);
-        if (this.responseMode)
-            params.append('response_mode', this.responseMode);
-        if (this.redirectUri)
-            params.append('redirect_uri', this.redirectUri);
-        if (this.scope === undefined)
-            throw new Error('scope is required');
-        params.append('scope', this.scope.join(' '));
-        if (this.state)
-            params.append('state', this.state);
-        const isCodeResponseTypeIncluded = this.responseType.includes('code');
-        if (this.codeChallenge === undefined) {
-            if (isCodeResponseTypeIncluded)
-                throw new Error("code challenge required for 'code' response type");
-        }
-        else
-            params.append('code_challenge', this.codeChallenge);
-        if (this.codeChallengeMethod === undefined) {
-            if (isCodeResponseTypeIncluded)
-                throw new Error("code challenge method required for 'code' response type");
-        }
-        else
-            params.append('code_challenge_method', this.codeChallengeMethod);
-        return params;
-    }
-    /**
-     * toURL
-     * @returns URL
-     */
-    toURL() {
-        const endpointUrl = new URL(this.client.getProvider().getAuthorizationEndpoint());
-        endpointUrl.search = this.toURLSearchParams().toString();
-        return endpointUrl;
-    }
-}
-exports.AuthorizationRequest = AuthorizationRequest;
-/**
- * class TokenRequest
- */
-class TokenRequest {
-    client;
-    code;
-    codeVerifier;
-    redirectUri;
-    grantType;
-    refreshToken;
-    /**
-     * constructor
-     * @param client Client
-     */
-    constructor(client) {
-        this.client = client;
-    }
-    /**
-     * setCode
-     * @param code string
-     */
-    setCode(code) {
-        this.code = code;
-        return this;
-    }
-    /**
-     * setRedirectUri
-     * @param uri string
-     */
-    setRedirectUri(uri) {
-        this.redirectUri = uri;
-        return this;
-    }
-    /**
-     * setCodeVerifier
-     * @param verifier string
-     */
-    setCodeVerifier(verifier) {
-        this.codeVerifier = verifier;
-        return this;
-    }
-    /**
-     * setGrantType
-     * @param type string
-     */
-    setGrantType(type) {
-        if (this.client.getProvider().isGrantTypeSupported(type)) {
-            this.grantType = type;
-        }
-        else
-            throw new Error('grant type not supported');
-        return this;
-    }
-    /**
-     * setRefreshToken
-     * @param token string
-     */
-    setRefreshToken(token) {
-        this.refreshToken = token;
-        return this;
-    }
-    /**
-     * toURLSearchParams
-     * @returns URLSearchParams
-     */
-    toURLSearchParams() {
-        const params = new URLSearchParams();
-        params.append('client_id', this.client.getClientId());
-        params.append('client_secret', this.client.getClientSecret());
-        if (this.grantType === undefined)
-            throw new Error('grant type is required');
-        params.append('grant_type', this.grantType);
-        if (this.grantType === 'authorization_code') {
-            if (this.code === undefined)
-                throw new Error('code is required for authorization code flow');
-            params.append('code', this.code);
-            if (this.codeVerifier)
-                params.append('code_verifier', this.codeVerifier);
-            if (this.redirectUri)
-                params.append('redirect_uri', this.redirectUri);
-        }
-        else if (this.grantType === 'refresh_token') {
-            if (this.refreshToken === undefined)
-                throw new Error('refresh token required for grant type');
-            params.append('refresh_token', this.refreshToken);
-        }
-        return params;
-    }
-}
-exports.TokenRequest = TokenRequest;
-/**
- * class IdentityProvider
- */
-class IdentityProvider {
-    config;
-    /**
-     * constructor
-     * @param config IdentityProviderConfiguration
-     */
-    constructor(config) {
-        this.config = config;
-    }
-    /**
-     * getAuthorizationEndpoint
-     * @returns string
-     */
-    getAuthorizationEndpoint() {
-        return this.config.authorization_endpoint;
-    }
-    /**
-     * getTokenEndpoint
-     * @returns string
-     */
-    getTokenEndpoint() {
-        return this.config.token_endpoint;
-    }
-    /**
-     * getUserinfoEndpoint
-     * @returns string
-     */
-    getUserinfoEndpoint() {
-        return this.config.userinfo_endpoint;
-    }
-    /**
-     * getRevocationEndpoint
-     * @returns string
-     */
-    getRevocationEndpoint() {
-        return this.config.revocation_endpoint;
-    }
-    /**
-     * isResponseModeSupported
-     * @param mode string
-     * @returns boolean
-     */
-    isResponseModeSupported(mode) {
-        return this.config.response_modes_supported.includes(mode);
-    }
-    /**
-     * isResponseTypeSupported
-     * @param type string[]
-     * @returns boolean
-     */
-    isResponseTypeSupported(type) {
-        return this.config.response_types_supported.includes(type);
-    }
-    /**
-     * isScopeSupported
-     * @param scope string[]
-     * @returns boolean
-     */
-    isScopeSupported(scope) {
-        return scope.length === scope.filter(s => this.config.scopes_supported.includes(s)).length;
-    }
-    /**
-     * isChallengeMethodSupported
-     * @param method string
-     * @returns boolean
-     */
-    isChallengeMethodSupported(method) {
-        return this.config.code_challenge_methods_supported.includes(method);
-    }
-    /**
-     * isGrantTypeSupported
-     * @param method string
-     * @returns boolean
-     */
-    isGrantTypeSupported(type) {
-        return this.config.grant_types_supported.includes(type);
-    }
-    /**
-     * createClient
-     * @returns Client
-     */
-    createClient(id, secret) {
-        const client = new Client(this, id, secret);
-        return client;
-    }
-    /**
-     * getIdentity
-     * @param client Client
-     * @param tokenSet TokenSet
-     * @returns Promise<Identity | null>
-     */
-    async getIdentity(client, tokenSet) {
-        let id = null;
-        if (tokenSet.id_token) {
-            const jwks = (0, jose_1.createRemoteJWKSet)(new URL(this.config.jwks_uri));
-            const { payload } = await (0, jose_1.jwtVerify)(tokenSet.id_token, jwks, { issuer: this.config.issuer });
-            id = payload;
-        }
-        else {
-            const api = new IdentityProviderApi(this, tokenSet);
-            id = await api.fetchUserinfo();
-        }
-        return id;
-    }
-}
-exports.IdentityProvider = IdentityProvider;
-/**
- * class IdentityProviderApi
- */
-class IdentityProviderApi {
-    provider;
-    tokenSet;
-    /**
-     * constructor
-     * @param provider IdentityProvider
-     * @param client Client
-     */
-    constructor(provider, tokenSet) {
-        this.provider = provider;
-        this.tokenSet = tokenSet;
-    }
-    /**
-     * setTokenSet
-     * @param tokenSet TokenSet
-     */
-    setTokenSet(tokenSet) {
-        this.tokenSet = tokenSet;
-    }
-    /**
-     * fetchUserinfo
-     * @returns Promise<Identity>
-     */
-    async fetchUserinfo() {
-        const res = await axios_1.default.get(this.provider.getUserinfoEndpoint(), {
-            headers: {
-                'Authorization': `Bearer ${this.tokenSet.access_token}`
-            }
-        });
-        return res.data;
-    }
-}
-/**
- * class Client
- */
-class Client {
-    provider;
-    clientId;
-    clientSecret;
-    /**
-     * constructor
-     * @param provider IdentityProvider
-     * @param id string
-     * @param secret string
-     */
-    constructor(provider, id, secret) {
-        this.provider = provider;
-        this.clientId = id;
-        this.clientSecret = secret;
-    }
-    /**
-     * getProvider
-     * @returns IdentityProvider
-     */
-    getProvider() {
-        return this.provider;
-    }
-    /**
-     * getClientId
-     * @returns string
-     */
-    getClientId() {
-        return this.clientId;
-    }
-    /**
-     * getClientSecret
-     * @returns string
-     */
-    getClientSecret() {
-        return this.clientSecret;
-    }
-    /**
-     * newAuthorizationRequest
-     * @returns AuthorizationRequest
-     */
-    newAuthorizationRequest() {
-        const req = new AuthorizationRequest(this);
-        return req;
-    }
-    /**
-     * requestAccess
-     * @param authResponse AuthorizationResponse
-     * @param codeVerifier string
-     * @returns Promise<TokenSet>
-     */
-    async requestAccess(authResponse, codeVerifier) {
-        const tokenRequest = new TokenRequest(this);
-        if (authResponse.code === undefined)
-            throw new Error('authorization response did not include a code');
-        tokenRequest.setCode(authResponse.code)
-            .setGrantType('authorization_code');
-        if (codeVerifier)
-            tokenRequest.setCodeVerifier(codeVerifier);
-        const res = await axios_1.default.post(this.provider.getTokenEndpoint(), tokenRequest.toURLSearchParams());
-        return res.data;
-    }
-    /**
-     * refreshAccess
-     * @param tokenSet TokenSet
-     * @returns Promise<TokenSet>
-     */
-    async refreshAccess(tokenSet) {
-        const tokenRequest = new TokenRequest(this)
-            .setRefreshToken(tokenSet.refresh_token)
-            .setGrantType('refresh_token');
-        const res = await axios_1.default.post(this.provider.getTokenEndpoint(), tokenRequest.toURLSearchParams());
-        return res.data;
-    }
-    /**
-     * revokeAccess
-     * @param tokenSet TokenSet
-     * @returns Promise<void>
-     */
-    async revokeAccess(tokenSet) {
-        const credentials = enc_base64_1.default.stringify(enc_utf8_1.default.parse(`${this.clientId}:${this.clientSecret}`));
-        const params = new URLSearchParams();
-        params.append('token', tokenSet.access_token);
-        params.append('token_type_hint', 'access_token');
-        await axios_1.default.post(this.provider.getRevocationEndpoint(), params, {
-            headers: {
-                'Authorization': `Basic ${credentials}`
-            }
-        });
-    }
-}
-exports.Client = Client;
-//# sourceMappingURL=index.js.map

package/dist/index.d.ts

@@ -1,8 +0,0 @@
-import { IdentityProvider } from "./identity-provider";
-/**
- * createIdentityProvider
- * @param issuer string
- * @returns IdentityProvider
- */
-export declare const createIdentityProvider: (issuer: string) => Promise<IdentityProvider>;
-//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -1,22 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createIdentityProvider = void 0;
-const axios_1 = __importDefault(require("axios"));
-const identity_provider_1 = require("./identity-provider");
-/**
- * createIdentityProvider
- * @param issuer string
- * @returns IdentityProvider
- */
-const createIdentityProvider = async (issuer) => {
-    const discoveryUrl = `${issuer}/.well-known/openid-configuration`;
-    const res = await axios_1.default.get(discoveryUrl);
-    const config = res.data;
-    const provider = new identity_provider_1.IdentityProvider(config);
-    return provider;
-};
-exports.createIdentityProvider = createIdentityProvider;
-//# sourceMappingURL=index.js.map