Update swift-crypto to 3.9.1 and Introduce Explicit 'Any' for Protoco…

…l Types (#14)

* chore(deps): bump swift-crypto from 3.8.1 to 3.9.1

Updates the Swift Crypto dependency to the latest version 3.9.1

* feat: add explicit 'any' keyword for protocol types

This commit updates the codebase to use explicit 'any' keywords for existential types in accordance with Swift's evolution towards more explicit type erasure. Changes include:

- Add 'any' keyword to protocol conformance declarations across the codebase
- Update function signatures to explicitly mark protocol types with 'any'
- Modify property declarations to include 'any' for protocol types
- Update Package.swift with new Swift settings including ExistentialAny feature

The changes improve type safety and prepare the codebase for future Swift versions where implicit existential types will be deprecated. No functional changes were made to the underlying implementation.

Key areas updated:
- OAuth2 core types and protocols
- Route handlers and middleware
- Token management and authentication
- Client and server validators

Package.swift

@@ -23,14 +23,20 @@ let package = Package(
                 .product(name: "Vapor", package: "vapor"),
                 .product(name: "Crypto", package: "swift-crypto")
             ],
-            swiftSettings: [
-                .enableUpcomingFeature("BareSlashRegexLiterals"),
-                .enableExperimentalFeature("StrictConcurrency=complete"),
-            ]
+            swiftSettings: swiftSettings
         ),
         .testTarget(name: "VaporOAuthTests", dependencies: [
             .target(name: "VaporOAuth"),
             .product(name: "XCTVapor", package: "vapor")
         ])
     ]
 )
+
+var swiftSettings: [SwiftSetting] {[
+    .enableUpcomingFeature("ExistentialAny"),
+    .enableUpcomingFeature("ConciseMagicFile"),
+    .enableUpcomingFeature("ForwardTrailingClosures"),
+    .enableUpcomingFeature("ImportObjcForwardDeclarations"),
+    .enableUpcomingFeature("DisableOutwardActorInference"),
+    .enableExperimentalFeature("StrictConcurrency=complete"),
+]}

Sources/VaporOAuth/DefaultImplementations/DefaultServerMetadataProvider.swift

@@ -4,7 +4,7 @@ import Vapor
 public struct DefaultServerMetadataProvider: ServerMetadataProvider {
     private let issuer: String
     private let validScopes: [String]?
-    private let clientRetriever: ClientRetriever
+    private let clientRetriever: any ClientRetriever
     private let hasCodeManager: Bool
     private let hasDeviceCodeManager: Bool
     private let hasTokenIntrospection: Bool
@@ -24,7 +24,7 @@ public struct DefaultServerMetadataProvider: ServerMetadataProvider {
     init(
         issuer: String,
         validScopes: [String]?,
-        clientRetriever: ClientRetriever,
+        clientRetriever: any ClientRetriever,
         hasCodeManager: Bool,
         hasDeviceCodeManager: Bool,
         hasTokenIntrospection: Bool,
@@ -103,4 +103,4 @@ public struct DefaultServerMetadataProvider: ServerMetadataProvider {
             deviceAuthorizationEndpoint: hasDeviceCodeManager ? "\(baseURL)/oauth/device_authorization" : nil
         )
     }
-}
+}

Sources/VaporOAuth/Helper/OAuthHelper+local.swift

@@ -3,8 +3,8 @@ import Vapor
 extension OAuthHelper {
     public static func local(
         tokenAuthenticator: TokenAuthenticator?,
-        userManager: UserManager?,
-        tokenManager: TokenManager?
+        userManager: (any UserManager)?,
+        tokenManager: (any TokenManager)?
     ) -> Self {
         OAuthHelper(
             assertScopes: { scopes, request in
@@ -38,7 +38,7 @@ extension OAuthHelper {
         )
     }
 
-    private static func getToken(tokenManager: TokenManager?, request: Request) async throws -> AccessToken {
+    private static func getToken(tokenManager: (any TokenManager)?, request: Request) async throws -> any AccessToken {
         guard let tokenManager = tokenManager else {
             throw Abort(.forbidden)
         }

Sources/VaporOAuth/Helper/OAuthHelper+remote.swift

@@ -3,7 +3,7 @@ import Vapor
 extension OAuthHelper {
     public static func remote(
         tokenIntrospectionEndpoint: String,
-        client: Client,
+        client: any Client,
         resourceServerUsername: String,
         resourceServerPassword: String
     ) -> Self {
@@ -80,7 +80,7 @@ extension OAuthHelper {
     private static func setupRemoteTokenResponse(
         request: Request,
         tokenIntrospectionEndpoint: String,
-        client: Client,
+        client: any Client,
         resourceServerUsername: String,
         resourceServerPassword: String,
         remoteTokenResponse: inout RemoteTokenResponse?

Sources/VaporOAuth/Middleware/OAuth2ScopeMiddleware.swift

@@ -7,7 +7,7 @@ public struct OAuth2ScopeMiddleware: AsyncMiddleware {
         self.requiredScopes = requiredScopes
     }
 
-    public func respond(to request: Request, chainingTo next: AsyncResponder) async throws -> Response {
+    public func respond(to request: Request, chainingTo next: any AsyncResponder) async throws -> Response {
         try await request.oAuthHelper.assertScopes(requiredScopes, request)
 
         return try await next.respond(to: request)

Sources/VaporOAuth/Middleware/OAuth2TokenIntrospectionMiddleware.swift

@@ -7,7 +7,7 @@ public struct OAuth2TokenIntrospectionMiddleware: AsyncMiddleware {
         self.requiredScopes = requiredScopes
     }
 
-    public func respond(to request: Request, chainingTo next: AsyncResponder) async throws -> Response {
+    public func respond(to request: Request, chainingTo next: any AsyncResponder) async throws -> Response {
         try await request.oAuthHelper.assertScopes(requiredScopes, request)
 
         return try await next.respond(to: request)

Sources/VaporOAuth/Middleware/TokenIntrospectionAuthenticationMiddleware.swift

@@ -3,7 +3,7 @@ import Vapor
 struct TokenIntrospectionAuthMiddleware: AsyncMiddleware {
     let resourceServerAuthenticator: ResourceServerAuthenticator
 
-    func respond(to request: Request, chainingTo next: AsyncResponder) async throws -> Response {
+    func respond(to request: Request, chainingTo next: any AsyncResponder) async throws -> Response {
         guard let basicAuthorization = request.headers.basicAuthorization else {
             throw Abort(.unauthorized)
         }

Sources/VaporOAuth/OAuth2.swift

@@ -1,30 +1,30 @@
 import Vapor
 
 public struct OAuth2: LifecycleHandler {
-    let codeManager: CodeManager
-    let tokenManager: TokenManager
-    let deviceCodeManager: DeviceCodeManager
-    let clientRetriever: ClientRetriever
-    let authorizeHandler: AuthorizeHandler
-    let userManager: UserManager
+    let codeManager: any CodeManager
+    let tokenManager: any TokenManager
+    let deviceCodeManager: any DeviceCodeManager
+    let clientRetriever: any ClientRetriever
+    let authorizeHandler: any AuthorizeHandler
+    let userManager: any UserManager
     let validScopes: [String]?
-    let resourceServerRetriever: ResourceServerRetriever
+    let resourceServerRetriever: any ResourceServerRetriever
     let oAuthHelper: OAuthHelper
-    let metadataProvider: ServerMetadataProvider
+    let metadataProvider: any ServerMetadataProvider
 
     public init(
         issuer: String,
         jwksEndpoint: String? = nil,
-        codeManager: CodeManager = EmptyCodeManager(),
-        tokenManager: TokenManager,
-        deviceCodeManager: DeviceCodeManager = EmptyDeviceCodeManager(),
-        clientRetriever: ClientRetriever,
-        authorizeHandler: AuthorizeHandler = EmptyAuthorizationHandler(),
-        userManager: UserManager = EmptyUserManager(),
+        codeManager: any CodeManager = EmptyCodeManager(),
+        tokenManager: any TokenManager,
+        deviceCodeManager: any DeviceCodeManager = EmptyDeviceCodeManager(),
+        clientRetriever: any ClientRetriever,
+        authorizeHandler: any AuthorizeHandler = EmptyAuthorizationHandler(),
+        userManager: any UserManager = EmptyUserManager(),
         validScopes: [String]? = nil,
-        resourceServerRetriever: ResourceServerRetriever = EmptyResourceServerRetriever(),
+        resourceServerRetriever: any ResourceServerRetriever = EmptyResourceServerRetriever(),
         oAuthHelper: OAuthHelper,
-        metadataProvider: ServerMetadataProvider? = nil
+        metadataProvider: (any ServerMetadataProvider)? = nil
     ) {
         self.metadataProvider = metadataProvider ?? DefaultServerMetadataProvider(
             issuer: issuer,

Sources/VaporOAuth/Protocols/TokenManager.swift

@@ -1,23 +1,24 @@
 import Vapor
+import JWT
 
 public protocol TokenManager: Sendable {
     func generateAccessRefreshTokens(
         clientID: String,
         userID: String?,
         scopes: [String]?,
         accessTokenExpiryTime: Int
-    ) async throws -> (AccessToken, RefreshToken)
+    ) async throws -> (any AccessToken, any RefreshToken)
 
     func generateAccessToken(
         clientID: String,
         userID: String?,
         scopes: [String]?,
         expiryTime: Int
-    ) async throws -> AccessToken
+    ) async throws -> any AccessToken
 
-    func getRefreshToken(_ refreshToken: String) async throws -> RefreshToken?
-    func getAccessToken(_ accessToken: String) async throws -> AccessToken?
-    func updateRefreshToken(_ refreshToken: RefreshToken, scopes: [String]) async throws
+    func getRefreshToken(_ refreshToken: String) async throws -> (any RefreshToken)?
+    func getAccessToken(_ accessToken: String) async throws -> (any AccessToken)?
+    func updateRefreshToken(_ refreshToken: any RefreshToken, scopes: [String]) async throws
 
     func revokeAccessToken(_ token: String) async throws
     func revokeRefreshToken(_ token: String) async throws

Sources/VaporOAuth/RouteHandlers/AuthorizeGetHandler.swift

@@ -1,7 +1,7 @@
 import Vapor
 
 struct AuthorizeGetHandler: Sendable {
-    let authorizeHandler: AuthorizeHandler
+    let authorizeHandler: any AuthorizeHandler
     let clientValidator: ClientValidator
 
     @Sendable

Sources/VaporOAuth/RouteHandlers/AuthorizePostHandler.swift

@@ -15,8 +15,8 @@ struct AuthorizePostRequest: Sendable {
 
 struct AuthorizePostHandler: Sendable {
 
-    let tokenManager: TokenManager
-    let codeManager: CodeManager
+    let tokenManager: any TokenManager
+    let codeManager: any CodeManager
     let clientValidator: ClientValidator
 
     @Sendable

Sources/VaporOAuth/RouteHandlers/DeviceAuthorizationHandler.swift

@@ -1,7 +1,7 @@
 import Vapor
 
 struct DeviceAuthorizationHandler: Sendable {
-    let deviceCodeManager: DeviceCodeManager
+    let deviceCodeManager: any DeviceCodeManager
     let clientValidator: ClientValidator
     let scopeValidator: ScopeValidator
 

Sources/VaporOAuth/RouteHandlers/MetadataHandler.swift

@@ -2,7 +2,7 @@ import Vapor
 import NIOHTTP1
 
 struct MetadataHandler: Sendable {
-    let metadataProvider: ServerMetadataProvider
+    let metadataProvider: any ServerMetadataProvider
 
     @Sendable
     func handleRequest(request: Request) async throws -> Response {

Sources/VaporOAuth/RouteHandlers/TokenHandler.swift

@@ -10,8 +10,8 @@ struct TokenHandler: Sendable {
     let passwordTokenHandler: PasswordTokenHandler
     var deviceCodeTokenHandler: DeviceCodeTokenHandler
 
-    init(clientValidator: ClientValidator, tokenManager: TokenManager, scopeValidator: ScopeValidator,
-         codeManager: CodeManager, deviceCodeManager: DeviceCodeManager, userManager: UserManager, logger: Logger) {
+    init(clientValidator: ClientValidator, tokenManager: any TokenManager, scopeValidator: ScopeValidator,
+         codeManager: any CodeManager, deviceCodeManager: any DeviceCodeManager, userManager: any UserManager, logger: Logger) {
         tokenResponseGenerator = TokenResponseGenerator()
         refreshTokenHandler = RefreshTokenHandler(scopeValidator: scopeValidator, tokenManager: tokenManager,
                                                   clientValidator: clientValidator, tokenAuthenticator: tokenAuthenticator,

Sources/VaporOAuth/RouteHandlers/TokenHandlers/AuthCodeTokenHandler.swift

@@ -3,8 +3,8 @@ import Vapor
 struct AuthCodeTokenHandler {
 
     let clientValidator: ClientValidator
-    let tokenManager: TokenManager
-    let codeManager: CodeManager
+    let tokenManager: any TokenManager
+    let codeManager: any CodeManager
     let codeValidator = CodeValidator()
     let tokenResponseGenerator: TokenResponseGenerator
 

Sources/VaporOAuth/RouteHandlers/TokenHandlers/ClientCredentialsTokenHandler.swift

@@ -4,7 +4,7 @@ struct ClientCredentialsTokenHandler {
 
     let clientValidator: ClientValidator
     let scopeValidator: ScopeValidator
-    let tokenManager: TokenManager
+    let tokenManager: any TokenManager
     let tokenResponseGenerator: TokenResponseGenerator
 
     func handleClientCredentialsTokenRequest(_ request: Request) async throws -> Response {

Sources/VaporOAuth/RouteHandlers/TokenHandlers/DeviceCodeTokenHandler.swift

@@ -3,8 +3,8 @@ import Vapor
 struct DeviceCodeTokenHandler {
     let clientValidator: ClientValidator
     let scopeValidator: ScopeValidator
-    let deviceCodeManager: DeviceCodeManager
-    let tokenManager: TokenManager
+    let deviceCodeManager: any DeviceCodeManager
+    let tokenManager: any TokenManager
     let tokenResponseGenerator: TokenResponseGenerator
 
     func handleDeviceCodeTokenRequest(_ request: Request) async throws -> Response {

Sources/VaporOAuth/RouteHandlers/TokenHandlers/PasswordTokenHandler.swift

@@ -4,9 +4,9 @@ struct PasswordTokenHandler {
 
     let clientValidator: ClientValidator
     let scopeValidator: ScopeValidator
-    let userManager: UserManager
+    let userManager: any UserManager
     let logger: Logger
-    let tokenManager: TokenManager
+    let tokenManager: any TokenManager
     let tokenResponseGenerator: TokenResponseGenerator
 
     func handlePasswordTokenRequest(_ request: Request) async throws -> Response {

Sources/VaporOAuth/RouteHandlers/TokenHandlers/RefreshTokenHandler.swift

@@ -3,7 +3,7 @@ import Vapor
 struct RefreshTokenHandler: Sendable {
 
     let scopeValidator: ScopeValidator
-    let tokenManager: TokenManager
+    let tokenManager: any TokenManager
     let clientValidator: ClientValidator
     let tokenAuthenticator: TokenAuthenticator
     let tokenResponseGenerator: TokenResponseGenerator
@@ -114,5 +114,5 @@ struct RefreshTokenHandler: Sendable {
 struct RefreshTokenRequest {
     let clientID: String
     let clientSecret: String
-    let refreshToken: RefreshToken
+    let refreshToken: any RefreshToken
 }

Sources/VaporOAuth/RouteHandlers/TokenHandlers/TokenResponseGenerator.swift

@@ -10,7 +10,7 @@ struct TokenResponseGenerator: Sendable {
         return try createResponseForToken(status: status, jsonData: json)
     }
 
-    func createResponse(accessToken: AccessToken, refreshToken: RefreshToken?,
+    func createResponse(accessToken: any AccessToken, refreshToken: (any RefreshToken)?,
                         expires: Int, scope: String?) throws -> Response {
         var jsonDictionary = [
             OAuthResponseParameters.tokenType: "bearer",

Sources/VaporOAuth/RouteHandlers/TokenHandlers/TokenRevocationHandler.swift

@@ -2,7 +2,7 @@ import Vapor
 
 struct TokenRevocationHandler: Sendable {
     let clientValidator: ClientValidator
-    let tokenManager: TokenManager
+    let tokenManager: any TokenManager
 
     @Sendable
     func handleRequest(_ request: Request) async throws -> Response {
@@ -138,4 +138,4 @@ extension TokenRevocationHandler {
             case errorDescription = "error_description"
         }
     }
-}
+}

Sources/VaporOAuth/RouteHandlers/TokenIntrospectionHandler.swift

@@ -2,8 +2,8 @@ import Vapor
 
 struct TokenIntrospectionHandler: Sendable {
     let clientValidator: ClientValidator
-    let tokenManager: TokenManager
-    let userManager: UserManager
+    let tokenManager: any TokenManager
+    let userManager: any UserManager
 
     @Sendable
     func handleRequest(_ req: Request) async throws -> Response {

Sources/VaporOAuth/Utilities/TokenAuthenticator.swift

@@ -2,15 +2,15 @@ public struct TokenAuthenticator: Sendable {
 
     public init() {}
 
-    func validateRefreshToken(_ refreshToken: RefreshToken, clientID: String) -> Bool {
+    func validateRefreshToken(_ refreshToken: any RefreshToken, clientID: String) -> Bool {
         guard refreshToken.clientID  == clientID else {
             return false
         }
 
         return true
     }
 
-    func validateAccessToken(_ accessToken: AccessToken, requiredScopes: [String]?) -> Bool {
+    func validateAccessToken(_ accessToken: any AccessToken, requiredScopes: [String]?) -> Bool {
         guard let scopes = requiredScopes else {
             return true
         }

Sources/VaporOAuth/Validators/ClientValidator.swift

@@ -2,7 +2,7 @@ import Vapor
 
 struct ClientValidator: Sendable {
 
-    let clientRetriever: ClientRetriever
+    let clientRetriever: any ClientRetriever
     let scopeValidator: ScopeValidator
     let environment: Environment
 

Sources/VaporOAuth/Validators/ResourceServerAuthenticator.swift

@@ -2,7 +2,7 @@ import Vapor
 
 struct ResourceServerAuthenticator {
 
-    let resourceServerRetriever: ResourceServerRetriever
+    let resourceServerRetriever: any ResourceServerRetriever
 
     func authenticate(credentials: BasicAuthorization) async throws {
         guard let resourceServer = try await resourceServerRetriever.getServer(credentials.username) else {

Sources/VaporOAuth/Validators/ScopeValidator.swift

@@ -1,6 +1,6 @@
 struct ScopeValidator: Sendable {
     let validScopes: [String]?
-    let clientRetriever: ClientRetriever
+    let clientRetriever: any ClientRetriever
 
     func validateScope(clientID: String, scopes: [String]?) async throws {
         if let requestedScopes = scopes {