npm - @atcute/oauth-types - Versions diffs - 0.1.1 → 1.0.0 - Mend

@atcute/oauth-types 0.1.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/README.md +6 -5
package/dist/build-client-metadata.d.ts +5 -320
package/dist/build-client-metadata.d.ts.map +1 -1
package/dist/build-client-metadata.js +3 -2
package/dist/build-client-metadata.js.map +1 -1
package/dist/index.d.ts +31 -31
package/dist/schemas/atcute-client-shared.d.ts +8 -0
package/dist/schemas/atcute-client-shared.d.ts.map +1 -0
package/dist/schemas/atcute-client-shared.js +15 -0
package/dist/schemas/atcute-client-shared.js.map +1 -0
package/dist/schemas/atcute-confidential-client-metadata.d.ts +228 -4
package/dist/schemas/atcute-confidential-client-metadata.d.ts.map +1 -1
package/dist/schemas/atcute-confidential-client-metadata.js +48 -88
package/dist/schemas/atcute-confidential-client-metadata.js.map +1 -1
package/dist/schemas/atcute-public-client-metadata.d.ts +75 -35
package/dist/schemas/atcute-public-client-metadata.d.ts.map +1 -1
package/dist/schemas/atcute-public-client-metadata.js +25 -110
package/dist/schemas/atcute-public-client-metadata.js.map +1 -1
package/dist/schemas/atproto-authorization-server-metadata.d.ts +786 -4
package/dist/schemas/atproto-authorization-server-metadata.d.ts.map +1 -1
package/dist/schemas/atproto-authorization-server-metadata.js +2 -18
package/dist/schemas/atproto-authorization-server-metadata.js.map +1 -1
package/dist/schemas/atproto-oauth-scope.d.ts +3 -3
package/dist/schemas/atproto-oauth-scope.d.ts.map +1 -1
package/dist/schemas/atproto-oauth-scope.js +2 -2
package/dist/schemas/atproto-oauth-scope.js.map +1 -1
package/dist/schemas/atproto-oauth-token-response.d.ts +17 -17
package/dist/schemas/atproto-oauth-token-response.d.ts.map +1 -1
package/dist/schemas/atproto-oauth-token-response.js +6 -6
package/dist/schemas/atproto-oauth-token-response.js.map +1 -1
package/dist/schemas/atproto-protected-resource-metadata.d.ts +100 -4
package/dist/schemas/atproto-protected-resource-metadata.d.ts.map +1 -1
package/dist/schemas/atproto-protected-resource-metadata.js +2 -11
package/dist/schemas/atproto-protected-resource-metadata.js.map +1 -1
package/dist/schemas/jwk.d.ts +4289 -42
package/dist/schemas/jwk.d.ts.map +1 -1
package/dist/schemas/jwk.js +58 -91
package/dist/schemas/jwk.js.map +1 -1
package/dist/schemas/jwks.d.ts +87 -42
package/dist/schemas/jwks.d.ts.map +1 -1
package/dist/schemas/jwks.js +13 -29
package/dist/schemas/jwks.js.map +1 -1
package/dist/schemas/oauth-authorization-details.d.ts +18 -18
package/dist/schemas/oauth-authorization-details.d.ts.map +1 -1
package/dist/schemas/oauth-authorization-details.js +7 -7
package/dist/schemas/oauth-authorization-details.js.map +1 -1
package/dist/schemas/oauth-authorization-server-metadata.d.ts +462 -48
package/dist/schemas/oauth-authorization-server-metadata.d.ts.map +1 -1
package/dist/schemas/oauth-authorization-server-metadata.js +46 -65
package/dist/schemas/oauth-authorization-server-metadata.js.map +1 -1
package/dist/schemas/oauth-client-id-discoverable.d.ts +2 -2
package/dist/schemas/oauth-client-id-discoverable.d.ts.map +1 -1
package/dist/schemas/oauth-client-id-discoverable.js +20 -22
package/dist/schemas/oauth-client-id-discoverable.js.map +1 -1
package/dist/schemas/oauth-client-id.d.ts +3 -3
package/dist/schemas/oauth-client-id.d.ts.map +1 -1
package/dist/schemas/oauth-client-id.js +2 -2
package/dist/schemas/oauth-client-id.js.map +1 -1
package/dist/schemas/oauth-client-metadata.d.ts +73 -51
package/dist/schemas/oauth-client-metadata.d.ts.map +1 -1
package/dist/schemas/oauth-client-metadata.js +33 -40
package/dist/schemas/oauth-client-metadata.js.map +1 -1
package/dist/schemas/oauth-code-challenge-method.d.ts +3 -3
package/dist/schemas/oauth-code-challenge-method.d.ts.map +1 -1
package/dist/schemas/oauth-code-challenge-method.js +2 -2
package/dist/schemas/oauth-code-challenge-method.js.map +1 -1
package/dist/schemas/oauth-endpoint-auth-method.d.ts +3 -3
package/dist/schemas/oauth-endpoint-auth-method.d.ts.map +1 -1
package/dist/schemas/oauth-endpoint-auth-method.js +10 -2
package/dist/schemas/oauth-endpoint-auth-method.js.map +1 -1
package/dist/schemas/oauth-grant-type.d.ts +3 -3
package/dist/schemas/oauth-grant-type.d.ts.map +1 -1
package/dist/schemas/oauth-grant-type.js +10 -3
package/dist/schemas/oauth-grant-type.js.map +1 -1
package/dist/schemas/oauth-issuer-identifier.d.ts +3 -3
package/dist/schemas/oauth-issuer-identifier.d.ts.map +1 -1
package/dist/schemas/oauth-issuer-identifier.js +16 -9
package/dist/schemas/oauth-issuer-identifier.js.map +1 -1
package/dist/schemas/oauth-par-response.d.ts +5 -5
package/dist/schemas/oauth-par-response.d.ts.map +1 -1
package/dist/schemas/oauth-par-response.js +3 -3
package/dist/schemas/oauth-par-response.js.map +1 -1
package/dist/schemas/oauth-prompt.d.ts +3 -3
package/dist/schemas/oauth-prompt.d.ts.map +1 -1
package/dist/schemas/oauth-prompt.js +2 -2
package/dist/schemas/oauth-prompt.js.map +1 -1
package/dist/schemas/oauth-protected-resource-metadata.d.ts +88 -16
package/dist/schemas/oauth-protected-resource-metadata.d.ts.map +1 -1
package/dist/schemas/oauth-protected-resource-metadata.js +14 -26
package/dist/schemas/oauth-protected-resource-metadata.js.map +1 -1
package/dist/schemas/oauth-redirect-uri.d.ts +5 -5
package/dist/schemas/oauth-redirect-uri.d.ts.map +1 -1
package/dist/schemas/oauth-redirect-uri.js +3 -16
package/dist/schemas/oauth-redirect-uri.js.map +1 -1
package/dist/schemas/oauth-response-mode.d.ts +3 -3
package/dist/schemas/oauth-response-mode.d.ts.map +1 -1
package/dist/schemas/oauth-response-mode.js +2 -2
package/dist/schemas/oauth-response-mode.js.map +1 -1
package/dist/schemas/oauth-response-type.d.ts +3 -3
package/dist/schemas/oauth-response-type.d.ts.map +1 -1
package/dist/schemas/oauth-response-type.js +13 -7
package/dist/schemas/oauth-response-type.js.map +1 -1
package/dist/schemas/oauth-scope.d.ts +3 -3
package/dist/schemas/oauth-scope.d.ts.map +1 -1
package/dist/schemas/oauth-scope.js +2 -2
package/dist/schemas/oauth-scope.js.map +1 -1
package/dist/schemas/oauth-token-response.d.ts +17 -17
package/dist/schemas/oauth-token-response.d.ts.map +1 -1
package/dist/schemas/oauth-token-response.js +7 -7
package/dist/schemas/oauth-token-response.js.map +1 -1
package/dist/schemas/oauth-token-type.d.ts +3 -3
package/dist/schemas/oauth-token-type.d.ts.map +1 -1
package/dist/schemas/oauth-token-type.js +8 -7
package/dist/schemas/oauth-token-type.js.map +1 -1
package/dist/schemas/uri.d.ts +7 -7
package/dist/schemas/uri.d.ts.map +1 -1
package/dist/schemas/uri.js +44 -44
package/dist/schemas/uri.js.map +1 -1
package/dist/schemas/utils.d.ts.map +1 -1
package/dist/schemas/utils.js.map +1 -1
package/dist/scope.d.ts.map +1 -1
package/dist/scope.js.map +1 -1
package/lib/build-client-metadata.ts +9 -7
package/lib/index.ts +31 -31
package/lib/schemas/atcute-client-shared.ts +25 -0
package/lib/schemas/atcute-confidential-client-metadata.ts +81 -111
package/lib/schemas/atcute-public-client-metadata.ts +70 -166
package/lib/schemas/atproto-authorization-server-metadata.ts +22 -23
package/lib/schemas/atproto-oauth-scope.ts +8 -5
package/lib/schemas/atproto-oauth-token-response.ts +10 -9
package/lib/schemas/atproto-protected-resource-metadata.ts +15 -15
package/lib/schemas/jwk.ts +104 -120
package/lib/schemas/jwks.ts +28 -40
package/lib/schemas/oauth-authorization-details.ts +10 -10
package/lib/schemas/oauth-authorization-server-metadata.ts +72 -74
package/lib/schemas/oauth-client-id-discoverable.ts +43 -48
package/lib/schemas/oauth-client-id.ts +3 -3
package/lib/schemas/oauth-client-metadata.ts +45 -49
package/lib/schemas/oauth-code-challenge-method.ts +3 -3
package/lib/schemas/oauth-endpoint-auth-method.ts +11 -11
package/lib/schemas/oauth-grant-type.ts +11 -11
package/lib/schemas/oauth-issuer-identifier.ts +35 -27
package/lib/schemas/oauth-par-response.ts +4 -4
package/lib/schemas/oauth-prompt.ts +3 -9
package/lib/schemas/oauth-protected-resource-metadata.ts +26 -35
package/lib/schemas/oauth-redirect-uri.ts +15 -23
package/lib/schemas/oauth-response-mode.ts +3 -7
package/lib/schemas/oauth-response-type.ts +12 -12
package/lib/schemas/oauth-scope.ts +3 -3
package/lib/schemas/oauth-token-response.ts +10 -10
package/lib/schemas/oauth-token-type.ts +16 -12
package/lib/schemas/uri.ts +89 -76
package/package.json +9 -8

package/lib/schemas/jwk.ts CHANGED Viewed

@@ -1,6 +1,6 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
-import { isLastOccurrence } from './utils.js';
+import { isLastOccurrence } from './utils.ts';
 // key usage constants
 const PUBLIC_KEY_USAGE = ['verify', 'encrypt', 'wrapKey'] as const;
@@ -20,107 +20,94 @@ const isPrivateKeyUsage = (usage: unknown): usage is (typeof PRIVATE_KEY_USAGE)[
 const isSigKeyUsage = (v: InternalKeyUsage): boolean => v === 'verify';
 const isEncKeyUsage = (v: InternalKeyUsage): boolean => v === 'encrypt' || v === 'wrapKey';
-export const keyUsageSchema = v.union(
-	v.literal('verify'),
-	v.literal('encrypt'),
-	v.literal('wrapKey'),
-	v.literal('sign'),
-	v.literal('decrypt'),
-	v.literal('unwrapKey'),
-	v.literal('deriveKey'),
-	v.literal('deriveBits'),
-);
+export const keyUsageSchema = v.picklist(KEY_USAGE);
-export const publicKeyUsageSchema = v.union(v.literal('verify'), v.literal('encrypt'), v.literal('wrapKey'));
+export const publicKeyUsageSchema = v.picklist(PUBLIC_KEY_USAGE);
-const jwkBaseSchema = v.object({
+const jwkBaseEntries = {
 	kty: v.string(),
-	alg: v.string().optional(),
-	kid: v.string().optional(),
-	use: v.union(v.literal('sig'), v.literal('enc')).optional(),
-	key_ops: v.array(keyUsageSchema).optional(),
+	alg: v.optional(v.string()),
+	kid: v.optional(v.string()),
+	use: v.optional(v.picklist(['sig', 'enc'])),
+	key_ops: v.optional(v.array(keyUsageSchema)),
 	// X.509
-	x5c: v.array(v.string()).optional(),
-	x5t: v.string().optional(),
-	'x5t#S256': v.string().optional(),
-	x5u: v.string().optional(),
+	x5c: v.optional(v.array(v.string())),
+	x5t: v.optional(v.string()),
+	'x5t#S256': v.optional(v.string()),
+	x5u: v.optional(v.string()),
 	// WebCrypto
-	ext: v.boolean().optional(),
+	ext: v.optional(v.boolean()),
 	// Federation Historical Keys Response
-	iat: v.number().optional(),
-	exp: v.number().optional(),
-	nbf: v.number().optional(),
-	revoked: v
-		.object({
+	iat: v.optional(v.number()),
+	exp: v.optional(v.number()),
+	nbf: v.optional(v.number()),
+	revoked: v.optional(
+		v.looseObject({
 			revoked_at: v.number(),
-			reason: v.string().optional(),
-		})
-		.optional(),
-});
+			reason: v.optional(v.string()),
+		}),
+	),
+};
-const jwkRsaKeySchema = jwkBaseSchema.extend({
+const jwkRsaKeySchema = v.looseObject({
+	...jwkBaseEntries,
 	kty: v.literal('RSA'),
-	alg: v
-		.union(
-			v.literal('RS256'),
-			v.literal('RS384'),
-			v.literal('RS512'),
-			v.literal('PS256'),
-			v.literal('PS384'),
-			v.literal('PS512'),
-		)
-		.optional(),
+	alg: v.optional(v.picklist(['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512'])),
 	n: v.string(),
 	e: v.string(),
-	d: v.string().optional(),
-	p: v.string().optional(),
-	q: v.string().optional(),
-	dp: v.string().optional(),
-	dq: v.string().optional(),
-	qi: v.string().optional(),
-	oth: v
-		.array(
-			v.object({
-				r: v.string().optional(),
-				d: v.string().optional(),
-				t: v.string().optional(),
+	d: v.optional(v.string()),
+	p: v.optional(v.string()),
+	q: v.optional(v.string()),
+	dp: v.optional(v.string()),
+	dq: v.optional(v.string()),
+	qi: v.optional(v.string()),
+	oth: v.optional(
+		v.array(
+			v.looseObject({
+				r: v.optional(v.string()),
+				d: v.optional(v.string()),
+				t: v.optional(v.string()),
 			}),
-		)
-		.optional(),
+		),
+	),
 });
-const jwkEcKeySchema = jwkBaseSchema.extend({
+const jwkEcKeySchema = v.looseObject({
+	...jwkBaseEntries,
 	kty: v.literal('EC'),
-	alg: v.union(v.literal('ES256'), v.literal('ES384'), v.literal('ES512')).optional(),
-	crv: v.union(v.literal('P-256'), v.literal('P-384'), v.literal('P-521')),
+	alg: v.optional(v.picklist(['ES256', 'ES384', 'ES512'])),
+	crv: v.picklist(['P-256', 'P-384', 'P-521']),
 	x: v.string(),
 	y: v.string(),
-	d: v.string().optional(),
+	d: v.optional(v.string()),
 });
-const jwkEcSecp256k1KeySchema = jwkBaseSchema.extend({
+const jwkEcSecp256k1KeySchema = v.looseObject({
+	...jwkBaseEntries,
 	kty: v.literal('EC'),
-	alg: v.literal('ES256K').optional(),
+	alg: v.optional(v.literal('ES256K')),
 	crv: v.literal('secp256k1'),
 	x: v.string(),
 	y: v.string(),
-	d: v.string().optional(),
+	d: v.optional(v.string()),
 });
-const jwkOkpKeySchema = jwkBaseSchema.extend({
+const jwkOkpKeySchema = v.looseObject({
+	...jwkBaseEntries,
 	kty: v.literal('OKP'),
-	alg: v.literal('EdDSA').optional(),
-	crv: v.union(v.literal('Ed25519'), v.literal('Ed448')),
+	alg: v.optional(v.literal('EdDSA')),
+	crv: v.picklist(['Ed25519', 'Ed448']),
 	x: v.string(),
-	d: v.string().optional(),
+	d: v.optional(v.string()),
 });
-const jwkSymKeySchema = jwkBaseSchema.extend({
+const jwkSymKeySchema = v.looseObject({
+	...jwkBaseEntries,
 	kty: v.literal('oct'),
-	alg: v.union(v.literal('HS256'), v.literal('HS384'), v.literal('HS512')).optional(),
+	alg: v.optional(v.picklist(['HS256', 'HS384', 'HS512'])),
 	k: v.string(),
 });
@@ -133,57 +120,54 @@ const isPublicJwk = <J extends object>(jwk: J): boolean => {
 };
 /** JWK schema for known key types */
-export const jwkSchema = v
-	.union(jwkRsaKeySchema, jwkEcKeySchema, jwkEcSecp256k1KeySchema, jwkOkpKeySchema, jwkSymKeySchema)
-	.chain((k) => {
-		// "use" can only be used with public keys
-		if (k.use != null && !isPublicJwk(k)) {
-			return v.err({ message: `"use" can only be used with public keys`, path: ['use'] });
-		}
-		// private key usage not allowed for public keys
-		if (k.key_ops?.some(isPrivateKeyUsage) && isPublicJwk(k)) {
-			return v.err({ message: `private key usage not allowed for public keys`, path: ['key_ops'] });
-		}
-		// key_ops must not contain duplicates
-		if (k.key_ops && !k.key_ops.every(isLastOccurrence)) {
-			return v.err({ message: `key_ops must not contain duplicates`, path: ['key_ops'] });
-		}
-		// "use" and "key_ops" must be consistent
-		if (k.use != null && k.key_ops != null) {
-			const consistent =
-				(k.use === 'sig' && k.key_ops.every(isSigKeyUsage)) ||
-				(k.use === 'enc' && k.key_ops.every(isEncKeyUsage));
-			if (!consistent) {
-				return v.err({ message: `"key_ops" must be consistent with "use"`, path: ['key_ops'] });
+export const jwkSchema = v.pipe(
+	v.union([jwkRsaKeySchema, jwkEcKeySchema, jwkEcSecp256k1KeySchema, jwkOkpKeySchema, jwkSymKeySchema]),
+	v.forward(
+		v.check((k) => k.use == null || isPublicJwk(k), `"use" can only be used with public keys`),
+		['use'],
+	),
+	v.forward(
+		v.check(
+			(k) => !(k.key_ops?.some(isPrivateKeyUsage) && isPublicJwk(k)),
+			`private key usage not allowed for public keys`,
+		),
+		['key_ops'],
+	),
+	v.forward(
+		v.check((k) => !k.key_ops || k.key_ops.every(isLastOccurrence), `key_ops must not contain duplicates`),
+		['key_ops'],
+	),
+	v.forward(
+		v.check((k) => {
+			if (k.use == null || k.key_ops == null) {
+				return true;
 			}
-		}
-		return v.ok(k);
-	});
+			return (
+				(k.use === 'sig' && k.key_ops.every(isSigKeyUsage)) ||
+				(k.use === 'enc' && k.key_ops.every(isEncKeyUsage))
+			);
+		}, `"key_ops" must be consistent with "use"`),
+		['key_ops'],
+	),
+);
 /** public JWK schema (kid required, no private keys) */
-export const jwkPubSchema = jwkSchema.chain((k) => {
-	if (k.kid == null) {
-		return v.err({ message: `"kid" is required`, path: ['kid'] });
-	}
-	if (!isPublicJwk(k)) {
-		return v.err({ message: `private key not allowed` });
-	}
-	if (k.key_ops && !k.key_ops.every(isPublicKeyUsage)) {
-		return v.err({
-			message: `"key_ops" must not contain private key usage for public keys`,
-			path: ['key_ops'],
-		});
-	}
-	return v.ok(k);
-});
+export const jwkPubSchema = v.pipe(
+	jwkSchema,
+	v.forward(
+		v.check((k) => k.kid != null, `"kid" is required`),
+		['kid'],
+	),
+	v.check((k) => isPublicJwk(k), `private key not allowed`),
+	v.forward(
+		v.check(
+			(k) => !k.key_ops || k.key_ops.every(isPublicKeyUsage),
+			`"key_ops" must not contain private key usage for public keys`,
+		),
+		['key_ops'],
+	),
+);
-export type KeyUsage = v.Infer<typeof keyUsageSchema>;
-export type Jwk = v.Infer<typeof jwkSchema>;
-export type JwkPub = v.Infer<typeof jwkPubSchema>;
+export type KeyUsage = v.InferOutput<typeof keyUsageSchema>;
+export type Jwk = v.InferOutput<typeof jwkSchema>;
+export type JwkPub = v.InferOutput<typeof jwkPubSchema>;

package/lib/schemas/jwks.ts CHANGED Viewed

@@ -1,45 +1,33 @@
-import * as v from '@badrap/valita';
-import { jwkPubSchema, jwkSchema, type Jwk, type JwkPub } from './jwk.js';
-/** JWKS (JSON Web Key Set) */
-export const jwksSchema = v.object({
-	keys: v.array(v.unknown()).chain((input, options) => {
-		// implementations SHOULD ignore JWKs within a JWK Set that use "kty"
-		// values that are not understood, are missing required members, or
-		// have values out of the supported ranges.
-		const keys: Jwk[] = [];
-		for (const item of input) {
-			const result = jwkSchema.try(item, options);
-			if (!result.ok) {
-				continue;
-			}
-			keys.push(result.value);
-		}
-		return v.ok(keys);
-	}),
+import * as v from 'valibot';
+import { jwkPubSchema, jwkSchema, type Jwk, type JwkPub } from './jwk.ts';
+/** JWKS (JSON Web Key Set). implementations SHOULD ignore JWKs within a JWK Set that use unknown
+ * `kty` values, are missing required members, or have values out of the supported ranges. */
+export const jwksSchema = v.looseObject({
+	keys: v.pipe(
+		v.array(v.unknown()),
+		v.transform((input): Jwk[] =>
+			input.flatMap((entry) => {
+				const result = v.safeParse(jwkSchema, entry);
+				return result.success ? [result.output] : [];
+			}),
+		),
+	),
 });
 /** public JWKS (JSON Web Key Set with only public keys) */
-export const jwksPubSchema = v.object({
-	keys: v.array(v.unknown()).chain((input, options) => {
-		const keys: JwkPub[] = [];
-		for (const item of input) {
-			const result = jwkPubSchema.try(item, options);
-			if (!result.ok) {
-				continue;
-			}
-			keys.push(result.value);
-		}
-		return v.ok(keys);
-	}),
+export const jwksPubSchema = v.looseObject({
+	keys: v.pipe(
+		v.array(v.unknown()),
+		v.transform((input): JwkPub[] =>
+			input.flatMap((entry) => {
+				const result = v.safeParse(jwkPubSchema, entry);
+				return result.success ? [result.output] : [];
+			}),
+		),
+	),
 });
-export type Jwks = v.Infer<typeof jwksSchema>;
-export type JwksPub = v.Infer<typeof jwksPubSchema>;
+export type Jwks = v.InferOutput<typeof jwksSchema>;
+export type JwksPub = v.InferOutput<typeof jwksPubSchema>;

package/lib/schemas/oauth-authorization-details.ts CHANGED Viewed

@@ -1,43 +1,43 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
-import { urlSchema } from './uri.js';
+import { urlSchema } from './uri.ts';
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/rfc9396#section-2 | RFC 9396, Section 2}
  */
-export const oauthAuthorizationDetailSchema = v.object({
+export const oauthAuthorizationDetailSchema = v.looseObject({
 	type: v.string(),
 	/**
 	 * an array of strings representing the location of the resource or RS. these
 	 * strings are typically URIs identifying the location of the RS.
 	 */
-	locations: v.array(urlSchema).optional(),
+	locations: v.optional(v.array(urlSchema)),
 	/**
 	 * an array of strings representing the kinds of actions to be taken at the
 	 * resource.
 	 */
-	actions: v.array(v.string()).optional(),
+	actions: v.optional(v.array(v.string())),
 	/**
 	 * an array of strings representing the kinds of data being requested from the
 	 * resource.
 	 */
-	datatypes: v.array(v.string()).optional(),
+	datatypes: v.optional(v.array(v.string())),
 	/**
 	 * a string identifier indicating a specific resource available at the API.
 	 */
-	identifier: v.string().optional(),
+	identifier: v.optional(v.string()),
 	/**
 	 * an array of strings representing the types or levels of privilege being
 	 * requested at the resource.
 	 */
-	privileges: v.array(v.string()).optional(),
+	privileges: v.optional(v.array(v.string())),
 });
-export type OAuthAuthorizationDetail = v.Infer<typeof oauthAuthorizationDetailSchema>;
+export type OAuthAuthorizationDetail = v.InferOutput<typeof oauthAuthorizationDetailSchema>;
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/rfc9396#section-2 | RFC 9396, Section 2}
  */
 export const oauthAuthorizationDetailsSchema = v.array(oauthAuthorizationDetailSchema);
-export type OAuthAuthorizationDetails = v.Infer<typeof oauthAuthorizationDetailsSchema>;
+export type OAuthAuthorizationDetails = v.InferOutput<typeof oauthAuthorizationDetailsSchema>;

package/lib/schemas/oauth-authorization-server-metadata.ts CHANGED Viewed

@@ -1,101 +1,99 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
-import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js';
-import { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js';
-import { oauthPromptSchema } from './oauth-prompt.js';
-import { webUriSchema } from './uri.js';
+import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.ts';
+import { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.ts';
+import { oauthPromptSchema } from './oauth-prompt.ts';
+import { webUriSchema } from './uri.ts';
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
  */
-export const oauthAuthorizationServerMetadataSchema = v.object({
+export const oauthAuthorizationServerMetadataSchema = v.looseObject({
 	issuer: oauthIssuerIdentifierSchema,
-	claims_supported: v.array(v.string()).optional(),
-	claims_locales_supported: v.array(v.string()).optional(),
-	claims_parameter_supported: v.boolean().optional(),
-	request_parameter_supported: v.boolean().optional(),
-	request_uri_parameter_supported: v.boolean().optional(),
-	require_request_uri_registration: v.boolean().optional(),
-	scopes_supported: v.array(v.string()).optional(),
-	subject_types_supported: v.array(v.string()).optional(),
-	response_types_supported: v.array(v.string()).optional(),
-	response_modes_supported: v.array(v.string()).optional(),
-	grant_types_supported: v.array(v.string()).optional(),
-	code_challenge_methods_supported: v.array(oauthCodeChallengeMethodSchema).optional(),
-	ui_locales_supported: v.array(v.string()).optional(),
-	id_token_signing_alg_values_supported: v.array(v.string()).optional(),
-	display_values_supported: v.array(v.string()).optional(),
-	prompt_values_supported: v.array(oauthPromptSchema).optional(),
-	request_object_signing_alg_values_supported: v.array(v.string()).optional(),
-	authorization_response_iss_parameter_supported: v.boolean().optional(),
-	authorization_details_types_supported: v.array(v.string()).optional(),
-	request_object_encryption_alg_values_supported: v.array(v.string()).optional(),
-	request_object_encryption_enc_values_supported: v.array(v.string()).optional(),
-	jwks_uri: webUriSchema.optional(),
+	claims_supported: v.optional(v.array(v.string())),
+	claims_locales_supported: v.optional(v.array(v.string())),
+	claims_parameter_supported: v.optional(v.boolean()),
+	request_parameter_supported: v.optional(v.boolean()),
+	request_uri_parameter_supported: v.optional(v.boolean()),
+	require_request_uri_registration: v.optional(v.boolean()),
+	scopes_supported: v.optional(v.array(v.string())),
+	subject_types_supported: v.optional(v.array(v.string())),
+	response_types_supported: v.optional(v.array(v.string())),
+	response_modes_supported: v.optional(v.array(v.string())),
+	grant_types_supported: v.optional(v.array(v.string())),
+	code_challenge_methods_supported: v.optional(v.array(oauthCodeChallengeMethodSchema)),
+	ui_locales_supported: v.optional(v.array(v.string())),
+	id_token_signing_alg_values_supported: v.optional(v.array(v.string())),
+	display_values_supported: v.optional(v.array(v.string())),
+	prompt_values_supported: v.optional(v.array(oauthPromptSchema)),
+	request_object_signing_alg_values_supported: v.optional(v.array(v.string())),
+	authorization_response_iss_parameter_supported: v.optional(v.boolean()),
+	authorization_details_types_supported: v.optional(v.array(v.string())),
+	request_object_encryption_alg_values_supported: v.optional(v.array(v.string())),
+	request_object_encryption_enc_values_supported: v.optional(v.array(v.string())),
+	jwks_uri: v.optional(webUriSchema),
 	authorization_endpoint: webUriSchema,
 	token_endpoint: webUriSchema,
 	// https://www.rfc-editor.org/rfc/rfc8414.html#section-2
-	token_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-	token_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
+	token_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+	token_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
-	revocation_endpoint: webUriSchema.optional(),
-	revocation_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-	revocation_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
+	revocation_endpoint: v.optional(webUriSchema),
+	revocation_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+	revocation_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
-	introspection_endpoint: webUriSchema.optional(),
-	introspection_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-	introspection_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
+	introspection_endpoint: v.optional(webUriSchema),
+	introspection_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+	introspection_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
-	pushed_authorization_request_endpoint: webUriSchema.optional(),
-	pushed_authorization_request_endpoint_auth_methods_supported: v.array(v.string()).optional(),
-	pushed_authorization_request_endpoint_auth_signing_alg_values_supported: v.array(v.string()).optional(),
-	require_pushed_authorization_requests: v.boolean().optional(),
+	pushed_authorization_request_endpoint: v.optional(webUriSchema),
+	pushed_authorization_request_endpoint_auth_methods_supported: v.optional(v.array(v.string())),
+	pushed_authorization_request_endpoint_auth_signing_alg_values_supported: v.optional(v.array(v.string())),
+	require_pushed_authorization_requests: v.optional(v.boolean()),
-	userinfo_endpoint: webUriSchema.optional(),
-	end_session_endpoint: webUriSchema.optional(),
-	registration_endpoint: webUriSchema.optional(),
+	userinfo_endpoint: v.optional(webUriSchema),
+	end_session_endpoint: v.optional(webUriSchema),
+	registration_endpoint: v.optional(webUriSchema),
 	// https://datatracker.ietf.org/doc/html/rfc9449#section-5.1
-	dpop_signing_alg_values_supported: v.array(v.string()).optional(),
+	dpop_signing_alg_values_supported: v.optional(v.array(v.string())),
 	// https://www.rfc-editor.org/rfc/rfc9728.html#section-4
-	protected_resources: v.array(webUriSchema).optional(),
+	protected_resources: v.optional(v.array(webUriSchema)),
 	// https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
-	client_id_metadata_document_supported: v.boolean().optional(),
+	client_id_metadata_document_supported: v.optional(v.boolean()),
 });
-export type OAuthAuthorizationServerMetadata = v.Infer<typeof oauthAuthorizationServerMetadataSchema>;
-export const oauthAuthorizationServerMetadataValidator = oauthAuthorizationServerMetadataSchema.chain(
-	(data) => {
-		if (data.require_pushed_authorization_requests && !data.pushed_authorization_request_endpoint) {
-			return v.err({
-				message: `"pushed_authorization_request_endpoint" required when "require_pushed_authorization_requests" is true`,
-				path: ['pushed_authorization_request_endpoint'],
-			});
-		}
-		if (data.response_types_supported && !data.response_types_supported.includes('code')) {
-			return v.err({
-				message: `response type "code" is required`,
-				path: ['response_types_supported'],
-			});
-		}
-		if (data.token_endpoint_auth_signing_alg_values_supported?.includes('none')) {
+export type OAuthAuthorizationServerMetadata = v.InferOutput<typeof oauthAuthorizationServerMetadataSchema>;
+export const oauthAuthorizationServerMetadataValidator = v.pipe(
+	oauthAuthorizationServerMetadataSchema,
+	v.forward(
+		v.check(
+			(data) => !data.require_pushed_authorization_requests || !!data.pushed_authorization_request_endpoint,
+			`"pushed_authorization_request_endpoint" required when "require_pushed_authorization_requests" is true`,
+		),
+		['pushed_authorization_request_endpoint'],
+	),
+	v.forward(
+		v.check(
+			(data) => !data.response_types_supported || data.response_types_supported.includes('code'),
+			`response type "code" is required`,
+		),
+		['response_types_supported'],
+	),
+	v.forward(
+		v.check(
+			(data) => !data.token_endpoint_auth_signing_alg_values_supported?.includes('none'),
 			// https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3
 			// > The value `none` MUST NOT be used.
-			return v.err({
-				message: `client authentication method "none" is not allowed`,
-				path: ['token_endpoint_auth_signing_alg_values_supported'],
-			});
-		}
-		return v.ok(data);
-	},
+			`client authentication method "none" is not allowed`,
+		),
+		['token_endpoint_auth_signing_alg_values_supported'],
+	),
 );