@tinyrack/tinyauth-server 0.0.7

package/dist/routes/oauth/introspect/post.d.ts

@@ -0,0 +1,28 @@
+import type { AppEnv } from '../../../lib/app-env.ts';
+export declare const introspectPost: import("hono/hono-base").HonoBase<AppEnv, {
+    "/introspect": {
+        $post: {
+            input: {
+                form: {
+                    token: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    token_type_hint?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    client_id?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                };
+            };
+            output: {
+                active: boolean;
+                scope?: string | undefined | undefined;
+                client_id?: string | undefined | undefined;
+                token_type?: "Bearer" | undefined | undefined;
+                exp?: number | undefined | undefined;
+                iat?: number | undefined | undefined;
+                sub?: string | undefined | undefined;
+                iss?: string | undefined | undefined;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/introspect">;
+//# sourceMappingURL=post.d.ts.map

package/dist/routes/oauth/introspect/post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/introspect/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAetD,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;sBAuE1B,CAAC"}

package/dist/routes/oauth/introspect/post.js

@@ -0,0 +1,69 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../lib/swagger-tags.js";
+import { e } from "../../../schemas/error.js";
+import { f } from "../../../schemas/field.js";
+import { r } from "../../../schemas/response.js";
+const IntrospectionRequestBody = z
+    .object({
+    token: f.token,
+    token_type_hint: f.tokenTypeHint.optional(),
+    client_id: f.clientId.optional(),
+    client_secret: f.clientSecret.optional(),
+})
+    .describe('OAuth2 token introspection request payload');
+export const introspectPost = new Hono().post('/introspect', describeRoute({
+    tags: [TAGS.OPENID],
+    summary: 'Token Introspection',
+    description: 'OAuth2 Token Introspection Endpoint - Returns metadata about tokens (RFC 7662)',
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(r.IntrospectionResponse),
+                },
+            },
+            description: 'Success',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthClientNotFound.Schema,
+                        e.OAuthClientDisabled.Schema,
+                    ])),
+                },
+            },
+            description: 'OAuth client not found or disabled',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.InvalidClientCredentials.Schema),
+                },
+            },
+            description: 'Invalid client credentials',
+        },
+    },
+}), validator('form', IntrospectionRequestBody), async (c) => {
+    const body = c.req.valid('form');
+    const { oauthClientService, oauthTokenService } = c.var.services;
+    // 1. Validate client credentials if provided
+    if (body.client_id) {
+        const client = await oauthClientService.findByClientId(body.client_id);
+        if (!client.enabled) {
+            throw new e.OAuthClientDisabled.Error();
+        }
+        if (body.client_secret) {
+            const isValid = await oauthClientService.verifyClientSecret(body.client_id, body.client_secret);
+            if (!isValid) {
+                throw new e.InvalidClientCredentials.Error();
+            }
+        }
+    }
+    // 3. Introspect the token
+    const result = await oauthTokenService.introspectToken(body.token, body.token_type_hint);
+    return c.json(result, 200);
+});
+//# sourceMappingURL=post.js.map

package/dist/routes/oauth/introspect/post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/introspect/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AAEjD,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,KAAK;IACd,eAAe,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC,4CAA4C,CAAC,CAAC;AAE1D,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CACnD,aAAa,EACb,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,qBAAqB;IAC9B,WAAW,EACT,gFAAgF;IAClF,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC;iBAC1C;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,oCAAoC;SAClD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,wBAAwB,CAAC,EAC3C,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CACzD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,CACnB,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CACpD,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,eAAe,CACrB,CAAC;IAEF,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC7B,CAAC,CACF,CAAC"}

package/dist/routes/oauth/revoke/post.d.ts

@@ -0,0 +1,22 @@
+import type { AppEnv } from '../../../lib/app-env.ts';
+/**
+ * OAuth 2.0 Token Revocation Endpoint (RFC 7009)
+ */
+export declare const revokePost: import("hono/hono-base").HonoBase<AppEnv, {
+    "/revoke": {
+        $post: {
+            input: {
+                form: {
+                    token: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    token_type_hint?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    client_id?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                };
+            };
+            output: {};
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/revoke">;
+//# sourceMappingURL=post.d.ts.map

package/dist/routes/oauth/revoke/post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/revoke/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AActD;;GAEG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;kBA0EtB,CAAC"}

package/dist/routes/oauth/revoke/post.js

@@ -0,0 +1,73 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../lib/swagger-tags.js";
+import { e } from "../../../schemas/error.js";
+import { f } from "../../../schemas/field.js";
+const RevokeRequestBody = z
+    .object({
+    token: f.token,
+    token_type_hint: f.tokenTypeHint.optional(),
+    client_id: f.clientId.optional(),
+    client_secret: f.clientSecret.optional(),
+})
+    .describe('OAuth2 token revocation request payload');
+/**
+ * OAuth 2.0 Token Revocation Endpoint (RFC 7009)
+ */
+export const revokePost = new Hono().post('/revoke', describeRoute({
+    tags: [TAGS.OPENID],
+    summary: 'Token Revocation',
+    description: 'OAuth 2.0 Token Revocation Endpoint - Revokes access or refresh tokens (RFC 7009)',
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(z
+                        .object({})
+                        .describe('Token revoked successfully or token was already invalid.')),
+                },
+            },
+            description: 'Token revoked',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthClientNotFound.Schema,
+                        e.OAuthClientDisabled.Schema,
+                    ])),
+                },
+            },
+            description: 'OAuth client not found or disabled',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.InvalidClientCredentials.Schema),
+                },
+            },
+            description: 'Invalid client credentials',
+        },
+    },
+}), validator('form', RevokeRequestBody), async (c) => {
+    const body = c.req.valid('form');
+    const { oauthClientService, oauthTokenService } = c.var.services;
+    // 1. Validate client credentials if provided
+    if (body.client_id) {
+        const client = await oauthClientService.findByClientId(body.client_id);
+        if (!client.enabled) {
+            throw new e.OAuthClientDisabled.Error();
+        }
+        if (body.client_secret) {
+            const isValid = await oauthClientService.verifyClientSecret(body.client_id, body.client_secret);
+            if (!isValid) {
+                throw new e.InvalidClientCredentials.Error();
+            }
+        }
+    }
+    // 3. Revoke the token
+    await oauthTokenService.revokeToken(body.token, body.token_type_hint);
+    return c.json({}, 200);
+});
+//# sourceMappingURL=post.js.map

package/dist/routes/oauth/revoke/post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/revoke/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAE9C,MAAM,iBAAiB,GAAG,CAAC;KACxB,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,KAAK;IACd,eAAe,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC,yCAAyC,CAAC,CAAC;AAEvD;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC/C,SAAS,EACT,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,kBAAkB;IAC3B,WAAW,EACT,mFAAmF;IACrF,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC;yBACE,MAAM,CAAC,EAAE,CAAC;yBACV,QAAQ,CACP,0DAA0D,CAC3D,CACJ;iBACF;aACF;YACD,WAAW,EAAE,eAAe;SAC7B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,oCAAoC;SAClD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,iBAAiB,CAAC,EACpC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CACzD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,CACnB,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAEtE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC,CACF,CAAC"}

package/dist/routes/oauth/token/post.d.ts

@@ -0,0 +1,29 @@
+import type { AppEnv } from '../../../lib/app-env.ts';
+export declare const tokenPost: import("hono/hono-base").HonoBase<AppEnv, {
+    "/token": {
+        $post: {
+            input: {
+                form: {
+                    grant_type: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    client_id: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    code?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    redirect_uri?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    code_verifier?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    refresh_token?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                };
+            };
+            output: {
+                access_token: string;
+                token_type: "Bearer";
+                expires_in: number;
+                refresh_token: string;
+                id_token?: string | undefined | undefined;
+                scope: string;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/token">;
+//# sourceMappingURL=post.d.ts.map

package/dist/routes/oauth/token/post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/token/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAkBtD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;iBAoGrB,CAAC"}

package/dist/routes/oauth/token/post.js

@@ -0,0 +1,98 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../lib/swagger-tags.js";
+import { e } from "../../../schemas/error.js";
+import { f } from "../../../schemas/field.js";
+import { r } from "../../../schemas/response.js";
+const TokenRequestBody = z
+    .object({
+    grant_type: f.grantType,
+    code: f.authorizationCode.optional(),
+    redirect_uri: f.redirectUri.optional(),
+    client_id: f.clientId,
+    client_secret: f.clientSecret.optional(),
+    code_verifier: f.codeVerifier.optional(),
+    refresh_token: f.token.optional(),
+})
+    .describe('OAuth2 token request payload');
+export const tokenPost = new Hono().post('/token', describeRoute({
+    tags: [TAGS.OPENID],
+    summary: 'Token',
+    description: 'OAuth2 Token Endpoint - Exchange authorization code or refresh token for access tokens (RFC 6749)',
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(r.TokenResponse),
+                },
+            },
+            description: 'Success',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthClientDisabled.Schema,
+                        e.MissingAuthorizationCode.Schema,
+                        e.MissingRedirectUri.Schema,
+                        e.MissingRefreshToken.Schema,
+                        e.UnsupportedGrantType.Schema,
+                    ])),
+                },
+            },
+            description: 'Bad request, unsupported grant type, missing parameters, or disabled client',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.InvalidClientCredentials.Schema),
+                },
+            },
+            description: 'Invalid client credentials',
+        },
+    },
+}), validator('form', TokenRequestBody), async (c) => {
+    const body = c.req.valid('form');
+    const { oauthClientService, oauthTokenService } = c.var.services;
+    // 1. Validate client
+    const client = await oauthClientService.findByClientId(body.client_id);
+    if (!client.enabled) {
+        throw new e.OAuthClientDisabled.Error();
+    }
+    // 2. Validate client secret if provided
+    if (body.client_secret) {
+        const isValid = await oauthClientService.verifyClientSecret(body.client_id, body.client_secret);
+        if (!isValid) {
+            throw new e.InvalidClientCredentials.Error();
+        }
+    }
+    // 3. Handle grant type
+    if (body.grant_type === 'authorization_code') {
+        if (!body.code) {
+            throw new e.MissingAuthorizationCode.Error();
+        }
+        if (!body.redirect_uri) {
+            throw new e.MissingRedirectUri.Error();
+        }
+        const tokens = await oauthTokenService.exchangeAuthorizationCode({
+            code: body.code,
+            redirectUri: body.redirect_uri,
+            clientId: body.client_id,
+            codeVerifier: body.code_verifier ?? undefined,
+        });
+        return c.json(tokens, 200);
+    }
+    if (body.grant_type === 'refresh_token') {
+        if (!body.refresh_token) {
+            throw new e.MissingRefreshToken.Error();
+        }
+        const tokens = await oauthTokenService.refreshAccessToken({
+            refreshToken: body.refresh_token,
+            clientId: body.client_id,
+        });
+        return c.json(tokens, 200);
+    }
+    throw new e.UnsupportedGrantType.Error();
+});
+//# sourceMappingURL=post.js.map

package/dist/routes/oauth/token/post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/token/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AAEjD,MAAM,gBAAgB,GAAG,CAAC;KACvB,MAAM,CAAC;IACN,UAAU,EAAE,CAAC,CAAC,SAAS;IACvB,IAAI,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE;IACpC,YAAY,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,QAAQ;IACrB,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;IACxC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;IACxC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE;CAClC,CAAC;KACD,QAAQ,CAAC,8BAA8B,CAAC,CAAC;AAE5C,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC9C,QAAQ,EACR,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO;IAChB,WAAW,EACT,mGAAmG;IACrG,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC;iBAClC;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,wBAAwB,CAAC,MAAM;wBACjC,CAAC,CAAC,kBAAkB,CAAC,MAAM;wBAC3B,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,oBAAoB,CAAC,MAAM;qBAC9B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EACT,6EAA6E;SAChF;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,gBAAgB,CAAC,EACnC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAEjE,qBAAqB;IACrB,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,wCAAwC;IACxC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CACzD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,CACnB,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,IAAI,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,yBAAyB,CAAC;YAC/D,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,SAAS;SAC9C,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,KAAK,eAAe,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,kBAAkB,CAAC;YACxD,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,QAAQ,EAAE,IAAI,CAAC,SAAS;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,IAAI,CAAC,CAAC,oBAAoB,CAAC,KAAK,EAAE,CAAC;AAC3C,CAAC,CACF,CAAC"}

package/dist/routes/oauth/userinfo/get.d.ts

@@ -0,0 +1,23 @@
+import type { AppEnv } from '../../../lib/app-env.ts';
+export declare const userinfoGet: import("hono/hono-base").HonoBase<AppEnv, {
+    "/userinfo": {
+        $get: {
+            input: {
+                header: {
+                    authorization?: string;
+                };
+            };
+            output: {
+                sub: string;
+                email?: string | undefined;
+                email_verified?: boolean | undefined;
+                name?: string | undefined;
+                picture?: string | undefined;
+                preferred_username?: string | undefined;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/userinfo">;
+//# sourceMappingURL=get.d.ts.map

package/dist/routes/oauth/userinfo/get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/userinfo/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAStD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;oBAqEvB,CAAC"}

package/dist/routes/oauth/userinfo/get.js

@@ -0,0 +1,65 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { OPENAPI_SECURITY } from "../../../lib/openapi.js";
+import { TAGS } from "../../../lib/swagger-tags.js";
+import { e } from "../../../schemas/error.js";
+import { h } from "../../../schemas/header.js";
+import { r } from "../../../schemas/response.js";
+export const userinfoGet = new Hono().get('/userinfo', describeRoute({
+    tags: [TAGS.OPENID],
+    security: OPENAPI_SECURITY.bearer,
+    summary: 'User Info',
+    description: 'OIDC UserInfo Endpoint - Returns claims about the authenticated user (RFC OIDC Core §5.3)',
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(r.UserInfoResponse),
+                },
+            },
+            description: 'Success',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.MissingAuthorizationHeader.Schema),
+                },
+            },
+            description: 'Missing or invalid authorization header',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.UserNotFound.Schema),
+                },
+            },
+            description: 'User not found',
+        },
+    },
+}), validator('header', h.BearerAuth), async (c) => {
+    const { jwtService, mikro, userService } = c.var.services;
+    // Validate Bearer token
+    const authorization = c.req.header('authorization');
+    const tokenPayload = await jwtService.validateBearerToken({
+        headers: authorization ? { authorization } : {},
+    });
+    // Load user
+    const userEntity = await mikro.user.verifyBySub(tokenPayload.sub);
+    const userData = await userService.userEntityToSessionUser(userEntity);
+    // Parse scopes from token
+    const scopes = tokenPayload.scope.split(' ');
+    // Build response based on granted scopes
+    const userInfo = {
+        sub: userData.sub,
+    };
+    if (scopes.includes('email')) {
+        userInfo.email = userData.email;
+        userInfo.email_verified = userData.email_verified;
+    }
+    if (scopes.includes('profile')) {
+        userInfo.name = userData.email;
+        userInfo.preferred_username = userData.email;
+    }
+    return c.json(userInfo, 200);
+});
+//# sourceMappingURL=get.js.map

package/dist/routes/oauth/userinfo/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../src/routes/oauth/userinfo/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGlE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,4BAA4B,CAAC;AAC/C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AAIjD,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CAC/C,WAAW,EACX,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,QAAQ,EAAE,gBAAgB,CAAC,MAAM;IACjC,OAAO,EAAE,WAAW;IACpB,WAAW,EACT,2FAA2F;IAC7F,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC;iBACrC;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,0BAA0B,CAAC,MAAM,CAAC;iBACtD;aACF;YACD,WAAW,EAAE,yCAAyC;SACvD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC;iBACxC;aACF;YACD,WAAW,EAAE,gBAAgB;SAC9B;KACF;CACF,CAAC,EACF,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAC,EACjC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAE1D,wBAAwB;IACxB,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,mBAAmB,CAAC;QACxD,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE;KAChD,CAAC,CAAC;IAEH,YAAY;IACZ,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvE,0BAA0B;IAC1B,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE7C,yCAAyC;IACzC,MAAM,QAAQ,GAAqB;QACjC,GAAG,EAAE,QAAQ,CAAC,GAAG;KAClB,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;QAChC,QAAQ,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,CAAC;IACpD,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC/B,QAAQ,CAAC,kBAAkB,GAAG,QAAQ,CAAC,KAAK,CAAC;IAC/C,CAAC;IAED,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CACF,CAAC"}