Various OAuth related fixes (bluesky-social#2871)

* wip * tidy * tidy * tidy * Update packages/oauth/oauth-client/src/session-getter.ts Co-authored-by: devin ivy <[email protected]> * fix combineSignals * tidy * tidy * improve typing of atprotoScopeSchema * stronger typings * tidy * ci * Fix cors error * downgrade ioredis dependency * fix ioredis version * tidy --------- Co-authored-by: devin ivy <[email protected]>
rcg4u · Oct 18, 2024 · 9d40ccb · 9d40ccb
1 parent 7f26b17
commit 9d40ccb
Show file tree

Hide file tree

Showing 76 changed files with 587 additions and 351 deletions.
diff --git a/.changeset/flat-radios-lick.md b/.changeset/flat-radios-lick.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-types": patch
+---
+
+Add missing "wap" display request parameter value
diff --git a/.changeset/light-books-beg.md b/.changeset/light-books-beg.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-client": patch
+---
+
+Perform issuer validation _before_ refreshing tokens.
diff --git a/.changeset/moody-dots-fetch.md b/.changeset/moody-dots-fetch.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-types": patch
+---
+
+Remove invalid `client_id` property from oauthRefreshTokenGrantTokenRequestSchema
diff --git a/.changeset/nasty-olives-battle.md b/.changeset/nasty-olives-battle.md
@@ -0,0 +1,5 @@
+---
+"@atproto/pds": patch
+---
+
+Add Access-Control-Allow-Headers to .well-known/oauth-protected-resource response
diff --git a/.changeset/odd-suns-decide.md b/.changeset/odd-suns-decide.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-client": patch
+---
+
+Ensure token response is properly typed according to the atproto OAuth spec
diff --git a/.changeset/perfect-icons-hammer.md b/.changeset/perfect-icons-hammer.md
@@ -0,0 +1,7 @@
+---
+"@atproto/oauth-client-browser": minor
+"@atproto/oauth-client-node": minor
+"@atproto/oauth-client": minor
+---
+
+Use `"auto"` instead of `undefined` to descibe the refresh mechanism to use in various methods.
diff --git a/.changeset/shaggy-mugs-poke.md b/.changeset/shaggy-mugs-poke.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-provider": patch
+---
+
+Allow using different ioredis version
diff --git a/.changeset/shiny-news-leave.md b/.changeset/shiny-news-leave.md
@@ -0,0 +1,7 @@
+---
+"@atproto-labs/handle-resolver": patch
+"@atproto/oauth-provider": patch
+"@atproto/oauth-client": patch
+---
+
+Use fetch()'s "cache" option instead of headers to force caching behavior
diff --git a/.changeset/spicy-dingos-share.md b/.changeset/spicy-dingos-share.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-client": patch
+---
+
+Do not use cache when checking sub authority
diff --git a/.changeset/stupid-frogs-shake.md b/.changeset/stupid-frogs-shake.md
@@ -0,0 +1,5 @@
+---
+"@atproto/did": patch
+---
+
+Add atprotoDidSchema to validate Atproto supported DID's using zod
diff --git a/.changeset/twenty-paws-sell.md b/.changeset/twenty-paws-sell.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-types": minor
+---
+
+Remove invalid `issuer` property from OAuthTokenResponse
diff --git a/.changeset/wicked-moose-hammer.md b/.changeset/wicked-moose-hammer.md
@@ -0,0 +1,5 @@
+---
+"@atproto/oauth-client": patch
+---
+
+Allow all oauth request parameters to be used as authorize() options
diff --git a/package.json b/package.json
@@ -36,7 +36,7 @@
     "@swc/core": "^1.3.42",
     "@swc/jest": "^0.2.24",
     "@types/jest": "^28.1.4",
-    "@types/node": "^18.19.50",
+    "@types/node": "^18.19.56",
     "@typescript-eslint/eslint-plugin": "^7.4.0",
     "@typescript-eslint/parser": "^7.4.0",
     "dotenv": "^16.0.3",
@@ -48,7 +48,7 @@
     "pino-pretty": "^9.1.0",
     "prettier": "^3.2.5",
     "prettier-config-standard": "^7.0.0",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "workspaces": {
     "packages": [

diff --git a/packages/api/package.json b/packages/api/package.json
@@ -35,6 +35,6 @@
     "@atproto/lex-cli": "workspace:^",
     "jest": "^28.1.2",
     "prettier": "^3.2.5",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/aws/package.json b/packages/aws/package.json
@@ -32,6 +32,6 @@
     "uint8arrays": "3.0.0"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/bsky/package.json b/packages/bsky/package.json
@@ -79,6 +79,6 @@
     "axios": "^0.27.2",
     "jest": "^28.1.2",
     "ts-node": "^10.8.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/bsync/package.json b/packages/bsync/package.json
@@ -44,6 +44,6 @@
     "get-port": "^5.1.1",
     "jest": "^28.1.2",
     "ts-node": "^10.8.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/common-web/package.json b/packages/common-web/package.json
@@ -26,6 +26,6 @@
   },
   "devDependencies": {
     "jest": "^28.1.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/common/package.json b/packages/common/package.json
@@ -28,7 +28,7 @@
   },
   "devDependencies": {
     "jest": "^28.1.2",
-    "typescript": "^5.6.2",
+    "typescript": "^5.6.3",
     "uint8arrays": "3.0.0"
   }
 }
diff --git a/packages/crypto/package.json b/packages/crypto/package.json
@@ -27,6 +27,6 @@
   "devDependencies": {
     "@atproto/common": "workspace:^",
     "jest": "^28.1.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/dev-env/package.json b/packages/dev-env/package.json
@@ -44,6 +44,6 @@
   },
   "devDependencies": {
     "@types/express": "^4.17.13",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/did/package.json b/packages/did/package.json
@@ -28,7 +28,7 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/did/src/atproto.ts b/packages/did/src/atproto.ts
@@ -1,3 +1,5 @@
+import { z } from 'zod'
+
 import { InvalidDidError } from './did-error.js'
 import { Did } from './did.js'
 import {
@@ -13,6 +15,10 @@ import {
 export type AtprotoIdentityDidMethods = 'plc' | 'web'
 export type AtprotoDid = Did<AtprotoIdentityDidMethods>
 
+export const atprotoDidSchema = z
+  .string()
+  .refine(isAtprotoDid, `Atproto only allows "plc" and "web" DID methods`)
+
 export function isAtprotoDid(input: unknown): input is AtprotoDid {
   // Optimized equivalent of:
   // return isDidPlc(input) || isAtprotoDidWeb(input)

diff --git a/packages/identity/package.json b/packages/identity/package.json
@@ -33,6 +33,6 @@
     "express": "^4.18.2",
     "get-port": "^6.1.2",
     "jest": "^28.1.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/internal/did-resolver/package.json b/packages/internal/did-resolver/package.json
@@ -32,7 +32,7 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/internal/fetch-node/package.json b/packages/internal/fetch-node/package.json
@@ -32,7 +32,7 @@
   },
   "devDependencies": {
     "@types/psl": "1.1.3",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.json"

diff --git a/packages/internal/fetch/package.json b/packages/internal/fetch/package.json
@@ -26,7 +26,7 @@
     "@atproto-labs/pipe": "workspace:*"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "optionalDependencies": {
     "zod": "^3.23.8"

diff --git a/packages/internal/handle-resolver-node/package.json b/packages/internal/handle-resolver-node/package.json
@@ -31,7 +31,7 @@
     "@atproto/did": "workspace:*"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/internal/handle-resolver/package.json b/packages/internal/handle-resolver/package.json
@@ -34,7 +34,7 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/internal/handle-resolver/src/app-view-handle-resolver.ts b/packages/internal/handle-resolver/src/app-view-handle-resolver.ts
@@ -55,11 +55,8 @@ export class AppViewHandleResolver implements HandleResolver {
     )
     url.searchParams.set('handle', handle)
 
-    const headers = new Headers()
-    if (options?.noCache) headers.set('cache-control', 'no-cache')
-
     const response = await this.fetch.call(null, url, {
-      headers,
+      cache: options?.noCache ? 'no-cache' : undefined,
       signal: options?.signal,
       redirect: 'error',
     })

diff --git a/packages/internal/handle-resolver/src/internal-resolvers/well-known-handler-resolver.ts b/packages/internal/handle-resolver/src/internal-resolvers/well-known-handler-resolver.ts
@@ -30,12 +30,9 @@ export class WellKnownHandleResolver implements HandleResolver {
   ): Promise<ResolvedHandle> {
     const url = new URL('/.well-known/atproto-did', `https://${handle}`)
 
-    const headers = new Headers()
-    if (options?.noCache) headers.set('cache-control', 'no-cache')
-
     try {
       const response = await this.fetch.call(null, url, {
-        headers,
+        cache: options?.noCache ? 'no-cache' : undefined,
         signal: options?.signal,
         redirect: 'error',
       })

diff --git a/packages/internal/identity-resolver/package.json b/packages/internal/identity-resolver/package.json
@@ -30,7 +30,7 @@
     "@atproto/syntax": "workspace:*"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.json"

diff --git a/packages/internal/pipe/package.json b/packages/internal/pipe/package.json
@@ -24,7 +24,7 @@
   },
   "dependencies": {},
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.json"

diff --git a/packages/internal/rollup-plugin-bundle-manifest/package.json b/packages/internal/rollup-plugin-bundle-manifest/package.json
@@ -31,7 +31,7 @@
   },
   "devDependencies": {
     "rollup": "^4.10.0",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.json"

diff --git a/packages/internal/simple-store-memory/package.json b/packages/internal/simple-store-memory/package.json
@@ -28,7 +28,7 @@
     "lru-cache": "^10.2.0"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/internal/simple-store/package.json b/packages/internal/simple-store/package.json
@@ -24,7 +24,7 @@
   },
   "dependencies": {},
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/lex-cli/package.json b/packages/lex-cli/package.json
@@ -32,6 +32,6 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/lexicon/package.json b/packages/lexicon/package.json
@@ -28,6 +28,6 @@
   },
   "devDependencies": {
     "jest": "^28.1.2",
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   }
 }
diff --git a/packages/oauth/jwk-jose/package.json b/packages/oauth/jwk-jose/package.json
@@ -28,7 +28,7 @@
     "jose": "^5.2.0"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.json"

diff --git a/packages/oauth/jwk-webcrypto/package.json b/packages/oauth/jwk-webcrypto/package.json
@@ -28,7 +28,7 @@
     "@atproto/jwk-jose": "workspace:*"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/oauth/jwk/package.json b/packages/oauth/jwk/package.json
@@ -30,7 +30,7 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.json"

diff --git a/packages/oauth/oauth-client-browser/package.json b/packages/oauth/oauth-client-browser/package.json
@@ -41,7 +41,7 @@
     "@atproto/oauth-types": "workspace:*"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/oauth/oauth-client-node/README.md b/packages/oauth/oauth-client-node/README.md
@@ -22,7 +22,7 @@ needs of your application, and must respect the [ATPROTO].
 The `client_metadata` object will typically be built by the backend at startup.
 
 ```ts
-import { NodeOAuthClient } from '@atproto/oauth-client-node'
+import { NodeOAuthClient, Session } from '@atproto/oauth-client-node'
 import { JoseKey } from '@atproto/jwk-jose'
 
 const client = new NodeOAuthClient({

diff --git a/packages/oauth/oauth-client-node/package.json b/packages/oauth/oauth-client-node/package.json
@@ -39,7 +39,7 @@
     "@atproto/oauth-types": "workspace:*"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

diff --git a/packages/oauth/oauth-client/README.md b/packages/oauth/oauth-client/README.md
@@ -11,7 +11,7 @@ For a node specific implementation, see
 ### Configuration
 
 ```ts
-import { OAuthClient } from '@atproto/oauth-client'
+import { OAuthClient, Key, Session } from '@atproto/oauth-client'
 import { JoseKey } from '@atproto/jwk-jose' // NodeJS/Browser only
 
 const client = new OAuthClient({

diff --git a/packages/oauth/oauth-client/package.json b/packages/oauth/oauth-client/package.json
@@ -39,7 +39,7 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
-    "typescript": "^5.6.2"
+    "typescript": "^5.6.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"