diff --git a/gatekeeper/package.json b/gatekeeper/package.json index 700e248..7efcdbd 100644 --- a/gatekeeper/package.json +++ b/gatekeeper/package.json @@ -3,7 +3,7 @@ "version": "0.0.0", "dependencies": { "itty-router": "^5.0.18", - "oauth4webapi": "^2.3.0" + "oauth4webapi": "^3.1.2" }, "devDependencies": { "@cloudflare/workers-types": "^4.20241018.0", diff --git a/gatekeeper/src/oauth-client.ts b/gatekeeper/src/oauth-client.ts index 4172487..737100d 100644 --- a/gatekeeper/src/oauth-client.ts +++ b/gatekeeper/src/oauth-client.ts @@ -13,14 +13,15 @@ class OauthClient { #config: OauthClientConfig; #as!: oauth.AuthorizationServer; #client: oauth.Client; + #clientAuth: oauth.ClientAuth; constructor(config: OauthClientConfig) { this.#config = config; this.#codeVerifier = oauth.generateRandomCodeVerifier(); this.#client = { - client_id: this.#config.clientId, - client_secret: this.#config.clientSecret + client_id: this.#config.clientId }; + this.#clientAuth = oauth.ClientSecretBasic(this.#config.clientSecret); } async readServer() { @@ -50,7 +51,7 @@ class OauthClient { return loginUrl; } - async grantCode(url: string | URL): Promise { + async grantCode(url: string | URL): Promise { const params = oauth.validateAuthResponse( this.#as, this.#client, @@ -58,38 +59,21 @@ class OauthClient { oauth.expectNoState ); - if (oauth.isOAuth2Error(params)) { - console.log('error', params); - throw new Error(); // Handle OAuth 2.0 redirect error - } - const response = await oauth.authorizationCodeGrantRequest( this.#as, this.#client, + this.#clientAuth, params, this.#config.grantRedirectURI, this.#codeVerifier ); - let challenges: oauth.WWWAuthenticateChallenge[] | undefined; - if ((challenges = oauth.parseWwwAuthenticateChallenges(response))) { - for (const challenge of challenges) { - console.log('challenge', challenge); - } - throw new Error(); // Handle www-authenticate challenges as needed - } - - const result = await oauth.processAuthorizationCodeOAuth2Response( + const result = await oauth.processAuthorizationCodeResponse( this.#as, this.#client, response ); - if (oauth.isOAuth2Error(result)) { - console.error(result); - throw new Error(); // Handle OAuth 2.0 response body error - } - return result; } @@ -97,6 +81,7 @@ class OauthClient { const response = await oauth.refreshTokenGrantRequest( this.#as, this.#client, + this.#clientAuth, token ); @@ -106,11 +91,6 @@ class OauthClient { response ); - if (oauth.isOAuth2Error(result)) { - console.error(result); - throw new Error(); // Handle OAuth 2.0 response body error - } - return result; } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b29dfe8..d016582 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -23,8 +23,8 @@ importers: specifier: ^5.0.18 version: 5.0.18 oauth4webapi: - specifier: ^2.3.0 - version: 2.17.0 + specifier: ^3.1.2 + version: 3.1.2 devDependencies: '@cloudflare/workers-types': specifier: ^4.20241018.0 @@ -9481,8 +9481,8 @@ packages: nwsapi@2.2.13: resolution: {integrity: sha512-cTGB9ptp9dY9A5VbMSe7fQBcl/tt22Vcqdq8+eN93rblOuE0aCFu4aZ2vMwct/2t+lFnosm8RkQW1I0Omb1UtQ==} - oauth4webapi@2.17.0: - resolution: {integrity: sha512-lbC0Z7uzAFNFyzEYRIC+pkSVvDHJTbEW+dYlSBAlCYDe6RxUkJ26bClhk8ocBZip1wfI9uKTe0fm4Ib4RHn6uQ==} + oauth4webapi@3.1.2: + resolution: {integrity: sha512-KQZkNU+xn02lWrFu5Vjqg9E81yPtDSxUZorRHlLWVoojD+H/0GFbH59kcnz5Thdjj7c4/mYMBPj/mhvGe/kKXA==} object-assign@4.1.1: resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==} @@ -24128,7 +24128,7 @@ snapshots: nwsapi@2.2.13: {} - oauth4webapi@2.17.0: {} + oauth4webapi@3.1.2: {} object-assign@4.1.1: {}