{"version":3,"sources":["../../../src/oauth2/provider/common.ts"],"sourcesContent":["import { createRemoteJWKSet, jwtVerify } from 'jose';\nimport { OAuth2Error } from '../error';\nimport type { ExchangeCodeParams, PkceParameters, RefreshTokenParams } from '../types';\n\nexport function createAuthorizationUri(options: {\n  state: string;\n  scope: string[];\n  clientId: string;\n  redirectUri: string;\n  authorizationUri: string;\n  pkce?: Omit<PkceParameters, 'code_verifier'>;\n}) {\n  const url = new URL(options.authorizationUri);\n  url.searchParams.append('response_type', 'code');\n  url.searchParams.append('client_id', options.clientId);\n  url.searchParams.append('state', options.state);\n  url.searchParams.append('scope', options.scope.join(' '));\n  url.searchParams.append('redirect_uri', options.redirectUri);\n  if (options.pkce) {\n    url.searchParams.append('code_challenge_method', options.pkce.code_challenge_method);\n    url.searchParams.append('code_challenge', options.pkce.code_challenge);\n  }\n  return url;\n}\n\nexport async function exchangeAuthorizationCode(\n  params: ExchangeCodeParams & {\n    tokenUri: string;\n    authentication?: 'basic' | 'post';\n  }\n) {\n  const body = new URLSearchParams();\n  body.append('code', params.code);\n  body.append('redirect_uri', params.redirectUri);\n  body.append('grant_type', 'authorization_code');\n  if (params.pkce) body.append('code_verifier', params.pkce.code_verifier);\n\n  const headers: Record<string, string> = {\n    Accept: 'application/json',\n    'Content-Type': 'application/x-www-form-urlencoded',\n  };\n  if (params.authentication === 'basic') {\n    const token = Buffer.from(`${params.clientId}:${params.clientSecret}`).toString('base64');\n    headers.Authorization = `Basic ${token}`;\n  } else {\n    body.append('client_id', params.clientId);\n    body.append('client_secret', params.clientSecret);\n  }\n\n  return fetch(params.tokenUri, { method: 'POST', headers, body });\n}\n\nexport async function refreshAccessToken(\n  params: RefreshTokenParams & {\n    tokenUri: string;\n    authentication?: 'basic' | 'post';\n  }\n) {\n  const body = new URLSearchParams();\n  body.append('grant_type', 'refresh_token');\n  body.append('refresh_token', params.refreshToken);\n\n  const headers: Record<string, string> = {\n    Accept: 'application/json',\n    'Content-Type': 'application/x-www-form-urlencoded',\n  };\n\n  if (params.authentication === 'basic') {\n    const token = Buffer.from(`${params.clientId}:${params.clientSecret}`).toString('base64');\n    headers.Authorization = `Basic ${token}`;\n  } else {\n    body.append('client_id', params.clientId);\n    body.append('client_secret', params.clientSecret);\n  }\n\n  return fetch(params.tokenUri, { method: 'POST', headers, body });\n}\n\ninterface RevokeTokenParams {\n  token: string;\n  clientId: string;\n  clientSecret: string;\n  tokenRevokeUri: string;\n  authentication?: 'basic' | 'post';\n}\n\nexport async function revokeToken(params: RevokeTokenParams) {\n  const body = new URLSearchParams();\n  body.append('token', params.token);\n  const headers: Record<string, string> = {\n    Accept: 'application/json',\n    'Content-Type': 'application/x-www-form-urlencoded',\n  };\n\n  if (params.authentication === 'basic') {\n    const token = Buffer.from(`${params.clientId}:${params.clientSecret}`).toString('base64');\n    headers.Authorization = `Basic ${token}`;\n  } else {\n    body.append('client_id', params.clientId);\n    body.append('client_secret', params.clientSecret);\n  }\n\n  const response = await fetch(params.tokenRevokeUri, { method: 'POST', headers, body });\n  if (!response.ok) {\n    const error = await response.json();\n    console.error('Refresh token error:', error);\n    throw new OAuth2Error(response.status, 'invalid_request', 'Failed to revoke token');\n  }\n}\n\nexport async function verifyIdToken<T>(idToken: string, jwkSetUri: string) {\n  try {\n    const jwks = createRemoteJWKSet(new URL(jwkSetUri));\n    const { payload } = await jwtVerify(idToken, jwks);\n    return payload as T;\n  } catch {\n    console.error('Failed to verify id_token');\n    throw new OAuth2Error(400, 'invalid_request', 'Failed to verify id_token');\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA8C;AAC9C,mBAA4B;AAGrB,SAAS,uBAAuB,SAOpC;AACD,QAAM,MAAM,IAAI,IAAI,QAAQ,gBAAgB;AAC5C,MAAI,aAAa,OAAO,iBAAiB,MAAM;AAC/C,MAAI,aAAa,OAAO,aAAa,QAAQ,QAAQ;AACrD,MAAI,aAAa,OAAO,SAAS,QAAQ,KAAK;AAC9C,MAAI,aAAa,OAAO,SAAS,QAAQ,MAAM,KAAK,GAAG,CAAC;AACxD,MAAI,aAAa,OAAO,gBAAgB,QAAQ,WAAW;AAC3D,MAAI,QAAQ,MAAM;AAChB,QAAI,aAAa,OAAO,yBAAyB,QAAQ,KAAK,qBAAqB;AACnF,QAAI,aAAa,OAAO,kBAAkB,QAAQ,KAAK,cAAc;AAAA,EACvE;AACA,SAAO;AACT;AAEA,eAAsB,0BACpB,QAIA;AACA,QAAM,OAAO,IAAI,gBAAgB;AACjC,OAAK,OAAO,QAAQ,OAAO,IAAI;AAC/B,OAAK,OAAO,gBAAgB,OAAO,WAAW;AAC9C,OAAK,OAAO,cAAc,oBAAoB;AAC9C,MAAI,OAAO,KAAM,MAAK,OAAO,iBAAiB,OAAO,KAAK,aAAa;AAEvE,QAAM,UAAkC;AAAA,IACtC,QAAQ;AAAA,IACR,gBAAgB;AAAA,EAClB;AACA,MAAI,OAAO,mBAAmB,SAAS;AACrC,UAAM,QAAQ,OAAO,KAAK,GAAG,OAAO,QAAQ,IAAI,OAAO,YAAY,EAAE,EAAE,SAAS,QAAQ;AACxF,YAAQ,gBAAgB,SAAS,KAAK;AAAA,EACxC,OAAO;AACL,SAAK,OAAO,aAAa,OAAO,QAAQ;AACxC,SAAK,OAAO,iBAAiB,OAAO,YAAY;AAAA,EAClD;AAEA,SAAO,MAAM,OAAO,UAAU,EAAE,QAAQ,QAAQ,SAAS,KAAK,CAAC;AACjE;AAEA,eAAsB,mBACpB,QAIA;AACA,QAAM,OAAO,IAAI,gBAAgB;AACjC,OAAK,OAAO,cAAc,eAAe;AACzC,OAAK,OAAO,iBAAiB,OAAO,YAAY;AAEhD,QAAM,UAAkC;AAAA,IACtC,QAAQ;AAAA,IACR,gBAAgB;AAAA,EAClB;AAEA,MAAI,OAAO,mBAAmB,SAAS;AACrC,UAAM,QAAQ,OAAO,KAAK,GAAG,OAAO,QAAQ,IAAI,OAAO,YAAY,EAAE,EAAE,SAAS,QAAQ;AACxF,YAAQ,gBAAgB,SAAS,KAAK;AAAA,EACxC,OAAO;AACL,SAAK,OAAO,aAAa,OAAO,QAAQ;AACxC,SAAK,OAAO,iBAAiB,OAAO,YAAY;AAAA,EAClD;AAEA,SAAO,MAAM,OAAO,UAAU,EAAE,QAAQ,QAAQ,SAAS,KAAK,CAAC;AACjE;AAUA,eAAsB,YAAY,QAA2B;AAC3D,QAAM,OAAO,IAAI,gBAAgB;AACjC,OAAK,OAAO,SAAS,OAAO,KAAK;AACjC,QAAM,UAAkC;AAAA,IACtC,QAAQ;AAAA,IACR,gBAAgB;AAAA,EAClB;AAEA,MAAI,OAAO,mBAAmB,SAAS;AACrC,UAAM,QAAQ,OAAO,KAAK,GAAG,OAAO,QAAQ,IAAI,OAAO,YAAY,EAAE,EAAE,SAAS,QAAQ;AACxF,YAAQ,gBAAgB,SAAS,KAAK;AAAA,EACxC,OAAO;AACL,SAAK,OAAO,aAAa,OAAO,QAAQ;AACxC,SAAK,OAAO,iBAAiB,OAAO,YAAY;AAAA,EAClD;AAEA,QAAM,WAAW,MAAM,MAAM,OAAO,gBAAgB,EAAE,QAAQ,QAAQ,SAAS,KAAK,CAAC;AACrF,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,QAAQ,MAAM,SAAS,KAAK;AAClC,YAAQ,MAAM,wBAAwB,KAAK;AAC3C,UAAM,IAAI,yBAAY,SAAS,QAAQ,mBAAmB,wBAAwB;AAAA,EACpF;AACF;AAEA,eAAsB,cAAiB,SAAiB,WAAmB;AACzE,MAAI;AACF,UAAM,WAAO,gCAAmB,IAAI,IAAI,SAAS,CAAC;AAClD,UAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,SAAS,IAAI;AACjD,WAAO;AAAA,EACT,QAAQ;AACN,YAAQ,MAAM,2BAA2B;AACzC,UAAM,IAAI,yBAAY,KAAK,mBAAmB,2BAA2B;AAAA,EAC3E;AACF;","names":[]}