@atproto/oauth-types 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/dist/atproto-loopback-client-metadata.d.ts +4 -1
- package/dist/atproto-loopback-client-metadata.d.ts.map +1 -1
- package/dist/atproto-loopback-client-metadata.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/oauth-authorization-code-grant-token-request.d.ts +2 -2
- package/dist/oauth-authorization-code-grant-token-request.d.ts.map +1 -1
- package/dist/oauth-authorization-code-grant-token-request.js +2 -1
- package/dist/oauth-authorization-code-grant-token-request.js.map +1 -1
- package/dist/oauth-authorization-details.d.ts +42 -4
- package/dist/oauth-authorization-details.d.ts.map +1 -1
- package/dist/oauth-authorization-details.js +21 -1
- package/dist/oauth-authorization-details.js.map +1 -1
- package/dist/oauth-authorization-request-jar.d.ts +1 -1
- package/dist/oauth-authorization-request-par.d.ts +8 -8
- package/dist/oauth-authorization-request-parameters.d.ts +7 -7
- package/dist/oauth-authorization-request-parameters.d.ts.map +1 -1
- package/dist/oauth-authorization-request-parameters.js +2 -1
- package/dist/oauth-authorization-request-parameters.js.map +1 -1
- package/dist/oauth-authorization-request-query.d.ts +8 -8
- package/dist/oauth-authorization-server-metadata.d.ts +69 -66
- package/dist/oauth-authorization-server-metadata.d.ts.map +1 -1
- package/dist/oauth-authorization-server-metadata.js +14 -10
- package/dist/oauth-authorization-server-metadata.js.map +1 -1
- package/dist/oauth-client-id-discoverable.d.ts +3 -2
- package/dist/oauth-client-id-discoverable.d.ts.map +1 -1
- package/dist/oauth-client-id-discoverable.js +52 -28
- package/dist/oauth-client-id-discoverable.js.map +1 -1
- package/dist/oauth-client-id-loopback.d.ts +5 -5
- package/dist/oauth-client-id-loopback.d.ts.map +1 -1
- package/dist/oauth-client-id-loopback.js +29 -27
- package/dist/oauth-client-id-loopback.js.map +1 -1
- package/dist/oauth-client-metadata.d.ts +22 -12
- package/dist/oauth-client-metadata.d.ts.map +1 -1
- package/dist/oauth-client-metadata.js +18 -8
- package/dist/oauth-client-metadata.js.map +1 -1
- package/dist/oauth-issuer-identifier.d.ts +1 -1
- package/dist/oauth-issuer-identifier.d.ts.map +1 -1
- package/dist/oauth-issuer-identifier.js +3 -19
- package/dist/oauth-issuer-identifier.js.map +1 -1
- package/dist/oauth-protected-resource-metadata.d.ts +15 -12
- package/dist/oauth-protected-resource-metadata.d.ts.map +1 -1
- package/dist/oauth-protected-resource-metadata.js +15 -5
- package/dist/oauth-protected-resource-metadata.js.map +1 -1
- package/dist/oauth-redirect-uri.d.ts +10 -0
- package/dist/oauth-redirect-uri.d.ts.map +1 -0
- package/dist/oauth-redirect-uri.js +35 -0
- package/dist/oauth-redirect-uri.js.map +1 -0
- package/dist/oauth-token-request.d.ts +2 -2
- package/dist/oauth-token-response.d.ts +6 -6
- package/dist/uri.d.ts +20 -0
- package/dist/uri.d.ts.map +1 -0
- package/dist/uri.js +127 -0
- package/dist/uri.js.map +1 -0
- package/package.json +2 -2
- package/src/atproto-loopback-client-metadata.ts +8 -3
- package/src/index.ts +2 -0
- package/src/oauth-authorization-code-grant-token-request.ts +2 -1
- package/src/oauth-authorization-details.ts +21 -1
- package/src/oauth-authorization-request-parameters.ts +2 -1
- package/src/oauth-authorization-server-metadata.ts +14 -10
- package/src/oauth-client-id-discoverable.ts +69 -51
- package/src/oauth-client-id-loopback.ts +40 -40
- package/src/oauth-client-metadata.ts +18 -8
- package/src/oauth-issuer-identifier.ts +6 -21
- package/src/oauth-protected-resource-metadata.ts +15 -5
- package/src/oauth-redirect-uri.ts +56 -0
- package/src/uri.ts +171 -0
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
/**
|
|
3
3
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
|
|
4
|
+
* @note we do not enforce https: scheme in URIs to support development
|
|
5
|
+
* environments. Make sure to validate the URIs before using it in a production
|
|
6
|
+
* environment.
|
|
4
7
|
*/
|
|
5
8
|
export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
6
|
-
issuer: z.ZodEffects<z.ZodString, `http://${string}` | `https://${string}`, string>;
|
|
9
|
+
issuer: z.ZodEffects<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>;
|
|
7
10
|
claims_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
8
11
|
claims_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
9
12
|
claims_parameter_supported: z.ZodOptional<z.ZodBoolean>;
|
|
@@ -24,26 +27,26 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
|
24
27
|
authorization_details_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
25
28
|
request_object_encryption_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
26
29
|
request_object_encryption_enc_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
27
|
-
jwks_uri: z.ZodOptional<z.ZodString
|
|
28
|
-
authorization_endpoint: z.ZodString
|
|
29
|
-
token_endpoint: z.ZodString
|
|
30
|
+
jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
31
|
+
authorization_endpoint: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>;
|
|
32
|
+
token_endpoint: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>;
|
|
30
33
|
token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
31
34
|
token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
32
|
-
revocation_endpoint: z.ZodOptional<z.ZodString
|
|
33
|
-
introspection_endpoint: z.ZodOptional<z.ZodString
|
|
34
|
-
pushed_authorization_request_endpoint: z.ZodOptional<z.ZodString
|
|
35
|
+
revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
36
|
+
introspection_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
37
|
+
pushed_authorization_request_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
35
38
|
require_pushed_authorization_requests: z.ZodOptional<z.ZodBoolean>;
|
|
36
|
-
userinfo_endpoint: z.ZodOptional<z.ZodString
|
|
37
|
-
end_session_endpoint: z.ZodOptional<z.ZodString
|
|
38
|
-
registration_endpoint: z.ZodOptional<z.ZodString
|
|
39
|
+
userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
40
|
+
end_session_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
41
|
+
registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
39
42
|
dpop_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
40
|
-
protected_resources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
43
|
+
protected_resources: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>, "many">>;
|
|
41
44
|
client_id_metadata_document_supported: z.ZodOptional<z.ZodBoolean>;
|
|
42
45
|
}, "strip", z.ZodTypeAny, {
|
|
43
|
-
issuer: `http
|
|
44
|
-
authorization_endpoint: string
|
|
45
|
-
token_endpoint: string
|
|
46
|
-
jwks_uri?: string | undefined;
|
|
46
|
+
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
47
|
+
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
48
|
+
token_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
49
|
+
jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
47
50
|
claims_supported?: string[] | undefined;
|
|
48
51
|
claims_locales_supported?: string[] | undefined;
|
|
49
52
|
claims_parameter_supported?: boolean | undefined;
|
|
@@ -66,15 +69,15 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
|
66
69
|
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
67
70
|
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
68
71
|
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
69
|
-
revocation_endpoint?: string | undefined;
|
|
70
|
-
introspection_endpoint?: string | undefined;
|
|
71
|
-
pushed_authorization_request_endpoint?: string | undefined;
|
|
72
|
+
revocation_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
73
|
+
introspection_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
74
|
+
pushed_authorization_request_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
72
75
|
require_pushed_authorization_requests?: boolean | undefined;
|
|
73
|
-
userinfo_endpoint?: string | undefined;
|
|
74
|
-
end_session_endpoint?: string | undefined;
|
|
75
|
-
registration_endpoint?: string | undefined;
|
|
76
|
+
userinfo_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
77
|
+
end_session_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
78
|
+
registration_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
76
79
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
77
|
-
protected_resources?: string[] | undefined;
|
|
80
|
+
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
78
81
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
79
82
|
}, {
|
|
80
83
|
issuer: string;
|
|
@@ -116,7 +119,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
|
116
119
|
}>;
|
|
117
120
|
export type OAuthAuthorizationServerMetadata = z.infer<typeof oauthAuthorizationServerMetadataSchema>;
|
|
118
121
|
export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.ZodEffects<z.ZodObject<{
|
|
119
|
-
issuer: z.ZodEffects<z.ZodString, `http://${string}` | `https://${string}`, string>;
|
|
122
|
+
issuer: z.ZodEffects<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>;
|
|
120
123
|
claims_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
121
124
|
claims_locales_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
122
125
|
claims_parameter_supported: z.ZodOptional<z.ZodBoolean>;
|
|
@@ -137,26 +140,26 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
137
140
|
authorization_details_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
138
141
|
request_object_encryption_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
139
142
|
request_object_encryption_enc_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
140
|
-
jwks_uri: z.ZodOptional<z.ZodString
|
|
141
|
-
authorization_endpoint: z.ZodString
|
|
142
|
-
token_endpoint: z.ZodString
|
|
143
|
+
jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
144
|
+
authorization_endpoint: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>;
|
|
145
|
+
token_endpoint: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>;
|
|
143
146
|
token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
144
147
|
token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
145
|
-
revocation_endpoint: z.ZodOptional<z.ZodString
|
|
146
|
-
introspection_endpoint: z.ZodOptional<z.ZodString
|
|
147
|
-
pushed_authorization_request_endpoint: z.ZodOptional<z.ZodString
|
|
148
|
+
revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
149
|
+
introspection_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
150
|
+
pushed_authorization_request_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
148
151
|
require_pushed_authorization_requests: z.ZodOptional<z.ZodBoolean>;
|
|
149
|
-
userinfo_endpoint: z.ZodOptional<z.ZodString
|
|
150
|
-
end_session_endpoint: z.ZodOptional<z.ZodString
|
|
151
|
-
registration_endpoint: z.ZodOptional<z.ZodString
|
|
152
|
+
userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
153
|
+
end_session_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
154
|
+
registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>>;
|
|
152
155
|
dpop_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
153
|
-
protected_resources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
156
|
+
protected_resources: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>, "many">>;
|
|
154
157
|
client_id_metadata_document_supported: z.ZodOptional<z.ZodBoolean>;
|
|
155
158
|
}, "strip", z.ZodTypeAny, {
|
|
156
|
-
issuer: `http
|
|
157
|
-
authorization_endpoint: string
|
|
158
|
-
token_endpoint: string
|
|
159
|
-
jwks_uri?: string | undefined;
|
|
159
|
+
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
160
|
+
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
161
|
+
token_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
162
|
+
jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
160
163
|
claims_supported?: string[] | undefined;
|
|
161
164
|
claims_locales_supported?: string[] | undefined;
|
|
162
165
|
claims_parameter_supported?: boolean | undefined;
|
|
@@ -179,15 +182,15 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
179
182
|
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
180
183
|
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
181
184
|
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
182
|
-
revocation_endpoint?: string | undefined;
|
|
183
|
-
introspection_endpoint?: string | undefined;
|
|
184
|
-
pushed_authorization_request_endpoint?: string | undefined;
|
|
185
|
+
revocation_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
186
|
+
introspection_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
187
|
+
pushed_authorization_request_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
185
188
|
require_pushed_authorization_requests?: boolean | undefined;
|
|
186
|
-
userinfo_endpoint?: string | undefined;
|
|
187
|
-
end_session_endpoint?: string | undefined;
|
|
188
|
-
registration_endpoint?: string | undefined;
|
|
189
|
+
userinfo_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
190
|
+
end_session_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
191
|
+
registration_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
189
192
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
190
|
-
protected_resources?: string[] | undefined;
|
|
193
|
+
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
191
194
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
192
195
|
}, {
|
|
193
196
|
issuer: string;
|
|
@@ -227,10 +230,10 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
227
230
|
protected_resources?: string[] | undefined;
|
|
228
231
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
229
232
|
}>, {
|
|
230
|
-
issuer: `http
|
|
231
|
-
authorization_endpoint: string
|
|
232
|
-
token_endpoint: string
|
|
233
|
-
jwks_uri?: string | undefined;
|
|
233
|
+
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
234
|
+
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
235
|
+
token_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
236
|
+
jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
234
237
|
claims_supported?: string[] | undefined;
|
|
235
238
|
claims_locales_supported?: string[] | undefined;
|
|
236
239
|
claims_parameter_supported?: boolean | undefined;
|
|
@@ -253,15 +256,15 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
253
256
|
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
254
257
|
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
255
258
|
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
256
|
-
revocation_endpoint?: string | undefined;
|
|
257
|
-
introspection_endpoint?: string | undefined;
|
|
258
|
-
pushed_authorization_request_endpoint?: string | undefined;
|
|
259
|
+
revocation_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
260
|
+
introspection_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
261
|
+
pushed_authorization_request_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
259
262
|
require_pushed_authorization_requests?: boolean | undefined;
|
|
260
|
-
userinfo_endpoint?: string | undefined;
|
|
261
|
-
end_session_endpoint?: string | undefined;
|
|
262
|
-
registration_endpoint?: string | undefined;
|
|
263
|
+
userinfo_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
264
|
+
end_session_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
265
|
+
registration_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
263
266
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
264
|
-
protected_resources?: string[] | undefined;
|
|
267
|
+
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
265
268
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
266
269
|
}, {
|
|
267
270
|
issuer: string;
|
|
@@ -301,10 +304,10 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
301
304
|
protected_resources?: string[] | undefined;
|
|
302
305
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
303
306
|
}>, {
|
|
304
|
-
issuer: `http
|
|
305
|
-
authorization_endpoint: string
|
|
306
|
-
token_endpoint: string
|
|
307
|
-
jwks_uri?: string | undefined;
|
|
307
|
+
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
308
|
+
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
309
|
+
token_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
310
|
+
jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
308
311
|
claims_supported?: string[] | undefined;
|
|
309
312
|
claims_locales_supported?: string[] | undefined;
|
|
310
313
|
claims_parameter_supported?: boolean | undefined;
|
|
@@ -327,15 +330,15 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
327
330
|
request_object_encryption_enc_values_supported?: string[] | undefined;
|
|
328
331
|
token_endpoint_auth_methods_supported?: string[] | undefined;
|
|
329
332
|
token_endpoint_auth_signing_alg_values_supported?: string[] | undefined;
|
|
330
|
-
revocation_endpoint?: string | undefined;
|
|
331
|
-
introspection_endpoint?: string | undefined;
|
|
332
|
-
pushed_authorization_request_endpoint?: string | undefined;
|
|
333
|
+
revocation_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
334
|
+
introspection_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
335
|
+
pushed_authorization_request_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
333
336
|
require_pushed_authorization_requests?: boolean | undefined;
|
|
334
|
-
userinfo_endpoint?: string | undefined;
|
|
335
|
-
end_session_endpoint?: string | undefined;
|
|
336
|
-
registration_endpoint?: string | undefined;
|
|
337
|
+
userinfo_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
338
|
+
end_session_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
339
|
+
registration_endpoint?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined;
|
|
337
340
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
338
|
-
protected_resources?: string[] | undefined;
|
|
341
|
+
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
339
342
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
340
343
|
}, {
|
|
341
344
|
issuer: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB;;;;;GAKG;AACH,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2DjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBhD,CAAA"}
|
|
@@ -4,8 +4,12 @@ exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationSe
|
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
|
|
6
6
|
const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
|
|
7
|
+
const uri_js_1 = require("./uri.js");
|
|
7
8
|
/**
|
|
8
9
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
|
|
10
|
+
* @note we do not enforce https: scheme in URIs to support development
|
|
11
|
+
* environments. Make sure to validate the URIs before using it in a production
|
|
12
|
+
* environment.
|
|
9
13
|
*/
|
|
10
14
|
exports.oauthAuthorizationServerMetadataSchema = zod_1.z.object({
|
|
11
15
|
issuer: oauth_issuer_identifier_js_1.oauthIssuerIdentifierSchema,
|
|
@@ -36,24 +40,24 @@ exports.oauthAuthorizationServerMetadataSchema = zod_1.z.object({
|
|
|
36
40
|
request_object_encryption_enc_values_supported: zod_1.z
|
|
37
41
|
.array(zod_1.z.string())
|
|
38
42
|
.optional(),
|
|
39
|
-
jwks_uri:
|
|
40
|
-
authorization_endpoint:
|
|
41
|
-
token_endpoint:
|
|
43
|
+
jwks_uri: uri_js_1.webUriSchema.optional(),
|
|
44
|
+
authorization_endpoint: uri_js_1.webUriSchema, // .optional(),
|
|
45
|
+
token_endpoint: uri_js_1.webUriSchema, // .optional(),
|
|
42
46
|
token_endpoint_auth_methods_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
|
43
47
|
token_endpoint_auth_signing_alg_values_supported: zod_1.z
|
|
44
48
|
.array(zod_1.z.string())
|
|
45
49
|
.optional(),
|
|
46
|
-
revocation_endpoint:
|
|
47
|
-
introspection_endpoint:
|
|
48
|
-
pushed_authorization_request_endpoint:
|
|
50
|
+
revocation_endpoint: uri_js_1.webUriSchema.optional(),
|
|
51
|
+
introspection_endpoint: uri_js_1.webUriSchema.optional(),
|
|
52
|
+
pushed_authorization_request_endpoint: uri_js_1.webUriSchema.optional(),
|
|
49
53
|
require_pushed_authorization_requests: zod_1.z.boolean().optional(),
|
|
50
|
-
userinfo_endpoint:
|
|
51
|
-
end_session_endpoint:
|
|
52
|
-
registration_endpoint:
|
|
54
|
+
userinfo_endpoint: uri_js_1.webUriSchema.optional(),
|
|
55
|
+
end_session_endpoint: uri_js_1.webUriSchema.optional(),
|
|
56
|
+
registration_endpoint: uri_js_1.webUriSchema.optional(),
|
|
53
57
|
// https://datatracker.ietf.org/doc/html/rfc9449#section-5.1
|
|
54
58
|
dpop_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
|
|
55
59
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-05#section-4
|
|
56
|
-
protected_resources: zod_1.z.array(
|
|
60
|
+
protected_resources: zod_1.z.array(uri_js_1.webUriSchema).optional(),
|
|
57
61
|
// https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html
|
|
58
62
|
client_id_metadata_document_supported: zod_1.z.boolean().optional(),
|
|
59
63
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,qFAAiF;AACjF,6EAA0E;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,qFAAiF;AACjF,6EAA0E;AAC1E,qCAAuC;AAEvC;;;;;GAKG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,qBAAY,EAAE,eAAe;IAErD,cAAc,EAAE,qBAAY,EAAE,eAAe;IAC7C,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wFAAwF;IACxF,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,kIAAkI;IAClI,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAA"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { TypeOf, z } from 'zod';
|
|
2
2
|
/**
|
|
3
3
|
* @see {@link https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html}
|
|
4
4
|
*/
|
|
5
|
-
export
|
|
5
|
+
export declare const oauthClientIdDiscoverableSchema: z.ZodEffects<z.ZodIntersection<z.ZodString, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `https://${string}`, string>>, `https://${string}/${string}`, string>;
|
|
6
|
+
export type OAuthClientIdDiscoverable = TypeOf<typeof oauthClientIdDiscoverableSchema>;
|
|
6
7
|
export declare function isOAuthClientIdDiscoverable(clientId: string): clientId is OAuthClientIdDiscoverable;
|
|
7
8
|
export declare function assertOAuthDiscoverableClientId(value: string): asserts value is OAuthClientIdDiscoverable;
|
|
8
9
|
export declare function parseOAuthDiscoverableClientId(clientId: string): URL;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"oauth-client-id-discoverable.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAK/B;;GAEG;AACH,eAAO,MAAM,+BAA+B,0LA0DxC,CAAA;AAEJ,MAAM,MAAM,yBAAyB,GAAG,MAAM,CAC5C,OAAO,+BAA+B,CACvC,CAAA;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,yBAAyB,CAEvC;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,KAAK,IAAI,yBAAyB,CAE5C;AAED,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,CAEpE"}
|
|
@@ -1,50 +1,74 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.oauthClientIdDiscoverableSchema = void 0;
|
|
3
4
|
exports.isOAuthClientIdDiscoverable = isOAuthClientIdDiscoverable;
|
|
4
5
|
exports.assertOAuthDiscoverableClientId = assertOAuthDiscoverableClientId;
|
|
5
6
|
exports.parseOAuthDiscoverableClientId = parseOAuthDiscoverableClientId;
|
|
7
|
+
const zod_1 = require("zod");
|
|
8
|
+
const oauth_client_id_js_1 = require("./oauth-client-id.js");
|
|
9
|
+
const uri_js_1 = require("./uri.js");
|
|
6
10
|
const util_js_1 = require("./util.js");
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
}
|
|
15
|
-
}
|
|
16
|
-
function assertOAuthDiscoverableClientId(value) {
|
|
17
|
-
void parseOAuthDiscoverableClientId(value);
|
|
18
|
-
}
|
|
19
|
-
function parseOAuthDiscoverableClientId(clientId) {
|
|
20
|
-
const url = new URL(clientId);
|
|
21
|
-
if (url.protocol !== 'https:') {
|
|
22
|
-
throw new TypeError('ClientID must use the "https:" protocol');
|
|
23
|
-
}
|
|
11
|
+
/**
|
|
12
|
+
* @see {@link https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html}
|
|
13
|
+
*/
|
|
14
|
+
exports.oauthClientIdDiscoverableSchema = zod_1.z
|
|
15
|
+
.intersection(oauth_client_id_js_1.oauthClientIdSchema, uri_js_1.httpsUriSchema)
|
|
16
|
+
.superRefine((value, ctx) => {
|
|
17
|
+
const url = new URL(value);
|
|
24
18
|
if (url.username || url.password) {
|
|
25
|
-
|
|
19
|
+
ctx.addIssue({
|
|
20
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
21
|
+
message: 'ClientID must not contain credentials',
|
|
22
|
+
});
|
|
23
|
+
return false;
|
|
26
24
|
}
|
|
27
25
|
if (url.hash) {
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
26
|
+
ctx.addIssue({
|
|
27
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
28
|
+
message: 'ClientID must not contain a fragment',
|
|
29
|
+
});
|
|
30
|
+
return false;
|
|
32
31
|
}
|
|
33
32
|
if (url.pathname === '/') {
|
|
34
|
-
|
|
33
|
+
ctx.addIssue({
|
|
34
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
35
|
+
message: 'ClientID must contain a path component (e.g. "/client-metadata.json")',
|
|
36
|
+
});
|
|
37
|
+
return false;
|
|
35
38
|
}
|
|
36
39
|
if (url.pathname.endsWith('/')) {
|
|
37
|
-
|
|
40
|
+
ctx.addIssue({
|
|
41
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
42
|
+
message: 'ClientID path must not end with a trailing slash',
|
|
43
|
+
});
|
|
44
|
+
return false;
|
|
38
45
|
}
|
|
39
46
|
if ((0, util_js_1.isHostnameIP)(url.hostname)) {
|
|
40
|
-
|
|
47
|
+
ctx.addIssue({
|
|
48
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
49
|
+
message: 'ClientID hostname must not be an IP address',
|
|
50
|
+
});
|
|
51
|
+
return false;
|
|
41
52
|
}
|
|
42
53
|
// URL constructor normalizes the URL, so we extract the path manually to
|
|
43
54
|
// avoid normalization, then compare it to the normalized path to ensure
|
|
44
55
|
// that the URL does not contain path traversal or other unexpected characters
|
|
45
|
-
if ((0, util_js_1.extractUrlPath)(
|
|
46
|
-
|
|
56
|
+
if ((0, util_js_1.extractUrlPath)(value) !== url.pathname) {
|
|
57
|
+
ctx.addIssue({
|
|
58
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
59
|
+
message: `ClientID must be in canonical form ("${url.href}", got "${value}")`,
|
|
60
|
+
});
|
|
61
|
+
return false;
|
|
47
62
|
}
|
|
48
|
-
return
|
|
63
|
+
return true;
|
|
64
|
+
});
|
|
65
|
+
function isOAuthClientIdDiscoverable(clientId) {
|
|
66
|
+
return exports.oauthClientIdDiscoverableSchema.safeParse(clientId).success;
|
|
67
|
+
}
|
|
68
|
+
function assertOAuthDiscoverableClientId(value) {
|
|
69
|
+
void exports.oauthClientIdDiscoverableSchema.parse(value);
|
|
70
|
+
}
|
|
71
|
+
function parseOAuthDiscoverableClientId(clientId) {
|
|
72
|
+
return new URL(exports.oauthClientIdDiscoverableSchema.parse(clientId));
|
|
49
73
|
}
|
|
50
74
|
//# sourceMappingURL=oauth-client-id-discoverable.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;AAwEA,kEAIC;AAED,0EAIC;AAED,wEAEC;AAtFD,6BAA+B;AAC/B,6DAA0D;AAC1D,qCAAyC;AACzC,uCAAwD;AAExD;;GAEG;AACU,QAAA,+BAA+B,GAAG,OAAC;KAC7C,YAAY,CAAC,wCAAmB,EAAE,uBAAc,CAAC;KACjD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAA0C,EAAE;IAClE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uEAAuE;SAC1E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,IAAA,wBAAc,EAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,wCAAwC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI;SAC9E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAC,CAAA;AAMJ,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAED,SAAgB,+BAA+B,CAC7C,KAAa;IAEb,KAAK,uCAA+B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AACnD,CAAC;AAED,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,OAAO,IAAI,GAAG,CAAC,uCAA+B,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;AACjE,CAAC"}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { TypeOf } from 'zod';
|
|
2
|
+
import { OAuthRedirectUri } from './oauth-redirect-uri.js';
|
|
2
3
|
import { OAuthScope } from './oauth-scope.js';
|
|
3
|
-
declare const
|
|
4
|
-
export type OAuthClientIdLoopback =
|
|
4
|
+
export declare const oauthClientIdLoopbackSchema: import("zod").ZodEffects<import("zod").ZodString, "http://localhost" | `http://localhost?${string}` | "http://localhost/" | `http://localhost/?${string}`, string>;
|
|
5
|
+
export type OAuthClientIdLoopback = TypeOf<typeof oauthClientIdLoopbackSchema>;
|
|
5
6
|
export declare function isOAuthClientIdLoopback(clientId: string): clientId is OAuthClientIdLoopback;
|
|
6
7
|
export declare function assertOAuthLoopbackClientId(clientId: string): asserts clientId is OAuthClientIdLoopback;
|
|
7
8
|
export declare function parseOAuthLoopbackClientId(clientId: string): {
|
|
8
9
|
scope?: OAuthScope;
|
|
9
|
-
redirect_uris?: [
|
|
10
|
+
redirect_uris?: [OAuthRedirectUri, ...OAuthRedirectUri[]];
|
|
10
11
|
};
|
|
11
|
-
export {};
|
|
12
12
|
//# sourceMappingURL=oauth-client-id-loopback.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,MAAM,KAAK,CAAA;AAE1C,OAAO,EAGL,gBAAgB,EACjB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAA;AAI/D,eAAO,MAAM,2BAA2B,oKAgBvC,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,MAAM,CAAC,OAAO,2BAA2B,CAAC,CAAA;AAE9E,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,qBAAqB,CAOnC;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,QAAQ,IAAI,qBAAqB,CAE3C;AAID,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG;IAC5D,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,aAAa,CAAC,EAAE,CAAC,gBAAgB,EAAE,GAAG,gBAAgB,EAAE,CAAC,CAAA;CAC1D,CAoDA"}
|
|
@@ -1,11 +1,29 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.oauthClientIdLoopbackSchema = void 0;
|
|
3
4
|
exports.isOAuthClientIdLoopback = isOAuthClientIdLoopback;
|
|
4
5
|
exports.assertOAuthLoopbackClientId = assertOAuthLoopbackClientId;
|
|
5
6
|
exports.parseOAuthLoopbackClientId = parseOAuthLoopbackClientId;
|
|
7
|
+
const zod_1 = require("zod");
|
|
8
|
+
const oauth_client_id_js_1 = require("./oauth-client-id.js");
|
|
9
|
+
const oauth_redirect_uri_js_1 = require("./oauth-redirect-uri.js");
|
|
6
10
|
const oauth_scope_js_1 = require("./oauth-scope.js");
|
|
7
|
-
const
|
|
8
|
-
|
|
11
|
+
const PREFIX = 'http://localhost';
|
|
12
|
+
exports.oauthClientIdLoopbackSchema = oauth_client_id_js_1.oauthClientIdSchema.superRefine((value, ctx) => {
|
|
13
|
+
try {
|
|
14
|
+
assertOAuthLoopbackClientId(value);
|
|
15
|
+
return true;
|
|
16
|
+
}
|
|
17
|
+
catch (error) {
|
|
18
|
+
ctx.addIssue({
|
|
19
|
+
code: zod_1.ZodIssueCode.custom,
|
|
20
|
+
message: error instanceof TypeError
|
|
21
|
+
? error.message
|
|
22
|
+
: 'Invalid loopback client ID',
|
|
23
|
+
});
|
|
24
|
+
return false;
|
|
25
|
+
}
|
|
26
|
+
});
|
|
9
27
|
function isOAuthClientIdLoopback(clientId) {
|
|
10
28
|
try {
|
|
11
29
|
parseOAuthLoopbackClientId(clientId);
|
|
@@ -21,16 +39,15 @@ function assertOAuthLoopbackClientId(clientId) {
|
|
|
21
39
|
// @TODO: should we turn this into a zod schema? (more coherent error with other
|
|
22
40
|
// validation functions)
|
|
23
41
|
function parseOAuthLoopbackClientId(clientId) {
|
|
24
|
-
if (!clientId.startsWith(
|
|
25
|
-
throw new TypeError(`Loopback ClientID must start with "${
|
|
42
|
+
if (!clientId.startsWith(PREFIX)) {
|
|
43
|
+
throw new TypeError(`Loopback ClientID must start with "${PREFIX}"`);
|
|
26
44
|
}
|
|
27
|
-
else if (clientId.includes('#',
|
|
45
|
+
else if (clientId.includes('#', PREFIX.length)) {
|
|
28
46
|
throw new TypeError('Loopback ClientID must not contain a hash component');
|
|
29
47
|
}
|
|
30
|
-
const queryStringIdx = clientId.length >
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
: OAUTH_CLIENT_ID_LOOPBACK_URL.length;
|
|
48
|
+
const queryStringIdx = clientId.length > PREFIX.length && clientId[PREFIX.length] === '/'
|
|
49
|
+
? PREFIX.length + 1
|
|
50
|
+
: PREFIX.length;
|
|
34
51
|
if (clientId.length === queryStringIdx) {
|
|
35
52
|
return {}; // no query string to parse
|
|
36
53
|
}
|
|
@@ -53,25 +70,10 @@ function parseOAuthLoopbackClientId(clientId) {
|
|
|
53
70
|
}
|
|
54
71
|
}
|
|
55
72
|
const redirect_uris = searchParams.has('redirect_uri')
|
|
56
|
-
? searchParams
|
|
73
|
+
? searchParams
|
|
74
|
+
.getAll('redirect_uri')
|
|
75
|
+
.map((value) => oauth_redirect_uri_js_1.oauthLoopbackRedirectURISchema.parse(value))
|
|
57
76
|
: undefined;
|
|
58
|
-
if (redirect_uris) {
|
|
59
|
-
for (const uri of redirect_uris) {
|
|
60
|
-
const url = (0, util_js_1.safeUrl)(uri);
|
|
61
|
-
if (!url) {
|
|
62
|
-
throw new TypeError(`Invalid redirect_uri in client ID: ${uri}`);
|
|
63
|
-
}
|
|
64
|
-
if (url.protocol !== 'http:') {
|
|
65
|
-
throw new TypeError(`Loopback ClientID must use "http:" redirect_uri's (got ${uri})`);
|
|
66
|
-
}
|
|
67
|
-
if (url.hostname === 'localhost') {
|
|
68
|
-
throw new TypeError(`Loopback ClientID must not use "localhost" as redirect_uri hostname (got ${uri})`);
|
|
69
|
-
}
|
|
70
|
-
if (!(0, util_js_1.isLoopbackHost)(url.hostname)) {
|
|
71
|
-
throw new TypeError(`Loopback ClientID must use loopback addresses as redirect_uri's (got ${uri})`);
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
77
|
return {
|
|
76
78
|
scope,
|
|
77
79
|
redirect_uris,
|