replicas-cli 0.2.12 → 0.2.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/codex-auth.d.ts.map +1 -1
- package/dist/commands/codex-auth.js +24 -33
- package/dist/commands/codex-auth.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/lib/codex-oauth.d.ts +11 -0
- package/dist/lib/codex-oauth.d.ts.map +1 -0
- package/dist/lib/codex-oauth.js +183 -0
- package/dist/lib/codex-oauth.js.map +1 -0
- package/dist/lib/pkce.d.ts +14 -0
- package/dist/lib/pkce.d.ts.map +1 -0
- package/dist/lib/pkce.js +37 -0
- package/dist/lib/pkce.js.map +1 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"codex-auth.d.ts","sourceRoot":"","sources":["../../src/commands/codex-auth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"codex-auth.d.ts","sourceRoot":"","sources":["../../src/commands/codex-auth.ts"],"names":[],"mappings":"AAIA,wBAAsB,gBAAgB,kBA2CrC"}
|
|
@@ -5,49 +5,40 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.codexAuthCommand = codexAuthCommand;
|
|
7
7
|
const chalk_1 = __importDefault(require("chalk"));
|
|
8
|
-
const fs_1 = __importDefault(require("fs"));
|
|
9
|
-
const path_1 = __importDefault(require("path"));
|
|
10
|
-
const os_1 = __importDefault(require("os"));
|
|
11
8
|
const api_1 = require("../lib/api");
|
|
9
|
+
const codex_oauth_1 = require("../lib/codex-oauth");
|
|
12
10
|
async function codexAuthCommand() {
|
|
13
|
-
console.log(chalk_1.default.
|
|
14
|
-
const authJsonPath = path_1.default.join(os_1.default.homedir(), '.codex', 'auth.json');
|
|
15
|
-
let authData = null;
|
|
16
|
-
if (fs_1.default.existsSync(authJsonPath)) {
|
|
17
|
-
try {
|
|
18
|
-
const fileContent = fs_1.default.readFileSync(authJsonPath, 'utf-8');
|
|
19
|
-
authData = JSON.parse(fileContent);
|
|
20
|
-
}
|
|
21
|
-
catch (error) {
|
|
22
|
-
console.log(chalk_1.default.yellow(` Warning: Found auth.json but failed to parse it`));
|
|
23
|
-
}
|
|
24
|
-
}
|
|
25
|
-
if (!authData) {
|
|
26
|
-
throw new Error('Could not find Codex auth.json. Expected at:\n' +
|
|
27
|
-
` - ${authJsonPath}\n\n` +
|
|
28
|
-
'Make sure you have authenticated with Codex CLI first.');
|
|
29
|
-
}
|
|
30
|
-
console.log(chalk_1.default.gray(` Found auth.json at: ${authJsonPath}`));
|
|
31
|
-
if (!authData.tokens || !authData.tokens.access_token || !authData.tokens.refresh_token || !authData.tokens.id_token) {
|
|
32
|
-
throw new Error('Invalid auth.json format: missing required tokens');
|
|
33
|
-
}
|
|
11
|
+
console.log(chalk_1.default.cyan('Authenticating with Codex...\n'));
|
|
34
12
|
try {
|
|
13
|
+
// Run OAuth flow (opens browser, starts local server, gets tokens)
|
|
14
|
+
const tokens = await (0, codex_oauth_1.runCodexOAuthFlow)();
|
|
15
|
+
console.log(chalk_1.default.gray('\nUploading credentials to Replicas...'));
|
|
16
|
+
// Upload credentials to Replicas API
|
|
35
17
|
const response = await (0, api_1.authenticatedFetch)('/v1/codex/credentials', {
|
|
36
18
|
method: 'POST',
|
|
37
19
|
body: {
|
|
38
|
-
access_token:
|
|
39
|
-
refresh_token:
|
|
40
|
-
id_token:
|
|
20
|
+
access_token: tokens.accessToken,
|
|
21
|
+
refresh_token: tokens.refreshToken,
|
|
22
|
+
id_token: tokens.idToken,
|
|
41
23
|
},
|
|
42
24
|
});
|
|
43
|
-
|
|
44
|
-
|
|
25
|
+
if (response.success) {
|
|
26
|
+
console.log(chalk_1.default.green('\n✓ Codex authentication complete!'));
|
|
27
|
+
if (response.email) {
|
|
28
|
+
console.log(chalk_1.default.gray(` Account: ${response.email}`));
|
|
29
|
+
}
|
|
30
|
+
if (response.planType) {
|
|
31
|
+
console.log(chalk_1.default.gray(` Plan: ${response.planType}`));
|
|
32
|
+
}
|
|
33
|
+
console.log(chalk_1.default.gray('\nYou can now use Codex in your workspaces.\n'));
|
|
34
|
+
}
|
|
35
|
+
else {
|
|
36
|
+
throw new Error(response.error || 'Failed to upload Codex credentials to Replicas');
|
|
37
|
+
}
|
|
45
38
|
}
|
|
46
39
|
catch (error) {
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
}
|
|
50
|
-
throw error;
|
|
40
|
+
console.log(chalk_1.default.red('\n✗ Error:'), error instanceof Error ? error.message : error);
|
|
41
|
+
process.exit(1);
|
|
51
42
|
}
|
|
52
43
|
}
|
|
53
44
|
//# sourceMappingURL=codex-auth.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"codex-auth.js","sourceRoot":"","sources":["../../src/commands/codex-auth.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"codex-auth.js","sourceRoot":"","sources":["../../src/commands/codex-auth.ts"],"names":[],"mappings":";;;;;AAIA,4CA2CC;AA/CD,kDAA0B;AAC1B,oCAAgD;AAChD,oDAAuD;AAEhD,KAAK,UAAU,gBAAgB;IACpC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAE1D,IAAI,CAAC;QACH,mEAAmE;QACnE,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAiB,GAAE,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC,CAAC;QAElE,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAkB,EAMvC,uBAAuB,EACvB;YACE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,QAAQ,EAAE,MAAM,CAAC,OAAO;aACzB;SACF,CACF,CAAC;QAEF,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC;YAC/D,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YAC1D,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,IAAI,gDAAgD,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACrF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -20,7 +20,7 @@ const program = new commander_1.Command();
|
|
|
20
20
|
program
|
|
21
21
|
.name('replicas')
|
|
22
22
|
.description('CLI for managing Replicas workspaces')
|
|
23
|
-
.version('0.2.
|
|
23
|
+
.version('0.2.13');
|
|
24
24
|
program
|
|
25
25
|
.command('login')
|
|
26
26
|
.description('Authenticate with your Replicas account')
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export interface CodexTokens {
|
|
2
|
+
idToken: string;
|
|
3
|
+
accessToken: string;
|
|
4
|
+
refreshToken: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Run the complete OAuth flow
|
|
8
|
+
* Opens browser, starts local server, waits for callback, exchanges code for tokens
|
|
9
|
+
*/
|
|
10
|
+
export declare function runCodexOAuthFlow(): Promise<CodexTokens>;
|
|
11
|
+
//# sourceMappingURL=codex-oauth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"codex-oauth.d.ts","sourceRoot":"","sources":["../../src/lib/codex-oauth.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAyKD;;;GAGG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,WAAW,CAAC,CAiC9D"}
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.runCodexOAuthFlow = runCodexOAuthFlow;
|
|
7
|
+
const http_1 = __importDefault(require("http"));
|
|
8
|
+
const url_1 = require("url");
|
|
9
|
+
const open_1 = __importDefault(require("open"));
|
|
10
|
+
const pkce_1 = require("./pkce");
|
|
11
|
+
const CODEX_OAUTH_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
|
|
12
|
+
const AUTHORIZATION_ENDPOINT = 'https://auth.openai.com/oauth/authorize';
|
|
13
|
+
const TOKEN_ENDPOINT = 'https://auth.openai.com/oauth/token';
|
|
14
|
+
const CALLBACK_PORT = 1455;
|
|
15
|
+
const CALLBACK_PATH = '/auth/callback';
|
|
16
|
+
const WEB_APP_URL = process.env.REPLICAS_WEB_URL || 'https://replicas.dev';
|
|
17
|
+
/**
|
|
18
|
+
* Build OAuth authorization URL with PKCE
|
|
19
|
+
*/
|
|
20
|
+
function buildAuthorizationUrl(codeChallenge, state) {
|
|
21
|
+
const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
|
|
22
|
+
const params = new URLSearchParams({
|
|
23
|
+
response_type: 'code',
|
|
24
|
+
client_id: CODEX_OAUTH_CLIENT_ID,
|
|
25
|
+
redirect_uri: redirectUri,
|
|
26
|
+
scope: 'openid profile email offline_access',
|
|
27
|
+
code_challenge: codeChallenge,
|
|
28
|
+
code_challenge_method: 'S256',
|
|
29
|
+
id_token_add_organizations: 'true',
|
|
30
|
+
codex_cli_simplified_flow: 'true',
|
|
31
|
+
state: state,
|
|
32
|
+
originator: 'codex_cli_rs',
|
|
33
|
+
});
|
|
34
|
+
return `${AUTHORIZATION_ENDPOINT}?${params.toString()}`;
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Exchange authorization code for tokens
|
|
38
|
+
*/
|
|
39
|
+
async function exchangeCodeForTokens(code, codeVerifier) {
|
|
40
|
+
const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
|
|
41
|
+
const params = new URLSearchParams({
|
|
42
|
+
grant_type: 'authorization_code',
|
|
43
|
+
code: code,
|
|
44
|
+
redirect_uri: redirectUri,
|
|
45
|
+
client_id: CODEX_OAUTH_CLIENT_ID,
|
|
46
|
+
code_verifier: codeVerifier,
|
|
47
|
+
});
|
|
48
|
+
const response = await fetch(TOKEN_ENDPOINT, {
|
|
49
|
+
method: 'POST',
|
|
50
|
+
headers: {
|
|
51
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
52
|
+
},
|
|
53
|
+
body: params.toString(),
|
|
54
|
+
});
|
|
55
|
+
if (!response.ok) {
|
|
56
|
+
const errorText = await response.text();
|
|
57
|
+
throw new Error(`Failed to exchange code for tokens: ${response.status} ${errorText}`);
|
|
58
|
+
}
|
|
59
|
+
const data = await response.json();
|
|
60
|
+
return {
|
|
61
|
+
idToken: data.id_token,
|
|
62
|
+
accessToken: data.access_token,
|
|
63
|
+
refreshToken: data.refresh_token,
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Start local HTTP server to receive OAuth callback
|
|
68
|
+
*/
|
|
69
|
+
function startCallbackServer(expectedState, codeVerifier) {
|
|
70
|
+
return new Promise((resolve, reject) => {
|
|
71
|
+
const server = http_1.default.createServer(async (req, res) => {
|
|
72
|
+
try {
|
|
73
|
+
if (!req.url) {
|
|
74
|
+
res.writeHead(400);
|
|
75
|
+
res.end('Bad Request');
|
|
76
|
+
return;
|
|
77
|
+
}
|
|
78
|
+
const url = new url_1.URL(req.url, `http://127.0.0.1:${CALLBACK_PORT}`);
|
|
79
|
+
// Handle callback
|
|
80
|
+
if (url.pathname === CALLBACK_PATH) {
|
|
81
|
+
const code = url.searchParams.get('code');
|
|
82
|
+
const state = url.searchParams.get('state');
|
|
83
|
+
const error = url.searchParams.get('error');
|
|
84
|
+
const errorDescription = url.searchParams.get('error_description');
|
|
85
|
+
// Check for errors from OAuth provider
|
|
86
|
+
if (error) {
|
|
87
|
+
const errorMessage = encodeURIComponent(`${error}: ${errorDescription || 'Unknown error'}`);
|
|
88
|
+
res.writeHead(302, { 'Location': `${WEB_APP_URL}/codex/oauth/error?message=${errorMessage}` });
|
|
89
|
+
res.end();
|
|
90
|
+
server.close();
|
|
91
|
+
reject(new Error(`OAuth error: ${error} - ${errorDescription}`));
|
|
92
|
+
return;
|
|
93
|
+
}
|
|
94
|
+
// Validate state (CSRF protection)
|
|
95
|
+
if (state !== expectedState) {
|
|
96
|
+
const errorMessage = encodeURIComponent('State parameter mismatch. Possible CSRF attack.');
|
|
97
|
+
res.writeHead(302, { 'Location': `${WEB_APP_URL}/codex/oauth/error?message=${errorMessage}` });
|
|
98
|
+
res.end();
|
|
99
|
+
server.close();
|
|
100
|
+
reject(new Error('State mismatch - possible CSRF attack'));
|
|
101
|
+
return;
|
|
102
|
+
}
|
|
103
|
+
// Validate code
|
|
104
|
+
if (!code) {
|
|
105
|
+
const errorMessage = encodeURIComponent('No authorization code received.');
|
|
106
|
+
res.writeHead(302, { 'Location': `${WEB_APP_URL}/codex/oauth/error?message=${errorMessage}` });
|
|
107
|
+
res.end();
|
|
108
|
+
server.close();
|
|
109
|
+
reject(new Error('No authorization code received'));
|
|
110
|
+
return;
|
|
111
|
+
}
|
|
112
|
+
// Exchange code for tokens
|
|
113
|
+
try {
|
|
114
|
+
const tokens = await exchangeCodeForTokens(code, codeVerifier);
|
|
115
|
+
res.writeHead(302, { 'Location': `${WEB_APP_URL}/codex/oauth/success` });
|
|
116
|
+
res.end();
|
|
117
|
+
server.close();
|
|
118
|
+
resolve(tokens);
|
|
119
|
+
}
|
|
120
|
+
catch (tokenError) {
|
|
121
|
+
const errorMessage = encodeURIComponent(tokenError instanceof Error ? tokenError.message : 'Unknown error');
|
|
122
|
+
res.writeHead(302, { 'Location': `${WEB_APP_URL}/codex/oauth/error?message=${errorMessage}` });
|
|
123
|
+
res.end();
|
|
124
|
+
server.close();
|
|
125
|
+
reject(tokenError);
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
else {
|
|
129
|
+
res.writeHead(404);
|
|
130
|
+
res.end('Not Found');
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
catch (serverError) {
|
|
134
|
+
res.writeHead(500);
|
|
135
|
+
res.end('Internal Server Error');
|
|
136
|
+
server.close();
|
|
137
|
+
reject(serverError);
|
|
138
|
+
}
|
|
139
|
+
});
|
|
140
|
+
// Handle server errors
|
|
141
|
+
server.on('error', (err) => {
|
|
142
|
+
if (err.code === 'EADDRINUSE') {
|
|
143
|
+
reject(new Error(`Port ${CALLBACK_PORT} is already in use. Please close any other OAuth flows and try again.`));
|
|
144
|
+
}
|
|
145
|
+
else {
|
|
146
|
+
reject(err);
|
|
147
|
+
}
|
|
148
|
+
});
|
|
149
|
+
// Start server
|
|
150
|
+
server.listen(CALLBACK_PORT, '127.0.0.1');
|
|
151
|
+
});
|
|
152
|
+
}
|
|
153
|
+
/**
|
|
154
|
+
* Run the complete OAuth flow
|
|
155
|
+
* Opens browser, starts local server, waits for callback, exchanges code for tokens
|
|
156
|
+
*/
|
|
157
|
+
async function runCodexOAuthFlow() {
|
|
158
|
+
// Generate PKCE codes and state
|
|
159
|
+
const pkce = (0, pkce_1.generatePkceCodes)();
|
|
160
|
+
const state = (0, pkce_1.generateState)();
|
|
161
|
+
// Build authorization URL
|
|
162
|
+
const authUrl = buildAuthorizationUrl(pkce.codeChallenge, state);
|
|
163
|
+
// Start callback server (non-blocking)
|
|
164
|
+
const tokensPromise = startCallbackServer(state, pkce.codeVerifier);
|
|
165
|
+
// Wait a moment for server to start
|
|
166
|
+
await new Promise(resolve => setTimeout(resolve, 500));
|
|
167
|
+
console.log('If the browser does not open automatically, visit:');
|
|
168
|
+
console.log(authUrl);
|
|
169
|
+
console.log();
|
|
170
|
+
// Open browser
|
|
171
|
+
try {
|
|
172
|
+
await (0, open_1.default)(authUrl);
|
|
173
|
+
}
|
|
174
|
+
catch (openError) {
|
|
175
|
+
console.warn('Failed to open browser automatically. Please open the URL manually.');
|
|
176
|
+
}
|
|
177
|
+
console.log('Waiting for authentication...');
|
|
178
|
+
// Wait for callback and token exchange
|
|
179
|
+
const tokens = await tokensPromise;
|
|
180
|
+
console.log('✓ Successfully obtained Codex credentials');
|
|
181
|
+
return tokens;
|
|
182
|
+
}
|
|
183
|
+
//# sourceMappingURL=codex-oauth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"codex-oauth.js","sourceRoot":"","sources":["../../src/lib/codex-oauth.ts"],"names":[],"mappings":";;;;;AA6LA,8CAiCC;AA9ND,gDAAwB;AACxB,6BAA0B;AAC1B,gDAAwB;AACxB,iCAA0D;AAE1D,MAAM,qBAAqB,GAAG,8BAA8B,CAAC;AAC7D,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AACzE,MAAM,cAAc,GAAG,qCAAqC,CAAC;AAC7D,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,aAAa,GAAG,gBAAgB,CAAC;AACvC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,sBAAsB,CAAC;AAc3E;;GAEG;AACH,SAAS,qBAAqB,CAC5B,aAAqB,EACrB,KAAa;IAEb,MAAM,WAAW,GAAG,oBAAoB,aAAa,GAAG,aAAa,EAAE,CAAC;IAExE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,aAAa,EAAE,MAAM;QACrB,SAAS,EAAE,qBAAqB;QAChC,YAAY,EAAE,WAAW;QACzB,KAAK,EAAE,qCAAqC;QAC5C,cAAc,EAAE,aAAa;QAC7B,qBAAqB,EAAE,MAAM;QAC7B,0BAA0B,EAAE,MAAM;QAClC,yBAAyB,EAAE,MAAM;QACjC,KAAK,EAAE,KAAK;QACZ,UAAU,EAAE,cAAc;KAC3B,CAAC,CAAC;IAEH,OAAO,GAAG,sBAAsB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,IAAY,EACZ,YAAoB;IAEpB,MAAM,WAAW,GAAG,oBAAoB,aAAa,GAAG,aAAa,EAAE,CAAC;IAExE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,IAAI;QACV,YAAY,EAAE,WAAW;QACzB,SAAS,EAAE,qBAAqB;QAChC,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,EAAE;QAC3C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,IAAI,GAAkB,MAAM,QAAQ,CAAC,IAAI,EAAmB,CAAC;IAEnE,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,YAAoB;IAEpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAClD,IAAI,CAAC;gBACH,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;oBACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;oBACvB,OAAO;gBACT,CAAC;gBAED,MAAM,GAAG,GAAG,IAAI,SAAG,CAAC,GAAG,CAAC,GAAG,EAAE,oBAAoB,aAAa,EAAE,CAAC,CAAC;gBAElE,kBAAkB;gBAClB,IAAI,GAAG,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;oBAEnE,uCAAuC;oBACvC,IAAI,KAAK,EAAE,CAAC;wBACV,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,KAAK,KAAK,gBAAgB,IAAI,eAAe,EAAE,CAAC,CAAC;wBAC5F,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,WAAW,8BAA8B,YAAY,EAAE,EAAE,CAAC,CAAC;wBAC/F,GAAG,CAAC,GAAG,EAAE,CAAC;wBACV,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,MAAM,gBAAgB,EAAE,CAAC,CAAC,CAAC;wBACjE,OAAO;oBACT,CAAC;oBAED,mCAAmC;oBACnC,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;wBAC5B,MAAM,YAAY,GAAG,kBAAkB,CAAC,iDAAiD,CAAC,CAAC;wBAC3F,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,WAAW,8BAA8B,YAAY,EAAE,EAAE,CAAC,CAAC;wBAC/F,GAAG,CAAC,GAAG,EAAE,CAAC;wBACV,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;wBAC3D,OAAO;oBACT,CAAC;oBAED,gBAAgB;oBAChB,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,MAAM,YAAY,GAAG,kBAAkB,CAAC,iCAAiC,CAAC,CAAC;wBAC3E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,WAAW,8BAA8B,YAAY,EAAE,EAAE,CAAC,CAAC;wBAC/F,GAAG,CAAC,GAAG,EAAE,CAAC;wBACV,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;wBACpD,OAAO;oBACT,CAAC;oBAED,2BAA2B;oBAC3B,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;wBAE/D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,WAAW,sBAAsB,EAAE,CAAC,CAAC;wBACzE,GAAG,CAAC,GAAG,EAAE,CAAC;wBAEV,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,MAAM,CAAC,CAAC;oBAClB,CAAC;oBAAC,OAAO,UAAU,EAAE,CAAC;wBACpB,MAAM,YAAY,GAAG,kBAAkB,CAAC,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;wBAC5G,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,WAAW,8BAA8B,YAAY,EAAE,EAAE,CAAC,CAAC;wBAC/F,GAAG,CAAC,GAAG,EAAE,CAAC;wBACV,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,UAAU,CAAC,CAAC;oBACrB,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YAAC,OAAO,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACjC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,WAAW,CAAC,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,IAAK,GAA6B,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACzD,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,aAAa,uEAAuE,CAAC,CAAC,CAAC;YAClH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,eAAe;QACf,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,iBAAiB;IACrC,gCAAgC;IAChC,MAAM,IAAI,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACjC,MAAM,KAAK,GAAG,IAAA,oBAAa,GAAE,CAAC;IAE9B,0BAA0B;IAC1B,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IAEjE,uCAAuC;IACvC,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAEpE,oCAAoC;IACpC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;IAEvD,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACrB,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,eAAe;IACf,IAAI,CAAC;QACH,MAAM,IAAA,cAAI,EAAC,OAAO,CAAC,CAAC;IACtB,CAAC;IAAC,OAAO,SAAS,EAAE,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IAE7C,uCAAuC;IACvC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;IAEnC,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAEzD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
export interface PkceCodes {
|
|
2
|
+
codeVerifier: string;
|
|
3
|
+
codeChallenge: string;
|
|
4
|
+
}
|
|
5
|
+
/**
|
|
6
|
+
* Generate PKCE (Proof Key for Code Exchange) codes for OAuth flow
|
|
7
|
+
* Implements RFC 7636 for enhanced security
|
|
8
|
+
*/
|
|
9
|
+
export declare function generatePkceCodes(): PkceCodes;
|
|
10
|
+
/**
|
|
11
|
+
* Generate random state for OAuth flow
|
|
12
|
+
*/
|
|
13
|
+
export declare function generateState(): string;
|
|
14
|
+
//# sourceMappingURL=pkce.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/lib/pkce.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,SAAS;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,SAAS,CAsB7C;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC"}
|
package/dist/lib/pkce.js
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.generatePkceCodes = generatePkceCodes;
|
|
4
|
+
exports.generateState = generateState;
|
|
5
|
+
const crypto_1 = require("crypto");
|
|
6
|
+
/**
|
|
7
|
+
* Generate PKCE (Proof Key for Code Exchange) codes for OAuth flow
|
|
8
|
+
* Implements RFC 7636 for enhanced security
|
|
9
|
+
*/
|
|
10
|
+
function generatePkceCodes() {
|
|
11
|
+
// Generate 32 random bytes for code verifier
|
|
12
|
+
const verifierBytes = (0, crypto_1.randomBytes)(32);
|
|
13
|
+
const codeVerifier = verifierBytes
|
|
14
|
+
.toString('base64')
|
|
15
|
+
.replace(/\+/g, '-')
|
|
16
|
+
.replace(/\//g, '_')
|
|
17
|
+
.replace(/=+$/, '');
|
|
18
|
+
// Create SHA256 hash for code challenge
|
|
19
|
+
const hash = (0, crypto_1.createHash)('sha256');
|
|
20
|
+
hash.update(codeVerifier);
|
|
21
|
+
const codeChallenge = hash
|
|
22
|
+
.digest('base64')
|
|
23
|
+
.replace(/\+/g, '-')
|
|
24
|
+
.replace(/\//g, '_')
|
|
25
|
+
.replace(/=+$/, '');
|
|
26
|
+
return {
|
|
27
|
+
codeVerifier,
|
|
28
|
+
codeChallenge,
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Generate random state for OAuth flow
|
|
33
|
+
*/
|
|
34
|
+
function generateState() {
|
|
35
|
+
return (0, crypto_1.randomBytes)(16).toString('hex');
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=pkce.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../src/lib/pkce.ts"],"names":[],"mappings":";;AAWA,8CAsBC;AAKD,sCAEC;AAxCD,mCAAiD;AAOjD;;;GAGG;AACH,SAAgB,iBAAiB;IAC/B,6CAA6C;IAC7C,MAAM,aAAa,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IACtC,MAAM,YAAY,GAAG,aAAa;SAC/B,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,wCAAwC;IACxC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1B,MAAM,aAAa,GAAG,IAAI;SACvB,MAAM,CAAC,QAAQ,CAAC;SAChB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,OAAO;QACL,YAAY;QACZ,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa;IAC3B,OAAO,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC"}
|