@atcute/oauth-types 0.1.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -5
- package/dist/build-client-metadata.d.ts +18 -160
- package/dist/build-client-metadata.d.ts.map +1 -1
- package/dist/build-client-metadata.js +73 -3
- package/dist/build-client-metadata.js.map +1 -1
- package/dist/index.d.ts +31 -30
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/schemas/atcute-client-shared.d.ts +8 -0
- package/dist/schemas/atcute-client-shared.d.ts.map +1 -0
- package/dist/schemas/atcute-client-shared.js +15 -0
- package/dist/schemas/atcute-client-shared.js.map +1 -0
- package/dist/schemas/atcute-confidential-client-metadata.d.ts +228 -4
- package/dist/schemas/atcute-confidential-client-metadata.d.ts.map +1 -1
- package/dist/schemas/atcute-confidential-client-metadata.js +48 -88
- package/dist/schemas/atcute-confidential-client-metadata.js.map +1 -1
- package/dist/schemas/atcute-public-client-metadata.d.ts +95 -0
- package/dist/schemas/atcute-public-client-metadata.d.ts.map +1 -0
- package/dist/schemas/atcute-public-client-metadata.js +74 -0
- package/dist/schemas/atcute-public-client-metadata.js.map +1 -0
- package/dist/schemas/atproto-authorization-server-metadata.d.ts +786 -4
- package/dist/schemas/atproto-authorization-server-metadata.d.ts.map +1 -1
- package/dist/schemas/atproto-authorization-server-metadata.js +2 -18
- package/dist/schemas/atproto-authorization-server-metadata.js.map +1 -1
- package/dist/schemas/atproto-oauth-scope.d.ts +3 -3
- package/dist/schemas/atproto-oauth-scope.d.ts.map +1 -1
- package/dist/schemas/atproto-oauth-scope.js +2 -2
- package/dist/schemas/atproto-oauth-scope.js.map +1 -1
- package/dist/schemas/atproto-oauth-token-response.d.ts +17 -17
- package/dist/schemas/atproto-oauth-token-response.d.ts.map +1 -1
- package/dist/schemas/atproto-oauth-token-response.js +6 -6
- package/dist/schemas/atproto-oauth-token-response.js.map +1 -1
- package/dist/schemas/atproto-protected-resource-metadata.d.ts +100 -4
- package/dist/schemas/atproto-protected-resource-metadata.d.ts.map +1 -1
- package/dist/schemas/atproto-protected-resource-metadata.js +2 -11
- package/dist/schemas/atproto-protected-resource-metadata.js.map +1 -1
- package/dist/schemas/jwk.d.ts +4289 -42
- package/dist/schemas/jwk.d.ts.map +1 -1
- package/dist/schemas/jwk.js +58 -91
- package/dist/schemas/jwk.js.map +1 -1
- package/dist/schemas/jwks.d.ts +87 -42
- package/dist/schemas/jwks.d.ts.map +1 -1
- package/dist/schemas/jwks.js +13 -29
- package/dist/schemas/jwks.js.map +1 -1
- package/dist/schemas/oauth-authorization-details.d.ts +18 -18
- package/dist/schemas/oauth-authorization-details.d.ts.map +1 -1
- package/dist/schemas/oauth-authorization-details.js +7 -7
- package/dist/schemas/oauth-authorization-details.js.map +1 -1
- package/dist/schemas/oauth-authorization-server-metadata.d.ts +462 -48
- package/dist/schemas/oauth-authorization-server-metadata.d.ts.map +1 -1
- package/dist/schemas/oauth-authorization-server-metadata.js +46 -65
- package/dist/schemas/oauth-authorization-server-metadata.js.map +1 -1
- package/dist/schemas/oauth-client-id-discoverable.d.ts +2 -2
- package/dist/schemas/oauth-client-id-discoverable.d.ts.map +1 -1
- package/dist/schemas/oauth-client-id-discoverable.js +20 -22
- package/dist/schemas/oauth-client-id-discoverable.js.map +1 -1
- package/dist/schemas/oauth-client-id.d.ts +3 -3
- package/dist/schemas/oauth-client-id.d.ts.map +1 -1
- package/dist/schemas/oauth-client-id.js +2 -2
- package/dist/schemas/oauth-client-id.js.map +1 -1
- package/dist/schemas/oauth-client-metadata.d.ts +73 -51
- package/dist/schemas/oauth-client-metadata.d.ts.map +1 -1
- package/dist/schemas/oauth-client-metadata.js +33 -40
- package/dist/schemas/oauth-client-metadata.js.map +1 -1
- package/dist/schemas/oauth-code-challenge-method.d.ts +3 -3
- package/dist/schemas/oauth-code-challenge-method.d.ts.map +1 -1
- package/dist/schemas/oauth-code-challenge-method.js +2 -2
- package/dist/schemas/oauth-code-challenge-method.js.map +1 -1
- package/dist/schemas/oauth-endpoint-auth-method.d.ts +3 -3
- package/dist/schemas/oauth-endpoint-auth-method.d.ts.map +1 -1
- package/dist/schemas/oauth-endpoint-auth-method.js +10 -2
- package/dist/schemas/oauth-endpoint-auth-method.js.map +1 -1
- package/dist/schemas/oauth-grant-type.d.ts +3 -3
- package/dist/schemas/oauth-grant-type.d.ts.map +1 -1
- package/dist/schemas/oauth-grant-type.js +10 -3
- package/dist/schemas/oauth-grant-type.js.map +1 -1
- package/dist/schemas/oauth-issuer-identifier.d.ts +3 -3
- package/dist/schemas/oauth-issuer-identifier.d.ts.map +1 -1
- package/dist/schemas/oauth-issuer-identifier.js +16 -9
- package/dist/schemas/oauth-issuer-identifier.js.map +1 -1
- package/dist/schemas/oauth-par-response.d.ts +5 -5
- package/dist/schemas/oauth-par-response.d.ts.map +1 -1
- package/dist/schemas/oauth-par-response.js +3 -3
- package/dist/schemas/oauth-par-response.js.map +1 -1
- package/dist/schemas/oauth-prompt.d.ts +3 -3
- package/dist/schemas/oauth-prompt.d.ts.map +1 -1
- package/dist/schemas/oauth-prompt.js +2 -2
- package/dist/schemas/oauth-prompt.js.map +1 -1
- package/dist/schemas/oauth-protected-resource-metadata.d.ts +88 -16
- package/dist/schemas/oauth-protected-resource-metadata.d.ts.map +1 -1
- package/dist/schemas/oauth-protected-resource-metadata.js +14 -26
- package/dist/schemas/oauth-protected-resource-metadata.js.map +1 -1
- package/dist/schemas/oauth-redirect-uri.d.ts +5 -5
- package/dist/schemas/oauth-redirect-uri.d.ts.map +1 -1
- package/dist/schemas/oauth-redirect-uri.js +3 -16
- package/dist/schemas/oauth-redirect-uri.js.map +1 -1
- package/dist/schemas/oauth-response-mode.d.ts +3 -3
- package/dist/schemas/oauth-response-mode.d.ts.map +1 -1
- package/dist/schemas/oauth-response-mode.js +2 -2
- package/dist/schemas/oauth-response-mode.js.map +1 -1
- package/dist/schemas/oauth-response-type.d.ts +3 -3
- package/dist/schemas/oauth-response-type.d.ts.map +1 -1
- package/dist/schemas/oauth-response-type.js +13 -7
- package/dist/schemas/oauth-response-type.js.map +1 -1
- package/dist/schemas/oauth-scope.d.ts +3 -3
- package/dist/schemas/oauth-scope.d.ts.map +1 -1
- package/dist/schemas/oauth-scope.js +2 -2
- package/dist/schemas/oauth-scope.js.map +1 -1
- package/dist/schemas/oauth-token-response.d.ts +17 -17
- package/dist/schemas/oauth-token-response.d.ts.map +1 -1
- package/dist/schemas/oauth-token-response.js +7 -7
- package/dist/schemas/oauth-token-response.js.map +1 -1
- package/dist/schemas/oauth-token-type.d.ts +3 -3
- package/dist/schemas/oauth-token-type.d.ts.map +1 -1
- package/dist/schemas/oauth-token-type.js +8 -7
- package/dist/schemas/oauth-token-type.js.map +1 -1
- package/dist/schemas/uri.d.ts +7 -7
- package/dist/schemas/uri.d.ts.map +1 -1
- package/dist/schemas/uri.js +44 -44
- package/dist/schemas/uri.js.map +1 -1
- package/dist/schemas/utils.d.ts.map +1 -1
- package/dist/schemas/utils.js.map +1 -1
- package/dist/scope.d.ts.map +1 -1
- package/dist/scope.js.map +1 -1
- package/lib/build-client-metadata.ts +92 -6
- package/lib/index.ts +38 -30
- package/lib/schemas/atcute-client-shared.ts +25 -0
- package/lib/schemas/atcute-confidential-client-metadata.ts +81 -111
- package/lib/schemas/atcute-public-client-metadata.ts +101 -0
- package/lib/schemas/atproto-authorization-server-metadata.ts +22 -23
- package/lib/schemas/atproto-oauth-scope.ts +8 -5
- package/lib/schemas/atproto-oauth-token-response.ts +10 -9
- package/lib/schemas/atproto-protected-resource-metadata.ts +15 -15
- package/lib/schemas/jwk.ts +104 -120
- package/lib/schemas/jwks.ts +28 -40
- package/lib/schemas/oauth-authorization-details.ts +10 -10
- package/lib/schemas/oauth-authorization-server-metadata.ts +72 -74
- package/lib/schemas/oauth-client-id-discoverable.ts +43 -48
- package/lib/schemas/oauth-client-id.ts +3 -3
- package/lib/schemas/oauth-client-metadata.ts +45 -49
- package/lib/schemas/oauth-code-challenge-method.ts +3 -3
- package/lib/schemas/oauth-endpoint-auth-method.ts +11 -11
- package/lib/schemas/oauth-grant-type.ts +11 -11
- package/lib/schemas/oauth-issuer-identifier.ts +35 -27
- package/lib/schemas/oauth-par-response.ts +4 -4
- package/lib/schemas/oauth-prompt.ts +3 -9
- package/lib/schemas/oauth-protected-resource-metadata.ts +26 -35
- package/lib/schemas/oauth-redirect-uri.ts +15 -23
- package/lib/schemas/oauth-response-mode.ts +3 -7
- package/lib/schemas/oauth-response-type.ts +12 -12
- package/lib/schemas/oauth-scope.ts +3 -3
- package/lib/schemas/oauth-token-response.ts +10 -10
- package/lib/schemas/oauth-token-type.ts +16 -12
- package/lib/schemas/uri.ts +89 -76
- package/package.json +9 -8
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as v from '
|
|
1
|
+
import * as v from 'valibot';
|
|
2
2
|
/**
|
|
3
3
|
* user-facing client metadata for configuring a confidential OAuth client.
|
|
4
4
|
*
|
|
@@ -6,7 +6,25 @@ import * as v from '@badrap/valita';
|
|
|
6
6
|
* the library will fill in atproto-required values like `dpop_bound_access_tokens`,
|
|
7
7
|
* `token_endpoint_auth_method`, and default `grant_types` / `response_types`.
|
|
8
8
|
*/
|
|
9
|
-
export declare const confidentialClientMetadataSchema: v.
|
|
9
|
+
export declare const confidentialClientMetadataSchema: v.SchemaWithPipe<readonly [v.LooseObjectSchema<{
|
|
10
|
+
/** discoverable https client_id URL (where metadata is hosted) */
|
|
11
|
+
readonly client_id: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.NonEmptyAction<string, "must not be empty">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.RawCheckAction<string>]>;
|
|
12
|
+
/** redirect URIs for authorization responses (must be https) */
|
|
13
|
+
readonly redirect_uris: v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, undefined>, v.MinLengthAction<string[], 1, "must have at least one redirect URI">, v.CheckItemsAction<string[], "redirect URI must not contain credentials">]>;
|
|
14
|
+
readonly scope: v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid atproto OAuth scope">]>, v.CheckAction<string, "duplicate scope">]>, v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "invalid OAuth scope">]>, undefined>, v.TransformAction<string[], string[]>, v.CheckItemsAction<string[], "duplicate scope">]>], undefined>;
|
|
15
|
+
/** optional client homepage */
|
|
16
|
+
readonly client_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
|
|
17
|
+
/** optional display name */
|
|
18
|
+
readonly client_name: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
|
|
19
|
+
/** optional policy url */
|
|
20
|
+
readonly policy_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
21
|
+
/** optional terms of service url */
|
|
22
|
+
readonly tos_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
23
|
+
/** optional logo url */
|
|
24
|
+
readonly logo_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
25
|
+
/** optional JWKS URL; if omitted, the library will inline jwks from the keyset */
|
|
26
|
+
readonly jwks_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, undefined>;
|
|
27
|
+
}, undefined>, v.BaseValidation<{
|
|
10
28
|
client_id: string;
|
|
11
29
|
redirect_uris: string[];
|
|
12
30
|
scope: string | string[];
|
|
@@ -16,6 +34,212 @@ export declare const confidentialClientMetadataSchema: v.Type<{
|
|
|
16
34
|
tos_uri?: string | undefined;
|
|
17
35
|
logo_uri?: string | undefined;
|
|
18
36
|
jwks_uri?: string | undefined;
|
|
19
|
-
}
|
|
20
|
-
|
|
37
|
+
} & {
|
|
38
|
+
[key: string]: unknown;
|
|
39
|
+
}, {
|
|
40
|
+
client_id: string;
|
|
41
|
+
redirect_uris: string[];
|
|
42
|
+
scope: string | string[];
|
|
43
|
+
client_uri?: string | undefined;
|
|
44
|
+
client_name?: string | undefined;
|
|
45
|
+
policy_uri?: string | undefined;
|
|
46
|
+
tos_uri?: string | undefined;
|
|
47
|
+
logo_uri?: string | undefined;
|
|
48
|
+
jwks_uri?: string | undefined;
|
|
49
|
+
} & {
|
|
50
|
+
[key: string]: unknown;
|
|
51
|
+
}, v.CheckIssue<{
|
|
52
|
+
client_id: string;
|
|
53
|
+
redirect_uris: string[];
|
|
54
|
+
scope: string | string[];
|
|
55
|
+
client_uri?: string | undefined;
|
|
56
|
+
client_name?: string | undefined;
|
|
57
|
+
policy_uri?: string | undefined;
|
|
58
|
+
tos_uri?: string | undefined;
|
|
59
|
+
logo_uri?: string | undefined;
|
|
60
|
+
jwks_uri?: string | undefined;
|
|
61
|
+
} & {
|
|
62
|
+
[key: string]: unknown;
|
|
63
|
+
}>>, v.BaseValidation<{
|
|
64
|
+
client_id: string;
|
|
65
|
+
redirect_uris: string[];
|
|
66
|
+
scope: string | string[];
|
|
67
|
+
client_uri?: string | undefined;
|
|
68
|
+
client_name?: string | undefined;
|
|
69
|
+
policy_uri?: string | undefined;
|
|
70
|
+
tos_uri?: string | undefined;
|
|
71
|
+
logo_uri?: string | undefined;
|
|
72
|
+
jwks_uri?: string | undefined;
|
|
73
|
+
} & {
|
|
74
|
+
[key: string]: unknown;
|
|
75
|
+
}, {
|
|
76
|
+
client_id: string;
|
|
77
|
+
redirect_uris: string[];
|
|
78
|
+
scope: string | string[];
|
|
79
|
+
client_uri?: string | undefined;
|
|
80
|
+
client_name?: string | undefined;
|
|
81
|
+
policy_uri?: string | undefined;
|
|
82
|
+
tos_uri?: string | undefined;
|
|
83
|
+
logo_uri?: string | undefined;
|
|
84
|
+
jwks_uri?: string | undefined;
|
|
85
|
+
} & {
|
|
86
|
+
[key: string]: unknown;
|
|
87
|
+
}, v.CheckIssue<{
|
|
88
|
+
client_id: string;
|
|
89
|
+
redirect_uris: string[];
|
|
90
|
+
scope: string | string[];
|
|
91
|
+
client_uri?: string | undefined;
|
|
92
|
+
client_name?: string | undefined;
|
|
93
|
+
policy_uri?: string | undefined;
|
|
94
|
+
tos_uri?: string | undefined;
|
|
95
|
+
logo_uri?: string | undefined;
|
|
96
|
+
jwks_uri?: string | undefined;
|
|
97
|
+
} & {
|
|
98
|
+
[key: string]: unknown;
|
|
99
|
+
}>>, v.BaseValidation<{
|
|
100
|
+
client_id: string;
|
|
101
|
+
redirect_uris: string[];
|
|
102
|
+
scope: string | string[];
|
|
103
|
+
client_uri?: string | undefined;
|
|
104
|
+
client_name?: string | undefined;
|
|
105
|
+
policy_uri?: string | undefined;
|
|
106
|
+
tos_uri?: string | undefined;
|
|
107
|
+
logo_uri?: string | undefined;
|
|
108
|
+
jwks_uri?: string | undefined;
|
|
109
|
+
} & {
|
|
110
|
+
[key: string]: unknown;
|
|
111
|
+
}, {
|
|
112
|
+
client_id: string;
|
|
113
|
+
redirect_uris: string[];
|
|
114
|
+
scope: string | string[];
|
|
115
|
+
client_uri?: string | undefined;
|
|
116
|
+
client_name?: string | undefined;
|
|
117
|
+
policy_uri?: string | undefined;
|
|
118
|
+
tos_uri?: string | undefined;
|
|
119
|
+
logo_uri?: string | undefined;
|
|
120
|
+
jwks_uri?: string | undefined;
|
|
121
|
+
} & {
|
|
122
|
+
[key: string]: unknown;
|
|
123
|
+
}, v.CheckIssue<{
|
|
124
|
+
client_id: string;
|
|
125
|
+
redirect_uris: string[];
|
|
126
|
+
scope: string | string[];
|
|
127
|
+
client_uri?: string | undefined;
|
|
128
|
+
client_name?: string | undefined;
|
|
129
|
+
policy_uri?: string | undefined;
|
|
130
|
+
tos_uri?: string | undefined;
|
|
131
|
+
logo_uri?: string | undefined;
|
|
132
|
+
jwks_uri?: string | undefined;
|
|
133
|
+
} & {
|
|
134
|
+
[key: string]: unknown;
|
|
135
|
+
}>>, v.BaseValidation<{
|
|
136
|
+
client_id: string;
|
|
137
|
+
redirect_uris: string[];
|
|
138
|
+
scope: string | string[];
|
|
139
|
+
client_uri?: string | undefined;
|
|
140
|
+
client_name?: string | undefined;
|
|
141
|
+
policy_uri?: string | undefined;
|
|
142
|
+
tos_uri?: string | undefined;
|
|
143
|
+
logo_uri?: string | undefined;
|
|
144
|
+
jwks_uri?: string | undefined;
|
|
145
|
+
} & {
|
|
146
|
+
[key: string]: unknown;
|
|
147
|
+
}, {
|
|
148
|
+
client_id: string;
|
|
149
|
+
redirect_uris: string[];
|
|
150
|
+
scope: string | string[];
|
|
151
|
+
client_uri?: string | undefined;
|
|
152
|
+
client_name?: string | undefined;
|
|
153
|
+
policy_uri?: string | undefined;
|
|
154
|
+
tos_uri?: string | undefined;
|
|
155
|
+
logo_uri?: string | undefined;
|
|
156
|
+
jwks_uri?: string | undefined;
|
|
157
|
+
} & {
|
|
158
|
+
[key: string]: unknown;
|
|
159
|
+
}, v.CheckIssue<{
|
|
160
|
+
client_id: string;
|
|
161
|
+
redirect_uris: string[];
|
|
162
|
+
scope: string | string[];
|
|
163
|
+
client_uri?: string | undefined;
|
|
164
|
+
client_name?: string | undefined;
|
|
165
|
+
policy_uri?: string | undefined;
|
|
166
|
+
tos_uri?: string | undefined;
|
|
167
|
+
logo_uri?: string | undefined;
|
|
168
|
+
jwks_uri?: string | undefined;
|
|
169
|
+
} & {
|
|
170
|
+
[key: string]: unknown;
|
|
171
|
+
}>>, v.BaseValidation<{
|
|
172
|
+
client_id: string;
|
|
173
|
+
redirect_uris: string[];
|
|
174
|
+
scope: string | string[];
|
|
175
|
+
client_uri?: string | undefined;
|
|
176
|
+
client_name?: string | undefined;
|
|
177
|
+
policy_uri?: string | undefined;
|
|
178
|
+
tos_uri?: string | undefined;
|
|
179
|
+
logo_uri?: string | undefined;
|
|
180
|
+
jwks_uri?: string | undefined;
|
|
181
|
+
} & {
|
|
182
|
+
[key: string]: unknown;
|
|
183
|
+
}, {
|
|
184
|
+
client_id: string;
|
|
185
|
+
redirect_uris: string[];
|
|
186
|
+
scope: string | string[];
|
|
187
|
+
client_uri?: string | undefined;
|
|
188
|
+
client_name?: string | undefined;
|
|
189
|
+
policy_uri?: string | undefined;
|
|
190
|
+
tos_uri?: string | undefined;
|
|
191
|
+
logo_uri?: string | undefined;
|
|
192
|
+
jwks_uri?: string | undefined;
|
|
193
|
+
} & {
|
|
194
|
+
[key: string]: unknown;
|
|
195
|
+
}, v.CheckIssue<{
|
|
196
|
+
client_id: string;
|
|
197
|
+
redirect_uris: string[];
|
|
198
|
+
scope: string | string[];
|
|
199
|
+
client_uri?: string | undefined;
|
|
200
|
+
client_name?: string | undefined;
|
|
201
|
+
policy_uri?: string | undefined;
|
|
202
|
+
tos_uri?: string | undefined;
|
|
203
|
+
logo_uri?: string | undefined;
|
|
204
|
+
jwks_uri?: string | undefined;
|
|
205
|
+
} & {
|
|
206
|
+
[key: string]: unknown;
|
|
207
|
+
}>>, v.BaseValidation<{
|
|
208
|
+
client_id: string;
|
|
209
|
+
redirect_uris: string[];
|
|
210
|
+
scope: string | string[];
|
|
211
|
+
client_uri?: string | undefined;
|
|
212
|
+
client_name?: string | undefined;
|
|
213
|
+
policy_uri?: string | undefined;
|
|
214
|
+
tos_uri?: string | undefined;
|
|
215
|
+
logo_uri?: string | undefined;
|
|
216
|
+
jwks_uri?: string | undefined;
|
|
217
|
+
} & {
|
|
218
|
+
[key: string]: unknown;
|
|
219
|
+
}, {
|
|
220
|
+
client_id: string;
|
|
221
|
+
redirect_uris: string[];
|
|
222
|
+
scope: string | string[];
|
|
223
|
+
client_uri?: string | undefined;
|
|
224
|
+
client_name?: string | undefined;
|
|
225
|
+
policy_uri?: string | undefined;
|
|
226
|
+
tos_uri?: string | undefined;
|
|
227
|
+
logo_uri?: string | undefined;
|
|
228
|
+
jwks_uri?: string | undefined;
|
|
229
|
+
} & {
|
|
230
|
+
[key: string]: unknown;
|
|
231
|
+
}, v.CheckIssue<{
|
|
232
|
+
client_id: string;
|
|
233
|
+
redirect_uris: string[];
|
|
234
|
+
scope: string | string[];
|
|
235
|
+
client_uri?: string | undefined;
|
|
236
|
+
client_name?: string | undefined;
|
|
237
|
+
policy_uri?: string | undefined;
|
|
238
|
+
tos_uri?: string | undefined;
|
|
239
|
+
logo_uri?: string | undefined;
|
|
240
|
+
jwks_uri?: string | undefined;
|
|
241
|
+
} & {
|
|
242
|
+
[key: string]: unknown;
|
|
243
|
+
}>>]>;
|
|
244
|
+
export type ConfidentialClientMetadata = v.InferOutput<typeof confidentialClientMetadataSchema>;
|
|
21
245
|
//# sourceMappingURL=atcute-confidential-client-metadata.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"atcute-confidential-client-metadata.d.ts","sourceRoot":"","sources":["../../lib/schemas/atcute-confidential-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,
|
|
1
|
+
{"version":3,"file":"atcute-confidential-client-metadata.d.ts","sourceRoot":"","sources":["../../lib/schemas/atcute-confidential-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAO7B;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC;IAE3C,kEAAkE;;IAGlE,gEAAgE;;;IAYhE,+BAA+B;;IAE/B,4BAA4B;;IAE5B,0BAA0B;;IAE1B,oCAAoC;;IAEpC,wBAAwB;;IAGxB,kFAAkF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAgEnF,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,gCAAgC,CAAC,CAAC"}
|
|
@@ -1,10 +1,8 @@
|
|
|
1
|
-
import * as v from '
|
|
2
|
-
import {
|
|
1
|
+
import * as v from 'valibot';
|
|
2
|
+
import { scopeSchema } from './atcute-client-shared.js';
|
|
3
3
|
import { oauthClientIdDiscoverableSchema } from './oauth-client-id-discoverable.js';
|
|
4
4
|
import { httpsUriSchema, nonLocalWebUriSchema, webUriSchema } from './uri.js';
|
|
5
5
|
import { isLocalHostname } from './utils.js';
|
|
6
|
-
const SINGLE_SCOPE_RE = /^[\x21\x23-\x5B\x5D-\x7E]+$/;
|
|
7
|
-
const singleScopeSchema = v.string().assert((input) => SINGLE_SCOPE_RE.test(input), `invalid OAuth scope`);
|
|
8
6
|
/**
|
|
9
7
|
* user-facing client metadata for configuring a confidential OAuth client.
|
|
10
8
|
*
|
|
@@ -12,101 +10,63 @@ const singleScopeSchema = v.string().assert((input) => SINGLE_SCOPE_RE.test(inpu
|
|
|
12
10
|
* the library will fill in atproto-required values like `dpop_bound_access_tokens`,
|
|
13
11
|
* `token_endpoint_auth_method`, and default `grant_types` / `response_types`.
|
|
14
12
|
*/
|
|
15
|
-
export const confidentialClientMetadataSchema = v
|
|
16
|
-
.object({
|
|
13
|
+
export const confidentialClientMetadataSchema = v.pipe(v.looseObject({
|
|
17
14
|
/** discoverable https client_id URL (where metadata is hosted) */
|
|
18
15
|
client_id: oauthClientIdDiscoverableSchema,
|
|
19
16
|
/** redirect URIs for authorization responses (must be https) */
|
|
20
|
-
redirect_uris: v
|
|
21
|
-
|
|
22
|
-
.
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
const url = new URL(uri);
|
|
26
|
-
if (url.username || url.password) {
|
|
27
|
-
return false;
|
|
28
|
-
}
|
|
29
|
-
}
|
|
30
|
-
return true;
|
|
31
|
-
}, `redirect URIs must not contain credentials`),
|
|
32
|
-
/**
|
|
33
|
-
* OAuth scope - either:
|
|
34
|
-
* - a space-separated string (must include "atproto")
|
|
35
|
-
* - an array of scope strings ('atproto' is added automatically)
|
|
36
|
-
*/
|
|
37
|
-
scope: v.union(atprotoOAuthScopeSchema.chain((input) => {
|
|
38
|
-
const scopes = input.split(/\s+/);
|
|
39
|
-
for (let i = 0, len = scopes.length; i < len; i++) {
|
|
40
|
-
const aka = scopes[i];
|
|
41
|
-
for (let j = 0; j < i; j++) {
|
|
42
|
-
if (aka === scopes[j]) {
|
|
43
|
-
return v.err(`duplicate "${aka}" scope`);
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
}
|
|
47
|
-
return v.ok(input);
|
|
48
|
-
}), v.array(singleScopeSchema).chain((input) => {
|
|
49
|
-
if (!input.includes('atproto')) {
|
|
50
|
-
input = ['atproto', ...input];
|
|
51
|
-
}
|
|
52
|
-
for (let i = 0, len = input.length; i < len; i++) {
|
|
53
|
-
const aka = input[i];
|
|
54
|
-
for (let j = 0; j < i; j++) {
|
|
55
|
-
if (aka === input[j]) {
|
|
56
|
-
return v.err(`duplicate "${aka}" scope`);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
|
-
return v.ok(input);
|
|
61
|
-
})),
|
|
17
|
+
redirect_uris: v.pipe(v.array(httpsUriSchema), v.minLength(1, `must have at least one redirect URI`), v.checkItems((uri) => {
|
|
18
|
+
const url = new URL(uri);
|
|
19
|
+
return !url.username && !url.password;
|
|
20
|
+
}, `redirect URI must not contain credentials`)),
|
|
21
|
+
scope: scopeSchema,
|
|
62
22
|
/** optional client homepage */
|
|
63
|
-
client_uri:
|
|
23
|
+
client_uri: v.optional(webUriSchema),
|
|
64
24
|
/** optional display name */
|
|
65
|
-
client_name: v.
|
|
25
|
+
client_name: v.optional(v.string()),
|
|
66
26
|
/** optional policy url */
|
|
67
|
-
policy_uri:
|
|
27
|
+
policy_uri: v.optional(nonLocalWebUriSchema),
|
|
68
28
|
/** optional terms of service url */
|
|
69
|
-
tos_uri:
|
|
29
|
+
tos_uri: v.optional(nonLocalWebUriSchema),
|
|
70
30
|
/** optional logo url */
|
|
71
|
-
logo_uri:
|
|
31
|
+
logo_uri: v.optional(nonLocalWebUriSchema),
|
|
72
32
|
/** optional JWKS URL; if omitted, the library will inline jwks from the keyset */
|
|
73
|
-
jwks_uri:
|
|
74
|
-
})
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
if (isLocalHostname(clientIdUrl.hostname)) {
|
|
78
|
-
return v.err({ message: `client_id hostname is invalid`, path: ['client_id'] });
|
|
33
|
+
jwks_uri: v.optional(httpsUriSchema),
|
|
34
|
+
}), v.forward(v.check((input) => !isLocalHostname(new URL(input.client_id).hostname), `client_id hostname is invalid`), ['client_id']), v.forward(v.check((input) => {
|
|
35
|
+
if (!input.jwks_uri) {
|
|
36
|
+
return true;
|
|
79
37
|
}
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
38
|
+
const jwksUrl = new URL(input.jwks_uri);
|
|
39
|
+
return !(jwksUrl.username || jwksUrl.password);
|
|
40
|
+
}, `jwks_uri must not contain credentials`), ['jwks_uri']), v.forward(v.check((input) => {
|
|
41
|
+
if (!input.jwks_uri) {
|
|
42
|
+
return true;
|
|
43
|
+
}
|
|
44
|
+
return !isLocalHostname(new URL(input.jwks_uri).hostname);
|
|
45
|
+
}, `jwks_uri hostname is invalid`), ['jwks_uri']), v.forward(v.check((input) => {
|
|
46
|
+
if (!input.client_uri) {
|
|
47
|
+
return true;
|
|
48
|
+
}
|
|
49
|
+
return !isLocalHostname(new URL(input.client_uri).hostname);
|
|
50
|
+
}, `client_uri hostname is invalid`), ['client_uri']), v.forward(v.check((input) => {
|
|
51
|
+
if (!input.client_uri) {
|
|
52
|
+
return true;
|
|
53
|
+
}
|
|
54
|
+
const clientUriUrl = new URL(input.client_uri);
|
|
55
|
+
const clientIdUrl = new URL(input.client_id);
|
|
56
|
+
return clientUriUrl.origin === clientIdUrl.origin;
|
|
57
|
+
}, `client_uri must have the same origin as the client_id`), ['client_uri']), v.forward(v.check((input) => {
|
|
58
|
+
if (!input.client_uri) {
|
|
59
|
+
return true;
|
|
88
60
|
}
|
|
89
61
|
// for discoverable clients, client_uri (if provided) must be same-origin parent of client_id
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
}
|
|
95
|
-
if (clientUriUrl.origin !== clientIdUrl.origin) {
|
|
96
|
-
return v.err({
|
|
97
|
-
message: `client_uri must have the same origin as the client_id`,
|
|
98
|
-
path: ['client_uri'],
|
|
99
|
-
});
|
|
100
|
-
}
|
|
101
|
-
if (clientIdUrl.pathname !== clientUriUrl.pathname) {
|
|
102
|
-
const prefix = clientUriUrl.pathname.endsWith('/')
|
|
103
|
-
? clientUriUrl.pathname
|
|
104
|
-
: `${clientUriUrl.pathname}/`;
|
|
105
|
-
if (!clientIdUrl.pathname.startsWith(prefix)) {
|
|
106
|
-
return v.err({ message: `client_uri must be a parent URL of the client_id`, path: ['client_uri'] });
|
|
107
|
-
}
|
|
108
|
-
}
|
|
62
|
+
const clientUriUrl = new URL(input.client_uri);
|
|
63
|
+
const clientIdUrl = new URL(input.client_id);
|
|
64
|
+
if (clientIdUrl.pathname === clientUriUrl.pathname) {
|
|
65
|
+
return true;
|
|
109
66
|
}
|
|
110
|
-
|
|
111
|
-
|
|
67
|
+
const prefix = clientUriUrl.pathname.endsWith('/')
|
|
68
|
+
? clientUriUrl.pathname
|
|
69
|
+
: `${clientUriUrl.pathname}/`;
|
|
70
|
+
return clientIdUrl.pathname.startsWith(prefix);
|
|
71
|
+
}, `client_uri must be a parent URL of the client_id`), ['client_uri']));
|
|
112
72
|
//# sourceMappingURL=atcute-confidential-client-metadata.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"atcute-confidential-client-metadata.js","sourceRoot":"","sources":["../../lib/schemas/atcute-confidential-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,
|
|
1
|
+
{"version":3,"file":"atcute-confidential-client-metadata.js","sourceRoot":"","sources":["../../lib/schemas/atcute-confidential-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE7C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,WAAW,CAAC;IACb,kEAAkE;IAClE,SAAS,EAAE,+BAA+B;IAE1C,gEAAgE;IAChE,aAAa,EAAE,CAAC,CAAC,IAAI,CACpB,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,EACvB,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,qCAAqC,CAAC,EACrD,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;QACpB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;IACvC,CAAC,EAAE,2CAA2C,CAAC,CAC/C;IAED,KAAK,EAAE,WAAW;IAElB,+BAA+B;IAC/B,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IACpC,4BAA4B;IAC5B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACnC,0BAA0B;IAC1B,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IAC5C,oCAAoC;IACpC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACzC,wBAAwB;IACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IAE1C,kFAAkF;IAClF,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;CACpC,CAAC,EACF,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,EAAE,+BAA+B,CAAC,EACxG,CAAC,WAAW,CAAC,CACb,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACjB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC,EAAE,uCAAuC,CAAC,EAC3C,CAAC,UAAU,CAAC,CACZ,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACjB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC,EAAE,8BAA8B,CAAC,EAClC,CAAC,UAAU,CAAC,CACZ,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACjB,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC7D,CAAC,EAAE,gCAAgC,CAAC,EACpC,CAAC,YAAY,CAAC,CACd,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACjB,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,OAAO,YAAY,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,CAAC;AACnD,CAAC,EAAE,uDAAuD,CAAC,EAC3D,CAAC,YAAY,CAAC,CACd,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACjB,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACb,CAAC;IACD,6FAA6F;IAC7F,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,IAAI,WAAW,CAAC,QAAQ,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;QACpD,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QACjD,CAAC,CAAC,YAAY,CAAC,QAAQ;QACvB,CAAC,CAAC,GAAG,YAAY,CAAC,QAAQ,GAAG,CAAC;IAC/B,OAAO,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAChD,CAAC,EAAE,kDAAkD,CAAC,EACtD,CAAC,YAAY,CAAC,CACd,CACD,CAAC"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
import * as v from 'valibot';
|
|
2
|
+
/**
|
|
3
|
+
* user-facing client metadata for configuring a loopback public OAuth client.
|
|
4
|
+
*
|
|
5
|
+
* loopback clients are for localhost development and CLI tools. they use
|
|
6
|
+
* `http://localhost` as the client_id origin, which is built automatically
|
|
7
|
+
* from the redirect_uris and scope.
|
|
8
|
+
*/
|
|
9
|
+
export declare const loopbackClientMetadataSchema: v.LooseObjectSchema<{
|
|
10
|
+
/** must not be provided for loopback clients */
|
|
11
|
+
readonly client_id: v.OptionalSchema<v.UndefinedSchema<undefined>, undefined>;
|
|
12
|
+
/**
|
|
13
|
+
* redirect URIs for authorization responses.
|
|
14
|
+
*
|
|
15
|
+
* must be loopback IP addresses (127.0.0.1 or [::1]).
|
|
16
|
+
* per RFC 8252, port numbers are ignored during redirect URI matching,
|
|
17
|
+
* allowing ephemeral ports.
|
|
18
|
+
*/
|
|
19
|
+
readonly redirect_uris: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.ArraySchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.CheckAction<string, "use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: loopback, https:, or a private-use scheme">, undefined>, v.MinLengthAction<string[], 1, "must have at least one redirect URI">, v.CheckItemsAction<string[], "redirect URI must not contain credentials">]>, v.CheckItemsAction<string[], "loopback clients require loopback redirect URIs (127.0.0.1 or [::1])">]>;
|
|
20
|
+
/** OAuth scope (must include "atproto") */
|
|
21
|
+
readonly scope: v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid atproto OAuth scope">]>, v.CheckAction<string, "duplicate scope">]>, v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "invalid OAuth scope">]>, undefined>, v.TransformAction<string[], string[]>, v.CheckItemsAction<string[], "duplicate scope">]>], undefined>;
|
|
22
|
+
}, undefined>;
|
|
23
|
+
export type LoopbackClientMetadata = v.InferOutput<typeof loopbackClientMetadataSchema>;
|
|
24
|
+
/**
|
|
25
|
+
* user-facing client metadata for configuring a discoverable public OAuth client.
|
|
26
|
+
*
|
|
27
|
+
* discoverable public clients have an HTTPS client_id URL where metadata is hosted,
|
|
28
|
+
* but don't use a keyset (token_endpoint_auth_method: 'none').
|
|
29
|
+
*/
|
|
30
|
+
export declare const discoverablePublicClientMetadataSchema: v.LooseObjectSchema<{
|
|
31
|
+
/** discoverable HTTPS client_id URL */
|
|
32
|
+
readonly client_id: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.NonEmptyAction<string, "must not be empty">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.RawCheckAction<string>]>;
|
|
33
|
+
/** redirect URIs for authorization responses */
|
|
34
|
+
readonly redirect_uris: v.SchemaWithPipe<readonly [v.ArraySchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.CheckAction<string, "use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: loopback, https:, or a private-use scheme">, undefined>, v.MinLengthAction<string[], 1, "must have at least one redirect URI">, v.CheckItemsAction<string[], "redirect URI must not contain credentials">]>;
|
|
35
|
+
/** OAuth scope (must include "atproto") */
|
|
36
|
+
readonly scope: v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid atproto OAuth scope">]>, v.CheckAction<string, "duplicate scope">]>, v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "invalid OAuth scope">]>, undefined>, v.TransformAction<string[], string[]>, v.CheckItemsAction<string[], "duplicate scope">]>], undefined>;
|
|
37
|
+
/**
|
|
38
|
+
* application type - defaults to 'web'.
|
|
39
|
+
*/
|
|
40
|
+
readonly application_type: v.OptionalSchema<v.PicklistSchema<["web", "native"], undefined>, undefined>;
|
|
41
|
+
/** optional client homepage */
|
|
42
|
+
readonly client_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
|
|
43
|
+
/** optional display name */
|
|
44
|
+
readonly client_name: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
|
|
45
|
+
/** optional policy url */
|
|
46
|
+
readonly policy_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
47
|
+
/** optional terms of service url */
|
|
48
|
+
readonly tos_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
49
|
+
/** optional logo url */
|
|
50
|
+
readonly logo_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
51
|
+
}, undefined>;
|
|
52
|
+
export type DiscoverablePublicClientMetadata = v.InferOutput<typeof discoverablePublicClientMetadataSchema>;
|
|
53
|
+
/**
|
|
54
|
+
* user-facing client metadata for configuring a public OAuth client.
|
|
55
|
+
*
|
|
56
|
+
* - if `client_id` is omitted: loopback client (for localhost dev / CLI tools)
|
|
57
|
+
* - if `client_id` is provided: discoverable public client (HTTPS URL)
|
|
58
|
+
*/
|
|
59
|
+
export declare const publicClientMetadataSchema: v.UnionSchema<[v.LooseObjectSchema<{
|
|
60
|
+
/** must not be provided for loopback clients */
|
|
61
|
+
readonly client_id: v.OptionalSchema<v.UndefinedSchema<undefined>, undefined>;
|
|
62
|
+
/**
|
|
63
|
+
* redirect URIs for authorization responses.
|
|
64
|
+
*
|
|
65
|
+
* must be loopback IP addresses (127.0.0.1 or [::1]).
|
|
66
|
+
* per RFC 8252, port numbers are ignored during redirect URI matching,
|
|
67
|
+
* allowing ephemeral ports.
|
|
68
|
+
*/
|
|
69
|
+
readonly redirect_uris: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.ArraySchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.CheckAction<string, "use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: loopback, https:, or a private-use scheme">, undefined>, v.MinLengthAction<string[], 1, "must have at least one redirect URI">, v.CheckItemsAction<string[], "redirect URI must not contain credentials">]>, v.CheckItemsAction<string[], "loopback clients require loopback redirect URIs (127.0.0.1 or [::1])">]>;
|
|
70
|
+
/** OAuth scope (must include "atproto") */
|
|
71
|
+
readonly scope: v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid atproto OAuth scope">]>, v.CheckAction<string, "duplicate scope">]>, v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "invalid OAuth scope">]>, undefined>, v.TransformAction<string[], string[]>, v.CheckItemsAction<string[], "duplicate scope">]>], undefined>;
|
|
72
|
+
}, undefined>, v.LooseObjectSchema<{
|
|
73
|
+
/** discoverable HTTPS client_id URL */
|
|
74
|
+
readonly client_id: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.NonEmptyAction<string, "must not be empty">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.RawCheckAction<string>]>;
|
|
75
|
+
/** redirect URIs for authorization responses */
|
|
76
|
+
readonly redirect_uris: v.SchemaWithPipe<readonly [v.ArraySchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.CheckAction<string, "use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: loopback, https:, or a private-use scheme">, undefined>, v.MinLengthAction<string[], 1, "must have at least one redirect URI">, v.CheckItemsAction<string[], "redirect URI must not contain credentials">]>;
|
|
77
|
+
/** OAuth scope (must include "atproto") */
|
|
78
|
+
readonly scope: v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid atproto OAuth scope">]>, v.CheckAction<string, "duplicate scope">]>, v.SchemaWithPipe<readonly [v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "invalid OAuth scope">]>, undefined>, v.TransformAction<string[], string[]>, v.CheckItemsAction<string[], "duplicate scope">]>], undefined>;
|
|
79
|
+
/**
|
|
80
|
+
* application type - defaults to 'web'.
|
|
81
|
+
*/
|
|
82
|
+
readonly application_type: v.OptionalSchema<v.PicklistSchema<["web", "native"], undefined>, undefined>;
|
|
83
|
+
/** optional client homepage */
|
|
84
|
+
readonly client_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
|
|
85
|
+
/** optional display name */
|
|
86
|
+
readonly client_name: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
|
|
87
|
+
/** optional policy url */
|
|
88
|
+
readonly policy_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
89
|
+
/** optional terms of service url */
|
|
90
|
+
readonly tos_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
91
|
+
/** optional logo url */
|
|
92
|
+
readonly logo_uri: v.OptionalSchema<v.SchemaWithPipe<readonly [v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, v.CheckAction<string, "hostname is invalid">]>, undefined>;
|
|
93
|
+
}, undefined>], undefined>;
|
|
94
|
+
export type PublicClientMetadata = v.InferOutput<typeof publicClientMetadataSchema>;
|
|
95
|
+
//# sourceMappingURL=atcute-public-client-metadata.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"atcute-public-client-metadata.d.ts","sourceRoot":"","sources":["../../lib/schemas/atcute-public-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AA4B7B;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B;IACxC,gDAAgD;;IAGhD;;;;;;OAMG;;IAGH,2CAA2C;;aAE1C,CAAC;AAEH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAExF;;;;;GAKG;AACH,eAAO,MAAM,sCAAsC;IAClD,uCAAuC;;IAGvC,gDAAgD;;IAGhD,2CAA2C;;IAG3C;;OAEG;;IAGH,+BAA+B;;IAE/B,4BAA4B;;IAE5B,0BAA0B;;IAE1B,oCAAoC;;IAEpC,wBAAwB;;aAEvB,CAAC;AAEH,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,sCAAsC,CAAC,CAAC;AAE5G;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B;IA3DtC,gDAAgD;;IAGhD;;;;;;OAMG;;IAGH,2CAA2C;;;IAa3C,uCAAuC;;IAGvC,gDAAgD;;IAGhD,2CAA2C;;IAG3C;;OAEG;;IAGH,+BAA+B;;IAE/B,4BAA4B;;IAE5B,0BAA0B;;IAE1B,oCAAoC;;IAEpC,wBAAwB;;0BAevB,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,0BAA0B,CAAC,CAAC"}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import * as v from 'valibot';
|
|
2
|
+
import { scopeSchema } from './atcute-client-shared.js';
|
|
3
|
+
import { oauthClientIdDiscoverableSchema } from './oauth-client-id-discoverable.js';
|
|
4
|
+
import { loopbackRedirectUriSchema, oauthRedirectUriSchema } from './oauth-redirect-uri.js';
|
|
5
|
+
import { nonLocalWebUriSchema, webUriSchema } from './uri.js';
|
|
6
|
+
const redirectUrisSchema = v.pipe(v.array(oauthRedirectUriSchema), v.minLength(1, `must have at least one redirect URI`), v.checkItems((uri) => {
|
|
7
|
+
// private-use URIs don't have URL-style credentials
|
|
8
|
+
if (!uri.includes('://')) {
|
|
9
|
+
return true;
|
|
10
|
+
}
|
|
11
|
+
const url = new URL(uri);
|
|
12
|
+
return !url.username && !url.password;
|
|
13
|
+
}, `redirect URI must not contain credentials`));
|
|
14
|
+
const loopbackRedirectUrisSchema = v.pipe(redirectUrisSchema, v.checkItems((uri) => v.is(loopbackRedirectUriSchema, uri), `loopback clients require loopback redirect URIs (127.0.0.1 or [::1])`));
|
|
15
|
+
/**
|
|
16
|
+
* user-facing client metadata for configuring a loopback public OAuth client.
|
|
17
|
+
*
|
|
18
|
+
* loopback clients are for localhost development and CLI tools. they use
|
|
19
|
+
* `http://localhost` as the client_id origin, which is built automatically
|
|
20
|
+
* from the redirect_uris and scope.
|
|
21
|
+
*/
|
|
22
|
+
export const loopbackClientMetadataSchema = v.looseObject({
|
|
23
|
+
/** must not be provided for loopback clients */
|
|
24
|
+
client_id: v.optional(v.undefined()),
|
|
25
|
+
/**
|
|
26
|
+
* redirect URIs for authorization responses.
|
|
27
|
+
*
|
|
28
|
+
* must be loopback IP addresses (127.0.0.1 or [::1]).
|
|
29
|
+
* per RFC 8252, port numbers are ignored during redirect URI matching,
|
|
30
|
+
* allowing ephemeral ports.
|
|
31
|
+
*/
|
|
32
|
+
redirect_uris: loopbackRedirectUrisSchema,
|
|
33
|
+
/** OAuth scope (must include "atproto") */
|
|
34
|
+
scope: scopeSchema,
|
|
35
|
+
});
|
|
36
|
+
/**
|
|
37
|
+
* user-facing client metadata for configuring a discoverable public OAuth client.
|
|
38
|
+
*
|
|
39
|
+
* discoverable public clients have an HTTPS client_id URL where metadata is hosted,
|
|
40
|
+
* but don't use a keyset (token_endpoint_auth_method: 'none').
|
|
41
|
+
*/
|
|
42
|
+
export const discoverablePublicClientMetadataSchema = v.looseObject({
|
|
43
|
+
/** discoverable HTTPS client_id URL */
|
|
44
|
+
client_id: oauthClientIdDiscoverableSchema,
|
|
45
|
+
/** redirect URIs for authorization responses */
|
|
46
|
+
redirect_uris: redirectUrisSchema,
|
|
47
|
+
/** OAuth scope (must include "atproto") */
|
|
48
|
+
scope: scopeSchema,
|
|
49
|
+
/**
|
|
50
|
+
* application type - defaults to 'web'.
|
|
51
|
+
*/
|
|
52
|
+
application_type: v.optional(v.picklist(['web', 'native'])),
|
|
53
|
+
/** optional client homepage */
|
|
54
|
+
client_uri: v.optional(webUriSchema),
|
|
55
|
+
/** optional display name */
|
|
56
|
+
client_name: v.optional(v.string()),
|
|
57
|
+
/** optional policy url */
|
|
58
|
+
policy_uri: v.optional(nonLocalWebUriSchema),
|
|
59
|
+
/** optional terms of service url */
|
|
60
|
+
tos_uri: v.optional(nonLocalWebUriSchema),
|
|
61
|
+
/** optional logo url */
|
|
62
|
+
logo_uri: v.optional(nonLocalWebUriSchema),
|
|
63
|
+
});
|
|
64
|
+
/**
|
|
65
|
+
* user-facing client metadata for configuring a public OAuth client.
|
|
66
|
+
*
|
|
67
|
+
* - if `client_id` is omitted: loopback client (for localhost dev / CLI tools)
|
|
68
|
+
* - if `client_id` is provided: discoverable public client (HTTPS URL)
|
|
69
|
+
*/
|
|
70
|
+
export const publicClientMetadataSchema = v.union([
|
|
71
|
+
loopbackClientMetadataSchema,
|
|
72
|
+
discoverablePublicClientMetadataSchema,
|
|
73
|
+
]);
|
|
74
|
+
//# sourceMappingURL=atcute-public-client-metadata.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"atcute-public-client-metadata.js","sourceRoot":"","sources":["../../lib/schemas/atcute-public-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EAAE,yBAAyB,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAC5F,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAE9D,MAAM,kBAAkB,GAAG,CAAC,CAAC,IAAI,CAChC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAC/B,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,qCAAqC,CAAC,EACrD,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;IACpB,oDAAoD;IACpD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;AACvC,CAAC,EAAE,2CAA2C,CAAC,CAC/C,CAAC;AAEF,MAAM,0BAA0B,GAAG,CAAC,CAAC,IAAI,CACxC,kBAAkB,EAClB,CAAC,CAAC,UAAU,CACX,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,yBAAyB,EAAE,GAAG,CAAC,EAC7C,sEAAsE,CACtE,CACD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,WAAW,CAAC;IACzD,gDAAgD;IAChD,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IAEpC;;;;;;OAMG;IACH,aAAa,EAAE,0BAA0B;IAEzC,2CAA2C;IAC3C,KAAK,EAAE,WAAW;CAClB,CAAC,CAAC;AAIH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,WAAW,CAAC;IACnE,uCAAuC;IACvC,SAAS,EAAE,+BAA+B;IAE1C,gDAAgD;IAChD,aAAa,EAAE,kBAAkB;IAEjC,2CAA2C;IAC3C,KAAK,EAAE,WAAW;IAElB;;OAEG;IACH,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE3D,+BAA+B;IAC/B,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IACpC,4BAA4B;IAC5B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACnC,0BAA0B;IAC1B,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IAC5C,oCAAoC;IACpC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACzC,wBAAwB;IACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;CAC1C,CAAC,CAAC;AAIH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC;IACjD,4BAA4B;IAC5B,sCAAsC;CACtC,CAAC,CAAC"}
|