{"version":3,"sources":["../../src/oauth2/client.ts"],"sourcesContent":["import { invariant } from '@shware/utils';\nimport { object, optional, string } from 'zod/v4-mini';\nimport type {\n  NativeCredential,\n  OAuth2ClientConfig,\n  OAuth2Token,\n  OidcToken,\n  PkceParameters,\n} from './types';\n\nexport const oauth2RedirectQuerySchema = object({\n  code: optional(string()),\n  state: optional(string()),\n  error: optional(string()),\n  error_description: optional(string()),\n  error_uri: optional(string()),\n});\n\nexport const googleOneTapSchema = object({\n  // login_uri\n  code: optional(string()),\n  state: optional(string()),\n  error: optional(string()),\n  error_description: optional(string()),\n  error_uri: optional(string()),\n  nonce: optional(string()),\n  g_csrf_token: optional(string()),\n  hd: optional(string()),\n  // callback\n  credential: optional(string()),\n});\n\nexport class OAuth2Client {\n  private config: OAuth2ClientConfig;\n  constructor(config: OAuth2ClientConfig) {\n    this.config = config;\n  }\n\n  get baseUri() {\n    return this.config.baseUri;\n  }\n\n  get successUri() {\n    return this.config.successUri;\n  }\n\n  get errorUri() {\n    return this.config.errorUri;\n  }\n\n  private async getClientConfig(registrationId: string) {\n    const registrations =\n      typeof this.config.registration === 'function'\n        ? await this.config.registration()\n        : this.config.registration;\n\n    const registration = registrations[registrationId];\n    invariant(registration, `Registration ${registrationId} not found`);\n\n    const provider = this.config.provider[registration.provider ?? registrationId];\n    invariant(provider, `Provider ${registration.provider ?? registrationId} not found`);\n    return { registration, provider };\n  }\n\n  async createAuthorizationUri({\n    registrationId,\n    state,\n    pkce,\n  }: {\n    registrationId: string;\n    state: string;\n    pkce?: PkceParameters;\n  }): Promise<URL> {\n    const { provider, registration } = await this.getClientConfig(registrationId);\n\n    const { baseUri } = this.config;\n    const { scope, clientId, redirectUri } = registration;\n    return provider.createAuthorizationUri({\n      pkce,\n      state,\n      scope,\n      clientId,\n      redirectUri: redirectUri ?? `${baseUri}/login/oauth2/code/${registrationId}`,\n    });\n  }\n\n  async exchangeAuthorizationCode({\n    registrationId,\n    code,\n    pkce,\n  }: {\n    registrationId: string;\n    code: string;\n    pkce?: PkceParameters;\n  }): Promise<OAuth2Token> {\n    const { provider, registration } = await this.getClientConfig(registrationId);\n\n    const { baseUri } = this.config;\n    const { clientId, clientSecret, redirectUri } = registration;\n    return provider.exchangeAuthorizationCode({\n      code,\n      pkce,\n      clientId,\n      clientSecret,\n      redirectUri: redirectUri ?? `${baseUri}/login/oauth2/code/${registrationId}`,\n    });\n  }\n\n  async getUserInfo({\n    registrationId,\n    token,\n  }: {\n    registrationId: string;\n    token: OAuth2Token | OidcToken;\n  }) {\n    const { provider } = await this.getClientConfig(registrationId);\n    return provider.getUserInfo(token);\n  }\n\n  async refreshAccessToken({\n    registrationId,\n    refreshToken,\n  }: {\n    registrationId: string;\n    refreshToken: string;\n  }): Promise<OAuth2Token> {\n    const { provider, registration } = await this.getClientConfig(registrationId);\n    const { clientId, clientSecret } = registration;\n\n    invariant(provider.refreshAccessToken, 'Provider does not support refreshAccessToken');\n    return provider.refreshAccessToken({ refreshToken, clientId, clientSecret });\n  }\n\n  async revokeToken(registrationId: string, token: string) {\n    const { provider, registration } = await this.getClientConfig(registrationId);\n    const { clientId, clientSecret } = registration;\n\n    invariant(provider.revokeToken, 'Provider does not support revokeToken');\n    await provider.revokeToken({ token, clientId, clientSecret });\n  }\n\n  async loginOAuth2Native({\n    registrationId,\n    credentials,\n    pkce,\n  }: {\n    registrationId: string;\n    credentials: NativeCredential;\n    pkce?: PkceParameters;\n  }) {\n    const { provider, registration } = await this.getClientConfig(registrationId);\n    invariant(provider.loginOAuth2Native, 'Provider does not support loginOAuth2Native');\n    const { baseUri } = this.config;\n    const { clientId, clientSecret, redirectUri } = registration;\n\n    return provider.loginOAuth2Native({\n      clientId,\n      clientSecret,\n      redirectUri: redirectUri ?? `${baseUri}/login/oauth2/code/${registrationId}`,\n      credentials,\n      pkce,\n    });\n  }\n}\n"],"mappings":";AAAA,SAAS,iBAAiB;AAC1B,SAAS,QAAQ,UAAU,cAAc;AASlC,IAAM,4BAA4B,OAAO;AAAA,EAC9C,MAAM,SAAS,OAAO,CAAC;AAAA,EACvB,OAAO,SAAS,OAAO,CAAC;AAAA,EACxB,OAAO,SAAS,OAAO,CAAC;AAAA,EACxB,mBAAmB,SAAS,OAAO,CAAC;AAAA,EACpC,WAAW,SAAS,OAAO,CAAC;AAC9B,CAAC;AAEM,IAAM,qBAAqB,OAAO;AAAA;AAAA,EAEvC,MAAM,SAAS,OAAO,CAAC;AAAA,EACvB,OAAO,SAAS,OAAO,CAAC;AAAA,EACxB,OAAO,SAAS,OAAO,CAAC;AAAA,EACxB,mBAAmB,SAAS,OAAO,CAAC;AAAA,EACpC,WAAW,SAAS,OAAO,CAAC;AAAA,EAC5B,OAAO,SAAS,OAAO,CAAC;AAAA,EACxB,cAAc,SAAS,OAAO,CAAC;AAAA,EAC/B,IAAI,SAAS,OAAO,CAAC;AAAA;AAAA,EAErB,YAAY,SAAS,OAAO,CAAC;AAC/B,CAAC;AAEM,IAAM,eAAN,MAAmB;AAAA,EAChB;AAAA,EACR,YAAY,QAA4B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA,EAEA,IAAI,UAAU;AACZ,WAAO,KAAK,OAAO;AAAA,EACrB;AAAA,EAEA,IAAI,aAAa;AACf,WAAO,KAAK,OAAO;AAAA,EACrB;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK,OAAO;AAAA,EACrB;AAAA,EAEA,MAAc,gBAAgB,gBAAwB;AACpD,UAAM,gBACJ,OAAO,KAAK,OAAO,iBAAiB,aAChC,MAAM,KAAK,OAAO,aAAa,IAC/B,KAAK,OAAO;AAElB,UAAM,eAAe,cAAc,cAAc;AACjD,cAAU,cAAc,gBAAgB,cAAc,YAAY;AAElE,UAAM,WAAW,KAAK,OAAO,SAAS,aAAa,YAAY,cAAc;AAC7E,cAAU,UAAU,YAAY,aAAa,YAAY,cAAc,YAAY;AACnF,WAAO,EAAE,cAAc,SAAS;AAAA,EAClC;AAAA,EAEA,MAAM,uBAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIiB;AACf,UAAM,EAAE,UAAU,aAAa,IAAI,MAAM,KAAK,gBAAgB,cAAc;AAE5E,UAAM,EAAE,QAAQ,IAAI,KAAK;AACzB,UAAM,EAAE,OAAO,UAAU,YAAY,IAAI;AACzC,WAAO,SAAS,uBAAuB;AAAA,MACrC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,eAAe,GAAG,OAAO,sBAAsB,cAAc;AAAA,IAC5E,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIyB;AACvB,UAAM,EAAE,UAAU,aAAa,IAAI,MAAM,KAAK,gBAAgB,cAAc;AAE5E,UAAM,EAAE,QAAQ,IAAI,KAAK;AACzB,UAAM,EAAE,UAAU,cAAc,YAAY,IAAI;AAChD,WAAO,SAAS,0BAA0B;AAAA,MACxC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,eAAe,GAAG,OAAO,sBAAsB,cAAc;AAAA,IAC5E,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,EACF,GAGG;AACD,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,gBAAgB,cAAc;AAC9D,WAAO,SAAS,YAAY,KAAK;AAAA,EACnC;AAAA,EAEA,MAAM,mBAAmB;AAAA,IACvB;AAAA,IACA;AAAA,EACF,GAGyB;AACvB,UAAM,EAAE,UAAU,aAAa,IAAI,MAAM,KAAK,gBAAgB,cAAc;AAC5E,UAAM,EAAE,UAAU,aAAa,IAAI;AAEnC,cAAU,SAAS,oBAAoB,8CAA8C;AACrF,WAAO,SAAS,mBAAmB,EAAE,cAAc,UAAU,aAAa,CAAC;AAAA,EAC7E;AAAA,EAEA,MAAM,YAAY,gBAAwB,OAAe;AACvD,UAAM,EAAE,UAAU,aAAa,IAAI,MAAM,KAAK,gBAAgB,cAAc;AAC5E,UAAM,EAAE,UAAU,aAAa,IAAI;AAEnC,cAAU,SAAS,aAAa,uCAAuC;AACvE,UAAM,SAAS,YAAY,EAAE,OAAO,UAAU,aAAa,CAAC;AAAA,EAC9D;AAAA,EAEA,MAAM,kBAAkB;AAAA,IACtB;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAIG;AACD,UAAM,EAAE,UAAU,aAAa,IAAI,MAAM,KAAK,gBAAgB,cAAc;AAC5E,cAAU,SAAS,mBAAmB,6CAA6C;AACnF,UAAM,EAAE,QAAQ,IAAI,KAAK;AACzB,UAAM,EAAE,UAAU,cAAc,YAAY,IAAI;AAEhD,WAAO,SAAS,kBAAkB;AAAA,MAChC;AAAA,MACA;AAAA,MACA,aAAa,eAAe,GAAG,OAAO,sBAAsB,cAAc;AAAA,MAC1E;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":[]}