@atproto/oauth-types 0.1.4 → 0.2.0

package/dist/{oauth-authentication-request-parameters.js → oauth-authorization-request-parameters.js}

@@ -1,38 +1,37 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthenticationRequestParametersSchema = void 0;
+exports.oauthAuthorizationRequestParametersSchema = void 0;
 const jwk_1 = require("@atproto/jwk");
 const zod_1 = require("zod");
 const oauth_authorization_details_js_1 = require("./oauth-authorization-details.js");
 const oauth_client_id_js_1 = require("./oauth-client-id.js");
+const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
 const oauth_response_type_js_1 = require("./oauth-response-type.js");
+const oauth_scope_js_1 = require("./oauth-scope.js");
 const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
 const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
 const oidc_entity_type_js_1 = require("./oidc-entity-type.js");
 /**
  * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
  */
-exports.oauthAuthenticationRequestParametersSchema = zod_1.z.object({
+exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
     client_id: oauth_client_id_js_1.oauthClientIdSchema,
     state: zod_1.z.string().optional(),
-    nonce: zod_1.z.string().optional(),
-    dpop_jkt: zod_1.z.string().optional(),
+    redirect_uri: zod_1.z.string().url().optional(),
+    scope: oauth_scope_js_1.oauthScopeSchema.optional(),
     response_type: oauth_response_type_js_1.oauthResponseTypeSchema,
-    // Default depend on response_type
-    response_mode: zod_1.z.enum(['query', 'fragment', 'form_post']).optional(),
     // PKCE
     code_challenge: zod_1.z.string().optional(),
-    code_challenge_method: zod_1.z.enum(['S256', 'plain']).default('S256').optional(),
-    redirect_uri: zod_1.z.string().url().optional(),
-    // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
-    // scope       = scope-token *( SP scope-token )
-    // scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
-    // = Basically most ASCII characters except backslash and double quote
-    scope: zod_1.z
-        .string()
-        .regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
+    code_challenge_method: oauth_code_challenge_method_js_1.oauthCodeChallengeMethodSchema
+        .default('S256')
         .optional(),
+    // DPOP
+    // https://datatracker.ietf.org/doc/html/rfc9449#section-12.3
+    dpop_jkt: zod_1.z.string().optional(),
     // OIDC
+    // Default depend on response_type
+    response_mode: zod_1.z.enum(['query', 'fragment', 'form_post']).optional(),
+    nonce: zod_1.z.string().optional(),
     // Specifies the allowable elapsed time in seconds since the last time the
     // End-User was actively authenticated by the OP. If the elapsed time is
     // greater than this value, the OP MUST attempt to actively re-authenticate
@@ -55,7 +54,7 @@ exports.oauthAuthenticationRequestParametersSchema = zod_1.z.object({
     // Previous ID Token, should be provided when prompt=none is used
     id_token_hint: jwk_1.signedJwtSchema.optional(),
     // Type of UI the AS is displayed on
-    display: zod_1.z.enum(['page', 'popup', 'touch']).optional(),
+    display: zod_1.z.enum(['page', 'popup', 'touch', 'wap']).optional(),
     /**
      * - "none" will only be allowed if the user already allowed the client on the same device
      * - "login" will force the user to login again, unless he very recently logged in
@@ -66,4 +65,4 @@ exports.oauthAuthenticationRequestParametersSchema = zod_1.z.object({
     // https://datatracker.ietf.org/doc/html/rfc9396
     authorization_details: oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema.optional(),
 });
-//# sourceMappingURL=oauth-authentication-request-parameters.js.map
+//# sourceMappingURL=oauth-authorization-request-parameters.js.map

package/dist/oauth-authorization-request-parameters.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,sCAA8C;AAC9C,6BAAuB;AAEvB,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAE5D;;GAEG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACzC,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B;SAClD,OAAO,CAAC,MAAM,CAAC;SACf,QAAQ,EAAE;IAEb,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEpE,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3C,MAAM,EAAE,OAAC;SACN,MAAM,CACL,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,gDAAgD,CAAC,CAAC,cAAc;SACtE,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAA"}

package/dist/oauth-authorization-request-query.d.ts

@@ -0,0 +1,128 @@
+import { z } from 'zod';
+export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObject<{
+    client_id: z.ZodString;
+    state: z.ZodOptional<z.ZodString>;
+    redirect_uri: z.ZodOptional<z.ZodString>;
+    scope: z.ZodOptional<z.ZodString>;
+    response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
+    code_challenge: z.ZodOptional<z.ZodString>;
+    code_challenge_method: z.ZodOptional<z.ZodDefault<z.ZodEnum<["S256", "plain"]>>>;
+    dpop_jkt: z.ZodOptional<z.ZodString>;
+    response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
+    nonce: z.ZodOptional<z.ZodString>;
+    max_age: z.ZodOptional<z.ZodNumber>;
+    claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
+        essential: z.ZodOptional<z.ZodBoolean>;
+        value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
+        values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        values?: (string | number | boolean)[] | undefined;
+        value?: string | number | boolean | undefined;
+        essential?: boolean | undefined;
+    }, {
+        values?: (string | number | boolean)[] | undefined;
+        value?: string | number | boolean | undefined;
+        essential?: boolean | undefined;
+    }>]>>>>;
+    login_hint: z.ZodOptional<z.ZodString>;
+    ui_locales: z.ZodOptional<z.ZodString>;
+    id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
+    display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
+    prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
+    authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        type: z.ZodString;
+        locations: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        datatypes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        identifier: z.ZodOptional<z.ZodString>;
+        privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        locations?: string[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }, {
+        type: string;
+        locations?: string[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+    response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    nonce?: string | undefined;
+    state?: string | undefined;
+    code_challenge?: string | undefined;
+    code_challenge_method?: "S256" | "plain" | undefined;
+    dpop_jkt?: string | undefined;
+    response_mode?: "query" | "fragment" | "form_post" | undefined;
+    max_age?: number | undefined;
+    claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
+        values?: (string | number | boolean)[] | undefined;
+        value?: string | number | boolean | undefined;
+        essential?: boolean | undefined;
+    } | null>>>> | undefined;
+    login_hint?: string | undefined;
+    ui_locales?: string | undefined;
+    id_token_hint?: `${string}.${string}.${string}` | undefined;
+    display?: "page" | "popup" | "touch" | "wap" | undefined;
+    prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+    authorization_details?: {
+        type: string;
+        locations?: string[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }[] | undefined;
+}, {
+    client_id: string;
+    response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    nonce?: string | undefined;
+    state?: string | undefined;
+    code_challenge?: string | undefined;
+    code_challenge_method?: "S256" | "plain" | undefined;
+    dpop_jkt?: string | undefined;
+    response_mode?: "query" | "fragment" | "form_post" | undefined;
+    max_age?: number | undefined;
+    claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
+        values?: (string | number | boolean)[] | undefined;
+        value?: string | number | boolean | undefined;
+        essential?: boolean | undefined;
+    } | null>>>> | undefined;
+    login_hint?: string | undefined;
+    ui_locales?: string | undefined;
+    id_token_hint?: string | undefined;
+    display?: "page" | "popup" | "touch" | "wap" | undefined;
+    prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+    authorization_details?: {
+        type: string;
+        locations?: string[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }[] | undefined;
+}>, z.ZodObject<{
+    request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
+}, "strip", z.ZodTypeAny, {
+    request: `${string}.${string}.${string}` | `${string}.${string}`;
+}, {
+    request: string;
+}>, z.ZodObject<{
+    request_uri: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    request_uri: string;
+}, {
+    request_uri: string;
+}>]>;
+export type OAuthAuthorizationRequestQuery = z.infer<typeof oauthAuthorizationRequestQuerySchema>;
+//# sourceMappingURL=oauth-authorization-request-query.d.ts.map

package/dist/oauth-authorization-request-query.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-authorization-request-query.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAI/C,CAAA;AAEF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,oCAAoC,CAC5C,CAAA"}

package/dist/oauth-authorization-request-query.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthAuthorizationRequestQuerySchema = void 0;
+const zod_1 = require("zod");
+const oauth_authorization_request_jar_js_1 = require("./oauth-authorization-request-jar.js");
+const oauth_authorization_request_parameters_js_1 = require("./oauth-authorization-request-parameters.js");
+const oauth_authorization_request_uri_js_1 = require("./oauth-authorization-request-uri.js");
+exports.oauthAuthorizationRequestQuerySchema = zod_1.z.union([
+    oauth_authorization_request_parameters_js_1.oauthAuthorizationRequestParametersSchema,
+    oauth_authorization_request_jar_js_1.oauthAuthorizationRequestJarSchema,
+    oauth_authorization_request_uri_js_1.oauthAuthorizationRequestUriSchema,
+]);
+//# sourceMappingURL=oauth-authorization-request-query.js.map

package/dist/oauth-authorization-request-query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-authorization-request-query.js","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,6FAAyF;AACzF,2GAAuG;AACvG,6FAAyF;AAE5E,QAAA,oCAAoC,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1D,qFAAyC;IACzC,uEAAkC;IAClC,uEAAkC;CACnC,CAAC,CAAA"}

package/dist/oauth-authorization-request-uri.d.ts

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+export declare const oauthAuthorizationRequestUriSchema: z.ZodObject<{
+    request_uri: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    request_uri: string;
+}, {
+    request_uri: string;
+}>;
+export type OAuthAuthorizationRequestUri = z.infer<typeof oauthAuthorizationRequestUriSchema>;
+//# sourceMappingURL=oauth-authorization-request-uri.d.ts.map

package/dist/oauth-authorization-request-uri.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-authorization-request-uri.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,kCAAkC;;;;;;EAE7C,CAAA;AAEF,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,kCAAkC,CAC1C,CAAA"}

package/dist/oauth-authorization-request-uri.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthAuthorizationRequestUriSchema = void 0;
+const zod_1 = require("zod");
+const oauth_request_uri_js_1 = require("./oauth-request-uri.js");
+exports.oauthAuthorizationRequestUriSchema = zod_1.z.object({
+    request_uri: oauth_request_uri_js_1.oauthRequestUriSchema,
+});
+//# sourceMappingURL=oauth-authorization-request-uri.js.map

package/dist/oauth-authorization-request-uri.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-authorization-request-uri.js","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,iEAA8D;AAEjD,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,WAAW,EAAE,4CAAqB;CACnC,CAAC,CAAA"}

package/dist/oauth-authorization-server-metadata.d.ts

@@ -3,7 +3,7 @@ import { z } from 'zod';
  * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
  */
 export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
-    issuer: z.ZodEffects<z.ZodString, string, string>;
+    issuer: z.ZodEffects<z.ZodString, `http://${string}` | `https://${string}`, string>;
     claims_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     claims_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     claims_parameter_supported: z.ZodOptional<z.ZodBoolean>;
@@ -15,7 +15,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
     response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<["S256", "plain"]>, "many">>;
     ui_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     id_token_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     display_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -40,7 +40,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
     protected_resources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     client_id_metadata_document_supported: z.ZodOptional<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
-    issuer: string;
+    issuer: `http://${string}` | `https://${string}`;
     authorization_endpoint: string;
     token_endpoint: string;
     jwks_uri?: string | undefined;
@@ -55,7 +55,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -92,7 +92,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -116,7 +116,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
 }>;
 export type OAuthAuthorizationServerMetadata = z.infer<typeof oauthAuthorizationServerMetadataSchema>;
 export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.ZodEffects<z.ZodObject<{
-    issuer: z.ZodEffects<z.ZodString, string, string>;
+    issuer: z.ZodEffects<z.ZodString, `http://${string}` | `https://${string}`, string>;
     claims_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     claims_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     claims_parameter_supported: z.ZodOptional<z.ZodBoolean>;
@@ -128,7 +128,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<["S256", "plain"]>, "many">>;
     ui_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     id_token_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     display_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -153,7 +153,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     protected_resources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     client_id_metadata_document_supported: z.ZodOptional<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
-    issuer: string;
+    issuer: `http://${string}` | `https://${string}`;
     authorization_endpoint: string;
     token_endpoint: string;
     jwks_uri?: string | undefined;
@@ -168,7 +168,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -205,7 +205,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -227,7 +227,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     protected_resources?: string[] | undefined;
     client_id_metadata_document_supported?: boolean | undefined;
 }>, {
-    issuer: string;
+    issuer: `http://${string}` | `https://${string}`;
     authorization_endpoint: string;
     token_endpoint: string;
     jwks_uri?: string | undefined;
@@ -242,7 +242,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -279,7 +279,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -301,7 +301,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     protected_resources?: string[] | undefined;
     client_id_metadata_document_supported?: boolean | undefined;
 }>, {
-    issuer: string;
+    issuer: `http://${string}` | `https://${string}`;
     authorization_endpoint: string;
     token_endpoint: string;
     jwks_uri?: string | undefined;
@@ -316,7 +316,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;
@@ -353,7 +353,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
     response_types_supported?: string[] | undefined;
     response_modes_supported?: string[] | undefined;
     grant_types_supported?: string[] | undefined;
-    code_challenge_methods_supported?: string[] | undefined;
+    code_challenge_methods_supported?: ("S256" | "plain")[] | undefined;
     ui_locales_supported?: string[] | undefined;
     id_token_signing_alg_values_supported?: string[] | undefined;
     display_values_supported?: string[] | undefined;

package/dist/oauth-authorization-server-metadata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB;;GAEG;AACH,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwDjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBhD,CAAA"}
+{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB;;GAEG;AACH,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2DjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBhD,CAAA"}

package/dist/oauth-authorization-server-metadata.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationServerMetadataSchema = void 0;
 const zod_1 = require("zod");
+const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
 const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
@@ -19,7 +20,10 @@ exports.oauthAuthorizationServerMetadataSchema = zod_1.z.object({
     response_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
     response_modes_supported: zod_1.z.array(zod_1.z.string()).optional(),
     grant_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    code_challenge_methods_supported: zod_1.z.array(zod_1.z.string()).min(1).optional(),
+    code_challenge_methods_supported: zod_1.z
+        .array(oauth_code_challenge_method_js_1.oauthCodeChallengeMethodSchema)
+        .min(1)
+        .optional(),
     ui_locales_supported: zod_1.z.array(zod_1.z.string()).optional(),
     id_token_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
     display_values_supported: zod_1.z.array(zod_1.z.string()).optional(),

package/dist/oauth-authorization-server-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,6EAA0E;AAE1E;;GAEG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAErC,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,eAAe;IAEzD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,eAAe;IACjD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChD,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnD,qCAAqC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAElE,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC9C,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjD,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAElD,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wFAAwF;IACxF,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEzD,kIAAkI;IAClI,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA"}
+{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,qFAAiF;AACjF,6EAA0E;AAE1E;;GAEG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAErC,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,eAAe;IAEzD,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,eAAe;IACjD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChD,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnD,qCAAqC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAElE,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC9C,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjD,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAElD,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wFAAwF;IACxF,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEzD,kIAAkI;IAClI,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA"}

package/dist/oauth-client-credentials-grant-token-request.d.ts

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+export declare const oauthClientCredentialsGrantTokenRequestSchema: z.ZodObject<{
+    grant_type: z.ZodLiteral<"client_credentials">;
+}, "strip", z.ZodTypeAny, {
+    grant_type: "client_credentials";
+}, {
+    grant_type: "client_credentials";
+}>;
+export type OAuthClientCredentialsGrantTokenRequest = z.infer<typeof oauthClientCredentialsGrantTokenRequestSchema>;
+//# sourceMappingURL=oauth-client-credentials-grant-token-request.d.ts.map

package/dist/oauth-client-credentials-grant-token-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-credentials-grant-token-request.d.ts","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,6CAA6C;;;;;;EAExD,CAAA;AAEF,MAAM,MAAM,uCAAuC,GAAG,CAAC,CAAC,KAAK,CAC3D,OAAO,6CAA6C,CACrD,CAAA"}

package/dist/oauth-client-credentials-grant-token-request.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthClientCredentialsGrantTokenRequestSchema = void 0;
+const zod_1 = require("zod");
+exports.oauthClientCredentialsGrantTokenRequestSchema = zod_1.z.object({
+    grant_type: zod_1.z.literal('client_credentials'),
+});
+//# sourceMappingURL=oauth-client-credentials-grant-token-request.js.map

package/dist/oauth-client-credentials-grant-token-request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client-credentials-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,6CAA6C,GAAG,OAAC,CAAC,MAAM,CAAC;IACpE,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;CAC5C,CAAC,CAAA"}

package/dist/oauth-client-credentials.d.ts

@@ -9,7 +9,7 @@ export declare const oauthClientCredentialsJwtBearerSchema: z.ZodObject<{
      * - The JWT MAY contain a "jti" (JWT ID) claim that provides a unique identifier for the token.
      * - Note that the authorization server may reject JWTs with an "exp" claim value that is unreasonably far in the future.
      *
-     * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bearer-11#section-3}
+     * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
      */
     client_assertion: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>;
 }, "strip", z.ZodTypeAny, {
@@ -21,6 +21,7 @@ export declare const oauthClientCredentialsJwtBearerSchema: z.ZodObject<{
     client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
     client_assertion: string;
 }>;
+export type OAuthClientCredentialsJwtBearer = z.infer<typeof oauthClientCredentialsJwtBearerSchema>;
 export declare const oauthClientCredentialsSecretPostSchema: z.ZodObject<{
     client_id: z.ZodString;
     client_secret: z.ZodString;
@@ -31,6 +32,15 @@ export declare const oauthClientCredentialsSecretPostSchema: z.ZodObject<{
     client_id: string;
     client_secret: string;
 }>;
+export type OAuthClientCredentialsSecretPost = z.infer<typeof oauthClientCredentialsSecretPostSchema>;
+export declare const oauthClientCredentialsNoneSchema: z.ZodObject<{
+    client_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+}, {
+    client_id: string;
+}>;
+export type OAuthClientCredentialsNone = z.infer<typeof oauthClientCredentialsNoneSchema>;
 export declare const oauthClientCredentialsSchema: z.ZodUnion<[z.ZodObject<{
     client_id: z.ZodString;
     client_assertion_type: z.ZodLiteral<"urn:ietf:params:oauth:client-assertion-type:jwt-bearer">;
@@ -41,7 +51,7 @@ export declare const oauthClientCredentialsSchema: z.ZodUnion<[z.ZodObject<{
      * - The JWT MAY contain a "jti" (JWT ID) claim that provides a unique identifier for the token.
      * - Note that the authorization server may reject JWTs with an "exp" claim value that is unreasonably far in the future.
      *
-     * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bearer-11#section-3}
+     * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
      */
     client_assertion: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>;
 }, "strip", z.ZodTypeAny, {
@@ -61,6 +71,12 @@ export declare const oauthClientCredentialsSchema: z.ZodUnion<[z.ZodObject<{
 }, {
     client_id: string;
     client_secret: string;
+}>, z.ZodObject<{
+    client_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+}, {
+    client_id: string;
 }>]>;
 export type OAuthClientCredentials = z.infer<typeof oauthClientCredentialsSchema>;
 //# sourceMappingURL=oauth-client-credentials.d.ts.map

package/dist/oauth-client-credentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-credentials.d.ts","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,qCAAqC;;;IAGhD;;;;;;;;OAQG;;;;;;;;;;EAEH,CAAA;AAEF,eAAO,MAAM,sCAAsC;;;;;;;;;EAGjD,CAAA;AAEF,eAAO,MAAM,4BAA4B;;;IAjBvC;;;;;;;;OAQG;;;;;;;;;;;;;;;;;;;IAYH,CAAA;AAEF,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAA"}
+{"version":3,"file":"oauth-client-credentials.d.ts","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,qCAAqC;;;IAGhD;;;;;;;;OAQG;;;;;;;;;;EAEH,CAAA;AAEF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CACnD,OAAO,qCAAqC,CAC7C,CAAA;AAED,eAAO,MAAM,sCAAsC;;;;;;;;;EAGjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,gCAAgC;;;;;;EAE3C,CAAA;AAEF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAC9C,OAAO,gCAAgC,CACxC,CAAA;AAID,eAAO,MAAM,4BAA4B;;;IAnCvC;;;;;;;;OAQG;;;;;;;;;;;;;;;;;;;;;;;;;IAgCH,CAAA;AAEF,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAA"}

package/dist/oauth-client-credentials.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthClientCredentialsSchema = exports.oauthClientCredentialsSecretPostSchema = exports.oauthClientCredentialsJwtBearerSchema = void 0;
+exports.oauthClientCredentialsSchema = exports.oauthClientCredentialsNoneSchema = exports.oauthClientCredentialsSecretPostSchema = exports.oauthClientCredentialsJwtBearerSchema = void 0;
 const zod_1 = require("zod");
 const jwk_1 = require("@atproto/jwk");
 const oauth_client_id_js_1 = require("./oauth-client-id.js");
@@ -15,7 +15,7 @@ exports.oauthClientCredentialsJwtBearerSchema = zod_1.z.object({
      * - The JWT MAY contain a "jti" (JWT ID) claim that provides a unique identifier for the token.
      * - Note that the authorization server may reject JWTs with an "exp" claim value that is unreasonably far in the future.
      *
-     * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bearer-11#section-3}
+     * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
      */
     client_assertion: jwk_1.signedJwtSchema,
 });
@@ -23,8 +23,14 @@ exports.oauthClientCredentialsSecretPostSchema = zod_1.z.object({
     client_id: oauth_client_id_js_1.oauthClientIdSchema,
     client_secret: zod_1.z.string(),
 });
+exports.oauthClientCredentialsNoneSchema = zod_1.z.object({
+    client_id: oauth_client_id_js_1.oauthClientIdSchema,
+});
+//
 exports.oauthClientCredentialsSchema = zod_1.z.union([
     exports.oauthClientCredentialsJwtBearerSchema,
     exports.oauthClientCredentialsSecretPostSchema,
+    // Must be last since it is less specific
+    exports.oauthClientCredentialsNoneSchema,
 ]);
 //# sourceMappingURL=oauth-client-credentials.js.map

package/dist/oauth-client-credentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAE9C,6DAA0D;AAC1D,iDAAiE;AAEpD,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;AAEW,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,wCAAmB;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAEW,QAAA,4BAA4B,GAAG,OAAC,CAAC,KAAK,CAAC;IAClD,6CAAqC;IACrC,8CAAsC;CACvC,CAAC,CAAA"}
+{"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAE9C,6DAA0D;AAC1D,iDAAiE;AAEpD,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;AAMW,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,wCAAmB;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAMW,QAAA,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IACvD,SAAS,EAAE,wCAAmB;CAC/B,CAAC,CAAA;AAMF,EAAE;AAEW,QAAA,4BAA4B,GAAG,OAAC,CAAC,KAAK,CAAC;IAClD,6CAAqC;IACrC,8CAAsC;IACtC,yCAAyC;IACzC,wCAAgC;CACjC,CAAC,CAAA"}

package/dist/oauth-client-id-discoverable.d.ts

@@ -3,6 +3,7 @@ import { OAuthClientId } from './oauth-client-id.js';
  * @see {@link https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html}
  */
 export type OAuthClientIdDiscoverable = OAuthClientId & `https://${string}`;
-export declare function isOAuthClientIdDiscoverable<C extends OAuthClientId>(clientId: C): clientId is C & OAuthClientIdDiscoverable;
-export declare function parseOAuthDiscoverableClientId(clientId: OAuthClientId): URL;
+export declare function isOAuthClientIdDiscoverable(clientId: string): clientId is OAuthClientIdDiscoverable;
+export declare function assertOAuthDiscoverableClientId(value: string): asserts value is OAuthClientIdDiscoverable;
+export declare function parseOAuthDiscoverableClientId(clientId: string): URL;
 //# sourceMappingURL=oauth-client-id-discoverable.d.ts.map

package/dist/oauth-client-id-discoverable.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAGpD;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG,aAAa,GAAG,WAAW,MAAM,EAAE,CAAA;AAE3E,wBAAgB,2BAA2B,CAAC,CAAC,SAAS,aAAa,EACjE,QAAQ,EAAE,CAAC,GACV,QAAQ,IAAI,CAAC,GAAG,yBAAyB,CAO3C;AAED,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,aAAa,GAAG,GAAG,CA6C3E"}
+{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAGpD;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG,aAAa,GAAG,WAAW,MAAM,EAAE,CAAA;AAE3E,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,yBAAyB,CAOvC;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,KAAK,IAAI,yBAAyB,CAE5C;AAED,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,CA2CpE"}