npm - @better-auth/oauth-provider - Versions diffs - 1.5.6 → 1.6.0-beta.0 - Mend

@better-auth/oauth-provider 1.5.6 → 1.6.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/client-resource.d.mts +2 -2
package/dist/client-resource.mjs +3 -4
package/dist/client.d.mts +3 -3
package/dist/client.mjs +2 -3
package/dist/index.d.mts +2 -3
package/dist/index.mjs +34 -39
package/dist/oauth-4vgZlF-I.d.mts +1 -2
package/dist/oauth-CEoJtL3Y.d.mts +1879 -0
package/dist/{utils-BDSjyzic.mjs → utils-sQ4gYeh3.mjs} +39 -5
package/dist/version-DevbO3Yy.mjs +5 -0
package/package.json +10 -9
package/dist/client-resource.mjs.map +0 -1
package/dist/client.mjs.map +0 -1
package/dist/index.mjs.map +0 -1
package/dist/oauth-E89Dh-ZC.d.mts +0 -2079
package/dist/utils-BDSjyzic.mjs.map +0 -1

package/dist/client-resource.d.mts CHANGED Viewed

@@ -5,6 +5,7 @@ import { Auth } from "better-auth/types";
 //#region src/client-resource.d.ts
 declare const oauthProviderResourceClient: <T extends Auth | undefined>(auth?: T) => {
   id: "oauth-provider-resource-client";
+  version: string;
   getActions(): {
     /**
      * Performs verification of an access token for your APIs. Can perform
@@ -75,5 +76,4 @@ type ProtectedResourceMetadataOutput<T> = T extends Auth ? (overrides?: Partial<
   externalScopes?: string[];
 }) => Promise<ResourceServerMetadata>;
 //#endregion
-export { VerifyAccessTokenRemote, oauthProviderResourceClient };
-//# sourceMappingURL=client-resource.d.mts.map
+export { VerifyAccessTokenRemote, oauthProviderResourceClient };

package/dist/client-resource.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { a as getJwtPlugin, g as handleMcpErrors, o as getOAuthProviderPlugin } from "./utils-BDSjyzic.mjs";
+import { a as getJwtPlugin, o as getOAuthProviderPlugin, v as handleMcpErrors } from "./utils-sQ4gYeh3.mjs";
+import { t as PACKAGE_VERSION } from "./version-DevbO3Yy.mjs";
 import { verifyAccessToken } from "better-auth/oauth2";
 import { APIError } from "better-call";
 import { logger } from "@better-auth/core/env";
 import { BetterAuthError } from "@better-auth/core/error";
 //#region src/client-resource.ts
 const oauthProviderResourceClient = (auth) => {
 	let oauthProviderPlugin;
@@ -23,6 +23,7 @@ const oauthProviderResourceClient = (auth) => {
 	const authServerBasePath = auth?.options.basePath;
 	return {
 		id: "oauth-provider-resource-client",
+		version: PACKAGE_VERSION,
 		getActions() {
 			return {
 				verifyAccessToken: (async (token, opts) => {
@@ -83,7 +84,5 @@ const oauthProviderResourceClient = (auth) => {
 		}
 	};
 };
 //#endregion
 export { oauthProviderResourceClient };
-//# sourceMappingURL=client-resource.mjs.map

package/dist/client.d.mts CHANGED Viewed

@@ -1,9 +1,10 @@
-import { n as oauthProvider } from "./oauth-E89Dh-ZC.mjs";
+import { n as oauthProvider } from "./oauth-CEoJtL3Y.mjs";
 import * as _better_fetch_fetch0 from "@better-fetch/fetch";
 //#region src/client.d.ts
 declare const oauthProviderClient: () => {
   id: "oauth-provider-client";
+  version: string;
   fetchPlugins: {
     id: string;
     name: string;
@@ -15,5 +16,4 @@ declare const oauthProviderClient: () => {
   $InferServerPlugin: ReturnType<typeof oauthProvider>;
 };
 //#endregion
-export { oauthProviderClient };
-//# sourceMappingURL=client.d.mts.map
+export { oauthProviderClient };

package/dist/client.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
+import { t as PACKAGE_VERSION } from "./version-DevbO3Yy.mjs";
 import { safeJSONParse } from "@better-auth/core/utils/json";
 //#region src/client.ts
 function parseSignedQuery(search) {
 	const params = new URLSearchParams(search);
@@ -15,6 +15,7 @@ function parseSignedQuery(search) {
 const oauthProviderClient = () => {
 	return {
 		id: "oauth-provider-client",
+		version: PACKAGE_VERSION,
 		fetchPlugins: [{
 			id: "oauth-provider-signin",
 			name: "oauth-provider-signin",
@@ -32,7 +33,5 @@ const oauthProviderClient = () => {
 		$InferServerPlugin: {}
 	};
 };
 //#endregion
 export { oauthProviderClient };
-//# sourceMappingURL=client.mjs.map

package/dist/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { _ as Awaitable, a as ResourceServerMetadata, c as OAuthConsent, d as OAuthRefreshToken, f as Prompt, g as VerificationValue, h as StoreTokenType, i as OIDCMetadata, l as OAuthOpaqueAccessToken, m as Scope, n as GrantType, o as AuthorizePrompt, p as SchemaClient, r as OAuthClient, s as OAuthAuthorizationQuery, t as AuthServerMetadata, u as OAuthOptions } from "./oauth-4vgZlF-I.mjs";
-import { n as oauthProvider, t as getOAuthProviderState } from "./oauth-E89Dh-ZC.mjs";
+import { n as oauthProvider, t as getOAuthProviderState } from "./oauth-CEoJtL3Y.mjs";
 import { verifyAccessToken } from "better-auth/oauth2";
 import { JWSAlgorithms, JwtOptions } from "better-auth/plugins";
 import { JWTPayload } from "jose";
@@ -61,5 +61,4 @@ declare const oauthProviderOpenIdConfigMetadata: <Auth extends {
   headers?: HeadersInit;
 }) => (_request: Request) => Promise<Response>;
 //#endregion
-export { AuthServerMetadata, AuthorizePrompt, OAuthAuthorizationQuery, OAuthClient, OAuthConsent, OAuthOpaqueAccessToken, OAuthOptions, OAuthRefreshToken, OIDCMetadata, Prompt, ResourceServerMetadata, SchemaClient, Scope, StoreTokenType, VerificationValue, authServerMetadata, getOAuthProviderState, mcpHandler, oauthProvider, oauthProviderAuthServerMetadata, oauthProviderOpenIdConfigMetadata, oidcServerMetadata };
-//# sourceMappingURL=index.d.mts.map
+export { AuthServerMetadata, AuthorizePrompt, OAuthAuthorizationQuery, OAuthClient, OAuthConsent, OAuthOpaqueAccessToken, OAuthOptions, OAuthRefreshToken, OIDCMetadata, Prompt, ResourceServerMetadata, SchemaClient, Scope, StoreTokenType, VerificationValue, authServerMetadata, getOAuthProviderState, mcpHandler, oauthProvider, oauthProviderAuthServerMetadata, oauthProviderOpenIdConfigMetadata, oidcServerMetadata };

package/dist/index.mjs CHANGED Viewed

@@ -1,4 +1,5 @@
-import { _ as mcpHandler, a as getJwtPlugin, c as isPKCERequired, d as resolveSubjectIdentifier, f as storeClientSecret, h as verifyOAuthQueryParams, i as getClient, l as parseClientMetadata, m as validateClientCredentials, n as decryptStoredClientSecret, p as storeToken, r as deleteFromPrompt, s as getStoredToken, t as basicToClientCredentials, u as parsePrompt } from "./utils-BDSjyzic.mjs";
+import { _ as verifyOAuthQueryParams, a as getJwtPlugin, c as isPKCERequired, d as parsePrompt, f as resolveSessionAuthTime, g as validateClientCredentials, h as storeToken, i as getClient, l as normalizeTimestampValue, m as storeClientSecret, n as decryptStoredClientSecret, p as resolveSubjectIdentifier, r as deleteFromPrompt, s as getStoredToken, t as basicToClientCredentials, u as parseClientMetadata, y as mcpHandler } from "./utils-sQ4gYeh3.mjs";
+import { t as PACKAGE_VERSION } from "./version-DevbO3Yy.mjs";
 import { APIError, createAuthEndpoint, createAuthMiddleware, getOAuthState, getSessionFromCtx, sessionMiddleware } from "better-auth/api";
 import { generateCodeChallenge, getJwks, verifyJwsAccessToken } from "better-auth/oauth2";
 import { APIError as APIError$1 } from "better-call";
@@ -12,7 +13,6 @@ import { mergeSchema } from "better-auth/db";
 import * as z from "zod";
 import { signJWT, toExpJWT } from "better-auth/plugins";
 import { SignJWT, compactVerify, createLocalJWKSet, decodeJwt } from "jose";
 //#region src/consent.ts
 async function consentEndpoint(ctx, opts) {
 	const _query = (await oAuthState.get())?.query;
@@ -97,7 +97,6 @@ async function consentEndpoint(ctx, opts) {
 		url
 	};
 }
 //#endregion
 //#region src/continue.ts
 async function continueEndpoint(ctx, opts) {
@@ -129,7 +128,9 @@ async function created(ctx, opts) {
 		error_description: "missing oauth query",
 		error: "invalid_request"
 	});
-	ctx.query = deleteFromPrompt(new URLSearchParams(_query), "create");
+	const query = new URLSearchParams(_query);
+	ctx.headers?.set("accept", "application/json");
+	ctx.query = deleteFromPrompt(query, "create");
 	const { url } = await authorizeEndpoint(ctx, opts);
 	return {
 		redirect: true,
@@ -151,7 +152,6 @@ async function postLogin(ctx, opts) {
 		url
 	};
 }
 //#endregion
 //#region src/userinfo.ts
 /**
@@ -224,7 +224,6 @@ async function userInfoEndpoint(ctx, opts) {
 		...additionalInfoUserClaims
 	};
 }
 //#endregion
 //#region src/token.ts
 /**
@@ -296,9 +295,9 @@ async function createIdToken(ctx, opts, user, client, scopes, nonce, sessionId,
 	const jwtPluginOptions = opts.disableJwtPlugin ? void 0 : getJwtPlugin(ctx.context).options;
 	const payload = {
 		...userClaims,
-		...customClaims,
 		auth_time: authTimeSec,
 		acr,
+		...customClaims,
 		iss: jwtPluginOptions?.jwt?.issuer ?? ctx.context.baseURL,
 		sub: resolvedSub,
 		aud: client.clientId,
@@ -565,7 +564,7 @@ async function handleAuthorizationCodeGrant(ctx, opts) {
 		error_description: "session no longer exists",
 		error: "invalid_request"
 	});
-	const authTime = verificationValue.authTime != null ? new Date(verificationValue.authTime) : new Date(session.createdAt);
+	const authTime = verificationValue.authTime != null ? normalizeTimestampValue(verificationValue.authTime) : resolveSessionAuthTime(session);
 	return createUserTokens(ctx, opts, client, verificationValue.query.scope?.split(" ") ?? [], user, verificationValue.referenceId, session.id, verificationValue.query?.nonce, void 0, authTime);
 }
 /**
@@ -720,10 +719,9 @@ async function handleRefreshTokenGrant(ctx, opts) {
 		error_description: "user not found",
 		error: "invalid_request"
 	});
-	const authTime = refreshToken.authTime != null ? new Date(refreshToken.authTime) : void 0;
+	const authTime = refreshToken.authTime != null ? normalizeTimestampValue(refreshToken.authTime) : void 0;
 	return createUserTokens(ctx, opts, client, requestedScopes ?? scopes, user, refreshToken.referenceId, refreshToken.sessionId, void 0, { refreshToken }, authTime);
 }
 //#endregion
 //#region src/introspect.ts
 /**
@@ -984,7 +982,6 @@ async function introspectEndpoint(ctx, opts) {
 		}
 	}
 }
 //#endregion
 //#region src/logout.ts
 /**
@@ -1096,7 +1093,6 @@ async function rpInitiatedLogoutEndpoint(ctx, opts) {
 		}
 	}
 }
 //#endregion
 //#region src/middleware/index.ts
 const publicSessionMiddleware = (opts) => createAuthMiddleware(async (ctx) => {
@@ -1104,7 +1100,6 @@ const publicSessionMiddleware = (opts) => createAuthMiddleware(async (ctx) => {
 	const query = ctx.body.oauth_query;
 	if (!await verifyOAuthQueryParams(query, ctx.context.secret)) throw new APIError("UNAUTHORIZED", { error: "invalid_signature" });
 });
 //#endregion
 //#region src/register.ts
 async function registerEndpoint(ctx, opts) {
@@ -1313,7 +1308,6 @@ function schemaToOAuth(input) {
 		reference_id: referenceId ?? void 0
 	};
 }
 //#endregion
 //#region src/types/zod.ts
 const DANGEROUS_SCHEMES = [
@@ -1354,7 +1348,6 @@ const SafeUrlSchema = z.url().superRefine((val, ctx) => {
 		});
 	}
 });
 //#endregion
 //#region src/oauthClient/endpoints.ts
 async function getClientEndpoint(ctx, opts) {
@@ -1584,7 +1577,6 @@ async function rotateClientSecretEndpoint(ctx, opts) {
 		clientSecret: (opts.prefix?.clientSecret ?? "") + clientSecret
 	});
 }
 //#endregion
 //#region src/oauthClient/index.ts
 const adminCreateOAuthClient = (opts) => createAuthEndpoint("/admin/oauth2/create-client", {
@@ -2066,7 +2058,6 @@ const deleteOAuthClient = (opts) => createAuthEndpoint("/oauth2/delete-client",
 }, async (ctx) => {
 	return deleteClientEndpoint(ctx, opts);
 });
 //#endregion
 //#region src/oauthConsent/endpoints.ts
 async function getConsent(ctx, opts, id) {
@@ -2166,7 +2157,6 @@ async function updateConsentEndpoint(ctx, opts) {
 		}
 	});
 }
 //#endregion
 //#region src/oauthConsent/index.ts
 const getOAuthConsent = (opts) => createAuthEndpoint("/oauth2/get-consent", {
@@ -2203,7 +2193,6 @@ const deleteOAuthConsent = (opts) => createAuthEndpoint("/oauth2/delete-consent"
 }, async (ctx) => {
 	return deleteConsentEndpoint(ctx, opts);
 });
 //#endregion
 //#region src/revoke.ts
 /**
@@ -2401,7 +2390,6 @@ async function revokeEndpoint(ctx, opts) {
 		}
 	}
 }
 //#endregion
 //#region src/schema.ts
 const schema = {
@@ -2665,7 +2653,6 @@ const schema = {
 		}
 	}
 };
 //#endregion
 //#region src/oauth.ts
 const oAuthState = defineRequestState(() => null);
@@ -2736,12 +2723,21 @@ const oauthProvider = (options) => {
 	if (!opts.disableJwtPlugin && (opts.storeClientSecret === "encrypted" || typeof opts.storeClientSecret === "object" && ("encrypt" in opts.storeClientSecret || "decrypt" in opts.storeClientSecret))) throw new BetterAuthError("encryption method not recommended, please use 'hashed' or the 'hash' function");
 	return {
 		id: "oauth-provider",
+		version: PACKAGE_VERSION,
 		options: opts,
 		init: (ctx) => {
-			if (ctx.options.session && !ctx.options.session.storeSessionInDatabase) throw new BetterAuthError("OAuth Provider requires `session.storeSessionInDatabase: true` when using secondaryStorage");
+			if (ctx.options.secondaryStorage && ctx.options.session?.storeSessionInDatabase !== true) throw new BetterAuthError("OAuth Provider requires `session.storeSessionInDatabase: true` when using secondaryStorage");
 			if (!opts.disableJwtPlugin) {
-				const issuer = (getJwtPlugin(ctx)?.options)?.jwt?.issuer ?? ctx.baseURL;
-				const issuerPath = new URL(issuer).pathname;
+				const jwtPluginOptions = getJwtPlugin(ctx)?.options;
+				const issuer = jwtPluginOptions?.jwt?.issuer ?? ctx.baseURL;
+				const isDynamicBaseURLInit = jwtPluginOptions?.jwt?.issuer == null && typeof ctx.options.baseURL === "object" && ctx.options.baseURL !== null && "allowedHosts" in ctx.options.baseURL;
+				let issuerPath;
+				try {
+					issuerPath = new URL(issuer).pathname;
+				} catch (error) {
+					if (isDynamicBaseURLInit && issuer === "") return;
+					throw error;
+				}
 				if (!opts.silenceWarnings?.oauthAuthServerConfig && !(ctx.options.basePath === "/" && issuerPath === "/")) logger.warn(`Please ensure '/.well-known/oauth-authorization-server${issuerPath === "/" ? "" : issuerPath}' exists. Upon completion, clear with silenceWarnings.oauthAuthServerConfig.`);
 				if (!opts.silenceWarnings?.openidConfig && ctx.options.basePath !== issuerPath && opts.scopes?.includes("openid")) logger.warn(`Please ensure '${issuerPath}${issuerPath.endsWith("/") ? "" : "/"}.well-known/openid-configuration' exists. Upon completion, clear with silenceWarnings.openidConfig.`);
 			}
@@ -2778,6 +2774,9 @@ const oauthProvider = (options) => {
 					const session = await ctx.context.internalAdapter.findSession(sessionToken);
 					if (!session) return;
 					ctx.context.session = session;
+					const secFetchMode = ctx.request?.headers?.get("sec-fetch-mode")?.toLowerCase();
+					const acceptHeader = ctx.request?.headers?.get("accept")?.toLowerCase() ?? "";
+					if (!(secFetchMode === "navigate" || !secFetchMode && (acceptHeader.includes("text/html") || acceptHeader.includes("application/xhtml+xml")))) ctx.headers?.set("accept", "application/json");
 					ctx.query = deleteFromPrompt(query, "login");
 					return await authorizeEndpoint(ctx, opts);
 				})
@@ -3627,7 +3626,6 @@ const oauthProvider = (options) => {
 		]
 	};
 };
 //#endregion
 //#region src/authorize.ts
 /**
@@ -3702,23 +3700,23 @@ async function authorizeEndpoint(ctx, opts, settings) {
 	});
 	const query = ctx.query;
 	await oAuthState.set({ query: query.toString() });
-	if (!query.client_id) throw ctx.redirect(getErrorURL(ctx, "invalid_client", "client_id is required"));
-	if (!query.response_type) throw ctx.redirect(getErrorURL(ctx, "invalid_request", "response_type is required"));
+	if (!query.client_id) return handleRedirect(ctx, getErrorURL(ctx, "invalid_client", "client_id is required"));
+	if (!query.response_type) return handleRedirect(ctx, getErrorURL(ctx, "invalid_request", "response_type is required"));
 	const promptSet = ctx.query?.prompt ? parsePrompt(ctx.query?.prompt) : void 0;
 	const promptNone = promptSet?.has("none") ?? false;
-	if (promptSet?.has("select_account") && !opts.selectAccount?.page) throw ctx.redirect(getErrorURL(ctx, `unsupported_prompt_select_account`, "unsupported prompt type"));
-	if (!(query.response_type === "code")) throw ctx.redirect(getErrorURL(ctx, "unsupported_response_type", "unsupported response type"));
+	if (promptSet?.has("select_account") && !opts.selectAccount?.page) return handleRedirect(ctx, getErrorURL(ctx, `unsupported_prompt_select_account`, "unsupported prompt type"));
+	if (!(query.response_type === "code")) return handleRedirect(ctx, getErrorURL(ctx, "unsupported_response_type", "unsupported response type"));
 	const client = await getClient(ctx, opts, query.client_id);
-	if (!client) throw ctx.redirect(getErrorURL(ctx, "invalid_client", "client_id is required"));
-	if (client.disabled) throw ctx.redirect(getErrorURL(ctx, "client_disabled", "client is disabled"));
-	if (!client.redirectUris?.find((url) => url === query.redirect_uri) || !query.redirect_uri) throw ctx.redirect(getErrorURL(ctx, "invalid_redirect", "invalid redirect uri"));
+	if (!client) return handleRedirect(ctx, getErrorURL(ctx, "invalid_client", "client_id is required"));
+	if (client.disabled) return handleRedirect(ctx, getErrorURL(ctx, "client_disabled", "client is disabled"));
+	if (!client.redirectUris?.find((url) => url === query.redirect_uri) || !query.redirect_uri) return handleRedirect(ctx, getErrorURL(ctx, "invalid_redirect", "invalid redirect uri"));
 	let requestedScopes = query.scope?.split(" ").filter((s) => s);
 	if (requestedScopes) {
 		const validScopes = new Set(client.scopes ?? opts.scopes);
 		const invalidScopes = requestedScopes.filter((scope) => {
 			return !validScopes?.has(scope);
 		});
-		if (invalidScopes.length) throw ctx.redirect(formatErrorURL(query.redirect_uri, "invalid_scope", `The following scopes are invalid: ${invalidScopes.join(", ")}`, query.state, getIssuer(ctx, opts)));
+		if (invalidScopes.length) return handleRedirect(ctx, formatErrorURL(query.redirect_uri, "invalid_scope", `The following scopes are invalid: ${invalidScopes.join(", ")}`, query.state, getIssuer(ctx, opts)));
 	}
 	if (!requestedScopes) {
 		requestedScopes = client.scopes ?? opts.scopes ?? [];
@@ -3726,11 +3724,11 @@ async function authorizeEndpoint(ctx, opts, settings) {
 	}
 	const pkceRequired = isPKCERequired(client, requestedScopes);
 	if (pkceRequired) {
-		if (!query.code_challenge || !query.code_challenge_method) throw ctx.redirect(formatErrorURL(query.redirect_uri, "invalid_request", pkceRequired.valueOf(), query.state, getIssuer(ctx, opts)));
+		if (!query.code_challenge || !query.code_challenge_method) return handleRedirect(ctx, formatErrorURL(query.redirect_uri, "invalid_request", pkceRequired.valueOf(), query.state, getIssuer(ctx, opts)));
 	}
 	if (query.code_challenge || query.code_challenge_method) {
-		if (!query.code_challenge || !query.code_challenge_method) throw ctx.redirect(formatErrorURL(query.redirect_uri, "invalid_request", "code_challenge and code_challenge_method must both be provided", query.state, getIssuer(ctx, opts)));
-		if (!["S256"].includes(query.code_challenge_method)) throw ctx.redirect(formatErrorURL(query.redirect_uri, "invalid_request", "invalid code_challenge method, only S256 is supported", query.state, getIssuer(ctx, opts)));
+		if (!query.code_challenge || !query.code_challenge_method) return handleRedirect(ctx, formatErrorURL(query.redirect_uri, "invalid_request", "code_challenge and code_challenge_method must both be provided", query.state, getIssuer(ctx, opts)));
+		if (!["S256"].includes(query.code_challenge_method)) return handleRedirect(ctx, formatErrorURL(query.redirect_uri, "invalid_request", "invalid code_challenge method, only S256 is supported", query.state, getIssuer(ctx, opts)));
 	}
 	const session = await getSessionFromCtx(ctx);
 	if (!session || promptSet?.has("login") || promptSet?.has("create")) {
@@ -3862,7 +3860,6 @@ async function signParams(ctx, opts) {
 	params.append("sig", signature);
 	return params.toString();
 }
 //#endregion
 //#region src/metadata.ts
 function authServerMetadata(ctx, opts, overrides) {
@@ -3961,7 +3958,5 @@ const oauthProviderOpenIdConfigMetadata = (auth, opts) => {
 		});
 	};
 };
 //#endregion
 export { authServerMetadata, getOAuthProviderState, mcpHandler, oauthProvider, oauthProviderAuthServerMetadata, oauthProviderOpenIdConfigMetadata, oidcServerMetadata };
-//# sourceMappingURL=index.mjs.map

package/dist/oauth-4vgZlF-I.d.mts CHANGED Viewed

@@ -1602,5 +1602,4 @@ interface ResourceServerMetadata {
   dpop_bound_access_tokens_required?: boolean;
 }
 //#endregion
-export { Awaitable as _, ResourceServerMetadata as a, OAuthConsent as c, OAuthRefreshToken as d, Prompt as f, VerificationValue as g, StoreTokenType as h, OIDCMetadata as i, OAuthOpaqueAccessToken as l, Scope as m, GrantType as n, AuthorizePrompt as o, SchemaClient as p, OAuthClient as r, OAuthAuthorizationQuery as s, AuthServerMetadata as t, OAuthOptions as u };
-//# sourceMappingURL=oauth-4vgZlF-I.d.mts.map
+export { Awaitable as _, ResourceServerMetadata as a, OAuthConsent as c, OAuthRefreshToken as d, Prompt as f, VerificationValue as g, StoreTokenType as h, OIDCMetadata as i, OAuthOpaqueAccessToken as l, Scope as m, GrantType as n, AuthorizePrompt as o, SchemaClient as p, OAuthClient as r, OAuthAuthorizationQuery as s, AuthServerMetadata as t, OAuthOptions as u };