@atproto/oauth-types 0.1.3 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +36 -0
- package/dist/atproto-loopback-client-metadata.d.ts.map +1 -1
- package/dist/atproto-loopback-client-metadata.js +5 -17
- package/dist/atproto-loopback-client-metadata.js.map +1 -1
- package/dist/index.d.ts +18 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +18 -5
- package/dist/index.js.map +1 -1
- package/dist/oauth-access-token.d.ts +4 -0
- package/dist/oauth-access-token.d.ts.map +1 -0
- package/dist/oauth-access-token.js +6 -0
- package/dist/oauth-access-token.js.map +1 -0
- package/dist/oauth-authorization-code-grant-token-request.d.ts +20 -0
- package/dist/oauth-authorization-code-grant-token-request.d.ts.map +1 -0
- package/dist/oauth-authorization-code-grant-token-request.js +17 -0
- package/dist/oauth-authorization-code-grant-token-request.js.map +1 -0
- package/dist/oauth-authorization-request-jar.d.ts +16 -0
- package/dist/oauth-authorization-request-jar.d.ts.map +1 -0
- package/dist/oauth-authorization-request-jar.js +15 -0
- package/dist/oauth-authorization-request-jar.js.map +1 -0
- package/dist/oauth-authorization-request-par.d.ts +122 -0
- package/dist/oauth-authorization-request-par.d.ts.map +1 -0
- package/dist/oauth-authorization-request-par.js +11 -0
- package/dist/oauth-authorization-request-par.js.map +1 -0
- package/dist/{oauth-authentication-request-parameters.d.ts → oauth-authorization-request-parameters.d.ts} +16 -16
- package/dist/oauth-authorization-request-parameters.d.ts.map +1 -0
- package/dist/{oauth-authentication-request-parameters.js → oauth-authorization-request-parameters.js} +17 -25
- package/dist/oauth-authorization-request-parameters.js.map +1 -0
- package/dist/oauth-authorization-request-query.d.ts +128 -0
- package/dist/oauth-authorization-request-query.d.ts.map +1 -0
- package/dist/oauth-authorization-request-query.js +13 -0
- package/dist/oauth-authorization-request-query.js.map +1 -0
- package/dist/oauth-authorization-request-uri.d.ts +10 -0
- package/dist/oauth-authorization-request-uri.d.ts.map +1 -0
- package/dist/oauth-authorization-request-uri.js +9 -0
- package/dist/oauth-authorization-request-uri.js.map +1 -0
- package/dist/oauth-authorization-server-metadata.d.ts +10 -10
- package/dist/oauth-authorization-server-metadata.d.ts.map +1 -1
- package/dist/oauth-authorization-server-metadata.js +5 -1
- package/dist/oauth-authorization-server-metadata.js.map +1 -1
- package/dist/oauth-client-credentials-grant-token-request.d.ts +10 -0
- package/dist/oauth-client-credentials-grant-token-request.d.ts.map +1 -0
- package/dist/oauth-client-credentials-grant-token-request.js +8 -0
- package/dist/oauth-client-credentials-grant-token-request.js.map +1 -0
- package/dist/oauth-client-credentials.d.ts +18 -2
- package/dist/oauth-client-credentials.d.ts.map +1 -1
- package/dist/oauth-client-credentials.js +8 -2
- package/dist/oauth-client-credentials.js.map +1 -1
- package/dist/oauth-client-id-discoverable.d.ts +3 -2
- package/dist/oauth-client-id-discoverable.d.ts.map +1 -1
- package/dist/oauth-client-id-discoverable.js +21 -18
- package/dist/oauth-client-id-discoverable.js.map +1 -1
- package/dist/oauth-client-id-loopback.d.ts +10 -3
- package/dist/oauth-client-id-loopback.d.ts.map +1 -1
- package/dist/oauth-client-id-loopback.js +58 -21
- package/dist/oauth-client-id-loopback.js.map +1 -1
- package/dist/oauth-client-metadata.d.ts +1 -1
- package/dist/oauth-client-metadata.d.ts.map +1 -1
- package/dist/oauth-client-metadata.js +2 -1
- package/dist/oauth-client-metadata.js.map +1 -1
- package/dist/oauth-code-challenge-method.d.ts +3 -0
- package/dist/oauth-code-challenge-method.d.ts.map +1 -0
- package/dist/oauth-code-challenge-method.js +6 -0
- package/dist/oauth-code-challenge-method.js.map +1 -0
- package/dist/oauth-introspection-response.d.ts +20 -0
- package/dist/oauth-introspection-response.d.ts.map +1 -0
- package/dist/oauth-introspection-response.js +3 -0
- package/dist/oauth-introspection-response.js.map +1 -0
- package/dist/oauth-par-response.d.ts +3 -0
- package/dist/oauth-par-response.d.ts.map +1 -1
- package/dist/oauth-par-response.js +1 -0
- package/dist/oauth-par-response.js.map +1 -1
- package/dist/oauth-password-grant-token-request.d.ts +16 -0
- package/dist/oauth-password-grant-token-request.d.ts.map +1 -0
- package/dist/oauth-password-grant-token-request.js +10 -0
- package/dist/oauth-password-grant-token-request.js.map +1 -0
- package/dist/oauth-refresh-token-grant-token-request.d.ts +16 -0
- package/dist/oauth-refresh-token-grant-token-request.d.ts.map +1 -0
- package/dist/oauth-refresh-token-grant-token-request.js +12 -0
- package/dist/oauth-refresh-token-grant-token-request.js.map +1 -0
- package/dist/oauth-refresh-token.d.ts +4 -0
- package/dist/oauth-refresh-token.d.ts.map +1 -0
- package/dist/oauth-refresh-token.js +6 -0
- package/dist/oauth-refresh-token.js.map +1 -0
- package/dist/oauth-request-uri.d.ts +4 -0
- package/dist/oauth-request-uri.d.ts.map +1 -0
- package/dist/oauth-request-uri.js +6 -0
- package/dist/oauth-request-uri.js.map +1 -0
- package/dist/oauth-response-type.js +2 -2
- package/dist/oauth-response-type.js.map +1 -1
- package/dist/oauth-scope.d.ts +10 -0
- package/dist/oauth-scope.d.ts.map +1 -0
- package/dist/oauth-scope.js +16 -0
- package/dist/oauth-scope.js.map +1 -0
- package/dist/oauth-token-identification.d.ts +13 -0
- package/dist/oauth-token-identification.d.ts.map +1 -0
- package/dist/oauth-token-identification.js +11 -0
- package/dist/oauth-token-identification.js.map +1 -0
- package/dist/oauth-token-request.d.ts +49 -0
- package/dist/oauth-token-request.d.ts.map +1 -0
- package/dist/oauth-token-request.js +15 -0
- package/dist/oauth-token-request.js.map +1 -0
- package/dist/oauth-token-response.d.ts +0 -3
- package/dist/oauth-token-response.d.ts.map +1 -1
- package/dist/oauth-token-response.js +0 -1
- package/dist/oauth-token-response.js.map +1 -1
- package/dist/util.d.ts +2 -1
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +34 -3
- package/dist/util.js.map +1 -1
- package/package.json +1 -1
- package/src/atproto-loopback-client-metadata.ts +9 -23
- package/src/index.ts +18 -5
- package/src/oauth-access-token.ts +4 -0
- package/src/oauth-authorization-code-grant-token-request.ts +18 -0
- package/src/oauth-authorization-request-jar.ts +16 -0
- package/src/oauth-authorization-request-par.ts +13 -0
- package/src/{oauth-authentication-request-parameters.ts → oauth-authorization-request-parameters.ts} +22 -31
- package/src/oauth-authorization-request-query.ts +15 -0
- package/src/oauth-authorization-request-uri.ts +11 -0
- package/src/oauth-authorization-server-metadata.ts +5 -1
- package/src/oauth-client-credentials-grant-token-request.ts +9 -0
- package/src/oauth-client-credentials.ts +21 -1
- package/src/oauth-client-id-discoverable.ts +29 -26
- package/src/oauth-client-id-loopback.ts +78 -30
- package/src/oauth-client-metadata.ts +2 -1
- package/src/oauth-code-challenge-method.ts +3 -0
- package/src/oauth-introspection-response.ts +23 -0
- package/src/oauth-par-response.ts +1 -0
- package/src/oauth-password-grant-token-request.ts +11 -0
- package/src/oauth-refresh-token-grant-token-request.ts +13 -0
- package/src/oauth-refresh-token.ts +4 -0
- package/src/oauth-request-uri.ts +5 -0
- package/src/oauth-response-type.ts +2 -2
- package/src/oauth-scope.ts +15 -0
- package/src/oauth-token-identification.ts +12 -0
- package/src/oauth-token-request.ts +14 -0
- package/src/oauth-token-response.ts +0 -1
- package/src/util.ts +41 -1
- package/dist/access-token.d.ts +0 -4
- package/dist/access-token.d.ts.map +0 -1
- package/dist/access-token.js +0 -6
- package/dist/access-token.js.map +0 -1
- package/dist/oauth-authentication-request-parameters.d.ts.map +0 -1
- package/dist/oauth-authentication-request-parameters.js.map +0 -1
- package/dist/oauth-client-id-url.d.ts +0 -3
- package/dist/oauth-client-id-url.d.ts.map +0 -1
- package/dist/oauth-client-id-url.js +0 -21
- package/dist/oauth-client-id-url.js.map +0 -1
- package/dist/oauth-client-identification.d.ts +0 -31
- package/dist/oauth-client-identification.d.ts.map +0 -1
- package/dist/oauth-client-identification.js +0 -12
- package/dist/oauth-client-identification.js.map +0 -1
- package/src/access-token.ts +0 -4
- package/src/oauth-client-id-url.ts +0 -25
- package/src/oauth-client-identification.ts +0 -14
@@ -0,0 +1,128 @@
|
|
1
|
+
import { z } from 'zod';
|
2
|
+
export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObject<{
|
3
|
+
client_id: z.ZodString;
|
4
|
+
state: z.ZodOptional<z.ZodString>;
|
5
|
+
redirect_uri: z.ZodOptional<z.ZodString>;
|
6
|
+
scope: z.ZodOptional<z.ZodString>;
|
7
|
+
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
8
|
+
code_challenge: z.ZodOptional<z.ZodString>;
|
9
|
+
code_challenge_method: z.ZodOptional<z.ZodDefault<z.ZodEnum<["S256", "plain"]>>>;
|
10
|
+
dpop_jkt: z.ZodOptional<z.ZodString>;
|
11
|
+
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
12
|
+
nonce: z.ZodOptional<z.ZodString>;
|
13
|
+
max_age: z.ZodOptional<z.ZodNumber>;
|
14
|
+
claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
15
|
+
essential: z.ZodOptional<z.ZodBoolean>;
|
16
|
+
value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
|
17
|
+
values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
|
18
|
+
}, "strip", z.ZodTypeAny, {
|
19
|
+
values?: (string | number | boolean)[] | undefined;
|
20
|
+
value?: string | number | boolean | undefined;
|
21
|
+
essential?: boolean | undefined;
|
22
|
+
}, {
|
23
|
+
values?: (string | number | boolean)[] | undefined;
|
24
|
+
value?: string | number | boolean | undefined;
|
25
|
+
essential?: boolean | undefined;
|
26
|
+
}>]>>>>;
|
27
|
+
login_hint: z.ZodOptional<z.ZodString>;
|
28
|
+
ui_locales: z.ZodOptional<z.ZodString>;
|
29
|
+
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
30
|
+
display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch"]>>;
|
31
|
+
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
32
|
+
authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
33
|
+
type: z.ZodString;
|
34
|
+
locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
35
|
+
actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
36
|
+
datatypes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
37
|
+
identifier: z.ZodOptional<z.ZodString>;
|
38
|
+
privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
39
|
+
}, "strip", z.ZodTypeAny, {
|
40
|
+
type: string;
|
41
|
+
locations?: string[] | undefined;
|
42
|
+
actions?: string[] | undefined;
|
43
|
+
datatypes?: string[] | undefined;
|
44
|
+
identifier?: string | undefined;
|
45
|
+
privileges?: string[] | undefined;
|
46
|
+
}, {
|
47
|
+
type: string;
|
48
|
+
locations?: string[] | undefined;
|
49
|
+
actions?: string[] | undefined;
|
50
|
+
datatypes?: string[] | undefined;
|
51
|
+
identifier?: string | undefined;
|
52
|
+
privileges?: string[] | undefined;
|
53
|
+
}>, "many">>;
|
54
|
+
}, "strip", z.ZodTypeAny, {
|
55
|
+
client_id: string;
|
56
|
+
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
57
|
+
redirect_uri?: string | undefined;
|
58
|
+
scope?: string | undefined;
|
59
|
+
nonce?: string | undefined;
|
60
|
+
state?: string | undefined;
|
61
|
+
code_challenge?: string | undefined;
|
62
|
+
code_challenge_method?: "S256" | "plain" | undefined;
|
63
|
+
dpop_jkt?: string | undefined;
|
64
|
+
response_mode?: "query" | "fragment" | "form_post" | undefined;
|
65
|
+
max_age?: number | undefined;
|
66
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
|
67
|
+
values?: (string | number | boolean)[] | undefined;
|
68
|
+
value?: string | number | boolean | undefined;
|
69
|
+
essential?: boolean | undefined;
|
70
|
+
} | null>>>> | undefined;
|
71
|
+
login_hint?: string | undefined;
|
72
|
+
ui_locales?: string | undefined;
|
73
|
+
id_token_hint?: `${string}.${string}.${string}` | undefined;
|
74
|
+
display?: "page" | "popup" | "touch" | undefined;
|
75
|
+
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
76
|
+
authorization_details?: {
|
77
|
+
type: string;
|
78
|
+
locations?: string[] | undefined;
|
79
|
+
actions?: string[] | undefined;
|
80
|
+
datatypes?: string[] | undefined;
|
81
|
+
identifier?: string | undefined;
|
82
|
+
privileges?: string[] | undefined;
|
83
|
+
}[] | undefined;
|
84
|
+
}, {
|
85
|
+
client_id: string;
|
86
|
+
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
87
|
+
redirect_uri?: string | undefined;
|
88
|
+
scope?: string | undefined;
|
89
|
+
nonce?: string | undefined;
|
90
|
+
state?: string | undefined;
|
91
|
+
code_challenge?: string | undefined;
|
92
|
+
code_challenge_method?: "S256" | "plain" | undefined;
|
93
|
+
dpop_jkt?: string | undefined;
|
94
|
+
response_mode?: "query" | "fragment" | "form_post" | undefined;
|
95
|
+
max_age?: number | undefined;
|
96
|
+
claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
|
97
|
+
values?: (string | number | boolean)[] | undefined;
|
98
|
+
value?: string | number | boolean | undefined;
|
99
|
+
essential?: boolean | undefined;
|
100
|
+
} | null>>>> | undefined;
|
101
|
+
login_hint?: string | undefined;
|
102
|
+
ui_locales?: string | undefined;
|
103
|
+
id_token_hint?: string | undefined;
|
104
|
+
display?: "page" | "popup" | "touch" | undefined;
|
105
|
+
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
106
|
+
authorization_details?: {
|
107
|
+
type: string;
|
108
|
+
locations?: string[] | undefined;
|
109
|
+
actions?: string[] | undefined;
|
110
|
+
datatypes?: string[] | undefined;
|
111
|
+
identifier?: string | undefined;
|
112
|
+
privileges?: string[] | undefined;
|
113
|
+
}[] | undefined;
|
114
|
+
}>, z.ZodObject<{
|
115
|
+
request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
|
116
|
+
}, "strip", z.ZodTypeAny, {
|
117
|
+
request: `${string}.${string}.${string}` | `${string}.${string}`;
|
118
|
+
}, {
|
119
|
+
request: string;
|
120
|
+
}>, z.ZodObject<{
|
121
|
+
request_uri: z.ZodString;
|
122
|
+
}, "strip", z.ZodTypeAny, {
|
123
|
+
request_uri: string;
|
124
|
+
}, {
|
125
|
+
request_uri: string;
|
126
|
+
}>]>;
|
127
|
+
export type OAuthAuthorizationRequestQuery = z.infer<typeof oauthAuthorizationRequestQuerySchema>;
|
128
|
+
//# sourceMappingURL=oauth-authorization-request-query.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-query.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI/C,CAAA;AAEF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,oCAAoC,CAC5C,CAAA"}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.oauthAuthorizationRequestQuerySchema = void 0;
|
4
|
+
const zod_1 = require("zod");
|
5
|
+
const oauth_authorization_request_jar_js_1 = require("./oauth-authorization-request-jar.js");
|
6
|
+
const oauth_authorization_request_parameters_js_1 = require("./oauth-authorization-request-parameters.js");
|
7
|
+
const oauth_authorization_request_uri_js_1 = require("./oauth-authorization-request-uri.js");
|
8
|
+
exports.oauthAuthorizationRequestQuerySchema = zod_1.z.union([
|
9
|
+
oauth_authorization_request_parameters_js_1.oauthAuthorizationRequestParametersSchema,
|
10
|
+
oauth_authorization_request_jar_js_1.oauthAuthorizationRequestJarSchema,
|
11
|
+
oauth_authorization_request_uri_js_1.oauthAuthorizationRequestUriSchema,
|
12
|
+
]);
|
13
|
+
//# sourceMappingURL=oauth-authorization-request-query.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-query.js","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,6FAAyF;AACzF,2GAAuG;AACvG,6FAAyF;AAE5E,QAAA,oCAAoC,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1D,qFAAyC;IACzC,uEAAkC;IAClC,uEAAkC;CACnC,CAAC,CAAA"}
|
@@ -0,0 +1,10 @@
|
|
1
|
+
import { z } from 'zod';
|
2
|
+
export declare const oauthAuthorizationRequestUriSchema: z.ZodObject<{
|
3
|
+
request_uri: z.ZodString;
|
4
|
+
}, "strip", z.ZodTypeAny, {
|
5
|
+
request_uri: string;
|
6
|
+
}, {
|
7
|
+
request_uri: string;
|
8
|
+
}>;
|
9
|
+
export type OAuthAuthorizationRequestUri = z.infer<typeof oauthAuthorizationRequestUriSchema>;
|
10
|
+
//# sourceMappingURL=oauth-authorization-request-uri.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-uri.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,kCAAkC;;;;;;EAE7C,CAAA;AAEF,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,kCAAkC,CAC1C,CAAA"}
|
@@ -0,0 +1,9 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.oauthAuthorizationRequestUriSchema = void 0;
|
4
|
+
const zod_1 = require("zod");
|
5
|
+
const oauth_request_uri_js_1 = require("./oauth-request-uri.js");
|
6
|
+
exports.oauthAuthorizationRequestUriSchema = zod_1.z.object({
|
7
|
+
request_uri: oauth_request_uri_js_1.oauthRequestUriSchema,
|
8
|
+
});
|
9
|
+
//# sourceMappingURL=oauth-authorization-request-uri.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-uri.js","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,iEAA8D;AAEjD,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,WAAW,EAAE,4CAAqB;CACnC,CAAC,CAAA"}
|
@@ -15,7 +15,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
15
15
|
response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
16
16
|
response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
17
17
|
grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
18
|
-
code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.
|
18
|
+
code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<["S256", "plain"]>, "many">>;
|
19
19
|
ui_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
20
20
|
id_token_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
21
21
|
display_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
@@ -55,7 +55,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
55
55
|
response_types_supported?: string[] | undefined;
|
56
56
|
response_modes_supported?: string[] | undefined;
|
57
57
|
grant_types_supported?: string[] | undefined;
|
58
|
-
code_challenge_methods_supported?:
|
58
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
59
59
|
ui_locales_supported?: string[] | undefined;
|
60
60
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
61
61
|
display_values_supported?: string[] | undefined;
|
@@ -92,7 +92,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
92
92
|
response_types_supported?: string[] | undefined;
|
93
93
|
response_modes_supported?: string[] | undefined;
|
94
94
|
grant_types_supported?: string[] | undefined;
|
95
|
-
code_challenge_methods_supported?:
|
95
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
96
96
|
ui_locales_supported?: string[] | undefined;
|
97
97
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
98
98
|
display_values_supported?: string[] | undefined;
|
@@ -128,7 +128,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
128
128
|
response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
129
129
|
response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
130
130
|
grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
131
|
-
code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.
|
131
|
+
code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<["S256", "plain"]>, "many">>;
|
132
132
|
ui_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
133
133
|
id_token_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
134
134
|
display_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
@@ -168,7 +168,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
168
168
|
response_types_supported?: string[] | undefined;
|
169
169
|
response_modes_supported?: string[] | undefined;
|
170
170
|
grant_types_supported?: string[] | undefined;
|
171
|
-
code_challenge_methods_supported?:
|
171
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
172
172
|
ui_locales_supported?: string[] | undefined;
|
173
173
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
174
174
|
display_values_supported?: string[] | undefined;
|
@@ -205,7 +205,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
205
205
|
response_types_supported?: string[] | undefined;
|
206
206
|
response_modes_supported?: string[] | undefined;
|
207
207
|
grant_types_supported?: string[] | undefined;
|
208
|
-
code_challenge_methods_supported?:
|
208
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
209
209
|
ui_locales_supported?: string[] | undefined;
|
210
210
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
211
211
|
display_values_supported?: string[] | undefined;
|
@@ -242,7 +242,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
242
242
|
response_types_supported?: string[] | undefined;
|
243
243
|
response_modes_supported?: string[] | undefined;
|
244
244
|
grant_types_supported?: string[] | undefined;
|
245
|
-
code_challenge_methods_supported?:
|
245
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
246
246
|
ui_locales_supported?: string[] | undefined;
|
247
247
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
248
248
|
display_values_supported?: string[] | undefined;
|
@@ -279,7 +279,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
279
279
|
response_types_supported?: string[] | undefined;
|
280
280
|
response_modes_supported?: string[] | undefined;
|
281
281
|
grant_types_supported?: string[] | undefined;
|
282
|
-
code_challenge_methods_supported?:
|
282
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
283
283
|
ui_locales_supported?: string[] | undefined;
|
284
284
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
285
285
|
display_values_supported?: string[] | undefined;
|
@@ -316,7 +316,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
316
316
|
response_types_supported?: string[] | undefined;
|
317
317
|
response_modes_supported?: string[] | undefined;
|
318
318
|
grant_types_supported?: string[] | undefined;
|
319
|
-
code_challenge_methods_supported?:
|
319
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
320
320
|
ui_locales_supported?: string[] | undefined;
|
321
321
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
322
322
|
display_values_supported?: string[] | undefined;
|
@@ -353,7 +353,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
353
353
|
response_types_supported?: string[] | undefined;
|
354
354
|
response_modes_supported?: string[] | undefined;
|
355
355
|
grant_types_supported?: string[] | undefined;
|
356
|
-
code_challenge_methods_supported?:
|
356
|
+
code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
|
357
357
|
ui_locales_supported?: string[] | undefined;
|
358
358
|
id_token_signing_alg_values_supported?: string[] | undefined;
|
359
359
|
display_values_supported?: string[] | undefined;
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
1
|
+
{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB;;GAEG;AACH,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2DjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBhD,CAAA"}
|
@@ -2,6 +2,7 @@
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
3
|
exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationServerMetadataSchema = void 0;
|
4
4
|
const zod_1 = require("zod");
|
5
|
+
const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
|
5
6
|
const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
|
6
7
|
/**
|
7
8
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
|
@@ -19,7 +20,10 @@ exports.oauthAuthorizationServerMetadataSchema = zod_1.z.object({
|
|
19
20
|
response_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
20
21
|
response_modes_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
21
22
|
grant_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
22
|
-
code_challenge_methods_supported: zod_1.z
|
23
|
+
code_challenge_methods_supported: zod_1.z
|
24
|
+
.array(oauth_code_challenge_method_js_1.oauthCodeChallengeMethodSchema)
|
25
|
+
.min(1)
|
26
|
+
.optional(),
|
23
27
|
ui_locales_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
24
28
|
id_token_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
25
29
|
display_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,6EAA0E;AAE1E;;GAEG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC,
|
1
|
+
{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,qFAAiF;AACjF,6EAA0E;AAE1E;;GAEG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAErC,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,eAAe;IAEzD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,eAAe;IACjD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChD,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnD,qCAAqC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAElE,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC9C,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjD,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAElD,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wFAAwF;IACxF,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEzD,kIAAkI;IAClI,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA"}
|
@@ -0,0 +1,10 @@
|
|
1
|
+
import { z } from 'zod';
|
2
|
+
export declare const oauthClientCredentialsGrantTokenRequestSchema: z.ZodObject<{
|
3
|
+
grant_type: z.ZodLiteral<"client_credentials">;
|
4
|
+
}, "strip", z.ZodTypeAny, {
|
5
|
+
grant_type: "client_credentials";
|
6
|
+
}, {
|
7
|
+
grant_type: "client_credentials";
|
8
|
+
}>;
|
9
|
+
export type OAuthClientCredentialsGrantTokenRequest = z.infer<typeof oauthClientCredentialsGrantTokenRequestSchema>;
|
10
|
+
//# sourceMappingURL=oauth-client-credentials-grant-token-request.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"oauth-client-credentials-grant-token-request.d.ts","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,6CAA6C;;;;;;EAExD,CAAA;AAEF,MAAM,MAAM,uCAAuC,GAAG,CAAC,CAAC,KAAK,CAC3D,OAAO,6CAA6C,CACrD,CAAA"}
|
@@ -0,0 +1,8 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.oauthClientCredentialsGrantTokenRequestSchema = void 0;
|
4
|
+
const zod_1 = require("zod");
|
5
|
+
exports.oauthClientCredentialsGrantTokenRequestSchema = zod_1.z.object({
|
6
|
+
grant_type: zod_1.z.literal('client_credentials'),
|
7
|
+
});
|
8
|
+
//# sourceMappingURL=oauth-client-credentials-grant-token-request.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"oauth-client-credentials-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,6CAA6C,GAAG,OAAC,CAAC,MAAM,CAAC;IACpE,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;CAC5C,CAAC,CAAA"}
|
@@ -9,7 +9,7 @@ export declare const oauthClientCredentialsJwtBearerSchema: z.ZodObject<{
|
|
9
9
|
* - The JWT MAY contain a "jti" (JWT ID) claim that provides a unique identifier for the token.
|
10
10
|
* - Note that the authorization server may reject JWTs with an "exp" claim value that is unreasonably far in the future.
|
11
11
|
*
|
12
|
-
* @see {@link https://datatracker.ietf.org/doc/html/
|
12
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
|
13
13
|
*/
|
14
14
|
client_assertion: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>;
|
15
15
|
}, "strip", z.ZodTypeAny, {
|
@@ -21,6 +21,7 @@ export declare const oauthClientCredentialsJwtBearerSchema: z.ZodObject<{
|
|
21
21
|
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
|
22
22
|
client_assertion: string;
|
23
23
|
}>;
|
24
|
+
export type OAuthClientCredentialsJwtBearer = z.infer<typeof oauthClientCredentialsJwtBearerSchema>;
|
24
25
|
export declare const oauthClientCredentialsSecretPostSchema: z.ZodObject<{
|
25
26
|
client_id: z.ZodString;
|
26
27
|
client_secret: z.ZodString;
|
@@ -31,6 +32,15 @@ export declare const oauthClientCredentialsSecretPostSchema: z.ZodObject<{
|
|
31
32
|
client_id: string;
|
32
33
|
client_secret: string;
|
33
34
|
}>;
|
35
|
+
export type OAuthClientCredentialsSecretPost = z.infer<typeof oauthClientCredentialsSecretPostSchema>;
|
36
|
+
export declare const oauthClientCredentialsNoneSchema: z.ZodObject<{
|
37
|
+
client_id: z.ZodString;
|
38
|
+
}, "strip", z.ZodTypeAny, {
|
39
|
+
client_id: string;
|
40
|
+
}, {
|
41
|
+
client_id: string;
|
42
|
+
}>;
|
43
|
+
export type OAuthClientCredentialsNone = z.infer<typeof oauthClientCredentialsNoneSchema>;
|
34
44
|
export declare const oauthClientCredentialsSchema: z.ZodUnion<[z.ZodObject<{
|
35
45
|
client_id: z.ZodString;
|
36
46
|
client_assertion_type: z.ZodLiteral<"urn:ietf:params:oauth:client-assertion-type:jwt-bearer">;
|
@@ -41,7 +51,7 @@ export declare const oauthClientCredentialsSchema: z.ZodUnion<[z.ZodObject<{
|
|
41
51
|
* - The JWT MAY contain a "jti" (JWT ID) claim that provides a unique identifier for the token.
|
42
52
|
* - Note that the authorization server may reject JWTs with an "exp" claim value that is unreasonably far in the future.
|
43
53
|
*
|
44
|
-
* @see {@link https://datatracker.ietf.org/doc/html/
|
54
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
|
45
55
|
*/
|
46
56
|
client_assertion: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>;
|
47
57
|
}, "strip", z.ZodTypeAny, {
|
@@ -61,6 +71,12 @@ export declare const oauthClientCredentialsSchema: z.ZodUnion<[z.ZodObject<{
|
|
61
71
|
}, {
|
62
72
|
client_id: string;
|
63
73
|
client_secret: string;
|
74
|
+
}>, z.ZodObject<{
|
75
|
+
client_id: z.ZodString;
|
76
|
+
}, "strip", z.ZodTypeAny, {
|
77
|
+
client_id: string;
|
78
|
+
}, {
|
79
|
+
client_id: string;
|
64
80
|
}>]>;
|
65
81
|
export type OAuthClientCredentials = z.infer<typeof oauthClientCredentialsSchema>;
|
66
82
|
//# sourceMappingURL=oauth-client-credentials.d.ts.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-client-credentials.d.ts","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,qCAAqC;;;IAGhD;;;;;;;;OAQG;;;;;;;;;;EAEH,CAAA;AAEF,eAAO,MAAM,sCAAsC;;;;;;;;;EAGjD,CAAA;AAEF,eAAO,MAAM,4BAA4B;;;
|
1
|
+
{"version":3,"file":"oauth-client-credentials.d.ts","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,qCAAqC;;;IAGhD;;;;;;;;OAQG;;;;;;;;;;EAEH,CAAA;AAEF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CACnD,OAAO,qCAAqC,CAC7C,CAAA;AAED,eAAO,MAAM,sCAAsC;;;;;;;;;EAGjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,gCAAgC;;;;;;EAE3C,CAAA;AAEF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAC9C,OAAO,gCAAgC,CACxC,CAAA;AAID,eAAO,MAAM,4BAA4B;;;IAnCvC;;;;;;;;OAQG;;;;;;;;;;;;;;;;;;;;;;;;;IAgCH,CAAA;AAEF,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAA"}
|
@@ -1,6 +1,6 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
-
exports.oauthClientCredentialsSchema = exports.oauthClientCredentialsSecretPostSchema = exports.oauthClientCredentialsJwtBearerSchema = void 0;
|
3
|
+
exports.oauthClientCredentialsSchema = exports.oauthClientCredentialsNoneSchema = exports.oauthClientCredentialsSecretPostSchema = exports.oauthClientCredentialsJwtBearerSchema = void 0;
|
4
4
|
const zod_1 = require("zod");
|
5
5
|
const jwk_1 = require("@atproto/jwk");
|
6
6
|
const oauth_client_id_js_1 = require("./oauth-client-id.js");
|
@@ -15,7 +15,7 @@ exports.oauthClientCredentialsJwtBearerSchema = zod_1.z.object({
|
|
15
15
|
* - The JWT MAY contain a "jti" (JWT ID) claim that provides a unique identifier for the token.
|
16
16
|
* - Note that the authorization server may reject JWTs with an "exp" claim value that is unreasonably far in the future.
|
17
17
|
*
|
18
|
-
* @see {@link https://datatracker.ietf.org/doc/html/
|
18
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
|
19
19
|
*/
|
20
20
|
client_assertion: jwk_1.signedJwtSchema,
|
21
21
|
});
|
@@ -23,8 +23,14 @@ exports.oauthClientCredentialsSecretPostSchema = zod_1.z.object({
|
|
23
23
|
client_id: oauth_client_id_js_1.oauthClientIdSchema,
|
24
24
|
client_secret: zod_1.z.string(),
|
25
25
|
});
|
26
|
+
exports.oauthClientCredentialsNoneSchema = zod_1.z.object({
|
27
|
+
client_id: oauth_client_id_js_1.oauthClientIdSchema,
|
28
|
+
});
|
29
|
+
//
|
26
30
|
exports.oauthClientCredentialsSchema = zod_1.z.union([
|
27
31
|
exports.oauthClientCredentialsJwtBearerSchema,
|
28
32
|
exports.oauthClientCredentialsSecretPostSchema,
|
33
|
+
// Must be last since it is less specific
|
34
|
+
exports.oauthClientCredentialsNoneSchema,
|
29
35
|
]);
|
30
36
|
//# sourceMappingURL=oauth-client-credentials.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAE9C,6DAA0D;AAC1D,iDAAiE;AAEpD,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;
|
1
|
+
{"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAE9C,6DAA0D;AAC1D,iDAAiE;AAEpD,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;AAMW,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,wCAAmB;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAMW,QAAA,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IACvD,SAAS,EAAE,wCAAmB;CAC/B,CAAC,CAAA;AAMF,EAAE;AAEW,QAAA,4BAA4B,GAAG,OAAC,CAAC,KAAK,CAAC;IAClD,6CAAqC;IACrC,8CAAsC;IACtC,yCAAyC;IACzC,wCAAgC;CACjC,CAAC,CAAA"}
|
@@ -3,6 +3,7 @@ import { OAuthClientId } from './oauth-client-id.js';
|
|
3
3
|
* @see {@link https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html}
|
4
4
|
*/
|
5
5
|
export type OAuthClientIdDiscoverable = OAuthClientId & `https://${string}`;
|
6
|
-
export declare function isOAuthClientIdDiscoverable
|
7
|
-
export declare function
|
6
|
+
export declare function isOAuthClientIdDiscoverable(clientId: string): clientId is OAuthClientIdDiscoverable;
|
7
|
+
export declare function assertOAuthDiscoverableClientId(value: string): asserts value is OAuthClientIdDiscoverable;
|
8
|
+
export declare function parseOAuthDiscoverableClientId(clientId: string): URL;
|
8
9
|
//# sourceMappingURL=oauth-client-id-discoverable.d.ts.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAGpD;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG,aAAa,GAAG,WAAW,MAAM,EAAE,CAAA;AAE3E,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,yBAAyB,CAOvC;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,KAAK,IAAI,yBAAyB,CAE5C;AAED,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,CA2CpE"}
|
@@ -1,7 +1,6 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
-
exports.parseOAuthDiscoverableClientId = exports.isOAuthClientIdDiscoverable = void 0;
|
4
|
-
const oauth_client_id_url_js_1 = require("./oauth-client-id-url.js");
|
3
|
+
exports.parseOAuthDiscoverableClientId = exports.assertOAuthDiscoverableClientId = exports.isOAuthClientIdDiscoverable = void 0;
|
5
4
|
const util_js_1 = require("./util.js");
|
6
5
|
function isOAuthClientIdDiscoverable(clientId) {
|
7
6
|
try {
|
@@ -13,34 +12,38 @@ function isOAuthClientIdDiscoverable(clientId) {
|
|
13
12
|
}
|
14
13
|
}
|
15
14
|
exports.isOAuthClientIdDiscoverable = isOAuthClientIdDiscoverable;
|
15
|
+
function assertOAuthDiscoverableClientId(value) {
|
16
|
+
void parseOAuthDiscoverableClientId(value);
|
17
|
+
}
|
18
|
+
exports.assertOAuthDiscoverableClientId = assertOAuthDiscoverableClientId;
|
16
19
|
function parseOAuthDiscoverableClientId(clientId) {
|
17
|
-
const url =
|
18
|
-
// Optimization: cheap checks first
|
19
|
-
if (url.hostname === 'localhost') {
|
20
|
-
throw new TypeError('ClientID must not be a loopback hostname');
|
21
|
-
}
|
20
|
+
const url = new URL(clientId);
|
22
21
|
if (url.protocol !== 'https:') {
|
23
22
|
throw new TypeError('ClientID must use the "https:" protocol');
|
24
23
|
}
|
24
|
+
if (url.username || url.password) {
|
25
|
+
throw new TypeError('ClientID must not contain credentials');
|
26
|
+
}
|
25
27
|
if (url.hash) {
|
26
28
|
throw new TypeError('ClientID must not contain a fragment');
|
27
29
|
}
|
28
|
-
if (url.
|
29
|
-
throw new TypeError('ClientID must not
|
30
|
+
if (url.hostname === 'localhost') {
|
31
|
+
throw new TypeError('ClientID hostname must not be "localhost"');
|
30
32
|
}
|
31
33
|
if (url.pathname === '/') {
|
32
|
-
throw new TypeError('ClientID must contain a path (e.g. "/client-metadata")');
|
34
|
+
throw new TypeError('ClientID must contain a path component (e.g. "/client-metadata.json")');
|
33
35
|
}
|
34
|
-
if (url.pathname
|
35
|
-
throw new TypeError('ClientID must not end with a trailing slash');
|
36
|
+
if (url.pathname.endsWith('/')) {
|
37
|
+
throw new TypeError('ClientID path must not end with a trailing slash');
|
36
38
|
}
|
37
|
-
if (url.
|
38
|
-
throw new TypeError(
|
39
|
+
if ((0, util_js_1.isHostnameIP)(url.hostname)) {
|
40
|
+
throw new TypeError('ClientID hostname must not be an IP address');
|
39
41
|
}
|
40
|
-
//
|
41
|
-
//
|
42
|
-
|
43
|
-
|
42
|
+
// URL constructor normalizes the URL, so we extract the path manually to
|
43
|
+
// avoid normalization, then compare it to the normalized path to ensure
|
44
|
+
// that the URL does not contain path traversal or other unexpected characters
|
45
|
+
if ((0, util_js_1.extractUrlPath)(clientId) !== url.pathname) {
|
46
|
+
throw new TypeError(`ClientID must be in canonical form ("${url.href}", got "${clientId}")`);
|
44
47
|
}
|
45
48
|
return url;
|
46
49
|
}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;
|
1
|
+
{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;AACA,uCAAwD;AAOxD,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,IAAI,CAAC;QACH,8BAA8B,CAAC,QAAQ,CAAC,CAAA;QACxC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AATD,kEASC;AAED,SAAgB,+BAA+B,CAC7C,KAAa;IAEb,KAAK,8BAA8B,CAAC,KAAK,CAAC,CAAA;AAC5C,CAAC;AAJD,0EAIC;AAED,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAA;IAE7B,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAA;IAChE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAClE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CACjB,uEAAuE,CACxE,CAAA;IACH,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,kDAAkD,CAAC,CAAA;IACzE,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,6CAA6C,CAAC,CAAA;IACpE,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,IAAA,wBAAc,EAAC,QAAQ,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,SAAS,CACjB,wCAAwC,GAAG,CAAC,IAAI,WAAW,QAAQ,IAAI,CACxE,CAAA;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AA3CD,wEA2CC"}
|
@@ -1,5 +1,12 @@
|
|
1
1
|
import { OAuthClientId } from './oauth-client-id.js';
|
2
|
-
|
3
|
-
|
4
|
-
export
|
2
|
+
import { OAuthScope } from './oauth-scope.js';
|
3
|
+
declare const OAUTH_CLIENT_ID_LOOPBACK_URL = "http://localhost";
|
4
|
+
export type OAuthClientIdLoopback = OAuthClientId & `${typeof OAUTH_CLIENT_ID_LOOPBACK_URL}${'' | '/'}${'' | `?${string}`}`;
|
5
|
+
export declare function isOAuthClientIdLoopback(clientId: string): clientId is OAuthClientIdLoopback;
|
6
|
+
export declare function assertOAuthLoopbackClientId(clientId: string): asserts clientId is OAuthClientIdLoopback;
|
7
|
+
export declare function parseOAuthLoopbackClientId(clientId: string): {
|
8
|
+
scope?: OAuthScope;
|
9
|
+
redirect_uris?: [string, ...string[]];
|
10
|
+
};
|
11
|
+
export {};
|
5
12
|
//# sourceMappingURL=oauth-client-id-loopback.d.ts.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAA;AAG/D,QAAA,MAAM,4BAA4B,qBAAqB,CAAA;AAEvD,MAAM,MAAM,qBAAqB,GAAG,aAAa,GAC/C,GAAG,OAAO,4BAA4B,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,EAAE,CAAA;AAEzE,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,qBAAqB,CAOnC;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,QAAQ,IAAI,qBAAqB,CAE3C;AAID,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG;IAC5D,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAA;CACtC,CA0EA"}
|