@atproto/oauth-types 0.5.2 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/oauth-authorization-code-grant-token-request.d.ts +1 -1
- package/dist/oauth-authorization-request-par.d.ts +4 -4
- package/dist/oauth-authorization-request-parameters.d.ts +4 -10
- package/dist/oauth-authorization-request-parameters.d.ts.map +1 -1
- package/dist/oauth-authorization-request-parameters.js +3 -7
- package/dist/oauth-authorization-request-parameters.js.map +1 -1
- package/dist/oauth-authorization-request-query.d.ts +4 -4
- package/dist/oauth-authorization-server-metadata.d.ts +12 -0
- package/dist/oauth-authorization-server-metadata.d.ts.map +1 -1
- package/dist/oauth-authorization-server-metadata.js +3 -0
- package/dist/oauth-authorization-server-metadata.js.map +1 -1
- package/dist/oauth-client-metadata.d.ts +1 -1
- package/dist/oauth-prompt-mode.d.ts +11 -0
- package/dist/oauth-prompt-mode.d.ts.map +1 -0
- package/dist/oauth-prompt-mode.js +19 -0
- package/dist/oauth-prompt-mode.js.map +1 -0
- package/dist/oauth-redirect-uri.d.ts +1 -1
- package/dist/oauth-redirect-uri.d.ts.map +1 -1
- package/dist/oauth-redirect-uri.js +28 -2
- package/dist/oauth-redirect-uri.js.map +1 -1
- package/dist/oauth-token-request.d.ts +1 -1
- package/dist/uri.d.ts.map +1 -1
- package/dist/uri.js +1 -1
- package/dist/uri.js.map +1 -1
- package/package.json +1 -1
- package/src/index.ts +1 -0
- package/src/oauth-authorization-request-parameters.ts +3 -7
- package/src/oauth-authorization-server-metadata.ts +4 -0
- package/src/oauth-prompt-mode.ts +18 -0
- package/src/oauth-redirect-uri.ts +29 -6
- package/src/uri.ts +2 -1
- package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# @atproto/oauth-types
|
|
2
2
|
|
|
3
|
+
## 0.6.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#4461](https://github.com/bluesky-social/atproto/pull/4461) [`5d8e7a6`](https://github.com/bluesky-social/atproto/commit/5d8e7a6588fc9e57e15d83d47bb45103205e3e41) Thanks [@ThisIsMissEm](https://github.com/ThisIsMissEm)! - Add prompt_values_supported to Authorization Server Metadata
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- [#4465](https://github.com/bluesky-social/atproto/pull/4465) [`95ef3c2`](https://github.com/bluesky-social/atproto/commit/95ef3c24e8072e9d49412950b033cb8607764ee0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Improve error message in case of invalid redirect uri
|
|
12
|
+
|
|
3
13
|
## 0.5.2
|
|
4
14
|
|
|
5
15
|
### Patch Changes
|
package/dist/index.d.ts
CHANGED
|
@@ -29,6 +29,7 @@ export * from './oauth-introspection-response.js';
|
|
|
29
29
|
export * from './oauth-issuer-identifier.js';
|
|
30
30
|
export * from './oauth-par-response.js';
|
|
31
31
|
export * from './oauth-password-grant-token-request.js';
|
|
32
|
+
export * from './oauth-prompt-mode.js';
|
|
32
33
|
export * from './oauth-protected-resource-metadata.js';
|
|
33
34
|
export * from './oauth-redirect-uri.js';
|
|
34
35
|
export * from './oauth-refresh-token-grant-token-request.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAA;AAC9B,cAAc,UAAU,CAAA;AACxB,cAAc,WAAW,CAAA;AAEzB,cAAc,iCAAiC,CAAA;AAC/C,cAAc,uCAAuC,CAAA;AACrD,cAAc,4CAA4C,CAAA;AAC1D,cAAc,0BAA0B,CAAA;AACxC,cAAc,mCAAmC,CAAA;AACjD,cAAc,yBAAyB,CAAA;AACvC,cAAc,mDAAmD,CAAA;AACjE,cAAc,kCAAkC,CAAA;AAChD,cAAc,sCAAsC,CAAA;AACpD,cAAc,sCAAsC,CAAA;AACpD,cAAc,6CAA6C,CAAA;AAC3D,cAAc,wCAAwC,CAAA;AACtD,cAAc,sCAAsC,CAAA;AACpD,cAAc,yCAAyC,CAAA;AACvD,cAAc,0CAA0C,CAAA;AACxD,cAAc,mDAAmD,CAAA;AACjE,cAAc,+BAA+B,CAAA;AAC7C,cAAc,mCAAmC,CAAA;AACjD,cAAc,+BAA+B,CAAA;AAC7C,cAAc,sBAAsB,CAAA;AACpC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,uBAAuB,CAAA;AACrC,cAAc,mCAAmC,CAAA;AACjD,cAAc,8BAA8B,CAAA;AAC5C,cAAc,yBAAyB,CAAA;AACvC,cAAc,yCAAyC,CAAA;AACvD,cAAc,wCAAwC,CAAA;AACtD,cAAc,yBAAyB,CAAA;AACvC,cAAc,8CAA8C,CAAA;AAC5D,cAAc,0BAA0B,CAAA;AACxC,cAAc,wBAAwB,CAAA;AACtC,cAAc,0BAA0B,CAAA;AACxC,cAAc,0BAA0B,CAAA;AACxC,cAAc,kBAAkB,CAAA;AAChC,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,2BAA2B,CAAA;AACzC,cAAc,uBAAuB,CAAA;AACrC,cAAc,wCAAwC,CAAA;AACtD,cAAc,4BAA4B,CAAA;AAC1C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,uBAAuB,CAAA;AACrC,cAAc,oBAAoB,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAA;AAC9B,cAAc,UAAU,CAAA;AACxB,cAAc,WAAW,CAAA;AAEzB,cAAc,iCAAiC,CAAA;AAC/C,cAAc,uCAAuC,CAAA;AACrD,cAAc,4CAA4C,CAAA;AAC1D,cAAc,0BAA0B,CAAA;AACxC,cAAc,mCAAmC,CAAA;AACjD,cAAc,yBAAyB,CAAA;AACvC,cAAc,mDAAmD,CAAA;AACjE,cAAc,kCAAkC,CAAA;AAChD,cAAc,sCAAsC,CAAA;AACpD,cAAc,sCAAsC,CAAA;AACpD,cAAc,6CAA6C,CAAA;AAC3D,cAAc,wCAAwC,CAAA;AACtD,cAAc,sCAAsC,CAAA;AACpD,cAAc,yCAAyC,CAAA;AACvD,cAAc,0CAA0C,CAAA;AACxD,cAAc,mDAAmD,CAAA;AACjE,cAAc,+BAA+B,CAAA;AAC7C,cAAc,mCAAmC,CAAA;AACjD,cAAc,+BAA+B,CAAA;AAC7C,cAAc,sBAAsB,CAAA;AACpC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,uBAAuB,CAAA;AACrC,cAAc,mCAAmC,CAAA;AACjD,cAAc,8BAA8B,CAAA;AAC5C,cAAc,yBAAyB,CAAA;AACvC,cAAc,yCAAyC,CAAA;AACvD,cAAc,wBAAwB,CAAA;AACtC,cAAc,wCAAwC,CAAA;AACtD,cAAc,yBAAyB,CAAA;AACvC,cAAc,8CAA8C,CAAA;AAC5D,cAAc,0BAA0B,CAAA;AACxC,cAAc,wBAAwB,CAAA;AACtC,cAAc,0BAA0B,CAAA;AACxC,cAAc,0BAA0B,CAAA;AACxC,cAAc,kBAAkB,CAAA;AAChC,cAAc,iCAAiC,CAAA;AAC/C,cAAc,0BAA0B,CAAA;AACxC,cAAc,2BAA2B,CAAA;AACzC,cAAc,uBAAuB,CAAA;AACrC,cAAc,wCAAwC,CAAA;AACtD,cAAc,4BAA4B,CAAA;AAC1C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,uBAAuB,CAAA;AACrC,cAAc,oBAAoB,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -45,6 +45,7 @@ __exportStar(require("./oauth-introspection-response.js"), exports);
|
|
|
45
45
|
__exportStar(require("./oauth-issuer-identifier.js"), exports);
|
|
46
46
|
__exportStar(require("./oauth-par-response.js"), exports);
|
|
47
47
|
__exportStar(require("./oauth-password-grant-token-request.js"), exports);
|
|
48
|
+
__exportStar(require("./oauth-prompt-mode.js"), exports);
|
|
48
49
|
__exportStar(require("./oauth-protected-resource-metadata.js"), exports);
|
|
49
50
|
__exportStar(require("./oauth-redirect-uri.js"), exports);
|
|
50
51
|
__exportStar(require("./oauth-refresh-token-grant-token-request.js"), exports);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA8B;AAC9B,2CAAwB;AACxB,4CAAyB;AAEzB,kEAA+C;AAC/C,wEAAqD;AACrD,6EAA0D;AAC1D,2DAAwC;AACxC,oEAAiD;AACjD,0DAAuC;AACvC,oFAAiE;AACjE,mEAAgD;AAChD,uEAAoD;AACpD,uEAAoD;AACpD,8EAA2D;AAC3D,yEAAsD;AACtD,uEAAoD;AACpD,0EAAuD;AACvD,2EAAwD;AACxD,oFAAiE;AACjE,gEAA6C;AAC7C,oEAAiD;AACjD,gEAA6C;AAC7C,uDAAoC;AACpC,6DAA0C;AAC1C,kEAA+C;AAC/C,2DAAwC;AACxC,wDAAqC;AACrC,oEAAiD;AACjD,+DAA4C;AAC5C,0DAAuC;AACvC,0EAAuD;AACvD,yEAAsD;AACtD,0DAAuC;AACvC,+EAA4D;AAC5D,2DAAwC;AACxC,yDAAsC;AACtC,2DAAwC;AACxC,2DAAwC;AACxC,mDAAgC;AAChC,kEAA+C;AAC/C,2DAAwC;AACxC,4DAAyC;AACzC,wDAAqC;AACrC,yEAAsD;AACtD,6DAA0C;AAC1C,8DAA2C;AAC3C,wDAAqC;AACrC,qDAAkC","sourcesContent":["export * from './constants.js'\nexport * from './uri.js'\nexport * from './util.js'\n\nexport * from './atproto-loopback-client-id.js'\nexport * from './atproto-loopback-client-metadata.js'\nexport * from './atproto-loopback-client-redirect-uris.js'\nexport * from './atproto-oauth-scope.js'\nexport * from './atproto-oauth-token-response.js'\nexport * from './oauth-access-token.js'\nexport * from './oauth-authorization-code-grant-token-request.js'\nexport * from './oauth-authorization-details.js'\nexport * from './oauth-authorization-request-jar.js'\nexport * from './oauth-authorization-request-par.js'\nexport * from './oauth-authorization-request-parameters.js'\nexport * from './oauth-authorization-request-query.js'\nexport * from './oauth-authorization-request-uri.js'\nexport * from './oauth-authorization-response-error.js'\nexport * from './oauth-authorization-server-metadata.js'\nexport * from './oauth-client-credentials-grant-token-request.js'\nexport * from './oauth-client-credentials.js'\nexport * from './oauth-client-id-discoverable.js'\nexport * from './oauth-client-id-loopback.js'\nexport * from './oauth-client-id.js'\nexport * from './oauth-client-metadata.js'\nexport * from './oauth-endpoint-auth-method.js'\nexport * from './oauth-endpoint-name.js'\nexport * from './oauth-grant-type.js'\nexport * from './oauth-introspection-response.js'\nexport * from './oauth-issuer-identifier.js'\nexport * from './oauth-par-response.js'\nexport * from './oauth-password-grant-token-request.js'\nexport * from './oauth-protected-resource-metadata.js'\nexport * from './oauth-redirect-uri.js'\nexport * from './oauth-refresh-token-grant-token-request.js'\nexport * from './oauth-refresh-token.js'\nexport * from './oauth-request-uri.js'\nexport * from './oauth-response-mode.js'\nexport * from './oauth-response-type.js'\nexport * from './oauth-scope.js'\nexport * from './oauth-token-identification.js'\nexport * from './oauth-token-request.js'\nexport * from './oauth-token-response.js'\nexport * from './oauth-token-type.js'\nexport * from './oidc-authorization-error-response.js'\nexport * from './oidc-claims-parameter.js'\nexport * from './oidc-claims-properties.js'\nexport * from './oidc-entity-type.js'\nexport * from './oidc-userinfo.js'\n"]}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA8B;AAC9B,2CAAwB;AACxB,4CAAyB;AAEzB,kEAA+C;AAC/C,wEAAqD;AACrD,6EAA0D;AAC1D,2DAAwC;AACxC,oEAAiD;AACjD,0DAAuC;AACvC,oFAAiE;AACjE,mEAAgD;AAChD,uEAAoD;AACpD,uEAAoD;AACpD,8EAA2D;AAC3D,yEAAsD;AACtD,uEAAoD;AACpD,0EAAuD;AACvD,2EAAwD;AACxD,oFAAiE;AACjE,gEAA6C;AAC7C,oEAAiD;AACjD,gEAA6C;AAC7C,uDAAoC;AACpC,6DAA0C;AAC1C,kEAA+C;AAC/C,2DAAwC;AACxC,wDAAqC;AACrC,oEAAiD;AACjD,+DAA4C;AAC5C,0DAAuC;AACvC,0EAAuD;AACvD,yDAAsC;AACtC,yEAAsD;AACtD,0DAAuC;AACvC,+EAA4D;AAC5D,2DAAwC;AACxC,yDAAsC;AACtC,2DAAwC;AACxC,2DAAwC;AACxC,mDAAgC;AAChC,kEAA+C;AAC/C,2DAAwC;AACxC,4DAAyC;AACzC,wDAAqC;AACrC,yEAAsD;AACtD,6DAA0C;AAC1C,8DAA2C;AAC3C,wDAAqC;AACrC,qDAAkC","sourcesContent":["export * from './constants.js'\nexport * from './uri.js'\nexport * from './util.js'\n\nexport * from './atproto-loopback-client-id.js'\nexport * from './atproto-loopback-client-metadata.js'\nexport * from './atproto-loopback-client-redirect-uris.js'\nexport * from './atproto-oauth-scope.js'\nexport * from './atproto-oauth-token-response.js'\nexport * from './oauth-access-token.js'\nexport * from './oauth-authorization-code-grant-token-request.js'\nexport * from './oauth-authorization-details.js'\nexport * from './oauth-authorization-request-jar.js'\nexport * from './oauth-authorization-request-par.js'\nexport * from './oauth-authorization-request-parameters.js'\nexport * from './oauth-authorization-request-query.js'\nexport * from './oauth-authorization-request-uri.js'\nexport * from './oauth-authorization-response-error.js'\nexport * from './oauth-authorization-server-metadata.js'\nexport * from './oauth-client-credentials-grant-token-request.js'\nexport * from './oauth-client-credentials.js'\nexport * from './oauth-client-id-discoverable.js'\nexport * from './oauth-client-id-loopback.js'\nexport * from './oauth-client-id.js'\nexport * from './oauth-client-metadata.js'\nexport * from './oauth-endpoint-auth-method.js'\nexport * from './oauth-endpoint-name.js'\nexport * from './oauth-grant-type.js'\nexport * from './oauth-introspection-response.js'\nexport * from './oauth-issuer-identifier.js'\nexport * from './oauth-par-response.js'\nexport * from './oauth-password-grant-token-request.js'\nexport * from './oauth-prompt-mode.js'\nexport * from './oauth-protected-resource-metadata.js'\nexport * from './oauth-redirect-uri.js'\nexport * from './oauth-refresh-token-grant-token-request.js'\nexport * from './oauth-refresh-token.js'\nexport * from './oauth-request-uri.js'\nexport * from './oauth-response-mode.js'\nexport * from './oauth-response-type.js'\nexport * from './oauth-scope.js'\nexport * from './oauth-token-identification.js'\nexport * from './oauth-token-request.js'\nexport * from './oauth-token-response.js'\nexport * from './oauth-token-type.js'\nexport * from './oidc-authorization-error-response.js'\nexport * from './oidc-claims-parameter.js'\nexport * from './oidc-claims-properties.js'\nexport * from './oidc-entity-type.js'\nexport * from './oidc-userinfo.js'\n"]}
|
|
@@ -2,7 +2,7 @@ import { z } from 'zod';
|
|
|
2
2
|
export declare const oauthAuthorizationCodeGrantTokenRequestSchema: z.ZodObject<{
|
|
3
3
|
grant_type: z.ZodLiteral<"authorization_code">;
|
|
4
4
|
code: z.ZodString;
|
|
5
|
-
redirect_uri: z.
|
|
5
|
+
redirect_uri: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>;
|
|
6
6
|
/** @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.1} */
|
|
7
7
|
code_verifier: z.ZodOptional<z.ZodString>;
|
|
8
8
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -2,7 +2,7 @@ import { z } from 'zod';
|
|
|
2
2
|
export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject<{
|
|
3
3
|
client_id: z.ZodString;
|
|
4
4
|
state: z.ZodOptional<z.ZodString>;
|
|
5
|
-
redirect_uri: z.ZodOptional<z.
|
|
5
|
+
redirect_uri: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>>;
|
|
6
6
|
scope: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
|
|
7
7
|
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
|
8
8
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
@@ -32,7 +32,7 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
32
32
|
ui_locales: z.ZodOptional<z.ZodString>;
|
|
33
33
|
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
34
34
|
display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
|
|
35
|
-
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
|
35
|
+
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account", "create"]>>;
|
|
36
36
|
authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
37
37
|
type: z.ZodString;
|
|
38
38
|
locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
|
|
@@ -91,7 +91,7 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
91
91
|
ui_locales?: string | undefined;
|
|
92
92
|
id_token_hint?: `${string}.${string}.${string}` | undefined;
|
|
93
93
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
94
|
-
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
94
|
+
prompt?: "none" | "login" | "consent" | "select_account" | "create" | undefined;
|
|
95
95
|
}, {
|
|
96
96
|
client_id: string;
|
|
97
97
|
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
@@ -110,7 +110,7 @@ export declare const oauthAuthorizationRequestParSchema: z.ZodUnion<[z.ZodObject
|
|
|
110
110
|
ui_locales?: string | undefined;
|
|
111
111
|
id_token_hint?: string | undefined;
|
|
112
112
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
113
|
-
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
113
|
+
prompt?: "none" | "login" | "consent" | "select_account" | "create" | undefined;
|
|
114
114
|
}>, z.ZodObject<{
|
|
115
115
|
request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
|
|
116
116
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -8,7 +8,7 @@ import { z } from 'zod';
|
|
|
8
8
|
export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
9
9
|
client_id: z.ZodString;
|
|
10
10
|
state: z.ZodOptional<z.ZodString>;
|
|
11
|
-
redirect_uri: z.ZodOptional<z.
|
|
11
|
+
redirect_uri: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>>;
|
|
12
12
|
scope: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
|
|
13
13
|
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
|
14
14
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
@@ -38,13 +38,7 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
38
38
|
ui_locales: z.ZodOptional<z.ZodString>;
|
|
39
39
|
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
40
40
|
display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
|
|
41
|
-
|
|
42
|
-
* - "none" will only be allowed if the user already allowed the client on the same device
|
|
43
|
-
* - "login" will force the user to login again, unless he very recently logged in
|
|
44
|
-
* - "consent" will force the user to consent again
|
|
45
|
-
* - "select_account" will force the user to select an account
|
|
46
|
-
*/
|
|
47
|
-
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
|
41
|
+
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account", "create"]>>;
|
|
48
42
|
authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
49
43
|
type: z.ZodString;
|
|
50
44
|
locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
|
|
@@ -103,7 +97,7 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
103
97
|
ui_locales?: string | undefined;
|
|
104
98
|
id_token_hint?: `${string}.${string}.${string}` | undefined;
|
|
105
99
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
106
|
-
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
100
|
+
prompt?: "none" | "login" | "consent" | "select_account" | "create" | undefined;
|
|
107
101
|
}, {
|
|
108
102
|
client_id: string;
|
|
109
103
|
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
@@ -122,7 +116,7 @@ export declare const oauthAuthorizationRequestParametersSchema: z.ZodObject<{
|
|
|
122
116
|
ui_locales?: string | undefined;
|
|
123
117
|
id_token_hint?: string | undefined;
|
|
124
118
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
125
|
-
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
119
|
+
prompt?: "none" | "login" | "consent" | "select_account" | "create" | undefined;
|
|
126
120
|
}>;
|
|
127
121
|
/**
|
|
128
122
|
* @see {oauthAuthorizationRequestParametersSchema}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-parameters.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAevB;;;;;GAKG;AACH,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuEpD,CAAA;AAEF;;GAEG;AACH,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,yCAAyC,CACjD,CAAA"}
|
|
@@ -6,6 +6,7 @@ const jwk_1 = require("@atproto/jwk");
|
|
|
6
6
|
const oauth_authorization_details_js_1 = require("./oauth-authorization-details.js");
|
|
7
7
|
const oauth_client_id_js_1 = require("./oauth-client-id.js");
|
|
8
8
|
const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
|
|
9
|
+
const oauth_prompt_mode_js_1 = require("./oauth-prompt-mode.js");
|
|
9
10
|
const oauth_redirect_uri_js_1 = require("./oauth-redirect-uri.js");
|
|
10
11
|
const oauth_response_mode_js_1 = require("./oauth-response-mode.js");
|
|
11
12
|
const oauth_response_type_js_1 = require("./oauth-response-type.js");
|
|
@@ -60,13 +61,8 @@ exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
|
|
|
60
61
|
id_token_hint: jwk_1.signedJwtSchema.optional(),
|
|
61
62
|
// Type of UI the AS is displayed on
|
|
62
63
|
display: zod_1.z.enum(['page', 'popup', 'touch', 'wap']).optional(),
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
* - "login" will force the user to login again, unless he very recently logged in
|
|
66
|
-
* - "consent" will force the user to consent again
|
|
67
|
-
* - "select_account" will force the user to select an account
|
|
68
|
-
*/
|
|
69
|
-
prompt: zod_1.z.enum(['none', 'login', 'consent', 'select_account']).optional(),
|
|
64
|
+
// How the AS should prompt the user for authorization:
|
|
65
|
+
prompt: oauth_prompt_mode_js_1.oauthPromptModeSchema.optional(),
|
|
70
66
|
// https://datatracker.ietf.org/doc/html/rfc9396
|
|
71
67
|
authorization_details: zod_1.z
|
|
72
68
|
.preprocess(util_js_1.jsonObjectPreprocess, oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,4DAA4D;IAC5D,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B,CAAC,QAAQ,EAAE;IAEhE,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D
|
|
1
|
+
{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,iEAA8D;AAC9D,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,4DAA4D;IAC5D,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B,CAAC,QAAQ,EAAE;IAEhE,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D,uDAAuD;IACvD,MAAM,EAAE,4CAAqB,CAAC,QAAQ,EAAE;IAExC,gDAAgD;IAChD,qBAAqB,EAAE,OAAC;SACrB,UAAU,CAAC,8BAAoB,EAAE,gEAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthPromptModeSchema } from './oauth-prompt-mode.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseModeSchema } from './oauth-response-mode.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'\nimport { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'\nimport { oidcEntityTypeSchema } from './oidc-entity-type.js'\nimport { jsonObjectPreprocess, numberPreprocess } from './util.js'\n\n/**\n * @note non string parameters will be converted from their string\n * representation since oauth request parameters are typically sent as URL\n * encoded form data or URL encoded query string.\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}\n */\nexport const oauthAuthorizationRequestParametersSchema = z.object({\n client_id: oauthClientIdSchema,\n state: z.string().optional(),\n redirect_uri: oauthRedirectUriSchema.optional(),\n scope: oauthScopeSchema.optional(),\n response_type: oauthResponseTypeSchema,\n\n // PKCE\n\n // https://datatracker.ietf.org/doc/html/rfc7636#section-4.3\n code_challenge: z.string().optional(),\n code_challenge_method: oauthCodeChallengeMethodSchema.optional(),\n\n // DPOP\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-12.3\n dpop_jkt: z.string().optional(),\n\n // OIDC\n\n // Default depend on response_type\n response_mode: oauthResponseModeSchema.optional(),\n\n nonce: z.string().optional(),\n\n // Specifies the allowable elapsed time in seconds since the last time the\n // End-User was actively authenticated by the OP. If the elapsed time is\n // greater than this value, the OP MUST attempt to actively re-authenticate\n // the End-User. (The max_age request parameter corresponds to the OpenID 2.0\n // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,\n // the ID Token returned MUST include an auth_time Claim Value. Note that\n // max_age=0 is equivalent to prompt=login.\n max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),\n\n claims: z\n .preprocess(\n jsonObjectPreprocess,\n z.record(\n oidcEntityTypeSchema,\n z.record(\n oidcClaimsParameterSchema,\n z.union([z.literal(null), oidcClaimsPropertiesSchema]),\n ),\n ),\n )\n .optional(),\n\n // https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter\n // Not supported by this library (yet?)\n // registration: clientMetadataSchema.optional(),\n\n login_hint: z.string().min(1).optional(),\n\n ui_locales: z\n .string()\n .regex(/^[a-z]{2,3}(-[A-Z]{2})?( [a-z]{2,3}(-[A-Z]{2})?)*$/) // fr-CA fr en\n .optional(),\n\n // Previous ID Token, should be provided when prompt=none is used\n id_token_hint: signedJwtSchema.optional(),\n\n // Type of UI the AS is displayed on\n display: z.enum(['page', 'popup', 'touch', 'wap']).optional(),\n\n // How the AS should prompt the user for authorization:\n prompt: oauthPromptModeSchema.optional(),\n\n // https://datatracker.ietf.org/doc/html/rfc9396\n authorization_details: z\n .preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)\n .optional(),\n})\n\n/**\n * @see {oauthAuthorizationRequestParametersSchema}\n */\nexport type OAuthAuthorizationRequestParameters = z.infer<\n typeof oauthAuthorizationRequestParametersSchema\n>\n"]}
|
|
@@ -2,7 +2,7 @@ import { z } from 'zod';
|
|
|
2
2
|
export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObject<{
|
|
3
3
|
client_id: z.ZodString;
|
|
4
4
|
state: z.ZodOptional<z.ZodString>;
|
|
5
|
-
redirect_uri: z.ZodOptional<z.
|
|
5
|
+
redirect_uri: z.ZodOptional<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>>;
|
|
6
6
|
scope: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
|
|
7
7
|
response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
|
|
8
8
|
code_challenge: z.ZodOptional<z.ZodString>;
|
|
@@ -32,7 +32,7 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
32
32
|
ui_locales: z.ZodOptional<z.ZodString>;
|
|
33
33
|
id_token_hint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
|
|
34
34
|
display: z.ZodOptional<z.ZodEnum<["page", "popup", "touch", "wap"]>>;
|
|
35
|
-
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account"]>>;
|
|
35
|
+
prompt: z.ZodOptional<z.ZodEnum<["none", "login", "consent", "select_account", "create"]>>;
|
|
36
36
|
authorization_details: z.ZodOptional<z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
37
37
|
type: z.ZodString;
|
|
38
38
|
locations: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, "many">>;
|
|
@@ -91,7 +91,7 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
91
91
|
ui_locales?: string | undefined;
|
|
92
92
|
id_token_hint?: `${string}.${string}.${string}` | undefined;
|
|
93
93
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
94
|
-
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
94
|
+
prompt?: "none" | "login" | "consent" | "select_account" | "create" | undefined;
|
|
95
95
|
}, {
|
|
96
96
|
client_id: string;
|
|
97
97
|
response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
|
|
@@ -110,7 +110,7 @@ export declare const oauthAuthorizationRequestQuerySchema: z.ZodUnion<[z.ZodObje
|
|
|
110
110
|
ui_locales?: string | undefined;
|
|
111
111
|
id_token_hint?: string | undefined;
|
|
112
112
|
display?: "page" | "popup" | "touch" | "wap" | undefined;
|
|
113
|
-
prompt?: "none" | "login" | "consent" | "select_account" | undefined;
|
|
113
|
+
prompt?: "none" | "login" | "consent" | "select_account" | "create" | undefined;
|
|
114
114
|
}>, z.ZodObject<{
|
|
115
115
|
request: z.ZodUnion<[z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>, z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}`, string>]>;
|
|
116
116
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -42,6 +42,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
|
42
42
|
dpop_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
43
43
|
protected_resources: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>, "many">>;
|
|
44
44
|
client_id_metadata_document_supported: z.ZodOptional<z.ZodBoolean>;
|
|
45
|
+
prompt_values_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<["none", "login", "consent", "select_account", "create"]>, "many">>;
|
|
45
46
|
}, "strip", z.ZodTypeAny, {
|
|
46
47
|
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
47
48
|
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
@@ -79,6 +80,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
|
79
80
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
80
81
|
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
81
82
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
83
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
82
84
|
}, {
|
|
83
85
|
issuer: string;
|
|
84
86
|
authorization_endpoint: string;
|
|
@@ -116,6 +118,7 @@ export declare const oauthAuthorizationServerMetadataSchema: z.ZodObject<{
|
|
|
116
118
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
117
119
|
protected_resources?: string[] | undefined;
|
|
118
120
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
121
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
119
122
|
}>;
|
|
120
123
|
export type OAuthAuthorizationServerMetadata = z.infer<typeof oauthAuthorizationServerMetadataSchema>;
|
|
121
124
|
export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
|
|
@@ -155,6 +158,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
155
158
|
dpop_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
156
159
|
protected_resources: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`, string>, "many">>;
|
|
157
160
|
client_id_metadata_document_supported: z.ZodOptional<z.ZodBoolean>;
|
|
161
|
+
prompt_values_supported: z.ZodOptional<z.ZodArray<z.ZodEnum<["none", "login", "consent", "select_account", "create"]>, "many">>;
|
|
158
162
|
}, "strip", z.ZodTypeAny, {
|
|
159
163
|
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
160
164
|
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
@@ -192,6 +196,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
192
196
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
193
197
|
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
194
198
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
199
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
195
200
|
}, {
|
|
196
201
|
issuer: string;
|
|
197
202
|
authorization_endpoint: string;
|
|
@@ -229,6 +234,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
229
234
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
230
235
|
protected_resources?: string[] | undefined;
|
|
231
236
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
237
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
232
238
|
}>, {
|
|
233
239
|
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
234
240
|
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
@@ -266,6 +272,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
266
272
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
267
273
|
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
268
274
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
275
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
269
276
|
}, {
|
|
270
277
|
issuer: string;
|
|
271
278
|
authorization_endpoint: string;
|
|
@@ -303,6 +310,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
303
310
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
304
311
|
protected_resources?: string[] | undefined;
|
|
305
312
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
313
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
306
314
|
}>, {
|
|
307
315
|
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
308
316
|
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
@@ -340,6 +348,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
340
348
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
341
349
|
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
342
350
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
351
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
343
352
|
}, {
|
|
344
353
|
issuer: string;
|
|
345
354
|
authorization_endpoint: string;
|
|
@@ -377,6 +386,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
377
386
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
378
387
|
protected_resources?: string[] | undefined;
|
|
379
388
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
389
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
380
390
|
}>, {
|
|
381
391
|
issuer: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
382
392
|
authorization_endpoint: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`;
|
|
@@ -414,6 +424,7 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
414
424
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
415
425
|
protected_resources?: (`http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}`)[] | undefined;
|
|
416
426
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
427
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
417
428
|
}, {
|
|
418
429
|
issuer: string;
|
|
419
430
|
authorization_endpoint: string;
|
|
@@ -451,5 +462,6 @@ export declare const oauthAuthorizationServerMetadataValidator: z.ZodEffects<z.Z
|
|
|
451
462
|
dpop_signing_alg_values_supported?: string[] | undefined;
|
|
452
463
|
protected_resources?: string[] | undefined;
|
|
453
464
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
465
|
+
prompt_values_supported?: ("none" | "login" | "consent" | "select_account" | "create")[] | undefined;
|
|
454
466
|
}>;
|
|
455
467
|
//# sourceMappingURL=oauth-authorization-server-metadata.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-server-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB;;;;;GAKG;AACH,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkEjD,CAAA;AAEF,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CACpD,OAAO,sCAAsC,CAC9C,CAAA;AAED,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmChD,CAAA"}
|
|
@@ -4,6 +4,7 @@ exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationSe
|
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
|
|
6
6
|
const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
|
|
7
|
+
const oauth_prompt_mode_js_1 = require("./oauth-prompt-mode.js");
|
|
7
8
|
const uri_js_1 = require("./uri.js");
|
|
8
9
|
/**
|
|
9
10
|
* @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
|
|
@@ -64,6 +65,8 @@ exports.oauthAuthorizationServerMetadataSchema = zod_1.z.object({
|
|
|
64
65
|
protected_resources: zod_1.z.array(uri_js_1.webUriSchema).optional(),
|
|
65
66
|
// https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
|
|
66
67
|
client_id_metadata_document_supported: zod_1.z.boolean().optional(),
|
|
68
|
+
// https://openid.net/specs/openid-connect-prompt-create-1_0.html#section-4.2
|
|
69
|
+
prompt_values_supported: zod_1.z.array(oauth_prompt_mode_js_1.oauthPromptModeSchema).optional(),
|
|
67
70
|
});
|
|
68
71
|
exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationServerMetadataSchema
|
|
69
72
|
.superRefine((data, ctx) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qFAAiF;AACjF,6EAA0E;AAC1E,qCAAuC;AAEvC;;;;;GAKG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,qBAAY,EAAE,eAAe;IAErD,cAAc,EAAE,qBAAY,EAAE,eAAe;IAC7C,wDAAwD;IACxD,qCAAqC,EAAE,OAAC;SACrC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAClB,4DAA4D;SAC3D,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wDAAwD;IACxD,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,uFAAuF;IACvF,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;
|
|
1
|
+
{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qFAAiF;AACjF,6EAA0E;AAC1E,iEAA8D;AAC9D,qCAAuC;AAEvC;;;;;GAKG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,qBAAY,EAAE,eAAe;IAErD,cAAc,EAAE,qBAAY,EAAE,eAAe;IAC7C,wDAAwD;IACxD,qCAAqC,EAAE,OAAC;SACrC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAClB,4DAA4D;SAC3D,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wDAAwD;IACxD,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,uFAAuF;IACvF,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,6EAA6E;IAC7E,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,4CAAqB,CAAC,CAAC,QAAQ,EAAE;CACnE,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC,EACvE,CAAC;QACD,2EAA2E;QAC3E,uCAAuC;QACvC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { oauthPromptModeSchema } from './oauth-prompt-mode.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthAuthorizationServerMetadataSchema = z.object({\n issuer: oauthIssuerIdentifierSchema,\n\n claims_supported: z.array(z.string()).optional(),\n claims_locales_supported: z.array(z.string()).optional(),\n claims_parameter_supported: z.boolean().optional(),\n request_parameter_supported: z.boolean().optional(),\n request_uri_parameter_supported: z.boolean().optional(),\n require_request_uri_registration: z.boolean().optional(),\n scopes_supported: z.array(z.string()).optional(),\n subject_types_supported: z.array(z.string()).optional(),\n response_types_supported: z.array(z.string()).optional(),\n response_modes_supported: z.array(z.string()).optional(),\n grant_types_supported: z.array(z.string()).optional(),\n code_challenge_methods_supported: z\n .array(oauthCodeChallengeMethodSchema)\n .min(1)\n .optional(),\n ui_locales_supported: z.array(z.string()).optional(),\n id_token_signing_alg_values_supported: z.array(z.string()).optional(),\n display_values_supported: z.array(z.string()).optional(),\n request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n authorization_response_iss_parameter_supported: z.boolean().optional(),\n authorization_details_types_supported: z.array(z.string()).optional(),\n request_object_encryption_alg_values_supported: z\n .array(z.string())\n .optional(),\n request_object_encryption_enc_values_supported: z\n .array(z.string())\n .optional(),\n\n jwks_uri: webUriSchema.optional(),\n\n authorization_endpoint: webUriSchema, // .optional(),\n\n token_endpoint: webUriSchema, // .optional(),\n // https://www.rfc-editor.org/rfc/rfc8414.html#section-2\n token_endpoint_auth_methods_supported: z\n .array(z.string())\n // > If omitted, the default is \"client_secret_basic\" [...].\n .default(['client_secret_basic']),\n token_endpoint_auth_signing_alg_values_supported: z\n .array(z.string())\n .optional(),\n\n revocation_endpoint: webUriSchema.optional(),\n introspection_endpoint: webUriSchema.optional(),\n pushed_authorization_request_endpoint: webUriSchema.optional(),\n\n require_pushed_authorization_requests: z.boolean().optional(),\n\n userinfo_endpoint: webUriSchema.optional(),\n end_session_endpoint: webUriSchema.optional(),\n registration_endpoint: webUriSchema.optional(),\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1\n dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n\n // https://www.rfc-editor.org/rfc/rfc9728.html#section-4\n protected_resources: z.array(webUriSchema).optional(),\n\n // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html\n client_id_metadata_document_supported: z.boolean().optional(),\n\n // https://openid.net/specs/openid-connect-prompt-create-1_0.html#section-4.2\n prompt_values_supported: z.array(oauthPromptModeSchema).optional(),\n})\n\nexport type OAuthAuthorizationServerMetadata = z.infer<\n typeof oauthAuthorizationServerMetadataSchema\n>\n\nexport const oauthAuthorizationServerMetadataValidator =\n oauthAuthorizationServerMetadataSchema\n .superRefine((data, ctx) => {\n if (\n data.require_pushed_authorization_requests &&\n !data.pushed_authorization_request_endpoint\n ) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message:\n '\"pushed_authorization_request_endpoint\" required when \"require_pushed_authorization_requests\" is true',\n })\n }\n })\n .superRefine((data, ctx) => {\n if (data.response_types_supported) {\n if (!data.response_types_supported.includes('code')) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Response type \"code\" is required',\n })\n }\n }\n })\n .superRefine((data, ctx) => {\n if (\n data.token_endpoint_auth_signing_alg_values_supported?.includes('none')\n ) {\n // https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3\n // > The value `none` MUST NOT be used.\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Client authentication method \"none\" is not allowed',\n })\n }\n })\n"]}
|
|
@@ -10,7 +10,7 @@ export declare const oauthClientMetadataSchema: z.ZodObject<{
|
|
|
10
10
|
/**
|
|
11
11
|
* @note redirect_uris require additional validation
|
|
12
12
|
*/
|
|
13
|
-
redirect_uris: z.ZodArray<z.
|
|
13
|
+
redirect_uris: z.ZodArray<z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>, "atleastone">;
|
|
14
14
|
response_types: z.ZodDefault<z.ZodArray<z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>, "atleastone">>;
|
|
15
15
|
grant_types: z.ZodDefault<z.ZodArray<z.ZodEnum<["authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer"]>, "atleastone">>;
|
|
16
16
|
scope: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
/**
|
|
3
|
+
* - "none" will only be allowed if the user already allowed the client on the same device
|
|
4
|
+
* - "login" will force the user to login again, unless he very recently logged in
|
|
5
|
+
* - "consent" will force the user to consent again
|
|
6
|
+
* - "select_account" will force the user to select an account
|
|
7
|
+
* - "create" will force the user registration screen
|
|
8
|
+
*/
|
|
9
|
+
export declare const oauthPromptModeSchema: z.ZodEnum<["none", "login", "consent", "select_account", "create"]>;
|
|
10
|
+
export type OAuthPromptMode = z.infer<typeof oauthPromptModeSchema>;
|
|
11
|
+
//# sourceMappingURL=oauth-prompt-mode.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-prompt-mode.d.ts","sourceRoot":"","sources":["../src/oauth-prompt-mode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,qEAMhC,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.oauthPromptModeSchema = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
/**
|
|
6
|
+
* - "none" will only be allowed if the user already allowed the client on the same device
|
|
7
|
+
* - "login" will force the user to login again, unless he very recently logged in
|
|
8
|
+
* - "consent" will force the user to consent again
|
|
9
|
+
* - "select_account" will force the user to select an account
|
|
10
|
+
* - "create" will force the user registration screen
|
|
11
|
+
*/
|
|
12
|
+
exports.oauthPromptModeSchema = zod_1.z.enum([
|
|
13
|
+
'none',
|
|
14
|
+
'login',
|
|
15
|
+
'consent',
|
|
16
|
+
'select_account',
|
|
17
|
+
'create',
|
|
18
|
+
]);
|
|
19
|
+
//# sourceMappingURL=oauth-prompt-mode.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-prompt-mode.js","sourceRoot":"","sources":["../src/oauth-prompt-mode.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;;;;;GAMG;AACU,QAAA,qBAAqB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC1C,MAAM;IACN,OAAO;IACP,SAAS;IACT,gBAAgB;IAChB,QAAQ;CACT,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * - \"none\" will only be allowed if the user already allowed the client on the same device\n * - \"login\" will force the user to login again, unless he very recently logged in\n * - \"consent\" will force the user to consent again\n * - \"select_account\" will force the user to select an account\n * - \"create\" will force the user registration screen\n */\nexport const oauthPromptModeSchema = z.enum([\n 'none',\n 'login',\n 'consent',\n 'select_account',\n 'create',\n])\n\nexport type OAuthPromptMode = z.infer<typeof oauthPromptModeSchema>\n"]}
|
|
@@ -17,6 +17,6 @@ export declare const loopbackRedirectURISchema: z.ZodEffects<z.ZodEffects<z.ZodE
|
|
|
17
17
|
export type LoopbackRedirectURI = TypeOf<typeof loopbackRedirectURISchema>;
|
|
18
18
|
export declare const oauthLoopbackClientRedirectUriSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, `${string}:${string}`, string>, `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}`, string>;
|
|
19
19
|
export type OAuthLoopbackRedirectURI = TypeOf<typeof oauthLoopbackClientRedirectUriSchema>;
|
|
20
|
-
export declare const oauthRedirectUriSchema: z.
|
|
20
|
+
export declare const oauthRedirectUriSchema: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>;
|
|
21
21
|
export type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>;
|
|
22
22
|
//# sourceMappingURL=oauth-redirect-uri.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-redirect-uri.d.ts","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-redirect-uri.d.ts","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;AAU7C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,2kBAarC,CAAA;AACD,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAE1E,eAAO,MAAM,oCAAoC,2kBAA4B,CAAA;AAC7E,MAAM,MAAM,wBAAwB,GAAG,MAAM,CAC3C,OAAO,oCAAoC,CAC5C,CAAA;AAED,eAAO,MAAM,sBAAsB,sQAyBhC,CAAA;AAEH,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,sBAAsB,CAAC,CAAA"}
|
|
@@ -28,7 +28,33 @@ exports.loopbackRedirectURISchema = uri_js_1.loopbackUriSchema.superRefine((valu
|
|
|
28
28
|
return true;
|
|
29
29
|
});
|
|
30
30
|
exports.oauthLoopbackClientRedirectUriSchema = exports.loopbackRedirectURISchema;
|
|
31
|
-
exports.oauthRedirectUriSchema = zod_1.z
|
|
32
|
-
|
|
31
|
+
exports.oauthRedirectUriSchema = zod_1.z
|
|
32
|
+
.string()
|
|
33
|
+
.superRefine((value, ctx) => {
|
|
34
|
+
if (value.startsWith('https:')) {
|
|
35
|
+
const result = uri_js_1.httpsUriSchema.safeParse(value);
|
|
36
|
+
if (!result.success)
|
|
37
|
+
result.error.issues.forEach(ctx.addIssue, ctx);
|
|
38
|
+
return result.success;
|
|
39
|
+
}
|
|
40
|
+
else if (value.startsWith('http:')) {
|
|
41
|
+
const result = exports.loopbackRedirectURISchema.safeParse(value);
|
|
42
|
+
if (!result.success)
|
|
43
|
+
result.error.issues.forEach(ctx.addIssue, ctx);
|
|
44
|
+
return result.success;
|
|
45
|
+
}
|
|
46
|
+
else if (/^[^.:]+(?:\.[^.:]+)+:/.test(value)) {
|
|
47
|
+
const result = uri_js_1.privateUseUriSchema.safeParse(value);
|
|
48
|
+
if (!result.success)
|
|
49
|
+
result.error.issues.forEach(ctx.addIssue, ctx);
|
|
50
|
+
return result.success;
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
ctx.addIssue({
|
|
54
|
+
code: zod_1.ZodIssueCode.custom,
|
|
55
|
+
message: 'URL must use the "https:" or "http:" protocol, or a private-use URI scheme (RFC 8252)',
|
|
56
|
+
});
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
33
59
|
});
|
|
34
60
|
//# sourceMappingURL=oauth-redirect-uri.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-redirect-uri.js","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,
|
|
1
|
+
{"version":3,"file":"oauth-redirect-uri.js","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,qCAOiB;AAEjB;;;;;;;;;;;;;GAaG;AACU,QAAA,yBAAyB,GAAG,0BAAiB,CAAC,WAAW,CACpE,CAAC,KAAK,EAAE,GAAG,EAA8D,EAAE;IACzE,IAAI,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,sGAAsG;SACzG,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAGY,QAAA,oCAAoC,GAAG,iCAAyB,CAAA;AAKhE,QAAA,sBAAsB,GAAG,OAAC;KACpC,MAAM,EAAE;KACR,WAAW,CACV,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,uBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,iCAAyB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,4BAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACnD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,uFAAuF;SAC1F,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n HttpsUri,\n LoopbackUri,\n PrivateUseUri,\n httpsUriSchema,\n loopbackUriSchema,\n privateUseUriSchema,\n} from './uri.js'\n\n/**\n * This is a {@link loopbackUriSchema} with the additional restriction that\n * the hostname `localhost` is not allowed.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 Loopback Redirect Considerations} RFC8252\n *\n * > While redirect URIs using localhost (i.e.,\n * > \"http://localhost:{port}/{path}\") function similarly to loopback IP\n * > redirects described in Section 7.3, the use of localhost is NOT\n * > RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather\n * > than localhost avoids inadvertently listening on network interfaces other\n * > than the loopback interface. It is also less susceptible to client-side\n * > firewalls and misconfigured host name resolution on the user's device.\n */\nexport const loopbackRedirectURISchema = loopbackUriSchema.superRefine(\n (value, ctx): value is Exclude<LoopbackUri, `http://localhost${string}`> => {\n if (value.startsWith('http://localhost')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'Use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead',\n })\n return false\n }\n\n return true\n },\n)\nexport type LoopbackRedirectURI = TypeOf<typeof loopbackRedirectURISchema>\n\nexport const oauthLoopbackClientRedirectUriSchema = loopbackRedirectURISchema\nexport type OAuthLoopbackRedirectURI = TypeOf<\n typeof oauthLoopbackClientRedirectUriSchema\n>\n\nexport const oauthRedirectUriSchema = z\n .string()\n .superRefine(\n (value, ctx): value is HttpsUri | LoopbackRedirectURI | PrivateUseUri => {\n if (value.startsWith('https:')) {\n const result = httpsUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n } else if (value.startsWith('http:')) {\n const result = loopbackRedirectURISchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n } else if (/^[^.:]+(?:\\.[^.:]+)+:/.test(value)) {\n const result = privateUseUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n } else {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'URL must use the \"https:\" or \"http:\" protocol, or a private-use URI scheme (RFC 8252)',\n })\n return false\n }\n },\n )\n\nexport type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>\n"]}
|
|
@@ -2,7 +2,7 @@ import { z } from 'zod';
|
|
|
2
2
|
export declare const oauthTokenRequestSchema: z.ZodDiscriminatedUnion<"grant_type", [z.ZodObject<{
|
|
3
3
|
grant_type: z.ZodLiteral<"authorization_code">;
|
|
4
4
|
code: z.ZodString;
|
|
5
|
-
redirect_uri: z.
|
|
5
|
+
redirect_uri: z.ZodEffects<z.ZodString, `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, string>;
|
|
6
6
|
code_verifier: z.ZodOptional<z.ZodString>;
|
|
7
7
|
}, "strip", z.ZodTypeAny, {
|
|
8
8
|
code: string;
|
package/dist/uri.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"uri.d.ts","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;AAQ7C;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,0DAQ5B,CAAA;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAE5D,eAAO,MAAM,iBAAiB,2YA6B7B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc,qGA6C1B,CAAA;AAED,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,cAAc,CAAC,CAAA;AAEpD,eAAO,MAAM,YAAY,oXAqBrB,CAAA;AAEJ,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,YAAY,CAAC,CAAA;AAEhD,eAAO,MAAM,mBAAmB,
|
|
1
|
+
{"version":3,"file":"uri.d.ts","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAA;AAQ7C;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,0DAQ5B,CAAA;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAE5D,eAAO,MAAM,iBAAiB,2YA6B7B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc,qGA6C1B,CAAA;AAED,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,cAAc,CAAC,CAAA;AAEpD,eAAO,MAAM,YAAY,oXAqBrB,CAAA;AAEJ,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,YAAY,CAAC,CAAA;AAEhD,eAAO,MAAM,mBAAmB,kHAmF/B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,mBAAmB,CAAC,CAAA"}
|
package/dist/uri.js
CHANGED
|
@@ -158,7 +158,7 @@ exports.privateUseUriSchema = exports.dangerousUriSchema.superRefine((value, ctx
|
|
|
158
158
|
url.port) {
|
|
159
159
|
ctx.addIssue({
|
|
160
160
|
code: zod_1.ZodIssueCode.custom,
|
|
161
|
-
message:
|
|
161
|
+
message: 'Private-Use URI Scheme must be in the form <scheme>:/{path} (notice the single slash!) as per RFC 8252',
|
|
162
162
|
});
|
|
163
163
|
return false;
|
|
164
164
|
}
|
package/dist/uri.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"uri.js","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,uCAKkB;AAElB;;;;GAIG;AACU,QAAA,kBAAkB,GAAG,OAAC;KAChC,MAAM,EAAE;KACR,MAAM,CACL,CAAC,IAAI,EAAiC,EAAE,CACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAA,qBAAW,EAAC,IAAI,CAAC,EACzC;IACE,OAAO,EAAE,aAAa;CACvB,CACF,CAAA;AAOU,QAAA,iBAAiB,GAAG,0BAAkB,CAAC,WAAW,CAC7D,CACE,KAAK,EACL,GAAG,EAI6D,EAAE;IAClE,6CAA6C;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,CAAC,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,cAAc,GAAG,0BAAkB,CAAC,WAAW,CAC1D,CAAC,KAAK,EAAE,GAAG,EAAgC,EAAE;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,oDAAoD;IACpD,IAAI,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,4BAA4B;IAC9B,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAmC,EAAE;IAC3D,kEAAkE;IAClE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,yBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC;QACX,IAAI,EAAE,kBAAY,CAAC,MAAM;QACzB,OAAO,EAAE,+CAA+C;KACzD,CAAC,CAAA;IACF,OAAO,KAAK,CAAA;AACd,CAAC,CAAC,CAAA;AAIS,QAAA,mBAAmB,GAAG,0BAAkB,CAAC,WAAW,CAC/D,CAAC,KAAK,EAAE,GAAG,EAA6C,EAAE;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,6EAA6E;IAC7E,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,+DAA+D;SAClE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,iEAAiE;IACjE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,4DAA4D;IAC5D,EAAE;IACF,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,EAAE;IACF,sEAAsE;IACtE,4EAA4E;IAC5E,gDAAgD;IAChD,EAAE;IACF,kCAAkC;IAClC,EAAE;IACF,4EAA4E;IAC5E,WAAW;IACX,EAAE;IACF,0EAA0E;IAC1E,8CAA8C;IAE9C,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,sBAAsB;IAClE,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE1D,IAAI,IAAA,yBAAe,EAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,oDAAoD;IACpD,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;QACxC,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,IAAI,EACR,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8CAA8C,GAAG,CAAC,QAAQ,2BAA2B;SAC/F,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n canParseUrl,\n isHostnameIP,\n isLocalHostname,\n isLoopbackHost,\n} from './util.js'\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n *\n * Any value that matches this schema is safe to parse using `new URL()`.\n */\nexport const dangerousUriSchema = z\n .string()\n .refine(\n (data): data is `${string}:${string}` =>\n data.includes(':') && canParseUrl(data),\n {\n message: 'Invalid URL',\n },\n )\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n */\nexport type DangerousUrl = TypeOf<typeof dangerousUriSchema>\n\nexport const loopbackUriSchema = dangerousUriSchema.superRefine(\n (\n value,\n ctx,\n ): value is\n | `http://[::1]${string}`\n | `http://localhost${'' | `${':' | '/' | '?' | '#'}${string}`}`\n | `http://127.0.0.1${'' | `${':' | '/' | '?' | '#'}${string}`}` => {\n // Loopback url must use the \"http:\" protocol\n if (!value.startsWith('http://')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"http:\" protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n if (!isLoopbackHost(url.hostname)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use \"localhost\", \"127.0.0.1\" or \"[::1]\" as hostname',\n })\n return false\n }\n\n return true\n },\n)\n\nexport type LoopbackUri = TypeOf<typeof loopbackUriSchema>\n\nexport const httpsUriSchema = dangerousUriSchema.superRefine(\n (value, ctx): value is `https://${string}` => {\n if (!value.startsWith('https://')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"https:\" protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n // Disallow loopback URLs with the `https:` protocol\n if (isLoopbackHost(url.hostname)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'https: URL must not use a loopback host',\n })\n return false\n }\n\n if (isHostnameIP(url.hostname)) {\n // Hostname is an IP address\n } else {\n // Hostname is a domain name\n if (!url.hostname.includes('.')) {\n // we don't depend on PSL here, so we only check for a dot\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Domain name must contain at least two segments',\n })\n return false\n }\n\n if (url.hostname.endsWith('.local')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Domain name must not end with \".local\"',\n })\n return false\n }\n }\n\n return true\n },\n)\n\nexport type HttpsUri = TypeOf<typeof httpsUriSchema>\n\nexport const webUriSchema = z\n .string()\n .superRefine((value, ctx): value is LoopbackUri | HttpsUri => {\n // discriminated union of `loopbackUriSchema` and `httpsUriSchema`\n if (value.startsWith('http://')) {\n const result = loopbackUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n }\n\n if (value.startsWith('https://')) {\n const result = httpsUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n }\n\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"http:\" or \"https:\" protocol',\n })\n return false\n })\n\nexport type WebUri = TypeOf<typeof webUriSchema>\n\nexport const privateUseUriSchema = dangerousUriSchema.superRefine(\n (value, ctx): value is `${string}.${string}:/${string}` => {\n const dotIdx = value.indexOf('.')\n const colonIdx = value.indexOf(':')\n\n // Optimization: avoid parsing the URL if the protocol does not contain a \".\"\n if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'Private-use URI scheme requires a \".\" as part of the protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n // Should be covered by the check before, but let's be extra sure\n if (!url.protocol.includes('.')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Invalid private-use URI scheme',\n })\n return false\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > When choosing a URI scheme to associate with the app, apps MUST use a\n // > URI scheme based on a domain name under their control, expressed in\n // > reverse order\n //\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > In addition to the collision-resistant properties, requiring a URI\n // > scheme based on a domain name that is under the control of the app can\n // > help to prove ownership in the event of a dispute where two apps claim\n // > the same private-use URI scheme (where one app is acting maliciously).\n //\n // We can't check for ownership here (as there is no concept of proven\n // ownership in a generic validation logic), besides excluding local domains\n // as they can't be controlled/owned by the app.\n //\n // https://atproto.com/specs/oauth\n //\n // > Any custom scheme must match the `client_id` hostname in reverse-domain\n // > order.\n //\n // This ATPROTO specific requirement cannot be enforced here, (as there is\n // no concept of `client_id` in this context).\n\n const uriScheme = url.protocol.slice(0, -1) // remove trailing \":\"\n const urlDomain = uriScheme.split('.').reverse().join('.')\n\n if (isLocalHostname(urlDomain)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: `Private-use URI Scheme redirect URI must not be a local hostname`,\n })\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > Following the requirements of Section 3.2 of [RFC3986], as there is no\n // > naming authority for private-use URI scheme redirects, only a single\n // > slash (\"/\") appears after the scheme component.\n if (\n url.href.startsWith(`${url.protocol}//`) ||\n url.username ||\n url.password ||\n url.hostname ||\n url.port\n ) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: `Private-Use URI Scheme must be in the form ${url.protocol}/<path> (as per RFC 8252)`,\n })\n return false\n }\n\n return true\n },\n)\n\nexport type PrivateUseUri = TypeOf<typeof privateUseUriSchema>\n"]}
|
|
1
|
+
{"version":3,"file":"uri.js","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,uCAKkB;AAElB;;;;GAIG;AACU,QAAA,kBAAkB,GAAG,OAAC;KAChC,MAAM,EAAE;KACR,MAAM,CACL,CAAC,IAAI,EAAiC,EAAE,CACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAA,qBAAW,EAAC,IAAI,CAAC,EACzC;IACE,OAAO,EAAE,aAAa;CACvB,CACF,CAAA;AAOU,QAAA,iBAAiB,GAAG,0BAAkB,CAAC,WAAW,CAC7D,CACE,KAAK,EACL,GAAG,EAI6D,EAAE;IAClE,6CAA6C;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,CAAC,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,cAAc,GAAG,0BAAkB,CAAC,WAAW,CAC1D,CAAC,KAAK,EAAE,GAAG,EAAgC,EAAE;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,oDAAoD;IACpD,IAAI,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,4BAA4B;IAC9B,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAmC,EAAE;IAC3D,kEAAkE;IAClE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,yBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC;QACX,IAAI,EAAE,kBAAY,CAAC,MAAM;QACzB,OAAO,EAAE,+CAA+C;KACzD,CAAC,CAAA;IACF,OAAO,KAAK,CAAA;AACd,CAAC,CAAC,CAAA;AAIS,QAAA,mBAAmB,GAAG,0BAAkB,CAAC,WAAW,CAC/D,CAAC,KAAK,EAAE,GAAG,EAA6C,EAAE;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,6EAA6E;IAC7E,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,+DAA+D;SAClE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,iEAAiE;IACjE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,4DAA4D;IAC5D,EAAE;IACF,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,EAAE;IACF,sEAAsE;IACtE,4EAA4E;IAC5E,gDAAgD;IAChD,EAAE;IACF,kCAAkC;IAClC,EAAE;IACF,4EAA4E;IAC5E,WAAW;IACX,EAAE;IACF,0EAA0E;IAC1E,8CAA8C;IAE9C,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,sBAAsB;IAClE,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE1D,IAAI,IAAA,yBAAe,EAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,oDAAoD;IACpD,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;QACxC,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,IAAI,EACR,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,wGAAwG;SAC3G,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n canParseUrl,\n isHostnameIP,\n isLocalHostname,\n isLoopbackHost,\n} from './util.js'\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n *\n * Any value that matches this schema is safe to parse using `new URL()`.\n */\nexport const dangerousUriSchema = z\n .string()\n .refine(\n (data): data is `${string}:${string}` =>\n data.includes(':') && canParseUrl(data),\n {\n message: 'Invalid URL',\n },\n )\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n */\nexport type DangerousUrl = TypeOf<typeof dangerousUriSchema>\n\nexport const loopbackUriSchema = dangerousUriSchema.superRefine(\n (\n value,\n ctx,\n ): value is\n | `http://[::1]${string}`\n | `http://localhost${'' | `${':' | '/' | '?' | '#'}${string}`}`\n | `http://127.0.0.1${'' | `${':' | '/' | '?' | '#'}${string}`}` => {\n // Loopback url must use the \"http:\" protocol\n if (!value.startsWith('http://')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"http:\" protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n if (!isLoopbackHost(url.hostname)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use \"localhost\", \"127.0.0.1\" or \"[::1]\" as hostname',\n })\n return false\n }\n\n return true\n },\n)\n\nexport type LoopbackUri = TypeOf<typeof loopbackUriSchema>\n\nexport const httpsUriSchema = dangerousUriSchema.superRefine(\n (value, ctx): value is `https://${string}` => {\n if (!value.startsWith('https://')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"https:\" protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n // Disallow loopback URLs with the `https:` protocol\n if (isLoopbackHost(url.hostname)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'https: URL must not use a loopback host',\n })\n return false\n }\n\n if (isHostnameIP(url.hostname)) {\n // Hostname is an IP address\n } else {\n // Hostname is a domain name\n if (!url.hostname.includes('.')) {\n // we don't depend on PSL here, so we only check for a dot\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Domain name must contain at least two segments',\n })\n return false\n }\n\n if (url.hostname.endsWith('.local')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Domain name must not end with \".local\"',\n })\n return false\n }\n }\n\n return true\n },\n)\n\nexport type HttpsUri = TypeOf<typeof httpsUriSchema>\n\nexport const webUriSchema = z\n .string()\n .superRefine((value, ctx): value is LoopbackUri | HttpsUri => {\n // discriminated union of `loopbackUriSchema` and `httpsUriSchema`\n if (value.startsWith('http://')) {\n const result = loopbackUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n }\n\n if (value.startsWith('https://')) {\n const result = httpsUriSchema.safeParse(value)\n if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n return result.success\n }\n\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'URL must use the \"http:\" or \"https:\" protocol',\n })\n return false\n })\n\nexport type WebUri = TypeOf<typeof webUriSchema>\n\nexport const privateUseUriSchema = dangerousUriSchema.superRefine(\n (value, ctx): value is `${string}.${string}:/${string}` => {\n const dotIdx = value.indexOf('.')\n const colonIdx = value.indexOf(':')\n\n // Optimization: avoid parsing the URL if the protocol does not contain a \".\"\n if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'Private-use URI scheme requires a \".\" as part of the protocol',\n })\n return false\n }\n\n const url = new URL(value)\n\n // Should be covered by the check before, but let's be extra sure\n if (!url.protocol.includes('.')) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: 'Invalid private-use URI scheme',\n })\n return false\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > When choosing a URI scheme to associate with the app, apps MUST use a\n // > URI scheme based on a domain name under their control, expressed in\n // > reverse order\n //\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > In addition to the collision-resistant properties, requiring a URI\n // > scheme based on a domain name that is under the control of the app can\n // > help to prove ownership in the event of a dispute where two apps claim\n // > the same private-use URI scheme (where one app is acting maliciously).\n //\n // We can't check for ownership here (as there is no concept of proven\n // ownership in a generic validation logic), besides excluding local domains\n // as they can't be controlled/owned by the app.\n //\n // https://atproto.com/specs/oauth\n //\n // > Any custom scheme must match the `client_id` hostname in reverse-domain\n // > order.\n //\n // This ATPROTO specific requirement cannot be enforced here, (as there is\n // no concept of `client_id` in this context).\n\n const uriScheme = url.protocol.slice(0, -1) // remove trailing \":\"\n const urlDomain = uriScheme.split('.').reverse().join('.')\n\n if (isLocalHostname(urlDomain)) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message: `Private-use URI Scheme redirect URI must not be a local hostname`,\n })\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > Following the requirements of Section 3.2 of [RFC3986], as there is no\n // > naming authority for private-use URI scheme redirects, only a single\n // > slash (\"/\") appears after the scheme component.\n if (\n url.href.startsWith(`${url.protocol}//`) ||\n url.username ||\n url.password ||\n url.hostname ||\n url.port\n ) {\n ctx.addIssue({\n code: ZodIssueCode.custom,\n message:\n 'Private-Use URI Scheme must be in the form <scheme>:/{path} (notice the single slash!) as per RFC 8252',\n })\n return false\n }\n\n return true\n },\n)\n\nexport type PrivateUseUri = TypeOf<typeof privateUseUriSchema>\n"]}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -30,6 +30,7 @@ export * from './oauth-introspection-response.js'
|
|
|
30
30
|
export * from './oauth-issuer-identifier.js'
|
|
31
31
|
export * from './oauth-par-response.js'
|
|
32
32
|
export * from './oauth-password-grant-token-request.js'
|
|
33
|
+
export * from './oauth-prompt-mode.js'
|
|
33
34
|
export * from './oauth-protected-resource-metadata.js'
|
|
34
35
|
export * from './oauth-redirect-uri.js'
|
|
35
36
|
export * from './oauth-refresh-token-grant-token-request.js'
|
|
@@ -3,6 +3,7 @@ import { signedJwtSchema } from '@atproto/jwk'
|
|
|
3
3
|
import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'
|
|
4
4
|
import { oauthClientIdSchema } from './oauth-client-id.js'
|
|
5
5
|
import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'
|
|
6
|
+
import { oauthPromptModeSchema } from './oauth-prompt-mode.js'
|
|
6
7
|
import { oauthRedirectUriSchema } from './oauth-redirect-uri.js'
|
|
7
8
|
import { oauthResponseModeSchema } from './oauth-response-mode.js'
|
|
8
9
|
import { oauthResponseTypeSchema } from './oauth-response-type.js'
|
|
@@ -82,13 +83,8 @@ export const oauthAuthorizationRequestParametersSchema = z.object({
|
|
|
82
83
|
// Type of UI the AS is displayed on
|
|
83
84
|
display: z.enum(['page', 'popup', 'touch', 'wap']).optional(),
|
|
84
85
|
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
* - "login" will force the user to login again, unless he very recently logged in
|
|
88
|
-
* - "consent" will force the user to consent again
|
|
89
|
-
* - "select_account" will force the user to select an account
|
|
90
|
-
*/
|
|
91
|
-
prompt: z.enum(['none', 'login', 'consent', 'select_account']).optional(),
|
|
86
|
+
// How the AS should prompt the user for authorization:
|
|
87
|
+
prompt: oauthPromptModeSchema.optional(),
|
|
92
88
|
|
|
93
89
|
// https://datatracker.ietf.org/doc/html/rfc9396
|
|
94
90
|
authorization_details: z
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { z } from 'zod'
|
|
2
2
|
import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'
|
|
3
3
|
import { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'
|
|
4
|
+
import { oauthPromptModeSchema } from './oauth-prompt-mode.js'
|
|
4
5
|
import { webUriSchema } from './uri.js'
|
|
5
6
|
|
|
6
7
|
/**
|
|
@@ -72,6 +73,9 @@ export const oauthAuthorizationServerMetadataSchema = z.object({
|
|
|
72
73
|
|
|
73
74
|
// https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
|
|
74
75
|
client_id_metadata_document_supported: z.boolean().optional(),
|
|
76
|
+
|
|
77
|
+
// https://openid.net/specs/openid-connect-prompt-create-1_0.html#section-4.2
|
|
78
|
+
prompt_values_supported: z.array(oauthPromptModeSchema).optional(),
|
|
75
79
|
})
|
|
76
80
|
|
|
77
81
|
export type OAuthAuthorizationServerMetadata = z.infer<
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { z } from 'zod'
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* - "none" will only be allowed if the user already allowed the client on the same device
|
|
5
|
+
* - "login" will force the user to login again, unless he very recently logged in
|
|
6
|
+
* - "consent" will force the user to consent again
|
|
7
|
+
* - "select_account" will force the user to select an account
|
|
8
|
+
* - "create" will force the user registration screen
|
|
9
|
+
*/
|
|
10
|
+
export const oauthPromptModeSchema = z.enum([
|
|
11
|
+
'none',
|
|
12
|
+
'login',
|
|
13
|
+
'consent',
|
|
14
|
+
'select_account',
|
|
15
|
+
'create',
|
|
16
|
+
])
|
|
17
|
+
|
|
18
|
+
export type OAuthPromptMode = z.infer<typeof oauthPromptModeSchema>
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { TypeOf, ZodIssueCode, z } from 'zod'
|
|
2
2
|
import {
|
|
3
|
+
HttpsUri,
|
|
3
4
|
LoopbackUri,
|
|
5
|
+
PrivateUseUri,
|
|
4
6
|
httpsUriSchema,
|
|
5
7
|
loopbackUriSchema,
|
|
6
8
|
privateUseUriSchema,
|
|
@@ -41,10 +43,31 @@ export type OAuthLoopbackRedirectURI = TypeOf<
|
|
|
41
43
|
typeof oauthLoopbackClientRedirectUriSchema
|
|
42
44
|
>
|
|
43
45
|
|
|
44
|
-
export const oauthRedirectUriSchema = z
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
)
|
|
46
|
+
export const oauthRedirectUriSchema = z
|
|
47
|
+
.string()
|
|
48
|
+
.superRefine(
|
|
49
|
+
(value, ctx): value is HttpsUri | LoopbackRedirectURI | PrivateUseUri => {
|
|
50
|
+
if (value.startsWith('https:')) {
|
|
51
|
+
const result = httpsUriSchema.safeParse(value)
|
|
52
|
+
if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)
|
|
53
|
+
return result.success
|
|
54
|
+
} else if (value.startsWith('http:')) {
|
|
55
|
+
const result = loopbackRedirectURISchema.safeParse(value)
|
|
56
|
+
if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)
|
|
57
|
+
return result.success
|
|
58
|
+
} else if (/^[^.:]+(?:\.[^.:]+)+:/.test(value)) {
|
|
59
|
+
const result = privateUseUriSchema.safeParse(value)
|
|
60
|
+
if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)
|
|
61
|
+
return result.success
|
|
62
|
+
} else {
|
|
63
|
+
ctx.addIssue({
|
|
64
|
+
code: ZodIssueCode.custom,
|
|
65
|
+
message:
|
|
66
|
+
'URL must use the "https:" or "http:" protocol, or a private-use URI scheme (RFC 8252)',
|
|
67
|
+
})
|
|
68
|
+
return false
|
|
69
|
+
}
|
|
70
|
+
},
|
|
71
|
+
)
|
|
72
|
+
|
|
50
73
|
export type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>
|
package/src/uri.ts
CHANGED
|
@@ -208,7 +208,8 @@ export const privateUseUriSchema = dangerousUriSchema.superRefine(
|
|
|
208
208
|
) {
|
|
209
209
|
ctx.addIssue({
|
|
210
210
|
code: ZodIssueCode.custom,
|
|
211
|
-
message:
|
|
211
|
+
message:
|
|
212
|
+
'Private-Use URI Scheme must be in the form <scheme>:/{path} (notice the single slash!) as per RFC 8252',
|
|
212
213
|
})
|
|
213
214
|
return false
|
|
214
215
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"root":["./src/atproto-loopback-client-id.ts","./src/atproto-loopback-client-metadata.ts","./src/atproto-loopback-client-redirect-uris.ts","./src/atproto-oauth-scope.ts","./src/atproto-oauth-token-response.ts","./src/constants.ts","./src/index.ts","./src/oauth-access-token.ts","./src/oauth-authorization-code-grant-token-request.ts","./src/oauth-authorization-details.ts","./src/oauth-authorization-request-jar.ts","./src/oauth-authorization-request-par.ts","./src/oauth-authorization-request-parameters.ts","./src/oauth-authorization-request-query.ts","./src/oauth-authorization-request-uri.ts","./src/oauth-authorization-response-error.ts","./src/oauth-authorization-server-metadata.ts","./src/oauth-client-credentials-grant-token-request.ts","./src/oauth-client-credentials.ts","./src/oauth-client-id-discoverable.ts","./src/oauth-client-id-loopback.ts","./src/oauth-client-id.ts","./src/oauth-client-metadata.ts","./src/oauth-code-challenge-method.ts","./src/oauth-endpoint-auth-method.ts","./src/oauth-endpoint-name.ts","./src/oauth-grant-type.ts","./src/oauth-introspection-response.ts","./src/oauth-issuer-identifier.ts","./src/oauth-par-response.ts","./src/oauth-password-grant-token-request.ts","./src/oauth-protected-resource-metadata.ts","./src/oauth-redirect-uri.ts","./src/oauth-refresh-token-grant-token-request.ts","./src/oauth-refresh-token.ts","./src/oauth-request-uri.ts","./src/oauth-response-mode.ts","./src/oauth-response-type.ts","./src/oauth-scope.ts","./src/oauth-token-identification.ts","./src/oauth-token-request.ts","./src/oauth-token-response.ts","./src/oauth-token-type.ts","./src/oidc-authorization-error-response.ts","./src/oidc-claims-parameter.ts","./src/oidc-claims-properties.ts","./src/oidc-entity-type.ts","./src/oidc-userinfo.ts","./src/uri.ts","./src/util.ts"],"version":"5.8.2"}
|
|
1
|
+
{"root":["./src/atproto-loopback-client-id.ts","./src/atproto-loopback-client-metadata.ts","./src/atproto-loopback-client-redirect-uris.ts","./src/atproto-oauth-scope.ts","./src/atproto-oauth-token-response.ts","./src/constants.ts","./src/index.ts","./src/oauth-access-token.ts","./src/oauth-authorization-code-grant-token-request.ts","./src/oauth-authorization-details.ts","./src/oauth-authorization-request-jar.ts","./src/oauth-authorization-request-par.ts","./src/oauth-authorization-request-parameters.ts","./src/oauth-authorization-request-query.ts","./src/oauth-authorization-request-uri.ts","./src/oauth-authorization-response-error.ts","./src/oauth-authorization-server-metadata.ts","./src/oauth-client-credentials-grant-token-request.ts","./src/oauth-client-credentials.ts","./src/oauth-client-id-discoverable.ts","./src/oauth-client-id-loopback.ts","./src/oauth-client-id.ts","./src/oauth-client-metadata.ts","./src/oauth-code-challenge-method.ts","./src/oauth-endpoint-auth-method.ts","./src/oauth-endpoint-name.ts","./src/oauth-grant-type.ts","./src/oauth-introspection-response.ts","./src/oauth-issuer-identifier.ts","./src/oauth-par-response.ts","./src/oauth-password-grant-token-request.ts","./src/oauth-prompt-mode.ts","./src/oauth-protected-resource-metadata.ts","./src/oauth-redirect-uri.ts","./src/oauth-refresh-token-grant-token-request.ts","./src/oauth-refresh-token.ts","./src/oauth-request-uri.ts","./src/oauth-response-mode.ts","./src/oauth-response-type.ts","./src/oauth-scope.ts","./src/oauth-token-identification.ts","./src/oauth-token-request.ts","./src/oauth-token-response.ts","./src/oauth-token-type.ts","./src/oidc-authorization-error-response.ts","./src/oidc-claims-parameter.ts","./src/oidc-claims-properties.ts","./src/oidc-entity-type.ts","./src/oidc-userinfo.ts","./src/uri.ts","./src/util.ts"],"version":"5.8.2"}
|