nitrostack 1.0.73 → 1.0.74

package/dist/auth/__tests__/api-key.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=api-key.test.d.ts.map

package/dist/auth/__tests__/api-key.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/api-key.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/api-key.test.js

@@ -0,0 +1,136 @@
+import { jest, describe, it, expect, beforeEach } from '@jest/globals';
+import { createAPIKeyAuth, generateAPIKey, hashAPIKey, isValidAPIKeyFormat, validateAPIKeyWithMetadata, generateAPIKeyWithMetadata } from '../api-key.js';
+describe('API Key Auth', () => {
+    describe('Utilities', () => {
+        it('should generate valid keys', () => {
+            const key = generateAPIKey();
+            expect(key.startsWith('sk_')).toBe(true);
+            expect(isValidAPIKeyFormat(key)).toBe(true);
+        });
+        it('should hash keys consistently', () => {
+            const key = 'test-key';
+            const hash1 = hashAPIKey(key);
+            const hash2 = hashAPIKey(key);
+            expect(hash1).toBe(hash2);
+            expect(hash1).not.toBe(key);
+        });
+        it('should validate format', () => {
+            expect(isValidAPIKeyFormat('sk_12345678901234567890123456789012', 'sk')).toBe(true);
+            expect(isValidAPIKeyFormat('invalid')).toBe(false);
+        });
+        it('should validate metadata', () => {
+            const metadata = {
+                hashed: 'hash',
+                name: 'test',
+                createdAt: new Date(),
+                scopes: ['read']
+            };
+            const result = validateAPIKeyWithMetadata('key', metadata, ['read']);
+            expect(result.valid).toBe(true);
+            const failResult = validateAPIKeyWithMetadata('key', metadata, ['write']);
+            expect(failResult.valid).toBe(false);
+        });
+    });
+    describe('Middleware', () => {
+        let req;
+        let res;
+        let next;
+        beforeEach(() => {
+            req = { headers: {}, query: {} };
+            res = {
+                status: jest.fn().mockReturnThis(),
+                json: jest.fn()
+            };
+            next = jest.fn();
+        });
+        it('should authenticate with valid key in header', async () => {
+            const middleware = createAPIKeyAuth({ keys: ['valid-key'] });
+            req.headers['x-api-key'] = 'valid-key';
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+            expect(req.auth.authenticated).toBe(true);
+        });
+        it('should reject missing key', async () => {
+            const middleware = createAPIKeyAuth({ keys: ['valid-key'] });
+            await middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(401);
+        });
+        it('should reject invalid key', async () => {
+            const middleware = createAPIKeyAuth({ keys: ['valid-key'] });
+            req.headers['x-api-key'] = 'invalid-key';
+            await middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(401);
+        });
+        it('should support hashed keys', async () => {
+            const key = 'my-secret-key';
+            const hashed = hashAPIKey(key);
+            const middleware = createAPIKeyAuth({ keys: [hashed], hashed: true });
+            req.headers['x-api-key'] = key;
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+        });
+    });
+    describe('Extended Features', () => {
+        let req;
+        let res;
+        let next;
+        beforeEach(() => {
+            req = { headers: {}, query: {} };
+            res = {
+                status: jest.fn().mockReturnThis(),
+                json: jest.fn()
+            };
+            next = jest.fn();
+        });
+        it('should accept query parameters if configured', async () => {
+            const middleware = createAPIKeyAuth({
+                keys: ['k'],
+                allowQueryParam: true
+            });
+            req.query['api_key'] = 'k';
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+        });
+        it('should use custom query param name', async () => {
+            const middleware = createAPIKeyAuth({
+                keys: ['k'],
+                allowQueryParam: true,
+                queryParamName: 'token'
+            });
+            req.query['token'] = 'k';
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+        });
+        it('should use custom validation', async () => {
+            const middleware = createAPIKeyAuth({
+                keys: ['k'],
+                customValidation: async (key) => key === 'k'
+            });
+            req.headers['x-api-key'] = 'k';
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+        });
+        it('should throw error if config invalid', () => {
+            expect(() => createAPIKeyAuth({ keys: [] })).toThrow();
+        });
+        it('should generate metadata', () => {
+            const meta = generateAPIKeyWithMetadata({
+                name: 'test',
+                prefix: 'test',
+                expiresIn: 30,
+                scopes: ['read']
+            });
+            expect(meta.key).toMatch(/^test_/);
+            expect(meta.expiresAt).toBeDefined();
+            expect(meta.scopes).toContain('read');
+        });
+        it('should validate expiration', () => {
+            const entry = {
+                name: 't', hashed: 'h', createdAt: new Date(),
+                expiresAt: new Date(Date.now() - 1000) // expired
+            };
+            expect(validateAPIKeyWithMetadata('k', entry).valid).toBe(false);
+        });
+    });
+});
+//# sourceMappingURL=api-key.test.js.map

package/dist/auth/__tests__/api-key.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/api-key.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EACH,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,mBAAmB,EACnB,0BAA0B,EAC1B,0BAA0B,EAC7B,MAAM,eAAe,CAAC;AAEvB,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC1B,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;QACvB,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YAClC,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACrC,MAAM,GAAG,GAAG,UAAU,CAAC;YACvB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;YAC9B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAC9B,MAAM,CAAC,mBAAmB,CAAC,qCAAqC,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpF,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAChC,MAAM,QAAQ,GAAG;gBACb,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,MAAM,EAAE,CAAC,MAAM,CAAC;aACnB,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEhC,MAAM,UAAU,GAAG,0BAA0B,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1E,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QACxB,IAAI,GAAQ,CAAC;QACb,IAAI,GAAQ,CAAC;QACb,IAAI,IAAS,CAAC;QAEd,UAAU,CAAC,GAAG,EAAE;YACZ,GAAG,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;YACjC,GAAG,GAAG;gBACF,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;gBAClC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;aAClB,CAAC;YACF,IAAI,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7D,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,WAAW,CAAC;YAEvC,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7D,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7D,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC;YACzC,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YACxC,MAAM,GAAG,GAAG,eAAe,CAAC;YAC5B,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;YAC/B,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YAEtE,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC;YAC/B,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC/B,IAAI,GAAQ,CAAC;QACb,IAAI,GAAQ,CAAC;QACb,IAAI,IAAS,CAAC;QAEd,UAAU,CAAC,GAAG,EAAE;YACZ,GAAG,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;YACjC,GAAG,GAAG;gBACF,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;gBAClC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;aAClB,CAAC;YACF,IAAI,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,UAAU,GAAG,gBAAgB,CAAC;gBAChC,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,eAAe,EAAE,IAAI;aACxB,CAAC,CAAC;YACH,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC;YAC3B,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,UAAU,GAAG,gBAAgB,CAAC;gBAChC,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,eAAe,EAAE,IAAI;gBACrB,cAAc,EAAE,OAAO;aAC1B,CAAC,CAAC;YACH,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC;YACzB,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,UAAU,GAAG,gBAAgB,CAAC;gBAChC,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,gBAAgB,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE,CAAC,GAAG,KAAK,GAAG;aACvD,CAAC,CAAC;YACH,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC;YAC/B,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,MAAM,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAChC,MAAM,IAAI,GAAG,0BAA0B,CAAC;gBACpC,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,MAAM;gBACd,SAAS,EAAE,EAAE;gBACb,MAAM,EAAE,CAAC,MAAM,CAAC;aACnB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YAClC,MAAM,KAAK,GAAG;gBACV,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE;gBAC7C,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,UAAU;aACpD,CAAC;YACF,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/middleware.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=middleware.test.d.ts.map

package/dist/auth/__tests__/middleware.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/middleware.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/middleware.test.js

@@ -0,0 +1,186 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { jest, describe, it, expect, beforeEach } from '@jest/globals';
+// Mock token-validation
+const mockValidateToken = jest.fn();
+const mockExtractBearerToken = jest.fn();
+const mockValidateScopes = jest.fn();
+jest.unstable_mockModule('../token-validation.js', () => ({
+    validateToken: mockValidateToken,
+    extractBearerToken: mockExtractBearerToken,
+    validateScopes: mockValidateScopes,
+}));
+// Mock server-metadata
+const mockGenerateHeader = jest.fn();
+jest.unstable_mockModule('../server-metadata.js', () => ({
+    generateWWWAuthenticateHeader: mockGenerateHeader,
+}));
+const { createAuthMiddleware, requireScopes, optionalAuth, isAuthenticated, hasScope, hasAnyScope, hasAllScopes, RequireScopes } = await import('../middleware.js');
+describe('Auth Middleware', () => {
+    let req;
+    let res;
+    let next;
+    const mockConfig = {
+        resourceUri: 'https://api',
+        authorizationServers: ['https://auth']
+    };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        req = { headers: {} };
+        res = {
+            status: jest.fn().mockReturnThis(),
+            json: jest.fn(),
+            header: jest.fn().mockReturnThis(),
+        };
+        next = jest.fn();
+        mockGenerateHeader.mockReturnValue('Bearer realm="test"');
+        mockValidateScopes.mockReturnValue(true);
+    });
+    describe('createAuthMiddleware', () => {
+        it('should reject missing token', async () => {
+            const middleware = createAuthMiddleware(mockConfig);
+            mockExtractBearerToken.mockReturnValue(null);
+            await middleware(req, res, next);
+            expect(mockExtractBearerToken).toHaveBeenCalled();
+            expect(res.status).toHaveBeenCalledWith(401);
+            expect(next).not.toHaveBeenCalled();
+        });
+        it('should accept valid token', async () => {
+            const middleware = createAuthMiddleware(mockConfig);
+            mockExtractBearerToken.mockReturnValue('valid');
+            mockValidateToken.mockResolvedValue({
+                valid: true,
+                introspection: { client_id: 'client', sub: 'user', scope: 'read' }
+            });
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+            expect(req.auth.authenticated).toBe(true);
+            expect(req.auth.scopes).toContain('read');
+        });
+        it('should reject invalid token', async () => {
+            const middleware = createAuthMiddleware(mockConfig);
+            mockExtractBearerToken.mockReturnValue('invalid');
+            mockValidateToken.mockResolvedValue({ valid: false });
+            await middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(401);
+            expect(next).not.toHaveBeenCalled();
+        });
+    });
+    describe('requireScopes', () => {
+        it('should allow if scopes present', () => {
+            req.auth = { authenticated: true, scopes: ['read', 'write'], tokenInfo: {} };
+            mockValidateScopes.mockReturnValue(true);
+            const middleware = requireScopes('read');
+            middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+        });
+        it('should reject if scopes missing', () => {
+            req.auth = { authenticated: true, scopes: ['read'], tokenInfo: {} };
+            mockValidateScopes.mockReturnValue(false);
+            const middleware = requireScopes('write');
+            middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(403);
+            expect(next).not.toHaveBeenCalled();
+        });
+        it('should reject not authenticated', () => {
+            req.auth = { authenticated: false };
+            const middleware = requireScopes('read');
+            middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(401);
+        });
+    });
+    describe('optionalAuth', () => {
+        it('should proceed unauthenticated if no token', async () => {
+            const middleware = optionalAuth(mockConfig);
+            mockExtractBearerToken.mockReturnValue(null);
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+            expect(req.auth.authenticated).toBe(false);
+        });
+        it('should authenticate if token valid', async () => {
+            const middleware = optionalAuth(mockConfig);
+            mockExtractBearerToken.mockReturnValue('valid');
+            mockValidateToken.mockResolvedValue({
+                valid: true,
+                introspection: { client_id: 'c', scope: 's' }
+            });
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+            expect(req.auth.authenticated).toBe(true);
+        });
+    });
+    describe('Helpers', () => {
+        describe('isAuthenticated', () => {
+            it('should return true if authenticated', () => {
+                expect(isAuthenticated({ auth: { authenticated: true } })).toBe(true);
+            });
+            it('should return false if not', () => {
+                expect(isAuthenticated({ auth: { authenticated: false } })).toBe(false);
+                expect(isAuthenticated({})).toBe(false);
+            });
+        });
+        describe('Scoping Helpers', () => {
+            const req = { auth: { scopes: ['read', 'write'] } };
+            it('hasScope', () => {
+                expect(hasScope(req, 'read')).toBe(true);
+                expect(hasScope(req, 'admin')).toBe(false);
+            });
+            it('hasAnyScope', () => {
+                expect(hasAnyScope(req, ['admin', 'read'])).toBe(true);
+                expect(hasAnyScope(req, ['a', 'b'])).toBe(false);
+            });
+            it('hasAllScopes', () => {
+                expect(hasAllScopes(req, ['read', 'write'])).toBe(true);
+                expect(hasAllScopes(req, ['read', 'admin'])).toBe(false);
+            });
+        });
+        describe('@RequireScopes Decorator', () => {
+            class TestController {
+                async check(req, res) { }
+            }
+            __decorate([
+                RequireScopes('admin'),
+                __metadata("design:type", Function),
+                __metadata("design:paramtypes", [Object, Object]),
+                __metadata("design:returntype", Promise)
+            ], TestController.prototype, "check", null);
+            it('should restrict access', async () => {
+                const ctrl = new TestController();
+                // We need to invoke the logic inside the decorator.
+                // The decorator replaces the method descriptor.value.
+                // Let's re-instantiate or just call the method on prototype/instance
+                // The decorator runs at definition time, so instance.check is the wrapped function.
+                mockValidateScopes.mockReturnValue(false);
+                const req = { auth: { authenticated: true, tokenInfo: {}, scopes: ['user'] } };
+                const res = { status: jest.fn().mockReturnThis(), json: jest.fn(), header: jest.fn().mockReturnThis() };
+                await ctrl.check(req, res);
+                expect(res.status).toHaveBeenCalledWith(403);
+            });
+            it('should allow access', async () => {
+                const ctrl = new TestController();
+                mockValidateScopes.mockReturnValue(true);
+                const req = { auth: { authenticated: true, tokenInfo: {}, scopes: ['admin'] } };
+                const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
+                await ctrl.check(req, res);
+                // If allowed, it should return original method result (undefined in this case)
+                // and NOT call res.status(403)
+                expect(res.status).not.toHaveBeenCalled();
+            });
+            it('should 401 if not authenticated', async () => {
+                const ctrl = new TestController();
+                const req = { auth: { authenticated: false } };
+                const res = { status: jest.fn().mockReturnThis(), json: jest.fn() };
+                await ctrl.check(req, res);
+                expect(res.status).toHaveBeenCalledWith(401);
+            });
+        });
+    });
+});
+//# sourceMappingURL=middleware.test.js.map

package/dist/auth/__tests__/middleware.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/middleware.test.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAEvE,wBAAwB;AACxB,MAAM,iBAAiB,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;AACpC,MAAM,sBAAsB,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;AACzC,MAAM,kBAAkB,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;AAErC,IAAI,CAAC,mBAAmB,CAAC,wBAAwB,EAAE,GAAG,EAAE,CAAC,CAAC;IACtD,aAAa,EAAE,iBAAiB;IAChC,kBAAkB,EAAE,sBAAsB;IAC1C,cAAc,EAAE,kBAAkB;CACrC,CAAC,CAAC,CAAC;AAEJ,uBAAuB;AACvB,MAAM,kBAAkB,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;AAErC,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,EAAE,GAAG,EAAE,CAAC,CAAC;IACrD,6BAA6B,EAAE,kBAAkB;CACpD,CAAC,CAAC,CAAC;AAGJ,MAAM,EACF,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,WAAW,EACX,YAAY,EACZ,aAAa,EAChB,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;AAErC,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC7B,IAAI,GAAQ,CAAC;IACb,IAAI,GAAQ,CAAC;IACb,IAAI,IAAS,CAAC;IAEd,MAAM,UAAU,GAAG;QACf,WAAW,EAAE,aAAa;QAC1B,oBAAoB,EAAE,CAAC,cAAc,CAAC;KACzC,CAAC;IAEF,UAAU,CAAC,GAAG,EAAE;QACZ,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,GAAG,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACtB,GAAG,GAAG;YACF,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;YAClC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;YACf,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;SACrC,CAAC;QACF,IAAI,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAChB,kBAA0B,CAAC,eAAe,CAAC,qBAAqB,CAAC,CAAC;QAClE,kBAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YACzC,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;YACnD,sBAA8B,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAEtD,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAEjC,MAAM,CAAC,sBAAsB,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAClD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;YACnD,sBAA8B,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACxD,iBAAyB,CAAC,iBAAiB,CAAC;gBACzC,KAAK,EAAE,IAAI;gBACX,aAAa,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE;aACrE,CAAC,CAAC;YAEH,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAEjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YACzC,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;YACnD,sBAA8B,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAC1D,iBAAyB,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YAE/D,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAEjC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACtC,GAAG,CAAC,IAAI,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;YAC5E,kBAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACzC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAE3B,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACvC,GAAG,CAAC,IAAI,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;YACnE,kBAA0B,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAEnD,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAC1C,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAE3B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACvC,GAAG,CAAC,IAAI,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;YACpC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACzC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC3B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;YAC3C,sBAA8B,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAEtD,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;YAC3C,sBAA8B,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACxD,iBAAyB,CAAC,iBAAiB,CAAC;gBACzC,KAAK,EAAE,IAAI;gBACX,aAAa,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;aAChD,CAAC,CAAC;YAEH,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;QACrB,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;YAC7B,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;gBAC3C,MAAM,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,EAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjF,CAAC,CAAC,CAAC;YACH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;gBAClC,MAAM,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,EAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/E,MAAM,CAAC,eAAe,CAAC,EAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;YAC7B,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAS,CAAC;YAE3D,EAAE,CAAC,UAAU,EAAE,GAAG,EAAE;gBAChB,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzC,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/C,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,aAAa,EAAE,GAAG,EAAE;gBACnB,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvD,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,cAAc,EAAE,GAAG,EAAE;gBACpB,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACxD,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7D,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;YACtC,MAAM,cAAc;gBAEV,AAAN,KAAK,CAAC,KAAK,CAAC,GAAQ,EAAE,GAAQ,IAAI,CAAC;aACtC;YADS;gBADL,aAAa,CAAC,OAAO,CAAC;;;;uDACY;YAGvC,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;gBACpC,MAAM,IAAI,GAAG,IAAI,cAAc,EAAE,CAAC;gBAClC,oDAAoD;gBACpD,sDAAsD;gBAEtD,qEAAqE;gBACrE,oFAAoF;gBAEnF,kBAA0B,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;gBAEnD,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBAC/E,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE,EAAE,CAAC;gBAExG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBAE3B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,qBAAqB,EAAE,KAAK,IAAI,EAAE;gBACjC,MAAM,IAAI,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,kBAA0B,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;gBAElD,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;gBAChF,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC;gBAEpE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBAE3B,+EAA+E;gBAC/E,+BAA+B;gBAC/B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YAC9C,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;gBAC7C,MAAM,IAAI,GAAG,IAAI,cAAc,EAAE,CAAC;gBAClC,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC/C,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC;gBACpE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBAC3B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/pkce.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=pkce.test.d.ts.map

package/dist/auth/__tests__/pkce.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/pkce.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/pkce.test.js

@@ -0,0 +1,61 @@
+import { describe, it, expect } from '@jest/globals';
+import { generateCodeVerifier, generateCodeChallenge, verifyPKCE, isValidCodeVerifier, validatePKCESupport } from '../pkce';
+describe('PKCE Utilities', () => {
+    describe('generateCodeVerifier', () => {
+        it('should generate a valid code verifier', () => {
+            const verifier = generateCodeVerifier();
+            expect(typeof verifier).toBe('string');
+            expect(verifier.length).toBeGreaterThanOrEqual(43);
+            expect(verifier.length).toBeLessThanOrEqual(128);
+            expect(isValidCodeVerifier(verifier)).toBe(true);
+        });
+        it('should be unique', () => {
+            const v1 = generateCodeVerifier();
+            const v2 = generateCodeVerifier();
+            expect(v1).not.toBe(v2);
+        });
+    });
+    describe('generateCodeChallenge', () => {
+        it('should generate a valid S256 challenge', () => {
+            const verifier = 'test-verifier-1234567890-1234567890-1234567890';
+            const challenge = generateCodeChallenge(verifier, 'S256');
+            expect(typeof challenge).toBe('string');
+            expect(challenge.length).toBeGreaterThan(0);
+            // S256 of the specific verifier above
+            // You can verify this with an online generator if you want strict checking, 
+            // but checking it returns a string and is consistent is usually enough for unit test logic
+            const challenge2 = generateCodeChallenge(verifier, 'S256');
+            expect(challenge).toBe(challenge2);
+        });
+        it('should support plain method', () => {
+            const verifier = 'test-verifier';
+            const challenge = generateCodeChallenge(verifier, 'plain');
+            expect(challenge).toBe(verifier);
+        });
+    });
+    describe('verifyPKCE', () => {
+        it('should verify correct challenge', () => {
+            const verifier = generateCodeVerifier();
+            const challenge = generateCodeChallenge(verifier, 'S256');
+            expect(verifyPKCE(verifier, challenge, 'S256')).toBe(true);
+        });
+        it('should fail strict S256 verification if mismatched', () => {
+            const verifier = generateCodeVerifier();
+            const otherVerifier = generateCodeVerifier();
+            const challenge = generateCodeChallenge(otherVerifier, 'S256');
+            expect(verifyPKCE(verifier, challenge, 'S256')).toBe(false);
+        });
+    });
+    describe('validatePKCESupport', () => {
+        it('should return false if empty', () => {
+            expect(validatePKCESupport([])).toBe(false);
+            expect(validatePKCESupport(undefined)).toBe(false);
+        });
+        it('should require S256', () => {
+            expect(validatePKCESupport(['plain'])).toBe(false);
+            expect(validatePKCESupport(['S256'])).toBe(true);
+            expect(validatePKCESupport(['plain', 'S256'])).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=pkce.test.js.map

package/dist/auth/__tests__/pkce.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/pkce.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,UAAU,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE5H,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC5B,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;YACxC,MAAM,CAAC,OAAO,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YACxB,MAAM,EAAE,GAAG,oBAAoB,EAAE,CAAC;YAClC,MAAM,EAAE,GAAG,oBAAoB,EAAE,CAAC;YAClC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAC9C,MAAM,QAAQ,GAAG,gDAAgD,CAAC;YAClE,MAAM,SAAS,GAAG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,CAAC,OAAO,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC5C,sCAAsC;YACtC,6EAA6E;YAC7E,2FAA2F;YAC3F,MAAM,UAAU,GAAG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC3D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACnC,MAAM,QAAQ,GAAG,eAAe,CAAC;YACjC,MAAM,SAAS,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;YACxC,MAAM,SAAS,GAAG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC1D,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;YAC7C,MAAM,SAAS,GAAG,qBAAqB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/D,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;YAC3B,MAAM,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,MAAM,CAAC,mBAAmB,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/secure-secret.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=secure-secret.test.d.ts.map

package/dist/auth/__tests__/secure-secret.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-secret.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/secure-secret.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/secure-secret.test.js

@@ -0,0 +1,42 @@
+import { jest, describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import { SecretValue } from '../secure-secret.js';
+describe('SecureSecret', () => {
+    describe('SecretValue', () => {
+        const originalEnv = process.env;
+        beforeEach(() => {
+            jest.resetModules();
+            process.env = { ...originalEnv };
+        });
+        afterEach(() => {
+            process.env = originalEnv;
+        });
+        it('should create from environment variable', () => {
+            process.env.TEST_SECRET = 'super-secret-value-123';
+            const secret = SecretValue.fromEnv('TEST_SECRET');
+            expect(secret.getValue()).toBe('super-secret-value-123');
+            expect(secret.isFromEnvironment()).toBe(true);
+        });
+        it('should throw if environment variable is missing', () => {
+            delete process.env.MISSING_SECRET;
+            expect(() => SecretValue.fromEnv('MISSING_SECRET')).toThrow();
+        });
+        it('should create from explicit value with option', () => {
+            const secret = SecretValue.fromValue('explicit-value', { allowHardcoded: true });
+            expect(secret.getValue()).toBe('explicit-value');
+            expect(secret.isFromEnvironment()).toBe(false);
+        });
+        it('should throw if creating from value without allowHardcoded', () => {
+            expect(() => SecretValue.fromValue('fail')).toThrow();
+        });
+        it('should redact toString/toJSON', () => {
+            const secret = SecretValue.fromValue('secret', { allowHardcoded: true });
+            expect(secret.toString()).toContain('REDACTED');
+            expect(JSON.stringify(secret)).toContain('REDACTED');
+        });
+        it('should unwrap', () => {
+            const secret = SecretValue.fromValue('secret', { allowHardcoded: true });
+            expect(secret.unwrap()).toBe('secret');
+        });
+    });
+});
+//# sourceMappingURL=secure-secret.test.js.map

package/dist/auth/__tests__/secure-secret.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-secret.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/secure-secret.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElD,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC1B,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QACzB,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC;QAEhC,UAAU,CAAC,GAAG,EAAE;YACZ,IAAI,CAAC,YAAY,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,SAAS,CAAC,GAAG,EAAE;YACX,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,wBAAwB,CAAC;YACnD,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACvD,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;YAClC,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACrD,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,gBAAgB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YACjF,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YAClE,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,eAAe,EAAE,GAAG,EAAE;YACrB,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/simple-jwt.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=simple-jwt.test.d.ts.map

package/dist/auth/__tests__/simple-jwt.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"simple-jwt.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/simple-jwt.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/simple-jwt.test.js

@@ -0,0 +1,68 @@
+import { jest, describe, it, expect, beforeEach } from '@jest/globals';
+import { createSimpleJWTAuth, generateJWT } from '../simple-jwt';
+import jwt from 'jsonwebtoken';
+describe('Simple JWT', () => {
+    const secret = 'test-secret';
+    describe('generateJWT', () => {
+        it('should generate a valid JWT', () => {
+            const token = generateJWT({
+                secret,
+                payload: { sub: 'user1' }
+            });
+            expect(typeof token).toBe('string');
+            const decoded = jwt.decode(token);
+            expect(decoded).toMatchObject({ sub: 'user1' });
+        });
+    });
+    describe('createSimpleJWTAuth middleware', () => {
+        let req;
+        let res;
+        let next;
+        beforeEach(() => {
+            req = {
+                headers: {}
+            };
+            res = {
+                status: jest.fn().mockReturnThis(),
+                json: jest.fn()
+            };
+            next = jest.fn();
+        });
+        it('should 401 if no header', async () => {
+            const middleware = createSimpleJWTAuth({ secret });
+            await middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(401);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({ error: 'unauthorized' }));
+        });
+        it('should 401 if valid token but wrong secret', async () => {
+            const token = generateJWT({ secret: 'wrong-secret', payload: { sub: 'user1' } });
+            req.headers = { authorization: `Bearer ${token}` };
+            const middleware = createSimpleJWTAuth({ secret });
+            await middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(401);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({ error: 'invalid_token' }));
+        });
+        it('should call next() and populate req.auth on success', async () => {
+            const token = generateJWT({ secret, payload: { sub: 'user1', scope: 'read' } });
+            req.headers = { authorization: `Bearer ${token}` };
+            const middleware = createSimpleJWTAuth({ secret });
+            await middleware(req, res, next);
+            expect(next).toHaveBeenCalled();
+            expect(req.auth).toBeDefined();
+            expect(req.auth.subject).toBe('user1');
+            expect(req.auth.scopes).toContain('read');
+        });
+        it('should enforce custom validation', async () => {
+            const token = generateJWT({ secret, payload: { sub: 'user1', role: 'guest' } });
+            req.headers = { authorization: `Bearer ${token}` };
+            const middleware = createSimpleJWTAuth({
+                secret,
+                customValidation: (p) => p.role === 'admin'
+            });
+            await middleware(req, res, next);
+            expect(res.status).toHaveBeenCalledWith(403);
+            expect(next).not.toHaveBeenCalled();
+        });
+    });
+});
+//# sourceMappingURL=simple-jwt.test.js.map

package/dist/auth/__tests__/simple-jwt.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"simple-jwt.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/simple-jwt.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAmB,MAAM,eAAe,CAAC;AAGlF,OAAO,GAAG,MAAM,cAAc,CAAC;AAE/B,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IACxB,MAAM,MAAM,GAAG,aAAa,CAAC;IAE7B,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QACzB,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACnC,MAAM,KAAK,GAAG,WAAW,CAAC;gBACtB,MAAM;gBACN,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;aAC5B,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpC,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,CAAC,OAAO,CAAC,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;QAC5C,IAAI,GAAqB,CAAC;QAC1B,IAAI,GAAsB,CAAC;QAC3B,IAAI,IAAkB,CAAC;QAEvB,UAAU,CAAC,GAAG,EAAE;YACZ,GAAG,GAAG;gBACF,OAAO,EAAE,EAAE;aACd,CAAC;YACF,GAAG,GAAG;gBACF,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,EAAS;gBACzC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAS;aACzB,CAAC;YACF,IAAI,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACnD,MAAM,UAAU,CAAC,GAAc,EAAE,GAAe,EAAE,IAAI,CAAC,CAAC;YAExD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YACjF,GAAG,CAAC,OAAO,GAAG,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC;YAEnD,MAAM,UAAU,GAAG,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACnD,MAAM,UAAU,CAAC,GAAc,EAAE,GAAe,EAAE,IAAI,CAAC,CAAC;YAExD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YACjE,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;YAChF,GAAG,CAAC,OAAO,GAAG,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC;YAEnD,MAAM,UAAU,GAAG,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACnD,MAAM,UAAU,CAAC,GAAc,EAAE,GAAe,EAAE,IAAI,CAAC,CAAC;YAExD,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,CAAC,GAAG,CAAC,IAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,GAAG,CAAC,IAAK,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YAChF,GAAG,CAAC,OAAO,GAAG,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC;YAEnD,MAAM,UAAU,GAAG,mBAAmB,CAAC;gBACnC,MAAM;gBACN,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO;aAC9C,CAAC,CAAC;YACH,MAAM,UAAU,CAAC,GAAc,EAAE,GAAe,EAAE,IAAI,CAAC,CAAC;YAExD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/token-store.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=token-store.test.d.ts.map

package/dist/auth/__tests__/token-store.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/token-store.test.ts"],"names":[],"mappings":""}