@atproto/oauth-types 0.2.7 → 0.2.8

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @atproto/oauth-types
 
+## 0.2.8
+
+### Patch Changes
+
+- [#3919](https://github.com/bluesky-social/atproto/pull/3919) [`a3b24ca77`](https://github.com/bluesky-social/atproto/commit/a3b24ca77ca24ac19b17cf9ee2a5ca9612ccf96c) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Parse JSON encoded Authorization Request Parameters
+
+- Updated dependencies [[`3fa2ee3b6`](https://github.com/bluesky-social/atproto/commit/3fa2ee3b6a382709b10921da53e69a901bccbb05)]:
+  - @atproto/jwk@0.2.0
+
 ## 0.2.7
 
 ### Patch Changes

package/LICENSE.txt

@@ -1,6 +1,6 @@
 Dual MIT/Apache-2.0 License
 
-Copyright (c) 2022-2025 Bluesky PBC, and Contributors
+Copyright (c) 2022-2025 Bluesky Social PBC, and Contributors
 
 Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
 

package/dist/oauth-authorization-request-par.d.ts

@@ -10,8 +10,8 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
     dpop_jkt: z.ZodOptional<z.ZodString>;
     response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
     nonce: z.ZodOptional<z.ZodString>;
-    max_age: z.ZodOptional<z.ZodNumber>;
-    claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
+    max_age: z.ZodOptional<z.ZodEffects<z.ZodNumber, number, unknown>>;
+    claims: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
         essential: z.ZodOptional<z.ZodBoolean>;
         value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
         values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
@@ -23,13 +23,17 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
         value?: string | number | boolean | undefined;
         values?: (string | number | boolean)[] | undefined;
         essential?: boolean | undefined;
-    }>]>>>>;
+    }>]>>>, Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
+        value?: string | number | boolean | undefined;
+        values?: (string | number | boolean)[] | undefined;
+        essential?: boolean | undefined;
+    } | null>>>>, unknown>>;
     login_hint: z.ZodOptional<z.ZodString>;
     ui_locales: z.ZodOptional<z.ZodString>;
     id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
     display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
     prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
-    authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
         type: z.ZodString;
         locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
         actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -50,7 +54,14 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
         datatypes?: string[] | undefined;
         identifier?: string | undefined;
         privileges?: string[] | undefined;
-    }>, "many">>;
+    }>, "many">, {
+        type: string;
+        locations?: `${string}:${string}`[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }[], unknown>>;
 }, "strip", z.ZodTypeAny, {
     client_id: string;
     response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
@@ -92,25 +103,14 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
     code_challenge_method?: "S256" | "plain" | undefined;
     dpop_jkt?: string | undefined;
     response_mode?: "query" | "fragment" | "form_post" | undefined;
-    max_age?: number | undefined;
-    claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
-        value?: string | number | boolean | undefined;
-        values?: (string | number | boolean)[] | undefined;
-        essential?: boolean | undefined;
-    } | null>>>> | undefined;
+    max_age?: unknown;
+    claims?: unknown;
     login_hint?: string | undefined;
     ui_locales?: string | undefined;
     id_token_hint?: string | undefined;
     display?: "page" | "popup" | "touch" | "wap" | undefined;
     prompt?: "none" | "login" | "consent" | "select_account" | undefined;
-    authorization_details?: {
-        type: string;
-        locations?: string[] | undefined;
-        actions?: string[] | undefined;
-        datatypes?: string[] | undefined;
-        identifier?: string | undefined;
-        privileges?: string[] | undefined;
-    }[] | undefined;
+    authorization_details?: unknown;
 }>, z.ZodObject<{
     request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
 }, "strip", z.ZodTypeAny, {

package/dist/oauth-authorization-request-parameters.d.ts

@@ -1,5 +1,8 @@
 import { z } from 'zod';
 /**
+ * @note non string parameters will be converted from their string
+ * representation since oauth request parameters are typically sent as URL
+ * encoded form data or URL encoded query string.
  * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
  */
 export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
@@ -13,8 +16,8 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
     dpop_jkt: z.ZodOptional<z.ZodString>;
     response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
     nonce: z.ZodOptional<z.ZodString>;
-    max_age: z.ZodOptional<z.ZodNumber>;
-    claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
+    max_age: z.ZodOptional<z.ZodEffects<z.ZodNumber, number, unknown>>;
+    claims: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
         essential: z.ZodOptional<z.ZodBoolean>;
         value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
         values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
@@ -26,7 +29,11 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
         value?: string | number | boolean | undefined;
         values?: (string | number | boolean)[] | undefined;
         essential?: boolean | undefined;
-    }>]>>>>;
+    }>]>>>, Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
+        value?: string | number | boolean | undefined;
+        values?: (string | number | boolean)[] | undefined;
+        essential?: boolean | undefined;
+    } | null>>>>, unknown>>;
     login_hint: z.ZodOptional<z.ZodString>;
     ui_locales: z.ZodOptional<z.ZodString>;
     id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
@@ -38,7 +45,7 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
      * - "select_account" will force the user to select an account
      */
     prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
-    authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
         type: z.ZodString;
         locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
         actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -59,7 +66,14 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
         datatypes?: string[] | undefined;
         identifier?: string | undefined;
         privileges?: string[] | undefined;
-    }>, "many">>;
+    }>, "many">, {
+        type: string;
+        locations?: `${string}:${string}`[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }[], unknown>>;
 }, "strip", z.ZodTypeAny, {
     client_id: string;
     response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
@@ -101,25 +115,14 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
     code_challenge_method?: "S256" | "plain" | undefined;
     dpop_jkt?: string | undefined;
     response_mode?: "query" | "fragment" | "form_post" | undefined;
-    max_age?: number | undefined;
-    claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
-        value?: string | number | boolean | undefined;
-        values?: (string | number | boolean)[] | undefined;
-        essential?: boolean | undefined;
-    } | null>>>> | undefined;
+    max_age?: unknown;
+    claims?: unknown;
     login_hint?: string | undefined;
     ui_locales?: string | undefined;
     id_token_hint?: string | undefined;
     display?: "page" | "popup" | "touch" | "wap" | undefined;
     prompt?: "none" | "login" | "consent" | "select_account" | undefined;
-    authorization_details?: {
-        type: string;
-        locations?: string[] | undefined;
-        actions?: string[] | undefined;
-        datatypes?: string[] | undefined;
-        identifier?: string | undefined;
-        privileges?: string[] | undefined;
-    }[] | undefined;
+    authorization_details?: unknown;
 }>;
 /**
  * @see {oauthAuthorizationRequestParametersSchema}

package/dist/oauth-authorization-request-parameters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAavB;;GAEG;AACH,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA8DpD;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAKH,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,yCAAyC,CACjD,CAAA"}
+{"version":3,"file":"oauth-authorization-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAcvB;;;;;GAKG;AACH,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAiEpD;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOH,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,yCAAyC,CACjD,CAAA"}

package/dist/oauth-authorization-request-parameters.js

@@ -13,7 +13,11 @@ const oauth_scope_js_1 = require("./oauth-scope.js");
 const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
 const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
 const oidc_entity_type_js_1 = require("./oidc-entity-type.js");
+const util_js_1 = require("./util.js");
 /**
+ * @note non string parameters will be converted from their string
+ * representation since oauth request parameters are typically sent as URL
+ * encoded form data or URL encoded query string.
  * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
  */
 exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
@@ -41,9 +45,9 @@ exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
     // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,
     // the ID Token returned MUST include an auth_time Claim Value. Note that
     // max_age=0 is equivalent to prompt=login.
-    max_age: zod_1.z.number().int().min(0).optional(),
+    max_age: zod_1.z.preprocess(util_js_1.numberPreprocess, zod_1.z.number().int().min(0)).optional(),
     claims: zod_1.z
-        .record(oidc_entity_type_js_1.oidcEntityTypeSchema, zod_1.z.record(oidc_claims_parameter_js_1.oidcClaimsParameterSchema, zod_1.z.union([zod_1.z.literal(null), oidc_claims_properties_js_1.oidcClaimsPropertiesSchema])))
+        .preprocess(util_js_1.jsonObjectPreprocess, zod_1.z.record(oidc_entity_type_js_1.oidcEntityTypeSchema, zod_1.z.record(oidc_claims_parameter_js_1.oidcClaimsParameterSchema, zod_1.z.union([zod_1.z.literal(null), oidc_claims_properties_js_1.oidcClaimsPropertiesSchema]))))
         .optional(),
     // https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter
     // Not supported by this library (yet?)
@@ -65,6 +69,8 @@ exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
      */
     prompt: zod_1.z.enum(['none', 'login', 'consent', 'select_account']).optional(),
     // https://datatracker.ietf.org/doc/html/rfc9396
-    authorization_details: oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema.optional(),
+    authorization_details: zod_1.z
+        .preprocess(util_js_1.jsonObjectPreprocess, oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema)
+        .optional(),
 });
 //# sourceMappingURL=oauth-authorization-request-parameters.js.map

package/dist/oauth-authorization-request-parameters.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAE5D;;GAEG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B;SAClD,OAAO,CAAC,MAAM,CAAC;SACf,QAAQ,EAAE;IAEb,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3C,MAAM,EAAE,OAAC;SACN,MAAM,CACL,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAA"}
+{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B;SAClD,OAAO,CAAC,MAAM,CAAC;SACf,QAAQ,EAAE;IAEb,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,OAAC;SACrB,UAAU,CAAC,8BAAoB,EAAE,gEAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA"}

package/dist/oauth-authorization-request-query.d.ts

@@ -10,8 +10,8 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
     dpop_jkt: z.ZodOptional<z.ZodString>;
     response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
     nonce: z.ZodOptional<z.ZodString>;
-    max_age: z.ZodOptional<z.ZodNumber>;
-    claims: z.ZodOptional<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
+    max_age: z.ZodOptional<z.ZodEffects<z.ZodNumber, number, unknown>>;
+    claims: z.ZodOptional<z.ZodEffects<z.ZodRecord<z.ZodEnum<["userinfo", "id_token"]>, z.ZodRecord<z.ZodEnum<["auth_time", "nonce", "acr", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "gender", "picture", "profile", "website", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "phone_number", "phone_number_verified", "address"]>, z.ZodUnion<[z.ZodLiteral<null>, z.ZodObject<{
         essential: z.ZodOptional<z.ZodBoolean>;
         value: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>;
         values: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>, "many">>;
@@ -23,13 +23,17 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
         value?: string | number | boolean | undefined;
         values?: (string | number | boolean)[] | undefined;
         essential?: boolean | undefined;
-    }>]>>>>;
+    }>]>>>, Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
+        value?: string | number | boolean | undefined;
+        values?: (string | number | boolean)[] | undefined;
+        essential?: boolean | undefined;
+    } | null>>>>, unknown>>;
     login_hint: z.ZodOptional<z.ZodString>;
     ui_locales: z.ZodOptional<z.ZodString>;
     id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
     display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
     prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
-    authorization_details: z.ZodOptional<z.ZodArray<z.ZodObject<{
+    authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
         type: z.ZodString;
         locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
         actions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -50,7 +54,14 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
         datatypes?: string[] | undefined;
         identifier?: string | undefined;
         privileges?: string[] | undefined;
-    }>, "many">>;
+    }>, "many">, {
+        type: string;
+        locations?: `${string}:${string}`[] | undefined;
+        actions?: string[] | undefined;
+        datatypes?: string[] | undefined;
+        identifier?: string | undefined;
+        privileges?: string[] | undefined;
+    }[], unknown>>;
 }, "strip", z.ZodTypeAny, {
     client_id: string;
     response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
@@ -92,25 +103,14 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
     code_challenge_method?: "S256" | "plain" | undefined;
     dpop_jkt?: string | undefined;
     response_mode?: "query" | "fragment" | "form_post" | undefined;
-    max_age?: number | undefined;
-    claims?: Partial<Record<"id_token" | "userinfo", Partial<Record<"email" | "auth_time" | "nonce" | "acr" | "name" | "family_name" | "given_name" | "middle_name" | "nickname" | "preferred_username" | "gender" | "picture" | "profile" | "website" | "birthdate" | "zoneinfo" | "locale" | "updated_at" | "email_verified" | "phone_number" | "phone_number_verified" | "address", {
-        value?: string | number | boolean | undefined;
-        values?: (string | number | boolean)[] | undefined;
-        essential?: boolean | undefined;
-    } | null>>>> | undefined;
+    max_age?: unknown;
+    claims?: unknown;
     login_hint?: string | undefined;
     ui_locales?: string | undefined;
     id_token_hint?: string | undefined;
     display?: "page" | "popup" | "touch" | "wap" | undefined;
     prompt?: "none" | "login" | "consent" | "select_account" | undefined;
-    authorization_details?: {
-        type: string;
-        locations?: string[] | undefined;
-        actions?: string[] | undefined;
-        datatypes?: string[] | undefined;
-        identifier?: string | undefined;
-        privileges?: string[] | undefined;
-    }[] | undefined;
+    authorization_details?: unknown;
 }>, z.ZodObject<{
     request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
 }, "strip", z.ZodTypeAny, {

package/dist/util.d.ts

@@ -4,4 +4,6 @@ export declare function isLoopbackHost(host: unknown): host is LoopbackHost;
 export declare function isLoopbackUrl(input: URL | string): boolean;
 export declare function safeUrl(input: URL | string): URL | null;
 export declare function extractUrlPath(url: any): any;
+export declare const jsonObjectPreprocess: (val: unknown) => any;
+export declare const numberPreprocess: (val: unknown) => unknown;
 //# sourceMappingURL=util.d.ts.map

package/dist/util.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,WAQ5C;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,GAAG,WAAW,GAAG,OAAO,CAAA;AAE9D,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,YAAY,CAElE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,OAAO,CAG1D;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,IAAI,CAMvD;AAED,wBAAgB,cAAc,CAAC,GAAG,KAAA,OAsCjC"}
+{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,WAQ5C;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,GAAG,WAAW,GAAG,OAAO,CAAA;AAE9D,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,YAAY,CAElE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,OAAO,CAG1D;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,IAAI,CAMvD;AAED,wBAAgB,cAAc,CAAC,GAAG,KAAA,OAsCjC;AAED,eAAO,MAAM,oBAAoB,GAAI,KAAK,OAAO,QAUhD,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,KAAK,OAAO,KAAG,OAM/C,CAAA"}

package/dist/util.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.numberPreprocess = exports.jsonObjectPreprocess = void 0;
 exports.isHostnameIP = isHostnameIP;
 exports.isLoopbackHost = isLoopbackHost;
 exports.isLoopbackUrl = isLoopbackUrl;
@@ -59,4 +60,25 @@ function extractUrlPath(url) {
     }
     return url.substring(pathStart, pathEnd);
 }
+const jsonObjectPreprocess = (val) => {
+    if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {
+        try {
+            return JSON.parse(val);
+        }
+        catch {
+            return val;
+        }
+    }
+    return val;
+};
+exports.jsonObjectPreprocess = jsonObjectPreprocess;
+const numberPreprocess = (val) => {
+    if (typeof val === 'string') {
+        const number = Number(val);
+        if (!Number.isNaN(number))
+            return number;
+    }
+    return val;
+};
+exports.numberPreprocess = numberPreprocess;
 //# sourceMappingURL=util.js.map

package/dist/util.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAAA,oCAQC;AAID,wCAEC;AAED,sCAGC;AAED,0BAMC;AAED,wCAsCC;AAnED,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO;IACP,IAAI,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnE,OAAO,KAAK,CAAA;AACd,CAAC;AAID,SAAgB,cAAc,CAAC,IAAa;IAC1C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,OAAO,CAAA;AACzE,CAAC;AAED,SAAgB,aAAa,CAAC,KAAmB;IAC/C,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IAC9D,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;AACrC,CAAC;AAED,SAAgB,OAAO,CAAC,KAAmB;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,GAAG;IAChC,uEAAuE;IACvE,kCAAkC;IAClC,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;YACzB,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,CAAC,CAAC,CAAA;IACR,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEnD,MAAM,WAAW,GACf,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC;QAC7D,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,CAAC,CAAC,CAAA;IAER,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACf,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IAEtC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEhD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAA;IAE5E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;AAC1C,CAAC"}
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;;AAAA,oCAQC;AAID,wCAEC;AAED,sCAGC;AAED,0BAMC;AAED,wCAsCC;AAnED,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO;IACP,IAAI,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnE,OAAO,KAAK,CAAA;AACd,CAAC;AAID,SAAgB,cAAc,CAAC,IAAa;IAC1C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,OAAO,CAAA;AACzE,CAAC;AAED,SAAgB,aAAa,CAAC,KAAmB;IAC/C,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IAC9D,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;AACrC,CAAC;AAED,SAAgB,OAAO,CAAC,KAAmB;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,GAAG;IAChC,uEAAuE;IACvE,kCAAkC;IAClC,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;YACzB,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,CAAC,CAAC,CAAA;IACR,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEnD,MAAM,WAAW,GACf,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC;QAC7D,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,CAAC,CAAC,CAAA;IAER,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACf,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IAEtC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEhD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAA;IAE5E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;AAC1C,CAAC;AAEM,MAAM,oBAAoB,GAAG,CAAC,GAAY,EAAE,EAAE;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAA;QACZ,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AAVY,QAAA,oBAAoB,wBAUhC;AAEM,MAAM,gBAAgB,GAAG,CAAC,GAAY,EAAW,EAAE;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AANY,QAAA,gBAAgB,oBAM5B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-types",
-  "version": "0.2.7",
+  "version": "0.2.8",
   "license": "MIT",
   "description": "OAuth typing & validation library",
   "keywords": [
@@ -26,7 +26,7 @@
   },
   "dependencies": {
     "zod": "^3.23.8",
-    "@atproto/jwk": "0.1.5"
+    "@atproto/jwk": "0.2.0"
   },
   "devDependencies": {
     "typescript": "^5.6.3"

package/src/oauth-authorization-request-parameters.ts

@@ -10,8 +10,12 @@ import { oauthScopeSchema } from './oauth-scope.js'
 import { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'
 import { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'
 import { oidcEntityTypeSchema } from './oidc-entity-type.js'
+import { jsonObjectPreprocess, numberPreprocess } from './util.js'
 
 /**
+ * @note non string parameters will be converted from their string
+ * representation since oauth request parameters are typically sent as URL
+ * encoded form data or URL encoded query string.
  * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
  */
 export const oauthAuthorizationRequestParametersSchema = z.object({
@@ -47,14 +51,17 @@ export const oauthAuthorizationRequestParametersSchema = z.object({
   // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,
   // the ID Token returned MUST include an auth_time Claim Value. Note that
   // max_age=0 is equivalent to prompt=login.
-  max_age: z.number().int().min(0).optional(),
+  max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),
 
   claims: z
-    .record(
-      oidcEntityTypeSchema,
+    .preprocess(
+      jsonObjectPreprocess,
       z.record(
-        oidcClaimsParameterSchema,
-        z.union([z.literal(null), oidcClaimsPropertiesSchema]),
+        oidcEntityTypeSchema,
+        z.record(
+          oidcClaimsParameterSchema,
+          z.union([z.literal(null), oidcClaimsPropertiesSchema]),
+        ),
       ),
     )
     .optional(),
@@ -85,7 +92,9 @@ export const oauthAuthorizationRequestParametersSchema = z.object({
   prompt: z.enum(['none', 'login', 'consent', 'select_account']).optional(),
 
   // https://datatracker.ietf.org/doc/html/rfc9396
-  authorization_details: oauthAuthorizationDetailsSchema.optional(),
+  authorization_details: z
+    .preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)
+    .optional(),
 })
 
 /**

package/src/util.ts

@@ -66,3 +66,23 @@ export function extractUrlPath(url) {
 
   return url.substring(pathStart, pathEnd)
 }
+
+export const jsonObjectPreprocess = (val: unknown) => {
+  if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {
+    try {
+      return JSON.parse(val)
+    } catch {
+      return val
+    }
+  }
+
+  return val
+}
+
+export const numberPreprocess = (val: unknown): unknown => {
+  if (typeof val === 'string') {
+    const number = Number(val)
+    if (!Number.isNaN(number)) return number
+  }
+  return val
+}