@atproto/oauth-types 0.6.3 → 0.7.0

package/dist/oauth-authorization-request-par.js

@@ -1,11 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthorizationRequestParSchema = void 0;
-const zod_1 = require("zod");
-const oauth_authorization_request_jar_js_1 = require("./oauth-authorization-request-jar.js");
-const oauth_authorization_request_parameters_js_1 = require("./oauth-authorization-request-parameters.js");
-exports.oauthAuthorizationRequestParSchema = zod_1.z.union([
-    oauth_authorization_request_parameters_js_1.oauthAuthorizationRequestParametersSchema,
-    oauth_authorization_request_jar_js_1.oauthAuthorizationRequestJarSchema,
+import { z } from 'zod';
+import { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js';
+import { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js';
+export const oauthAuthorizationRequestParSchema = z.union([
+    oauthAuthorizationRequestParametersSchema,
+    oauthAuthorizationRequestJarSchema,
 ]);
 //# sourceMappingURL=oauth-authorization-request-par.js.map

package/dist/oauth-authorization-request-par.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-request-par.js","sourceRoot":"","sources":["../src/oauth-authorization-request-par.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6FAAyF;AACzF,2GAAuG;AAE1F,QAAA,kCAAkC,GAAG,OAAC,CAAC,KAAK,CAAC;IACxD,qFAAyC;IACzC,uEAAkC;CACnC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js'\nimport { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js'\n\nexport const oauthAuthorizationRequestParSchema = z.union([\n  oauthAuthorizationRequestParametersSchema,\n  oauthAuthorizationRequestJarSchema,\n])\n\nexport type OAuthAuthorizationRequestPar = z.infer<\n  typeof oauthAuthorizationRequestParSchema\n>\n"]}
+{"version":3,"file":"oauth-authorization-request-par.js","sourceRoot":"","sources":["../src/oauth-authorization-request-par.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,kCAAkC,EAAE,MAAM,sCAAsC,CAAA;AACzF,OAAO,EAAE,yCAAyC,EAAE,MAAM,6CAA6C,CAAA;AAEvG,MAAM,CAAC,MAAM,kCAAkC,GAAG,CAAC,CAAC,KAAK,CAAC;IACxD,yCAAyC;IACzC,kCAAkC;CACnC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js'\nimport { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js'\n\nexport const oauthAuthorizationRequestParSchema = z.union([\n  oauthAuthorizationRequestParametersSchema,\n  oauthAuthorizationRequestJarSchema,\n])\n\nexport type OAuthAuthorizationRequestPar = z.infer<\n  typeof oauthAuthorizationRequestParSchema\n>\n"]}

package/dist/oauth-authorization-request-parameters.js

@@ -1,43 +1,40 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthorizationRequestParametersSchema = void 0;
-const zod_1 = require("zod");
-const jwk_1 = require("@atproto/jwk");
-const oauth_authorization_details_js_1 = require("./oauth-authorization-details.js");
-const oauth_client_id_js_1 = require("./oauth-client-id.js");
-const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
-const oauth_prompt_mode_js_1 = require("./oauth-prompt-mode.js");
-const oauth_redirect_uri_js_1 = require("./oauth-redirect-uri.js");
-const oauth_response_mode_js_1 = require("./oauth-response-mode.js");
-const oauth_response_type_js_1 = require("./oauth-response-type.js");
-const oauth_scope_js_1 = require("./oauth-scope.js");
-const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
-const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
-const oidc_entity_type_js_1 = require("./oidc-entity-type.js");
-const util_js_1 = require("./util.js");
+import { z } from 'zod';
+import { signedJwtSchema } from '@atproto/jwk';
+import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js';
+import { oauthClientIdSchema } from './oauth-client-id.js';
+import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js';
+import { oauthPromptModeSchema } from './oauth-prompt-mode.js';
+import { oauthRedirectUriSchema } from './oauth-redirect-uri.js';
+import { oauthResponseModeSchema } from './oauth-response-mode.js';
+import { oauthResponseTypeSchema } from './oauth-response-type.js';
+import { oauthScopeSchema } from './oauth-scope.js';
+import { oidcClaimsParameterSchema } from './oidc-claims-parameter.js';
+import { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js';
+import { oidcEntityTypeSchema } from './oidc-entity-type.js';
+import { jsonObjectPreprocess, numberPreprocess } from './util.js';
 /**
  * @note non string parameters will be converted from their string
  * representation since oauth request parameters are typically sent as URL
  * encoded form data or URL encoded query string.
  * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}
  */
-exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
-    client_id: oauth_client_id_js_1.oauthClientIdSchema,
-    state: zod_1.z.string().optional(),
-    redirect_uri: oauth_redirect_uri_js_1.oauthRedirectUriSchema.optional(),
-    scope: oauth_scope_js_1.oauthScopeSchema.optional(),
-    response_type: oauth_response_type_js_1.oauthResponseTypeSchema,
+export const oauthAuthorizationRequestParametersSchema = z.object({
+    client_id: oauthClientIdSchema,
+    state: z.string().optional(),
+    redirect_uri: oauthRedirectUriSchema.optional(),
+    scope: oauthScopeSchema.optional(),
+    response_type: oauthResponseTypeSchema,
     // PKCE
     // https://datatracker.ietf.org/doc/html/rfc7636#section-4.3
-    code_challenge: zod_1.z.string().optional(),
-    code_challenge_method: oauth_code_challenge_method_js_1.oauthCodeChallengeMethodSchema.optional(),
+    code_challenge: z.string().optional(),
+    code_challenge_method: oauthCodeChallengeMethodSchema.optional(),
     // DPOP
     // https://datatracker.ietf.org/doc/html/rfc9449#section-12.3
-    dpop_jkt: zod_1.z.string().optional(),
+    dpop_jkt: z.string().optional(),
     // OIDC
     // Default depend on response_type
-    response_mode: oauth_response_mode_js_1.oauthResponseModeSchema.optional(),
-    nonce: zod_1.z.string().optional(),
+    response_mode: oauthResponseModeSchema.optional(),
+    nonce: z.string().optional(),
     // Specifies the allowable elapsed time in seconds since the last time the
     // End-User was actively authenticated by the OP. If the elapsed time is
     // greater than this value, the OP MUST attempt to actively re-authenticate
@@ -45,27 +42,27 @@ exports.oauthAuthorizationRequestParametersSchema = zod_1.z.object({
     // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,
     // the ID Token returned MUST include an auth_time Claim Value. Note that
     // max_age=0 is equivalent to prompt=login.
-    max_age: zod_1.z.preprocess(util_js_1.numberPreprocess, zod_1.z.number().int().min(0)).optional(),
-    claims: zod_1.z
-        .preprocess(util_js_1.jsonObjectPreprocess, zod_1.z.record(oidc_entity_type_js_1.oidcEntityTypeSchema, zod_1.z.record(oidc_claims_parameter_js_1.oidcClaimsParameterSchema, zod_1.z.union([zod_1.z.literal(null), oidc_claims_properties_js_1.oidcClaimsPropertiesSchema]))))
+    max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),
+    claims: z
+        .preprocess(jsonObjectPreprocess, z.record(oidcEntityTypeSchema, z.record(oidcClaimsParameterSchema, z.union([z.literal(null), oidcClaimsPropertiesSchema]))))
         .optional(),
     // https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter
     // Not supported by this library (yet?)
     // registration: clientMetadataSchema.optional(),
-    login_hint: zod_1.z.string().min(1).optional(),
-    ui_locales: zod_1.z
+    login_hint: z.string().min(1).optional(),
+    ui_locales: z
         .string()
         .regex(/^[a-z]{2,3}(-[A-Z]{2})?( [a-z]{2,3}(-[A-Z]{2})?)*$/) // fr-CA fr en
         .optional(),
     // Previous ID Token, should be provided when prompt=none is used
-    id_token_hint: jwk_1.signedJwtSchema.optional(),
+    id_token_hint: signedJwtSchema.optional(),
     // Type of UI the AS is displayed on
-    display: zod_1.z.enum(['page', 'popup', 'touch', 'wap']).optional(),
+    display: z.enum(['page', 'popup', 'touch', 'wap']).optional(),
     // How the AS should prompt the user for authorization:
-    prompt: oauth_prompt_mode_js_1.oauthPromptModeSchema.optional(),
+    prompt: oauthPromptModeSchema.optional(),
     // https://datatracker.ietf.org/doc/html/rfc9396
-    authorization_details: zod_1.z
-        .preprocess(util_js_1.jsonObjectPreprocess, oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema)
+    authorization_details: z
+        .preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)
         .optional(),
 });
 //# sourceMappingURL=oauth-authorization-request-parameters.js.map

package/dist/oauth-authorization-request-parameters.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,6DAA0D;AAC1D,qFAAiF;AACjF,iEAA8D;AAC9D,mEAAgE;AAChE,qEAAkE;AAClE,qEAAkE;AAClE,qDAAmD;AACnD,yEAAsE;AACtE,2EAAwE;AACxE,+DAA4D;AAC5D,uCAAkE;AAElE;;;;;GAKG;AACU,QAAA,yCAAyC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,wCAAmB;IAC9B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,8CAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,gDAAuB;IAEtC,OAAO;IAEP,4DAA4D;IAC5D,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,+DAA8B,CAAC,QAAQ,EAAE;IAEhE,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,gDAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,OAAC,CAAC,UAAU,CAAC,0BAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,OAAC;SACN,UAAU,CACT,8BAAoB,EACpB,OAAC,CAAC,MAAM,CACN,0CAAoB,EACpB,OAAC,CAAC,MAAM,CACN,oDAAyB,EACzB,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,sDAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,OAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,qBAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D,uDAAuD;IACvD,MAAM,EAAE,4CAAqB,CAAC,QAAQ,EAAE;IAExC,gDAAgD;IAChD,qBAAqB,EAAE,OAAC;SACrB,UAAU,CAAC,8BAAoB,EAAE,gEAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthPromptModeSchema } from './oauth-prompt-mode.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseModeSchema } from './oauth-response-mode.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'\nimport { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'\nimport { oidcEntityTypeSchema } from './oidc-entity-type.js'\nimport { jsonObjectPreprocess, numberPreprocess } from './util.js'\n\n/**\n * @note non string parameters will be converted from their string\n * representation since oauth request parameters are typically sent as URL\n * encoded form data or URL encoded query string.\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}\n */\nexport const oauthAuthorizationRequestParametersSchema = z.object({\n  client_id: oauthClientIdSchema,\n  state: z.string().optional(),\n  redirect_uri: oauthRedirectUriSchema.optional(),\n  scope: oauthScopeSchema.optional(),\n  response_type: oauthResponseTypeSchema,\n\n  // PKCE\n\n  // https://datatracker.ietf.org/doc/html/rfc7636#section-4.3\n  code_challenge: z.string().optional(),\n  code_challenge_method: oauthCodeChallengeMethodSchema.optional(),\n\n  // DPOP\n\n  // https://datatracker.ietf.org/doc/html/rfc9449#section-12.3\n  dpop_jkt: z.string().optional(),\n\n  // OIDC\n\n  // Default depend on response_type\n  response_mode: oauthResponseModeSchema.optional(),\n\n  nonce: z.string().optional(),\n\n  // Specifies the allowable elapsed time in seconds since the last time the\n  // End-User was actively authenticated by the OP. If the elapsed time is\n  // greater than this value, the OP MUST attempt to actively re-authenticate\n  // the End-User. (The max_age request parameter corresponds to the OpenID 2.0\n  // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,\n  // the ID Token returned MUST include an auth_time Claim Value. Note that\n  // max_age=0 is equivalent to prompt=login.\n  max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),\n\n  claims: z\n    .preprocess(\n      jsonObjectPreprocess,\n      z.record(\n        oidcEntityTypeSchema,\n        z.record(\n          oidcClaimsParameterSchema,\n          z.union([z.literal(null), oidcClaimsPropertiesSchema]),\n        ),\n      ),\n    )\n    .optional(),\n\n  // https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter\n  // Not supported by this library (yet?)\n  // registration: clientMetadataSchema.optional(),\n\n  login_hint: z.string().min(1).optional(),\n\n  ui_locales: z\n    .string()\n    .regex(/^[a-z]{2,3}(-[A-Z]{2})?( [a-z]{2,3}(-[A-Z]{2})?)*$/) // fr-CA fr en\n    .optional(),\n\n  // Previous ID Token, should be provided when prompt=none is used\n  id_token_hint: signedJwtSchema.optional(),\n\n  // Type of UI the AS is displayed on\n  display: z.enum(['page', 'popup', 'touch', 'wap']).optional(),\n\n  // How the AS should prompt the user for authorization:\n  prompt: oauthPromptModeSchema.optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9396\n  authorization_details: z\n    .preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)\n    .optional(),\n})\n\n/**\n * @see {oauthAuthorizationRequestParametersSchema}\n */\nexport type OAuthAuthorizationRequestParameters = z.infer<\n  typeof oauthAuthorizationRequestParametersSchema\n>\n"]}
+{"version":3,"file":"oauth-authorization-request-parameters.js","sourceRoot":"","sources":["../src/oauth-authorization-request-parameters.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,+BAA+B,EAAE,MAAM,kCAAkC,CAAA;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAA;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAA;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAClE,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAA;AACtE,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAC5D,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAA;AAElE;;;;;GAKG;AACH,MAAM,CAAC,MAAM,yCAAyC,GAAG,CAAC,CAAC,MAAM,CAAC;IAChE,SAAS,EAAE,mBAAmB;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,YAAY,EAAE,sBAAsB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,uBAAuB;IAEtC,OAAO;IAEP,4DAA4D;IAC5D,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,8BAA8B,CAAC,QAAQ,EAAE;IAEhE,OAAO;IAEP,6DAA6D;IAC7D,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B,OAAO;IAEP,kCAAkC;IAClC,aAAa,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAEjD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,yEAAyE;IACzE,2CAA2C;IAC3C,OAAO,EAAE,CAAC,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE3E,MAAM,EAAE,CAAC;SACN,UAAU,CACT,oBAAoB,EACpB,CAAC,CAAC,MAAM,CACN,oBAAoB,EACpB,CAAC,CAAC,MAAM,CACN,yBAAyB,EACzB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,0BAA0B,CAAC,CAAC,CACvD,CACF,CACF;SACA,QAAQ,EAAE;IAEb,8EAA8E;IAC9E,uCAAuC;IACvC,iDAAiD;IAEjD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAExC,UAAU,EAAE,CAAC;SACV,MAAM,EAAE;SACR,KAAK,CAAC,oDAAoD,CAAC,CAAC,cAAc;SAC1E,QAAQ,EAAE;IAEb,iEAAiE;IACjE,aAAa,EAAE,eAAe,CAAC,QAAQ,EAAE;IAEzC,oCAAoC;IACpC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE7D,uDAAuD;IACvD,MAAM,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IAExC,gDAAgD;IAChD,qBAAqB,EAAE,CAAC;SACrB,UAAU,CAAC,oBAAoB,EAAE,+BAA+B,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthPromptModeSchema } from './oauth-prompt-mode.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseModeSchema } from './oauth-response-mode.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'\nimport { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'\nimport { oidcEntityTypeSchema } from './oidc-entity-type.js'\nimport { jsonObjectPreprocess, numberPreprocess } from './util.js'\n\n/**\n * @note non string parameters will be converted from their string\n * representation since oauth request parameters are typically sent as URL\n * encoded form data or URL encoded query string.\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest | OIDC}\n */\nexport const oauthAuthorizationRequestParametersSchema = z.object({\n  client_id: oauthClientIdSchema,\n  state: z.string().optional(),\n  redirect_uri: oauthRedirectUriSchema.optional(),\n  scope: oauthScopeSchema.optional(),\n  response_type: oauthResponseTypeSchema,\n\n  // PKCE\n\n  // https://datatracker.ietf.org/doc/html/rfc7636#section-4.3\n  code_challenge: z.string().optional(),\n  code_challenge_method: oauthCodeChallengeMethodSchema.optional(),\n\n  // DPOP\n\n  // https://datatracker.ietf.org/doc/html/rfc9449#section-12.3\n  dpop_jkt: z.string().optional(),\n\n  // OIDC\n\n  // Default depend on response_type\n  response_mode: oauthResponseModeSchema.optional(),\n\n  nonce: z.string().optional(),\n\n  // Specifies the allowable elapsed time in seconds since the last time the\n  // End-User was actively authenticated by the OP. If the elapsed time is\n  // greater than this value, the OP MUST attempt to actively re-authenticate\n  // the End-User. (The max_age request parameter corresponds to the OpenID 2.0\n  // PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used,\n  // the ID Token returned MUST include an auth_time Claim Value. Note that\n  // max_age=0 is equivalent to prompt=login.\n  max_age: z.preprocess(numberPreprocess, z.number().int().min(0)).optional(),\n\n  claims: z\n    .preprocess(\n      jsonObjectPreprocess,\n      z.record(\n        oidcEntityTypeSchema,\n        z.record(\n          oidcClaimsParameterSchema,\n          z.union([z.literal(null), oidcClaimsPropertiesSchema]),\n        ),\n      ),\n    )\n    .optional(),\n\n  // https://openid.net/specs/openid-connect-core-1_0.html#RegistrationParameter\n  // Not supported by this library (yet?)\n  // registration: clientMetadataSchema.optional(),\n\n  login_hint: z.string().min(1).optional(),\n\n  ui_locales: z\n    .string()\n    .regex(/^[a-z]{2,3}(-[A-Z]{2})?( [a-z]{2,3}(-[A-Z]{2})?)*$/) // fr-CA fr en\n    .optional(),\n\n  // Previous ID Token, should be provided when prompt=none is used\n  id_token_hint: signedJwtSchema.optional(),\n\n  // Type of UI the AS is displayed on\n  display: z.enum(['page', 'popup', 'touch', 'wap']).optional(),\n\n  // How the AS should prompt the user for authorization:\n  prompt: oauthPromptModeSchema.optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9396\n  authorization_details: z\n    .preprocess(jsonObjectPreprocess, oauthAuthorizationDetailsSchema)\n    .optional(),\n})\n\n/**\n * @see {oauthAuthorizationRequestParametersSchema}\n */\nexport type OAuthAuthorizationRequestParameters = z.infer<\n  typeof oauthAuthorizationRequestParametersSchema\n>\n"]}

package/dist/oauth-authorization-request-query.js

@@ -1,17 +1,14 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthorizationRequestQuerySchema = void 0;
-const zod_1 = require("zod");
-const oauth_authorization_request_jar_js_1 = require("./oauth-authorization-request-jar.js");
-const oauth_authorization_request_parameters_js_1 = require("./oauth-authorization-request-parameters.js");
-const oauth_authorization_request_uri_js_1 = require("./oauth-authorization-request-uri.js");
-const oauth_client_id_js_1 = require("./oauth-client-id.js");
-exports.oauthAuthorizationRequestQuerySchema = zod_1.z.intersection(zod_1.z.object({
+import { z } from 'zod';
+import { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js';
+import { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js';
+import { oauthAuthorizationRequestUriSchema } from './oauth-authorization-request-uri.js';
+import { oauthClientIdSchema } from './oauth-client-id.js';
+export const oauthAuthorizationRequestQuerySchema = z.intersection(z.object({
     // REQUIRED. OAuth 2.0 [RFC6749] client_id.
-    client_id: oauth_client_id_js_1.oauthClientIdSchema,
-}), zod_1.z.union([
-    oauth_authorization_request_parameters_js_1.oauthAuthorizationRequestParametersSchema,
-    oauth_authorization_request_jar_js_1.oauthAuthorizationRequestJarSchema,
-    oauth_authorization_request_uri_js_1.oauthAuthorizationRequestUriSchema,
+    client_id: oauthClientIdSchema,
+}), z.union([
+    oauthAuthorizationRequestParametersSchema,
+    oauthAuthorizationRequestJarSchema,
+    oauthAuthorizationRequestUriSchema,
 ]));
 //# sourceMappingURL=oauth-authorization-request-query.js.map

package/dist/oauth-authorization-request-query.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-request-query.js","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6FAAyF;AACzF,2GAAuG;AACvG,6FAAyF;AACzF,6DAA0D;AAE7C,QAAA,oCAAoC,GAAG,OAAC,CAAC,YAAY,CAChE,OAAC,CAAC,MAAM,CAAC;IACP,2CAA2C;IAC3C,SAAS,EAAE,wCAAmB;CAC/B,CAAC,EACF,OAAC,CAAC,KAAK,CAAC;IACN,qFAAyC;IACzC,uEAAkC;IAClC,uEAAkC;CACnC,CAAC,CACH,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js'\nimport { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js'\nimport { oauthAuthorizationRequestUriSchema } from './oauth-authorization-request-uri.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\n\nexport const oauthAuthorizationRequestQuerySchema = z.intersection(\n  z.object({\n    // REQUIRED. OAuth 2.0 [RFC6749] client_id.\n    client_id: oauthClientIdSchema,\n  }),\n  z.union([\n    oauthAuthorizationRequestParametersSchema,\n    oauthAuthorizationRequestJarSchema,\n    oauthAuthorizationRequestUriSchema,\n  ]),\n)\n\nexport type OAuthAuthorizationRequestQuery = z.infer<\n  typeof oauthAuthorizationRequestQuerySchema\n>\n"]}
+{"version":3,"file":"oauth-authorization-request-query.js","sourceRoot":"","sources":["../src/oauth-authorization-request-query.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,kCAAkC,EAAE,MAAM,sCAAsC,CAAA;AACzF,OAAO,EAAE,yCAAyC,EAAE,MAAM,6CAA6C,CAAA;AACvG,OAAO,EAAE,kCAAkC,EAAE,MAAM,sCAAsC,CAAA;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAE1D,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,CAAC,YAAY,CAChE,CAAC,CAAC,MAAM,CAAC;IACP,2CAA2C;IAC3C,SAAS,EAAE,mBAAmB;CAC/B,CAAC,EACF,CAAC,CAAC,KAAK,CAAC;IACN,yCAAyC;IACzC,kCAAkC;IAClC,kCAAkC;CACnC,CAAC,CACH,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationRequestJarSchema } from './oauth-authorization-request-jar.js'\nimport { oauthAuthorizationRequestParametersSchema } from './oauth-authorization-request-parameters.js'\nimport { oauthAuthorizationRequestUriSchema } from './oauth-authorization-request-uri.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\n\nexport const oauthAuthorizationRequestQuerySchema = z.intersection(\n  z.object({\n    // REQUIRED. OAuth 2.0 [RFC6749] client_id.\n    client_id: oauthClientIdSchema,\n  }),\n  z.union([\n    oauthAuthorizationRequestParametersSchema,\n    oauthAuthorizationRequestJarSchema,\n    oauthAuthorizationRequestUriSchema,\n  ]),\n)\n\nexport type OAuthAuthorizationRequestQuery = z.infer<\n  typeof oauthAuthorizationRequestQuerySchema\n>\n"]}

package/dist/oauth-authorization-request-uri.js

@@ -1,9 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthorizationRequestUriSchema = void 0;
-const zod_1 = require("zod");
-const oauth_request_uri_js_1 = require("./oauth-request-uri.js");
-exports.oauthAuthorizationRequestUriSchema = zod_1.z.object({
-    request_uri: oauth_request_uri_js_1.oauthRequestUriSchema,
+import { z } from 'zod';
+import { oauthRequestUriSchema } from './oauth-request-uri.js';
+export const oauthAuthorizationRequestUriSchema = z.object({
+    request_uri: oauthRequestUriSchema,
 });
 //# sourceMappingURL=oauth-authorization-request-uri.js.map

package/dist/oauth-authorization-request-uri.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-request-uri.js","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,iEAA8D;AAEjD,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,WAAW,EAAE,4CAAqB;CACnC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthRequestUriSchema } from './oauth-request-uri.js'\n\nexport const oauthAuthorizationRequestUriSchema = z.object({\n  request_uri: oauthRequestUriSchema,\n})\n\nexport type OAuthAuthorizationRequestUri = z.infer<\n  typeof oauthAuthorizationRequestUriSchema\n>\n"]}
+{"version":3,"file":"oauth-authorization-request-uri.js","sourceRoot":"","sources":["../src/oauth-authorization-request-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAE9D,MAAM,CAAC,MAAM,kCAAkC,GAAG,CAAC,CAAC,MAAM,CAAC;IACzD,WAAW,EAAE,qBAAqB;CACnC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthRequestUriSchema } from './oauth-request-uri.js'\n\nexport const oauthAuthorizationRequestUriSchema = z.object({\n  request_uri: oauthRequestUriSchema,\n})\n\nexport type OAuthAuthorizationRequestUri = z.infer<\n  typeof oauthAuthorizationRequestUriSchema\n>\n"]}

package/dist/oauth-authorization-response-error.js

@@ -1,11 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthorizationResponseErrorSchema = void 0;
-const zod_1 = require("zod");
+import { z } from 'zod';
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#name-error-response-2}
  */
-exports.oauthAuthorizationResponseErrorSchema = zod_1.z.enum([
+export const oauthAuthorizationResponseErrorSchema = z.enum([
     // The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
     'invalid_request',
     // The client is not authorized to request an authorization code using this method.

package/dist/oauth-authorization-response-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-response-error.js","sourceRoot":"","sources":["../src/oauth-authorization-response-error.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;GAEG;AACU,QAAA,qCAAqC,GAAG,OAAC,CAAC,IAAI,CAAC;IAC1D,oJAAoJ;IACpJ,iBAAiB;IACjB,mFAAmF;IACnF,qBAAqB;IACrB,iEAAiE;IACjE,eAAe;IACf,+FAA+F;IAC/F,2BAA2B;IAC3B,yDAAyD;IACzD,eAAe;IACf,sPAAsP;IACtP,cAAc;IACd,wQAAwQ;IACxQ,yBAAyB;CAC1B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#name-error-response-2}\n */\nexport const oauthAuthorizationResponseErrorSchema = z.enum([\n  // The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.\n  'invalid_request',\n  // The client is not authorized to request an authorization code using this method.\n  'unauthorized_client',\n  // The resource owner or authorization server denied the request.\n  'access_denied',\n  // The authorization server does not support obtaining an authorization code using this method.\n  'unsupported_response_type',\n  // The requested scope is invalid, unknown, or malformed.\n  'invalid_scope',\n  // The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)\n  'server_error',\n  // The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)\n  'temporarily_unavailable',\n])\n\nexport type OAuthAuthorizationResponseError = z.infer<\n  typeof oauthAuthorizationResponseErrorSchema\n>\n"]}
+{"version":3,"file":"oauth-authorization-response-error.js","sourceRoot":"","sources":["../src/oauth-authorization-response-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;GAEG;AACH,MAAM,CAAC,MAAM,qCAAqC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC1D,oJAAoJ;IACpJ,iBAAiB;IACjB,mFAAmF;IACnF,qBAAqB;IACrB,iEAAiE;IACjE,eAAe;IACf,+FAA+F;IAC/F,2BAA2B;IAC3B,yDAAyD;IACzD,eAAe;IACf,sPAAsP;IACtP,cAAc;IACd,wQAAwQ;IACxQ,yBAAyB;CAC1B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#name-error-response-2}\n */\nexport const oauthAuthorizationResponseErrorSchema = z.enum([\n  // The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.\n  'invalid_request',\n  // The client is not authorized to request an authorization code using this method.\n  'unauthorized_client',\n  // The resource owner or authorization server denied the request.\n  'access_denied',\n  // The authorization server does not support obtaining an authorization code using this method.\n  'unsupported_response_type',\n  // The requested scope is invalid, unknown, or malformed.\n  'invalid_scope',\n  // The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)\n  'server_error',\n  // The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)\n  'temporarily_unavailable',\n])\n\nexport type OAuthAuthorizationResponseError = z.infer<\n  typeof oauthAuthorizationResponseErrorSchema\n>\n"]}

package/dist/oauth-authorization-server-metadata.js

@@ -1,79 +1,76 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationServerMetadataSchema = void 0;
-const zod_1 = require("zod");
-const oauth_code_challenge_method_js_1 = require("./oauth-code-challenge-method.js");
-const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
-const oauth_prompt_mode_js_1 = require("./oauth-prompt-mode.js");
-const uri_js_1 = require("./uri.js");
+import { z } from 'zod';
+import { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js';
+import { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js';
+import { oauthPromptModeSchema } from './oauth-prompt-mode.js';
+import { webUriSchema } from './uri.js';
 /**
  * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}
  * @note we do not enforce https: scheme in URIs to support development
  * environments. Make sure to validate the URIs before using it in a production
  * environment.
  */
-exports.oauthAuthorizationServerMetadataSchema = zod_1.z.object({
-    issuer: oauth_issuer_identifier_js_1.oauthIssuerIdentifierSchema,
-    claims_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    claims_locales_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    claims_parameter_supported: zod_1.z.boolean().optional(),
-    request_parameter_supported: zod_1.z.boolean().optional(),
-    request_uri_parameter_supported: zod_1.z.boolean().optional(),
-    require_request_uri_registration: zod_1.z.boolean().optional(),
-    scopes_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    subject_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    response_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    response_modes_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    grant_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    code_challenge_methods_supported: zod_1.z
-        .array(oauth_code_challenge_method_js_1.oauthCodeChallengeMethodSchema)
+export const oauthAuthorizationServerMetadataSchema = z.object({
+    issuer: oauthIssuerIdentifierSchema,
+    claims_supported: z.array(z.string()).optional(),
+    claims_locales_supported: z.array(z.string()).optional(),
+    claims_parameter_supported: z.boolean().optional(),
+    request_parameter_supported: z.boolean().optional(),
+    request_uri_parameter_supported: z.boolean().optional(),
+    require_request_uri_registration: z.boolean().optional(),
+    scopes_supported: z.array(z.string()).optional(),
+    subject_types_supported: z.array(z.string()).optional(),
+    response_types_supported: z.array(z.string()).optional(),
+    response_modes_supported: z.array(z.string()).optional(),
+    grant_types_supported: z.array(z.string()).optional(),
+    code_challenge_methods_supported: z
+        .array(oauthCodeChallengeMethodSchema)
         .min(1)
         .optional(),
-    ui_locales_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    id_token_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    display_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    request_object_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    authorization_response_iss_parameter_supported: zod_1.z.boolean().optional(),
-    authorization_details_types_supported: zod_1.z.array(zod_1.z.string()).optional(),
-    request_object_encryption_alg_values_supported: zod_1.z
-        .array(zod_1.z.string())
+    ui_locales_supported: z.array(z.string()).optional(),
+    id_token_signing_alg_values_supported: z.array(z.string()).optional(),
+    display_values_supported: z.array(z.string()).optional(),
+    request_object_signing_alg_values_supported: z.array(z.string()).optional(),
+    authorization_response_iss_parameter_supported: z.boolean().optional(),
+    authorization_details_types_supported: z.array(z.string()).optional(),
+    request_object_encryption_alg_values_supported: z
+        .array(z.string())
         .optional(),
-    request_object_encryption_enc_values_supported: zod_1.z
-        .array(zod_1.z.string())
+    request_object_encryption_enc_values_supported: z
+        .array(z.string())
         .optional(),
-    jwks_uri: uri_js_1.webUriSchema.optional(),
-    authorization_endpoint: uri_js_1.webUriSchema, // .optional(),
-    token_endpoint: uri_js_1.webUriSchema, // .optional(),
+    jwks_uri: webUriSchema.optional(),
+    authorization_endpoint: webUriSchema, // .optional(),
+    token_endpoint: webUriSchema, // .optional(),
     // https://www.rfc-editor.org/rfc/rfc8414.html#section-2
-    token_endpoint_auth_methods_supported: zod_1.z
-        .array(zod_1.z.string())
+    token_endpoint_auth_methods_supported: z
+        .array(z.string())
         // > If omitted, the default is "client_secret_basic" [...].
         .default(['client_secret_basic']),
-    token_endpoint_auth_signing_alg_values_supported: zod_1.z
-        .array(zod_1.z.string())
+    token_endpoint_auth_signing_alg_values_supported: z
+        .array(z.string())
         .optional(),
-    revocation_endpoint: uri_js_1.webUriSchema.optional(),
-    introspection_endpoint: uri_js_1.webUriSchema.optional(),
-    pushed_authorization_request_endpoint: uri_js_1.webUriSchema.optional(),
-    require_pushed_authorization_requests: zod_1.z.boolean().optional(),
-    userinfo_endpoint: uri_js_1.webUriSchema.optional(),
-    end_session_endpoint: uri_js_1.webUriSchema.optional(),
-    registration_endpoint: uri_js_1.webUriSchema.optional(),
+    revocation_endpoint: webUriSchema.optional(),
+    introspection_endpoint: webUriSchema.optional(),
+    pushed_authorization_request_endpoint: webUriSchema.optional(),
+    require_pushed_authorization_requests: z.boolean().optional(),
+    userinfo_endpoint: webUriSchema.optional(),
+    end_session_endpoint: webUriSchema.optional(),
+    registration_endpoint: webUriSchema.optional(),
     // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1
-    dpop_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
+    dpop_signing_alg_values_supported: z.array(z.string()).optional(),
     // https://www.rfc-editor.org/rfc/rfc9728.html#section-4
-    protected_resources: zod_1.z.array(uri_js_1.webUriSchema).optional(),
+    protected_resources: z.array(webUriSchema).optional(),
     // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
-    client_id_metadata_document_supported: zod_1.z.boolean().optional(),
+    client_id_metadata_document_supported: z.boolean().optional(),
     // https://openid.net/specs/openid-connect-prompt-create-1_0.html#section-4.2
-    prompt_values_supported: zod_1.z.array(oauth_prompt_mode_js_1.oauthPromptModeSchema).optional(),
+    prompt_values_supported: z.array(oauthPromptModeSchema).optional(),
 });
-exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationServerMetadataSchema
+export const oauthAuthorizationServerMetadataValidator = oauthAuthorizationServerMetadataSchema
     .superRefine((data, ctx) => {
     if (data.require_pushed_authorization_requests &&
         !data.pushed_authorization_request_endpoint) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: '"pushed_authorization_request_endpoint" required when "require_pushed_authorization_requests" is true',
         });
     }
@@ -82,7 +79,7 @@ exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationSe
     if (data.response_types_supported) {
         if (!data.response_types_supported.includes('code')) {
             ctx.addIssue({
-                code: zod_1.z.ZodIssueCode.custom,
+                code: z.ZodIssueCode.custom,
                 message: 'Response type "code" is required',
             });
         }
@@ -93,7 +90,7 @@ exports.oauthAuthorizationServerMetadataValidator = exports.oauthAuthorizationSe
         // https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3
         // > The value `none` MUST NOT be used.
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'Client authentication method "none" is not allowed',
         });
     }

package/dist/oauth-authorization-server-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qFAAiF;AACjF,6EAA0E;AAC1E,iEAA8D;AAC9D,qCAAuC;AAEvC;;;;;GAKG;AACU,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,wDAA2B;IAEnC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,OAAC;SAChC,KAAK,CAAC,+DAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,qBAAY,EAAE,eAAe;IAErD,cAAc,EAAE,qBAAY,EAAE,eAAe;IAC7C,wDAAwD;IACxD,qCAAqC,EAAE,OAAC;SACrC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAClB,4DAA4D;SAC3D,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wDAAwD;IACxD,mBAAmB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,uFAAuF;IACvF,qCAAqC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,6EAA6E;IAC7E,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,4CAAqB,CAAC,CAAC,QAAQ,EAAE;CACnE,CAAC,CAAA;AAMW,QAAA,yCAAyC,GACpD,8CAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC,EACvE,CAAC;QACD,2EAA2E;QAC3E,uCAAuC;QACvC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { oauthPromptModeSchema } from './oauth-prompt-mode.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthAuthorizationServerMetadataSchema = z.object({\n  issuer: oauthIssuerIdentifierSchema,\n\n  claims_supported: z.array(z.string()).optional(),\n  claims_locales_supported: z.array(z.string()).optional(),\n  claims_parameter_supported: z.boolean().optional(),\n  request_parameter_supported: z.boolean().optional(),\n  request_uri_parameter_supported: z.boolean().optional(),\n  require_request_uri_registration: z.boolean().optional(),\n  scopes_supported: z.array(z.string()).optional(),\n  subject_types_supported: z.array(z.string()).optional(),\n  response_types_supported: z.array(z.string()).optional(),\n  response_modes_supported: z.array(z.string()).optional(),\n  grant_types_supported: z.array(z.string()).optional(),\n  code_challenge_methods_supported: z\n    .array(oauthCodeChallengeMethodSchema)\n    .min(1)\n    .optional(),\n  ui_locales_supported: z.array(z.string()).optional(),\n  id_token_signing_alg_values_supported: z.array(z.string()).optional(),\n  display_values_supported: z.array(z.string()).optional(),\n  request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n  authorization_response_iss_parameter_supported: z.boolean().optional(),\n  authorization_details_types_supported: z.array(z.string()).optional(),\n  request_object_encryption_alg_values_supported: z\n    .array(z.string())\n    .optional(),\n  request_object_encryption_enc_values_supported: z\n    .array(z.string())\n    .optional(),\n\n  jwks_uri: webUriSchema.optional(),\n\n  authorization_endpoint: webUriSchema, // .optional(),\n\n  token_endpoint: webUriSchema, // .optional(),\n  // https://www.rfc-editor.org/rfc/rfc8414.html#section-2\n  token_endpoint_auth_methods_supported: z\n    .array(z.string())\n    // > If omitted, the default is \"client_secret_basic\" [...].\n    .default(['client_secret_basic']),\n  token_endpoint_auth_signing_alg_values_supported: z\n    .array(z.string())\n    .optional(),\n\n  revocation_endpoint: webUriSchema.optional(),\n  introspection_endpoint: webUriSchema.optional(),\n  pushed_authorization_request_endpoint: webUriSchema.optional(),\n\n  require_pushed_authorization_requests: z.boolean().optional(),\n\n  userinfo_endpoint: webUriSchema.optional(),\n  end_session_endpoint: webUriSchema.optional(),\n  registration_endpoint: webUriSchema.optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1\n  dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n\n  // https://www.rfc-editor.org/rfc/rfc9728.html#section-4\n  protected_resources: z.array(webUriSchema).optional(),\n\n  // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html\n  client_id_metadata_document_supported: z.boolean().optional(),\n\n  // https://openid.net/specs/openid-connect-prompt-create-1_0.html#section-4.2\n  prompt_values_supported: z.array(oauthPromptModeSchema).optional(),\n})\n\nexport type OAuthAuthorizationServerMetadata = z.infer<\n  typeof oauthAuthorizationServerMetadataSchema\n>\n\nexport const oauthAuthorizationServerMetadataValidator =\n  oauthAuthorizationServerMetadataSchema\n    .superRefine((data, ctx) => {\n      if (\n        data.require_pushed_authorization_requests &&\n        !data.pushed_authorization_request_endpoint\n      ) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message:\n            '\"pushed_authorization_request_endpoint\" required when \"require_pushed_authorization_requests\" is true',\n        })\n      }\n    })\n    .superRefine((data, ctx) => {\n      if (data.response_types_supported) {\n        if (!data.response_types_supported.includes('code')) {\n          ctx.addIssue({\n            code: z.ZodIssueCode.custom,\n            message: 'Response type \"code\" is required',\n          })\n        }\n      }\n    })\n    .superRefine((data, ctx) => {\n      if (\n        data.token_endpoint_auth_signing_alg_values_supported?.includes('none')\n      ) {\n        // https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3\n        // > The value `none` MUST NOT be used.\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'Client authentication method \"none\" is not allowed',\n        })\n      }\n    })\n"]}
+{"version":3,"file":"oauth-authorization-server-metadata.js","sourceRoot":"","sources":["../src/oauth-authorization-server-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAA;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAA;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEvC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,2BAA2B;IAEnC,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,0BAA0B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,uBAAuB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gCAAgC,EAAE,CAAC;SAChC,KAAK,CAAC,8BAA8B,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,qCAAqC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,2CAA2C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtE,qCAAqC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,8CAA8C,EAAE,CAAC;SAC9C,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,CAAC;SAC9C,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE;IAEjC,sBAAsB,EAAE,YAAY,EAAE,eAAe;IAErD,cAAc,EAAE,YAAY,EAAE,eAAe;IAC7C,wDAAwD;IACxD,qCAAqC,EAAE,CAAC;SACrC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAClB,4DAA4D;SAC3D,OAAO,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,gDAAgD,EAAE,CAAC;SAChD,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IAEb,mBAAmB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC/C,qCAAqC,EAAE,YAAY,CAAC,QAAQ,EAAE;IAE9D,qCAAqC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,iBAAiB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC1C,oBAAoB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAE9C,4DAA4D;IAC5D,iCAAiC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEjE,wDAAwD;IACxD,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;IAErD,uFAAuF;IACvF,qCAAqC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7D,6EAA6E;IAC7E,uBAAuB,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;CACnE,CAAC,CAAA;AAMF,MAAM,CAAC,MAAM,yCAAyC,GACpD,sCAAsC;KACnC,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,qCAAqC;QAC1C,CAAC,IAAI,CAAC,qCAAqC,EAC3C,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uGAAuG;SAC1G,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;KACD,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IACE,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,MAAM,CAAC,EACvE,CAAC;QACD,2EAA2E;QAC3E,uCAAuC;QACvC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthCodeChallengeMethodSchema } from './oauth-code-challenge-method.js'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { oauthPromptModeSchema } from './oauth-prompt-mode.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8414}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthAuthorizationServerMetadataSchema = z.object({\n  issuer: oauthIssuerIdentifierSchema,\n\n  claims_supported: z.array(z.string()).optional(),\n  claims_locales_supported: z.array(z.string()).optional(),\n  claims_parameter_supported: z.boolean().optional(),\n  request_parameter_supported: z.boolean().optional(),\n  request_uri_parameter_supported: z.boolean().optional(),\n  require_request_uri_registration: z.boolean().optional(),\n  scopes_supported: z.array(z.string()).optional(),\n  subject_types_supported: z.array(z.string()).optional(),\n  response_types_supported: z.array(z.string()).optional(),\n  response_modes_supported: z.array(z.string()).optional(),\n  grant_types_supported: z.array(z.string()).optional(),\n  code_challenge_methods_supported: z\n    .array(oauthCodeChallengeMethodSchema)\n    .min(1)\n    .optional(),\n  ui_locales_supported: z.array(z.string()).optional(),\n  id_token_signing_alg_values_supported: z.array(z.string()).optional(),\n  display_values_supported: z.array(z.string()).optional(),\n  request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n  authorization_response_iss_parameter_supported: z.boolean().optional(),\n  authorization_details_types_supported: z.array(z.string()).optional(),\n  request_object_encryption_alg_values_supported: z\n    .array(z.string())\n    .optional(),\n  request_object_encryption_enc_values_supported: z\n    .array(z.string())\n    .optional(),\n\n  jwks_uri: webUriSchema.optional(),\n\n  authorization_endpoint: webUriSchema, // .optional(),\n\n  token_endpoint: webUriSchema, // .optional(),\n  // https://www.rfc-editor.org/rfc/rfc8414.html#section-2\n  token_endpoint_auth_methods_supported: z\n    .array(z.string())\n    // > If omitted, the default is \"client_secret_basic\" [...].\n    .default(['client_secret_basic']),\n  token_endpoint_auth_signing_alg_values_supported: z\n    .array(z.string())\n    .optional(),\n\n  revocation_endpoint: webUriSchema.optional(),\n  introspection_endpoint: webUriSchema.optional(),\n  pushed_authorization_request_endpoint: webUriSchema.optional(),\n\n  require_pushed_authorization_requests: z.boolean().optional(),\n\n  userinfo_endpoint: webUriSchema.optional(),\n  end_session_endpoint: webUriSchema.optional(),\n  registration_endpoint: webUriSchema.optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1\n  dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n\n  // https://www.rfc-editor.org/rfc/rfc9728.html#section-4\n  protected_resources: z.array(webUriSchema).optional(),\n\n  // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html\n  client_id_metadata_document_supported: z.boolean().optional(),\n\n  // https://openid.net/specs/openid-connect-prompt-create-1_0.html#section-4.2\n  prompt_values_supported: z.array(oauthPromptModeSchema).optional(),\n})\n\nexport type OAuthAuthorizationServerMetadata = z.infer<\n  typeof oauthAuthorizationServerMetadataSchema\n>\n\nexport const oauthAuthorizationServerMetadataValidator =\n  oauthAuthorizationServerMetadataSchema\n    .superRefine((data, ctx) => {\n      if (\n        data.require_pushed_authorization_requests &&\n        !data.pushed_authorization_request_endpoint\n      ) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message:\n            '\"pushed_authorization_request_endpoint\" required when \"require_pushed_authorization_requests\" is true',\n        })\n      }\n    })\n    .superRefine((data, ctx) => {\n      if (data.response_types_supported) {\n        if (!data.response_types_supported.includes('code')) {\n          ctx.addIssue({\n            code: z.ZodIssueCode.custom,\n            message: 'Response type \"code\" is required',\n          })\n        }\n      }\n    })\n    .superRefine((data, ctx) => {\n      if (\n        data.token_endpoint_auth_signing_alg_values_supported?.includes('none')\n      ) {\n        // https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3\n        // > The value `none` MUST NOT be used.\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'Client authentication method \"none\" is not allowed',\n        })\n      }\n    })\n"]}

package/dist/oauth-client-credentials-grant-token-request.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthClientCredentialsGrantTokenRequestSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthClientCredentialsGrantTokenRequestSchema = zod_1.z.object({
-    grant_type: zod_1.z.literal('client_credentials'),
+import { z } from 'zod';
+export const oauthClientCredentialsGrantTokenRequestSchema = z.object({
+    grant_type: z.literal('client_credentials'),
 });
 //# sourceMappingURL=oauth-client-credentials-grant-token-request.js.map

package/dist/oauth-client-credentials-grant-token-request.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-credentials-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,6CAA6C,GAAG,OAAC,CAAC,MAAM,CAAC;IACpE,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;CAC5C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthClientCredentialsGrantTokenRequestSchema = z.object({\n  grant_type: z.literal('client_credentials'),\n})\n\nexport type OAuthClientCredentialsGrantTokenRequest = z.infer<\n  typeof oauthClientCredentialsGrantTokenRequestSchema\n>\n"]}
+{"version":3,"file":"oauth-client-credentials-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-client-credentials-grant-token-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,6CAA6C,GAAG,CAAC,CAAC,MAAM,CAAC;IACpE,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;CAC5C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthClientCredentialsGrantTokenRequestSchema = z.object({\n  grant_type: z.literal('client_credentials'),\n})\n\nexport type OAuthClientCredentialsGrantTokenRequest = z.infer<\n  typeof oauthClientCredentialsGrantTokenRequestSchema\n>\n"]}

package/dist/oauth-client-credentials.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthClientCredentialsSchema = exports.oauthClientCredentialsNoneSchema = exports.oauthClientCredentialsSecretPostSchema = exports.oauthClientCredentialsJwtBearerSchema = void 0;
-const zod_1 = require("zod");
-const jwk_1 = require("@atproto/jwk");
-const constants_js_1 = require("./constants.js");
-const oauth_client_id_js_1 = require("./oauth-client-id.js");
-exports.oauthClientCredentialsJwtBearerSchema = zod_1.z.object({
-    client_id: oauth_client_id_js_1.oauthClientIdSchema,
-    client_assertion_type: zod_1.z.literal(constants_js_1.CLIENT_ASSERTION_TYPE_JWT_BEARER),
+import { z } from 'zod';
+import { signedJwtSchema } from '@atproto/jwk';
+import { CLIENT_ASSERTION_TYPE_JWT_BEARER } from './constants.js';
+import { oauthClientIdSchema } from './oauth-client-id.js';
+export const oauthClientCredentialsJwtBearerSchema = z.object({
+    client_id: oauthClientIdSchema,
+    client_assertion_type: z.literal(CLIENT_ASSERTION_TYPE_JWT_BEARER),
     /**
      * - "sub" the subject MUST be the "client_id" of the OAuth client
      * - "iat" is required and MUST be less than one minute
@@ -17,20 +14,20 @@ exports.oauthClientCredentialsJwtBearerSchema = zod_1.z.object({
      *
      * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}
      */
-    client_assertion: jwk_1.signedJwtSchema,
+    client_assertion: signedJwtSchema,
 });
-exports.oauthClientCredentialsSecretPostSchema = zod_1.z.object({
-    client_id: oauth_client_id_js_1.oauthClientIdSchema,
-    client_secret: zod_1.z.string(),
+export const oauthClientCredentialsSecretPostSchema = z.object({
+    client_id: oauthClientIdSchema,
+    client_secret: z.string(),
 });
-exports.oauthClientCredentialsNoneSchema = zod_1.z.object({
-    client_id: oauth_client_id_js_1.oauthClientIdSchema,
+export const oauthClientCredentialsNoneSchema = z.object({
+    client_id: oauthClientIdSchema,
 });
 //
-exports.oauthClientCredentialsSchema = zod_1.z.union([
-    exports.oauthClientCredentialsJwtBearerSchema,
-    exports.oauthClientCredentialsSecretPostSchema,
+export const oauthClientCredentialsSchema = z.union([
+    oauthClientCredentialsJwtBearerSchema,
+    oauthClientCredentialsSecretPostSchema,
     // Must be last since it is less specific
-    exports.oauthClientCredentialsNoneSchema,
+    oauthClientCredentialsNoneSchema,
 ]);
 //# sourceMappingURL=oauth-client-credentials.js.map

package/dist/oauth-client-credentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,iDAAiE;AACjE,6DAA0D;AAE7C,QAAA,qCAAqC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,wCAAmB;IAC9B,qBAAqB,EAAE,OAAC,CAAC,OAAO,CAAC,+CAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,qBAAe;CAClC,CAAC,CAAA;AAMW,QAAA,sCAAsC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,wCAAmB;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAMW,QAAA,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IACvD,SAAS,EAAE,wCAAmB;CAC/B,CAAC,CAAA;AAMF,EAAE;AAEW,QAAA,4BAA4B,GAAG,OAAC,CAAC,KAAK,CAAC;IAClD,6CAAqC;IACrC,8CAAsC;IACtC,yCAAyC;IACzC,wCAAgC;CACjC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { CLIENT_ASSERTION_TYPE_JWT_BEARER } from './constants.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\n\nexport const oauthClientCredentialsJwtBearerSchema = z.object({\n  client_id: oauthClientIdSchema,\n  client_assertion_type: z.literal(CLIENT_ASSERTION_TYPE_JWT_BEARER),\n  /**\n   * - \"sub\" the subject MUST be the \"client_id\" of the OAuth client\n   * - \"iat\" is required and MUST be less than one minute\n   * - \"aud\" must containing a value that identifies the authorization server\n   * - The JWT MAY contain a \"jti\" (JWT ID) claim that provides a unique identifier for the token.\n   * - Note that the authorization server may reject JWTs with an \"exp\" claim value that is unreasonably far in the future.\n   *\n   * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}\n   */\n  client_assertion: signedJwtSchema,\n})\n\nexport type OAuthClientCredentialsJwtBearer = z.infer<\n  typeof oauthClientCredentialsJwtBearerSchema\n>\n\nexport const oauthClientCredentialsSecretPostSchema = z.object({\n  client_id: oauthClientIdSchema,\n  client_secret: z.string(),\n})\n\nexport type OAuthClientCredentialsSecretPost = z.infer<\n  typeof oauthClientCredentialsSecretPostSchema\n>\n\nexport const oauthClientCredentialsNoneSchema = z.object({\n  client_id: oauthClientIdSchema,\n})\n\nexport type OAuthClientCredentialsNone = z.infer<\n  typeof oauthClientCredentialsNoneSchema\n>\n\n//\n\nexport const oauthClientCredentialsSchema = z.union([\n  oauthClientCredentialsJwtBearerSchema,\n  oauthClientCredentialsSecretPostSchema,\n  // Must be last since it is less specific\n  oauthClientCredentialsNoneSchema,\n])\n\nexport type OAuthClientCredentials = z.infer<\n  typeof oauthClientCredentialsSchema\n>\n"]}
+{"version":3,"file":"oauth-client-credentials.js","sourceRoot":"","sources":["../src/oauth-client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,gCAAgC,EAAE,MAAM,gBAAgB,CAAA;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAE1D,MAAM,CAAC,MAAM,qCAAqC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5D,SAAS,EAAE,mBAAmB;IAC9B,qBAAqB,EAAE,CAAC,CAAC,OAAO,CAAC,gCAAgC,CAAC;IAClE;;;;;;;;OAQG;IACH,gBAAgB,EAAE,eAAe;CAClC,CAAC,CAAA;AAMF,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,mBAAmB;IAC9B,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;CAC1B,CAAC,CAAA;AAMF,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,SAAS,EAAE,mBAAmB;CAC/B,CAAC,CAAA;AAMF,EAAE;AAEF,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC;IAClD,qCAAqC;IACrC,sCAAsC;IACtC,yCAAyC;IACzC,gCAAgC;CACjC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { CLIENT_ASSERTION_TYPE_JWT_BEARER } from './constants.js'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\n\nexport const oauthClientCredentialsJwtBearerSchema = z.object({\n  client_id: oauthClientIdSchema,\n  client_assertion_type: z.literal(CLIENT_ASSERTION_TYPE_JWT_BEARER),\n  /**\n   * - \"sub\" the subject MUST be the \"client_id\" of the OAuth client\n   * - \"iat\" is required and MUST be less than one minute\n   * - \"aud\" must containing a value that identifies the authorization server\n   * - The JWT MAY contain a \"jti\" (JWT ID) claim that provides a unique identifier for the token.\n   * - Note that the authorization server may reject JWTs with an \"exp\" claim value that is unreasonably far in the future.\n   *\n   * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}\n   */\n  client_assertion: signedJwtSchema,\n})\n\nexport type OAuthClientCredentialsJwtBearer = z.infer<\n  typeof oauthClientCredentialsJwtBearerSchema\n>\n\nexport const oauthClientCredentialsSecretPostSchema = z.object({\n  client_id: oauthClientIdSchema,\n  client_secret: z.string(),\n})\n\nexport type OAuthClientCredentialsSecretPost = z.infer<\n  typeof oauthClientCredentialsSecretPostSchema\n>\n\nexport const oauthClientCredentialsNoneSchema = z.object({\n  client_id: oauthClientIdSchema,\n})\n\nexport type OAuthClientCredentialsNone = z.infer<\n  typeof oauthClientCredentialsNoneSchema\n>\n\n//\n\nexport const oauthClientCredentialsSchema = z.union([\n  oauthClientCredentialsJwtBearerSchema,\n  oauthClientCredentialsSecretPostSchema,\n  // Must be last since it is less specific\n  oauthClientCredentialsNoneSchema,\n])\n\nexport type OAuthClientCredentials = z.infer<\n  typeof oauthClientCredentialsSchema\n>\n"]}