@usync/oauth2 0.0.5 → 0.1.0

package/dist/index.js

@@ -1,43 +1,32 @@
-import { nanoid as y } from "nanoid";
-const R = 1, h = 2, d = 3;
-class r extends Error {
-  constructor(e, n) {
-    super(n || `OAuth2Error: code=${e}`), this.code = e;
+import { nanoid as U } from "nanoid";
+const R = 1, a = 2, d = 3;
+class i extends Error {
+  constructor(e, o) {
+    super(o || `OAuth2Error: code=${e}`), this.code = e;
   }
 }
-var U = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", A;
-function S() {
-  return A ||= U.slice(0, -2) + "-_", A;
-}
-function b(i, e, n) {
-  let s = "", o = 0;
-  for (; o < i.length; ) {
-    let t = i[o++], c = i[o++], a = i[o++];
-    if (s += e[t >> 2], s += e[(t & 3) << 4 | (c || 0) >> 4], c == null || (s += e[(c & 15) << 2 | (a || 0) >> 6]), a == null)
-      break;
-    s += e[a & 63];
-  }
-  return s;
-}
-function O(i) {
-  return b(i, S(), !1);
+function O(r) {
+  let e = "";
+  for (const o of r)
+    e += String.fromCharCode(o);
+  return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 function _() {
-  return y(8);
+  return U(8);
 }
 function k() {
-  return y(64);
+  return U(64);
 }
-async function u(i) {
-  const e = "S256", n = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(i));
+async function u(r) {
+  const e = "S256", o = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(r));
   return {
-    codeChallenge: O(new Uint8Array(n)),
+    codeChallenge: O(new Uint8Array(o)),
     codeChallengeMethod: e
   };
 }
 class w {
-  constructor(e, n) {
-    this.options = e, this._accessToken = null, this._refreshToken = null, n && (this.setRefreshToken(n.refreshToken), this.setAccessToken(n.accessToken));
+  constructor(e, o) {
+    this.options = e, this._accessToken = null, this._refreshToken = null, o && (this.setRefreshToken(o.refreshToken), this.setAccessToken(o.accessToken));
   }
   _getValidToken(e) {
     return e && (!e.expiresAt || Date.now() < e.expiresAt) ? e.token : void 0;
@@ -49,14 +38,14 @@ class w {
     this.setRefreshToken(e), this.options.onSetRefreshToken?.(e);
   }
   getAccessToken() {
-    if (!this._accessToken) throw new r(d);
+    if (!this._accessToken) throw new i(d);
     const e = this._getValidToken(this._accessToken);
-    if (!e) throw new r(R);
+    if (!e) throw new i(R);
     return e;
   }
   getRefreshToken() {
     const e = this._getValidToken(this._refreshToken);
-    if (!e) throw new r(d, "Invalid refresh token");
+    if (!e) throw new i(d, "Invalid refresh token");
     return e;
   }
   setAccessToken(e) {
@@ -66,51 +55,51 @@ class w {
     this._refreshToken = e ?? null;
   }
 }
-const g = class g extends w {
+const b = "https://www.dropbox.com/oauth2/authorize", A = "https://api.dropbox.com/oauth2/token", T = class T extends w {
   async buildAuthUrl() {
     this.session = {
       state: _(),
       codeVerifier: k()
     };
-    const { codeChallenge: e, codeChallengeMethod: n } = await u(
+    const { codeChallenge: e, codeChallengeMethod: o } = await u(
       this.session.codeVerifier
-    ), s = new URL("https://www.dropbox.com/oauth2/authorize");
+    ), s = new URL(b);
     return Object.entries({
       client_id: this.options.clientId,
       code_challenge: e,
-      code_challenge_method: n,
+      code_challenge_method: o,
       redirect_uri: this.options.redirectUrl,
       response_type: "code",
       token_access_type: "offline",
       scope: this.options.scope,
       state: this.session.state
-    }).forEach(([o, t]) => {
-      t && s.searchParams.set(o, t);
+    }).forEach(([n, t]) => {
+      t && s.searchParams.set(n, t);
     }), s.href;
   }
   async finishAuth(e) {
     if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new r(h, "state doesn't match");
-    const n = e.searchParams.get("code");
-    if (!n) throw new r(h, "Invalid code");
+      throw new i(a, "state doesn't match");
+    const o = e.searchParams.get("code");
+    if (!o) throw new i(a, "Invalid code");
     const s = new URLSearchParams();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
-      code: n,
+      code: o,
       code_verifier: this.session.codeVerifier,
       grant_type: "authorization_code",
       redirect_uri: this.options.redirectUrl
-    }).forEach(([c, a]) => {
-      s.append(c, a);
+    }).forEach(([c, h]) => {
+      h != null && s.append(c, h);
     });
-    const o = await fetch("https://api.dropbox.com/oauth2/token", {
+    const n = await fetch(A, {
       method: "POST",
       body: s
-    }), t = await o.json();
-    if (!o.ok) throw { status: o.status, data: t };
+    }), t = await n.json();
+    if (!n.ok) throw { status: n.status, data: t };
     if (!t.refresh_token)
-      throw new r(h, "Failed to get refresh_token");
+      throw new i(a, "Failed to get refresh_token");
     return this._updateRefreshToken({
       token: t.refresh_token,
       scope: t.scope
@@ -120,77 +109,77 @@ const g = class g extends w {
     }), t.access_token;
   }
   async refreshToken() {
-    const e = new URLSearchParams(), n = this.getRefreshToken();
+    const e = new URLSearchParams(), o = this.getRefreshToken();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
       grant_type: "refresh_token",
-      refresh_token: n
+      refresh_token: o
     }).forEach(([t, c]) => {
-      e.append(t, c);
+      c != null && e.append(t, c);
     });
-    const s = await fetch("https://api.dropbox.com/oauth2/token", {
+    const s = await fetch(A, {
       method: "POST",
       body: e
-    }), o = await s.json();
-    if (!s.ok) throw { status: s.status, data: o };
+    }), n = await s.json();
+    if (!s.ok) throw { status: s.status, data: n };
     return this._updateAccessToken({
-      token: o.access_token,
-      expiresAt: Date.now() + o.expires_in * 1e3
-    }), o.access_token;
+      token: n.access_token,
+      expiresAt: Date.now() + n.expires_in * 1e3
+    }), n.access_token;
   }
 };
-g.Scopes = {
+T.Scopes = {
   account: "account_info.read"
 };
-let p = g;
-const T = class T extends w {
+let p = T;
+const S = "https://accounts.google.com/o/oauth2/v2/auth", y = "https://oauth2.googleapis.com/token", g = class g extends w {
   async buildAuthUrl() {
     this.session = {
       state: _(),
       codeVerifier: k()
     };
-    const { codeChallenge: e, codeChallengeMethod: n } = await u(
+    const { codeChallenge: e, codeChallengeMethod: o } = await u(
       this.session.codeVerifier
-    ), s = new URL("https://accounts.google.com/o/oauth2/v2/auth");
+    ), s = new URL(S);
     return Object.entries({
       access_type: "offline",
       client_id: this.options.clientId,
       code_challenge: e,
-      code_challenge_method: n,
+      code_challenge_method: o,
       include_granted_scopes: "true",
       prompt: "consent",
       redirect_uri: this.options.redirectUrl,
       response_type: "code",
       scope: this.options.scope,
       state: this.session.state
-    }).forEach(([o, t]) => {
-      t && s.searchParams.set(o, t);
+    }).forEach(([n, t]) => {
+      t && s.searchParams.set(n, t);
     }), s.href;
   }
   async finishAuth(e) {
     if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new r(h, "state doesn't match");
-    const n = e.searchParams.get("code");
-    if (!n) throw new r(h, "Invalid code");
+      throw new i(a, "state doesn't match");
+    const o = e.searchParams.get("code");
+    if (!o) throw new i(a, "Invalid code");
     const s = new URLSearchParams();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
-      code: n,
+      code: o,
       code_verifier: this.session.codeVerifier,
       grant_type: "authorization_code",
       redirect_uri: this.options.redirectUrl
-    }).forEach(([c, a]) => {
-      s.append(c, a);
+    }).forEach(([c, h]) => {
+      h != null && s.append(c, h);
     });
-    const o = await fetch("https://oauth2.googleapis.com/token", {
+    const n = await fetch(y, {
       method: "POST",
       body: s
-    }), t = await o.json();
-    if (!o.ok) throw { status: o.status, data: t };
+    }), t = await n.json();
+    if (!n.ok) throw { status: n.status, data: t };
     if (!t.refresh_token)
-      throw new r(h, "Failed to get refresh_token");
+      throw new i(a, "Failed to get refresh_token");
     return this._updateRefreshToken({
       token: t.refresh_token,
       scope: t.scope
@@ -200,79 +189,82 @@ const T = class T extends w {
     }), t.access_token;
   }
   async refreshToken() {
-    const e = new URLSearchParams(), n = this.getRefreshToken();
+    const e = new URLSearchParams(), o = this.getRefreshToken();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
       grant_type: "refresh_token",
-      refresh_token: n,
+      refresh_token: o,
       scope: this.options.scope
     }).forEach(([t, c]) => {
       c != null && e.append(t, c);
     });
-    const s = await fetch("https://oauth2.googleapis.com/token", {
+    const s = await fetch(y, {
       method: "POST",
       body: e
-    }), o = await s.json();
-    if (!s.ok) throw { status: s.status, data: o };
+    }), n = await s.json();
+    if (!s.ok) throw { status: s.status, data: n };
     return this._updateAccessToken({
-      token: o.access_token,
-      expiresAt: Date.now() + o.expires_in * 1e3
-    }), o.access_token;
+      token: n.access_token,
+      expiresAt: Date.now() + n.expires_in * 1e3
+    }), n.access_token;
   }
 };
-T.Scopes = {
+g.Scopes = {
   account: "https://www.googleapis.com/auth/userinfo.profile",
   "drive.appdata": "https://www.googleapis.com/auth/drive.appdata",
   imap: "https://mail.google.com/"
 };
-let f = T;
+let l = g;
 const m = class m extends w {
+  oauth2Url(e) {
+    return `https://login.microsoftonline.com/${this.options.provider?.microsoft?.accountType ?? "common"}/oauth2/v2.0/${e}`;
+  }
   async buildAuthUrl() {
     this.session = {
       state: _(),
       codeVerifier: k()
     };
-    const { codeChallenge: e, codeChallengeMethod: n } = await u(
+    const { codeChallenge: e, codeChallengeMethod: o } = await u(
       this.session.codeVerifier
-    ), s = new URL("https://login.microsoftonline.com/common/oauth2/v2.0/authorize");
+    ), s = new URL(this.oauth2Url("authorize"));
     return Object.entries({
       client_id: this.options.clientId,
       code_challenge: e,
-      code_challenge_method: n,
+      code_challenge_method: o,
       redirect_uri: this.options.redirectUrl,
       response_mode: "query",
       response_type: "code",
       scope: this.options.scope,
       state: this.session.state
-    }).forEach(([o, t]) => {
-      t && s.searchParams.set(o, t);
+    }).forEach(([n, t]) => {
+      t && s.searchParams.set(n, t);
     }), s.href;
   }
   async finishAuth(e) {
     if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new r(h, "state doesn't match");
-    const n = e.searchParams.get("code");
-    if (!n) throw new r(h, "Invalid code");
+      throw new i(a, "state doesn't match");
+    const o = e.searchParams.get("code");
+    if (!o) throw new i(a, "Invalid code");
     const s = new URLSearchParams();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
-      code: n,
+      code: o,
       code_verifier: this.session.codeVerifier,
       grant_type: "authorization_code",
       redirect_uri: this.options.redirectUrl,
       scope: this.options.scope
-    }).forEach(([c, a]) => {
-      a && s.append(c, a);
+    }).forEach(([c, h]) => {
+      h != null && s.append(c, h);
     });
-    const o = await fetch("https://login.microsoftonline.com/common/oauth2/v2.0/token", {
+    const n = await fetch(this.oauth2Url("token"), {
       method: "POST",
       body: s
-    }), t = await o.json();
-    if (!o.ok) throw { status: o.status, data: t };
+    }), t = await n.json();
+    if (!n.ok) throw { status: n.status, data: t };
     if (!t.refresh_token)
-      throw new r(h, "Failed to get refresh_token");
+      throw new i(a, "Failed to get refresh_token");
     return this._updateRefreshToken({
       token: t.refresh_token,
       scope: t.scope
@@ -282,25 +274,25 @@ const m = class m extends w {
     }), t.access_token;
   }
   async refreshToken() {
-    const e = new URLSearchParams(), n = this.getRefreshToken();
+    const e = new URLSearchParams(), o = this.getRefreshToken();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
       grant_type: "refresh_token",
-      refresh_token: n,
+      refresh_token: o,
       scope: this.options.scope
     }).forEach(([t, c]) => {
-      c && e.append(t, c);
+      c != null && e.append(t, c);
     });
-    const s = await fetch("https://login.microsoftonline.com/common/oauth2/v2.0/token", {
+    const s = await fetch(this.oauth2Url("token"), {
       method: "POST",
       body: e
-    }), o = await s.json();
-    if (!s.ok) throw { status: s.status, data: o };
+    }), n = await s.json();
+    if (!s.ok) throw { status: s.status, data: n };
     return this._updateAccessToken({
-      token: o.access_token,
-      expiresAt: Date.now() + o.expires_in * 1e3
-    }), o.access_token;
+      token: n.access_token,
+      expiresAt: Date.now() + n.expires_in * 1e3
+    }), n.access_token;
   }
 };
 m.Scopes = {
@@ -308,49 +300,49 @@ m.Scopes = {
   imap: "offline_access https://outlook.office.com/IMAP.AccessAsUser.All",
   onedrive: "openid profile Files.ReadWrite.AppFolder offline_access"
 };
-let l = m;
-const x = {
+let f = m;
+const E = {
   dropbox: p,
-  google: f,
-  microsoft: l
+  google: l,
+  microsoft: f
 };
-function E(i, e) {
-  return new x[e.provider](i);
+function x(r, e) {
+  return new E[e.provider](r);
 }
-async function j(i, e) {
-  let n;
+async function I(r, e) {
+  let o;
   try {
-    n = i.getAccessToken();
+    o = r.getAccessToken();
   } catch (s) {
-    if (!(s instanceof r))
+    if (!(s instanceof i))
       throw s;
     switch (s.code) {
       case d: {
         if (!e) throw s;
-        const o = await i.buildAuthUrl(), t = await e(o);
-        n = await i.finishAuth(new URL(t));
+        const n = await r.buildAuthUrl(), t = await e(n);
+        o = await r.finishAuth(new URL(t));
         break;
       }
       case R: {
-        n = await i.refreshToken();
+        o = await r.refreshToken();
         break;
       }
       default:
         throw s;
     }
   }
-  return n;
+  return o;
 }
 export {
   p as DropboxAuthorizer,
-  f as GoogleAuthorizer,
-  l as MicrosoftAuthorizer,
-  h as OAUTH2_AUTH_ERROR,
+  l as GoogleAuthorizer,
+  f as MicrosoftAuthorizer,
+  a as OAUTH2_AUTH_ERROR,
   R as OAUTH2_NEED_REFRESH,
   d as OAUTH2_UNAUTHORIZED,
   w as OAuth2Authorizer,
-  x as OAuth2Authorizers,
-  r as OAuth2Error,
-  j as ensureAccessToken,
-  E as getAuthorizer
+  E as OAuth2Authorizers,
+  i as OAuth2Error,
+  I as ensureAccessToken,
+  x as getAuthorizer
 };

package/dist/providers/microsoft.d.ts

@@ -9,6 +9,7 @@ export declare class MicrosoftAuthorizer extends OAuth2Authorizer {
         imap: string;
         onedrive: string;
     };
+    private oauth2Url;
     buildAuthUrl(): Promise<string>;
     finishAuth(url: URL): Promise<string>;
     refreshToken(): Promise<string>;

package/dist/types.d.ts

@@ -6,9 +6,21 @@ export interface TokenData {
 }
 export interface IOAuth2Options {
     clientId: string;
-    clientSecret: string;
+    /** clientSecret may be absent for client-side apps. */
+    clientSecret?: string;
     redirectUrl: string;
     scope?: string;
+    provider?: {
+        microsoft?: {
+            /**
+             * Must match the account type of the application registered in https://portal.azure.com/.
+             * `common` for all accounts, `consumers` for personal accounts only.
+             *
+             * Default as `common`.
+             */
+            accountType?: "common" | "consumers";
+        };
+    };
     onSetAccessToken?: (value: TokenData | null) => void;
     onSetRefreshToken?: (value: TokenData | null) => void;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@usync/oauth2",
-  "version": "0.0.5",
+  "version": "0.1.0",
   "files": [
     "dist"
   ],