Skip to main content

QOAuthServerService

@quik/oauth-server


@quik/oauth-server / QOAuthServerService

Class: QOAuthServerService

Defined in: oauth-server/src/QOAuthServerService.ts:44

OAuth server service implementing grant validation and token issuance.

Extends

  • QService

Constructors

Constructor

new QOAuthServerService(): QOAuthServerService

Defined in: oauth-server/src/QOAuthServerService.ts:53

Returns

QOAuthServerService

Overrides

QService.constructor

Properties

_language?

protected optional _language?: string

Defined in: services/src/QService.ts:17

Inherited from

QService._language


_user

protected _user: IQUser

Defined in: services/src/QService.ts:16

Inherited from

QService._user


authorizationCodeStore

protected readonly authorizationCodeStore: IQOAuthAuthorizationCodeStore

Defined in: oauth-server/src/QOAuthServerService.ts:46


clientStore

protected readonly clientStore: IQOAuthClientStore

Defined in: oauth-server/src/QOAuthServerService.ts:45


consentStore

protected readonly consentStore: IQOAuthConsentStore

Defined in: oauth-server/src/QOAuthServerService.ts:48


refreshTokenStore

protected readonly refreshTokenStore: IQOAuthRefreshTokenStore

Defined in: oauth-server/src/QOAuthServerService.ts:47


signingPrivateKey

protected readonly signingPrivateKey: string

Defined in: oauth-server/src/QOAuthServerService.ts:49


signingPublicJWK

protected readonly signingPublicJWK: JsonWebKey

Defined in: oauth-server/src/QOAuthServerService.ts:51


signingPublicKey

protected readonly signingPublicKey: string

Defined in: oauth-server/src/QOAuthServerService.ts:50

Accessors

language

Get Signature

get protected language(): string

Defined in: services/src/QService.ts:27

Returns

string

Set Signature

set protected language(value): void

Defined in: services/src/QService.ts:31

Parameters
value

string

Returns

void

Inherited from

QService.language


logger

Get Signature

get protected logger(): IQLogger

Defined in: core/src/QObject.ts:15

The logger getter for the object.

Returns

IQLogger

Inherited from

QService.logger


name

Get Signature

get name(): string

Defined in: core/src/QObject.ts:8

Returns

string

Inherited from

QService.name


user

Get Signature

get protected user(): IQUser

Defined in: services/src/QService.ts:19

Returns

IQUser

Set Signature

set protected user(newUser): void

Defined in: services/src/QService.ts:23

Parameters
newUser

IQUser

Returns

void

Inherited from

QService.user

Methods

assertEnabled()

assertEnabled(): void

Defined in: oauth-server/src/QOAuthServerService.ts:107

Throws when OAuth server support is disabled in configuration.

Returns

void

Throws

OAuthServerDisabledError When oauth.server.enabled is false.


cleanup()

cleanup(now?): number

Defined in: oauth-server/src/QOAuthServerService.ts:475

Removes expired authorization codes and refresh tokens from stores.

Parameters

now?

number

Optional reference timestamp.

Returns

number


clone()

clone<T>(properties?): T

Defined in: services/src/QService.ts:40

Creates a clone of the current service.

Type Parameters

T

T extends QService = QService

Parameters

properties?

Record<string, any>

A list of properties that you want to pass to the new instance.

Returns

T

Inherited from

QService.clone


createAuthorizationCode()

createAuthorizationCode(input): QOAuthAuthorizationCode

Defined in: oauth-server/src/QOAuthServerService.ts:248

Creates an authorization code after validating client and redirect data.

Parameters

input

QOAuthCreateAuthorizationCodeInput

Authorization request data.

Returns

QOAuthAuthorizationCode


createClient()

createClient(input): object

Defined in: oauth-server/src/QOAuthServerService.ts:128

Creates one OAuth client and generates the secret for confidential clients.

Parameters

input

QOAuthCreateClientInput

OAuth client creation data.

Returns

object

client

client: QOAuthClient

clientSecret?

optional clientSecret?: string


endSpan()

protected endSpan(span): void

Defined in: core/src/QObject.ts:35

End a span returned by startSpan.

Parameters

span

TelemetrySpan

The span to end.

Returns

void

Inherited from

QService.endSpan


ensureGrantAllowed()

protected ensureGrantAllowed(client, grantType): void

Defined in: oauth-server/src/QOAuthServerService.ts:488

Parameters

client

QOAuthClient

grantType

"authorization_code" | "refresh_token" | "client_credentials"

Returns

void


ensureRedirectAllowed()

protected ensureRedirectAllowed(client, redirectUri): void

Defined in: oauth-server/src/QOAuthServerService.ts:494

Parameters

client

QOAuthClient

redirectUri

string

Returns

void


exchangeAuthorizationCode()

exchangeAuthorizationCode(input): Promise<QOAuthTokenResponse>

Defined in: oauth-server/src/QOAuthServerService.ts:281

Exchanges an authorization code for access and refresh tokens.

Parameters

input

QOAuthExchangeAuthorizationCodeInput

Token exchange payload.

Returns

Promise<QOAuthTokenResponse>


exchangeClientCredentials()

exchangeClientCredentials(input): Promise<QOAuthTokenResponse>

Defined in: oauth-server/src/QOAuthServerService.ts:351

Issues an access token using the client credentials grant.

Parameters

input

QOAuthExchangeClientCredentialsInput

Client credentials payload.

Returns

Promise<QOAuthTokenResponse>


exchangeRefreshToken()

exchangeRefreshToken(input): Promise<QOAuthTokenResponse>

Defined in: oauth-server/src/QOAuthServerService.ts:315

Exchanges a refresh token for a new access token.

Parameters

input

QOAuthExchangeRefreshTokenInput

Refresh token exchange payload.

Returns

Promise<QOAuthTokenResponse>


executeCommand()

protected executeCommand<T>(command, args?): Promise<void>

Defined in: services/src/QService.ts:106

Executes a CLI command if the CLI module is loaded.

Type Parameters

T

T = any

Parameters

command

string

The command to execute.

args?

T

Arguments passed to the command.

Returns

Promise<void>

Inherited from

QService.executeCommand


findConsent()

findConsent(clientId, userId): QOAuthConsent

Defined in: oauth-server/src/QOAuthServerService.ts:230

Returns consent for one client/user pair.

Parameters

clientId

string

OAuth client identifier.

userId

string

OAuth resource owner identifier.

Returns

QOAuthConsent


getClient()

getClient(clientId): QOAuthClient

Defined in: oauth-server/src/QOAuthServerService.ts:158

Returns one OAuth client by id.

Parameters

clientId

string

OAuth client identifier.

Returns

QOAuthClient


getConsent()

getConsent(consentId): QOAuthConsent

Defined in: oauth-server/src/QOAuthServerService.ts:220

Returns one consent by id.

Parameters

consentId

string

Consent identifier.

Returns

QOAuthConsent


getJWKS()

getJWKS(): object

Defined in: oauth-server/src/QOAuthServerService.ts:445

Returns a JWKS payload with the active RSA public key.

Returns

object

keys

keys: JsonWebKey & object[]


getLanguageStore()

protected getLanguageStore(): IQI18n

Defined in: services/src/QService.ts:116

Retrieves the i18n store in use by the application.

Returns

IQI18n

Inherited from

QService.getLanguageStore


grantConsent()

grantConsent(input): QOAuthConsent

Defined in: oauth-server/src/QOAuthServerService.ts:198

Creates or updates consent for one client/user pair.

Parameters

input

QOAuthGrantConsentInput

Consent payload.

Returns

QOAuthConsent


hasModule()

protected hasModule(module): boolean

Defined in: services/src/QService.ts:96

Checks if a module has been registered in the bootstrapper.

Parameters

module

string

Returns

boolean

Inherited from

QService.hasModule


init()

init(): Promise<void>

Defined in: services/src/QService.ts:82

Method used to perform some initializations in the class.

Returns

Promise<void>

Inherited from

QService.init


introspectAccessToken()

protected introspectAccessToken(token, refreshTokenFallback?, authorizationCodeFallback?): QOAuthTokenIntrospectionResponse

Defined in: oauth-server/src/QOAuthServerService.ts:578

Parameters

token

string

refreshTokenFallback?

QOAuthTokenIntrospectionResponse = ...

authorizationCodeFallback?

QOAuthTokenIntrospectionResponse = ...

Returns

QOAuthTokenIntrospectionResponse


introspectAuthorizationCode()

protected introspectAuthorizationCode(code): QOAuthTokenIntrospectionResponse

Defined in: oauth-server/src/QOAuthServerService.ts:631

Parameters

code

string

Returns

QOAuthTokenIntrospectionResponse


introspectRefreshToken()

protected introspectRefreshToken(token): QOAuthTokenIntrospectionResponse

Defined in: oauth-server/src/QOAuthServerService.ts:614

Parameters

token

string

Returns

QOAuthTokenIntrospectionResponse


introspectToken()

introspectToken(input): QOAuthTokenIntrospectionResponse

Defined in: oauth-server/src/QOAuthServerService.ts:373

Introspects one access token, refresh token, or authorization code.

Parameters

input

QOAuthIntrospectTokenInput

Introspection payload.

Returns

QOAuthTokenIntrospectionResponse


issueTokenResponse()

protected issueTokenResponse(options): QOAuthTokenResponse

Defined in: oauth-server/src/QOAuthServerService.ts:526

Parameters

options
client

QOAuthClient

grantType

"authorization_code" | "refresh_token" | "client_credentials"

includeRefreshToken

boolean

scope

string[]

subject?

string

Returns

QOAuthTokenResponse


listClients()

listClients(): QOAuthClient[]

Defined in: oauth-server/src/QOAuthServerService.ts:148

Returns all configured OAuth clients.

Returns

QOAuthClient[]


normalizePem()

protected normalizePem(value?): string

Defined in: oauth-server/src/QOAuthServerService.ts:96

Normalizes PEM values loaded from env/config where new lines can be escaped.

Parameters

value?

string

Raw PEM value.

Returns

string


recordSpanError()

protected recordSpanError(span, err): void

Defined in: core/src/QObject.ts:45

Record an exception on an active span.

Parameters

span

TelemetrySpan

The span to record the error on.

err

unknown

The error to record.

Returns

void

Inherited from

QService.recordSpanError


registerClient()

registerClient(client): QOAuthClient

Defined in: oauth-server/src/QOAuthServerService.ts:118

Registers or updates one OAuth client.

Parameters

client

QOAuthClient | Partial<QOAuthClient>

OAuth client metadata.

Returns

QOAuthClient


removeClient()

removeClient(clientId): void

Defined in: oauth-server/src/QOAuthServerService.ts:188

Deletes one OAuth client registration by id.

Parameters

clientId

string

OAuth client identifier.

Returns

void


requireClient()

protected requireClient(clientId): QOAuthClient

Defined in: oauth-server/src/QOAuthServerService.ts:479

Parameters

clientId

string

Returns

QOAuthClient


revokeConsent()

revokeConsent(consentId): void

Defined in: oauth-server/src/QOAuthServerService.ts:239

Revokes one consent entry.

Parameters

consentId

string

Consent identifier.

Returns

void


revokeToken()

revokeToken(input): void

Defined in: oauth-server/src/QOAuthServerService.ts:402

Revokes one refresh token or authorization code.

Access token revocation is currently a no-op because access tokens are stateless JWTs.

Parameters

input

QOAuthRevokeTokenInput

Revoke payload.

Returns

void


scope()

scope(scope?): QOAuthServerService

Defined in: services/src/QService.ts:55

Creates a scoped clone of the current service.

Parameters

scope?

IQServiceScope

The scope applied to the cloned instance.

Returns

QOAuthServerService

Inherited from

QService.scope


session()

session(user, properties?): QOAuthServerService

Defined in: services/src/QService.ts:75

Creates a session bound to a specific user.

Parameters

user

IQUser

The user to attach to the service instance.

properties?

Record<string, any>

Extra properties applied when cloning the service.

Returns

QOAuthServerService

Inherited from

QService.session


setSpanAttribute()

protected setSpanAttribute(span, key, value): void

Defined in: core/src/QObject.ts:64

Set a single attribute on an active span.

Parameters

span

TelemetrySpan

The span to update.

key

string

Attribute key.

value

string | number | boolean

Attribute value.

Returns

void

Inherited from

QService.setSpanAttribute


shutdown()

shutdown(): Promise<void>

Defined in: services/src/QService.ts:89

Method used to clean up resources before shutdown.

Returns

Promise<void>

Inherited from

QService.shutdown


startSpan()

protected startSpan(spanName, options?): TelemetrySpan

Defined in: core/src/QObject.ts:26

Start a telemetry span for the given operation name. Returns undefined when no telemetry provider is active.

Parameters

spanName

string

Name of the span.

options?

TelemetrySpanOptions

Optional span attributes and kind.

Returns

TelemetrySpan

Inherited from

QService.startSpan


translate()

protected translate(key, options): string

Defined in: services/src/QService.ts:126

Helper method to translate a key using the i18n store.

Parameters

key

string

The translation key.

options

Record<string, any>

The interpolation options.

Returns

string

Inherited from

QService.translate


updateClient()

updateClient(clientId, input): QOAuthClient

Defined in: oauth-server/src/QOAuthServerService.ts:168

Updates one OAuth client while keeping id, type, and secret immutable.

Parameters

clientId

string

OAuth client identifier.

input

QOAuthUpdateClientInput

Client update values.

Returns

QOAuthClient


validateClientCredentials()

protected validateClientCredentials(client, providedSecret?): void

Defined in: oauth-server/src/QOAuthServerService.ts:500

Parameters

client

QOAuthClient

providedSecret?

string

Returns

void


verifyAccessToken()

verifyAccessToken(token): QOAuthAccessTokenPayload

Defined in: oauth-server/src/QOAuthServerService.ts:463

Verifies and decodes one issued access token.

Parameters

token

string

Access token value.

Returns

QOAuthAccessTokenPayload


verifyPKCE()

protected verifyPKCE(authorizationCode, codeVerifier?): void

Defined in: oauth-server/src/QOAuthServerService.ts:510

Parameters

authorizationCode

QOAuthAuthorizationCode

codeVerifier?

string

Returns

void