@simulacrum/auth0-simulator 0.11.1 → 0.11.3

package/dist/handlers/oauth-handlers.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-handlers.mjs","names":["user: Auth0User | undefined","nonce: string | undefined","refreshToken: RefreshToken","context: RuleContext<Partial<AccessTokenPayload>, IdTokenData>","userData: RuleUser","idTokenData: IdTokenData","username: string","password: string | undefined","decodeBase64"],"sources":["../../src/handlers/oauth-handlers.ts"],"sourcesContent":["import { assert } from \"assert-ts\";\nimport { decode, decode as decodeBase64 } from \"base64-url\";\nimport { epochTime, expiresAt } from \"../auth/date.ts\";\nimport { createJsonWebToken } from \"../auth/jwt.ts\";\nimport { createRulesRunner } from \"../rules/rules-runner.ts\";\nimport { deriveScope, createPersonQuery } from \"./utils.ts\";\n\nimport type { Request } from \"express\";\nimport type { RuleContext, RuleUser } from \"../rules/types.ts\";\nimport type {\n  ScopeConfig,\n  AccessTokenPayload,\n  GrantType,\n  IdTokenData,\n  RefreshToken,\n} from \"../types.ts\";\nimport {\n  createRefreshToken,\n  issueRefreshToken,\n} from \"../auth/refresh-token.ts\";\nimport { type ExtendedSimulationStore } from \"../store/index.ts\";\nimport { type Auth0User } from \"../store/entities.ts\";\n\nexport const createTokens = async ({\n  body,\n  iss,\n  clientID,\n  audience,\n  rulesDirectory,\n  scope: scopeConfig,\n  simulationStore,\n}: {\n  body: Request[\"body\"];\n  iss: string;\n  clientID: string;\n  audience: string;\n  rulesDirectory: string | undefined;\n  scope: ScopeConfig;\n  simulationStore: ExtendedSimulationStore;\n}) => {\n  let { grant_type }: { grant_type: GrantType } = body;\n  let scope = deriveScope({ scopeConfig, clientID, audience });\n\n  let accessToken = getBaseAccessToken({ iss, grant_type, scope, audience });\n  let user: Auth0User | undefined;\n  let nonce: string | undefined;\n\n  if (grant_type === \"client_credentials\") {\n    return { access_token: createJsonWebToken(accessToken) };\n  }\n  // TODO: check refresh_token expiry date\n  else if (grant_type === \"refresh_token\") {\n    let { refresh_token: refreshTokenValue } = body;\n    let refreshToken: RefreshToken = JSON.parse(decode(refreshTokenValue));\n\n    let findUser = createPersonQuery(simulationStore);\n\n    user = findUser((person) => person.id === refreshToken.user.id);\n\n    nonce = refreshToken.nonce;\n    assert(!!nonce, `400::No nonce in request`);\n  } else {\n    let result = verifyUserExistsInStore({\n      simulationStore,\n      body,\n      grant_type,\n    });\n\n    user = result.user;\n    nonce = result.nonce;\n  }\n\n  assert(!!user, \"500::No user found\");\n\n  let { idTokenData, userData } = getIdToken({\n    body,\n    iss,\n    user,\n    clientID,\n    nonce,\n  });\n\n  let context: RuleContext<Partial<AccessTokenPayload>, IdTokenData> = {\n    clientID,\n    accessToken: { scope, sub: idTokenData.sub },\n    idToken: idTokenData,\n  };\n\n  let rulesRunner = createRulesRunner(rulesDirectory);\n  // the rules mutate the values\n  await rulesRunner(userData, context);\n\n  return {\n    access_token: createJsonWebToken({\n      ...accessToken,\n      ...context.accessToken,\n      ...(scope.split(\" \").includes(\"email\") ? { email: user.email } : {}),\n    }),\n    id_token: createJsonWebToken({\n      ...userData,\n      ...context.idToken,\n    }),\n    refresh_token: issueRefreshToken(scope, grant_type)\n      ? createRefreshToken({\n          exp: idTokenData.exp,\n          rotations: 0,\n          scope,\n          user,\n          nonce,\n        })\n      : undefined,\n  };\n};\n\nexport const getIdToken = ({\n  body,\n  iss,\n  user,\n  clientID,\n  nonce,\n}: {\n  body: Request[\"body\"];\n  iss: string;\n  user: Auth0User;\n  clientID: string;\n  nonce: string | undefined;\n}) => {\n  let userData: RuleUser = {\n    name: body?.name ?? user.name,\n    email: body?.email ?? user.email,\n    email_verified: true,\n    user_id: body?.id ?? user.id,\n    nickname: body?.nickname,\n    picture: body?.picture ?? user.picture,\n    identities: body?.identities,\n  };\n\n  assert(!!user.email, \"500::User in store requires an email\");\n\n  let idTokenData: IdTokenData = {\n    alg: \"RS256\",\n    typ: \"JWT\",\n    iss,\n    exp: expiresAt(),\n    iat: epochTime(),\n    email: user.email,\n    aud: clientID,\n    sub: user.id,\n  };\n\n  if (typeof nonce !== \"undefined\") {\n    idTokenData.nonce = nonce;\n  }\n\n  return { userData, idTokenData };\n};\n\nexport const getBaseAccessToken = ({\n  iss,\n  grant_type,\n  scope,\n  audience,\n}: {\n  iss: string;\n  grant_type: string;\n  scope: string;\n  audience: string;\n}): Partial<AccessTokenPayload> => ({\n  iss,\n  exp: expiresAt(),\n  iat: epochTime(),\n  aud: audience,\n  gty: grant_type,\n  scope,\n});\n\nconst verifyUserExistsInStore = ({\n  simulationStore,\n  body,\n  grant_type,\n}: {\n  simulationStore: ExtendedSimulationStore;\n  body: Request[\"body\"];\n  grant_type: string;\n}) => {\n  let { code } = body;\n  let personQuery = createPersonQuery(simulationStore);\n  let nonce: string | undefined;\n  let username: string;\n  let password: string | undefined;\n\n  if (grant_type === \"http://auth0.com/oauth/grant-type/passwordless/otp\") {\n    username = body.username;\n  } else if (grant_type === \"password\") {\n    username = body.username;\n    password = body.password;\n  } else {\n    // specifically grant_type === 'authorization_code'\n    // but naively using it to handle other cases at the moment\n    assert(typeof code !== \"undefined\", \"400::no code in /oauth/token\");\n    [nonce, username] = decodeBase64(code).split(\":\");\n    assert(!!username, `400::no nonce in store for ${code}`);\n  }\n\n  let user: Auth0User | undefined = personQuery((person) => {\n    assert(!!person.email, `500::no email defined on person scenario`);\n\n    let valid = person.email.toLowerCase() === username.toLowerCase();\n\n    if (typeof password === \"undefined\") {\n      return valid;\n    } else {\n      return valid && password === person.password;\n    }\n  });\n\n  assert(!!user, \"401::Unauthorized\");\n\n  return { user, nonce };\n};\n"],"mappings":";;;;;;;;;;;AAuBA,MAAa,eAAe,OAAO,EACjC,MACA,KACA,UACA,UACA,gBACA,OAAO,aACP,sBASI;CACJ,IAAI,EAAE,eAA0C;CAChD,IAAI,QAAQ,YAAY;EAAE;EAAa;EAAU;EAAU,CAAC;CAE5D,IAAI,cAAc,mBAAmB;EAAE;EAAK;EAAY;EAAO;EAAU,CAAC;CAC1E,IAAIA;CACJ,IAAIC;AAEJ,KAAI,eAAe,qBACjB,QAAO,EAAE,cAAc,mBAAmB,YAAY,EAAE;UAGjD,eAAe,iBAAiB;EACvC,IAAI,EAAE,eAAe,sBAAsB;EAC3C,IAAIC,eAA6B,KAAK,MAAM,OAAO,kBAAkB,CAAC;AAItE,SAFe,kBAAkB,gBAAgB,EAEhC,WAAW,OAAO,OAAO,aAAa,KAAK,GAAG;AAE/D,UAAQ,aAAa;AACrB,SAAO,CAAC,CAAC,OAAO,2BAA2B;QACtC;EACL,IAAI,SAAS,wBAAwB;GACnC;GACA;GACA;GACD,CAAC;AAEF,SAAO,OAAO;AACd,UAAQ,OAAO;;AAGjB,QAAO,CAAC,CAAC,MAAM,qBAAqB;CAEpC,IAAI,EAAE,aAAa,aAAa,WAAW;EACzC;EACA;EACA;EACA;EACA;EACD,CAAC;CAEF,IAAIC,UAAiE;EACnE;EACA,aAAa;GAAE;GAAO,KAAK,YAAY;GAAK;EAC5C,SAAS;EACV;AAID,OAFkB,kBAAkB,eAAe,CAEjC,UAAU,QAAQ;AAEpC,QAAO;EACL,cAAc,mBAAmB;GAC/B,GAAG;GACH,GAAG,QAAQ;GACX,GAAI,MAAM,MAAM,IAAI,CAAC,SAAS,QAAQ,GAAG,EAAE,OAAO,KAAK,OAAO,GAAG,EAAE;GACpE,CAAC;EACF,UAAU,mBAAmB;GAC3B,GAAG;GACH,GAAG,QAAQ;GACZ,CAAC;EACF,eAAe,kBAAkB,OAAO,WAAW,GAC/C,mBAAmB;GACjB,KAAK,YAAY;GACjB,WAAW;GACX;GACA;GACA;GACD,CAAC,GACF;EACL;;AAGH,MAAa,cAAc,EACzB,MACA,KACA,MACA,UACA,YAOI;CACJ,IAAIC,WAAqB;EACvB,MAAM,MAAM,QAAQ,KAAK;EACzB,OAAO,MAAM,SAAS,KAAK;EAC3B,gBAAgB;EAChB,SAAS,MAAM,MAAM,KAAK;EAC1B,UAAU,MAAM;EAChB,SAAS,MAAM,WAAW,KAAK;EAC/B,YAAY,MAAM;EACnB;AAED,QAAO,CAAC,CAAC,KAAK,OAAO,uCAAuC;CAE5D,IAAIC,cAA2B;EAC7B,KAAK;EACL,KAAK;EACL;EACA,KAAK,WAAW;EAChB,KAAK,WAAW;EAChB,OAAO,KAAK;EACZ,KAAK;EACL,KAAK,KAAK;EACX;AAED,KAAI,OAAO,UAAU,YACnB,aAAY,QAAQ;AAGtB,QAAO;EAAE;EAAU;EAAa;;AAGlC,MAAa,sBAAsB,EACjC,KACA,YACA,OACA,gBAMkC;CAClC;CACA,KAAK,WAAW;CAChB,KAAK,WAAW;CAChB,KAAK;CACL,KAAK;CACL;CACD;AAED,MAAM,2BAA2B,EAC/B,iBACA,MACA,iBAKI;CACJ,IAAI,EAAE,SAAS;CACf,IAAI,cAAc,kBAAkB,gBAAgB;CACpD,IAAIJ;CACJ,IAAIK;CACJ,IAAIC;AAEJ,KAAI,eAAe,qDACjB,YAAW,KAAK;UACP,eAAe,YAAY;AACpC,aAAW,KAAK;AAChB,aAAW,KAAK;QACX;AAGL,SAAO,OAAO,SAAS,aAAa,+BAA+B;AACnE,GAAC,OAAO,YAAYC,OAAa,KAAK,CAAC,MAAM,IAAI;AACjD,SAAO,CAAC,CAAC,UAAU,8BAA8B,OAAO;;CAG1D,IAAIR,OAA8B,aAAa,WAAW;AACxD,SAAO,CAAC,CAAC,OAAO,OAAO,2CAA2C;EAElE,IAAI,QAAQ,OAAO,MAAM,aAAa,KAAK,SAAS,aAAa;AAEjE,MAAI,OAAO,aAAa,YACtB,QAAO;MAEP,QAAO,SAAS,aAAa,OAAO;GAEtC;AAEF,QAAO,CAAC,CAAC,MAAM,oBAAoB;AAEnC,QAAO;EAAE;EAAM;EAAO"}

package/dist/handlers/openid-handlers.cjs

@@ -0,0 +1,32 @@
+const require_constants = require('../auth/constants.cjs');
+const require_url = require('./url.cjs');
+
+//#region src/handlers/openid-handlers.ts
+const createOpenIdHandlers = (serviceURL) => {
+	return {
+		["/.well-known/jwks.json"]: function(_, res) {
+			res.status(200).json(require_constants.JWKS);
+		},
+		["/.well-known/openid-configuration"]: function(req, res) {
+			let url = require_url.removeTrailingSlash(serviceURL(req));
+			res.status(200).json({
+				issuer: `${url}/`,
+				authorization_endpoint: [url, "authorize"].join("/"),
+				token_endpoint: [
+					url,
+					"oauth",
+					"token"
+				].join("/"),
+				userinfo_endpoint: [url, "userinfo"].join("/"),
+				jwks_uri: [
+					url,
+					".well-known",
+					"jwks.json"
+				].join("/")
+			});
+		}
+	};
+};
+
+//#endregion
+exports.createOpenIdHandlers = createOpenIdHandlers;

package/dist/handlers/openid-handlers.mjs

@@ -0,0 +1,33 @@
+import { JWKS } from "../auth/constants.mjs";
+import { removeTrailingSlash } from "./url.mjs";
+
+//#region src/handlers/openid-handlers.ts
+const createOpenIdHandlers = (serviceURL) => {
+	return {
+		["/.well-known/jwks.json"]: function(_, res) {
+			res.status(200).json(JWKS);
+		},
+		["/.well-known/openid-configuration"]: function(req, res) {
+			let url = removeTrailingSlash(serviceURL(req));
+			res.status(200).json({
+				issuer: `${url}/`,
+				authorization_endpoint: [url, "authorize"].join("/"),
+				token_endpoint: [
+					url,
+					"oauth",
+					"token"
+				].join("/"),
+				userinfo_endpoint: [url, "userinfo"].join("/"),
+				jwks_uri: [
+					url,
+					".well-known",
+					"jwks.json"
+				].join("/")
+			});
+		}
+	};
+};
+
+//#endregion
+export { createOpenIdHandlers };
+//# sourceMappingURL=openid-handlers.mjs.map

package/dist/handlers/openid-handlers.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"openid-handlers.mjs","names":[],"sources":["../../src/handlers/openid-handlers.ts"],"sourcesContent":["import type { Request, RequestHandler } from \"express\";\nimport { JWKS } from \"../auth/constants.ts\";\nimport { removeTrailingSlash } from \"./url.ts\";\n\ntype Routes = \"/jwks.json\" | \"/openid-configuration\";\n\nexport type OpenIdRoutes = `${`/.well-known`}${Routes}`;\n\nexport interface OpenIdConfiguration {\n  issuer: string;\n  authorization_endpoint: string;\n  token_endpoint: string;\n  userinfo_endpoint: string;\n  jwks_uri: string;\n}\n\nexport const createOpenIdHandlers = (\n  serviceURL: (request: Request) => string\n): Record<OpenIdRoutes, RequestHandler> => {\n  return {\n    [\"/.well-known/jwks.json\"]: function (_, res) {\n      res.status(200).json(JWKS);\n    },\n\n    [\"/.well-known/openid-configuration\"]: function (req, res) {\n      let url = removeTrailingSlash(serviceURL(req));\n\n      res.status(200).json({\n        issuer: `${url}/`,\n        authorization_endpoint: [url, \"authorize\"].join(\"/\"),\n        token_endpoint: [url, \"oauth\", \"token\"].join(\"/\"),\n        userinfo_endpoint: [url, \"userinfo\"].join(\"/\"),\n        jwks_uri: [url, \".well-known\", \"jwks.json\"].join(\"/\"),\n      });\n    },\n  };\n};\n"],"mappings":";;;;AAgBA,MAAa,wBACX,eACyC;AACzC,QAAO;EACL,CAAC,2BAA2B,SAAU,GAAG,KAAK;AAC5C,OAAI,OAAO,IAAI,CAAC,KAAK,KAAK;;EAG5B,CAAC,sCAAsC,SAAU,KAAK,KAAK;GACzD,IAAI,MAAM,oBAAoB,WAAW,IAAI,CAAC;AAE9C,OAAI,OAAO,IAAI,CAAC,KAAK;IACnB,QAAQ,GAAG,IAAI;IACf,wBAAwB,CAAC,KAAK,YAAY,CAAC,KAAK,IAAI;IACpD,gBAAgB;KAAC;KAAK;KAAS;KAAQ,CAAC,KAAK,IAAI;IACjD,mBAAmB,CAAC,KAAK,WAAW,CAAC,KAAK,IAAI;IAC9C,UAAU;KAAC;KAAK;KAAe;KAAY,CAAC,KAAK,IAAI;IACtD,CAAC;;EAEL"}

package/dist/handlers/url.cjs

@@ -0,0 +1,6 @@
+
+//#region src/handlers/url.ts
+const removeTrailingSlash = (url) => url.replace(/\/$/, "");
+
+//#endregion
+exports.removeTrailingSlash = removeTrailingSlash;

package/dist/handlers/url.mjs

@@ -0,0 +1,6 @@
+//#region src/handlers/url.ts
+const removeTrailingSlash = (url) => url.replace(/\/$/, "");
+
+//#endregion
+export { removeTrailingSlash };
+//# sourceMappingURL=url.mjs.map

package/dist/handlers/url.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.mjs","names":[],"sources":["../../src/handlers/url.ts"],"sourcesContent":["export const removeTrailingSlash = (url: string): string =>\n  url.replace(/\\/$/, \"\");\n"],"mappings":";AAAA,MAAa,uBAAuB,QAClC,IAAI,QAAQ,OAAO,GAAG"}

package/dist/handlers/utils.cjs

@@ -0,0 +1,25 @@
+const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+let assert_ts = require("assert-ts");
+
+//#region src/handlers/utils.ts
+const createPersonQuery = (store) => (predicate) => {
+	return store.schema.users.selectTableAsList(store.store.getState()).find(predicate);
+};
+const deriveScope = ({ scopeConfig, clientID, audience }) => {
+	if (typeof scopeConfig === "string") return scopeConfig;
+	let defaultScope = scopeConfig.find((application$1) => application$1.clientID === "default");
+	(0, assert_ts.assert)(!!clientID, `500::Did not have a clientID to derive the scope`);
+	let application = scopeConfig.find((application$1) => application$1.clientID === clientID && (application$1.audience ? application$1.audience === audience : true));
+	if (!application) {
+		let ignoreAudience = scopeConfig.find((application$1) => application$1.clientID === clientID);
+		(0, assert_ts.assert)(ignoreAudience === void 0, `500::Found application matching clientID, ${ignoreAudience?.clientID}, but incorrect audience, configured: ${ignoreAudience?.audience} :: passed: ${audience}`);
+	}
+	if (!application && defaultScope) application = defaultScope;
+	(0, assert_ts.assert)(!!application, `500::Could not find application with clientID: ${clientID}`);
+	(0, assert_ts.assert)(!!application.scope, `500::${application.clientID} is expected to have a scope`);
+	return application.scope;
+};
+
+//#endregion
+exports.createPersonQuery = createPersonQuery;
+exports.deriveScope = deriveScope;

package/dist/handlers/utils.mjs

@@ -0,0 +1,24 @@
+import { assert } from "assert-ts";
+
+//#region src/handlers/utils.ts
+const createPersonQuery = (store) => (predicate) => {
+	return store.schema.users.selectTableAsList(store.store.getState()).find(predicate);
+};
+const deriveScope = ({ scopeConfig, clientID, audience }) => {
+	if (typeof scopeConfig === "string") return scopeConfig;
+	let defaultScope = scopeConfig.find((application$1) => application$1.clientID === "default");
+	assert(!!clientID, `500::Did not have a clientID to derive the scope`);
+	let application = scopeConfig.find((application$1) => application$1.clientID === clientID && (application$1.audience ? application$1.audience === audience : true));
+	if (!application) {
+		let ignoreAudience = scopeConfig.find((application$1) => application$1.clientID === clientID);
+		assert(ignoreAudience === void 0, `500::Found application matching clientID, ${ignoreAudience?.clientID}, but incorrect audience, configured: ${ignoreAudience?.audience} :: passed: ${audience}`);
+	}
+	if (!application && defaultScope) application = defaultScope;
+	assert(!!application, `500::Could not find application with clientID: ${clientID}`);
+	assert(!!application.scope, `500::${application.clientID} is expected to have a scope`);
+	return application.scope;
+};
+
+//#endregion
+export { createPersonQuery, deriveScope };
+//# sourceMappingURL=utils.mjs.map

package/dist/handlers/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.mjs","names":["application"],"sources":["../../src/handlers/utils.ts"],"sourcesContent":["import { assert } from \"assert-ts\";\nimport type { ScopeConfig } from \"../types.ts\";\nimport type { ExtendedSimulationStore } from \"../store/index.ts\";\nimport type { Auth0User } from \"../store/entities.ts\";\n\ntype Predicate<T> = (this: void, value: T, index: number, obj: T[]) => boolean;\n\nexport const createPersonQuery =\n  (store: ExtendedSimulationStore) => (predicate: Predicate<Auth0User>) => {\n    const users = store.schema.users.selectTableAsList(store.store.getState());\n    return users.find(predicate);\n  };\n\nexport const deriveScope = ({\n  scopeConfig,\n  clientID,\n  audience,\n}: {\n  scopeConfig: ScopeConfig;\n  clientID: string;\n  audience: string;\n}) => {\n  if (typeof scopeConfig === \"string\") return scopeConfig;\n  let defaultScope = scopeConfig.find(\n    (application) => application.clientID === \"default\"\n  );\n\n  assert(!!clientID, `500::Did not have a clientID to derive the scope`);\n\n  let application = scopeConfig.find(\n    (application) =>\n      application.clientID === clientID &&\n      (application.audience ? application.audience === audience : true)\n  );\n\n  if (!application) {\n    let ignoreAudience = scopeConfig.find(\n      (application) => application.clientID === clientID\n    );\n    assert(\n      ignoreAudience === undefined,\n      `500::Found application matching clientID, ${ignoreAudience?.clientID}, but incorrect audience, configured: ${ignoreAudience?.audience} :: passed: ${audience}`\n    );\n  }\n\n  if (!application && defaultScope) {\n    application = defaultScope;\n  }\n\n  assert(\n    !!application,\n    `500::Could not find application with clientID: ${clientID}`\n  );\n\n  assert(\n    !!application.scope,\n    `500::${application.clientID} is expected to have a scope`\n  );\n\n  return application.scope;\n};\n"],"mappings":";;;AAOA,MAAa,qBACV,WAAoC,cAAoC;AAEvE,QADc,MAAM,OAAO,MAAM,kBAAkB,MAAM,MAAM,UAAU,CAAC,CAC7D,KAAK,UAAU;;AAGhC,MAAa,eAAe,EAC1B,aACA,UACA,eAKI;AACJ,KAAI,OAAO,gBAAgB,SAAU,QAAO;CAC5C,IAAI,eAAe,YAAY,MAC5B,kBAAgBA,cAAY,aAAa,UAC3C;AAED,QAAO,CAAC,CAAC,UAAU,mDAAmD;CAEtE,IAAI,cAAc,YAAY,MAC3B,kBACCA,cAAY,aAAa,aACxBA,cAAY,WAAWA,cAAY,aAAa,WAAW,MAC/D;AAED,KAAI,CAAC,aAAa;EAChB,IAAI,iBAAiB,YAAY,MAC9B,kBAAgBA,cAAY,aAAa,SAC3C;AACD,SACE,mBAAmB,QACnB,6CAA6C,gBAAgB,SAAS,wCAAwC,gBAAgB,SAAS,cAAc,WACtJ;;AAGH,KAAI,CAAC,eAAe,aAClB,eAAc;AAGhB,QACE,CAAC,CAAC,aACF,kDAAkD,WACnD;AAED,QACE,CAAC,CAAC,YAAY,OACd,QAAQ,YAAY,SAAS,8BAC9B;AAED,QAAO,YAAY"}

package/dist/handlers/web-message.cjs

@@ -0,0 +1,23 @@
+const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_web_message = require('../views/web-message.cjs');
+let assert_ts = require("assert-ts");
+let base64_url = require("base64-url");
+
+//#region src/handlers/web-message.ts
+const createWebMessageHandler = () => function(req, res) {
+	(0, assert_ts.assert)(!!req?.session, "no session");
+	let username = req.session.username;
+	(0, assert_ts.assert)(!!username, `no username in authorise`);
+	let { redirect_uri, state, nonce } = req.query;
+	res.set("Content-Type", "text/html");
+	let message = require_web_message.webMessage({
+		code: (0, base64_url.encode)(`${nonce}:${username}`),
+		state,
+		redirect_uri,
+		nonce
+	});
+	res.status(200).send(Buffer.from(message));
+};
+
+//#endregion
+exports.createWebMessageHandler = createWebMessageHandler;

package/dist/handlers/web-message.mjs

@@ -0,0 +1,23 @@
+import { webMessage } from "../views/web-message.mjs";
+import { assert } from "assert-ts";
+import { encode } from "base64-url";
+
+//#region src/handlers/web-message.ts
+const createWebMessageHandler = () => function(req, res) {
+	assert(!!req?.session, "no session");
+	let username = req.session.username;
+	assert(!!username, `no username in authorise`);
+	let { redirect_uri, state, nonce } = req.query;
+	res.set("Content-Type", "text/html");
+	let message = webMessage({
+		code: encode(`${nonce}:${username}`),
+		state,
+		redirect_uri,
+		nonce
+	});
+	res.status(200).send(Buffer.from(message));
+};
+
+//#endregion
+export { createWebMessageHandler };
+//# sourceMappingURL=web-message.mjs.map

package/dist/handlers/web-message.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-message.mjs","names":[],"sources":["../../src/handlers/web-message.ts"],"sourcesContent":["import type { RequestHandler } from \"express\";\nimport { assert } from \"assert-ts\";\nimport { encode } from \"base64-url\";\nimport type { QueryParams } from \"../types.ts\";\nimport { webMessage } from \"../views/web-message.ts\";\n\nexport const createWebMessageHandler = (): RequestHandler =>\n  function (req, res) {\n    assert(!!req?.session, \"no session\");\n\n    let username = req.session.username;\n\n    assert(!!username, `no username in authorise`);\n\n    let { redirect_uri, state, nonce } = req.query as QueryParams;\n\n    res.set(\"Content-Type\", \"text/html\");\n\n    let message = webMessage({\n      code: encode(`${nonce}:${username}`),\n      state,\n      redirect_uri,\n      nonce,\n    });\n\n    res.status(200).send(Buffer.from(message));\n  };\n"],"mappings":";;;;;AAMA,MAAa,gCACX,SAAU,KAAK,KAAK;AAClB,QAAO,CAAC,CAAC,KAAK,SAAS,aAAa;CAEpC,IAAI,WAAW,IAAI,QAAQ;AAE3B,QAAO,CAAC,CAAC,UAAU,2BAA2B;CAE9C,IAAI,EAAE,cAAc,OAAO,UAAU,IAAI;AAEzC,KAAI,IAAI,gBAAgB,YAAY;CAEpC,IAAI,UAAU,WAAW;EACvB,MAAM,OAAO,GAAG,MAAM,GAAG,WAAW;EACpC;EACA;EACA;EACD,CAAC;AAEF,KAAI,OAAO,IAAI,CAAC,KAAK,OAAO,KAAK,QAAQ,CAAC"}