@zuplo/runtime 6.70.40 → 6.70.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/out/esm/{browser-login-idp-HWMCSYMR.js → browser-login-idp-SD2N5PY4.js} +2 -2
  2. package/out/esm/{chunk-2GVPMQ7M.js → chunk-A6TMPOZH.js} +52 -52
  3. package/out/esm/chunk-A6TMPOZH.js.map +1 -0
  4. package/out/esm/{chunk-FYGTTP3G.js → chunk-DLCMRCIL.js} +3 -3
  5. package/out/esm/index.js +1 -1
  6. package/out/esm/mcp-gateway/index.js +3 -3
  7. package/out/esm/mcp-gateway/index.js.map +1 -1
  8. package/package.json +1 -1
  9. package/out/esm/chunk-2GVPMQ7M.js.map +0 -1
  10. /package/out/esm/{browser-login-idp-HWMCSYMR.js.map → browser-login-idp-SD2N5PY4.js.map} +0 -0
  11. /package/out/esm/{chunk-2GVPMQ7M.js.LEGAL.txt → chunk-A6TMPOZH.js.LEGAL.txt} +0 -0
  12. /package/out/esm/{chunk-FYGTTP3G.js.map → chunk-DLCMRCIL.js.map} +0 -0
package/out/esm/{browser-login-idp-HWMCSYMR.js → browser-login-idp-SD2N5PY4.js} RENAMED
@@ -22,5 +22,5 @@
22
22
  * DEALINGS IN THE SOFTWARE.
23
23
  *--------------------------------------------------------------------------------------------*/
24
24
 
25
- import{Ja as v,K as h,L as k,M as l,Ma as u,O as b,P as f,d as p,ja as y,ka as x}from"./chunk-FYGTTP3G.js";import{ea as r,fa as j}from"./chunk-2GVPMQ7M.js";import"./chunk-JRXZBVXH.js";import"./chunk-4SACVMDH.js";import{a}from"./chunk-ZIKV2LUM.js";j();import{createRemoteJWKSet as C,errors as d,jwtVerify as T}from"jose";var I=r.object({id_token:r.string().min(1),token_type:r.string().min(1).optional(),expires_in:r.number().optional(),access_token:r.string().min(1).optional(),refresh_token:r.string().min(1).optional(),scope:r.string().min(1).optional()}),J=r.object({error:r.string().min(1).optional(),error_description:r.string().min(1).optional(),error_uri:r.string().min(1).optional()});function P(e){let n=J.safeParse(e);if(!n.success)return{};let t={};return n.data.error!==void 0&&(t.idpError=n.data.error),n.data.error_description!==void 0&&(t.idpErrorDescription=n.data.error_description.slice(0,256)),n.data.error_uri!==void 0&&(t.idpErrorUri=n.data.error_uri.slice(0,256)),t}a(P,"readIdpErrorFields");function U(e){return e instanceof d.JWTExpired?"expired":e instanceof d.JWTClaimValidationFailed?"claim":e instanceof d.JWSSignatureVerificationFailed?"signature":e instanceof d.JWKSNoMatchingKey?"jwks_no_match":e instanceof d.JWTInvalid?"invalid":e instanceof r.ZodError?"schema":"other"}a(U,"readJwtFailureKind");var M=r.object({sub:y,nonce:r.string().min(1)}).catchall(r.unknown()),m;function L(e){return e instanceof Error&&"cause"in e?e.cause:e}a(L,"readErrorCause");function W(e){if(e!==null&&typeof e=="object"&&"extensionMembers"in e)return e.extensionMembers?.gatewayCode}a(W,"readRuntimeGatewayCode");function G(){if(!m){let e=p();m=C(new URL(e.oidc.jwksUrl),{timeoutDuration:e.browserLogin.remoteTimeoutMs})}return m}a(G,"readFederatedJwks");async function Z(e){let n=p(),t=u("tokenUrl"),w=u("clientId"),E=u("clientSecret"),F=new URL("/oauth/callback",h(e.requestUrl)).toString(),R=new URLSearchParams({grant_type:"authorization_code",code:e.code,redirect_uri:F,client_id:w,client_secret:E});try{let{response:i,json:s}=await v(t,{method:"POST",headers:{accept:"application/json","content-type":"application/x-www-form-urlencoded"},body:R},{maxResponseBytes:32768,problemCode:"browser_login_verification_failed",timeoutMs:n.browserLogin.remoteTimeoutMs,...e.context===void 0?{}:{context:e.context}});if(!i.ok){let o=P(s);throw e.context?.log.warn({event:"federated_token_exchange_failed",code:"provider_access_denied",idpHost:l(t),idpStatus:i.status,...o},"Federated browser login token exchange returned non-2xx from the identity provider"),f({code:"provider_access_denied",privateDetail:"Federated browser login token exchange failed.",cause:new Error(`IdP token exchange failed (status=${i.status}${o.idpError?` idp_error=${o.idpError}`:""}${o.idpErrorDescription?` idp_error_description=${o.idpErrorDescription}`:""})`)})}let S=I.parse(s),c;try{({payload:c}=await T(S.id_token,G(),{issuer:n.oidc.issuer,audience:w}))}catch(o){let _={};throw k(_,"error",o),e.context?.log.warn({event:"federated_id_token_verification_failed",code:"browser_login_verification_failed",failureKind:U(o),idpHost:l(t),expectedIssuer:n.oidc.issuer,..._},"Federated id_token failed jose verification"),o}if(c.nonce!==e.nonce)throw e.context?.log.warn({event:"federated_nonce_mismatch",code:"oauth_callback_mismatch",idpHost:l(t),nonceMissingFromIdToken:c.nonce===void 0},"Federated id_token nonce did not match the signed gateway state"),f("oauth_callback_mismatch","Federated browser login nonce did not match the signed gateway state.");let g=M.parse(c);return x({sub:g.sub,data:g},e.requestUrl)}catch(i){let s=b(i)??W(i);throw s!==void 0&&s!=="browser_login_verification_failed"?i:f("browser_login_verification_failed","Federated browser login callback could not be verified.",L(i))}}a(Z,"exchangeFederatedAuthorizationCode");export{Z as exchangeFederatedAuthorizationCode};
26
- //# sourceMappingURL=browser-login-idp-HWMCSYMR.js.map
25
+ import{Ka as v,L as h,M as k,N as l,Na as u,P as b,Q as f,d as p,ka as y,la as x}from"./chunk-DLCMRCIL.js";import{ea as r,fa as j}from"./chunk-A6TMPOZH.js";import"./chunk-JRXZBVXH.js";import"./chunk-4SACVMDH.js";import{a}from"./chunk-ZIKV2LUM.js";j();import{createRemoteJWKSet as C,errors as d,jwtVerify as T}from"jose";var I=r.object({id_token:r.string().min(1),token_type:r.string().min(1).optional(),expires_in:r.number().optional(),access_token:r.string().min(1).optional(),refresh_token:r.string().min(1).optional(),scope:r.string().min(1).optional()}),J=r.object({error:r.string().min(1).optional(),error_description:r.string().min(1).optional(),error_uri:r.string().min(1).optional()});function P(e){let n=J.safeParse(e);if(!n.success)return{};let t={};return n.data.error!==void 0&&(t.idpError=n.data.error),n.data.error_description!==void 0&&(t.idpErrorDescription=n.data.error_description.slice(0,256)),n.data.error_uri!==void 0&&(t.idpErrorUri=n.data.error_uri.slice(0,256)),t}a(P,"readIdpErrorFields");function U(e){return e instanceof d.JWTExpired?"expired":e instanceof d.JWTClaimValidationFailed?"claim":e instanceof d.JWSSignatureVerificationFailed?"signature":e instanceof d.JWKSNoMatchingKey?"jwks_no_match":e instanceof d.JWTInvalid?"invalid":e instanceof r.ZodError?"schema":"other"}a(U,"readJwtFailureKind");var M=r.object({sub:y,nonce:r.string().min(1)}).catchall(r.unknown()),m;function L(e){return e instanceof Error&&"cause"in e?e.cause:e}a(L,"readErrorCause");function W(e){if(e!==null&&typeof e=="object"&&"extensionMembers"in e)return e.extensionMembers?.gatewayCode}a(W,"readRuntimeGatewayCode");function G(){if(!m){let e=p();m=C(new URL(e.oidc.jwksUrl),{timeoutDuration:e.browserLogin.remoteTimeoutMs})}return m}a(G,"readFederatedJwks");async function Z(e){let n=p(),t=u("tokenUrl"),w=u("clientId"),E=u("clientSecret"),F=new URL("/oauth/callback",h(e.requestUrl)).toString(),R=new URLSearchParams({grant_type:"authorization_code",code:e.code,redirect_uri:F,client_id:w,client_secret:E});try{let{response:i,json:s}=await v(t,{method:"POST",headers:{accept:"application/json","content-type":"application/x-www-form-urlencoded"},body:R},{maxResponseBytes:32768,problemCode:"browser_login_verification_failed",timeoutMs:n.browserLogin.remoteTimeoutMs,...e.context===void 0?{}:{context:e.context}});if(!i.ok){let o=P(s);throw e.context?.log.warn({event:"federated_token_exchange_failed",code:"provider_access_denied",idpHost:l(t),idpStatus:i.status,...o},"Federated browser login token exchange returned non-2xx from the identity provider"),f({code:"provider_access_denied",privateDetail:"Federated browser login token exchange failed.",cause:new Error(`IdP token exchange failed (status=${i.status}${o.idpError?` idp_error=${o.idpError}`:""}${o.idpErrorDescription?` idp_error_description=${o.idpErrorDescription}`:""})`)})}let S=I.parse(s),c;try{({payload:c}=await T(S.id_token,G(),{issuer:n.oidc.issuer,audience:w}))}catch(o){let _={};throw k(_,"error",o),e.context?.log.warn({event:"federated_id_token_verification_failed",code:"browser_login_verification_failed",failureKind:U(o),idpHost:l(t),expectedIssuer:n.oidc.issuer,..._},"Federated id_token failed jose verification"),o}if(c.nonce!==e.nonce)throw e.context?.log.warn({event:"federated_nonce_mismatch",code:"oauth_callback_mismatch",idpHost:l(t),nonceMissingFromIdToken:c.nonce===void 0},"Federated id_token nonce did not match the signed gateway state"),f("oauth_callback_mismatch","Federated browser login nonce did not match the signed gateway state.");let g=M.parse(c);return x({sub:g.sub,data:g},e.requestUrl)}catch(i){let s=b(i)??W(i);throw s!==void 0&&s!=="browser_login_verification_failed"?i:f("browser_login_verification_failed","Federated browser login callback could not be verified.",L(i))}}a(Z,"exchangeFederatedAuthorizationCode");export{Z as exchangeFederatedAuthorizationCode};
26
+ //# sourceMappingURL=browser-login-idp-SD2N5PY4.js.map