/** * @dotdo/oauth - Storage interface for OAuth 2.1 server * * This defines the abstract storage interface that must be implemented * by concrete storage backends (e.g., DO SQLite, KV, D1, etc.) */ import type { OAuthUser, OAuthOrganization, OAuthClient, OAuthAuthorizationCode, OAuthAccessToken, OAuthRefreshToken, OAuthGrant } from './types.js'; /** * Storage interface for OAuth 2.1 server * * Implementations of this interface provide persistence for: * - Users and organizations * - OAuth clients (registered applications) * - Authorization codes, tokens, and grants * * @example Implementing with DO SQLite * ```typescript * import type { OAuthStorage } from '@dotdo/oauth' * import { DigitalObject } from '@dotdo/do' * * export class DOAuthStorage implements OAuthStorage { * constructor(private do: DigitalObject) {} * * async getUser(id: string) { * return this.do.state.get(`user:${id}`) * } * // ... implement other methods * } * ``` */ export interface OAuthStorage { /** * Get a user by ID */ getUser(id: string): Promise; /** * Get a user by email */ getUserByEmail(email: string): Promise; /** * Get a user by upstream provider identity */ getUserByProvider(provider: string, providerId: string): Promise; /** * Save a user (create or update) */ saveUser(user: OAuthUser): Promise; /** * Delete a user */ deleteUser(id: string): Promise; /** * List users (with optional pagination) */ listUsers(options?: ListOptions): Promise; /** * Get an organization by ID */ getOrganization(id: string): Promise; /** * Get an organization by slug */ getOrganizationBySlug(slug: string): Promise; /** * Get an organization by verified domain */ getOrganizationByDomain(domain: string): Promise; /** * Save an organization (create or update) */ saveOrganization(org: OAuthOrganization): Promise; /** * Delete an organization */ deleteOrganization(id: string): Promise; /** * List organizations (with optional pagination) */ listOrganizations(options?: ListOptions): Promise; /** * Get a client by client ID */ getClient(clientId: string): Promise; /** * Save a client (create or update) */ saveClient(client: OAuthClient): Promise; /** * Delete a client */ deleteClient(clientId: string): Promise; /** * List clients (with optional pagination) */ listClients(options?: ListOptions): Promise; /** * Save an authorization code */ saveAuthorizationCode(code: OAuthAuthorizationCode): Promise; /** * Get and consume an authorization code (one-time use) * Returns null if code doesn't exist or has already been used */ consumeAuthorizationCode(code: string): Promise; /** * Save an access token */ saveAccessToken(token: OAuthAccessToken): Promise; /** * Get an access token */ getAccessToken(token: string): Promise; /** * Revoke an access token */ revokeAccessToken(token: string): Promise; /** * Save a refresh token */ saveRefreshToken(token: OAuthRefreshToken): Promise; /** * Get a refresh token */ getRefreshToken(token: string): Promise; /** * Revoke a refresh token */ revokeRefreshToken(token: string): Promise; /** * Revoke all tokens for a user */ revokeAllUserTokens(userId: string): Promise; /** * Revoke all tokens for a client */ revokeAllClientTokens(clientId: string): Promise; /** * Get a grant by user and client */ getGrant(userId: string, clientId: string): Promise; /** * Save a grant (create or update) */ saveGrant(grant: OAuthGrant): Promise; /** * Revoke a grant */ revokeGrant(userId: string, clientId: string): Promise; /** * List grants for a user */ listUserGrants(userId: string): Promise; } /** * Options for list operations */ export interface ListOptions { /** Maximum number of results to return */ limit?: number; /** Cursor for pagination */ cursor?: string; /** Filter by organization */ organizationId?: string; } /** * In-memory storage implementation for testing */ export declare class MemoryOAuthStorage implements OAuthStorage { private users; private usersByEmail; private usersByProvider; private organizations; private organizationsBySlug; private organizationsByDomain; private clients; private authCodes; private accessTokens; private refreshTokens; private grants; getUser(id: string): Promise; getUserByEmail(email: string): Promise; getUserByProvider(provider: string, providerId: string): Promise; saveUser(user: OAuthUser): Promise; deleteUser(id: string): Promise; listUsers(options?: ListOptions): Promise; getOrganization(id: string): Promise; getOrganizationBySlug(slug: string): Promise; getOrganizationByDomain(domain: string): Promise; saveOrganization(org: OAuthOrganization): Promise; deleteOrganization(id: string): Promise; listOrganizations(options?: ListOptions): Promise; getClient(clientId: string): Promise; saveClient(client: OAuthClient): Promise; deleteClient(clientId: string): Promise; listClients(options?: ListOptions): Promise; saveAuthorizationCode(code: OAuthAuthorizationCode): Promise; consumeAuthorizationCode(code: string): Promise; saveAccessToken(token: OAuthAccessToken): Promise; getAccessToken(token: string): Promise; revokeAccessToken(token: string): Promise; saveRefreshToken(token: OAuthRefreshToken): Promise; getRefreshToken(token: string): Promise; revokeRefreshToken(token: string): Promise; revokeAllUserTokens(userId: string): Promise; revokeAllClientTokens(clientId: string): Promise; private grantKey; getGrant(userId: string, clientId: string): Promise; saveGrant(grant: OAuthGrant): Promise; revokeGrant(userId: string, clientId: string): Promise; listUserGrants(userId: string): Promise; /** * Clear all data (for testing) */ clear(): void; } //# sourceMappingURL=storage.d.ts.map