Skip to main content

Class: OAuthService

Defined in: src/auth/oauth/oauth-service.ts:272

OAuth 2.0 authorization service.

Remarks

Implements the OAuth 2.0 authorization code flow with PKCE. All public clients must use PKCE for security.

Example

const oauthService = new OAuthService({
  redis,
  logger,
  jwtService,
  sessionManager,
  refreshTokenManager,
  clientManager,
});

// Start authorization
const code = await oauthService.createAuthorizationCode(
  authRequest,
  userDid
);

// Exchange code for tokens
const tokens = await oauthService.exchangeCode(tokenRequest);

Constructors

new OAuthService()

new OAuthService(options): OAuthService

Defined in: src/auth/oauth/oauth-service.ts:286

Creates a new OAuthService.

Parameters

options

OAuthServiceOptions

Service options

Returns

OAuthService

Methods

createAuthorizationCode()

createAuthorizationCode(request, did): Promise<string>

Defined in: src/auth/oauth/oauth-service.ts:355

Creates an authorization code.

Parameters

request

AuthorizationRequest

Authorization request

did

DID

Authenticated user's DID

Returns

Promise<string>

Authorization code

Remarks

Called after user authenticates and consents to the authorization request.

exchangeCode()

exchangeCode(request): Promise<TokenResponse>

Defined in: src/auth/oauth/oauth-service.ts:410

Exchanges an authorization code for tokens.

Parameters

request

TokenRequest

Token request

Returns

Promise<TokenResponse>

Token response

Throws

OAuthError if exchange fails

refreshAccessToken()

refreshAccessToken(request): Promise<TokenResponse>

Defined in: src/auth/oauth/oauth-service.ts:494

Refreshes an access token.

Parameters

request

TokenRequest

Token request with refresh token

Returns

Promise<TokenResponse>

New token response

revokeToken()

revokeToken(token, tokenTypeHint?): Promise<void>

Defined in: src/auth/oauth/oauth-service.ts:542

Revokes a token.

Parameters

token

string

Token to revoke (access or refresh)

tokenTypeHint?

Token type hint

"access_token" | "refresh_token"

Returns

Promise<void>

validateAuthorizationRequest()

validateAuthorizationRequest(request): Promise<OAuthClient>

Defined in: src/auth/oauth/oauth-service.ts:303

Validates an authorization request.

Parameters

request

AuthorizationRequest

Authorization request

Returns

Promise<OAuthClient>

Validated client

Throws

OAuthError if request is invalid