@atxp/client 0.2.22 → 0.4.0

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js

@@ -0,0 +1,46 @@
+/**
+ * Utilities for handling OAuth resource URIs.
+ */
+/**
+ * Converts a server URL to a resource URL by removing the fragment.
+ * RFC 8707 section 2 states that resource URIs "MUST NOT include a fragment component".
+ * Keeps everything else unchanged (scheme, domain, port, path, query).
+ */
+function resourceUrlFromServerUrl(url) {
+    const resourceURL = typeof url === "string" ? new URL(url) : new URL(url.href);
+    resourceURL.hash = ''; // Remove fragment
+    return resourceURL;
+}
+/**
+ * Checks if a requested resource URL matches a configured resource URL.
+ * A requested resource matches if it has the same scheme, domain, port,
+ * and its path starts with the configured resource's path.
+ *
+ * @param requestedResource The resource URL being requested
+ * @param configuredResource The resource URL that has been configured
+ * @returns true if the requested resource matches the configured resource, false otherwise
+ */
+function checkResourceAllowed({ requestedResource, configuredResource }) {
+    const requested = typeof requestedResource === "string" ? new URL(requestedResource) : new URL(requestedResource.href);
+    const configured = typeof configuredResource === "string" ? new URL(configuredResource) : new URL(configuredResource.href);
+    // Compare the origin (scheme, domain, and port)
+    if (requested.origin !== configured.origin) {
+        return false;
+    }
+    // Handle cases like requested=/foo and configured=/foo/
+    if (requested.pathname.length < configured.pathname.length) {
+        return false;
+    }
+    // Check if the requested path starts with the configured path
+    // Ensure both paths end with / for proper comparison
+    // This ensures that if we have paths like "/api" and "/api/users",
+    // we properly detect that "/api/users" is a subpath of "/api"
+    // By adding a trailing slash if missing, we avoid false positives
+    // where paths like "/api123" would incorrectly match "/api"
+    const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';
+    const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';
+    return requestedPath.startsWith(configuredPath);
+}
+
+export { checkResourceAllowed, resourceUrlFromServerUrl };
+//# sourceMappingURL=auth-utils.js.map

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-utils.js","sources":["../../../../../../../../../node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js"],"sourcesContent":["/**\n * Utilities for handling OAuth resource URIs.\n */\n/**\n * Converts a server URL to a resource URL by removing the fragment.\n * RFC 8707 section 2 states that resource URIs \"MUST NOT include a fragment component\".\n * Keeps everything else unchanged (scheme, domain, port, path, query).\n */\nexport function resourceUrlFromServerUrl(url) {\n    const resourceURL = typeof url === \"string\" ? new URL(url) : new URL(url.href);\n    resourceURL.hash = ''; // Remove fragment\n    return resourceURL;\n}\n/**\n * Checks if a requested resource URL matches a configured resource URL.\n * A requested resource matches if it has the same scheme, domain, port,\n * and its path starts with the configured resource's path.\n *\n * @param requestedResource The resource URL being requested\n * @param configuredResource The resource URL that has been configured\n * @returns true if the requested resource matches the configured resource, false otherwise\n */\nexport function checkResourceAllowed({ requestedResource, configuredResource }) {\n    const requested = typeof requestedResource === \"string\" ? new URL(requestedResource) : new URL(requestedResource.href);\n    const configured = typeof configuredResource === \"string\" ? new URL(configuredResource) : new URL(configuredResource.href);\n    // Compare the origin (scheme, domain, and port)\n    if (requested.origin !== configured.origin) {\n        return false;\n    }\n    // Handle cases like requested=/foo and configured=/foo/\n    if (requested.pathname.length < configured.pathname.length) {\n        return false;\n    }\n    // Check if the requested path starts with the configured path\n    // Ensure both paths end with / for proper comparison\n    // This ensures that if we have paths like \"/api\" and \"/api/users\",\n    // we properly detect that \"/api/users\" is a subpath of \"/api\"\n    // By adding a trailing slash if missing, we avoid false positives\n    // where paths like \"/api123\" would incorrectly match \"/api\"\n    const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';\n    const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';\n    return requestedPath.startsWith(configuredPath);\n}\n//# sourceMappingURL=auth-utils.js.map"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAAS,wBAAwB,CAAC,GAAG,EAAE;AAC9C,IAAI,MAAM,WAAW,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;AAClF,IAAI,WAAW,CAAC,IAAI,GAAG,EAAE,CAAC;AAC1B,IAAI,OAAO,WAAW;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAAS,oBAAoB,CAAC,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,EAAE;AAChF,IAAI,MAAM,SAAS,GAAG,OAAO,iBAAiB,KAAK,QAAQ,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC;AAC1H,IAAI,MAAM,UAAU,GAAG,OAAO,kBAAkB,KAAK,QAAQ,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC;AAC9H;AACA,IAAI,IAAI,SAAS,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE;AAChD,QAAQ,OAAO,KAAK;AACpB,IAAI;AACJ;AACA,IAAI,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE;AAChE,QAAQ,OAAO,KAAK;AACpB,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,GAAG,GAAG;AAC1G,IAAI,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,GAAG,GAAG;AAC9G,IAAI,OAAO,aAAa,CAAC,UAAU,CAAC,cAAc,CAAC;AACnD;;;;","x_google_ignoreList":[0]}

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js

@@ -0,0 +1,192 @@
+import { string as stringType, NEVER, object as objectType, boolean as booleanType, array as arrayType, number as numberType, any as anyType } from '../../../../../zod/v3/types.js';
+import { ZodIssueCode } from '../../../../../zod/v3/ZodError.js';
+
+/**
+ * Reusable URL validation that disallows javascript: scheme
+ */
+const SafeUrlSchema = stringType().url()
+    .superRefine((val, ctx) => {
+    if (!URL.canParse(val)) {
+        ctx.addIssue({
+            code: ZodIssueCode.custom,
+            message: "URL must be parseable",
+            fatal: true,
+        });
+        return NEVER;
+    }
+}).refine((url) => {
+    const u = new URL(url);
+    return u.protocol !== 'javascript:' && u.protocol !== 'data:' && u.protocol !== 'vbscript:';
+}, { message: "URL cannot use javascript:, data:, or vbscript: scheme" });
+/**
+ * RFC 9728 OAuth Protected Resource Metadata
+ */
+const OAuthProtectedResourceMetadataSchema = objectType({
+    resource: stringType().url(),
+    authorization_servers: arrayType(SafeUrlSchema).optional(),
+    jwks_uri: stringType().url().optional(),
+    scopes_supported: arrayType(stringType()).optional(),
+    bearer_methods_supported: arrayType(stringType()).optional(),
+    resource_signing_alg_values_supported: arrayType(stringType()).optional(),
+    resource_name: stringType().optional(),
+    resource_documentation: stringType().optional(),
+    resource_policy_uri: stringType().url().optional(),
+    resource_tos_uri: stringType().url().optional(),
+    tls_client_certificate_bound_access_tokens: booleanType().optional(),
+    authorization_details_types_supported: arrayType(stringType()).optional(),
+    dpop_signing_alg_values_supported: arrayType(stringType()).optional(),
+    dpop_bound_access_tokens_required: booleanType().optional(),
+})
+    .passthrough();
+/**
+ * RFC 8414 OAuth 2.0 Authorization Server Metadata
+ */
+const OAuthMetadataSchema = objectType({
+    issuer: stringType(),
+    authorization_endpoint: SafeUrlSchema,
+    token_endpoint: SafeUrlSchema,
+    registration_endpoint: SafeUrlSchema.optional(),
+    scopes_supported: arrayType(stringType()).optional(),
+    response_types_supported: arrayType(stringType()),
+    response_modes_supported: arrayType(stringType()).optional(),
+    grant_types_supported: arrayType(stringType()).optional(),
+    token_endpoint_auth_methods_supported: arrayType(stringType()).optional(),
+    token_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    service_documentation: SafeUrlSchema.optional(),
+    revocation_endpoint: SafeUrlSchema.optional(),
+    revocation_endpoint_auth_methods_supported: arrayType(stringType()).optional(),
+    revocation_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    introspection_endpoint: stringType().optional(),
+    introspection_endpoint_auth_methods_supported: arrayType(stringType())
+        .optional(),
+    introspection_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    code_challenge_methods_supported: arrayType(stringType()).optional(),
+})
+    .passthrough();
+/**
+ * OpenID Connect Discovery 1.0 Provider Metadata
+ * see: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
+ */
+const OpenIdProviderMetadataSchema = objectType({
+    issuer: stringType(),
+    authorization_endpoint: SafeUrlSchema,
+    token_endpoint: SafeUrlSchema,
+    userinfo_endpoint: SafeUrlSchema.optional(),
+    jwks_uri: SafeUrlSchema,
+    registration_endpoint: SafeUrlSchema.optional(),
+    scopes_supported: arrayType(stringType()).optional(),
+    response_types_supported: arrayType(stringType()),
+    response_modes_supported: arrayType(stringType()).optional(),
+    grant_types_supported: arrayType(stringType()).optional(),
+    acr_values_supported: arrayType(stringType()).optional(),
+    subject_types_supported: arrayType(stringType()),
+    id_token_signing_alg_values_supported: arrayType(stringType()),
+    id_token_encryption_alg_values_supported: arrayType(stringType()).optional(),
+    id_token_encryption_enc_values_supported: arrayType(stringType()).optional(),
+    userinfo_signing_alg_values_supported: arrayType(stringType()).optional(),
+    userinfo_encryption_alg_values_supported: arrayType(stringType()).optional(),
+    userinfo_encryption_enc_values_supported: arrayType(stringType()).optional(),
+    request_object_signing_alg_values_supported: arrayType(stringType()).optional(),
+    request_object_encryption_alg_values_supported: arrayType(stringType())
+        .optional(),
+    request_object_encryption_enc_values_supported: arrayType(stringType())
+        .optional(),
+    token_endpoint_auth_methods_supported: arrayType(stringType()).optional(),
+    token_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    display_values_supported: arrayType(stringType()).optional(),
+    claim_types_supported: arrayType(stringType()).optional(),
+    claims_supported: arrayType(stringType()).optional(),
+    service_documentation: stringType().optional(),
+    claims_locales_supported: arrayType(stringType()).optional(),
+    ui_locales_supported: arrayType(stringType()).optional(),
+    claims_parameter_supported: booleanType().optional(),
+    request_parameter_supported: booleanType().optional(),
+    request_uri_parameter_supported: booleanType().optional(),
+    require_request_uri_registration: booleanType().optional(),
+    op_policy_uri: SafeUrlSchema.optional(),
+    op_tos_uri: SafeUrlSchema.optional(),
+})
+    .passthrough();
+/**
+ * OpenID Connect Discovery metadata that may include OAuth 2.0 fields
+ * This schema represents the real-world scenario where OIDC providers
+ * return a mix of OpenID Connect and OAuth 2.0 metadata fields
+ */
+const OpenIdProviderDiscoveryMetadataSchema = OpenIdProviderMetadataSchema.merge(OAuthMetadataSchema.pick({
+    code_challenge_methods_supported: true,
+}));
+/**
+ * OAuth 2.1 token response
+ */
+const OAuthTokensSchema = objectType({
+    access_token: stringType(),
+    id_token: stringType().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect
+    token_type: stringType(),
+    expires_in: numberType().optional(),
+    scope: stringType().optional(),
+    refresh_token: stringType().optional(),
+})
+    .strip();
+/**
+ * OAuth 2.1 error response
+ */
+const OAuthErrorResponseSchema = objectType({
+    error: stringType(),
+    error_description: stringType().optional(),
+    error_uri: stringType().optional(),
+});
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata
+ */
+const OAuthClientMetadataSchema = objectType({
+    redirect_uris: arrayType(SafeUrlSchema),
+    token_endpoint_auth_method: stringType().optional(),
+    grant_types: arrayType(stringType()).optional(),
+    response_types: arrayType(stringType()).optional(),
+    client_name: stringType().optional(),
+    client_uri: SafeUrlSchema.optional(),
+    logo_uri: SafeUrlSchema.optional(),
+    scope: stringType().optional(),
+    contacts: arrayType(stringType()).optional(),
+    tos_uri: SafeUrlSchema.optional(),
+    policy_uri: stringType().optional(),
+    jwks_uri: SafeUrlSchema.optional(),
+    jwks: anyType().optional(),
+    software_id: stringType().optional(),
+    software_version: stringType().optional(),
+    software_statement: stringType().optional(),
+}).strip();
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration client information
+ */
+const OAuthClientInformationSchema = objectType({
+    client_id: stringType(),
+    client_secret: stringType().optional(),
+    client_id_issued_at: numberType().optional(),
+    client_secret_expires_at: numberType().optional(),
+}).strip();
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)
+ */
+const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration error response
+ */
+objectType({
+    error: stringType(),
+    error_description: stringType().optional(),
+}).strip();
+/**
+ * RFC 7009 OAuth 2.0 Token Revocation request
+ */
+objectType({
+    token: stringType(),
+    token_type_hint: stringType().optional(),
+}).strip();
+
+export { OAuthClientInformationFullSchema, OAuthClientInformationSchema, OAuthClientMetadataSchema, OAuthErrorResponseSchema, OAuthMetadataSchema, OAuthProtectedResourceMetadataSchema, OAuthTokensSchema, OpenIdProviderDiscoveryMetadataSchema, OpenIdProviderMetadataSchema, SafeUrlSchema };
+//# sourceMappingURL=auth.js.map

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sources":["../../../../../../../../../node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js"],"sourcesContent":["import { z } from \"zod\";\n/**\n * Reusable URL validation that disallows javascript: scheme\n */\nexport const SafeUrlSchema = z.string().url()\n    .superRefine((val, ctx) => {\n    if (!URL.canParse(val)) {\n        ctx.addIssue({\n            code: z.ZodIssueCode.custom,\n            message: \"URL must be parseable\",\n            fatal: true,\n        });\n        return z.NEVER;\n    }\n}).refine((url) => {\n    const u = new URL(url);\n    return u.protocol !== 'javascript:' && u.protocol !== 'data:' && u.protocol !== 'vbscript:';\n}, { message: \"URL cannot use javascript:, data:, or vbscript: scheme\" });\n/**\n * RFC 9728 OAuth Protected Resource Metadata\n */\nexport const OAuthProtectedResourceMetadataSchema = z\n    .object({\n    resource: z.string().url(),\n    authorization_servers: z.array(SafeUrlSchema).optional(),\n    jwks_uri: z.string().url().optional(),\n    scopes_supported: z.array(z.string()).optional(),\n    bearer_methods_supported: z.array(z.string()).optional(),\n    resource_signing_alg_values_supported: z.array(z.string()).optional(),\n    resource_name: z.string().optional(),\n    resource_documentation: z.string().optional(),\n    resource_policy_uri: z.string().url().optional(),\n    resource_tos_uri: z.string().url().optional(),\n    tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n    authorization_details_types_supported: z.array(z.string()).optional(),\n    dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n    dpop_bound_access_tokens_required: z.boolean().optional(),\n})\n    .passthrough();\n/**\n * RFC 8414 OAuth 2.0 Authorization Server Metadata\n */\nexport const OAuthMetadataSchema = z\n    .object({\n    issuer: z.string(),\n    authorization_endpoint: SafeUrlSchema,\n    token_endpoint: SafeUrlSchema,\n    registration_endpoint: SafeUrlSchema.optional(),\n    scopes_supported: z.array(z.string()).optional(),\n    response_types_supported: z.array(z.string()),\n    response_modes_supported: z.array(z.string()).optional(),\n    grant_types_supported: z.array(z.string()).optional(),\n    token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n    token_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    service_documentation: SafeUrlSchema.optional(),\n    revocation_endpoint: SafeUrlSchema.optional(),\n    revocation_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n    revocation_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    introspection_endpoint: z.string().optional(),\n    introspection_endpoint_auth_methods_supported: z\n        .array(z.string())\n        .optional(),\n    introspection_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    code_challenge_methods_supported: z.array(z.string()).optional(),\n})\n    .passthrough();\n/**\n * OpenID Connect Discovery 1.0 Provider Metadata\n * see: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata\n */\nexport const OpenIdProviderMetadataSchema = z\n    .object({\n    issuer: z.string(),\n    authorization_endpoint: SafeUrlSchema,\n    token_endpoint: SafeUrlSchema,\n    userinfo_endpoint: SafeUrlSchema.optional(),\n    jwks_uri: SafeUrlSchema,\n    registration_endpoint: SafeUrlSchema.optional(),\n    scopes_supported: z.array(z.string()).optional(),\n    response_types_supported: z.array(z.string()),\n    response_modes_supported: z.array(z.string()).optional(),\n    grant_types_supported: z.array(z.string()).optional(),\n    acr_values_supported: z.array(z.string()).optional(),\n    subject_types_supported: z.array(z.string()),\n    id_token_signing_alg_values_supported: z.array(z.string()),\n    id_token_encryption_alg_values_supported: z.array(z.string()).optional(),\n    id_token_encryption_enc_values_supported: z.array(z.string()).optional(),\n    userinfo_signing_alg_values_supported: z.array(z.string()).optional(),\n    userinfo_encryption_alg_values_supported: z.array(z.string()).optional(),\n    userinfo_encryption_enc_values_supported: z.array(z.string()).optional(),\n    request_object_signing_alg_values_supported: z.array(z.string()).optional(),\n    request_object_encryption_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    request_object_encryption_enc_values_supported: z\n        .array(z.string())\n        .optional(),\n    token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n    token_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    display_values_supported: z.array(z.string()).optional(),\n    claim_types_supported: z.array(z.string()).optional(),\n    claims_supported: z.array(z.string()).optional(),\n    service_documentation: z.string().optional(),\n    claims_locales_supported: z.array(z.string()).optional(),\n    ui_locales_supported: z.array(z.string()).optional(),\n    claims_parameter_supported: z.boolean().optional(),\n    request_parameter_supported: z.boolean().optional(),\n    request_uri_parameter_supported: z.boolean().optional(),\n    require_request_uri_registration: z.boolean().optional(),\n    op_policy_uri: SafeUrlSchema.optional(),\n    op_tos_uri: SafeUrlSchema.optional(),\n})\n    .passthrough();\n/**\n * OpenID Connect Discovery metadata that may include OAuth 2.0 fields\n * This schema represents the real-world scenario where OIDC providers\n * return a mix of OpenID Connect and OAuth 2.0 metadata fields\n */\nexport const OpenIdProviderDiscoveryMetadataSchema = OpenIdProviderMetadataSchema.merge(OAuthMetadataSchema.pick({\n    code_challenge_methods_supported: true,\n}));\n/**\n * OAuth 2.1 token response\n */\nexport const OAuthTokensSchema = z\n    .object({\n    access_token: z.string(),\n    id_token: z.string().optional(), // Optional for OAuth 2.1, but necessary in OpenID Connect\n    token_type: z.string(),\n    expires_in: z.number().optional(),\n    scope: z.string().optional(),\n    refresh_token: z.string().optional(),\n})\n    .strip();\n/**\n * OAuth 2.1 error response\n */\nexport const OAuthErrorResponseSchema = z\n    .object({\n    error: z.string(),\n    error_description: z.string().optional(),\n    error_uri: z.string().optional(),\n});\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata\n */\nexport const OAuthClientMetadataSchema = z.object({\n    redirect_uris: z.array(SafeUrlSchema),\n    token_endpoint_auth_method: z.string().optional(),\n    grant_types: z.array(z.string()).optional(),\n    response_types: z.array(z.string()).optional(),\n    client_name: z.string().optional(),\n    client_uri: SafeUrlSchema.optional(),\n    logo_uri: SafeUrlSchema.optional(),\n    scope: z.string().optional(),\n    contacts: z.array(z.string()).optional(),\n    tos_uri: SafeUrlSchema.optional(),\n    policy_uri: z.string().optional(),\n    jwks_uri: SafeUrlSchema.optional(),\n    jwks: z.any().optional(),\n    software_id: z.string().optional(),\n    software_version: z.string().optional(),\n    software_statement: z.string().optional(),\n}).strip();\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration client information\n */\nexport const OAuthClientInformationSchema = z.object({\n    client_id: z.string(),\n    client_secret: z.string().optional(),\n    client_id_issued_at: z.number().optional(),\n    client_secret_expires_at: z.number().optional(),\n}).strip();\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)\n */\nexport const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration error response\n */\nexport const OAuthClientRegistrationErrorSchema = z.object({\n    error: z.string(),\n    error_description: z.string().optional(),\n}).strip();\n/**\n * RFC 7009 OAuth 2.0 Token Revocation request\n */\nexport const OAuthTokenRevocationRequestSchema = z.object({\n    token: z.string(),\n    token_type_hint: z.string().optional(),\n}).strip();\n//# sourceMappingURL=auth.js.map"],"names":["z.string","z.ZodIssueCode","z.NEVER","z\n    .object","z.array","z.boolean","z\n        .array","z.number","z.object","z.any"],"mappings":";;;AACA;AACA;AACA;AACY,MAAC,aAAa,GAAGA,UAAQ,EAAE,CAAC,GAAG;AAC3C,KAAK,WAAW,CAAC,CAAC,GAAG,EAAE,GAAG,KAAK;AAC/B,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;AAC5B,QAAQ,GAAG,CAAC,QAAQ,CAAC;AACrB,YAAY,IAAI,EAAEC,YAAc,CAAC,MAAM;AACvC,YAAY,OAAO,EAAE,uBAAuB;AAC5C,YAAY,KAAK,EAAE,IAAI;AACvB,SAAS,CAAC;AACV,QAAQ,OAAOC,KAAO;AACtB,IAAI;AACJ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK;AACnB,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC;AAC1B,IAAI,OAAO,CAAC,CAAC,QAAQ,KAAK,aAAa,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,WAAW;AAC/F,CAAC,EAAE,EAAE,OAAO,EAAE,wDAAwD,EAAE;AACxE;AACA;AACA;AACY,MAAC,oCAAoC,GAAGC,UACzC,CAAC;AACZ,IAAI,QAAQ,EAAEH,UAAQ,EAAE,CAAC,GAAG,EAAE;AAC9B,IAAI,qBAAqB,EAAEI,SAAO,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,QAAQ,EAAEJ,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACzC,IAAI,gBAAgB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpD,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,qCAAqC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,aAAa,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACxC,IAAI,sBAAsB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACjD,IAAI,mBAAmB,EAAEA,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACpD,IAAI,gBAAgB,EAAEA,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACjD,IAAI,0CAA0C,EAAEK,WAAS,EAAE,CAAC,QAAQ,EAAE;AACtE,IAAI,qCAAqC,EAAED,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,iCAAiC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACrE,IAAI,iCAAiC,EAAEK,WAAS,EAAE,CAAC,QAAQ,EAAE;AAC7D,CAAC;AACD,KAAK,WAAW;AAChB;AACA;AACA;AACY,MAAC,mBAAmB,GAAGF,UACxB,CAAC;AACZ,IAAI,MAAM,EAAEH,UAAQ,EAAE;AACtB,IAAI,sBAAsB,EAAE,aAAa;AACzC,IAAI,cAAc,EAAE,aAAa;AACjC,IAAI,qBAAqB,EAAE,aAAa,CAAC,QAAQ,EAAE;AACnD,IAAI,gBAAgB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpD,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC;AACjD,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,qBAAqB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzD,IAAI,qCAAqC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,gDAAgD,EAAEM,SACxC,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,qBAAqB,EAAE,aAAa,CAAC,QAAQ,EAAE;AACnD,IAAI,mBAAmB,EAAE,aAAa,CAAC,QAAQ,EAAE;AACjD,IAAI,0CAA0C,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC9E,IAAI,qDAAqD,EAAEM,SAC7C,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,sBAAsB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACjD,IAAI,6CAA6C,EAAEM,SACrC,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,wDAAwD,EAAEM,SAChD,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,gCAAgC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpE,CAAC;AACD,KAAK,WAAW;AAChB;AACA;AACA;AACA;AACY,MAAC,4BAA4B,GAAGG,UACjC,CAAC;AACZ,IAAI,MAAM,EAAEH,UAAQ,EAAE;AACtB,IAAI,sBAAsB,EAAE,aAAa;AACzC,IAAI,cAAc,EAAE,aAAa;AACjC,IAAI,iBAAiB,EAAE,aAAa,CAAC,QAAQ,EAAE;AAC/C,IAAI,QAAQ,EAAE,aAAa;AAC3B,IAAI,qBAAqB,EAAE,aAAa,CAAC,QAAQ,EAAE;AACnD,IAAI,gBAAgB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpD,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC;AACjD,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,qBAAqB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzD,IAAI,oBAAoB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACxD,IAAI,uBAAuB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC;AAChD,IAAI,qCAAqC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC;AAC9D,IAAI,wCAAwC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5E,IAAI,wCAAwC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5E,IAAI,qCAAqC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,wCAAwC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5E,IAAI,wCAAwC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5E,IAAI,2CAA2C,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC/E,IAAI,8CAA8C,EAAEM,SACtC,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,8CAA8C,EAAEM,SACtC,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,qCAAqC,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,gDAAgD,EAAEM,SACxC,CAACN,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,qBAAqB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzD,IAAI,gBAAgB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpD,IAAI,qBAAqB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChD,IAAI,wBAAwB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,oBAAoB,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACxD,IAAI,0BAA0B,EAAEK,WAAS,EAAE,CAAC,QAAQ,EAAE;AACtD,IAAI,2BAA2B,EAAEA,WAAS,EAAE,CAAC,QAAQ,EAAE;AACvD,IAAI,+BAA+B,EAAEA,WAAS,EAAE,CAAC,QAAQ,EAAE;AAC3D,IAAI,gCAAgC,EAAEA,WAAS,EAAE,CAAC,QAAQ,EAAE;AAC5D,IAAI,aAAa,EAAE,aAAa,CAAC,QAAQ,EAAE;AAC3C,IAAI,UAAU,EAAE,aAAa,CAAC,QAAQ,EAAE;AACxC,CAAC;AACD,KAAK,WAAW;AAChB;AACA;AACA;AACA;AACA;AACY,MAAC,qCAAqC,GAAG,4BAA4B,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC;AACjH,IAAI,gCAAgC,EAAE,IAAI;AAC1C,CAAC,CAAC;AACF;AACA;AACA;AACY,MAAC,iBAAiB,GAAGF,UACtB,CAAC;AACZ,IAAI,YAAY,EAAEH,UAAQ,EAAE;AAC5B,IAAI,QAAQ,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACnC,IAAI,UAAU,EAAEA,UAAQ,EAAE;AAC1B,IAAI,UAAU,EAAEO,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrC,IAAI,KAAK,EAAEP,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChC,IAAI,aAAa,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACxC,CAAC;AACD,KAAK,KAAK;AACV;AACA;AACA;AACY,MAAC,wBAAwB,GAAGG,UAC7B,CAAC;AACZ,IAAI,KAAK,EAAEH,UAAQ,EAAE;AACrB,IAAI,iBAAiB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC5C,IAAI,SAAS,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACpC,CAAC;AACD;AACA;AACA;AACY,MAAC,yBAAyB,GAAGQ,UAAQ,CAAC;AAClD,IAAI,aAAa,EAAEJ,SAAO,CAAC,aAAa,CAAC;AACzC,IAAI,0BAA0B,EAAEJ,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrD,IAAI,WAAW,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC/C,IAAI,cAAc,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAClD,IAAI,WAAW,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACtC,IAAI,UAAU,EAAE,aAAa,CAAC,QAAQ,EAAE;AACxC,IAAI,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE;AACtC,IAAI,KAAK,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChC,IAAI,QAAQ,EAAEI,SAAO,CAACJ,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5C,IAAI,OAAO,EAAE,aAAa,CAAC,QAAQ,EAAE;AACrC,IAAI,UAAU,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrC,IAAI,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE;AACtC,IAAI,IAAI,EAAES,OAAK,EAAE,CAAC,QAAQ,EAAE;AAC5B,IAAI,WAAW,EAAET,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACtC,IAAI,gBAAgB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC3C,IAAI,kBAAkB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC7C,CAAC,CAAC,CAAC,KAAK;AACR;AACA;AACA;AACY,MAAC,4BAA4B,GAAGQ,UAAQ,CAAC;AACrD,IAAI,SAAS,EAAER,UAAQ,EAAE;AACzB,IAAI,aAAa,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACxC,IAAI,mBAAmB,EAAEO,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC9C,IAAI,wBAAwB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACnD,CAAC,CAAC,CAAC,KAAK;AACR;AACA;AACA;AACY,MAAC,gCAAgC,GAAG,yBAAyB,CAAC,KAAK,CAAC,4BAA4B;AAC5G;AACA;AACA;AACkDC,UAAQ,CAAC;AAC3D,IAAI,KAAK,EAAER,UAAQ,EAAE;AACrB,IAAI,iBAAiB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC5C,CAAC,CAAC,CAAC,KAAK;AACR;AACA;AACA;AACiDQ,UAAQ,CAAC;AAC1D,IAAI,KAAK,EAAER,UAAQ,EAAE;AACrB,IAAI,eAAe,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC1C,CAAC,CAAC,CAAC,KAAK;;;;","x_google_ignoreList":[0]}