@shin1ohno/sage 0.2.4 → 0.5.3

package/dist/oauth/client-store.js

@@ -0,0 +1,104 @@
+/**
+ * OAuth Client Store
+ * Requirements: 24.1-24.8
+ *
+ * Manages OAuth client registration and storage for Dynamic Client Registration (RFC 7591).
+ */
+import { randomBytes } from 'crypto';
+import { CLAUDE_CALLBACK_URLS, } from './types.js';
+/**
+ * Validate redirect URIs against allowed list
+ * Requirement 24.3, 24.4, 24.5
+ */
+function validateRedirectUris(uris, allowedUris) {
+    if (!uris || uris.length === 0) {
+        return { valid: false, error: 'redirect_uris is required' };
+    }
+    for (const uri of uris) {
+        // Check if URI is in Claude official URLs (always allowed)
+        if (CLAUDE_CALLBACK_URLS.includes(uri)) {
+            continue;
+        }
+        // Check if URI is in allowed list
+        if (!allowedUris.includes(uri) && !allowedUris.includes('*')) {
+            return { valid: false, error: `redirect_uri not allowed: ${uri}` };
+        }
+        // Validate URI format
+        try {
+            const parsed = new URL(uri);
+            // Require HTTPS for non-localhost URIs
+            if (parsed.protocol !== 'https:' && parsed.hostname !== 'localhost') {
+                return { valid: false, error: `redirect_uri must use HTTPS: ${uri}` };
+            }
+        }
+        catch {
+            return { valid: false, error: `Invalid redirect_uri format: ${uri}` };
+        }
+    }
+    return { valid: true };
+}
+/**
+ * In-memory Client Store Implementation
+ */
+class InMemoryClientStore {
+    clients = new Map();
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    async registerClient(request) {
+        // Validate client_name
+        if (!request.client_name || request.client_name.trim() === '') {
+            return {
+                success: false,
+                error: 'invalid_client_metadata',
+                errorDescription: 'client_name is required',
+            };
+        }
+        // Validate redirect_uris (Requirement 24.3)
+        const uriValidation = validateRedirectUris(request.redirect_uris, this.config.allowedRedirectUris);
+        if (!uriValidation.valid) {
+            return {
+                success: false,
+                error: 'invalid_redirect_uri',
+                errorDescription: uriValidation.error,
+            };
+        }
+        // Generate client_id
+        const clientId = `sage_${randomBytes(16).toString('hex')}`;
+        // Create client metadata
+        const client = {
+            client_id: clientId,
+            client_name: request.client_name,
+            redirect_uris: request.redirect_uris,
+            response_types: request.response_types || ['code'],
+            grant_types: request.grant_types || ['authorization_code', 'refresh_token'],
+            token_endpoint_auth_method: request.token_endpoint_auth_method || 'none',
+            client_id_issued_at: Math.floor(Date.now() / 1000),
+        };
+        // Store client
+        this.clients.set(clientId, client);
+        return { success: true, client };
+    }
+    async getClient(clientId) {
+        return this.clients.get(clientId) || null;
+    }
+    async deleteClient(clientId) {
+        return this.clients.delete(clientId);
+    }
+    async isValidRedirectUri(clientId, redirectUri) {
+        const client = await this.getClient(clientId);
+        if (!client) {
+            return false;
+        }
+        // Requirement 30.5: Exact match validation
+        return client.redirect_uris.includes(redirectUri);
+    }
+}
+/**
+ * Create a Client Store instance
+ */
+export function createClientStore(config) {
+    return new InMemoryClientStore(config);
+}
+//# sourceMappingURL=client-store.js.map

package/dist/oauth/client-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-store.js","sourceRoot":"","sources":["../../src/oauth/client-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAGL,oBAAoB,GACrB,MAAM,YAAY,CAAC;AA6BpB;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,IAAc,EACd,WAAqB;IAErB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;IAC9D,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,2DAA2D;QAC3D,IAAI,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,SAAS;QACX,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,GAAG,EAAE,EAAE,CAAC;QACrE,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,uCAAuC;YACvC,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACpE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,GAAG,EAAE,EAAE,CAAC;YACxE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,GAAG,EAAE,EAAE,CAAC;QACxE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,mBAAmB;IACf,OAAO,GAA6B,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,CAAoB;IAElC,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAkC;QACrD,uBAAuB;QACvB,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC9D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yBAAyB;gBAChC,gBAAgB,EAAE,yBAAyB;aAC5C,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACnG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,sBAAsB;gBAC7B,gBAAgB,EAAE,aAAa,CAAC,KAAK;aACtC,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,QAAQ,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAE3D,yBAAyB;QACzB,MAAM,MAAM,GAAgB;YAC1B,SAAS,EAAE,QAAQ;YACnB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC;YAClD,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,oBAAoB,EAAE,eAAe,CAAC;YAC3E,0BAA0B,EAAE,OAAO,CAAC,0BAA0B,IAAI,MAAM;YACxE,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACnD,CAAC;QAEF,eAAe;QACf,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,QAAgB,EAAE,WAAmB;QAC5D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2CAA2C;QAC3C,OAAO,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACpD,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAyB;IACzD,OAAO,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC"}

package/dist/oauth/code-store.d.ts

@@ -0,0 +1,48 @@
+/**
+ * OAuth Authorization Code Store
+ * Requirements: 25.9, 25.10, 26.4
+ *
+ * Manages authorization code generation, storage, and validation.
+ */
+import { AuthorizationCode, CodeChallengeMethod } from './types.js';
+/**
+ * Configuration for Authorization Code Store
+ */
+export interface AuthorizationCodeStoreConfig {
+    expirySeconds: number;
+}
+/**
+ * Options for generating an authorization code
+ */
+export interface GenerateCodeOptions {
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    codeChallenge: string;
+    codeChallengeMethod: CodeChallengeMethod;
+    userId: string;
+    resource?: string;
+}
+/**
+ * Result of validating an authorization code
+ */
+export interface CodeValidationResult {
+    valid: boolean;
+    codeData?: AuthorizationCode;
+    error?: string;
+}
+/**
+ * Authorization Code Store Interface
+ */
+export interface AuthorizationCodeStore {
+    generateCode(options: GenerateCodeOptions): Promise<string>;
+    validateCode(code: string, clientId: string): Promise<CodeValidationResult>;
+    consumeCode(code: string, clientId: string): Promise<CodeValidationResult>;
+    revokeCode(code: string): Promise<void>;
+    cleanup(): Promise<number>;
+}
+/**
+ * Create an Authorization Code Store instance
+ */
+export declare function createAuthorizationCodeStore(config: AuthorizationCodeStoreConfig): AuthorizationCodeStore;
+//# sourceMappingURL=code-store.d.ts.map

package/dist/oauth/code-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-store.d.ts","sourceRoot":"","sources":["../../src/oauth/code-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5D,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC5E,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC3E,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5B;AAkGD;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,4BAA4B,GACnC,sBAAsB,CAExB"}

package/dist/oauth/code-store.js

@@ -0,0 +1,89 @@
+/**
+ * OAuth Authorization Code Store
+ * Requirements: 25.9, 25.10, 26.4
+ *
+ * Manages authorization code generation, storage, and validation.
+ */
+import { randomBytes } from 'crypto';
+/**
+ * In-memory Authorization Code Store Implementation
+ */
+class InMemoryAuthorizationCodeStore {
+    codes = new Map();
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    async generateCode(options) {
+        // Generate secure random code
+        const code = randomBytes(32).toString('base64url');
+        const now = Date.now();
+        const expiresAt = now + this.config.expirySeconds * 1000;
+        const codeData = {
+            code,
+            client_id: options.clientId,
+            redirect_uri: options.redirectUri,
+            scope: options.scope,
+            code_challenge: options.codeChallenge,
+            code_challenge_method: options.codeChallengeMethod,
+            resource: options.resource,
+            user_id: options.userId,
+            created_at: now,
+            expires_at: expiresAt,
+            used: false,
+        };
+        this.codes.set(code, codeData);
+        return code;
+    }
+    async validateCode(code, clientId) {
+        const codeData = this.codes.get(code);
+        if (!codeData) {
+            return { valid: false, error: 'invalid_grant' };
+        }
+        // Check if code has been used
+        if (codeData.used) {
+            return { valid: false, error: 'invalid_grant' };
+        }
+        // Check if code has expired
+        if (Date.now() > codeData.expires_at) {
+            this.codes.delete(code);
+            return { valid: false, error: 'invalid_grant' };
+        }
+        // Verify client_id matches
+        if (codeData.client_id !== clientId) {
+            return { valid: false, error: 'invalid_grant' };
+        }
+        return { valid: true, codeData };
+    }
+    async consumeCode(code, clientId) {
+        const validationResult = await this.validateCode(code, clientId);
+        if (!validationResult.valid) {
+            return validationResult;
+        }
+        // Mark code as used (Requirement 25.10: one-time use)
+        const codeData = this.codes.get(code);
+        codeData.used = true;
+        return validationResult;
+    }
+    async revokeCode(code) {
+        this.codes.delete(code);
+    }
+    async cleanup() {
+        const now = Date.now();
+        let cleanedCount = 0;
+        for (const [code, data] of this.codes.entries()) {
+            if (data.expires_at < now || data.used) {
+                this.codes.delete(code);
+                cleanedCount++;
+            }
+        }
+        return cleanedCount;
+    }
+}
+/**
+ * Create an Authorization Code Store instance
+ */
+export function createAuthorizationCodeStore(config) {
+    return new InMemoryAuthorizationCodeStore(config);
+}
+//# sourceMappingURL=code-store.js.map

package/dist/oauth/code-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-store.js","sourceRoot":"","sources":["../../src/oauth/code-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AA2CrC;;GAEG;AACH,MAAM,8BAA8B;IAC1B,KAAK,GAAmC,IAAI,GAAG,EAAE,CAAC;IAClD,MAAM,CAA+B;IAE7C,YAAY,MAAoC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAA4B;QAC7C,8BAA8B;QAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAEnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;QAEzD,MAAM,QAAQ,GAAsB;YAClC,IAAI;YACJ,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,YAAY,EAAE,OAAO,CAAC,WAAW;YACjC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,cAAc,EAAE,OAAO,CAAC,aAAa;YACrC,qBAAqB,EAAE,OAAO,CAAC,mBAAmB;YAClD,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,OAAO,EAAE,OAAO,CAAC,MAAM;YACvB,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,KAAK;SACZ,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,QAAgB;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEtC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QAClD,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,QAAgB;QAC9C,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEjE,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAED,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;QAErB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,UAAU,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACvC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACxB,YAAY,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAC1C,MAAoC;IAEpC,OAAO,IAAI,8BAA8B,CAAC,MAAM,CAAC,CAAC;AACpD,CAAC"}

package/dist/oauth/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * OAuth 2.1 Module Exports
+ * Requirements: 21-31
+ */
+export * from './types.js';
+export { generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, isValidCodeVerifier, isValidCodeChallenge } from './pkce.js';
+export { createTokenService, generateKeyPair, TokenService } from './token-service.js';
+export { createAuthorizationCodeStore, AuthorizationCodeStore } from './code-store.js';
+export { createRefreshTokenStore, RefreshTokenStore } from './refresh-token-store.js';
+export { createClientStore, ClientStore } from './client-store.js';
+export { OAuthServer, createOAuthServer, OAuthServerConfig } from './oauth-server.js';
+export { OAuthHandler, createOAuthHandler, OAuthHandlerConfig } from './oauth-handler.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,cAAc,YAAY,CAAC;AAG3B,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAGxI,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGvF,OAAO,EAAE,4BAA4B,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAGvF,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAGtF,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGtF,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/oauth/index.js

@@ -0,0 +1,21 @@
+/**
+ * OAuth 2.1 Module Exports
+ * Requirements: 21-31
+ */
+// Types
+export * from './types.js';
+// PKCE
+export { generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, isValidCodeVerifier, isValidCodeChallenge } from './pkce.js';
+// Token Service
+export { createTokenService, generateKeyPair } from './token-service.js';
+// Authorization Code Store
+export { createAuthorizationCodeStore } from './code-store.js';
+// Refresh Token Store
+export { createRefreshTokenStore } from './refresh-token-store.js';
+// Client Store
+export { createClientStore } from './client-store.js';
+// OAuth Server
+export { OAuthServer, createOAuthServer } from './oauth-server.js';
+// OAuth Handler
+export { OAuthHandler, createOAuthHandler } from './oauth-handler.js';
+//# sourceMappingURL=index.js.map

package/dist/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,OAAO;AACP,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAExI,gBAAgB;AAChB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAgB,MAAM,oBAAoB,CAAC;AAEvF,2BAA2B;AAC3B,OAAO,EAAE,4BAA4B,EAA0B,MAAM,iBAAiB,CAAC;AAEvF,sBAAsB;AACtB,OAAO,EAAE,uBAAuB,EAAqB,MAAM,0BAA0B,CAAC;AAEtF,eAAe;AACf,OAAO,EAAE,iBAAiB,EAAe,MAAM,mBAAmB,CAAC;AAEnE,eAAe;AACf,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAqB,MAAM,mBAAmB,CAAC;AAEtF,gBAAgB;AAChB,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAsB,MAAM,oBAAoB,CAAC"}

package/dist/oauth/oauth-handler.d.ts

@@ -0,0 +1,101 @@
+/**
+ * OAuth HTTP Handler
+ * Requirements: 22-31 (OAuth 2.1 HTTP Endpoints)
+ *
+ * Handles OAuth HTTP endpoints including metadata, DCR, authorization, and token endpoints.
+ */
+import { IncomingMessage, ServerResponse } from 'http';
+import { OAuthServer, OAuthServerConfig } from './oauth-server.js';
+/**
+ * OAuth Handler Configuration
+ */
+export interface OAuthHandlerConfig extends OAuthServerConfig {
+}
+/**
+ * OAuth Handler Class
+ */
+export declare class OAuthHandler {
+    private server;
+    constructor(server: OAuthServer, _config: OAuthHandlerConfig);
+    /**
+     * Handle an HTTP request
+     */
+    handleRequest(req: IncomingMessage, res: ServerResponse): Promise<boolean>;
+    /**
+     * Handle Protected Resource Metadata (RFC 9728)
+     * Requirement 22.1-22.3
+     */
+    private handleProtectedResourceMetadata;
+    /**
+     * Handle Authorization Server Metadata (RFC 8414)
+     * Requirement 23.1-23.9
+     */
+    private handleAuthorizationServerMetadata;
+    /**
+     * Handle Dynamic Client Registration (RFC 7591)
+     * Requirement 24.1-24.8
+     */
+    private handleClientRegistration;
+    /**
+     * Handle Authorization Endpoint (GET)
+     * Requirement 25.1-25.10
+     */
+    private handleAuthorization;
+    /**
+     * Handle Authorization Submit (POST)
+     * Requirement 25.9, 25.10, 28.4, 28.5
+     */
+    private handleAuthorizationSubmit;
+    /**
+     * Handle Login Page (GET)
+     * Requirement 29.1
+     */
+    private handleLoginPage;
+    /**
+     * Handle Login Submit (POST)
+     * Requirement 29.1-29.5
+     */
+    private handleLoginSubmit;
+    /**
+     * Handle Token Endpoint (POST)
+     * Requirement 26.1-26.9
+     */
+    private handleToken;
+    /**
+     * Handle authorization_code grant
+     * Requirement 26.2, 26.4, 26.5
+     */
+    private handleAuthorizationCodeGrant;
+    /**
+     * Handle refresh_token grant
+     * Requirement 26.3, 26.8
+     */
+    private handleRefreshTokenGrant;
+    /**
+     * Read request body
+     */
+    private readBody;
+    /**
+     * Render login page HTML
+     * Requirement 29.1
+     */
+    private renderLoginPage;
+    /**
+     * Render consent page HTML
+     * Requirement 28.1-28.4
+     */
+    private renderConsentPage;
+    /**
+     * Render error page HTML
+     */
+    private renderErrorPage;
+    /**
+     * Escape HTML special characters
+     */
+    private escapeHtml;
+}
+/**
+ * Create an OAuth Handler instance
+ */
+export declare function createOAuthHandler(config: OAuthHandlerConfig): Promise<OAuthHandler>;
+//# sourceMappingURL=oauth-handler.d.ts.map

package/dist/oauth/oauth-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-handler.d.ts","sourceRoot":"","sources":["../../src/oauth/oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGnE;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,iBAAiB;CAE5D;AA0DD;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB;IAK5D;;OAEG;IACG,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IAwDhF;;;OAGG;IACH,OAAO,CAAC,+BAA+B;IAMvC;;;OAGG;IACH,OAAO,CAAC,iCAAiC;IAMzC;;;OAGG;YACW,wBAAwB;IA6BtC;;;OAGG;YACW,mBAAmB;IAmFjC;;;OAGG;YACW,yBAAyB;IAsDvC;;;OAGG;YACW,eAAe;IAM7B;;;OAGG;YACW,iBAAiB;IAyC/B;;;OAGG;YACW,WAAW;IAmBzB;;;OAGG;YACW,4BAA4B;IA+C1C;;;OAGG;YACW,uBAAuB;IAyCrC;;OAEG;IACH,OAAO,CAAC,QAAQ;IAWhB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAyCvB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAiDzB;;OAEG;IACH,OAAO,CAAC,eAAe;IA0BvB;;OAEG;IACH,OAAO,CAAC,UAAU;CAQnB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,YAAY,CAAC,CAI1F"}