npm - alepha - Versions diffs - 0.19.0 → 0.19.2 - Mend

alepha 0.19.0 → 0.19.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (638) hide show

package/dist/server/auth/index.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
-import * as alepha from "alepha";
+import * as _$alepha from "alepha";
 import { Alepha, Async, KIND, Primitive, Static } from "alepha";
-import * as alepha_server_cookies0 from "alepha/server/cookies";
+import * as _$alepha_server_cookies0 from "alepha/server/cookies";
 import { Cookies, ServerCookiesProvider } from "alepha/server/cookies";
 import { DateTimeProvider } from "alepha/datetime";
 import { AccessTokenResponse, IssuerPrimitive, SecurityProvider, UserAccount } from "alepha/security";
-import * as alepha_logger0 from "alepha/logger";
-import * as alepha_server0 from "alepha/server";
+import * as _$alepha_logger0 from "alepha/logger";
+import * as _$alepha_server0 from "alepha/server";
 import { ServerLinksProvider } from "alepha/server/links";
 //#region ../../src/server/auth/constants/routes.d.ts
@@ -19,85 +19,85 @@ declare const alephaServerAuthRoutes: {
 };
 //#endregion
 //#region ../../src/server/auth/schemas/authenticationProviderSchema.d.ts
-declare const authenticationProviderSchema: alepha.TObject<{
-  name: alepha.TString;
-  type: alepha.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
+declare const authenticationProviderSchema: _$alepha.TObject<{
+  name: _$alepha.TString;
+  type: _$alepha.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
 }>;
 type AuthenticationProvider = Static<typeof authenticationProviderSchema>;
 //#endregion
 //#region ../../src/server/auth/schemas/tokenResponseSchema.d.ts
-declare const tokenResponseSchema: alepha.TObject<{
-  provider: alepha.TString;
-  access_token: alepha.TString;
-  issued_at: alepha.TNumber;
-  expires_in: alepha.TOptional<alepha.TNumber>;
-  refresh_token: alepha.TOptional<alepha.TString>;
-  refresh_token_expires_in: alepha.TOptional<alepha.TNumber>;
-  refresh_expires_in: alepha.TOptional<alepha.TNumber>;
-  id_token: alepha.TOptional<alepha.TString>;
-  scope: alepha.TOptional<alepha.TString>;
-  user: alepha.TObject<{
-    id: alepha.TString;
-    name: alepha.TOptional<alepha.TString>;
-    email: alepha.TOptional<alepha.TString>;
-    username: alepha.TOptional<alepha.TString>;
-    picture: alepha.TOptional<alepha.TString>;
-    sessionId: alepha.TOptional<alepha.TString>;
-    organizations: alepha.TOptional<alepha.TArray<alepha.TString>>;
-    roles: alepha.TOptional<alepha.TArray<alepha.TString>>;
-    realm: alepha.TOptional<alepha.TString>;
+declare const tokenResponseSchema: _$alepha.TObject<{
+  provider: _$alepha.TString;
+  access_token: _$alepha.TString;
+  issued_at: _$alepha.TNumber;
+  expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+  refresh_token: _$alepha.TOptional<_$alepha.TString>;
+  refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+  refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+  id_token: _$alepha.TOptional<_$alepha.TString>;
+  scope: _$alepha.TOptional<_$alepha.TString>;
+  user: _$alepha.TObject<{
+    id: _$alepha.TString;
+    name: _$alepha.TOptional<_$alepha.TString>;
+    email: _$alepha.TOptional<_$alepha.TString>;
+    username: _$alepha.TOptional<_$alepha.TString>;
+    picture: _$alepha.TOptional<_$alepha.TString>;
+    sessionId: _$alepha.TOptional<_$alepha.TString>;
+    organization: _$alepha.TOptional<_$alepha.TString>;
+    roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+    realm: _$alepha.TOptional<_$alepha.TString>;
   }>;
-  api: alepha.TObject<{
-    prefix: alepha.TOptional<alepha.TString>;
-    actions: alepha.TRecord<"^.*$", alepha.TObject<{
-      path: alepha.TString;
-      method: alepha.TOptional<alepha.TString>;
-      contentType: alepha.TOptional<alepha.TString>;
-      kind: alepha.TOptional<alepha.TString>;
-      service: alepha.TOptional<alepha.TString>;
+  api: _$alepha.TObject<{
+    prefix: _$alepha.TOptional<_$alepha.TString>;
+    actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
+      path: _$alepha.TString;
+      method: _$alepha.TOptional<_$alepha.TString>;
+      contentType: _$alepha.TOptional<_$alepha.TString>;
+      kind: _$alepha.TOptional<_$alepha.TString>;
+      service: _$alepha.TOptional<_$alepha.TString>;
     }>>;
-    permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
+    permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
   }>;
 }>;
 type TokenResponse = Static<typeof tokenResponseSchema>;
 //#endregion
 //#region ../../src/server/auth/schemas/tokensSchema.d.ts
-declare const tokensSchema: alepha.TObject<{
-  provider: alepha.TString;
-  access_token: alepha.TString;
-  issued_at: alepha.TNumber;
-  expires_in: alepha.TOptional<alepha.TNumber>;
-  refresh_token: alepha.TOptional<alepha.TString>;
-  refresh_token_expires_in: alepha.TOptional<alepha.TNumber>;
-  refresh_expires_in: alepha.TOptional<alepha.TNumber>;
-  id_token: alepha.TOptional<alepha.TString>;
-  scope: alepha.TOptional<alepha.TString>;
+declare const tokensSchema: _$alepha.TObject<{
+  provider: _$alepha.TString;
+  access_token: _$alepha.TString;
+  issued_at: _$alepha.TNumber;
+  expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+  refresh_token: _$alepha.TOptional<_$alepha.TString>;
+  refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+  refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+  id_token: _$alepha.TOptional<_$alepha.TString>;
+  scope: _$alepha.TOptional<_$alepha.TString>;
 }>;
 type Tokens = Static<typeof tokensSchema>;
 //#endregion
 //#region ../../src/server/auth/schemas/userinfoResponseSchema.d.ts
-declare const userinfoResponseSchema: alepha.TObject<{
-  user: alepha.TOptional<alepha.TObject<{
-    id: alepha.TString;
-    name: alepha.TOptional<alepha.TString>;
-    email: alepha.TOptional<alepha.TString>;
-    username: alepha.TOptional<alepha.TString>;
-    picture: alepha.TOptional<alepha.TString>;
-    sessionId: alepha.TOptional<alepha.TString>;
-    organizations: alepha.TOptional<alepha.TArray<alepha.TString>>;
-    roles: alepha.TOptional<alepha.TArray<alepha.TString>>;
-    realm: alepha.TOptional<alepha.TString>;
+declare const userinfoResponseSchema: _$alepha.TObject<{
+  user: _$alepha.TOptional<_$alepha.TObject<{
+    id: _$alepha.TString;
+    name: _$alepha.TOptional<_$alepha.TString>;
+    email: _$alepha.TOptional<_$alepha.TString>;
+    username: _$alepha.TOptional<_$alepha.TString>;
+    picture: _$alepha.TOptional<_$alepha.TString>;
+    sessionId: _$alepha.TOptional<_$alepha.TString>;
+    organization: _$alepha.TOptional<_$alepha.TString>;
+    roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+    realm: _$alepha.TOptional<_$alepha.TString>;
   }>>;
-  api: alepha.TObject<{
-    prefix: alepha.TOptional<alepha.TString>;
-    actions: alepha.TRecord<"^.*$", alepha.TObject<{
-      path: alepha.TString;
-      method: alepha.TOptional<alepha.TString>;
-      contentType: alepha.TOptional<alepha.TString>;
-      kind: alepha.TOptional<alepha.TString>;
-      service: alepha.TOptional<alepha.TString>;
+  api: _$alepha.TObject<{
+    prefix: _$alepha.TOptional<_$alepha.TString>;
+    actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
+      path: _$alepha.TString;
+      method: _$alepha.TOptional<_$alepha.TString>;
+      contentType: _$alepha.TOptional<_$alepha.TString>;
+      kind: _$alepha.TOptional<_$alepha.TString>;
+      service: _$alepha.TOptional<_$alepha.TString>;
     }>>;
-    permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
+    permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
   }>;
 }>;
 type UserinfoResponse = Static<typeof userinfoResponseSchema>;
@@ -1130,155 +1130,156 @@ declare class Configuration implements ConfigurationMethods, ConfigurationProper
 //#endregion
 //#region ../../src/server/auth/providers/ServerAuthProvider.d.ts
 declare class ServerAuthProvider {
-  protected readonly log: alepha_logger0.Logger;
+  protected readonly log: _$alepha_logger0.Logger;
   protected readonly alepha: Alepha;
   protected readonly serverCookiesProvider: ServerCookiesProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly serverLinksProvider: ServerLinksProvider;
   get identities(): Array<AuthPrimitive>;
-  protected readonly authorizationCode: alepha_server_cookies0.AbstractCookiePrimitive<alepha.TObject<{
-    provider: alepha.TString;
-    realm: alepha.TOptional<alepha.TString>;
-    codeVerifier: alepha.TOptional<alepha.TString>;
-    redirectUri: alepha.TOptional<alepha.TString>;
-    state: alepha.TOptional<alepha.TString>;
-    nonce: alepha.TOptional<alepha.TString>;
+  protected readonly authorizationCode: _$alepha_server_cookies0.AbstractCookiePrimitive<_$alepha.TObject<{
+    provider: _$alepha.TString;
+    realm: _$alepha.TOptional<_$alepha.TString>;
+    codeVerifier: _$alepha.TOptional<_$alepha.TString>;
+    redirectUri: _$alepha.TOptional<_$alepha.TString>;
+    loginUri: _$alepha.TOptional<_$alepha.TString>;
+    state: _$alepha.TOptional<_$alepha.TString>;
+    nonce: _$alepha.TOptional<_$alepha.TString>;
   }>>;
-  readonly tokens: alepha_server_cookies0.AbstractCookiePrimitive<alepha.TObject<{
-    provider: alepha.TString;
-    access_token: alepha.TString;
-    issued_at: alepha.TNumber;
-    expires_in: alepha.TOptional<alepha.TNumber>;
-    refresh_token: alepha.TOptional<alepha.TString>;
-    refresh_token_expires_in: alepha.TOptional<alepha.TNumber>;
-    refresh_expires_in: alepha.TOptional<alepha.TNumber>;
-    id_token: alepha.TOptional<alepha.TString>;
-    scope: alepha.TOptional<alepha.TString>;
+  readonly tokens: _$alepha_server_cookies0.AbstractCookiePrimitive<_$alepha.TObject<{
+    provider: _$alepha.TString;
+    access_token: _$alepha.TString;
+    issued_at: _$alepha.TNumber;
+    expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+    refresh_token: _$alepha.TOptional<_$alepha.TString>;
+    refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+    refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+    id_token: _$alepha.TOptional<_$alepha.TString>;
+    scope: _$alepha.TOptional<_$alepha.TString>;
   }>>;
-  protected readonly configure: alepha.HookPrimitive<"configure">;
+  protected readonly configure: _$alepha.HookPrimitive<"configure">;
   /**
    * Fill request headers with access token from cookies or fallback to provider's fallback function.
    */
-  protected readonly onRequest: alepha.HookPrimitive<"server:onRequest">;
+  protected readonly onRequest: _$alepha.HookPrimitive<"server:onRequest">;
   /**
    * Get user information.
    */
-  readonly userinfo: alepha_server0.RoutePrimitive<{
-    response: alepha.TObject<{
-      user: alepha.TOptional<alepha.TObject<{
-        id: alepha.TString;
-        name: alepha.TOptional<alepha.TString>;
-        email: alepha.TOptional<alepha.TString>;
-        username: alepha.TOptional<alepha.TString>;
-        picture: alepha.TOptional<alepha.TString>;
-        sessionId: alepha.TOptional<alepha.TString>;
-        organizations: alepha.TOptional<alepha.TArray<alepha.TString>>;
-        roles: alepha.TOptional<alepha.TArray<alepha.TString>>;
-        realm: alepha.TOptional<alepha.TString>;
+  readonly userinfo: _$alepha_server0.RoutePrimitive<{
+    response: _$alepha.TObject<{
+      user: _$alepha.TOptional<_$alepha.TObject<{
+        id: _$alepha.TString;
+        name: _$alepha.TOptional<_$alepha.TString>;
+        email: _$alepha.TOptional<_$alepha.TString>;
+        username: _$alepha.TOptional<_$alepha.TString>;
+        picture: _$alepha.TOptional<_$alepha.TString>;
+        sessionId: _$alepha.TOptional<_$alepha.TString>;
+        organization: _$alepha.TOptional<_$alepha.TString>;
+        roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+        realm: _$alepha.TOptional<_$alepha.TString>;
       }>>;
-      api: alepha.TObject<{
-        prefix: alepha.TOptional<alepha.TString>;
-        actions: alepha.TRecord<"^.*$", alepha.TObject<{
-          path: alepha.TString;
-          method: alepha.TOptional<alepha.TString>;
-          contentType: alepha.TOptional<alepha.TString>;
-          kind: alepha.TOptional<alepha.TString>;
-          service: alepha.TOptional<alepha.TString>;
+      api: _$alepha.TObject<{
+        prefix: _$alepha.TOptional<_$alepha.TString>;
+        actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
+          path: _$alepha.TString;
+          method: _$alepha.TOptional<_$alepha.TString>;
+          contentType: _$alepha.TOptional<_$alepha.TString>;
+          kind: _$alepha.TOptional<_$alepha.TString>;
+          service: _$alepha.TOptional<_$alepha.TString>;
         }>>;
-        permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
+        permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
       }>;
     }>;
   }>;
   /**
    * Refresh a token for internal providers.
    */
-  readonly refresh: alepha_server0.RoutePrimitive<{
-    query: alepha.TObject<{
-      provider: alepha.TString;
+  readonly refresh: _$alepha_server0.RoutePrimitive<{
+    query: _$alepha.TObject<{
+      provider: _$alepha.TString;
     }>;
-    body: alepha.TObject<{
-      refresh_token: alepha.TString;
-      access_token: alepha.TOptional<alepha.TString>;
+    body: _$alepha.TObject<{
+      refresh_token: _$alepha.TString;
+      access_token: _$alepha.TOptional<_$alepha.TString>;
     }>;
-    response: alepha.TObject<{
-      provider: alepha.TString;
-      access_token: alepha.TString;
-      issued_at: alepha.TNumber;
-      expires_in: alepha.TOptional<alepha.TNumber>;
-      refresh_token: alepha.TOptional<alepha.TString>;
-      refresh_token_expires_in: alepha.TOptional<alepha.TNumber>;
-      refresh_expires_in: alepha.TOptional<alepha.TNumber>;
-      id_token: alepha.TOptional<alepha.TString>;
-      scope: alepha.TOptional<alepha.TString>;
+    response: _$alepha.TObject<{
+      provider: _$alepha.TString;
+      access_token: _$alepha.TString;
+      issued_at: _$alepha.TNumber;
+      expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+      refresh_token: _$alepha.TOptional<_$alepha.TString>;
+      refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+      refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+      id_token: _$alepha.TOptional<_$alepha.TString>;
+      scope: _$alepha.TOptional<_$alepha.TString>;
     }>;
   }>;
   /**
    * Login for local password-based authentication.
    */
-  readonly token: alepha_server0.RoutePrimitive<{
-    query: alepha.TObject<{
-      provider: alepha.TString;
-      realm: alepha.TOptional<alepha.TString>;
+  readonly token: _$alepha_server0.RoutePrimitive<{
+    query: _$alepha.TObject<{
+      provider: _$alepha.TString;
+      realm: _$alepha.TOptional<_$alepha.TString>;
     }>;
-    body: alepha.TObject<{
-      username: alepha.TString;
-      password: alepha.TString;
+    body: _$alepha.TObject<{
+      username: _$alepha.TString;
+      password: _$alepha.TString;
     }>;
-    response: alepha.TObject<{
-      provider: alepha.TString;
-      access_token: alepha.TString;
-      issued_at: alepha.TNumber;
-      expires_in: alepha.TOptional<alepha.TNumber>;
-      refresh_token: alepha.TOptional<alepha.TString>;
-      refresh_token_expires_in: alepha.TOptional<alepha.TNumber>;
-      refresh_expires_in: alepha.TOptional<alepha.TNumber>;
-      id_token: alepha.TOptional<alepha.TString>;
-      scope: alepha.TOptional<alepha.TString>;
-      user: alepha.TObject<{
-        id: alepha.TString;
-        name: alepha.TOptional<alepha.TString>;
-        email: alepha.TOptional<alepha.TString>;
-        username: alepha.TOptional<alepha.TString>;
-        picture: alepha.TOptional<alepha.TString>;
-        sessionId: alepha.TOptional<alepha.TString>;
-        organizations: alepha.TOptional<alepha.TArray<alepha.TString>>;
-        roles: alepha.TOptional<alepha.TArray<alepha.TString>>;
-        realm: alepha.TOptional<alepha.TString>;
+    response: _$alepha.TObject<{
+      provider: _$alepha.TString;
+      access_token: _$alepha.TString;
+      issued_at: _$alepha.TNumber;
+      expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+      refresh_token: _$alepha.TOptional<_$alepha.TString>;
+      refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+      refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
+      id_token: _$alepha.TOptional<_$alepha.TString>;
+      scope: _$alepha.TOptional<_$alepha.TString>;
+      user: _$alepha.TObject<{
+        id: _$alepha.TString;
+        name: _$alepha.TOptional<_$alepha.TString>;
+        email: _$alepha.TOptional<_$alepha.TString>;
+        username: _$alepha.TOptional<_$alepha.TString>;
+        picture: _$alepha.TOptional<_$alepha.TString>;
+        sessionId: _$alepha.TOptional<_$alepha.TString>;
+        organization: _$alepha.TOptional<_$alepha.TString>;
+        roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+        realm: _$alepha.TOptional<_$alepha.TString>;
       }>;
-      api: alepha.TObject<{
-        prefix: alepha.TOptional<alepha.TString>;
-        actions: alepha.TRecord<"^.*$", alepha.TObject<{
-          path: alepha.TString;
-          method: alepha.TOptional<alepha.TString>;
-          contentType: alepha.TOptional<alepha.TString>;
-          kind: alepha.TOptional<alepha.TString>;
-          service: alepha.TOptional<alepha.TString>;
+      api: _$alepha.TObject<{
+        prefix: _$alepha.TOptional<_$alepha.TString>;
+        actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
+          path: _$alepha.TString;
+          method: _$alepha.TOptional<_$alepha.TString>;
+          contentType: _$alepha.TOptional<_$alepha.TString>;
+          kind: _$alepha.TOptional<_$alepha.TString>;
+          service: _$alepha.TOptional<_$alepha.TString>;
         }>>;
-        permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
+        permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
       }>;
     }>;
   }>;
   /**
    * Oauth2/OIDC login route.
    */
-  readonly login: alepha_server0.RoutePrimitive<{
-    query: alepha.TObject<{
-      provider: alepha.TString;
-      realm: alepha.TOptional<alepha.TString>;
-      redirect_uri: alepha.TOptional<alepha.TString>;
+  readonly login: _$alepha_server0.RoutePrimitive<{
+    query: _$alepha.TObject<{
+      provider: _$alepha.TString;
+      realm: _$alepha.TOptional<_$alepha.TString>;
+      redirect_uri: _$alepha.TOptional<_$alepha.TString>;
     }>;
   }>;
   /**
    * Callback for OAuth2/OIDC providers.
    * It handles the authorization code flow and retrieves the access token.
    */
-  readonly callback: alepha_server0.RoutePrimitive<alepha_server0.RequestConfigSchema>;
+  readonly callback: _$alepha_server0.RoutePrimitive<_$alepha_server0.RequestConfigSchema>;
   /**
    * Logout route for OAuth2/OIDC providers.
    */
-  readonly logout: alepha_server0.RoutePrimitive<{
-    query: alepha.TObject<{
-      post_logout_redirect_uri: alepha.TOptional<alepha.TString>;
+  readonly logout: _$alepha_server0.RoutePrimitive<{
+    query: _$alepha.TObject<{
+      post_logout_redirect_uri: _$alepha.TOptional<_$alepha.TString>;
     }>;
   }>;
   getAuthenticationProviders(filters?: {
@@ -1614,7 +1615,7 @@ declare const $authGoogle: (realm: IssuerPrimitive & WithLinkFn, options?: Parti
  *
  * @module alepha.server.auth
  */
-declare const AlephaServerAuth: alepha.Service<alepha.Module>;
+declare const AlephaServerAuth: _$alepha.Service<_$alepha.Module>;
 //#endregion
 export { $auth, $authCredentials, $authGithub, $authGoogle, AccessToken, AlephaServerAuth, AuthExternal, AuthInternal, AuthPrimitive, AuthPrimitiveOptions, AuthenticationProvider, Credentials, CredentialsFn, CredentialsOptions, LinkAccountFn, LinkAccountOptions, OAuth2Options, OAuth2Profile, OidcOptions, ServerAuthProvider, TokenResponse, Tokens, UserinfoResponse, WithLinkFn, WithLoginFn, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
 //# sourceMappingURL=index.d.ts.map

package/dist/server/auth/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,SAA4B,OAAA;QAYxC,MAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,SAAmB,OAAA;YAG9B,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,SAAY,OAAA;YAevB,MAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,SAAsB,OAAA;;QAGjC,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;AJT7C;;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;AJrBZ;KIyBYH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;cC8PqBC,aAAAA;;AAlJrB;;;;;AAiBA;UA+QiBI,mBAAAA;;;;WAIJE,MAAAA;EAlJkC;;;EAAA,SAsJlCC,sBAAAA;EARIH;;;EAAAA,SAYJI,cAAAA;EARAF;;;EAAAA,SAYAG,QAAAA;EAIAC;;;EAAAA,SAAAA,qBAAAA;EAmBAI;;;EAAAA,SAfAH,gBAAAA;EAkCAO;;;;EAAAA,SA7BAN,wBAAAA;EAsDAW;;;;EAAAA,SAjDAV,wBAAAA;EAwEAe;;;;EAAAA,SAnEAd,qBAAAA;EAoFAkB;;;EAAAA,SAhFAjB,qCAAAA;EAoGAqB;;;;EAAAA,SA/FApB,gDAAAA;EAqHAyB;;;;EAAAA,SAhHAxB,qBAAAA;EAwIA6B;;;;EAAAA,SAnIA5B,oBAAAA;EA4JAiC;;;;;EAAAA,SAtJAhC,aAAAA;EAkLAsC;;;;EAAAA,SA7KArC,UAAAA;EAqMA0C;;;EAAAA,SAjMAzC,mBAAAA;EAmNA6C;;;;EAAAA,SA9MA5C,0CAAAA;EAsOAiD;;;;EAAAA,SAjOAhD,qDAAAA;EA0O6B;;AAE1C;EAF0C,SAtO7BC,sBAAAA;;;;;WAKAC,6CAAAA;EAoOiB;;AAO9B;;;EAP8B,SA9NjBC,wDAAAA;EA+UR3B;;;EAAAA,SA3UQ4B,gCAAAA;EAqOTkD;;;EAAAA,SAjOSjD,eAAAA;EA2PTqD;;;EAAAA,SAvPSpD,6BAAAA;EA+TR/B;;;EAAAA,SA3TQgC,0CAAAA;EAgUoB;;AAoqDjC;;EApqDiC,SA3TpBC,qBAAAA,GAAwB1B,mBAAAA;EAg+DrBoV;;;EAAAA,SA59DHzT,iBAAAA;EA49DyC0T;;;;EAAAA,SAv9DzCzT,oBAAAA;EAu9DGwT;;;;EAAAA,SAl9DHvT,uBAAAA;EAk9D0C;;;;EAAA,SA78D1CC,qCAAAA;EC7fDoX;;;;EAAAA,SDkgBCnX,wCAAAA;EClgB+DsX;;;;EAAAA,SDugB/DrX,wCAAAA;ECvgBauX;;;EAAAA,SD2gBbtX,qCAAAA;EC3gByDwX;;;EAAAA,SD+gBzDvX,wCAAAA;EC/gBgG;AA0c7G;;EA1c6G,SDmhBhGC,wCAAAA;ECzE4BuU;;AAwFzC;;EAxFyCA,SD8E5BtU,2CAAAA;ECUWuY;;;;EAAAA,SDLXtY,8CAAAA;ECKkG;;;;EAAA,SDAlGC,8CAAAA;ECAkG;;AAgB/G;;EAhB+G,SDKlGC,wBAAAA;ECWuC;;;EAAA,SDPvCC,qBAAAA;EC+DTyY;;;AASJ;EATIA,SD1DSxY,gBAAAA;;;;ACiVb;WD5UaC,wBAAAA;;;;ACwVb;WDnVaC,0BAAAA;;;;;WAKAC,2BAAAA;ECsVkB8T;;;;EAAAA,SDjVlB7T,+BAAAA;EC6US8a;;;;EAAAA,SDxUT7a,gCAAAA;EC4UkB4T;;;;EAAAA,SDvUlB3T,6BAAAA;ECyUI+a;;;EAAAA,SDrUJ9a,qCAAAA;EC6UA+a;;;EAAAA,SDzUA9a,qCAAAA;ECqUTwW;;;;EAAAA,SDhUSvW,0CAAAA;EC6UT+a;;;;EAAAA,SDxUS9a,6CAAAA;ECkVD4Y;;;;EAAAA,SD7UC3Y,6CAAAA;ECsVmBgY;;;;EAAAA,SDjVnB/X,8CAAAA;ECiVb0W;;;;EAAAA,SD5UazW,0CAAAA;ECgVI+a;;;;EAAAA,SD3UJ9a,6CAAAA;ECkVOwY;;;;EAAAA,SD7UPvY,6CAAAA;EC6XqB;;;EAAA,SDzXrBC,mCAAAA;ECmYwDkZ;;;;EAAAA,SD9XxDjZ,+DAAAA;ECsY6C0V;;;EAAAA,SDlY7CzV,0CAAAA;EC8YJ2W;;;EAAAA,SD1YI1W,yCAAAA;EC4WuDya;;;;EAAAA,SDvWvDxa,oBAAAA;ECiXTya;;;EAAAA,SD7WSxa,iCAAAA;EC6WwD6Y;;;;EAAAA,SDxWxD5Y,oBAAAA;EC4WT6Z;;;;;EAAAA,SDtWS5Z,qCAAAA;EC0WkB0S;;;EAAAA,SDtWlBzS,6BAAAA;EC8WLoY;;;;EAAAA,SDzWKnY,oCAAAA;ECiXgB6X;;;EAAAA,SD7WhB5X,4BAAAA;;;;WAIAC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;EEvrBkC;;;;;;EF8rBlCC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;EEvqB0B;;;;;;EF8qB1BC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;;;;;;;;;;;;;;;AJr+EtD;;;KK2BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;cCxOqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;;;;;AAiFhG;;;UAjEiBD,cAAAA,SAAuB1C,MAAAA;EAiEyB;AA8QjE;;EA3UIsE,aAAAA;EAkVAwC;;AAKJ;;;;;;;;;;;;;;;;;;;;;;AAUA;;;;;;;;;;;;;;;;;;AA2BA;;;;;;;;;EAxUIvC,yBAAAA;AAAAA;;;;;AAqVJ;;;UA5UiB9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;;;;;;;EAObC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;ECr3B/B;;;EDy3BdM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;;;;;EAKTN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;ECj3BP;;;EAAA,KDq3BTzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cCvhChB,kBAAA;EAAA,mBACQ,GAAA,EADU,cAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;EAAA,IAE3B,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,sBAAA,CAAA,uBAAA,QAAA,OAAA;cANN,MAAA,CAAA,OAAA;;;;;;;WAoBd,MAAA,EAAM,sBAAA,CAAA,uBAAA,QAAA,OAAA;cAdc,MAAA,CAAA,OAAA;;;;;;;;;;qBAuBjB,SAAA,EATG,MAAA,CASM,aAAA;ENhEW;;;EAAA,mBM4EpB,SAAA,EAZS,MAAA,CAYA,aAAA;;;;WAqCZ,QAAA,iBAAQ,cAAA;;;YArCI,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,iBAAO,cAAA;;gBAtCC,MAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,iBAAK,cAAA;;gBAvCE,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,iBAAK,cAAA;;gBA7EA,MAAA,CAAA,OAAA;;;;;;;;;WAuKL,QAAA,EAAQ,cAAA,CAAA,cAAA,CA1FH,cAAA,CA0FG,mBAAA;;;;WAmER,MAAA,iBAAM,cAAA;;iDAnEE,MAAA,CAAA,OAAA;IAAA;EAAA;EA2IjB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;;;;;;YAwCO,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;;;;YA6Ba,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UA8BD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UAqDxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;AP/sBH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPhDyB;;;;EOqDnC,IAAA;EN9DA;;;EMmEA,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;EN7HmB;;;;;;;;;EMyI1B,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;AAAA;AAAA,UAGK,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;;EAKA,aAAA;;;;EAKA,KAAA;;;;EAKA,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;;ANpOZ;;EMyOE,WAAA;ENzO0B;;;EM8O1B,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;ELxUY;;;;EKiXV,IAAA,CAAK,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,WAAA;EAAA,UAyCjC,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;cC1dxB,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;AThBlB;cUoBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;AVtBlB;cWmBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;AXrBlB;;;;;;;;;cY8Ba,gBAAA,EAAgB,MAAA,CAAA,OAAA,CAI3B,MAAA,CAJ2B,MAAA"}
1	+ {"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,WAA4B,OAAA;QAYxC,QAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,WAAmB,OAAA;YAG9B,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,WAAY,OAAA;YAevB,QAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,WAAsB,OAAA;;QAGjC,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;AJT7C;;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;AJrBZ;KIyBYH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;;;cC8PqBC,aAAAA;;;AAjIrB;;;;;UA+QiBI,mBAAAA;EA9I8B;;;EAAA,SAkJlCE,MAAAA;EAJIF;;;EAAAA,SAQJG,sBAAAA;EAJAD;;;EAAAA,SAQAE,cAAAA;EAQAE;;;EAAAA,SAJAD,QAAAA;EAuBAK;;;EAAAA,SAnBAJ,qBAAAA;EAsCAQ;;;EAAAA,SAlCAP,gBAAAA;EAsDAW;;;;EAAAA,SAjDAV,wBAAAA;EAyEAe;;;;EAAAA,SApEAd,wBAAAA;EAqFwBR;;;;EAAAA,SAhFxBS,qBAAAA;EAwGAsB;;;EAAAA,SApGArB,qCAAAA;EAqHAyB;;;;EAAAA,SAhHAxB,gDAAAA;EAwIA6B;;;;EAAAA,SAnIA5B,qBAAAA;EA4JAiC;;;;EAAAA,SAvJAhC,oBAAAA;EA8KAqC;;;;;EAAAA,SAxKApC,aAAAA;EAsMA0C;;;;EAAAA,SAjMAzC,UAAAA;EAuNA8C;;;EAAAA,SAnNA7C,mBAAAA;EAsOAiD;;;;EAAAA,SAjOAhD,0CAAAA;EA+OoBjD;;;AAEjC;EAFiCA,SA1OpBkD,qDAAAA;;;;WAIAC,sBAAAA;EAyOCkD;;;AAOd;EAPcA,SApODjD,6CAAAA;;;;;;WAMAC,wDAAAA;EAyOTmD;;;EAAAA,SArOSlD,gCAAAA;EA+PTsD;;;EAAAA,SA3PSrD,eAAAA;EAmUR9B;;;EAAAA,SA/TQ+B,6BAAAA;EAoUoB;;AAoqDjC;EApqDiC,SAhUpBC,0CAAAA;EAo+DmB2T;;;;EAAAA,SA/9DnB1T,qBAAAA,GAAwB1B,mBAAAA;EAg+DiBqV;;;EAAAA,SA59DzC1T,iBAAAA;EA49DR0T;;;;EAAAA,SAv9DQzT,oBAAAA;EAu9DyCyT;;;;EAAAA,SAl9DzCxT,uBAAAA;;ACxfb;;;WD6faC,qCAAAA;EC7fyCsX;;;;EAAAA,SDkgBzCrX,wCAAAA;EClgBiBoX;;;;EAAAA,SDugBjBnX,wCAAAA;ECvgByDyX;;;EAAAA,SD2gBzDxX,qCAAAA;EC3gBgG;AA0c7G;;EA1c6G,SD+gBhGC,wCAAAA;ECrE4BwU;;AAwFzC;EAxFyCA,SDyE5BvU,wCAAAA;;;;;WAKAC,2CAAAA;ECUkG;;;;EAAA,SDLlGC,8CAAAA;ECKmFgX;;;AAgBhG;EAhBgGA,SDAnF/W,8CAAAA;;;;;WAKAC,wBAAAA;ECmET0Y;;;EAAAA,SD/DSzY,qBAAAA;ECwEkB;;;;EAAA,SDnElBC,gBAAAA;ECiVyB;;;;EAAA,SD5UzBC,wBAAAA;ECwVwB;;;;EAAA,SDnVxBC,0BAAAA;EC2V6CyW;;;;EAAAA,SDtV7CxW,2BAAAA;ECkVTgb;;;;EAAAA,SD7US/a,+BAAAA;ECiVS8a;;;;EAAAA,SD5UT7a,gCAAAA;EC4U2D;AAExE;;;EAFwE,SDvU3DC,6BAAAA;ECiVAgb;;;EAAAA,SD7UA/a,qCAAAA;ECyUTyW;;;EAAAA,SDrUSxW,qCAAAA;EC8UTwa;;;;EAAAA,SDzUSva,0CAAAA;ECkVW;AAKxB;;;EALwB,SD7UXC,6CAAAA;EC2V2Bgb;;;;EAAAA,SDtV3B/a,6CAAAA;ECsVJ0a;;;;EAAAA,SDjVIza,8CAAAA;ECiVmC;AAIhD;;;EAJgD,SD5UnCC,0CAAAA;ECuVRgX;;;;EAAAA,SDlVQ/W,6CAAAA;ECkYQyY;;;;EAAAA,SD7XRxY,6CAAAA;ECuYwDmZ;;;EAAAA,SDnYxDlZ,mCAAAA;ECuYoC8Z;;;;EAAAA,SDlYpC7Z,+DAAAA;ECkZJ4W;;;EAAAA,SD9YI3W,0CAAAA;ECgXuD0a;;;EAAAA,SD5WvDza,yCAAAA;EC4WuDya;;;;EAAAA,SDvWvDxa,oBAAAA;ECiXwD8Y;;;EAAAA,SD7WxD7Y,iCAAAA;EC6W0FgZ;;;;EAAAA,SDxW1F/Y,oBAAAA;ECgXT8Z;;;;;EAAAA,SD1WS7Z,qCAAAA;ECkXLqY;;;EAAAA,SD9WKpY,6BAAAA;ECsXJqW;;;;EAAAA,SDjXIpW,oCAAAA;;;;WAIAC,4BAAAA;EE1qBkB;;;EAAA,SF8qBlBC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;;;;;;;;;;;;;;;AJr+EtD;;;KK2BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;;;;;cCxOqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;AAiFhG;;;;;AA8QA;;AA9QA,UAjEiBD,cAAAA,SAAuB1C,MAAAA;EAsVpC8G;;AAKJ;EAvVIxC,aAAAA;;;;;;;;;;;;;;;;;;;;;AAiWJ;;;;;;;;;;;;;;;;;;AA2BA;;;;;;;;;;;;;EAxUIC,yBAAAA;AAAAA;AAqVJ;;;;;;;AAAA,UA5UiB9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;;;;;;;EAObC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;ECp3BzB;;;EDw3BpBM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;;;;;EAKTN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;;;;OAIhBzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cCvhChB,kBAAA;EAAA,mBACQ,GAAA,EADU,gBAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;EAAA,IAE3B,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,wBAAA,CAAA,uBAAA,UAAA,OAAA;cANN,QAAA,CAAA,OAAA;;;;;;;;WAqBd,MAAA,EAAM,wBAAA,CAAA,uBAAA,UAAA,OAAA;cAfc,QAAA,CAAA,OAAA;;;;;;;;;;qBAwBjB,SAAA,EATG,QAAA,CASM,aAAA;;;;qBAYT,SAAA,EAZS,QAAA,CAYA,aAAA;;;AN/D9B;WMoGkB,QAAA,mBAAQ,cAAA;;;YArCI,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,mBAAO,cAAA;;gBAtCC,QAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,mBAAK,cAAA;;gBAvCE,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,mBAAK,cAAA;;gBA7EA,QAAA,CAAA,OAAA;;;;;;;;;WA6KL,QAAA,EAAQ,gBAAA,CAAA,cAAA,CAhGH,gBAAA,CAgGG,mBAAA;;;;WAkFR,MAAA,mBAAM,cAAA;;mDAlFE,QAAA,CAAA,OAAA;IAAA;EAAA;EA0JjB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;;;;;;YAwCO,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;;;;YA6Ba,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UA8BD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UAqDxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;APruBH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPhDyB;;;;EOqDnC,IAAA;EN9DA;;;EMmEA,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;EN7HmB;;;;;;;;;EMyI1B,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;AAAA;AAAA,UAGK,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;;EAKA,aAAA;;;;EAKA,KAAA;;;;EAKA,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;ENpOa;;;EMyOvB,WAAA;;;;EAKA,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;;;;;EAyCE,IAAA,CAAK,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,WAAA;EAAA,UAyCjC,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;cC1dxB,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;AThBlB;cUoBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;AVtBlB;cWmBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;AXrBlB;;;;;;;;;cY8Ba,gBAAA,EAAgB,QAAA,CAAA,OAAA,CAI3B,QAAA,CAJ2B,MAAA"}

package/dist/server/auth/index.js CHANGED Viewed

@@ -1438,6 +1438,7 @@ var ServerAuthProvider = class {
 			realm: t.optional(t.text()),
 			codeVerifier: t.optional(t.text({ size: "long" })),
 			redirectUri: t.optional(t.text({ size: "long" })),
+			loginUri: t.optional(t.text({ size: "long" })),
 			state: t.optional(t.text()),
 			nonce: t.optional(t.text())
 		})
@@ -1598,7 +1599,8 @@ var ServerAuthProvider = class {
 			realm: t.optional(t.text({ description: "Realm name for multi-realm setups" })),
 			redirect_uri: t.optional(t.text({ size: "rich" }))
 		}) },
-		handler: async ({ query, url, reply }) => {
+		handler: async ({ query, url, reply, headers }) => {
+			const loginUri = headers.referer ? new URL(headers.referer).pathname + new URL(headers.referer).search : void 0;
 			const provider = this.provider({
 				provider: query.provider,
 				realm: query.realm
@@ -1621,6 +1623,7 @@ var ServerAuthProvider = class {
 					state,
 					nonce: parameters.nonce,
 					redirectUri: query.redirect_uri ?? "/",
+					loginUri,
 					provider: query.provider,
 					realm: query.realm
 				});
@@ -1638,6 +1641,7 @@ var ServerAuthProvider = class {
 			this.authorizationCode.set({
 				codeVerifier,
 				redirectUri: query.redirect_uri ?? "/",
+				loginUri,
 				provider: query.provider,
 				realm: query.realm
 			});
@@ -1657,6 +1661,7 @@ var ServerAuthProvider = class {
 			const oauth = await provider.getOAuth();
 			if (!oauth) throw new SecurityError(`Auth provider '${provider.name}' does not support OAuth2`);
 			const redirectUri = authorizationCode.redirectUri ?? "/";
+			const loginUri = authorizationCode.loginUri;
 			const externalTokens = await authorizationCodeGrant(oauth, url, {
 				pkceCodeVerifier: authorizationCode.codeVerifier,
 				expectedState: authorizationCode.state,
@@ -1676,7 +1681,16 @@ var ServerAuthProvider = class {
 				reply.redirect(redirectUri, 302);
 				return;
 			}
-			const user = await provider.user(externalTokens);
+			let user;
+			try {
+				user = await provider.user(externalTokens);
+			} catch (e) {
+				this.log.warn("OAuth2 account linking failed", e);
+				const errorUrl = new URL(loginUri || redirectUri, url.origin);
+				errorUrl.searchParams.set("error", e instanceof BadRequestError ? e.message : "Authentication failed");
+				reply.redirect(errorUrl.pathname + errorUrl.search, 302);
+				return;
+			}
 			const tokens = await issuer.createToken(user);
 			this.setTokens({
 				...tokens,