@atproto/oauth-types 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. package/CHANGELOG.md +21 -0
  2. package/dist/atproto-loopback-client-id.d.ts +14 -0
  3. package/dist/atproto-loopback-client-id.d.ts.map +1 -0
  4. package/dist/atproto-loopback-client-id.js +43 -0
  5. package/dist/atproto-loopback-client-id.js.map +1 -0
  6. package/dist/atproto-loopback-client-metadata.d.ts +8 -1
  7. package/dist/atproto-loopback-client-metadata.d.ts.map +1 -1
  8. package/dist/atproto-loopback-client-metadata.js +13 -4
  9. package/dist/atproto-loopback-client-metadata.js.map +1 -1
  10. package/dist/atproto-loopback-client-redirect-uris.d.ts +2 -0
  11. package/dist/atproto-loopback-client-redirect-uris.d.ts.map +1 -0
  12. package/dist/atproto-loopback-client-redirect-uris.js +8 -0
  13. package/dist/atproto-loopback-client-redirect-uris.js.map +1 -0
  14. package/dist/atproto-oauth-scope.d.ts +12 -0
  15. package/dist/atproto-oauth-scope.d.ts.map +1 -0
  16. package/dist/atproto-oauth-scope.js +27 -0
  17. package/dist/atproto-oauth-scope.js.map +1 -0
  18. package/dist/atproto-oauth-token-response.d.ts +106 -0
  19. package/dist/atproto-oauth-token-response.d.ts.map +1 -0
  20. package/dist/atproto-oauth-token-response.js +15 -0
  21. package/dist/atproto-oauth-token-response.js.map +1 -0
  22. package/dist/constants.js.map +1 -1
  23. package/dist/index.d.ts +5 -1
  24. package/dist/index.d.ts.map +1 -1
  25. package/dist/index.js +5 -1
  26. package/dist/index.js.map +1 -1
  27. package/dist/oauth-access-token.js.map +1 -1
  28. package/dist/oauth-authorization-code-grant-token-request.js.map +1 -1
  29. package/dist/oauth-authorization-details.js.map +1 -1
  30. package/dist/oauth-authorization-request-jar.js.map +1 -1
  31. package/dist/oauth-authorization-request-par.d.ts +12 -12
  32. package/dist/oauth-authorization-request-par.js.map +1 -1
  33. package/dist/oauth-authorization-request-parameters.d.ts +12 -12
  34. package/dist/oauth-authorization-request-parameters.js.map +1 -1
  35. package/dist/oauth-authorization-request-query.d.ts +12 -12
  36. package/dist/oauth-authorization-request-query.js.map +1 -1
  37. package/dist/oauth-authorization-request-uri.js.map +1 -1
  38. package/dist/oauth-authorization-response-error.js.map +1 -1
  39. package/dist/oauth-authorization-server-metadata.js.map +1 -1
  40. package/dist/oauth-client-credentials-grant-token-request.js.map +1 -1
  41. package/dist/oauth-client-credentials.js.map +1 -1
  42. package/dist/oauth-client-id-discoverable.js.map +1 -1
  43. package/dist/oauth-client-id-loopback.d.ts +24 -8
  44. package/dist/oauth-client-id-loopback.d.ts.map +1 -1
  45. package/dist/oauth-client-id-loopback.js +97 -60
  46. package/dist/oauth-client-id-loopback.js.map +1 -1
  47. package/dist/oauth-client-id.js.map +1 -1
  48. package/dist/oauth-client-metadata.d.ts +160 -1288
  49. package/dist/oauth-client-metadata.d.ts.map +1 -1
  50. package/dist/oauth-client-metadata.js.map +1 -1
  51. package/dist/oauth-code-challenge-method.js.map +1 -1
  52. package/dist/oauth-endpoint-auth-method.js.map +1 -1
  53. package/dist/oauth-endpoint-name.js.map +1 -1
  54. package/dist/oauth-grant-type.js.map +1 -1
  55. package/dist/oauth-introspection-response.js.map +1 -1
  56. package/dist/oauth-issuer-identifier.js.map +1 -1
  57. package/dist/oauth-par-response.d.ts +2 -2
  58. package/dist/oauth-par-response.js.map +1 -1
  59. package/dist/oauth-password-grant-token-request.js.map +1 -1
  60. package/dist/oauth-protected-resource-metadata.js.map +1 -1
  61. package/dist/oauth-redirect-uri.js.map +1 -1
  62. package/dist/oauth-refresh-token-grant-token-request.js.map +1 -1
  63. package/dist/oauth-refresh-token.js.map +1 -1
  64. package/dist/oauth-request-uri.js.map +1 -1
  65. package/dist/oauth-response-mode.js.map +1 -1
  66. package/dist/oauth-response-type.js.map +1 -1
  67. package/dist/oauth-scope.d.ts +5 -3
  68. package/dist/oauth-scope.d.ts.map +1 -1
  69. package/dist/oauth-scope.js +11 -8
  70. package/dist/oauth-scope.js.map +1 -1
  71. package/dist/oauth-token-identification.js.map +1 -1
  72. package/dist/oauth-token-request.js.map +1 -1
  73. package/dist/oauth-token-response.js.map +1 -1
  74. package/dist/oauth-token-type.js.map +1 -1
  75. package/dist/oidc-authorization-error-response.js.map +1 -1
  76. package/dist/oidc-claims-parameter.js.map +1 -1
  77. package/dist/oidc-claims-properties.js.map +1 -1
  78. package/dist/oidc-entity-type.js.map +1 -1
  79. package/dist/oidc-userinfo.js.map +1 -1
  80. package/dist/uri.js +1 -1
  81. package/dist/uri.js.map +1 -1
  82. package/dist/util.d.ts +9 -0
  83. package/dist/util.d.ts.map +1 -1
  84. package/dist/util.js +50 -1
  85. package/dist/util.js.map +1 -1
  86. package/package.json +3 -2
  87. package/src/atproto-loopback-client-id.ts +75 -0
  88. package/src/atproto-loopback-client-metadata.ts +33 -13
  89. package/src/atproto-loopback-client-redirect-uris.ts +4 -0
  90. package/src/atproto-oauth-scope.ts +34 -0
  91. package/src/atproto-oauth-token-response.ts +16 -0
  92. package/src/index.ts +5 -1
  93. package/src/oauth-client-id-loopback.ts +130 -72
  94. package/src/oauth-scope.ts +13 -7
  95. package/src/uri.ts +1 -1
  96. package/src/util.ts +60 -0
  97. package/tsconfig.build.tsbuildinfo +1 -1
package/dist/oauth-authorization-request-parameters.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,4DAA4D;IAC5D,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B,CAAC,QAAQ,EAAE;IAEhE,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,OAAC;SACrB,UAAU,CAAC,8BAAoB,EAAE,gEAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,4DAA4D;IAC5D,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B,CAAC,QAAQ,EAAE;IAEhE,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D;;;;;OAKG;IACH,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEzE,gDAAgD;IAChD,qBAAqB,EAAE,OAAC;SACrB,UAAU,CAAC,8BAAoB,EAAE,gEAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseModeSchema } from './oauth-response-mode.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'\nimport { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'\nimport { oidcEntityTypeSchema } from './oidc-entity-type.js'\nimport { jsonObjectPreprocess, numberPreprocess } from './util.js'\n\n/**\n * @note non string parameters will be converted from their string\n * representation since oauth request parameters are typically sent as URL\n * encoded form data or URL encoded query string.\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}\n */\nexport const oauthAuthorizationRequestParametersSchema = z.object({\n client_id: oauthClientIdSchema,\n state: z.string().optional(),\n redirect_uri: oauthRedirectUriSchema.optional(),\n scope: oauthScopeSchema.optional(),\n response_type: oauthResponseTypeSchema,\n\n // PKCE\n\n // https://datatracker.ietf.org/doc/html/rfc7636#section-4.3\n code_challenge: z.string().optional(),\n code_challenge_method: oauthCodeChallengeMethodSchema.optional(),\n\n // DPOP\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-12.3\n dpop_jkt: z.string().optional(),\n\n // OIDC\n\n // Default depend on response_type\n response_mode: oauthResponseModeSchema.optional(),\n\n nonce: z.string().optional(),\n\n // Specifies the allowable elapsed time in seconds since the last time the\n // End-User was actively authenticated by the OP. If the elapsed time is\n // greater than this value, the OP MUST attempt to actively re-authenticate\n // the End-User. (The max_age request parameter corresponds to the OpenID 2.0\n // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,\n // the ID Token returned MUST include an auth_time Claim Value. Note that\n // max_age=0 is equivalent to prompt=login.\n max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),\n\n claims: z\n .preprocess(\n jsonObjectPreprocess,\n z.record(\n oidcEntityTypeSchema,\n z.record(\n oidcClaimsParameterSchema,\n z.union([z.literal(null), oidcClaimsPropertiesSchema]),\n ),\n ),\n )\n .optional(),\n\n // https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter\n // Not supported by this library (yet?)\n // registration: clientMetadataSchema.optional(),\n\n login_hint: z.string().min(1).optional(),\n\n ui_locales: z\n .string()\n .regex(/^[a-z]{2,3}(-[A-Z]{2})?( [a-z]{2,3}(-[A-Z]{2})?)*$/) // fr-CA fr en\n .optional(),\n\n // Previous ID Token, should be provided when prompt=none is used\n id_token_hint: signedJwtSchema.optional(),\n\n // Type of UI the AS is displayed on\n display: z.enum(['page', 'popup', 'touch', 'wap']).optional(),\n\n /**\n * - \"none\" will only be allowed if the user already allowed the client on the same device\n * - \"login\" will force the user to login again, unless he very recently logged in\n * - \"consent\" will force the user to consent again\n * - \"select_account\" will force the user to select an account\n */\n prompt: z.enum(['none', 'login', 'consent', 'select_account']).optional(),\n\n // https://datatracker.ietf.org/doc/html/rfc9396\n authorization_details: z\n .preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)\n .optional(),\n})\n\n/**\n * @see {oauthAuthorizationRequestParametersSchema}\n */\nexport type OAuthAuthorizationRequestParameters = z.infer<\n typeof oauthAuthorizationRequestParametersSchema\n>\n"]}
package/dist/oauth-authorization-request-query.d.ts CHANGED
@@ -3,7 +3,7 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
3
3
  client_id: z.ZodString;
4
4
  state: z.ZodOptional<z.ZodString>;
5
5
  redirect_uri: z.ZodOptional<z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `https://${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `${string}.${string}:/${string}`, string>]>>;
6
- scope: z.ZodOptional<z.ZodString>;
6
+ scope: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
7
7
  response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
8
8
  code_challenge: z.ZodOptional<z.ZodString>;
9
9
  code_challenge_method: z.ZodOptional<z.ZodEnum<["S256", "plain"]>>;
@@ -65,8 +65,16 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
65
65
  }, "strip", z.ZodTypeAny, {
66
66
  client_id: string;
67
67
  response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
68
- redirect_uri?: `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}` | undefined;
69
68
  scope?: string | undefined;
69
+ redirect_uri?: `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}` | undefined;
70
+ authorization_details?: {
71
+ type: string;
72
+ locations?: `${string}:${string}`[] | undefined;
73
+ actions?: string[] | undefined;
74
+ datatypes?: string[] | undefined;
75
+ identifier?: string | undefined;
76
+ privileges?: string[] | undefined;
77
+ }[] | undefined;
70
78
  nonce?: string | undefined;
71
79
  state?: string | undefined;
72
80
  code_challenge?: string | undefined;
@@ -84,19 +92,12 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
84
92
  id_token_hint?: `${string}.${string}.${string}` | undefined;
85
93
  display?: "page" | "popup" | "touch" | "wap" | undefined;
86
94
  prompt?: "none" | "login" | "consent" | "select_account" | undefined;
87
- authorization_details?: {
88
- type: string;
89
- locations?: `${string}:${string}`[] | undefined;
90
- actions?: string[] | undefined;
91
- datatypes?: string[] | undefined;
92
- identifier?: string | undefined;
93
- privileges?: string[] | undefined;
94
- }[] | undefined;
95
95
  }, {
96
96
  client_id: string;
97
97
  response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
98
- redirect_uri?: string | undefined;
99
98
  scope?: string | undefined;
99
+ redirect_uri?: string | undefined;
100
+ authorization_details?: unknown;
100
101
  nonce?: string | undefined;
101
102
  state?: string | undefined;
102
103
  code_challenge?: string | undefined;
@@ -110,7 +111,6 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
110
111
  id_token_hint?: string | undefined;
111
112
  display?: "page" | "popup" | "touch" | "wap" | undefined;
112
113
  prompt?: "none" | "login" | "consent" | "select_account" | undefined;
113
- authorization_details?: unknown;
114
114
  }>, z.ZodObject<{
115
115
  request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
116
116
  }, "strip", z.ZodTypeAny, {
package/dist/oauth-authorization-request-query.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authorization-request-query.js","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6FAAyF;AACzF,2GAAuG;AACvG,6FAAyF;AAE5E,QAAA,oCAAoC,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1D,qFAAyC;IACzC,uEAAkC;IAClC,uEAAkC;CACnC,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-authorization-request-query.js","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6FAAyF;AACzF,2GAAuG;AACvG,6FAAyF;AAE5E,QAAA,oCAAoC,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1D,qFAAyC;IACzC,uEAAkC;IAClC,uEAAkC;CACnC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js'\nimport { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js'\nimport { oauthAuthorizationRequestUriSchema } from './oauth-authorization-request-uri.js'\n\nexport const oauthAuthorizationRequestQuerySchema = z.union([\n oauthAuthorizationRequestParametersSchema,\n oauthAuthorizationRequestJarSchema,\n oauthAuthorizationRequestUriSchema,\n])\n\nexport type OAuthAuthorizationRequestQuery = z.infer<\n typeof oauthAuthorizationRequestQuerySchema\n>\n"]}
package/dist/oauth-authorization-request-uri.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authorization-request-uri.js","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,iEAA8D;AAEjD,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,WAAW,EAAE,4CAAqB;CACnC,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-authorization-request-uri.js","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,iEAA8D;AAEjD,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,WAAW,EAAE,4CAAqB;CACnC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthRequestUriSchema } from './oauth-request-uri.js'\n\nexport const oauthAuthorizationRequestUriSchema = z.object({\n request_uri: oauthRequestUriSchema,\n})\n\nexport type OAuthAuthorizationRequestUri = z.infer<\n typeof oauthAuthorizationRequestUriSchema\n>\n"]}
package/dist/oauth-authorization-response-error.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authorization-response-error.js","sourceRoot":"","sources":["../src/oauth-authorization-response-error.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;GAEG;AACU,QAAA,qCAAqC,GAAG,OAAC,CAAC,IAAI,CAAC;IAC1D,oJAAoJ;IACpJ,iBAAiB;IACjB,mFAAmF;IACnF,qBAAqB;IACrB,iEAAiE;IACjE,eAAe;IACf,+FAA+F;IAC/F,2BAA2B;IAC3B,yDAAyD;IACzD,eAAe;IACf,sPAAsP;IACtP,cAAc;IACd,wQAAwQ;IACxQ,yBAAyB;CAC1B,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-authorization-response-error.js","sourceRoot":"","sources":["../src/oauth-authorization-response-error.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;GAEG;AACU,QAAA,qCAAqC,GAAG,OAAC,CAAC,IAAI,CAAC;IAC1D,oJAAoJ;IACpJ,iBAAiB;IACjB,mFAAmF;IACnF,qBAAqB;IACrB,iEAAiE;IACjE,eAAe;IACf,+FAA+F;IAC/F,2BAA2B;IAC3B,yDAAyD;IACzD,eAAe;IACf,sPAAsP;IACtP,cAAc;IACd,wQAAwQ;IACxQ,yBAAyB;CAC1B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#name-error-response-2}\n */\nexport const oauthAuthorizationResponseErrorSchema = z.enum([\n // The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.\n 'invalid_request',\n // The client is not authorized to request an authorization code using this method.\n 'unauthorized_client',\n // The resource owner or authorization server denied the request.\n 'access_denied',\n // The authorization server does not support obtaining an authorization code using this method.\n 'unsupported_response_type',\n // The requested scope is invalid, unknown, or malformed.\n 'invalid_scope',\n // The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)\n 'server_error',\n // The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)\n 'temporarily_unavailable',\n])\n\nexport type OAuthAuthorizationResponseError = z.infer<\n typeof oauthAuthorizationResponseErrorSchema\n>\n"]}
package/dist/oauth-authorization-server-metadata.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qFAAiF;AACjF,6EAA0E;AAC1E,qCAAuC;AAEvC;;;;;GAKG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,qBAAY,EAAE,eAAe;IAErD,cAAc,EAAE,qBAAY,EAAE,eAAe;IAC7C,wDAAwD;IACxD,qCAAqC,EAAE,OAAC;SACrC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAClB,4DAA4D;SAC3D,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wFAAwF;IACxF,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,kIAAkI;IAClI,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC,EACvE,CAAC;QACD,2EAA2E;QAC3E,uCAAuC;QACvC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qFAAiF;AACjF,6EAA0E;AAC1E,qCAAuC;AAEvC;;;;;GAKG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,qBAAY,EAAE,eAAe;IAErD,cAAc,EAAE,qBAAY,EAAE,eAAe;IAC7C,wDAAwD;IACxD,qCAAqC,EAAE,OAAC;SACrC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAClB,4DAA4D;SAC3D,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wFAAwF;IACxF,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,kIAAkI;IAClI,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC,EACvE,CAAC;QACD,2EAA2E;QAC3E,uCAAuC;QACvC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthAuthorizationServerMetadataSchema = z.object({\n issuer: oauthIssuerIdentifierSchema,\n\n claims_supported: z.array(z.string()).optional(),\n claims_locales_supported: z.array(z.string()).optional(),\n claims_parameter_supported: z.boolean().optional(),\n request_parameter_supported: z.boolean().optional(),\n request_uri_parameter_supported: z.boolean().optional(),\n require_request_uri_registration: z.boolean().optional(),\n scopes_supported: z.array(z.string()).optional(),\n subject_types_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()).optional(),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n code_challenge_methods_supported: z\n .array(oauthCodeChallengeMethodSchema)\n .min(1)\n .optional(),\n ui_locales_supported: z.array(z.string()).optional(),\n id_token_signing_alg_values_supported: z.array(z.string()).optional(),\n display_values_supported: z.array(z.string()).optional(),\n request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n authorization_response_iss_parameter_supported: z.boolean().optional(),\n authorization_details_types_supported: z.array(z.string()).optional(),\n request_object_encryption_alg_values_supported: z\n .array(z.string())\n .optional(),\n request_object_encryption_enc_values_supported: z\n .array(z.string())\n .optional(),\n\n jwks_uri: webUriSchema.optional(),\n\n authorization_endpoint: webUriSchema, // .optional(),\n\n token_endpoint: webUriSchema, // .optional(),\n // https://www.rfc-editor.org/rfc/rfc8414.html#section-2\n token_endpoint_auth_methods_supported: z\n .array(z.string())\n // > If omitted, the default is \"client_secret_basic\" [...].\n .default(['client_secret_basic']),\n token_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n\n revocation_endpoint: webUriSchema.optional(),\n introspection_endpoint: webUriSchema.optional(),\n pushed_authorization_request_endpoint: webUriSchema.optional(),\n\n require_pushed_authorization_requests: z.boolean().optional(),\n\n userinfo_endpoint: webUriSchema.optional(),\n end_session_endpoint: webUriSchema.optional(),\n registration_endpoint: webUriSchema.optional(),\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1\n dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n\n // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-05#section-4\n protected_resources: z.array(webUriSchema).optional(),\n\n // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html\n client_id_metadata_document_supported: z.boolean().optional(),\n})\n\nexport type OAuthAuthorizationServerMetadata = z.infer<\n typeof oauthAuthorizationServerMetadataSchema\n>\n\nexport const oauthAuthorizationServerMetadataValidator =\n oauthAuthorizationServerMetadataSchema\n .superRefine((data, ctx) => {\n if (\n data.require_pushed_authorization_requests &&\n !data.pushed_authorization_request_endpoint\n ) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message:\n '\"pushed_authorization_request_endpoint\" required when \"require_pushed_authorization_requests\" is true',\n })\n }\n })\n .superRefine((data, ctx) => {\n if (data.response_types_supported) {\n if (!data.response_types_supported.includes('code')) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Response type \"code\" is required',\n })\n }\n }\n })\n .superRefine((data, ctx) => {\n if (\n data.token_endpoint_auth_signing_alg_values_supported?.includes('none')\n ) {\n // https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3\n // > The value `none` MUST NOT be used.\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Client authentication method \"none\" is not allowed',\n })\n }\n })\n"]}
package/dist/oauth-client-credentials-grant-token-request.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client-credentials-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,6CAA6C,GAAG,OAAC,CAAC,MAAM,CAAC;IACpE,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;CAC5C,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-client-credentials-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,6CAA6C,GAAG,OAAC,CAAC,MAAM,CAAC;IACpE,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;CAC5C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthClientCredentialsGrantTokenRequestSchema = z.object({\n grant_type: z.literal('client_credentials'),\n})\n\nexport type OAuthClientCredentialsGrantTokenRequest = z.infer<\n typeof oauthClientCredentialsGrantTokenRequestSchema\n>\n"]}
package/dist/oauth-client-credentials.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,iDAAiE;AACjE,6DAA0D;AAE7C,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;AAMW,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,wCAAmB;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAMW,QAAA,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IACvD,SAAS,EAAE,wCAAmB;CAC/B,CAAC,CAAA;AAMF,EAAE;AAEW,QAAA,4BAA4B,GAAG,OAAC,CAAC,KAAK,CAAC;IAClD,6CAAqC;IACrC,8CAAsC;IACtC,yCAAyC;IACzC,wCAAgC;CACjC,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,iDAAiE;AACjE,6DAA0D;AAE7C,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;AAMW,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,wCAAmB;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAMW,QAAA,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IACvD,SAAS,EAAE,wCAAmB;CAC/B,CAAC,CAAA;AAMF,EAAE;AAEW,QAAA,4BAA4B,GAAG,OAAC,CAAC,KAAK,CAAC;IAClD,6CAAqC;IACrC,8CAAsC;IACtC,yCAAyC;IACzC,wCAAgC;CACjC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { CLIENT_ASSERTION_TYPE_JWT_BEARER } from './constants.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\n\nexport const oauthClientCredentialsJwtBearerSchema = z.object({\n client_id: oauthClientIdSchema,\n client_assertion_type: z.literal(CLIENT_ASSERTION_TYPE_JWT_BEARER),\n /**\n * - \"sub\" the subject MUST be the \"client_id\" of the OAuth client\n * - \"iat\" is required and MUST be less than one minute\n * - \"aud\" must containing a value that identifies the authorization server\n * - The JWT MAY contain a \"jti\" (JWT ID) claim that provides a unique identifier for the token.\n * - Note that the authorization server may reject JWTs with an \"exp\" claim value that is unreasonably far in the future.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}\n */\n client_assertion: signedJwtSchema,\n})\n\nexport type OAuthClientCredentialsJwtBearer = z.infer<\n typeof oauthClientCredentialsJwtBearerSchema\n>\n\nexport const oauthClientCredentialsSecretPostSchema = z.object({\n client_id: oauthClientIdSchema,\n client_secret: z.string(),\n})\n\nexport type OAuthClientCredentialsSecretPost = z.infer<\n typeof oauthClientCredentialsSecretPostSchema\n>\n\nexport const oauthClientCredentialsNoneSchema = z.object({\n client_id: oauthClientIdSchema,\n})\n\nexport type OAuthClientCredentialsNone = z.infer<\n typeof oauthClientCredentialsNoneSchema\n>\n\n//\n\nexport const oauthClientCredentialsSchema = z.union([\n oauthClientCredentialsJwtBearerSchema,\n oauthClientCredentialsSecretPostSchema,\n // Must be last since it is less specific\n oauthClientCredentialsNoneSchema,\n])\n\nexport type OAuthClientCredentials = z.infer<\n typeof oauthClientCredentialsSchema\n>\n"]}
package/dist/oauth-client-id-discoverable.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;AAwEA,kEAIC;AAuCD,kEAIC;AAED,0EAIC;AAED,wEAEC;AAjID,6BAA+B;AAC/B,6DAA0D;AAC1D,qCAAyC;AACzC,uCAAwD;AAExD;;GAEG;AACU,QAAA,+BAA+B,GAAG,OAAC;KAC7C,YAAY,CAAC,wCAAmB,EAAE,uBAAc,CAAC;KACjD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAA0C,EAAE;IAClE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uEAAuE;SAC1E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,IAAA,wBAAc,EAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,wCAAwC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI;SAC9E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAC,CAAA;AAMJ,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAEY,QAAA,+BAA+B,GAC1C,uCAA+B,CAAC,WAAW,CACzC,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACf,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,6BAA6B,EAAE,CAAC;QACnD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAMH,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAED,SAAgB,+BAA+B,CAC7C,KAAa;IAEb,KAAK,uCAA+B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AACnD,CAAC;AAED,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,OAAO,IAAI,GAAG,CAAC,uCAA+B,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;AACjE,CAAC"}
1
+ {"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;AAwEA,kEAIC;AAuCD,kEAIC;AAED,0EAIC;AAED,wEAEC;AAjID,6BAA+B;AAC/B,6DAA0D;AAC1D,qCAAyC;AACzC,uCAAwD;AAExD;;GAEG;AACU,QAAA,+BAA+B,GAAG,OAAC;KAC7C,YAAY,CAAC,wCAAmB,EAAE,uBAAc,CAAC;KACjD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAA0C,EAAE;IAClE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uEAAuE;SAC1E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,IAAA,wBAAc,EAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,wCAAwC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI;SAC9E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAC,CAAA;AAMJ,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAEY,QAAA,+BAA+B,GAC1C,uCAA+B,CAAC,WAAW,CACzC,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACf,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,6BAA6B,EAAE,CAAC;QACnD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAMH,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAED,SAAgB,+BAA+B,CAC7C,KAAa;IAEb,KAAK,uCAA+B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AACnD,CAAC;AAED,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,OAAO,IAAI,GAAG,CAAC,uCAA+B,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;AACjE,CAAC","sourcesContent":["import { TypeOf, z } from 'zod'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { httpsUriSchema } from './uri.js'\nimport { extractUrlPath, isHostnameIP } from './util.js'\n\n/**\n * @see {@link https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html}\n */\nexport const oauthClientIdDiscoverableSchema = z\n .intersection(oauthClientIdSchema, httpsUriSchema)\n .superRefine((value, ctx): value is `https://${string}/${string}` => {\n const url = new URL(value)\n\n if (url.username || url.password) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID must not contain credentials',\n })\n return false\n }\n\n if (url.hash) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID must not contain a fragment',\n })\n return false\n }\n\n if (url.pathname === '/') {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message:\n 'ClientID must contain a path component (e.g. \"/client-metadata.json\")',\n })\n return false\n }\n\n if (url.pathname.endsWith('/')) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID path must not end with a trailing slash',\n })\n return false\n }\n\n if (isHostnameIP(url.hostname)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID hostname must not be an IP address',\n })\n return false\n }\n\n // URL constructor normalizes the URL, so we extract the path manually to\n // avoid normalization, then compare it to the normalized path to ensure\n // that the URL does not contain path traversal or other unexpected characters\n if (extractUrlPath(value) !== url.pathname) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `ClientID must be in canonical form (\"${url.href}\", got \"${value}\")`,\n })\n return false\n }\n\n return true\n })\n\nexport type OAuthClientIdDiscoverable = TypeOf<\n typeof oauthClientIdDiscoverableSchema\n>\n\nexport function isOAuthClientIdDiscoverable(\n clientId: string,\n): clientId is OAuthClientIdDiscoverable {\n return oauthClientIdDiscoverableSchema.safeParse(clientId).success\n}\n\nexport const conventionalOAuthClientIdSchema =\n oauthClientIdDiscoverableSchema.superRefine(\n (value, ctx): value is `https://${string}/oauth-client-metadata.json` => {\n const url = new URL(value)\n\n if (url.port) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID must not contain a port',\n })\n return false\n }\n\n if (url.search) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID must not contain a query string',\n })\n return false\n }\n\n if (url.pathname !== '/oauth-client-metadata.json') {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'ClientID must be \"/oauth-client-metadata.json\"',\n })\n return false\n }\n\n return true\n },\n )\n\nexport type ConventionalOAuthClientId = TypeOf<\n typeof conventionalOAuthClientIdSchema\n>\n\nexport function isConventionalOAuthClientId(\n clientId: string,\n): clientId is ConventionalOAuthClientId {\n return conventionalOAuthClientIdSchema.safeParse(clientId).success\n}\n\nexport function assertOAuthDiscoverableClientId(\n value: string,\n): asserts value is OAuthClientIdDiscoverable {\n void oauthClientIdDiscoverableSchema.parse(value)\n}\n\nexport function parseOAuthDiscoverableClientId(clientId: string): URL {\n return new URL(oauthClientIdDiscoverableSchema.parse(clientId))\n}\n"]}
package/dist/oauth-client-id-loopback.d.ts CHANGED
@@ -1,12 +1,28 @@
1
- import { TypeOf } from 'zod';
2
- import { OAuthRedirectUri } from './oauth-redirect-uri.js';
1
+ import { OAuthLoopbackRedirectURI } from './oauth-redirect-uri.js';
3
2
  import { OAuthScope } from './oauth-scope.js';
4
- export declare const oauthClientIdLoopbackSchema: import("zod").ZodEffects<import("zod").ZodString, "http://localhost" | `http://localhost?${string}` | "http://localhost/" | `http://localhost/?${string}`, string>;
5
- export type OAuthClientIdLoopback = TypeOf<typeof oauthClientIdLoopbackSchema>;
6
- export declare function isOAuthClientIdLoopback(clientId: string): clientId is OAuthClientIdLoopback;
7
- export declare function assertOAuthLoopbackClientId(clientId: string): asserts clientId is OAuthClientIdLoopback;
8
- export declare function parseOAuthLoopbackClientId(clientId: string): {
3
+ export declare const LOOPBACK_CLIENT_ID_ORIGIN = "http://localhost";
4
+ export type OAuthClientIdLoopback = `http://localhost${'' | `/`}${'' | `?${string}`}`;
5
+ export type OAuthLoopbackClientIdParams = {
9
6
  scope?: OAuthScope;
10
- redirect_uris?: [OAuthRedirectUri, ...OAuthRedirectUri[]];
7
+ redirect_uris?: [OAuthLoopbackRedirectURI, ...OAuthLoopbackRedirectURI[]];
8
+ };
9
+ export declare const oauthClientIdLoopbackSchema: import("zod").ZodEffects<import("zod").ZodString, "http://localhost" | `http://localhost?${string}` | "http://localhost/" | `http://localhost/?${string}`, string>;
10
+ export declare function assertOAuthLoopbackClientId(input: string): asserts input is OAuthClientIdLoopback;
11
+ export declare function isOAuthClientIdLoopback<T extends string>(input: T): input is T & OAuthClientIdLoopback;
12
+ export declare function asOAuthClientIdLoopback<T extends string>(input: T): (T & "http://localhost") | (T & `http://localhost?${string}`) | (T & "http://localhost/") | (T & `http://localhost/?${string}`);
13
+ export declare function parseOAuthLoopbackClientId(input: string): OAuthLoopbackClientIdParams;
14
+ /**
15
+ * Similar to Zod's {@link SafeParseReturnType} but uses a simple "message"
16
+ * string instead of an "error" Error object.
17
+ */
18
+ type LightParseReturnType<T> = {
19
+ success: true;
20
+ value: T;
21
+ } | {
22
+ success: false;
23
+ message: string;
11
24
  };
25
+ export declare function safeParseOAuthLoopbackClientId(input: string): LightParseReturnType<OAuthLoopbackClientIdParams>;
26
+ export declare function safeParseOAuthLoopbackClientIdQueryString(input: string | Iterable<[key: string, value: string]>): LightParseReturnType<OAuthLoopbackClientIdParams>;
27
+ export {};
12
28
  //# sourceMappingURL=oauth-client-id-loopback.d.ts.map
package/dist/oauth-client-id-loopback.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,MAAM,KAAK,CAAA;AAE1C,OAAO,EAEL,gBAAgB,EAEjB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAA;AAI/D,eAAO,MAAM,2BAA2B,oKAgBvC,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG,MAAM,CAAC,OAAO,2BAA2B,CAAC,CAAA;AAE9E,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,qBAAqB,CAOnC;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,QAAQ,IAAI,qBAAqB,CAE3C;AAID,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG;IAC5D,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,aAAa,CAAC,EAAE,CAAC,gBAAgB,EAAE,GAAG,gBAAgB,EAAE,CAAC,CAAA;CAC1D,CAoDA"}
1
+ {"version":3,"file":"oauth-client-id-loopback.d.ts","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AACA,OAAO,EACL,wBAAwB,EAEzB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAA;AAE/D,eAAO,MAAM,yBAAyB,qBAAqB,CAAA;AAS3D,MAAM,MAAM,qBAAqB,GAC/B,mBAAmB,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,EAAE,CAAA;AAEnD,MAAM,MAAM,2BAA2B,GAAG;IACxC,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,aAAa,CAAC,EAAE,CAAC,wBAAwB,EAAE,GAAG,wBAAwB,EAAE,CAAC,CAAA;CAC1E,CAAA;AAED,eAAO,MAAM,2BAA2B,oKAQvC,CAAA;AAED,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,KAAK,IAAI,qBAAqB,CAExC;AAED,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,MAAM,EACtD,KAAK,EAAE,CAAC,GACP,KAAK,IAAI,CAAC,GAAG,qBAAqB,CAEpC;AAED,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,MAAM,EAAE,KAAK,EAAE,CAAC,mIAGjE;AAED,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,MAAM,GACZ,2BAA2B,CAK7B;AAED;;;GAGG;AACH,KAAK,oBAAoB,CAAC,CAAC,IACvB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,CAAC,CAAA;CAAE,GAC3B;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAA;AAEvC,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,MAAM,GACZ,oBAAoB,CAAC,2BAA2B,CAAC,CAyCnD;AAED,wBAAgB,yCAAyC,CACvD,KAAK,EAAE,MAAM,GAAG,QAAQ,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,GACrD,oBAAoB,CAAC,2BAA2B,CAAC,CAgDnD"}
package/dist/oauth-client-id-loopback.js CHANGED
@@ -1,82 +1,119 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.oauthClientIdLoopbackSchema = void 0;
4
- exports.isOAuthClientIdLoopback = isOAuthClientIdLoopback;
3
+ exports.oauthClientIdLoopbackSchema = exports.LOOPBACK_CLIENT_ID_ORIGIN = void 0;
5
4
  exports.assertOAuthLoopbackClientId = assertOAuthLoopbackClientId;
5
+ exports.isOAuthClientIdLoopback = isOAuthClientIdLoopback;
6
+ exports.asOAuthClientIdLoopback = asOAuthClientIdLoopback;
6
7
  exports.parseOAuthLoopbackClientId = parseOAuthLoopbackClientId;
7
- const zod_1 = require("zod");
8
+ exports.safeParseOAuthLoopbackClientId = safeParseOAuthLoopbackClientId;
9
+ exports.safeParseOAuthLoopbackClientIdQueryString = safeParseOAuthLoopbackClientIdQueryString;
8
10
  const oauth_client_id_js_1 = require("./oauth-client-id.js");
9
11
  const oauth_redirect_uri_js_1 = require("./oauth-redirect-uri.js");
10
12
  const oauth_scope_js_1 = require("./oauth-scope.js");
11
- const PREFIX = 'http://localhost';
12
- exports.oauthClientIdLoopbackSchema = oauth_client_id_js_1.oauthClientIdSchema.superRefine((value, ctx) => {
13
- try {
14
- assertOAuthLoopbackClientId(value);
15
- return true;
16
- }
17
- catch (error) {
18
- ctx.addIssue({
19
- code: zod_1.ZodIssueCode.custom,
20
- message: error instanceof TypeError
21
- ? error.message
22
- : 'Invalid loopback client ID',
23
- });
24
- return false;
13
+ exports.LOOPBACK_CLIENT_ID_ORIGIN = 'http://localhost';
14
+ exports.oauthClientIdLoopbackSchema = oauth_client_id_js_1.oauthClientIdSchema.superRefine((input, ctx) => {
15
+ const result = safeParseOAuthLoopbackClientId(input);
16
+ if (!result.success) {
17
+ ctx.addIssue({ code: 'custom', message: result.message });
25
18
  }
19
+ return result.success;
26
20
  });
27
- function isOAuthClientIdLoopback(clientId) {
28
- try {
29
- parseOAuthLoopbackClientId(clientId);
30
- return true;
31
- }
32
- catch {
33
- return false;
34
- }
21
+ function assertOAuthLoopbackClientId(input) {
22
+ void parseOAuthLoopbackClientId(input);
35
23
  }
36
- function assertOAuthLoopbackClientId(clientId) {
37
- void parseOAuthLoopbackClientId(clientId);
24
+ function isOAuthClientIdLoopback(input) {
25
+ return safeParseOAuthLoopbackClientId(input).success;
38
26
  }
39
- // @TODO should we turn this into a zod schema? (more coherent error with other
40
- // validation functions)
41
- function parseOAuthLoopbackClientId(clientId) {
42
- if (!clientId.startsWith(PREFIX)) {
43
- throw new TypeError(`Loopback ClientID must start with "${PREFIX}"`);
44
- }
45
- else if (clientId.includes('#', PREFIX.length)) {
46
- throw new TypeError('Loopback ClientID must not contain a hash component');
27
+ function asOAuthClientIdLoopback(input) {
28
+ assertOAuthLoopbackClientId(input);
29
+ return input;
30
+ }
31
+ function parseOAuthLoopbackClientId(input) {
32
+ const result = safeParseOAuthLoopbackClientId(input);
33
+ if (result.success)
34
+ return result.value;
35
+ throw new TypeError(`Invalid loopback client ID: ${result.message}`);
36
+ }
37
+ function safeParseOAuthLoopbackClientId(input) {
38
+ // @NOTE Not using "new URL" to ensure input indeed matches the type
39
+ // OAuthClientIdLoopback
40
+ if (!input.startsWith(exports.LOOPBACK_CLIENT_ID_ORIGIN)) {
41
+ return {
42
+ success: false,
43
+ message: `Value must start with "${exports.LOOPBACK_CLIENT_ID_ORIGIN}"`,
44
+ };
47
45
  }
48
- const queryStringIdx = clientId.length > PREFIX.length && clientId[PREFIX.length] === '/'
49
- ? PREFIX.length + 1
50
- : PREFIX.length;
51
- if (clientId.length === queryStringIdx) {
52
- return {}; // no query string to parse
46
+ if (input.includes('#', exports.LOOPBACK_CLIENT_ID_ORIGIN.length)) {
47
+ return {
48
+ success: false,
49
+ message: 'Value must not contain a hash component',
50
+ };
53
51
  }
54
- if (clientId[queryStringIdx] !== '?') {
55
- throw new TypeError('Loopback ClientID must not contain a path component');
52
+ // Since we don't allow a path component (except for a single "/") the query
53
+ // string starts after the origin (+ 1 if there is a "/")
54
+ const queryStringIdx = input.length > exports.LOOPBACK_CLIENT_ID_ORIGIN.length &&
55
+ input.charCodeAt(exports.LOOPBACK_CLIENT_ID_ORIGIN.length) === 0x2f /* '/' */
56
+ ? exports.LOOPBACK_CLIENT_ID_ORIGIN.length + 1
57
+ : exports.LOOPBACK_CLIENT_ID_ORIGIN.length;
58
+ // Since we determined the position of the query string based on the origin
59
+ // length (instead of looking for a "?"), we need to make sure the query
60
+ // string position (if any) indeed starts with a "?".
61
+ if (input.length !== queryStringIdx &&
62
+ input.charCodeAt(queryStringIdx) !== 0x3f /* '?' */) {
63
+ return {
64
+ success: false,
65
+ message: 'Value must not contain a path component',
66
+ };
56
67
  }
57
- const searchParams = new URLSearchParams(clientId.slice(queryStringIdx + 1));
58
- for (const name of searchParams.keys()) {
59
- if (name !== 'redirect_uri' && name !== 'scope') {
60
- throw new TypeError(`Invalid query parameter "${name}" in client ID`);
68
+ const queryString = input.slice(queryStringIdx + 1);
69
+ return safeParseOAuthLoopbackClientIdQueryString(queryString);
70
+ }
71
+ function safeParseOAuthLoopbackClientIdQueryString(input) {
72
+ // Parse query params
73
+ const params = {};
74
+ const it = typeof input === 'string' ? new URLSearchParams(input) : input;
75
+ for (const [key, value] of it) {
76
+ if (key === 'scope') {
77
+ if ('scope' in params) {
78
+ return {
79
+ success: false,
80
+ message: 'Duplicate "scope" query parameter',
81
+ };
82
+ }
83
+ const res = oauth_scope_js_1.oauthScopeSchema.safeParse(value);
84
+ if (!res.success) {
85
+ const reason = res.error.issues.map((i) => i.message).join(', ');
86
+ return {
87
+ success: false,
88
+ message: `Invalid "scope" query parameter: ${reason || 'Validation failed'}`,
89
+ };
90
+ }
91
+ params.scope = res.data;
61
92
  }
62
- }
63
- const scope = searchParams.get('scope') ?? undefined;
64
- if (scope != null) {
65
- if (searchParams.getAll('scope').length > 1) {
66
- throw new TypeError('Loopback ClientID must contain at most one scope query parameter');
93
+ else if (key === 'redirect_uri') {
94
+ const res = oauth_redirect_uri_js_1.oauthLoopbackRedirectURISchema.safeParse(value);
95
+ if (!res.success) {
96
+ const reason = res.error.issues.map((i) => i.message).join(', ');
97
+ return {
98
+ success: false,
99
+ message: `Invalid "redirect_uri" query parameter: ${reason || 'Validation failed'}`,
100
+ };
101
+ }
102
+ if (params.redirect_uris == null)
103
+ params.redirect_uris = [res.data];
104
+ else
105
+ params.redirect_uris.push(res.data);
67
106
  }
68
- else if (!oauth_scope_js_1.oauthScopeSchema.safeParse(scope).success) {
69
- throw new TypeError('Invalid scope query parameter in client ID');
107
+ else {
108
+ return {
109
+ success: false,
110
+ message: `Unexpected query parameter "${key}"`,
111
+ };
70
112
  }
71
113
  }
72
- const redirect_uris = searchParams.has('redirect_uri')
73
- ? searchParams
74
- .getAll('redirect_uri')
75
- .map((value) => oauth_redirect_uri_js_1.oauthLoopbackRedirectURISchema.parse(value))
76
- : undefined;
77
114
  return {
78
- scope,
79
- redirect_uris,
115
+ success: true,
116
+ value: params,
80
117
  };
81
118
  }
82
119
  //# sourceMappingURL=oauth-client-id-loopback.js.map
package/dist/oauth-client-id-loopback.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client-id-loopback.js","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":";;;AA+BA,0DASC;AAED,kEAIC;AAID,gEAuDC;AAzGD,6BAA0C;AAC1C,6DAA0D;AAC1D,mEAIgC;AAChC,qDAA+D;AAE/D,MAAM,MAAM,GAAG,kBAAkB,CAAA;AAEpB,QAAA,2BAA2B,GAAG,wCAAmB,CAAC,WAAW,CACxE,CAAC,KAAK,EAAE,GAAG,EAA8D,EAAE;IACzE,IAAI,CAAC;QACH,2BAA2B,CAAC,KAAK,CAAC,CAAA;QAClC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,KAAK,YAAY,SAAS;gBACxB,CAAC,CAAC,KAAK,CAAC,OAAO;gBACf,CAAC,CAAC,4BAA4B;SACnC,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC,CACF,CAAA;AAID,SAAgB,uBAAuB,CACrC,QAAgB;IAEhB,IAAI,CAAC;QACH,0BAA0B,CAAC,QAAQ,CAAC,CAAA;QACpC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,KAAK,0BAA0B,CAAC,QAAQ,CAAC,CAAA;AAC3C,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,SAAgB,0BAA0B,CAAC,QAAgB;IAIzD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,sCAAsC,MAAM,GAAG,CAAC,CAAA;IACtE,CAAC;SAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CAAC,qDAAqD,CAAC,CAAA;IAC5E,CAAC;IAED,MAAM,cAAc,GAClB,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,GAAG;QAChE,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QACnB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAA;IAEnB,IAAI,QAAQ,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACvC,OAAO,EAAE,CAAA,CAAC,2BAA2B;IACvC,CAAC;IAED,IAAI,QAAQ,CAAC,cAAc,CAAC,KAAK,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,SAAS,CAAC,qDAAqD,CAAC,CAAA;IAC5E,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAA;IAE5E,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YAChD,MAAM,IAAI,SAAS,CAAC,4BAA4B,IAAI,gBAAgB,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAA;IACpD,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,SAAS,CACjB,kEAAkE,CACnE,CAAA;QACH,CAAC;aAAM,IAAI,CAAC,iCAAgB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;YACtD,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAA;QACnE,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC;QACpD,CAAC,CAAE,YAAY;aACV,MAAM,CAAC,cAAc,CAAC;aACtB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,sDAA8B,CAAC,KAAK,CAAC,KAAK,CAAC,CAG3D;QACJ,CAAC,CAAC,SAAS,CAAA;IAEb,OAAO;QACL,KAAK;QACL,aAAa;KACd,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"oauth-client-id-loopback.js","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":";;;AAkCA,kEAIC;AAED,0DAIC;AAED,0DAGC;AAED,gEAOC;AAUD,wEA2CC;AAED,8FAkDC;AAnKD,6DAA0D;AAC1D,mEAGgC;AAChC,qDAA+D;AAElD,QAAA,yBAAyB,GAAG,kBAAkB,CAAA;AAiB9C,QAAA,2BAA2B,GAAG,wCAAmB,CAAC,WAAW,CACxE,CAAC,KAAK,EAAE,GAAG,EAAkC,EAAE;IAC7C,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,CAAA;IACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;IAC3D,CAAC;IACD,OAAO,MAAM,CAAC,OAAO,CAAA;AACvB,CAAC,CACF,CAAA;AAED,SAAgB,2BAA2B,CACzC,KAAa;IAEb,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,SAAgB,uBAAuB,CACrC,KAAQ;IAER,OAAO,8BAA8B,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AACtD,CAAC;AAED,SAAgB,uBAAuB,CAAmB,KAAQ;IAChE,2BAA2B,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAgB,0BAA0B,CACxC,KAAa;IAEb,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,CAAA;IACpD,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO,MAAM,CAAC,KAAK,CAAA;IAEvC,MAAM,IAAI,SAAS,CAAC,+BAA+B,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;AACtE,CAAC;AAUD,SAAgB,8BAA8B,CAC5C,KAAa;IAEb,oEAAoE;IACpE,wBAAwB;IAExB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,iCAAyB,CAAC,EAAE,CAAC;QACjD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,0BAA0B,iCAAyB,GAAG;SAChE,CAAA;IACH,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,iCAAyB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,yCAAyC;SACnD,CAAA;IACH,CAAC;IAED,4EAA4E;IAC5E,yDAAyD;IACzD,MAAM,cAAc,GAClB,KAAK,CAAC,MAAM,GAAG,iCAAyB,CAAC,MAAM;QAC/C,KAAK,CAAC,UAAU,CAAC,iCAAyB,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,SAAS;QACnE,CAAC,CAAC,iCAAyB,CAAC,MAAM,GAAG,CAAC;QACtC,CAAC,CAAC,iCAAyB,CAAC,MAAM,CAAA;IAEtC,2EAA2E;IAC3E,wEAAwE;IACxE,qDAAqD;IACrD,IACE,KAAK,CAAC,MAAM,KAAK,cAAc;QAC/B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,EACnD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,yCAAyC;SACnD,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAA;IACnD,OAAO,yCAAyC,CAAC,WAAW,CAAC,CAAA;AAC/D,CAAC;AAED,SAAgB,yCAAyC,CACvD,KAAsD;IAEtD,qBAAqB;IACrB,MAAM,MAAM,GAAgC,EAAE,CAAA;IAE9C,MAAM,EAAE,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IACzE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC9B,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,mCAAmC;iBAC7C,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,iCAAgB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAC7C,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,oCAAoC,MAAM,IAAI,mBAAmB,EAAE;iBAC7E,CAAA;YACH,CAAC;YAED,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,IAAI,CAAA;QACzB,CAAC;aAAM,IAAI,GAAG,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,sDAA8B,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAC3D,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,2CAA2C,MAAM,IAAI,mBAAmB,EAAE;iBACpF,CAAA;YACH,CAAC;YAED,IAAI,MAAM,CAAC,aAAa,IAAI,IAAI;gBAAE,MAAM,CAAC,aAAa,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;;gBAC9D,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC1C,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B,GAAG,GAAG;aAC/C,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,MAAM;KACd,CAAA;AACH,CAAC","sourcesContent":["import { oauthClientIdSchema } from './oauth-client-id.js'\nimport {\n OAuthLoopbackRedirectURI,\n oauthLoopbackRedirectURISchema,\n} from './oauth-redirect-uri.js'\nimport { OAuthScope, oauthScopeSchema } from './oauth-scope.js'\n\nexport const LOOPBACK_CLIENT_ID_ORIGIN = 'http://localhost'\n\n// @NOTE This is not actually based on a standard, but rather a convention\n// established by Bluesky in the Atproto specs and implementation. As such, and\n// in order to respect the convention from this package, these should be\n// prefixed with \"Atproto\" instead of \"OAuth\". For legacy reasons, we keep the\n// current names, but we should rename them in a future major release, unless\n// loopback client ids have since then been standardized.\n\nexport type OAuthClientIdLoopback =\n `http://localhost${'' | `/`}${'' | `?${string}`}`\n\nexport type OAuthLoopbackClientIdParams = {\n scope?: OAuthScope\n redirect_uris?: [OAuthLoopbackRedirectURI, ...OAuthLoopbackRedirectURI[]]\n}\n\nexport const oauthClientIdLoopbackSchema = oauthClientIdSchema.superRefine(\n (input, ctx): input is OAuthClientIdLoopback => {\n const result = safeParseOAuthLoopbackClientId(input)\n if (!result.success) {\n ctx.addIssue({ code: 'custom', message: result.message })\n }\n return result.success\n },\n)\n\nexport function assertOAuthLoopbackClientId(\n input: string,\n): asserts input is OAuthClientIdLoopback {\n void parseOAuthLoopbackClientId(input)\n}\n\nexport function isOAuthClientIdLoopback<T extends string>(\n input: T,\n): input is T & OAuthClientIdLoopback {\n return safeParseOAuthLoopbackClientId(input).success\n}\n\nexport function asOAuthClientIdLoopback<T extends string>(input: T) {\n assertOAuthLoopbackClientId(input)\n return input\n}\n\nexport function parseOAuthLoopbackClientId(\n input: string,\n): OAuthLoopbackClientIdParams {\n const result = safeParseOAuthLoopbackClientId(input)\n if (result.success) return result.value\n\n throw new TypeError(`Invalid loopback client ID: ${result.message}`)\n}\n\n/**\n * Similar to Zod's {@link SafeParseReturnType} but uses a simple \"message\"\n * string instead of an \"error\" Error object.\n */\ntype LightParseReturnType<T> =\n | { success: true; value: T }\n | { success: false; message: string }\n\nexport function safeParseOAuthLoopbackClientId(\n input: string,\n): LightParseReturnType<OAuthLoopbackClientIdParams> {\n // @NOTE Not using \"new URL\" to ensure input indeed matches the type\n // OAuthClientIdLoopback\n\n if (!input.startsWith(LOOPBACK_CLIENT_ID_ORIGIN)) {\n return {\n success: false,\n message: `Value must start with \"${LOOPBACK_CLIENT_ID_ORIGIN}\"`,\n }\n }\n\n if (input.includes('#', LOOPBACK_CLIENT_ID_ORIGIN.length)) {\n return {\n success: false,\n message: 'Value must not contain a hash component',\n }\n }\n\n // Since we don't allow a path component (except for a single \"/\") the query\n // string starts after the origin (+ 1 if there is a \"/\")\n const queryStringIdx =\n input.length > LOOPBACK_CLIENT_ID_ORIGIN.length &&\n input.charCodeAt(LOOPBACK_CLIENT_ID_ORIGIN.length) === 0x2f /* '/' */\n ? LOOPBACK_CLIENT_ID_ORIGIN.length + 1\n : LOOPBACK_CLIENT_ID_ORIGIN.length\n\n // Since we determined the position of the query string based on the origin\n // length (instead of looking for a \"?\"), we need to make sure the query\n // string position (if any) indeed starts with a \"?\".\n if (\n input.length !== queryStringIdx &&\n input.charCodeAt(queryStringIdx) !== 0x3f /* '?' */\n ) {\n return {\n success: false,\n message: 'Value must not contain a path component',\n }\n }\n\n const queryString = input.slice(queryStringIdx + 1)\n return safeParseOAuthLoopbackClientIdQueryString(queryString)\n}\n\nexport function safeParseOAuthLoopbackClientIdQueryString(\n input: string | Iterable<[key: string, value: string]>,\n): LightParseReturnType<OAuthLoopbackClientIdParams> {\n // Parse query params\n const params: OAuthLoopbackClientIdParams = {}\n\n const it = typeof input === 'string' ? new URLSearchParams(input) : input\n for (const [key, value] of it) {\n if (key === 'scope') {\n if ('scope' in params) {\n return {\n success: false,\n message: 'Duplicate \"scope\" query parameter',\n }\n }\n\n const res = oauthScopeSchema.safeParse(value)\n if (!res.success) {\n const reason = res.error.issues.map((i) => i.message).join(', ')\n return {\n success: false,\n message: `Invalid \"scope\" query parameter: ${reason || 'Validation failed'}`,\n }\n }\n\n params.scope = res.data\n } else if (key === 'redirect_uri') {\n const res = oauthLoopbackRedirectURISchema.safeParse(value)\n if (!res.success) {\n const reason = res.error.issues.map((i) => i.message).join(', ')\n return {\n success: false,\n message: `Invalid \"redirect_uri\" query parameter: ${reason || 'Validation failed'}`,\n }\n }\n\n if (params.redirect_uris == null) params.redirect_uris = [res.data]\n else params.redirect_uris.push(res.data)\n } else {\n return {\n success: false,\n message: `Unexpected query parameter \"${key}\"`,\n }\n }\n }\n\n return {\n success: true,\n value: params,\n }\n}\n"]}
package/dist/oauth-client-id.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../src/oauth-client-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA"}
1
+ {"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../src/oauth-client-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthClientIdSchema = z.string().min(1)\nexport type OAuthClientId = z.infer<typeof oauthClientIdSchema>\n"]}