@atproto/oauth-types 0.4.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +29 -0
- package/dist/atproto-loopback-client-id.d.ts +14 -0
- package/dist/atproto-loopback-client-id.d.ts.map +1 -0
- package/dist/atproto-loopback-client-id.js +43 -0
- package/dist/atproto-loopback-client-id.js.map +1 -0
- package/dist/atproto-loopback-client-metadata.d.ts +8 -1
- package/dist/atproto-loopback-client-metadata.d.ts.map +1 -1
- package/dist/atproto-loopback-client-metadata.js +13 -4
- package/dist/atproto-loopback-client-metadata.js.map +1 -1
- package/dist/atproto-loopback-client-redirect-uris.d.ts +2 -0
- package/dist/atproto-loopback-client-redirect-uris.d.ts.map +1 -0
- package/dist/atproto-loopback-client-redirect-uris.js +8 -0
- package/dist/atproto-loopback-client-redirect-uris.js.map +1 -0
- package/dist/atproto-oauth-scope.d.ts +12 -0
- package/dist/atproto-oauth-scope.d.ts.map +1 -0
- package/dist/atproto-oauth-scope.js +27 -0
- package/dist/atproto-oauth-scope.js.map +1 -0
- package/dist/atproto-oauth-token-response.d.ts +106 -0
- package/dist/atproto-oauth-token-response.d.ts.map +1 -0
- package/dist/atproto-oauth-token-response.js +15 -0
- package/dist/atproto-oauth-token-response.js.map +1 -0
- package/dist/constants.js.map +1 -1
- package/dist/index.d.ts +5 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/oauth-access-token.js.map +1 -1
- package/dist/oauth-authorization-code-grant-token-request.js.map +1 -1
- package/dist/oauth-authorization-details.js.map +1 -1
- package/dist/oauth-authorization-request-jar.js.map +1 -1
- package/dist/oauth-authorization-request-par.d.ts +12 -12
- package/dist/oauth-authorization-request-par.js.map +1 -1
- package/dist/oauth-authorization-request-parameters.d.ts +12 -12
- package/dist/oauth-authorization-request-parameters.js.map +1 -1
- package/dist/oauth-authorization-request-query.d.ts +12 -12
- package/dist/oauth-authorization-request-query.js.map +1 -1
- package/dist/oauth-authorization-request-uri.js.map +1 -1
- package/dist/oauth-authorization-response-error.js.map +1 -1
- package/dist/oauth-authorization-server-metadata.js +2 -2
- package/dist/oauth-authorization-server-metadata.js.map +1 -1
- package/dist/oauth-client-credentials-grant-token-request.js.map +1 -1
- package/dist/oauth-client-credentials.js.map +1 -1
- package/dist/oauth-client-id-discoverable.d.ts +1 -1
- package/dist/oauth-client-id-discoverable.js +1 -1
- package/dist/oauth-client-id-discoverable.js.map +1 -1
- package/dist/oauth-client-id-loopback.d.ts +24 -8
- package/dist/oauth-client-id-loopback.d.ts.map +1 -1
- package/dist/oauth-client-id-loopback.js +97 -60
- package/dist/oauth-client-id-loopback.js.map +1 -1
- package/dist/oauth-client-id.js.map +1 -1
- package/dist/oauth-client-metadata.d.ts +160 -1098
- package/dist/oauth-client-metadata.d.ts.map +1 -1
- package/dist/oauth-client-metadata.js.map +1 -1
- package/dist/oauth-code-challenge-method.js.map +1 -1
- package/dist/oauth-endpoint-auth-method.js.map +1 -1
- package/dist/oauth-endpoint-name.js.map +1 -1
- package/dist/oauth-grant-type.js.map +1 -1
- package/dist/oauth-introspection-response.js.map +1 -1
- package/dist/oauth-issuer-identifier.js.map +1 -1
- package/dist/oauth-par-response.d.ts +2 -2
- package/dist/oauth-par-response.js.map +1 -1
- package/dist/oauth-password-grant-token-request.js.map +1 -1
- package/dist/oauth-protected-resource-metadata.d.ts +1 -1
- package/dist/oauth-protected-resource-metadata.js +1 -1
- package/dist/oauth-protected-resource-metadata.js.map +1 -1
- package/dist/oauth-redirect-uri.d.ts +18 -6
- package/dist/oauth-redirect-uri.d.ts.map +1 -1
- package/dist/oauth-redirect-uri.js +18 -19
- package/dist/oauth-redirect-uri.js.map +1 -1
- package/dist/oauth-refresh-token-grant-token-request.js.map +1 -1
- package/dist/oauth-refresh-token.js.map +1 -1
- package/dist/oauth-request-uri.js.map +1 -1
- package/dist/oauth-response-mode.js.map +1 -1
- package/dist/oauth-response-type.js.map +1 -1
- package/dist/oauth-scope.d.ts +5 -3
- package/dist/oauth-scope.d.ts.map +1 -1
- package/dist/oauth-scope.js +11 -8
- package/dist/oauth-scope.js.map +1 -1
- package/dist/oauth-token-identification.js.map +1 -1
- package/dist/oauth-token-request.js.map +1 -1
- package/dist/oauth-token-response.js.map +1 -1
- package/dist/oauth-token-type.js.map +1 -1
- package/dist/oidc-authorization-error-response.js.map +1 -1
- package/dist/oidc-claims-parameter.js.map +1 -1
- package/dist/oidc-claims-properties.js.map +1 -1
- package/dist/oidc-entity-type.js.map +1 -1
- package/dist/oidc-userinfo.js.map +1 -1
- package/dist/uri.d.ts.map +1 -1
- package/dist/uri.js +44 -17
- package/dist/uri.js.map +1 -1
- package/dist/util.d.ts +11 -1
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +74 -5
- package/dist/util.js.map +1 -1
- package/package.json +3 -2
- package/src/atproto-loopback-client-id.ts +78 -0
- package/src/atproto-loopback-client-metadata.ts +33 -13
- package/src/atproto-loopback-client-redirect-uris.ts +4 -0
- package/src/atproto-oauth-scope.ts +34 -0
- package/src/atproto-oauth-token-response.ts +16 -0
- package/src/index.ts +5 -1
- package/src/oauth-authorization-server-metadata.ts +2 -2
- package/src/oauth-client-id-discoverable.ts +1 -1
- package/src/oauth-client-id-loopback.ts +131 -73
- package/src/oauth-protected-resource-metadata.ts +1 -1
- package/src/oauth-redirect-uri.ts +20 -26
- package/src/oauth-scope.ts +13 -7
- package/src/uri.ts +54 -18
- package/src/util.ts +85 -3
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAUvB;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB;IACpC;;OAEG;;;;;;;;;;;cA4D6jvB,EAAG,QAAQ,CAAC,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW;iBAAe,EAAG,SAAS;iBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,UAAU;iBAAe,EAAG,WAAW,CAAC,EAAE,OAAO;qBAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAAqH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;iBAAwB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;;iBAAwB,EAAG,UAAU,CAAC,EAAE,SAAS;qBAAmC,EAAG,UAAU;;eAAoC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAA+D,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;YAA6B,EAAG,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW;iBAAe,EAAG,SAAS;iBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,UAAU;iBAAe,EAAG,WAAW,CAAC,EAAE,OAAO;qBAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAAqH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;iBAAwB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;;iBAAwB,EAAG,UAAU;iBAAqB,EAAG,WAAW,CAAC,EAAE,OAAO;eAAqE,EAAG,SAAS;eAAY,EAAG,SAAS;eAAY,EAAG,WAAW,CAAC,EAAE,SAAS;eAAa,EAAG,WAAW,CAAC,EAAE,SAAS;eAAa,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;mBAAiB,EAAG,WAAW,CAAC,EAAE,SAAS;mBAAiB,EAAG,WAAW,CAAC,EAAE,SAAS;mBAAiB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,UAAU;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAgD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;qBAAkE,EAAG,UAAU;;;;eAAyE,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;eAA8H,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;YAAuD,EAAG,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW;iBAAe,EAAG,SAAS;iBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,UAAU;iBAAe,EAAG,WAAW,CAAC,EAAE,OAAO;qBAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAAqH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;iBAAwB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;;iBAAwB,EAAG,UAAU;iBAAoB,EAAG,WAAW,CAAC,EAAE,OAAO;iBAA4C,EAAG,OAAO;eAAyC,EAAG,SAAS;eAAY,EAAG,SAAS;eAAY,EAAG,WAAW,CAAC,EAAE,SAAS;qBAAmB,EAAG,UAAU;;;;;eAAkH,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA6I,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;YAA6B,EAAG,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW;iBAAe,EAAG,SAAS;iBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,UAAU;iBAAe,EAAG,WAAW,CAAC,EAAE,OAAO;qBAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAAqH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;iBAAwB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;;iBAAwB,EAAG,UAAU;iBAAoB,EAAG,WAAW,CAAC,EAAE,OAAO;iBAA2B,EAAG,OAAO;eAA2B,EAAG,SAAS;eAAY,EAAG,SAAS;eAAY,EAAG,WAAW,CAAC,EAAE,SAAS;qBAAmB,EAAG,UAAU;;;;;eAAkG,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA6H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;YAA6B,EAAG,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW;iBAAe,EAAG,SAAS;iBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,UAAU;iBAAe,EAAG,WAAW,CAAC,EAAE,OAAO;qBAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAAqH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;iBAAwB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;;iBAAwB,EAAG,UAAU;iBAAqB,EAAG,WAAW,CAAC,EAAE,OAAO;iBAA0B,EAAG,OAAO;eAAkC,EAAG,SAAS;eAAY,EAAG,WAAW,CAAC,EAAE,SAAS;qBAAmB,EAAG,UAAU;;;;eAAwF,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAmH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;YAA6B,EAAG,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW;iBAAe,EAAG,SAAS;iBAAc,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,UAAU;iBAAe,EAAG,WAAW,CAAC,EAAE,OAAO;qBAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAAqH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;iBAAwB,EAAG,WAAW,CAAC,EAAE,SAAS;wBAAsB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAe,EAAG,WAAW,CAAC,EAAE,SAAS;;iBAAwB,EAAG,UAAU;iBAAqB,EAAG,WAAW,CAAC,EAAE,OAAO;eAA0C,EAAG,SAAS;qBAAkB,EAAG,UAAU;;;eAAsD,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;eAAiF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;eAAuG,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;eAAoG,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;eAAqG,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;eAAoG,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;eAAqG,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;eAAoG,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;;;eAAqJ,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;;;eAAuH,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;;;;;;;;;;;;IArB14gE;;;;;;OAMG;;;;;;;;;;;;;;;;;;;;;;;;;eAeg5yD,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAAuH,CAAC;eAAoF,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAkB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;iBAAmD,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;eAAwK,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;;eAA8H,CAAC;eAAmC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;;eAAoH,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;aAA+B,CAAC;;;;eAAkF,CAAC;eAAsD,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;eAAgE,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;;;;;;;;;;;;;;;;;;;;;;EAJ14gE,CAAA;AAEF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAC3E,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-client-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAUvB;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB;IACpC;;OAEG;;;;;;;;;;;cA4D6/J,EAAG,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE,UAAU;;;;eAAqF,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;eAA+I,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;;;;;;;;;;;;IArB3sY;;;;;;OAMG;;;;;;;;;;;;;;;;;;;;;;;;;eAeuuR,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAJ3sY,CAAA;AAEF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAC3E,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client-metadata.js","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA4C;AAC5C,6DAA0D;AAC1D,mFAAyE;AACzE,+DAA4D;AAC5D,mEAAgE;AAChE,qEAAkE;AAClE,qDAAmD;AACnD,qCAAuC;AAEvC;;;;;;GAMG;AACU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD;;OAEG;IACH,wDAAwD;IACxD,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,8CAAsB,CAAC,CAAC,QAAQ,EAAE;IACzD,cAAc,EAAE,OAAC;SACd,KAAK,CAAC,gDAAuB,CAAC;SAC9B,QAAQ,EAAE;QACX,wEAAwE;QACxE,mBAAmB;SAClB,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;IACpB,WAAW,EAAE,OAAC;SACX,KAAK,CAAC,0CAAoB,CAAC;SAC3B,QAAQ,EAAE;QACX,0EAA0E;QAC1E,qCAAqC;SACpC,OAAO,CAAC,CAAC,oBAAoB,CAAC,CAAC;IAClC,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,wDAAwD;IACxD,0BAA0B,EAAE,uDAAuB;QACjD,2EAA2E;SAC1E,OAAO,CAAC,qBAAqB,CAAC;IACjC,+BAA+B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,4BAA4B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACjC,IAAI,EAAE,mBAAa,CAAC,QAAQ,EAAE;IAC9B,gBAAgB,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,8BAA8B;IAC1F,YAAY,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC9D,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,4BAA4B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,iCAAiC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9D,oCAAoC,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1E,oCAAoC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3D,SAAS,EAAE,wCAAmB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE,EAAE,2BAA2B;IAE9D;;;;;;OAMG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,0CAA0C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAElE,4DAA4D;IAC5D,wBAAwB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAEhD,6DAA6D;IAC7D,2BAA2B,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5D,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-client-metadata.js","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA4C;AAC5C,6DAA0D;AAC1D,mFAAyE;AACzE,+DAA4D;AAC5D,mEAAgE;AAChE,qEAAkE;AAClE,qDAAmD;AACnD,qCAAuC;AAEvC;;;;;;GAMG;AACU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD;;OAEG;IACH,wDAAwD;IACxD,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,8CAAsB,CAAC,CAAC,QAAQ,EAAE;IACzD,cAAc,EAAE,OAAC;SACd,KAAK,CAAC,gDAAuB,CAAC;SAC9B,QAAQ,EAAE;QACX,wEAAwE;QACxE,mBAAmB;SAClB,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;IACpB,WAAW,EAAE,OAAC;SACX,KAAK,CAAC,0CAAoB,CAAC;SAC3B,QAAQ,EAAE;QACX,0EAA0E;QAC1E,qCAAqC;SACpC,OAAO,CAAC,CAAC,oBAAoB,CAAC,CAAC;IAClC,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,wDAAwD;IACxD,0BAA0B,EAAE,uDAAuB;QACjD,2EAA2E;SAC1E,OAAO,CAAC,qBAAqB,CAAC;IACjC,+BAA+B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,4BAA4B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACjC,IAAI,EAAE,mBAAa,CAAC,QAAQ,EAAE;IAC9B,gBAAgB,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,8BAA8B;IAC1F,YAAY,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC9D,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,4BAA4B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,iCAAiC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9D,oCAAoC,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1E,oCAAoC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3D,SAAS,EAAE,wCAAmB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE,EAAE,2BAA2B;IAE9D;;;;;;OAMG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,0CAA0C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAElE,4DAA4D;IAC5D,wBAAwB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAEhD,6DAA6D;IAC7D,2BAA2B,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5D,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { jwksPubSchema } from '@atproto/jwk'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthEndpointAuthMethod } from './oauth-endpoint-auth-method.js'\nimport { oauthGrantTypeSchema } from './oauth-grant-type.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7591}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthClientMetadataSchema = z.object({\n /**\n * @note redirect_uris require additional validation\n */\n // https://www.rfc-editor.org/rfc/rfc7591.html#section-2\n redirect_uris: z.array(oauthRedirectUriSchema).nonempty(),\n response_types: z\n .array(oauthResponseTypeSchema)\n .nonempty()\n // > If omitted, the default is that the client will use only the \"code\"\n // > response type.\n .default(['code']),\n grant_types: z\n .array(oauthGrantTypeSchema)\n .nonempty()\n // > If omitted, the default behavior is that the client will use only the\n // > \"authorization_code\" Grant Type.\n .default(['authorization_code']),\n scope: oauthScopeSchema.optional(),\n // https://www.rfc-editor.org/rfc/rfc7591.html#section-2\n token_endpoint_auth_method: oauthEndpointAuthMethod\n // > If unspecified or omitted, the default is \"client_secret_basic\" [...].\n .default('client_secret_basic'),\n token_endpoint_auth_signing_alg: z.string().optional(),\n userinfo_signed_response_alg: z.string().optional(),\n userinfo_encrypted_response_alg: z.string().optional(),\n jwks_uri: webUriSchema.optional(),\n jwks: jwksPubSchema.optional(),\n application_type: z.enum(['web', 'native']).default('web'), // default, per spec, is \"web\"\n subject_type: z.enum(['public', 'pairwise']).default('public'),\n request_object_signing_alg: z.string().optional(),\n id_token_signed_response_alg: z.string().optional(),\n authorization_signed_response_alg: z.string().default('RS256'),\n authorization_encrypted_response_enc: z.enum(['A128CBC-HS256']).optional(),\n authorization_encrypted_response_alg: z.string().optional(),\n client_id: oauthClientIdSchema.optional(),\n client_name: z.string().optional(),\n client_uri: webUriSchema.optional(),\n policy_uri: webUriSchema.optional(),\n tos_uri: webUriSchema.optional(),\n logo_uri: webUriSchema.optional(), // @TODO: allow data: uri ?\n\n /**\n * Default Maximum Authentication Age. Specifies that the End-User MUST be\n * actively authenticated if the End-User was authenticated longer ago than\n * the specified number of seconds. The max_age request parameter overrides\n * this default value. If omitted, no default Maximum Authentication Age is\n * specified.\n */\n default_max_age: z.number().optional(),\n require_auth_time: z.boolean().optional(),\n contacts: z.array(z.string().email()).optional(),\n tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-5.2\n dpop_bound_access_tokens: z.boolean().optional(),\n\n // https://datatracker.ietf.org/doc/html/rfc9396#section-14.5\n authorization_details_types: z.array(z.string()).optional(),\n})\n\nexport type OAuthClientMetadata = z.infer<typeof oauthClientMetadataSchema>\nexport type OAuthClientMetadataInput = z.input<typeof oauthClientMetadataSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-code-challenge-method.js","sourceRoot":"","sources":["../src/oauth-code-challenge-method.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,8BAA8B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-code-challenge-method.js","sourceRoot":"","sources":["../src/oauth-code-challenge-method.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,8BAA8B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthCodeChallengeMethodSchema = z.enum(['S256', 'plain'])\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-endpoint-auth-method.js","sourceRoot":"","sources":["../src/oauth-endpoint-auth-method.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,qBAAqB;IACrB,mBAAmB;IACnB,oBAAoB;IACpB,MAAM;IACN,iBAAiB;IACjB,6BAA6B;IAC7B,iBAAiB;CAClB,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-endpoint-auth-method.js","sourceRoot":"","sources":["../src/oauth-endpoint-auth-method.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,qBAAqB;IACrB,mBAAmB;IACnB,oBAAoB;IACpB,MAAM;IACN,iBAAiB;IACjB,6BAA6B;IAC7B,iBAAiB;CAClB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthEndpointAuthMethod = z.enum([\n 'client_secret_basic',\n 'client_secret_jwt',\n 'client_secret_post',\n 'none',\n 'private_key_jwt',\n 'self_signed_tls_client_auth',\n 'tls_client_auth',\n])\n\nexport type OauthEndpointAuthMethod = z.infer<typeof oauthEndpointAuthMethod>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-endpoint-name.js","sourceRoot":"","sources":["../src/oauth-endpoint-name.ts"],"names":[],"mappings":";;;AAAa,QAAA,oBAAoB,GAAG;IAClC,OAAO;IACP,YAAY;IACZ,eAAe;IACf,8BAA8B;CACtB,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-endpoint-name.js","sourceRoot":"","sources":["../src/oauth-endpoint-name.ts"],"names":[],"mappings":";;;AAAa,QAAA,oBAAoB,GAAG;IAClC,OAAO;IACP,YAAY;IACZ,eAAe;IACf,8BAA8B;CACtB,CAAA","sourcesContent":["export const OAUTH_ENDPOINT_NAMES = [\n 'token',\n 'revocation',\n 'introspection',\n 'pushed_authorization_request',\n] as const\n\nexport type OAuthEndpointName = (typeof OAUTH_ENDPOINT_NAMES)[number]\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-grant-type.js","sourceRoot":"","sources":["../src/oauth-grant-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC;IACzC,oBAAoB;IACpB,UAAU;IACV,eAAe;IACf,UAAU,EAAE,wBAAwB;IACpC,oBAAoB;IACpB,6CAA6C;IAC7C,+CAA+C;CAChD,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-grant-type.js","sourceRoot":"","sources":["../src/oauth-grant-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC;IACzC,oBAAoB;IACpB,UAAU;IACV,eAAe;IACf,UAAU,EAAE,wBAAwB;IACpC,oBAAoB;IACpB,6CAA6C;IAC7C,+CAA+C;CAChD,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthGrantTypeSchema = z.enum([\n 'authorization_code',\n 'implicit',\n 'refresh_token',\n 'password', // Not part of OAuth 2.1\n 'client_credentials',\n 'urn:ietf:params:oauth:grant-type:jwt-bearer',\n 'urn:ietf:params:oauth:grant-type:saml2-bearer',\n])\n\nexport type OAuthGrantType = z.infer<typeof oauthGrantTypeSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-introspection-response.js","sourceRoot":"","sources":["../src/oauth-introspection-response.ts"],"names":[],"mappings":""}
|
|
1
|
+
{"version":3,"file":"oauth-introspection-response.js","sourceRoot":"","sources":["../src/oauth-introspection-response.ts"],"names":[],"mappings":"","sourcesContent":["import { OAuthAuthorizationDetails } from './oauth-authorization-details.js'\nimport { OAuthTokenType } from './oauth-token-type.js'\n\n// https://datatracker.ietf.org/doc/html/rfc7662#section-2.2\nexport type OAuthIntrospectionResponse =\n | { active: false }\n | {\n active: true\n\n scope?: string\n client_id?: string\n username?: string\n token_type?: OAuthTokenType\n authorization_details?: OAuthAuthorizationDetails\n\n aud?: string | [string, ...string[]]\n exp?: number\n iat?: number\n iss?: string\n jti?: string\n nbf?: number\n sub?: string\n }\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-issuer-identifier.js","sourceRoot":"","sources":["../src/oauth-issuer-identifier.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qCAAuC;AAE1B,QAAA,2BAA2B,GAAG,qBAAY,CAAC,WAAW,CACjE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IACb,uCAAuC;IAEvC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAA;IACnE,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;QAC7B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-issuer-identifier.js","sourceRoot":"","sources":["../src/oauth-issuer-identifier.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qCAAuC;AAE1B,QAAA,2BAA2B,GAAG,qBAAY,CAAC,WAAW,CACjE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IACb,uCAAuC;IAEvC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAA;IACnE,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;QAC7B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { z } from 'zod'\nimport { webUriSchema } from './uri.js'\n\nexport const oauthIssuerIdentifierSchema = webUriSchema.superRefine(\n (value, ctx) => {\n // Validate the issuer (MIX-UP attacks)\n\n if (value.endsWith('/')) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Issuer URL must not end with a slash',\n })\n return false\n }\n\n const url = new URL(value)\n\n if (url.username || url.password) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Issuer URL must not contain a username or password',\n })\n return false\n }\n\n if (url.hash || url.search) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Issuer URL must not contain a query or fragment',\n })\n return false\n }\n\n const canonicalValue = url.pathname === '/' ? url.origin : url.href\n if (value !== canonicalValue) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Issuer URL must be in the canonical form',\n })\n return false\n }\n\n return true\n },\n)\n\nexport type OAuthIssuerIdentifier = z.infer<typeof oauthIssuerIdentifierSchema>\n"]}
|
|
@@ -3,11 +3,11 @@ export declare const oauthParResponseSchema: z.ZodObject<{
|
|
|
3
3
|
request_uri: z.ZodString;
|
|
4
4
|
expires_in: z.ZodNumber;
|
|
5
5
|
}, "strip", z.ZodTypeAny, {
|
|
6
|
-
request_uri: string;
|
|
7
6
|
expires_in: number;
|
|
8
|
-
}, {
|
|
9
7
|
request_uri: string;
|
|
8
|
+
}, {
|
|
10
9
|
expires_in: number;
|
|
10
|
+
request_uri: string;
|
|
11
11
|
}>;
|
|
12
12
|
export type OAuthParResponse = z.infer<typeof oauthParResponseSchema>;
|
|
13
13
|
//# sourceMappingURL=oauth-par-response.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-par-response.js","sourceRoot":"","sources":["../src/oauth-par-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-par-response.js","sourceRoot":"","sources":["../src/oauth-par-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthParResponseSchema = z.object({\n request_uri: z.string(),\n expires_in: z.number().int().positive(),\n})\n\nexport type OAuthParResponse = z.infer<typeof oauthParResponseSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-password-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-password-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IACjC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-password-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-password-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IACjC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthPasswordGrantTokenRequestSchema = z.object({\n grant_type: z.literal('password'),\n username: z.string(),\n password: z.string(),\n})\n\nexport type OAuthPasswordGrantTokenRequest = z.infer<\n typeof oauthPasswordGrantTokenRequestSchema\n>\n"]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
/**
|
|
3
|
-
* @see {@link https://
|
|
3
|
+
* @see {@link https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2}
|
|
4
4
|
*/
|
|
5
5
|
export declare const oauthProtectedResourceMetadataSchema: z.ZodObject<{
|
|
6
6
|
/**
|
|
@@ -5,7 +5,7 @@ const zod_1 = require("zod");
|
|
|
5
5
|
const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
|
|
6
6
|
const uri_js_1 = require("./uri.js");
|
|
7
7
|
/**
|
|
8
|
-
* @see {@link https://
|
|
8
|
+
* @see {@link https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2}
|
|
9
9
|
*/
|
|
10
10
|
exports.oauthProtectedResourceMetadataSchema = zod_1.z.object({
|
|
11
11
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-protected-resource-metadata.js","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6EAA0E;AAC1E,qCAAuC;AAEvC;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D;;;;;;;OAOG;IACH,QAAQ,EAAE,qBAAY;SACnB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,gDAAgD;KAC1D,CAAC;SACD,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,0CAA0C;KACpD,CAAC;IAEJ;;;;;;;OAOG;IACH,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,wDAA2B,CAAC,CAAC,QAAQ,EAAE;IAEtE;;;;;;;OAOG;IACH,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC;;;;;OAKG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEhD;;;;;OAKG;IACH,wBAAwB,EAAE,OAAC;SACxB,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;SAC1C,QAAQ,EAAE;IAEb;;;;;;OAMG;IACH,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAErE;;;OAGG;IACH,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE/C;;;;OAIG;IACH,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE5C;;;OAGG;IACH,gBAAgB,EAAE,qBAAY,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-protected-resource-metadata.js","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6EAA0E;AAC1E,qCAAuC;AAEvC;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D;;;;;;;OAOG;IACH,QAAQ,EAAE,qBAAY;SACnB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,gDAAgD;KAC1D,CAAC;SACD,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,0CAA0C;KACpD,CAAC;IAEJ;;;;;;;OAOG;IACH,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,wDAA2B,CAAC,CAAC,QAAQ,EAAE;IAEtE;;;;;;;OAOG;IACH,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC;;;;;OAKG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEhD;;;;;OAKG;IACH,wBAAwB,EAAE,OAAC;SACxB,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;SAC1C,QAAQ,EAAE;IAEb;;;;;;OAMG;IACH,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAErE;;;OAGG;IACH,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE/C;;;;OAIG;IACH,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE5C;;;OAGG;IACH,gBAAgB,EAAE,qBAAY,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2}\n */\nexport const oauthProtectedResourceMetadataSchema = z.object({\n /**\n * REQUIRED. The protected resource's resource identifier, which is a URL that\n * uses the https scheme and has no query or fragment components. Using these\n * well-known resources is described in Section 3.\n *\n * @note This schema allows non https URLs for testing & development purposes.\n * Make sure to validate the URL before using it in a production environment.\n */\n resource: webUriSchema\n .refine((url) => !url.includes('?'), {\n message: 'Resource URL must not contain query parameters',\n })\n .refine((url) => !url.includes('#'), {\n message: 'Resource URL must not contain a fragment',\n }),\n\n /**\n * OPTIONAL. JSON array containing a list of OAuth authorization server issuer\n * identifiers, as defined in [RFC8414], for authorization servers that can be\n * used with this protected resource. Protected resources MAY choose not to\n * advertise some supported authorization servers even when this parameter is\n * used. In some use cases, the set of authorization servers will not be\n * enumerable, in which case this metadata parameter would not be used.\n */\n authorization_servers: z.array(oauthIssuerIdentifierSchema).optional(),\n\n /**\n * OPTIONAL. URL of the protected resource's JWK Set [JWK] document. This\n * contains public keys belonging to the protected resource, such as signing\n * key(s) that the resource server uses to sign resource responses. This URL\n * MUST use the https scheme. When both signing and encryption keys are made\n * available, a use (public key use) parameter value is REQUIRED for all keys\n * in the referenced JWK Set to indicate each key's intended usage.\n */\n jwks_uri: webUriSchema.optional(),\n\n /**\n * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope\n * values that are used in authorization requests to request access to this\n * protected resource. Protected resources MAY choose not to advertise some\n * scope values supported even when this parameter is used.\n */\n scopes_supported: z.array(z.string()).optional(),\n\n /**\n * OPTIONAL. JSON array containing a list of the supported methods of sending\n * an OAuth 2.0 Bearer Token [RFC6750] to the protected resource. Defined\n * values are [\"header\", \"body\", \"query\"], corresponding to Sections 2.1, 2.2,\n * and 2.3 of RFC 6750.\n */\n bearer_methods_supported: z\n .array(z.enum(['header', 'body', 'query']))\n .optional(),\n\n /**\n * OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms\n * (alg values) [JWA] supported by the protected resource for signing resource\n * responses, for instance, as described in [FAPI.MessageSigning]. No default\n * algorithms are implied if this entry is omitted. The value none MUST NOT be\n * used.\n */\n resource_signing_alg_values_supported: z.array(z.string()).optional(),\n\n /**\n * OPTIONAL. URL of a page containing human-readable information that\n * developers might want or need to know when using the protected resource\n */\n resource_documentation: webUriSchema.optional(),\n\n /**\n * OPTIONAL. URL that the protected resource provides to read about the\n * protected resource's requirements on how the client can use the data\n * provided by the protected resource\n */\n resource_policy_uri: webUriSchema.optional(),\n\n /**\n * OPTIONAL. URL that the protected resource provides to read about the\n * protected resource's terms of service\n */\n resource_tos_uri: webUriSchema.optional(),\n})\n\nexport type OAuthProtectedResourceMetadata = z.infer<\n typeof oauthProtectedResourceMetadataSchema\n>\n"]}
|
|
@@ -1,10 +1,22 @@
|
|
|
1
1
|
import { TypeOf, z } from 'zod';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
2
|
+
/**
|
|
3
|
+
* This is a {@link loopbackUriSchema} with the additional restriction that
|
|
4
|
+
* the hostname `localhost` is not allowed.
|
|
5
|
+
*
|
|
6
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 Loopback Redirect Considerations} RFC8252
|
|
7
|
+
*
|
|
8
|
+
* > While redirect URIs using localhost (i.e.,
|
|
9
|
+
* > "http://localhost:{port}/{path}") function similarly to loopback IP
|
|
10
|
+
* > redirects described in Section 7.3, the use of localhost is NOT
|
|
11
|
+
* > RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather
|
|
12
|
+
* > than localhost avoids inadvertently listening on network interfaces other
|
|
13
|
+
* > than the loopback interface. It is also less susceptible to client-side
|
|
14
|
+
* > firewalls and misconfigured host name resolution on the user's device.
|
|
15
|
+
*/
|
|
16
|
+
export declare const loopbackRedirectURISchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>;
|
|
17
|
+
export type LoopbackRedirectURI = TypeOf<typeof loopbackRedirectURISchema>;
|
|
18
|
+
export declare const oauthLoopbackClientRedirectUriSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>;
|
|
19
|
+
export type OAuthLoopbackRedirectURI = TypeOf<typeof oauthLoopbackClientRedirectUriSchema>;
|
|
8
20
|
export declare const oauthRedirectUriSchema: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `https://${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `${string}.${string}:/${string}`, string>]>;
|
|
9
21
|
export type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>;
|
|
10
22
|
//# sourceMappingURL=oauth-redirect-uri.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-redirect-uri.d.ts","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;AAQ7C,eAAO,MAAM,
|
|
1
|
+
{"version":3,"file":"oauth-redirect-uri.d.ts","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;AAQ7C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,2kBAarC,CAAA;AACD,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAE1E,eAAO,MAAM,oCAAoC,2kBAA4B,CAAA;AAC7E,MAAM,MAAM,wBAAwB,GAAG,MAAM,CAC3C,OAAO,oCAAoC,CAC5C,CAAA;AAED,eAAO,MAAM,sBAAsB,gzBAKlC,CAAA;AACD,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,sBAAsB,CAAC,CAAA"}
|
|
@@ -1,20 +1,24 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.oauthRedirectUriSchema = exports.
|
|
3
|
+
exports.oauthRedirectUriSchema = exports.oauthLoopbackClientRedirectUriSchema = exports.loopbackRedirectURISchema = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const uri_js_1 = require("./uri.js");
|
|
6
|
-
|
|
6
|
+
/**
|
|
7
|
+
* This is a {@link loopbackUriSchema} with the additional restriction that
|
|
8
|
+
* the hostname `localhost` is not allowed.
|
|
9
|
+
*
|
|
10
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 Loopback Redirect Considerations} RFC8252
|
|
11
|
+
*
|
|
12
|
+
* > While redirect URIs using localhost (i.e.,
|
|
13
|
+
* > "http://localhost:{port}/{path}") function similarly to loopback IP
|
|
14
|
+
* > redirects described in Section 7.3, the use of localhost is NOT
|
|
15
|
+
* > RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather
|
|
16
|
+
* > than localhost avoids inadvertently listening on network interfaces other
|
|
17
|
+
* > than the loopback interface. It is also less susceptible to client-side
|
|
18
|
+
* > firewalls and misconfigured host name resolution on the user's device.
|
|
19
|
+
*/
|
|
20
|
+
exports.loopbackRedirectURISchema = uri_js_1.loopbackUriSchema.superRefine((value, ctx) => {
|
|
7
21
|
if (value.startsWith('http://localhost')) {
|
|
8
|
-
// https://datatracker.ietf.org/doc/html/rfc8252#section-8.3
|
|
9
|
-
//
|
|
10
|
-
// > While redirect URIs using localhost (i.e.,
|
|
11
|
-
// > "http://localhost:{port}/{path}") function similarly to loopback IP
|
|
12
|
-
// > redirects described in Section 7.3, the use of localhost is NOT
|
|
13
|
-
// > RECOMMENDED. Specifying a redirect URI with the loopback IP literal
|
|
14
|
-
// > rather than localhost avoids inadvertently listening on network
|
|
15
|
-
// > interfaces other than the loopback interface. It is also less
|
|
16
|
-
// > susceptible to client-side firewalls and misconfigured host name
|
|
17
|
-
// > resolution on the user's device.
|
|
18
22
|
ctx.addIssue({
|
|
19
23
|
code: zod_1.ZodIssueCode.custom,
|
|
20
24
|
message: 'Use of "localhost" hostname is not allowed (RFC 8252), use a loopback IP such as "127.0.0.1" instead',
|
|
@@ -23,13 +27,8 @@ exports.oauthLoopbackRedirectURISchema = uri_js_1.loopbackUriSchema.superRefine(
|
|
|
23
27
|
}
|
|
24
28
|
return true;
|
|
25
29
|
});
|
|
26
|
-
exports.
|
|
27
|
-
exports.
|
|
28
|
-
exports.oauthRedirectUriSchema = zod_1.z.union([
|
|
29
|
-
exports.oauthLoopbackRedirectURISchema,
|
|
30
|
-
exports.oauthHttpsRedirectURISchema,
|
|
31
|
-
exports.oauthPrivateUseRedirectURISchema,
|
|
32
|
-
], {
|
|
30
|
+
exports.oauthLoopbackClientRedirectUriSchema = exports.loopbackRedirectURISchema;
|
|
31
|
+
exports.oauthRedirectUriSchema = zod_1.z.union([exports.loopbackRedirectURISchema, uri_js_1.httpsUriSchema, uri_js_1.privateUseUriSchema], {
|
|
33
32
|
message: `URL must use the "https:" or "http:" protocol, or a private-use URI scheme (RFC 8252)`,
|
|
34
33
|
});
|
|
35
34
|
//# sourceMappingURL=oauth-redirect-uri.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-redirect-uri.js","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,qCAKiB;
|
|
1
|
+
{"version":3,"file":"oauth-redirect-uri.js","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,qCAKiB;AAEjB;;;;;;;;;;;;;GAaG;AACU,QAAA,yBAAyB,GAAG,0BAAiB,CAAC,WAAW,CACpE,CAAC,KAAK,EAAE,GAAG,EAA8D,EAAE;IACzE,IAAI,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,sGAAsG;SACzG,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAGY,QAAA,oCAAoC,GAAG,iCAAyB,CAAA;AAKhE,QAAA,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAC3C,CAAC,iCAAyB,EAAE,uBAAc,EAAE,4BAAmB,CAAC,EAChE;IACE,OAAO,EAAE,uFAAuF;CACjG,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n LoopbackUri,\n httpsUriSchema,\n loopbackUriSchema,\n privateUseUriSchema,\n} from './uri.js'\n\n/**\n * This is a {@link loopbackUriSchema} with the additional restriction that\n * the hostname `localhost` is not allowed.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 Loopback Redirect Considerations} RFC8252\n *\n * > While redirect URIs using localhost (i.e.,\n * > \"http://localhost:{port}/{path}\") function similarly to loopback IP\n * > redirects described in Section 7.3, the use of localhost is NOT\n * > RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather\n * > than localhost avoids inadvertently listening on network interfaces other\n * > than the loopback interface. It is also less susceptible to client-side\n * > firewalls and misconfigured host name resolution on the user's device.\n */\nexport const loopbackRedirectURISchema = loopbackUriSchema.superRefine(\n (value, ctx): value is Exclude<LoopbackUri, `http://localhost${string}`> => {\n if (value.startsWith('http://localhost')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'Use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead',\n })\n return false\n }\n\n return true\n },\n)\nexport type LoopbackRedirectURI = TypeOf<typeof loopbackRedirectURISchema>\n\nexport const oauthLoopbackClientRedirectUriSchema = loopbackRedirectURISchema\nexport type OAuthLoopbackRedirectURI = TypeOf<\n typeof oauthLoopbackClientRedirectUriSchema\n>\n\nexport const oauthRedirectUriSchema = z.union(\n [loopbackRedirectURISchema, httpsUriSchema, privateUseUriSchema],\n {\n message: `URL must use the \"https:\" or \"http:\" protocol, or a private-use URI scheme (RFC 8252)`,\n },\n)\nexport type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-refresh-token-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-refresh-token-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qEAAkE;AAErD,QAAA,wCAAwC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/D,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,aAAa,EAAE,gDAAuB;CACvC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-refresh-token-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-refresh-token-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qEAAkE;AAErD,QAAA,wCAAwC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/D,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,aAAa,EAAE,gDAAuB;CACvC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthRefreshTokenSchema } from './oauth-refresh-token.js'\n\nexport const oauthRefreshTokenGrantTokenRequestSchema = z.object({\n grant_type: z.literal('refresh_token'),\n refresh_token: oauthRefreshTokenSchema,\n})\n\nexport type OAuthRefreshTokenGrantTokenRequest = z.infer<\n typeof oauthRefreshTokenGrantTokenRequestSchema\n>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-refresh-token.js","sourceRoot":"","sources":["../src/oauth-refresh-token.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-refresh-token.js","sourceRoot":"","sources":["../src/oauth-refresh-token.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthRefreshTokenSchema = z.string().min(1)\nexport type OAuthRefreshToken = z.infer<typeof oauthRefreshTokenSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-request-uri.js","sourceRoot":"","sources":["../src/oauth-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-request-uri.js","sourceRoot":"","sources":["../src/oauth-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthRequestUriSchema = z.string()\n\nexport type OAuthRequestUri = z.infer<typeof oauthRequestUriSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-response-mode.js","sourceRoot":"","sources":["../src/oauth-response-mode.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,OAAO;IACP,UAAU;IACV,WAAW;CACZ,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-response-mode.js","sourceRoot":"","sources":["../src/oauth-response-mode.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,OAAO;IACP,UAAU;IACV,WAAW;CACZ,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthResponseModeSchema = z.enum([\n 'query',\n 'fragment',\n 'form_post',\n])\n\nexport type OAuthResponseMode = z.infer<typeof oauthResponseModeSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,wFAAwF;IACxF,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,4EAA4E;IAC5E,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,wFAAwF;IACxF,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,4EAA4E;IAC5E,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthResponseTypeSchema = z.enum([\n // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)\n 'code', // Authorization Code Grant\n 'token', // Implicit Grant\n\n // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)\n 'none',\n 'code id_token token',\n 'code id_token',\n 'code token',\n 'id_token token',\n 'id_token',\n])\n\nexport type OAuthResponseType = z.infer<typeof oauthResponseTypeSchema>\n"]}
|
package/dist/oauth-scope.d.ts
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
|
+
export declare const OAUTH_SCOPE_REGEXP: RegExp;
|
|
3
|
+
export declare const isOAuthScope: (input: string) => boolean;
|
|
2
4
|
/**
|
|
3
|
-
* A space separated list of
|
|
4
|
-
* and double quote.
|
|
5
|
+
* A (single) space separated list of non empty printable ASCII char string
|
|
6
|
+
* (except backslash and double quote).
|
|
5
7
|
*
|
|
6
8
|
* @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1}
|
|
7
9
|
*/
|
|
8
|
-
export declare const oauthScopeSchema: z.ZodString
|
|
10
|
+
export declare const oauthScopeSchema: z.ZodEffects<z.ZodString, string, string>;
|
|
9
11
|
export type OAuthScope = z.infer<typeof oauthScopeSchema>;
|
|
10
12
|
//# sourceMappingURL=oauth-scope.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-scope.d.ts","sourceRoot":"","sources":["../src/oauth-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-scope.d.ts","sourceRoot":"","sources":["../src/oauth-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,kBAAkB,QAC+B,CAAA;AAE9D,eAAO,MAAM,YAAY,GAAI,OAAO,MAAM,KAAG,OACb,CAAA;AAEhC;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,2CAE3B,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA"}
|
package/dist/oauth-scope.js
CHANGED
|
@@ -1,16 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.oauthScopeSchema = void 0;
|
|
3
|
+
exports.oauthScopeSchema = exports.isOAuthScope = exports.OAUTH_SCOPE_REGEXP = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
|
+
// scope = scope-token *( SP scope-token )
|
|
6
|
+
// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
|
|
7
|
+
exports.OAUTH_SCOPE_REGEXP = /^[\x21\x23-\x5B\x5D-\x7E]+(?: [\x21\x23-\x5B\x5D-\x7E]+)*$/;
|
|
8
|
+
const isOAuthScope = (input) => exports.OAUTH_SCOPE_REGEXP.test(input);
|
|
9
|
+
exports.isOAuthScope = isOAuthScope;
|
|
5
10
|
/**
|
|
6
|
-
* A space separated list of
|
|
7
|
-
* and double quote.
|
|
11
|
+
* A (single) space separated list of non empty printable ASCII char string
|
|
12
|
+
* (except backslash and double quote).
|
|
8
13
|
*
|
|
9
14
|
* @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1}
|
|
10
15
|
*/
|
|
11
|
-
exports.oauthScopeSchema = zod_1.z
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
|
|
15
|
-
.regex(/^[\x21\x23-\x5B\x5D-\x7E]+(?: [\x21\x23-\x5B\x5D-\x7E]+)*$/);
|
|
16
|
+
exports.oauthScopeSchema = zod_1.z.string().refine(exports.isOAuthScope, {
|
|
17
|
+
message: 'Invalid OAuth scope',
|
|
18
|
+
});
|
|
16
19
|
//# sourceMappingURL=oauth-scope.js.map
|
package/dist/oauth-scope.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-scope.js","sourceRoot":"","sources":["../src/oauth-scope.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;;;;GAKG;AACU,QAAA,gBAAgB,GAAG,OAAC
|
|
1
|
+
{"version":3,"file":"oauth-scope.js","sourceRoot":"","sources":["../src/oauth-scope.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,gDAAgD;AAChD,+CAA+C;AAClC,QAAA,kBAAkB,GAC7B,4DAA4D,CAAA;AAEvD,MAAM,YAAY,GAAG,CAAC,KAAa,EAAW,EAAE,CACrD,0BAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AADnB,QAAA,YAAY,gBACO;AAEhC;;;;;GAKG;AACU,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,oBAAY,EAAE;IAC9D,OAAO,EAAE,qBAAqB;CAC/B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n// scope = scope-token *( SP scope-token )\n// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )\nexport const OAUTH_SCOPE_REGEXP =\n /^[\\x21\\x23-\\x5B\\x5D-\\x7E]+(?: [\\x21\\x23-\\x5B\\x5D-\\x7E]+)*$/\n\nexport const isOAuthScope = (input: string): boolean =>\n OAUTH_SCOPE_REGEXP.test(input)\n\n/**\n * A (single) space separated list of non empty printable ASCII char string\n * (except backslash and double quote).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1}\n */\nexport const oauthScopeSchema = z.string().refine(isOAuthScope, {\n message: 'Invalid OAuth scope',\n})\n\nexport type OAuthScope = z.infer<typeof oauthScopeSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token-identification.js","sourceRoot":"","sources":["../src/oauth-token-identification.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mEAAgE;AAChE,qEAAkE;AAErD,QAAA,8BAA8B,GAAG,OAAC,CAAC,MAAM,CAAC;IACrD,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,8CAAsB,EAAE,gDAAuB,CAAC,CAAC;IACjE,eAAe,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtE,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-token-identification.js","sourceRoot":"","sources":["../src/oauth-token-identification.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mEAAgE;AAChE,qEAAkE;AAErD,QAAA,8BAA8B,GAAG,OAAC,CAAC,MAAM,CAAC;IACrD,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,8CAAsB,EAAE,gDAAuB,CAAC,CAAC;IACjE,eAAe,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtE,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAccessTokenSchema } from './oauth-access-token.js'\nimport { oauthRefreshTokenSchema } from './oauth-refresh-token.js'\n\nexport const oauthTokenIdentificationSchema = z.object({\n token: z.union([oauthAccessTokenSchema, oauthRefreshTokenSchema]),\n token_type_hint: z.enum(['access_token', 'refresh_token']).optional(),\n})\n\nexport type OAuthTokenIdentification = z.infer<\n typeof oauthTokenIdentificationSchema\n>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token-request.js","sourceRoot":"","sources":["../src/oauth-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,uHAAiH;AACjH,uHAAiH;AACjH,mGAA8F;AAC9F,6GAAuG;AAE1F,QAAA,uBAAuB,GAAG,OAAC,CAAC,kBAAkB,CAAC,YAAY,EAAE;IACxE,+FAA6C;IAC7C,qFAAwC;IACxC,4EAAoC;IACpC,+FAA6C;CAC9C,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-token-request.js","sourceRoot":"","sources":["../src/oauth-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,uHAAiH;AACjH,uHAAiH;AACjH,mGAA8F;AAC9F,6GAAuG;AAE1F,QAAA,uBAAuB,GAAG,OAAC,CAAC,kBAAkB,CAAC,YAAY,EAAE;IACxE,+FAA6C;IAC7C,qFAAwC;IACxC,4EAAoC;IACpC,+FAA6C;CAC9C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationCodeGrantTokenRequestSchema } from './oauth-authorization-code-grant-token-request.js'\nimport { oauthClientCredentialsGrantTokenRequestSchema } from './oauth-client-credentials-grant-token-request.js'\nimport { oauthPasswordGrantTokenRequestSchema } from './oauth-password-grant-token-request.js'\nimport { oauthRefreshTokenGrantTokenRequestSchema } from './oauth-refresh-token-grant-token-request.js'\n\nexport const oauthTokenRequestSchema = z.discriminatedUnion('grant_type', [\n oauthAuthorizationCodeGrantTokenRequestSchema,\n oauthRefreshTokenGrantTokenRequestSchema,\n oauthPasswordGrantTokenRequestSchema,\n oauthClientCredentialsGrantTokenRequestSchema,\n])\n\nexport type OAuthTokenRequest = z.infer<typeof oauthTokenRequestSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,0DAA0D;IAC1D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,sEAAsE;IACtE,QAAQ,EAAE,qBAAe,CAAC,QAAQ,EAAE;IACpC,iFAAiF;IACjF,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,0DAA0D;IAC1D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,sEAAsE;IACtE,QAAQ,EAAE,qBAAe,CAAC,QAAQ,EAAE;IACpC,iFAAiF;IACjF,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthTokenTypeSchema } from './oauth-token-type.js'\n\n/**\n * @see {@link https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1 | RFC 6749 (OAuth2), Section 5.1}\n */\nexport const oauthTokenResponseSchema = z\n .object({\n // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n access_token: z.string(),\n token_type: oauthTokenTypeSchema,\n scope: z.string().optional(),\n refresh_token: z.string().optional(),\n expires_in: z.number().optional(),\n // https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse\n id_token: signedJwtSchema.optional(),\n // https://datatracker.ietf.org/doc/html/rfc9396#name-enriched-authorization-deta\n authorization_details: oauthAuthorizationDetailsSchema.optional(),\n })\n // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n // > The client MUST ignore unrecognized value names in the response.\n .passthrough()\n\n/**\n * @see {@link oauthTokenResponseSchema}\n */\nexport type OAuthTokenResponse = z.infer<typeof oauthTokenResponseSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token-type.js","sourceRoot":"","sources":["../src/oauth-token-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,4CAA4C;AAC/B,QAAA,oBAAoB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1C,OAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,SAAS,CAAC;SAChB,SAAS,CAAC,GAAG,EAAE,CAAC,MAAe,CAAC;IACnC,OAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,WAAW,CAAC;SAClB,SAAS,CAAC,GAAG,EAAE,CAAC,QAAiB,CAAC;CACtC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oauth-token-type.js","sourceRoot":"","sources":["../src/oauth-token-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,4CAA4C;AAC/B,QAAA,oBAAoB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1C,OAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,SAAS,CAAC;SAChB,SAAS,CAAC,GAAG,EAAE,CAAC,MAAe,CAAC;IACnC,OAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,WAAW,CAAC;SAClB,SAAS,CAAC,GAAG,EAAE,CAAC,QAAiB,CAAC;CACtC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n// Case insensitive input, normalized output\nexport const oauthTokenTypeSchema = z.union([\n z\n .string()\n .regex(/^DPoP$/i)\n .transform(() => 'DPoP' as const),\n z\n .string()\n .regex(/^Bearer$/i)\n .transform(() => 'Bearer' as const),\n])\n\nexport type OAuthTokenType = z.infer<typeof oauthTokenTypeSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc-authorization-error-response.js","sourceRoot":"","sources":["../src/oidc-authorization-error-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC,CAAC,IAAI,CAAC;IACzD,qSAAqS;IACrS,sBAAsB;IACtB,mRAAmR;IACnR,gBAAgB;IAChB,kbAAkb;IAClb,4BAA4B;IAC5B,qQAAqQ;IACrQ,kBAAkB;IAClB,0FAA0F;IAC1F,qBAAqB;IACrB,4DAA4D;IAC5D,wBAAwB;IACxB,6EAA6E;IAC7E,uBAAuB;IACvB,iFAAiF;IACjF,2BAA2B;IAC3B,sFAAsF;IACtF,4BAA4B;CAC7B,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oidc-authorization-error-response.js","sourceRoot":"","sources":["../src/oidc-authorization-error-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC,CAAC,IAAI,CAAC;IACzD,qSAAqS;IACrS,sBAAsB;IACtB,mRAAmR;IACnR,gBAAgB;IAChB,kbAAkb;IAClb,4BAA4B;IAC5B,qQAAqQ;IACrQ,kBAAkB;IAClB,0FAA0F;IAC1F,qBAAqB;IACrB,4DAA4D;IAC5D,wBAAwB;IACxB,6EAA6E;IAC7E,uBAAuB;IACvB,iFAAiF;IACjF,2BAA2B;IAC3B,sFAAsF;IACtF,4BAA4B;CAC7B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthError}\n */\nexport const oidcAuthorizationResponseErrorSchema = z.enum([\n // The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User interaction.\n 'interaction_required',\n // The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.\n 'login_required',\n // The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface to prompt for a session to use.\n 'account_selection_required',\n // The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User consent.\n 'consent_required',\n // The request_uri in the Authorization Request returns an error or contains invalid data.\n 'invalid_request_uri',\n // The request parameter contains an invalid Request Object.\n 'invalid_request_object',\n // The OP does not support use of the request parameter defined in Section 6.\n 'request_not_supported',\n // The OP does not support use of the request_uri parameter defined in Section 6.\n 'request_uri_not_supported',\n // The OP does not support use of the registration parameter defined in Section 7.2.1.\n 'registration_not_supported',\n])\n\nexport type OidcAuthorizationResponseError = z.infer<\n typeof oidcAuthorizationResponseErrorSchema\n>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc-claims-parameter.js","sourceRoot":"","sources":["../src/oidc-claims-parameter.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,yBAAyB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC9C,oGAAoG;IACpG,0EAA0E;IAC1E,WAAW;IAEX,OAAO;IACP,OAAO;IACP,KAAK;IAEL,0BAA0B;IAC1B,MAAM;IACN,aAAa;IACb,YAAY;IACZ,aAAa;IACb,UAAU;IACV,oBAAoB;IACpB,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,YAAY;IAEZ,wBAAwB;IACxB,OAAO;IACP,gBAAgB;IAEhB,wBAAwB;IACxB,cAAc;IACd,uBAAuB;IAEvB,0BAA0B;IAC1B,SAAS;CACV,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oidc-claims-parameter.js","sourceRoot":"","sources":["../src/oidc-claims-parameter.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,yBAAyB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC9C,oGAAoG;IACpG,0EAA0E;IAC1E,WAAW;IAEX,OAAO;IACP,OAAO;IACP,KAAK;IAEL,0BAA0B;IAC1B,MAAM;IACN,aAAa;IACb,YAAY;IACZ,aAAa;IACb,UAAU;IACV,oBAAoB;IACpB,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,YAAY;IAEZ,wBAAwB;IACxB,OAAO;IACP,gBAAgB;IAEhB,wBAAwB;IACxB,cAAc;IACd,uBAAuB;IAEvB,0BAA0B;IAC1B,SAAS;CACV,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcClaimsParameterSchema = z.enum([\n // https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.5.2\n // if client metadata \"require_auth_time\" is true, this *must* be provided\n 'auth_time',\n\n // OIDC\n 'nonce',\n 'acr',\n\n // OpenID: \"profile\" scope\n 'name',\n 'family_name',\n 'given_name',\n 'middle_name',\n 'nickname',\n 'preferred_username',\n 'gender',\n 'picture',\n 'profile',\n 'website',\n 'birthdate',\n 'zoneinfo',\n 'locale',\n 'updated_at',\n\n // OpenID: \"email\" scope\n 'email',\n 'email_verified',\n\n // OpenID: \"phone\" scope\n 'phone_number',\n 'phone_number_verified',\n\n // OpenID: \"address\" scope\n 'address',\n])\n\nexport type OidcClaimsParameter = z.infer<typeof oidcClaimsParameterSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc-claims-properties.js","sourceRoot":"","sources":["../src/oidc-claims-properties.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,MAAM,qBAAqB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAA;AAE/D,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;CAClD,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oidc-claims-properties.js","sourceRoot":"","sources":["../src/oidc-claims-properties.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,MAAM,qBAAqB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAA;AAE/D,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;CAClD,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nconst oidcClaimsValueSchema = z.union([z.string(), z.number(), z.boolean()])\n\nexport const oidcClaimsPropertiesSchema = z.object({\n essential: z.boolean().optional(),\n value: oidcClaimsValueSchema.optional(),\n values: z.array(oidcClaimsValueSchema).optional(),\n})\n\nexport type OidcClaimsProperties = z.infer<typeof oidcClaimsPropertiesSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc-entity-type.js","sourceRoot":"","sources":["../src/oidc-entity-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oidc-entity-type.js","sourceRoot":"","sources":["../src/oidc-entity-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcEntityTypeSchema = z.enum(['userinfo', 'id_token'])\n\nexport type OidcEntityType = z.infer<typeof oidcEntityTypeSchema>\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc-userinfo.js","sourceRoot":"","sources":["../src/oidc-userinfo.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEjE,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"oidc-userinfo.js","sourceRoot":"","sources":["../src/oidc-userinfo.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEjE,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcUserinfoSchema = z.object({\n sub: z.string(),\n iss: z.string().url().optional(),\n aud: z.union([z.string(), z.array(z.string()).min(1)]).optional(),\n\n email: z.string().email().optional(),\n email_verified: z.boolean().optional(),\n name: z.string().optional(),\n preferred_username: z.string().optional(),\n picture: z.string().url().optional(),\n})\n\nexport type OidcUserinfo = z.infer<typeof oidcUserinfoSchema>\n"]}
|
package/dist/uri.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"uri.d.ts","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"uri.d.ts","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;AAQ7C;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,0DAQ5B,CAAA;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAE5D,eAAO,MAAM,iBAAiB,2YA6B7B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc,qGA6C1B,CAAA;AAED,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,cAAc,CAAC,CAAA;AAEpD,eAAO,MAAM,YAAY,oXAqBrB,CAAA;AAEJ,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,YAAY,CAAC,CAAA;AAEhD,eAAO,MAAM,mBAAmB,kHAkF/B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,mBAAmB,CAAC,CAAA"}
|
package/dist/uri.js
CHANGED
|
@@ -3,19 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.privateUseUriSchema = exports.webUriSchema = exports.httpsUriSchema = exports.loopbackUriSchema = exports.dangerousUriSchema = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const util_js_1 = require("./util.js");
|
|
6
|
-
const canParseUrl =
|
|
7
|
-
// eslint-disable-next-line n/no-unsupported-features/node-builtins
|
|
8
|
-
URL.canParse ??
|
|
9
|
-
// URL.canParse is not available in Node.js < 18.7.0
|
|
10
|
-
((urlStr) => {
|
|
11
|
-
try {
|
|
12
|
-
new URL(urlStr);
|
|
13
|
-
return true;
|
|
14
|
-
}
|
|
15
|
-
catch {
|
|
16
|
-
return false;
|
|
17
|
-
}
|
|
18
|
-
});
|
|
19
6
|
/**
|
|
20
7
|
* Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).
|
|
21
8
|
*
|
|
@@ -23,7 +10,7 @@ URL.canParse ??
|
|
|
23
10
|
*/
|
|
24
11
|
exports.dangerousUriSchema = zod_1.z
|
|
25
12
|
.string()
|
|
26
|
-
.refine((data) => data.includes(':') && canParseUrl(data), {
|
|
13
|
+
.refine((data) => data.includes(':') && (0, util_js_1.canParseUrl)(data), {
|
|
27
14
|
message: 'Invalid URL',
|
|
28
15
|
});
|
|
29
16
|
exports.loopbackUriSchema = exports.dangerousUriSchema.superRefine((value, ctx) => {
|
|
@@ -127,11 +114,51 @@ exports.privateUseUriSchema = exports.dangerousUriSchema.superRefine((value, ctx
|
|
|
127
114
|
});
|
|
128
115
|
return false;
|
|
129
116
|
}
|
|
130
|
-
|
|
131
|
-
|
|
117
|
+
// https://datatracker.ietf.org/doc/html/rfc8252#section-7.1
|
|
118
|
+
//
|
|
119
|
+
// > When choosing a URI scheme to associate with the app, apps MUST use a
|
|
120
|
+
// > URI scheme based on a domain name under their control, expressed in
|
|
121
|
+
// > reverse order
|
|
122
|
+
//
|
|
123
|
+
// https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
|
|
124
|
+
//
|
|
125
|
+
// > In addition to the collision-resistant properties, requiring a URI
|
|
126
|
+
// > scheme based on a domain name that is under the control of the app can
|
|
127
|
+
// > help to prove ownership in the event of a dispute where two apps claim
|
|
128
|
+
// > the same private-use URI scheme (where one app is acting maliciously).
|
|
129
|
+
//
|
|
130
|
+
// We can't check for ownership here (as there is no concept of proven
|
|
131
|
+
// ownership in a generic validation logic), besides excluding local domains
|
|
132
|
+
// as they can't be controlled/owned by the app.
|
|
133
|
+
//
|
|
134
|
+
// https://atproto.com/specs/oauth
|
|
135
|
+
//
|
|
136
|
+
// > Any custom scheme must match the `client_id` hostname in reverse-domain
|
|
137
|
+
// > order.
|
|
138
|
+
//
|
|
139
|
+
// This ATPROTO specific requirement cannot be enforced here, (as there is
|
|
140
|
+
// no concept of `client_id` in this context).
|
|
141
|
+
const uriScheme = url.protocol.slice(0, -1); // remove trailing ":"
|
|
142
|
+
const urlDomain = uriScheme.split('.').reverse().join('.');
|
|
143
|
+
if ((0, util_js_1.isLocalHostname)(urlDomain)) {
|
|
144
|
+
ctx.addIssue({
|
|
145
|
+
code: zod_1.ZodIssueCode.custom,
|
|
146
|
+
message: `Private-use URI Scheme redirect URI must not be a local hostname`,
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
// https://datatracker.ietf.org/doc/html/rfc8252#section-7.1
|
|
150
|
+
//
|
|
151
|
+
// > Following the requirements of Section 3.2 of [RFC3986], as there is no
|
|
152
|
+
// > naming authority for private-use URI scheme redirects, only a single
|
|
153
|
+
// > slash ("/") appears after the scheme component.
|
|
154
|
+
if (url.href.startsWith(`${url.protocol}//`) ||
|
|
155
|
+
url.username ||
|
|
156
|
+
url.password ||
|
|
157
|
+
url.hostname ||
|
|
158
|
+
url.port) {
|
|
132
159
|
ctx.addIssue({
|
|
133
160
|
code: zod_1.ZodIssueCode.custom,
|
|
134
|
-
message:
|
|
161
|
+
message: `Private-Use URI Scheme must be in the form ${url.protocol}/<path> (as per RFC 8252)`,
|
|
135
162
|
});
|
|
136
163
|
return false;
|
|
137
164
|
}
|
package/dist/uri.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"uri.js","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,uCAAwD;AAExD,MAAM,WAAW;AACf,mEAAmE;AACnE,GAAG,CAAC,QAAQ;IACZ,oDAAoD;IACpD,CAAC,CAAC,MAAc,EAAW,EAAE;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,CAAC,CAAA;YACf,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAA;AAEJ;;;;GAIG;AACU,QAAA,kBAAkB,GAAG,OAAC;KAChC,MAAM,EAAE;KACR,MAAM,CACL,CAAC,IAAI,EAAiC,EAAE,CACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,EACzC;IACE,OAAO,EAAE,aAAa;CACvB,CACF,CAAA;AAOU,QAAA,iBAAiB,GAAG,0BAAkB,CAAC,WAAW,CAC7D,CACE,KAAK,EACL,GAAG,EAI6D,EAAE;IAClE,6CAA6C;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,CAAC,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,cAAc,GAAG,0BAAkB,CAAC,WAAW,CAC1D,CAAC,KAAK,EAAE,GAAG,EAAgC,EAAE;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,oDAAoD;IACpD,IAAI,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,4BAA4B;IAC9B,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAmC,EAAE;IAC3D,kEAAkE;IAClE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,yBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC;QACX,IAAI,EAAE,kBAAY,CAAC,MAAM;QACzB,OAAO,EAAE,+CAA+C;KACzD,CAAC,CAAA;IACF,OAAO,KAAK,CAAA;AACd,CAAC,CAAC,CAAA;AAIS,QAAA,mBAAmB,GAAG,0BAAkB,CAAC,WAAW,CAC/D,CAAC,KAAK,EAAE,GAAG,EAA6C,EAAE;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,6EAA6E;IAC7E,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,+DAA+D;SAClE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,iEAAiE;IACjE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjB,4DAA4D;QAC5D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,mHAAmH;SACtH,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA"}
|
|
1
|
+
{"version":3,"file":"uri.js","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,uCAKkB;AAElB;;;;GAIG;AACU,QAAA,kBAAkB,GAAG,OAAC;KAChC,MAAM,EAAE;KACR,MAAM,CACL,CAAC,IAAI,EAAiC,EAAE,CACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAA,qBAAW,EAAC,IAAI,CAAC,EACzC;IACE,OAAO,EAAE,aAAa;CACvB,CACF,CAAA;AAOU,QAAA,iBAAiB,GAAG,0BAAkB,CAAC,WAAW,CAC7D,CACE,KAAK,EACL,GAAG,EAI6D,EAAE;IAClE,6CAA6C;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,CAAC,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,cAAc,GAAG,0BAAkB,CAAC,WAAW,CAC1D,CAAC,KAAK,EAAE,GAAG,EAAgC,EAAE;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,oDAAoD;IACpD,IAAI,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,4BAA4B;IAC9B,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAmC,EAAE;IAC3D,kEAAkE;IAClE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,yBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC;QACX,IAAI,EAAE,kBAAY,CAAC,MAAM;QACzB,OAAO,EAAE,+CAA+C;KACzD,CAAC,CAAA;IACF,OAAO,KAAK,CAAA;AACd,CAAC,CAAC,CAAA;AAIS,QAAA,mBAAmB,GAAG,0BAAkB,CAAC,WAAW,CAC/D,CAAC,KAAK,EAAE,GAAG,EAA6C,EAAE;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,6EAA6E;IAC7E,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,+DAA+D;SAClE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,iEAAiE;IACjE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,4DAA4D;IAC5D,EAAE;IACF,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,EAAE;IACF,sEAAsE;IACtE,4EAA4E;IAC5E,gDAAgD;IAChD,EAAE;IACF,kCAAkC;IAClC,EAAE;IACF,4EAA4E;IAC5E,WAAW;IACX,EAAE;IACF,0EAA0E;IAC1E,8CAA8C;IAE9C,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,sBAAsB;IAClE,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE1D,IAAI,IAAA,yBAAe,EAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,oDAAoD;IACpD,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;QACxC,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,IAAI,EACR,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8CAA8C,GAAG,CAAC,QAAQ,2BAA2B;SAC/F,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n canParseUrl,\n isHostnameIP,\n isLocalHostname,\n isLoopbackHost,\n} from './util.js'\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n *\n * Any value that matches this schema is safe to parse using `new URL()`.\n */\nexport const dangerousUriSchema = z\n .string()\n .refine(\n (data): data is `${string}:${string}` =>\n data.includes(':') && canParseUrl(data),\n {\n message: 'Invalid URL',\n },\n )\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n */\nexport type DangerousUrl = TypeOf<typeof dangerousUriSchema>\n\nexport const loopbackUriSchema = dangerousUriSchema.superRefine(\n (\n value,\n ctx,\n ): value is\n | `http://[::1]${string}`\n | `http://localhost${'' | `${':' | '/' | '?' | '#'}${string}`}`\n | `http://127.0.0.1${'' | `${':' | '/' | '?' | '#'}${string}`}` => {\n // Loopback url must use the \"http:\" protocol\n if (!value.startsWith('http://')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"http:\" protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n if (!isLoopbackHost(url.hostname)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use \"localhost\", \"127.0.0.1\" or \"[::1]\" as hostname',\n })\n return false\n }\n\n return true\n },\n)\n\nexport type LoopbackUri = TypeOf<typeof loopbackUriSchema>\n\nexport const httpsUriSchema = dangerousUriSchema.superRefine(\n (value, ctx): value is `https://${string}` => {\n if (!value.startsWith('https://')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"https:\" protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n // Disallow loopback URLs with the `https:` protocol\n if (isLoopbackHost(url.hostname)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'https: URL must not use a loopback host',\n })\n return false\n }\n\n if (isHostnameIP(url.hostname)) {\n // Hostname is an IP address\n } else {\n // Hostname is a domain name\n if (!url.hostname.includes('.')) {\n // we don't depend on PSL here, so we only check for a dot\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Domain name must contain at least two segments',\n })\n return false\n }\n\n if (url.hostname.endsWith('.local')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Domain name must not end with \".local\"',\n })\n return false\n }\n }\n\n return true\n },\n)\n\nexport type HttpsUri = TypeOf<typeof httpsUriSchema>\n\nexport const webUriSchema = z\n .string()\n .superRefine((value, ctx): value is LoopbackUri | HttpsUri => {\n // discriminated union of `loopbackUriSchema` and `httpsUriSchema`\n if (value.startsWith('http://')) {\n const result = loopbackUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n }\n\n if (value.startsWith('https://')) {\n const result = httpsUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n }\n\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"http:\" or \"https:\" protocol',\n })\n return false\n })\n\nexport type WebUri = TypeOf<typeof webUriSchema>\n\nexport const privateUseUriSchema = dangerousUriSchema.superRefine(\n (value, ctx): value is `${string}.${string}:/${string}` => {\n const dotIdx = value.indexOf('.')\n const colonIdx = value.indexOf(':')\n\n // Optimization: avoid parsing the URL if the protocol does not contain a \".\"\n if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'Private-use URI scheme requires a \".\" as part of the protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n // Should be covered by the check before, but let's be extra sure\n if (!url.protocol.includes('.')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Invalid private-use URI scheme',\n })\n return false\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > When choosing a URI scheme to associate with the app, apps MUST use a\n // > URI scheme based on a domain name under their control, expressed in\n // > reverse order\n //\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > In addition to the collision-resistant properties, requiring a URI\n // > scheme based on a domain name that is under the control of the app can\n // > help to prove ownership in the event of a dispute where two apps claim\n // > the same private-use URI scheme (where one app is acting maliciously).\n //\n // We can't check for ownership here (as there is no concept of proven\n // ownership in a generic validation logic), besides excluding local domains\n // as they can't be controlled/owned by the app.\n //\n // https://atproto.com/specs/oauth\n //\n // > Any custom scheme must match the `client_id` hostname in reverse-domain\n // > order.\n //\n // This ATPROTO specific requirement cannot be enforced here, (as there is\n // no concept of `client_id` in this context).\n\n const uriScheme = url.protocol.slice(0, -1) // remove trailing \":\"\n const urlDomain = uriScheme.split('.').reverse().join('.')\n\n if (isLocalHostname(urlDomain)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: `Private-use URI Scheme redirect URI must not be a local hostname`,\n })\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > Following the requirements of Section 3.2 of [RFC3986], as there is no\n // > naming authority for private-use URI scheme redirects, only a single\n // > slash (\"/\") appears after the scheme component.\n if (\n url.href.startsWith(`${url.protocol}//`) ||\n url.username ||\n url.password ||\n url.hostname ||\n url.port\n ) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: `Private-Use URI Scheme must be in the form ${url.protocol}/<path> (as per RFC 8252)`,\n })\n return false\n }\n\n return true\n },\n)\n\nexport type PrivateUseUri = TypeOf<typeof privateUseUriSchema>\n"]}
|