@atproto/oauth-types 0.2.6 → 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/LICENSE.txt +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/oauth-authorization-request-par.d.ts +19 -19
- package/dist/oauth-authorization-request-parameters.d.ts +22 -19
- package/dist/oauth-authorization-request-parameters.d.ts.map +1 -1
- package/dist/oauth-authorization-request-parameters.js +9 -3
- package/dist/oauth-authorization-request-parameters.js.map +1 -1
- package/dist/oauth-authorization-request-query.d.ts +19 -19
- package/dist/oidc-userinfo.d.ts +31 -0
- package/dist/oidc-userinfo.d.ts.map +1 -0
- package/dist/oidc-userinfo.js +15 -0
- package/dist/oidc-userinfo.js.map +1 -0
- package/dist/util.d.ts +2 -0
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +22 -0
- package/dist/util.js.map +1 -1
- package/package.json +2 -2
- package/src/index.ts +1 -0
- package/src/oauth-authorization-request-parameters.ts +15 -6
- package/src/oidc-userinfo.ts +15 -0
- package/src/util.ts +20 -0
- package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# @atproto/oauth-types
|
|
2
2
|
|
|
3
|
+
## 0.2.8
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#3919](https://github.com/bluesky-social/atproto/pull/3919) [`a3b24ca77`](https://github.com/bluesky-social/atproto/commit/a3b24ca77ca24ac19b17cf9ee2a5ca9612ccf96c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Parse JSON encoded Authorization Request Parameters
|
|
8
|
+
|
|
9
|
+
- Updated dependencies [[`3fa2ee3b6`](https://github.com/bluesky-social/atproto/commit/3fa2ee3b6a382709b10921da53e69a901bccbb05)]:
|
|
10
|
+
- @atproto/jwk@0.2.0
|
|
11
|
+
|
|
12
|
+
## 0.2.7
|
|
13
|
+
|
|
14
|
+
### Patch Changes
|
|
15
|
+
|
|
16
|
+
- [#3797](https://github.com/bluesky-social/atproto/pull/3797) [`a48b093f0`](https://github.com/bluesky-social/atproto/commit/a48b093f0ba3cf67b7abc50d309afcb336d8ead8) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add `OidcUserinfo` type
|
|
17
|
+
|
|
3
18
|
## 0.2.6
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
package/LICENSE.txt
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Dual MIT/Apache-2.0 License
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2022-2025 Bluesky PBC, and Contributors
|
|
3
|
+
Copyright (c) 2022-2025 Bluesky Social PBC, and Contributors
|
|
4
4
|
|
|
5
5
|
Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
|
|
6
6
|
|
package/dist/index.d.ts
CHANGED
|
@@ -41,4 +41,5 @@ export * from './oidc-authentication-error-response.js';
|
|
|
41
41
|
export * from './oidc-claims-parameter.js';
|
|
42
42
|
export * from './oidc-claims-properties.js';
|
|
43
43
|
export * from './oidc-entity-type.js';
|
|
44
|
+
export * from './oidc-userinfo.js';
|
|
44
45
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAA;AAC9B,cAAc,UAAU,CAAA;AACxB,cAAc,WAAW,CAAA;AAEzB,cAAc,uCAAuC,CAAA;AACrD,cAAc,yBAAyB,CAAA;AACvC,cAAc,0CAA0C,CAAA;AACxD,cAAc,mDAAmD,CAAA;AACjE,cAAc,kCAAkC,CAAA;AAChD,cAAc,sCAAsC,CAAA;AACpD,cAAc,sCAAsC,CAAA;AACpD,cAAc,6CAA6C,CAAA;AAC3D,cAAc,wCAAwC,CAAA;AACtD,cAAc,sCAAsC,CAAA;AACpD,cAAc,0CAA0C,CAAA;AACxD,cAAc,mDAAmD,CAAA;AACjE,cAAc,+BAA+B,CAAA;AAC7C,cAAc,mCAAmC,CAAA;AACjD,cAAc,+BAA+B,CAAA;AAC7C,cAAc,sBAAsB,CAAA;AACpC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,uBAAuB,CAAA;AACrC,cAAc,mCAAmC,CAAA;AACjD,cAAc,8BAA8B,CAAA;AAC5C,cAAc,yBAAyB,CAAA;AACvC,cAAc,yCAAyC,CAAA;AACvD,cAAc,wCAAwC,CAAA;AACtD,cAAc,yBAAyB,CAAA;AACvC,cAAc,8CAA8C,CAAA;AAC5D,cAAc,0BAA0B,CAAA;AACxC,cAAc,wBAAwB,CAAA;AACtC,cAAc,0BAA0B,CAAA;AACxC,cAAc,0BAA0B,CAAA;AACxC,cAAc,kBAAkB,CAAA;AAChC,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,2BAA2B,CAAA;AACzC,cAAc,uBAAuB,CAAA;AACrC,cAAc,yCAAyC,CAAA;AACvD,cAAc,4BAA4B,CAAA;AAC1C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,uBAAuB,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAA;AAC9B,cAAc,UAAU,CAAA;AACxB,cAAc,WAAW,CAAA;AAEzB,cAAc,uCAAuC,CAAA;AACrD,cAAc,yBAAyB,CAAA;AACvC,cAAc,0CAA0C,CAAA;AACxD,cAAc,mDAAmD,CAAA;AACjE,cAAc,kCAAkC,CAAA;AAChD,cAAc,sCAAsC,CAAA;AACpD,cAAc,sCAAsC,CAAA;AACpD,cAAc,6CAA6C,CAAA;AAC3D,cAAc,wCAAwC,CAAA;AACtD,cAAc,sCAAsC,CAAA;AACpD,cAAc,0CAA0C,CAAA;AACxD,cAAc,mDAAmD,CAAA;AACjE,cAAc,+BAA+B,CAAA;AAC7C,cAAc,mCAAmC,CAAA;AACjD,cAAc,+BAA+B,CAAA;AAC7C,cAAc,sBAAsB,CAAA;AACpC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,uBAAuB,CAAA;AACrC,cAAc,mCAAmC,CAAA;AACjD,cAAc,8BAA8B,CAAA;AAC5C,cAAc,yBAAyB,CAAA;AACvC,cAAc,yCAAyC,CAAA;AACvD,cAAc,wCAAwC,CAAA;AACtD,cAAc,yBAAyB,CAAA;AACvC,cAAc,8CAA8C,CAAA;AAC5D,cAAc,0BAA0B,CAAA;AACxC,cAAc,wBAAwB,CAAA;AACtC,cAAc,0BAA0B,CAAA;AACxC,cAAc,0BAA0B,CAAA;AACxC,cAAc,kBAAkB,CAAA;AAChC,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,2BAA2B,CAAA;AACzC,cAAc,uBAAuB,CAAA;AACrC,cAAc,yCAAyC,CAAA;AACvD,cAAc,4BAA4B,CAAA;AAC1C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,uBAAuB,CAAA;AACrC,cAAc,oBAAoB,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -57,4 +57,5 @@ __exportStar(require("./oidc-authentication-error-response.js"), exports);
|
|
|
57
57
|
__exportStar(require("./oidc-claims-parameter.js"), exports);
|
|
58
58
|
__exportStar(require("./oidc-claims-properties.js"), exports);
|
|
59
59
|
__exportStar(require("./oidc-entity-type.js"), exports);
|
|
60
|
+
__exportStar(require("./oidc-userinfo.js"), exports);
|
|
60
61
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA8B;AAC9B,2CAAwB;AACxB,4CAAyB;AAEzB,wEAAqD;AACrD,0DAAuC;AACvC,2EAAwD;AACxD,oFAAiE;AACjE,mEAAgD;AAChD,uEAAoD;AACpD,uEAAoD;AACpD,8EAA2D;AAC3D,yEAAsD;AACtD,uEAAoD;AACpD,2EAAwD;AACxD,oFAAiE;AACjE,gEAA6C;AAC7C,oEAAiD;AACjD,gEAA6C;AAC7C,uDAAoC;AACpC,6DAA0C;AAC1C,kEAA+C;AAC/C,2DAAwC;AACxC,wDAAqC;AACrC,oEAAiD;AACjD,+DAA4C;AAC5C,0DAAuC;AACvC,0EAAuD;AACvD,yEAAsD;AACtD,0DAAuC;AACvC,+EAA4D;AAC5D,2DAAwC;AACxC,yDAAsC;AACtC,2DAAwC;AACxC,2DAAwC;AACxC,mDAAgC;AAChC,kEAA+C;AAC/C,2DAAwC;AACxC,4DAAyC;AACzC,wDAAqC;AACrC,0EAAuD;AACvD,6DAA0C;AAC1C,8DAA2C;AAC3C,wDAAqC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA8B;AAC9B,2CAAwB;AACxB,4CAAyB;AAEzB,wEAAqD;AACrD,0DAAuC;AACvC,2EAAwD;AACxD,oFAAiE;AACjE,mEAAgD;AAChD,uEAAoD;AACpD,uEAAoD;AACpD,8EAA2D;AAC3D,yEAAsD;AACtD,uEAAoD;AACpD,2EAAwD;AACxD,oFAAiE;AACjE,gEAA6C;AAC7C,oEAAiD;AACjD,gEAA6C;AAC7C,uDAAoC;AACpC,6DAA0C;AAC1C,kEAA+C;AAC/C,2DAAwC;AACxC,wDAAqC;AACrC,oEAAiD;AACjD,+DAA4C;AAC5C,0DAAuC;AACvC,0EAAuD;AACvD,yEAAsD;AACtD,0DAAuC;AACvC,+EAA4D;AAC5D,2DAAwC;AACxC,yDAAsC;AACtC,2DAAwC;AACxC,2DAAwC;AACxC,mDAAgC;AAChC,kEAA+C;AAC/C,2DAAwC;AACxC,4DAAyC;AACzC,wDAAqC;AACrC,0EAAuD;AACvD,6DAA0C;AAC1C,8DAA2C;AAC3C,wDAAqC;AACrC,qDAAkC"}
|
|
@@ -10,8 +10,8 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
10
10
|
dpop_jkt: z.ZodOptional<z.ZodString>;
|
|
11
11
|
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
|
12
12
|
nonce: z.ZodOptional<z.ZodString>;
|
|
13
|
-
max_age: z.ZodOptional<z.ZodNumber
|
|
14
|
-
claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
|
13
|
+
max_age: z.ZodOptional<z.ZodEffects<z.ZodNumber, number, unknown>>;
|
|
14
|
+
claims: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
|
15
15
|
essential: z.ZodOptional<z.ZodBoolean>;
|
|
16
16
|
value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
|
|
17
17
|
values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
|
|
@@ -23,13 +23,17 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
23
23
|
value?: string | number | boolean | undefined;
|
|
24
24
|
values?: (string | number | boolean)[] | undefined;
|
|
25
25
|
essential?: boolean | undefined;
|
|
26
|
-
}>]
|
|
26
|
+
}>]>>>, Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
|
|
27
|
+
value?: string | number | boolean | undefined;
|
|
28
|
+
values?: (string | number | boolean)[] | undefined;
|
|
29
|
+
essential?: boolean | undefined;
|
|
30
|
+
} | null>>>>, unknown>>;
|
|
27
31
|
login_hint: z.ZodOptional<z.ZodString>;
|
|
28
32
|
ui_locales: z.ZodOptional<z.ZodString>;
|
|
29
33
|
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
30
34
|
display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
|
|
31
35
|
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
|
32
|
-
authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
36
|
+
authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
33
37
|
type: z.ZodString;
|
|
34
38
|
locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
|
|
35
39
|
actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
@@ -50,7 +54,14 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
50
54
|
datatypes?: string[] | undefined;
|
|
51
55
|
identifier?: string | undefined;
|
|
52
56
|
privileges?: string[] | undefined;
|
|
53
|
-
}>, "many"
|
|
57
|
+
}>, "many">, {
|
|
58
|
+
type: string;
|
|
59
|
+
locations?: `${string}:${string}`[] | undefined;
|
|
60
|
+
actions?: string[] | undefined;
|
|
61
|
+
datatypes?: string[] | undefined;
|
|
62
|
+
identifier?: string | undefined;
|
|
63
|
+
privileges?: string[] | undefined;
|
|
64
|
+
}[], unknown>>;
|
|
54
65
|
}, "strip", z.ZodTypeAny, {
|
|
55
66
|
client_id: string;
|
|
56
67
|
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
@@ -92,25 +103,14 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
92
103
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
93
104
|
dpop_jkt?: string | undefined;
|
|
94
105
|
response_mode?: "query" | "fragment" | "form_post" | undefined;
|
|
95
|
-
max_age?:
|
|
96
|
-
claims?:
|
|
97
|
-
value?: string | number | boolean | undefined;
|
|
98
|
-
values?: (string | number | boolean)[] | undefined;
|
|
99
|
-
essential?: boolean | undefined;
|
|
100
|
-
} | null>>>> | undefined;
|
|
106
|
+
max_age?: unknown;
|
|
107
|
+
claims?: unknown;
|
|
101
108
|
login_hint?: string | undefined;
|
|
102
109
|
ui_locales?: string | undefined;
|
|
103
110
|
id_token_hint?: string | undefined;
|
|
104
111
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
105
112
|
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
106
|
-
authorization_details?:
|
|
107
|
-
type: string;
|
|
108
|
-
locations?: string[] | undefined;
|
|
109
|
-
actions?: string[] | undefined;
|
|
110
|
-
datatypes?: string[] | undefined;
|
|
111
|
-
identifier?: string | undefined;
|
|
112
|
-
privileges?: string[] | undefined;
|
|
113
|
-
}[] | undefined;
|
|
113
|
+
authorization_details?: unknown;
|
|
114
114
|
}>, z.ZodObject<{
|
|
115
115
|
request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
|
|
116
116
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
/**
|
|
3
|
+
* @note non string parameters will be converted from their string
|
|
4
|
+
* representation since oauth request parameters are typically sent as URL
|
|
5
|
+
* encoded form data or URL encoded query string.
|
|
3
6
|
* @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
|
|
4
7
|
*/
|
|
5
8
|
export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
@@ -13,8 +16,8 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
13
16
|
dpop_jkt: z.ZodOptional<z.ZodString>;
|
|
14
17
|
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
|
15
18
|
nonce: z.ZodOptional<z.ZodString>;
|
|
16
|
-
max_age: z.ZodOptional<z.ZodNumber
|
|
17
|
-
claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
|
19
|
+
max_age: z.ZodOptional<z.ZodEffects<z.ZodNumber, number, unknown>>;
|
|
20
|
+
claims: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
|
18
21
|
essential: z.ZodOptional<z.ZodBoolean>;
|
|
19
22
|
value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
|
|
20
23
|
values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
|
|
@@ -26,7 +29,11 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
26
29
|
value?: string | number | boolean | undefined;
|
|
27
30
|
values?: (string | number | boolean)[] | undefined;
|
|
28
31
|
essential?: boolean | undefined;
|
|
29
|
-
}>]
|
|
32
|
+
}>]>>>, Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
|
|
33
|
+
value?: string | number | boolean | undefined;
|
|
34
|
+
values?: (string | number | boolean)[] | undefined;
|
|
35
|
+
essential?: boolean | undefined;
|
|
36
|
+
} | null>>>>, unknown>>;
|
|
30
37
|
login_hint: z.ZodOptional<z.ZodString>;
|
|
31
38
|
ui_locales: z.ZodOptional<z.ZodString>;
|
|
32
39
|
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
@@ -38,7 +45,7 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
38
45
|
* - "select_account" will force the user to select an account
|
|
39
46
|
*/
|
|
40
47
|
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
|
41
|
-
authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
48
|
+
authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
42
49
|
type: z.ZodString;
|
|
43
50
|
locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
|
|
44
51
|
actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
@@ -59,7 +66,14 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
59
66
|
datatypes?: string[] | undefined;
|
|
60
67
|
identifier?: string | undefined;
|
|
61
68
|
privileges?: string[] | undefined;
|
|
62
|
-
}>, "many"
|
|
69
|
+
}>, "many">, {
|
|
70
|
+
type: string;
|
|
71
|
+
locations?: `${string}:${string}`[] | undefined;
|
|
72
|
+
actions?: string[] | undefined;
|
|
73
|
+
datatypes?: string[] | undefined;
|
|
74
|
+
identifier?: string | undefined;
|
|
75
|
+
privileges?: string[] | undefined;
|
|
76
|
+
}[], unknown>>;
|
|
63
77
|
}, "strip", z.ZodTypeAny, {
|
|
64
78
|
client_id: string;
|
|
65
79
|
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
@@ -101,25 +115,14 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
101
115
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
102
116
|
dpop_jkt?: string | undefined;
|
|
103
117
|
response_mode?: "query" | "fragment" | "form_post" | undefined;
|
|
104
|
-
max_age?:
|
|
105
|
-
claims?:
|
|
106
|
-
value?: string | number | boolean | undefined;
|
|
107
|
-
values?: (string | number | boolean)[] | undefined;
|
|
108
|
-
essential?: boolean | undefined;
|
|
109
|
-
} | null>>>> | undefined;
|
|
118
|
+
max_age?: unknown;
|
|
119
|
+
claims?: unknown;
|
|
110
120
|
login_hint?: string | undefined;
|
|
111
121
|
ui_locales?: string | undefined;
|
|
112
122
|
id_token_hint?: string | undefined;
|
|
113
123
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
114
124
|
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
115
|
-
authorization_details?:
|
|
116
|
-
type: string;
|
|
117
|
-
locations?: string[] | undefined;
|
|
118
|
-
actions?: string[] | undefined;
|
|
119
|
-
datatypes?: string[] | undefined;
|
|
120
|
-
identifier?: string | undefined;
|
|
121
|
-
privileges?: string[] | undefined;
|
|
122
|
-
}[] | undefined;
|
|
125
|
+
authorization_details?: unknown;
|
|
123
126
|
}>;
|
|
124
127
|
/**
|
|
125
128
|
* @see {oauthAuthorizationRequestParametersSchema}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAcvB;;;;;GAKG;AACH,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAiEpD;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOH,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,yCAAyC,CACjD,CAAA"}
|
|
@@ -13,7 +13,11 @@ const oauth_scope_js_1 = require("./oauth-scope.js");
|
|
|
13
13
|
const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
|
|
14
14
|
const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
|
|
15
15
|
const oidc_entity_type_js_1 = require("./oidc-entity-type.js");
|
|
16
|
+
const util_js_1 = require("./util.js");
|
|
16
17
|
/**
|
|
18
|
+
* @note non string parameters will be converted from their string
|
|
19
|
+
* representation since oauth request parameters are typically sent as URL
|
|
20
|
+
* encoded form data or URL encoded query string.
|
|
17
21
|
* @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
|
|
18
22
|
*/
|
|
19
23
|
exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
|
|
@@ -41,9 +45,9 @@ exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
|
|
|
41
45
|
// PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,
|
|
42
46
|
// the ID Token returned MUST include an auth_time Claim Value. Note that
|
|
43
47
|
// max_age=0 is equivalent to prompt=login.
|
|
44
|
-
max_age: zod_1.z.number().int().min(0).optional(),
|
|
48
|
+
max_age: zod_1.z.preprocess(util_js_1.numberPreprocess, zod_1.z.number().int().min(0)).optional(),
|
|
45
49
|
claims: zod_1.z
|
|
46
|
-
.record(oidc_entity_type_js_1.oidcEntityTypeSchema, zod_1.z.record(oidc_claims_parameter_js_1.oidcClaimsParameterSchema, zod_1.z.union([zod_1.z.literal(null), oidc_claims_properties_js_1.oidcClaimsPropertiesSchema])))
|
|
50
|
+
.preprocess(util_js_1.jsonObjectPreprocess, zod_1.z.record(oidc_entity_type_js_1.oidcEntityTypeSchema, zod_1.z.record(oidc_claims_parameter_js_1.oidcClaimsParameterSchema, zod_1.z.union([zod_1.z.literal(null), oidc_claims_properties_js_1.oidcClaimsPropertiesSchema]))))
|
|
47
51
|
.optional(),
|
|
48
52
|
// https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter
|
|
49
53
|
// Not supported by this library (yet?)
|
|
@@ -65,6 +69,8 @@ exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
|
|
|
65
69
|
*/
|
|
66
70
|
prompt: zod_1.z.enum(['none', 'login', 'consent', 'select_account']).optional(),
|
|
67
71
|
// https://datatracker.ietf.org/doc/html/rfc9396
|
|
68
|
-
authorization_details:
|
|
72
|
+
authorization_details: zod_1.z
|
|
73
|
+
.preprocess(util_js_1.jsonObjectPreprocess, oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema)
|
|
74
|
+
.optional(),
|
|
69
75
|
});
|
|
70
76
|
//# sourceMappingURL=oauth-authorization-request-parameters.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B;SAClD,OAAO,CAAC,MAAM,CAAC;SACf,QAAQ,EAAE;IAEb,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,OAAC;SACrB,UAAU,CAAC,8BAAoB,EAAE,gEAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA"}
|
|
@@ -10,8 +10,8 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
10
10
|
dpop_jkt: z.ZodOptional<z.ZodString>;
|
|
11
11
|
response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
|
|
12
12
|
nonce: z.ZodOptional<z.ZodString>;
|
|
13
|
-
max_age: z.ZodOptional<z.ZodNumber
|
|
14
|
-
claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
|
13
|
+
max_age: z.ZodOptional<z.ZodEffects<z.ZodNumber, number, unknown>>;
|
|
14
|
+
claims: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
|
|
15
15
|
essential: z.ZodOptional<z.ZodBoolean>;
|
|
16
16
|
value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
|
|
17
17
|
values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
|
|
@@ -23,13 +23,17 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
23
23
|
value?: string | number | boolean | undefined;
|
|
24
24
|
values?: (string | number | boolean)[] | undefined;
|
|
25
25
|
essential?: boolean | undefined;
|
|
26
|
-
}>]
|
|
26
|
+
}>]>>>, Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
|
|
27
|
+
value?: string | number | boolean | undefined;
|
|
28
|
+
values?: (string | number | boolean)[] | undefined;
|
|
29
|
+
essential?: boolean | undefined;
|
|
30
|
+
} | null>>>>, unknown>>;
|
|
27
31
|
login_hint: z.ZodOptional<z.ZodString>;
|
|
28
32
|
ui_locales: z.ZodOptional<z.ZodString>;
|
|
29
33
|
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
30
34
|
display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
|
|
31
35
|
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
|
32
|
-
authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
36
|
+
authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
33
37
|
type: z.ZodString;
|
|
34
38
|
locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
|
|
35
39
|
actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
@@ -50,7 +54,14 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
50
54
|
datatypes?: string[] | undefined;
|
|
51
55
|
identifier?: string | undefined;
|
|
52
56
|
privileges?: string[] | undefined;
|
|
53
|
-
}>, "many"
|
|
57
|
+
}>, "many">, {
|
|
58
|
+
type: string;
|
|
59
|
+
locations?: `${string}:${string}`[] | undefined;
|
|
60
|
+
actions?: string[] | undefined;
|
|
61
|
+
datatypes?: string[] | undefined;
|
|
62
|
+
identifier?: string | undefined;
|
|
63
|
+
privileges?: string[] | undefined;
|
|
64
|
+
}[], unknown>>;
|
|
54
65
|
}, "strip", z.ZodTypeAny, {
|
|
55
66
|
client_id: string;
|
|
56
67
|
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
@@ -92,25 +103,14 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
92
103
|
code_challenge_method?: "S256" | "plain" | undefined;
|
|
93
104
|
dpop_jkt?: string | undefined;
|
|
94
105
|
response_mode?: "query" | "fragment" | "form_post" | undefined;
|
|
95
|
-
max_age?:
|
|
96
|
-
claims?:
|
|
97
|
-
value?: string | number | boolean | undefined;
|
|
98
|
-
values?: (string | number | boolean)[] | undefined;
|
|
99
|
-
essential?: boolean | undefined;
|
|
100
|
-
} | null>>>> | undefined;
|
|
106
|
+
max_age?: unknown;
|
|
107
|
+
claims?: unknown;
|
|
101
108
|
login_hint?: string | undefined;
|
|
102
109
|
ui_locales?: string | undefined;
|
|
103
110
|
id_token_hint?: string | undefined;
|
|
104
111
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
105
112
|
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
106
|
-
authorization_details?:
|
|
107
|
-
type: string;
|
|
108
|
-
locations?: string[] | undefined;
|
|
109
|
-
actions?: string[] | undefined;
|
|
110
|
-
datatypes?: string[] | undefined;
|
|
111
|
-
identifier?: string | undefined;
|
|
112
|
-
privileges?: string[] | undefined;
|
|
113
|
-
}[] | undefined;
|
|
113
|
+
authorization_details?: unknown;
|
|
114
114
|
}>, z.ZodObject<{
|
|
115
115
|
request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
|
|
116
116
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
export declare const oidcUserinfoSchema: z.ZodObject<{
|
|
3
|
+
sub: z.ZodString;
|
|
4
|
+
iss: z.ZodOptional<z.ZodString>;
|
|
5
|
+
aud: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
|
|
6
|
+
email: z.ZodOptional<z.ZodString>;
|
|
7
|
+
email_verified: z.ZodOptional<z.ZodBoolean>;
|
|
8
|
+
name: z.ZodOptional<z.ZodString>;
|
|
9
|
+
preferred_username: z.ZodOptional<z.ZodString>;
|
|
10
|
+
picture: z.ZodOptional<z.ZodString>;
|
|
11
|
+
}, "strip", z.ZodTypeAny, {
|
|
12
|
+
sub: string;
|
|
13
|
+
email?: string | undefined;
|
|
14
|
+
name?: string | undefined;
|
|
15
|
+
preferred_username?: string | undefined;
|
|
16
|
+
picture?: string | undefined;
|
|
17
|
+
email_verified?: boolean | undefined;
|
|
18
|
+
iss?: string | undefined;
|
|
19
|
+
aud?: string | string[] | undefined;
|
|
20
|
+
}, {
|
|
21
|
+
sub: string;
|
|
22
|
+
email?: string | undefined;
|
|
23
|
+
name?: string | undefined;
|
|
24
|
+
preferred_username?: string | undefined;
|
|
25
|
+
picture?: string | undefined;
|
|
26
|
+
email_verified?: boolean | undefined;
|
|
27
|
+
iss?: string | undefined;
|
|
28
|
+
aud?: string | string[] | undefined;
|
|
29
|
+
}>;
|
|
30
|
+
export type OidcUserinfo = z.infer<typeof oidcUserinfoSchema>;
|
|
31
|
+
//# sourceMappingURL=oidc-userinfo.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oidc-userinfo.d.ts","sourceRoot":"","sources":["../src/oidc-userinfo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU7B,CAAA;AAEF,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAA"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.oidcUserinfoSchema = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
exports.oidcUserinfoSchema = zod_1.z.object({
|
|
6
|
+
sub: zod_1.z.string(),
|
|
7
|
+
iss: zod_1.z.string().url().optional(),
|
|
8
|
+
aud: zod_1.z.union([zod_1.z.string(), zod_1.z.array(zod_1.z.string()).min(1)]).optional(),
|
|
9
|
+
email: zod_1.z.string().email().optional(),
|
|
10
|
+
email_verified: zod_1.z.boolean().optional(),
|
|
11
|
+
name: zod_1.z.string().optional(),
|
|
12
|
+
preferred_username: zod_1.z.string().optional(),
|
|
13
|
+
picture: zod_1.z.string().url().optional(),
|
|
14
|
+
});
|
|
15
|
+
//# sourceMappingURL=oidc-userinfo.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oidc-userinfo.js","sourceRoot":"","sources":["../src/oidc-userinfo.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEjE,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA"}
|
package/dist/util.d.ts
CHANGED
|
@@ -4,4 +4,6 @@ export declare function isLoopbackHost(host: unknown): host is LoopbackHost;
|
|
|
4
4
|
export declare function isLoopbackUrl(input: URL | string): boolean;
|
|
5
5
|
export declare function safeUrl(input: URL | string): URL | null;
|
|
6
6
|
export declare function extractUrlPath(url: any): any;
|
|
7
|
+
export declare const jsonObjectPreprocess: (val: unknown) => any;
|
|
8
|
+
export declare const numberPreprocess: (val: unknown) => unknown;
|
|
7
9
|
//# sourceMappingURL=util.d.ts.map
|
package/dist/util.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,WAQ5C;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,GAAG,WAAW,GAAG,OAAO,CAAA;AAE9D,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,YAAY,CAElE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,OAAO,CAG1D;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,IAAI,CAMvD;AAED,wBAAgB,cAAc,CAAC,GAAG,KAAA,OAsCjC"}
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,WAQ5C;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,GAAG,WAAW,GAAG,OAAO,CAAA;AAE9D,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,YAAY,CAElE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,OAAO,CAG1D;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,IAAI,CAMvD;AAED,wBAAgB,cAAc,CAAC,GAAG,KAAA,OAsCjC;AAED,eAAO,MAAM,oBAAoB,GAAI,KAAK,OAAO,QAUhD,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,KAAK,OAAO,KAAG,OAM/C,CAAA"}
|
package/dist/util.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.numberPreprocess = exports.jsonObjectPreprocess = void 0;
|
|
3
4
|
exports.isHostnameIP = isHostnameIP;
|
|
4
5
|
exports.isLoopbackHost = isLoopbackHost;
|
|
5
6
|
exports.isLoopbackUrl = isLoopbackUrl;
|
|
@@ -59,4 +60,25 @@ function extractUrlPath(url) {
|
|
|
59
60
|
}
|
|
60
61
|
return url.substring(pathStart, pathEnd);
|
|
61
62
|
}
|
|
63
|
+
const jsonObjectPreprocess = (val) => {
|
|
64
|
+
if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {
|
|
65
|
+
try {
|
|
66
|
+
return JSON.parse(val);
|
|
67
|
+
}
|
|
68
|
+
catch {
|
|
69
|
+
return val;
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
return val;
|
|
73
|
+
};
|
|
74
|
+
exports.jsonObjectPreprocess = jsonObjectPreprocess;
|
|
75
|
+
const numberPreprocess = (val) => {
|
|
76
|
+
if (typeof val === 'string') {
|
|
77
|
+
const number = Number(val);
|
|
78
|
+
if (!Number.isNaN(number))
|
|
79
|
+
return number;
|
|
80
|
+
}
|
|
81
|
+
return val;
|
|
82
|
+
};
|
|
83
|
+
exports.numberPreprocess = numberPreprocess;
|
|
62
84
|
//# sourceMappingURL=util.js.map
|
package/dist/util.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;;AAAA,oCAQC;AAID,wCAEC;AAED,sCAGC;AAED,0BAMC;AAED,wCAsCC;AAnED,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO;IACP,IAAI,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnE,OAAO,KAAK,CAAA;AACd,CAAC;AAID,SAAgB,cAAc,CAAC,IAAa;IAC1C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,OAAO,CAAA;AACzE,CAAC;AAED,SAAgB,aAAa,CAAC,KAAmB;IAC/C,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IAC9D,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;AACrC,CAAC;AAED,SAAgB,OAAO,CAAC,KAAmB;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,GAAG;IAChC,uEAAuE;IACvE,kCAAkC;IAClC,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;YACzB,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,CAAC,CAAC,CAAA;IACR,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEnD,MAAM,WAAW,GACf,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC;QAC7D,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,CAAC,CAAC,CAAA;IAER,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACf,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IAEtC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEhD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAA;IAE5E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;AAC1C,CAAC;AAEM,MAAM,oBAAoB,GAAG,CAAC,GAAY,EAAE,EAAE;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAA;QACZ,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AAVY,QAAA,oBAAoB,wBAUhC;AAEM,MAAM,gBAAgB,GAAG,CAAC,GAAY,EAAW,EAAE;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AANY,QAAA,gBAAgB,oBAM5B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-types",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.8",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "OAuth typing & validation library",
|
|
6
6
|
"keywords": [
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
},
|
|
27
27
|
"dependencies": {
|
|
28
28
|
"zod": "^3.23.8",
|
|
29
|
-
"@atproto/jwk": "0.
|
|
29
|
+
"@atproto/jwk": "0.2.0"
|
|
30
30
|
},
|
|
31
31
|
"devDependencies": {
|
|
32
32
|
"typescript": "^5.6.3"
|
package/src/index.ts
CHANGED
|
@@ -10,8 +10,12 @@ import { oauthScopeSchema } from './oauth-scope.js'
|
|
|
10
10
|
import { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'
|
|
11
11
|
import { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'
|
|
12
12
|
import { oidcEntityTypeSchema } from './oidc-entity-type.js'
|
|
13
|
+
import { jsonObjectPreprocess, numberPreprocess } from './util.js'
|
|
13
14
|
|
|
14
15
|
/**
|
|
16
|
+
* @note non string parameters will be converted from their string
|
|
17
|
+
* representation since oauth request parameters are typically sent as URL
|
|
18
|
+
* encoded form data or URL encoded query string.
|
|
15
19
|
* @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
|
|
16
20
|
*/
|
|
17
21
|
export const oauthAuthorizationRequestParametersSchema = z.object({
|
|
@@ -47,14 +51,17 @@ export const oauthAuthorizationRequestParametersSchema = z.object({
|
|
|
47
51
|
// PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,
|
|
48
52
|
// the ID Token returned MUST include an auth_time Claim Value. Note that
|
|
49
53
|
// max_age=0 is equivalent to prompt=login.
|
|
50
|
-
max_age: z.number().int().min(0).optional(),
|
|
54
|
+
max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),
|
|
51
55
|
|
|
52
56
|
claims: z
|
|
53
|
-
.
|
|
54
|
-
|
|
57
|
+
.preprocess(
|
|
58
|
+
jsonObjectPreprocess,
|
|
55
59
|
z.record(
|
|
56
|
-
|
|
57
|
-
z.
|
|
60
|
+
oidcEntityTypeSchema,
|
|
61
|
+
z.record(
|
|
62
|
+
oidcClaimsParameterSchema,
|
|
63
|
+
z.union([z.literal(null), oidcClaimsPropertiesSchema]),
|
|
64
|
+
),
|
|
58
65
|
),
|
|
59
66
|
)
|
|
60
67
|
.optional(),
|
|
@@ -85,7 +92,9 @@ export const oauthAuthorizationRequestParametersSchema = z.object({
|
|
|
85
92
|
prompt: z.enum(['none', 'login', 'consent', 'select_account']).optional(),
|
|
86
93
|
|
|
87
94
|
// https://datatracker.ietf.org/doc/html/rfc9396
|
|
88
|
-
authorization_details:
|
|
95
|
+
authorization_details: z
|
|
96
|
+
.preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)
|
|
97
|
+
.optional(),
|
|
89
98
|
})
|
|
90
99
|
|
|
91
100
|
/**
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { z } from 'zod'
|
|
2
|
+
|
|
3
|
+
export const oidcUserinfoSchema = z.object({
|
|
4
|
+
sub: z.string(),
|
|
5
|
+
iss: z.string().url().optional(),
|
|
6
|
+
aud: z.union([z.string(), z.array(z.string()).min(1)]).optional(),
|
|
7
|
+
|
|
8
|
+
email: z.string().email().optional(),
|
|
9
|
+
email_verified: z.boolean().optional(),
|
|
10
|
+
name: z.string().optional(),
|
|
11
|
+
preferred_username: z.string().optional(),
|
|
12
|
+
picture: z.string().url().optional(),
|
|
13
|
+
})
|
|
14
|
+
|
|
15
|
+
export type OidcUserinfo = z.infer<typeof oidcUserinfoSchema>
|
package/src/util.ts
CHANGED
|
@@ -66,3 +66,23 @@ export function extractUrlPath(url) {
|
|
|
66
66
|
|
|
67
67
|
return url.substring(pathStart, pathEnd)
|
|
68
68
|
}
|
|
69
|
+
|
|
70
|
+
export const jsonObjectPreprocess = (val: unknown) => {
|
|
71
|
+
if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {
|
|
72
|
+
try {
|
|
73
|
+
return JSON.parse(val)
|
|
74
|
+
} catch {
|
|
75
|
+
return val
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
return val
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
export const numberPreprocess = (val: unknown): unknown => {
|
|
83
|
+
if (typeof val === 'string') {
|
|
84
|
+
const number = Number(val)
|
|
85
|
+
if (!Number.isNaN(number)) return number
|
|
86
|
+
}
|
|
87
|
+
return val
|
|
88
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"root":["./src/atproto-loopback-client-metadata.ts","./src/constants.ts","./src/index.ts","./src/oauth-access-token.ts","./src/oauth-authentication-error-response.ts","./src/oauth-authorization-code-grant-token-request.ts","./src/oauth-authorization-details.ts","./src/oauth-authorization-request-jar.ts","./src/oauth-authorization-request-par.ts","./src/oauth-authorization-request-parameters.ts","./src/oauth-authorization-request-query.ts","./src/oauth-authorization-request-uri.ts","./src/oauth-authorization-server-metadata.ts","./src/oauth-client-credentials-grant-token-request.ts","./src/oauth-client-credentials.ts","./src/oauth-client-id-discoverable.ts","./src/oauth-client-id-loopback.ts","./src/oauth-client-id.ts","./src/oauth-client-metadata.ts","./src/oauth-code-challenge-method.ts","./src/oauth-endpoint-auth-method.ts","./src/oauth-endpoint-name.ts","./src/oauth-grant-type.ts","./src/oauth-introspection-response.ts","./src/oauth-issuer-identifier.ts","./src/oauth-par-response.ts","./src/oauth-password-grant-token-request.ts","./src/oauth-protected-resource-metadata.ts","./src/oauth-redirect-uri.ts","./src/oauth-refresh-token-grant-token-request.ts","./src/oauth-refresh-token.ts","./src/oauth-request-uri.ts","./src/oauth-response-mode.ts","./src/oauth-response-type.ts","./src/oauth-scope.ts","./src/oauth-token-identification.ts","./src/oauth-token-request.ts","./src/oauth-token-response.ts","./src/oauth-token-type.ts","./src/oidc-authentication-error-response.ts","./src/oidc-claims-parameter.ts","./src/oidc-claims-properties.ts","./src/oidc-entity-type.ts","./src/uri.ts","./src/util.ts"],"version":"5.8.2"}
|
|
1
|
+
{"root":["./src/atproto-loopback-client-metadata.ts","./src/constants.ts","./src/index.ts","./src/oauth-access-token.ts","./src/oauth-authentication-error-response.ts","./src/oauth-authorization-code-grant-token-request.ts","./src/oauth-authorization-details.ts","./src/oauth-authorization-request-jar.ts","./src/oauth-authorization-request-par.ts","./src/oauth-authorization-request-parameters.ts","./src/oauth-authorization-request-query.ts","./src/oauth-authorization-request-uri.ts","./src/oauth-authorization-server-metadata.ts","./src/oauth-client-credentials-grant-token-request.ts","./src/oauth-client-credentials.ts","./src/oauth-client-id-discoverable.ts","./src/oauth-client-id-loopback.ts","./src/oauth-client-id.ts","./src/oauth-client-metadata.ts","./src/oauth-code-challenge-method.ts","./src/oauth-endpoint-auth-method.ts","./src/oauth-endpoint-name.ts","./src/oauth-grant-type.ts","./src/oauth-introspection-response.ts","./src/oauth-issuer-identifier.ts","./src/oauth-par-response.ts","./src/oauth-password-grant-token-request.ts","./src/oauth-protected-resource-metadata.ts","./src/oauth-redirect-uri.ts","./src/oauth-refresh-token-grant-token-request.ts","./src/oauth-refresh-token.ts","./src/oauth-request-uri.ts","./src/oauth-response-mode.ts","./src/oauth-response-type.ts","./src/oauth-scope.ts","./src/oauth-token-identification.ts","./src/oauth-token-request.ts","./src/oauth-token-response.ts","./src/oauth-token-type.ts","./src/oidc-authentication-error-response.ts","./src/oidc-claims-parameter.ts","./src/oidc-claims-properties.ts","./src/oidc-entity-type.ts","./src/oidc-userinfo.ts","./src/uri.ts","./src/util.ts"],"version":"5.8.2"}
|