@atproto/oauth-types 0.6.3 → 0.7.0

package/dist/oauth-issuer-identifier.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthIssuerIdentifierSchema = void 0;
-const zod_1 = require("zod");
-const uri_js_1 = require("./uri.js");
-exports.oauthIssuerIdentifierSchema = uri_js_1.webUriSchema.superRefine((value, ctx) => {
+import { z } from 'zod';
+import { webUriSchema } from './uri.js';
+export const oauthIssuerIdentifierSchema = webUriSchema.superRefine((value, ctx) => {
     // Validate the issuer (MIX-UP attacks)
     if (value.endsWith('/')) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'Issuer URL must not end with a slash',
         });
         return false;
@@ -15,14 +12,14 @@ exports.oauthIssuerIdentifierSchema = uri_js_1.webUriSchema.superRefine((value,
     const url = new URL(value);
     if (url.username || url.password) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'Issuer URL must not contain a username or password',
         });
         return false;
     }
     if (url.hash || url.search) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'Issuer URL must not contain a query or fragment',
         });
         return false;
@@ -30,7 +27,7 @@ exports.oauthIssuerIdentifierSchema = uri_js_1.webUriSchema.superRefine((value,
     const canonicalValue = url.pathname === '/' ? url.origin : url.href;
     if (value !== canonicalValue) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: 'Issuer URL must be in the canonical form',
         });
         return false;

package/dist/oauth-issuer-identifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-issuer-identifier.js","sourceRoot":"","sources":["../src/oauth-issuer-identifier.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qCAAuC;AAE1B,QAAA,2BAA2B,GAAG,qBAAY,CAAC,WAAW,CACjE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IACb,uCAAuC;IAEvC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAA;IACnE,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;QAC7B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { z } from 'zod'\nimport { webUriSchema } from './uri.js'\n\nexport const oauthIssuerIdentifierSchema = webUriSchema.superRefine(\n  (value, ctx) => {\n    // Validate the issuer (MIX-UP attacks)\n\n    if (value.endsWith('/')) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must not end with a slash',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    if (url.username || url.password) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must not contain a username or password',\n      })\n      return false\n    }\n\n    if (url.hash || url.search) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must not contain a query or fragment',\n      })\n      return false\n    }\n\n    const canonicalValue = url.pathname === '/' ? url.origin : url.href\n    if (value !== canonicalValue) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must be in the canonical form',\n      })\n      return false\n    }\n\n    return true\n  },\n)\n\nexport type OAuthIssuerIdentifier = z.infer<typeof oauthIssuerIdentifierSchema>\n"]}
+{"version":3,"file":"oauth-issuer-identifier.js","sourceRoot":"","sources":["../src/oauth-issuer-identifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEvC,MAAM,CAAC,MAAM,2BAA2B,GAAG,YAAY,CAAC,WAAW,CACjE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IACb,uCAAuC;IAEvC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAA;IACnE,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;QAC7B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { z } from 'zod'\nimport { webUriSchema } from './uri.js'\n\nexport const oauthIssuerIdentifierSchema = webUriSchema.superRefine(\n  (value, ctx) => {\n    // Validate the issuer (MIX-UP attacks)\n\n    if (value.endsWith('/')) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must not end with a slash',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    if (url.username || url.password) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must not contain a username or password',\n      })\n      return false\n    }\n\n    if (url.hash || url.search) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must not contain a query or fragment',\n      })\n      return false\n    }\n\n    const canonicalValue = url.pathname === '/' ? url.origin : url.href\n    if (value !== canonicalValue) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Issuer URL must be in the canonical form',\n      })\n      return false\n    }\n\n    return true\n  },\n)\n\nexport type OAuthIssuerIdentifier = z.infer<typeof oauthIssuerIdentifierSchema>\n"]}

package/dist/oauth-par-response.js

@@ -1,9 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthParResponseSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthParResponseSchema = zod_1.z.object({
-    request_uri: zod_1.z.string(),
-    expires_in: zod_1.z.number().int().positive(),
+import { z } from 'zod';
+export const oauthParResponseSchema = z.object({
+    request_uri: z.string(),
+    expires_in: z.number().int().positive(),
 });
 //# sourceMappingURL=oauth-par-response.js.map

package/dist/oauth-par-response.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-par-response.js","sourceRoot":"","sources":["../src/oauth-par-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthParResponseSchema = z.object({\n  request_uri: z.string(),\n  expires_in: z.number().int().positive(),\n})\n\nexport type OAuthParResponse = z.infer<typeof oauthParResponseSchema>\n"]}
+{"version":3,"file":"oauth-par-response.js","sourceRoot":"","sources":["../src/oauth-par-response.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthParResponseSchema = z.object({\n  request_uri: z.string(),\n  expires_in: z.number().int().positive(),\n})\n\nexport type OAuthParResponse = z.infer<typeof oauthParResponseSchema>\n"]}

package/dist/oauth-password-grant-token-request.js

@@ -1,10 +1,7 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthPasswordGrantTokenRequestSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthPasswordGrantTokenRequestSchema = zod_1.z.object({
-    grant_type: zod_1.z.literal('password'),
-    username: zod_1.z.string(),
-    password: zod_1.z.string(),
+import { z } from 'zod';
+export const oauthPasswordGrantTokenRequestSchema = z.object({
+    grant_type: z.literal('password'),
+    username: z.string(),
+    password: z.string(),
 });
 //# sourceMappingURL=oauth-password-grant-token-request.js.map

package/dist/oauth-password-grant-token-request.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-password-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-password-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IACjC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthPasswordGrantTokenRequestSchema = z.object({\n  grant_type: z.literal('password'),\n  username: z.string(),\n  password: z.string(),\n})\n\nexport type OAuthPasswordGrantTokenRequest = z.infer<\n  typeof oauthPasswordGrantTokenRequestSchema\n>\n"]}
+{"version":3,"file":"oauth-password-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-password-grant-token-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3D,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthPasswordGrantTokenRequestSchema = z.object({\n  grant_type: z.literal('password'),\n  username: z.string(),\n  password: z.string(),\n})\n\nexport type OAuthPasswordGrantTokenRequest = z.infer<\n  typeof oauthPasswordGrantTokenRequestSchema\n>\n"]}

package/dist/oauth-prompt-mode.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthPromptModeSchema = void 0;
-const zod_1 = require("zod");
+import { z } from 'zod';
 /**
  * - "none" will only be allowed if the user already allowed the client on the same device
  * - "login" will force the user to login again, unless he very recently logged in
@@ -9,7 +6,7 @@ const zod_1 = require("zod");
  * - "select_account" will force the user to select an account
  * - "create" will force the user registration screen
  */
-exports.oauthPromptModeSchema = zod_1.z.enum([
+export const oauthPromptModeSchema = z.enum([
     'none',
     'login',
     'consent',

package/dist/oauth-prompt-mode.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-prompt-mode.js","sourceRoot":"","sources":["../src/oauth-prompt-mode.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;;;;;GAMG;AACU,QAAA,qBAAqB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC1C,MAAM;IACN,OAAO;IACP,SAAS;IACT,gBAAgB;IAChB,QAAQ;CACT,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * - \"none\" will only be allowed if the user already allowed the client on the same device\n * - \"login\" will force the user to login again, unless he very recently logged in\n * - \"consent\" will force the user to consent again\n * - \"select_account\" will force the user to select an account\n * - \"create\" will force the user registration screen\n */\nexport const oauthPromptModeSchema = z.enum([\n  'none',\n  'login',\n  'consent',\n  'select_account',\n  'create',\n])\n\nexport type OAuthPromptMode = z.infer<typeof oauthPromptModeSchema>\n"]}
+{"version":3,"file":"oauth-prompt-mode.js","sourceRoot":"","sources":["../src/oauth-prompt-mode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC1C,MAAM;IACN,OAAO;IACP,SAAS;IACT,gBAAgB;IAChB,QAAQ;CACT,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * - \"none\" will only be allowed if the user already allowed the client on the same device\n * - \"login\" will force the user to login again, unless he very recently logged in\n * - \"consent\" will force the user to consent again\n * - \"select_account\" will force the user to select an account\n * - \"create\" will force the user registration screen\n */\nexport const oauthPromptModeSchema = z.enum([\n  'none',\n  'login',\n  'consent',\n  'select_account',\n  'create',\n])\n\nexport type OAuthPromptMode = z.infer<typeof oauthPromptModeSchema>\n"]}

package/dist/oauth-protected-resource-metadata.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthProtectedResourceMetadataSchema = void 0;
-const zod_1 = require("zod");
-const oauth_issuer_identifier_js_1 = require("./oauth-issuer-identifier.js");
-const uri_js_1 = require("./uri.js");
+import { z } from 'zod';
+import { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js';
+import { webUriSchema } from './uri.js';
 /**
  * @see {@link https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2}
  */
-exports.oauthProtectedResourceMetadataSchema = zod_1.z.object({
+export const oauthProtectedResourceMetadataSchema = z.object({
     /**
      * REQUIRED. The protected resource's resource identifier, which is a URL that
      * uses the https scheme and has no query or fragment components. Using these
@@ -16,7 +13,7 @@ exports.oauthProtectedResourceMetadataSchema = zod_1.z.object({
      * @note This schema allows non https URLs for testing & development purposes.
      * Make sure to validate the URL before using it in a production environment.
      */
-    resource: uri_js_1.webUriSchema
+    resource: webUriSchema
         .refine((url) => !url.includes('?'), {
         message: 'Resource URL must not contain query parameters',
     })
@@ -31,7 +28,7 @@ exports.oauthProtectedResourceMetadataSchema = zod_1.z.object({
      * used. In some use cases, the set of authorization servers will not be
      * enumerable, in which case this metadata parameter would not be used.
      */
-    authorization_servers: zod_1.z.array(oauth_issuer_identifier_js_1.oauthIssuerIdentifierSchema).optional(),
+    authorization_servers: z.array(oauthIssuerIdentifierSchema).optional(),
     /**
      * OPTIONAL. URL of the protected resource's JWK Set [JWK] document. This
      * contains public keys belonging to the protected resource, such as signing
@@ -40,22 +37,22 @@ exports.oauthProtectedResourceMetadataSchema = zod_1.z.object({
      * available, a use (public key use) parameter value is REQUIRED for all keys
      * in the referenced JWK Set to indicate each key's intended usage.
      */
-    jwks_uri: uri_js_1.webUriSchema.optional(),
+    jwks_uri: webUriSchema.optional(),
     /**
      * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope
      * values that are used in authorization requests to request access to this
      * protected resource. Protected resources MAY choose not to advertise some
      * scope values supported even when this parameter is used.
      */
-    scopes_supported: zod_1.z.array(zod_1.z.string()).optional(),
+    scopes_supported: z.array(z.string()).optional(),
     /**
      * OPTIONAL. JSON array containing a list of the supported methods of sending
      * an OAuth 2.0 Bearer Token [RFC6750] to the protected resource. Defined
      * values are ["header", "body", "query"], corresponding to Sections 2.1, 2.2,
      * and 2.3 of RFC 6750.
      */
-    bearer_methods_supported: zod_1.z
-        .array(zod_1.z.enum(['header', 'body', 'query']))
+    bearer_methods_supported: z
+        .array(z.enum(['header', 'body', 'query']))
         .optional(),
     /**
      * OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms
@@ -64,22 +61,22 @@ exports.oauthProtectedResourceMetadataSchema = zod_1.z.object({
      * algorithms are implied if this entry is omitted. The value none MUST NOT be
      * used.
      */
-    resource_signing_alg_values_supported: zod_1.z.array(zod_1.z.string()).optional(),
+    resource_signing_alg_values_supported: z.array(z.string()).optional(),
     /**
      * OPTIONAL. URL of a page containing human-readable information that
      * developers might want or need to know when using the protected resource
      */
-    resource_documentation: uri_js_1.webUriSchema.optional(),
+    resource_documentation: webUriSchema.optional(),
     /**
      * OPTIONAL. URL that the protected resource provides to read about the
      * protected resource's requirements on how the client can use the data
      * provided by the protected resource
      */
-    resource_policy_uri: uri_js_1.webUriSchema.optional(),
+    resource_policy_uri: webUriSchema.optional(),
     /**
      * OPTIONAL. URL that the protected resource provides to read about the
      * protected resource's terms of service
      */
-    resource_tos_uri: uri_js_1.webUriSchema.optional(),
+    resource_tos_uri: webUriSchema.optional(),
 });
 //# sourceMappingURL=oauth-protected-resource-metadata.js.map

package/dist/oauth-protected-resource-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-protected-resource-metadata.js","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,6EAA0E;AAC1E,qCAAuC;AAEvC;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D;;;;;;;OAOG;IACH,QAAQ,EAAE,qBAAY;SACnB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,gDAAgD;KAC1D,CAAC;SACD,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,0CAA0C;KACpD,CAAC;IAEJ;;;;;;;OAOG;IACH,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,wDAA2B,CAAC,CAAC,QAAQ,EAAE;IAEtE;;;;;;;OAOG;IACH,QAAQ,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAEjC;;;;;OAKG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEhD;;;;;OAKG;IACH,wBAAwB,EAAE,OAAC;SACxB,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;SAC1C,QAAQ,EAAE;IAEb;;;;;;OAMG;IACH,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAErE;;;OAGG;IACH,sBAAsB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE/C;;;;OAIG;IACH,mBAAmB,EAAE,qBAAY,CAAC,QAAQ,EAAE;IAE5C;;;OAGG;IACH,gBAAgB,EAAE,qBAAY,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2}\n */\nexport const oauthProtectedResourceMetadataSchema = z.object({\n  /**\n   * REQUIRED. The protected resource's resource identifier, which is a URL that\n   * uses the https scheme and has no query or fragment components. Using these\n   * well-known resources is described in Section 3.\n   *\n   * @note This schema allows non https URLs for testing & development purposes.\n   * Make sure to validate the URL before using it in a production environment.\n   */\n  resource: webUriSchema\n    .refine((url) => !url.includes('?'), {\n      message: 'Resource URL must not contain query parameters',\n    })\n    .refine((url) => !url.includes('#'), {\n      message: 'Resource URL must not contain a fragment',\n    }),\n\n  /**\n   * OPTIONAL. JSON array containing a list of OAuth authorization server issuer\n   * identifiers, as defined in [RFC8414], for authorization servers that can be\n   * used with this protected resource. Protected resources MAY choose not to\n   * advertise some supported authorization servers even when this parameter is\n   * used. In some use cases, the set of authorization servers will not be\n   * enumerable, in which case this metadata parameter would not be used.\n   */\n  authorization_servers: z.array(oauthIssuerIdentifierSchema).optional(),\n\n  /**\n   * OPTIONAL. URL of the protected resource's JWK Set [JWK] document. This\n   * contains public keys belonging to the protected resource, such as signing\n   * key(s) that the resource server uses to sign resource responses. This URL\n   * MUST use the https scheme. When both signing and encryption keys are made\n   * available, a use (public key use) parameter value is REQUIRED for all keys\n   * in the referenced JWK Set to indicate each key's intended usage.\n   */\n  jwks_uri: webUriSchema.optional(),\n\n  /**\n   * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope\n   * values that are used in authorization requests to request access to this\n   * protected resource. Protected resources MAY choose not to advertise some\n   * scope values supported even when this parameter is used.\n   */\n  scopes_supported: z.array(z.string()).optional(),\n\n  /**\n   * OPTIONAL. JSON array containing a list of the supported methods of sending\n   * an OAuth 2.0 Bearer Token [RFC6750] to the protected resource. Defined\n   * values are [\"header\", \"body\", \"query\"], corresponding to Sections 2.1, 2.2,\n   * and 2.3 of RFC 6750.\n   */\n  bearer_methods_supported: z\n    .array(z.enum(['header', 'body', 'query']))\n    .optional(),\n\n  /**\n   * OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms\n   * (alg values) [JWA] supported by the protected resource for signing resource\n   * responses, for instance, as described in [FAPI.MessageSigning]. No default\n   * algorithms are implied if this entry is omitted. The value none MUST NOT be\n   * used.\n   */\n  resource_signing_alg_values_supported: z.array(z.string()).optional(),\n\n  /**\n   * OPTIONAL. URL of a page containing human-readable information that\n   * developers might want or need to know when using the protected resource\n   */\n  resource_documentation: webUriSchema.optional(),\n\n  /**\n   * OPTIONAL. URL that the protected resource provides to read about the\n   * protected resource's requirements on how the client can use the data\n   * provided by the protected resource\n   */\n  resource_policy_uri: webUriSchema.optional(),\n\n  /**\n   * OPTIONAL. URL that the protected resource provides to read about the\n   * protected resource's terms of service\n   */\n  resource_tos_uri: webUriSchema.optional(),\n})\n\nexport type OAuthProtectedResourceMetadata = z.infer<\n  typeof oauthProtectedResourceMetadataSchema\n>\n"]}
+{"version":3,"file":"oauth-protected-resource-metadata.js","sourceRoot":"","sources":["../src/oauth-protected-resource-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAA;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEvC;;GAEG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3D;;;;;;;OAOG;IACH,QAAQ,EAAE,YAAY;SACnB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,gDAAgD;KAC1D,CAAC;SACD,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACnC,OAAO,EAAE,0CAA0C;KACpD,CAAC;IAEJ;;;;;;;OAOG;IACH,qBAAqB,EAAE,CAAC,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,QAAQ,EAAE;IAEtE;;;;;;;OAOG;IACH,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE;IAEjC;;;;;OAKG;IACH,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEhD;;;;;OAKG;IACH,wBAAwB,EAAE,CAAC;SACxB,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;SAC1C,QAAQ,EAAE;IAEb;;;;;;OAMG;IACH,qCAAqC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAErE;;;OAGG;IACH,sBAAsB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAE/C;;;;OAIG;IACH,mBAAmB,EAAE,YAAY,CAAC,QAAQ,EAAE;IAE5C;;;OAGG;IACH,gBAAgB,EAAE,YAAY,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthIssuerIdentifierSchema } from './oauth-issuer-identifier.js'\nimport { webUriSchema } from './uri.js'\n\n/**\n * @see {@link https://www.rfc-editor.org/rfc/rfc9728.html#section-3.2}\n */\nexport const oauthProtectedResourceMetadataSchema = z.object({\n  /**\n   * REQUIRED. The protected resource's resource identifier, which is a URL that\n   * uses the https scheme and has no query or fragment components. Using these\n   * well-known resources is described in Section 3.\n   *\n   * @note This schema allows non https URLs for testing & development purposes.\n   * Make sure to validate the URL before using it in a production environment.\n   */\n  resource: webUriSchema\n    .refine((url) => !url.includes('?'), {\n      message: 'Resource URL must not contain query parameters',\n    })\n    .refine((url) => !url.includes('#'), {\n      message: 'Resource URL must not contain a fragment',\n    }),\n\n  /**\n   * OPTIONAL. JSON array containing a list of OAuth authorization server issuer\n   * identifiers, as defined in [RFC8414], for authorization servers that can be\n   * used with this protected resource. Protected resources MAY choose not to\n   * advertise some supported authorization servers even when this parameter is\n   * used. In some use cases, the set of authorization servers will not be\n   * enumerable, in which case this metadata parameter would not be used.\n   */\n  authorization_servers: z.array(oauthIssuerIdentifierSchema).optional(),\n\n  /**\n   * OPTIONAL. URL of the protected resource's JWK Set [JWK] document. This\n   * contains public keys belonging to the protected resource, such as signing\n   * key(s) that the resource server uses to sign resource responses. This URL\n   * MUST use the https scheme. When both signing and encryption keys are made\n   * available, a use (public key use) parameter value is REQUIRED for all keys\n   * in the referenced JWK Set to indicate each key's intended usage.\n   */\n  jwks_uri: webUriSchema.optional(),\n\n  /**\n   * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope\n   * values that are used in authorization requests to request access to this\n   * protected resource. Protected resources MAY choose not to advertise some\n   * scope values supported even when this parameter is used.\n   */\n  scopes_supported: z.array(z.string()).optional(),\n\n  /**\n   * OPTIONAL. JSON array containing a list of the supported methods of sending\n   * an OAuth 2.0 Bearer Token [RFC6750] to the protected resource. Defined\n   * values are [\"header\", \"body\", \"query\"], corresponding to Sections 2.1, 2.2,\n   * and 2.3 of RFC 6750.\n   */\n  bearer_methods_supported: z\n    .array(z.enum(['header', 'body', 'query']))\n    .optional(),\n\n  /**\n   * OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms\n   * (alg values) [JWA] supported by the protected resource for signing resource\n   * responses, for instance, as described in [FAPI.MessageSigning]. No default\n   * algorithms are implied if this entry is omitted. The value none MUST NOT be\n   * used.\n   */\n  resource_signing_alg_values_supported: z.array(z.string()).optional(),\n\n  /**\n   * OPTIONAL. URL of a page containing human-readable information that\n   * developers might want or need to know when using the protected resource\n   */\n  resource_documentation: webUriSchema.optional(),\n\n  /**\n   * OPTIONAL. URL that the protected resource provides to read about the\n   * protected resource's requirements on how the client can use the data\n   * provided by the protected resource\n   */\n  resource_policy_uri: webUriSchema.optional(),\n\n  /**\n   * OPTIONAL. URL that the protected resource provides to read about the\n   * protected resource's terms of service\n   */\n  resource_tos_uri: webUriSchema.optional(),\n})\n\nexport type OAuthProtectedResourceMetadata = z.infer<\n  typeof oauthProtectedResourceMetadataSchema\n>\n"]}

package/dist/oauth-redirect-uri.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthRedirectUriSchema = exports.oauthLoopbackClientRedirectUriSchema = exports.loopbackRedirectURISchema = void 0;
-const zod_1 = require("zod");
-const uri_js_1 = require("./uri.js");
+import { ZodIssueCode, z } from 'zod';
+import { httpsUriSchema, loopbackUriSchema, privateUseUriSchema, } from './uri.js';
 /**
  * This is a {@link loopbackUriSchema} with the additional restriction that
  * the hostname `localhost` is not allowed.
@@ -17,41 +14,41 @@ const uri_js_1 = require("./uri.js");
  * > than the loopback interface.  It is also less susceptible to client-side
  * > firewalls and misconfigured host name resolution on the user's device.
  */
-exports.loopbackRedirectURISchema = uri_js_1.loopbackUriSchema.superRefine((value, ctx) => {
+export const loopbackRedirectURISchema = loopbackUriSchema.superRefine((value, ctx) => {
     if (value.startsWith('http://localhost')) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'Use of "localhost" hostname is not allowed (RFC 8252), use a loopback IP such as "127.0.0.1" instead',
         });
         return false;
     }
     return true;
 });
-exports.oauthLoopbackClientRedirectUriSchema = exports.loopbackRedirectURISchema;
-exports.oauthRedirectUriSchema = zod_1.z
+export const oauthLoopbackClientRedirectUriSchema = loopbackRedirectURISchema;
+export const oauthRedirectUriSchema = z
     .string()
     .superRefine((value, ctx) => {
     if (value.startsWith('https:')) {
-        const result = uri_js_1.httpsUriSchema.safeParse(value);
+        const result = httpsUriSchema.safeParse(value);
         if (!result.success)
             result.error.issues.forEach(ctx.addIssue, ctx);
         return result.success;
     }
     else if (value.startsWith('http:')) {
-        const result = exports.loopbackRedirectURISchema.safeParse(value);
+        const result = loopbackRedirectURISchema.safeParse(value);
         if (!result.success)
             result.error.issues.forEach(ctx.addIssue, ctx);
         return result.success;
     }
     else if (/^[^.:]+(?:\.[^.:]+)+:/.test(value)) {
-        const result = uri_js_1.privateUseUriSchema.safeParse(value);
+        const result = privateUseUriSchema.safeParse(value);
         if (!result.success)
             result.error.issues.forEach(ctx.addIssue, ctx);
         return result.success;
     }
     else {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'URL must use the "https:" or "http:" protocol, or a private-use URI scheme (RFC 8252)',
         });
         return false;

package/dist/oauth-redirect-uri.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-redirect-uri.js","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,qCAOiB;AAEjB;;;;;;;;;;;;;GAaG;AACU,QAAA,yBAAyB,GAAG,0BAAiB,CAAC,WAAW,CACpE,CAAC,KAAK,EAAE,GAAG,EAA8D,EAAE;IACzE,IAAI,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,sGAAsG;SACzG,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAGY,QAAA,oCAAoC,GAAG,iCAAyB,CAAA;AAKhE,QAAA,sBAAsB,GAAG,OAAC;KACpC,MAAM,EAAE;KACR,WAAW,CACV,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,uBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,iCAAyB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,4BAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACnD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,uFAAuF;SAC1F,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n  HttpsUri,\n  LoopbackUri,\n  PrivateUseUri,\n  httpsUriSchema,\n  loopbackUriSchema,\n  privateUseUriSchema,\n} from './uri.js'\n\n/**\n * This is a {@link loopbackUriSchema} with the additional restriction that\n * the hostname `localhost` is not allowed.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 Loopback Redirect Considerations} RFC8252\n *\n * > While redirect URIs using localhost (i.e.,\n * > \"http://localhost:{port}/{path}\") function similarly to loopback IP\n * > redirects described in Section 7.3, the use of localhost is NOT\n * > RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather\n * > than localhost avoids inadvertently listening on network interfaces other\n * > than the loopback interface.  It is also less susceptible to client-side\n * > firewalls and misconfigured host name resolution on the user's device.\n */\nexport const loopbackRedirectURISchema = loopbackUriSchema.superRefine(\n  (value, ctx): value is Exclude<LoopbackUri, `http://localhost${string}`> => {\n    if (value.startsWith('http://localhost')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message:\n          'Use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead',\n      })\n      return false\n    }\n\n    return true\n  },\n)\nexport type LoopbackRedirectURI = TypeOf<typeof loopbackRedirectURISchema>\n\nexport const oauthLoopbackClientRedirectUriSchema = loopbackRedirectURISchema\nexport type OAuthLoopbackRedirectURI = TypeOf<\n  typeof oauthLoopbackClientRedirectUriSchema\n>\n\nexport const oauthRedirectUriSchema = z\n  .string()\n  .superRefine(\n    (value, ctx): value is HttpsUri | LoopbackRedirectURI | PrivateUseUri => {\n      if (value.startsWith('https:')) {\n        const result = httpsUriSchema.safeParse(value)\n        if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n        return result.success\n      } else if (value.startsWith('http:')) {\n        const result = loopbackRedirectURISchema.safeParse(value)\n        if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n        return result.success\n      } else if (/^[^.:]+(?:\\.[^.:]+)+:/.test(value)) {\n        const result = privateUseUriSchema.safeParse(value)\n        if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n        return result.success\n      } else {\n        ctx.addIssue({\n          code: ZodIssueCode.custom,\n          message:\n            'URL must use the \"https:\" or \"http:\" protocol, or a private-use URI scheme (RFC 8252)',\n        })\n        return false\n      }\n    },\n  )\n\nexport type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>\n"]}
+{"version":3,"file":"oauth-redirect-uri.js","sourceRoot":"","sources":["../src/oauth-redirect-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,YAAY,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAC7C,OAAO,EAIL,cAAc,EACd,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,UAAU,CAAA;AAEjB;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,iBAAiB,CAAC,WAAW,CACpE,CAAC,KAAK,EAAE,GAAG,EAA8D,EAAE;IACzE,IAAI,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EACL,sGAAsG;SACzG,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAGD,MAAM,CAAC,MAAM,oCAAoC,GAAG,yBAAyB,CAAA;AAK7E,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC;KACpC,MAAM,EAAE;KACR,WAAW,CACV,CAAC,KAAK,EAAE,GAAG,EAA2D,EAAE;IACtE,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,yBAAyB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACnD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EACL,uFAAuF;SAC1F,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n  HttpsUri,\n  LoopbackUri,\n  PrivateUseUri,\n  httpsUriSchema,\n  loopbackUriSchema,\n  privateUseUriSchema,\n} from './uri.js'\n\n/**\n * This is a {@link loopbackUriSchema} with the additional restriction that\n * the hostname `localhost` is not allowed.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.3 Loopback Redirect Considerations} RFC8252\n *\n * > While redirect URIs using localhost (i.e.,\n * > \"http://localhost:{port}/{path}\") function similarly to loopback IP\n * > redirects described in Section 7.3, the use of localhost is NOT\n * > RECOMMENDED. Specifying a redirect URI with the loopback IP literal rather\n * > than localhost avoids inadvertently listening on network interfaces other\n * > than the loopback interface.  It is also less susceptible to client-side\n * > firewalls and misconfigured host name resolution on the user's device.\n */\nexport const loopbackRedirectURISchema = loopbackUriSchema.superRefine(\n  (value, ctx): value is Exclude<LoopbackUri, `http://localhost${string}`> => {\n    if (value.startsWith('http://localhost')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message:\n          'Use of \"localhost\" hostname is not allowed (RFC 8252), use a loopback IP such as \"127.0.0.1\" instead',\n      })\n      return false\n    }\n\n    return true\n  },\n)\nexport type LoopbackRedirectURI = TypeOf<typeof loopbackRedirectURISchema>\n\nexport const oauthLoopbackClientRedirectUriSchema = loopbackRedirectURISchema\nexport type OAuthLoopbackRedirectURI = TypeOf<\n  typeof oauthLoopbackClientRedirectUriSchema\n>\n\nexport const oauthRedirectUriSchema = z\n  .string()\n  .superRefine(\n    (value, ctx): value is HttpsUri | LoopbackRedirectURI | PrivateUseUri => {\n      if (value.startsWith('https:')) {\n        const result = httpsUriSchema.safeParse(value)\n        if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n        return result.success\n      } else if (value.startsWith('http:')) {\n        const result = loopbackRedirectURISchema.safeParse(value)\n        if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n        return result.success\n      } else if (/^[^.:]+(?:\\.[^.:]+)+:/.test(value)) {\n        const result = privateUseUriSchema.safeParse(value)\n        if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n        return result.success\n      } else {\n        ctx.addIssue({\n          code: ZodIssueCode.custom,\n          message:\n            'URL must use the \"https:\" or \"http:\" protocol, or a private-use URI scheme (RFC 8252)',\n        })\n        return false\n      }\n    },\n  )\n\nexport type OAuthRedirectUri = TypeOf<typeof oauthRedirectUriSchema>\n"]}

package/dist/oauth-refresh-token-grant-token-request.js

@@ -1,10 +1,7 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthRefreshTokenGrantTokenRequestSchema = void 0;
-const zod_1 = require("zod");
-const oauth_refresh_token_js_1 = require("./oauth-refresh-token.js");
-exports.oauthRefreshTokenGrantTokenRequestSchema = zod_1.z.object({
-    grant_type: zod_1.z.literal('refresh_token'),
-    refresh_token: oauth_refresh_token_js_1.oauthRefreshTokenSchema,
+import { z } from 'zod';
+import { oauthRefreshTokenSchema } from './oauth-refresh-token.js';
+export const oauthRefreshTokenGrantTokenRequestSchema = z.object({
+    grant_type: z.literal('refresh_token'),
+    refresh_token: oauthRefreshTokenSchema,
 });
 //# sourceMappingURL=oauth-refresh-token-grant-token-request.js.map

package/dist/oauth-refresh-token-grant-token-request.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-refresh-token-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-refresh-token-grant-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qEAAkE;AAErD,QAAA,wCAAwC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/D,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,aAAa,EAAE,gDAAuB;CACvC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthRefreshTokenSchema } from './oauth-refresh-token.js'\n\nexport const oauthRefreshTokenGrantTokenRequestSchema = z.object({\n  grant_type: z.literal('refresh_token'),\n  refresh_token: oauthRefreshTokenSchema,\n})\n\nexport type OAuthRefreshTokenGrantTokenRequest = z.infer<\n  typeof oauthRefreshTokenGrantTokenRequestSchema\n>\n"]}
+{"version":3,"file":"oauth-refresh-token-grant-token-request.js","sourceRoot":"","sources":["../src/oauth-refresh-token-grant-token-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAElE,MAAM,CAAC,MAAM,wCAAwC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/D,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,aAAa,EAAE,uBAAuB;CACvC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthRefreshTokenSchema } from './oauth-refresh-token.js'\n\nexport const oauthRefreshTokenGrantTokenRequestSchema = z.object({\n  grant_type: z.literal('refresh_token'),\n  refresh_token: oauthRefreshTokenSchema,\n})\n\nexport type OAuthRefreshTokenGrantTokenRequest = z.infer<\n  typeof oauthRefreshTokenGrantTokenRequestSchema\n>\n"]}

package/dist/oauth-refresh-token.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthRefreshTokenSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthRefreshTokenSchema = zod_1.z.string().min(1);
+import { z } from 'zod';
+export const oauthRefreshTokenSchema = z.string().min(1);
 //# sourceMappingURL=oauth-refresh-token.js.map

package/dist/oauth-refresh-token.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-refresh-token.js","sourceRoot":"","sources":["../src/oauth-refresh-token.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthRefreshTokenSchema = z.string().min(1)\nexport type OAuthRefreshToken = z.infer<typeof oauthRefreshTokenSchema>\n"]}
+{"version":3,"file":"oauth-refresh-token.js","sourceRoot":"","sources":["../src/oauth-refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthRefreshTokenSchema = z.string().min(1)\nexport type OAuthRefreshToken = z.infer<typeof oauthRefreshTokenSchema>\n"]}

package/dist/oauth-request-uri.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthRequestUriSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthRequestUriSchema = zod_1.z.string().min(1);
+import { z } from 'zod';
+export const oauthRequestUriSchema = z.string().min(1);
 //# sourceMappingURL=oauth-request-uri.js.map

package/dist/oauth-request-uri.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-request-uri.js","sourceRoot":"","sources":["../src/oauth-request-uri.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthRequestUriSchema = z.string().min(1)\n\nexport type OAuthRequestUri = z.infer<typeof oauthRequestUriSchema>\n"]}
+{"version":3,"file":"oauth-request-uri.js","sourceRoot":"","sources":["../src/oauth-request-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthRequestUriSchema = z.string().min(1)\n\nexport type OAuthRequestUri = z.infer<typeof oauthRequestUriSchema>\n"]}

package/dist/oauth-response-mode.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthResponseModeSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthResponseModeSchema = zod_1.z.enum([
+import { z } from 'zod';
+export const oauthResponseModeSchema = z.enum([
     'query',
     'fragment',
     'form_post',

package/dist/oauth-response-mode.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-response-mode.js","sourceRoot":"","sources":["../src/oauth-response-mode.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,OAAO;IACP,UAAU;IACV,WAAW;CACZ,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthResponseModeSchema = z.enum([\n  'query',\n  'fragment',\n  'form_post',\n])\n\nexport type OAuthResponseMode = z.infer<typeof oauthResponseModeSchema>\n"]}
+{"version":3,"file":"oauth-response-mode.js","sourceRoot":"","sources":["../src/oauth-response-mode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,OAAO;IACP,UAAU;IACV,WAAW;CACZ,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthResponseModeSchema = z.enum([\n  'query',\n  'fragment',\n  'form_post',\n])\n\nexport type OAuthResponseMode = z.infer<typeof oauthResponseModeSchema>\n"]}

package/dist/oauth-response-type.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthResponseTypeSchema = void 0;
-const zod_1 = require("zod");
-exports.oauthResponseTypeSchema = zod_1.z.enum([
+import { z } from 'zod';
+export const oauthResponseTypeSchema = z.enum([
     // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
     'code', // Authorization Code Grant
     'token', // Implicit Grant

package/dist/oauth-response-type.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC5C,wFAAwF;IACxF,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,4EAA4E;IAC5E,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthResponseTypeSchema = z.enum([\n  // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)\n  'code', // Authorization Code Grant\n  'token', // Implicit Grant\n\n  // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)\n  'none',\n  'code id_token token',\n  'code id_token',\n  'code token',\n  'id_token token',\n  'id_token',\n])\n\nexport type OAuthResponseType = z.infer<typeof oauthResponseTypeSchema>\n"]}
+{"version":3,"file":"oauth-response-type.js","sourceRoot":"","sources":["../src/oauth-response-type.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,wFAAwF;IACxF,MAAM,EAAE,2BAA2B;IACnC,OAAO,EAAE,iBAAiB;IAE1B,4EAA4E;IAC5E,MAAM;IACN,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,UAAU;CACX,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oauthResponseTypeSchema = z.enum([\n  // OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)\n  'code', // Authorization Code Grant\n  'token', // Implicit Grant\n\n  // OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)\n  'none',\n  'code id_token token',\n  'code id_token',\n  'code token',\n  'id_token token',\n  'id_token',\n])\n\nexport type OAuthResponseType = z.infer<typeof oauthResponseTypeSchema>\n"]}

package/dist/oauth-scope.js

@@ -1,19 +1,15 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthScopeSchema = exports.isOAuthScope = exports.OAUTH_SCOPE_REGEXP = void 0;
-const zod_1 = require("zod");
+import { z } from 'zod';
 // scope       = scope-token *( SP scope-token )
 // scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
-exports.OAUTH_SCOPE_REGEXP = /^[\x21\x23-\x5B\x5D-\x7E]+(?: [\x21\x23-\x5B\x5D-\x7E]+)*$/;
-const isOAuthScope = (input) => exports.OAUTH_SCOPE_REGEXP.test(input);
-exports.isOAuthScope = isOAuthScope;
+export const OAUTH_SCOPE_REGEXP = /^[\x21\x23-\x5B\x5D-\x7E]+(?: [\x21\x23-\x5B\x5D-\x7E]+)*$/;
+export const isOAuthScope = (input) => OAUTH_SCOPE_REGEXP.test(input);
 /**
  * A (single) space separated list of non empty printable ASCII char string
  * (except backslash and double quote).
  *
  * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1}
  */
-exports.oauthScopeSchema = zod_1.z.string().refine(exports.isOAuthScope, {
+export const oauthScopeSchema = z.string().refine(isOAuthScope, {
     message: 'Invalid OAuth scope',
 });
 //# sourceMappingURL=oauth-scope.js.map

package/dist/oauth-scope.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-scope.js","sourceRoot":"","sources":["../src/oauth-scope.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,gDAAgD;AAChD,+CAA+C;AAClC,QAAA,kBAAkB,GAC7B,4DAA4D,CAAA;AAEvD,MAAM,YAAY,GAAG,CAAC,KAAa,EAAW,EAAE,CACrD,0BAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AADnB,QAAA,YAAY,gBACO;AAEhC;;;;;GAKG;AACU,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,oBAAY,EAAE;IAC9D,OAAO,EAAE,qBAAqB;CAC/B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n// scope       = scope-token *( SP scope-token )\n// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )\nexport const OAUTH_SCOPE_REGEXP =\n  /^[\\x21\\x23-\\x5B\\x5D-\\x7E]+(?: [\\x21\\x23-\\x5B\\x5D-\\x7E]+)*$/\n\nexport const isOAuthScope = (input: string): boolean =>\n  OAUTH_SCOPE_REGEXP.test(input)\n\n/**\n * A (single) space separated list of non empty printable ASCII char string\n * (except backslash and double quote).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1}\n */\nexport const oauthScopeSchema = z.string().refine(isOAuthScope, {\n  message: 'Invalid OAuth scope',\n})\n\nexport type OAuthScope = z.infer<typeof oauthScopeSchema>\n"]}
+{"version":3,"file":"oauth-scope.js","sourceRoot":"","sources":["../src/oauth-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,gDAAgD;AAChD,+CAA+C;AAC/C,MAAM,CAAC,MAAM,kBAAkB,GAC7B,4DAA4D,CAAA;AAE9D,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,KAAa,EAAW,EAAE,CACrD,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAEhC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE;IAC9D,OAAO,EAAE,qBAAqB;CAC/B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n// scope       = scope-token *( SP scope-token )\n// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )\nexport const OAUTH_SCOPE_REGEXP =\n  /^[\\x21\\x23-\\x5B\\x5D-\\x7E]+(?: [\\x21\\x23-\\x5B\\x5D-\\x7E]+)*$/\n\nexport const isOAuthScope = (input: string): boolean =>\n  OAUTH_SCOPE_REGEXP.test(input)\n\n/**\n * A (single) space separated list of non empty printable ASCII char string\n * (except backslash and double quote).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1}\n */\nexport const oauthScopeSchema = z.string().refine(isOAuthScope, {\n  message: 'Invalid OAuth scope',\n})\n\nexport type OAuthScope = z.infer<typeof oauthScopeSchema>\n"]}

package/dist/oauth-token-identification.js

@@ -1,11 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthTokenIdentificationSchema = void 0;
-const zod_1 = require("zod");
-const oauth_access_token_js_1 = require("./oauth-access-token.js");
-const oauth_refresh_token_js_1 = require("./oauth-refresh-token.js");
-exports.oauthTokenIdentificationSchema = zod_1.z.object({
-    token: zod_1.z.union([oauth_access_token_js_1.oauthAccessTokenSchema, oauth_refresh_token_js_1.oauthRefreshTokenSchema]),
-    token_type_hint: zod_1.z.enum(['access_token', 'refresh_token']).optional(),
+import { z } from 'zod';
+import { oauthAccessTokenSchema } from './oauth-access-token.js';
+import { oauthRefreshTokenSchema } from './oauth-refresh-token.js';
+export const oauthTokenIdentificationSchema = z.object({
+    token: z.union([oauthAccessTokenSchema, oauthRefreshTokenSchema]),
+    token_type_hint: z.enum(['access_token', 'refresh_token']).optional(),
 });
 //# sourceMappingURL=oauth-token-identification.js.map

package/dist/oauth-token-identification.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-token-identification.js","sourceRoot":"","sources":["../src/oauth-token-identification.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mEAAgE;AAChE,qEAAkE;AAErD,QAAA,8BAA8B,GAAG,OAAC,CAAC,MAAM,CAAC;IACrD,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,8CAAsB,EAAE,gDAAuB,CAAC,CAAC;IACjE,eAAe,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtE,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAccessTokenSchema } from './oauth-access-token.js'\nimport { oauthRefreshTokenSchema } from './oauth-refresh-token.js'\n\nexport const oauthTokenIdentificationSchema = z.object({\n  token: z.union([oauthAccessTokenSchema, oauthRefreshTokenSchema]),\n  token_type_hint: z.enum(['access_token', 'refresh_token']).optional(),\n})\n\nexport type OAuthTokenIdentification = z.infer<\n  typeof oauthTokenIdentificationSchema\n>\n"]}
+{"version":3,"file":"oauth-token-identification.js","sourceRoot":"","sources":["../src/oauth-token-identification.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAA;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAElE,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IACrD,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,CAAC;IACjE,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtE,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAccessTokenSchema } from './oauth-access-token.js'\nimport { oauthRefreshTokenSchema } from './oauth-refresh-token.js'\n\nexport const oauthTokenIdentificationSchema = z.object({\n  token: z.union([oauthAccessTokenSchema, oauthRefreshTokenSchema]),\n  token_type_hint: z.enum(['access_token', 'refresh_token']).optional(),\n})\n\nexport type OAuthTokenIdentification = z.infer<\n  typeof oauthTokenIdentificationSchema\n>\n"]}

package/dist/oauth-token-request.js

@@ -1,15 +1,12 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthTokenRequestSchema = void 0;
-const zod_1 = require("zod");
-const oauth_authorization_code_grant_token_request_js_1 = require("./oauth-authorization-code-grant-token-request.js");
-const oauth_client_credentials_grant_token_request_js_1 = require("./oauth-client-credentials-grant-token-request.js");
-const oauth_password_grant_token_request_js_1 = require("./oauth-password-grant-token-request.js");
-const oauth_refresh_token_grant_token_request_js_1 = require("./oauth-refresh-token-grant-token-request.js");
-exports.oauthTokenRequestSchema = zod_1.z.discriminatedUnion('grant_type', [
-    oauth_authorization_code_grant_token_request_js_1.oauthAuthorizationCodeGrantTokenRequestSchema,
-    oauth_refresh_token_grant_token_request_js_1.oauthRefreshTokenGrantTokenRequestSchema,
-    oauth_password_grant_token_request_js_1.oauthPasswordGrantTokenRequestSchema,
-    oauth_client_credentials_grant_token_request_js_1.oauthClientCredentialsGrantTokenRequestSchema,
+import { z } from 'zod';
+import { oauthAuthorizationCodeGrantTokenRequestSchema } from './oauth-authorization-code-grant-token-request.js';
+import { oauthClientCredentialsGrantTokenRequestSchema } from './oauth-client-credentials-grant-token-request.js';
+import { oauthPasswordGrantTokenRequestSchema } from './oauth-password-grant-token-request.js';
+import { oauthRefreshTokenGrantTokenRequestSchema } from './oauth-refresh-token-grant-token-request.js';
+export const oauthTokenRequestSchema = z.discriminatedUnion('grant_type', [
+    oauthAuthorizationCodeGrantTokenRequestSchema,
+    oauthRefreshTokenGrantTokenRequestSchema,
+    oauthPasswordGrantTokenRequestSchema,
+    oauthClientCredentialsGrantTokenRequestSchema,
 ]);
 //# sourceMappingURL=oauth-token-request.js.map

package/dist/oauth-token-request.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-token-request.js","sourceRoot":"","sources":["../src/oauth-token-request.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,uHAAiH;AACjH,uHAAiH;AACjH,mGAA8F;AAC9F,6GAAuG;AAE1F,QAAA,uBAAuB,GAAG,OAAC,CAAC,kBAAkB,CAAC,YAAY,EAAE;IACxE,+FAA6C;IAC7C,qFAAwC;IACxC,4EAAoC;IACpC,+FAA6C;CAC9C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationCodeGrantTokenRequestSchema } from './oauth-authorization-code-grant-token-request.js'\nimport { oauthClientCredentialsGrantTokenRequestSchema } from './oauth-client-credentials-grant-token-request.js'\nimport { oauthPasswordGrantTokenRequestSchema } from './oauth-password-grant-token-request.js'\nimport { oauthRefreshTokenGrantTokenRequestSchema } from './oauth-refresh-token-grant-token-request.js'\n\nexport const oauthTokenRequestSchema = z.discriminatedUnion('grant_type', [\n  oauthAuthorizationCodeGrantTokenRequestSchema,\n  oauthRefreshTokenGrantTokenRequestSchema,\n  oauthPasswordGrantTokenRequestSchema,\n  oauthClientCredentialsGrantTokenRequestSchema,\n])\n\nexport type OAuthTokenRequest = z.infer<typeof oauthTokenRequestSchema>\n"]}
+{"version":3,"file":"oauth-token-request.js","sourceRoot":"","sources":["../src/oauth-token-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,6CAA6C,EAAE,MAAM,mDAAmD,CAAA;AACjH,OAAO,EAAE,6CAA6C,EAAE,MAAM,mDAAmD,CAAA;AACjH,OAAO,EAAE,oCAAoC,EAAE,MAAM,yCAAyC,CAAA;AAC9F,OAAO,EAAE,wCAAwC,EAAE,MAAM,8CAA8C,CAAA;AAEvG,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,kBAAkB,CAAC,YAAY,EAAE;IACxE,6CAA6C;IAC7C,wCAAwC;IACxC,oCAAoC;IACpC,6CAA6C;CAC9C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { oauthAuthorizationCodeGrantTokenRequestSchema } from './oauth-authorization-code-grant-token-request.js'\nimport { oauthClientCredentialsGrantTokenRequestSchema } from './oauth-client-credentials-grant-token-request.js'\nimport { oauthPasswordGrantTokenRequestSchema } from './oauth-password-grant-token-request.js'\nimport { oauthRefreshTokenGrantTokenRequestSchema } from './oauth-refresh-token-grant-token-request.js'\n\nexport const oauthTokenRequestSchema = z.discriminatedUnion('grant_type', [\n  oauthAuthorizationCodeGrantTokenRequestSchema,\n  oauthRefreshTokenGrantTokenRequestSchema,\n  oauthPasswordGrantTokenRequestSchema,\n  oauthClientCredentialsGrantTokenRequestSchema,\n])\n\nexport type OAuthTokenRequest = z.infer<typeof oauthTokenRequestSchema>\n"]}

package/dist/oauth-token-response.js

@@ -1,25 +1,22 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthTokenResponseSchema = void 0;
-const zod_1 = require("zod");
-const jwk_1 = require("@atproto/jwk");
-const oauth_authorization_details_js_1 = require("./oauth-authorization-details.js");
-const oauth_token_type_js_1 = require("./oauth-token-type.js");
+import { z } from 'zod';
+import { signedJwtSchema } from '@atproto/jwk';
+import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js';
+import { oauthTokenTypeSchema } from './oauth-token-type.js';
 /**
  * @see {@link https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1 | RFC 6749 (OAuth2), Section 5.1}
  */
-exports.oauthTokenResponseSchema = zod_1.z
+export const oauthTokenResponseSchema = z
     .object({
     // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1
-    access_token: zod_1.z.string(),
-    token_type: oauth_token_type_js_1.oauthTokenTypeSchema,
-    scope: zod_1.z.string().optional(),
-    refresh_token: zod_1.z.string().optional(),
-    expires_in: zod_1.z.number().optional(),
+    access_token: z.string(),
+    token_type: oauthTokenTypeSchema,
+    scope: z.string().optional(),
+    refresh_token: z.string().optional(),
+    expires_in: z.number().optional(),
     // https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
-    id_token: jwk_1.signedJwtSchema.optional(),
+    id_token: signedJwtSchema.optional(),
     // https://datatracker.ietf.org/doc/html/rfc9396#name-enriched-authorization-deta
-    authorization_details: oauth_authorization_details_js_1.oauthAuthorizationDetailsSchema.optional(),
+    authorization_details: oauthAuthorizationDetailsSchema.optional(),
 })
     // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1
     // > The client MUST ignore unrecognized value names in the response.

package/dist/oauth-token-response.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAA8C;AAC9C,qFAAkF;AAClF,+DAA4D;AAE5D;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,0DAA0D;IAC1D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,0CAAoB;IAChC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,sEAAsE;IACtE,QAAQ,EAAE,qBAAe,CAAC,QAAQ,EAAE;IACpC,iFAAiF;IACjF,qBAAqB,EAAE,gEAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthTokenTypeSchema } from './oauth-token-type.js'\n\n/**\n * @see {@link https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1 | RFC 6749 (OAuth2), Section 5.1}\n */\nexport const oauthTokenResponseSchema = z\n  .object({\n    // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n    access_token: z.string(),\n    token_type: oauthTokenTypeSchema,\n    scope: z.string().optional(),\n    refresh_token: z.string().optional(),\n    expires_in: z.number().optional(),\n    // https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse\n    id_token: signedJwtSchema.optional(),\n    // https://datatracker.ietf.org/doc/html/rfc9396#name-enriched-authorization-deta\n    authorization_details: oauthAuthorizationDetailsSchema.optional(),\n  })\n  // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n  // > The client MUST ignore unrecognized value names in the response.\n  .passthrough()\n\n/**\n * @see {@link oauthTokenResponseSchema}\n */\nexport type OAuthTokenResponse = z.infer<typeof oauthTokenResponseSchema>\n"]}
+{"version":3,"file":"oauth-token-response.js","sourceRoot":"","sources":["../src/oauth-token-response.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,+BAA+B,EAAE,MAAM,kCAAkC,CAAA;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAE5D;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC;KACtC,MAAM,CAAC;IACN,0DAA0D;IAC1D,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,oBAAoB;IAChC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,sEAAsE;IACtE,QAAQ,EAAE,eAAe,CAAC,QAAQ,EAAE;IACpC,iFAAiF;IACjF,qBAAqB,EAAE,+BAA+B,CAAC,QAAQ,EAAE;CAClE,CAAC;IACF,0DAA0D;IAC1D,qEAAqE;KACpE,WAAW,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js'\nimport { oauthTokenTypeSchema } from './oauth-token-type.js'\n\n/**\n * @see {@link https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1 | RFC 6749 (OAuth2), Section 5.1}\n */\nexport const oauthTokenResponseSchema = z\n  .object({\n    // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n    access_token: z.string(),\n    token_type: oauthTokenTypeSchema,\n    scope: z.string().optional(),\n    refresh_token: z.string().optional(),\n    expires_in: z.number().optional(),\n    // https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse\n    id_token: signedJwtSchema.optional(),\n    // https://datatracker.ietf.org/doc/html/rfc9396#name-enriched-authorization-deta\n    authorization_details: oauthAuthorizationDetailsSchema.optional(),\n  })\n  // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n  // > The client MUST ignore unrecognized value names in the response.\n  .passthrough()\n\n/**\n * @see {@link oauthTokenResponseSchema}\n */\nexport type OAuthTokenResponse = z.infer<typeof oauthTokenResponseSchema>\n"]}