@supabase/auth-js 2.80.1-canary.1 → 2.80.1-canary.2

package/src/GoTrueAdminApi.ts

@@ -21,6 +21,11 @@ import {
   PageParams,
   SIGN_OUT_SCOPES,
   SignOutScope,
+  GoTrueAdminOAuthApi,
+  CreateOAuthClientParams,
+  UpdateOAuthClientParams,
+  OAuthClientResponse,
+  OAuthClientListResponse,
 } from './lib/types'
 import { AuthError, isAuthError } from './lib/errors'
 
@@ -28,6 +33,12 @@ export default class GoTrueAdminApi {
   /** Contains all MFA administration methods. */
   mfa: GoTrueAdminMFAApi
 
+  /**
+   * Contains all OAuth client administration methods.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   */
+  oauth: GoTrueAdminOAuthApi
+
   protected url: string
   protected headers: {
     [key: string]: string
@@ -52,6 +63,14 @@ export default class GoTrueAdminApi {
       listFactors: this._listFactors.bind(this),
       deleteFactor: this._deleteFactor.bind(this),
     }
+    this.oauth = {
+      listClients: this._listOAuthClients.bind(this),
+      createClient: this._createOAuthClient.bind(this),
+      getClient: this._getOAuthClient.bind(this),
+      updateClient: this._updateOAuthClient.bind(this),
+      deleteClient: this._deleteOAuthClient.bind(this),
+      regenerateClientSecret: this._regenerateOAuthClientSecret.bind(this),
+    }
   }
 
   /**
@@ -349,4 +368,171 @@ export default class GoTrueAdminApi {
       throw error
     }
   }
+
+  /**
+   * Lists all OAuth clients with optional pagination.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  private async _listOAuthClients(params?: PageParams): Promise<OAuthClientListResponse> {
+    try {
+      const pagination: Pagination = { nextPage: null, lastPage: 0, total: 0 }
+      const response = await _request(this.fetch, 'GET', `${this.url}/admin/oauth/clients`, {
+        headers: this.headers,
+        noResolveJson: true,
+        query: {
+          page: params?.page?.toString() ?? '',
+          per_page: params?.perPage?.toString() ?? '',
+        },
+        xform: _noResolveJsonResponse,
+      })
+      if (response.error) throw response.error
+
+      const clients = await response.json()
+      const total = response.headers.get('x-total-count') ?? 0
+      const links = response.headers.get('link')?.split(',') ?? []
+      if (links.length > 0) {
+        links.forEach((link: string) => {
+          const page = parseInt(link.split(';')[0].split('=')[1].substring(0, 1))
+          const rel = JSON.parse(link.split(';')[1].split('=')[1])
+          pagination[`${rel}Page`] = page
+        })
+
+        pagination.total = parseInt(total)
+      }
+      return { data: { ...clients, ...pagination }, error: null }
+    } catch (error) {
+      if (isAuthError(error)) {
+        return { data: { clients: [] }, error }
+      }
+      throw error
+    }
+  }
+
+  /**
+   * Creates a new OAuth client.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  private async _createOAuthClient(params: CreateOAuthClientParams): Promise<OAuthClientResponse> {
+    try {
+      return await _request(this.fetch, 'POST', `${this.url}/admin/oauth/clients`, {
+        body: params,
+        headers: this.headers,
+        xform: (client: any) => {
+          return { data: client, error: null }
+        },
+      })
+    } catch (error) {
+      if (isAuthError(error)) {
+        return { data: null, error }
+      }
+
+      throw error
+    }
+  }
+
+  /**
+   * Gets details of a specific OAuth client.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  private async _getOAuthClient(clientId: string): Promise<OAuthClientResponse> {
+    try {
+      return await _request(this.fetch, 'GET', `${this.url}/admin/oauth/clients/${clientId}`, {
+        headers: this.headers,
+        xform: (client: any) => {
+          return { data: client, error: null }
+        },
+      })
+    } catch (error) {
+      if (isAuthError(error)) {
+        return { data: null, error }
+      }
+
+      throw error
+    }
+  }
+
+  /**
+   * Updates an existing OAuth client.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  private async _updateOAuthClient(
+    clientId: string,
+    params: UpdateOAuthClientParams
+  ): Promise<OAuthClientResponse> {
+    try {
+      return await _request(this.fetch, 'PUT', `${this.url}/admin/oauth/clients/${clientId}`, {
+        body: params,
+        headers: this.headers,
+        xform: (client: any) => {
+          return { data: client, error: null }
+        },
+      })
+    } catch (error) {
+      if (isAuthError(error)) {
+        return { data: null, error }
+      }
+
+      throw error
+    }
+  }
+
+  /**
+   * Deletes an OAuth client.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  private async _deleteOAuthClient(
+    clientId: string
+  ): Promise<{ data: null; error: AuthError | null }> {
+    try {
+      await _request(this.fetch, 'DELETE', `${this.url}/admin/oauth/clients/${clientId}`, {
+        headers: this.headers,
+        noResolveJson: true,
+      })
+      return { data: null, error: null }
+    } catch (error) {
+      if (isAuthError(error)) {
+        return { data: null, error }
+      }
+
+      throw error
+    }
+  }
+
+  /**
+   * Regenerates the secret for an OAuth client.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  private async _regenerateOAuthClientSecret(clientId: string): Promise<OAuthClientResponse> {
+    try {
+      return await _request(
+        this.fetch,
+        'POST',
+        `${this.url}/admin/oauth/clients/${clientId}/regenerate_secret`,
+        {
+          headers: this.headers,
+          xform: (client: any) => {
+            return { data: client, error: null }
+          },
+        }
+      )
+    } catch (error) {
+      if (isAuthError(error)) {
+        return { data: null, error }
+      }
+
+      throw error
+    }
+  }
 }