@atproto/oauth-types 0.6.3 → 0.7.0

package/dist/oauth-client-id-discoverable.js

@@ -1,52 +1,45 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.conventionalOAuthClientIdSchema = exports.oauthClientIdDiscoverableSchema = void 0;
-exports.isOAuthClientIdDiscoverable = isOAuthClientIdDiscoverable;
-exports.isConventionalOAuthClientId = isConventionalOAuthClientId;
-exports.assertOAuthDiscoverableClientId = assertOAuthDiscoverableClientId;
-exports.parseOAuthDiscoverableClientId = parseOAuthDiscoverableClientId;
-const zod_1 = require("zod");
-const oauth_client_id_js_1 = require("./oauth-client-id.js");
-const uri_js_1 = require("./uri.js");
-const util_js_1 = require("./util.js");
+import { z } from 'zod';
+import { oauthClientIdSchema } from './oauth-client-id.js';
+import { httpsUriSchema } from './uri.js';
+import { extractUrlPath, isHostnameIP } from './util.js';
 /**
  * @see {@link https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html}
  */
-exports.oauthClientIdDiscoverableSchema = zod_1.z
-    .intersection(oauth_client_id_js_1.oauthClientIdSchema, uri_js_1.httpsUriSchema)
+export const oauthClientIdDiscoverableSchema = z
+    .intersection(oauthClientIdSchema, httpsUriSchema)
     .superRefine((value, ctx) => {
     const url = new URL(value);
     if (url.username || url.password) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID must not contain credentials',
         });
         return false;
     }
     if (url.hash) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID must not contain a fragment',
         });
         return false;
     }
     if (url.pathname === '/') {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID must contain a path component (e.g. "/client-metadata.json")',
         });
         return false;
     }
     if (url.pathname.endsWith('/')) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID path must not end with a trailing slash',
         });
         return false;
     }
-    if ((0, util_js_1.isHostnameIP)(url.hostname)) {
+    if (isHostnameIP(url.hostname)) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID hostname must not be an IP address',
         });
         return false;
@@ -54,50 +47,50 @@ exports.oauthClientIdDiscoverableSchema = zod_1.z
     // URL constructor normalizes the URL, so we extract the path manually to
     // avoid normalization, then compare it to the normalized path to ensure
     // that the URL does not contain path traversal or other unexpected characters
-    if ((0, util_js_1.extractUrlPath)(value) !== url.pathname) {
+    if (extractUrlPath(value) !== url.pathname) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: `ClientID must be in canonical form ("${url.href}", got "${value}")`,
         });
         return false;
     }
     return true;
 });
-function isOAuthClientIdDiscoverable(clientId) {
-    return exports.oauthClientIdDiscoverableSchema.safeParse(clientId).success;
+export function isOAuthClientIdDiscoverable(clientId) {
+    return oauthClientIdDiscoverableSchema.safeParse(clientId).success;
 }
-exports.conventionalOAuthClientIdSchema = exports.oauthClientIdDiscoverableSchema.superRefine((value, ctx) => {
+export const conventionalOAuthClientIdSchema = oauthClientIdDiscoverableSchema.superRefine((value, ctx) => {
     const url = new URL(value);
     if (url.port) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID must not contain a port',
         });
         return false;
     }
     if (url.search) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID must not contain a query string',
         });
         return false;
     }
     if (url.pathname !== '/oauth-client-metadata.json') {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'ClientID must be "/oauth-client-metadata.json"',
         });
         return false;
     }
     return true;
 });
-function isConventionalOAuthClientId(clientId) {
-    return exports.conventionalOAuthClientIdSchema.safeParse(clientId).success;
+export function isConventionalOAuthClientId(clientId) {
+    return conventionalOAuthClientIdSchema.safeParse(clientId).success;
 }
-function assertOAuthDiscoverableClientId(value) {
-    void exports.oauthClientIdDiscoverableSchema.parse(value);
+export function assertOAuthDiscoverableClientId(value) {
+    void oauthClientIdDiscoverableSchema.parse(value);
 }
-function parseOAuthDiscoverableClientId(clientId) {
-    return new URL(exports.oauthClientIdDiscoverableSchema.parse(clientId));
+export function parseOAuthDiscoverableClientId(clientId) {
+    return new URL(oauthClientIdDiscoverableSchema.parse(clientId));
 }
 //# sourceMappingURL=oauth-client-id-discoverable.js.map

package/dist/oauth-client-id-discoverable.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":";;;AAwEA,kEAIC;AAuCD,kEAIC;AAED,0EAIC;AAED,wEAEC;AAjID,6BAA+B;AAC/B,6DAA0D;AAC1D,qCAAyC;AACzC,uCAAwD;AAExD;;GAEG;AACU,QAAA,+BAA+B,GAAG,OAAC;KAC7C,YAAY,CAAC,wCAAmB,EAAE,uBAAc,CAAC;KACjD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAA0C,EAAE;IAClE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uEAAuE;SAC1E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,IAAA,wBAAc,EAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,wCAAwC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI;SAC9E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAC,CAAA;AAMJ,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAEY,QAAA,+BAA+B,GAC1C,uCAA+B,CAAC,WAAW,CACzC,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACf,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,6BAA6B,EAAE,CAAC;QACnD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAMH,SAAgB,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAED,SAAgB,+BAA+B,CAC7C,KAAa;IAEb,KAAK,uCAA+B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AACnD,CAAC;AAED,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,OAAO,IAAI,GAAG,CAAC,uCAA+B,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;AACjE,CAAC","sourcesContent":["import { TypeOf, z } from 'zod'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { httpsUriSchema } from './uri.js'\nimport { extractUrlPath, isHostnameIP } from './util.js'\n\n/**\n * @see {@link https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html}\n */\nexport const oauthClientIdDiscoverableSchema = z\n  .intersection(oauthClientIdSchema, httpsUriSchema)\n  .superRefine((value, ctx): value is `https://${string}/${string}` => {\n    const url = new URL(value)\n\n    if (url.username || url.password) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID must not contain credentials',\n      })\n      return false\n    }\n\n    if (url.hash) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID must not contain a fragment',\n      })\n      return false\n    }\n\n    if (url.pathname === '/') {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message:\n          'ClientID must contain a path component (e.g. \"/client-metadata.json\")',\n      })\n      return false\n    }\n\n    if (url.pathname.endsWith('/')) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID path must not end with a trailing slash',\n      })\n      return false\n    }\n\n    if (isHostnameIP(url.hostname)) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID hostname must not be an IP address',\n      })\n      return false\n    }\n\n    // URL constructor normalizes the URL, so we extract the path manually to\n    // avoid normalization, then compare it to the normalized path to ensure\n    // that the URL does not contain path traversal or other unexpected characters\n    if (extractUrlPath(value) !== url.pathname) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: `ClientID must be in canonical form (\"${url.href}\", got \"${value}\")`,\n      })\n      return false\n    }\n\n    return true\n  })\n\nexport type OAuthClientIdDiscoverable = TypeOf<\n  typeof oauthClientIdDiscoverableSchema\n>\n\nexport function isOAuthClientIdDiscoverable(\n  clientId: string,\n): clientId is OAuthClientIdDiscoverable {\n  return oauthClientIdDiscoverableSchema.safeParse(clientId).success\n}\n\nexport const conventionalOAuthClientIdSchema =\n  oauthClientIdDiscoverableSchema.superRefine(\n    (value, ctx): value is `https://${string}/oauth-client-metadata.json` => {\n      const url = new URL(value)\n\n      if (url.port) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'ClientID must not contain a port',\n        })\n        return false\n      }\n\n      if (url.search) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'ClientID must not contain a query string',\n        })\n        return false\n      }\n\n      if (url.pathname !== '/oauth-client-metadata.json') {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'ClientID must be \"/oauth-client-metadata.json\"',\n        })\n        return false\n      }\n\n      return true\n    },\n  )\n\nexport type ConventionalOAuthClientId = TypeOf<\n  typeof conventionalOAuthClientIdSchema\n>\n\nexport function isConventionalOAuthClientId(\n  clientId: string,\n): clientId is ConventionalOAuthClientId {\n  return conventionalOAuthClientIdSchema.safeParse(clientId).success\n}\n\nexport function assertOAuthDiscoverableClientId(\n  value: string,\n): asserts value is OAuthClientIdDiscoverable {\n  void oauthClientIdDiscoverableSchema.parse(value)\n}\n\nexport function parseOAuthDiscoverableClientId(clientId: string): URL {\n  return new URL(oauthClientIdDiscoverableSchema.parse(clientId))\n}\n"]}
+{"version":3,"file":"oauth-client-id-discoverable.js","sourceRoot":"","sources":["../src/oauth-client-id-discoverable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,CAAC,EAAE,MAAM,KAAK,CAAA;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AACzC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAExD;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC;KAC7C,YAAY,CAAC,mBAAmB,EAAE,cAAc,CAAC;KACjD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAA0C,EAAE;IAClE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;QACzB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EACL,uEAAuE;SAC1E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,cAAc,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,wCAAwC,GAAG,CAAC,IAAI,WAAW,KAAK,IAAI;SAC9E,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CAAC,CAAA;AAMJ,MAAM,UAAU,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,+BAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAED,MAAM,CAAC,MAAM,+BAA+B,GAC1C,+BAA+B,CAAC,WAAW,CACzC,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACf,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,6BAA6B,EAAE,CAAC;QACnD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAMH,MAAM,UAAU,2BAA2B,CACzC,QAAgB;IAEhB,OAAO,+BAA+B,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAA;AACpE,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,KAAa;IAEb,KAAK,+BAA+B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AACnD,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,QAAgB;IAC7D,OAAO,IAAI,GAAG,CAAC,+BAA+B,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;AACjE,CAAC","sourcesContent":["import { TypeOf, z } from 'zod'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { httpsUriSchema } from './uri.js'\nimport { extractUrlPath, isHostnameIP } from './util.js'\n\n/**\n * @see {@link https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html}\n */\nexport const oauthClientIdDiscoverableSchema = z\n  .intersection(oauthClientIdSchema, httpsUriSchema)\n  .superRefine((value, ctx): value is `https://${string}/${string}` => {\n    const url = new URL(value)\n\n    if (url.username || url.password) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID must not contain credentials',\n      })\n      return false\n    }\n\n    if (url.hash) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID must not contain a fragment',\n      })\n      return false\n    }\n\n    if (url.pathname === '/') {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message:\n          'ClientID must contain a path component (e.g. \"/client-metadata.json\")',\n      })\n      return false\n    }\n\n    if (url.pathname.endsWith('/')) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID path must not end with a trailing slash',\n      })\n      return false\n    }\n\n    if (isHostnameIP(url.hostname)) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'ClientID hostname must not be an IP address',\n      })\n      return false\n    }\n\n    // URL constructor normalizes the URL, so we extract the path manually to\n    // avoid normalization, then compare it to the normalized path to ensure\n    // that the URL does not contain path traversal or other unexpected characters\n    if (extractUrlPath(value) !== url.pathname) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: `ClientID must be in canonical form (\"${url.href}\", got \"${value}\")`,\n      })\n      return false\n    }\n\n    return true\n  })\n\nexport type OAuthClientIdDiscoverable = TypeOf<\n  typeof oauthClientIdDiscoverableSchema\n>\n\nexport function isOAuthClientIdDiscoverable(\n  clientId: string,\n): clientId is OAuthClientIdDiscoverable {\n  return oauthClientIdDiscoverableSchema.safeParse(clientId).success\n}\n\nexport const conventionalOAuthClientIdSchema =\n  oauthClientIdDiscoverableSchema.superRefine(\n    (value, ctx): value is `https://${string}/oauth-client-metadata.json` => {\n      const url = new URL(value)\n\n      if (url.port) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'ClientID must not contain a port',\n        })\n        return false\n      }\n\n      if (url.search) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'ClientID must not contain a query string',\n        })\n        return false\n      }\n\n      if (url.pathname !== '/oauth-client-metadata.json') {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: 'ClientID must be \"/oauth-client-metadata.json\"',\n        })\n        return false\n      }\n\n      return true\n    },\n  )\n\nexport type ConventionalOAuthClientId = TypeOf<\n  typeof conventionalOAuthClientIdSchema\n>\n\nexport function isConventionalOAuthClientId(\n  clientId: string,\n): clientId is ConventionalOAuthClientId {\n  return conventionalOAuthClientIdSchema.safeParse(clientId).success\n}\n\nexport function assertOAuthDiscoverableClientId(\n  value: string,\n): asserts value is OAuthClientIdDiscoverable {\n  void oauthClientIdDiscoverableSchema.parse(value)\n}\n\nexport function parseOAuthDiscoverableClientId(clientId: string): URL {\n  return new URL(oauthClientIdDiscoverableSchema.parse(clientId))\n}\n"]}

package/dist/oauth-client-id-loopback.js

@@ -1,49 +1,40 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthClientIdLoopbackSchema = exports.LOOPBACK_CLIENT_ID_ORIGIN = void 0;
-exports.assertOAuthLoopbackClientId = assertOAuthLoopbackClientId;
-exports.isOAuthClientIdLoopback = isOAuthClientIdLoopback;
-exports.asOAuthClientIdLoopback = asOAuthClientIdLoopback;
-exports.parseOAuthLoopbackClientId = parseOAuthLoopbackClientId;
-exports.safeParseOAuthLoopbackClientId = safeParseOAuthLoopbackClientId;
-exports.safeParseOAuthLoopbackClientIdQueryString = safeParseOAuthLoopbackClientIdQueryString;
-const oauth_client_id_js_1 = require("./oauth-client-id.js");
-const oauth_redirect_uri_js_1 = require("./oauth-redirect-uri.js");
-const oauth_scope_js_1 = require("./oauth-scope.js");
-exports.LOOPBACK_CLIENT_ID_ORIGIN = 'http://localhost';
-exports.oauthClientIdLoopbackSchema = oauth_client_id_js_1.oauthClientIdSchema.superRefine((input, ctx) => {
+import { oauthClientIdSchema } from './oauth-client-id.js';
+import { oauthLoopbackClientRedirectUriSchema, } from './oauth-redirect-uri.js';
+import { oauthScopeSchema } from './oauth-scope.js';
+export const LOOPBACK_CLIENT_ID_ORIGIN = 'http://localhost';
+export const oauthClientIdLoopbackSchema = oauthClientIdSchema.superRefine((input, ctx) => {
     const result = safeParseOAuthLoopbackClientId(input);
     if (!result.success) {
         ctx.addIssue({ code: 'custom', message: result.message });
     }
     return result.success;
 });
-function assertOAuthLoopbackClientId(input) {
+export function assertOAuthLoopbackClientId(input) {
     void parseOAuthLoopbackClientId(input);
 }
-function isOAuthClientIdLoopback(input) {
+export function isOAuthClientIdLoopback(input) {
     return safeParseOAuthLoopbackClientId(input).success;
 }
-function asOAuthClientIdLoopback(input) {
+export function asOAuthClientIdLoopback(input) {
     assertOAuthLoopbackClientId(input);
     return input;
 }
-function parseOAuthLoopbackClientId(input) {
+export function parseOAuthLoopbackClientId(input) {
     const result = safeParseOAuthLoopbackClientId(input);
     if (result.success)
         return result.value;
     throw new TypeError(`Invalid loopback client ID: ${result.message}`);
 }
-function safeParseOAuthLoopbackClientId(input) {
+export function safeParseOAuthLoopbackClientId(input) {
     // @NOTE Not using "new URL" to ensure input indeed matches the type
     // OAuthClientIdLoopback
-    if (!input.startsWith(exports.LOOPBACK_CLIENT_ID_ORIGIN)) {
+    if (!input.startsWith(LOOPBACK_CLIENT_ID_ORIGIN)) {
         return {
             success: false,
-            message: `Value must start with "${exports.LOOPBACK_CLIENT_ID_ORIGIN}"`,
+            message: `Value must start with "${LOOPBACK_CLIENT_ID_ORIGIN}"`,
         };
     }
-    if (input.includes('#', exports.LOOPBACK_CLIENT_ID_ORIGIN.length)) {
+    if (input.includes('#', LOOPBACK_CLIENT_ID_ORIGIN.length)) {
         return {
             success: false,
             message: 'Value must not contain a hash component',
@@ -51,10 +42,10 @@ function safeParseOAuthLoopbackClientId(input) {
     }
     // Since we don't allow a path component (except for a single "/") the query
     // string starts after the origin (+ 1 if there is a "/")
-    const queryStringIdx = input.length > exports.LOOPBACK_CLIENT_ID_ORIGIN.length &&
-        input.charCodeAt(exports.LOOPBACK_CLIENT_ID_ORIGIN.length) === 0x2f /* '/' */
-        ? exports.LOOPBACK_CLIENT_ID_ORIGIN.length + 1
-        : exports.LOOPBACK_CLIENT_ID_ORIGIN.length;
+    const queryStringIdx = input.length > LOOPBACK_CLIENT_ID_ORIGIN.length &&
+        input.charCodeAt(LOOPBACK_CLIENT_ID_ORIGIN.length) === 0x2f /* '/' */
+        ? LOOPBACK_CLIENT_ID_ORIGIN.length + 1
+        : LOOPBACK_CLIENT_ID_ORIGIN.length;
     // Since we determined the position of the query string based on the origin
     // length (instead of looking for a "?"), we need to make sure the query
     // string position (if any) indeed starts with a "?".
@@ -68,7 +59,7 @@ function safeParseOAuthLoopbackClientId(input) {
     const queryString = input.slice(queryStringIdx + 1);
     return safeParseOAuthLoopbackClientIdQueryString(queryString);
 }
-function safeParseOAuthLoopbackClientIdQueryString(input) {
+export function safeParseOAuthLoopbackClientIdQueryString(input) {
     // Parse query params
     const params = {};
     const it = typeof input === 'string' ? new URLSearchParams(input) : input;
@@ -80,7 +71,7 @@ function safeParseOAuthLoopbackClientIdQueryString(input) {
                     message: 'Duplicate "scope" query parameter',
                 };
             }
-            const res = oauth_scope_js_1.oauthScopeSchema.safeParse(value);
+            const res = oauthScopeSchema.safeParse(value);
             if (!res.success) {
                 const reason = res.error.issues.map((i) => i.message).join(', ');
                 return {
@@ -91,7 +82,7 @@ function safeParseOAuthLoopbackClientIdQueryString(input) {
             params.scope = res.data;
         }
         else if (key === 'redirect_uri') {
-            const res = oauth_redirect_uri_js_1.oauthLoopbackClientRedirectUriSchema.safeParse(value);
+            const res = oauthLoopbackClientRedirectUriSchema.safeParse(value);
             if (!res.success) {
                 const reason = res.error.issues.map((i) => i.message).join(', ');
                 return {

package/dist/oauth-client-id-loopback.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id-loopback.js","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":";;;AAkCA,kEAIC;AAED,0DAIC;AAED,0DAGC;AAED,gEAOC;AAUD,wEA2CC;AAED,8FAkDC;AAnKD,6DAA0D;AAC1D,mEAGgC;AAChC,qDAA+D;AAElD,QAAA,yBAAyB,GAAG,kBAAkB,CAAA;AAiB9C,QAAA,2BAA2B,GAAG,wCAAmB,CAAC,WAAW,CACxE,CAAC,KAAK,EAAE,GAAG,EAAkC,EAAE;IAC7C,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,CAAA;IACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;IAC3D,CAAC;IACD,OAAO,MAAM,CAAC,OAAO,CAAA;AACvB,CAAC,CACF,CAAA;AAED,SAAgB,2BAA2B,CACzC,KAAa;IAEb,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,SAAgB,uBAAuB,CACrC,KAAQ;IAER,OAAO,8BAA8B,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AACtD,CAAC;AAED,SAAgB,uBAAuB,CAAmB,KAAQ;IAChE,2BAA2B,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAgB,0BAA0B,CACxC,KAAa;IAEb,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,CAAA;IACpD,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO,MAAM,CAAC,KAAK,CAAA;IAEvC,MAAM,IAAI,SAAS,CAAC,+BAA+B,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;AACtE,CAAC;AAUD,SAAgB,8BAA8B,CAC5C,KAAa;IAEb,oEAAoE;IACpE,wBAAwB;IAExB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,iCAAyB,CAAC,EAAE,CAAC;QACjD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,0BAA0B,iCAAyB,GAAG;SAChE,CAAA;IACH,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,iCAAyB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,yCAAyC;SACnD,CAAA;IACH,CAAC;IAED,4EAA4E;IAC5E,yDAAyD;IACzD,MAAM,cAAc,GAClB,KAAK,CAAC,MAAM,GAAG,iCAAyB,CAAC,MAAM;QAC/C,KAAK,CAAC,UAAU,CAAC,iCAAyB,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,SAAS;QACnE,CAAC,CAAC,iCAAyB,CAAC,MAAM,GAAG,CAAC;QACtC,CAAC,CAAC,iCAAyB,CAAC,MAAM,CAAA;IAEtC,2EAA2E;IAC3E,wEAAwE;IACxE,qDAAqD;IACrD,IACE,KAAK,CAAC,MAAM,KAAK,cAAc;QAC/B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,EACnD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,yCAAyC;SACnD,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAA;IACnD,OAAO,yCAAyC,CAAC,WAAW,CAAC,CAAA;AAC/D,CAAC;AAED,SAAgB,yCAAyC,CACvD,KAAsD;IAEtD,qBAAqB;IACrB,MAAM,MAAM,GAAgC,EAAE,CAAA;IAE9C,MAAM,EAAE,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IACzE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC9B,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,mCAAmC;iBAC7C,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,iCAAgB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAC7C,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,oCAAoC,MAAM,IAAI,mBAAmB,EAAE;iBAC7E,CAAA;YACH,CAAC;YAED,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,IAAI,CAAA;QACzB,CAAC;aAAM,IAAI,GAAG,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,4DAAoC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YACjE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,2CAA2C,MAAM,IAAI,mBAAmB,EAAE;iBACpF,CAAA;YACH,CAAC;YAED,IAAI,MAAM,CAAC,aAAa,IAAI,IAAI;gBAAE,MAAM,CAAC,aAAa,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;;gBAC9D,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC1C,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B,GAAG,GAAG;aAC/C,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,MAAM;KACd,CAAA;AACH,CAAC","sourcesContent":["import { oauthClientIdSchema } from './oauth-client-id.js'\nimport {\n  OAuthLoopbackRedirectURI,\n  oauthLoopbackClientRedirectUriSchema,\n} from './oauth-redirect-uri.js'\nimport { OAuthScope, oauthScopeSchema } from './oauth-scope.js'\n\nexport const LOOPBACK_CLIENT_ID_ORIGIN = 'http://localhost'\n\n// @NOTE This is not actually based on a standard, but rather a convention\n// established by Bluesky in the Atproto specs and implementation. As such, and\n// in order to respect the convention from this package, these should be\n// prefixed with \"Atproto\" instead of \"OAuth\". For legacy reasons, we keep the\n// current names, but we should rename them in a future major release, unless\n// loopback client ids have since then been standardized.\n\nexport type OAuthClientIdLoopback =\n  `http://localhost${'' | `/`}${'' | `?${string}`}`\n\nexport type OAuthLoopbackClientIdParams = {\n  scope?: OAuthScope\n  redirect_uris?: [OAuthLoopbackRedirectURI, ...OAuthLoopbackRedirectURI[]]\n}\n\nexport const oauthClientIdLoopbackSchema = oauthClientIdSchema.superRefine(\n  (input, ctx): input is OAuthClientIdLoopback => {\n    const result = safeParseOAuthLoopbackClientId(input)\n    if (!result.success) {\n      ctx.addIssue({ code: 'custom', message: result.message })\n    }\n    return result.success\n  },\n)\n\nexport function assertOAuthLoopbackClientId(\n  input: string,\n): asserts input is OAuthClientIdLoopback {\n  void parseOAuthLoopbackClientId(input)\n}\n\nexport function isOAuthClientIdLoopback<T extends string>(\n  input: T,\n): input is T & OAuthClientIdLoopback {\n  return safeParseOAuthLoopbackClientId(input).success\n}\n\nexport function asOAuthClientIdLoopback<T extends string>(input: T) {\n  assertOAuthLoopbackClientId(input)\n  return input\n}\n\nexport function parseOAuthLoopbackClientId(\n  input: string,\n): OAuthLoopbackClientIdParams {\n  const result = safeParseOAuthLoopbackClientId(input)\n  if (result.success) return result.value\n\n  throw new TypeError(`Invalid loopback client ID: ${result.message}`)\n}\n\n/**\n * Similar to Zod's {@link SafeParseReturnType} but uses a simple \"message\"\n * string instead of an \"error\" Error object.\n */\ntype LightParseReturnType<T> =\n  | { success: true; value: T }\n  | { success: false; message: string }\n\nexport function safeParseOAuthLoopbackClientId(\n  input: string,\n): LightParseReturnType<OAuthLoopbackClientIdParams> {\n  // @NOTE Not using \"new URL\" to ensure input indeed matches the type\n  // OAuthClientIdLoopback\n\n  if (!input.startsWith(LOOPBACK_CLIENT_ID_ORIGIN)) {\n    return {\n      success: false,\n      message: `Value must start with \"${LOOPBACK_CLIENT_ID_ORIGIN}\"`,\n    }\n  }\n\n  if (input.includes('#', LOOPBACK_CLIENT_ID_ORIGIN.length)) {\n    return {\n      success: false,\n      message: 'Value must not contain a hash component',\n    }\n  }\n\n  // Since we don't allow a path component (except for a single \"/\") the query\n  // string starts after the origin (+ 1 if there is a \"/\")\n  const queryStringIdx =\n    input.length > LOOPBACK_CLIENT_ID_ORIGIN.length &&\n    input.charCodeAt(LOOPBACK_CLIENT_ID_ORIGIN.length) === 0x2f /* '/' */\n      ? LOOPBACK_CLIENT_ID_ORIGIN.length + 1\n      : LOOPBACK_CLIENT_ID_ORIGIN.length\n\n  // Since we determined the position of the query string based on the origin\n  // length (instead of looking for a \"?\"), we need to make sure the query\n  // string position (if any) indeed starts with a \"?\".\n  if (\n    input.length !== queryStringIdx &&\n    input.charCodeAt(queryStringIdx) !== 0x3f /* '?' */\n  ) {\n    return {\n      success: false,\n      message: 'Value must not contain a path component',\n    }\n  }\n\n  const queryString = input.slice(queryStringIdx + 1)\n  return safeParseOAuthLoopbackClientIdQueryString(queryString)\n}\n\nexport function safeParseOAuthLoopbackClientIdQueryString(\n  input: string | Iterable<[key: string, value: string]>,\n): LightParseReturnType<OAuthLoopbackClientIdParams> {\n  // Parse query params\n  const params: OAuthLoopbackClientIdParams = {}\n\n  const it = typeof input === 'string' ? new URLSearchParams(input) : input\n  for (const [key, value] of it) {\n    if (key === 'scope') {\n      if ('scope' in params) {\n        return {\n          success: false,\n          message: 'Duplicate \"scope\" query parameter',\n        }\n      }\n\n      const res = oauthScopeSchema.safeParse(value)\n      if (!res.success) {\n        const reason = res.error.issues.map((i) => i.message).join(', ')\n        return {\n          success: false,\n          message: `Invalid \"scope\" query parameter: ${reason || 'Validation failed'}`,\n        }\n      }\n\n      params.scope = res.data\n    } else if (key === 'redirect_uri') {\n      const res = oauthLoopbackClientRedirectUriSchema.safeParse(value)\n      if (!res.success) {\n        const reason = res.error.issues.map((i) => i.message).join(', ')\n        return {\n          success: false,\n          message: `Invalid \"redirect_uri\" query parameter: ${reason || 'Validation failed'}`,\n        }\n      }\n\n      if (params.redirect_uris == null) params.redirect_uris = [res.data]\n      else params.redirect_uris.push(res.data)\n    } else {\n      return {\n        success: false,\n        message: `Unexpected query parameter \"${key}\"`,\n      }\n    }\n  }\n\n  return {\n    success: true,\n    value: params,\n  }\n}\n"]}
+{"version":3,"file":"oauth-client-id-loopback.js","sourceRoot":"","sources":["../src/oauth-client-id-loopback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAEL,oCAAoC,GACrC,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAc,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAE/D,MAAM,CAAC,MAAM,yBAAyB,GAAG,kBAAkB,CAAA;AAiB3D,MAAM,CAAC,MAAM,2BAA2B,GAAG,mBAAmB,CAAC,WAAW,CACxE,CAAC,KAAK,EAAE,GAAG,EAAkC,EAAE;IAC7C,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,CAAA;IACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;IAC3D,CAAC;IACD,OAAO,MAAM,CAAC,OAAO,CAAA;AACvB,CAAC,CACF,CAAA;AAED,MAAM,UAAU,2BAA2B,CACzC,KAAa;IAEb,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAQ;IAER,OAAO,8BAA8B,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AACtD,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAmB,KAAQ;IAChE,2BAA2B,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,KAAa;IAEb,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,CAAA;IACpD,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO,MAAM,CAAC,KAAK,CAAA;IAEvC,MAAM,IAAI,SAAS,CAAC,+BAA+B,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;AACtE,CAAC;AAUD,MAAM,UAAU,8BAA8B,CAC5C,KAAa;IAEb,oEAAoE;IACpE,wBAAwB;IAExB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,yBAAyB,CAAC,EAAE,CAAC;QACjD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,0BAA0B,yBAAyB,GAAG;SAChE,CAAA;IACH,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,yBAAyB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,yCAAyC;SACnD,CAAA;IACH,CAAC;IAED,4EAA4E;IAC5E,yDAAyD;IACzD,MAAM,cAAc,GAClB,KAAK,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM;QAC/C,KAAK,CAAC,UAAU,CAAC,yBAAyB,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,SAAS;QACnE,CAAC,CAAC,yBAAyB,CAAC,MAAM,GAAG,CAAC;QACtC,CAAC,CAAC,yBAAyB,CAAC,MAAM,CAAA;IAEtC,2EAA2E;IAC3E,wEAAwE;IACxE,qDAAqD;IACrD,IACE,KAAK,CAAC,MAAM,KAAK,cAAc;QAC/B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,EACnD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,yCAAyC;SACnD,CAAA;IACH,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAA;IACnD,OAAO,yCAAyC,CAAC,WAAW,CAAC,CAAA;AAC/D,CAAC;AAED,MAAM,UAAU,yCAAyC,CACvD,KAAsD;IAEtD,qBAAqB;IACrB,MAAM,MAAM,GAAgC,EAAE,CAAA;IAE9C,MAAM,EAAE,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IACzE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC9B,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,mCAAmC;iBAC7C,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YAC7C,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,oCAAoC,MAAM,IAAI,mBAAmB,EAAE;iBAC7E,CAAA;YACH,CAAC;YAED,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,IAAI,CAAA;QACzB,CAAC;aAAM,IAAI,GAAG,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,oCAAoC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YACjE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,2CAA2C,MAAM,IAAI,mBAAmB,EAAE;iBACpF,CAAA;YACH,CAAC;YAED,IAAI,MAAM,CAAC,aAAa,IAAI,IAAI;gBAAE,MAAM,CAAC,aAAa,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;;gBAC9D,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC1C,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B,GAAG,GAAG;aAC/C,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,MAAM;KACd,CAAA;AACH,CAAC","sourcesContent":["import { oauthClientIdSchema } from './oauth-client-id.js'\nimport {\n  OAuthLoopbackRedirectURI,\n  oauthLoopbackClientRedirectUriSchema,\n} from './oauth-redirect-uri.js'\nimport { OAuthScope, oauthScopeSchema } from './oauth-scope.js'\n\nexport const LOOPBACK_CLIENT_ID_ORIGIN = 'http://localhost'\n\n// @NOTE This is not actually based on a standard, but rather a convention\n// established by Bluesky in the Atproto specs and implementation. As such, and\n// in order to respect the convention from this package, these should be\n// prefixed with \"Atproto\" instead of \"OAuth\". For legacy reasons, we keep the\n// current names, but we should rename them in a future major release, unless\n// loopback client ids have since then been standardized.\n\nexport type OAuthClientIdLoopback =\n  `http://localhost${'' | `/`}${'' | `?${string}`}`\n\nexport type OAuthLoopbackClientIdParams = {\n  scope?: OAuthScope\n  redirect_uris?: [OAuthLoopbackRedirectURI, ...OAuthLoopbackRedirectURI[]]\n}\n\nexport const oauthClientIdLoopbackSchema = oauthClientIdSchema.superRefine(\n  (input, ctx): input is OAuthClientIdLoopback => {\n    const result = safeParseOAuthLoopbackClientId(input)\n    if (!result.success) {\n      ctx.addIssue({ code: 'custom', message: result.message })\n    }\n    return result.success\n  },\n)\n\nexport function assertOAuthLoopbackClientId(\n  input: string,\n): asserts input is OAuthClientIdLoopback {\n  void parseOAuthLoopbackClientId(input)\n}\n\nexport function isOAuthClientIdLoopback<T extends string>(\n  input: T,\n): input is T & OAuthClientIdLoopback {\n  return safeParseOAuthLoopbackClientId(input).success\n}\n\nexport function asOAuthClientIdLoopback<T extends string>(input: T) {\n  assertOAuthLoopbackClientId(input)\n  return input\n}\n\nexport function parseOAuthLoopbackClientId(\n  input: string,\n): OAuthLoopbackClientIdParams {\n  const result = safeParseOAuthLoopbackClientId(input)\n  if (result.success) return result.value\n\n  throw new TypeError(`Invalid loopback client ID: ${result.message}`)\n}\n\n/**\n * Similar to Zod's {@link SafeParseReturnType} but uses a simple \"message\"\n * string instead of an \"error\" Error object.\n */\ntype LightParseReturnType<T> =\n  | { success: true; value: T }\n  | { success: false; message: string }\n\nexport function safeParseOAuthLoopbackClientId(\n  input: string,\n): LightParseReturnType<OAuthLoopbackClientIdParams> {\n  // @NOTE Not using \"new URL\" to ensure input indeed matches the type\n  // OAuthClientIdLoopback\n\n  if (!input.startsWith(LOOPBACK_CLIENT_ID_ORIGIN)) {\n    return {\n      success: false,\n      message: `Value must start with \"${LOOPBACK_CLIENT_ID_ORIGIN}\"`,\n    }\n  }\n\n  if (input.includes('#', LOOPBACK_CLIENT_ID_ORIGIN.length)) {\n    return {\n      success: false,\n      message: 'Value must not contain a hash component',\n    }\n  }\n\n  // Since we don't allow a path component (except for a single \"/\") the query\n  // string starts after the origin (+ 1 if there is a \"/\")\n  const queryStringIdx =\n    input.length > LOOPBACK_CLIENT_ID_ORIGIN.length &&\n    input.charCodeAt(LOOPBACK_CLIENT_ID_ORIGIN.length) === 0x2f /* '/' */\n      ? LOOPBACK_CLIENT_ID_ORIGIN.length + 1\n      : LOOPBACK_CLIENT_ID_ORIGIN.length\n\n  // Since we determined the position of the query string based on the origin\n  // length (instead of looking for a \"?\"), we need to make sure the query\n  // string position (if any) indeed starts with a \"?\".\n  if (\n    input.length !== queryStringIdx &&\n    input.charCodeAt(queryStringIdx) !== 0x3f /* '?' */\n  ) {\n    return {\n      success: false,\n      message: 'Value must not contain a path component',\n    }\n  }\n\n  const queryString = input.slice(queryStringIdx + 1)\n  return safeParseOAuthLoopbackClientIdQueryString(queryString)\n}\n\nexport function safeParseOAuthLoopbackClientIdQueryString(\n  input: string | Iterable<[key: string, value: string]>,\n): LightParseReturnType<OAuthLoopbackClientIdParams> {\n  // Parse query params\n  const params: OAuthLoopbackClientIdParams = {}\n\n  const it = typeof input === 'string' ? new URLSearchParams(input) : input\n  for (const [key, value] of it) {\n    if (key === 'scope') {\n      if ('scope' in params) {\n        return {\n          success: false,\n          message: 'Duplicate \"scope\" query parameter',\n        }\n      }\n\n      const res = oauthScopeSchema.safeParse(value)\n      if (!res.success) {\n        const reason = res.error.issues.map((i) => i.message).join(', ')\n        return {\n          success: false,\n          message: `Invalid \"scope\" query parameter: ${reason || 'Validation failed'}`,\n        }\n      }\n\n      params.scope = res.data\n    } else if (key === 'redirect_uri') {\n      const res = oauthLoopbackClientRedirectUriSchema.safeParse(value)\n      if (!res.success) {\n        const reason = res.error.issues.map((i) => i.message).join(', ')\n        return {\n          success: false,\n          message: `Invalid \"redirect_uri\" query parameter: ${reason || 'Validation failed'}`,\n        }\n      }\n\n      if (params.redirect_uris == null) params.redirect_uris = [res.data]\n      else params.redirect_uris.push(res.data)\n    } else {\n      return {\n        success: false,\n        message: `Unexpected query parameter \"${key}\"`,\n      }\n    }\n  }\n\n  return {\n    success: true,\n    value: params,\n  }\n}\n"]}

package/dist/oauth-client-id.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthClientIdSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthClientIdSchema = zod_1.z.string().min(1);
+import { z } from 'zod';
+export const oauthClientIdSchema = z.string().min(1);
 //# sourceMappingURL=oauth-client-id.js.map

package/dist/oauth-client-id.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../src/oauth-client-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthClientIdSchema = z.string().min(1)\nexport type OAuthClientId = z.infer<typeof oauthClientIdSchema>\n"]}
+{"version":3,"file":"oauth-client-id.js","sourceRoot":"","sources":["../src/oauth-client-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthClientIdSchema = z.string().min(1)\nexport type OAuthClientId = z.infer<typeof oauthClientIdSchema>\n"]}

package/dist/oauth-client-metadata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAUvB;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB;IACpC;;OAEG;;;;;;;;;;;cA4D6/J,EAAG,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE,UAAU;;;;eAAqF,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;eAA+I,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;;;;;;;;;;;;IArB3sY;;;;;;OAMG;;;;;;;;;;;;;;;;;;;;;;;;;eAeuuR,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAJ3sY,CAAA;AAEF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAC3E,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA"}
+{"version":3,"file":"oauth-client-metadata.d.ts","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAUvB;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB;IACpC;;OAEG;;;;;;;;;;;;;;;eA4DunK,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;eAA+I,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;;;;;;;;;;;;IArB3sY;;;;;;OAMG;;;;;;;;;;;;;;;;;;;;;;;;;eAeuuR,CAAC;eAAoF,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;aAA+B,CAAC;aAA+B,CAAC;cAAgC,CAAC;cAAgC,CAAC;cAAgC,CAAC;eAAiC,CAAC;iBAAiB,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;;;;;;;;;eAAsN,CAAC;eAAsD,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;;eAA6K,CAAC;eAAmC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;;;;eAAmK,CAAC;eAAkC,CAAC;eAAiC,CAAC;mBAA4C,CAAC;eAA+H,CAAC;eAAmC,CAAC;sBAAwC,CAAC;eAAiC,CAAC;eAAiC,CAAC;eAAkC,CAAC;eAAiC,CAAC;eAAiC,CAAC;mBAAqC,CAAC;;sBAAsD,CAAC;;aAAsD,CAAC;;;;aAAwF,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAJ3sY,CAAA;AAEF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA;AAC3E,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAA"}

package/dist/oauth-client-metadata.js

@@ -1,15 +1,12 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthClientMetadataSchema = void 0;
-const zod_1 = require("zod");
-const jwk_1 = require("@atproto/jwk");
-const oauth_client_id_js_1 = require("./oauth-client-id.js");
-const oauth_endpoint_auth_method_js_1 = require("./oauth-endpoint-auth-method.js");
-const oauth_grant_type_js_1 = require("./oauth-grant-type.js");
-const oauth_redirect_uri_js_1 = require("./oauth-redirect-uri.js");
-const oauth_response_type_js_1 = require("./oauth-response-type.js");
-const oauth_scope_js_1 = require("./oauth-scope.js");
-const uri_js_1 = require("./uri.js");
+import { z } from 'zod';
+import { jwksPubSchema } from '@atproto/jwk';
+import { oauthClientIdSchema } from './oauth-client-id.js';
+import { oauthEndpointAuthMethod } from './oauth-endpoint-auth-method.js';
+import { oauthGrantTypeSchema } from './oauth-grant-type.js';
+import { oauthRedirectUriSchema } from './oauth-redirect-uri.js';
+import { oauthResponseTypeSchema } from './oauth-response-type.js';
+import { oauthScopeSchema } from './oauth-scope.js';
+import { webUriSchema } from './uri.js';
 /**
  * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html}
  * @see {@link https://datatracker.ietf.org/doc/html/rfc7591}
@@ -17,47 +14,47 @@ const uri_js_1 = require("./uri.js");
  * environments. Make sure to validate the URIs before using it in a production
  * environment.
  */
-exports.oauthClientMetadataSchema = zod_1.z.object({
+export const oauthClientMetadataSchema = z.object({
     /**
      * @note redirect_uris require additional validation
      */
     // https://www.rfc-editor.org/rfc/rfc7591.html#section-2
-    redirect_uris: zod_1.z.array(oauth_redirect_uri_js_1.oauthRedirectUriSchema).nonempty(),
-    response_types: zod_1.z
-        .array(oauth_response_type_js_1.oauthResponseTypeSchema)
+    redirect_uris: z.array(oauthRedirectUriSchema).nonempty(),
+    response_types: z
+        .array(oauthResponseTypeSchema)
         .nonempty()
         // > If omitted, the default is that the client will use only the "code"
         // > response type.
         .default(['code']),
-    grant_types: zod_1.z
-        .array(oauth_grant_type_js_1.oauthGrantTypeSchema)
+    grant_types: z
+        .array(oauthGrantTypeSchema)
         .nonempty()
         // > If omitted, the default behavior is that the client will use only the
         // > "authorization_code" Grant Type.
         .default(['authorization_code']),
-    scope: oauth_scope_js_1.oauthScopeSchema.optional(),
+    scope: oauthScopeSchema.optional(),
     // https://www.rfc-editor.org/rfc/rfc7591.html#section-2
-    token_endpoint_auth_method: oauth_endpoint_auth_method_js_1.oauthEndpointAuthMethod
+    token_endpoint_auth_method: oauthEndpointAuthMethod
         // > If unspecified or omitted, the default is "client_secret_basic" [...].
         .default('client_secret_basic'),
-    token_endpoint_auth_signing_alg: zod_1.z.string().optional(),
-    userinfo_signed_response_alg: zod_1.z.string().optional(),
-    userinfo_encrypted_response_alg: zod_1.z.string().optional(),
-    jwks_uri: uri_js_1.webUriSchema.optional(),
-    jwks: jwk_1.jwksPubSchema.optional(),
-    application_type: zod_1.z.enum(['web', 'native']).default('web'), // default, per spec, is "web"
-    subject_type: zod_1.z.enum(['public', 'pairwise']).default('public'),
-    request_object_signing_alg: zod_1.z.string().optional(),
-    id_token_signed_response_alg: zod_1.z.string().optional(),
-    authorization_signed_response_alg: zod_1.z.string().default('RS256'),
-    authorization_encrypted_response_enc: zod_1.z.enum(['A128CBC-HS256']).optional(),
-    authorization_encrypted_response_alg: zod_1.z.string().optional(),
-    client_id: oauth_client_id_js_1.oauthClientIdSchema.optional(),
-    client_name: zod_1.z.string().optional(),
-    client_uri: uri_js_1.webUriSchema.optional(),
-    policy_uri: uri_js_1.webUriSchema.optional(),
-    tos_uri: uri_js_1.webUriSchema.optional(),
-    logo_uri: uri_js_1.webUriSchema.optional(), // @TODO: allow data: uri ?
+    token_endpoint_auth_signing_alg: z.string().optional(),
+    userinfo_signed_response_alg: z.string().optional(),
+    userinfo_encrypted_response_alg: z.string().optional(),
+    jwks_uri: webUriSchema.optional(),
+    jwks: jwksPubSchema.optional(),
+    application_type: z.enum(['web', 'native']).default('web'), // default, per spec, is "web"
+    subject_type: z.enum(['public', 'pairwise']).default('public'),
+    request_object_signing_alg: z.string().optional(),
+    id_token_signed_response_alg: z.string().optional(),
+    authorization_signed_response_alg: z.string().default('RS256'),
+    authorization_encrypted_response_enc: z.enum(['A128CBC-HS256']).optional(),
+    authorization_encrypted_response_alg: z.string().optional(),
+    client_id: oauthClientIdSchema.optional(),
+    client_name: z.string().optional(),
+    client_uri: webUriSchema.optional(),
+    policy_uri: webUriSchema.optional(),
+    tos_uri: webUriSchema.optional(),
+    logo_uri: webUriSchema.optional(), // @TODO: allow data: uri ?
     /**
      * Default Maximum Authentication Age. Specifies that the End-User MUST be
      * actively authenticated if the End-User was authenticated longer ago than
@@ -65,13 +62,13 @@ exports.oauthClientMetadataSchema = zod_1.z.object({
      * this default value. If omitted, no default Maximum Authentication Age is
      * specified.
      */
-    default_max_age: zod_1.z.number().optional(),
-    require_auth_time: zod_1.z.boolean().optional(),
-    contacts: zod_1.z.array(zod_1.z.string().email()).optional(),
-    tls_client_certificate_bound_access_tokens: zod_1.z.boolean().optional(),
+    default_max_age: z.number().optional(),
+    require_auth_time: z.boolean().optional(),
+    contacts: z.array(z.string().email()).optional(),
+    tls_client_certificate_bound_access_tokens: z.boolean().optional(),
     // https://datatracker.ietf.org/doc/html/rfc9449#section-5.2
-    dpop_bound_access_tokens: zod_1.z.boolean().optional(),
+    dpop_bound_access_tokens: z.boolean().optional(),
     // https://datatracker.ietf.org/doc/html/rfc9396#section-14.5
-    authorization_details_types: zod_1.z.array(zod_1.z.string()).optional(),
+    authorization_details_types: z.array(z.string()).optional(),
 });
 //# sourceMappingURL=oauth-client-metadata.js.map

package/dist/oauth-client-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client-metadata.js","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA4C;AAC5C,6DAA0D;AAC1D,mFAAyE;AACzE,+DAA4D;AAC5D,mEAAgE;AAChE,qEAAkE;AAClE,qDAAmD;AACnD,qCAAuC;AAEvC;;;;;;GAMG;AACU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD;;OAEG;IACH,wDAAwD;IACxD,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,8CAAsB,CAAC,CAAC,QAAQ,EAAE;IACzD,cAAc,EAAE,OAAC;SACd,KAAK,CAAC,gDAAuB,CAAC;SAC9B,QAAQ,EAAE;QACX,wEAAwE;QACxE,mBAAmB;SAClB,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;IACpB,WAAW,EAAE,OAAC;SACX,KAAK,CAAC,0CAAoB,CAAC;SAC3B,QAAQ,EAAE;QACX,0EAA0E;QAC1E,qCAAqC;SACpC,OAAO,CAAC,CAAC,oBAAoB,CAAC,CAAC;IAClC,KAAK,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IAClC,wDAAwD;IACxD,0BAA0B,EAAE,uDAAuB;QACjD,2EAA2E;SAC1E,OAAO,CAAC,qBAAqB,CAAC;IACjC,+BAA+B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,4BAA4B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACjC,IAAI,EAAE,mBAAa,CAAC,QAAQ,EAAE;IAC9B,gBAAgB,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,8BAA8B;IAC1F,YAAY,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC9D,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,4BAA4B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,iCAAiC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9D,oCAAoC,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1E,oCAAoC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3D,SAAS,EAAE,wCAAmB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,qBAAY,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE,EAAE,2BAA2B;IAE9D;;;;;;OAMG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,0CAA0C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAElE,4DAA4D;IAC5D,wBAAwB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAEhD,6DAA6D;IAC7D,2BAA2B,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5D,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { jwksPubSchema } from '@atproto/jwk'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthEndpointAuthMethod } from './oauth-endpoint-auth-method.js'\nimport { oauthGrantTypeSchema } from './oauth-grant-type.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7591}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthClientMetadataSchema = z.object({\n  /**\n   * @note redirect_uris require additional validation\n   */\n  // https://www.rfc-editor.org/rfc/rfc7591.html#section-2\n  redirect_uris: z.array(oauthRedirectUriSchema).nonempty(),\n  response_types: z\n    .array(oauthResponseTypeSchema)\n    .nonempty()\n    // > If omitted, the default is that the client will use only the \"code\"\n    // > response type.\n    .default(['code']),\n  grant_types: z\n    .array(oauthGrantTypeSchema)\n    .nonempty()\n    // > If omitted, the default behavior is that the client will use only the\n    // > \"authorization_code\" Grant Type.\n    .default(['authorization_code']),\n  scope: oauthScopeSchema.optional(),\n  // https://www.rfc-editor.org/rfc/rfc7591.html#section-2\n  token_endpoint_auth_method: oauthEndpointAuthMethod\n    // > If unspecified or omitted, the default is \"client_secret_basic\" [...].\n    .default('client_secret_basic'),\n  token_endpoint_auth_signing_alg: z.string().optional(),\n  userinfo_signed_response_alg: z.string().optional(),\n  userinfo_encrypted_response_alg: z.string().optional(),\n  jwks_uri: webUriSchema.optional(),\n  jwks: jwksPubSchema.optional(),\n  application_type: z.enum(['web', 'native']).default('web'), // default, per spec, is \"web\"\n  subject_type: z.enum(['public', 'pairwise']).default('public'),\n  request_object_signing_alg: z.string().optional(),\n  id_token_signed_response_alg: z.string().optional(),\n  authorization_signed_response_alg: z.string().default('RS256'),\n  authorization_encrypted_response_enc: z.enum(['A128CBC-HS256']).optional(),\n  authorization_encrypted_response_alg: z.string().optional(),\n  client_id: oauthClientIdSchema.optional(),\n  client_name: z.string().optional(),\n  client_uri: webUriSchema.optional(),\n  policy_uri: webUriSchema.optional(),\n  tos_uri: webUriSchema.optional(),\n  logo_uri: webUriSchema.optional(), // @TODO: allow data: uri ?\n\n  /**\n   * Default Maximum Authentication Age. Specifies that the End-User MUST be\n   * actively authenticated if the End-User was authenticated longer ago than\n   * the specified number of seconds. The max_age request parameter overrides\n   * this default value. If omitted, no default Maximum Authentication Age is\n   * specified.\n   */\n  default_max_age: z.number().optional(),\n  require_auth_time: z.boolean().optional(),\n  contacts: z.array(z.string().email()).optional(),\n  tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9449#section-5.2\n  dpop_bound_access_tokens: z.boolean().optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9396#section-14.5\n  authorization_details_types: z.array(z.string()).optional(),\n})\n\nexport type OAuthClientMetadata = z.infer<typeof oauthClientMetadataSchema>\nexport type OAuthClientMetadataInput = z.input<typeof oauthClientMetadataSchema>\n"]}
+{"version":3,"file":"oauth-client-metadata.js","sourceRoot":"","sources":["../src/oauth-client-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAA;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAA;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEvC;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD;;OAEG;IACH,wDAAwD;IACxD,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,QAAQ,EAAE;IACzD,cAAc,EAAE,CAAC;SACd,KAAK,CAAC,uBAAuB,CAAC;SAC9B,QAAQ,EAAE;QACX,wEAAwE;QACxE,mBAAmB;SAClB,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;IACpB,WAAW,EAAE,CAAC;SACX,KAAK,CAAC,oBAAoB,CAAC;SAC3B,QAAQ,EAAE;QACX,0EAA0E;QAC1E,qCAAqC;SACpC,OAAO,CAAC,CAAC,oBAAoB,CAAC,CAAC;IAClC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IAClC,wDAAwD;IACxD,0BAA0B,EAAE,uBAAuB;QACjD,2EAA2E;SAC1E,OAAO,CAAC,qBAAqB,CAAC;IACjC,+BAA+B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,4BAA4B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE;IACjC,IAAI,EAAE,aAAa,CAAC,QAAQ,EAAE;IAC9B,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,8BAA8B;IAC1F,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC9D,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,4BAA4B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnD,iCAAiC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9D,oCAAoC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1E,oCAAoC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3D,SAAS,EAAE,mBAAmB,CAAC,QAAQ,EAAE;IACzC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,YAAY,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,YAAY,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,YAAY,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,EAAE,2BAA2B;IAE9D;;;;;;OAMG;IACH,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,0CAA0C,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAElE,4DAA4D;IAC5D,wBAAwB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAEhD,6DAA6D;IAC7D,2BAA2B,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5D,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { jwksPubSchema } from '@atproto/jwk'\nimport { oauthClientIdSchema } from './oauth-client-id.js'\nimport { oauthEndpointAuthMethod } from './oauth-endpoint-auth-method.js'\nimport { oauthGrantTypeSchema } from './oauth-grant-type.js'\nimport { oauthRedirectUriSchema } from './oauth-redirect-uri.js'\nimport { oauthResponseTypeSchema } from './oauth-response-type.js'\nimport { oauthScopeSchema } from './oauth-scope.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7591}\n * @note we do not enforce https: scheme in URIs to support development\n * environments. Make sure to validate the URIs before using it in a production\n * environment.\n */\nexport const oauthClientMetadataSchema = z.object({\n  /**\n   * @note redirect_uris require additional validation\n   */\n  // https://www.rfc-editor.org/rfc/rfc7591.html#section-2\n  redirect_uris: z.array(oauthRedirectUriSchema).nonempty(),\n  response_types: z\n    .array(oauthResponseTypeSchema)\n    .nonempty()\n    // > If omitted, the default is that the client will use only the \"code\"\n    // > response type.\n    .default(['code']),\n  grant_types: z\n    .array(oauthGrantTypeSchema)\n    .nonempty()\n    // > If omitted, the default behavior is that the client will use only the\n    // > \"authorization_code\" Grant Type.\n    .default(['authorization_code']),\n  scope: oauthScopeSchema.optional(),\n  // https://www.rfc-editor.org/rfc/rfc7591.html#section-2\n  token_endpoint_auth_method: oauthEndpointAuthMethod\n    // > If unspecified or omitted, the default is \"client_secret_basic\" [...].\n    .default('client_secret_basic'),\n  token_endpoint_auth_signing_alg: z.string().optional(),\n  userinfo_signed_response_alg: z.string().optional(),\n  userinfo_encrypted_response_alg: z.string().optional(),\n  jwks_uri: webUriSchema.optional(),\n  jwks: jwksPubSchema.optional(),\n  application_type: z.enum(['web', 'native']).default('web'), // default, per spec, is \"web\"\n  subject_type: z.enum(['public', 'pairwise']).default('public'),\n  request_object_signing_alg: z.string().optional(),\n  id_token_signed_response_alg: z.string().optional(),\n  authorization_signed_response_alg: z.string().default('RS256'),\n  authorization_encrypted_response_enc: z.enum(['A128CBC-HS256']).optional(),\n  authorization_encrypted_response_alg: z.string().optional(),\n  client_id: oauthClientIdSchema.optional(),\n  client_name: z.string().optional(),\n  client_uri: webUriSchema.optional(),\n  policy_uri: webUriSchema.optional(),\n  tos_uri: webUriSchema.optional(),\n  logo_uri: webUriSchema.optional(), // @TODO: allow data: uri ?\n\n  /**\n   * Default Maximum Authentication Age. Specifies that the End-User MUST be\n   * actively authenticated if the End-User was authenticated longer ago than\n   * the specified number of seconds. The max_age request parameter overrides\n   * this default value. If omitted, no default Maximum Authentication Age is\n   * specified.\n   */\n  default_max_age: z.number().optional(),\n  require_auth_time: z.boolean().optional(),\n  contacts: z.array(z.string().email()).optional(),\n  tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9449#section-5.2\n  dpop_bound_access_tokens: z.boolean().optional(),\n\n  // https://datatracker.ietf.org/doc/html/rfc9396#section-14.5\n  authorization_details_types: z.array(z.string()).optional(),\n})\n\nexport type OAuthClientMetadata = z.infer<typeof oauthClientMetadataSchema>\nexport type OAuthClientMetadataInput = z.input<typeof oauthClientMetadataSchema>\n"]}

package/dist/oauth-code-challenge-method.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthCodeChallengeMethodSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthCodeChallengeMethodSchema = zod_1.z.enum(['S256', 'plain']);
+import { z } from 'zod';
+export const oauthCodeChallengeMethodSchema = z.enum(['S256', 'plain']);
 //# sourceMappingURL=oauth-code-challenge-method.js.map

package/dist/oauth-code-challenge-method.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-code-challenge-method.js","sourceRoot":"","sources":["../src/oauth-code-challenge-method.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,8BAA8B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthCodeChallengeMethodSchema = z.enum(['S256', 'plain'])\n"]}
+{"version":3,"file":"oauth-code-challenge-method.js","sourceRoot":"","sources":["../src/oauth-code-challenge-method.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthCodeChallengeMethodSchema = z.enum(['S256', 'plain'])\n"]}

package/dist/oauth-endpoint-auth-method.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthEndpointAuthMethod = void 0;
-const zod_1 = require("zod");
-exports.oauthEndpointAuthMethod = zod_1.z.enum([
+import { z } from 'zod';
+export const oauthEndpointAuthMethod = z.enum([
     'client_secret_basic',
     'client_secret_jwt',
     'client_secret_post',

package/dist/oauth-endpoint-auth-method.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-endpoint-auth-method.js","sourceRoot":"","sources":["../src/oauth-endpoint-auth-method.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,qBAAqB;IACrB,mBAAmB;IACnB,oBAAoB;IACpB,MAAM;IACN,iBAAiB;IACjB,6BAA6B;IAC7B,iBAAiB;CAClB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthEndpointAuthMethod = z.enum([\n  'client_secret_basic',\n  'client_secret_jwt',\n  'client_secret_post',\n  'none',\n  'private_key_jwt',\n  'self_signed_tls_client_auth',\n  'tls_client_auth',\n])\n\nexport type OauthEndpointAuthMethod = z.infer<typeof oauthEndpointAuthMethod>\n"]}
+{"version":3,"file":"oauth-endpoint-auth-method.js","sourceRoot":"","sources":["../src/oauth-endpoint-auth-method.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,qBAAqB;IACrB,mBAAmB;IACnB,oBAAoB;IACpB,MAAM;IACN,iBAAiB;IACjB,6BAA6B;IAC7B,iBAAiB;CAClB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthEndpointAuthMethod = z.enum([\n  'client_secret_basic',\n  'client_secret_jwt',\n  'client_secret_post',\n  'none',\n  'private_key_jwt',\n  'self_signed_tls_client_auth',\n  'tls_client_auth',\n])\n\nexport type OauthEndpointAuthMethod = z.infer<typeof oauthEndpointAuthMethod>\n"]}

package/dist/oauth-endpoint-name.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAUTH_ENDPOINT_NAMES = void 0;
-exports.OAUTH_ENDPOINT_NAMES = [
+export const OAUTH_ENDPOINT_NAMES = [
     'token',
     'revocation',
     'introspection',

package/dist/oauth-endpoint-name.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-endpoint-name.js","sourceRoot":"","sources":["../src/oauth-endpoint-name.ts"],"names":[],"mappings":";;;AAAa,QAAA,oBAAoB,GAAG;IAClC,OAAO;IACP,YAAY;IACZ,eAAe;IACf,8BAA8B;CACtB,CAAA","sourcesContent":["export const OAUTH_ENDPOINT_NAMES = [\n  'token',\n  'revocation',\n  'introspection',\n  'pushed_authorization_request',\n] as const\n\nexport type OAuthEndpointName = (typeof OAUTH_ENDPOINT_NAMES)[number]\n"]}
+{"version":3,"file":"oauth-endpoint-name.js","sourceRoot":"","sources":["../src/oauth-endpoint-name.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,OAAO;IACP,YAAY;IACZ,eAAe;IACf,8BAA8B;CACtB,CAAA","sourcesContent":["export const OAUTH_ENDPOINT_NAMES = [\n  'token',\n  'revocation',\n  'introspection',\n  'pushed_authorization_request',\n] as const\n\nexport type OAuthEndpointName = (typeof OAUTH_ENDPOINT_NAMES)[number]\n"]}

package/dist/oauth-grant-type.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthGrantTypeSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthGrantTypeSchema = zod_1.z.enum([
+import { z } from 'zod';
+export const oauthGrantTypeSchema = z.enum([
     'authorization_code',
     'implicit',
     'refresh_token',

package/dist/oauth-grant-type.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-grant-type.js","sourceRoot":"","sources":["../src/oauth-grant-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC;IACzC,oBAAoB;IACpB,UAAU;IACV,eAAe;IACf,UAAU,EAAE,wBAAwB;IACpC,oBAAoB;IACpB,6CAA6C;IAC7C,+CAA+C;CAChD,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthGrantTypeSchema = z.enum([\n  'authorization_code',\n  'implicit',\n  'refresh_token',\n  'password', // Not part of OAuth 2.1\n  'client_credentials',\n  'urn:ietf:params:oauth:grant-type:jwt-bearer',\n  'urn:ietf:params:oauth:grant-type:saml2-bearer',\n])\n\nexport type OAuthGrantType = z.infer<typeof oauthGrantTypeSchema>\n"]}
+{"version":3,"file":"oauth-grant-type.js","sourceRoot":"","sources":["../src/oauth-grant-type.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,IAAI,CAAC;IACzC,oBAAoB;IACpB,UAAU;IACV,eAAe;IACf,UAAU,EAAE,wBAAwB;IACpC,oBAAoB;IACpB,6CAA6C;IAC7C,+CAA+C;CAChD,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthGrantTypeSchema = z.enum([\n  'authorization_code',\n  'implicit',\n  'refresh_token',\n  'password', // Not part of OAuth 2.1\n  'client_credentials',\n  'urn:ietf:params:oauth:grant-type:jwt-bearer',\n  'urn:ietf:params:oauth:grant-type:saml2-bearer',\n])\n\nexport type OAuthGrantType = z.infer<typeof oauthGrantTypeSchema>\n"]}

package/dist/oauth-introspection-response.js

@@ -1,3 +1,2 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
+export {};
 //# sourceMappingURL=oauth-introspection-response.js.map