@atcute/oauth-types 0.1.0 → 1.0.0

package/README.md

@@ -33,16 +33,17 @@ import {
 	oauthTokenResponseSchema,
 	atprotoAuthorizationServerMetadataSchema,
 } from '@atcute/oauth-types';
+import * as v from 'valibot';
 
 // validate client metadata
-const result = confidentialClientMetadataSchema.try(input);
-if (result.ok) {
-	console.log(result.value);
+const result = v.safeParse(confidentialClientMetadataSchema, input);
+if (result.success) {
+	console.log(result.output);
 }
 
 // validate token response
-const tokenResult = oauthTokenResponseSchema.try(response);
+const tokenResult = v.safeParse(oauthTokenResponseSchema, response);
 
 // validate authorization server metadata
-const asResult = atprotoAuthorizationServerMetadataSchema.try(metadata);
+const asResult = v.safeParse(atprotoAuthorizationServerMetadataSchema, metadata);
 ```

package/dist/build-client-metadata.d.ts

@@ -1,168 +1,26 @@
 import type { Keyset } from '@atcute/oauth-keyset';
+import { type ConfidentialClientMetadata } from './schemas/atcute-confidential-client-metadata.ts';
+import { type PublicClientMetadata } from './schemas/atcute-public-client-metadata.ts';
+import type { OAuthClientMetadata } from './schemas/oauth-client-metadata.ts';
 /**
- * builds an atproto client metadata
- *
+ * builds an atproto client metadata for a confidential client.
  *
  * @param input client metadata
  * @param keyset available keys
  * @returns built client metadata
  */
-export declare const buildClientMetadata: (input: {
-    client_id: string;
-    redirect_uris: string[];
-    scope: string | string[];
-    client_uri?: string | undefined;
-    client_name?: string | undefined;
-    policy_uri?: string | undefined;
-    tos_uri?: string | undefined;
-    logo_uri?: string | undefined;
-    jwks_uri?: string | undefined;
-}, keyset: Keyset) => {
-    redirect_uris: string[];
-    response_types?: ("code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token")[] | undefined;
-    grant_types?: ("authorization_code" | "client_credentials" | "implicit" | "password" | "refresh_token" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[] | undefined;
-    scope?: string | undefined;
-    token_endpoint_auth_method?: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth" | undefined;
-    token_endpoint_auth_signing_alg?: string | undefined;
-    userinfo_signed_response_alg?: string | undefined;
-    userinfo_encrypted_response_alg?: string | undefined;
-    jwks_uri?: string | undefined;
-    jwks?: {
-        keys: ({
-            kid?: string | undefined;
-            use?: "enc" | "sig" | undefined;
-            key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
-            x5c?: string[] | undefined;
-            x5t?: string | undefined;
-            'x5t#S256'?: string | undefined;
-            x5u?: string | undefined;
-            ext?: boolean | undefined;
-            iat?: number | undefined;
-            exp?: number | undefined;
-            nbf?: number | undefined;
-            revoked?: {
-                revoked_at: number;
-                reason?: string | undefined;
-            } | undefined;
-            kty: "RSA";
-            alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
-            n: string;
-            e: string;
-            d?: string | undefined;
-            p?: string | undefined;
-            q?: string | undefined;
-            dp?: string | undefined;
-            dq?: string | undefined;
-            qi?: string | undefined;
-            oth?: {
-                r?: string | undefined;
-                d?: string | undefined;
-                t?: string | undefined;
-            }[] | undefined;
-        } | {
-            kid?: string | undefined;
-            use?: "enc" | "sig" | undefined;
-            key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
-            x5c?: string[] | undefined;
-            x5t?: string | undefined;
-            'x5t#S256'?: string | undefined;
-            x5u?: string | undefined;
-            ext?: boolean | undefined;
-            iat?: number | undefined;
-            exp?: number | undefined;
-            nbf?: number | undefined;
-            revoked?: {
-                revoked_at: number;
-                reason?: string | undefined;
-            } | undefined;
-            kty: "EC";
-            alg?: "ES256" | "ES384" | "ES512" | undefined;
-            crv: "P-256" | "P-384" | "P-521";
-            x: string;
-            y: string;
-            d?: string | undefined;
-        } | {
-            kid?: string | undefined;
-            use?: "enc" | "sig" | undefined;
-            key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
-            x5c?: string[] | undefined;
-            x5t?: string | undefined;
-            'x5t#S256'?: string | undefined;
-            x5u?: string | undefined;
-            ext?: boolean | undefined;
-            iat?: number | undefined;
-            exp?: number | undefined;
-            nbf?: number | undefined;
-            revoked?: {
-                revoked_at: number;
-                reason?: string | undefined;
-            } | undefined;
-            kty: "EC";
-            alg?: "ES256K" | undefined;
-            crv: "secp256k1";
-            x: string;
-            y: string;
-            d?: string | undefined;
-        } | {
-            kid?: string | undefined;
-            use?: "enc" | "sig" | undefined;
-            key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
-            x5c?: string[] | undefined;
-            x5t?: string | undefined;
-            'x5t#S256'?: string | undefined;
-            x5u?: string | undefined;
-            ext?: boolean | undefined;
-            iat?: number | undefined;
-            exp?: number | undefined;
-            nbf?: number | undefined;
-            revoked?: {
-                revoked_at: number;
-                reason?: string | undefined;
-            } | undefined;
-            kty: "OKP";
-            alg?: "EdDSA" | undefined;
-            crv: "Ed25519" | "Ed448";
-            x: string;
-            d?: string | undefined;
-        } | {
-            kid?: string | undefined;
-            use?: "enc" | "sig" | undefined;
-            key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
-            x5c?: string[] | undefined;
-            x5t?: string | undefined;
-            'x5t#S256'?: string | undefined;
-            x5u?: string | undefined;
-            ext?: boolean | undefined;
-            iat?: number | undefined;
-            exp?: number | undefined;
-            nbf?: number | undefined;
-            revoked?: {
-                revoked_at: number;
-                reason?: string | undefined;
-            } | undefined;
-            kty: "oct";
-            alg?: "HS256" | "HS384" | "HS512" | undefined;
-            k: string;
-        })[];
-    } | undefined;
-    application_type?: "native" | "web" | undefined;
-    subject_type?: "pairwise" | "public" | undefined;
-    request_object_signing_alg?: string | undefined;
-    id_token_signed_response_alg?: string | undefined;
-    authorization_signed_response_alg?: string | undefined;
-    authorization_encrypted_response_enc?: "A128CBC-HS256" | undefined;
-    authorization_encrypted_response_alg?: string | undefined;
-    client_id?: string | undefined;
-    client_name?: string | undefined;
-    client_uri?: string | undefined;
-    policy_uri?: string | undefined;
-    tos_uri?: string | undefined;
-    logo_uri?: string | undefined;
-    default_max_age?: number | undefined;
-    require_auth_time?: boolean | undefined;
-    contacts?: string[] | undefined;
-    tls_client_certificate_bound_access_tokens?: boolean | undefined;
-    dpop_bound_access_tokens?: boolean | undefined;
-    authorization_details_types?: string[] | undefined;
-};
+export declare const buildClientMetadata: (input: ConfidentialClientMetadata, keyset: Keyset) => OAuthClientMetadata;
+/**
+ * builds an atproto client metadata for a public client.
+ *
+ * public clients use `token_endpoint_auth_method: 'none'` and don't require a keyset.
+ * per AT Protocol spec, they have shorter token lifetimes and cannot use silent sign-in.
+ *
+ * - if `client_id` is omitted: loopback client (client_id built from redirect_uris/scope)
+ * - if `client_id` is provided: discoverable public client
+ *
+ * @param input public client metadata
+ * @returns built client metadata
+ */
+export declare const buildPublicClientMetadata: (input: PublicClientMetadata) => OAuthClientMetadata;
 //# sourceMappingURL=build-client-metadata.d.ts.map

package/dist/build-client-metadata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-client-metadata.d.ts","sourceRoot":"","sources":["../lib/build-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AASnD;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsD/B,CAAC"}
+{"version":3,"file":"build-client-metadata.d.ts","sourceRoot":"","sources":["../lib/build-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAKnD,OAAO,EAEN,KAAK,0BAA0B,EAC/B,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EAEN,KAAK,oBAAoB,EACzB,MAAM,4CAA4C,CAAC;AAEpD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAE9E;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,UACxB,0BAA0B,UACzB,MAAM,KACZ,mBAmDF,CAAC;AA6BF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,yBAAyB,UAAW,oBAAoB,KAAG,mBAuCvE,CAAC"}

package/dist/build-client-metadata.js

@@ -1,8 +1,10 @@
+import * as v from 'valibot';
 import { FALLBACK_ALG } from './constants.js';
 import { confidentialClientMetadataSchema, } from './schemas/atcute-confidential-client-metadata.js';
+import { publicClientMetadataSchema, } from './schemas/atcute-public-client-metadata.js';
+import { DEFAULT_ATPROTO_OAUTH_SCOPE } from './schemas/atproto-oauth-scope.js';
 /**
- * builds an atproto client metadata
- *
+ * builds an atproto client metadata for a confidential client.
  *
  * @param input client metadata
  * @param keyset available keys
@@ -10,7 +12,7 @@ import { confidentialClientMetadataSchema, } from './schemas/atcute-confidential
  */
 export const buildClientMetadata = (input, keyset) => {
     // validate user-facing schema is correct
-    const conf = confidentialClientMetadataSchema.parse(input, { mode: 'passthrough' });
+    const conf = v.parse(confidentialClientMetadataSchema, input);
     // build full OAuth client metadata (atproto defaults and requirements)
     const metadata = {
         client_id: conf.client_id,
@@ -50,4 +52,72 @@ export const buildClientMetadata = (input, keyset) => {
     }
     return metadata;
 };
+/**
+ * builds a loopback client_id from redirect_uris and scope.
+ *
+ * @param redirectUris loopback redirect URIs
+ * @param scope OAuth scope string
+ * @returns loopback client_id URL
+ */
+const buildLoopbackClientId = (redirectUris, scope) => {
+    const params = new URLSearchParams();
+    // only include scope if not the default
+    if (scope !== DEFAULT_ATPROTO_OAUTH_SCOPE) {
+        params.set('scope', scope);
+    }
+    // include redirect URIs
+    for (const uri of redirectUris) {
+        params.append('redirect_uri', uri);
+    }
+    if (params.size > 0) {
+        return `http://localhost?${params.toString()}`;
+    }
+    return 'http://localhost';
+};
+/**
+ * builds an atproto client metadata for a public client.
+ *
+ * public clients use `token_endpoint_auth_method: 'none'` and don't require a keyset.
+ * per AT Protocol spec, they have shorter token lifetimes and cannot use silent sign-in.
+ *
+ * - if `client_id` is omitted: loopback client (client_id built from redirect_uris/scope)
+ * - if `client_id` is provided: discoverable public client
+ *
+ * @param input public client metadata
+ * @returns built client metadata
+ */
+export const buildPublicClientMetadata = (input) => {
+    const parsed = v.parse(publicClientMetadataSchema, input);
+    const scope = Array.isArray(parsed.scope) ? parsed.scope.join(' ') : parsed.scope;
+    if (parsed.client_id === undefined) {
+        // loopback client - server generates metadata from client_id URL
+        return {
+            client_id: buildLoopbackClientId(parsed.redirect_uris, scope),
+            redirect_uris: parsed.redirect_uris,
+            scope,
+            application_type: 'native',
+            response_types: ['code'],
+            grant_types: ['authorization_code', 'refresh_token'],
+            token_endpoint_auth_method: 'none',
+            dpop_bound_access_tokens: true,
+        };
+    }
+    // discoverable public client
+    return {
+        client_id: parsed.client_id,
+        client_name: parsed.client_name,
+        client_uri: parsed.client_uri,
+        policy_uri: parsed.policy_uri,
+        tos_uri: parsed.tos_uri,
+        logo_uri: parsed.logo_uri,
+        redirect_uris: parsed.redirect_uris,
+        scope,
+        application_type: parsed.application_type ?? 'web',
+        subject_type: 'public',
+        response_types: ['code'],
+        grant_types: ['authorization_code', 'refresh_token'],
+        token_endpoint_auth_method: 'none',
+        dpop_bound_access_tokens: true,
+    };
+};
 //# sourceMappingURL=build-client-metadata.js.map

package/dist/build-client-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"build-client-metadata.js","sourceRoot":"","sources":["../lib/build-client-metadata.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACN,gCAAgC,GAEhC,MAAM,kDAAkD,CAAC;AAG1D;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAClC,KAAiC,EACjC,MAAc,EACQ,EAAE,CAAC;IACzB,yCAAyC;IACzC,MAAM,IAAI,GAAG,gCAAgC,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;IAEpF,uEAAuE;IACvE,MAAM,QAAQ,GAAwB;QACrC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK;QAEpE,gBAAgB,EAAE,KAAK;QACvB,YAAY,EAAE,QAAQ;QACtB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAEpD,0BAA0B,EAAE,iBAAiB;QAC7C,+BAA+B,EAAE,YAAY;QAC7C,wBAAwB,EAAE,IAAI;QAE9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAE,MAAM,CAAC,UAA0C;KACpF,CAAC;IAEF,0DAA0D;IAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,YAAY,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,SAAS,CAAC,4CAA4C,YAAY,eAAe,CAAC,CAAC;IAC9F,CAAC;IAED,+DAA+D;IAC/D,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,IAAI,GAAG,CACvB,QAAQ,CAAC,IAAI,CAAC,IAAI;aAChB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;aACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;aACjB,MAAM,CAAC,OAAO,CAAC,CACjB,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,SAAS,CAAC,gBAAgB,GAAG,CAAC,GAAG,qBAAqB,CAAC,CAAC;YACnE,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AAAA,CAChB,CAAC"}
+{"version":3,"file":"build-client-metadata.js","sourceRoot":"","sources":["../lib/build-client-metadata.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACN,gCAAgC,GAEhC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,0BAA0B,GAE1B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAG/E;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAClC,KAAiC,EACjC,MAAc,EACQ,EAAE;IACxB,yCAAyC;IACzC,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;IAE9D,uEAAuE;IACvE,MAAM,QAAQ,GAAwB;QACrC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK;QAEpE,gBAAgB,EAAE,KAAK;QACvB,YAAY,EAAE,QAAQ;QACtB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAEpD,0BAA0B,EAAE,iBAAiB;QAC7C,+BAA+B,EAAE,YAAY;QAC7C,wBAAwB,EAAE,IAAI;QAE9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAE,MAAM,CAAC,UAA0C;KACpF,CAAC;IAEF,0DAA0D;IAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,YAAY,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,SAAS,CAAC,4CAA4C,YAAY,eAAe,CAAC,CAAC;IAC9F,CAAC;IAED,+DAA+D;IAC/D,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,IAAI,GAAG,CACvB,QAAQ,CAAC,IAAI,CAAC,IAAI;aAChB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;aACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;aACjB,MAAM,CAAC,OAAO,CAAC,CACjB,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,SAAS,CAAC,gBAAgB,GAAG,CAAC,GAAG,qBAAqB,CAAC,CAAC;YACnE,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,qBAAqB,GAAG,CAAC,YAA+B,EAAE,KAAa,EAAU,EAAE;IACxF,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,wCAAwC;IACxC,IAAI,KAAK,KAAK,2BAA2B,EAAE,CAAC;QAC3C,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,oBAAoB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,kBAAkB,CAAC;AAC3B,CAAC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,KAA2B,EAAuB,EAAE;IAC7F,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IAElF,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACpC,iEAAiE;QACjE,OAAO;YACN,SAAS,EAAE,qBAAqB,CAAC,MAAM,CAAC,aAAa,EAAE,KAAK,CAAC;YAC7D,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,KAAK;YAEL,gBAAgB,EAAE,QAAQ;YAC1B,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YAEpD,0BAA0B,EAAE,MAAM;YAClC,wBAAwB,EAAE,IAAI;SAC9B,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,OAAO;QACN,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,KAAK;QAEL,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK;QAClD,YAAY,EAAE,QAAQ;QACtB,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAEpD,0BAA0B,EAAE,MAAM;QAClC,wBAAwB,EAAE,IAAI;KAC9B,CAAC;AACH,CAAC,CAAC"}

package/dist/index.d.ts

@@ -1,31 +1,32 @@
-export { buildClientMetadata } from './build-client-metadata.js';
-export { CLIENT_ASSERTION_TYPE_JWT_BEARER, FALLBACK_ALG } from './constants.js';
-export * as scope from './scope.js';
-export { confidentialClientMetadataSchema, type ConfidentialClientMetadata, } from './schemas/atcute-confidential-client-metadata.js';
-export { atprotoOAuthScopeSchema, ATPROTO_SCOPE_VALUE, DEFAULT_ATPROTO_OAUTH_SCOPE, type AtprotoOAuthScope, } from './schemas/atproto-oauth-scope.js';
-export { jwkPubSchema, jwkSchema, keyUsageSchema, publicKeyUsageSchema, type Jwk, type JwkPub, type KeyUsage, } from './schemas/jwk.js';
-export { jwksPubSchema, jwksSchema, type Jwks, type JwksPub } from './schemas/jwks.js';
-export { oauthClientIdDiscoverableSchema } from './schemas/oauth-client-id-discoverable.js';
-export { oauthClientIdSchema, type OAuthClientId } from './schemas/oauth-client-id.js';
-export { oauthClientMetadataSchema, type OAuthClientMetadata } from './schemas/oauth-client-metadata.js';
-export { oauthEndpointAuthMethodSchema, type OAuthEndpointAuthMethod, } from './schemas/oauth-endpoint-auth-method.js';
-export { oauthGrantTypeSchema, type OAuthGrantType } from './schemas/oauth-grant-type.js';
-export { loopbackRedirectUriSchema, oauthRedirectUriSchema, type LoopbackRedirectUri, type OAuthRedirectUri, } from './schemas/oauth-redirect-uri.js';
-export { oauthResponseTypeSchema, type OAuthResponseType } from './schemas/oauth-response-type.js';
-export { isOAuthScope, OAUTH_SCOPE_REGEXP, oauthScopeSchema, type OAuthScope, } from './schemas/oauth-scope.js';
-export { httpsUriSchema, loopbackUriSchema, nonLocalWebUriSchema, privateUseUriSchema, urlSchema, webUriSchema, } from './schemas/uri.js';
-export { extractUrlPath, isHostnameIP, isLastOccurrence, isLocalHostname, isLoopbackHost, isSpaceSeparatedValue, } from './schemas/utils.js';
-export { oauthTokenTypeSchema, type OAuthTokenType } from './schemas/oauth-token-type.js';
-export { oauthTokenResponseSchema, type OAuthTokenResponse } from './schemas/oauth-token-response.js';
-export { atprotoOAuthTokenResponseSchema, type AtprotoOAuthTokenResponse, } from './schemas/atproto-oauth-token-response.js';
-export { oauthParResponseSchema, type OAuthParResponse } from './schemas/oauth-par-response.js';
-export { oauthCodeChallengeMethodSchema, type OAuthCodeChallengeMethod, } from './schemas/oauth-code-challenge-method.js';
-export { oauthResponseModeSchema, type OAuthResponseMode } from './schemas/oauth-response-mode.js';
-export { oauthPromptSchema, type OAuthPrompt } from './schemas/oauth-prompt.js';
-export { oauthAuthorizationDetailSchema, oauthAuthorizationDetailsSchema, type OAuthAuthorizationDetail, type OAuthAuthorizationDetails, } from './schemas/oauth-authorization-details.js';
-export { oauthIssuerIdentifierSchema, type OAuthIssuerIdentifier, } from './schemas/oauth-issuer-identifier.js';
-export { oauthAuthorizationServerMetadataSchema, oauthAuthorizationServerMetadataValidator, type OAuthAuthorizationServerMetadata, } from './schemas/oauth-authorization-server-metadata.js';
-export { atprotoAuthorizationServerMetadataValidator, type AtprotoAuthorizationServerMetadata, } from './schemas/atproto-authorization-server-metadata.js';
-export { oauthBearerMethodSchema, oauthProtectedResourceMetadataSchema, oauthProtectedResourceMetadataValidator, type OAuthBearerMethod, type OAuthProtectedResourceMetadata, } from './schemas/oauth-protected-resource-metadata.js';
-export { atprotoProtectedResourceMetadataValidator, type AtprotoProtectedResourceMetadata, } from './schemas/atproto-protected-resource-metadata.js';
+export { buildClientMetadata, buildPublicClientMetadata } from './build-client-metadata.ts';
+export { CLIENT_ASSERTION_TYPE_JWT_BEARER, FALLBACK_ALG } from './constants.ts';
+export * as scope from './scope.ts';
+export { confidentialClientMetadataSchema, type ConfidentialClientMetadata, } from './schemas/atcute-confidential-client-metadata.ts';
+export { discoverablePublicClientMetadataSchema, loopbackClientMetadataSchema, publicClientMetadataSchema, type DiscoverablePublicClientMetadata, type LoopbackClientMetadata, type PublicClientMetadata, } from './schemas/atcute-public-client-metadata.ts';
+export { atprotoOAuthScopeSchema, ATPROTO_SCOPE_VALUE, DEFAULT_ATPROTO_OAUTH_SCOPE, type AtprotoOAuthScope, } from './schemas/atproto-oauth-scope.ts';
+export { jwkPubSchema, jwkSchema, keyUsageSchema, publicKeyUsageSchema, type Jwk, type JwkPub, type KeyUsage, } from './schemas/jwk.ts';
+export { jwksPubSchema, jwksSchema, type Jwks, type JwksPub } from './schemas/jwks.ts';
+export { oauthClientIdDiscoverableSchema } from './schemas/oauth-client-id-discoverable.ts';
+export { oauthClientIdSchema, type OAuthClientId } from './schemas/oauth-client-id.ts';
+export { oauthClientMetadataSchema, type OAuthClientMetadata } from './schemas/oauth-client-metadata.ts';
+export { oauthEndpointAuthMethodSchema, type OAuthEndpointAuthMethod, } from './schemas/oauth-endpoint-auth-method.ts';
+export { oauthGrantTypeSchema, type OAuthGrantType } from './schemas/oauth-grant-type.ts';
+export { loopbackRedirectUriSchema, oauthRedirectUriSchema, type LoopbackRedirectUri, type OAuthRedirectUri, } from './schemas/oauth-redirect-uri.ts';
+export { oauthResponseTypeSchema, type OAuthResponseType } from './schemas/oauth-response-type.ts';
+export { isOAuthScope, OAUTH_SCOPE_REGEXP, oauthScopeSchema, type OAuthScope, } from './schemas/oauth-scope.ts';
+export { httpsUriSchema, loopbackUriSchema, nonLocalWebUriSchema, privateUseUriSchema, urlSchema, webUriSchema, } from './schemas/uri.ts';
+export { extractUrlPath, isHostnameIP, isLastOccurrence, isLocalHostname, isLoopbackHost, isSpaceSeparatedValue, } from './schemas/utils.ts';
+export { oauthTokenTypeSchema, type OAuthTokenType } from './schemas/oauth-token-type.ts';
+export { oauthTokenResponseSchema, type OAuthTokenResponse } from './schemas/oauth-token-response.ts';
+export { atprotoOAuthTokenResponseSchema, type AtprotoOAuthTokenResponse, } from './schemas/atproto-oauth-token-response.ts';
+export { oauthParResponseSchema, type OAuthParResponse } from './schemas/oauth-par-response.ts';
+export { oauthCodeChallengeMethodSchema, type OAuthCodeChallengeMethod, } from './schemas/oauth-code-challenge-method.ts';
+export { oauthResponseModeSchema, type OAuthResponseMode } from './schemas/oauth-response-mode.ts';
+export { oauthPromptSchema, type OAuthPrompt } from './schemas/oauth-prompt.ts';
+export { oauthAuthorizationDetailSchema, oauthAuthorizationDetailsSchema, type OAuthAuthorizationDetail, type OAuthAuthorizationDetails, } from './schemas/oauth-authorization-details.ts';
+export { oauthIssuerIdentifierSchema, type OAuthIssuerIdentifier, } from './schemas/oauth-issuer-identifier.ts';
+export { oauthAuthorizationServerMetadataSchema, oauthAuthorizationServerMetadataValidator, type OAuthAuthorizationServerMetadata, } from './schemas/oauth-authorization-server-metadata.ts';
+export { atprotoAuthorizationServerMetadataValidator, type AtprotoAuthorizationServerMetadata, } from './schemas/atproto-authorization-server-metadata.ts';
+export { oauthBearerMethodSchema, oauthProtectedResourceMetadataSchema, oauthProtectedResourceMetadataValidator, type OAuthBearerMethod, type OAuthProtectedResourceMetadata, } from './schemas/oauth-protected-resource-metadata.ts';
+export { atprotoProtectedResourceMetadataValidator, type AtprotoProtectedResourceMetadata, } from './schemas/atproto-protected-resource-metadata.ts';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,gCAAgC,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEhF,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAGpC,OAAO,EACN,gCAAgC,EAChC,KAAK,0BAA0B,GAC/B,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,EAC3B,KAAK,iBAAiB,GACtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACN,YAAY,EACZ,SAAS,EACT,cAAc,EACd,oBAAoB,EACpB,KAAK,GAAG,EACR,KAAK,MAAM,EACX,KAAK,QAAQ,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,KAAK,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,+BAA+B,EAAE,MAAM,2CAA2C,CAAC;AAC5F,OAAO,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,MAAM,8BAA8B,CAAC;AACvF,OAAO,EAAE,yBAAyB,EAAE,KAAK,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzG,OAAO,EACN,6BAA6B,EAC7B,KAAK,uBAAuB,GAC5B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EACN,yBAAyB,EACzB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,GACrB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACnG,OAAO,EACN,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,UAAU,GACf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,YAAY,GACZ,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACN,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,qBAAqB,GACrB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,KAAK,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACtG,OAAO,EACN,+BAA+B,EAC/B,KAAK,yBAAyB,GAC9B,MAAM,2CAA2C,CAAC;AAGnD,OAAO,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAChG,OAAO,EACN,8BAA8B,EAC9B,KAAK,wBAAwB,GAC7B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGhF,OAAO,EACN,8BAA8B,EAC9B,+BAA+B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC9B,MAAM,0CAA0C,CAAC;AAGlD,OAAO,EACN,2BAA2B,EAC3B,KAAK,qBAAqB,GAC1B,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACN,sCAAsC,EACtC,yCAAyC,EACzC,KAAK,gCAAgC,GACrC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,2CAA2C,EAC3C,KAAK,kCAAkC,GACvC,MAAM,oDAAoD,CAAC;AAG5D,OAAO,EACN,uBAAuB,EACvB,oCAAoC,EACpC,uCAAuC,EACvC,KAAK,iBAAiB,EACtB,KAAK,8BAA8B,GACnC,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACN,yCAAyC,EACzC,KAAK,gCAAgC,GACrC,MAAM,kDAAkD,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAC5F,OAAO,EAAE,gCAAgC,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEhF,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAGpC,OAAO,EACN,gCAAgC,EAChC,KAAK,0BAA0B,GAC/B,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,sCAAsC,EACtC,4BAA4B,EAC5B,0BAA0B,EAC1B,KAAK,gCAAgC,EACrC,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GACzB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EACN,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,EAC3B,KAAK,iBAAiB,GACtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACN,YAAY,EACZ,SAAS,EACT,cAAc,EACd,oBAAoB,EACpB,KAAK,GAAG,EACR,KAAK,MAAM,EACX,KAAK,QAAQ,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,KAAK,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,+BAA+B,EAAE,MAAM,2CAA2C,CAAC;AAC5F,OAAO,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,MAAM,8BAA8B,CAAC;AACvF,OAAO,EAAE,yBAAyB,EAAE,KAAK,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzG,OAAO,EACN,6BAA6B,EAC7B,KAAK,uBAAuB,GAC5B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EACN,yBAAyB,EACzB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,GACrB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACnG,OAAO,EACN,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,UAAU,GACf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,YAAY,GACZ,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACN,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,qBAAqB,GACrB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,KAAK,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACtG,OAAO,EACN,+BAA+B,EAC/B,KAAK,yBAAyB,GAC9B,MAAM,2CAA2C,CAAC;AAGnD,OAAO,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAChG,OAAO,EACN,8BAA8B,EAC9B,KAAK,wBAAwB,GAC7B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGhF,OAAO,EACN,8BAA8B,EAC9B,+BAA+B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC9B,MAAM,0CAA0C,CAAC;AAGlD,OAAO,EACN,2BAA2B,EAC3B,KAAK,qBAAqB,GAC1B,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACN,sCAAsC,EACtC,yCAAyC,EACzC,KAAK,gCAAgC,GACrC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,2CAA2C,EAC3C,KAAK,kCAAkC,GACvC,MAAM,oDAAoD,CAAC;AAG5D,OAAO,EACN,uBAAuB,EACvB,oCAAoC,EACpC,uCAAuC,EACvC,KAAK,iBAAiB,EACtB,KAAK,8BAA8B,GACnC,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACN,yCAAyC,EACzC,KAAK,gCAAgC,GACrC,MAAM,kDAAkD,CAAC"}

package/dist/index.js

@@ -1,8 +1,9 @@
-export { buildClientMetadata } from './build-client-metadata.js';
+export { buildClientMetadata, buildPublicClientMetadata } from './build-client-metadata.js';
 export { CLIENT_ASSERTION_TYPE_JWT_BEARER, FALLBACK_ALG } from './constants.js';
 export * as scope from './scope.js';
 // schemas
 export { confidentialClientMetadataSchema, } from './schemas/atcute-confidential-client-metadata.js';
+export { discoverablePublicClientMetadataSchema, loopbackClientMetadataSchema, publicClientMetadataSchema, } from './schemas/atcute-public-client-metadata.js';
 export { atprotoOAuthScopeSchema, ATPROTO_SCOPE_VALUE, DEFAULT_ATPROTO_OAUTH_SCOPE, } from './schemas/atproto-oauth-scope.js';
 export { jwkPubSchema, jwkSchema, keyUsageSchema, publicKeyUsageSchema, } from './schemas/jwk.js';
 export { jwksPubSchema, jwksSchema } from './schemas/jwks.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,gCAAgC,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEhF,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAEpC,UAAU;AACV,OAAO,EACN,gCAAgC,GAEhC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,GAE3B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACN,YAAY,EACZ,SAAS,EACT,cAAc,EACd,oBAAoB,GAIpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,UAAU,EAA2B,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,+BAA+B,EAAE,MAAM,2CAA2C,CAAC;AAC5F,OAAO,EAAE,mBAAmB,EAAsB,MAAM,8BAA8B,CAAC;AACvF,OAAO,EAAE,yBAAyB,EAA4B,MAAM,oCAAoC,CAAC;AACzG,OAAO,EACN,6BAA6B,GAE7B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAuB,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EACN,yBAAyB,EACzB,sBAAsB,GAGtB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAA0B,MAAM,kCAAkC,CAAC;AACnG,OAAO,EACN,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,GAEhB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,YAAY,GACZ,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACN,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,qBAAqB,GACrB,MAAM,oBAAoB,CAAC;AAE5B,gBAAgB;AAChB,OAAO,EAAE,oBAAoB,EAAuB,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAA2B,MAAM,mCAAmC,CAAC;AACtG,OAAO,EACN,+BAA+B,GAE/B,MAAM,2CAA2C,CAAC;AAEnD,cAAc;AACd,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,EACN,8BAA8B,GAE9B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAA0B,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAoB,MAAM,2BAA2B,CAAC;AAEhF,wBAAwB;AACxB,OAAO,EACN,8BAA8B,EAC9B,+BAA+B,GAG/B,MAAM,0CAA0C,CAAC;AAElD,kBAAkB;AAClB,OAAO,EACN,2BAA2B,GAE3B,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACN,sCAAsC,EACtC,yCAAyC,GAEzC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,2CAA2C,GAE3C,MAAM,oDAAoD,CAAC;AAE5D,8BAA8B;AAC9B,OAAO,EACN,uBAAuB,EACvB,oCAAoC,EACpC,uCAAuC,GAGvC,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACN,yCAAyC,GAEzC,MAAM,kDAAkD,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAC5F,OAAO,EAAE,gCAAgC,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEhF,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAEpC,UAAU;AACV,OAAO,EACN,gCAAgC,GAEhC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,sCAAsC,EACtC,4BAA4B,EAC5B,0BAA0B,GAI1B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EACN,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,GAE3B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACN,YAAY,EACZ,SAAS,EACT,cAAc,EACd,oBAAoB,GAIpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,UAAU,EAA2B,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,+BAA+B,EAAE,MAAM,2CAA2C,CAAC;AAC5F,OAAO,EAAE,mBAAmB,EAAsB,MAAM,8BAA8B,CAAC;AACvF,OAAO,EAAE,yBAAyB,EAA4B,MAAM,oCAAoC,CAAC;AACzG,OAAO,EACN,6BAA6B,GAE7B,MAAM,yCAAyC,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAuB,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EACN,yBAAyB,EACzB,sBAAsB,GAGtB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAA0B,MAAM,kCAAkC,CAAC;AACnG,OAAO,EACN,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,GAEhB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACN,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,YAAY,GACZ,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACN,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,qBAAqB,GACrB,MAAM,oBAAoB,CAAC;AAE5B,gBAAgB;AAChB,OAAO,EAAE,oBAAoB,EAAuB,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAA2B,MAAM,mCAAmC,CAAC;AACtG,OAAO,EACN,+BAA+B,GAE/B,MAAM,2CAA2C,CAAC;AAEnD,cAAc;AACd,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,EACN,8BAA8B,GAE9B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAA0B,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAoB,MAAM,2BAA2B,CAAC;AAEhF,wBAAwB;AACxB,OAAO,EACN,8BAA8B,EAC9B,+BAA+B,GAG/B,MAAM,0CAA0C,CAAC;AAElD,kBAAkB;AAClB,OAAO,EACN,2BAA2B,GAE3B,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACN,sCAAsC,EACtC,yCAAyC,GAEzC,MAAM,kDAAkD,CAAC;AAC1D,OAAO,EACN,2CAA2C,GAE3C,MAAM,oDAAoD,CAAC;AAE5D,8BAA8B;AAC9B,OAAO,EACN,uBAAuB,EACvB,oCAAoC,EACpC,uCAAuC,GAGvC,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACN,yCAAyC,GAEzC,MAAM,kDAAkD,CAAC"}

package/dist/schemas/atcute-client-shared.d.ts

@@ -0,0 +1,8 @@
+import * as v from 'valibot';
+/**
+ * OAuth scope - either:
+ * - a space-separated string (must include "atproto")
+ * - an array of scope strings ('atproto' is added automatically)
+ */
+export declare const scopeSchema: v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid atproto OAuth scope">]>, v.CheckAction<string, "duplicate scope">]>, v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "invalid OAuth scope">]>, undefined>, v.TransformAction<string[], string[]>, v.CheckItemsAction<string[], "duplicate scope">]>], undefined>;
+//# sourceMappingURL=atcute-client-shared.d.ts.map

package/dist/schemas/atcute-client-shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"atcute-client-shared.d.ts","sourceRoot":"","sources":["../../lib/schemas/atcute-client-shared.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAS7B;;;;GAIG;AACH,eAAO,MAAM,WAAW,scAUtB,CAAC"}

package/dist/schemas/atcute-client-shared.js

@@ -0,0 +1,15 @@
+import * as v from 'valibot';
+import { atprotoOAuthScopeSchema } from './atproto-oauth-scope.js';
+import { isLastOccurrence } from './utils.js';
+const SINGLE_SCOPE_RE = /^[\x21\x23-\x5B\x5D-\x7E]+$/;
+const singleScopeSchema = v.pipe(v.string(), v.regex(SINGLE_SCOPE_RE, `invalid OAuth scope`));
+/**
+ * OAuth scope - either:
+ * - a space-separated string (must include "atproto")
+ * - an array of scope strings ('atproto' is added automatically)
+ */
+export const scopeSchema = v.union([
+    v.pipe(atprotoOAuthScopeSchema, v.check((input) => input.split(/\s+/).every(isLastOccurrence), `duplicate scope`)),
+    v.pipe(v.array(singleScopeSchema), v.transform((input) => (input.includes('atproto') ? input : ['atproto', ...input])), v.checkItems(isLastOccurrence, `duplicate scope`)),
+]);
+//# sourceMappingURL=atcute-client-shared.js.map

package/dist/schemas/atcute-client-shared.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"atcute-client-shared.js","sourceRoot":"","sources":["../../lib/schemas/atcute-client-shared.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,eAAe,GAAG,6BAA6B,CAAC;AAEtD,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC,CAAC;AAE9F;;;;GAIG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC;IAClC,CAAC,CAAC,IAAI,CACL,uBAAuB,EACvB,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,iBAAiB,CAAC,CACjF;IACD,CAAC,CAAC,IAAI,CACL,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAC1B,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,EACnF,CAAC,CAAC,UAAU,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CACjD;CACD,CAAC,CAAC"}