Skip to Content
DocumentationReferenceAPI ReferenceAPI: @loopstack/oauth-module

API: @loopstack/oauth-module

Classes

BuildOAuthUrlTool

Tool that builds an OAuth 2.0 authorization URL for a provider, including a CSRF state parameter.

import { BuildOAuthUrlTool } from '@loopstack/oauth-module';

Provided by: OAuthModule

export class BuildOAuthUrlTool extends BaseTool<BuildOAuthUrlArgs, object, BuildOAuthUrlResult> { protected handle(args: BuildOAuthUrlArgs): Promise<ToolEnvelope<BuildOAuthUrlResult>>; }

ExchangeOAuthTokenTool

Tool that exchanges an OAuth 2.0 authorization code for access and refresh tokens and stores them for the user.

import { ExchangeOAuthTokenTool } from '@loopstack/oauth-module';

Provided by: OAuthModule

export class ExchangeOAuthTokenTool extends BaseTool<ExchangeOAuthTokenArgs, object, ExchangeOAuthTokenResult> { protected handle(args: ExchangeOAuthTokenArgs, ctx: RunContext): Promise<ToolEnvelope<ExchangeOAuthTokenResult>>; }

OAuthModule

NestJS module that provides the provider-agnostic OAuth 2.0 framework — the OAuthProviderRegistry and OAuthTokenStore services, the build_oauth_url and exchange_oauth_token tools, and the generic OAuthWorkflow for the authorization code flow.

Registration:

  • OAuthModule — a bare import is enough. The module is @Global(), so a single import anywhere makes its services, tools, and workflow available application-wide via DI; no static configuration method exists.

Requires: at least one OAuth provider implementing OAuthProviderInterface must be registered for authentication to do anything useful — provider modules (e.g. @loopstack/google-workspace-module or @loopstack/github-module) self-register on init via OAuthProviderRegistry. Token persistence uses Redis (REDIS_HOST/REDIS_PORT/REDIS_PASSWORD) but is optional, falling back to in-memory storage when Redis is unavailable.

import { OAuthModule } from '@loopstack/oauth-module';
export class OAuthModule { }

OAuthPromptDocument

Document that renders the OAuth authorization prompt (provider, auth URL, and connection status) in Studio.

import { OAuthPromptDocument } from '@loopstack/oauth-module';
export class OAuthPromptDocument { provider: string; authUrl: string; state: string; status: 'pending' | 'success' | 'error'; message?: string; }

OAuthTokenStore

Service that stores and retrieves per-user OAuth tokens (Redis-backed, with in-memory fallback) and transparently refreshes expired access tokens; inject it to read a valid access token for a provider.

import { OAuthTokenStore } from '@loopstack/oauth-module';

Provided by: OAuthModule

export class OAuthTokenStore implements OnModuleDestroy { constructor(); onModuleDestroy(): void; storeTokens(userId: string, providerId: string, tokens: StoredTokens): Promise<void>; storeFromTokenSet(userId: string, providerId: string, tokenSet: OAuthTokenSet): Promise<void>; getTokens(userId: string, providerId: string): Promise<StoredTokens | undefined>; getValidAccessToken(userId: string, providerId: string): Promise<string | undefined>; }

OAuthWorkflow

Workflow that runs the OAuth 2.0 authorization code flow for a provider: it builds the auth URL, prompts the user via an OAuthPromptDocument, and exchanges the returned code for stored tokens. Run it standalone to pre-authenticate or invoke it from another workflow when authentication is required.

import { OAuthWorkflow } from '@loopstack/oauth-module';

Provided by: OAuthModule

export class OAuthWorkflow extends BaseWorkflow<OAuthArgs> { constructor(buildOAuthUrl: BuildOAuthUrlTool, exchangeOAuthToken: ExchangeOAuthTokenTool); initiateOAuth(state: OAuthState, ctx: RunContext<OAuthArgs>): Promise<void>; exchangeToken(state: OAuthState, input: TransitionInput<{ code: string; state: string; }>): Promise<void>; }

Interfaces

BuildOAuthUrlResult

Result for BuildOAuthUrlTool.

import { BuildOAuthUrlResult } from '@loopstack/oauth-module';
export interface BuildOAuthUrlResult { authUrl: string; state: string; }

OAuthProviderInterface

Contract that an OAuth 2.0 provider implements to plug into the OAuth framework; implement it to add a new provider.

import { OAuthProviderInterface } from '@loopstack/oauth-module';
export interface OAuthProviderInterface { readonly providerId: string; readonly defaultScopes: string[]; buildAuthUrl(scopes: string[], state: string): string; exchangeCode(code: string): Promise<OAuthTokenSet>; refreshToken(refreshToken: string): Promise<OAuthTokenSet>; }

OAuthTokenSet

Token set returned by an OAuth provider after a code exchange or refresh.

import { OAuthTokenSet } from '@loopstack/oauth-module';
export interface OAuthTokenSet { accessToken: string; refreshToken?: string; expiresIn: number; scope: string; }

StoredTokens

Persisted OAuth token record held by OAuthTokenStore.

import { StoredTokens } from '@loopstack/oauth-module';
export interface StoredTokens { accessToken: string; refreshToken?: string; expiresAt: number; scope: string; }

Type Aliases

BuildOAuthUrlArgs

Args for BuildOAuthUrlTool.

import { BuildOAuthUrlArgs } from '@loopstack/oauth-module';
export type BuildOAuthUrlArgs = z.infer<typeof BuildOAuthUrlSchema>;

ExchangeOAuthTokenArgs

Args for ExchangeOAuthTokenTool.

import { ExchangeOAuthTokenArgs } from '@loopstack/oauth-module';
export type ExchangeOAuthTokenArgs = z.infer<typeof ExchangeOAuthTokenSchema>;

ExchangeOAuthTokenResult

Result for ExchangeOAuthTokenTool.

import { ExchangeOAuthTokenResult } from '@loopstack/oauth-module';
export type ExchangeOAuthTokenResult = { accessToken: string; refreshToken: string | undefined; expiresIn: number | undefined; scope: string | undefined; };

Variables

BuildOAuthUrlSchema

Zod schema for BuildOAuthUrlTool args.

import { BuildOAuthUrlSchema } from '@loopstack/oauth-module';
BuildOAuthUrlSchema: z.ZodObject<{ provider: z.ZodString; scopes: z.ZodArray<z.ZodString>; }, z.core.$strict>

ExchangeOAuthTokenSchema

Zod schema for ExchangeOAuthTokenTool args.

import { ExchangeOAuthTokenSchema } from '@loopstack/oauth-module';
ExchangeOAuthTokenSchema: z.ZodObject<{ provider: z.ZodString; code: z.ZodString; state: z.ZodString; expectedState: z.ZodString; }, z.core.$strict>

OAuthPromptDocumentSchema

Zod schema for OAuthPromptDocument.

import { OAuthPromptDocumentSchema } from '@loopstack/oauth-module';
OAuthPromptDocumentSchema: z.ZodObject<{ provider: z.ZodString; authUrl: z.ZodString; state: z.ZodString; status: z.ZodDefault<z.ZodEnum<{ success: "success"; pending: "pending"; error: "error"; }>>; message: z.ZodOptional<z.ZodString>; }, z.core.$strict>
Last updated on