QOAuthServerService
@quik/oauth-server / QOAuthServerService
Class: QOAuthServerService
Defined in: oauth-server/src/QOAuthServerService.ts:44
OAuth server service implementing grant validation and token issuance.
Extends
QService
Constructors
Constructor
new QOAuthServerService():
QOAuthServerService
Defined in: oauth-server/src/QOAuthServerService.ts:53
Returns
QOAuthServerService
Overrides
QService.constructor
Properties
_language?
protectedoptional_language?:string
Defined in: services/src/QService.ts:17
Inherited from
QService._language
_user
protected_user:IQUser
Defined in: services/src/QService.ts:16
Inherited from
QService._user
authorizationCodeStore
protectedreadonlyauthorizationCodeStore:IQOAuthAuthorizationCodeStore
Defined in: oauth-server/src/QOAuthServerService.ts:46
clientStore
protectedreadonlyclientStore:IQOAuthClientStore
Defined in: oauth-server/src/QOAuthServerService.ts:45
consentStore
protectedreadonlyconsentStore:IQOAuthConsentStore
Defined in: oauth-server/src/QOAuthServerService.ts:48
refreshTokenStore
protectedreadonlyrefreshTokenStore:IQOAuthRefreshTokenStore
Defined in: oauth-server/src/QOAuthServerService.ts:47
signingPrivateKey
protectedreadonlysigningPrivateKey:string
Defined in: oauth-server/src/QOAuthServerService.ts:49
signingPublicJWK
protectedreadonlysigningPublicJWK:JsonWebKey
Defined in: oauth-server/src/QOAuthServerService.ts:51
signingPublicKey
protectedreadonlysigningPublicKey:string
Defined in: oauth-server/src/QOAuthServerService.ts:50
Accessors
language
Get Signature
get
protectedlanguage():string
Defined in: services/src/QService.ts:27
Returns
string
Set Signature
set
protectedlanguage(value):void
Defined in: services/src/QService.ts:31
Parameters
value
string
Returns
void
Inherited from
QService.language
logger
Get Signature
get
protectedlogger():IQLogger
Defined in: core/src/QObject.ts:15
The logger getter for the object.
Returns
IQLogger
Inherited from
QService.logger
name
Get Signature
get name():
string
Defined in: core/src/QObject.ts:8
Returns
string
Inherited from
QService.name
user
Get Signature
get
protecteduser():IQUser
Defined in: services/src/QService.ts:19
Returns
IQUser
Set Signature
set
protecteduser(newUser):void
Defined in: services/src/QService.ts:23
Parameters
newUser
IQUser
Returns
void
Inherited from
QService.user
Methods
assertEnabled()
assertEnabled():
void
Defined in: oauth-server/src/QOAuthServerService.ts:107
Throws when OAuth server support is disabled in configuration.
Returns
void
Throws
OAuthServerDisabledError When oauth.server.enabled is false.
cleanup()
cleanup(
now?):number
Defined in: oauth-server/src/QOAuthServerService.ts:475
Removes expired authorization codes and refresh tokens from stores.
Parameters
now?
number
Optional reference timestamp.
Returns
number
clone()
clone<
T>(properties?):T
Defined in: services/src/QService.ts:40
Creates a clone of the current service.
Type Parameters
T
T extends QService = QService
Parameters
properties?
Record<string, any>
A list of properties that you want to pass to the new instance.
Returns
T
Inherited from
QService.clone
createAuthorizationCode()
createAuthorizationCode(
input):QOAuthAuthorizationCode
Defined in: oauth-server/src/QOAuthServerService.ts:248
Creates an authorization code after validating client and redirect data.
Parameters
input
QOAuthCreateAuthorizationCodeInput
Authorization request data.
Returns
createClient()
createClient(
input):object
Defined in: oauth-server/src/QOAuthServerService.ts:128
Creates one OAuth client and generates the secret for confidential clients.
Parameters
input
OAuth client creation data.
Returns
object
client
client:
QOAuthClient
clientSecret?
optionalclientSecret?:string
endSpan()
protectedendSpan(span):void
Defined in: core/src/QObject.ts:35
End a span returned by startSpan.
Parameters
span
TelemetrySpan
The span to end.
Returns
void
Inherited from
QService.endSpan
ensureGrantAllowed()
protectedensureGrantAllowed(client,grantType):void
Defined in: oauth-server/src/QOAuthServerService.ts:488
Parameters
client
grantType
"authorization_code" | "refresh_token" | "client_credentials"
Returns
void
ensureRedirectAllowed()
protectedensureRedirectAllowed(client,redirectUri):void
Defined in: oauth-server/src/QOAuthServerService.ts:494
Parameters
client
redirectUri
string
Returns
void
exchangeAuthorizationCode()
exchangeAuthorizationCode(
input):Promise<QOAuthTokenResponse>
Defined in: oauth-server/src/QOAuthServerService.ts:281
Exchanges an authorization code for access and refresh tokens.
Parameters
input
QOAuthExchangeAuthorizationCodeInput
Token exchange payload.
Returns
Promise<QOAuthTokenResponse>
exchangeClientCredentials()
exchangeClientCredentials(
input):Promise<QOAuthTokenResponse>
Defined in: oauth-server/src/QOAuthServerService.ts:351
Issues an access token using the client credentials grant.
Parameters
input
QOAuthExchangeClientCredentialsInput
Client credentials payload.
Returns
Promise<QOAuthTokenResponse>
exchangeRefreshToken()
exchangeRefreshToken(
input):Promise<QOAuthTokenResponse>
Defined in: oauth-server/src/QOAuthServerService.ts:315
Exchanges a refresh token for a new access token.
Parameters
input
QOAuthExchangeRefreshTokenInput
Refresh token exchange payload.
Returns
Promise<QOAuthTokenResponse>
executeCommand()
protectedexecuteCommand<T>(command,args?):Promise<void>
Defined in: services/src/QService.ts:106
Executes a CLI command if the CLI module is loaded.
Type Parameters
T
T = any
Parameters
command
string
The command to execute.
args?
T
Arguments passed to the command.
Returns
Promise<void>
Inherited from
QService.executeCommand
findConsent()
findConsent(
clientId,userId):QOAuthConsent
Defined in: oauth-server/src/QOAuthServerService.ts:230
Returns consent for one client/user pair.
Parameters
clientId
string
OAuth client identifier.
userId
string
OAuth resource owner identifier.
Returns
getClient()
getClient(
clientId):QOAuthClient
Defined in: oauth-server/src/QOAuthServerService.ts:158
Returns one OAuth client by id.
Parameters
clientId
string
OAuth client identifier.
Returns
getConsent()
getConsent(
consentId):QOAuthConsent
Defined in: oauth-server/src/QOAuthServerService.ts:220
Returns one consent by id.
Parameters
consentId
string
Consent identifier.
Returns
getJWKS()
getJWKS():
object
Defined in: oauth-server/src/QOAuthServerService.ts:445
Returns a JWKS payload with the active RSA public key.
Returns
object
keys
keys:
JsonWebKey&object[]
getLanguageStore()
protectedgetLanguageStore():IQI18n
Defined in: services/src/QService.ts:116
Retrieves the i18n store in use by the application.
Returns
IQI18n
Inherited from
QService.getLanguageStore
grantConsent()
grantConsent(
input):QOAuthConsent
Defined in: oauth-server/src/QOAuthServerService.ts:198
Creates or updates consent for one client/user pair.
Parameters
input
Consent payload.
Returns
hasModule()
protectedhasModule(module):boolean
Defined in: services/src/QService.ts:96
Checks if a module has been registered in the bootstrapper.
Parameters
module
string
Returns
boolean
Inherited from
QService.hasModule
init()
init():
Promise<void>
Defined in: services/src/QService.ts:82
Method used to perform some initializations in the class.
Returns
Promise<void>
Inherited from
QService.init
introspectAccessToken()
protectedintrospectAccessToken(token,refreshTokenFallback?,authorizationCodeFallback?):QOAuthTokenIntrospectionResponse
Defined in: oauth-server/src/QOAuthServerService.ts:578
Parameters
token
string
refreshTokenFallback?
QOAuthTokenIntrospectionResponse = ...
authorizationCodeFallback?
QOAuthTokenIntrospectionResponse = ...
Returns
QOAuthTokenIntrospectionResponse
introspectAuthorizationCode()
protectedintrospectAuthorizationCode(code):QOAuthTokenIntrospectionResponse
Defined in: oauth-server/src/QOAuthServerService.ts:631
Parameters
code
string
Returns
QOAuthTokenIntrospectionResponse
introspectRefreshToken()
protectedintrospectRefreshToken(token):QOAuthTokenIntrospectionResponse
Defined in: oauth-server/src/QOAuthServerService.ts:614
Parameters
token
string
Returns
QOAuthTokenIntrospectionResponse
introspectToken()
introspectToken(
input):QOAuthTokenIntrospectionResponse
Defined in: oauth-server/src/QOAuthServerService.ts:373
Introspects one access token, refresh token, or authorization code.
Parameters
input
Introspection payload.
Returns
QOAuthTokenIntrospectionResponse
issueTokenResponse()
protectedissueTokenResponse(options):QOAuthTokenResponse
Defined in: oauth-server/src/QOAuthServerService.ts:526
Parameters
options
client
grantType
"authorization_code" | "refresh_token" | "client_credentials"
includeRefreshToken
boolean
scope
string[]
subject?
string
Returns
listClients()
listClients():
QOAuthClient[]
Defined in: oauth-server/src/QOAuthServerService.ts:148
Returns all configured OAuth clients.
Returns
normalizePem()
protectednormalizePem(value?):string
Defined in: oauth-server/src/QOAuthServerService.ts:96
Normalizes PEM values loaded from env/config where new lines can be escaped.
Parameters
value?
string
Raw PEM value.
Returns
string
recordSpanError()
protectedrecordSpanError(span,err):void
Defined in: core/src/QObject.ts:45
Record an exception on an active span.
Parameters
span
TelemetrySpan
The span to record the error on.
err
unknown
The error to record.
Returns
void
Inherited from
QService.recordSpanError
registerClient()
registerClient(
client):QOAuthClient
Defined in: oauth-server/src/QOAuthServerService.ts:118
Registers or updates one OAuth client.
Parameters
client
QOAuthClient | Partial<QOAuthClient>
OAuth client metadata.
Returns
removeClient()
removeClient(
clientId):void
Defined in: oauth-server/src/QOAuthServerService.ts:188
Deletes one OAuth client registration by id.
Parameters
clientId
string
OAuth client identifier.
Returns
void
requireClient()
protectedrequireClient(clientId):QOAuthClient
Defined in: oauth-server/src/QOAuthServerService.ts:479
Parameters
clientId
string
Returns
revokeConsent()
revokeConsent(
consentId):void
Defined in: oauth-server/src/QOAuthServerService.ts:239
Revokes one consent entry.
Parameters
consentId
string
Consent identifier.
Returns
void
revokeToken()
revokeToken(
input):void
Defined in: oauth-server/src/QOAuthServerService.ts:402
Revokes one refresh token or authorization code.
Access token revocation is currently a no-op because access tokens are stateless JWTs.
Parameters
input
Revoke payload.
Returns
void
scope()
scope(
scope?):QOAuthServerService
Defined in: services/src/QService.ts:55
Creates a scoped clone of the current service.
Parameters
scope?
IQServiceScope
The scope applied to the cloned instance.
Returns
QOAuthServerService
Inherited from
QService.scope
session()
session(
user,properties?):QOAuthServerService
Defined in: services/src/QService.ts:75
Creates a session bound to a specific user.
Parameters
user
IQUser
The user to attach to the service instance.
properties?
Record<string, any>
Extra properties applied when cloning the service.
Returns
QOAuthServerService
Inherited from
QService.session
setSpanAttribute()
protectedsetSpanAttribute(span,key,value):void
Defined in: core/src/QObject.ts:64
Set a single attribute on an active span.
Parameters
span
TelemetrySpan
The span to update.
key
string
Attribute key.
value
string | number | boolean
Attribute value.
Returns
void
Inherited from
QService.setSpanAttribute
shutdown()
shutdown():
Promise<void>
Defined in: services/src/QService.ts:89
Method used to clean up resources before shutdown.
Returns
Promise<void>
Inherited from
QService.shutdown
startSpan()
protectedstartSpan(spanName,options?):TelemetrySpan
Defined in: core/src/QObject.ts:26
Start a telemetry span for the given operation name. Returns undefined when no telemetry provider is active.
Parameters
spanName
string
Name of the span.
options?
TelemetrySpanOptions
Optional span attributes and kind.
Returns
TelemetrySpan
Inherited from
QService.startSpan
translate()
protectedtranslate(key,options):string
Defined in: services/src/QService.ts:126
Helper method to translate a key using the i18n store.
Parameters
key
string
The translation key.
options
Record<string, any>
The interpolation options.
Returns
string
Inherited from
QService.translate
updateClient()
updateClient(
clientId,input):QOAuthClient
Defined in: oauth-server/src/QOAuthServerService.ts:168
Updates one OAuth client while keeping id, type, and secret immutable.
Parameters
clientId
string
OAuth client identifier.
input
Client update values.
Returns
validateClientCredentials()
protectedvalidateClientCredentials(client,providedSecret?):void
Defined in: oauth-server/src/QOAuthServerService.ts:500
Parameters
client
providedSecret?
string
Returns
void
verifyAccessToken()
verifyAccessToken(
token):QOAuthAccessTokenPayload
Defined in: oauth-server/src/QOAuthServerService.ts:463
Verifies and decodes one issued access token.
Parameters
token
string
Access token value.
Returns
verifyPKCE()
protectedverifyPKCE(authorizationCode,codeVerifier?):void
Defined in: oauth-server/src/QOAuthServerService.ts:510
Parameters
authorizationCode
codeVerifier?
string
Returns
void