base-idp 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +162 -0
- package/dist/base64url.d.ts +6 -0
- package/dist/base64url.d.ts.map +1 -0
- package/dist/base64url.js +39 -0
- package/dist/base64url.js.map +1 -0
- package/dist/bootstrap.d.ts +10 -0
- package/dist/bootstrap.d.ts.map +1 -0
- package/dist/bootstrap.js +18 -0
- package/dist/bootstrap.js.map +1 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +206 -0
- package/dist/cli.js.map +1 -0
- package/dist/client.d.ts +20 -0
- package/dist/client.d.ts.map +1 -0
- package/dist/client.js +169 -0
- package/dist/client.js.map +1 -0
- package/dist/errors.d.ts +12 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +17 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -0
- package/dist/next.d.ts +19 -0
- package/dist/next.d.ts.map +1 -0
- package/dist/next.js +39 -0
- package/dist/next.js.map +1 -0
- package/dist/node.d.ts +60 -0
- package/dist/node.d.ts.map +1 -0
- package/dist/node.js +148 -0
- package/dist/node.js.map +1 -0
- package/dist/paseto.d.ts +15 -0
- package/dist/paseto.d.ts.map +1 -0
- package/dist/paseto.js +103 -0
- package/dist/paseto.js.map +1 -0
- package/dist/pkce.d.ts +3 -0
- package/dist/pkce.d.ts.map +1 -0
- package/dist/pkce.js +18 -0
- package/dist/pkce.js.map +1 -0
- package/dist/react.d.ts +12 -0
- package/dist/react.d.ts.map +1 -0
- package/dist/react.js +21 -0
- package/dist/react.js.map +1 -0
- package/dist/server.d.ts +13 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +25 -0
- package/dist/server.js.map +1 -0
- package/dist/sveltekit.d.ts +17 -0
- package/dist/sveltekit.d.ts.map +1 -0
- package/dist/sveltekit.js +21 -0
- package/dist/sveltekit.js.map +1 -0
- package/dist/types.d.ts +138 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/dist/vite.d.ts +6 -0
- package/dist/vite.d.ts.map +1 -0
- package/dist/vite.js +24 -0
- package/dist/vite.js.map +1 -0
- package/package.json +60 -0
package/dist/client.js
ADDED
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
import { idpError } from "./errors.js";
|
|
2
|
+
export class BaseIdPClient {
|
|
3
|
+
rawConfig;
|
|
4
|
+
cfg;
|
|
5
|
+
metadataCache;
|
|
6
|
+
keyCache;
|
|
7
|
+
constructor(rawConfig) {
|
|
8
|
+
this.rawConfig = rawConfig;
|
|
9
|
+
if (!rawConfig.key) {
|
|
10
|
+
throw idpError("invalid_config", "base key is required (set BASE_IDP_KEY)");
|
|
11
|
+
}
|
|
12
|
+
if (!rawConfig.issuer) {
|
|
13
|
+
throw idpError("invalid_config", "issuer is required (set BASE_IDP_ISSUER)");
|
|
14
|
+
}
|
|
15
|
+
const fetcher = rawConfig.fetch ?? globalThis.fetch;
|
|
16
|
+
if (!fetcher) {
|
|
17
|
+
throw idpError("invalid_config", "fetch is required in this runtime");
|
|
18
|
+
}
|
|
19
|
+
this.cfg = {
|
|
20
|
+
issuer: trimSlash(rawConfig.issuer),
|
|
21
|
+
key: rawConfig.key,
|
|
22
|
+
clientId: "",
|
|
23
|
+
redirectUri: "",
|
|
24
|
+
scopes: [],
|
|
25
|
+
audience: "square-experience",
|
|
26
|
+
fetch: fetcher,
|
|
27
|
+
clientSecret: rawConfig.secret ?? "",
|
|
28
|
+
confidential: false,
|
|
29
|
+
allowedScopes: [],
|
|
30
|
+
allowedAuthMethods: [],
|
|
31
|
+
requiredScope: "",
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
get issuer() {
|
|
35
|
+
return this.cfg.issuer;
|
|
36
|
+
}
|
|
37
|
+
get clientId() {
|
|
38
|
+
return this.cfg.clientId;
|
|
39
|
+
}
|
|
40
|
+
scopes(value = this.cfg.scopes) {
|
|
41
|
+
return Array.isArray(value) ? value.filter(Boolean) : value.split(/\s+/).filter(Boolean);
|
|
42
|
+
}
|
|
43
|
+
async resolveConfig() {
|
|
44
|
+
if (this.cfg.clientId)
|
|
45
|
+
return this.cfg;
|
|
46
|
+
const response = await this.cfg.fetch(`${this.cfg.issuer}/v1/client-config?key=${encodeURIComponent(this.cfg.key)}`, { headers: { Accept: "application/json" } });
|
|
47
|
+
const payload = (await response.json().catch(() => ({})));
|
|
48
|
+
if (!response.ok) {
|
|
49
|
+
throw idpError("config_discovery_failed", "base idp: config discovery failed", response.status, payload);
|
|
50
|
+
}
|
|
51
|
+
this.cfg.issuer = trimSlash(payload.issuer);
|
|
52
|
+
this.cfg.clientId = payload.client_id;
|
|
53
|
+
this.cfg.confidential = payload.confidential;
|
|
54
|
+
this.cfg.allowedScopes = payload.allowed_scopes;
|
|
55
|
+
this.cfg.allowedAuthMethods = payload.allowed_auth_methods;
|
|
56
|
+
if (!this.cfg.redirectUri && payload.allowed_redirect_uris.length > 0) {
|
|
57
|
+
this.cfg.redirectUri = payload.allowed_redirect_uris[0];
|
|
58
|
+
}
|
|
59
|
+
if (this.cfg.scopes.length === 0 && payload.allowed_scopes.length > 0) {
|
|
60
|
+
this.cfg.scopes = payload.allowed_scopes;
|
|
61
|
+
}
|
|
62
|
+
return this.cfg;
|
|
63
|
+
}
|
|
64
|
+
async discovery(force = false) {
|
|
65
|
+
if (this.metadataCache && !force)
|
|
66
|
+
return this.metadataCache;
|
|
67
|
+
const response = await this.cfg.fetch(`${this.cfg.issuer}/.well-known/square-identity`, {
|
|
68
|
+
headers: { Accept: "application/json" },
|
|
69
|
+
});
|
|
70
|
+
if (!response.ok) {
|
|
71
|
+
throw idpError("discovery_failed", "idp discovery endpoint rejected the request", response.status);
|
|
72
|
+
}
|
|
73
|
+
this.metadataCache = (await response.json());
|
|
74
|
+
return this.metadataCache;
|
|
75
|
+
}
|
|
76
|
+
async publicKeys(force = false) {
|
|
77
|
+
if (this.keyCache && !force)
|
|
78
|
+
return this.keyCache;
|
|
79
|
+
const metadata = await this.discovery();
|
|
80
|
+
const response = await this.cfg.fetch(metadata.paseto_public_key_endpoint, {
|
|
81
|
+
headers: { Accept: "application/json" },
|
|
82
|
+
});
|
|
83
|
+
if (!response.ok) {
|
|
84
|
+
throw idpError("key_fetch_failed", "idp public-key endpoint rejected the request", response.status);
|
|
85
|
+
}
|
|
86
|
+
this.keyCache = (await response.json());
|
|
87
|
+
return this.keyCache;
|
|
88
|
+
}
|
|
89
|
+
authorizeUrl(options = {}) {
|
|
90
|
+
if (!this.cfg.clientId) {
|
|
91
|
+
throw idpError("not_initialized", "client is not initialized; call resolveConfig() or await auto-init");
|
|
92
|
+
}
|
|
93
|
+
const url = new URL(`${this.cfg.issuer}/oauth2/authorize`);
|
|
94
|
+
url.searchParams.set("response_type", options.responseType ?? "code");
|
|
95
|
+
url.searchParams.set("client_id", this.cfg.clientId);
|
|
96
|
+
url.searchParams.set("redirect_uri", options.redirectUri ?? this.cfg.redirectUri);
|
|
97
|
+
url.searchParams.set("scope", this.scopes(options.scopes).join(" "));
|
|
98
|
+
if (options.state)
|
|
99
|
+
url.searchParams.set("state", options.state);
|
|
100
|
+
if (options.nonce)
|
|
101
|
+
url.searchParams.set("nonce", options.nonce);
|
|
102
|
+
if (options.authSessionId)
|
|
103
|
+
url.searchParams.set("auth_session_id", options.authSessionId);
|
|
104
|
+
if (options.codeChallenge) {
|
|
105
|
+
url.searchParams.set("code_challenge", options.codeChallenge);
|
|
106
|
+
url.searchParams.set("code_challenge_method", options.codeChallengeMethod ?? "S256");
|
|
107
|
+
}
|
|
108
|
+
for (const [key, value] of Object.entries(options.additionalParameters ?? {})) {
|
|
109
|
+
if (key && value)
|
|
110
|
+
url.searchParams.set(key, value);
|
|
111
|
+
}
|
|
112
|
+
return url.toString();
|
|
113
|
+
}
|
|
114
|
+
async exchangeCode(options) {
|
|
115
|
+
if (!options.code) {
|
|
116
|
+
throw idpError("invalid_request", "authorization code is required");
|
|
117
|
+
}
|
|
118
|
+
await this.resolveConfig();
|
|
119
|
+
const metadata = await this.discovery();
|
|
120
|
+
const body = new URLSearchParams({
|
|
121
|
+
grant_type: "authorization_code",
|
|
122
|
+
code: options.code,
|
|
123
|
+
client_id: this.cfg.clientId,
|
|
124
|
+
redirect_uri: options.redirectUri ?? this.cfg.redirectUri,
|
|
125
|
+
});
|
|
126
|
+
if (this.cfg.clientSecret)
|
|
127
|
+
body.set("client_secret", this.cfg.clientSecret);
|
|
128
|
+
if (options.codeVerifier)
|
|
129
|
+
body.set("code_verifier", options.codeVerifier);
|
|
130
|
+
return this.postToken(metadata.token_endpoint, body);
|
|
131
|
+
}
|
|
132
|
+
async refresh(options) {
|
|
133
|
+
if (!options.refreshToken) {
|
|
134
|
+
throw idpError("invalid_request", "refresh token is required");
|
|
135
|
+
}
|
|
136
|
+
await this.resolveConfig();
|
|
137
|
+
const metadata = await this.discovery();
|
|
138
|
+
const body = new URLSearchParams({
|
|
139
|
+
grant_type: "refresh_token",
|
|
140
|
+
refresh_token: options.refreshToken,
|
|
141
|
+
client_id: this.cfg.clientId,
|
|
142
|
+
});
|
|
143
|
+
if (this.cfg.clientSecret)
|
|
144
|
+
body.set("client_secret", this.cfg.clientSecret);
|
|
145
|
+
if (options.scopes)
|
|
146
|
+
body.set("scope", this.scopes(options.scopes).join(" "));
|
|
147
|
+
return this.postToken(metadata.token_endpoint, body);
|
|
148
|
+
}
|
|
149
|
+
async postToken(endpoint, body) {
|
|
150
|
+
const response = await this.cfg.fetch(endpoint, {
|
|
151
|
+
method: "POST",
|
|
152
|
+
headers: {
|
|
153
|
+
Accept: "application/json",
|
|
154
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
155
|
+
},
|
|
156
|
+
body,
|
|
157
|
+
});
|
|
158
|
+
const payload = await response.json().catch(() => undefined);
|
|
159
|
+
if (!response.ok) {
|
|
160
|
+
throw idpError("token_exchange_failed", "idp token endpoint rejected the request", response.status, payload);
|
|
161
|
+
}
|
|
162
|
+
return payload;
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
export { BaseIdPClient as BaseIdpClient };
|
|
166
|
+
function trimSlash(value) {
|
|
167
|
+
return value.replace(/\/+$/, "");
|
|
168
|
+
}
|
|
169
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAcvC,MAAM,OAAO,aAAa;IAMK;IALV,GAAG,CAA2B;IAEzC,aAAa,CAA2B;IACxC,QAAQ,CAAuB;IAEvC,YAA6B,SAAwB;QAAxB,cAAS,GAAT,SAAS,CAAe;QACnD,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;YACnB,MAAM,QAAQ,CAAC,gBAAgB,EAAE,yCAAyC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,QAAQ,CAAC,gBAAgB,EAAE,0CAA0C,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,QAAQ,CAAC,gBAAgB,EAAE,mCAAmC,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,GAAG,GAAG;YACT,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC;YACnC,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,QAAQ,EAAE,EAAE;YACZ,WAAW,EAAE,EAAE;YACf,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,mBAAmB;YAC7B,KAAK,EAAE,OAAoB;YAC3B,YAAY,EAAE,SAAS,CAAC,MAAM,IAAI,EAAE;YACpC,YAAY,EAAE,KAAK;YACnB,aAAa,EAAE,EAAE;YACjB,kBAAkB,EAAE,EAAE;YACtB,aAAa,EAAE,EAAE;SAClB,CAAC;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;IACzB,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,QAA2B,IAAI,CAAC,GAAG,CAAC,MAAM;QAC/C,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3F,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC;QAEvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CACnC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,yBAAyB,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAC7E,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAC5C,CAAC;QACF,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAyB,CAAC;QAClF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,QAAQ,CAAC,yBAAyB,EAAE,mCAAmC,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC3G,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,kBAAkB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;QAC3C,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAK,GAAG,KAAK;QAC3B,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC;QAE5D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,8BAA8B,EAAE;YACtF,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,QAAQ,CAAC,kBAAkB,EAAE,6CAA6C,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrG,CAAC;QACD,IAAI,CAAC,aAAa,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QACxE,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAK,GAAG,KAAK;QAC5B,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAElD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,0BAA0B,EAAE;YACzE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,QAAQ,CAAC,kBAAkB,EAAE,8CAA8C,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QACtG,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;QAC/D,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,YAAY,CAAC,UAA+B,EAAE;QAC5C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,QAAQ,CAAC,iBAAiB,EAAE,oEAAoE,CAAC,CAAC;QAC1G,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,mBAAmB,CAAC,CAAC;QAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,CAAC;QACtE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,KAAK;YAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QAChE,IAAI,OAAO,CAAC,KAAK;YAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QAChE,IAAI,OAAO,CAAC,aAAa;YAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1F,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;YAC9D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,mBAAmB,IAAI,MAAM,CAAC,CAAC;QACvF,CAAC;QACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9E,IAAI,GAAG,IAAI,KAAK;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAA6B;QAC9C,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,MAAM,QAAQ,CAAC,iBAAiB,EAAE,gCAAgC,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,UAAU,EAAE,oBAAoB;YAChC,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ;YAC5B,YAAY,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW;SAC1D,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY;YAAE,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC5E,IAAI,OAAO,CAAC,YAAY;YAAE,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,QAAQ,CAAC,iBAAiB,EAAE,2BAA2B,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;YACnC,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ;SAC7B,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY;YAAE,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC5E,IAAI,OAAO,CAAC,MAAM;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;IACvD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,IAAqB;QAC7D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI;SACL,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,QAAQ,CAAC,uBAAuB,EAAE,yCAAyC,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/G,CAAC;QACD,OAAO,OAAoB,CAAC;IAC9B,CAAC;CACF;AAED,OAAO,EAAE,aAAa,IAAI,aAAa,EAAE,CAAC;AAE1C,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC"}
|
package/dist/errors.d.ts
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export declare class BaseIdPError extends Error {
|
|
2
|
+
readonly code: string;
|
|
3
|
+
readonly status?: number;
|
|
4
|
+
readonly details?: unknown;
|
|
5
|
+
constructor(code: string, message: string, options?: {
|
|
6
|
+
status?: number;
|
|
7
|
+
details?: unknown;
|
|
8
|
+
});
|
|
9
|
+
}
|
|
10
|
+
export declare function idpError(code: string, message: string, status?: number, details?: unknown): BaseIdPError;
|
|
11
|
+
export { BaseIdPError as BaseIdpError };
|
|
12
|
+
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,YAAa,SAAQ,KAAK;IACrC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;gBAEf,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAO;CAOhG;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,YAAY,CAExG;AAED,OAAO,EAAE,YAAY,IAAI,YAAY,EAAE,CAAC"}
|
package/dist/errors.js
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export class BaseIdPError extends Error {
|
|
2
|
+
code;
|
|
3
|
+
status;
|
|
4
|
+
details;
|
|
5
|
+
constructor(code, message, options = {}) {
|
|
6
|
+
super(message);
|
|
7
|
+
this.name = "BaseIdPError";
|
|
8
|
+
this.code = code;
|
|
9
|
+
this.status = options.status;
|
|
10
|
+
this.details = options.details;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
export function idpError(code, message, status, details) {
|
|
14
|
+
return new BaseIdPError(code, message, { status, details });
|
|
15
|
+
}
|
|
16
|
+
export { BaseIdPError as BaseIdpError };
|
|
17
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,YAAa,SAAQ,KAAK;IAC5B,IAAI,CAAS;IACb,MAAM,CAAU;IAChB,OAAO,CAAW;IAE3B,YAAY,IAAY,EAAE,OAAe,EAAE,UAAkD,EAAE;QAC7F,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;CACF;AAED,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,OAAe,EAAE,MAAe,EAAE,OAAiB;IACxF,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,OAAO,EAAE,YAAY,IAAI,YAAY,EAAE,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export { BaseIdPClient, BaseIdPClient as BaseIdpClient } from "./client.js";
|
|
2
|
+
export { BaseIdPError, BaseIdPError as BaseIdpError, idpError } from "./errors.js";
|
|
3
|
+
export { generatePKCE } from "./pkce.js";
|
|
4
|
+
export type { AccessClaims, AccountContext, AuthorizeUrlOptions, BaseIdPConfig, BaseIdPConfig as BaseIdpConfig, ClientConfigResponse, PKCEPair, RefreshOptions, ResolvedConfig, BaseIdpIdentityMetadata, BaseIdpPublicKey, BaseIdpPublicKeySet, TokenExchangeOptions, TokenPair, VerifiedPrincipal, VerifyAccessTokenOptions, } from "./types.js";
|
|
5
|
+
export { createReactBaseIdpAuth, } from "./react.js";
|
|
6
|
+
export { createNextBaseIdpAuth, } from "./next.js";
|
|
7
|
+
export { baseIdpConfigFromNodeEnv, createNodeBaseIdpAuth, createExpressMiddleware, createNestBaseIdpGuard, } from "./node.js";
|
|
8
|
+
export { createViteBaseIdpAuth, baseIdpConfigFromViteEnv, } from "./vite.js";
|
|
9
|
+
export { createSvelteKitBaseIdpAuth, } from "./sveltekit.js";
|
|
10
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,IAAI,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,YAAY,IAAI,YAAY,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,YAAY,EACV,YAAY,EACZ,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,aAAa,IAAI,aAAa,EAC9B,oBAAoB,EACpB,QAAQ,EACR,cAAc,EACd,cAAc,EACd,uBAAuB,EACvB,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,SAAS,EACT,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,sBAAsB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,qBAAqB,GACtB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,0BAA0B,GAC3B,MAAM,gBAAgB,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export { BaseIdPClient, BaseIdPClient as BaseIdpClient } from "./client.js";
|
|
2
|
+
export { BaseIdPError, BaseIdPError as BaseIdpError, idpError } from "./errors.js";
|
|
3
|
+
export { generatePKCE } from "./pkce.js";
|
|
4
|
+
export { createReactBaseIdpAuth, } from "./react.js";
|
|
5
|
+
export { createNextBaseIdpAuth, } from "./next.js";
|
|
6
|
+
export { baseIdpConfigFromNodeEnv, createNodeBaseIdpAuth, createExpressMiddleware, createNestBaseIdpGuard, } from "./node.js";
|
|
7
|
+
export { createViteBaseIdpAuth, baseIdpConfigFromViteEnv, } from "./vite.js";
|
|
8
|
+
export { createSvelteKitBaseIdpAuth, } from "./sveltekit.js";
|
|
9
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,IAAI,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,YAAY,IAAI,YAAY,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAmBzC,OAAO,EACL,sBAAsB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,qBAAqB,GACtB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,0BAA0B,GAC3B,MAAM,gBAAgB,CAAC"}
|
package/dist/next.d.ts
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { BaseIdPServerClient } from "./server.js";
|
|
2
|
+
import type { BaseIdPConfig, TokenPair, VerifiedPrincipal } from "./types.js";
|
|
3
|
+
export type NextCallbackContext = {
|
|
4
|
+
request: Request;
|
|
5
|
+
tokens: TokenPair;
|
|
6
|
+
principal: VerifiedPrincipal;
|
|
7
|
+
state?: string;
|
|
8
|
+
};
|
|
9
|
+
export type NextBaseIdpAuthOptions = {
|
|
10
|
+
defaultReturnTo?: string;
|
|
11
|
+
resolveCodeVerifier?: (request: Request, state?: string) => string | Promise<string | undefined> | undefined;
|
|
12
|
+
onCallback?: (context: NextCallbackContext) => Response | Promise<Response>;
|
|
13
|
+
};
|
|
14
|
+
export declare function createNextBaseIdpAuth(config: BaseIdPConfig, options?: NextBaseIdpAuthOptions): {
|
|
15
|
+
client: BaseIdPServerClient;
|
|
16
|
+
login(request: Request): Response;
|
|
17
|
+
callback(request: Request): Promise<Response>;
|
|
18
|
+
};
|
|
19
|
+
//# sourceMappingURL=next.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"next.d.ts","sourceRoot":"","sources":["../src/next.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE9E,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,SAAS,CAAC;IAC7G,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,mBAAmB,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC7E,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,aAAa,EAAE,OAAO,GAAE,sBAA2B;;mBAI9E,OAAO,GAAG,QAAQ;sBAMT,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;EA0BtD"}
|
package/dist/next.js
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { BaseIdPServerClient } from "./server.js";
|
|
2
|
+
export function createNextBaseIdpAuth(config, options = {}) {
|
|
3
|
+
const client = new BaseIdPServerClient(config);
|
|
4
|
+
return {
|
|
5
|
+
client,
|
|
6
|
+
login(request) {
|
|
7
|
+
const requestURL = new URL(request.url);
|
|
8
|
+
const returnTo = requestURL.searchParams.get("return_to") ?? options.defaultReturnTo;
|
|
9
|
+
const location = client.authorizeUrl({ state: returnTo ?? undefined });
|
|
10
|
+
return Response.redirect(location, 302);
|
|
11
|
+
},
|
|
12
|
+
async callback(request) {
|
|
13
|
+
const requestURL = new URL(request.url);
|
|
14
|
+
const code = requestURL.searchParams.get("code");
|
|
15
|
+
const state = requestURL.searchParams.get("state") ?? undefined;
|
|
16
|
+
if (!code) {
|
|
17
|
+
return Response.json({ error: "missing_code" }, { status: 400 });
|
|
18
|
+
}
|
|
19
|
+
const codeVerifier = await options.resolveCodeVerifier?.(request, state);
|
|
20
|
+
const tokens = await client.exchangeCode({ code, codeVerifier });
|
|
21
|
+
const principal = await client.verifyAccessToken(tokens.access_token);
|
|
22
|
+
const context = { request, tokens, principal, state };
|
|
23
|
+
if (options.onCallback) {
|
|
24
|
+
return options.onCallback(context);
|
|
25
|
+
}
|
|
26
|
+
return Response.json({
|
|
27
|
+
ok: true,
|
|
28
|
+
principal: {
|
|
29
|
+
id: principal.id,
|
|
30
|
+
email: principal.email,
|
|
31
|
+
role: principal.role,
|
|
32
|
+
scopes: principal.scopes,
|
|
33
|
+
},
|
|
34
|
+
state,
|
|
35
|
+
});
|
|
36
|
+
},
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=next.js.map
|
package/dist/next.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"next.js","sourceRoot":"","sources":["../src/next.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAgBlD,MAAM,UAAU,qBAAqB,CAAC,MAAqB,EAAE,UAAkC,EAAE;IAC/F,MAAM,MAAM,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,OAAO;QACL,MAAM;QACN,KAAK,CAAC,OAAgB;YACpB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC;YACrF,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,QAAQ,IAAI,SAAS,EAAE,CAAC,CAAC;YACvE,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;QACD,KAAK,CAAC,QAAQ,CAAC,OAAgB;YAC7B,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAChE,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACnE,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,mBAAmB,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACzE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACtE,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YACtD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YACD,OAAO,QAAQ,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,IAAI;gBACR,SAAS,EAAE;oBACT,EAAE,EAAE,SAAS,CAAC,EAAE;oBAChB,KAAK,EAAE,SAAS,CAAC,KAAK;oBACtB,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,MAAM,EAAE,SAAS,CAAC,MAAM;iBACzB;gBACD,KAAK;aACN,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/node.d.ts
ADDED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import { BaseIdPServerClient } from "./server.js";
|
|
2
|
+
import type { BaseIdPConfig, VerifiedPrincipal, VerifyAccessTokenOptions } from "./types.js";
|
|
3
|
+
export type HeaderBag = Headers | {
|
|
4
|
+
get?(name: string): string | null | undefined;
|
|
5
|
+
authorization?: string | string[];
|
|
6
|
+
Authorization?: string | string[];
|
|
7
|
+
cookie?: string | string[];
|
|
8
|
+
Cookie?: string | string[];
|
|
9
|
+
[key: string]: string | string[] | ((name: string) => string | null | undefined) | undefined;
|
|
10
|
+
};
|
|
11
|
+
export type NodeRequestLike = {
|
|
12
|
+
headers: HeaderBag;
|
|
13
|
+
cookies?: Record<string, string | undefined>;
|
|
14
|
+
user?: unknown;
|
|
15
|
+
baseIdpPrincipal?: VerifiedPrincipal;
|
|
16
|
+
baseIdpClaims?: VerifiedPrincipal["claims"];
|
|
17
|
+
};
|
|
18
|
+
export type NodeResponseLike = {
|
|
19
|
+
statusCode: number;
|
|
20
|
+
setHeader(name: string, value: string | string[]): void;
|
|
21
|
+
end(body?: string): void;
|
|
22
|
+
};
|
|
23
|
+
export type NodeNext = (error?: unknown) => void;
|
|
24
|
+
export type ExpressRequestLike = NodeRequestLike & {
|
|
25
|
+
header?(name: string): string | undefined;
|
|
26
|
+
};
|
|
27
|
+
export type ExpressResponseLike = NodeResponseLike & {
|
|
28
|
+
status?(statusCode: number): ExpressResponseLike;
|
|
29
|
+
json?(body: unknown): void;
|
|
30
|
+
};
|
|
31
|
+
export type ExpressNext = NodeNext;
|
|
32
|
+
export type NestExecutionContextLike = {
|
|
33
|
+
switchToHttp(): {
|
|
34
|
+
getRequest<T = NodeRequestLike>(): T;
|
|
35
|
+
};
|
|
36
|
+
};
|
|
37
|
+
export type NodeEnvLike = Record<string, string | undefined>;
|
|
38
|
+
export type NodeBaseIdpAuthOptions = VerifyAccessTokenOptions & {
|
|
39
|
+
attach?: boolean;
|
|
40
|
+
attachUser?: boolean;
|
|
41
|
+
cookieName?: string;
|
|
42
|
+
errorBody?: boolean;
|
|
43
|
+
};
|
|
44
|
+
export type NodeBaseIdpAuth = ReturnType<typeof createNodeBaseIdpAuth>;
|
|
45
|
+
export declare function baseIdpConfigFromNodeEnv(env?: NodeEnvLike, overrides?: Partial<BaseIdPConfig>): BaseIdPConfig;
|
|
46
|
+
export declare function readHeader(headers: HeaderBag | undefined, name: string): string | null;
|
|
47
|
+
export declare function bearerTokenFromHeaders(headers: HeaderBag): string | null;
|
|
48
|
+
export declare function bearerTokenFromRequest(request: NodeRequestLike, options?: Pick<NodeBaseIdpAuthOptions, "cookieName">): string | null;
|
|
49
|
+
export declare function createNodeBaseIdpAuth(configOrClient: BaseIdPConfig | BaseIdPServerClient): {
|
|
50
|
+
client: BaseIdPServerClient;
|
|
51
|
+
verifyRequest(request: NodeRequestLike, options?: NodeBaseIdpAuthOptions): Promise<VerifiedPrincipal>;
|
|
52
|
+
requireAuth(options?: NodeBaseIdpAuthOptions): (request: NodeRequestLike, response: NodeResponseLike, next: NodeNext) => Promise<void>;
|
|
53
|
+
};
|
|
54
|
+
export declare function createExpressMiddleware(configOrClient: BaseIdPConfig | BaseIdPServerClient, options?: NodeBaseIdpAuthOptions): (request: ExpressRequestLike, response: ExpressResponseLike, next: ExpressNext) => Promise<void>;
|
|
55
|
+
export declare function createNestBaseIdpGuard(configOrClient: BaseIdPConfig | BaseIdPServerClient, options?: NodeBaseIdpAuthOptions): {
|
|
56
|
+
new (): {
|
|
57
|
+
canActivate(context: NestExecutionContextLike): Promise<boolean>;
|
|
58
|
+
};
|
|
59
|
+
};
|
|
60
|
+
//# sourceMappingURL=node.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"node.d.ts","sourceRoot":"","sources":["../src/node.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EAAE,aAAa,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE7F,MAAM,MAAM,SAAS,GACjB,OAAO,GACP;IACE,GAAG,CAAC,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;IAC9C,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,GAAG,SAAS,CAAC;CAC9F,CAAC;AAEN,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,SAAS,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAC7C,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,gBAAgB,CAAC,EAAE,iBAAiB,CAAC;IACrC,aAAa,CAAC,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC;CAC7C,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IACxD,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;AAEjD,MAAM,MAAM,kBAAkB,GAAG,eAAe,GAAG;IACjD,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,gBAAgB,GAAG;IACnD,MAAM,CAAC,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,CAAC;IACjD,IAAI,CAAC,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEnC,MAAM,MAAM,wBAAwB,GAAG;IACrC,YAAY,IAAI;QACd,UAAU,CAAC,CAAC,GAAG,eAAe,KAAK,CAAC,CAAC;KACtC,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;AAE7D,MAAM,MAAM,sBAAsB,GAAG,wBAAwB,GAAG;IAC9D,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEvE,wBAAgB,wBAAwB,CACtC,GAAG,GAAE,WAAyB,EAC9B,SAAS,GAAE,OAAO,CAAC,aAAa,CAAM,GACrC,aAAa,CAOf;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,SAAS,GAAG,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAStF;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,IAAI,CAKxE;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,GAAE,IAAI,CAAC,sBAAsB,EAAE,YAAY,CAAM,GAAG,MAAM,GAAG,IAAI,CASxI;AAED,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,aAAa,GAAG,mBAAmB;;2BAKxD,eAAe,YAAW,sBAAsB,GAAQ,OAAO,CAAC,iBAAiB,CAAC;0BAa1F,sBAAsB,IAC3B,SAAS,eAAe,EAAE,UAAU,gBAAgB,EAAE,MAAM,QAAQ;EAcvF;AAED,wBAAgB,uBAAuB,CAAC,cAAc,EAAE,aAAa,GAAG,mBAAmB,EAAE,OAAO,GAAE,sBAA2B,IAEjH,SAAS,kBAAkB,EAAE,UAAU,mBAAmB,EAAE,MAAM,WAAW,mBAY5F;AAED,wBAAgB,sBAAsB,CAAC,cAAc,EAAE,aAAa,GAAG,mBAAmB,EAAE,OAAO,GAAE,sBAA2B;;6BAGjG,wBAAwB,GAAG,OAAO,CAAC,OAAO,CAAC;;EAMzE"}
|
package/dist/node.js
ADDED
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
import { BaseIdPServerClient } from "./server.js";
|
|
2
|
+
import { idpError, BaseIdPError } from "./errors.js";
|
|
3
|
+
export function baseIdpConfigFromNodeEnv(env = process.env, overrides = {}) {
|
|
4
|
+
return {
|
|
5
|
+
key: requiredEnv(env, "BASE_IDP_KEY", overrides.key),
|
|
6
|
+
issuer: requiredEnv(env, "BASE_IDP_ISSUER", overrides.issuer),
|
|
7
|
+
secret: overrides.secret ?? env.BASE_IDP_CLIENT_SECRET ?? env.BASE_IDP_SECRET,
|
|
8
|
+
fetch: overrides.fetch,
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
export function readHeader(headers, name) {
|
|
12
|
+
if (!headers)
|
|
13
|
+
return null;
|
|
14
|
+
const getter = typeof headers.get === "function" ? headers.get.bind(headers) : undefined;
|
|
15
|
+
const fromGetter = getter?.(name) ?? getter?.(name.toLowerCase()) ?? getter?.(name.toUpperCase());
|
|
16
|
+
if (fromGetter)
|
|
17
|
+
return fromGetter;
|
|
18
|
+
const record = headers;
|
|
19
|
+
const raw = record[name] ?? record[name.toLowerCase()] ?? record[canonicalHeaderName(name)];
|
|
20
|
+
if (Array.isArray(raw))
|
|
21
|
+
return raw[0] ?? null;
|
|
22
|
+
return raw ?? null;
|
|
23
|
+
}
|
|
24
|
+
export function bearerTokenFromHeaders(headers) {
|
|
25
|
+
const value = readHeader(headers, "authorization");
|
|
26
|
+
if (!value)
|
|
27
|
+
return null;
|
|
28
|
+
const match = value.match(/^Bearer\s+(.+)$/i);
|
|
29
|
+
return match?.[1]?.trim() || null;
|
|
30
|
+
}
|
|
31
|
+
export function bearerTokenFromRequest(request, options = {}) {
|
|
32
|
+
const headerToken = bearerTokenFromHeaders(request.headers);
|
|
33
|
+
if (headerToken)
|
|
34
|
+
return headerToken;
|
|
35
|
+
if (!options.cookieName)
|
|
36
|
+
return null;
|
|
37
|
+
const directCookie = request.cookies?.[options.cookieName];
|
|
38
|
+
if (directCookie)
|
|
39
|
+
return directCookie;
|
|
40
|
+
const cookieHeader = readHeader(request.headers, "cookie");
|
|
41
|
+
if (!cookieHeader)
|
|
42
|
+
return null;
|
|
43
|
+
return parseCookie(cookieHeader)[options.cookieName] ?? null;
|
|
44
|
+
}
|
|
45
|
+
export function createNodeBaseIdpAuth(configOrClient) {
|
|
46
|
+
const client = configOrClient instanceof BaseIdPServerClient ? configOrClient : new BaseIdPServerClient(configOrClient);
|
|
47
|
+
return {
|
|
48
|
+
client,
|
|
49
|
+
async verifyRequest(request, options = {}) {
|
|
50
|
+
const token = bearerTokenFromRequest(request, options);
|
|
51
|
+
if (!token) {
|
|
52
|
+
throw idpError("missing_bearer_token", "missing bearer token");
|
|
53
|
+
}
|
|
54
|
+
const principal = await client.verifyAccessToken(token, options);
|
|
55
|
+
if (options.attach !== false) {
|
|
56
|
+
request.baseIdpPrincipal = principal;
|
|
57
|
+
request.baseIdpClaims = principal.claims;
|
|
58
|
+
if (options.attachUser)
|
|
59
|
+
request.user = principal;
|
|
60
|
+
}
|
|
61
|
+
return principal;
|
|
62
|
+
},
|
|
63
|
+
requireAuth(options = {}) {
|
|
64
|
+
return async (request, response, next) => {
|
|
65
|
+
try {
|
|
66
|
+
await this.verifyRequest(request, options);
|
|
67
|
+
next();
|
|
68
|
+
}
|
|
69
|
+
catch (error) {
|
|
70
|
+
if (options.errorBody === false) {
|
|
71
|
+
next(error);
|
|
72
|
+
return;
|
|
73
|
+
}
|
|
74
|
+
writeAuthError(response, error);
|
|
75
|
+
}
|
|
76
|
+
};
|
|
77
|
+
},
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
export function createExpressMiddleware(configOrClient, options = {}) {
|
|
81
|
+
const auth = createNodeBaseIdpAuth(configOrClient);
|
|
82
|
+
return async (request, response, next) => {
|
|
83
|
+
try {
|
|
84
|
+
await auth.verifyRequest(request, options);
|
|
85
|
+
next();
|
|
86
|
+
}
|
|
87
|
+
catch (error) {
|
|
88
|
+
if (options.errorBody === false) {
|
|
89
|
+
next(error);
|
|
90
|
+
return;
|
|
91
|
+
}
|
|
92
|
+
writeAuthError(response, error);
|
|
93
|
+
}
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
export function createNestBaseIdpGuard(configOrClient, options = {}) {
|
|
97
|
+
const auth = createNodeBaseIdpAuth(configOrClient);
|
|
98
|
+
return class BaseIdPNestGuard {
|
|
99
|
+
async canActivate(context) {
|
|
100
|
+
const request = context.switchToHttp().getRequest();
|
|
101
|
+
await auth.verifyRequest(request, options);
|
|
102
|
+
return true;
|
|
103
|
+
}
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
function writeAuthError(response, error) {
|
|
107
|
+
const code = error instanceof BaseIdPError ? error.code : "unauthorized";
|
|
108
|
+
const statusCode = code === "insufficient_scope" ? 403 : 401;
|
|
109
|
+
const body = { error: code, error_description: error instanceof Error ? error.message : "unauthorized" };
|
|
110
|
+
response.setHeader("WWW-Authenticate", `Bearer error="${code}"`);
|
|
111
|
+
response.setHeader("Content-Type", "application/json");
|
|
112
|
+
const maybeExpress = response;
|
|
113
|
+
const status = maybeExpress.status;
|
|
114
|
+
const json = maybeExpress.json;
|
|
115
|
+
if (typeof status === "function" && typeof json === "function") {
|
|
116
|
+
status.call(maybeExpress, statusCode);
|
|
117
|
+
json.call(maybeExpress, body);
|
|
118
|
+
return;
|
|
119
|
+
}
|
|
120
|
+
response.statusCode = statusCode;
|
|
121
|
+
response.end(JSON.stringify(body));
|
|
122
|
+
}
|
|
123
|
+
function parseCookie(header) {
|
|
124
|
+
const out = {};
|
|
125
|
+
for (const part of header.split(";")) {
|
|
126
|
+
const idx = part.indexOf("=");
|
|
127
|
+
if (idx <= 0)
|
|
128
|
+
continue;
|
|
129
|
+
const key = part.slice(0, idx).trim();
|
|
130
|
+
const value = part.slice(idx + 1).trim();
|
|
131
|
+
if (key)
|
|
132
|
+
out[key] = decodeURIComponent(value);
|
|
133
|
+
}
|
|
134
|
+
return out;
|
|
135
|
+
}
|
|
136
|
+
function requiredEnv(env, name, override) {
|
|
137
|
+
const value = override ?? env[name];
|
|
138
|
+
if (!value)
|
|
139
|
+
throw new Error(`${name} is required`);
|
|
140
|
+
return value;
|
|
141
|
+
}
|
|
142
|
+
function canonicalHeaderName(name) {
|
|
143
|
+
return name
|
|
144
|
+
.split("-")
|
|
145
|
+
.map((part) => part.slice(0, 1).toUpperCase() + part.slice(1).toLowerCase())
|
|
146
|
+
.join("-");
|
|
147
|
+
}
|
|
148
|
+
//# sourceMappingURL=node.js.map
|
package/dist/node.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"node.js","sourceRoot":"","sources":["../src/node.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AA0DrD,MAAM,UAAU,wBAAwB,CACtC,MAAmB,OAAO,CAAC,GAAG,EAC9B,YAAoC,EAAE;IAEtC,OAAO;QACL,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,cAAc,EAAE,SAAS,CAAC,GAAG,CAAC;QACpD,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,iBAAiB,EAAE,SAAS,CAAC,MAAM,CAAC;QAC7D,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,GAAG,CAAC,sBAAsB,IAAI,GAAG,CAAC,eAAe;QAC7E,KAAK,EAAE,SAAS,CAAC,KAAK;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAA8B,EAAE,IAAY;IACrE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzF,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAClG,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,MAAM,GAAG,OAAwD,CAAC;IACxE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5F,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC9C,OAAO,GAAG,IAAI,IAAI,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAkB;IACvD,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACnD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC9C,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAwB,EAAE,UAAsD,EAAE;IACvH,MAAM,WAAW,GAAG,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,IAAI,CAAC,OAAO,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IACtC,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3D,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAC/B,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,cAAmD;IACvF,MAAM,MAAM,GAAG,cAAc,YAAY,mBAAmB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,mBAAmB,CAAC,cAAc,CAAC,CAAC;IAExH,OAAO;QACL,MAAM;QACN,KAAK,CAAC,aAAa,CAAC,OAAwB,EAAE,UAAkC,EAAE;YAChF,MAAM,KAAK,GAAG,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,QAAQ,CAAC,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;YACjE,CAAC;YACD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACjE,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC7B,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC;gBACrC,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC;gBACzC,IAAI,OAAO,CAAC,UAAU;oBAAE,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC;YACnD,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,WAAW,CAAC,UAAkC,EAAE;YAC9C,OAAO,KAAK,EAAE,OAAwB,EAAE,QAA0B,EAAE,IAAc,EAAE,EAAE;gBACpF,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;oBAC3C,IAAI,EAAE,CAAC;gBACT,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,OAAO,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;wBAChC,IAAI,CAAC,KAAK,CAAC,CAAC;wBACZ,OAAO;oBACT,CAAC;oBACD,cAAc,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,cAAmD,EAAE,UAAkC,EAAE;IAC/H,MAAM,IAAI,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;IACnD,OAAO,KAAK,EAAE,OAA2B,EAAE,QAA6B,EAAE,IAAiB,EAAE,EAAE;QAC7F,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC3C,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,OAAO,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;gBAChC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,cAAc,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAClC,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,cAAmD,EAAE,UAAkC,EAAE;IAC9H,MAAM,IAAI,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;IACnD,OAAO,MAAM,gBAAgB;QAC3B,KAAK,CAAC,WAAW,CAAC,OAAiC;YACjD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAmB,CAAC;YACrE,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,QAAgD,EAAE,KAAc;IACtF,MAAM,IAAI,GAAG,KAAK,YAAY,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC;IACzE,MAAM,UAAU,GAAG,IAAI,KAAK,oBAAoB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC7D,MAAM,IAAI,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;IACzG,QAAQ,CAAC,SAAS,CAAC,kBAAkB,EAAE,iBAAiB,IAAI,GAAG,CAAC,CAAC;IACjE,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,QAA+B,CAAC;IACrD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IACnC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC;IAC/B,IAAI,OAAO,MAAM,KAAK,UAAU,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/D,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAC9B,OAAO;IACT,CAAC;IACD,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACjC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,GAAG,IAAI,CAAC;YAAE,SAAS;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,IAAI,GAAG;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,GAAgB,EAAE,IAAY,EAAE,QAAiB;IACpE,MAAM,KAAK,GAAG,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,cAAc,CAAC,CAAC;IACnD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACvC,OAAO,IAAI;SACR,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;SAC3E,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC"}
|
package/dist/paseto.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { BaseIdpPublicKeySet, VerifiedPrincipal, VerifyAccessTokenOptions } from "./types.js";
|
|
2
|
+
type Footer = {
|
|
3
|
+
kid?: string;
|
|
4
|
+
alg?: string;
|
|
5
|
+
typ?: string;
|
|
6
|
+
};
|
|
7
|
+
export declare function unsafeFooter(token: string): Footer;
|
|
8
|
+
export declare function unsafeFooterKid(token: string): string | undefined;
|
|
9
|
+
export declare function verifyPasetoV4Public(token: string, keySet: BaseIdpPublicKeySet, config: {
|
|
10
|
+
issuer: string;
|
|
11
|
+
audience?: string;
|
|
12
|
+
requiredScope?: string;
|
|
13
|
+
}, options?: VerifyAccessTokenOptions): VerifiedPrincipal;
|
|
14
|
+
export {};
|
|
15
|
+
//# sourceMappingURL=paseto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"paseto.d.ts","sourceRoot":"","sources":["../src/paseto.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAgC,mBAAmB,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAMjI,KAAK,MAAM,GAAG;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMlD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEjE;AAED,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,mBAAmB,EAC3B,MAAM,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,EACrE,OAAO,GAAE,wBAA6B,GACrC,iBAAiB,CAsDnB"}
|