@tinyrack/tinyauth-server 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. package/dist/entities/background-job.entity.d.ts.map +1 -1
  2. package/dist/entities/background-job.entity.js +15 -3
  3. package/dist/entities/background-job.entity.js.map +1 -1
  4. package/dist/entities/oauth-client.entity.d.ts +147 -0
  5. package/dist/entities/oauth-client.entity.d.ts.map +1 -1
  6. package/dist/entities/oauth-client.entity.js +10 -0
  7. package/dist/entities/oauth-client.entity.js.map +1 -1
  8. package/dist/entities/oauth-code.entity.d.ts +147 -0
  9. package/dist/entities/oauth-code.entity.d.ts.map +1 -1
  10. package/dist/entities/oauth-device-code.entity.d.ts +1737 -0
  11. package/dist/entities/oauth-device-code.entity.d.ts.map +1 -0
  12. package/dist/entities/oauth-device-code.entity.js +61 -0
  13. package/dist/entities/oauth-device-code.entity.js.map +1 -0
  14. package/dist/entities/revoked-token.entity.d.ts +147 -0
  15. package/dist/entities/revoked-token.entity.d.ts.map +1 -1
  16. package/dist/entities/scheduler-job.entity.d.ts.map +1 -1
  17. package/dist/entities/scheduler-job.entity.js +10 -2
  18. package/dist/entities/scheduler-job.entity.js.map +1 -1
  19. package/dist/entities/user-consent.entity.d.ts +147 -0
  20. package/dist/entities/user-consent.entity.d.ts.map +1 -1
  21. package/dist/entities/user-oauth.entity.d.ts.map +1 -1
  22. package/dist/entities/user-oauth.entity.js +2 -1
  23. package/dist/entities/user-oauth.entity.js.map +1 -1
  24. package/dist/entrypoints/app.d.ts +126 -19
  25. package/dist/entrypoints/app.d.ts.map +1 -1
  26. package/dist/entrypoints/app.js +72 -5
  27. package/dist/entrypoints/app.js.map +1 -1
  28. package/dist/entrypoints/database/postgres/cli.js +5 -5
  29. package/dist/entrypoints/database/postgres/cli.js.map +1 -1
  30. package/dist/entrypoints/database/postgres/compiled-functions.d.ts +146 -94
  31. package/dist/entrypoints/database/postgres/compiled-functions.d.ts.map +1 -1
  32. package/dist/entrypoints/database/postgres/compiled-functions.js +881 -122
  33. package/dist/entrypoints/database/postgres/compiled-functions.js.map +1 -1
  34. package/dist/entrypoints/database/sqlite/cli.js +2 -2
  35. package/dist/entrypoints/database/sqlite/cli.js.map +1 -1
  36. package/dist/entrypoints/database/sqlite/compiled-functions.d.ts +146 -94
  37. package/dist/entrypoints/database/sqlite/compiled-functions.d.ts.map +1 -1
  38. package/dist/entrypoints/database/sqlite/compiled-functions.js +881 -122
  39. package/dist/entrypoints/database/sqlite/compiled-functions.js.map +1 -1
  40. package/dist/lib/config/client.d.ts +8 -0
  41. package/dist/lib/config/client.d.ts.map +1 -1
  42. package/dist/lib/config/client.js +62 -2
  43. package/dist/lib/config/client.js.map +1 -1
  44. package/dist/lib/config/resolved.d.ts +4 -0
  45. package/dist/lib/config/resolved.d.ts.map +1 -1
  46. package/dist/lib/config/security.d.ts.map +1 -1
  47. package/dist/lib/config/security.js +25 -2
  48. package/dist/lib/config/security.js.map +1 -1
  49. package/dist/lib/crypto.d.ts.map +1 -1
  50. package/dist/lib/crypto.js +11 -1
  51. package/dist/lib/crypto.js.map +1 -1
  52. package/dist/lib/database/entities.d.ts.map +1 -1
  53. package/dist/lib/database/entities.js +2 -0
  54. package/dist/lib/database/entities.js.map +1 -1
  55. package/dist/lib/escape-html.d.ts +7 -0
  56. package/dist/lib/escape-html.d.ts.map +1 -0
  57. package/dist/lib/escape-html.js +14 -0
  58. package/dist/lib/escape-html.js.map +1 -0
  59. package/dist/migrations/postgres/Migration20260619075007.d.ts +6 -0
  60. package/dist/migrations/postgres/Migration20260619075007.d.ts.map +1 -0
  61. package/dist/migrations/postgres/Migration20260619075007.js +86 -0
  62. package/dist/migrations/postgres/Migration20260619075007.js.map +1 -0
  63. package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts +6 -0
  64. package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts.map +1 -0
  65. package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.js +12 -0
  66. package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.js.map +1 -0
  67. package/dist/migrations/postgres/index.d.ts.map +1 -1
  68. package/dist/migrations/postgres/index.js +4 -0
  69. package/dist/migrations/postgres/index.js.map +1 -1
  70. package/dist/migrations/sqlite/Migration20260619075330.d.ts +6 -0
  71. package/dist/migrations/sqlite/Migration20260619075330.d.ts.map +1 -0
  72. package/dist/migrations/sqlite/Migration20260619075330.js +57 -0
  73. package/dist/migrations/sqlite/Migration20260619075330.js.map +1 -0
  74. package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts +6 -0
  75. package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts.map +1 -0
  76. package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js +12 -0
  77. package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js.map +1 -0
  78. package/dist/migrations/sqlite/index.d.ts.map +1 -1
  79. package/dist/migrations/sqlite/index.js +4 -0
  80. package/dist/migrations/sqlite/index.js.map +1 -1
  81. package/dist/repositories/oauth-device-code.repository.d.ts +20 -0
  82. package/dist/repositories/oauth-device-code.repository.d.ts.map +1 -0
  83. package/dist/repositories/oauth-device-code.repository.js +55 -0
  84. package/dist/repositories/oauth-device-code.repository.js.map +1 -0
  85. package/dist/routes/.well-known/index.d.ts +29 -3
  86. package/dist/routes/.well-known/index.d.ts.map +1 -1
  87. package/dist/routes/.well-known/openid-configuration/get.d.ts +30 -4
  88. package/dist/routes/.well-known/openid-configuration/get.d.ts.map +1 -1
  89. package/dist/routes/.well-known/openid-configuration/get.js +5 -2
  90. package/dist/routes/.well-known/openid-configuration/get.js.map +1 -1
  91. package/dist/routes/index.d.ts +123 -18
  92. package/dist/routes/index.d.ts.map +1 -1
  93. package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts +33 -0
  94. package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts.map +1 -1
  95. package/dist/routes/oauth/.well-known/openid-configuration/get.js +78 -44
  96. package/dist/routes/oauth/.well-known/openid-configuration/get.js.map +1 -1
  97. package/dist/routes/oauth/authorize/get.d.ts +8 -26
  98. package/dist/routes/oauth/authorize/get.d.ts.map +1 -1
  99. package/dist/routes/oauth/authorize/get.js +34 -3
  100. package/dist/routes/oauth/authorize/get.js.map +1 -1
  101. package/dist/routes/oauth/cors.d.ts +9 -0
  102. package/dist/routes/oauth/cors.d.ts.map +1 -0
  103. package/dist/routes/oauth/cors.js +50 -0
  104. package/dist/routes/oauth/cors.js.map +1 -0
  105. package/dist/routes/oauth/device/get-post.d.ts +28 -0
  106. package/dist/routes/oauth/device/get-post.d.ts.map +1 -0
  107. package/dist/routes/oauth/device/get-post.js +67 -0
  108. package/dist/routes/oauth/device/get-post.js.map +1 -0
  109. package/dist/routes/oauth/device-authorization/post.d.ts +25 -0
  110. package/dist/routes/oauth/device-authorization/post.d.ts.map +1 -0
  111. package/dist/routes/oauth/device-authorization/post.js +87 -0
  112. package/dist/routes/oauth/device-authorization/post.js.map +1 -0
  113. package/dist/routes/oauth/end-session/get.d.ts +34 -0
  114. package/dist/routes/oauth/end-session/get.d.ts.map +1 -0
  115. package/dist/routes/oauth/end-session/get.js +74 -0
  116. package/dist/routes/oauth/end-session/get.js.map +1 -0
  117. package/dist/routes/oauth/index.d.ts +95 -16
  118. package/dist/routes/oauth/index.d.ts.map +1 -1
  119. package/dist/routes/oauth/index.js +8 -0
  120. package/dist/routes/oauth/index.js.map +1 -1
  121. package/dist/routes/oauth/introspect/post.d.ts.map +1 -1
  122. package/dist/routes/oauth/introspect/post.js +2 -0
  123. package/dist/routes/oauth/introspect/post.js.map +1 -1
  124. package/dist/routes/oauth/revoke/post.d.ts.map +1 -1
  125. package/dist/routes/oauth/revoke/post.js +2 -0
  126. package/dist/routes/oauth/revoke/post.js.map +1 -1
  127. package/dist/routes/oauth/token/post.d.ts +2 -0
  128. package/dist/routes/oauth/token/post.d.ts.map +1 -1
  129. package/dist/routes/oauth/token/post.js +46 -0
  130. package/dist/routes/oauth/token/post.js.map +1 -1
  131. package/dist/routes/oauth/userinfo/get.d.ts +16 -4
  132. package/dist/routes/oauth/userinfo/get.d.ts.map +1 -1
  133. package/dist/routes/oauth/userinfo/get.js +50 -30
  134. package/dist/routes/oauth/userinfo/get.js.map +1 -1
  135. package/dist/schemas/error.d.ts +100 -0
  136. package/dist/schemas/error.d.ts.map +1 -1
  137. package/dist/schemas/error.js +4 -0
  138. package/dist/schemas/error.js.map +1 -1
  139. package/dist/schemas/field.d.ts +2 -0
  140. package/dist/schemas/field.d.ts.map +1 -1
  141. package/dist/schemas/field.js +6 -1
  142. package/dist/schemas/field.js.map +1 -1
  143. package/dist/schemas/response.d.ts +2 -0
  144. package/dist/schemas/response.d.ts.map +1 -1
  145. package/dist/schemas/response.js +4 -0
  146. package/dist/schemas/response.js.map +1 -1
  147. package/dist/seeders/config.seeder.js +2 -0
  148. package/dist/seeders/config.seeder.js.map +1 -1
  149. package/dist/services/container.d.ts +3 -1
  150. package/dist/services/container.d.ts.map +1 -1
  151. package/dist/services/jwt.service.d.ts +4 -0
  152. package/dist/services/jwt.service.d.ts.map +1 -1
  153. package/dist/services/jwt.service.js +27 -6
  154. package/dist/services/jwt.service.js.map +1 -1
  155. package/dist/services/mikro.service.d.ts +2 -0
  156. package/dist/services/mikro.service.d.ts.map +1 -1
  157. package/dist/services/mikro.service.js +3 -0
  158. package/dist/services/mikro.service.js.map +1 -1
  159. package/dist/services/oauth-authorize.service.d.ts +9 -1
  160. package/dist/services/oauth-authorize.service.d.ts.map +1 -1
  161. package/dist/services/oauth-authorize.service.js +109 -17
  162. package/dist/services/oauth-authorize.service.js.map +1 -1
  163. package/dist/services/oauth-client.service.d.ts +3 -0
  164. package/dist/services/oauth-client.service.d.ts.map +1 -1
  165. package/dist/services/oauth-client.service.js +16 -0
  166. package/dist/services/oauth-client.service.js.map +1 -1
  167. package/dist/services/oauth-token.service.d.ts +11 -0
  168. package/dist/services/oauth-token.service.d.ts.map +1 -1
  169. package/dist/services/oauth-token.service.js +69 -1
  170. package/dist/services/oauth-token.service.js.map +1 -1
  171. package/dist/services/security.service.d.ts +1 -1
  172. package/dist/services/security.service.d.ts.map +1 -1
  173. package/dist/services/security.service.js +2 -0
  174. package/dist/services/security.service.js.map +1 -1
  175. package/package.json +3 -3
  176. package/readme.md +5 -1
package/dist/migrations/sqlite/Migration20260619075330.js ADDED
@@ -0,0 +1,57 @@
1
+ import { Migration } from '@mikro-orm/migrations';
2
+ export class Migration20260619075330 extends Migration {
3
+ up() {
4
+ this.addSql(`create table \`oauth_device_code\` (\`id\` text not null primary key, \`created_at\` datetime not null, \`updated_at\` datetime not null, \`device_code_hash\` text not null, \`user_code_hash\` text not null, \`client_id\` text not null, \`scope\` json not null default '[]', \`expires_at\` datetime not null, \`authorized_user_sub\` text null, \`authorized_at\` datetime null, \`consumed_at\` datetime null, constraint \`oauth_device_code_client_id_foreign\` foreign key (\`client_id\`) references \`oauth_client\` (\`id\`), constraint \`oauth_device_code_authorized_user_sub_foreign\` foreign key (\`authorized_user_sub\`) references \`user\` (\`sub\`) on delete set null) /* Issued OAuth device authorization grants */;`);
5
+ this.addSql(`create unique index \`oauth_device_code_device_code_hash_unique\` on \`oauth_device_code\` (\`device_code_hash\`);`);
6
+ this.addSql(`create unique index \`oauth_device_code_user_code_hash_unique\` on \`oauth_device_code\` (\`user_code_hash\`);`);
7
+ this.addSql(`create index \`oauth_device_code_client_id_index\` on \`oauth_device_code\` (\`client_id\`);`);
8
+ this.addSql(`create index \`oauth_device_code_authorized_user_sub_index\` on \`oauth_device_code\` (\`authorized_user_sub\`);`);
9
+ this.addSql(`create index \`oauth_device_code_device_hash_idx\` on \`oauth_device_code\` (\`device_code_hash\`);`);
10
+ this.addSql(`create index \`oauth_device_code_user_hash_idx\` on \`oauth_device_code\` (\`user_code_hash\`);`);
11
+ this.addSql(`create index \`oauth_device_code_expired_at_idx\` on \`oauth_device_code\` (\`expires_at\`);`);
12
+ this.addSql(`pragma foreign_keys = off;`);
13
+ this.addSql(`create table \`background_jobs__temp_alter\` (\`id\` text not null primary key, \`created_at\` datetime not null, \`updated_at\` datetime not null, \`job_id\` text not null, \`payload\` text not null, \`status\` text check (status in ('pending', 'running', 'succeeded', 'failed')) not null default 'pending', \`available_at\` datetime not null, \`locked_by\` text null, \`locked_until\` datetime null, \`attempt_count\` integer check (attempt_count >= 0) not null default 0, \`max_attempts\` integer check (max_attempts > 0) not null default 3, \`last_error\` text null, \`completed_at\` datetime null) /* Durable background job queue */;`);
14
+ this.addSql(`insert into \`background_jobs__temp_alter\` select \`id\`, \`created_at\`, \`updated_at\`, \`job_id\`, \`payload\`, \`status\`, \`available_at\`, \`locked_by\`, \`locked_until\`, \`attempt_count\`, \`max_attempts\`, \`last_error\`, \`completed_at\` from \`background_jobs\`;`);
15
+ this.addSql(`drop table \`background_jobs\`;`);
16
+ this.addSql(`alter table \`background_jobs__temp_alter\` rename to \`background_jobs\`;`);
17
+ this.addSql(`create index \`background_jobs_status_available_at_idx\` on \`background_jobs\` (\`status\`, \`available_at\`);`);
18
+ this.addSql(`create index \`background_jobs_locked_until_idx\` on \`background_jobs\` (\`locked_until\`);`);
19
+ this.addSql(`create index \`background_jobs_job_id_idx\` on \`background_jobs\` (\`job_id\`);`);
20
+ this.addSql(`pragma foreign_keys = on;`);
21
+ this.addSql(`alter table \`oauth_client\` add column \`post_logout_redirect_uris\` json not null default '[]';`);
22
+ this.addSql(`alter table \`oauth_client\` add column \`web_origins\` json not null default '[]';`);
23
+ this.addSql(`pragma foreign_keys = off;`);
24
+ this.addSql(`create table \`user_oauth__temp_alter\` (\`id\` integer not null primary key autoincrement, \`created_at\` datetime not null, \`updated_at\` datetime not null, \`user_sub\` text not null, \`provider_name\` text not null, \`provider_user_id\` text not null, \`access_token\` text not null, \`refresh_token\` text not null, \`expires_at\` datetime null, constraint \`user_oauth_user_sub_foreign\` foreign key (\`user_sub\`) references \`user\` (\`sub\`) on update no action on delete no action);`);
25
+ this.addSql(`insert into \`user_oauth__temp_alter\` select \`id\`, \`created_at\`, \`updated_at\`, \`user_sub\`, \`provider_name\`, \`provider_user_id\`, \`access_token\`, \`refresh_token\`, \`expires_at\` from \`user_oauth\`;`);
26
+ this.addSql(`drop table \`user_oauth\`;`);
27
+ this.addSql(`alter table \`user_oauth__temp_alter\` rename to \`user_oauth\`;`);
28
+ this.addSql(`create index \`user_oauth_user_sub_idx\` on \`user_oauth\` (\`user_sub\`);`);
29
+ this.addSql(`create index \`user_oauth_user_provider_idx\` on \`user_oauth\` (\`user_sub\`, \`provider_name\`);`);
30
+ this.addSql(`create unique index \`user_oauth_provider_unique\` on \`user_oauth\` (\`provider_name\`, \`provider_user_id\`);`);
31
+ this.addSql(`pragma foreign_keys = on;`);
32
+ }
33
+ down() {
34
+ this.addSql(`drop table if exists \`oauth_device_code\`;`);
35
+ this.addSql(`pragma foreign_keys = off;`);
36
+ this.addSql(`create table \`background_jobs__temp_alter\` (\`id\` TEXT not null primary key, \`created_at\` datetime not null, \`updated_at\` datetime not null, \`job_id\` TEXT not null, \`payload\` TEXT not null, \`status\` TEXT check (\`status\` in ('pending', 'running', 'succeeded', 'failed')) not null default 'pending', \`available_at\` datetime not null, \`locked_by\` TEXT null, \`locked_until\` datetime null, \`attempt_count\` INTEGER check (\`attempt_count\` >= 0) not null default 0, \`max_attempts\` INTEGER check (\`max_attempts\` > 0) not null default 3, \`last_error\` TEXT null, \`completed_at\` datetime null);`);
37
+ this.addSql(`insert into \`background_jobs__temp_alter\` select \`id\`, \`created_at\`, \`updated_at\`, \`job_id\`, \`payload\`, \`status\`, \`available_at\`, \`locked_by\`, \`locked_until\`, \`attempt_count\`, \`max_attempts\`, \`last_error\`, \`completed_at\` from \`background_jobs\`;`);
38
+ this.addSql(`drop table \`background_jobs\`;`);
39
+ this.addSql(`alter table \`background_jobs__temp_alter\` rename to \`background_jobs\`;`);
40
+ this.addSql(`create index \`background_jobs_job_id_idx\` on \`background_jobs\` (\`job_id\`);`);
41
+ this.addSql(`create index \`background_jobs_locked_until_idx\` on \`background_jobs\` (\`locked_until\`);`);
42
+ this.addSql(`create index \`background_jobs_status_available_at_idx\` on \`background_jobs\` (\`status\`, \`available_at\`);`);
43
+ this.addSql(`pragma foreign_keys = on;`);
44
+ this.addSql(`alter table \`oauth_client\` drop column \`post_logout_redirect_uris\`;`);
45
+ this.addSql(`alter table \`oauth_client\` drop column \`web_origins\`;`);
46
+ this.addSql(`pragma foreign_keys = off;`);
47
+ this.addSql(`create table \`user_oauth__temp_alter\` (\`id\` integer not null primary key autoincrement, \`created_at\` datetime not null, \`updated_at\` datetime not null, \`user_sub\` TEXT not null, \`provider_name\` TEXT not null, \`provider_user_id\` TEXT not null, \`access_token\` TEXT not null, \`refresh_token\` TEXT not null, \`expires_at\` datetime null, constraint \`user_oauth_user_sub_foreign\` foreign key (\`user_sub\`) references \`user\` (\`sub\`) on update no action on delete no action);`);
48
+ this.addSql(`insert into \`user_oauth__temp_alter\` select \`id\`, \`created_at\`, \`updated_at\`, \`user_sub\`, \`provider_name\`, \`provider_user_id\`, \`access_token\`, \`refresh_token\`, \`expires_at\` from \`user_oauth\`;`);
49
+ this.addSql(`drop table \`user_oauth\`;`);
50
+ this.addSql(`alter table \`user_oauth__temp_alter\` rename to \`user_oauth\`;`);
51
+ this.addSql(`create unique index \`user_oauth_provider_unique\` on \`user_oauth\` (\`provider_name\`, \`provider_user_id\`);`);
52
+ this.addSql(`create index \`user_oauth_user_provider_idx\` on \`user_oauth\` (\`user_sub\`, \`provider_name\`);`);
53
+ this.addSql(`create index \`user_oauth_user_sub_idx\` on \`user_oauth\` (\`user_sub\`);`);
54
+ this.addSql(`pragma foreign_keys = on;`);
55
+ }
56
+ }
57
+ //# sourceMappingURL=Migration20260619075330.js.map
package/dist/migrations/sqlite/Migration20260619075330.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Migration20260619075330.js","sourceRoot":"","sources":["../../../src/migrations/sqlite/Migration20260619075330.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,MAAM,OAAO,uBAAwB,SAAQ,SAAS;IAC3C,EAAE;QACT,IAAI,CAAC,MAAM,CACT,mtBAAmtB,CACptB,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oHAAoH,CACrH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,gHAAgH,CACjH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,8FAA8F,CAC/F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,kHAAkH,CACnH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qGAAqG,CACtG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iGAAiG,CAClG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,8FAA8F,CAC/F,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CACT,goBAAgoB,CACjoB,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oRAAoR,CACrR,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CACT,4EAA4E,CAC7E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iHAAiH,CAClH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,8FAA8F,CAC/F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,kFAAkF,CACnF,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,CACT,mGAAmG,CACpG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qFAAqF,CACtF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CACT,+eAA+e,CAChf,CAAC;QACF,IAAI,CAAC,MAAM,CACT,uNAAuN,CACxN,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CACT,kEAAkE,CACnE,CAAC;QACF,IAAI,CAAC,MAAM,CACT,4EAA4E,CAC7E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oGAAoG,CACrG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iHAAiH,CAClH,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;IAEQ,IAAI;QACX,IAAI,CAAC,MAAM,CAAC,6CAA6C,CAAC,CAAC;QAE3D,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CACT,ymBAAymB,CAC1mB,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oRAAoR,CACrR,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CACT,4EAA4E,CAC7E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,kFAAkF,CACnF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,8FAA8F,CAC/F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iHAAiH,CAClH,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,CACT,yEAAyE,CAC1E,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,2DAA2D,CAAC,CAAC;QAEzE,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CACT,+eAA+e,CAChf,CAAC;QACF,IAAI,CAAC,MAAM,CACT,uNAAuN,CACxN,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CACT,kEAAkE,CACnE,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iHAAiH,CAClH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oGAAoG,CACrG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,4EAA4E,CAC7E,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;CACF"}
package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ import { Migration } from '@mikro-orm/migrations';
2
+ export declare class Migration20260619191600_unique_oauth_client_client_id extends Migration {
3
+ up(): void | Promise<void>;
4
+ down(): void | Promise<void>;
5
+ }
6
+ //# sourceMappingURL=Migration20260619191600_unique_oauth_client_client_id.d.ts.map
package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Migration20260619191600_unique_oauth_client_client_id.d.ts","sourceRoot":"","sources":["../../../src/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,qBAAa,qDAAsD,SAAQ,SAAS;IACzE,EAAE,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAO1B,IAAI,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAMtC"}
package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js ADDED
@@ -0,0 +1,12 @@
1
+ import { Migration } from '@mikro-orm/migrations';
2
+ export class Migration20260619191600_unique_oauth_client_client_id extends Migration {
3
+ up() {
4
+ this.addSql(`drop index if exists \`client_client_id_unique\`;`);
5
+ this.addSql(`create unique index \`client_client_id_unique\` on \`oauth_client\` (\`client_id\`);`);
6
+ }
7
+ down() {
8
+ this.addSql(`drop index if exists \`client_client_id_unique\`;`);
9
+ this.addSql(`create index \`client_client_id_unique\` on \`oauth_client\` (\`client_id\`);`);
10
+ }
11
+ }
12
+ //# sourceMappingURL=Migration20260619191600_unique_oauth_client_client_id.js.map
package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"Migration20260619191600_unique_oauth_client_client_id.js","sourceRoot":"","sources":["../../../src/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,MAAM,OAAO,qDAAsD,SAAQ,SAAS;IACzE,EAAE;QACT,IAAI,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM,CACT,sFAAsF,CACvF,CAAC;IACJ,CAAC;IAEQ,IAAI;QACX,IAAI,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM,CACT,+EAA+E,CAChF,CAAC;IACJ,CAAC;CACF"}
package/dist/migrations/sqlite/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/migrations/sqlite/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AAGvF,eAAO,MAAM,iBAAiB,4CAG7B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/migrations/sqlite/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AAKvF,eAAO,MAAM,iBAAiB,4CAK7B,CAAC"}
package/dist/migrations/sqlite/index.js CHANGED
@@ -1,7 +1,11 @@
1
1
  import { Migration20260509171226_initial } from './Migration20260509171226_initial.js';
2
2
  import { Migration20260512120000_add_scheduler_jobs } from './Migration20260512120000_add_scheduler_jobs.js';
3
+ import { Migration20260619075330 } from './Migration20260619075330.js';
4
+ import { Migration20260619191600_unique_oauth_client_client_id } from './Migration20260619191600_unique_oauth_client_client_id.js';
3
5
  export const SQLITE_MIGRATIONS = [
4
6
  Migration20260509171226_initial,
5
7
  Migration20260512120000_add_scheduler_jobs,
8
+ Migration20260619075330,
9
+ Migration20260619191600_unique_oauth_client_client_id,
6
10
  ];
7
11
  //# sourceMappingURL=index.js.map
package/dist/migrations/sqlite/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/migrations/sqlite/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AACvF,OAAO,EAAE,0CAA0C,EAAE,MAAM,iDAAiD,CAAC;AAE7G,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,+BAA+B;IAC/B,0CAA0C;CAC3C,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/migrations/sqlite/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AACvF,OAAO,EAAE,0CAA0C,EAAE,MAAM,iDAAiD,CAAC;AAC7G,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,qDAAqD,EAAE,MAAM,4DAA4D,CAAC;AAEnI,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,+BAA+B;IAC/B,0CAA0C;IAC1C,uBAAuB;IACvB,qDAAqD;CACtD,CAAC"}
package/dist/repositories/oauth-device-code.repository.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ import { EntityRepository } from '@mikro-orm/core';
2
+ import type { IOAuthDeviceCodeEntity } from '../entities/oauth-device-code.entity.ts';
3
+ export declare class OAuthDeviceCodeRepository extends EntityRepository<IOAuthDeviceCodeEntity> {
4
+ createDeviceAuthorization(params: {
5
+ clientId: string;
6
+ deviceCodeHash: string;
7
+ userCodeHash: string;
8
+ scope: string[];
9
+ expiresInSeconds?: number;
10
+ }): Promise<IOAuthDeviceCodeEntity>;
11
+ findPendingByUserCodeHash(userCodeHash: string): Promise<IOAuthDeviceCodeEntity | null>;
12
+ approvePendingByUserCodeHash(params: {
13
+ userCodeHash: string;
14
+ userSub: string;
15
+ approvedAt: Date;
16
+ }): Promise<IOAuthDeviceCodeEntity | null>;
17
+ findByClientAndDeviceCodeHash(clientId: string, deviceCodeHash: string): Promise<IOAuthDeviceCodeEntity | null>;
18
+ consumeAuthorizedDeviceCode(id: string, consumedAt: Date): Promise<boolean>;
19
+ }
20
+ //# sourceMappingURL=oauth-device-code.repository.d.ts.map
package/dist/repositories/oauth-device-code.repository.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-device-code.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/oauth-device-code.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEtF,qBAAa,yBAA0B,SAAQ,gBAAgB,CAAC,sBAAsB,CAAC;IAC/E,yBAAyB,CAAC,MAAM,EAAE;QACtC,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAe7B,yBAAyB,CAC7B,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAQnC,4BAA4B,CAAC,MAAM,EAAE;QACzC,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,IAAI,CAAC;KAClB,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAwBpC,6BAA6B,CACjC,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAQnC,2BAA2B,CAC/B,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,IAAI,GACf,OAAO,CAAC,OAAO,CAAC;CAapB"}
package/dist/repositories/oauth-device-code.repository.js ADDED
@@ -0,0 +1,55 @@
1
+ import { EntityRepository } from '@mikro-orm/core';
2
+ export class OAuthDeviceCodeRepository extends EntityRepository {
3
+ async createDeviceAuthorization(params) {
4
+ const expiresInSeconds = params.expiresInSeconds ?? 600;
5
+ const expiresAt = new Date(Date.now() + expiresInSeconds * 1000);
6
+ const entity = this.create({
7
+ client: params.clientId,
8
+ deviceCodeHash: params.deviceCodeHash,
9
+ userCodeHash: params.userCodeHash,
10
+ scope: params.scope,
11
+ expiresAt,
12
+ });
13
+ await this.getEntityManager().persist(entity).flush();
14
+ return entity;
15
+ }
16
+ async findPendingByUserCodeHash(userCodeHash) {
17
+ return this.findOne({
18
+ userCodeHash,
19
+ consumedAt: null,
20
+ authorizedAt: null,
21
+ });
22
+ }
23
+ async approvePendingByUserCodeHash(params) {
24
+ const updated = await this.nativeUpdate({
25
+ userCodeHash: params.userCodeHash,
26
+ consumedAt: null,
27
+ authorizedAt: null,
28
+ expiresAt: { $gt: params.approvedAt },
29
+ }, {
30
+ authorizedUser: params.userSub,
31
+ authorizedAt: params.approvedAt,
32
+ });
33
+ if (updated !== 1) {
34
+ return null;
35
+ }
36
+ return this.findOne({ userCodeHash: params.userCodeHash }, { populate: ['client'] });
37
+ }
38
+ async findByClientAndDeviceCodeHash(clientId, deviceCodeHash) {
39
+ return this.findOne({
40
+ client: clientId,
41
+ deviceCodeHash,
42
+ consumedAt: null,
43
+ });
44
+ }
45
+ async consumeAuthorizedDeviceCode(id, consumedAt) {
46
+ const updated = await this.nativeUpdate({
47
+ id,
48
+ consumedAt: null,
49
+ authorizedAt: { $ne: null },
50
+ expiresAt: { $gt: consumedAt },
51
+ }, { consumedAt });
52
+ return updated === 1;
53
+ }
54
+ }
55
+ //# sourceMappingURL=oauth-device-code.repository.js.map
package/dist/repositories/oauth-device-code.repository.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-device-code.repository.js","sourceRoot":"","sources":["../../src/repositories/oauth-device-code.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGnD,MAAM,OAAO,yBAA0B,SAAQ,gBAAwC;IACrF,KAAK,CAAC,yBAAyB,CAAC,MAM/B;QACC,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,GAAG,CAAC;QACxD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,QAAQ;YACvB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,SAAS;SACV,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QACtD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,YAAoB;QAEpB,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,YAAY;YACZ,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,4BAA4B,CAAC,MAIlC;QACC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CACrC;YACE,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,IAAI;YAClB,SAAS,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;SACtC,EACD;YACE,cAAc,EAAE,MAAM,CAAC,OAAO;YAC9B,YAAY,EAAE,MAAM,CAAC,UAAU;SAChC,CACF,CAAC;QAEF,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CACjB,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,EACrC,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,CACzB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,QAAgB,EAChB,cAAsB;QAEtB,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,MAAM,EAAE,QAAQ;YAChB,cAAc;YACd,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,2BAA2B,CAC/B,EAAU,EACV,UAAgB;QAEhB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CACrC;YACE,EAAE;YACF,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE;YAC3B,SAAS,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE;SAC/B,EACD,EAAE,UAAU,EAAE,CACf,CAAC;QAEF,OAAO,OAAO,KAAK,CAAC,CAAC;IACvB,CAAC;CACF"}
package/dist/routes/.well-known/index.d.ts CHANGED
@@ -3,9 +3,35 @@ export declare const wellKnownRoutes: import("hono/hono-base").HonoBase<AppEnv,
3
3
  "/openid-configuration": {
4
4
  $get: {
5
5
  input: {};
6
- output: undefined;
7
- outputFormat: "redirect";
8
- status: 302;
6
+ output: {
7
+ issuer: string;
8
+ authorization_endpoint: string;
9
+ token_endpoint: string;
10
+ jwks_uri: string;
11
+ response_types_supported: string[];
12
+ response_modes_supported: string[];
13
+ subject_types_supported: string[];
14
+ id_token_signing_alg_values_supported: string[];
15
+ userinfo_signing_alg_values_supported: string[];
16
+ userinfo_endpoint: string;
17
+ scopes_supported: string[];
18
+ claims_supported: string[];
19
+ grant_types_supported: string[];
20
+ token_endpoint_auth_methods_supported: string[];
21
+ introspection_endpoint_auth_methods_supported: string[];
22
+ revocation_endpoint_auth_methods_supported: string[];
23
+ code_challenge_methods_supported: string[];
24
+ introspection_endpoint: string;
25
+ revocation_endpoint: string;
26
+ end_session_endpoint: string;
27
+ device_authorization_endpoint: string;
28
+ ui_locales_supported: ("en" | "ko" | "ja")[];
29
+ request_parameter_supported: boolean;
30
+ request_uri_parameter_supported: boolean;
31
+ claims_parameter_supported: boolean;
32
+ };
33
+ outputFormat: "json";
34
+ status: 200;
9
35
  };
10
36
  };
11
37
  }, "/">, "/", "/">;
package/dist/routes/.well-known/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/routes/.well-known/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAGrD,eAAO,MAAM,eAAe;;;;;;;;;kBAAiD,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/routes/.well-known/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAGrD,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAAiD,CAAC"}
package/dist/routes/.well-known/openid-configuration/get.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import type { AppEnv } from '#server/lib/app-env.js';
2
2
  /**
3
3
  * Standard OIDC Discovery endpoint at /.well-known/openid-configuration
4
- * Redirects to /oauth/.well-known/openid-configuration
4
+ * Serves direct JSON rather than redirecting for client compatibility.
5
5
  *
6
6
  * This provides compatibility with clients that expect the standard
7
7
  * OIDC Discovery URL at the root level.
@@ -10,9 +10,35 @@ export declare const openidConfigGet: import("hono/hono-base").HonoBase<AppEnv,
10
10
  "/openid-configuration": {
11
11
  $get: {
12
12
  input: {};
13
- output: undefined;
14
- outputFormat: "redirect";
15
- status: 302;
13
+ output: {
14
+ issuer: string;
15
+ authorization_endpoint: string;
16
+ token_endpoint: string;
17
+ jwks_uri: string;
18
+ response_types_supported: string[];
19
+ response_modes_supported: string[];
20
+ subject_types_supported: string[];
21
+ id_token_signing_alg_values_supported: string[];
22
+ userinfo_signing_alg_values_supported: string[];
23
+ userinfo_endpoint: string;
24
+ scopes_supported: string[];
25
+ claims_supported: string[];
26
+ grant_types_supported: string[];
27
+ token_endpoint_auth_methods_supported: string[];
28
+ introspection_endpoint_auth_methods_supported: string[];
29
+ revocation_endpoint_auth_methods_supported: string[];
30
+ code_challenge_methods_supported: string[];
31
+ introspection_endpoint: string;
32
+ revocation_endpoint: string;
33
+ end_session_endpoint: string;
34
+ device_authorization_endpoint: string;
35
+ ui_locales_supported: ("en" | "ko" | "ja")[];
36
+ request_parameter_supported: boolean;
37
+ request_uri_parameter_supported: boolean;
38
+ claims_parameter_supported: boolean;
39
+ };
40
+ outputFormat: "json";
41
+ status: 200;
16
42
  };
17
43
  };
18
44
  }, "/", "/openid-configuration">;
package/dist/routes/.well-known/openid-configuration/get.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../src/routes/.well-known/openid-configuration/get.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAErD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe;;;;;;;;;gCAK3B,CAAC"}
1
+ {"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../src/routes/.well-known/openid-configuration/get.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAGrD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAO3B,CAAC"}
package/dist/routes/.well-known/openid-configuration/get.js CHANGED
@@ -1,12 +1,15 @@
1
1
  import { Hono } from 'hono';
2
+ import { buildOpenidConfiguration } from '#server/routes/oauth/.well-known/openid-configuration/get.js';
2
3
  /**
3
4
  * Standard OIDC Discovery endpoint at /.well-known/openid-configuration
4
- * Redirects to /oauth/.well-known/openid-configuration
5
+ * Serves direct JSON rather than redirecting for client compatibility.
5
6
  *
6
7
  * This provides compatibility with clients that expect the standard
7
8
  * OIDC Discovery URL at the root level.
8
9
  */
9
10
  export const openidConfigGet = new Hono().get('/openid-configuration', async (c) => {
10
- return c.redirect('/oauth/.well-known/openid-configuration');
11
+ const { config } = c.var.services;
12
+ c.header('Cache-Control', 'public, max-age=3600');
13
+ return c.json(buildOpenidConfiguration(config), 200);
11
14
  });
12
15
  //# sourceMappingURL=get.js.map
package/dist/routes/.well-known/openid-configuration/get.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../src/routes/.well-known/openid-configuration/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CACnD,uBAAuB,EACvB,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,OAAO,CAAC,CAAC,QAAQ,CAAC,yCAAyC,CAAC,CAAC;AAC/D,CAAC,CACF,CAAC"}
1
+ {"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../src/routes/.well-known/openid-configuration/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,8DAA8D,CAAC;AAExG;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CACnD,uBAAuB,EACvB,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClC,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAClD,OAAO,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;AACvD,CAAC,CACF,CAAC"}
package/dist/routes/index.d.ts CHANGED
@@ -978,6 +978,74 @@ export declare const routes: import("hono/hono-base").HonoBase<AppEnv, import("h
978
978
  max_age?: string | string[];
979
979
  reauthenticated?: string | string[];
980
980
  display?: string | string[];
981
+ response_mode?: string | string[];
982
+ login_hint?: string | string[];
983
+ ui_locales?: string | string[];
984
+ id_token_hint?: string | string[];
985
+ acr_values?: string | string[];
986
+ };
987
+ };
988
+ output: {};
989
+ outputFormat: string;
990
+ status: import("hono/utils/http-status").StatusCode;
991
+ };
992
+ };
993
+ }, "/"> | import("hono/types").MergeSchemaPath<{
994
+ "/device_authorization": {
995
+ $post: {
996
+ input: {
997
+ form: {
998
+ client_id?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
999
+ client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1000
+ scope?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1001
+ };
1002
+ };
1003
+ output: {
1004
+ device_code: string;
1005
+ user_code: string;
1006
+ verification_uri: string;
1007
+ verification_uri_complete: string;
1008
+ expires_in: number;
1009
+ interval: number;
1010
+ };
1011
+ outputFormat: "json";
1012
+ status: 200;
1013
+ };
1014
+ };
1015
+ }, "/"> | import("hono/types").MergeSchemaPath<{
1016
+ "/device": {
1017
+ $get: {
1018
+ input: {};
1019
+ output: {};
1020
+ outputFormat: string;
1021
+ status: import("hono/utils/http-status").StatusCode;
1022
+ };
1023
+ };
1024
+ } & {
1025
+ "/device": {
1026
+ $post: {
1027
+ input: {
1028
+ form: {
1029
+ user_code: string;
1030
+ };
1031
+ };
1032
+ output: {
1033
+ status: string;
1034
+ client_id: string;
1035
+ };
1036
+ outputFormat: "json";
1037
+ status: import("hono/utils/http-status").ContentfulStatusCode;
1038
+ };
1039
+ };
1040
+ }, "/"> | import("hono/types").MergeSchemaPath<{
1041
+ "/end_session": {
1042
+ $get: {
1043
+ input: {
1044
+ query: {
1045
+ client_id?: string | string[];
1046
+ post_logout_redirect_uri?: string | string[];
1047
+ id_token_hint?: string | string[];
1048
+ state?: string | string[];
981
1049
  };
982
1050
  };
983
1051
  output: undefined;
@@ -986,18 +1054,10 @@ export declare const routes: import("hono/hono-base").HonoBase<AppEnv, import("h
986
1054
  } | {
987
1055
  input: {
988
1056
  query: {
989
- response_type: string | string[];
990
- redirect_uri: string | string[];
991
- client_id: string | string[];
1057
+ client_id?: string | string[];
1058
+ post_logout_redirect_uri?: string | string[];
1059
+ id_token_hint?: string | string[];
992
1060
  state?: string | string[];
993
- code_challenge?: string | string[];
994
- code_challenge_method?: string | string[];
995
- scope?: string | string[];
996
- nonce?: string | string[];
997
- prompt?: string | string[];
998
- max_age?: string | string[];
999
- reauthenticated?: string | string[];
1000
- display?: string | string[];
1001
1061
  };
1002
1062
  };
1003
1063
  output: {
@@ -1020,6 +1080,8 @@ export declare const routes: import("hono/hono-base").HonoBase<AppEnv, import("h
1020
1080
  client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1021
1081
  code_verifier?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1022
1082
  refresh_token?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1083
+ scope?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1084
+ device_code?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
1023
1085
  };
1024
1086
  };
1025
1087
  output: {
@@ -1079,11 +1141,23 @@ export declare const routes: import("hono/hono-base").HonoBase<AppEnv, import("h
1079
1141
  }, "/"> | import("hono/types").MergeSchemaPath<{
1080
1142
  "/userinfo": {
1081
1143
  $get: {
1082
- input: {
1083
- header: {
1084
- authorization?: string;
1085
- };
1144
+ input: {};
1145
+ output: {
1146
+ sub: string;
1147
+ email?: string | undefined;
1148
+ email_verified?: boolean | undefined;
1149
+ name?: string | undefined;
1150
+ picture?: string | undefined;
1151
+ preferred_username?: string | undefined;
1086
1152
  };
1153
+ outputFormat: "json";
1154
+ status: 200;
1155
+ };
1156
+ };
1157
+ } & {
1158
+ "/userinfo": {
1159
+ $post: {
1160
+ input: {};
1087
1161
  output: {
1088
1162
  sub: string;
1089
1163
  email?: string | undefined;
@@ -1130,14 +1204,19 @@ export declare const routes: import("hono/hono-base").HonoBase<AppEnv, import("h
1130
1204
  response_modes_supported: string[];
1131
1205
  subject_types_supported: string[];
1132
1206
  id_token_signing_alg_values_supported: string[];
1207
+ userinfo_signing_alg_values_supported: string[];
1133
1208
  userinfo_endpoint: string;
1134
1209
  scopes_supported: string[];
1135
1210
  claims_supported: string[];
1136
1211
  grant_types_supported: string[];
1137
1212
  token_endpoint_auth_methods_supported: string[];
1213
+ introspection_endpoint_auth_methods_supported: string[];
1214
+ revocation_endpoint_auth_methods_supported: string[];
1138
1215
  code_challenge_methods_supported: string[];
1139
1216
  introspection_endpoint: string;
1140
1217
  revocation_endpoint: string;
1218
+ end_session_endpoint: string;
1219
+ device_authorization_endpoint: string;
1141
1220
  ui_locales_supported: ("en" | "ko" | "ja")[];
1142
1221
  request_parameter_supported: boolean;
1143
1222
  request_uri_parameter_supported: boolean;
@@ -1151,9 +1230,35 @@ export declare const routes: import("hono/hono-base").HonoBase<AppEnv, import("h
1151
1230
  "/openid-configuration": {
1152
1231
  $get: {
1153
1232
  input: {};
1154
- output: undefined;
1155
- outputFormat: "redirect";
1156
- status: 302;
1233
+ output: {
1234
+ issuer: string;
1235
+ authorization_endpoint: string;
1236
+ token_endpoint: string;
1237
+ jwks_uri: string;
1238
+ response_types_supported: string[];
1239
+ response_modes_supported: string[];
1240
+ subject_types_supported: string[];
1241
+ id_token_signing_alg_values_supported: string[];
1242
+ userinfo_signing_alg_values_supported: string[];
1243
+ userinfo_endpoint: string;
1244
+ scopes_supported: string[];
1245
+ claims_supported: string[];
1246
+ grant_types_supported: string[];
1247
+ token_endpoint_auth_methods_supported: string[];
1248
+ introspection_endpoint_auth_methods_supported: string[];
1249
+ revocation_endpoint_auth_methods_supported: string[];
1250
+ code_challenge_methods_supported: string[];
1251
+ introspection_endpoint: string;
1252
+ revocation_endpoint: string;
1253
+ end_session_endpoint: string;
1254
+ device_authorization_endpoint: string;
1255
+ ui_locales_supported: ("en" | "ko" | "ja")[];
1256
+ request_parameter_supported: boolean;
1257
+ request_uri_parameter_supported: boolean;
1258
+ claims_parameter_supported: boolean;
1259
+ };
1260
+ outputFormat: "json";
1261
+ status: 200;
1157
1262
  };
1158
1263
  };
1159
1264
  }, "/">, "/.well-known">, "/", "/">;
package/dist/routes/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAKhD,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mCAGsB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAKhD,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mCAGsB,CAAC"}
package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts CHANGED
@@ -1,4 +1,32 @@
1
1
  import type { AppEnv } from '#server/lib/app-env.js';
2
+ import type { TinyAuthRuntimeConfig } from '#server/lib/config/index.js';
3
+ export declare function buildOpenidConfiguration(config: TinyAuthRuntimeConfig): {
4
+ issuer: string;
5
+ authorization_endpoint: string;
6
+ token_endpoint: string;
7
+ jwks_uri: string;
8
+ response_types_supported: string[];
9
+ response_modes_supported: string[];
10
+ subject_types_supported: string[];
11
+ id_token_signing_alg_values_supported: string[];
12
+ userinfo_signing_alg_values_supported: string[];
13
+ userinfo_endpoint: string;
14
+ scopes_supported: string[];
15
+ claims_supported: string[];
16
+ grant_types_supported: string[];
17
+ token_endpoint_auth_methods_supported: string[];
18
+ introspection_endpoint_auth_methods_supported: string[];
19
+ revocation_endpoint_auth_methods_supported: string[];
20
+ code_challenge_methods_supported: string[];
21
+ introspection_endpoint: string;
22
+ revocation_endpoint: string;
23
+ end_session_endpoint: string;
24
+ device_authorization_endpoint: string;
25
+ ui_locales_supported: ("en" | "ko" | "ja")[];
26
+ request_parameter_supported: boolean;
27
+ request_uri_parameter_supported: boolean;
28
+ claims_parameter_supported: boolean;
29
+ };
2
30
  export declare const oidcConfigGet: import("hono/hono-base").HonoBase<AppEnv, {
3
31
  "/.well-known/openid-configuration": {
4
32
  $get: {
@@ -12,14 +40,19 @@ export declare const oidcConfigGet: import("hono/hono-base").HonoBase<AppEnv, {
12
40
  response_modes_supported: string[];
13
41
  subject_types_supported: string[];
14
42
  id_token_signing_alg_values_supported: string[];
43
+ userinfo_signing_alg_values_supported: string[];
15
44
  userinfo_endpoint: string;
16
45
  scopes_supported: string[];
17
46
  claims_supported: string[];
18
47
  grant_types_supported: string[];
19
48
  token_endpoint_auth_methods_supported: string[];
49
+ introspection_endpoint_auth_methods_supported: string[];
50
+ revocation_endpoint_auth_methods_supported: string[];
20
51
  code_challenge_methods_supported: string[];
21
52
  introspection_endpoint: string;
22
53
  revocation_endpoint: string;
54
+ end_session_endpoint: string;
55
+ device_authorization_endpoint: string;
23
56
  ui_locales_supported: ("en" | "ko" | "ja")[];
24
57
  request_parameter_supported: boolean;
25
58
  request_uri_parameter_supported: boolean;
package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../../src/routes/oauth/.well-known/openid-configuration/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAGrD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4CAkLzB,CAAC"}
1
+ {"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../../src/routes/oauth/.well-known/openid-configuration/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGzE,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;EAqErE;AAED,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4CAkJzB,CAAC"}