@usync/oauth2 0.0.6 → 0.1.1

package/dist/index.js

@@ -1,43 +1,32 @@
-import { nanoid as y } from "nanoid";
-const R = 1, h = 2, d = 3;
-class r extends Error {
-  constructor(e, n) {
-    super(n || `OAuth2Error: code=${e}`), this.code = e;
+import { nanoid as U } from "nanoid";
+const R = 1, a = 2, d = 3;
+class i extends Error {
+  constructor(e, s) {
+    super(s || `OAuth2Error: code=${e}`), this.code = e;
   }
 }
-var U = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", A;
-function S() {
-  return A ||= U.slice(0, -2) + "-_", A;
-}
-function b(i, e, n) {
-  let s = "", o = 0;
-  for (; o < i.length; ) {
-    let t = i[o++], c = i[o++], a = i[o++];
-    if (s += e[t >> 2], s += e[(t & 3) << 4 | (c || 0) >> 4], c == null || (s += e[(c & 15) << 2 | (a || 0) >> 6]), a == null)
-      break;
-    s += e[a & 63];
-  }
-  return s;
-}
-function O(i) {
-  return b(i, S(), !1);
+function O(r) {
+  let e = "";
+  for (const s of r)
+    e += String.fromCharCode(s);
+  return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 function _() {
-  return y(8);
+  return U(8);
 }
 function k() {
-  return y(64);
+  return U(64);
 }
-async function u(i) {
-  const e = "S256", n = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(i));
+async function u(r) {
+  const e = "S256", s = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(r));
   return {
-    codeChallenge: O(new Uint8Array(n)),
+    codeChallenge: O(new Uint8Array(s)),
     codeChallengeMethod: e
   };
 }
 class w {
-  constructor(e, n) {
-    this.options = e, this._accessToken = null, this._refreshToken = null, n && (this.setRefreshToken(n.refreshToken), this.setAccessToken(n.accessToken));
+  constructor(e, s) {
+    this.options = e, this._accessToken = null, this._refreshToken = null, s && (this.setRefreshToken(s.refreshToken), this.setAccessToken(s.accessToken), this.session = s.session);
   }
   _getValidToken(e) {
     return e && (!e.expiresAt || Date.now() < e.expiresAt) ? e.token : void 0;
@@ -49,14 +38,14 @@ class w {
     this.setRefreshToken(e), this.options.onSetRefreshToken?.(e);
   }
   getAccessToken() {
-    if (!this._accessToken) throw new r(d);
+    if (!this._accessToken) throw new i(d);
     const e = this._getValidToken(this._accessToken);
-    if (!e) throw new r(R);
+    if (!e) throw new i(R);
     return e;
   }
   getRefreshToken() {
     const e = this._getValidToken(this._refreshToken);
-    if (!e) throw new r(d, "Invalid refresh token");
+    if (!e) throw new i(d, "Invalid refresh token");
     return e;
   }
   setAccessToken(e) {
@@ -66,51 +55,51 @@ class w {
     this._refreshToken = e ?? null;
   }
 }
-const g = class g extends w {
+const b = "https://www.dropbox.com/oauth2/authorize", A = "https://api.dropbox.com/oauth2/token", T = class T extends w {
   async buildAuthUrl() {
     this.session = {
       state: _(),
       codeVerifier: k()
     };
-    const { codeChallenge: e, codeChallengeMethod: n } = await u(
+    const { codeChallenge: e, codeChallengeMethod: s } = await u(
       this.session.codeVerifier
-    ), s = new URL("https://www.dropbox.com/oauth2/authorize");
+    ), o = new URL(b);
     return Object.entries({
       client_id: this.options.clientId,
       code_challenge: e,
-      code_challenge_method: n,
+      code_challenge_method: s,
       redirect_uri: this.options.redirectUrl,
       response_type: "code",
       token_access_type: "offline",
       scope: this.options.scope,
       state: this.session.state
-    }).forEach(([o, t]) => {
-      t && s.searchParams.set(o, t);
-    }), s.href;
+    }).forEach(([n, t]) => {
+      t && o.searchParams.set(n, t);
+    }), o.href;
   }
   async finishAuth(e) {
     if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new r(h, "state doesn't match");
-    const n = e.searchParams.get("code");
-    if (!n) throw new r(h, "Invalid code");
-    const s = new URLSearchParams();
+      throw new i(a, "state doesn't match");
+    const s = e.searchParams.get("code");
+    if (!s) throw new i(a, "Invalid code");
+    const o = new URLSearchParams();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
-      code: n,
+      code: s,
       code_verifier: this.session.codeVerifier,
       grant_type: "authorization_code",
       redirect_uri: this.options.redirectUrl
-    }).forEach(([c, a]) => {
-      s.append(c, a);
+    }).forEach(([c, h]) => {
+      h != null && o.append(c, h);
     });
-    const o = await fetch("https://api.dropbox.com/oauth2/token", {
+    const n = await fetch(A, {
       method: "POST",
-      body: s
-    }), t = await o.json();
-    if (!o.ok) throw { status: o.status, data: t };
+      body: o
+    }), t = await n.json();
+    if (!n.ok) throw { status: n.status, data: t };
     if (!t.refresh_token)
-      throw new r(h, "Failed to get refresh_token");
+      throw new i(a, "Failed to get refresh_token");
     return this._updateRefreshToken({
       token: t.refresh_token,
       scope: t.scope
@@ -120,77 +109,77 @@ const g = class g extends w {
     }), t.access_token;
   }
   async refreshToken() {
-    const e = new URLSearchParams(), n = this.getRefreshToken();
+    const e = new URLSearchParams(), s = this.getRefreshToken();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
       grant_type: "refresh_token",
-      refresh_token: n
+      refresh_token: s
     }).forEach(([t, c]) => {
-      e.append(t, c);
+      c != null && e.append(t, c);
     });
-    const s = await fetch("https://api.dropbox.com/oauth2/token", {
+    const o = await fetch(A, {
       method: "POST",
       body: e
-    }), o = await s.json();
-    if (!s.ok) throw { status: s.status, data: o };
+    }), n = await o.json();
+    if (!o.ok) throw { status: o.status, data: n };
     return this._updateAccessToken({
-      token: o.access_token,
-      expiresAt: Date.now() + o.expires_in * 1e3
-    }), o.access_token;
+      token: n.access_token,
+      expiresAt: Date.now() + n.expires_in * 1e3
+    }), n.access_token;
   }
 };
-g.Scopes = {
+T.Scopes = {
   account: "account_info.read"
 };
-let p = g;
-const T = class T extends w {
+let p = T;
+const S = "https://accounts.google.com/o/oauth2/v2/auth", y = "https://oauth2.googleapis.com/token", g = class g extends w {
   async buildAuthUrl() {
     this.session = {
       state: _(),
       codeVerifier: k()
     };
-    const { codeChallenge: e, codeChallengeMethod: n } = await u(
+    const { codeChallenge: e, codeChallengeMethod: s } = await u(
       this.session.codeVerifier
-    ), s = new URL("https://accounts.google.com/o/oauth2/v2/auth");
+    ), o = new URL(S);
     return Object.entries({
       access_type: "offline",
       client_id: this.options.clientId,
       code_challenge: e,
-      code_challenge_method: n,
+      code_challenge_method: s,
       include_granted_scopes: "true",
       prompt: "consent",
       redirect_uri: this.options.redirectUrl,
       response_type: "code",
       scope: this.options.scope,
       state: this.session.state
-    }).forEach(([o, t]) => {
-      t && s.searchParams.set(o, t);
-    }), s.href;
+    }).forEach(([n, t]) => {
+      t && o.searchParams.set(n, t);
+    }), o.href;
   }
   async finishAuth(e) {
     if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new r(h, "state doesn't match");
-    const n = e.searchParams.get("code");
-    if (!n) throw new r(h, "Invalid code");
-    const s = new URLSearchParams();
+      throw new i(a, "state doesn't match");
+    const s = e.searchParams.get("code");
+    if (!s) throw new i(a, "Invalid code");
+    const o = new URLSearchParams();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
-      code: n,
+      code: s,
       code_verifier: this.session.codeVerifier,
       grant_type: "authorization_code",
       redirect_uri: this.options.redirectUrl
-    }).forEach(([c, a]) => {
-      s.append(c, a);
+    }).forEach(([c, h]) => {
+      h != null && o.append(c, h);
     });
-    const o = await fetch("https://oauth2.googleapis.com/token", {
+    const n = await fetch(y, {
       method: "POST",
-      body: s
-    }), t = await o.json();
-    if (!o.ok) throw { status: o.status, data: t };
+      body: o
+    }), t = await n.json();
+    if (!n.ok) throw { status: n.status, data: t };
     if (!t.refresh_token)
-      throw new r(h, "Failed to get refresh_token");
+      throw new i(a, "Failed to get refresh_token");
     return this._updateRefreshToken({
       token: t.refresh_token,
       scope: t.scope
@@ -200,79 +189,82 @@ const T = class T extends w {
     }), t.access_token;
   }
   async refreshToken() {
-    const e = new URLSearchParams(), n = this.getRefreshToken();
+    const e = new URLSearchParams(), s = this.getRefreshToken();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
       grant_type: "refresh_token",
-      refresh_token: n,
+      refresh_token: s,
       scope: this.options.scope
     }).forEach(([t, c]) => {
       c != null && e.append(t, c);
     });
-    const s = await fetch("https://oauth2.googleapis.com/token", {
+    const o = await fetch(y, {
       method: "POST",
       body: e
-    }), o = await s.json();
-    if (!s.ok) throw { status: s.status, data: o };
+    }), n = await o.json();
+    if (!o.ok) throw { status: o.status, data: n };
     return this._updateAccessToken({
-      token: o.access_token,
-      expiresAt: Date.now() + o.expires_in * 1e3
-    }), o.access_token;
+      token: n.access_token,
+      expiresAt: Date.now() + n.expires_in * 1e3
+    }), n.access_token;
   }
 };
-T.Scopes = {
+g.Scopes = {
   account: "https://www.googleapis.com/auth/userinfo.profile",
   "drive.appdata": "https://www.googleapis.com/auth/drive.appdata",
   imap: "https://mail.google.com/"
 };
-let f = T;
+let l = g;
 const m = class m extends w {
+  oauth2Url(e) {
+    return `https://login.microsoftonline.com/${this.options.provider?.microsoft?.accountType ?? "common"}/oauth2/v2.0/${e}`;
+  }
   async buildAuthUrl() {
     this.session = {
       state: _(),
       codeVerifier: k()
     };
-    const { codeChallenge: e, codeChallengeMethod: n } = await u(
+    const { codeChallenge: e, codeChallengeMethod: s } = await u(
       this.session.codeVerifier
-    ), s = new URL("https://login.microsoftonline.com/common/oauth2/v2.0/authorize");
+    ), o = new URL(this.oauth2Url("authorize"));
     return Object.entries({
       client_id: this.options.clientId,
       code_challenge: e,
-      code_challenge_method: n,
+      code_challenge_method: s,
       redirect_uri: this.options.redirectUrl,
       response_mode: "query",
       response_type: "code",
       scope: this.options.scope,
       state: this.session.state
-    }).forEach(([o, t]) => {
-      t && s.searchParams.set(o, t);
-    }), s.href;
+    }).forEach(([n, t]) => {
+      t && o.searchParams.set(n, t);
+    }), o.href;
   }
   async finishAuth(e) {
     if (!this.session || this.session.state !== e.searchParams.get("state"))
-      throw new r(h, "state doesn't match");
-    const n = e.searchParams.get("code");
-    if (!n) throw new r(h, "Invalid code");
-    const s = new URLSearchParams();
+      throw new i(a, "state doesn't match");
+    const s = e.searchParams.get("code");
+    if (!s) throw new i(a, "Invalid code");
+    const o = new URLSearchParams();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
-      code: n,
+      code: s,
       code_verifier: this.session.codeVerifier,
       grant_type: "authorization_code",
       redirect_uri: this.options.redirectUrl,
       scope: this.options.scope
-    }).forEach(([c, a]) => {
-      a && s.append(c, a);
+    }).forEach(([c, h]) => {
+      h != null && o.append(c, h);
     });
-    const o = await fetch("https://login.microsoftonline.com/common/oauth2/v2.0/token", {
+    const n = await fetch(this.oauth2Url("token"), {
       method: "POST",
-      body: s
-    }), t = await o.json();
-    if (!o.ok) throw { status: o.status, data: t };
+      body: o
+    }), t = await n.json();
+    if (!n.ok) throw { status: n.status, data: t };
     if (!t.refresh_token)
-      throw new r(h, "Failed to get refresh_token");
+      throw new i(a, "Failed to get refresh_token");
     return this._updateRefreshToken({
       token: t.refresh_token,
       scope: t.scope
@@ -282,25 +274,25 @@ const m = class m extends w {
     }), t.access_token;
   }
   async refreshToken() {
-    const e = new URLSearchParams(), n = this.getRefreshToken();
+    const e = new URLSearchParams(), s = this.getRefreshToken();
     Object.entries({
       client_id: this.options.clientId,
       client_secret: this.options.clientSecret,
       grant_type: "refresh_token",
-      refresh_token: n,
+      refresh_token: s,
       scope: this.options.scope
     }).forEach(([t, c]) => {
-      c && e.append(t, c);
+      c != null && e.append(t, c);
     });
-    const s = await fetch("https://login.microsoftonline.com/common/oauth2/v2.0/token", {
+    const o = await fetch(this.oauth2Url("token"), {
       method: "POST",
       body: e
-    }), o = await s.json();
-    if (!s.ok) throw { status: s.status, data: o };
+    }), n = await o.json();
+    if (!o.ok) throw { status: o.status, data: n };
     return this._updateAccessToken({
-      token: o.access_token,
-      expiresAt: Date.now() + o.expires_in * 1e3
-    }), o.access_token;
+      token: n.access_token,
+      expiresAt: Date.now() + n.expires_in * 1e3
+    }), n.access_token;
   }
 };
 m.Scopes = {
@@ -308,49 +300,49 @@ m.Scopes = {
   imap: "offline_access https://outlook.office.com/IMAP.AccessAsUser.All",
   onedrive: "openid profile Files.ReadWrite.AppFolder offline_access"
 };
-let l = m;
-const x = {
+let f = m;
+const E = {
   dropbox: p,
-  google: f,
-  microsoft: l
+  google: l,
+  microsoft: f
 };
-function E(i, e) {
-  return new x[e.provider](i);
+function x(r, e) {
+  return new E[e.provider](r);
 }
-async function j(i, e) {
-  let n;
+async function I(r, e) {
+  let s;
   try {
-    n = i.getAccessToken();
-  } catch (s) {
-    if (!(s instanceof r))
-      throw s;
-    switch (s.code) {
+    s = r.getAccessToken();
+  } catch (o) {
+    if (!(o instanceof i))
+      throw o;
+    switch (o.code) {
       case d: {
-        if (!e) throw s;
-        const o = await i.buildAuthUrl(), t = await e(o);
-        n = await i.finishAuth(new URL(t));
+        if (!e) throw o;
+        const n = await r.buildAuthUrl(), t = await e(n);
+        s = await r.finishAuth(new URL(t));
         break;
       }
       case R: {
-        n = await i.refreshToken();
+        s = await r.refreshToken();
         break;
       }
       default:
-        throw s;
+        throw o;
     }
   }
-  return n;
+  return s;
 }
 export {
   p as DropboxAuthorizer,
-  f as GoogleAuthorizer,
-  l as MicrosoftAuthorizer,
-  h as OAUTH2_AUTH_ERROR,
+  l as GoogleAuthorizer,
+  f as MicrosoftAuthorizer,
+  a as OAUTH2_AUTH_ERROR,
   R as OAUTH2_NEED_REFRESH,
   d as OAUTH2_UNAUTHORIZED,
   w as OAuth2Authorizer,
-  x as OAuth2Authorizers,
-  r as OAuth2Error,
-  j as ensureAccessToken,
-  E as getAuthorizer
+  E as OAuth2Authorizers,
+  i as OAuth2Error,
+  I as ensureAccessToken,
+  x as getAuthorizer
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@usync/oauth2",
-  "version": "0.0.6",
+  "version": "0.1.1",
   "files": [
     "dist"
   ],

package/dist/common.d.ts

@@ -1,7 +0,0 @@
-export declare const OAUTH2_NEED_REFRESH = 1;
-export declare const OAUTH2_AUTH_ERROR = 2;
-export declare const OAUTH2_UNAUTHORIZED = 3;
-export declare class OAuth2Error extends Error {
-    code: number;
-    constructor(code: number, message?: string);
-}

package/dist/index.d.ts

@@ -1,7 +0,0 @@
-import { OAuth2Authorizer } from "./providers";
-import type { IOAuth2Account, IOAuth2Options } from "./types";
-export * from "./common";
-export * from "./providers";
-export * from "./types";
-export declare function getAuthorizer(options: IOAuth2Options, auth: IOAuth2Account): import("./providers").DropboxAuthorizer | import("./providers").GoogleAuthorizer | import("./providers").MicrosoftAuthorizer;
-export declare function ensureAccessToken(authorizer: OAuth2Authorizer, handleOAuth2?: (url: string) => Promise<string>): Promise<string>;

package/dist/providers/base.d.ts

@@ -1,20 +0,0 @@
-import type { IOAuth2Options, TokenData } from "../types";
-export declare abstract class OAuth2Authorizer {
-    protected options: IOAuth2Options;
-    abstract buildAuthUrl(): Promise<string>;
-    abstract finishAuth(url: URL): Promise<string>;
-    abstract refreshToken(): Promise<string>;
-    protected _accessToken: TokenData | null;
-    protected _refreshToken: TokenData | null;
-    constructor(options: IOAuth2Options, initialData?: {
-        accessToken?: TokenData;
-        refreshToken?: TokenData;
-    });
-    protected _getValidToken(value?: TokenData | null): string | undefined;
-    protected _updateAccessToken(value: TokenData | null): void;
-    protected _updateRefreshToken(value: TokenData | null): void;
-    getAccessToken(): string;
-    getRefreshToken(): string;
-    setAccessToken(value?: TokenData | null): void;
-    setRefreshToken(value?: TokenData | null): void;
-}

package/dist/providers/dropbox.d.ts

@@ -1,13 +0,0 @@
-import { OAuth2Authorizer } from "./base.ts";
-export declare class DropboxAuthorizer extends OAuth2Authorizer {
-    private session;
-    /**
-     * Ref: https://www.dropbox.com/developers/documentation/http/documentation
-     */
-    static Scopes: {
-        account: string;
-    };
-    buildAuthUrl(): Promise<string>;
-    finishAuth(url: URL): Promise<string>;
-    refreshToken(): Promise<string>;
-}

package/dist/providers/google.d.ts

@@ -1,18 +0,0 @@
-import { OAuth2Authorizer } from "./base.ts";
-/**
- * Ref: https://developers.google.com/identity/protocols/oauth2/web-server
- */
-export declare class GoogleAuthorizer extends OAuth2Authorizer {
-    private session;
-    /**
-     * Ref: https://developers.google.com/identity/protocols/oauth2/scopes
-     */
-    static Scopes: {
-        account: string;
-        "drive.appdata": string;
-        imap: string;
-    };
-    buildAuthUrl(): Promise<string>;
-    finishAuth(url: URL): Promise<string>;
-    refreshToken(): Promise<string>;
-}

package/dist/providers/index.d.ts

@@ -1,10 +0,0 @@
-import { DropboxAuthorizer } from "./dropbox";
-import { GoogleAuthorizer } from "./google";
-import { MicrosoftAuthorizer } from "./microsoft";
-export * from "./base";
-export { DropboxAuthorizer, GoogleAuthorizer, MicrosoftAuthorizer };
-export declare const OAuth2Authorizers: {
-    dropbox: typeof DropboxAuthorizer;
-    google: typeof GoogleAuthorizer;
-    microsoft: typeof MicrosoftAuthorizer;
-};

package/dist/providers/microsoft.d.ts

@@ -1,15 +0,0 @@
-import { OAuth2Authorizer } from "./base.ts";
-/**
- * Ref: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
- */
-export declare class MicrosoftAuthorizer extends OAuth2Authorizer {
-    private session;
-    static Scopes: {
-        /** Ref: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth */
-        imap: string;
-        onedrive: string;
-    };
-    buildAuthUrl(): Promise<string>;
-    finishAuth(url: URL): Promise<string>;
-    refreshToken(): Promise<string>;
-}

package/dist/types.d.ts

@@ -1,18 +0,0 @@
-import { OAuth2Authorizers } from "./providers";
-export interface TokenData {
-    token: string;
-    expiresAt?: number;
-    scope?: string;
-}
-export interface IOAuth2Options {
-    clientId: string;
-    clientSecret: string;
-    redirectUrl: string;
-    scope?: string;
-    onSetAccessToken?: (value: TokenData | null) => void;
-    onSetRefreshToken?: (value: TokenData | null) => void;
-}
-export interface IOAuth2Account {
-    provider: keyof typeof OAuth2Authorizers;
-    user: string;
-}

package/dist/util.d.ts

@@ -1,13 +0,0 @@
-export declare function getState(): string;
-/**
- * Ref: https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
- * high-entropy cryptographic random STRING using the
- * unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
- * from Section 2.3 of [RFC3986], with a minimum length of 43 characters
- * and a maximum length of 128 characters.
- */
-export declare function getCodeVerifier(): string;
-export declare function getCodeChallenge(codeVerifier: string): Promise<{
-    codeChallenge: string;
-    codeChallengeMethod: string;
-}>;