@atcute/oauth-types 0.1.0 → 1.0.0

package/dist/schemas/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../lib/schemas/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,cAAc,+BAE1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,+BAUxB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe,+BAQ3B,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,yBA4B1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAAI,CAAC,yDAEjC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,2CA2BjC,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../lib/schemas/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,cAAc,aAAc,MAAM,KAAG,OAEjD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,aAAc,MAAM,KAAG,OAU/C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe,aAAc,MAAM,KAAG,OAQlD,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,QAAS,MAAM,KAAG,MA4B5C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAAI,CAAC,QAAQ,CAAC,SAAS,MAAM,SAAS,SAAS,CAAC,EAAE,KAAG,OAEjF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,UAAW,MAAM,SAAS,MAAM,KAAG,OA2BpE,CAAC"}

package/dist/schemas/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../lib/schemas/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,QAAgB,EAAW,EAAE,CAAC;IAC5D,OAAO,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,OAAO,CAAC;AAAA,CACpF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAW,EAAE,CAAC;IAC1D,OAAO;IACP,IAAI,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AAAA,CACb,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAW,EAAE,CAAC;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CAAC;AAAA,CAC1G,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAW,EAAU,EAAE,CAAC;IACtD,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvG,MAAM,OAAO,GACZ,OAAO,KAAK,CAAC,CAAC;QACb,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YACnB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACd,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YACnB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEpC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,GAAG,CAAC;AAAA,CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAI,IAAO,EAAE,KAAa,EAAE,KAAmB,EAAW,EAAE,CAAC;IAC5F,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC;AAAA,CACzC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,KAAa,EAAE,KAAa,EAAW,EAAE,CAAC;IAC/E,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC;IACjC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC;IAEjC,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,MAAc,CAAC;IAEnB,OAAO,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,GAAG,WAAW,CAAC;QAE3B;QACC,oCAAoC;QACpC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;YAC/C,8BAA8B;YAC9B,CAAC,MAAM,KAAK,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,EAC1D,CAAC;YACF,OAAO,IAAI,CAAC;QACb,CAAC;QAED,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,KAAK,CAAC;AAAA,CACb,CAAC"}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../lib/schemas/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,QAAgB,EAAW,EAAE;IAC3D,OAAO,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,OAAO,CAAC;AACrF,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAW,EAAE;IACzD,OAAO;IACP,IAAI,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAW,EAAE;IAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CAAC;AAC3G,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAW,EAAU,EAAE;IACrD,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvG,MAAM,OAAO,GACZ,OAAO,KAAK,CAAC,CAAC;QACb,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YACnB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACd,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YACnB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEpC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,GAAG,CAAC;AACjD,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAI,IAAO,EAAE,KAAa,EAAE,KAAmB,EAAW,EAAE;IAC3F,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC;AAC1C,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,KAAa,EAAE,KAAa,EAAW,EAAE;IAC9E,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC;IACjC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC;IAEjC,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,MAAc,CAAC;IAEnB,OAAO,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,GAAG,WAAW,CAAC;QAE3B;QACC,oCAAoC;QACpC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;YAC/C,8BAA8B;YAC9B,CAAC,MAAM,KAAK,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,EAC1D,CAAC;YACF,OAAO,IAAI,CAAC;QACb,CAAC;QAED,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC,CAAC"}

package/dist/scope.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scope.d.ts","sourceRoot":"","sources":["../lib/scope.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAErE,0BAA0B;AAC1B,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAExD,yBAAyB;AACzB,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEtD,sBAAsB;AACtB,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,CAAC;AAE9C,0BAA0B;AAC1B,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,GAAG,CAAC;AAE1C,8CAA8C;AAC9C,MAAM,MAAM,eAAe,GAAG,IAAI,GAAG,GAAG,CAAC;AAEzC,kDAAkD;AAClD,MAAM,MAAM,QAAQ,GAAG,IAAI,GAAG,GAAG,CAAC;AAElC,wDAAwD;AACxD,MAAM,MAAM,QAAQ,GAAG,eAAe,GAAG,GAAG,CAAC;AAE7C,MAAM,WAAW,WAAW;IAC3B,wCAAwC;IACxC,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,gEAAgE;IAChE,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC;CACtB;AAED;;;;GAIG;AACH,eAAO,MAAM,IAAI,kCAahB,CAAC;AAEF,MAAM,WAAW,UAAU;IAC1B,4CAA4C;IAC5C,GAAG,EAAE,QAAQ,EAAE,CAAC;IAChB,eAAe;IACf,GAAG,EAAE,QAAQ,CAAC;CACd;AAED;;;;GAIG;AACH,eAAO,MAAM,GAAG,iCAWf,CAAC;AAEF,MAAM,WAAW,cAAc;IAC9B,8CAA8C;IAC9C,IAAI,EAAE,WAAW,CAAC;IAClB,gDAAgD;IAChD,MAAM,CAAC,EAAE,aAAa,CAAC;CACvB;AAED;;;;GAIG;AACH,eAAO,MAAM,OAAO,qCAWnB,CAAC;AAEF,MAAM,WAAW,WAAW;IAC3B,uDAAuD;IACvD,MAAM,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;;GAIG;AACH,eAAO,MAAM,IAAI,kCAUhB,CAAC;AAEF,MAAM,WAAW,eAAe;IAC/B,2CAA2C;IAC3C,IAAI,EAAE,YAAY,CAAC;CACnB;AAED;;;;GAIG;AACH,eAAO,MAAM,QAAQ,sCAKpB,CAAC;AAEF,MAAM,WAAW,cAAc;IAC9B,mBAAmB;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,iCAAiC;IACjC,GAAG,CAAC,EAAE,eAAe,CAAC;CACtB;AAED;;;;GAIG;AACH,eAAO,MAAM,OAAO,qCAWnB,CAAC"}
+{"version":3,"file":"scope.d.ts","sourceRoot":"","sources":["../lib/scope.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAErE,0BAA0B;AAC1B,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAExD,yBAAyB;AACzB,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEtD,sBAAsB;AACtB,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,CAAC;AAE9C,0BAA0B;AAC1B,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,GAAG,CAAC;AAE1C,8CAA8C;AAC9C,MAAM,MAAM,eAAe,GAAG,IAAI,GAAG,GAAG,CAAC;AAEzC,kDAAkD;AAClD,MAAM,MAAM,QAAQ,GAAG,IAAI,GAAG,GAAG,CAAC;AAElC,wDAAwD;AACxD,MAAM,MAAM,QAAQ,GAAG,eAAe,GAAG,GAAG,CAAC;AAE7C,MAAM,WAAW,WAAW;IAC3B,wCAAwC;IACxC,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,gEAAgE;IAChE,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC;CACtB;AAED;;;;GAIG;AACH,eAAO,MAAM,IAAI,YAAa,WAAW,KAAG,MAa3C,CAAC;AAEF,MAAM,WAAW,UAAU;IAC1B,4CAA4C;IAC5C,GAAG,EAAE,QAAQ,EAAE,CAAC;IAChB,eAAe;IACf,GAAG,EAAE,QAAQ,CAAC;CACd;AAED;;;;GAIG;AACH,eAAO,MAAM,GAAG,YAAa,UAAU,KAAG,MAWzC,CAAC;AAEF,MAAM,WAAW,cAAc;IAC9B,8CAA8C;IAC9C,IAAI,EAAE,WAAW,CAAC;IAClB,gDAAgD;IAChD,MAAM,CAAC,EAAE,aAAa,CAAC;CACvB;AAED;;;;GAIG;AACH,eAAO,MAAM,OAAO,YAAa,cAAc,KAAG,MAWjD,CAAC;AAEF,MAAM,WAAW,WAAW;IAC3B,uDAAuD;IACvD,MAAM,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;;GAIG;AACH,eAAO,MAAM,IAAI,YAAa,WAAW,KAAG,MAU3C,CAAC;AAEF,MAAM,WAAW,eAAe;IAC/B,2CAA2C;IAC3C,IAAI,EAAE,YAAY,CAAC;CACnB;AAED;;;;GAIG;AACH,eAAO,MAAM,QAAQ,YAAa,eAAe,KAAG,MAKnD,CAAC;AAEF,MAAM,WAAW,cAAc;IAC9B,mBAAmB;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,iCAAiC;IACjC,GAAG,CAAC,EAAE,eAAe,CAAC;CACtB;AAED;;;;GAIG;AACH,eAAO,MAAM,OAAO,YAAa,cAAc,KAAG,MAWjD,CAAC"}

package/dist/scope.js.map

@@ -1 +1 @@
-{"version":3,"file":"scope.js","sourceRoot":"","sources":["../lib/scope.ts"],"names":[],"mappings":"AA8BA;;;;GAIG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,OAAoB,EAAU,EAAE,CAAC;IACrD,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAE5C,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAAA,CACnC,CAAC;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,OAAmB,EAAU,EAAE,CAAC;IACnD,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEvB,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAAA,CAClC,CAAC;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAuB,EAAU,EAAE,CAAC;IAC3D,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEjC,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEzB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAAA,CACtC,CAAC;AAOF;;;;GAIG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,OAAoB,EAAU,EAAE,CAAC;IACrD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAAA,CACnC,CAAC;AAOF;;;;GAIG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,OAAwB,EAAU,EAAE,CAAC;IAC7D,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjC,OAAO,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAAA,CACvC,CAAC;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAuB,EAAU,EAAE,CAAC;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE9B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEzB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAAA,CACtC,CAAC;AAEF,2DAA2D;AAC3D,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAE9D,6DAA6D;AAC7D,MAAM,WAAW,GAAG,CAAC,MAAc,EAAE,MAAuB,EAAU,EAAE,CAAC;IACxE,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,MAAM,CAAC;IACf,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,iBAAiB,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;AAAA,CAC3D,CAAC;AAEF,iDAAiD;AACjD,oDAAoD;AACpD,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAU,EAAE,CAAC;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;IAAA,CAC3B,CAAC,CAAC;AAAA,CACH,CAAC"}
+{"version":3,"file":"scope.js","sourceRoot":"","sources":["../lib/scope.ts"],"names":[],"mappings":"AA8BA;;;;GAIG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,OAAoB,EAAU,EAAE;IACpD,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAE5C,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC,CAAC;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,OAAmB,EAAU,EAAE;IAClD,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEvB,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACnC,CAAC,CAAC;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAuB,EAAU,EAAE;IAC1D,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEjC,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEzB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACvC,CAAC,CAAC;AAOF;;;;GAIG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,OAAoB,EAAU,EAAE;IACpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC,CAAC;AAOF;;;;GAIG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,OAAwB,EAAU,EAAE;IAC5D,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjC,OAAO,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC,CAAC;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAuB,EAAU,EAAE;IAC1D,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE9B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEzB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACvC,CAAC,CAAC;AAEF,2DAA2D;AAC3D,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAE9D,6DAA6D;AAC7D,MAAM,WAAW,GAAG,CAAC,MAAc,EAAE,MAAuB,EAAU,EAAE;IACvE,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,MAAM,CAAC;IACf,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,iBAAiB,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;AAC5D,CAAC,CAAC;AAEF,iDAAiD;AACjD,oDAAoD;AACpD,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAU,EAAE;IACnD,OAAO,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,EAAE;QAChD,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/lib/build-client-metadata.ts

@@ -1,15 +1,21 @@
 import type { Keyset } from '@atcute/oauth-keyset';
 
-import { FALLBACK_ALG } from './constants.js';
+import * as v from 'valibot';
+
+import { FALLBACK_ALG } from './constants.ts';
 import {
 	confidentialClientMetadataSchema,
 	type ConfidentialClientMetadata,
-} from './schemas/atcute-confidential-client-metadata.js';
-import type { OAuthClientMetadata } from './schemas/oauth-client-metadata.js';
+} from './schemas/atcute-confidential-client-metadata.ts';
+import {
+	publicClientMetadataSchema,
+	type PublicClientMetadata,
+} from './schemas/atcute-public-client-metadata.ts';
+import { DEFAULT_ATPROTO_OAUTH_SCOPE } from './schemas/atproto-oauth-scope.ts';
+import type { OAuthClientMetadata } from './schemas/oauth-client-metadata.ts';
 
 /**
- * builds an atproto client metadata
- *
+ * builds an atproto client metadata for a confidential client.
  *
  * @param input client metadata
  * @param keyset available keys
@@ -20,7 +26,7 @@ export const buildClientMetadata = (
 	keyset: Keyset,
 ): OAuthClientMetadata => {
 	// validate user-facing schema is correct
-	const conf = confidentialClientMetadataSchema.parse(input, { mode: 'passthrough' });
+	const conf = v.parse(confidentialClientMetadataSchema, input);
 
 	// build full OAuth client metadata (atproto defaults and requirements)
 	const metadata: OAuthClientMetadata = {
@@ -70,3 +76,83 @@ export const buildClientMetadata = (
 
 	return metadata;
 };
+
+/**
+ * builds a loopback client_id from redirect_uris and scope.
+ *
+ * @param redirectUris loopback redirect URIs
+ * @param scope OAuth scope string
+ * @returns loopback client_id URL
+ */
+const buildLoopbackClientId = (redirectUris: readonly string[], scope: string): string => {
+	const params = new URLSearchParams();
+
+	// only include scope if not the default
+	if (scope !== DEFAULT_ATPROTO_OAUTH_SCOPE) {
+		params.set('scope', scope);
+	}
+
+	// include redirect URIs
+	for (const uri of redirectUris) {
+		params.append('redirect_uri', uri);
+	}
+
+	if (params.size > 0) {
+		return `http://localhost?${params.toString()}`;
+	}
+
+	return 'http://localhost';
+};
+
+/**
+ * builds an atproto client metadata for a public client.
+ *
+ * public clients use `token_endpoint_auth_method: 'none'` and don't require a keyset.
+ * per AT Protocol spec, they have shorter token lifetimes and cannot use silent sign-in.
+ *
+ * - if `client_id` is omitted: loopback client (client_id built from redirect_uris/scope)
+ * - if `client_id` is provided: discoverable public client
+ *
+ * @param input public client metadata
+ * @returns built client metadata
+ */
+export const buildPublicClientMetadata = (input: PublicClientMetadata): OAuthClientMetadata => {
+	const parsed = v.parse(publicClientMetadataSchema, input);
+	const scope = Array.isArray(parsed.scope) ? parsed.scope.join(' ') : parsed.scope;
+
+	if (parsed.client_id === undefined) {
+		// loopback client - server generates metadata from client_id URL
+		return {
+			client_id: buildLoopbackClientId(parsed.redirect_uris, scope),
+			redirect_uris: parsed.redirect_uris,
+			scope,
+
+			application_type: 'native',
+			response_types: ['code'],
+			grant_types: ['authorization_code', 'refresh_token'],
+
+			token_endpoint_auth_method: 'none',
+			dpop_bound_access_tokens: true,
+		};
+	}
+
+	// discoverable public client
+	return {
+		client_id: parsed.client_id,
+		client_name: parsed.client_name,
+		client_uri: parsed.client_uri,
+		policy_uri: parsed.policy_uri,
+		tos_uri: parsed.tos_uri,
+		logo_uri: parsed.logo_uri,
+		redirect_uris: parsed.redirect_uris,
+		scope,
+
+		application_type: parsed.application_type ?? 'web',
+		subject_type: 'public',
+		response_types: ['code'],
+		grant_types: ['authorization_code', 'refresh_token'],
+
+		token_endpoint_auth_method: 'none',
+		dpop_bound_access_tokens: true,
+	};
+};

package/lib/index.ts

@@ -1,19 +1,27 @@
-export { buildClientMetadata } from './build-client-metadata.js';
-export { CLIENT_ASSERTION_TYPE_JWT_BEARER, FALLBACK_ALG } from './constants.js';
+export { buildClientMetadata, buildPublicClientMetadata } from './build-client-metadata.ts';
+export { CLIENT_ASSERTION_TYPE_JWT_BEARER, FALLBACK_ALG } from './constants.ts';
 
-export * as scope from './scope.js';
+export * as scope from './scope.ts';
 
 // schemas
 export {
 	confidentialClientMetadataSchema,
 	type ConfidentialClientMetadata,
-} from './schemas/atcute-confidential-client-metadata.js';
+} from './schemas/atcute-confidential-client-metadata.ts';
+export {
+	discoverablePublicClientMetadataSchema,
+	loopbackClientMetadataSchema,
+	publicClientMetadataSchema,
+	type DiscoverablePublicClientMetadata,
+	type LoopbackClientMetadata,
+	type PublicClientMetadata,
+} from './schemas/atcute-public-client-metadata.ts';
 export {
 	atprotoOAuthScopeSchema,
 	ATPROTO_SCOPE_VALUE,
 	DEFAULT_ATPROTO_OAUTH_SCOPE,
 	type AtprotoOAuthScope,
-} from './schemas/atproto-oauth-scope.js';
+} from './schemas/atproto-oauth-scope.ts';
 export {
 	jwkPubSchema,
 	jwkSchema,
@@ -22,29 +30,29 @@ export {
 	type Jwk,
 	type JwkPub,
 	type KeyUsage,
-} from './schemas/jwk.js';
-export { jwksPubSchema, jwksSchema, type Jwks, type JwksPub } from './schemas/jwks.js';
-export { oauthClientIdDiscoverableSchema } from './schemas/oauth-client-id-discoverable.js';
-export { oauthClientIdSchema, type OAuthClientId } from './schemas/oauth-client-id.js';
-export { oauthClientMetadataSchema, type OAuthClientMetadata } from './schemas/oauth-client-metadata.js';
+} from './schemas/jwk.ts';
+export { jwksPubSchema, jwksSchema, type Jwks, type JwksPub } from './schemas/jwks.ts';
+export { oauthClientIdDiscoverableSchema } from './schemas/oauth-client-id-discoverable.ts';
+export { oauthClientIdSchema, type OAuthClientId } from './schemas/oauth-client-id.ts';
+export { oauthClientMetadataSchema, type OAuthClientMetadata } from './schemas/oauth-client-metadata.ts';
 export {
 	oauthEndpointAuthMethodSchema,
 	type OAuthEndpointAuthMethod,
-} from './schemas/oauth-endpoint-auth-method.js';
-export { oauthGrantTypeSchema, type OAuthGrantType } from './schemas/oauth-grant-type.js';
+} from './schemas/oauth-endpoint-auth-method.ts';
+export { oauthGrantTypeSchema, type OAuthGrantType } from './schemas/oauth-grant-type.ts';
 export {
 	loopbackRedirectUriSchema,
 	oauthRedirectUriSchema,
 	type LoopbackRedirectUri,
 	type OAuthRedirectUri,
-} from './schemas/oauth-redirect-uri.js';
-export { oauthResponseTypeSchema, type OAuthResponseType } from './schemas/oauth-response-type.js';
+} from './schemas/oauth-redirect-uri.ts';
+export { oauthResponseTypeSchema, type OAuthResponseType } from './schemas/oauth-response-type.ts';
 export {
 	isOAuthScope,
 	OAUTH_SCOPE_REGEXP,
 	oauthScopeSchema,
 	type OAuthScope,
-} from './schemas/oauth-scope.js';
+} from './schemas/oauth-scope.ts';
 export {
 	httpsUriSchema,
 	loopbackUriSchema,
@@ -52,7 +60,7 @@ export {
 	privateUseUriSchema,
 	urlSchema,
 	webUriSchema,
-} from './schemas/uri.js';
+} from './schemas/uri.ts';
 export {
 	extractUrlPath,
 	isHostnameIP,
@@ -60,24 +68,24 @@ export {
 	isLocalHostname,
 	isLoopbackHost,
 	isSpaceSeparatedValue,
-} from './schemas/utils.js';
+} from './schemas/utils.ts';
 
 // token schemas
-export { oauthTokenTypeSchema, type OAuthTokenType } from './schemas/oauth-token-type.js';
-export { oauthTokenResponseSchema, type OAuthTokenResponse } from './schemas/oauth-token-response.js';
+export { oauthTokenTypeSchema, type OAuthTokenType } from './schemas/oauth-token-type.ts';
+export { oauthTokenResponseSchema, type OAuthTokenResponse } from './schemas/oauth-token-response.ts';
 export {
 	atprotoOAuthTokenResponseSchema,
 	type AtprotoOAuthTokenResponse,
-} from './schemas/atproto-oauth-token-response.js';
+} from './schemas/atproto-oauth-token-response.ts';
 
 // PAR schemas
-export { oauthParResponseSchema, type OAuthParResponse } from './schemas/oauth-par-response.js';
+export { oauthParResponseSchema, type OAuthParResponse } from './schemas/oauth-par-response.ts';
 export {
 	oauthCodeChallengeMethodSchema,
 	type OAuthCodeChallengeMethod,
-} from './schemas/oauth-code-challenge-method.js';
-export { oauthResponseModeSchema, type OAuthResponseMode } from './schemas/oauth-response-mode.js';
-export { oauthPromptSchema, type OAuthPrompt } from './schemas/oauth-prompt.js';
+} from './schemas/oauth-code-challenge-method.ts';
+export { oauthResponseModeSchema, type OAuthResponseMode } from './schemas/oauth-response-mode.ts';
+export { oauthPromptSchema, type OAuthPrompt } from './schemas/oauth-prompt.ts';
 
 // authorization details
 export {
@@ -85,22 +93,22 @@ export {
 	oauthAuthorizationDetailsSchema,
 	type OAuthAuthorizationDetail,
 	type OAuthAuthorizationDetails,
-} from './schemas/oauth-authorization-details.js';
+} from './schemas/oauth-authorization-details.ts';
 
 // server metadata
 export {
 	oauthIssuerIdentifierSchema,
 	type OAuthIssuerIdentifier,
-} from './schemas/oauth-issuer-identifier.js';
+} from './schemas/oauth-issuer-identifier.ts';
 export {
 	oauthAuthorizationServerMetadataSchema,
 	oauthAuthorizationServerMetadataValidator,
 	type OAuthAuthorizationServerMetadata,
-} from './schemas/oauth-authorization-server-metadata.js';
+} from './schemas/oauth-authorization-server-metadata.ts';
 export {
 	atprotoAuthorizationServerMetadataValidator,
 	type AtprotoAuthorizationServerMetadata,
-} from './schemas/atproto-authorization-server-metadata.js';
+} from './schemas/atproto-authorization-server-metadata.ts';
 
 // protected resource metadata
 export {
@@ -109,8 +117,8 @@ export {
 	oauthProtectedResourceMetadataValidator,
 	type OAuthBearerMethod,
 	type OAuthProtectedResourceMetadata,
-} from './schemas/oauth-protected-resource-metadata.js';
+} from './schemas/oauth-protected-resource-metadata.ts';
 export {
 	atprotoProtectedResourceMetadataValidator,
 	type AtprotoProtectedResourceMetadata,
-} from './schemas/atproto-protected-resource-metadata.js';
+} from './schemas/atproto-protected-resource-metadata.ts';

package/lib/schemas/atcute-client-shared.ts

@@ -0,0 +1,25 @@
+import * as v from 'valibot';
+
+import { atprotoOAuthScopeSchema } from './atproto-oauth-scope.ts';
+import { isLastOccurrence } from './utils.ts';
+
+const SINGLE_SCOPE_RE = /^[\x21\x23-\x5B\x5D-\x7E]+$/;
+
+const singleScopeSchema = v.pipe(v.string(), v.regex(SINGLE_SCOPE_RE, `invalid OAuth scope`));
+
+/**
+ * OAuth scope - either:
+ * - a space-separated string (must include "atproto")
+ * - an array of scope strings ('atproto' is added automatically)
+ */
+export const scopeSchema = v.union([
+	v.pipe(
+		atprotoOAuthScopeSchema,
+		v.check((input) => input.split(/\s+/).every(isLastOccurrence), `duplicate scope`),
+	),
+	v.pipe(
+		v.array(singleScopeSchema),
+		v.transform((input) => (input.includes('atproto') ? input : ['atproto', ...input])),
+		v.checkItems(isLastOccurrence, `duplicate scope`),
+	),
+]);

package/lib/schemas/atcute-confidential-client-metadata.ts

@@ -1,13 +1,9 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 
-import { atprotoOAuthScopeSchema } from './atproto-oauth-scope.js';
-import { oauthClientIdDiscoverableSchema } from './oauth-client-id-discoverable.js';
-import { httpsUriSchema, nonLocalWebUriSchema, webUriSchema } from './uri.js';
-import { isLocalHostname } from './utils.js';
-
-const SINGLE_SCOPE_RE = /^[\x21\x23-\x5B\x5D-\x7E]+$/;
-
-const singleScopeSchema = v.string().assert((input) => SINGLE_SCOPE_RE.test(input), `invalid OAuth scope`);
+import { scopeSchema } from './atcute-client-shared.ts';
+import { oauthClientIdDiscoverableSchema } from './oauth-client-id-discoverable.ts';
+import { httpsUriSchema, nonLocalWebUriSchema, webUriSchema } from './uri.ts';
+import { isLocalHostname } from './utils.ts';
 
 /**
  * user-facing client metadata for configuring a confidential OAuth client.
@@ -16,124 +12,98 @@ const singleScopeSchema = v.string().assert((input) => SINGLE_SCOPE_RE.test(inpu
  * the library will fill in atproto-required values like `dpop_bound_access_tokens`,
  * `token_endpoint_auth_method`, and default `grant_types` / `response_types`.
  */
-export const confidentialClientMetadataSchema = v
-	.object({
+export const confidentialClientMetadataSchema = v.pipe(
+	v.looseObject({
 		/** discoverable https client_id URL (where metadata is hosted) */
 		client_id: oauthClientIdDiscoverableSchema,
 
 		/** redirect URIs for authorization responses (must be https) */
-		redirect_uris: v
-			.array(httpsUriSchema)
-			.assert((arr) => arr.length > 0, `must have at least one redirect URI`)
-			.assert((arr) => {
-				for (const uri of arr) {
-					const url = new URL(uri);
-					if (url.username || url.password) {
-						return false;
-					}
-				}
-				return true;
-			}, `redirect URIs must not contain credentials`),
-
-		/**
-		 * OAuth scope - either:
-		 * - a space-separated string (must include "atproto")
-		 * - an array of scope strings ('atproto' is added automatically)
-		 */
-		scope: v.union(
-			atprotoOAuthScopeSchema.chain((input) => {
-				const scopes = input.split(/\s+/);
-
-				for (let i = 0, len = scopes.length; i < len; i++) {
-					const aka = scopes[i];
-
-					for (let j = 0; j < i; j++) {
-						if (aka === scopes[j]) {
-							return v.err(`duplicate "${aka}" scope`);
-						}
-					}
-				}
-
-				return v.ok(input);
-			}),
-			v.array(singleScopeSchema).chain((input) => {
-				if (!input.includes('atproto')) {
-					input = ['atproto', ...input];
-				}
-
-				for (let i = 0, len = input.length; i < len; i++) {
-					const aka = input[i];
-
-					for (let j = 0; j < i; j++) {
-						if (aka === input[j]) {
-							return v.err(`duplicate "${aka}" scope`);
-						}
-					}
-				}
-
-				return v.ok(input);
-			}),
+		redirect_uris: v.pipe(
+			v.array(httpsUriSchema),
+			v.minLength(1, `must have at least one redirect URI`),
+			v.checkItems((uri) => {
+				const url = new URL(uri);
+				return !url.username && !url.password;
+			}, `redirect URI must not contain credentials`),
 		),
 
+		scope: scopeSchema,
+
 		/** optional client homepage */
-		client_uri: webUriSchema.optional(),
+		client_uri: v.optional(webUriSchema),
 		/** optional display name */
-		client_name: v.string().optional(),
+		client_name: v.optional(v.string()),
 		/** optional policy url */
-		policy_uri: nonLocalWebUriSchema.optional(),
+		policy_uri: v.optional(nonLocalWebUriSchema),
 		/** optional terms of service url */
-		tos_uri: nonLocalWebUriSchema.optional(),
+		tos_uri: v.optional(nonLocalWebUriSchema),
 		/** optional logo url */
-		logo_uri: nonLocalWebUriSchema.optional(),
+		logo_uri: v.optional(nonLocalWebUriSchema),
 
 		/** optional JWKS URL; if omitted, the library will inline jwks from the keyset */
-		jwks_uri: httpsUriSchema.optional(),
-	})
-	.chain((input) => {
-		const clientIdUrl = new URL(input.client_id);
-		if (isLocalHostname(clientIdUrl.hostname)) {
-			return v.err({ message: `client_id hostname is invalid`, path: ['client_id'] });
-		}
-
-		if (input.jwks_uri) {
+		jwks_uri: v.optional(httpsUriSchema),
+	}),
+	v.forward(
+		v.check((input) => !isLocalHostname(new URL(input.client_id).hostname), `client_id hostname is invalid`),
+		['client_id'],
+	),
+	v.forward(
+		v.check((input) => {
+			if (!input.jwks_uri) {
+				return true;
+			}
 			const jwksUrl = new URL(input.jwks_uri);
-
-			if (jwksUrl.username || jwksUrl.password) {
-				return v.err({ message: `jwks_uri must not contain credentials`, path: ['jwks_uri'] });
+			return !(jwksUrl.username || jwksUrl.password);
+		}, `jwks_uri must not contain credentials`),
+		['jwks_uri'],
+	),
+	v.forward(
+		v.check((input) => {
+			if (!input.jwks_uri) {
+				return true;
 			}
-
-			if (isLocalHostname(jwksUrl.hostname)) {
-				return v.err({ message: `jwks_uri hostname is invalid`, path: ['jwks_uri'] });
+			return !isLocalHostname(new URL(input.jwks_uri).hostname);
+		}, `jwks_uri hostname is invalid`),
+		['jwks_uri'],
+	),
+	v.forward(
+		v.check((input) => {
+			if (!input.client_uri) {
+				return true;
 			}
-		}
-
-		// for discoverable clients, client_uri (if provided) must be same-origin parent of client_id
-		if (input.client_uri) {
-			const clientUriUrl = new URL(input.client_uri);
-
-			if (isLocalHostname(clientUriUrl.hostname)) {
-				return v.err({ message: `client_uri hostname is invalid`, path: ['client_uri'] });
+			return !isLocalHostname(new URL(input.client_uri).hostname);
+		}, `client_uri hostname is invalid`),
+		['client_uri'],
+	),
+	v.forward(
+		v.check((input) => {
+			if (!input.client_uri) {
+				return true;
 			}
-
-			if (clientUriUrl.origin !== clientIdUrl.origin) {
-				return v.err({
-					message: `client_uri must have the same origin as the client_id`,
-					path: ['client_uri'],
-				});
+			const clientUriUrl = new URL(input.client_uri);
+			const clientIdUrl = new URL(input.client_id);
+			return clientUriUrl.origin === clientIdUrl.origin;
+		}, `client_uri must have the same origin as the client_id`),
+		['client_uri'],
+	),
+	v.forward(
+		v.check((input) => {
+			if (!input.client_uri) {
+				return true;
 			}
-
-			if (clientIdUrl.pathname !== clientUriUrl.pathname) {
-				const prefix = clientUriUrl.pathname.endsWith('/')
-					? clientUriUrl.pathname
-					: `${clientUriUrl.pathname}/`;
-
-				if (!clientIdUrl.pathname.startsWith(prefix)) {
-					return v.err({ message: `client_uri must be a parent URL of the client_id`, path: ['client_uri'] });
-				}
+			// for discoverable clients, client_uri (if provided) must be same-origin parent of client_id
+			const clientUriUrl = new URL(input.client_uri);
+			const clientIdUrl = new URL(input.client_id);
+			if (clientIdUrl.pathname === clientUriUrl.pathname) {
+				return true;
 			}
-		}
-
-		return v.ok(input);
-	});
-
-export type ConfidentialClientMetadata = v.Infer<typeof confidentialClientMetadataSchema>;
+			const prefix = clientUriUrl.pathname.endsWith('/')
+				? clientUriUrl.pathname
+				: `${clientUriUrl.pathname}/`;
+			return clientIdUrl.pathname.startsWith(prefix);
+		}, `client_uri must be a parent URL of the client_id`),
+		['client_uri'],
+	),
+);
+
+export type ConfidentialClientMetadata = v.InferOutput<typeof confidentialClientMetadataSchema>;