@atproto/oauth-types 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/atproto-loopback-client-metadata.d.ts.map +1 -1
  3. package/dist/atproto-loopback-client-metadata.js +2 -3
  4. package/dist/atproto-loopback-client-metadata.js.map +1 -1
  5. package/dist/oauth-authentication-request-parameters.d.ts +1 -1
  6. package/dist/oauth-authentication-request-parameters.d.ts.map +1 -1
  7. package/dist/oauth-authentication-request-parameters.js +7 -14
  8. package/dist/oauth-authentication-request-parameters.js.map +1 -1
  9. package/dist/oauth-response-type.js +2 -2
  10. package/dist/oauth-response-type.js.map +1 -1
  11. package/dist/oauth-token-response.d.ts +0 -3
  12. package/dist/oauth-token-response.d.ts.map +1 -1
  13. package/dist/oauth-token-response.js +0 -1
  14. package/dist/oauth-token-response.js.map +1 -1
  15. package/package.json +1 -1
  16. package/src/atproto-loopback-client-metadata.ts +2 -3
  17. package/src/oauth-authentication-request-parameters.ts +7 -15
  18. package/src/oauth-response-type.ts +2 -2
  19. package/src/oauth-token-response.ts +0 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,15 @@
1
1
  # @atproto/oauth-types
2
2
 
3
+ ## 0.1.4
4
+
5
+ ### Patch Changes
6
+
7
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Validate scopes characters according to OAuth 2.1 spec
8
+
9
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Re-use code definition of oauthResponseTypeSchema
10
+
11
+ - [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove non-standard "sub" from OAuthTokenResponse
12
+
3
13
  ## 0.1.3
4
14
 
5
15
  ### Patch Changes
package/dist/atproto-loopback-client-metadata.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"atproto-loopback-client-metadata.d.ts","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AAGrE,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,MAAM,GACf,wBAAwB,CA8B1B"}
1
+ {"version":3,"file":"atproto-loopback-client-metadata.d.ts","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AAGrE,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,MAAM,GACf,wBAAwB,CA6B1B"}
package/dist/atproto-loopback-client-metadata.js CHANGED
@@ -17,9 +17,8 @@ function atprotoLoopbackClientMetadata(clientId) {
17
17
  return {
18
18
  client_id: clientId,
19
19
  client_name: 'Loopback client',
20
- response_types: ['code id_token', 'code'],
21
- grant_types: ['authorization_code', 'implicit', 'refresh_token'],
22
- scope: 'openid profile offline_access',
20
+ response_types: ['code'],
21
+ grant_types: ['authorization_code', 'refresh_token'],
23
22
  redirect_uris: (redirectUris.length
24
23
  ? redirectUris
25
24
  : ['127.0.0.1', '[::1]'].map((ip) => Object.assign(new URL(pathname, origin), { hostname: ip }).href)),
package/dist/atproto-loopback-client-metadata.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"atproto-loopback-client-metadata.js","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":";;;AAAA,+EAAuE;AAEvE,qEAAgE;AAEhE,SAAgB,6BAA6B,CAC3C,QAAgB;IAEhB,IAAI,CAAC,IAAA,qDAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,QAAQ,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAA,8CAAqB,EAAC,QAAQ,CAAC,CAAA;IAE1E,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,2BAA2B,IAAI,eAAe,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;IAExD,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,iBAAiB;QAC9B,cAAc,EAAE,CAAC,eAAe,EAAE,MAAM,CAAC;QACzC,WAAW,EAAE,CAAC,oBAAoB,EAAE,UAAU,EAAE,eAAe,CAAC;QAChE,KAAK,EAAE,+BAA+B;QACtC,aAAa,EAAE,CAAC,YAAY,CAAC,MAAM;YACjC,CAAC,CAAC,YAAY;YACd,CAAC,CAAE,CAAC,WAAW,EAAE,OAAO,CAAW,CAAC,GAAG,CACnC,CAAC,EAAE,EAAE,EAAE,CACL,MAAM,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAClE,CAA0B;QAC/B,0BAA0B,EAAE,MAAM;QAClC,gBAAgB,EAAE,QAAQ;QAC1B,wBAAwB,EAAE,IAAI;KAC/B,CAAA;AACH,CAAC;AAhCD,sEAgCC"}
1
+ {"version":3,"file":"atproto-loopback-client-metadata.js","sourceRoot":"","sources":["../src/atproto-loopback-client-metadata.ts"],"names":[],"mappings":";;;AAAA,+EAAuE;AAEvE,qEAAgE;AAEhE,SAAgB,6BAA6B,CAC3C,QAAgB;IAEhB,IAAI,CAAC,IAAA,qDAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,QAAQ,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAA,8CAAqB,EAAC,QAAQ,CAAC,CAAA;IAE1E,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,2BAA2B,IAAI,eAAe,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;IAExD,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,iBAAiB;QAC9B,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QACpD,aAAa,EAAE,CAAC,YAAY,CAAC,MAAM;YACjC,CAAC,CAAC,YAAY;YACd,CAAC,CAAE,CAAC,WAAW,EAAE,OAAO,CAAW,CAAC,GAAG,CACnC,CAAC,EAAE,EAAE,EAAE,CACL,MAAM,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAClE,CAA0B;QAC/B,0BAA0B,EAAE,MAAM;QAClC,gBAAgB,EAAE,QAAQ;QAC1B,wBAAwB,EAAE,IAAI;KAC/B,CAAA;AACH,CAAC;AA/BD,sEA+BC"}
package/dist/oauth-authentication-request-parameters.d.ts CHANGED
@@ -7,7 +7,7 @@ export declare const oauthAuthenticationRequestParametersSchema: z.ZodObject<{
7
7
  state: z.ZodOptional<z.ZodString>;
8
8
  nonce: z.ZodOptional<z.ZodString>;
9
9
  dpop_jkt: z.ZodOptional<z.ZodString>;
10
- response_type: z.ZodEnum<["code", "token", "id_token", "none", "code token", "code id_token", "id_token token", "code id_token token"]>;
10
+ response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
11
11
  response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
12
12
  code_challenge: z.ZodOptional<z.ZodString>;
13
13
  code_challenge_method: z.ZodOptional<z.ZodDefault<z.ZodEnum<["S256", "plain"]>>>;
package/dist/oauth-authentication-request-parameters.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authentication-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAQvB;;GAEG;AACH,eAAO,MAAM,0CAA0C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0ErD;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAKH,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG,CAAC,CAAC,KAAK,CACxD,OAAO,0CAA0C,CAClD,CAAA"}
1
+ {"version":3,"file":"oauth-authentication-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AASvB;;GAEG;AACH,eAAO,MAAM,0CAA0C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAiErD;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAKH,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG,CAAC,CAAC,KAAK,CACxD,OAAO,0CAA0C,CAClD,CAAA"}
package/dist/oauth-authentication-request-parameters.js CHANGED
@@ -5,6 +5,7 @@ const jwk_1 = require("@atproto/jwk");
5
5
  const zod_1 = require("zod");
6
6
  const oauth_authorization_details_js_1 = require("./oauth-authorization-details.js");
7
7
  const oauth_client_id_js_1 = require("./oauth-client-id.js");
8
+ const oauth_response_type_js_1 = require("./oauth-response-type.js");
8
9
  const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
9
10
  const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
10
11
  const oidc_entity_type_js_1 = require("./oidc-entity-type.js");
@@ -16,28 +17,20 @@ exports.oauthAuthenticationRequestParametersSchema = zod_1.z.object({
16
17
  state: zod_1.z.string().optional(),
17
18
  nonce: zod_1.z.string().optional(),
18
19
  dpop_jkt: zod_1.z.string().optional(),
19
- response_type: zod_1.z.enum([
20
- // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
21
- 'code',
22
- 'token',
23
- // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
24
- 'id_token',
25
- 'none',
26
- 'code token',
27
- 'code id_token',
28
- 'id_token token',
29
- 'code id_token token',
30
- ]),
20
+ response_type: oauth_response_type_js_1.oauthResponseTypeSchema,
31
21
  // Default depend on response_type
32
22
  response_mode: zod_1.z.enum(['query', 'fragment', 'form_post']).optional(),
33
23
  // PKCE
34
24
  code_challenge: zod_1.z.string().optional(),
35
25
  code_challenge_method: zod_1.z.enum(['S256', 'plain']).default('S256').optional(),
36
26
  redirect_uri: zod_1.z.string().url().optional(),
37
- // email profile openid (other?)
27
+ // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
28
+ // scope = scope-token *( SP scope-token )
29
+ // scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
30
+ // = Basically most ASCII characters except backslash and double quote
38
31
  scope: zod_1.z
39
32
  .string()
40
- .regex(/^[a-zA-Z0-9_]+( [a-zA-Z0-9_]+)*$/)
33
+ .regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
41
34
  .optional(),
42
35
  // OIDC
43
36
  // Specifies the allowable elapsed time in seconds since the last time the
package/dist/oauth-authentication-request-parameters.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authentication-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,6DAA0D;AAC1D,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAE5D;;GAEG;AACU,QAAA,0CAA0C,GAAG,OAAC,CAAC,MAAM,CAAC;IACjE,SAAS,EAAE,wCAAmB;IAE9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,aAAa,EAAE,OAAC,CAAC,IAAI,CAAC;QACpB,wFAAwF;QACxF,MAAM;QACN,OAAO;QAEP,4EAA4E;QAC5E,UAAU;QACV,MAAM;QACN,YAAY;QACZ,eAAe;QACf,gBAAgB;QAChB,qBAAqB;KACtB,CAAC;IAEF,kCAAkC;IAClC,aAAa,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEpE,OAAO;IACP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;IAE3E,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEzC,gCAAgC;IAChC,KAAK,EAAE,OAAC;SACL,MAAM,EAAE;SACR,KAAK,CAAC,kCAAkC,CAAC;SACzC,QAAQ,EAAE;IAEb,OAAO;IAEP,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3C,MAAM,EAAE,OAAC;SACN,MAAM,CACL,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,gDAAgD,CAAC,CAAC,cAAc;SACtE,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEtD;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-authentication-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authentication-request-parameters.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,6DAA0D;AAC1D,qEAAkE;AAClE,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAE5D;;GAEG;AACU,QAAA,0CAA0C,GAAG,OAAC,CAAC,MAAM,CAAC;IACjE,SAAS,EAAE,wCAAmB;IAE9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,aAAa,EAAE,gDAAuB;IAEtC,kCAAkC;IAClC,aAAa,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEpE,OAAO;IACP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;IAE3E,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEzC,+EAA+E;IAC/E,gDAAgD;IAChD,+CAA+C;IAC/C,sEAAsE;IACtE,KAAK,EAAE,OAAC;SACL,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC;SAC3D,QAAQ,EAAE;IAEb,OAAO;IAEP,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3C,MAAM,EAAE,OAAC;SACN,MAAM,CACL,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,gDAAgD,CAAC,CAAC,cAAc;SACtE,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEtD;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAA"}
package/dist/oauth-response-type.js CHANGED
@@ -3,10 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.oauthResponseTypeSchema = void 0;
4
4
  const zod_1 = require("zod");
5
5
  exports.oauthResponseTypeSchema = zod_1.z.enum([
6
- // OAuth
6
+ // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
7
7
  'code', // Authorization Code Grant
8
8
  'token', // Implicit Grant
9
- // OpenID
9
+ // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
10
10
  'none',
11
11
  'code id_token token',
12
12
  'code id_token',
package/dist/oauth-response-type.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,QAAQ;IACR,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,SAAS;IACT,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,wFAAwF;IACxF,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,4EAA4E;IAC5E,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA"}
package/dist/oauth-token-response.d.ts CHANGED
@@ -6,7 +6,6 @@ export declare const oauthTokenResponseSchema: z.ZodObject<{
6
6
  access_token: z.ZodString;
7
7
  token_type: z.ZodUnion<[z.ZodEffects<z.ZodString, "DPoP", string>, z.ZodEffects<z.ZodString, "Bearer", string>]>;
8
8
  issuer: z.ZodOptional<z.ZodString>;
9
- sub: z.ZodOptional<z.ZodString>;
10
9
  scope: z.ZodOptional<z.ZodString>;
11
10
  id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
12
11
  refresh_token: z.ZodOptional<z.ZodString>;
@@ -37,7 +36,6 @@ export declare const oauthTokenResponseSchema: z.ZodObject<{
37
36
  access_token: z.ZodString;
38
37
  token_type: z.ZodUnion<[z.ZodEffects<z.ZodString, "DPoP", string>, z.ZodEffects<z.ZodString, "Bearer", string>]>;
39
38
  issuer: z.ZodOptional<z.ZodString>;
40
- sub: z.ZodOptional<z.ZodString>;
41
39
  scope: z.ZodOptional<z.ZodString>;
42
40
  id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
43
41
  refresh_token: z.ZodOptional<z.ZodString>;
@@ -68,7 +66,6 @@ export declare const oauthTokenResponseSchema: z.ZodObject<{
68
66
  access_token: z.ZodString;
69
67
  token_type: z.ZodUnion<[z.ZodEffects<z.ZodString, "DPoP", string>, z.ZodEffects<z.ZodString, "Bearer", string>]>;
70
68
  issuer: z.ZodOptional<z.ZodString>;
71
- sub: z.ZodOptional<z.ZodString>;
72
69
  scope: z.ZodOptional<z.ZodString>;
73
70
  id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
74
71
  refresh_token: z.ZodOptional<z.ZodString>;
package/dist/oauth-token-response.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-token-response.d.ts","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAcrB,CAAA;AAEhB;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-token-response.d.ts","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAarB,CAAA;AAEhB;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAA"}
package/dist/oauth-token-response.js CHANGED
@@ -13,7 +13,6 @@ exports.oauthTokenResponseSchema = zod_1.z
13
13
  access_token: zod_1.z.string(),
14
14
  token_type: oauth_token_type_js_1.oauthTokenTypeSchema,
15
15
  issuer: zod_1.z.string().url().optional(),
16
- sub: zod_1.z.string().optional(),
17
16
  scope: zod_1.z.string().optional(),
18
17
  id_token: jwk_1.signedJwtSchema.optional(),
19
18
  refresh_token: zod_1.z.string().optional(),
package/dist/oauth-token-response.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,qBAAe,CAAC,QAAQ,EAAE;IACpC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA"}
1
+ {"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,qBAAe,CAAC,QAAQ,EAAE;IACpC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/oauth-types",
3
- "version": "0.1.3",
3
+ "version": "0.1.4",
4
4
  "license": "MIT",
5
5
  "description": "OAuth typing & validation library",
6
6
  "keywords": [
package/src/atproto-loopback-client-metadata.ts CHANGED
@@ -21,9 +21,8 @@ export function atprotoLoopbackClientMetadata(
21
21
  return {
22
22
  client_id: clientId,
23
23
  client_name: 'Loopback client',
24
- response_types: ['code id_token', 'code'],
25
- grant_types: ['authorization_code', 'implicit', 'refresh_token'],
26
- scope: 'openid profile offline_access',
24
+ response_types: ['code'],
25
+ grant_types: ['authorization_code', 'refresh_token'],
27
26
  redirect_uris: (redirectUris.length
28
27
  ? redirectUris
29
28
  : (['127.0.0.1', '[::1]'] as const).map(
package/src/oauth-authentication-request-parameters.ts CHANGED
@@ -3,6 +3,7 @@ import { z } from 'zod'
3
3
 
4
4
  import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'
5
5
  import { oauthClientIdSchema } from './oauth-client-id.js'
6
+ import { oauthResponseTypeSchema } from './oauth-response-type.js'
6
7
  import { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'
7
8
  import { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'
8
9
  import { oidcEntityTypeSchema } from './oidc-entity-type.js'
@@ -17,19 +18,7 @@ export const oauthAuthenticationRequestParametersSchema = z.object({
17
18
  nonce: z.string().optional(),
18
19
  dpop_jkt: z.string().optional(),
19
20
 
20
- response_type: z.enum([
21
- // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
22
- 'code',
23
- 'token',
24
-
25
- // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
26
- 'id_token',
27
- 'none',
28
- 'code token',
29
- 'code id_token',
30
- 'id_token token',
31
- 'code id_token token',
32
- ]),
21
+ response_type: oauthResponseTypeSchema,
33
22
 
34
23
  // Default depend on response_type
35
24
  response_mode: z.enum(['query', 'fragment', 'form_post']).optional(),
@@ -40,10 +29,13 @@ export const oauthAuthenticationRequestParametersSchema = z.object({
40
29
 
41
30
  redirect_uri: z.string().url().optional(),
42
31
 
43
- // email profile openid (other?)
32
+ // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
33
+ // scope = scope-token *( SP scope-token )
34
+ // scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
35
+ // = Basically most ASCII characters except backslash and double quote
44
36
  scope: z
45
37
  .string()
46
- .regex(/^[a-zA-Z0-9_]+( [a-zA-Z0-9_]+)*$/)
38
+ .regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
47
39
  .optional(),
48
40
 
49
41
  // OIDC
package/src/oauth-response-type.ts CHANGED
@@ -1,11 +1,11 @@
1
1
  import { z } from 'zod'
2
2
 
3
3
  export const oauthResponseTypeSchema = z.enum([
4
- // OAuth
4
+ // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
5
5
  'code', // Authorization Code Grant
6
6
  'token', // Implicit Grant
7
7
 
8
- // OpenID
8
+ // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
9
9
  'none',
10
10
  'code id_token token',
11
11
  'code id_token',
package/src/oauth-token-response.ts CHANGED
@@ -12,7 +12,6 @@ export const oauthTokenResponseSchema = z
12
12
  access_token: z.string(),
13
13
  token_type: oauthTokenTypeSchema,
14
14
  issuer: z.string().url().optional(),
15
- sub: z.string().optional(),
16
15
  scope: z.string().optional(),
17
16
  id_token: signedJwtSchema.optional(),
18
17
  refresh_token: z.string().optional(),