npm - binoauth - Versions diffs - 0.0.11 → 0.0.13 - Mend

binoauth 0.0.11 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

package/README.md +359 -165
package/dist/core/src/admin/client.d.ts +203 -0
package/dist/core/src/admin/client.d.ts.map +1 -0
package/dist/core/src/admin/client.js +391 -0
package/dist/core/src/admin/client.js.map +1 -0
package/dist/core/src/admin/index.d.ts +6 -0
package/dist/core/src/admin/index.d.ts.map +1 -0
package/dist/core/src/admin/index.js +5 -0
package/dist/core/src/admin/index.js.map +1 -0
package/dist/core/src/admin/types.d.ts +412 -0
package/dist/core/src/admin/types.d.ts.map +1 -0
package/dist/core/src/admin/types.js +5 -0
package/dist/core/src/admin/types.js.map +1 -0
package/dist/core/src/auth/client.d.ts +330 -0
package/dist/core/src/auth/client.d.ts.map +1 -0
package/dist/core/src/auth/client.js +408 -0
package/dist/core/src/auth/client.js.map +1 -0
package/dist/core/src/auth/error.d.ts +113 -0
package/dist/core/src/auth/error.d.ts.map +1 -0
package/dist/core/src/auth/error.js +257 -0
package/dist/core/src/auth/error.js.map +1 -0
package/dist/core/src/auth/flows/base-flow.d.ts +98 -0
package/dist/core/src/auth/flows/base-flow.d.ts.map +1 -0
package/dist/core/src/auth/flows/base-flow.js +182 -0
package/dist/core/src/auth/flows/base-flow.js.map +1 -0
package/dist/core/src/auth/flows/magic-link.d.ts +175 -0
package/dist/core/src/auth/flows/magic-link.d.ts.map +1 -0
package/dist/core/src/auth/flows/magic-link.js +228 -0
package/dist/core/src/auth/flows/magic-link.js.map +1 -0
package/dist/core/src/auth/flows/mfa.d.ts +81 -0
package/dist/core/src/auth/flows/mfa.d.ts.map +1 -0
package/dist/core/src/auth/flows/mfa.js +103 -0
package/dist/core/src/auth/flows/mfa.js.map +1 -0
package/dist/core/src/auth/flows/otp.d.ts +172 -0
package/dist/core/src/auth/flows/otp.d.ts.map +1 -0
package/dist/core/src/auth/flows/otp.js +222 -0
package/dist/core/src/auth/flows/otp.js.map +1 -0
package/dist/core/src/auth/flows/password.d.ts +242 -0
package/dist/core/src/auth/flows/password.d.ts.map +1 -0
package/dist/core/src/auth/flows/password.js +344 -0
package/dist/core/src/auth/flows/password.js.map +1 -0
package/dist/core/src/auth/flows/social.d.ts +209 -0
package/dist/core/src/auth/flows/social.d.ts.map +1 -0
package/dist/core/src/auth/flows/social.js +284 -0
package/dist/core/src/auth/flows/social.js.map +1 -0
package/dist/core/src/auth/index.d.ts +19 -0
package/dist/core/src/auth/index.d.ts.map +1 -0
package/dist/core/src/auth/index.js +32 -0
package/dist/core/src/auth/index.js.map +1 -0
package/dist/core/src/auth/types.d.ts +151 -0
package/dist/core/src/auth/types.d.ts.map +1 -0
package/dist/core/src/auth/types.js +7 -0
package/dist/core/src/auth/types.js.map +1 -0
package/dist/core/src/index.d.ts +53 -49
package/dist/core/src/index.d.ts.map +1 -1
package/dist/core/src/index.js +61 -343
package/dist/core/src/index.js.map +1 -1
package/dist/core/src/oauth/client.d.ts +322 -0
package/dist/core/src/oauth/client.d.ts.map +1 -0
package/dist/core/src/oauth/client.js +491 -0
package/dist/core/src/oauth/client.js.map +1 -0
package/dist/core/src/oauth/error.d.ts +18 -0
package/dist/core/src/oauth/error.d.ts.map +1 -0
package/dist/core/src/oauth/error.js +24 -0
package/dist/core/src/oauth/error.js.map +1 -0
package/dist/core/src/oauth/flows/authorization-code.d.ts +122 -0
package/dist/core/src/oauth/flows/authorization-code.d.ts.map +1 -0
package/dist/core/src/oauth/flows/authorization-code.js +278 -0
package/dist/core/src/oauth/flows/authorization-code.js.map +1 -0
package/dist/core/src/oauth/flows/base-flow.d.ts +17 -0
package/dist/core/src/oauth/flows/base-flow.d.ts.map +1 -0
package/dist/core/src/oauth/flows/base-flow.js +107 -0
package/dist/core/src/oauth/flows/base-flow.js.map +1 -0
package/dist/core/src/oauth/flows/client-credentials.d.ts +72 -0
package/dist/core/src/oauth/flows/client-credentials.d.ts.map +1 -0
package/dist/core/src/oauth/flows/client-credentials.js +100 -0
package/dist/core/src/oauth/flows/client-credentials.js.map +1 -0
package/dist/core/src/oauth/flows/device-code.d.ts +108 -0
package/dist/core/src/oauth/flows/device-code.d.ts.map +1 -0
package/dist/core/src/oauth/flows/device-code.js +193 -0
package/dist/core/src/oauth/flows/device-code.js.map +1 -0
package/dist/core/src/oauth/flows/refresh-token.d.ts +59 -0
package/dist/core/src/oauth/flows/refresh-token.d.ts.map +1 -0
package/dist/core/src/oauth/flows/refresh-token.js +105 -0
package/dist/core/src/oauth/flows/refresh-token.js.map +1 -0
package/dist/core/src/oauth/index.d.ts +12 -0
package/dist/core/src/oauth/index.d.ts.map +1 -0
package/dist/core/src/oauth/index.js +11 -0
package/dist/core/src/oauth/index.js.map +1 -0
package/dist/core/src/oauth/storage/encryption.d.ts +12 -0
package/dist/core/src/oauth/storage/encryption.d.ts.map +1 -0
package/dist/core/src/oauth/storage/encryption.js +76 -0
package/dist/core/src/oauth/storage/encryption.js.map +1 -0
package/dist/core/src/oauth/storage/index.d.ts +201 -0
package/dist/core/src/oauth/storage/index.d.ts.map +1 -0
package/dist/core/src/oauth/storage/index.js +322 -0
package/dist/core/src/oauth/storage/index.js.map +1 -0
package/dist/core/src/oauth/storage/strategies.d.ts +34 -0
package/dist/core/src/oauth/storage/strategies.d.ts.map +1 -0
package/dist/core/src/oauth/storage/strategies.js +100 -0
package/dist/core/src/oauth/storage/strategies.js.map +1 -0
package/dist/core/src/oauth/types.d.ts +261 -0
package/dist/core/src/oauth/types.d.ts.map +1 -0
package/dist/core/src/oauth/types.js +39 -0
package/dist/core/src/oauth/types.js.map +1 -0
package/dist/core/src/oauth/utils.d.ts +56 -0
package/dist/core/src/oauth/utils.d.ts.map +1 -0
package/dist/core/src/oauth/utils.js +140 -0
package/dist/core/src/oauth/utils.js.map +1 -0
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +1 -1

package/dist/core/src/oauth/types.d.ts ADDED Viewed

@@ -0,0 +1,261 @@
+/**
+ * User information returned from the userinfo endpoint
+ *
+ * Contains standard OpenID Connect user claims along with BinoAuth-specific fields.
+ *
+ * @example
+ * ```typescript
+ * const userInfo = await client.getUserInfo();
+ * console.log(`Welcome, ${userInfo.name}!`);
+ * console.log(`Email: ${userInfo.email} (verified: ${userInfo.email_verified})`);
+ * ```
+ */
+export interface User {
+    sub: string;
+    username: string;
+    email: string;
+    name?: string;
+    email_verified?: boolean;
+    picture?: string;
+    given_name?: string;
+    family_name?: string;
+}
+/**
+ * Simplified BinoAuth configuration using issuer URL
+ *
+ * This is the recommended configuration approach that automatically constructs
+ * all necessary OAuth endpoints from the issuer URL.
+ *
+ * @example
+ * ```typescript
+ * const config: BinoAuthConfig = {
+ *   issuer: 'https://auth.binoauth.com',
+ *   clientId: 'your_client_id',
+ *   redirectUri: 'https://yourapp.com/auth/callback',
+ *   scope: 'openid profile email read:users', // optional
+ *   clientSecret: 'your_secret' // only for server-side apps
+ * };
+ *
+ * const client = new BinoAuthOAuth(config, storageConfig);
+ * ```
+ */
+export interface BinoAuthConfig {
+    /** BinoAuth server URL (e.g., 'https://auth.binoauth.com') */
+    issuer: string;
+    /** Your application's client ID */
+    clientId: string;
+    /** Callback URL after authentication */
+    redirectUri: string;
+    /** OAuth scopes (defaults to 'openid profile email') */
+    scope?: string;
+    /** Client secret (only for confidential clients) */
+    clientSecret?: string;
+}
+/**
+ * Full OAuth configuration with explicit endpoints
+ *
+ * Use this when you need fine-grained control over OAuth endpoints
+ * or when integrating with non-BinoAuth providers.
+ *
+ * @example
+ * ```typescript
+ * const config: AuthConfig = {
+ *   clientId: 'your_client_id',
+ *   authorizeEndpoint: 'https://auth.binoauth.com/api/v1/oauth/authorize',
+ *   tokenEndpoint: 'https://auth.binoauth.com/api/v1/oauth/token',
+ *   userInfoEndpoint: 'https://auth.binoauth.com/api/v1/oauth/userinfo',
+ *   logoutEndpoint: 'https://auth.binoauth.com/api/v1/oauth/logout',
+ *   revokeEndpoint: 'https://auth.binoauth.com/api/v1/oauth/revoke',
+ *   redirectUri: 'https://yourapp.com/callback',
+ *   scope: 'openid profile email',
+ *   logoutPage: 'https://auth.binoauth.com/auth/logout'
+ * };
+ * ```
+ */
+export interface AuthConfig {
+    /** Your application's client ID */
+    clientId: string;
+    /** OAuth authorization endpoint URL */
+    authorizeEndpoint: string;
+    /** User information endpoint URL */
+    userInfoEndpoint: string;
+    /** Token exchange endpoint URL */
+    tokenEndpoint: string;
+    /** Logout endpoint URL */
+    logoutEndpoint: string;
+    /** Token revocation endpoint URL */
+    revokeEndpoint: string;
+    /** Callback URL after authentication */
+    redirectUri: string;
+    /** OAuth scopes */
+    scope: string;
+    /** Logout page URL */
+    logoutPage: string;
+}
+/**
+ * Creates full AuthConfig from simplified BinoAuthConfig
+ *
+ * Automatically constructs all OAuth endpoints from the issuer URL.
+ * This is used internally when you provide a BinoAuthConfig to the client.
+ *
+ * @param config - Simplified BinoAuth configuration
+ * @returns Full OAuth configuration with all endpoints
+ *
+ * @example
+ * ```typescript
+ * const binoConfig = {
+ *   issuer: 'https://auth.binoauth.com',
+ *   clientId: 'your_client_id',
+ *   redirectUri: 'https://yourapp.com/callback'
+ * };
+ *
+ * const fullConfig = createAuthConfigFromIssuer(binoConfig);
+ * // Result includes all constructed endpoints:
+ * // authorizeEndpoint: 'https://auth.binoauth.com/api/v1/oauth/authorize'
+ * // tokenEndpoint: 'https://auth.binoauth.com/api/v1/oauth/token'
+ * // etc.
+ * ```
+ */
+export declare function createAuthConfigFromIssuer(config: BinoAuthConfig): AuthConfig;
+/**
+ * OAuth token response from the authorization server
+ *
+ * @example
+ * ```typescript
+ * // Example token response:
+ * {
+ *   access_token: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',
+ *   refresh_token: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',
+ *   id_token: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',
+ *   expires_in: 3600,
+ *   token_type: 'Bearer'
+ * }
+ * ```
+ */
+export interface TokenResponse {
+    access_token: string;
+    refresh_token?: string;
+    id_token?: string;
+    expires_in: number;
+    token_type: string;
+}
+/**
+ * Individual token with expiration information
+ *
+ * @example
+ * ```typescript
+ * const accessToken: Token = {
+ *   value: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',
+ *   expiresAt: Date.now() + 3600000 // 1 hour from now
+ * };
+ * ```
+ */
+export interface Token {
+    value: string;
+    expiresAt?: number;
+}
+/**
+ * Collection of OAuth tokens and temporary auth state
+ *
+ * Used internally by TokenStorage to manage all authentication tokens
+ * and temporary state (like PKCE verifiers and CSRF state).
+ *
+ * @example
+ * ```typescript
+ * const tokenSet: TokenSet = {
+ *   accessToken: { value: 'access_token_jwt', expiresAt: 1234567890 },
+ *   refreshToken: { value: 'refresh_token_jwt', expiresAt: 1234567890 },
+ *   idToken: { value: 'id_token_jwt' }
+ * };
+ *
+ * await storage.setTokens(tokenSet);
+ * ```
+ */
+export interface TokenSet {
+    accessToken?: Token;
+    refreshToken?: Token;
+    idToken?: Token;
+    state?: Token;
+    verifier?: Token;
+}
+/**
+ * Configuration for token storage
+ *
+ * Controls how and where OAuth tokens are stored, with encryption support.
+ *
+ * @example
+ * ```typescript
+ * const storageConfig: StorageConfig = {
+ *   prefix: 'myapp_auth', // Storage key prefix
+ *   clientId: 'your_client_id',
+ *   storage: 'localStorage', // or 'sessionStorage' or 'memory'
+ *   encryptionKey: 'your-32-char-encryption-key-here!',
+ *   secure: true // Enable additional security measures
+ * };
+ * ```
+ */
+export interface StorageConfig {
+    prefix?: string;
+    clientId?: string;
+    storage?: "memory" | "localStorage" | "sessionStorage";
+    encryptionKey: string;
+    secure?: boolean;
+}
+/**
+ * Storage strategy interface for custom storage implementations
+ *
+ * Implement this interface to create custom storage backends.
+ *
+ * @example
+ * ```typescript
+ * class CustomStorageStrategy implements StorageStrategy {
+ *   getItem(key: string): string | null {
+ *     // Your custom storage logic
+ *     return customStorage.get(key);
+ *   }
+ *
+ *   setItem(key: string, value: string): void {
+ *     customStorage.set(key, value);
+ *   }
+ *
+ *   removeItem(key: string): void {
+ *     customStorage.delete(key);
+ *   }
+ *
+ *   clear(): void {
+ *     customStorage.clear();
+ *   }
+ * }
+ * ```
+ */
+export interface StorageStrategy {
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+    clear(): void;
+}
+/**
+ * Response from device authorization request
+ *
+ * Contains the codes and URLs needed for device authorization flow.
+ *
+ * @example
+ * ```typescript
+ * const deviceAuth = await client.requestDeviceCode();
+ * console.log(`Visit: ${deviceAuth.verification_uri}`);
+ * console.log(`Enter code: ${deviceAuth.user_code}`);
+ * console.log(`Code expires in ${deviceAuth.expires_in} seconds`);
+ *
+ * // Poll every deviceAuth.interval seconds
+ * const pollInterval = deviceAuth.interval * 1000;
+ * ```
+ */
+export interface DeviceCodeResponse {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete?: string;
+    expires_in: number;
+    interval?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/src/oauth/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/oauth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,IAAI;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,cAAc;IAC7B,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,wDAAwD;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,UAAU;IACzB,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,uCAAuC;IACvC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oCAAoC;IACpC,gBAAgB,EAAE,MAAM,CAAC;IACzB,kCAAkC;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,cAAc,GAAG,UAAU,CAc7E;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,KAAK;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,QAAQ;IACvB,WAAW,CAAC,EAAE,KAAK,CAAC;IACpB,YAAY,CAAC,EAAE,KAAK,CAAC;IACrB,OAAO,CAAC,EAAE,KAAK,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,QAAQ,GAAG,cAAc,GAAG,gBAAgB,CAAC;IACvD,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IACpC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/core/src/oauth/types.js ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Creates full AuthConfig from simplified BinoAuthConfig
+ *
+ * Automatically constructs all OAuth endpoints from the issuer URL.
+ * This is used internally when you provide a BinoAuthConfig to the client.
+ *
+ * @param config - Simplified BinoAuth configuration
+ * @returns Full OAuth configuration with all endpoints
+ *
+ * @example
+ * ```typescript
+ * const binoConfig = {
+ *   issuer: 'https://auth.binoauth.com',
+ *   clientId: 'your_client_id',
+ *   redirectUri: 'https://yourapp.com/callback'
+ * };
+ *
+ * const fullConfig = createAuthConfigFromIssuer(binoConfig);
+ * // Result includes all constructed endpoints:
+ * // authorizeEndpoint: 'https://auth.binoauth.com/api/v1/oauth/authorize'
+ * // tokenEndpoint: 'https://auth.binoauth.com/api/v1/oauth/token'
+ * // etc.
+ * ```
+ */
+export function createAuthConfigFromIssuer(config) {
+    const issuer = config.issuer.endsWith('/') ? config.issuer.slice(0, -1) : config.issuer;
+    return {
+        clientId: config.clientId,
+        authorizeEndpoint: `${issuer}/api/v1/oauth/authorize`,
+        tokenEndpoint: `${issuer}/api/v1/oauth/token`,
+        userInfoEndpoint: `${issuer}/api/v1/oauth/userinfo`,
+        logoutEndpoint: `${issuer}/api/v1/oauth/logout`,
+        revokeEndpoint: `${issuer}/api/v1/oauth/revoke`,
+        redirectUri: config.redirectUri,
+        scope: config.scope || 'openid profile email',
+        logoutPage: `${issuer}/auth/logout`,
+    };
+}
+//# sourceMappingURL=types.js.map

package/dist/core/src/oauth/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/oauth/types.ts"],"names":[],"mappings":"AAiGA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAAsB;IAC/D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;IAExF,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,iBAAiB,EAAE,GAAG,MAAM,yBAAyB;QACrD,aAAa,EAAE,GAAG,MAAM,qBAAqB;QAC7C,gBAAgB,EAAE,GAAG,MAAM,wBAAwB;QACnD,cAAc,EAAE,GAAG,MAAM,sBAAsB;QAC/C,cAAc,EAAE,GAAG,MAAM,sBAAsB;QAC/C,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,sBAAsB;QAC7C,UAAU,EAAE,GAAG,MAAM,cAAc;KACpC,CAAC;AACJ,CAAC"}

package/dist/core/src/oauth/utils.d.ts ADDED Viewed

@@ -0,0 +1,56 @@
+/**
+ * Generates a cryptographically secure random string
+ * @param length - The length of the string to generate
+ * @returns A random string
+ */
+export declare function generateSecureRandom(length: number): string;
+/**
+ * Generates a PKCE code verifier
+ * @returns A code verifier string
+ */
+export declare function generateCodeVerifier(): string;
+/**
+ * Generates a PKCE code challenge from a verifier
+ * @param verifier - The code verifier
+ * @returns A code challenge string
+ */
+export declare function generateCodeChallenge(verifier: string): Promise<string>;
+/**
+ * Generates a PKCE code verifier and challenge pair
+ * @returns An object containing verifier and challenge
+ */
+export declare function generatePKCEPair(): Promise<{
+    verifier: string;
+    challenge: string;
+}>;
+/**
+ * Generates a secure state parameter for OAuth flow
+ * @returns A state string
+ */
+export declare function generateState(): string;
+/**
+ * Validates a state parameter against the stored state
+ * @param receivedState - The state received from the authorization server
+ * @param storedState - The state stored locally
+ * @returns True if states match, false otherwise
+ */
+export declare function validateState(receivedState: string, storedState: string): boolean;
+/**
+ * Checks if a token is a JWT
+ * @param token - The token to check
+ * @returns True if the token is a JWT, false otherwise
+ */
+export declare function isJWT(token: string): boolean;
+/**
+ * Decodes a JWT payload (without verification)
+ * @param token - The JWT token
+ * @returns The decoded payload
+ */
+export declare function decodeJWT(token: string): any;
+/**
+ * Checks if a JWT token is expired
+ * @param token - The JWT token
+ * @returns True if the token is expired, false otherwise
+ */
+export declare function isTokenExpired(token: string): boolean;
+//# sourceMappingURL=utils.d.ts.map

package/dist/core/src/oauth/utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/oauth/utils.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAmB3D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAiB7E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAKzF;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAgBjF;AAED;;;;GAIG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAO5C;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,CAa5C;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAarD"}

package/dist/core/src/oauth/utils.js ADDED Viewed

@@ -0,0 +1,140 @@
+import { AuthError, ErrorCode } from "./error";
+/**
+ * Generates a cryptographically secure random string
+ * @param length - The length of the string to generate
+ * @returns A random string
+ */
+export function generateSecureRandom(length) {
+    const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+    let result = '';
+    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+        const randomValues = new Uint8Array(length);
+        crypto.getRandomValues(randomValues);
+        for (let i = 0; i < length; i++) {
+            result += charset[randomValues[i] % charset.length];
+        }
+    }
+    else {
+        // Fallback for environments without crypto API
+        for (let i = 0; i < length; i++) {
+            result += charset[Math.floor(Math.random() * charset.length)];
+        }
+    }
+    return result;
+}
+/**
+ * Generates a PKCE code verifier
+ * @returns A code verifier string
+ */
+export function generateCodeVerifier() {
+    return generateSecureRandom(128);
+}
+/**
+ * Generates a PKCE code challenge from a verifier
+ * @param verifier - The code verifier
+ * @returns A code challenge string
+ */
+export async function generateCodeChallenge(verifier) {
+    if (typeof crypto !== 'undefined' && crypto.subtle) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(verifier);
+        const digest = await crypto.subtle.digest('SHA-256', data);
+        // Convert ArrayBuffer to base64url
+        const base64String = btoa(String.fromCharCode(...new Uint8Array(digest)));
+        return base64String
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=/g, '');
+    }
+    else {
+        // Fallback: use plain verifier (not recommended for production)
+        console.warn('WebCrypto not available, using plain code verifier');
+        return verifier;
+    }
+}
+/**
+ * Generates a PKCE code verifier and challenge pair
+ * @returns An object containing verifier and challenge
+ */
+export async function generatePKCEPair() {
+    const verifier = generateCodeVerifier();
+    const challenge = await generateCodeChallenge(verifier);
+    return { verifier, challenge };
+}
+/**
+ * Generates a secure state parameter for OAuth flow
+ * @returns A state string
+ */
+export function generateState() {
+    return generateSecureRandom(32);
+}
+/**
+ * Validates a state parameter against the stored state
+ * @param receivedState - The state received from the authorization server
+ * @param storedState - The state stored locally
+ * @returns True if states match, false otherwise
+ */
+export function validateState(receivedState, storedState) {
+    if (!receivedState || !storedState) {
+        return false;
+    }
+    // Use constant-time comparison to prevent timing attacks
+    if (receivedState.length !== storedState.length) {
+        return false;
+    }
+    let result = 0;
+    for (let i = 0; i < receivedState.length; i++) {
+        result |= receivedState.charCodeAt(i) ^ storedState.charCodeAt(i);
+    }
+    return result === 0;
+}
+/**
+ * Checks if a token is a JWT
+ * @param token - The token to check
+ * @returns True if the token is a JWT, false otherwise
+ */
+export function isJWT(token) {
+    if (!token || typeof token !== 'string') {
+        return false;
+    }
+    const parts = token.split('.');
+    return parts.length === 3;
+}
+/**
+ * Decodes a JWT payload (without verification)
+ * @param token - The JWT token
+ * @returns The decoded payload
+ */
+export function decodeJWT(token) {
+    if (!isJWT(token)) {
+        throw new AuthError('Invalid JWT token', ErrorCode.InvalidToken);
+    }
+    try {
+        const parts = token.split('.');
+        const payload = parts[1];
+        const decoded = atob(payload.replace(/-/g, '+').replace(/_/g, '/'));
+        return JSON.parse(decoded);
+    }
+    catch (error) {
+        throw new AuthError('Failed to decode JWT', ErrorCode.InvalidToken);
+    }
+}
+/**
+ * Checks if a JWT token is expired
+ * @param token - The JWT token
+ * @returns True if the token is expired, false otherwise
+ */
+export function isTokenExpired(token) {
+    if (!isJWT(token)) {
+        return true;
+    }
+    try {
+        const payload = decodeJWT(token);
+        const now = Math.floor(Date.now() / 1000);
+        return payload.exp && payload.exp < now;
+    }
+    catch {
+        return true;
+    }
+}
+//# sourceMappingURL=utils.js.map

package/dist/core/src/oauth/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/oauth/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAc;IACjD,MAAM,OAAO,GAAG,oEAAoE,CAAC;IACrF,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC5D,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAErC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,+CAA+C;QAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,QAAgB;IAC1D,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAE3D,mCAAmC;QACnC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC1E,OAAO,YAAY;aAChB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;SAAM,CAAC;QACN,gEAAgE;QAChE,OAAO,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QACnE,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,oBAAoB,CAAC,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,aAAqB,EAAE,WAAmB;IACtE,IAAI,CAAC,aAAa,IAAI,CAAC,WAAW,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,yDAAyD;IACzD,IAAI,aAAa,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,SAAS,CAAC,sBAAsB,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,OAAO,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}