@atproto/oauth-client 0.7.1 → 0.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +28 -0
- package/dist/errors/token-invalid-error.d.ts.map +1 -1
- package/dist/errors/token-invalid-error.js.map +1 -1
- package/dist/errors/token-refresh-error.d.ts.map +1 -1
- package/dist/errors/token-refresh-error.js.map +1 -1
- package/dist/errors/token-revoked-error.d.ts.map +1 -1
- package/dist/errors/token-revoked-error.js.map +1 -1
- package/dist/oauth-authorization-server-metadata-resolver.d.ts.map +1 -1
- package/dist/oauth-callback-error.d.ts.map +1 -1
- package/dist/oauth-callback-error.js.map +1 -1
- package/dist/oauth-client.d.ts +78 -78
- package/dist/oauth-client.d.ts.map +1 -1
- package/dist/oauth-client.js.map +1 -1
- package/dist/oauth-protected-resource-metadata-resolver.d.ts.map +1 -1
- package/dist/oauth-protected-resource-metadata-resolver.js.map +1 -1
- package/dist/oauth-resolver-error.d.ts.map +1 -1
- package/dist/oauth-resolver.d.ts +13 -13
- package/dist/oauth-resolver.d.ts.map +1 -1
- package/dist/oauth-resolver.js.map +1 -1
- package/dist/oauth-response-error.d.ts.map +1 -1
- package/dist/oauth-response-error.js.map +1 -1
- package/dist/oauth-server-agent.d.ts +1 -1
- package/dist/oauth-server-agent.d.ts.map +1 -1
- package/dist/oauth-server-agent.js.map +1 -1
- package/dist/oauth-server-factory.d.ts.map +1 -1
- package/dist/oauth-server-factory.js.map +1 -1
- package/dist/oauth-session.d.ts.map +1 -1
- package/dist/oauth-session.js.map +1 -1
- package/dist/runtime.d.ts +1 -1
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js.map +1 -1
- package/dist/session-getter.d.ts +1 -1
- package/dist/session-getter.d.ts.map +1 -1
- package/dist/session-getter.js.map +1 -1
- package/dist/types.d.ts +131 -131
- package/dist/types.d.ts.map +1 -1
- package/dist/util.d.ts.map +1 -1
- package/dist/validate-client-metadata.js.map +1 -1
- package/package.json +13 -15
- package/tsconfig.build.json +2 -2
- package/tsconfig.build.tsbuildinfo +1 -1
- package/tsconfig.json +1 -1
package/dist/types.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ export type AuthorizeOptions = Simplify<Omit<OAuthAuthorizationRequestParameters
|
|
|
6
6
|
}>;
|
|
7
7
|
export type CallbackOptions = Simplify<Partial<Pick<OAuthAuthorizationRequestParameters, 'redirect_uri'>>>;
|
|
8
8
|
export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<{
|
|
9
|
-
redirect_uris: z.ZodArray<z.ZodEffects<z.ZodString,
|
|
9
|
+
redirect_uris: z.ZodArray<z.ZodEffects<z.ZodString, "http://127.0.0.1" | `${string}.${string}:/${string}` | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `https://${string}`, string>, "atleastone">;
|
|
10
10
|
response_types: z.ZodDefault<z.ZodArray<z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>, "atleastone">>;
|
|
11
11
|
grant_types: z.ZodDefault<z.ZodArray<z.ZodEnum<["authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer"]>, "atleastone">>;
|
|
12
12
|
scope: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
|
|
@@ -14,19 +14,15 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
14
14
|
token_endpoint_auth_signing_alg: z.ZodOptional<z.ZodString>;
|
|
15
15
|
userinfo_signed_response_alg: z.ZodOptional<z.ZodString>;
|
|
16
16
|
userinfo_encrypted_response_alg: z.ZodOptional<z.ZodString>;
|
|
17
|
-
jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString,
|
|
17
|
+
jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}`, string>>;
|
|
18
18
|
jwks: z.ZodOptional<z.ZodObject<{
|
|
19
19
|
keys: z.ZodEffects<z.ZodArray<z.ZodUnknown, "many">, ((({
|
|
20
|
-
kty: "RSA";
|
|
21
|
-
n: string;
|
|
22
|
-
e: string;
|
|
23
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
24
20
|
kid?: string | undefined;
|
|
25
|
-
use?: "
|
|
26
|
-
key_ops?: ("
|
|
21
|
+
use?: "enc" | "sig" | undefined;
|
|
22
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
27
23
|
x5c?: string[] | undefined;
|
|
28
24
|
x5t?: string | undefined;
|
|
29
|
-
|
|
25
|
+
'x5t#S256'?: string | undefined;
|
|
30
26
|
x5u?: string | undefined;
|
|
31
27
|
ext?: boolean | undefined;
|
|
32
28
|
iat?: number | undefined;
|
|
@@ -36,6 +32,10 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
36
32
|
revoked_at: number;
|
|
37
33
|
reason?: string | undefined;
|
|
38
34
|
} | undefined;
|
|
35
|
+
kty: "RSA";
|
|
36
|
+
alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
|
|
37
|
+
n: string;
|
|
38
|
+
e: string;
|
|
39
39
|
d?: string | undefined;
|
|
40
40
|
p?: string | undefined;
|
|
41
41
|
q?: string | undefined;
|
|
@@ -43,24 +43,19 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
43
43
|
dq?: string | undefined;
|
|
44
44
|
qi?: string | undefined;
|
|
45
45
|
oth?: {
|
|
46
|
-
d?: string | undefined;
|
|
47
46
|
r?: string | undefined;
|
|
47
|
+
d?: string | undefined;
|
|
48
48
|
t?: string | undefined;
|
|
49
49
|
}[] | undefined;
|
|
50
50
|
} & {
|
|
51
|
-
kid:
|
|
51
|
+
kid: {};
|
|
52
52
|
}) | ({
|
|
53
|
-
kty: "EC";
|
|
54
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
55
|
-
x: string;
|
|
56
|
-
y: string;
|
|
57
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
58
53
|
kid?: string | undefined;
|
|
59
|
-
use?: "
|
|
60
|
-
key_ops?: ("
|
|
54
|
+
use?: "enc" | "sig" | undefined;
|
|
55
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
61
56
|
x5c?: string[] | undefined;
|
|
62
57
|
x5t?: string | undefined;
|
|
63
|
-
|
|
58
|
+
'x5t#S256'?: string | undefined;
|
|
64
59
|
x5u?: string | undefined;
|
|
65
60
|
ext?: boolean | undefined;
|
|
66
61
|
iat?: number | undefined;
|
|
@@ -70,21 +65,21 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
70
65
|
revoked_at: number;
|
|
71
66
|
reason?: string | undefined;
|
|
72
67
|
} | undefined;
|
|
73
|
-
d?: string | undefined;
|
|
74
|
-
} & {
|
|
75
|
-
kid: NonNullable<unknown>;
|
|
76
|
-
}) | ({
|
|
77
68
|
kty: "EC";
|
|
78
|
-
|
|
69
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
70
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
79
71
|
x: string;
|
|
80
72
|
y: string;
|
|
81
|
-
|
|
73
|
+
d?: string | undefined;
|
|
74
|
+
} & {
|
|
75
|
+
kid: {};
|
|
76
|
+
}) | ({
|
|
82
77
|
kid?: string | undefined;
|
|
83
|
-
use?: "
|
|
84
|
-
key_ops?: ("
|
|
78
|
+
use?: "enc" | "sig" | undefined;
|
|
79
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
85
80
|
x5c?: string[] | undefined;
|
|
86
81
|
x5t?: string | undefined;
|
|
87
|
-
|
|
82
|
+
'x5t#S256'?: string | undefined;
|
|
88
83
|
x5u?: string | undefined;
|
|
89
84
|
ext?: boolean | undefined;
|
|
90
85
|
iat?: number | undefined;
|
|
@@ -94,20 +89,21 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
94
89
|
revoked_at: number;
|
|
95
90
|
reason?: string | undefined;
|
|
96
91
|
} | undefined;
|
|
92
|
+
kty: "EC";
|
|
93
|
+
alg?: "ES256K" | undefined;
|
|
94
|
+
crv: "secp256k1";
|
|
95
|
+
x: string;
|
|
96
|
+
y: string;
|
|
97
97
|
d?: string | undefined;
|
|
98
98
|
} & {
|
|
99
|
-
kid:
|
|
99
|
+
kid: {};
|
|
100
100
|
}) | ({
|
|
101
|
-
kty: "OKP";
|
|
102
|
-
crv: "Ed25519" | "Ed448";
|
|
103
|
-
x: string;
|
|
104
|
-
alg?: "EdDSA" | undefined;
|
|
105
101
|
kid?: string | undefined;
|
|
106
|
-
use?: "
|
|
107
|
-
key_ops?: ("
|
|
102
|
+
use?: "enc" | "sig" | undefined;
|
|
103
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
108
104
|
x5c?: string[] | undefined;
|
|
109
105
|
x5t?: string | undefined;
|
|
110
|
-
|
|
106
|
+
'x5t#S256'?: string | undefined;
|
|
111
107
|
x5u?: string | undefined;
|
|
112
108
|
ext?: boolean | undefined;
|
|
113
109
|
iat?: number | undefined;
|
|
@@ -117,24 +113,24 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
117
113
|
revoked_at: number;
|
|
118
114
|
reason?: string | undefined;
|
|
119
115
|
} | undefined;
|
|
116
|
+
kty: "OKP";
|
|
117
|
+
alg?: "EdDSA" | undefined;
|
|
118
|
+
crv: "Ed25519" | "Ed448";
|
|
119
|
+
x: string;
|
|
120
120
|
d?: string | undefined;
|
|
121
121
|
} & {
|
|
122
|
-
kid:
|
|
122
|
+
kid: {};
|
|
123
123
|
})) & {
|
|
124
124
|
d?: never;
|
|
125
125
|
})[], unknown[]>;
|
|
126
126
|
}, "strip", z.ZodTypeAny, {
|
|
127
127
|
keys: ((({
|
|
128
|
-
kty: "RSA";
|
|
129
|
-
n: string;
|
|
130
|
-
e: string;
|
|
131
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
132
128
|
kid?: string | undefined;
|
|
133
|
-
use?: "
|
|
134
|
-
key_ops?: ("
|
|
129
|
+
use?: "enc" | "sig" | undefined;
|
|
130
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
135
131
|
x5c?: string[] | undefined;
|
|
136
132
|
x5t?: string | undefined;
|
|
137
|
-
|
|
133
|
+
'x5t#S256'?: string | undefined;
|
|
138
134
|
x5u?: string | undefined;
|
|
139
135
|
ext?: boolean | undefined;
|
|
140
136
|
iat?: number | undefined;
|
|
@@ -144,6 +140,10 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
144
140
|
revoked_at: number;
|
|
145
141
|
reason?: string | undefined;
|
|
146
142
|
} | undefined;
|
|
143
|
+
kty: "RSA";
|
|
144
|
+
alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
|
|
145
|
+
n: string;
|
|
146
|
+
e: string;
|
|
147
147
|
d?: string | undefined;
|
|
148
148
|
p?: string | undefined;
|
|
149
149
|
q?: string | undefined;
|
|
@@ -151,24 +151,19 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
151
151
|
dq?: string | undefined;
|
|
152
152
|
qi?: string | undefined;
|
|
153
153
|
oth?: {
|
|
154
|
-
d?: string | undefined;
|
|
155
154
|
r?: string | undefined;
|
|
155
|
+
d?: string | undefined;
|
|
156
156
|
t?: string | undefined;
|
|
157
157
|
}[] | undefined;
|
|
158
158
|
} & {
|
|
159
|
-
kid:
|
|
159
|
+
kid: {};
|
|
160
160
|
}) | ({
|
|
161
|
-
kty: "EC";
|
|
162
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
163
|
-
x: string;
|
|
164
|
-
y: string;
|
|
165
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
166
161
|
kid?: string | undefined;
|
|
167
|
-
use?: "
|
|
168
|
-
key_ops?: ("
|
|
162
|
+
use?: "enc" | "sig" | undefined;
|
|
163
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
169
164
|
x5c?: string[] | undefined;
|
|
170
165
|
x5t?: string | undefined;
|
|
171
|
-
|
|
166
|
+
'x5t#S256'?: string | undefined;
|
|
172
167
|
x5u?: string | undefined;
|
|
173
168
|
ext?: boolean | undefined;
|
|
174
169
|
iat?: number | undefined;
|
|
@@ -178,21 +173,21 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
178
173
|
revoked_at: number;
|
|
179
174
|
reason?: string | undefined;
|
|
180
175
|
} | undefined;
|
|
181
|
-
d?: string | undefined;
|
|
182
|
-
} & {
|
|
183
|
-
kid: NonNullable<unknown>;
|
|
184
|
-
}) | ({
|
|
185
176
|
kty: "EC";
|
|
186
|
-
|
|
177
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
178
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
187
179
|
x: string;
|
|
188
180
|
y: string;
|
|
189
|
-
|
|
181
|
+
d?: string | undefined;
|
|
182
|
+
} & {
|
|
183
|
+
kid: {};
|
|
184
|
+
}) | ({
|
|
190
185
|
kid?: string | undefined;
|
|
191
|
-
use?: "
|
|
192
|
-
key_ops?: ("
|
|
186
|
+
use?: "enc" | "sig" | undefined;
|
|
187
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
193
188
|
x5c?: string[] | undefined;
|
|
194
189
|
x5t?: string | undefined;
|
|
195
|
-
|
|
190
|
+
'x5t#S256'?: string | undefined;
|
|
196
191
|
x5u?: string | undefined;
|
|
197
192
|
ext?: boolean | undefined;
|
|
198
193
|
iat?: number | undefined;
|
|
@@ -202,20 +197,21 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
202
197
|
revoked_at: number;
|
|
203
198
|
reason?: string | undefined;
|
|
204
199
|
} | undefined;
|
|
200
|
+
kty: "EC";
|
|
201
|
+
alg?: "ES256K" | undefined;
|
|
202
|
+
crv: "secp256k1";
|
|
203
|
+
x: string;
|
|
204
|
+
y: string;
|
|
205
205
|
d?: string | undefined;
|
|
206
206
|
} & {
|
|
207
|
-
kid:
|
|
207
|
+
kid: {};
|
|
208
208
|
}) | ({
|
|
209
|
-
kty: "OKP";
|
|
210
|
-
crv: "Ed25519" | "Ed448";
|
|
211
|
-
x: string;
|
|
212
|
-
alg?: "EdDSA" | undefined;
|
|
213
209
|
kid?: string | undefined;
|
|
214
|
-
use?: "
|
|
215
|
-
key_ops?: ("
|
|
210
|
+
use?: "enc" | "sig" | undefined;
|
|
211
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
216
212
|
x5c?: string[] | undefined;
|
|
217
213
|
x5t?: string | undefined;
|
|
218
|
-
|
|
214
|
+
'x5t#S256'?: string | undefined;
|
|
219
215
|
x5u?: string | undefined;
|
|
220
216
|
ext?: boolean | undefined;
|
|
221
217
|
iat?: number | undefined;
|
|
@@ -225,9 +221,13 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
225
221
|
revoked_at: number;
|
|
226
222
|
reason?: string | undefined;
|
|
227
223
|
} | undefined;
|
|
224
|
+
kty: "OKP";
|
|
225
|
+
alg?: "EdDSA" | undefined;
|
|
226
|
+
crv: "Ed25519" | "Ed448";
|
|
227
|
+
x: string;
|
|
228
228
|
d?: string | undefined;
|
|
229
229
|
} & {
|
|
230
|
-
kid:
|
|
230
|
+
kid: {};
|
|
231
231
|
})) & {
|
|
232
232
|
d?: never;
|
|
233
233
|
})[];
|
|
@@ -243,10 +243,10 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
243
243
|
authorization_encrypted_response_alg: z.ZodOptional<z.ZodString>;
|
|
244
244
|
client_id: z.ZodOptional<z.ZodString>;
|
|
245
245
|
client_name: z.ZodOptional<z.ZodString>;
|
|
246
|
-
client_uri: z.ZodOptional<z.ZodEffects<z.ZodString,
|
|
247
|
-
policy_uri: z.ZodOptional<z.ZodEffects<z.ZodString,
|
|
248
|
-
tos_uri: z.ZodOptional<z.ZodEffects<z.ZodString,
|
|
249
|
-
logo_uri: z.ZodOptional<z.ZodEffects<z.ZodString,
|
|
246
|
+
client_uri: z.ZodOptional<z.ZodEffects<z.ZodString, "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}`, string>>;
|
|
247
|
+
policy_uri: z.ZodOptional<z.ZodEffects<z.ZodString, "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}`, string>>;
|
|
248
|
+
tos_uri: z.ZodOptional<z.ZodEffects<z.ZodString, "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}`, string>>;
|
|
249
|
+
logo_uri: z.ZodOptional<z.ZodEffects<z.ZodString, "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}`, string>>;
|
|
250
250
|
default_max_age: z.ZodOptional<z.ZodNumber>;
|
|
251
251
|
require_auth_time: z.ZodOptional<z.ZodBoolean>;
|
|
252
252
|
contacts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
@@ -254,33 +254,25 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
254
254
|
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
255
255
|
authorization_details_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
256
256
|
}, {
|
|
257
|
-
client_id: z.ZodUnion<[z.ZodEffects<z.ZodIntersection<z.ZodString, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `https://${string}`, string>>, `https://${string}/${string}`, string>, z.ZodEffects<z.ZodString, "http://localhost" |
|
|
257
|
+
client_id: z.ZodUnion<[z.ZodEffects<z.ZodIntersection<z.ZodString, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `https://${string}`, string>>, `https://${string}/${string}`, string>, z.ZodEffects<z.ZodString, "http://localhost" | "http://localhost/" | `http://localhost/?${string}` | `http://localhost?${string}`, string>]>;
|
|
258
258
|
}>, "strip", z.ZodTypeAny, {
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
grant_types: ["authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]];
|
|
263
|
-
token_endpoint_auth_method: "none" | "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth";
|
|
264
|
-
application_type: "web" | "native";
|
|
265
|
-
subject_type: "public" | "pairwise";
|
|
266
|
-
authorization_signed_response_alg: string;
|
|
259
|
+
redirect_uris: ["http://127.0.0.1" | `${string}.${string}:/${string}` | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `https://${string}`, ...("http://127.0.0.1" | `${string}.${string}:/${string}` | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `https://${string}`)[]];
|
|
260
|
+
response_types: ["code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token", ...("code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token")[]];
|
|
261
|
+
grant_types: ["authorization_code" | "client_credentials" | "implicit" | "password" | "refresh_token" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "client_credentials" | "implicit" | "password" | "refresh_token" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]];
|
|
267
262
|
scope?: string | undefined;
|
|
263
|
+
token_endpoint_auth_method: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth";
|
|
268
264
|
token_endpoint_auth_signing_alg?: string | undefined;
|
|
269
265
|
userinfo_signed_response_alg?: string | undefined;
|
|
270
266
|
userinfo_encrypted_response_alg?: string | undefined;
|
|
271
|
-
jwks_uri?:
|
|
267
|
+
jwks_uri?: "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}` | undefined;
|
|
272
268
|
jwks?: {
|
|
273
269
|
keys: ((({
|
|
274
|
-
kty: "RSA";
|
|
275
|
-
n: string;
|
|
276
|
-
e: string;
|
|
277
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
278
270
|
kid?: string | undefined;
|
|
279
|
-
use?: "
|
|
280
|
-
key_ops?: ("
|
|
271
|
+
use?: "enc" | "sig" | undefined;
|
|
272
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
281
273
|
x5c?: string[] | undefined;
|
|
282
274
|
x5t?: string | undefined;
|
|
283
|
-
|
|
275
|
+
'x5t#S256'?: string | undefined;
|
|
284
276
|
x5u?: string | undefined;
|
|
285
277
|
ext?: boolean | undefined;
|
|
286
278
|
iat?: number | undefined;
|
|
@@ -290,6 +282,10 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
290
282
|
revoked_at: number;
|
|
291
283
|
reason?: string | undefined;
|
|
292
284
|
} | undefined;
|
|
285
|
+
kty: "RSA";
|
|
286
|
+
alg?: "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" | undefined;
|
|
287
|
+
n: string;
|
|
288
|
+
e: string;
|
|
293
289
|
d?: string | undefined;
|
|
294
290
|
p?: string | undefined;
|
|
295
291
|
q?: string | undefined;
|
|
@@ -297,24 +293,19 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
297
293
|
dq?: string | undefined;
|
|
298
294
|
qi?: string | undefined;
|
|
299
295
|
oth?: {
|
|
300
|
-
d?: string | undefined;
|
|
301
296
|
r?: string | undefined;
|
|
297
|
+
d?: string | undefined;
|
|
302
298
|
t?: string | undefined;
|
|
303
299
|
}[] | undefined;
|
|
304
300
|
} & {
|
|
305
|
-
kid:
|
|
301
|
+
kid: {};
|
|
306
302
|
}) | ({
|
|
307
|
-
kty: "EC";
|
|
308
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
309
|
-
x: string;
|
|
310
|
-
y: string;
|
|
311
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
312
303
|
kid?: string | undefined;
|
|
313
|
-
use?: "
|
|
314
|
-
key_ops?: ("
|
|
304
|
+
use?: "enc" | "sig" | undefined;
|
|
305
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
315
306
|
x5c?: string[] | undefined;
|
|
316
307
|
x5t?: string | undefined;
|
|
317
|
-
|
|
308
|
+
'x5t#S256'?: string | undefined;
|
|
318
309
|
x5u?: string | undefined;
|
|
319
310
|
ext?: boolean | undefined;
|
|
320
311
|
iat?: number | undefined;
|
|
@@ -324,21 +315,21 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
324
315
|
revoked_at: number;
|
|
325
316
|
reason?: string | undefined;
|
|
326
317
|
} | undefined;
|
|
327
|
-
d?: string | undefined;
|
|
328
|
-
} & {
|
|
329
|
-
kid: NonNullable<unknown>;
|
|
330
|
-
}) | ({
|
|
331
318
|
kty: "EC";
|
|
332
|
-
|
|
319
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
320
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
333
321
|
x: string;
|
|
334
322
|
y: string;
|
|
335
|
-
|
|
323
|
+
d?: string | undefined;
|
|
324
|
+
} & {
|
|
325
|
+
kid: {};
|
|
326
|
+
}) | ({
|
|
336
327
|
kid?: string | undefined;
|
|
337
|
-
use?: "
|
|
338
|
-
key_ops?: ("
|
|
328
|
+
use?: "enc" | "sig" | undefined;
|
|
329
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
339
330
|
x5c?: string[] | undefined;
|
|
340
331
|
x5t?: string | undefined;
|
|
341
|
-
|
|
332
|
+
'x5t#S256'?: string | undefined;
|
|
342
333
|
x5u?: string | undefined;
|
|
343
334
|
ext?: boolean | undefined;
|
|
344
335
|
iat?: number | undefined;
|
|
@@ -348,20 +339,21 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
348
339
|
revoked_at: number;
|
|
349
340
|
reason?: string | undefined;
|
|
350
341
|
} | undefined;
|
|
342
|
+
kty: "EC";
|
|
343
|
+
alg?: "ES256K" | undefined;
|
|
344
|
+
crv: "secp256k1";
|
|
345
|
+
x: string;
|
|
346
|
+
y: string;
|
|
351
347
|
d?: string | undefined;
|
|
352
348
|
} & {
|
|
353
|
-
kid:
|
|
349
|
+
kid: {};
|
|
354
350
|
}) | ({
|
|
355
|
-
kty: "OKP";
|
|
356
|
-
crv: "Ed25519" | "Ed448";
|
|
357
|
-
x: string;
|
|
358
|
-
alg?: "EdDSA" | undefined;
|
|
359
351
|
kid?: string | undefined;
|
|
360
|
-
use?: "
|
|
361
|
-
key_ops?: ("
|
|
352
|
+
use?: "enc" | "sig" | undefined;
|
|
353
|
+
key_ops?: ("decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey")[] | undefined;
|
|
362
354
|
x5c?: string[] | undefined;
|
|
363
355
|
x5t?: string | undefined;
|
|
364
|
-
|
|
356
|
+
'x5t#S256'?: string | undefined;
|
|
365
357
|
x5u?: string | undefined;
|
|
366
358
|
ext?: boolean | undefined;
|
|
367
359
|
iat?: number | undefined;
|
|
@@ -371,35 +363,42 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
371
363
|
revoked_at: number;
|
|
372
364
|
reason?: string | undefined;
|
|
373
365
|
} | undefined;
|
|
366
|
+
kty: "OKP";
|
|
367
|
+
alg?: "EdDSA" | undefined;
|
|
368
|
+
crv: "Ed25519" | "Ed448";
|
|
369
|
+
x: string;
|
|
374
370
|
d?: string | undefined;
|
|
375
371
|
} & {
|
|
376
|
-
kid:
|
|
372
|
+
kid: {};
|
|
377
373
|
})) & {
|
|
378
374
|
d?: never;
|
|
379
375
|
})[];
|
|
380
376
|
} | undefined;
|
|
377
|
+
application_type: "native" | "web";
|
|
378
|
+
subject_type: "pairwise" | "public";
|
|
381
379
|
request_object_signing_alg?: string | undefined;
|
|
382
380
|
id_token_signed_response_alg?: string | undefined;
|
|
381
|
+
authorization_signed_response_alg: string;
|
|
383
382
|
authorization_encrypted_response_enc?: "A128CBC-HS256" | undefined;
|
|
384
383
|
authorization_encrypted_response_alg?: string | undefined;
|
|
385
384
|
client_name?: string | undefined;
|
|
386
|
-
client_uri?:
|
|
387
|
-
policy_uri?:
|
|
388
|
-
tos_uri?:
|
|
389
|
-
logo_uri?:
|
|
385
|
+
client_uri?: "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}` | undefined;
|
|
386
|
+
policy_uri?: "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}` | undefined;
|
|
387
|
+
tos_uri?: "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}` | undefined;
|
|
388
|
+
logo_uri?: "http://127.0.0.1" | "http://localhost" | `http://127.0.0.1#${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `http://127.0.0.1?${string}` | `http://[::1]${string}` | `http://localhost#${string}` | `http://localhost/${string}` | `http://localhost:${string}` | `http://localhost?${string}` | `https://${string}` | undefined;
|
|
390
389
|
default_max_age?: number | undefined;
|
|
391
390
|
require_auth_time?: boolean | undefined;
|
|
392
391
|
contacts?: string[] | undefined;
|
|
393
392
|
tls_client_certificate_bound_access_tokens?: boolean | undefined;
|
|
394
393
|
dpop_bound_access_tokens?: boolean | undefined;
|
|
395
394
|
authorization_details_types?: string[] | undefined;
|
|
395
|
+
client_id: "http://localhost" | "http://localhost/" | `http://localhost/?${string}` | `http://localhost?${string}` | `https://${string}/${string}`;
|
|
396
396
|
}, {
|
|
397
|
-
client_id: string;
|
|
398
397
|
redirect_uris: [string, ...string[]];
|
|
398
|
+
response_types?: ["code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token", ...("code" | "code id_token" | "code id_token token" | "code token" | "id_token" | "id_token token" | "none" | "token")[]] | undefined;
|
|
399
|
+
grant_types?: ["authorization_code" | "client_credentials" | "implicit" | "password" | "refresh_token" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "client_credentials" | "implicit" | "password" | "refresh_token" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]] | undefined;
|
|
399
400
|
scope?: string | undefined;
|
|
400
|
-
|
|
401
|
-
grant_types?: ["authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]] | undefined;
|
|
402
|
-
token_endpoint_auth_method?: "none" | "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth" | undefined;
|
|
401
|
+
token_endpoint_auth_method?: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth" | undefined;
|
|
403
402
|
token_endpoint_auth_signing_alg?: string | undefined;
|
|
404
403
|
userinfo_signed_response_alg?: string | undefined;
|
|
405
404
|
userinfo_encrypted_response_alg?: string | undefined;
|
|
@@ -407,8 +406,8 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
407
406
|
jwks?: {
|
|
408
407
|
keys: unknown[];
|
|
409
408
|
} | undefined;
|
|
410
|
-
application_type?: "
|
|
411
|
-
subject_type?: "
|
|
409
|
+
application_type?: "native" | "web" | undefined;
|
|
410
|
+
subject_type?: "pairwise" | "public" | undefined;
|
|
412
411
|
request_object_signing_alg?: string | undefined;
|
|
413
412
|
id_token_signed_response_alg?: string | undefined;
|
|
414
413
|
authorization_signed_response_alg?: string | undefined;
|
|
@@ -425,6 +424,7 @@ export declare const clientMetadataSchema: z.ZodObject<z.objectUtil.extendShape<
|
|
|
425
424
|
tls_client_certificate_bound_access_tokens?: boolean | undefined;
|
|
426
425
|
dpop_bound_access_tokens?: boolean | undefined;
|
|
427
426
|
authorization_details_types?: string[] | undefined;
|
|
427
|
+
client_id: string;
|
|
428
428
|
}>;
|
|
429
429
|
export type ClientMetadata = TypeOf<typeof clientMetadataSchema>;
|
|
430
430
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAC/B,OAAO,EACL,mCAAmC,EAIpC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAMpC,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CACrC,IAAI,CACF,mCAAmC,EACjC,WAAW,GACX,eAAe,GACf,eAAe,GACf,YAAY,GACZ,gBAAgB,GAChB,uBAAuB,CAC1B,GAAG;IACF,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CACF,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,CACpC,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE,cAAc,CAAC,CAAC,CACnE,CAAA;AAED,eAAO,MAAM,oBAAoB
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAC/B,OAAO,EACL,mCAAmC,EAIpC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAMpC,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CACrC,IAAI,CACF,mCAAmC,EACjC,WAAW,GACX,eAAe,GACf,eAAe,GACf,YAAY,GACZ,gBAAgB,GAChB,uBAAuB,CAC1B,GAAG;IACF,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CACF,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,CACpC,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE,cAAc,CAAC,CAAC,CACnE,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAK/B,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAA"}
|
package/dist/util.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;AAC7C,MAAM,MAAM,QAAQ,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;AAEzE,eAAO,MAAM,QAAQ,GAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;AAC7C,MAAM,MAAM,QAAQ,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;AAEzE,eAAO,MAAM,QAAQ,GAAI,CAAC,KAAK,CAAC,6BAA4C,CAAA;AAE5E,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAEhE;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,SAAS,CAAC,WAAW,GAAG,SAAS,CAAC,EAAE,GAC5C,eAAe,GAAG,UAAU,CAwB9B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate-client-metadata.js","sourceRoot":"","sources":["../src/validate-client-metadata.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,+BAA+B,EAC/B,2BAA2B,GAC5B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAkB,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAEjE,MAAM,UAAU,sBAAsB,CACpC,KAA+B,EAC/B,MAAe;IAEf,+DAA+D;IAC/D,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;QACnD,KAAK,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,CAAA;IAC7C,CAAC;IAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAElD,qBAAqB;IACrB,IAAI,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,2BAA2B,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;IACjD,CAAC;SAAM,CAAC;QACN,+BAA+B,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;IACrD,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,kDAAkD,CAAC,CAAA;IACzE,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,0BAA0B,CAAA;IAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,+BAA+B,CAAA;IAC1D,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,SAAS,CACjB,gGAAgG,MAAM,GAAG,CAC1G,CAAA;YACH,CAAC;YACD,MAAK;QAEP,KAAK,iBAAiB,
|
|
1
|
+
{"version":3,"file":"validate-client-metadata.js","sourceRoot":"","sources":["../src/validate-client-metadata.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,+BAA+B,EAC/B,2BAA2B,GAC5B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAkB,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAEjE,MAAM,UAAU,sBAAsB,CACpC,KAA+B,EAC/B,MAAe;IAEf,+DAA+D;IAC/D,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;QACnD,KAAK,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,CAAA;IAC7C,CAAC;IAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAElD,qBAAqB;IACrB,IAAI,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,2BAA2B,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;IACjD,CAAC;SAAM,CAAC;QACN,+BAA+B,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;IACrD,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,kDAAkD,CAAC,CAAA;IACzE,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,0BAA0B,CAAA;IAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,+BAA+B,CAAA;IAC1D,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,SAAS,CACjB,gGAAgG,MAAM,GAAG,CAC1G,CAAA;YACH,CAAC;YACD,MAAK;QAEP,KAAK,iBAAiB,EAAE,CAAC;YACvB,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,SAAS,CACjB,4FAA4F,MAAM,GAAG,CACtG,CAAA;YACH,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,SAAS,CACjB,iCAAiC,MAAM,qBAAqB,CAC7D,CAAA;YACH,CAAC;YAED,sEAAsE;YACtE,uEAAuE;YACvE,qDAAqD;YACrD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CACnE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CACjB,CAAA;YAED,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBACxB,MAAM,IAAI,SAAS,CACjB,iCAAiC,MAAM,kEAAkE,CAC1G,CAAA;YACH,CAAC;YAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,SAAS,CACjB,iCAAiC,MAAM,mCAAmC,YAAY,eAAe,CACtG,CAAA;YACH,CAAC;YAED,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAClB,oEAAoE;gBACpE,0BAA0B;gBAC1B,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;oBAC9B,IACE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EAChE,CAAC;wBACD,MAAM,IAAI,SAAS,CACjB,4BAA4B,GAAG,CAAC,GAAG,gHAAgH,CACpJ,CAAA;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBAC7B,wEAAwE;gBACxE,wEAAwE;gBACxE,2CAA2C;YAC7C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,SAAS,CACjB,iCAAiC,MAAM,mBAAmB,CAC3D,CAAA;YACH,CAAC;YAED,MAAK;QACP,CAAC;QAED;YACE,MAAM,IAAI,SAAS,CACjB,mDAAmD,MAAM,EAAE,CAC5D,CAAA;IACL,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC","sourcesContent":["import { Keyset } from '@atproto/jwk'\nimport {\n OAuthClientMetadataInput,\n assertOAuthDiscoverableClientId,\n assertOAuthLoopbackClientId,\n} from '@atproto/oauth-types'\nimport { FALLBACK_ALG } from './constants.js'\nimport { ClientMetadata, clientMetadataSchema } from './types.js'\n\nexport function validateClientMetadata(\n input: OAuthClientMetadataInput,\n keyset?: Keyset,\n): ClientMetadata {\n // Allow to pass a keyset and omit the jwks/jwks_uri properties\n if (!input.jwks && !input.jwks_uri && keyset?.size) {\n input = { ...input, jwks: keyset.toJSON() }\n }\n\n const metadata = clientMetadataSchema.parse(input)\n\n // Validate client ID\n if (metadata.client_id.startsWith('http:')) {\n assertOAuthLoopbackClientId(metadata.client_id)\n } else {\n assertOAuthDiscoverableClientId(metadata.client_id)\n }\n\n const scopes = metadata.scope?.split(' ')\n if (!scopes?.includes('atproto')) {\n throw new TypeError(`Client metadata must include the \"atproto\" scope`)\n }\n\n if (!metadata.response_types.includes('code')) {\n throw new TypeError(`\"response_types\" must include \"code\"`)\n }\n\n if (!metadata.grant_types.includes('authorization_code')) {\n throw new TypeError(`\"grant_types\" must include \"authorization_code\"`)\n }\n\n const method = metadata.token_endpoint_auth_method\n const methodAlg = metadata.token_endpoint_auth_signing_alg\n switch (method) {\n case 'none':\n if (methodAlg) {\n throw new TypeError(\n `\"token_endpoint_auth_signing_alg\" must not be provided when \"token_endpoint_auth_method\" is \"${method}\"`,\n )\n }\n break\n\n case 'private_key_jwt': {\n if (!methodAlg) {\n throw new TypeError(\n `\"token_endpoint_auth_signing_alg\" must be provided when \"token_endpoint_auth_method\" is \"${method}\"`,\n )\n }\n\n if (!keyset) {\n throw new TypeError(\n `Client authentication method \"${method}\" requires a keyset`,\n )\n }\n\n // @NOTE This reproduces the logic from `negotiateClientAuthMethod` at\n // initialization time to ensure that every key that might end-up being\n // used is indeed valid & advertised in the metadata.\n const signingKeys = Array.from(keyset.list({ usage: 'sign' })).filter(\n (key) => key.kid,\n )\n\n if (!signingKeys.length) {\n throw new TypeError(\n `Client authentication method \"${method}\" requires at least one active signing key with a \"kid\" property`,\n )\n }\n\n if (!signingKeys.some((key) => key.algorithms.includes(FALLBACK_ALG))) {\n throw new TypeError(\n `Client authentication method \"${method}\" requires at least one active \"${FALLBACK_ALG}\" signing key`,\n )\n }\n\n if (metadata.jwks) {\n // Ensure that all the signing keys that could end-up being used are\n // advertised in the JWKS.\n for (const key of signingKeys) {\n if (\n !metadata.jwks.keys.some((k) => k.kid === key.kid && !k.revoked)\n ) {\n throw new TypeError(\n `Missing or inactive key \"${key.kid}\" in jwks. Make sure that every signing key of the Keyset is declared as an active key in the Metadata's JWKS.`,\n )\n }\n }\n } else if (metadata.jwks_uri) {\n // @NOTE we only ensure that all the signing keys are referenced in JWKS\n // when it is available (see previous \"if\") as we don't want to download\n // that file here (for efficiency reasons).\n } else {\n throw new TypeError(\n `Client authentication method \"${method}\" requires a JWKS`,\n )\n }\n\n break\n }\n\n default:\n throw new TypeError(\n `Unsupported \"token_endpoint_auth_method\" value: ${method}`,\n )\n }\n\n return metadata\n}\n"]}
|