@atcute/oauth-types 0.1.0 → 1.0.0

package/dist/schemas/oauth-authorization-server-metadata.js

@@ -1,4 +1,4 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js';
 import { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js';
 import { oauthPromptSchema } from './oauth-prompt.js';
@@ -6,76 +6,57 @@ import { webUriSchema } from './uri.js';
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
  */
-export const oauthAuthorizationServerMetadataSchema = v.object({
+export const oauthAuthorizationServerMetadataSchema = v.looseObject({
     issuer: oauthIssuerIdentifierSchema,
-    claims_supported: v.array(v.string()).optional(),
-    claims_locales_supported: v.array(v.string()).optional(),
-    claims_parameter_supported: v.boolean().optional(),
-    request_parameter_supported: v.boolean().optional(),
-    request_uri_parameter_supported: v.boolean().optional(),
-    require_request_uri_registration: v.boolean().optional(),
-    scopes_supported: v.array(v.string()).optional(),
-    subject_types_supported: v.array(v.string()).optional(),
-    response_types_supported: v.array(v.string()).optional(),
-    response_modes_supported: v.array(v.string()).optional(),
-    grant_types_supported: v.array(v.string()).optional(),
-    code_challenge_methods_supported: v.array(oauthCodeChallengeMethodSchema).optional(),
-    ui_locales_supported: v.array(v.string()).optional(),
-    id_token_signing_alg_values_supported: v.array(v.string()).optional(),
-    display_values_supported: v.array(v.string()).optional(),
-    prompt_values_supported: v.array(oauthPromptSchema).optional(),
-    request_object_signing_alg_values_supported: v.array(v.string()).optional(),
-    authorization_response_iss_parameter_supported: v.boolean().optional(),
-    authorization_details_types_supported: v.array(v.string()).optional(),
-    request_object_encryption_alg_values_supported: v.array(v.string()).optional(),
-    request_object_encryption_enc_values_supported: v.array(v.string()).optional(),
-    jwks_uri: webUriSchema.optional(),
+    claims_supported: v.optional(v.array(v.string())),
+    claims_locales_supported: v.optional(v.array(v.string())),
+    claims_parameter_supported: v.optional(v.boolean()),
+    request_parameter_supported: v.optional(v.boolean()),
+    request_uri_parameter_supported: v.optional(v.boolean()),
+    require_request_uri_registration: v.optional(v.boolean()),
+    scopes_supported: v.optional(v.array(v.string())),
+    subject_types_supported: v.optional(v.array(v.string())),
+    response_types_supported: v.optional(v.array(v.string())),
+    response_modes_supported: v.optional(v.array(v.string())),
+    grant_types_supported: v.optional(v.array(v.string())),
+    code_challenge_methods_supported: v.optional(v.array(oauthCodeChallengeMethodSchema)),
+    ui_locales_supported: v.optional(v.array(v.string())),
+    id_token_signing_alg_values_supported: v.optional(v.array(v.string())),
+    display_values_supported: v.optional(v.array(v.string())),
+    prompt_values_supported: v.optional(v.array(oauthPromptSchema)),
+    request_object_signing_alg_values_supported: v.optional(v.array(v.string())),
+    authorization_response_iss_parameter_supported: v.optional(v.boolean()),
+    authorization_details_types_supported: v.optional(v.array(v.string())),
+    request_object_encryption_alg_values_supported: v.optional(v.array(v.string())),
+    request_object_encryption_enc_values_supported: v.optional(v.array(v.string())),
+    jwks_uri: v.optional(webUriSchema),
     authorization_endpoint: webUriSchema,
     token_endpoint: webUriSchema,
     // https://www.rfc-editor.org/rfc/rfc8414.html#section-2
-    token_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-    token_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
-    revocation_endpoint: webUriSchema.optional(),
-    revocation_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-    revocation_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
-    introspection_endpoint: webUriSchema.optional(),
-    introspection_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-    introspection_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
-    pushed_authorization_request_endpoint: webUriSchema.optional(),
-    pushed_authorization_request_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-    pushed_authorization_request_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
-    require_pushed_authorization_requests: v.boolean().optional(),
-    userinfo_endpoint: webUriSchema.optional(),
-    end_session_endpoint: webUriSchema.optional(),
-    registration_endpoint: webUriSchema.optional(),
+    token_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+    token_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
+    revocation_endpoint: v.optional(webUriSchema),
+    revocation_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+    revocation_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
+    introspection_endpoint: v.optional(webUriSchema),
+    introspection_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+    introspection_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
+    pushed_authorization_request_endpoint: v.optional(webUriSchema),
+    pushed_authorization_request_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+    pushed_authorization_request_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
+    require_pushed_authorization_requests: v.optional(v.boolean()),
+    userinfo_endpoint: v.optional(webUriSchema),
+    end_session_endpoint: v.optional(webUriSchema),
+    registration_endpoint: v.optional(webUriSchema),
     // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1
-    dpop_signing_alg_values_supported: v.array(v.string()).optional(),
+    dpop_signing_alg_values_supported: v.optional(v.array(v.string())),
     // https://www.rfc-editor.org/rfc/rfc9728.html#section-4
-    protected_resources: v.array(webUriSchema).optional(),
+    protected_resources: v.optional(v.array(webUriSchema)),
     // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
-    client_id_metadata_document_supported: v.boolean().optional(),
-});
-export const oauthAuthorizationServerMetadataValidator = oauthAuthorizationServerMetadataSchema.chain((data) => {
-    if (data.require_pushed_authorization_requests && !data.pushed_authorization_request_endpoint) {
-        return v.err({
-            message: `"pushed_authorization_request_endpoint" required when "require_pushed_authorization_requests" is true`,
-            path: ['pushed_authorization_request_endpoint'],
-        });
-    }
-    if (data.response_types_supported && !data.response_types_supported.includes('code')) {
-        return v.err({
-            message: `response type "code" is required`,
-            path: ['response_types_supported'],
-        });
-    }
-    if (data.token_endpoint_auth_signing_alg_values_supported?.includes('none')) {
-        // https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3
-        // > The value `none` MUST NOT be used.
-        return v.err({
-            message: `client authentication method "none" is not allowed`,
-            path: ['token_endpoint_auth_signing_alg_values_supported'],
-        });
-    }
-    return v.ok(data);
+    client_id_metadata_document_supported: v.optional(v.boolean()),
 });
+export const oauthAuthorizationServerMetadataValidator = v.pipe(oauthAuthorizationServerMetadataSchema, v.forward(v.check((data) => !data.require_pushed_authorization_requests || !!data.pushed_authorization_request_endpoint, `"pushed_authorization_request_endpoint" required when "require_pushed_authorization_requests" is true`), ['pushed_authorization_request_endpoint']), v.forward(v.check((data) => !data.response_types_supported || data.response_types_supported.includes('code'), `response type "code" is required`), ['response_types_supported']), v.forward(v.check((data) => !data.token_endpoint_auth_signing_alg_values_supported?.includes('none'), 
+// https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3
+// > The value `none` MUST NOT be used.
+`client authentication method "none" is not allowed`), ['token_endpoint_auth_signing_alg_values_supported']));
 //# sourceMappingURL=oauth-authorization-server-metadata.js.map

package/dist/schemas/oauth-authorization-server-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../../lib/schemas/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AAEpC,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC;;GAEG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9D,MAAM,EAAE,2BAA2B;IAEnC,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,QAAQ,EAAE;IACpF,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,uBAAuB,EAAE,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE;IAC9D,2CAA2C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC9E,8CAA8C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAE9E,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,YAAY;IAEpC,cAAc,EAAE,YAAY;IAC5B,wDAAwD;IACxD,qCAAqC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEhF,mBAAmB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC5C,0CAA0C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1E,qDAAqD,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAErF,sBAAsB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC/C,6CAA6C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7E,wDAAwD,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAExF,qCAAqC,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC9D,4DAA4D,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5F,uEAAuE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvG,qCAAqC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wDAAwD;IACxD,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,uFAAuF;IACvF,qCAAqC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC7D,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,yCAAyC,GAAG,sCAAsC,CAAC,KAAK,CACpG,CAAC,IAAI,EAAE,EAAE,CAAC;IACT,IAAI,IAAI,CAAC,qCAAqC,IAAI,CAAC,IAAI,CAAC,qCAAqC,EAAE,CAAC;QAC/F,OAAO,CAAC,CAAC,GAAG,CAAC;YACZ,OAAO,EAAE,uGAAuG;YAChH,IAAI,EAAE,CAAC,uCAAuC,CAAC;SAC/C,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,wBAAwB,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,CAAC,GAAG,CAAC;YACZ,OAAO,EAAE,kCAAkC;YAC3C,IAAI,EAAE,CAAC,0BAA0B,CAAC;SAClC,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7E,2EAA2E;QAC3E,uCAAuC;QACvC,OAAO,CAAC,CAAC,GAAG,CAAC;YACZ,OAAO,EAAE,oDAAoD;YAC7D,IAAI,EAAE,CAAC,kDAAkD,CAAC;SAC1D,CAAC,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;AAAA,CAClB,CACD,CAAC"}
+{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../../lib/schemas/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC;;GAEG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,WAAW,CAAC;IACnE,MAAM,EAAE,2BAA2B;IAEnC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,wBAAwB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,0BAA0B,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IACnD,2BAA2B,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IACpD,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IACxD,gCAAgC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IACzD,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACxD,wBAAwB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,wBAAwB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,gCAAgC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACrF,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,qCAAqC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,wBAAwB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC/D,2CAA2C,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5E,8CAA8C,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IACvE,qCAAqC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,8CAA8C,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,8CAA8C,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAE/E,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAElC,sBAAsB,EAAE,YAAY;IAEpC,cAAc,EAAE,YAAY;IAC5B,wDAAwD;IACxD,qCAAqC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,gDAAgD,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAEjF,mBAAmB,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC7C,0CAA0C,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3E,qDAAqD,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAEtF,sBAAsB,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAChD,6CAA6C,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,wDAAwD,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAEzF,qCAAqC,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC/D,4DAA4D,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7F,uEAAuE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACxG,qCAAqC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAE9D,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC3C,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9C,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;IAE/C,4DAA4D;IAC5D,iCAAiC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAElE,wDAAwD;IACxD,mBAAmB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAEtD,uFAAuF;IACvF,qCAAqC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;CAC9D,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,yCAAyC,GAAG,CAAC,CAAC,IAAI,CAC9D,sCAAsC,EACtC,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CACN,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,qCAAqC,IAAI,CAAC,CAAC,IAAI,CAAC,qCAAqC,EACrG,uGAAuG,CACvG,EACD,CAAC,uCAAuC,CAAC,CACzC,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CACN,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAC1F,kCAAkC,CAClC,EACD,CAAC,0BAA0B,CAAC,CAC5B,EACD,CAAC,CAAC,OAAO,CACR,CAAC,CAAC,KAAK,CACN,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC;AAClF,2EAA2E;AAC3E,uCAAuC;AACvC,oDAAoD,CACpD,EACD,CAAC,kDAAkD,CAAC,CACpD,CACD,CAAC"}

package/dist/schemas/oauth-client-id-discoverable.d.ts

@@ -1,6 +1,6 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 /**
  * @see {@link https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html}
  */
-export declare const oauthClientIdDiscoverableSchema: v.Type<string>;
+export declare const oauthClientIdDiscoverableSchema: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.NonEmptyAction<string, "must not be empty">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.RawCheckAction<string>]>;
 //# sourceMappingURL=oauth-client-id-discoverable.d.ts.map

package/dist/schemas/oauth-client-id-discoverable.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AAMpC;;GAEG;AACH,eAAO,MAAM,+BAA+B,gBA2C1C,CAAC"}
+{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAM7B;;GAEG;AACH,eAAO,MAAM,+BAA+B,2TAsC3C,CAAC"}

package/dist/schemas/oauth-client-id-discoverable.js

@@ -1,43 +1,41 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 import { oauthClientIdSchema } from './oauth-client-id.js';
 import { httpsUriSchema } from './uri.js';
 import { extractUrlPath, isHostnameIP } from './utils.js';
 /**
  * @see {@link https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html}
  */
-export const oauthClientIdDiscoverableSchema = v.string().chain((input, options) => {
-    // first validate as base client ID
-    const clientIdResult = oauthClientIdSchema.try(input, options);
-    if (!clientIdResult.ok) {
-        return clientIdResult;
-    }
-    // then validate as https URI
-    const httpsResult = httpsUriSchema.try(input, options);
-    if (!httpsResult.ok) {
-        return httpsResult;
+export const oauthClientIdDiscoverableSchema = v.pipe(oauthClientIdSchema, httpsUriSchema, v.rawCheck(({ dataset, addIssue }) => {
+    if (!dataset.typed) {
+        return;
     }
+    const input = dataset.value;
     const url = new URL(input);
     if (url.username || url.password) {
-        return v.err(`client ID must not contain credentials`);
+        addIssue({ message: `client ID must not contain credentials` });
+        return;
     }
     if (url.hash) {
-        return v.err(`client ID must not contain a fragment`);
+        addIssue({ message: `client ID must not contain a fragment` });
+        return;
     }
     if (url.pathname === '/') {
-        return v.err(`client ID must contain a path component (e.g. "/client-metadata.json")`);
+        addIssue({ message: `client ID must contain a path component (e.g. "/client-metadata.json")` });
+        return;
     }
     if (url.pathname.endsWith('/')) {
-        return v.err(`client ID path must not end with a trailing slash`);
+        addIssue({ message: `client ID path must not end with a trailing slash` });
+        return;
     }
     if (isHostnameIP(url.hostname)) {
-        return v.err(`client ID hostname must not be an IP address`);
+        addIssue({ message: `client ID hostname must not be an IP address` });
+        return;
     }
-    // URL constructor normalizes the URL, so we extract the path manually to
-    // avoid normalization, then compare it to the normalized path to ensure
-    // that the URL does not contain path traversal or other unexpected characters
+    // URL constructor normalizes the URL, so we extract the path manually to avoid
+    // normalization, then compare it to the normalized path to ensure that the URL does not
+    // contain path traversal or other unexpected characters
     if (extractUrlPath(input) !== url.pathname) {
-        return v.err(`client ID must be in canonical form ("${url.href}", got "${input}")`);
+        addIssue({ message: `client ID must be in canonical form ("${url.href}", got "${input}")` });
     }
-    return v.ok(input);
-});
+}));
 //# sourceMappingURL=oauth-client-id-discoverable.js.map

package/dist/schemas/oauth-client-id-discoverable.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AAEpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1D;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC;IACnF,mCAAmC;IACnC,MAAM,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC/D,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;QACxB,OAAO,cAAc,CAAC;IACvB,CAAC;IAED,6BAA6B;IAC7B,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;QACrB,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAE3B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,CAAC,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QAC1B,OAAO,CAAC,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC9D,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,cAAc,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,OAAO,CAAC,CAAC,GAAG,CAAC,yCAAyC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;AAAA,CACnB,CAAC,CAAC"}
+{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1D;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,IAAI,CACpD,mBAAmB,EACnB,cAAc,EACd,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE;IACpC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO;IACR,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAE3B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClC,QAAQ,CAAC,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC,CAAC;QAChE,OAAO;IACR,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,QAAQ,CAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC,CAAC;QAC/D,OAAO;IACR,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QAC1B,QAAQ,CAAC,EAAE,OAAO,EAAE,wEAAwE,EAAE,CAAC,CAAC;QAChG,OAAO;IACR,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,EAAE,OAAO,EAAE,mDAAmD,EAAE,CAAC,CAAC;QAC3E,OAAO;IACR,CAAC;IACD,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC,CAAC;QACtE,OAAO;IACR,CAAC;IAED,+EAA+E;IAC/E,wFAAwF;IACxF,wDAAwD;IACxD,IAAI,cAAc,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,QAAQ,CAAC,EAAE,OAAO,EAAE,yCAAyC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC,CAAC;IAC9F,CAAC;AACF,CAAC,CAAC,CACF,CAAC"}

package/dist/schemas/oauth-client-id.d.ts

@@ -1,5 +1,5 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 /** base OAuth client ID (any non-empty string) */
-export declare const oauthClientIdSchema: v.Type<string>;
-export type OAuthClientId = v.Infer<typeof oauthClientIdSchema>;
+export declare const oauthClientIdSchema: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.NonEmptyAction<string, "must not be empty">]>;
+export type OAuthClientId = v.InferOutput<typeof oauthClientIdSchema>;
 //# sourceMappingURL=oauth-client-id.d.ts.map

package/dist/schemas/oauth-client-id.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id.d.ts","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AAEpC,kDAAkD;AAClD,eAAO,MAAM,mBAAmB,gBAAsE,CAAC;AAEvG,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}
+{"version":3,"file":"oauth-client-id.d.ts","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,kDAAkD;AAClD,eAAO,MAAM,mBAAmB,uGAAsD,CAAC;AAEvF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,mBAAmB,CAAC,CAAC"}

package/dist/schemas/oauth-client-id.js

@@ -1,4 +1,4 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 /** base OAuth client ID (any non-empty string) */
-export const oauthClientIdSchema = v.string().assert((input) => input.length > 0, `must not be empty`);
+export const oauthClientIdSchema = v.pipe(v.string(), v.nonEmpty(`must not be empty`));
 //# sourceMappingURL=oauth-client-id.js.map

package/dist/schemas/oauth-client-id.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AAEpC,kDAAkD;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,mBAAmB,CAAC,CAAC"}
+{"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../../lib/schemas/oauth-client-id.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAE7B,kDAAkD;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC"}

package/dist/schemas/oauth-client-metadata.d.ts

@@ -1,22 +1,22 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 /**
  * base OAuth client metadata schema.
  *
  * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html}
  * @see {@link https://datatracker.ietf.org/doc/html/rfc7591}
  */
-export declare const oauthClientMetadataSchema: v.ObjectType<{
-    redirect_uris: v.Type<string[]>;
-    response_types: v.Optional<("code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token")[]>;
-    grant_types: v.Optional<("authorization_code" | "client_credentials" | "implicit" | "password" | "refresh_token" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]>;
-    scope: v.Optional<string>;
-    token_endpoint_auth_method: v.Optional<"client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth">;
-    token_endpoint_auth_signing_alg: v.Optional<string>;
-    userinfo_signed_response_alg: v.Optional<string>;
-    userinfo_encrypted_response_alg: v.Optional<string>;
-    jwks_uri: v.Optional<string>;
-    jwks: v.Optional<{
-        keys: ({
+export declare const oauthClientMetadataSchema: v.LooseObjectSchema<{
+    readonly redirect_uris: v.SchemaWithPipe<readonly [v.ArraySchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.CheckAction<string, "use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead">]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: loopback, https:, or a private-use scheme">, undefined>, v.MinLengthAction<string[], 1, "must have at least one redirect URI">]>;
+    readonly response_types: v.OptionalSchema<v.ArraySchema<v.PicklistSchema<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"], undefined>, undefined>, undefined>;
+    readonly grant_types: v.OptionalSchema<v.ArraySchema<v.PicklistSchema<["authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer"], undefined>, undefined>, undefined>;
+    readonly scope: v.OptionalSchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "invalid OAuth scope">]>, undefined>;
+    readonly token_endpoint_auth_method: v.OptionalSchema<v.PicklistSchema<["client_secret_basic", "client_secret_jwt", "client_secret_post", "none", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth"], undefined>, undefined>;
+    readonly token_endpoint_auth_signing_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly userinfo_signed_response_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly userinfo_encrypted_response_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly jwks_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
+    readonly jwks: v.OptionalSchema<v.LooseObjectSchema<{
+        readonly keys: v.SchemaWithPipe<readonly [v.ArraySchema<v.UnknownSchema, undefined>, v.TransformAction<unknown[], (({
             kid?: string | undefined;
             use?: "enc" | "sig" | undefined;
             key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
@@ -28,10 +28,12 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
             iat?: number | undefined;
             exp?: number | undefined;
             nbf?: number | undefined;
-            revoked?: {
+            revoked?: ({
                 revoked_at: number;
                 reason?: string | undefined;
-            } | undefined;
+            } & {
+                [key: string]: unknown;
+            }) | undefined;
             kty: "RSA";
             alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
             n: string;
@@ -42,12 +44,16 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
             dp?: string | undefined;
             dq?: string | undefined;
             qi?: string | undefined;
-            oth?: {
+            oth?: ({
                 r?: string | undefined;
                 d?: string | undefined;
                 t?: string | undefined;
-            }[] | undefined;
-        } | {
+            } & {
+                [key: string]: unknown;
+            })[] | undefined;
+        } & {
+            [key: string]: unknown;
+        }) | ({
             kid?: string | undefined;
             use?: "enc" | "sig" | undefined;
             key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
@@ -59,17 +65,21 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
             iat?: number | undefined;
             exp?: number | undefined;
             nbf?: number | undefined;
-            revoked?: {
+            revoked?: ({
                 revoked_at: number;
                 reason?: string | undefined;
-            } | undefined;
+            } & {
+                [key: string]: unknown;
+            }) | undefined;
             kty: "EC";
             alg?: "ES256" | "ES384" | "ES512" | undefined;
             crv: "P-256" | "P-384" | "P-521";
             x: string;
             y: string;
             d?: string | undefined;
-        } | {
+        } & {
+            [key: string]: unknown;
+        }) | ({
             kid?: string | undefined;
             use?: "enc" | "sig" | undefined;
             key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
@@ -81,17 +91,21 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
             iat?: number | undefined;
             exp?: number | undefined;
             nbf?: number | undefined;
-            revoked?: {
+            revoked?: ({
                 revoked_at: number;
                 reason?: string | undefined;
-            } | undefined;
+            } & {
+                [key: string]: unknown;
+            }) | undefined;
             kty: "EC";
             alg?: "ES256K" | undefined;
             crv: "secp256k1";
             x: string;
             y: string;
             d?: string | undefined;
-        } | {
+        } & {
+            [key: string]: unknown;
+        }) | ({
             kid?: string | undefined;
             use?: "enc" | "sig" | undefined;
             key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
@@ -103,16 +117,20 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
             iat?: number | undefined;
             exp?: number | undefined;
             nbf?: number | undefined;
-            revoked?: {
+            revoked?: ({
                 revoked_at: number;
                 reason?: string | undefined;
-            } | undefined;
+            } & {
+                [key: string]: unknown;
+            }) | undefined;
             kty: "OKP";
             alg?: "EdDSA" | undefined;
             crv: "Ed25519" | "Ed448";
             x: string;
             d?: string | undefined;
-        } | {
+        } & {
+            [key: string]: unknown;
+        }) | ({
             kid?: string | undefined;
             use?: "enc" | "sig" | undefined;
             key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
@@ -124,28 +142,32 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
             iat?: number | undefined;
             exp?: number | undefined;
             nbf?: number | undefined;
-            revoked?: {
+            revoked?: ({
                 revoked_at: number;
                 reason?: string | undefined;
-            } | undefined;
+            } & {
+                [key: string]: unknown;
+            }) | undefined;
             kty: "oct";
             alg?: "HS256" | "HS384" | "HS512" | undefined;
             k: string;
-        })[];
-    }>;
-    application_type: v.Optional<"native" | "web">;
-    subject_type: v.Optional<"pairwise" | "public">;
-    request_object_signing_alg: v.Optional<string>;
-    id_token_signed_response_alg: v.Optional<string>;
-    authorization_signed_response_alg: v.Optional<string>;
-    authorization_encrypted_response_enc: v.Optional<"A128CBC-HS256">;
-    authorization_encrypted_response_alg: v.Optional<string>;
-    client_id: v.Optional<string>;
-    client_name: v.Optional<string>;
-    client_uri: v.Optional<string>;
-    policy_uri: v.Optional<string>;
-    tos_uri: v.Optional<string>;
-    logo_uri: v.Optional<string>;
+        } & {
+            [key: string]: unknown;
+        }))[]>]>;
+    }, undefined>, undefined>;
+    readonly application_type: v.OptionalSchema<v.PicklistSchema<["web", "native"], undefined>, undefined>;
+    readonly subject_type: v.OptionalSchema<v.PicklistSchema<["public", "pairwise"], undefined>, undefined>;
+    readonly request_object_signing_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly id_token_signed_response_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly authorization_signed_response_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly authorization_encrypted_response_enc: v.OptionalSchema<v.LiteralSchema<"A128CBC-HS256", undefined>, undefined>;
+    readonly authorization_encrypted_response_alg: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly client_id: v.OptionalSchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.NonEmptyAction<string, "must not be empty">]>, undefined>;
+    readonly client_name: v.OptionalSchema<v.StringSchema<undefined>, undefined>;
+    readonly client_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
+    readonly policy_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
+    readonly tos_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
+    readonly logo_uri: v.OptionalSchema<v.UnionSchema<[v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>, v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.CheckAction<string, "must be a valid url">]>, v.RawCheckAction<string>]>], "url must use http: or https: protocol">, undefined>;
     /**
      * default Maximum Authentication Age. specifies that the End-User MUST be
      * actively authenticated if the End-User was authenticated longer ago than
@@ -153,12 +175,12 @@ export declare const oauthClientMetadataSchema: v.ObjectType<{
      * this default value. if omitted, no default Maximum Authentication Age is
      * specified.
      */
-    default_max_age: v.Optional<number>;
-    require_auth_time: v.Optional<boolean>;
-    contacts: v.Optional<string[]>;
-    tls_client_certificate_bound_access_tokens: v.Optional<boolean>;
-    dpop_bound_access_tokens: v.Optional<boolean>;
-    authorization_details_types: v.Optional<string[]>;
+    readonly default_max_age: v.OptionalSchema<v.NumberSchema<undefined>, undefined>;
+    readonly require_auth_time: v.OptionalSchema<v.BooleanSchema<undefined>, undefined>;
+    readonly contacts: v.OptionalSchema<v.ArraySchema<v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.RegexAction<string, "must be a valid email">]>, undefined>, undefined>;
+    readonly tls_client_certificate_bound_access_tokens: v.OptionalSchema<v.BooleanSchema<undefined>, undefined>;
+    readonly dpop_bound_access_tokens: v.OptionalSchema<v.BooleanSchema<undefined>, undefined>;
+    readonly authorization_details_types: v.OptionalSchema<v.ArraySchema<v.StringSchema<undefined>, undefined>, undefined>;
 }, undefined>;
-export type OAuthClientMetadata = v.Infer<typeof oauthClientMetadataSchema>;
+export type OAuthClientMetadata = v.InferOutput<typeof oauthClientMetadataSchema>;
 //# sourceMappingURL=oauth-client-metadata.d.ts.map

package/dist/schemas/oauth-client-metadata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-metadata.d.ts","sourceRoot":"","sources":["../../lib/schemas/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AAkBpC;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuCrC;;;;;;OAMG;;;;;;;aAWF,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC"}
+{"version":3,"file":"oauth-client-metadata.d.ts","sourceRoot":"","sources":["../../lib/schemas/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,SAAS,CAAC;AAkB7B;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAmCrC;;;;;;OAMG;;;;;;;aAWF,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,yBAAyB,CAAC,CAAC"}