UNPKG

@doneisbetter/sso

Version:

A secure, privacy-focused SSO solution with ephemeral token handling

sso.doneisbetter.com

moldovancsaba/sso

87 lines (75 loc) 2.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import { AuthorizationRequest } from './types'; import { User } from '../types/user'; import { Identity } from '../types/identity'; import { Database } from '../db/database'; import { IdentityManager } from '../identity/manager'; /** * Handles OAuth authentication requests, managing both the initial login form display * and the subsequent authentication process. */ export class OAuthAuthHandler { private readonly identityManager: IdentityManager; constructor(private readonly db: Database) { this.identityManager = new IdentityManager(); } /** * Generates login form data for the initial OAuth authorization request * @param clientName Name of the OAuth client requesting authorization * @param redirectUri Callback URL for the OAuth flow * @param state OAuth state parameter for security * @returns Login form data with client information */ async getLoginFormData(clientName: string, redirectUri: string, state: string) { return { client_name: clientName, redirect_uri: redirectUri, state, login_options: { identifier: true, email: true }, message: 'Please authenticate to continue' }; } /** * Authenticates a user based on the provided identifier * Creates or retrieves the user and their identity profile * @param identifier User's identifier (anonymous or email-based) * @returns Authenticated user with identity */ async authenticateUser(identifier: string): Promise<User> { // Initialize identity manager if not already done await this.identityManager.init(); // Create or update user record with current timestamp const now = new Date().toISOString(); const user = await this.db.createOrUpdateUser(identifier); // Ensure user has an identity profile const identityId = user.identityId || user.id; const identity = await this.identityManager.getOrCreate(identityId); // Update user with identity reference if (!user.identityId) { await this.db.createOrUpdateUser(user.identifier, { metadata: {...(user.metadata || {}), identityId} }); } return { ...user, profile: { ...user.profile, nickname: identity.gametag } }; } /** * Validates the authentication request parameters * @param identifier User's provided identifier * @param request OAuth authorization request * @returns Validation result and any error messages */ validateAuthRequest(identifier: string, request: AuthorizationRequest): { isValid: boolean; error?: string } { if (!identifier || identifier.trim().length === 0) { return { isValid: false, error: 'Identifier is required' }; } // Add additional validation as needed // For example, email format validation if using email authentication return { isValid: true }; } }