@23blocks/block-authentication 6.2.0 → 6.3.1

package/dist/index.esm.js

@@ -2813,6 +2813,255 @@ const tenantUserMapper = {
     };
 }
 
+/**
+ * Create the JWKS service
+ */ function createJwksService(transport) {
+    return {
+        async getJwks () {
+            const response = await transport.get('/.well-known/jwks.json');
+            return {
+                keys: response.keys.map((key)=>({
+                        kty: key.kty,
+                        use: key.use,
+                        key_ops: key.key_ops,
+                        alg: key.alg,
+                        kid: key.kid,
+                        x5u: key.x5u,
+                        x5c: key.x5c,
+                        x5t: key.x5t,
+                        'x5t#S256': key['x5t#S256'],
+                        n: key.n,
+                        e: key.e,
+                        crv: key.crv,
+                        x: key.x,
+                        y: key.y
+                    }))
+            };
+        },
+        async getKey (kid) {
+            const jwks = await this.getJwks();
+            var _jwks_keys_find;
+            return (_jwks_keys_find = jwks.keys.find((key)=>key.kid === kid)) != null ? _jwks_keys_find : null;
+        }
+    };
+}
+/**
+ * Create the Admin RSA Keys service
+ */ function createAdminRsaKeysService(transport) {
+    return {
+        async list () {
+            const response = await transport.get('/admin/rsa_keys');
+            return response.data.map((item)=>({
+                    id: item.id,
+                    kid: item.attributes.kid,
+                    algorithm: item.attributes.algorithm,
+                    createdAt: new Date(item.attributes.created_at),
+                    expiresAt: item.attributes.expires_at ? new Date(item.attributes.expires_at) : undefined,
+                    isActive: item.attributes.is_active,
+                    publicKey: item.attributes.public_key
+                }));
+        },
+        async get (keyId) {
+            const response = await transport.get(`/admin/rsa_keys/${keyId}`);
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async create (request) {
+            const response = await transport.post('/admin/rsa_keys', {
+                rsa_key: {
+                    algorithm: request.algorithm,
+                    expires_at: request.expiresAt
+                }
+            });
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async rotate (request) {
+            const response = await transport.post('/admin/rsa_keys/rotate', {
+                rsa_key: {
+                    algorithm: request.algorithm,
+                    expires_at: request.expiresAt
+                }
+            });
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async deactivate (keyId) {
+            const response = await transport.put(`/admin/rsa_keys/${keyId}/deactivate`, {});
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async delete (keyId) {
+            await transport.delete(`/admin/rsa_keys/${keyId}`);
+        },
+        async getActive () {
+            const keys = await this.list();
+            var _keys_find;
+            return (_keys_find = keys.find((key)=>key.isActive)) != null ? _keys_find : null;
+        }
+    };
+}
+
+/**
+ * Create the OIDC service
+ */ function createOidcService(transport, baseUrl) {
+    return {
+        async getDiscovery () {
+            const response = await transport.get('/.well-known/openid-configuration');
+            return {
+                issuer: response.issuer,
+                authorization_endpoint: response.authorization_endpoint,
+                token_endpoint: response.token_endpoint,
+                userinfo_endpoint: response.userinfo_endpoint,
+                jwks_uri: response.jwks_uri,
+                registration_endpoint: response.registration_endpoint,
+                scopes_supported: response.scopes_supported,
+                response_types_supported: response.response_types_supported,
+                response_modes_supported: response.response_modes_supported,
+                grant_types_supported: response.grant_types_supported,
+                subject_types_supported: response.subject_types_supported,
+                id_token_signing_alg_values_supported: response.id_token_signing_alg_values_supported,
+                claims_supported: response.claims_supported,
+                token_endpoint_auth_methods_supported: response.token_endpoint_auth_methods_supported
+            };
+        },
+        buildAuthorizeUrl (request) {
+            const params = new URLSearchParams();
+            params.set('response_type', request.responseType);
+            params.set('client_id', request.clientId);
+            params.set('redirect_uri', request.redirectUri);
+            params.set('scope', request.scope);
+            if (request.state) params.set('state', request.state);
+            if (request.nonce) params.set('nonce', request.nonce);
+            if (request.codeChallenge) params.set('code_challenge', request.codeChallenge);
+            if (request.codeChallengeMethod) params.set('code_challenge_method', request.codeChallengeMethod);
+            if (request.prompt) params.set('prompt', request.prompt);
+            if (request.maxAge !== undefined) params.set('max_age', String(request.maxAge));
+            if (request.uiLocales) params.set('ui_locales', request.uiLocales);
+            if (request.loginHint) params.set('login_hint', request.loginHint);
+            if (request.acrValues) params.set('acr_values', request.acrValues);
+            const base = '';
+            return `${base}/oauth/authorize?${params.toString()}`;
+        },
+        async exchangeCode (request) {
+            const body = {
+                grant_type: request.grantType,
+                client_id: request.clientId
+            };
+            if (request.code) body.code = request.code;
+            if (request.redirectUri) body.redirect_uri = request.redirectUri;
+            if (request.clientSecret) body.client_secret = request.clientSecret;
+            if (request.refreshToken) body.refresh_token = request.refreshToken;
+            if (request.codeVerifier) body.code_verifier = request.codeVerifier;
+            if (request.scope) body.scope = request.scope;
+            const response = await transport.post('/oauth/token', body);
+            return {
+                access_token: response.access_token,
+                token_type: response.token_type,
+                expires_in: response.expires_in,
+                refresh_token: response.refresh_token,
+                id_token: response.id_token,
+                scope: response.scope
+            };
+        },
+        async refreshToken (refreshToken, clientId) {
+            return this.exchangeCode({
+                grantType: 'refresh_token',
+                refreshToken,
+                clientId
+            });
+        },
+        async getUserInfo (accessToken) {
+            const response = await transport.get('/oauth/userinfo');
+            return {
+                sub: response.sub,
+                name: response.name,
+                given_name: response.given_name,
+                family_name: response.family_name,
+                middle_name: response.middle_name,
+                nickname: response.nickname,
+                preferred_username: response.preferred_username,
+                profile: response.profile,
+                picture: response.picture,
+                website: response.website,
+                email: response.email,
+                email_verified: response.email_verified,
+                gender: response.gender,
+                birthdate: response.birthdate,
+                zoneinfo: response.zoneinfo,
+                locale: response.locale,
+                phone_number: response.phone_number,
+                phone_number_verified: response.phone_number_verified,
+                address: response.address,
+                updated_at: response.updated_at
+            };
+        },
+        async introspect (token) {
+            const response = await transport.post('/oauth/introspect', {
+                token
+            });
+            return {
+                active: response.active,
+                scope: response.scope,
+                clientId: response.client_id,
+                username: response.username,
+                tokenType: response.token_type,
+                exp: response.exp,
+                iat: response.iat,
+                nbf: response.nbf,
+                sub: response.sub,
+                aud: response.aud,
+                iss: response.iss,
+                jti: response.jti
+            };
+        },
+        async revoke (token, tokenTypeHint) {
+            const body = {
+                token
+            };
+            if (tokenTypeHint) body.token_type_hint = tokenTypeHint;
+            await transport.post('/oauth/revoke', body);
+        },
+        endSession (idToken, postLogoutRedirectUri, state) {
+            const params = new URLSearchParams();
+            if (idToken) params.set('id_token_hint', idToken);
+            if (postLogoutRedirectUri) params.set('post_logout_redirect_uri', postLogoutRedirectUri);
+            if (state) params.set('state', state);
+            const base = '';
+            const query = params.toString();
+            return query ? `${base}/oauth/logout?${query}` : `${base}/oauth/logout`;
+        }
+    };
+}
+
 /**
  * Create the Authentication block
  *
@@ -2870,7 +3119,10 @@ const tenantUserMapper = {
         refreshTokens: createRefreshTokensService(transport),
         userDevices: createUserDevicesService(transport),
         tenantUsers: createTenantUsersService(transport),
-        mailTemplates: createMailTemplatesService(transport)
+        mailTemplates: createMailTemplatesService(transport),
+        jwks: createJwksService(transport),
+        adminRsaKeys: createAdminRsaKeysService(transport),
+        oidc: createOidcService(transport)
     };
 }
 /**
@@ -2907,7 +3159,9 @@ const tenantUserMapper = {
         'RefreshToken',
         'UserDevice',
         'TenantUser',
-        'MailTemplate'
+        'MailTemplate',
+        'RsaKey',
+        'JsonWebKey'
     ]
 };
 

package/dist/src/index.d.ts

@@ -1,5 +1,5 @@
 export { createAuthenticationBlock, type AuthenticationBlock, type AuthenticationBlockConfig, authenticationBlockMetadata, } from './lib/authentication.block.js';
-export { type User, type Role, type Permission, type UserAvatar, type UserProfile, type Company, type CompanyDetail, type CompanyBlock, type CompanyKey, type Tenant, type SignInRequest, type SignInResponse, type SignUpRequest, type SignUpResponse, type PasswordResetRequest, type PasswordUpdateRequest, type TokenValidationResponse, type RefreshTokenRequest, type RefreshTokenResponse, type OAuthSignInRequest, type MagicLinkRequest, type MagicLinkVerifyRequest, type MfaSetupResponse, type MfaVerifyRequest, type InvitationRequest, type AcceptInvitationRequest, type ResendConfirmationRequest, type ValidateEmailRequest, type ValidateEmailResponse, type ValidateDocumentRequest, type ValidateDocumentResponse, type AuthHeaders, type ApiKey, type ApiKeyWithSecret, type CreateApiKeyRequest, type UpdateApiKeyRequest, type RevokeApiKeyRequest, type MfaSetupResponseFull, type MfaEnableRequest, type MfaDisableRequest, type MfaVerifyRequestFull, type MfaStatusResponse, type MfaVerificationResponse, type MfaOperationResponse, type OAuthSocialLoginRequest, type TenantLoginRequest, type TokenIntrospectionResponse, type TokenRevokeRequest, type TokenRevokeAllRequest, type TokenRevokeResponse, type TenantContextCreateRequest, type TenantInfo, type TenantContextResponse, type TenantContextRevokeRequest, type TenantContextAuditEntry, type UserProfileFull, type ProfileRequest, type UpdateEmailRequest, type UserDeviceFull, type AddDeviceRequest, type UserSearchRequest, type AddUserSubscriptionRequest, type AccountRecoveryRequest, type AccountRecoveryResponse, type CompleteRecoveryRequest, type UserAvatarFull, type CreateAvatarRequest, type AvatarPresignResponse, type MultipartPresignRequest, type MultipartPresignResponse, type MultipartCompleteRequest, type MultipartCompleteResponse, type TenantUserFull, type CreateTenantUserRequest, type ValidateTenantCodeRequest, type ValidateTenantCodeResponse, type SearchTenantRequest, type UpdateTenantUserOnboardingRequest, type UpdateTenantUserSalesRequest, type ResendInvitationRequest, } from './lib/types/index.js';
-export { type AuthService, type UsersService, type RolesService, type ApiKeysService, type UpdateUserRequest, type UpdateProfileRequest, type CreateRoleRequest, type UpdateRoleRequest, type ApiKeyUsageStats, type MfaService, type OAuthService, type AvatarsService, type TenantsService, } from './lib/services/index.js';
+export { type User, type Role, type Permission, type UserAvatar, type UserProfile, type Company, type CompanyDetail, type CompanyBlock, type CompanyKey, type Tenant, type SignInRequest, type SignInResponse, type SignUpRequest, type SignUpResponse, type PasswordResetRequest, type PasswordUpdateRequest, type TokenValidationResponse, type RefreshTokenRequest, type RefreshTokenResponse, type OAuthSignInRequest, type MagicLinkRequest, type MagicLinkVerifyRequest, type MfaSetupResponse, type MfaVerifyRequest, type InvitationRequest, type AcceptInvitationRequest, type ResendConfirmationRequest, type ValidateEmailRequest, type ValidateEmailResponse, type ValidateDocumentRequest, type ValidateDocumentResponse, type AuthHeaders, type ApiKey, type ApiKeyWithSecret, type CreateApiKeyRequest, type UpdateApiKeyRequest, type RevokeApiKeyRequest, type MfaSetupResponseFull, type MfaEnableRequest, type MfaDisableRequest, type MfaVerifyRequestFull, type MfaStatusResponse, type MfaVerificationResponse, type MfaOperationResponse, type OAuthSocialLoginRequest, type TenantLoginRequest, type TokenIntrospectionResponse, type TokenRevokeRequest, type TokenRevokeAllRequest, type TokenRevokeResponse, type TenantContextCreateRequest, type TenantInfo, type TenantContextResponse, type TenantContextRevokeRequest, type TenantContextAuditEntry, type UserProfileFull, type ProfileRequest, type UpdateEmailRequest, type UserDeviceFull, type AddDeviceRequest, type UserSearchRequest, type AddUserSubscriptionRequest, type AccountRecoveryRequest, type AccountRecoveryResponse, type CompleteRecoveryRequest, type UserAvatarFull, type CreateAvatarRequest, type AvatarPresignResponse, type MultipartPresignRequest, type MultipartPresignResponse, type MultipartCompleteRequest, type MultipartCompleteResponse, type TenantUserFull, type CreateTenantUserRequest, type ValidateTenantCodeRequest, type ValidateTenantCodeResponse, type SearchTenantRequest, type UpdateTenantUserOnboardingRequest, type UpdateTenantUserSalesRequest, type ResendInvitationRequest, type App, type Block, type Service, type CreateAppRequest, type UpdateAppRequest, type SubscriptionModel, type UserSubscription, type CompanySubscription, type Country, type State, type County, type City, type Currency, type Guest, type MagicLink, type RefreshToken, type UserDevice, type TenantUser, type MailTemplate, type CreateMagicLinkRequest, type RegisterDeviceRequest, type JsonWebKey, type JwksResponse, type RsaKey, type CreateRsaKeyRequest, type RotateRsaKeyRequest, type OidcDiscovery, type OidcAuthorizeRequest, type OidcTokenRequest, type OidcTokenResponse, type OidcUserInfo, } from './lib/types/index.js';
+export { type AuthService, type UsersService, type RolesService, type ApiKeysService, type UpdateUserRequest, type UpdateProfileRequest, type CreateRoleRequest, type UpdateRoleRequest, type ApiKeyUsageStats, type MfaService, type OAuthService, type AvatarsService, type TenantsService, type PermissionsService, type CreatePermissionRequest, type UpdatePermissionRequest, type AppsService, type BlocksService, type ServicesRegistryService, type SubscriptionModelsService, type UserSubscriptionsService, type CompanySubscriptionsService, type SubscribeRequest, type CountriesService, type StatesService, type CountiesService, type CitiesService, type CurrenciesService, type GuestsService, type MagicLinksService, type RefreshTokensService, type UserDevicesService, type TenantUsersService, type MailTemplatesService, type JwksService, type AdminRsaKeysService, type OidcService, } from './lib/services/index.js';
 export { userMapper, roleMapper, permissionMapper, userAvatarMapper, userProfileMapper, companyMapper, companyDetailMapper, companyBlockMapper, companyKeyMapper, tenantMapper, apiKeyMapper, apiKeyWithSecretMapper, } from './lib/mappers/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,yBAAyB,EACzB,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,EAC9B,2BAA2B,GAC5B,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EAEL,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAGhB,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,MAAM,EAGX,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,WAAW,EAGhB,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EAGxB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EAGzB,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,EAG5B,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAG9B,KAAK,cAAc,EACnB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EACjC,KAAK,uBAAuB,GAC7B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,cAAc,GACpB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,sBAAsB,GACvB,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,yBAAyB,EACzB,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,EAC9B,2BAA2B,GAC5B,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EAEL,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAGhB,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,MAAM,EAGX,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,WAAW,EAGhB,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EAGxB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EAGzB,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,EAG5B,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAG9B,KAAK,cAAc,EACnB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EACjC,KAAK,uBAAuB,EAG5B,KAAK,GAAG,EACR,KAAK,KAAK,EACV,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EAGrB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EAGxB,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,MAAM,EACX,KAAK,IAAI,EACT,KAAK,QAAQ,EAGb,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,KAAK,qBAAqB,EAG1B,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,MAAM,EACX,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EAGxB,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,YAAY,GAClB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,cAAc,EAEnB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAE5B,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAE5B,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EAChC,KAAK,gBAAgB,EAErB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EAEtB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EAEzB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,KAAK,WAAW,GACjB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,sBAAsB,GACvB,MAAM,wBAAwB,CAAC"}

package/dist/src/lib/authentication.block.d.ts

@@ -12,6 +12,8 @@ import { type MfaService } from './services/mfa.service.js';
 import { type OAuthService } from './services/oauth.service.js';
 import { type AvatarsService } from './services/avatars.service.js';
 import { type TenantsService } from './services/tenants.service.js';
+import { type JwksService, type AdminRsaKeysService } from './services/jwks.service.js';
+import { type OidcService } from './services/oidc.service.js';
 /**
  * Configuration for the Authentication block
  */
@@ -129,6 +131,18 @@ export interface AuthenticationBlock {
      * Mail template management
      */
     mailTemplates: MailTemplatesService;
+    /**
+     * JWKS (JSON Web Key Set) operations
+     */
+    jwks: JwksService;
+    /**
+     * Admin RSA key management
+     */
+    adminRsaKeys: AdminRsaKeysService;
+    /**
+     * OpenID Connect operations
+     */
+    oidc: OidcService;
 }
 /**
  * Create the Authentication block

package/dist/src/lib/authentication.block.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authentication.block.d.ts","sourceRoot":"","sources":["../../../src/lib/authentication.block.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACjF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA4B,KAAK,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACtG,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC3F,OAAO,EAIL,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAIL,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EACjC,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAML,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAOL,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EAC1B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAE1F;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,WAAW;IAC5D,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,GAAG,EAAE,UAAU,CAAC;IAEhB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,uBAAuB,CAAC;IAElC;;OAEG;IACH,kBAAkB,EAAE,yBAAyB,CAAC;IAE9C;;OAEG;IACH,iBAAiB,EAAE,wBAAwB,CAAC;IAE5C;;OAEG;IACH,oBAAoB,EAAE,2BAA2B,CAAC;IAElD;;OAEG;IACH,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,eAAe,CAAC;IAE1B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;CACrC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,yBAAyB,GAChC,mBAAmB,CA6BrB;AAED;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;CAYvC,CAAC"}
+{"version":3,"file":"authentication.block.d.ts","sourceRoot":"","sources":["../../../src/lib/authentication.block.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACjF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA4B,KAAK,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACtG,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC3F,OAAO,EAIL,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAIL,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EACjC,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAML,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAOL,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EAC1B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,WAAW;IAC5D,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,GAAG,EAAE,UAAU,CAAC;IAEhB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,uBAAuB,CAAC;IAElC;;OAEG;IACH,kBAAkB,EAAE,yBAAyB,CAAC;IAE9C;;OAEG;IACH,iBAAiB,EAAE,wBAAwB,CAAC;IAE5C;;OAEG;IACH,oBAAoB,EAAE,2BAA2B,CAAC;IAElD;;OAEG;IACH,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,eAAe,CAAC;IAE1B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;IAEpC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,YAAY,EAAE,mBAAmB,CAAC;IAElC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,yBAAyB,GAChC,mBAAmB,CAgCrB;AAED;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;CAavC,CAAC"}

package/dist/src/lib/services/index.d.ts

@@ -11,4 +11,6 @@ export { createMfaService, type MfaService } from './mfa.service.js';
 export { createOAuthService, type OAuthService } from './oauth.service.js';
 export { createAvatarsService, type AvatarsService } from './avatars.service.js';
 export { createTenantsService, type TenantsService } from './tenants.service.js';
+export { createJwksService, createAdminRsaKeysService, type JwksService, type AdminRsaKeysService, } from './jwks.service.js';
+export { createOidcService, type OidcService } from './oidc.service.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/lib/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9H,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC3H,OAAO,EAAE,wBAAwB,EAAE,KAAK,kBAAkB,EAAE,KAAK,uBAAuB,EAAE,KAAK,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACzJ,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzG,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,GAC7B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,EAC9B,iCAAiC,EACjC,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EAChC,KAAK,gBAAgB,GACtB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGjF,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9H,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC3H,OAAO,EAAE,wBAAwB,EAAE,KAAK,kBAAkB,EAAE,KAAK,uBAAuB,EAAE,KAAK,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACzJ,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzG,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,GAC7B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,EAC9B,iCAAiC,EACjC,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EAChC,KAAK,gBAAgB,GACtB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGjF,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGjF,OAAO,EACL,iBAAiB,EACjB,yBAAyB,EACzB,KAAK,WAAW,EAChB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/src/lib/services/jwks.service.d.ts

@@ -0,0 +1,58 @@
+import type { Transport } from '@23blocks/contracts';
+import type { JsonWebKey, JwksResponse, RsaKey, CreateRsaKeyRequest, RotateRsaKeyRequest } from '../types/jwks.js';
+/**
+ * JWKS Service Interface - JSON Web Key Set operations
+ */
+export interface JwksService {
+    /**
+     * Get the public JWKS (JSON Web Key Set)
+     * Typically accessed at /.well-known/jwks.json
+     */
+    getJwks(): Promise<JwksResponse>;
+    /**
+     * Get a specific JSON Web Key by key ID
+     */
+    getKey(kid: string): Promise<JsonWebKey | null>;
+}
+/**
+ * Admin RSA Keys Service Interface - Key management for administrators
+ */
+export interface AdminRsaKeysService {
+    /**
+     * List all RSA keys
+     */
+    list(): Promise<RsaKey[]>;
+    /**
+     * Get a specific RSA key by ID
+     */
+    get(keyId: string): Promise<RsaKey>;
+    /**
+     * Create a new RSA key
+     */
+    create(request: CreateRsaKeyRequest): Promise<RsaKey>;
+    /**
+     * Rotate RSA keys (create new key and deactivate old ones)
+     */
+    rotate(request: RotateRsaKeyRequest): Promise<RsaKey>;
+    /**
+     * Deactivate an RSA key
+     */
+    deactivate(keyId: string): Promise<RsaKey>;
+    /**
+     * Delete an RSA key
+     */
+    delete(keyId: string): Promise<void>;
+    /**
+     * Get the currently active RSA key
+     */
+    getActive(): Promise<RsaKey | null>;
+}
+/**
+ * Create the JWKS service
+ */
+export declare function createJwksService(transport: Transport): JwksService;
+/**
+ * Create the Admin RSA Keys service
+ */
+export declare function createAdminRsaKeysService(transport: Transport): AdminRsaKeysService;
+//# sourceMappingURL=jwks.service.d.ts.map

package/dist/src/lib/services/jwks.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwks.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/jwks.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,KAAK,EACV,UAAU,EACV,YAAY,EACZ,MAAM,EACN,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,kBAAkB,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,OAAO,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IAEjC;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACjD;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE1B;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEpC;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEtD;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEtD;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE3C;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErC;;OAEG;IACH,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,SAAS,GAAG,WAAW,CA+CnE;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,SAAS,GAAG,mBAAmB,CAoKnF"}

package/dist/src/lib/services/oidc.service.d.ts

@@ -0,0 +1,58 @@
+import type { Transport } from '@23blocks/contracts';
+import type { OidcDiscovery, OidcAuthorizeRequest, OidcTokenRequest, OidcTokenResponse, OidcUserInfo } from '../types/oidc.js';
+/**
+ * OIDC Service Interface - OpenID Connect operations
+ */
+export interface OidcService {
+    /**
+     * Get the OpenID Connect discovery document
+     * Typically accessed at /.well-known/openid-configuration
+     */
+    getDiscovery(): Promise<OidcDiscovery>;
+    /**
+     * Build the authorization URL for redirect-based authentication
+     */
+    buildAuthorizeUrl(request: OidcAuthorizeRequest): string;
+    /**
+     * Exchange authorization code for tokens
+     */
+    exchangeCode(request: OidcTokenRequest): Promise<OidcTokenResponse>;
+    /**
+     * Refresh an access token using a refresh token
+     */
+    refreshToken(refreshToken: string, clientId: string): Promise<OidcTokenResponse>;
+    /**
+     * Get user info from the userinfo endpoint
+     */
+    getUserInfo(accessToken?: string): Promise<OidcUserInfo>;
+    /**
+     * Introspect a token (check if valid and get claims)
+     */
+    introspect(token: string): Promise<{
+        active: boolean;
+        scope?: string;
+        clientId?: string;
+        username?: string;
+        tokenType?: string;
+        exp?: number;
+        iat?: number;
+        nbf?: number;
+        sub?: string;
+        aud?: string | string[];
+        iss?: string;
+        jti?: string;
+    }>;
+    /**
+     * Revoke a token
+     */
+    revoke(token: string, tokenTypeHint?: 'access_token' | 'refresh_token'): Promise<void>;
+    /**
+     * End the session (logout)
+     */
+    endSession(idToken?: string, postLogoutRedirectUri?: string, state?: string): string;
+}
+/**
+ * Create the OIDC service
+ */
+export declare function createOidcService(transport: Transport, baseUrl?: string): OidcService;
+//# sourceMappingURL=oidc.service.d.ts.map

package/dist/src/lib/services/oidc.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/oidc.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,KAAK,EACV,aAAa,EACb,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACb,MAAM,kBAAkB,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IAEvC;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,oBAAoB,GAAG,MAAM,CAAC;IAEzD;;OAEG;IACH,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEpE;;OAEG;IACH,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEjF;;OAEG;IACH,WAAW,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzD;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QACjC,MAAM,EAAE,OAAO,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACxB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,cAAc,GAAG,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvF;;OAEG;IACH,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,qBAAqB,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACtF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,WAAW,CA6NrF"}

package/dist/src/lib/types/index.d.ts

@@ -10,4 +10,6 @@ export { type MfaSetupResponse as MfaSetupResponseFull, type MfaEnableRequest, t
 export { type OAuthSocialLoginRequest, type TenantLoginRequest, type TokenIntrospectionResponse, type TokenRevokeRequest, type TokenRevokeAllRequest, type TokenRevokeResponse, type TenantContextCreateRequest, type TenantInfo, type TenantContextResponse, type TenantContextRevokeRequest, type TenantContextAuditEntry, } from './oauth.js';
 export { type UserProfile as UserProfileFull, type ProfileRequest, type UpdateEmailRequest, type UserDevice as UserDeviceFull, type AddDeviceRequest, type UserSearchRequest, type AddUserSubscriptionRequest, type AccountRecoveryRequest, type AccountRecoveryResponse, type CompleteRecoveryRequest, type UserAvatar as UserAvatarFull, type CreateAvatarRequest, type AvatarPresignResponse, type MultipartPresignRequest, type MultipartPresignResponse, type MultipartCompleteRequest, type MultipartCompleteResponse, } from './user-extended.js';
 export { type TenantUser as TenantUserFull, type CreateTenantUserRequest, type ValidateTenantCodeRequest, type ValidateTenantCodeResponse, type SearchTenantRequest, type UpdateTenantUserOnboardingRequest, type UpdateTenantUserSalesRequest, type ResendInvitationRequest, } from './tenant.js';
+export { type JsonWebKey, type JwksResponse, type RsaKey, type CreateRsaKeyRequest, type RotateRsaKeyRequest, } from './jwks.js';
+export { type OidcDiscovery, type OidcAuthorizeRequest, type OidcTokenRequest, type OidcTokenResponse, type OidcUserInfo, } from './oidc.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/lib/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,MAAM,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,GAAG,EACR,KAAK,KAAK,EACV,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,MAAM,EACX,KAAK,IAAI,EACT,KAAK,QAAQ,GACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,KAAK,qBAAqB,GAC3B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,GAC7B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,WAAW,IAAI,eAAe,EACnC,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EACjC,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,MAAM,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,GAAG,EACR,KAAK,KAAK,EACV,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,MAAM,EACX,KAAK,IAAI,EACT,KAAK,QAAQ,GACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,KAAK,qBAAqB,GAC3B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,GAC7B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,WAAW,IAAI,eAAe,EACnC,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EACjC,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,MAAM,EACX,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,YAAY,GAClB,MAAM,WAAW,CAAC"}

package/dist/src/lib/types/jwks.d.ts

@@ -0,0 +1,46 @@
+/**
+ * JSON Web Key (JWK) representation
+ */
+export interface JsonWebKey {
+    kty: string;
+    use?: string;
+    key_ops?: string[];
+    alg?: string;
+    kid?: string;
+    x5u?: string;
+    x5c?: string[];
+    x5t?: string;
+    'x5t#S256'?: string;
+    n?: string;
+    e?: string;
+    crv?: string;
+    x?: string;
+    y?: string;
+}
+/**
+ * JSON Web Key Set (JWKS) response
+ */
+export interface JwksResponse {
+    keys: JsonWebKey[];
+}
+/**
+ * RSA Key for admin management
+ */
+export interface RsaKey {
+    id: string;
+    kid: string;
+    algorithm: string;
+    createdAt: Date;
+    expiresAt?: Date;
+    isActive: boolean;
+    publicKey: string;
+}
+export interface CreateRsaKeyRequest {
+    algorithm?: string;
+    expiresAt?: string;
+}
+export interface RotateRsaKeyRequest {
+    algorithm?: string;
+    expiresAt?: string;
+}
+//# sourceMappingURL=jwks.d.ts.map

package/dist/src/lib/types/jwks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwks.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/jwks.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IAEX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,UAAU,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}

package/dist/src/lib/types/oidc.d.ts

@@ -0,0 +1,94 @@
+/**
+ * OpenID Connect Discovery document
+ */
+export interface OidcDiscovery {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    userinfo_endpoint: string;
+    jwks_uri: string;
+    registration_endpoint?: string;
+    scopes_supported: string[];
+    response_types_supported: string[];
+    response_modes_supported?: string[];
+    grant_types_supported?: string[];
+    subject_types_supported: string[];
+    id_token_signing_alg_values_supported: string[];
+    claims_supported?: string[];
+    token_endpoint_auth_methods_supported?: string[];
+}
+/**
+ * OIDC Authorization request parameters
+ */
+export interface OidcAuthorizeRequest {
+    responseType: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state?: string;
+    nonce?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: string;
+    prompt?: 'none' | 'login' | 'consent' | 'select_account';
+    maxAge?: number;
+    uiLocales?: string;
+    loginHint?: string;
+    acrValues?: string;
+}
+/**
+ * OIDC Token request
+ */
+export interface OidcTokenRequest {
+    grantType: 'authorization_code' | 'refresh_token' | 'client_credentials';
+    code?: string;
+    redirectUri?: string;
+    clientId: string;
+    clientSecret?: string;
+    refreshToken?: string;
+    codeVerifier?: string;
+    scope?: string;
+}
+/**
+ * OIDC Token response
+ */
+export interface OidcTokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token?: string;
+    id_token?: string;
+    scope?: string;
+}
+/**
+ * OIDC UserInfo response
+ */
+export interface OidcUserInfo {
+    sub: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    middle_name?: string;
+    nickname?: string;
+    preferred_username?: string;
+    profile?: string;
+    picture?: string;
+    website?: string;
+    email?: string;
+    email_verified?: boolean;
+    gender?: string;
+    birthdate?: string;
+    zoneinfo?: string;
+    locale?: string;
+    phone_number?: string;
+    phone_number_verified?: boolean;
+    address?: {
+        formatted?: string;
+        street_address?: string;
+        locality?: string;
+        region?: string;
+        postal_code?: string;
+        country?: string;
+    };
+    updated_at?: number;
+}
+//# sourceMappingURL=oidc.d.ts.map

package/dist/src/lib/types/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/oidc.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;CAClD;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,gBAAgB,CAAC;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,oBAAoB,GAAG,eAAe,GAAG,oBAAoB,CAAC;IACzE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@23blocks/block-authentication",
-  "version": "6.2.0",
+  "version": "6.3.1",
   "description": "Authentication block for 23blocks SDK - users, roles, API keys, subscriptions",
   "license": "MIT",
   "author": "23blocks <hello@23blocks.com>",