couchloop-eq-mcp 1.0.4 → 1.1.0

package/dist/server/oauth/providers/base.js

@@ -1,312 +0,0 @@
-import { jwtVerify, importJWK } from 'jose';
-import { logger } from '../../../utils/logger.js';
-import { oauthSecurity } from '../security.js';
-/**
- * Abstract base class for OAuth providers
- * Implements common OAuth 2.0/OIDC functionality
- */
-export class OAuthProvider {
-    config;
-    jwksCache = null;
-    JWKS_CACHE_TTL = 3600000; // 1 hour
-    constructor(config) {
-        this.config = config;
-    }
-    /**
-     * Build authorization URL with required parameters
-     */
-    buildAuthorizationUrl(params) {
-        const url = new URL(this.authorizationUrl);
-        // Required OAuth parameters
-        url.searchParams.set('response_type', 'code');
-        url.searchParams.set('client_id', this.config.clientId);
-        url.searchParams.set('redirect_uri', this.config.redirectUri);
-        url.searchParams.set('state', params.state);
-        // Scope
-        const scope = params.scope || this.getDefaultScopes().join(' ');
-        url.searchParams.set('scope', scope);
-        // PKCE parameters
-        if (params.codeChallenge) {
-            url.searchParams.set('code_challenge', params.codeChallenge);
-            url.searchParams.set('code_challenge_method', params.codeChallengeMethod || 'S256');
-        }
-        // OpenID Connect nonce
-        if (params.nonce) {
-            url.searchParams.set('nonce', params.nonce);
-        }
-        // Provider-specific additional parameters
-        if (this.config.additionalParams) {
-            Object.entries(this.config.additionalParams).forEach(([key, value]) => {
-                url.searchParams.set(key, value);
-            });
-        }
-        // Additional parameters from request
-        if (params.additionalParams) {
-            Object.entries(params.additionalParams).forEach(([key, value]) => {
-                url.searchParams.set(key, value);
-            });
-        }
-        logger.debug(`Built authorization URL for ${this.name}: ${url.toString()}`);
-        return url.toString();
-    }
-    /**
-     * Exchange authorization code for tokens
-     */
-    async exchangeCode(code, codeVerifier) {
-        const params = new URLSearchParams({
-            grant_type: 'authorization_code',
-            code,
-            client_id: this.config.clientId,
-            client_secret: this.config.clientSecret,
-            redirect_uri: this.config.redirectUri,
-        });
-        // Add PKCE verifier if provided
-        if (codeVerifier) {
-            params.set('code_verifier', codeVerifier);
-        }
-        try {
-            const response = await fetch(this.tokenUrl, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
-                    'Accept': 'application/json',
-                },
-                body: params.toString(),
-            });
-            if (!response.ok) {
-                const error = await response.text();
-                logger.error(`Token exchange failed for ${this.name}: ${error}`);
-                throw new Error(`Token exchange failed: ${response.status}`);
-            }
-            const tokens = await response.json();
-            // Validate ID token if present (OIDC)
-            if (tokens.id_token) {
-                await this.validateIdToken(tokens.id_token);
-            }
-            logger.info(`Successfully exchanged code for tokens with ${this.name}`);
-            return tokens;
-        }
-        catch (error) {
-            logger.error(`Error exchanging code with ${this.name}:`, error);
-            throw error;
-        }
-    }
-    /**
-     * Refresh access token
-     */
-    async refreshToken(refreshToken) {
-        const params = new URLSearchParams({
-            grant_type: 'refresh_token',
-            refresh_token: refreshToken,
-            client_id: this.config.clientId,
-            client_secret: this.config.clientSecret,
-        });
-        try {
-            const response = await fetch(this.tokenUrl, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
-                    'Accept': 'application/json',
-                },
-                body: params.toString(),
-            });
-            if (!response.ok) {
-                const error = await response.text();
-                logger.error(`Token refresh failed for ${this.name}: ${error}`);
-                throw new Error(`Token refresh failed: ${response.status}`);
-            }
-            const tokens = await response.json();
-            logger.info(`Successfully refreshed token with ${this.name}`);
-            return tokens;
-        }
-        catch (error) {
-            logger.error(`Error refreshing token with ${this.name}:`, error);
-            throw error;
-        }
-    }
-    /**
-     * Get user information from provider
-     */
-    async getUserInfo(accessToken) {
-        try {
-            const response = await fetch(this.userInfoUrl, {
-                headers: {
-                    'Authorization': `Bearer ${accessToken}`,
-                    'Accept': 'application/json',
-                },
-            });
-            if (!response.ok) {
-                const error = await response.text();
-                logger.error(`Failed to get user info from ${this.name}: ${error}`);
-                throw new Error(`Failed to get user info: ${response.status}`);
-            }
-            const data = await response.json();
-            const userInfo = this.normalizeUserInfo(data);
-            logger.info(`Retrieved user info from ${this.name} for user ${userInfo.id}`);
-            return userInfo;
-        }
-        catch (error) {
-            logger.error(`Error getting user info from ${this.name}:`, error);
-            throw error;
-        }
-    }
-    /**
-     * Revoke token (if supported by provider)
-     */
-    async revokeToken(token, tokenType = 'access_token') {
-        if (!this.revokeUrl) {
-            logger.warn(`Token revocation not supported by ${this.name}`);
-            return;
-        }
-        const params = new URLSearchParams({
-            token,
-            token_type_hint: tokenType,
-            client_id: this.config.clientId,
-            client_secret: this.config.clientSecret,
-        });
-        try {
-            const response = await fetch(this.revokeUrl, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
-                },
-                body: params.toString(),
-            });
-            if (!response.ok) {
-                logger.warn(`Token revocation failed for ${this.name}: ${response.status}`);
-            }
-            else {
-                logger.info(`Successfully revoked token with ${this.name}`);
-            }
-        }
-        catch (error) {
-            logger.error(`Error revoking token with ${this.name}:`, error);
-        }
-    }
-    /**
-     * Validate ID token (OpenID Connect)
-     */
-    async validateIdToken(idToken) {
-        if (!this.jwksUrl) {
-            throw new Error(`JWKS URL not configured for ${this.name}`);
-        }
-        try {
-            // Get JWKS (with caching)
-            const jwks = await this.getJWKS();
-            // Parse token header to get kid
-            const [header] = idToken.split('.');
-            const decodedHeader = JSON.parse(Buffer.from(header, 'base64').toString());
-            const kid = decodedHeader.kid;
-            // Find matching key
-            const key = jwks.keys.find(k => k.kid === kid);
-            if (!key) {
-                throw new Error('No matching key found in JWKS');
-            }
-            // Import and verify
-            const publicKey = await importJWK(key);
-            const { payload } = await jwtVerify(idToken, publicKey, {
-                issuer: this.getExpectedIssuer(),
-                audience: this.config.clientId,
-            });
-            const claims = payload;
-            // Additional validations
-            this.validateIdTokenClaims(claims);
-            logger.debug(`ID token validated successfully for ${this.name}`);
-            return claims;
-        }
-        catch (error) {
-            logger.error(`ID token validation failed for ${this.name}:`, error);
-            throw new Error('Invalid ID token');
-        }
-    }
-    /**
-     * Get JWKS from provider (with caching)
-     */
-    async getJWKS() {
-        if (!this.jwksUrl) {
-            throw new Error(`JWKS URL not configured for ${this.name}`);
-        }
-        // Check cache
-        if (this.jwksCache &&
-            Date.now() - this.jwksCache.cachedAt < this.JWKS_CACHE_TTL) {
-            return { keys: this.jwksCache.keys };
-        }
-        try {
-            const response = await fetch(this.jwksUrl);
-            if (!response.ok) {
-                throw new Error(`Failed to fetch JWKS: ${response.status}`);
-            }
-            const jwks = await response.json();
-            // Cache the keys
-            this.jwksCache = {
-                keys: jwks.keys,
-                cachedAt: Date.now(),
-            };
-            logger.debug(`Fetched and cached JWKS for ${this.name}`);
-            return jwks;
-        }
-        catch (error) {
-            logger.error(`Error fetching JWKS for ${this.name}:`, error);
-            throw error;
-        }
-    }
-    /**
-     * Validate redirect URI
-     */
-    validateRedirectUri(uri) {
-        return oauthSecurity.validateRedirectUri(uri, this.config.clientId);
-    }
-    /**
-     * Additional ID token claims validation
-     */
-    validateIdTokenClaims(claims) {
-        // Check expiration
-        const now = Math.floor(Date.now() / 1000);
-        if (claims.exp < now) {
-            throw new Error('ID token expired');
-        }
-        // Check issued at (not in the future)
-        if (claims.iat > now + 60) { // Allow 1 minute clock skew
-            throw new Error('ID token issued in the future');
-        }
-        // Provider-specific additional validations can be added in subclasses
-    }
-    /**
-     * Handle provider-specific errors
-     */
-    handleProviderError(error) {
-        // Can be overridden in subclasses for provider-specific error handling
-        throw error;
-    }
-}
-/**
- * Provider factory
- */
-export class ProviderFactory {
-    static providers = new Map();
-    /**
-     * Register a provider
-     */
-    static register(name, providerClass) {
-        this.providers.set(name.toLowerCase(), providerClass);
-        logger.info(`Registered OAuth provider: ${name}`);
-    }
-    /**
-     * Create provider instance
-     */
-    static create(name, config) {
-        const ProviderClass = this.providers.get(name.toLowerCase());
-        if (!ProviderClass) {
-            throw new Error(`Unknown OAuth provider: ${name}`);
-        }
-        // @ts-ignore - TypeScript doesn't understand dynamic class instantiation
-        return new ProviderClass(config);
-    }
-    /**
-     * Get list of registered providers
-     */
-    static getProviders() {
-        return Array.from(this.providers.keys());
-    }
-}
-//# sourceMappingURL=base.js.map

package/dist/server/oauth/providers/base.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../src/server/oauth/providers/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAO,MAAM,MAAM,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAwD/C;;;GAGG;AACH,MAAM,OAAgB,aAAa;IAQvB,MAAM,CAAiB;IACzB,SAAS,GAA6C,IAAI,CAAC;IAClD,cAAc,GAAG,OAAO,CAAC,CAAC,SAAS;IAEpD,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,MAOrB;QACC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE3C,4BAA4B;QAC5B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC9D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5C,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErC,kBAAkB;QAClB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,mBAAmB,IAAI,MAAM,CAAC,CAAC;QACtF,CAAC;QAED,uBAAuB;QACvB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,0CAA0C;QAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;gBACpE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,qCAAqC;QACrC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC/D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC5E,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,IAAY,EACZ,YAAqB;QAErB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;YACvC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACtC,CAAC,CAAC;QAEH,gCAAgC;QAChC,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,QAAQ,EAAE,kBAAkB;iBAC7B;gBACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,CAAC,KAAK,CAAC,6BAA6B,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;gBACjE,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,MAAM,GAAkB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEpD,sCAAsC;YACtC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,+CAA+C,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACxE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,IAAI,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YAChE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,YAAY;YAC3B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACxC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,QAAQ,EAAE,kBAAkB;iBAC7B;gBACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;gBAChE,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9D,CAAC;YAED,MAAM,MAAM,GAAkB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEpD,MAAM,CAAC,IAAI,CAAC,qCAAqC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9D,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YACjE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE;gBAC7C,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,WAAW,EAAE;oBACxC,QAAQ,EAAE,kBAAkB;iBAC7B;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;gBACpE,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,CAAC,IAAI,CAAC,4BAA4B,IAAI,CAAC,IAAI,aAAa,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7E,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YAClE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,YAA8C,cAAc;QAC3F,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,qCAAqC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,KAAK;YACL,eAAe,EAAE,SAAS;YAC1B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACxC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE;gBAC3C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,+BAA+B,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9E,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,mCAAmC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,IAAI,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,eAAe,CAAC,OAAe;QAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC;YACH,0BAA0B;YAC1B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAElC,gCAAgC;YAChC,MAAM,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC3E,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;YAE9B,oBAAoB;YACpB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,oBAAoB;YACpB,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE;gBACtD,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE;gBAChC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAC/B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,OAAmC,CAAC;YAEnD,yBAAyB;YACzB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;YAEnC,MAAM,CAAC,KAAK,CAAC,uCAAuC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACjE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,IAAI,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,OAAO;QACrB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,cAAc;QACd,IAAI,IAAI,CAAC,SAAS;YACd,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAC/D,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACvC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,iBAAiB;YACjB,IAAI,CAAC,SAAS,GAAG;gBACf,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;aACrB,CAAC;YAEF,MAAM,CAAC,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2BAA2B,IAAI,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACO,mBAAmB,CAAC,GAAW;QACvC,OAAO,aAAa,CAAC,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtE,CAAC;IAiBD;;OAEG;IACO,qBAAqB,CAAC,MAAqB;QACnD,mBAAmB;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QAED,sCAAsC;QACtC,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,4BAA4B;YACvD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,sEAAsE;IACxE,CAAC;IAED;;OAEG;IACO,mBAAmB,CAAC,KAAU;QACtC,uEAAuE;QACvE,MAAM,KAAK,CAAC;IACd,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,MAAM,CAAC,SAAS,GAAG,IAAI,GAAG,EAAgC,CAAC;IAEnE;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAY,EAAE,aAAmC;QAC/D,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,aAAa,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM,CAAC,IAAY,EAAE,MAAsB;QAChD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAE7D,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,yEAAyE;QACzE,OAAO,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,YAAY;QACjB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC"}

package/dist/server/oauth/providers/github.d.ts

@@ -1,55 +0,0 @@
-import { OAuthProvider, UserInfo, TokenResponse, ProviderConfig } from './base.js';
-/**
- * GitHub OAuth Provider
- * Note: GitHub doesn't support OpenID Connect, so no ID tokens
- */
-export declare class GitHubOAuthProvider extends OAuthProvider {
-    readonly name = "github";
-    readonly authorizationUrl = "https://github.com/login/oauth/authorize";
-    readonly tokenUrl = "https://github.com/login/oauth/access_token";
-    readonly userInfoUrl = "https://api.github.com/user";
-    readonly revokeUrl: undefined;
-    readonly jwksUrl: undefined;
-    constructor(config: ProviderConfig);
-    /**
-     * Get default scopes for GitHub
-     */
-    protected getDefaultScopes(): string[];
-    /**
-     * GitHub doesn't use OIDC, so no issuer
-     */
-    protected getExpectedIssuer(): string;
-    /**
-     * Exchange code for token (GitHub-specific)
-     */
-    exchangeCode(code: string, codeVerifier?: string): Promise<TokenResponse>;
-    /**
-     * GitHub doesn't support refresh tokens
-     */
-    refreshToken(refreshToken: string): Promise<TokenResponse>;
-    /**
-     * Get GitHub user info with email addresses
-     */
-    getUserInfo(accessToken: string): Promise<UserInfo>;
-    /**
-     * Normalize GitHub user info
-     */
-    protected normalizeUserInfo(data: any): UserInfo;
-    /**
-     * Check if user has access to specific organization
-     */
-    checkOrganizationMembership(accessToken: string, org: string): Promise<boolean>;
-    /**
-     * Get user's organizations
-     */
-    getUserOrganizations(accessToken: string): Promise<any[]>;
-    /**
-     * Check repository access
-     */
-    checkRepositoryAccess(accessToken: string, owner: string, repo: string): Promise<boolean>;
-    /**
-     * Handle GitHub-specific errors
-     */
-    protected handleProviderError(error: any): never;
-}
-//# sourceMappingURL=github.d.ts.map

package/dist/server/oauth/providers/github.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../../src/server/oauth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAGnF;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,aAAa;IACpD,QAAQ,CAAC,IAAI,YAAY;IACzB,QAAQ,CAAC,gBAAgB,8CAA8C;IACvE,QAAQ,CAAC,QAAQ,iDAAiD;IAClE,QAAQ,CAAC,WAAW,iCAAiC;IACrD,QAAQ,CAAC,SAAS,YAAa;IAC/B,QAAQ,CAAC,OAAO,YAAa;gBAEjB,MAAM,EAAE,cAAc;IAQlC;;OAEG;IACH,SAAS,CAAC,gBAAgB,IAAI,MAAM,EAAE;IAUtC;;OAEG;IACH,SAAS,CAAC,iBAAiB,IAAI,MAAM;IAIrC;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA0C/E;;OAEG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAIhE;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAsDzD;;OAEG;IACH,SAAS,CAAC,iBAAiB,CAAC,IAAI,EAAE,GAAG,GAAG,QAAQ;IAahD;;OAEG;IACG,2BAA2B,CAC/B,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,OAAO,CAAC;IAoBnB;;OAEG;IACG,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAoB/D;;OAEG;IACG,qBAAqB,CACzB,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,OAAO,CAAC;IAkBnB;;OAEG;IACH,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK;CAejD"}

package/dist/server/oauth/providers/github.js

@@ -1,225 +0,0 @@
-import { OAuthProvider } from './base.js';
-import { logger } from '../../../utils/logger.js';
-/**
- * GitHub OAuth Provider
- * Note: GitHub doesn't support OpenID Connect, so no ID tokens
- */
-export class GitHubOAuthProvider extends OAuthProvider {
-    name = 'github';
-    authorizationUrl = 'https://github.com/login/oauth/authorize';
-    tokenUrl = 'https://github.com/login/oauth/access_token';
-    userInfoUrl = 'https://api.github.com/user';
-    revokeUrl = undefined; // GitHub doesn't support token revocation via API
-    jwksUrl = undefined; // GitHub doesn't use OIDC
-    constructor(config) {
-        super(config);
-        if (!this.config.scopes || this.config.scopes.length === 0) {
-            this.config.scopes = this.getDefaultScopes();
-        }
-    }
-    /**
-     * Get default scopes for GitHub
-     */
-    getDefaultScopes() {
-        return [
-            'read:user', // Read user profile
-            'user:email', // Access email addresses
-            // Additional scopes as needed:
-            // 'repo',      // Full repository access
-            // 'read:org',  // Read organization membership
-        ];
-    }
-    /**
-     * GitHub doesn't use OIDC, so no issuer
-     */
-    getExpectedIssuer() {
-        return '';
-    }
-    /**
-     * Exchange code for token (GitHub-specific)
-     */
-    async exchangeCode(code, codeVerifier) {
-        const params = new URLSearchParams({
-            client_id: this.config.clientId,
-            client_secret: this.config.clientSecret,
-            code,
-            redirect_uri: this.config.redirectUri,
-        });
-        try {
-            const response = await fetch(this.tokenUrl, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
-                    'Accept': 'application/json', // GitHub requires this for JSON response
-                },
-                body: params.toString(),
-            });
-            if (!response.ok) {
-                const error = await response.text();
-                logger.error(`GitHub token exchange failed: ${error}`);
-                throw new Error(`Token exchange failed: ${response.status}`);
-            }
-            const data = await response.json();
-            // GitHub returns a different format, normalize it
-            const tokens = {
-                access_token: data.access_token,
-                token_type: data.token_type || 'Bearer',
-                scope: data.scope,
-                // GitHub doesn't provide refresh tokens or expiry
-            };
-            logger.info('Successfully exchanged code for GitHub token');
-            return tokens;
-        }
-        catch (error) {
-            logger.error('Error exchanging GitHub code:', error);
-            throw error;
-        }
-    }
-    /**
-     * GitHub doesn't support refresh tokens
-     */
-    async refreshToken(refreshToken) {
-        throw new Error('GitHub does not support refresh tokens');
-    }
-    /**
-     * Get GitHub user info with email addresses
-     */
-    async getUserInfo(accessToken) {
-        try {
-            // Get basic user info
-            const userResponse = await fetch(this.userInfoUrl, {
-                headers: {
-                    'Authorization': `Bearer ${accessToken}`,
-                    'Accept': 'application/vnd.github.v3+json',
-                },
-            });
-            if (!userResponse.ok) {
-                throw new Error(`Failed to get user info: ${userResponse.status}`);
-            }
-            const userData = await userResponse.json();
-            // Get email addresses (separate endpoint)
-            let primaryEmail = userData.email;
-            let emailVerified = false;
-            try {
-                const emailResponse = await fetch('https://api.github.com/user/emails', {
-                    headers: {
-                        'Authorization': `Bearer ${accessToken}`,
-                        'Accept': 'application/vnd.github.v3+json',
-                    },
-                });
-                if (emailResponse.ok) {
-                    const emails = await emailResponse.json();
-                    const primary = emails.find((e) => e.primary);
-                    if (primary) {
-                        primaryEmail = primary.email;
-                        emailVerified = primary.verified;
-                    }
-                }
-            }
-            catch (error) {
-                logger.warn('Failed to fetch GitHub email addresses:', error);
-            }
-            const userInfo = this.normalizeUserInfo({
-                ...userData,
-                email: primaryEmail,
-                email_verified: emailVerified,
-            });
-            logger.info(`Retrieved GitHub user info for user ${userInfo.id}`);
-            return userInfo;
-        }
-        catch (error) {
-            logger.error('Error getting GitHub user info:', error);
-            throw error;
-        }
-    }
-    /**
-     * Normalize GitHub user info
-     */
-    normalizeUserInfo(data) {
-        return {
-            id: data.id?.toString() || '',
-            email: data.email,
-            email_verified: data.email_verified || false,
-            name: data.name || data.login,
-            picture: data.avatar_url,
-            locale: undefined, // GitHub doesn't provide locale
-            provider: this.name,
-            raw: data,
-        };
-    }
-    /**
-     * Check if user has access to specific organization
-     */
-    async checkOrganizationMembership(accessToken, org) {
-        try {
-            const response = await fetch(`https://api.github.com/orgs/${org}/members`, {
-                headers: {
-                    'Authorization': `Bearer ${accessToken}`,
-                    'Accept': 'application/vnd.github.v3+json',
-                },
-            });
-            if (response.status === 204) {
-                return true; // User is a member
-            }
-            return false;
-        }
-        catch (error) {
-            logger.error(`Error checking GitHub org membership:`, error);
-            return false;
-        }
-    }
-    /**
-     * Get user's organizations
-     */
-    async getUserOrganizations(accessToken) {
-        try {
-            const response = await fetch('https://api.github.com/user/orgs', {
-                headers: {
-                    'Authorization': `Bearer ${accessToken}`,
-                    'Accept': 'application/vnd.github.v3+json',
-                },
-            });
-            if (!response.ok) {
-                throw new Error(`Failed to get organizations: ${response.status}`);
-            }
-            return await response.json();
-        }
-        catch (error) {
-            logger.error('Error getting GitHub organizations:', error);
-            return [];
-        }
-    }
-    /**
-     * Check repository access
-     */
-    async checkRepositoryAccess(accessToken, owner, repo) {
-        try {
-            const response = await fetch(`https://api.github.com/repos/${owner}/${repo}`, {
-                headers: {
-                    'Authorization': `Bearer ${accessToken}`,
-                    'Accept': 'application/vnd.github.v3+json',
-                },
-            });
-            return response.ok;
-        }
-        catch {
-            return false;
-        }
-    }
-    /**
-     * Handle GitHub-specific errors
-     */
-    handleProviderError(error) {
-        if (error.error === 'bad_verification_code') {
-            throw new Error('Invalid or expired authorization code');
-        }
-        if (error.error === 'incorrect_client_credentials') {
-            throw new Error('Invalid client credentials');
-        }
-        if (error.error === 'redirect_uri_mismatch') {
-            throw new Error('Redirect URI mismatch');
-        }
-        throw error;
-    }
-}
-//# sourceMappingURL=github.js.map

package/dist/server/oauth/providers/github.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../../src/server/oauth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAA2C,MAAM,WAAW,CAAC;AACnF,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAElD;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAC3C,IAAI,GAAG,QAAQ,CAAC;IAChB,gBAAgB,GAAG,0CAA0C,CAAC;IAC9D,QAAQ,GAAG,6CAA6C,CAAC;IACzD,WAAW,GAAG,6BAA6B,CAAC;IAC5C,SAAS,GAAG,SAAS,CAAC,CAAC,kDAAkD;IACzE,OAAO,GAAG,SAAS,CAAC,CAAC,0BAA0B;IAExD,YAAY,MAAsB;QAChC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEd,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAED;;OAEG;IACO,gBAAgB;QACxB,OAAO;YACL,WAAW,EAAK,oBAAoB;YACpC,YAAY,EAAI,yBAAyB;YACzC,+BAA+B;YAC/B,yCAAyC;YACzC,+CAA+C;SAChD,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,iBAAiB;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,YAAqB;QACpD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;YACvC,IAAI;YACJ,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACtC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,QAAQ,EAAE,kBAAkB,EAAE,yCAAyC;iBACxE;gBACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,CAAC,KAAK,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;gBACvD,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,kDAAkD;YAClD,MAAM,MAAM,GAAkB;gBAC5B,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,QAAQ;gBACvC,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,kDAAkD;aACnD,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YAC5D,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE;gBACjD,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,WAAW,EAAE;oBACxC,QAAQ,EAAE,gCAAgC;iBAC3C;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;YAE3C,0CAA0C;YAC1C,IAAI,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC;YAClC,IAAI,aAAa,GAAG,KAAK,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;oBACtE,OAAO,EAAE;wBACP,eAAe,EAAE,UAAU,WAAW,EAAE;wBACxC,QAAQ,EAAE,gCAAgC;qBAC3C;iBACF,CAAC,CAAC;gBAEH,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;oBACrB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;oBAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;oBACnD,IAAI,OAAO,EAAE,CAAC;wBACZ,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC;wBAC7B,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC;oBACnC,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACtC,GAAG,QAAQ;gBACX,KAAK,EAAE,YAAY;gBACnB,cAAc,EAAE,aAAa;aAC9B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,uCAAuC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;YACvD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACO,iBAAiB,CAAC,IAAS;QACnC,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,KAAK;YAC5C,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK;YAC7B,OAAO,EAAE,IAAI,CAAC,UAAU;YACxB,MAAM,EAAE,SAAS,EAAE,gCAAgC;YACnD,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,GAAG,EAAE,IAAI;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,2BAA2B,CAC/B,WAAmB,EACnB,GAAW;QAEX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,+BAA+B,GAAG,UAAU,EAAE;gBACzE,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,WAAW,EAAE;oBACxC,QAAQ,EAAE,gCAAgC;iBAC3C;aACF,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC,CAAC,mBAAmB;YAClC,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC7D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,WAAmB;QAC5C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,kCAAkC,EAAE;gBAC/D,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,WAAW,EAAE;oBACxC,QAAQ,EAAE,gCAAgC;iBAC3C;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;YAC3D,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CACzB,WAAmB,EACnB,KAAa,EACb,IAAY;QAEZ,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,gCAAgC,KAAK,IAAI,IAAI,EAAE,EAC/C;gBACE,OAAO,EAAE;oBACP,eAAe,EAAE,UAAU,WAAW,EAAE;oBACxC,QAAQ,EAAE,gCAAgC;iBAC3C;aACF,CACF,CAAC;YAEF,OAAO,QAAQ,CAAC,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACO,mBAAmB,CAAC,KAAU;QACtC,IAAI,KAAK,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,8BAA8B,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC;CACF"}

package/dist/server/oauth/providers/google.d.ts

@@ -1,49 +0,0 @@
-import { OAuthProvider, UserInfo, IdTokenClaims, ProviderConfig } from './base.js';
-/**
- * Google OAuth 2.0 Provider
- * Implements Google Sign-In with OpenID Connect
- */
-export declare class GoogleOAuthProvider extends OAuthProvider {
-    readonly name = "google";
-    readonly authorizationUrl = "https://accounts.google.com/o/oauth2/v2/auth";
-    readonly tokenUrl = "https://oauth2.googleapis.com/token";
-    readonly userInfoUrl = "https://www.googleapis.com/oauth2/v2/userinfo";
-    readonly revokeUrl = "https://oauth2.googleapis.com/revoke";
-    readonly jwksUrl = "https://www.googleapis.com/oauth2/v3/certs";
-    constructor(config: ProviderConfig);
-    /**
-     * Get default scopes for Google
-     */
-    protected getDefaultScopes(): string[];
-    /**
-     * Get expected issuer for Google
-     */
-    protected getExpectedIssuer(): string;
-    /**
-     * Normalize Google user info to common format
-     */
-    protected normalizeUserInfo(data: any): UserInfo;
-    /**
-     * Additional Google-specific ID token validation
-     */
-    protected validateIdTokenClaims(claims: IdTokenClaims): void;
-    /**
-     * Google-specific user info enrichment
-     * Can fetch additional profile data if needed
-     */
-    getEnrichedUserInfo(accessToken: string): Promise<UserInfo>;
-    /**
-     * Check if user has specific Google service access
-     */
-    checkServiceAccess(accessToken: string, service: 'calendar' | 'drive' | 'gmail'): Promise<boolean>;
-    /**
-     * Revoke Google tokens
-     * Google supports revoking both access and refresh tokens
-     */
-    revokeToken(token: string, tokenType?: 'access_token' | 'refresh_token'): Promise<void>;
-    /**
-     * Handle Google-specific errors
-     */
-    protected handleProviderError(error: any): never;
-}
-//# sourceMappingURL=google.d.ts.map