@atproto/oauth-client - npm Package Compare versions

Comparing version 0.2.1 to 0.2.2

CHANGELOG.md

		# @atproto/oauth-client

		## 0.2.2

		### Patch Changes

		- [#2755](https://github.com/bluesky-social/atproto/pull/2755) [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Improve client side validation of client metadata

		- [#2755](https://github.com/bluesky-social/atproto/pull/2755) [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Use scope from client metadata as default value

		- Updated dependencies [[`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`a07b21151`](https://github.com/bluesky-social/atproto/commit/a07b21151f1850340c4b7797ebb11521b1a6cdf3), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`a07b21151`](https://github.com/bluesky-social/atproto/commit/a07b21151f1850340c4b7797ebb11521b1a6cdf3), [`ed325d863`](https://github.com/bluesky-social/atproto/commit/ed325d863ce8ea5986c5a45c3188aaa35288b7a8), [`a07b21151`](https://github.com/bluesky-social/atproto/commit/a07b21151f1850340c4b7797ebb11521b1a6cdf3), [`a07b21151`](https://github.com/bluesky-social/atproto/commit/a07b21151f1850340c4b7797ebb11521b1a6cdf3)]:
		- @atproto/oauth-types@0.1.5
		- @atproto/xrpc@0.6.3
		- @atproto-labs/fetch@0.1.1
		- @atproto-labs/did-resolver@0.1.4
		- @atproto-labs/identity-resolver@0.1.4

		## 0.2.1
		@@ -4,0 +19,0 @@

dist/oauth-client.js

		@@ -172,8 +172,6 @@ "use strict";
		response_mode: this.responseMode,
		response_type:
		// Negotiate by using the order in the client metadata
		this.clientMetadata.response_types?.find((t) => metadata['response_types_supported']?.includes(t)) ?? 'code',
		response_type: 'code',
		display: options?.display,
		prompt: options?.prompt,
		scope: options?.scope \|\| undefined,
		scope: options?.scope ?? this.clientMetadata.scope,
		ui_locales: options?.ui_locales,
		@@ -180,0 +178,0 @@ };

dist/oauth-resolver.d.ts

		@@ -48,3 +48,3 @@ import { IdentityResolver, ResolvedIdentity, ResolveIdentityOptions } from '@atproto-labs/identity-resolver';
		grant_types_supported?: string[] \| undefined;
		code_challenge_methods_supported?: string[] \| undefined;
		code_challenge_methods_supported?: ("S256" \| "plain")[] \| undefined;
		ui_locales_supported?: string[] \| undefined;
		@@ -51,0 +51,0 @@ id_token_signing_alg_values_supported?: string[] \| undefined;

dist/oauth-server-agent.d.ts

		import { Fetch, Json } from '@atproto-labs/fetch';
		import { SimpleStore } from '@atproto-labs/simple-store';
		import { Key, Keyset } from '@atproto/jwk';
		import { OAuthAuthorizationServerMetadata, OAuthClientIdentification, OAuthEndpointName, OAuthParResponse, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
		import { OAuthAuthorizationServerMetadata, OAuthClientCredentials, OAuthEndpointName, OAuthParResponse, OAuthTokenResponse, OAuthTokenType } from '@atproto/oauth-types';
		import { OAuthResolver } from './oauth-resolver.js';
		@@ -47,5 +47,5 @@ import { Runtime } from './runtime.js';
		headers?: Record<string, string>;
		payload: OAuthClientIdentification;
		payload: OAuthClientCredentials;
		}>;
		}
		//# sourceMappingURL=oauth-server-agent.d.ts.map

dist/validate-client-metadata.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.validateClientMetadata = void 0;
		const oauth_types_1 = require("@atproto/oauth-types");
		const types_js_1 = require("./types.js");
		@@ -26,9 +27,19 @@ const TOKEN_ENDPOINT_AUTH_METHOD = `token_endpoint_auth_method`;
		const metadata = types_js_1.clientMetadataSchema.parse(input);
		// ATPROTO uses client metadata discovery
		try {
		new URL(metadata.client_id);
		// Validate client ID
		if (metadata.client_id.startsWith('http:')) {
		(0, oauth_types_1.assertOAuthLoopbackClientId)(metadata.client_id);
		}
		catch (cause) {
		throw new TypeError(`client_id must be a valid URL`, { cause });
		else {
		(0, oauth_types_1.assertOAuthDiscoverableClientId)(metadata.client_id);
		}
		const scopes = metadata.scope?.split(' ');
		if (!scopes?.includes('atproto')) {
		throw new TypeError(`Client metadata must include the "atproto" scope`);
		}
		if (!metadata.response_types.includes('code')) {
		throw new TypeError(`"response_types" must include "code"`);
		}
		if (!metadata.grant_types.includes('authorization_code')) {
		throw new TypeError(`"grant_types" must include "authorization_code"`);
		}
		const method = metadata[TOKEN_ENDPOINT_AUTH_METHOD];
		@@ -35,0 +46,0 @@ switch (method) {

package.json

		{
		"name": "@atproto/oauth-client",
		"version": "0.2.1",
		"version": "0.2.2",
		"license": "MIT",
		@@ -30,6 +30,6 @@ "description": "OAuth client for ATPROTO PDS. This package serves as common base for environment-specific implementations (NodeJS, Browser, React-Native).",
		"zod": "^3.23.8",
		"@atproto-labs/did-resolver": "0.1.3",
		"@atproto-labs/fetch": "0.1.0",
		"@atproto-labs/did-resolver": "0.1.4",
		"@atproto-labs/fetch": "0.1.1",
		"@atproto-labs/handle-resolver": "0.1.3",
		"@atproto-labs/identity-resolver": "0.1.3",
		"@atproto-labs/identity-resolver": "0.1.4",
		"@atproto-labs/simple-store": "0.1.1",
		@@ -39,4 +39,4 @@ "@atproto-labs/simple-store-memory": "0.1.1",
		"@atproto/jwk": "0.1.1",
		"@atproto/oauth-types": "0.1.4",
		"@atproto/xrpc": "0.6.2"
		"@atproto/oauth-types": "0.1.5",
		"@atproto/xrpc": "0.6.3"
		},
		@@ -43,0 +43,0 @@ "devDependencies": {

src/oauth-client.ts

		@@ -288,11 +288,7 @@ import {
		response_mode: this.responseMode,
		response_type:
		// Negotiate by using the order in the client metadata
		this.clientMetadata.response_types?.find((t) =>
		metadata['response_types_supported']?.includes(t),
		) ?? 'code',
		response_type: 'code',

		display: options?.display,
		prompt: options?.prompt,
		scope: options?.scope \|\| undefined,
		scope: options?.scope ?? this.clientMetadata.scope,
		ui_locales: options?.ui_locales,
		@@ -299,0 +295,0 @@ }

src/oauth-server-agent.ts

		@@ -7,3 +7,3 @@ import { Fetch, Json, bindFetch, fetchJsonProcessor } from '@atproto-labs/fetch'
		OAuthAuthorizationServerMetadata,
		OAuthClientIdentification,
		OAuthClientCredentials,
		OAuthEndpointName,
		@@ -215,3 +215,3 @@ OAuthParResponse,
		headers?: Record<string, string>
		payload: OAuthClientIdentification
		payload: OAuthClientCredentials
		}> {
		@@ -218,0 +218,0 @@ const methodSupported =

src/validate-client-metadata.ts

		import { Keyset } from '@atproto/jwk'
		import { OAuthClientMetadataInput } from '@atproto/oauth-types'
		import {
		OAuthClientMetadataInput,
		assertOAuthDiscoverableClientId,
		assertOAuthLoopbackClientId,
		} from '@atproto/oauth-types'

		@@ -33,9 +37,22 @@ import { ClientMetadata, clientMetadataSchema } from './types.js'

		// ATPROTO uses client metadata discovery
		try {
		new URL(metadata.client_id)
		} catch (cause) {
		throw new TypeError(`client_id must be a valid URL`, { cause })
		// Validate client ID
		if (metadata.client_id.startsWith('http:')) {
		assertOAuthLoopbackClientId(metadata.client_id)
		} else {
		assertOAuthDiscoverableClientId(metadata.client_id)
		}

		const scopes = metadata.scope?.split(' ')
		if (!scopes?.includes('atproto')) {
		throw new TypeError(`Client metadata must include the "atproto" scope`)
		}

		if (!metadata.response_types.includes('code')) {
		throw new TypeError(`"response_types" must include "code"`)
		}

		if (!metadata.grant_types.includes('authorization_code')) {
		throw new TypeError(`"grant_types" must include "authorization_code"`)
		}

		const method = metadata[TOKEN_ENDPOINT_AUTH_METHOD]
		@@ -42,0 +59,0 @@ switch (method) {

dist/oauth-client.d.ts.map