base-idp 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +162 -0
- package/dist/base64url.d.ts +6 -0
- package/dist/base64url.d.ts.map +1 -0
- package/dist/base64url.js +39 -0
- package/dist/base64url.js.map +1 -0
- package/dist/bootstrap.d.ts +10 -0
- package/dist/bootstrap.d.ts.map +1 -0
- package/dist/bootstrap.js +18 -0
- package/dist/bootstrap.js.map +1 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +206 -0
- package/dist/cli.js.map +1 -0
- package/dist/client.d.ts +20 -0
- package/dist/client.d.ts.map +1 -0
- package/dist/client.js +169 -0
- package/dist/client.js.map +1 -0
- package/dist/errors.d.ts +12 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +17 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -0
- package/dist/next.d.ts +19 -0
- package/dist/next.d.ts.map +1 -0
- package/dist/next.js +39 -0
- package/dist/next.js.map +1 -0
- package/dist/node.d.ts +60 -0
- package/dist/node.d.ts.map +1 -0
- package/dist/node.js +148 -0
- package/dist/node.js.map +1 -0
- package/dist/paseto.d.ts +15 -0
- package/dist/paseto.d.ts.map +1 -0
- package/dist/paseto.js +103 -0
- package/dist/paseto.js.map +1 -0
- package/dist/pkce.d.ts +3 -0
- package/dist/pkce.d.ts.map +1 -0
- package/dist/pkce.js +18 -0
- package/dist/pkce.js.map +1 -0
- package/dist/react.d.ts +12 -0
- package/dist/react.d.ts.map +1 -0
- package/dist/react.js +21 -0
- package/dist/react.js.map +1 -0
- package/dist/server.d.ts +13 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +25 -0
- package/dist/server.js.map +1 -0
- package/dist/sveltekit.d.ts +17 -0
- package/dist/sveltekit.d.ts.map +1 -0
- package/dist/sveltekit.js +21 -0
- package/dist/sveltekit.js.map +1 -0
- package/dist/types.d.ts +138 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/dist/vite.d.ts +6 -0
- package/dist/vite.d.ts.map +1 -0
- package/dist/vite.js +24 -0
- package/dist/vite.js.map +1 -0
- package/package.json +60 -0
package/dist/paseto.js
ADDED
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
import { createPublicKey, verify as verifySignature } from "node:crypto";
|
|
2
|
+
import { base64UrlDecode, concatBytes, utf8Decode, utf8Encode } from "./base64url.js";
|
|
3
|
+
import { idpError } from "./errors.js";
|
|
4
|
+
const HEADER = utf8Encode("v4.public.");
|
|
5
|
+
const IMPLICIT_ASSERTION = utf8Encode("square-experience:idp:access:v1");
|
|
6
|
+
const ED25519_SPKI_PREFIX = Buffer.from("302a300506032b6570032100", "hex");
|
|
7
|
+
export function unsafeFooter(token) {
|
|
8
|
+
const parts = token.split(".");
|
|
9
|
+
if (parts.length !== 4 || parts[0] !== "v4" || parts[1] !== "public") {
|
|
10
|
+
throw idpError("invalid_token", "token is not PASETO v4.public");
|
|
11
|
+
}
|
|
12
|
+
return JSON.parse(utf8Decode(base64UrlDecode(parts[3])));
|
|
13
|
+
}
|
|
14
|
+
export function unsafeFooterKid(token) {
|
|
15
|
+
return unsafeFooter(token).kid;
|
|
16
|
+
}
|
|
17
|
+
export function verifyPasetoV4Public(token, keySet, config, options = {}) {
|
|
18
|
+
const parts = token.split(".");
|
|
19
|
+
if (parts.length !== 4 || parts[0] !== "v4" || parts[1] !== "public") {
|
|
20
|
+
throw idpError("invalid_token", "token is not PASETO v4.public");
|
|
21
|
+
}
|
|
22
|
+
const payload = base64UrlDecode(parts[2]);
|
|
23
|
+
const footerBytes = base64UrlDecode(parts[3]);
|
|
24
|
+
if (payload.length <= 64) {
|
|
25
|
+
throw idpError("invalid_token", "PASETO payload is too short");
|
|
26
|
+
}
|
|
27
|
+
const footer = JSON.parse(utf8Decode(footerBytes));
|
|
28
|
+
if (footer.alg !== "v4.public" || footer.typ !== "paseto" || !footer.kid) {
|
|
29
|
+
throw idpError("invalid_token", "PASETO footer is not a BaseIdP v4.public footer");
|
|
30
|
+
}
|
|
31
|
+
const publicKey = keySet.keys.find((key) => key.kid === footer.kid && key.alg === "v4.public");
|
|
32
|
+
if (!publicKey) {
|
|
33
|
+
throw idpError("unknown_kid", "PASETO key id is not present in the Base key set");
|
|
34
|
+
}
|
|
35
|
+
const message = payload.subarray(0, payload.length - 64);
|
|
36
|
+
const signature = payload.subarray(payload.length - 64);
|
|
37
|
+
const rawPublicKey = base64UrlDecode(publicKey.public_key_base64);
|
|
38
|
+
if (rawPublicKey.length !== 32 || signature.length !== 64) {
|
|
39
|
+
throw idpError("invalid_key", "Ed25519 public key or signature has an invalid size");
|
|
40
|
+
}
|
|
41
|
+
const spki = Buffer.concat([ED25519_SPKI_PREFIX, Buffer.from(rawPublicKey)]);
|
|
42
|
+
const keyObject = createPublicKey({ key: spki, format: "der", type: "spki" });
|
|
43
|
+
const pae = preAuthEncode([HEADER, message, footerBytes, IMPLICIT_ASSERTION]);
|
|
44
|
+
if (!verifySignature(null, Buffer.from(pae), keyObject, Buffer.from(signature))) {
|
|
45
|
+
throw idpError("invalid_signature", "PASETO signature verification failed");
|
|
46
|
+
}
|
|
47
|
+
const claims = JSON.parse(utf8Decode(message));
|
|
48
|
+
validateClaims(claims, {
|
|
49
|
+
issuer: options.issuer ?? config.issuer,
|
|
50
|
+
audience: options.audience ?? config.audience ?? "square-experience",
|
|
51
|
+
requiredScope: options.requiredScope ?? config.requiredScope,
|
|
52
|
+
maxClockSkewSeconds: options.maxClockSkewSeconds ?? 30,
|
|
53
|
+
});
|
|
54
|
+
return {
|
|
55
|
+
id: claims.gid,
|
|
56
|
+
subject: claims.sub,
|
|
57
|
+
email: claims.email,
|
|
58
|
+
name: claims.name,
|
|
59
|
+
role: claims.role,
|
|
60
|
+
scopes: claims.scp ?? [],
|
|
61
|
+
accountContext: claims.ctx,
|
|
62
|
+
claims,
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
function validateClaims(claims, options) {
|
|
66
|
+
if (claims.token_use !== "access") {
|
|
67
|
+
throw idpError("invalid_claims", "token_use must be access");
|
|
68
|
+
}
|
|
69
|
+
if (claims.iss !== options.issuer || claims.aud !== options.audience) {
|
|
70
|
+
throw idpError("invalid_claims", "issuer or audience mismatch");
|
|
71
|
+
}
|
|
72
|
+
const now = Date.now();
|
|
73
|
+
const skewMs = options.maxClockSkewSeconds * 1000;
|
|
74
|
+
if (Date.parse(claims.exp) <= now - skewMs) {
|
|
75
|
+
throw idpError("token_expired", "access token expired");
|
|
76
|
+
}
|
|
77
|
+
if (Date.parse(claims.nbf) > now + skewMs) {
|
|
78
|
+
throw idpError("token_not_yet_valid", "access token is not valid yet");
|
|
79
|
+
}
|
|
80
|
+
if (options.requiredScope && !(claims.scp ?? []).includes(options.requiredScope)) {
|
|
81
|
+
throw idpError("insufficient_scope", "required scope is missing");
|
|
82
|
+
}
|
|
83
|
+
if (!claims.gid || !claims.sub || !claims.sid || !claims.ctx || !claims.role) {
|
|
84
|
+
throw idpError("invalid_claims", "required identity claims are missing");
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
function preAuthEncode(pieces) {
|
|
88
|
+
const out = [uint64le(pieces.length)];
|
|
89
|
+
for (const piece of pieces) {
|
|
90
|
+
out.push(uint64le(piece.length), piece);
|
|
91
|
+
}
|
|
92
|
+
return concatBytes(out);
|
|
93
|
+
}
|
|
94
|
+
function uint64le(value) {
|
|
95
|
+
const out = new Uint8Array(8);
|
|
96
|
+
let current = BigInt(value);
|
|
97
|
+
for (let i = 0; i < 8; i++) {
|
|
98
|
+
out[i] = Number(current & 0xffn);
|
|
99
|
+
current >>= 8n;
|
|
100
|
+
}
|
|
101
|
+
return out;
|
|
102
|
+
}
|
|
103
|
+
//# sourceMappingURL=paseto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"paseto.js","sourceRoot":"","sources":["../src/paseto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACtF,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGvC,MAAM,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;AACxC,MAAM,kBAAkB,GAAG,UAAU,CAAC,iCAAiC,CAAC,CAAC;AACzE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAQ3E,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACrE,MAAM,QAAQ,CAAC,eAAe,EAAE,+BAA+B,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAW,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,MAA2B,EAC3B,MAAqE,EACrE,UAAoC,EAAE;IAEtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACrE,MAAM,QAAQ,CAAC,eAAe,EAAE,+BAA+B,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9C,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACzB,MAAM,QAAQ,CAAC,eAAe,EAAE,6BAA6B,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,CAAW,CAAC;IAC7D,IAAI,MAAM,CAAC,GAAG,KAAK,WAAW,IAAI,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QACzE,MAAM,QAAQ,CAAC,eAAe,EAAE,iDAAiD,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,WAAW,CAAC,CAAC;IAC/F,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,QAAQ,CAAC,aAAa,EAAE,kDAAkD,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IAClE,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1D,MAAM,QAAQ,CAAC,aAAa,EAAE,qDAAqD,CAAC,CAAC;IACvF,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IAC9E,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC9E,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAChF,MAAM,QAAQ,CAAC,mBAAmB,EAAE,sCAAsC,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAiB,CAAC;IAC/D,cAAc,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM;QACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,IAAI,mBAAmB;QACpE,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa;QAC5D,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,IAAI,EAAE;KACvD,CAAC,CAAC;IAEH,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG;QACd,OAAO,EAAE,MAAM,CAAC,GAAG;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE;QACxB,cAAc,EAAE,MAAM,CAAC,GAAG;QAC1B,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,MAAoB,EAAE,OAAkJ;IAC9L,IAAI,MAAM,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QAClC,MAAM,QAAQ,CAAC,gBAAgB,EAAE,0BAA0B,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrE,MAAM,QAAQ,CAAC,gBAAgB,EAAE,6BAA6B,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAClD,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,MAAM,EAAE,CAAC;QAC3C,MAAM,QAAQ,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;QAC1C,MAAM,QAAQ,CAAC,qBAAqB,EAAE,+BAA+B,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QACjF,MAAM,QAAQ,CAAC,oBAAoB,EAAE,2BAA2B,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC7E,MAAM,QAAQ,CAAC,gBAAgB,EAAE,sCAAsC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAoB;IACzC,MAAM,GAAG,GAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IACpD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC;QACjC,OAAO,KAAK,EAAE,CAAC;IACjB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
package/dist/pkce.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAI3C,wBAAsB,YAAY,CAAC,KAAK,SAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,CAiBhE"}
|
package/dist/pkce.js
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { base64UrlEncode, utf8Encode } from "./base64url.js";
|
|
2
|
+
const VERIFIER_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
|
|
3
|
+
export async function generatePKCE(bytes = 48) {
|
|
4
|
+
const random = new Uint8Array(bytes);
|
|
5
|
+
crypto.getRandomValues(random);
|
|
6
|
+
let verifier = "";
|
|
7
|
+
for (const byte of random) {
|
|
8
|
+
verifier += VERIFIER_CHARS[byte % VERIFIER_CHARS.length];
|
|
9
|
+
}
|
|
10
|
+
const input = utf8Encode(verifier);
|
|
11
|
+
const digest = await crypto.subtle.digest("SHA-256", input.buffer.slice(input.byteOffset, input.byteOffset + input.byteLength));
|
|
12
|
+
return {
|
|
13
|
+
verifier,
|
|
14
|
+
challenge: base64UrlEncode(new Uint8Array(digest)),
|
|
15
|
+
method: "S256",
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=pkce.js.map
|
package/dist/pkce.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAG7D,MAAM,cAAc,GAAG,oEAAoE,CAAC;AAE5F,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAK,GAAG,EAAE;IAC3C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAC/B,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,QAAQ,IAAI,cAAc,CAAC,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACvC,SAAS,EACT,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAgB,CACzF,CAAC;IACF,OAAO;QACL,QAAQ;QACR,SAAS,EAAE,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,EAAE,MAAM;KACf,CAAC;AACJ,CAAC"}
|
package/dist/react.d.ts
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { BaseIdPClient } from "./client.js";
|
|
2
|
+
import type { AuthorizeUrlOptions, BaseIdPConfig } from "./types.js";
|
|
3
|
+
export type ReactBaseIdpAuth = {
|
|
4
|
+
loginHref(options?: AuthorizeUrlOptions): string;
|
|
5
|
+
login(options?: AuthorizeUrlOptions): void;
|
|
6
|
+
buttonProps(options?: AuthorizeUrlOptions): {
|
|
7
|
+
type: "button";
|
|
8
|
+
onClick(): void;
|
|
9
|
+
};
|
|
10
|
+
};
|
|
11
|
+
export declare function createReactBaseIdpAuth(config: BaseIdPConfig | BaseIdPClient): ReactBaseIdpAuth;
|
|
12
|
+
//# sourceMappingURL=react.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"react.d.ts","sourceRoot":"","sources":["../src/react.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAErE,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,MAAM,CAAC;IACjD,KAAK,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAC3C,WAAW,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG;QAC1C,IAAI,EAAE,QAAQ,CAAC;QACf,OAAO,IAAI,IAAI,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa,GAAG,gBAAgB,CAkB9F"}
|
package/dist/react.js
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { BaseIdPClient } from "./client.js";
|
|
2
|
+
export function createReactBaseIdpAuth(config) {
|
|
3
|
+
const client = config instanceof BaseIdPClient ? config : new BaseIdPClient(config);
|
|
4
|
+
return {
|
|
5
|
+
loginHref(options = {}) {
|
|
6
|
+
return client.authorizeUrl(options);
|
|
7
|
+
},
|
|
8
|
+
login(options = {}) {
|
|
9
|
+
window.location.assign(client.authorizeUrl(options));
|
|
10
|
+
},
|
|
11
|
+
buttonProps(options = {}) {
|
|
12
|
+
return {
|
|
13
|
+
type: "button",
|
|
14
|
+
onClick() {
|
|
15
|
+
window.location.assign(client.authorizeUrl(options));
|
|
16
|
+
},
|
|
17
|
+
};
|
|
18
|
+
},
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=react.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"react.js","sourceRoot":"","sources":["../src/react.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAY5C,MAAM,UAAU,sBAAsB,CAAC,MAAqC;IAC1E,MAAM,MAAM,GAAG,MAAM,YAAY,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;IACpF,OAAO;QACL,SAAS,CAAC,OAAO,GAAG,EAAE;YACpB,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,OAAO,GAAG,EAAE;YAChB,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,WAAW,CAAC,OAAO,GAAG,EAAE;YACtB,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,OAAO;oBACL,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;gBACvD,CAAC;aACF,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/server.d.ts
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { BaseIdPClient } from "./client.js";
|
|
2
|
+
import type { BaseIdPConfig, ResolvedConfig, VerifiedPrincipal, VerifyAccessTokenOptions } from "./types.js";
|
|
3
|
+
export declare class BaseIdPServerClient extends BaseIdPClient {
|
|
4
|
+
private readonly serverConfig;
|
|
5
|
+
private initialized;
|
|
6
|
+
constructor(serverConfig: BaseIdPConfig);
|
|
7
|
+
init(): Promise<ResolvedConfig>;
|
|
8
|
+
verifyAccessToken(token: string, options?: VerifyAccessTokenOptions): Promise<VerifiedPrincipal>;
|
|
9
|
+
}
|
|
10
|
+
export { BaseIdPServerClient as BaseIdpServerClient };
|
|
11
|
+
export { verifyPasetoV4Public, unsafeFooter, unsafeFooterKid } from "./paseto.js";
|
|
12
|
+
export type { VerifiedPrincipal, VerifyAccessTokenOptions, AccessClaims } from "./types.js";
|
|
13
|
+
//# sourceMappingURL=server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE7G,qBAAa,mBAAoB,SAAQ,aAAa;IAGxC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAFzC,OAAO,CAAC,WAAW,CAAS;gBAEC,YAAY,EAAE,aAAa;IAIlD,IAAI,IAAI,OAAO,CAAC,cAAc,CAAC;IAO/B,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,GAAE,wBAA6B,GAAG,OAAO,CAAC,iBAAiB,CAAC;CAK3G;AAED,OAAO,EAAE,mBAAmB,IAAI,mBAAmB,EAAE,CAAC;AAEtD,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAClF,YAAY,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}
|
package/dist/server.js
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { BaseIdPClient } from "./client.js";
|
|
2
|
+
import { verifyPasetoV4Public } from "./paseto.js";
|
|
3
|
+
export class BaseIdPServerClient extends BaseIdPClient {
|
|
4
|
+
serverConfig;
|
|
5
|
+
initialized = false;
|
|
6
|
+
constructor(serverConfig) {
|
|
7
|
+
super(serverConfig);
|
|
8
|
+
this.serverConfig = serverConfig;
|
|
9
|
+
}
|
|
10
|
+
async init() {
|
|
11
|
+
if (this.initialized)
|
|
12
|
+
return this.cfg;
|
|
13
|
+
const resolved = await this.resolveConfig();
|
|
14
|
+
this.initialized = true;
|
|
15
|
+
return resolved;
|
|
16
|
+
}
|
|
17
|
+
async verifyAccessToken(token, options = {}) {
|
|
18
|
+
await this.init();
|
|
19
|
+
const keySet = await this.publicKeys();
|
|
20
|
+
return verifyPasetoV4Public(token, keySet, this.cfg, options);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
export { BaseIdPServerClient as BaseIdpServerClient };
|
|
24
|
+
export { verifyPasetoV4Public, unsafeFooter, unsafeFooterKid } from "./paseto.js";
|
|
25
|
+
//# sourceMappingURL=server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAGnD,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAGvB;IAFrB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAA6B,YAA2B;QACtD,KAAK,CAAC,YAAY,CAAC,CAAC;QADO,iBAAY,GAAZ,YAAY,CAAe;IAExD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa,EAAE,UAAoC,EAAE;QAC3E,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;CACF;AAED,OAAO,EAAE,mBAAmB,IAAI,mBAAmB,EAAE,CAAC;AAEtD,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { BaseIdPServerClient } from "./server.js";
|
|
2
|
+
import type { BaseIdPConfig, TokenPair, VerifiedPrincipal } from "./types.js";
|
|
3
|
+
export type SvelteKitEventLike = {
|
|
4
|
+
url: URL;
|
|
5
|
+
request: Request;
|
|
6
|
+
};
|
|
7
|
+
export type SvelteCallbackResult = {
|
|
8
|
+
tokens: TokenPair;
|
|
9
|
+
principal: VerifiedPrincipal;
|
|
10
|
+
state?: string;
|
|
11
|
+
};
|
|
12
|
+
export declare function createSvelteKitBaseIdpAuth(config: BaseIdPConfig): {
|
|
13
|
+
client: BaseIdPServerClient;
|
|
14
|
+
loginLocation(event: SvelteKitEventLike, defaultReturnTo?: string): string;
|
|
15
|
+
callback(event: SvelteKitEventLike, codeVerifier?: string): Promise<SvelteCallbackResult>;
|
|
16
|
+
};
|
|
17
|
+
//# sourceMappingURL=sveltekit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sveltekit.d.ts","sourceRoot":"","sources":["../src/sveltekit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE9E,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,GAAG,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,aAAa;;yBAIvC,kBAAkB,6BAA0B,MAAM;oBAIjD,kBAAkB,iBAAiB,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;EASlG"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { BaseIdPServerClient } from "./server.js";
|
|
2
|
+
export function createSvelteKitBaseIdpAuth(config) {
|
|
3
|
+
const client = new BaseIdPServerClient(config);
|
|
4
|
+
return {
|
|
5
|
+
client,
|
|
6
|
+
loginLocation(event, defaultReturnTo = "/") {
|
|
7
|
+
const returnTo = event.url.searchParams.get("return_to") ?? defaultReturnTo;
|
|
8
|
+
return client.authorizeUrl({ state: returnTo });
|
|
9
|
+
},
|
|
10
|
+
async callback(event, codeVerifier) {
|
|
11
|
+
const code = event.url.searchParams.get("code");
|
|
12
|
+
if (!code)
|
|
13
|
+
throw new Error("missing OAuth authorization code");
|
|
14
|
+
const state = event.url.searchParams.get("state") ?? undefined;
|
|
15
|
+
const tokens = await client.exchangeCode({ code, codeVerifier });
|
|
16
|
+
const principal = await client.verifyAccessToken(tokens.access_token);
|
|
17
|
+
return { tokens, principal, state };
|
|
18
|
+
},
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=sveltekit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sveltekit.js","sourceRoot":"","sources":["../src/sveltekit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAclD,MAAM,UAAU,0BAA0B,CAAC,MAAqB;IAC9D,MAAM,MAAM,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,OAAO;QACL,MAAM;QACN,aAAa,CAAC,KAAyB,EAAE,eAAe,GAAG,GAAG;YAC5D,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC;YAC5E,OAAO,MAAM,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,KAAK,CAAC,QAAQ,CAAC,KAAyB,EAAE,YAAqB;YAC7D,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;YAC/D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAC/D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACtE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;QACtC,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
export type FetchLike = typeof fetch;
|
|
2
|
+
export type BaseIdPConfig = {
|
|
3
|
+
key: string;
|
|
4
|
+
issuer: string;
|
|
5
|
+
secret?: string;
|
|
6
|
+
fetch?: FetchLike;
|
|
7
|
+
};
|
|
8
|
+
export type ClientConfigResponse = {
|
|
9
|
+
client_id: string;
|
|
10
|
+
anon_key: string;
|
|
11
|
+
product: string;
|
|
12
|
+
display_name: string;
|
|
13
|
+
app_domain: string;
|
|
14
|
+
logo_url?: string;
|
|
15
|
+
issuer: string;
|
|
16
|
+
authorization_endpoint: string;
|
|
17
|
+
token_endpoint: string;
|
|
18
|
+
paseto_public_key_endpoint: string;
|
|
19
|
+
allowed_redirect_uris: string[];
|
|
20
|
+
allowed_scopes: string[];
|
|
21
|
+
allowed_auth_methods: string[];
|
|
22
|
+
requested_claims: string[];
|
|
23
|
+
confidential: boolean;
|
|
24
|
+
status: string;
|
|
25
|
+
};
|
|
26
|
+
export type ResolvedConfig = {
|
|
27
|
+
issuer: string;
|
|
28
|
+
clientId: string;
|
|
29
|
+
key: string;
|
|
30
|
+
redirectUri: string;
|
|
31
|
+
scopes: string[];
|
|
32
|
+
audience: string;
|
|
33
|
+
clientSecret?: string;
|
|
34
|
+
requiredScope?: string;
|
|
35
|
+
fetch: FetchLike;
|
|
36
|
+
confidential: boolean;
|
|
37
|
+
allowedScopes: string[];
|
|
38
|
+
allowedAuthMethods: string[];
|
|
39
|
+
};
|
|
40
|
+
export type BaseIdpIdentityMetadata = {
|
|
41
|
+
issuer: string;
|
|
42
|
+
authorization_endpoint: string;
|
|
43
|
+
token_endpoint: string;
|
|
44
|
+
paseto_public_key_endpoint: string;
|
|
45
|
+
token_format: "paseto";
|
|
46
|
+
paseto_purpose: "v4.public";
|
|
47
|
+
grant_types_supported: string[];
|
|
48
|
+
code_challenge_methods_supported?: string[];
|
|
49
|
+
token_endpoint_auth_methods_supported?: string[];
|
|
50
|
+
};
|
|
51
|
+
export type BaseIdpPublicKey = {
|
|
52
|
+
kid: string;
|
|
53
|
+
alg: "v4.public";
|
|
54
|
+
kty: "OKP";
|
|
55
|
+
crv: "Ed25519";
|
|
56
|
+
public_key_base64: string;
|
|
57
|
+
implicit_assertion?: string;
|
|
58
|
+
};
|
|
59
|
+
export type BaseIdpPublicKeySet = {
|
|
60
|
+
keys: BaseIdpPublicKey[];
|
|
61
|
+
};
|
|
62
|
+
export type AuthorizeUrlOptions = {
|
|
63
|
+
responseType?: "code";
|
|
64
|
+
state?: string;
|
|
65
|
+
nonce?: string;
|
|
66
|
+
scopes?: string | string[];
|
|
67
|
+
redirectUri?: string;
|
|
68
|
+
authSessionId?: string;
|
|
69
|
+
codeChallenge?: string;
|
|
70
|
+
codeChallengeMethod?: "S256";
|
|
71
|
+
additionalParameters?: Record<string, string | undefined>;
|
|
72
|
+
};
|
|
73
|
+
export type TokenExchangeOptions = {
|
|
74
|
+
code: string;
|
|
75
|
+
codeVerifier?: string;
|
|
76
|
+
redirectUri?: string;
|
|
77
|
+
};
|
|
78
|
+
export type RefreshOptions = {
|
|
79
|
+
refreshToken: string;
|
|
80
|
+
scopes?: string | string[];
|
|
81
|
+
};
|
|
82
|
+
export type TokenPair = {
|
|
83
|
+
access_token: string;
|
|
84
|
+
refresh_token: string;
|
|
85
|
+
token_type: "PASETO" | string;
|
|
86
|
+
expires_in: number;
|
|
87
|
+
refresh_token_expires_at: string;
|
|
88
|
+
};
|
|
89
|
+
export type AccountContext = {
|
|
90
|
+
kind: "client" | "student" | "developer" | "team" | "organization" | string;
|
|
91
|
+
tenant_id?: string;
|
|
92
|
+
actor_id?: string;
|
|
93
|
+
owner_id?: string;
|
|
94
|
+
};
|
|
95
|
+
export type AccessClaims = {
|
|
96
|
+
iss: string;
|
|
97
|
+
sub: string;
|
|
98
|
+
aud: string;
|
|
99
|
+
exp: string;
|
|
100
|
+
nbf: string;
|
|
101
|
+
iat: string;
|
|
102
|
+
jti: string;
|
|
103
|
+
gid: string;
|
|
104
|
+
email?: string;
|
|
105
|
+
name?: string;
|
|
106
|
+
token_use: "access" | string;
|
|
107
|
+
sid: string;
|
|
108
|
+
ctx: AccountContext;
|
|
109
|
+
role: string;
|
|
110
|
+
ent?: string[];
|
|
111
|
+
ev?: string;
|
|
112
|
+
aal: number;
|
|
113
|
+
amr?: string[];
|
|
114
|
+
azp?: string;
|
|
115
|
+
scp?: string[];
|
|
116
|
+
};
|
|
117
|
+
export type VerifiedPrincipal = {
|
|
118
|
+
id: string;
|
|
119
|
+
subject: string;
|
|
120
|
+
email?: string;
|
|
121
|
+
name?: string;
|
|
122
|
+
role: string;
|
|
123
|
+
scopes: string[];
|
|
124
|
+
accountContext: AccountContext;
|
|
125
|
+
claims: AccessClaims;
|
|
126
|
+
};
|
|
127
|
+
export type VerifyAccessTokenOptions = {
|
|
128
|
+
issuer?: string;
|
|
129
|
+
audience?: string;
|
|
130
|
+
requiredScope?: string;
|
|
131
|
+
maxClockSkewSeconds?: number;
|
|
132
|
+
};
|
|
133
|
+
export type PKCEPair = {
|
|
134
|
+
verifier: string;
|
|
135
|
+
challenge: string;
|
|
136
|
+
method: "S256";
|
|
137
|
+
};
|
|
138
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC;AAErC,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,0BAA0B,EAAE,MAAM,CAAC;IACnC,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,SAAS,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,kBAAkB,EAAE,MAAM,EAAE,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,0BAA0B,EAAE,MAAM,CAAC;IACnC,YAAY,EAAE,QAAQ,CAAC;IACvB,cAAc,EAAE,WAAW,CAAC;IAC5B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gCAAgC,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5C,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;CAClD,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,WAAW,CAAC;IACjB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,SAAS,CAAC;IACf,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,gBAAgB,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;CAC3D,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,QAAQ,GAAG,MAAM,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,wBAAwB,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,WAAW,GAAG,MAAM,GAAG,cAAc,GAAG,MAAM,CAAC;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,QAAQ,GAAG,MAAM,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,cAAc,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,cAAc,CAAC;IAC/B,MAAM,EAAE,YAAY,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
|
package/dist/vite.d.ts
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { ReactBaseIdpAuth } from "./react.js";
|
|
2
|
+
import type { BaseIdPConfig } from "./types.js";
|
|
3
|
+
export type ViteBaseIdpEnv = Record<string, string | boolean | undefined>;
|
|
4
|
+
export declare function baseIdpConfigFromViteEnv(env: ViteBaseIdpEnv, overrides?: Partial<BaseIdPConfig>): BaseIdPConfig;
|
|
5
|
+
export declare function createViteBaseIdpAuth(env: ViteBaseIdpEnv, overrides?: Partial<BaseIdPConfig>): ReactBaseIdpAuth;
|
|
6
|
+
//# sourceMappingURL=vite.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vite.d.ts","sourceRoot":"","sources":["../src/vite.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;AAE1E,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,cAAc,EACnB,SAAS,GAAE,OAAO,CAAC,aAAa,CAAM,GACrC,aAAa,CAOf;AAED,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,cAAc,EACnB,SAAS,GAAE,OAAO,CAAC,aAAa,CAAM,GACrC,gBAAgB,CAElB"}
|
package/dist/vite.js
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { BaseIdPClient } from "./client.js";
|
|
2
|
+
import { createReactBaseIdpAuth } from "./react.js";
|
|
3
|
+
export function baseIdpConfigFromViteEnv(env, overrides = {}) {
|
|
4
|
+
return {
|
|
5
|
+
key: stringEnv(env, "VITE_BASE_IDP_KEY", "BASE_IDP_KEY", overrides.key),
|
|
6
|
+
issuer: stringEnv(env, "VITE_BASE_IDP_ISSUER", "BASE_IDP_ISSUER", overrides.issuer),
|
|
7
|
+
secret: overrides.secret ?? optionalStringEnv(env, "VITE_BASE_IDP_SECRET", "BASE_IDP_SECRET"),
|
|
8
|
+
fetch: overrides.fetch,
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
export function createViteBaseIdpAuth(env, overrides = {}) {
|
|
12
|
+
return createReactBaseIdpAuth(new BaseIdPClient(baseIdpConfigFromViteEnv(env, overrides)));
|
|
13
|
+
}
|
|
14
|
+
function stringEnv(env, publicKey, fallbackKey, fallback) {
|
|
15
|
+
const value = optionalStringEnv(env, publicKey, fallbackKey) ?? fallback;
|
|
16
|
+
if (!value)
|
|
17
|
+
throw new Error(`Missing ${publicKey}`);
|
|
18
|
+
return value;
|
|
19
|
+
}
|
|
20
|
+
function optionalStringEnv(env, publicKey, fallbackKey) {
|
|
21
|
+
const value = env[publicKey] ?? env[fallbackKey];
|
|
22
|
+
return typeof value === "string" && value.trim() ? value.trim() : undefined;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=vite.js.map
|
package/dist/vite.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vite.js","sourceRoot":"","sources":["../src/vite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAMpD,MAAM,UAAU,wBAAwB,CACtC,GAAmB,EACnB,YAAoC,EAAE;IAEtC,OAAO;QACL,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,GAAG,CAAC;QACvE,MAAM,EAAE,SAAS,CAAC,GAAG,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,SAAS,CAAC,MAAM,CAAC;QACnF,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,sBAAsB,EAAE,iBAAiB,CAAC;QAC7F,KAAK,EAAE,SAAS,CAAC,KAAK;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,GAAmB,EACnB,YAAoC,EAAE;IAEtC,OAAO,sBAAsB,CAAC,IAAI,aAAa,CAAC,wBAAwB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,SAAS,SAAS,CAAC,GAAmB,EAAE,SAAiB,EAAE,WAAmB,EAAE,QAAiB;IAC/F,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC,IAAI,QAAQ,CAAC;IACzE,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,WAAW,SAAS,EAAE,CAAC,CAAC;IACpD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAmB,EAAE,SAAiB,EAAE,WAAmB;IACpF,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACjD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9E,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "base-idp",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Base IdP SDK for React, Next.js, SvelteKit, Vite, and server-side TypeScript.",
|
|
5
|
+
"license": "UNLICENSED",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"publishConfig": {
|
|
8
|
+
"access": "public"
|
|
9
|
+
},
|
|
10
|
+
"sideEffects": false,
|
|
11
|
+
"files": [
|
|
12
|
+
"dist",
|
|
13
|
+
"README.md"
|
|
14
|
+
],
|
|
15
|
+
"bin": {
|
|
16
|
+
"base-idp": "./dist/cli.js"
|
|
17
|
+
},
|
|
18
|
+
"exports": {
|
|
19
|
+
".": {
|
|
20
|
+
"types": "./dist/index.d.ts",
|
|
21
|
+
"import": "./dist/index.js"
|
|
22
|
+
},
|
|
23
|
+
"./server": {
|
|
24
|
+
"types": "./dist/server.d.ts",
|
|
25
|
+
"import": "./dist/server.js"
|
|
26
|
+
},
|
|
27
|
+
"./react": {
|
|
28
|
+
"types": "./dist/react.d.ts",
|
|
29
|
+
"import": "./dist/react.js"
|
|
30
|
+
},
|
|
31
|
+
"./next": {
|
|
32
|
+
"types": "./dist/next.d.ts",
|
|
33
|
+
"import": "./dist/next.js"
|
|
34
|
+
},
|
|
35
|
+
"./node": {
|
|
36
|
+
"types": "./dist/node.d.ts",
|
|
37
|
+
"import": "./dist/node.js"
|
|
38
|
+
},
|
|
39
|
+
"./vite": {
|
|
40
|
+
"types": "./dist/vite.d.ts",
|
|
41
|
+
"import": "./dist/vite.js"
|
|
42
|
+
},
|
|
43
|
+
"./sveltekit": {
|
|
44
|
+
"types": "./dist/sveltekit.d.ts",
|
|
45
|
+
"import": "./dist/sveltekit.js"
|
|
46
|
+
}
|
|
47
|
+
},
|
|
48
|
+
"scripts": {
|
|
49
|
+
"build": "tsc -p tsconfig.json",
|
|
50
|
+
"typecheck": "tsc -p tsconfig.json --noEmit",
|
|
51
|
+
"init": "node ./dist/cli.js init"
|
|
52
|
+
},
|
|
53
|
+
"engines": {
|
|
54
|
+
"node": ">=20"
|
|
55
|
+
},
|
|
56
|
+
"devDependencies": {
|
|
57
|
+
"@types/node": "^22.13.10",
|
|
58
|
+
"typescript": "^5.8.2"
|
|
59
|
+
}
|
|
60
|
+
}
|