npm - @tinyrack/tinyauth-server - Versions diffs - 0.0.7 - Mend

@tinyrack/tinyauth-server 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (782) hide show

package/LICENSE +661 -0
package/dist/emails/components/email-layout.d.ts +8 -0
package/dist/emails/components/email-layout.d.ts.map +1 -0
package/dist/emails/components/email-layout.js +6 -0
package/dist/emails/components/email-layout.js.map +1 -0
package/dist/emails/i18n/en.json +26 -0
package/dist/emails/i18n/index.d.ts +3 -0
package/dist/emails/i18n/index.d.ts.map +1 -0
package/dist/emails/i18n/index.js +12 -0
package/dist/emails/i18n/index.js.map +1 -0
package/dist/emails/i18n/ja.json +26 -0
package/dist/emails/i18n/ko.json +26 -0
package/dist/emails/render.d.ts +12 -0
package/dist/emails/render.d.ts.map +1 -0
package/dist/emails/render.js +22 -0
package/dist/emails/render.js.map +1 -0
package/dist/emails/templates/password-reset.d.ts +10 -0
package/dist/emails/templates/password-reset.d.ts.map +1 -0
package/dist/emails/templates/password-reset.js +10 -0
package/dist/emails/templates/password-reset.js.map +1 -0
package/dist/emails/templates/verification.d.ts +10 -0
package/dist/emails/templates/verification.d.ts.map +1 -0
package/dist/emails/templates/verification.js +10 -0
package/dist/emails/templates/verification.js.map +1 -0
package/dist/entities/base.entity.d.ts +23 -0
package/dist/entities/base.entity.d.ts.map +1 -0
package/dist/entities/base.entity.js +17 -0
package/dist/entities/base.entity.js.map +1 -0
package/dist/entities/email-verification.entity.d.ts +90 -0
package/dist/entities/email-verification.entity.d.ts.map +1 -0
package/dist/entities/email-verification.entity.js +42 -0
package/dist/entities/email-verification.entity.js.map +1 -0
package/dist/entities/jwt-key.entity.d.ts +256 -0
package/dist/entities/jwt-key.entity.d.ts.map +1 -0
package/dist/entities/jwt-key.entity.js +125 -0
package/dist/entities/jwt-key.entity.js.map +1 -0
package/dist/entities/oauth-client.entity.d.ts +1541 -0
package/dist/entities/oauth-client.entity.d.ts.map +1 -0
package/dist/entities/oauth-client.entity.js +68 -0
package/dist/entities/oauth-client.entity.js.map +1 -0
package/dist/entities/oauth-code.entity.d.ts +1562 -0
package/dist/entities/oauth-code.entity.d.ts.map +1 -0
package/dist/entities/oauth-code.entity.js +79 -0
package/dist/entities/oauth-code.entity.js.map +1 -0
package/dist/entities/password-reset.entity.d.ts +90 -0
package/dist/entities/password-reset.entity.d.ts.map +1 -0
package/dist/entities/password-reset.entity.js +39 -0
package/dist/entities/password-reset.entity.js.map +1 -0
package/dist/entities/pending-oauth-registration.entity.d.ts +116 -0
package/dist/entities/pending-oauth-registration.entity.d.ts.map +1 -0
package/dist/entities/pending-oauth-registration.entity.js +67 -0
package/dist/entities/pending-oauth-registration.entity.js.map +1 -0
package/dist/entities/revoked-token.entity.d.ts +1559 -0
package/dist/entities/revoked-token.entity.d.ts.map +1 -0
package/dist/entities/revoked-token.entity.js +68 -0
package/dist/entities/revoked-token.entity.js.map +1 -0
package/dist/entities/terms-content.entity.d.ts +804 -0
package/dist/entities/terms-content.entity.d.ts.map +1 -0
package/dist/entities/terms-content.entity.js +46 -0
package/dist/entities/terms-content.entity.js.map +1 -0
package/dist/entities/terms.entity.d.ts +797 -0
package/dist/entities/terms.entity.d.ts.map +1 -0
package/dist/entities/terms.entity.js +42 -0
package/dist/entities/terms.entity.js.map +1 -0
package/dist/entities/user-consent.entity.d.ts +1555 -0
package/dist/entities/user-consent.entity.d.ts.map +1 -0
package/dist/entities/user-consent.entity.js +66 -0
package/dist/entities/user-consent.entity.js.map +1 -0
package/dist/entities/user-oauth.entity.d.ts +75 -0
package/dist/entities/user-oauth.entity.d.ts.map +1 -0
package/dist/entities/user-oauth.entity.js +45 -0
package/dist/entities/user-oauth.entity.js.map +1 -0
package/dist/entities/user-passkey.entity.d.ts +145 -0
package/dist/entities/user-passkey.entity.d.ts.map +1 -0
package/dist/entities/user-passkey.entity.js +64 -0
package/dist/entities/user-passkey.entity.js.map +1 -0
package/dist/entities/user-terms-consent.entity.d.ts +804 -0
package/dist/entities/user-terms-consent.entity.d.ts.map +1 -0
package/dist/entities/user-terms-consent.entity.js +62 -0
package/dist/entities/user-terms-consent.entity.js.map +1 -0
package/dist/entities/user-totp-recovery-code.entity.d.ts +527 -0
package/dist/entities/user-totp-recovery-code.entity.d.ts.map +1 -0
package/dist/entities/user-totp-recovery-code.entity.js +34 -0
package/dist/entities/user-totp-recovery-code.entity.js.map +1 -0
package/dist/entities/user-totp.entity.d.ts +527 -0
package/dist/entities/user-totp.entity.d.ts.map +1 -0
package/dist/entities/user-totp.entity.js +38 -0
package/dist/entities/user-totp.entity.js.map +1 -0
package/dist/entities/user.entity.d.ts +533 -0
package/dist/entities/user.entity.d.ts.map +1 -0
package/dist/entities/user.entity.js +70 -0
package/dist/entities/user.entity.js.map +1 -0
package/dist/entrypoints/app.d.ts +1300 -0
package/dist/entrypoints/app.d.ts.map +1 -0
package/dist/entrypoints/app.js +64 -0
package/dist/entrypoints/app.js.map +1 -0
package/dist/entrypoints/config/index.d.ts +2 -0
package/dist/entrypoints/config/index.d.ts.map +1 -0
package/dist/entrypoints/config/index.js +2 -0
package/dist/entrypoints/config/index.js.map +1 -0
package/dist/entrypoints/database/d1/cli.d.ts +3 -0
package/dist/entrypoints/database/d1/cli.d.ts.map +1 -0
package/dist/entrypoints/database/d1/cli.js +12 -0
package/dist/entrypoints/database/d1/cli.js.map +1 -0
package/dist/entrypoints/database/d1/compiled-functions.d.ts +666 -0
package/dist/entrypoints/database/d1/compiled-functions.d.ts.map +1 -0
package/dist/entrypoints/database/d1/compiled-functions.js +8365 -0
package/dist/entrypoints/database/d1/compiled-functions.js.map +1 -0
package/dist/entrypoints/database/d1/d1.d.ts +5 -0
package/dist/entrypoints/database/d1/d1.d.ts.map +1 -0
package/dist/entrypoints/database/d1/d1.js +39 -0
package/dist/entrypoints/database/d1/d1.js.map +1 -0
package/dist/entrypoints/database/postgres/cli.d.ts +3 -0
package/dist/entrypoints/database/postgres/cli.d.ts.map +1 -0
package/dist/entrypoints/database/postgres/cli.js +9 -0
package/dist/entrypoints/database/postgres/cli.js.map +1 -0
package/dist/entrypoints/database/postgres/compiled-functions.d.ts +666 -0
package/dist/entrypoints/database/postgres/compiled-functions.d.ts.map +1 -0
package/dist/entrypoints/database/postgres/compiled-functions.js +8365 -0
package/dist/entrypoints/database/postgres/compiled-functions.js.map +1 -0
package/dist/entrypoints/database/postgres/postgres.d.ts +9 -0
package/dist/entrypoints/database/postgres/postgres.d.ts.map +1 -0
package/dist/entrypoints/database/postgres/postgres.js +34 -0
package/dist/entrypoints/database/postgres/postgres.js.map +1 -0
package/dist/entrypoints/database/sqlite/cli.d.ts +3 -0
package/dist/entrypoints/database/sqlite/cli.d.ts.map +1 -0
package/dist/entrypoints/database/sqlite/cli.js +6 -0
package/dist/entrypoints/database/sqlite/cli.js.map +1 -0
package/dist/entrypoints/database/sqlite/compiled-functions.d.ts +666 -0
package/dist/entrypoints/database/sqlite/compiled-functions.d.ts.map +1 -0
package/dist/entrypoints/database/sqlite/compiled-functions.js +8365 -0
package/dist/entrypoints/database/sqlite/compiled-functions.js.map +1 -0
package/dist/entrypoints/database/sqlite/sqlite.d.ts +6 -0
package/dist/entrypoints/database/sqlite/sqlite.d.ts.map +1 -0
package/dist/entrypoints/database/sqlite/sqlite.js +32 -0
package/dist/entrypoints/database/sqlite/sqlite.js.map +1 -0
package/dist/entrypoints/frontend/cloudflare.d.ts +2 -0
package/dist/entrypoints/frontend/cloudflare.d.ts.map +1 -0
package/dist/entrypoints/frontend/cloudflare.js +2 -0
package/dist/entrypoints/frontend/cloudflare.js.map +1 -0
package/dist/entrypoints/frontend/index.d.ts +6 -0
package/dist/entrypoints/frontend/index.d.ts.map +1 -0
package/dist/entrypoints/frontend/index.js +3 -0
package/dist/entrypoints/frontend/index.js.map +1 -0
package/dist/entrypoints/frontend/proxy.d.ts +2 -0
package/dist/entrypoints/frontend/proxy.d.ts.map +1 -0
package/dist/entrypoints/frontend/proxy.js +2 -0
package/dist/entrypoints/frontend/proxy.js.map +1 -0
package/dist/entrypoints/frontend/static.d.ts +2 -0
package/dist/entrypoints/frontend/static.d.ts.map +1 -0
package/dist/entrypoints/frontend/static.js +2 -0
package/dist/entrypoints/frontend/static.js.map +1 -0
package/dist/entrypoints/identity-providers/apple.d.ts +14 -0
package/dist/entrypoints/identity-providers/apple.d.ts.map +1 -0
package/dist/entrypoints/identity-providers/apple.js +23 -0
package/dist/entrypoints/identity-providers/apple.js.map +1 -0
package/dist/entrypoints/identity-providers/generic-oauth.d.ts +25 -0
package/dist/entrypoints/identity-providers/generic-oauth.d.ts.map +1 -0
package/dist/entrypoints/identity-providers/generic-oauth.js +20 -0
package/dist/entrypoints/identity-providers/generic-oauth.js.map +1 -0
package/dist/entrypoints/identity-providers/github.d.ts +13 -0
package/dist/entrypoints/identity-providers/github.d.ts.map +1 -0
package/dist/entrypoints/identity-providers/github.js +24 -0
package/dist/entrypoints/identity-providers/github.js.map +1 -0
package/dist/entrypoints/identity-providers/google.d.ts +13 -0
package/dist/entrypoints/identity-providers/google.d.ts.map +1 -0
package/dist/entrypoints/identity-providers/google.js +24 -0
package/dist/entrypoints/identity-providers/google.js.map +1 -0
package/dist/entrypoints/index.d.ts +3 -0
package/dist/entrypoints/index.d.ts.map +1 -0
package/dist/entrypoints/index.js +3 -0
package/dist/entrypoints/index.js.map +1 -0
package/dist/entrypoints/mail/nodemailer.d.ts +11 -0
package/dist/entrypoints/mail/nodemailer.d.ts.map +1 -0
package/dist/entrypoints/mail/nodemailer.js +30 -0
package/dist/entrypoints/mail/nodemailer.js.map +1 -0
package/dist/entrypoints/scheduler/croner.d.ts +6 -0
package/dist/entrypoints/scheduler/croner.d.ts.map +1 -0
package/dist/entrypoints/scheduler/croner.js +22 -0
package/dist/entrypoints/scheduler/croner.js.map +1 -0
package/dist/entrypoints/services.d.ts +3 -0
package/dist/entrypoints/services.d.ts.map +1 -0
package/dist/entrypoints/services.js +2 -0
package/dist/entrypoints/services.js.map +1 -0
package/dist/lib/app-env.d.ts +17 -0
package/dist/lib/app-env.d.ts.map +1 -0
package/dist/lib/app-env.js +2 -0
package/dist/lib/app-env.js.map +1 -0
package/dist/lib/base64url.d.ts +33 -0
package/dist/lib/base64url.d.ts.map +1 -0
package/dist/lib/base64url.js +93 -0
package/dist/lib/base64url.js.map +1 -0
package/dist/lib/config/account-deletion.d.ts +11 -0
package/dist/lib/config/account-deletion.d.ts.map +1 -0
package/dist/lib/config/account-deletion.js +16 -0
package/dist/lib/config/account-deletion.js.map +1 -0
package/dist/lib/config/auth.d.ts +109 -0
package/dist/lib/config/auth.d.ts.map +1 -0
package/dist/lib/config/auth.js +155 -0
package/dist/lib/config/auth.js.map +1 -0
package/dist/lib/config/branding.d.ts +134 -0
package/dist/lib/config/branding.d.ts.map +1 -0
package/dist/lib/config/branding.js +83 -0
package/dist/lib/config/branding.js.map +1 -0
package/dist/lib/config/cleanup.d.ts +59 -0
package/dist/lib/config/cleanup.d.ts.map +1 -0
package/dist/lib/config/cleanup.js +119 -0
package/dist/lib/config/cleanup.js.map +1 -0
package/dist/lib/config/client.d.ts +30 -0
package/dist/lib/config/client.d.ts.map +1 -0
package/dist/lib/config/client.js +43 -0
package/dist/lib/config/client.js.map +1 -0
package/dist/lib/config/database.d.ts +8 -0
package/dist/lib/config/database.d.ts.map +1 -0
package/dist/lib/config/database.js +8 -0
package/dist/lib/config/database.js.map +1 -0
package/dist/lib/config/email.d.ts +17 -0
package/dist/lib/config/email.d.ts.map +1 -0
package/dist/lib/config/email.js +7 -0
package/dist/lib/config/email.js.map +1 -0
package/dist/lib/config/frontend.d.ts +12 -0
package/dist/lib/config/frontend.d.ts.map +1 -0
package/dist/lib/config/frontend.js +7 -0
package/dist/lib/config/frontend.js.map +1 -0
package/dist/lib/config/i18n.d.ts +31 -0
package/dist/lib/config/i18n.d.ts.map +1 -0
package/dist/lib/config/i18n.js +23 -0
package/dist/lib/config/i18n.js.map +1 -0
package/dist/lib/config/identity-providers.d.ts +66 -0
package/dist/lib/config/identity-providers.d.ts.map +1 -0
package/dist/lib/config/identity-providers.js +71 -0
package/dist/lib/config/identity-providers.js.map +1 -0
package/dist/lib/config/index.d.ts +41 -0
package/dist/lib/config/index.d.ts.map +1 -0
package/dist/lib/config/index.js +21 -0
package/dist/lib/config/index.js.map +1 -0
package/dist/lib/config/logging.d.ts +52 -0
package/dist/lib/config/logging.d.ts.map +1 -0
package/dist/lib/config/logging.js +41 -0
package/dist/lib/config/logging.js.map +1 -0
package/dist/lib/config/openapi.d.ts +15 -0
package/dist/lib/config/openapi.d.ts.map +1 -0
package/dist/lib/config/openapi.js +28 -0
package/dist/lib/config/openapi.js.map +1 -0
package/dist/lib/config/registration.d.ts +15 -0
package/dist/lib/config/registration.d.ts.map +1 -0
package/dist/lib/config/registration.js +24 -0
package/dist/lib/config/registration.js.map +1 -0
package/dist/lib/config/resolved.d.ts +274 -0
package/dist/lib/config/resolved.d.ts.map +1 -0
package/dist/lib/config/resolved.js +45 -0
package/dist/lib/config/resolved.js.map +1 -0
package/dist/lib/config/scheduler.d.ts +13 -0
package/dist/lib/config/scheduler.d.ts.map +1 -0
package/dist/lib/config/scheduler.js +14 -0
package/dist/lib/config/scheduler.js.map +1 -0
package/dist/lib/config/security.d.ts +11 -0
package/dist/lib/config/security.d.ts.map +1 -0
package/dist/lib/config/security.js +42 -0
package/dist/lib/config/security.js.map +1 -0
package/dist/lib/config/server.d.ts +13 -0
package/dist/lib/config/server.d.ts.map +1 -0
package/dist/lib/config/server.js +45 -0
package/dist/lib/config/server.js.map +1 -0
package/dist/lib/config/terms.d.ts +47 -0
package/dist/lib/config/terms.d.ts.map +1 -0
package/dist/lib/config/terms.js +71 -0
package/dist/lib/config/terms.js.map +1 -0
package/dist/lib/config/tokens.d.ts +32 -0
package/dist/lib/config/tokens.d.ts.map +1 -0
package/dist/lib/config/tokens.js +47 -0
package/dist/lib/config/tokens.js.map +1 -0
package/dist/lib/config/user.d.ts +22 -0
package/dist/lib/config/user.d.ts.map +1 -0
package/dist/lib/config/user.js +18 -0
package/dist/lib/config/user.js.map +1 -0
package/dist/lib/crypto.d.ts +106 -0
package/dist/lib/crypto.d.ts.map +1 -0
package/dist/lib/crypto.js +253 -0
package/dist/lib/crypto.js.map +1 -0
package/dist/lib/database/compiled-functions.d.ts +16 -0
package/dist/lib/database/compiled-functions.d.ts.map +1 -0
package/dist/lib/database/compiled-functions.js +66 -0
package/dist/lib/database/compiled-functions.js.map +1 -0
package/dist/lib/database/entities.d.ts +10 -0
package/dist/lib/database/entities.d.ts.map +1 -0
package/dist/lib/database/entities.js +43 -0
package/dist/lib/database/entities.js.map +1 -0
package/dist/lib/duration.d.ts +44 -0
package/dist/lib/duration.d.ts.map +1 -0
package/dist/lib/duration.js +103 -0
package/dist/lib/duration.js.map +1 -0
package/dist/lib/email-pattern.d.ts +16 -0
package/dist/lib/email-pattern.d.ts.map +1 -0
package/dist/lib/email-pattern.js +41 -0
package/dist/lib/email-pattern.js.map +1 -0
package/dist/lib/frontend/cloudflare.d.ts +12 -0
package/dist/lib/frontend/cloudflare.d.ts.map +1 -0
package/dist/lib/frontend/cloudflare.js +34 -0
package/dist/lib/frontend/cloudflare.js.map +1 -0
package/dist/lib/frontend/proxy.d.ts +24 -0
package/dist/lib/frontend/proxy.d.ts.map +1 -0
package/dist/lib/frontend/proxy.js +38 -0
package/dist/lib/frontend/proxy.js.map +1 -0
package/dist/lib/frontend/static.d.ts +21 -0
package/dist/lib/frontend/static.d.ts.map +1 -0
package/dist/lib/frontend/static.js +108 -0
package/dist/lib/frontend/static.js.map +1 -0
package/dist/lib/interpolate-html.d.ts +34 -0
package/dist/lib/interpolate-html.d.ts.map +1 -0
package/dist/lib/interpolate-html.js +63 -0
package/dist/lib/interpolate-html.js.map +1 -0
package/dist/lib/ip-utils.d.ts +61 -0
package/dist/lib/ip-utils.d.ts.map +1 -0
package/dist/lib/ip-utils.js +213 -0
package/dist/lib/ip-utils.js.map +1 -0
package/dist/lib/locale.d.ts +57 -0
package/dist/lib/locale.d.ts.map +1 -0
package/dist/lib/locale.js +25 -0
package/dist/lib/locale.js.map +1 -0
package/dist/lib/logger.d.ts +14 -0
package/dist/lib/logger.d.ts.map +1 -0
package/dist/lib/logger.js +41 -0
package/dist/lib/logger.js.map +1 -0
package/dist/lib/openapi.d.ts +35 -0
package/dist/lib/openapi.d.ts.map +1 -0
package/dist/lib/openapi.js +33 -0
package/dist/lib/openapi.js.map +1 -0
package/dist/lib/password-policy.d.ts +39 -0
package/dist/lib/password-policy.d.ts.map +1 -0
package/dist/lib/password-policy.js +51 -0
package/dist/lib/password-policy.js.map +1 -0
package/dist/lib/pkce.d.ts +26 -0
package/dist/lib/pkce.d.ts.map +1 -0
package/dist/lib/pkce.js +52 -0
package/dist/lib/pkce.js.map +1 -0
package/dist/lib/scopes.d.ts +10 -0
package/dist/lib/scopes.d.ts.map +1 -0
package/dist/lib/scopes.js +35 -0
package/dist/lib/scopes.js.map +1 -0
package/dist/lib/swagger-tags.d.ts +15 -0
package/dist/lib/swagger-tags.d.ts.map +1 -0
package/dist/lib/swagger-tags.js +15 -0
package/dist/lib/swagger-tags.js.map +1 -0
package/dist/middleware/auth.d.ts +64 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +123 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/logger.d.ts +18 -0
package/dist/middleware/logger.d.ts.map +1 -0
package/dist/middleware/logger.js +38 -0
package/dist/middleware/logger.js.map +1 -0
package/dist/middleware/mikro-orm.d.ts +3 -0
package/dist/middleware/mikro-orm.d.ts.map +1 -0
package/dist/middleware/mikro-orm.js +11 -0
package/dist/middleware/mikro-orm.js.map +1 -0
package/dist/middleware/services.d.ts +8 -0
package/dist/middleware/services.d.ts.map +1 -0
package/dist/middleware/services.js +8 -0
package/dist/middleware/services.js.map +1 -0
package/dist/middleware/session.d.ts +63 -0
package/dist/middleware/session.d.ts.map +1 -0
package/dist/middleware/session.js +89 -0
package/dist/middleware/session.js.map +1 -0
package/dist/middleware/trusted-proxy-guard.d.ts +7 -0
package/dist/middleware/trusted-proxy-guard.d.ts.map +1 -0
package/dist/middleware/trusted-proxy-guard.js +34 -0
package/dist/middleware/trusted-proxy-guard.js.map +1 -0
package/dist/repositories/email-verification.repository.d.ts +18 -0
package/dist/repositories/email-verification.repository.d.ts.map +1 -0
package/dist/repositories/email-verification.repository.js +47 -0
package/dist/repositories/email-verification.repository.js.map +1 -0
package/dist/repositories/jwt-key.repository.d.ts +49 -0
package/dist/repositories/jwt-key.repository.d.ts.map +1 -0
package/dist/repositories/jwt-key.repository.js +72 -0
package/dist/repositories/jwt-key.repository.js.map +1 -0
package/dist/repositories/oauth-client.repository.d.ts +5 -0
package/dist/repositories/oauth-client.repository.d.ts.map +1 -0
package/dist/repositories/oauth-client.repository.js +4 -0
package/dist/repositories/oauth-client.repository.js.map +1 -0
package/dist/repositories/oauth-code.repository.d.ts +19 -0
package/dist/repositories/oauth-code.repository.d.ts.map +1 -0
package/dist/repositories/oauth-code.repository.js +32 -0
package/dist/repositories/oauth-code.repository.js.map +1 -0
package/dist/repositories/password-reset.repository.d.ts +19 -0
package/dist/repositories/password-reset.repository.d.ts.map +1 -0
package/dist/repositories/password-reset.repository.js +53 -0
package/dist/repositories/password-reset.repository.js.map +1 -0
package/dist/repositories/pending-oauth-registration.repository.d.ts +38 -0
package/dist/repositories/pending-oauth-registration.repository.d.ts.map +1 -0
package/dist/repositories/pending-oauth-registration.repository.js +50 -0
package/dist/repositories/pending-oauth-registration.repository.js.map +1 -0
package/dist/repositories/revoked-token.repository.d.ts +32 -0
package/dist/repositories/revoked-token.repository.d.ts.map +1 -0
package/dist/repositories/revoked-token.repository.js +43 -0
package/dist/repositories/revoked-token.repository.js.map +1 -0
package/dist/repositories/terms-content.repository.d.ts +5 -0
package/dist/repositories/terms-content.repository.d.ts.map +1 -0
package/dist/repositories/terms-content.repository.js +4 -0
package/dist/repositories/terms-content.repository.js.map +1 -0
package/dist/repositories/terms.repository.d.ts +9 -0
package/dist/repositories/terms.repository.d.ts.map +1 -0
package/dist/repositories/terms.repository.js +12 -0
package/dist/repositories/terms.repository.js.map +1 -0
package/dist/repositories/user-consent.repository.d.ts +22 -0
package/dist/repositories/user-consent.repository.d.ts.map +1 -0
package/dist/repositories/user-consent.repository.js +51 -0
package/dist/repositories/user-consent.repository.js.map +1 -0
package/dist/repositories/user-oauth.repository.d.ts +68 -0
package/dist/repositories/user-oauth.repository.d.ts.map +1 -0
package/dist/repositories/user-oauth.repository.js +94 -0
package/dist/repositories/user-oauth.repository.js.map +1 -0
package/dist/repositories/user-passkey.repository.d.ts +187 -0
package/dist/repositories/user-passkey.repository.d.ts.map +1 -0
package/dist/repositories/user-passkey.repository.js +61 -0
package/dist/repositories/user-passkey.repository.js.map +1 -0
package/dist/repositories/user-terms-consent.repository.d.ts +38 -0
package/dist/repositories/user-terms-consent.repository.d.ts.map +1 -0
package/dist/repositories/user-terms-consent.repository.js +71 -0
package/dist/repositories/user-terms-consent.repository.js.map +1 -0
package/dist/repositories/user-totp-recovery-code.repository.d.ts +376 -0
package/dist/repositories/user-totp-recovery-code.repository.d.ts.map +1 -0
package/dist/repositories/user-totp-recovery-code.repository.js +41 -0
package/dist/repositories/user-totp-recovery-code.repository.js.map +1 -0
package/dist/repositories/user-totp.repository.d.ts +564 -0
package/dist/repositories/user-totp.repository.d.ts.map +1 -0
package/dist/repositories/user-totp.repository.js +56 -0
package/dist/repositories/user-totp.repository.js.map +1 -0
package/dist/repositories/user.repository.d.ts +32 -0
package/dist/repositories/user.repository.d.ts.map +1 -0
package/dist/repositories/user.repository.js +70 -0
package/dist/repositories/user.repository.js.map +1 -0
package/dist/routes/.well-known/index.d.ts +12 -0
package/dist/routes/.well-known/index.d.ts.map +1 -0
package/dist/routes/.well-known/index.js +4 -0
package/dist/routes/.well-known/index.js.map +1 -0
package/dist/routes/.well-known/openid-configuration/get.d.ts +19 -0
package/dist/routes/.well-known/openid-configuration/get.d.ts.map +1 -0
package/dist/routes/.well-known/openid-configuration/get.js +12 -0
package/dist/routes/.well-known/openid-configuration/get.js.map +1 -0
package/dist/routes/api/auth/email/resend/post.d.ts +22 -0
package/dist/routes/api/auth/email/resend/post.d.ts.map +1 -0
package/dist/routes/api/auth/email/resend/post.js +64 -0
package/dist/routes/api/auth/email/resend/post.js.map +1 -0
package/dist/routes/api/auth/email/verify/post.d.ts +29 -0
package/dist/routes/api/auth/email/verify/post.d.ts.map +1 -0
package/dist/routes/api/auth/email/verify/post.js +55 -0
package/dist/routes/api/auth/email/verify/post.js.map +1 -0
package/dist/routes/api/auth/index.d.ts +275 -0
package/dist/routes/api/auth/index.d.ts.map +1 -0
package/dist/routes/api/auth/index.js +25 -0
package/dist/routes/api/auth/index.js.map +1 -0
package/dist/routes/api/auth/login/post.d.ts +30 -0
package/dist/routes/api/auth/login/post.d.ts.map +1 -0
package/dist/routes/api/auth/login/post.js +76 -0
package/dist/routes/api/auth/login/post.js.map +1 -0
package/dist/routes/api/auth/logout/post.d.ts +14 -0
package/dist/routes/api/auth/logout/post.d.ts.map +1 -0
package/dist/routes/api/auth/logout/post.js +21 -0
package/dist/routes/api/auth/logout/post.js.map +1 -0
package/dist/routes/api/auth/passkey/options/post.d.ts +31 -0
package/dist/routes/api/auth/passkey/options/post.d.ts.map +1 -0
package/dist/routes/api/auth/passkey/options/post.js +43 -0
package/dist/routes/api/auth/passkey/options/post.js.map +1 -0
package/dist/routes/api/auth/passkey/verify/post.d.ts +41 -0
package/dist/routes/api/auth/passkey/verify/post.d.ts.map +1 -0
package/dist/routes/api/auth/passkey/verify/post.js +75 -0
package/dist/routes/api/auth/passkey/verify/post.js.map +1 -0
package/dist/routes/api/auth/password/forgot/post.d.ts +22 -0
package/dist/routes/api/auth/password/forgot/post.d.ts.map +1 -0
package/dist/routes/api/auth/password/forgot/post.js +72 -0
package/dist/routes/api/auth/password/forgot/post.js.map +1 -0
package/dist/routes/api/auth/password/reset/post.d.ts +19 -0
package/dist/routes/api/auth/password/reset/post.d.ts.map +1 -0
package/dist/routes/api/auth/password/reset/post.js +62 -0
package/dist/routes/api/auth/password/reset/post.js.map +1 -0
package/dist/routes/api/auth/register/post.d.ts +39 -0
package/dist/routes/api/auth/register/post.d.ts.map +1 -0
package/dist/routes/api/auth/register/post.js +95 -0
package/dist/routes/api/auth/register/post.js.map +1 -0
package/dist/routes/api/auth/totp/recovery/verify/post.d.ts +36 -0
package/dist/routes/api/auth/totp/recovery/verify/post.d.ts.map +1 -0
package/dist/routes/api/auth/totp/recovery/verify/post.js +68 -0
package/dist/routes/api/auth/totp/recovery/verify/post.js.map +1 -0
package/dist/routes/api/auth/totp/verify/post.d.ts +29 -0
package/dist/routes/api/auth/totp/verify/post.d.ts.map +1 -0
package/dist/routes/api/auth/totp/verify/post.js +59 -0
package/dist/routes/api/auth/totp/verify/post.js.map +1 -0
package/dist/routes/api/config/get.d.ts +76 -0
package/dist/routes/api/config/get.d.ts.map +1 -0
package/dist/routes/api/config/get.js +70 -0
package/dist/routes/api/config/get.js.map +1 -0
package/dist/routes/api/config/index.d.ts +76 -0
package/dist/routes/api/config/index.d.ts.map +1 -0
package/dist/routes/api/config/index.js +4 -0
package/dist/routes/api/config/index.js.map +1 -0
package/dist/routes/api/consent/get.d.ts +37 -0
package/dist/routes/api/consent/get.d.ts.map +1 -0
package/dist/routes/api/consent/get.js +73 -0
package/dist/routes/api/consent/get.js.map +1 -0
package/dist/routes/api/consent/index.d.ts +54 -0
package/dist/routes/api/consent/index.d.ts.map +1 -0
package/dist/routes/api/consent/index.js +7 -0
package/dist/routes/api/consent/index.js.map +1 -0
package/dist/routes/api/consent/post.d.ts +33 -0
package/dist/routes/api/consent/post.d.ts.map +1 -0
package/dist/routes/api/consent/post.js +105 -0
package/dist/routes/api/consent/post.js.map +1 -0
package/dist/routes/api/docs/get.d.ts +17 -0
package/dist/routes/api/docs/get.d.ts.map +1 -0
package/dist/routes/api/docs/get.js +19 -0
package/dist/routes/api/docs/get.js.map +1 -0
package/dist/routes/api/docs/index.d.ts +12 -0
package/dist/routes/api/docs/index.d.ts.map +1 -0
package/dist/routes/api/docs/index.js +4 -0
package/dist/routes/api/docs/index.js.map +1 -0
package/dist/routes/api/health/get.d.ts +36 -0
package/dist/routes/api/health/get.d.ts.map +1 -0
package/dist/routes/api/health/get.js +64 -0
package/dist/routes/api/health/get.js.map +1 -0
package/dist/routes/api/health/index.d.ts +66 -0
package/dist/routes/api/health/index.d.ts.map +1 -0
package/dist/routes/api/health/index.js +9 -0
package/dist/routes/api/health/index.js.map +1 -0
package/dist/routes/api/health/live/get.d.ts +20 -0
package/dist/routes/api/health/live/get.d.ts.map +1 -0
package/dist/routes/api/health/live/get.js +28 -0
package/dist/routes/api/health/live/get.js.map +1 -0
package/dist/routes/api/health/ready/get.d.ts +35 -0
package/dist/routes/api/health/ready/get.d.ts.map +1 -0
package/dist/routes/api/health/ready/get.js +60 -0
package/dist/routes/api/health/ready/get.js.map +1 -0
package/dist/routes/api/index.d.ts +927 -0
package/dist/routes/api/index.d.ts.map +1 -0
package/dist/routes/api/index.js +19 -0
package/dist/routes/api/index.js.map +1 -0
package/dist/routes/api/oauth/_provider/authorize/get.d.ts +21 -0
package/dist/routes/api/oauth/_provider/authorize/get.d.ts.map +1 -0
package/dist/routes/api/oauth/_provider/authorize/get.js +60 -0
package/dist/routes/api/oauth/_provider/authorize/get.js.map +1 -0
package/dist/routes/api/oauth/_provider/callback/get.d.ts +23 -0
package/dist/routes/api/oauth/_provider/callback/get.d.ts.map +1 -0
package/dist/routes/api/oauth/_provider/callback/get.js +137 -0
package/dist/routes/api/oauth/_provider/callback/get.js.map +1 -0
package/dist/routes/api/oauth/_provider/callback/post.d.ts +23 -0
package/dist/routes/api/oauth/_provider/callback/post.d.ts.map +1 -0
package/dist/routes/api/oauth/_provider/callback/post.js +140 -0
package/dist/routes/api/oauth/_provider/callback/post.js.map +1 -0
package/dist/routes/api/oauth/_provider/delete.d.ts +18 -0
package/dist/routes/api/oauth/_provider/delete.d.ts.map +1 -0
package/dist/routes/api/oauth/_provider/delete.js +62 -0
package/dist/routes/api/oauth/_provider/delete.js.map +1 -0
package/dist/routes/api/oauth/index.d.ts +76 -0
package/dist/routes/api/oauth/index.d.ts.map +1 -0
package/dist/routes/api/oauth/index.js +11 -0
package/dist/routes/api/oauth/index.js.map +1 -0
package/dist/routes/api/terms/consent/post.d.ts +29 -0
package/dist/routes/api/terms/consent/post.d.ts.map +1 -0
package/dist/routes/api/terms/consent/post.js +111 -0
package/dist/routes/api/terms/consent/post.js.map +1 -0
package/dist/routes/api/terms/get.d.ts +40 -0
package/dist/routes/api/terms/get.d.ts.map +1 -0
package/dist/routes/api/terms/get.js +53 -0
package/dist/routes/api/terms/get.js.map +1 -0
package/dist/routes/api/terms/index.d.ts +55 -0
package/dist/routes/api/terms/index.d.ts.map +1 -0
package/dist/routes/api/terms/index.js +7 -0
package/dist/routes/api/terms/index.js.map +1 -0
package/dist/routes/api/user/delete.d.ts +21 -0
package/dist/routes/api/user/delete.d.ts.map +1 -0
package/dist/routes/api/user/delete.js +89 -0
package/dist/routes/api/user/delete.js.map +1 -0
package/dist/routes/api/user/index.d.ts +334 -0
package/dist/routes/api/user/index.d.ts.map +1 -0
package/dist/routes/api/user/index.js +35 -0
package/dist/routes/api/user/index.js.map +1 -0
package/dist/routes/api/user/oauth-accounts/get.d.ts +23 -0
package/dist/routes/api/user/oauth-accounts/get.d.ts.map +1 -0
package/dist/routes/api/user/oauth-accounts/get.js +58 -0
package/dist/routes/api/user/oauth-accounts/get.js.map +1 -0
package/dist/routes/api/user/passkeys/_id/delete.d.ts +18 -0
package/dist/routes/api/user/passkeys/_id/delete.d.ts.map +1 -0
package/dist/routes/api/user/passkeys/_id/delete.js +87 -0
package/dist/routes/api/user/passkeys/_id/delete.js.map +1 -0
package/dist/routes/api/user/passkeys/_id/patch.d.ts +22 -0
package/dist/routes/api/user/passkeys/_id/patch.d.ts.map +1 -0
package/dist/routes/api/user/passkeys/_id/patch.js +64 -0
package/dist/routes/api/user/passkeys/_id/patch.js.map +1 -0
package/dist/routes/api/user/passkeys/get.d.ts +21 -0
package/dist/routes/api/user/passkeys/get.d.ts.map +1 -0
package/dist/routes/api/user/passkeys/get.js +52 -0
package/dist/routes/api/user/passkeys/get.js.map +1 -0
package/dist/routes/api/user/passkeys/register/options/post.d.ts +55 -0
package/dist/routes/api/user/passkeys/register/options/post.d.ts.map +1 -0
package/dist/routes/api/user/passkeys/register/options/post.js +74 -0
package/dist/routes/api/user/passkeys/register/options/post.js.map +1 -0
package/dist/routes/api/user/passkeys/register/verify/post.d.ts +50 -0
package/dist/routes/api/user/passkeys/register/verify/post.d.ts.map +1 -0
package/dist/routes/api/user/passkeys/register/verify/post.js +95 -0
package/dist/routes/api/user/passkeys/register/verify/post.js.map +1 -0
package/dist/routes/api/user/password/delete.d.ts +23 -0
package/dist/routes/api/user/password/delete.d.ts.map +1 -0
package/dist/routes/api/user/password/delete.js +78 -0
package/dist/routes/api/user/password/delete.js.map +1 -0
package/dist/routes/api/user/password/post.d.ts +23 -0
package/dist/routes/api/user/password/post.d.ts.map +1 -0
package/dist/routes/api/user/password/post.js +81 -0
package/dist/routes/api/user/password/post.js.map +1 -0
package/dist/routes/api/user/password/put.d.ts +24 -0
package/dist/routes/api/user/password/put.d.ts.map +1 -0
package/dist/routes/api/user/password/put.js +74 -0
package/dist/routes/api/user/password/put.js.map +1 -0
package/dist/routes/api/user/session/get.d.ts +32 -0
package/dist/routes/api/user/session/get.d.ts.map +1 -0
package/dist/routes/api/user/session/get.js +36 -0
package/dist/routes/api/user/session/get.js.map +1 -0
package/dist/routes/api/user/totp/confirm/post.d.ts +32 -0
package/dist/routes/api/user/totp/confirm/post.d.ts.map +1 -0
package/dist/routes/api/user/totp/confirm/post.js +73 -0
package/dist/routes/api/user/totp/confirm/post.js.map +1 -0
package/dist/routes/api/user/totp/delete.d.ts +23 -0
package/dist/routes/api/user/totp/delete.d.ts.map +1 -0
package/dist/routes/api/user/totp/delete.js +74 -0
package/dist/routes/api/user/totp/delete.js.map +1 -0
package/dist/routes/api/user/totp/recovery/regenerate/post.d.ts +18 -0
package/dist/routes/api/user/totp/recovery/regenerate/post.d.ts.map +1 -0
package/dist/routes/api/user/totp/recovery/regenerate/post.js +54 -0
package/dist/routes/api/user/totp/recovery/regenerate/post.js.map +1 -0
package/dist/routes/api/user/totp/setup/post.d.ts +22 -0
package/dist/routes/api/user/totp/setup/post.d.ts.map +1 -0
package/dist/routes/api/user/totp/setup/post.js +82 -0
package/dist/routes/api/user/totp/setup/post.js.map +1 -0
package/dist/routes/api/user/totp/verify/post.d.ts +23 -0
package/dist/routes/api/user/totp/verify/post.d.ts.map +1 -0
package/dist/routes/api/user/totp/verify/post.js +71 -0
package/dist/routes/api/user/totp/verify/post.js.map +1 -0
package/dist/routes/index.d.ts +1115 -0
package/dist/routes/index.d.ts.map +1 -0
package/dist/routes/index.js +9 -0
package/dist/routes/index.js.map +1 -0
package/dist/routes/oauth/.well-known/jwks/get.d.ts +24 -0
package/dist/routes/oauth/.well-known/jwks/get.d.ts.map +1 -0
package/dist/routes/oauth/.well-known/jwks/get.js +41 -0
package/dist/routes/oauth/.well-known/jwks/get.js.map +1 -0
package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts +29 -0
package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts.map +1 -0
package/dist/routes/oauth/.well-known/openid-configuration/get.js +119 -0
package/dist/routes/oauth/.well-known/openid-configuration/get.js.map +1 -0
package/dist/routes/oauth/authorize/get.d.ts +48 -0
package/dist/routes/oauth/authorize/get.d.ts.map +1 -0
package/dist/routes/oauth/authorize/get.js +102 -0
package/dist/routes/oauth/authorize/get.js.map +1 -0
package/dist/routes/oauth/index.d.ts +182 -0
package/dist/routes/oauth/index.d.ts.map +1 -0
package/dist/routes/oauth/index.js +17 -0
package/dist/routes/oauth/index.js.map +1 -0
package/dist/routes/oauth/introspect/post.d.ts +28 -0
package/dist/routes/oauth/introspect/post.d.ts.map +1 -0
package/dist/routes/oauth/introspect/post.js +69 -0
package/dist/routes/oauth/introspect/post.js.map +1 -0
package/dist/routes/oauth/revoke/post.d.ts +22 -0
package/dist/routes/oauth/revoke/post.d.ts.map +1 -0
package/dist/routes/oauth/revoke/post.js +73 -0
package/dist/routes/oauth/revoke/post.js.map +1 -0
package/dist/routes/oauth/token/post.d.ts +29 -0
package/dist/routes/oauth/token/post.d.ts.map +1 -0
package/dist/routes/oauth/token/post.js +98 -0
package/dist/routes/oauth/token/post.js.map +1 -0
package/dist/routes/oauth/userinfo/get.d.ts +23 -0
package/dist/routes/oauth/userinfo/get.d.ts.map +1 -0
package/dist/routes/oauth/userinfo/get.js +65 -0
package/dist/routes/oauth/userinfo/get.js.map +1 -0
package/dist/schemas/error.d.ts +2104 -0
package/dist/schemas/error.d.ts.map +1 -0
package/dist/schemas/error.js +164 -0
package/dist/schemas/error.js.map +1 -0
package/dist/schemas/field.d.ts +97 -0
package/dist/schemas/field.d.ts.map +1 -0
package/dist/schemas/field.js +168 -0
package/dist/schemas/field.js.map +1 -0
package/dist/schemas/header.d.ts +7 -0
package/dist/schemas/header.d.ts.map +1 -0
package/dist/schemas/header.js +11 -0
package/dist/schemas/header.js.map +1 -0
package/dist/schemas/oauth.d.ts +26 -0
package/dist/schemas/oauth.d.ts.map +1 -0
package/dist/schemas/oauth.js +51 -0
package/dist/schemas/oauth.js.map +1 -0
package/dist/schemas/provider.d.ts +7 -0
package/dist/schemas/provider.d.ts.map +1 -0
package/dist/schemas/provider.js +31 -0
package/dist/schemas/provider.js.map +1 -0
package/dist/schemas/response.d.ts +645 -0
package/dist/schemas/response.d.ts.map +1 -0
package/dist/schemas/response.js +598 -0
package/dist/schemas/response.js.map +1 -0
package/dist/schemas/terms.d.ts +93 -0
package/dist/schemas/terms.d.ts.map +1 -0
package/dist/schemas/terms.js +109 -0
package/dist/schemas/terms.js.map +1 -0
package/dist/seeders/config.seeder.d.ts +21 -0
package/dist/seeders/config.seeder.d.ts.map +1 -0
package/dist/seeders/config.seeder.js +168 -0
package/dist/seeders/config.seeder.js.map +1 -0
package/dist/services/cleanup.service.d.ts +166 -0
package/dist/services/cleanup.service.d.ts.map +1 -0
package/dist/services/cleanup.service.js +605 -0
package/dist/services/cleanup.service.js.map +1 -0
package/dist/services/container.d.ts +201 -0
package/dist/services/container.d.ts.map +1 -0
package/dist/services/container.js +75 -0
package/dist/services/container.js.map +1 -0
package/dist/services/email.service.d.ts +69 -0
package/dist/services/email.service.d.ts.map +1 -0
package/dist/services/email.service.js +164 -0
package/dist/services/email.service.js.map +1 -0
package/dist/services/jwt.service.d.ts +321 -0
package/dist/services/jwt.service.d.ts.map +1 -0
package/dist/services/jwt.service.js +524 -0
package/dist/services/jwt.service.js.map +1 -0
package/dist/services/mikro.service.d.ts +43 -0
package/dist/services/mikro.service.d.ts.map +1 -0
package/dist/services/mikro.service.js +68 -0
package/dist/services/mikro.service.js.map +1 -0
package/dist/services/oauth-authorize.service.d.ts +91 -0
package/dist/services/oauth-authorize.service.d.ts.map +1 -0
package/dist/services/oauth-authorize.service.js +237 -0
package/dist/services/oauth-authorize.service.js.map +1 -0
package/dist/services/oauth-client.service.d.ts +38 -0
package/dist/services/oauth-client.service.d.ts.map +1 -0
package/dist/services/oauth-client.service.js +80 -0
package/dist/services/oauth-client.service.js.map +1 -0
package/dist/services/oauth-connect.service.d.ts +182 -0
package/dist/services/oauth-connect.service.d.ts.map +1 -0
package/dist/services/oauth-connect.service.js +592 -0
package/dist/services/oauth-connect.service.js.map +1 -0
package/dist/services/oauth-token.service.d.ts +162 -0
package/dist/services/oauth-token.service.d.ts.map +1 -0
package/dist/services/oauth-token.service.js +374 -0
package/dist/services/oauth-token.service.js.map +1 -0
package/dist/services/passkey.service.d.ts +73 -0
package/dist/services/passkey.service.d.ts.map +1 -0
package/dist/services/passkey.service.js +199 -0
package/dist/services/passkey.service.js.map +1 -0
package/dist/services/password-auth.service.d.ts +24 -0
package/dist/services/password-auth.service.d.ts.map +1 -0
package/dist/services/password-auth.service.js +87 -0
package/dist/services/password-auth.service.js.map +1 -0
package/dist/services/password-reset.service.d.ts +31 -0
package/dist/services/password-reset.service.d.ts.map +1 -0
package/dist/services/password-reset.service.js +54 -0
package/dist/services/password-reset.service.js.map +1 -0
package/dist/services/scheduler.service.d.ts +15 -0
package/dist/services/scheduler.service.d.ts.map +1 -0
package/dist/services/scheduler.service.js +52 -0
package/dist/services/scheduler.service.js.map +1 -0
package/dist/services/security.service.d.ts +17 -0
package/dist/services/security.service.d.ts.map +1 -0
package/dist/services/security.service.js +82 -0
package/dist/services/security.service.js.map +1 -0
package/dist/services/terms.service.d.ts +131 -0
package/dist/services/terms.service.d.ts.map +1 -0
package/dist/services/terms.service.js +210 -0
package/dist/services/terms.service.js.map +1 -0
package/dist/services/totp.service.d.ts +86 -0
package/dist/services/totp.service.d.ts.map +1 -0
package/dist/services/totp.service.js +244 -0
package/dist/services/totp.service.js.map +1 -0
package/dist/services/user-consent.service.d.ts +34 -0
package/dist/services/user-consent.service.d.ts.map +1 -0
package/dist/services/user-consent.service.js +42 -0
package/dist/services/user-consent.service.js.map +1 -0
package/dist/services/user.service.d.ts +60 -0
package/dist/services/user.service.d.ts.map +1 -0
package/dist/services/user.service.js +176 -0
package/dist/services/user.service.js.map +1 -0
package/package.json +155 -0
package/public/assets/index-CrY7bb7j.css +2 -0
package/public/assets/index-jYk5DHP_.js +75 -0
package/public/assets/index-jYk5DHP_.js.map +1 -0
package/public/index.html +27 -0
package/public/vite.svg +1 -0

package/dist/services/oauth-token.service.d.ts ADDED Viewed

@@ -0,0 +1,162 @@
+import type { TinyAuthRuntimeConfig } from '../lib/config/index.ts';
+import type { JwtService } from './jwt.service.ts';
+import type { MikroService } from './mikro.service.ts';
+import type { OAuthClientService } from './oauth-client.service.ts';
+import type { SecurityService } from './security.service.ts';
+import type { UserService } from './user.service.ts';
+/**
+ * Parameters for authorization code grant (RFC 6749 §4.1.3)
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
+ */
+export interface AuthorizationCodeGrantParams {
+    /** Authorization code received from /authorize endpoint */
+    code: string;
+    /** Redirect URI used in authorization request (must match) */
+    redirectUri: string;
+    /** OAuth client identifier */
+    clientId: string;
+    /** PKCE code verifier (required if code_challenge was used) */
+    codeVerifier?: string | undefined;
+}
+/**
+ * Parameters for refresh token grant (RFC 6749 §6)
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+ */
+export interface RefreshTokenGrantParams {
+    /** Refresh token from previous token response */
+    refreshToken: string;
+    /** OAuth client identifier (must match original request) */
+    clientId: string;
+}
+/**
+ * Token introspection result (RFC 7662 §2.2)
+ * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
+ */
+export interface TokenIntrospectionResult {
+    /** Whether the token is currently active */
+    active: boolean;
+    /** Space-separated list of scopes (only if active) */
+    scope?: string | undefined;
+    /** Client identifier (only if active) */
+    client_id?: string | undefined;
+    /** Type of token (only if active) */
+    token_type?: 'Bearer' | undefined;
+    /** Expiration timestamp in seconds (only if active) */
+    exp?: number | undefined;
+    /** Issued-at timestamp in seconds (only if active) */
+    iat?: number | undefined;
+    /** Subject identifier - user ID (only if active) */
+    sub?: string | undefined;
+    /** Issuer identifier (only if active) */
+    iss?: string | undefined;
+}
+/**
+ * OAuth 2.0 / OIDC token response (RFC 6749 §5.1)
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
+ */
+export interface TokenResponse {
+    /** OAuth 2.0 access token (JWT format) */
+    access_token: string;
+    /** Token type identifier */
+    token_type: 'Bearer';
+    /** Access token lifetime in seconds */
+    expires_in: number;
+    /** Refresh token for obtaining new access tokens */
+    refresh_token: string;
+    /** OpenID Connect ID Token (JWT format, only if openid scope requested) */
+    id_token?: string | undefined;
+    /** Space-separated list of granted scopes */
+    scope: string;
+}
+/**
+ * OAuth Token Service
+ *
+ * Handles OAuth 2.0 token issuance for different grant types:
+ * - Authorization Code Grant (RFC 6749 §4.1)
+ * - Refresh Token Grant (RFC 6749 §6)
+ *
+ * Supports both config-based and database-based users/clients.
+ */
+export declare class OAuthTokenService {
+    private readonly config;
+    private readonly mikro;
+    private readonly userService;
+    private readonly oauthClientService;
+    private readonly jwtService;
+    private readonly securityService;
+    constructor(config: TinyAuthRuntimeConfig, mikro: MikroService, userService: UserService, oauthClientService: OAuthClientService, jwtService: JwtService, securityService: SecurityService);
+    /**
+     * Exchange authorization code for tokens
+     *
+     * Implements OAuth 2.0 Authorization Code Grant (RFC 6749 §4.1.3)
+     * with PKCE support (RFC 7636).
+     *
+     * @param params - Authorization code grant parameters
+     * @returns Token response with access_token, refresh_token, and optionally id_token
+     * @throws {InvalidAuthorizationCode} - Code is invalid or expired
+     * @throws {RedirectUriMismatch} - Redirect URI doesn't match authorization request
+     * @throws {MissingCodeVerifier} - PKCE verifier required but not provided
+     * @throws {InvalidPKCEVerifier} - PKCE verification failed
+     */
+    exchangeAuthorizationCode(params: AuthorizationCodeGrantParams): Promise<TokenResponse>;
+    /**
+     * Refresh access token using refresh token
+     *
+     * Implements OAuth 2.0 Refresh Token Grant (RFC 6749 §6) with
+     * Refresh Token Rotation (OAuth 2.0 Security Best Current Practice).
+     *
+     * When a refresh token is used:
+     * 1. The old refresh token is revoked (token rotation)
+     * 2. A new refresh token is issued along with the new access token
+     * 3. This prevents token replay attacks
+     *
+     * @param params - Refresh token grant parameters
+     * @returns Token response with new access_token and refresh_token
+     * @throws {InvalidRefreshToken} - Refresh token is invalid, expired, or revoked
+     * @throws {ClientIdMismatch} - Client ID doesn't match original token request
+     */
+    refreshAccessToken(params: RefreshTokenGrantParams): Promise<TokenResponse>;
+    /**
+     * Introspect a token (access token or refresh token)
+     *
+     * Implements OAuth 2.0 Token Introspection (RFC 7662).
+     * Returns metadata about the token including active status.
+     *
+     * @param token - Token to introspect
+     * @param tokenTypeHint - Hint about token type (access_token or refresh_token)
+     * @returns Token introspection result
+     */
+    introspectToken(token: string, tokenTypeHint?: 'access_token' | 'refresh_token'): Promise<TokenIntrospectionResult>;
+    /**
+     * Revoke a token (access token or refresh token)
+     *
+     * Implements OAuth 2.0 Token Revocation (RFC 7009).
+     * When revoking a refresh token, also revokes all associated access tokens
+     * for the same user/client combination.
+     *
+     * @param token - Token to revoke
+     * @param tokenTypeHint - Hint about token type (access_token or refresh_token)
+     * @returns void - Always succeeds per RFC 7009 §2.1
+     */
+    revokeToken(token: string, tokenTypeHint?: 'access_token' | 'refresh_token'): Promise<void>;
+    /**
+     * Compute the at_hash claim value (OIDC Core 1.0 §3.1.3.6)
+     *
+     * The at_hash is the left-most half of the hash of the access token,
+     * using the hash algorithm from the ID Token's JOSE Header.
+     * For RS256, this is SHA-256.
+     *
+     * @param accessToken - The access token to hash
+     * @returns Base64URL-encoded left half of the SHA-256 hash
+     */
+    private computeAtHash;
+    /**
+     * Build complete OAuth/OIDC token response
+     *
+     * @param params - Token generation parameters
+     * @returns Complete token response
+     */
+    private buildTokenResponse;
+}
+//# sourceMappingURL=oauth-token.service.d.ts.map

package/dist/services/oauth-token.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-token.service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-token.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGpE,OAAO,KAAK,EAEV,UAAU,EAEX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,8DAA8D;IAC9D,WAAW,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,wBAAwB;IACvC,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,qCAAqC;IACrC,UAAU,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAClC,uDAAuD;IACvD,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,sDAAsD;IACtD,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,oDAAoD;IACpD,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,yCAAyC;IACzC,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC1B;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,0CAA0C;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,4BAA4B;IAC5B,UAAU,EAAE,QAAQ,CAAC;IACrB,uCAAuC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,aAAa,EAAE,MAAM,CAAC;IACtB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,6CAA6C;IAC7C,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;GAQG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;gBAEhD,MAAM,EAAE,qBAAqB,EAC7B,KAAK,EAAE,YAAY,EACnB,WAAW,EAAE,WAAW,EACxB,kBAAkB,EAAE,kBAAkB,EACtC,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe;IAUlC;;;;;;;;;;;;OAYG;IACG,yBAAyB,CAAC,MAAM,EAAE,4BAA4B;IA8EpE;;;;;;;;;;;;;;;OAeG;IACG,kBAAkB,CAAC,MAAM,EAAE,uBAAuB;IA6CxD;;;;;;;;;OASG;IACG,eAAe,CACnB,KAAK,EAAE,MAAM,EACb,aAAa,CAAC,EAAE,cAAc,GAAG,eAAe,GAC/C,OAAO,CAAC,wBAAwB,CAAC;IAuEpC;;;;;;;;;;OAUG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,aAAa,CAAC,EAAE,cAAc,GAAG,eAAe,GAC/C,OAAO,CAAC,IAAI,CAAC;IA+DhB;;;;;;;;;OASG;YACW,aAAa;IAc3B;;;;;OAKG;YACW,kBAAkB;CA0FjC"}

package/dist/services/oauth-token.service.js ADDED Viewed

@@ -0,0 +1,374 @@
+import { stringToBytes, toArrayBuffer, toBase64Url } from "../lib/base64url.js";
+import { validatePKCE } from "../lib/pkce.js";
+import { e } from "../schemas/error.js";
+/**
+ * OAuth Token Service
+ *
+ * Handles OAuth 2.0 token issuance for different grant types:
+ * - Authorization Code Grant (RFC 6749 §4.1)
+ * - Refresh Token Grant (RFC 6749 §6)
+ *
+ * Supports both config-based and database-based users/clients.
+ */
+export class OAuthTokenService {
+    config;
+    mikro;
+    userService;
+    oauthClientService;
+    jwtService;
+    securityService;
+    constructor(config, mikro, userService, oauthClientService, jwtService, securityService) {
+        this.config = config;
+        this.mikro = mikro;
+        this.userService = userService;
+        this.oauthClientService = oauthClientService;
+        this.jwtService = jwtService;
+        this.securityService = securityService;
+    }
+    /**
+     * Exchange authorization code for tokens
+     *
+     * Implements OAuth 2.0 Authorization Code Grant (RFC 6749 §4.1.3)
+     * with PKCE support (RFC 7636).
+     *
+     * @param params - Authorization code grant parameters
+     * @returns Token response with access_token, refresh_token, and optionally id_token
+     * @throws {InvalidAuthorizationCode} - Code is invalid or expired
+     * @throws {RedirectUriMismatch} - Redirect URI doesn't match authorization request
+     * @throws {MissingCodeVerifier} - PKCE verifier required but not provided
+     * @throws {InvalidPKCEVerifier} - PKCE verification failed
+     */
+    async exchangeAuthorizationCode(params) {
+        const { code, redirectUri, clientId, codeVerifier } = params;
+        // 1. Look up client to get primary key (clientId in request is the business key)
+        const client = await this.oauthClientService.findByClientId(clientId);
+        // 2. Verify and consume the authorization code
+        // Authorization codes are single-use (RFC 6749 §4.1.2)
+        const codeHash = await this.securityService.hashOpaqueToken('oauth-code', code);
+        const codeEntity = await this.mikro.oauthCode.findUnconsumedByClientAndCodeHash(client.id, codeHash);
+        if (!codeEntity) {
+            throw new e.InvalidAuthorizationCode.Error();
+        }
+        if (codeEntity.expiredAt < new Date()) {
+            throw new e.InvalidAuthorizationCode.Error();
+        }
+        codeEntity.consumedAt = new Date();
+        await this.mikro.em.flush();
+        // 3. Populate user relation
+        await this.mikro.em.populate(codeEntity, ['user']);
+        // 4. Validate redirect_uri matches (RFC 6749 §4.1.3)
+        // This prevents authorization code interception attacks
+        if (codeEntity.redirectUri !== redirectUri) {
+            throw new e.RedirectUriMismatch.Error();
+        }
+        // 5. Validate PKCE if code_challenge was used (RFC 7636 §4.6)
+        // PKCE protects against authorization code interception for public clients
+        if (codeEntity.codeChallenge) {
+            if (!codeVerifier) {
+                throw new e.MissingCodeVerifier.Error();
+            }
+            const isPKCEValid = await validatePKCE(codeVerifier, codeEntity.codeChallenge, codeEntity.codeChallengeMethod);
+            if (!isPKCEValid) {
+                throw new e.InvalidPKCEVerifier.Error();
+            }
+        }
+        // 6. Get user data from relation (load via Ref)
+        const user = await codeEntity.user.load();
+        if (!user) {
+            throw new e.UserNotFound.Error();
+        }
+        // 7. Build token response
+        return this.buildTokenResponse({
+            userSub: user.sub,
+            userEmail: user.email,
+            userEmailVerified: user.email_verified,
+            clientId: client.clientId,
+            scope: codeEntity.scope,
+            nonce: codeEntity.nonce,
+            // Pass OIDC authentication metadata from the authorization code
+            // Only include when defined and non-null (exactOptionalPropertyTypes)
+            ...(codeEntity.authTime != null && {
+                authTime: codeEntity.authTime,
+            }),
+        });
+    }
+    /**
+     * Refresh access token using refresh token
+     *
+     * Implements OAuth 2.0 Refresh Token Grant (RFC 6749 §6) with
+     * Refresh Token Rotation (OAuth 2.0 Security Best Current Practice).
+     *
+     * When a refresh token is used:
+     * 1. The old refresh token is revoked (token rotation)
+     * 2. A new refresh token is issued along with the new access token
+     * 3. This prevents token replay attacks
+     *
+     * @param params - Refresh token grant parameters
+     * @returns Token response with new access_token and refresh_token
+     * @throws {InvalidRefreshToken} - Refresh token is invalid, expired, or revoked
+     * @throws {ClientIdMismatch} - Client ID doesn't match original token request
+     */
+    async refreshAccessToken(params) {
+        const { refreshToken, clientId } = params;
+        // 1. Verify refresh token (also checks revocation)
+        const refreshPayload = await this.jwtService.verifyRefreshToken(refreshToken);
+        // 2. Validate client_id matches (RFC 6749 §6)
+        // Refresh token is bound to the client that obtained it
+        if (refreshPayload.client_id !== clientId) {
+            throw new e.ClientIdMismatch.Error();
+        }
+        // 3. Load user (supports both config and DB users)
+        const userEntity = await this.mikro.user.verifyBySub(refreshPayload.sub);
+        const userData = await this.userService.userEntityToSessionUser(userEntity);
+        // 4. Get client info
+        const client = await this.oauthClientService.findByClientId(clientId);
+        // 5. Refresh Token Rotation: Revoke the old refresh token
+        // This is a security best practice per OAuth 2.0 Security BCP §4.14.2
+        // If an attacker tries to use a stolen refresh token after the legitimate
+        // user has already used it, the token will be rejected as revoked.
+        if (refreshPayload.jti && refreshPayload.exp) {
+            await this.mikro.revokedToken.revokeToken({
+                jti: refreshPayload.jti,
+                token_type: 'refresh_token',
+                clientId: client.id, // Use entity primary key
+                userSub: userData.sub,
+                expires_at: new Date(refreshPayload.exp * 1000),
+            });
+        }
+        // 6. Build token response with new access and refresh tokens
+        // (no nonce in refresh flow)
+        return this.buildTokenResponse({
+            userSub: userData.sub,
+            userEmail: userData.email,
+            userEmailVerified: userData.email_verified,
+            clientId: client.clientId,
+            scope: refreshPayload.scope.split(' '),
+        });
+    }
+    /**
+     * Introspect a token (access token or refresh token)
+     *
+     * Implements OAuth 2.0 Token Introspection (RFC 7662).
+     * Returns metadata about the token including active status.
+     *
+     * @param token - Token to introspect
+     * @param tokenTypeHint - Hint about token type (access_token or refresh_token)
+     * @returns Token introspection result
+     */
+    async introspectToken(token, tokenTypeHint) {
+        // Try to verify the token based on hint or both types
+        let payload = null;
+        let tokenType = null;
+        // 1. Try to verify as hinted token type first (if hint provided)
+        if (tokenTypeHint === 'access_token') {
+            try {
+                payload = await this.jwtService.verifyAccessToken(token);
+                tokenType = 'access_token';
+            }
+            catch {
+                // Hint failed, try refresh token
+                try {
+                    payload = await this.jwtService.verifyRefreshToken(token);
+                    tokenType = 'refresh_token';
+                }
+                catch {
+                    // Both failed, fall through to inactive
+                }
+            }
+        }
+        else if (tokenTypeHint === 'refresh_token') {
+            try {
+                payload = await this.jwtService.verifyRefreshToken(token);
+                tokenType = 'refresh_token';
+            }
+            catch {
+                // Hint failed, try access token
+                try {
+                    payload = await this.jwtService.verifyAccessToken(token);
+                    tokenType = 'access_token';
+                }
+                catch {
+                    // Both failed, fall through to inactive
+                }
+            }
+        }
+        else {
+            // 2. No hint provided, try both types
+            try {
+                payload = await this.jwtService.verifyAccessToken(token);
+                tokenType = 'access_token';
+            }
+            catch {
+                try {
+                    payload = await this.jwtService.verifyRefreshToken(token);
+                    tokenType = 'refresh_token';
+                }
+                catch {
+                    // Both failed, fall through to inactive
+                }
+            }
+        }
+        // 3. If verification succeeded, return active response
+        if (payload && tokenType) {
+            return {
+                active: true,
+                scope: payload.scope,
+                client_id: payload.client_id,
+                token_type: 'Bearer',
+                ...(payload.exp !== undefined && { exp: payload.exp }),
+                ...(payload.iat !== undefined && { iat: payload.iat }),
+                sub: payload.sub,
+                ...(payload.iss !== undefined && { iss: payload.iss }),
+            };
+        }
+        // 4. Token is invalid or expired - return inactive
+        // RFC 7662 §2.2: "If the token is not active, does not exist on this server,
+        // or the protected resource is not allowed to introspect this particular token,
+        // then the authorization server MUST return an introspection response with
+        // the active field set to false"
+        return {
+            active: false,
+        };
+    }
+    /**
+     * Revoke a token (access token or refresh token)
+     *
+     * Implements OAuth 2.0 Token Revocation (RFC 7009).
+     * When revoking a refresh token, also revokes all associated access tokens
+     * for the same user/client combination.
+     *
+     * @param token - Token to revoke
+     * @param tokenTypeHint - Hint about token type (access_token or refresh_token)
+     * @returns void - Always succeeds per RFC 7009 §2.1
+     */
+    async revokeToken(token, tokenTypeHint) {
+        // Decode the token to get metadata (without full verification)
+        const decoded = this.jwtService.decodeToken(token);
+        if (!decoded?.jti || !decoded.sub || !decoded.exp) {
+            // RFC 7009 §2.1: "The authorization server responds with HTTP status
+            // code 200 if the token has been revoked successfully or if the client
+            // submitted an invalid token."
+            return;
+        }
+        const jti = decoded.jti;
+        const userSub = decoded.sub;
+        const rawClientId = decoded['client_id'];
+        const clientId = typeof rawClientId === 'string' ? rawClientId : undefined;
+        const rawTyp = decoded['typ'];
+        const tokenType = (rawTyp === 'access_token' || rawTyp === 'refresh_token'
+            ? rawTyp
+            : undefined) ||
+            tokenTypeHint ||
+            'access_token';
+        const expiresAt = new Date(decoded.exp * 1000);
+        if (!clientId) {
+            return;
+        }
+        // Check if already revoked
+        const isAlreadyRevoked = await this.mikro.revokedToken.isRevoked(jti);
+        if (isAlreadyRevoked) {
+            return;
+        }
+        // Look up user and client entities to get primary keys
+        // Note: clientId from token is the business key, we need the entity's primary key
+        const userEntity = await this.mikro.user.findOne({ sub: userSub });
+        const clientEntity = await this.mikro.oauthClient.findOne({ clientId });
+        if (!userEntity || !clientEntity) {
+            // User or client no longer exists, but we still return success per RFC 7009
+            return;
+        }
+        // Revoke the token (using primary keys for FK references)
+        await this.mikro.revokedToken.revokeToken({
+            jti,
+            token_type: tokenType,
+            clientId: clientEntity.id, // Use entity's primary key
+            userSub: userEntity.sub,
+            expires_at: expiresAt,
+        });
+        // RFC 7009 §2.1: "If the particular token is a refresh token and the
+        // authorization server supports the revocation of access tokens, then
+        // the authorization server SHOULD also invalidate all access tokens
+        // based on the same authorization grant."
+        //
+        // Since we can't enumerate all access tokens issued for this refresh token,
+        // the revocation check happens at token verification time via jti lookup.
+        // Access tokens will be rejected when their jti is in the revoked_tokens table.
+    }
+    /**
+     * Compute the at_hash claim value (OIDC Core 1.0 §3.1.3.6)
+     *
+     * The at_hash is the left-most half of the hash of the access token,
+     * using the hash algorithm from the ID Token's JOSE Header.
+     * For RS256, this is SHA-256.
+     *
+     * @param accessToken - The access token to hash
+     * @returns Base64URL-encoded left half of the SHA-256 hash
+     */
+    async computeAtHash(accessToken) {
+        // SHA-256 hash of the access token
+        const hash = new Uint8Array(await crypto.subtle.digest('SHA-256', toArrayBuffer(stringToBytes(accessToken))));
+        // Take the left-most half (128 bits = 16 bytes for SHA-256)
+        const leftHalf = hash.slice(0, hash.byteLength / 2);
+        // Base64URL encode
+        return toBase64Url(leftHalf);
+    }
+    /**
+     * Build complete OAuth/OIDC token response
+     *
+     * @param params - Token generation parameters
+     * @returns Complete token response
+     */
+    async buildTokenResponse(params) {
+        const { userSub, userEmail, userEmailVerified, clientId, scope, nonce, authTime, } = params;
+        const scopeString = scope.join(' ');
+        // Generate access token (RFC 6749 §1.4)
+        const accessToken = await this.jwtService.signAccessToken({
+            typ: 'access_token',
+            sub: userSub,
+            client_id: clientId,
+            scope: scopeString,
+        });
+        // Generate refresh token (RFC 6749 §1.5)
+        const refreshToken = await this.jwtService.signRefreshToken({
+            typ: 'refresh_token',
+            sub: userSub,
+            client_id: clientId,
+            scope: scopeString,
+        });
+        const response = {
+            access_token: accessToken,
+            token_type: 'Bearer',
+            expires_in: this.config.tokens.access_token_ttl,
+            refresh_token: refreshToken,
+            scope: scopeString,
+        };
+        // Generate ID token if OIDC (openid scope present)
+        if (scope.includes('openid')) {
+            const idTokenPayload = {
+                sub: userSub,
+                aud: clientId,
+            };
+            if (nonce) {
+                idTokenPayload.nonce = nonce;
+            }
+            // Include OIDC authentication metadata claims
+            if (authTime !== undefined) {
+                idTokenPayload.auth_time = authTime;
+            }
+            // Compute at_hash (OIDC Core 1.0 §3.1.3.6)
+            // Required when ID Token is issued from Authorization Endpoint with
+            // access token in the same response, optional otherwise but recommended
+            idTokenPayload.at_hash = await this.computeAtHash(accessToken);
+            if (scope.includes('email')) {
+                idTokenPayload.email = userEmail;
+                idTokenPayload.email_verified = userEmailVerified;
+            }
+            if (scope.includes('profile')) {
+                idTokenPayload.name = userEmail;
+            }
+            response.id_token = await this.jwtService.signIdToken(idTokenPayload);
+        }
+        return response;
+    }
+}
+//# sourceMappingURL=oauth-token.service.js.map

package/dist/services/oauth-token.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-token.service.js","sourceRoot":"","sources":["../../src/services/oauth-token.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAgFxC;;;;;;;;GAQG;AACH,MAAM,OAAO,iBAAiB;IACX,MAAM,CAAwB;IAC9B,KAAK,CAAe;IACpB,WAAW,CAAc;IACzB,kBAAkB,CAAqB;IACvC,UAAU,CAAa;IACvB,eAAe,CAAkB;IAClD,YACE,MAA6B,EAC7B,KAAmB,EACnB,WAAwB,EACxB,kBAAsC,EACtC,UAAsB,EACtB,eAAgC;QAEhC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,yBAAyB,CAAC,MAAoC;QAClE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAE7D,iFAAiF;QACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtE,+CAA+C;QAC/C,uDAAuD;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,eAAe,CACzD,YAAY,EACZ,IAAI,CACL,CAAC;QACF,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,iCAAiC,CAC1D,MAAM,CAAC,EAAE,EACT,QAAQ,CACT,CAAC;QAEJ,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,UAAU,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,4BAA4B;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnD,qDAAqD;QACrD,wDAAwD;QACxD,IAAI,UAAU,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC3C,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,8DAA8D;QAC9D,2EAA2E;QAC3E,IAAI,UAAU,CAAC,aAAa,EAAE,CAAC;YAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC1C,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,YAAY,CACpC,YAAY,EACZ,UAAU,CAAC,aAAa,EACxB,UAAU,CAAC,mBAAmB,CAC/B,CAAC;YAEF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACnC,CAAC;QAED,0BAA0B;QAC1B,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,OAAO,EAAE,IAAI,CAAC,GAAG;YACjB,SAAS,EAAE,IAAI,CAAC,KAAK;YACrB,iBAAiB,EAAE,IAAI,CAAC,cAAc;YACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,gEAAgE;YAChE,sEAAsE;YACtE,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,IAAI,IAAI;gBACjC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAA+B;QACtD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAE1C,mDAAmD;QACnD,MAAM,cAAc,GAClB,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAEzD,8CAA8C;QAC9C,wDAAwD;QACxD,IAAI,cAAc,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QACvC,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAE5E,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtE,0DAA0D;QAC1D,sEAAsE;QACtE,0EAA0E;QAC1E,mEAAmE;QACnE,IAAI,cAAc,CAAC,GAAG,IAAI,cAAc,CAAC,GAAG,EAAE,CAAC;YAC7C,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC;gBACxC,GAAG,EAAE,cAAc,CAAC,GAAG;gBACvB,UAAU,EAAE,eAAe;gBAC3B,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,yBAAyB;gBAC9C,OAAO,EAAE,QAAQ,CAAC,GAAG;gBACrB,UAAU,EAAE,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,GAAG,IAAI,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;QAED,6DAA6D;QAC7D,6BAA6B;QAC7B,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,OAAO,EAAE,QAAQ,CAAC,GAAG;YACrB,SAAS,EAAE,QAAQ,CAAC,KAAK;YACzB,iBAAiB,EAAE,QAAQ,CAAC,cAAc;YAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;SACvC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CACnB,KAAa,EACb,aAAgD;QAEhD,sDAAsD;QACtD,IAAI,OAAO,GAAoD,IAAI,CAAC;QACpE,IAAI,SAAS,GAA4C,IAAI,CAAC;QAE9D,iEAAiE;QACjE,IAAI,aAAa,KAAK,cAAc,EAAE,CAAC;YACrC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACzD,SAAS,GAAG,cAAc,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;gBACjC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1D,SAAS,GAAG,eAAe,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,KAAK,eAAe,EAAE,CAAC;YAC7C,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1D,SAAS,GAAG,eAAe,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;gBAChC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;oBACzD,SAAS,GAAG,cAAc,CAAC;gBAC7B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,sCAAsC;YACtC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACzD,SAAS,GAAG,cAAc,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1D,SAAS,GAAG,eAAe,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;YACzB,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,QAAQ;gBACpB,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;aACvD,CAAC;QACJ,CAAC;QAED,mDAAmD;QACnD,6EAA6E;QAC7E,gFAAgF;QAChF,2EAA2E;QAC3E,iCAAiC;QACjC,OAAO;YACL,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW,CACf,KAAa,EACb,aAAgD;QAEhD,+DAA+D;QAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAClD,qEAAqE;YACrE,uEAAuE;YACvE,+BAA+B;YAC/B,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;QAC5B,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,SAAS,GACb,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,KAAK,eAAe;YACtD,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,SAAS,CAAC;YACd,aAAa;YACb,cAAc,CAAC;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACtE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,uDAAuD;QACvD,kFAAkF;QAClF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACnE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAExE,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;YACjC,4EAA4E;YAC5E,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC;YACxC,GAAG;YACH,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE,2BAA2B;YACtD,OAAO,EAAE,UAAU,CAAC,GAAG;YACvB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,0CAA0C;QAC1C,EAAE;QACF,4EAA4E;QAC5E,0EAA0E;QAC1E,gFAAgF;IAClF,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,aAAa,CAAC,WAAmB;QAC7C,mCAAmC;QACnC,MAAM,IAAI,GAAG,IAAI,UAAU,CACzB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACxB,SAAS,EACT,aAAa,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAC1C,CACF,CAAC;QACF,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACpD,mBAAmB;QACnB,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,kBAAkB,CAAC,MAShC;QACC,MAAM,EACJ,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,QAAQ,EACR,KAAK,EACL,KAAK,EACL,QAAQ,GACT,GAAG,MAAM,CAAC;QAEX,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpC,wCAAwC;QACxC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC;YACxD,GAAG,EAAE,cAAc;YACnB,GAAG,EAAE,OAAO;YACZ,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;QAEH,yCAAyC;QACzC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC;YAC1D,GAAG,EAAE,eAAe;YACpB,GAAG,EAAE,OAAO;YACZ,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAkB;YAC9B,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB;YAC/C,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,WAAW;SACnB,CAAC;QAEF,mDAAmD;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,MAAM,cAAc,GAShB;gBACF,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,QAAQ;aACd,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,cAAc,CAAC,KAAK,GAAG,KAAK,CAAC;YAC/B,CAAC;YAED,8CAA8C;YAC9C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,cAAc,CAAC,SAAS,GAAG,QAAQ,CAAC;YACtC,CAAC;YAED,2CAA2C;YAC3C,oEAAoE;YACpE,wEAAwE;YACxE,cAAc,CAAC,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YAE/D,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,cAAc,CAAC,KAAK,GAAG,SAAS,CAAC;gBACjC,cAAc,CAAC,cAAc,GAAG,iBAAiB,CAAC;YACpD,CAAC;YAED,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,cAAc,CAAC,IAAI,GAAG,SAAS,CAAC;YAClC,CAAC;YAED,QAAQ,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/services/passkey.service.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { AuthenticationResponseJSON, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialRequestOptionsJSON, RegistrationResponseJSON } from '@simplewebauthn/server';
+import type { UserEntity } from '../entities/user.entity.ts';
+import { type IUserPasskeyEntity } from '../entities/user-passkey.entity.ts';
+import type { TinyAuthRuntimeConfig } from '../lib/config/index.ts';
+import type { MikroService } from './mikro.service.ts';
+/**
+ * Passkey information for user passkey list
+ * Used to display registered passkeys to the user
+ */
+export interface PasskeyInfo {
+    /** Passkey entity ID */
+    id: string;
+    /** WebAuthn credential ID */
+    credential_id: string;
+    /** User-defined name for the passkey */
+    name: string | null;
+    /** Device type: single device or multi-device (synced) */
+    device_type: 'singleDevice' | 'multiDevice';
+    /** Whether the passkey is backed up (synced to cloud) */
+    backed_up: boolean;
+    /** When the passkey was registered */
+    created_at: Date;
+}
+export declare class PasskeyService {
+    private readonly rpName;
+    private readonly mikro;
+    private readonly config;
+    constructor(mikro: MikroService, config: TinyAuthRuntimeConfig);
+    /**
+     * Get rpId from config or extract from server.public_origin hostname
+     */
+    private getRpId;
+    /**
+     * Get allowed origins from config or use server.public_origin
+     */
+    private getOrigins;
+    /**
+     * Generate registration options for a user
+     */
+    generateRegistrationOptions(user: UserEntity): Promise<PublicKeyCredentialCreationOptionsJSON>;
+    /**
+     * Verify registration response and save passkey
+     */
+    verifyRegistration(user: UserEntity, response: RegistrationResponseJSON, expectedChallenge: string, passkeyName?: string): Promise<IUserPasskeyEntity>;
+    /**
+     * Generate authentication options
+     * If userSub is provided, allow only that user's passkeys
+     * If not provided, allow discoverable credentials (usernameless)
+     */
+    generateAuthenticationOptions(userSub?: string): Promise<PublicKeyCredentialRequestOptionsJSON>;
+    /**
+     * Verify authentication response
+     * Returns the user if verification succeeds
+     */
+    verifyAuthentication(response: AuthenticationResponseJSON, expectedChallenge: string): Promise<UserEntity>;
+    /**
+     * Get all passkeys for a user
+     */
+    getUserPasskeys(userSub: string): Promise<PasskeyInfo[]>;
+    /**
+     * Delete a passkey
+     */
+    deletePasskey(userSub: string, passkeyId: string, options: {
+        hasOtherAuthMethods: boolean;
+        secondFactorRequired: boolean;
+        hasOtherSecondFactor: boolean;
+    }): Promise<void>;
+    /**
+     * Rename a passkey
+     */
+    renamePasskey(userSub: string, passkeyId: string, name: string): Promise<void>;
+}
+//# sourceMappingURL=passkey.service.d.ts.map

package/dist/services/passkey.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"passkey.service.d.ts","sourceRoot":"","sources":["../../src/services/passkey.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAE1B,sCAAsC,EACtC,qCAAqC,EACrC,wBAAwB,EACzB,MAAM,wBAAwB,CAAC;AAQhC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,KAAK,kBAAkB,EAExB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,6BAA6B;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,0DAA0D;IAC1D,WAAW,EAAE,cAAc,GAAG,aAAa,CAAC;IAC5C,yDAAyD;IACzD,SAAS,EAAE,OAAO,CAAC;IACnB,sCAAsC;IACtC,UAAU,EAAE,IAAI,CAAC;CAClB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAElD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;gBAC5B,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB;IAKrE;;OAEG;IACH,OAAO,CAAC,OAAO;IASf;;OAEG;IACH,OAAO,CAAC,UAAU;IAQlB;;OAEG;IACU,2BAA2B,CACtC,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,sCAAsC,CAAC;IA4BlD;;OAEG;IACU,kBAAkB,CAC7B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,wBAAwB,EAClC,iBAAiB,EAAE,MAAM,EACzB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC;IA0C9B;;;;OAIG;IACU,6BAA6B,CACxC,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,qCAAqC,CAAC;IAyBjD;;;OAGG;IACU,oBAAoB,CAC/B,QAAQ,EAAE,0BAA0B,EACpC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,UAAU,CAAC;IAoCtB;;OAEG;IACU,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAYrE;;OAEG;IACU,aAAa,CACxB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE;QACP,mBAAmB,EAAE,OAAO,CAAC;QAC7B,oBAAoB,EAAE,OAAO,CAAC;QAC9B,oBAAoB,EAAE,OAAO,CAAC;KAC/B,GACA,OAAO,CAAC,IAAI,CAAC;IA4BhB;;OAEG;IACU,aAAa,CACxB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;CAajB"}