@better-auth/oauth-provider 1.7.0-beta.0 → 1.7.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{client-assertion-DZqo-L5j.mjs → client-assertion-D-tAYsKC.mjs} +116 -92
- package/dist/client-resource.d.mts +43 -7
- package/dist/client-resource.mjs +45 -25
- package/dist/client.d.mts +1 -1
- package/dist/client.mjs +3 -13
- package/dist/index.d.mts +151 -18
- package/dist/index.mjs +2239 -1803
- package/dist/introspect-DvHp2a64.mjs +2507 -0
- package/dist/{oauth-Dh4YXCXY.d.mts → oauth-BrNRbP2A.d.mts} +532 -141
- package/dist/oauth-ScTJEcFV.d.mts +2849 -0
- package/dist/resource-challenge-B-cqv4ur.mjs +63 -0
- package/dist/rolldown-runtime-wcPFST8Q.mjs +13 -0
- package/dist/signed-query-Df1MNiSH.mjs +44 -0
- package/dist/utils-DO8lmoDw.mjs +769 -0
- package/dist/{version-BGWhjYBb.mjs → version-a5HhJg8A.mjs} +1 -1
- package/package.json +9 -10
- package/dist/mcp-CYnz-MXn.mjs +0 -56
- package/dist/oauth-C8aTlaAC.d.mts +0 -1645
- package/dist/utils-CIbcUsZ5.mjs +0 -417
|
@@ -1,11 +1,58 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { C as OAuthConsent, L as Prompt, M as OAuthResource, O as OAuthOptions, a as GrantType, l as TokenEndpointAuthMethod, n as AuthServerMetadata, o as OAuthClient, u as TokenType, z as Scope } from "./oauth-ScTJEcFV.mjs";
|
|
2
2
|
import * as better_call0 from "better-call";
|
|
3
3
|
import * as z from "zod";
|
|
4
|
-
import * as better_auth_plugins0 from "better-auth/plugins";
|
|
5
4
|
import * as jose from "jose";
|
|
5
|
+
import * as better_auth_plugins0 from "better-auth/plugins";
|
|
6
|
+
import { AuthContext, GenericEndpointContext } from "@better-auth/core";
|
|
6
7
|
import * as better_auth0 from "better-auth";
|
|
7
8
|
|
|
9
|
+
//#region src/oauth-endpoint.d.ts
|
|
10
|
+
/**
|
|
11
|
+
* Canonical OAuth 2.0 / OpenID Connect error codes. The union is the single
|
|
12
|
+
* vocabulary for every error-emitting surface in this plugin: token, authorize,
|
|
13
|
+
* revoke, introspect, register, userinfo, logout, consent, and the redirect
|
|
14
|
+
* error channel. Entries are grouped by source RFC so the declaration doubles
|
|
15
|
+
* as a specification map.
|
|
16
|
+
*
|
|
17
|
+
* The trailing `(string & {})` keeps the type open for product-specific codes
|
|
18
|
+
* (e.g. `"invalid_verification"`, `"invalid_user"`) while preserving editor
|
|
19
|
+
* autocomplete for the listed standard codes. Prefer a standard code whenever
|
|
20
|
+
* one applies; fall back to a custom string only for states no RFC covers.
|
|
21
|
+
*/
|
|
22
|
+
type OAuthErrorCode = "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "unsupported_response_type" | "invalid_scope" | "access_denied" | "server_error" | "temporarily_unavailable" | "invalid_token" | "unsupported_token_type" | "invalid_redirect_uri" | "invalid_client_metadata" | "invalid_software_statement" | "unapproved_software_statement" | "invalid_target" | "invalid_request_object" | "login_required" | "consent_required" | "interaction_required" | "account_selection_required" | "invalid_request_uri" | "request_not_supported" | "request_uri_not_supported" | "registration_not_supported" | (string & {});
|
|
23
|
+
type OAuthFieldErrorCodeMap = {
|
|
24
|
+
missing?: OAuthErrorCode;
|
|
25
|
+
invalid?: OAuthErrorCode;
|
|
26
|
+
};
|
|
27
|
+
type OAuthFieldErrorCode = OAuthErrorCode | OAuthFieldErrorCodeMap;
|
|
28
|
+
interface OAuthEndpointErrorResult {
|
|
29
|
+
error: OAuthErrorCode;
|
|
30
|
+
error_description: string;
|
|
31
|
+
}
|
|
32
|
+
interface OAuthEndpointRedirectContext<Ctx = unknown> {
|
|
33
|
+
error: OAuthErrorCode;
|
|
34
|
+
error_description: string;
|
|
35
|
+
ctx: Ctx;
|
|
36
|
+
}
|
|
37
|
+
type OAuthRedirectOnError<Ctx = unknown, Result = unknown> = (result: OAuthEndpointRedirectContext<Ctx>) => Result | Promise<Result>;
|
|
38
|
+
//#endregion
|
|
39
|
+
//#region src/authorize.d.ts
|
|
40
|
+
type OAuthRedirectResult = {
|
|
41
|
+
redirect: true;
|
|
42
|
+
url: string;
|
|
43
|
+
};
|
|
44
|
+
/**
|
|
45
|
+
* Gets the issuer identifier
|
|
46
|
+
*/
|
|
47
|
+
declare function getIssuer(ctx: GenericEndpointContext, opts: OAuthOptions<Scope[]>): string;
|
|
48
|
+
//#endregion
|
|
8
49
|
//#region src/oauth.d.ts
|
|
50
|
+
/**
|
|
51
|
+
* Default scopes advertised and accepted when a configuration sets none. Shared
|
|
52
|
+
* with the MCP preset so the resource metadata it serves matches what the
|
|
53
|
+
* authorization-server metadata advertises.
|
|
54
|
+
*/
|
|
55
|
+
declare const DEFAULT_OAUTH_SCOPES: readonly ["openid", "profile", "email", "offline_access"];
|
|
9
56
|
declare module "@better-auth/core" {
|
|
10
57
|
interface BetterAuthPluginRegistry<AuthOptions, Options> {
|
|
11
58
|
"oauth-provider": {
|
|
@@ -15,6 +62,8 @@ declare module "@better-auth/core" {
|
|
|
15
62
|
}
|
|
16
63
|
declare const getOAuthProviderState: () => Promise<{
|
|
17
64
|
query?: string;
|
|
65
|
+
signedQueryIssuedAt?: Date;
|
|
66
|
+
postLoginClearedForSession?: string;
|
|
18
67
|
} | null>;
|
|
19
68
|
/**
|
|
20
69
|
* oAuth 2.1 provider plugin for Better Auth.
|
|
@@ -27,7 +76,31 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
27
76
|
id: "oauth-provider";
|
|
28
77
|
version: string;
|
|
29
78
|
options: NoInfer<O>;
|
|
30
|
-
|
|
79
|
+
onRequest: (request: Request, ctx: better_auth0.AuthContext) => Promise<{
|
|
80
|
+
response: Response;
|
|
81
|
+
} | {
|
|
82
|
+
request: Request;
|
|
83
|
+
} | void>;
|
|
84
|
+
init: (ctx: better_auth0.AuthContext) => Promise<{
|
|
85
|
+
options: {
|
|
86
|
+
databaseHooks: {
|
|
87
|
+
session: {
|
|
88
|
+
delete: {
|
|
89
|
+
before(session: {
|
|
90
|
+
id: string;
|
|
91
|
+
createdAt: Date;
|
|
92
|
+
updatedAt: Date;
|
|
93
|
+
userId: string;
|
|
94
|
+
expiresAt: Date;
|
|
95
|
+
token: string;
|
|
96
|
+
ipAddress?: string | null | undefined;
|
|
97
|
+
userAgent?: string | null | undefined;
|
|
98
|
+
} & Record<string, unknown>, hookCtx: GenericEndpointContext | null): Promise<void>;
|
|
99
|
+
};
|
|
100
|
+
};
|
|
101
|
+
};
|
|
102
|
+
};
|
|
103
|
+
}>;
|
|
31
104
|
hooks: {
|
|
32
105
|
before: {
|
|
33
106
|
matcher(ctx: better_auth0.HookEndpointContext): any;
|
|
@@ -35,10 +108,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
35
108
|
}[];
|
|
36
109
|
after: {
|
|
37
110
|
matcher(ctx: better_auth0.HookEndpointContext): boolean;
|
|
38
|
-
handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<
|
|
39
|
-
redirect: boolean;
|
|
40
|
-
url: string;
|
|
41
|
-
} | undefined>;
|
|
111
|
+
handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<OAuthRedirectResult | undefined>;
|
|
42
112
|
}[];
|
|
43
113
|
};
|
|
44
114
|
endpoints: {
|
|
@@ -67,36 +137,51 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
67
137
|
metadata: {
|
|
68
138
|
SERVER_ONLY: true;
|
|
69
139
|
};
|
|
70
|
-
},
|
|
140
|
+
}, {
|
|
141
|
+
jwks_uri?: string | undefined;
|
|
142
|
+
userinfo_endpoint: string;
|
|
143
|
+
acr_values_supported?: string[] | undefined;
|
|
144
|
+
subject_types_supported: ("public" | "pairwise")[];
|
|
145
|
+
claims_supported: string[];
|
|
146
|
+
claims_parameter_supported?: boolean | undefined;
|
|
147
|
+
end_session_endpoint: string;
|
|
148
|
+
request_parameter_supported?: boolean | undefined;
|
|
149
|
+
request_uri_parameter_supported?: boolean | undefined;
|
|
150
|
+
prompt_values_supported: Prompt[];
|
|
151
|
+
issuer: string;
|
|
152
|
+
authorization_endpoint: string;
|
|
153
|
+
token_endpoint: string;
|
|
154
|
+
registration_endpoint?: string | undefined;
|
|
155
|
+
scopes_supported?: string[] | undefined;
|
|
156
|
+
response_types_supported: "code"[];
|
|
157
|
+
response_modes_supported: "query"[];
|
|
158
|
+
grant_types_supported: GrantType[];
|
|
159
|
+
token_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
160
|
+
token_endpoint_auth_signing_alg_values_supported?: better_auth0.PrivateKeyJwtSigningAlgorithm[] | undefined;
|
|
161
|
+
service_documentation?: string | undefined;
|
|
162
|
+
ui_locales_supported?: string[] | undefined;
|
|
163
|
+
op_policy_uri?: string | undefined;
|
|
164
|
+
op_tos_uri?: string | undefined;
|
|
165
|
+
revocation_endpoint?: string | undefined;
|
|
166
|
+
revocation_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
167
|
+
revocation_endpoint_auth_signing_alg_values_supported?: better_auth0.PrivateKeyJwtSigningAlgorithm[] | undefined;
|
|
168
|
+
introspection_endpoint?: string | undefined;
|
|
169
|
+
introspection_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
170
|
+
introspection_endpoint_auth_signing_alg_values_supported?: better_auth0.PrivateKeyJwtSigningAlgorithm[] | undefined;
|
|
171
|
+
code_challenge_methods_supported: "S256"[];
|
|
172
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
173
|
+
client_id_metadata_document_supported?: boolean | undefined;
|
|
174
|
+
backchannel_logout_supported?: boolean | undefined;
|
|
175
|
+
backchannel_logout_session_supported?: boolean | undefined;
|
|
176
|
+
dpop_signing_alg_values_supported?: better_auth_plugins0.JWSAlgorithms[] | undefined;
|
|
71
177
|
id_token_signing_alg_values_supported: better_auth_plugins0.JWSAlgorithms[] | ["HS256"];
|
|
72
178
|
}>;
|
|
73
179
|
oauth2Authorize: better_call0.StrictEndpoint<"/oauth2/authorize", {
|
|
74
|
-
method: "GET";
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
code: "code";
|
|
78
|
-
}>>;
|
|
79
|
-
client_id: z.ZodString;
|
|
80
|
-
redirect_uri: z.ZodOptional<z.ZodURL>;
|
|
81
|
-
scope: z.ZodOptional<z.ZodString>;
|
|
82
|
-
state: z.ZodOptional<z.ZodString>;
|
|
83
|
-
request_uri: z.ZodOptional<z.ZodString>;
|
|
84
|
-
code_challenge: z.ZodOptional<z.ZodString>;
|
|
85
|
-
code_challenge_method: z.ZodOptional<z.ZodEnum<{
|
|
86
|
-
S256: "S256";
|
|
87
|
-
}>>;
|
|
88
|
-
nonce: z.ZodOptional<z.ZodString>;
|
|
89
|
-
prompt: z.ZodOptional<z.ZodEnum<{
|
|
90
|
-
none: "none";
|
|
91
|
-
consent: "consent";
|
|
92
|
-
login: "login";
|
|
93
|
-
create: "create";
|
|
94
|
-
select_account: "select_account";
|
|
95
|
-
"login consent": "login consent";
|
|
96
|
-
"select_account consent": "select_account consent";
|
|
97
|
-
}>>;
|
|
98
|
-
}, z.core.$strip>;
|
|
180
|
+
method: ("GET" | "POST")[];
|
|
181
|
+
body: z.ZodObject<{}, z.core.$loose>;
|
|
182
|
+
redirectOnError: OAuthRedirectOnError<GenericEndpointContext, OAuthRedirectResult>;
|
|
99
183
|
metadata: {
|
|
184
|
+
allowedMediaTypes: string[];
|
|
100
185
|
openapi: {
|
|
101
186
|
description: string;
|
|
102
187
|
parameters: ({
|
|
@@ -106,6 +191,8 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
106
191
|
schema: {
|
|
107
192
|
type: "string";
|
|
108
193
|
format?: undefined;
|
|
194
|
+
minimum?: undefined;
|
|
195
|
+
items?: undefined;
|
|
109
196
|
};
|
|
110
197
|
description: string;
|
|
111
198
|
} | {
|
|
@@ -115,6 +202,8 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
115
202
|
schema: {
|
|
116
203
|
type: "string";
|
|
117
204
|
format?: undefined;
|
|
205
|
+
minimum?: undefined;
|
|
206
|
+
items?: undefined;
|
|
118
207
|
};
|
|
119
208
|
description: string;
|
|
120
209
|
} | {
|
|
@@ -124,6 +213,32 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
124
213
|
schema: {
|
|
125
214
|
type: "string";
|
|
126
215
|
format: string;
|
|
216
|
+
minimum?: undefined;
|
|
217
|
+
items?: undefined;
|
|
218
|
+
};
|
|
219
|
+
description: string;
|
|
220
|
+
} | {
|
|
221
|
+
name: string;
|
|
222
|
+
in: "query";
|
|
223
|
+
required: false;
|
|
224
|
+
schema: {
|
|
225
|
+
type: "integer";
|
|
226
|
+
minimum: number;
|
|
227
|
+
format?: undefined;
|
|
228
|
+
items?: undefined;
|
|
229
|
+
};
|
|
230
|
+
description: string;
|
|
231
|
+
} | {
|
|
232
|
+
name: string;
|
|
233
|
+
in: "query";
|
|
234
|
+
required: false;
|
|
235
|
+
schema: {
|
|
236
|
+
type: "array";
|
|
237
|
+
items: {
|
|
238
|
+
type: "string";
|
|
239
|
+
};
|
|
240
|
+
format?: undefined;
|
|
241
|
+
minimum?: undefined;
|
|
127
242
|
};
|
|
128
243
|
description: string;
|
|
129
244
|
})[];
|
|
@@ -165,15 +280,13 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
165
280
|
};
|
|
166
281
|
};
|
|
167
282
|
};
|
|
168
|
-
},
|
|
169
|
-
redirect: boolean;
|
|
170
|
-
url: string;
|
|
171
|
-
}>;
|
|
283
|
+
}, OAuthRedirectResult>;
|
|
172
284
|
oauth2Consent: better_call0.StrictEndpoint<"/oauth2/consent", {
|
|
173
285
|
method: "POST";
|
|
174
286
|
body: z.ZodObject<{
|
|
175
287
|
accept: z.ZodBoolean;
|
|
176
288
|
scope: z.ZodOptional<z.ZodString>;
|
|
289
|
+
claims: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>;
|
|
177
290
|
oauth_query: z.ZodOptional<z.ZodString>;
|
|
178
291
|
}, z.core.$strip>;
|
|
179
292
|
use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
|
|
@@ -224,7 +337,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
224
337
|
};
|
|
225
338
|
};
|
|
226
339
|
};
|
|
227
|
-
}, {
|
|
340
|
+
}, OAuthRedirectResult | {
|
|
228
341
|
redirect: boolean;
|
|
229
342
|
url: string;
|
|
230
343
|
}>;
|
|
@@ -284,18 +397,12 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
284
397
|
};
|
|
285
398
|
};
|
|
286
399
|
};
|
|
287
|
-
},
|
|
288
|
-
redirect: boolean;
|
|
289
|
-
url: string;
|
|
290
|
-
}>;
|
|
400
|
+
}, OAuthRedirectResult>;
|
|
291
401
|
oauth2Token: better_call0.StrictEndpoint<"/oauth2/token", {
|
|
292
402
|
method: "POST";
|
|
403
|
+
cloneRequest: true;
|
|
293
404
|
body: z.ZodObject<{
|
|
294
|
-
grant_type: z.
|
|
295
|
-
authorization_code: "authorization_code";
|
|
296
|
-
client_credentials: "client_credentials";
|
|
297
|
-
refresh_token: "refresh_token";
|
|
298
|
-
}>;
|
|
405
|
+
grant_type: z.ZodString;
|
|
299
406
|
client_id: z.ZodOptional<z.ZodString>;
|
|
300
407
|
client_secret: z.ZodOptional<z.ZodString>;
|
|
301
408
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
@@ -304,13 +411,32 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
304
411
|
code_verifier: z.ZodOptional<z.ZodString>;
|
|
305
412
|
redirect_uri: z.ZodOptional<z.ZodURL>;
|
|
306
413
|
refresh_token: z.ZodOptional<z.ZodString>;
|
|
307
|
-
resource: z.ZodOptional<z.ZodString
|
|
414
|
+
resource: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
|
|
308
415
|
scope: z.ZodOptional<z.ZodString>;
|
|
309
|
-
}, z.core.$
|
|
416
|
+
}, z.core.$loose>;
|
|
417
|
+
errorCodesByField: {
|
|
418
|
+
grant_type: {
|
|
419
|
+
missing: "invalid_request";
|
|
420
|
+
invalid: "unsupported_grant_type";
|
|
421
|
+
};
|
|
422
|
+
resource: {
|
|
423
|
+
invalid: "invalid_target";
|
|
424
|
+
};
|
|
425
|
+
};
|
|
310
426
|
metadata: {
|
|
427
|
+
noStore: boolean;
|
|
311
428
|
allowedMediaTypes: string[];
|
|
312
429
|
openapi: {
|
|
313
430
|
description: string;
|
|
431
|
+
parameters: {
|
|
432
|
+
name: string;
|
|
433
|
+
in: "header";
|
|
434
|
+
required: false;
|
|
435
|
+
schema: {
|
|
436
|
+
type: "string";
|
|
437
|
+
};
|
|
438
|
+
description: string;
|
|
439
|
+
}[];
|
|
314
440
|
requestBody: {
|
|
315
441
|
required: boolean;
|
|
316
442
|
content: {
|
|
@@ -320,7 +446,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
320
446
|
properties: {
|
|
321
447
|
grant_type: {
|
|
322
448
|
type: string;
|
|
323
|
-
enum: string[];
|
|
324
449
|
description: string;
|
|
325
450
|
};
|
|
326
451
|
client_id: {
|
|
@@ -349,7 +474,17 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
349
474
|
description: string;
|
|
350
475
|
};
|
|
351
476
|
resource: {
|
|
352
|
-
|
|
477
|
+
oneOf: ({
|
|
478
|
+
type: string;
|
|
479
|
+
description: string;
|
|
480
|
+
items?: undefined;
|
|
481
|
+
} | {
|
|
482
|
+
type: string;
|
|
483
|
+
items: {
|
|
484
|
+
type: string;
|
|
485
|
+
};
|
|
486
|
+
description: string;
|
|
487
|
+
})[];
|
|
353
488
|
description: string;
|
|
354
489
|
};
|
|
355
490
|
scope: {
|
|
@@ -427,11 +562,13 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
427
562
|
};
|
|
428
563
|
};
|
|
429
564
|
}, {
|
|
430
|
-
access_token: string;
|
|
431
565
|
expires_in: number;
|
|
566
|
+
access_token: string;
|
|
432
567
|
expires_at: number;
|
|
433
|
-
token_type:
|
|
568
|
+
token_type: TokenType;
|
|
569
|
+
refresh_token: string | undefined;
|
|
434
570
|
scope: string;
|
|
571
|
+
id_token: string | undefined;
|
|
435
572
|
}>;
|
|
436
573
|
oauth2Introspect: better_call0.StrictEndpoint<"/oauth2/introspect", {
|
|
437
574
|
method: "POST";
|
|
@@ -441,12 +578,10 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
441
578
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
442
579
|
client_assertion_type: z.ZodOptional<z.ZodString>;
|
|
443
580
|
token: z.ZodString;
|
|
444
|
-
token_type_hint: z.ZodOptional<z.
|
|
445
|
-
refresh_token: "refresh_token";
|
|
446
|
-
access_token: "access_token";
|
|
447
|
-
}>>;
|
|
581
|
+
token_type_hint: z.ZodOptional<z.ZodString>;
|
|
448
582
|
}, z.core.$strip>;
|
|
449
583
|
metadata: {
|
|
584
|
+
noStore: boolean;
|
|
450
585
|
allowedMediaTypes: string[];
|
|
451
586
|
openapi: {
|
|
452
587
|
description: string;
|
|
@@ -470,11 +605,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
470
605
|
description: string;
|
|
471
606
|
};
|
|
472
607
|
token_type_hint: {
|
|
473
|
-
type: string;
|
|
474
|
-
enum: string[];
|
|
475
|
-
description: string;
|
|
476
|
-
};
|
|
477
|
-
resource: {
|
|
478
608
|
type: string;
|
|
479
609
|
description: string;
|
|
480
610
|
};
|
|
@@ -580,10 +710,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
580
710
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
581
711
|
client_assertion_type: z.ZodOptional<z.ZodString>;
|
|
582
712
|
token: z.ZodString;
|
|
583
|
-
token_type_hint: z.ZodOptional<z.
|
|
584
|
-
refresh_token: "refresh_token";
|
|
585
|
-
access_token: "access_token";
|
|
586
|
-
}>>;
|
|
713
|
+
token_type_hint: z.ZodOptional<z.ZodString>;
|
|
587
714
|
}, z.core.$strip>;
|
|
588
715
|
metadata: {
|
|
589
716
|
allowedMediaTypes: string[];
|
|
@@ -610,7 +737,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
610
737
|
};
|
|
611
738
|
token_type_hint: {
|
|
612
739
|
type: string;
|
|
613
|
-
enum: string[];
|
|
614
740
|
description: string;
|
|
615
741
|
};
|
|
616
742
|
};
|
|
@@ -658,8 +784,13 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
658
784
|
};
|
|
659
785
|
}, null | undefined>;
|
|
660
786
|
oauth2UserInfo: better_call0.StrictEndpoint<"/oauth2/userinfo", {
|
|
661
|
-
method: "GET";
|
|
787
|
+
method: ("GET" | "POST")[];
|
|
788
|
+
body: z.ZodOptional<z.ZodObject<{
|
|
789
|
+
access_token: z.ZodOptional<z.ZodString>;
|
|
790
|
+
}, z.core.$loose>>;
|
|
662
791
|
metadata: {
|
|
792
|
+
noStore: boolean;
|
|
793
|
+
allowedMediaTypes: string[];
|
|
663
794
|
openapi: {
|
|
664
795
|
description: string;
|
|
665
796
|
security: ({
|
|
@@ -770,13 +901,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
770
901
|
};
|
|
771
902
|
};
|
|
772
903
|
}, {
|
|
773
|
-
|
|
774
|
-
email_verified?: boolean | undefined;
|
|
775
|
-
name?: string | undefined;
|
|
776
|
-
picture?: string | undefined;
|
|
777
|
-
given_name?: string | undefined;
|
|
778
|
-
family_name?: string | undefined;
|
|
779
|
-
sub: string;
|
|
904
|
+
sub: unknown;
|
|
780
905
|
}>;
|
|
781
906
|
oauth2EndSession: better_call0.StrictEndpoint<"/oauth2/end-session", {
|
|
782
907
|
method: "GET";
|
|
@@ -814,14 +939,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
814
939
|
};
|
|
815
940
|
};
|
|
816
941
|
};
|
|
817
|
-
},
|
|
818
|
-
redirect: boolean;
|
|
819
|
-
url: string;
|
|
820
|
-
} | undefined>;
|
|
942
|
+
}, OAuthRedirectResult | undefined>;
|
|
821
943
|
registerOAuthClient: better_call0.StrictEndpoint<"/oauth2/register", {
|
|
822
944
|
method: "POST";
|
|
823
945
|
body: z.ZodObject<{
|
|
824
|
-
redirect_uris: z.ZodArray<z.ZodURL
|
|
946
|
+
redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
825
947
|
scope: z.ZodOptional<z.ZodString>;
|
|
826
948
|
client_name: z.ZodOptional<z.ZodString>;
|
|
827
949
|
client_uri: z.ZodOptional<z.ZodString>;
|
|
@@ -833,24 +955,17 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
833
955
|
software_version: z.ZodOptional<z.ZodString>;
|
|
834
956
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
835
957
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
836
|
-
|
|
837
|
-
|
|
838
|
-
|
|
839
|
-
client_secret_post: "client_secret_post";
|
|
840
|
-
private_key_jwt: "private_key_jwt";
|
|
841
|
-
}>>>;
|
|
958
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
959
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
960
|
+
token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
|
|
842
961
|
jwks: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodObject<{
|
|
843
962
|
keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
844
963
|
}, z.core.$strip>]>>;
|
|
845
964
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
846
|
-
grant_types: z.ZodOptional<z.
|
|
847
|
-
|
|
848
|
-
client_credentials: "client_credentials";
|
|
849
|
-
refresh_token: "refresh_token";
|
|
850
|
-
}>>>>;
|
|
851
|
-
response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
|
|
965
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
966
|
+
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
852
967
|
code: "code";
|
|
853
|
-
}
|
|
968
|
+
}>>>;
|
|
854
969
|
type: z.ZodOptional<z.ZodEnum<{
|
|
855
970
|
web: "web";
|
|
856
971
|
native: "native";
|
|
@@ -860,13 +975,23 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
860
975
|
public: "public";
|
|
861
976
|
pairwise: "pairwise";
|
|
862
977
|
}>>;
|
|
978
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
979
|
+
resources: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
863
980
|
skip_consent: z.ZodOptional<z.ZodNever>;
|
|
864
981
|
}, z.core.$strip>;
|
|
982
|
+
errorCodesByField: {
|
|
983
|
+
redirect_uris: "invalid_redirect_uri";
|
|
984
|
+
post_logout_redirect_uris: "invalid_redirect_uri";
|
|
985
|
+
software_statement: "invalid_software_statement";
|
|
986
|
+
resources: "invalid_target";
|
|
987
|
+
};
|
|
988
|
+
defaultError: "invalid_client_metadata";
|
|
865
989
|
metadata: {
|
|
990
|
+
noStore: boolean;
|
|
866
991
|
openapi: {
|
|
867
992
|
description: string;
|
|
868
993
|
responses: {
|
|
869
|
-
"
|
|
994
|
+
"201": {
|
|
870
995
|
description: string;
|
|
871
996
|
content: {
|
|
872
997
|
"application/json": {
|
|
@@ -952,16 +1077,23 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
952
1077
|
};
|
|
953
1078
|
description: string;
|
|
954
1079
|
};
|
|
1080
|
+
backchannel_logout_uri: {
|
|
1081
|
+
type: string;
|
|
1082
|
+
format: string;
|
|
1083
|
+
description: string;
|
|
1084
|
+
};
|
|
1085
|
+
backchannel_logout_session_required: {
|
|
1086
|
+
type: string;
|
|
1087
|
+
description: string;
|
|
1088
|
+
};
|
|
955
1089
|
token_endpoint_auth_method: {
|
|
956
1090
|
type: string;
|
|
957
1091
|
description: string;
|
|
958
|
-
enum: string[];
|
|
959
1092
|
};
|
|
960
1093
|
grant_types: {
|
|
961
1094
|
type: string;
|
|
962
1095
|
items: {
|
|
963
1096
|
type: string;
|
|
964
|
-
enum: string[];
|
|
965
1097
|
};
|
|
966
1098
|
description: string;
|
|
967
1099
|
};
|
|
@@ -999,7 +1131,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
999
1131
|
adminCreateOAuthClient: better_call0.StrictEndpoint<"/admin/oauth2/create-client", {
|
|
1000
1132
|
method: "POST";
|
|
1001
1133
|
body: z.ZodObject<{
|
|
1002
|
-
redirect_uris: z.ZodArray<z.ZodURL
|
|
1134
|
+
redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1003
1135
|
scope: z.ZodOptional<z.ZodString>;
|
|
1004
1136
|
client_name: z.ZodOptional<z.ZodString>;
|
|
1005
1137
|
client_uri: z.ZodOptional<z.ZodString>;
|
|
@@ -1011,24 +1143,17 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1011
1143
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1012
1144
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1013
1145
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1014
|
-
|
|
1015
|
-
|
|
1016
|
-
|
|
1017
|
-
client_secret_post: "client_secret_post";
|
|
1018
|
-
private_key_jwt: "private_key_jwt";
|
|
1019
|
-
}>>>;
|
|
1146
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1147
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1148
|
+
token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
|
|
1020
1149
|
jwks: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodObject<{
|
|
1021
1150
|
keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1022
1151
|
}, z.core.$strip>]>>;
|
|
1023
1152
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
1024
|
-
grant_types: z.ZodOptional<z.
|
|
1025
|
-
|
|
1026
|
-
client_credentials: "client_credentials";
|
|
1027
|
-
refresh_token: "refresh_token";
|
|
1028
|
-
}>>>>;
|
|
1029
|
-
response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
|
|
1153
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1154
|
+
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1030
1155
|
code: "code";
|
|
1031
|
-
}
|
|
1156
|
+
}>>>;
|
|
1032
1157
|
type: z.ZodOptional<z.ZodEnum<{
|
|
1033
1158
|
web: "web";
|
|
1034
1159
|
native: "native";
|
|
@@ -1038,6 +1163,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1038
1163
|
skip_consent: z.ZodOptional<z.ZodBoolean>;
|
|
1039
1164
|
enable_end_session: z.ZodOptional<z.ZodBoolean>;
|
|
1040
1165
|
require_pkce: z.ZodOptional<z.ZodBoolean>;
|
|
1166
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
1041
1167
|
subject_type: z.ZodOptional<z.ZodEnum<{
|
|
1042
1168
|
public: "public";
|
|
1043
1169
|
pairwise: "pairwise";
|
|
@@ -1045,11 +1171,12 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1045
1171
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1046
1172
|
}, z.core.$strip>;
|
|
1047
1173
|
metadata: {
|
|
1174
|
+
noStore: boolean;
|
|
1048
1175
|
SERVER_ONLY: true;
|
|
1049
1176
|
openapi: {
|
|
1050
1177
|
description: string;
|
|
1051
1178
|
responses: {
|
|
1052
|
-
"
|
|
1179
|
+
"201": {
|
|
1053
1180
|
description: string;
|
|
1054
1181
|
content: {
|
|
1055
1182
|
"application/json": {
|
|
@@ -1130,13 +1257,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1130
1257
|
token_endpoint_auth_method: {
|
|
1131
1258
|
type: string;
|
|
1132
1259
|
description: string;
|
|
1133
|
-
enum: string[];
|
|
1134
1260
|
};
|
|
1135
1261
|
grant_types: {
|
|
1136
1262
|
type: string;
|
|
1137
1263
|
items: {
|
|
1138
1264
|
type: string;
|
|
1139
|
-
enum: string[];
|
|
1140
1265
|
};
|
|
1141
1266
|
description: string;
|
|
1142
1267
|
};
|
|
@@ -1208,7 +1333,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1208
1333
|
};
|
|
1209
1334
|
}>)[];
|
|
1210
1335
|
body: z.ZodObject<{
|
|
1211
|
-
redirect_uris: z.ZodArray<z.ZodURL
|
|
1336
|
+
redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1212
1337
|
scope: z.ZodOptional<z.ZodString>;
|
|
1213
1338
|
client_name: z.ZodOptional<z.ZodString>;
|
|
1214
1339
|
client_uri: z.ZodOptional<z.ZodString>;
|
|
@@ -1220,35 +1345,30 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1220
1345
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1221
1346
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1222
1347
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1223
|
-
|
|
1224
|
-
|
|
1225
|
-
|
|
1226
|
-
client_secret_post: "client_secret_post";
|
|
1227
|
-
private_key_jwt: "private_key_jwt";
|
|
1228
|
-
}>>>;
|
|
1348
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1349
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1350
|
+
token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
|
|
1229
1351
|
jwks: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodObject<{
|
|
1230
1352
|
keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1231
1353
|
}, z.core.$strip>]>>;
|
|
1232
1354
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
1233
|
-
grant_types: z.ZodOptional<z.
|
|
1234
|
-
|
|
1235
|
-
client_credentials: "client_credentials";
|
|
1236
|
-
refresh_token: "refresh_token";
|
|
1237
|
-
}>>>>;
|
|
1238
|
-
response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
|
|
1355
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1356
|
+
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1239
1357
|
code: "code";
|
|
1240
|
-
}
|
|
1358
|
+
}>>>;
|
|
1241
1359
|
type: z.ZodOptional<z.ZodEnum<{
|
|
1242
1360
|
web: "web";
|
|
1243
1361
|
native: "native";
|
|
1244
1362
|
"user-agent-based": "user-agent-based";
|
|
1245
1363
|
}>>;
|
|
1364
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
1246
1365
|
}, z.core.$strip>;
|
|
1247
1366
|
metadata: {
|
|
1367
|
+
noStore: boolean;
|
|
1248
1368
|
openapi: {
|
|
1249
1369
|
description: string;
|
|
1250
1370
|
responses: {
|
|
1251
|
-
"
|
|
1371
|
+
"201": {
|
|
1252
1372
|
description: string;
|
|
1253
1373
|
content: {
|
|
1254
1374
|
"application/json": {
|
|
@@ -1329,13 +1449,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1329
1449
|
token_endpoint_auth_method: {
|
|
1330
1450
|
type: string;
|
|
1331
1451
|
description: string;
|
|
1332
|
-
enum: string[];
|
|
1333
1452
|
};
|
|
1334
1453
|
grant_types: {
|
|
1335
1454
|
type: string;
|
|
1336
1455
|
items: {
|
|
1337
1456
|
type: string;
|
|
1338
|
-
enum: string[];
|
|
1339
1457
|
};
|
|
1340
1458
|
description: string;
|
|
1341
1459
|
};
|
|
@@ -1505,11 +1623,9 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1505
1623
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1506
1624
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1507
1625
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1508
|
-
|
|
1509
|
-
|
|
1510
|
-
|
|
1511
|
-
refresh_token: "refresh_token";
|
|
1512
|
-
}>>>;
|
|
1626
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1627
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1628
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1513
1629
|
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1514
1630
|
code: "code";
|
|
1515
1631
|
}>>>;
|
|
@@ -1521,6 +1637,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1521
1637
|
client_secret_expires_at: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
|
|
1522
1638
|
skip_consent: z.ZodOptional<z.ZodBoolean>;
|
|
1523
1639
|
enable_end_session: z.ZodOptional<z.ZodBoolean>;
|
|
1640
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
1524
1641
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1525
1642
|
}, z.core.$strip>;
|
|
1526
1643
|
}, z.core.$strip>;
|
|
@@ -1571,11 +1688,9 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1571
1688
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1572
1689
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1573
1690
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1574
|
-
|
|
1575
|
-
|
|
1576
|
-
|
|
1577
|
-
refresh_token: "refresh_token";
|
|
1578
|
-
}>>>;
|
|
1691
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1692
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1693
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1579
1694
|
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1580
1695
|
code: "code";
|
|
1581
1696
|
}>>>;
|
|
@@ -1621,6 +1736,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1621
1736
|
client_id: z.ZodString;
|
|
1622
1737
|
}, z.core.$strip>;
|
|
1623
1738
|
metadata: {
|
|
1739
|
+
noStore: boolean;
|
|
1624
1740
|
openapi: {
|
|
1625
1741
|
description: string;
|
|
1626
1742
|
};
|
|
@@ -1796,6 +1912,92 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1796
1912
|
};
|
|
1797
1913
|
};
|
|
1798
1914
|
}, void>;
|
|
1915
|
+
adminCreateOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources", {
|
|
1916
|
+
method: "POST";
|
|
1917
|
+
body: z.ZodObject<{
|
|
1918
|
+
identifier: z.ZodNonOptional<z.ZodOptional<z.ZodString>>;
|
|
1919
|
+
name: z.ZodOptional<z.ZodString>;
|
|
1920
|
+
accessTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1921
|
+
refreshTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1922
|
+
signingAlgorithm: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
1923
|
+
RS256: "RS256";
|
|
1924
|
+
PS256: "PS256";
|
|
1925
|
+
ES256: "ES256";
|
|
1926
|
+
ES512: "ES512";
|
|
1927
|
+
EdDSA: "EdDSA";
|
|
1928
|
+
}>>>;
|
|
1929
|
+
signingKeyId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
1930
|
+
allowedScopes: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
1931
|
+
customClaims: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1932
|
+
dpopBoundAccessTokensRequired: z.ZodOptional<z.ZodBoolean>;
|
|
1933
|
+
disabled: z.ZodOptional<z.ZodBoolean>;
|
|
1934
|
+
metadata: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1935
|
+
}, z.core.$strip>;
|
|
1936
|
+
metadata: {
|
|
1937
|
+
SERVER_ONLY: true;
|
|
1938
|
+
};
|
|
1939
|
+
}, OAuthResource>;
|
|
1940
|
+
adminListOAuthResources: better_call0.StrictEndpoint<"/admin/oauth2/resources", {
|
|
1941
|
+
method: "GET";
|
|
1942
|
+
metadata: {
|
|
1943
|
+
SERVER_ONLY: true;
|
|
1944
|
+
};
|
|
1945
|
+
}, OAuthResource[]>;
|
|
1946
|
+
adminGetOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier", {
|
|
1947
|
+
method: "GET";
|
|
1948
|
+
metadata: {
|
|
1949
|
+
SERVER_ONLY: true;
|
|
1950
|
+
};
|
|
1951
|
+
}, OAuthResource>;
|
|
1952
|
+
adminUpdateOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier", {
|
|
1953
|
+
method: "PATCH";
|
|
1954
|
+
body: z.ZodObject<{
|
|
1955
|
+
identifier: z.ZodOptional<z.ZodString>;
|
|
1956
|
+
name: z.ZodOptional<z.ZodString>;
|
|
1957
|
+
accessTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1958
|
+
refreshTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1959
|
+
signingAlgorithm: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
1960
|
+
RS256: "RS256";
|
|
1961
|
+
PS256: "PS256";
|
|
1962
|
+
ES256: "ES256";
|
|
1963
|
+
ES512: "ES512";
|
|
1964
|
+
EdDSA: "EdDSA";
|
|
1965
|
+
}>>>;
|
|
1966
|
+
signingKeyId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
1967
|
+
allowedScopes: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
1968
|
+
customClaims: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1969
|
+
dpopBoundAccessTokensRequired: z.ZodOptional<z.ZodBoolean>;
|
|
1970
|
+
disabled: z.ZodOptional<z.ZodBoolean>;
|
|
1971
|
+
metadata: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1972
|
+
}, z.core.$strip>;
|
|
1973
|
+
metadata: {
|
|
1974
|
+
SERVER_ONLY: true;
|
|
1975
|
+
};
|
|
1976
|
+
}, OAuthResource>;
|
|
1977
|
+
adminDeleteOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier", {
|
|
1978
|
+
method: "DELETE";
|
|
1979
|
+
metadata: {
|
|
1980
|
+
SERVER_ONLY: true;
|
|
1981
|
+
};
|
|
1982
|
+
}, {
|
|
1983
|
+
deleted: boolean;
|
|
1984
|
+
}>;
|
|
1985
|
+
adminLinkClientResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier/clients/:client_id", {
|
|
1986
|
+
method: "POST";
|
|
1987
|
+
metadata: {
|
|
1988
|
+
SERVER_ONLY: true;
|
|
1989
|
+
};
|
|
1990
|
+
}, {
|
|
1991
|
+
linked: boolean;
|
|
1992
|
+
}>;
|
|
1993
|
+
adminUnlinkClientResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier/clients/:client_id", {
|
|
1994
|
+
method: "DELETE";
|
|
1995
|
+
metadata: {
|
|
1996
|
+
SERVER_ONLY: true;
|
|
1997
|
+
};
|
|
1998
|
+
}, {
|
|
1999
|
+
unlinked: boolean;
|
|
2000
|
+
}>;
|
|
1799
2001
|
};
|
|
1800
2002
|
schema: {
|
|
1801
2003
|
oauthClient: {
|
|
@@ -1838,6 +2040,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1838
2040
|
model: string;
|
|
1839
2041
|
field: string;
|
|
1840
2042
|
};
|
|
2043
|
+
index: true;
|
|
1841
2044
|
};
|
|
1842
2045
|
createdAt: {
|
|
1843
2046
|
type: "date";
|
|
@@ -1891,6 +2094,14 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1891
2094
|
type: "string[]";
|
|
1892
2095
|
required: false;
|
|
1893
2096
|
};
|
|
2097
|
+
backchannelLogoutUri: {
|
|
2098
|
+
type: "string";
|
|
2099
|
+
required: false;
|
|
2100
|
+
};
|
|
2101
|
+
backchannelLogoutSessionRequired: {
|
|
2102
|
+
type: "boolean";
|
|
2103
|
+
required: false;
|
|
2104
|
+
};
|
|
1894
2105
|
tokenEndpointAuthMethod: {
|
|
1895
2106
|
type: "string";
|
|
1896
2107
|
required: false;
|
|
@@ -1923,6 +2134,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1923
2134
|
type: "boolean";
|
|
1924
2135
|
required: false;
|
|
1925
2136
|
};
|
|
2137
|
+
dpopBoundAccessTokens: {
|
|
2138
|
+
type: "boolean";
|
|
2139
|
+
required: false;
|
|
2140
|
+
defaultValue: false;
|
|
2141
|
+
};
|
|
1926
2142
|
referenceId: {
|
|
1927
2143
|
type: "string";
|
|
1928
2144
|
required: false;
|
|
@@ -1933,11 +2149,110 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1933
2149
|
};
|
|
1934
2150
|
};
|
|
1935
2151
|
};
|
|
2152
|
+
oauthResource: {
|
|
2153
|
+
modelName: string;
|
|
2154
|
+
fields: {
|
|
2155
|
+
identifier: {
|
|
2156
|
+
type: "string";
|
|
2157
|
+
required: true;
|
|
2158
|
+
unique: true;
|
|
2159
|
+
};
|
|
2160
|
+
name: {
|
|
2161
|
+
type: "string";
|
|
2162
|
+
required: true;
|
|
2163
|
+
};
|
|
2164
|
+
accessTokenTtl: {
|
|
2165
|
+
type: "number";
|
|
2166
|
+
required: false;
|
|
2167
|
+
};
|
|
2168
|
+
refreshTokenTtl: {
|
|
2169
|
+
type: "number";
|
|
2170
|
+
required: false;
|
|
2171
|
+
};
|
|
2172
|
+
signingAlgorithm: {
|
|
2173
|
+
type: "string";
|
|
2174
|
+
required: false;
|
|
2175
|
+
};
|
|
2176
|
+
signingKeyId: {
|
|
2177
|
+
type: "string";
|
|
2178
|
+
required: false;
|
|
2179
|
+
};
|
|
2180
|
+
allowedScopes: {
|
|
2181
|
+
type: "string[]";
|
|
2182
|
+
required: false;
|
|
2183
|
+
};
|
|
2184
|
+
customClaims: {
|
|
2185
|
+
type: "json";
|
|
2186
|
+
required: false;
|
|
2187
|
+
};
|
|
2188
|
+
dpopBoundAccessTokensRequired: {
|
|
2189
|
+
type: "boolean";
|
|
2190
|
+
required: false;
|
|
2191
|
+
defaultValue: false;
|
|
2192
|
+
};
|
|
2193
|
+
disabled: {
|
|
2194
|
+
type: "boolean";
|
|
2195
|
+
required: false;
|
|
2196
|
+
defaultValue: false;
|
|
2197
|
+
};
|
|
2198
|
+
createdAt: {
|
|
2199
|
+
type: "date";
|
|
2200
|
+
required: false;
|
|
2201
|
+
};
|
|
2202
|
+
updatedAt: {
|
|
2203
|
+
type: "date";
|
|
2204
|
+
required: false;
|
|
2205
|
+
};
|
|
2206
|
+
policyVersion: {
|
|
2207
|
+
type: "number";
|
|
2208
|
+
required: false;
|
|
2209
|
+
defaultValue: number;
|
|
2210
|
+
};
|
|
2211
|
+
metadata: {
|
|
2212
|
+
type: "json";
|
|
2213
|
+
required: false;
|
|
2214
|
+
};
|
|
2215
|
+
};
|
|
2216
|
+
};
|
|
2217
|
+
oauthClientResource: {
|
|
2218
|
+
modelName: string;
|
|
2219
|
+
fields: {
|
|
2220
|
+
clientId: {
|
|
2221
|
+
type: "string";
|
|
2222
|
+
required: true;
|
|
2223
|
+
references: {
|
|
2224
|
+
model: string;
|
|
2225
|
+
field: string;
|
|
2226
|
+
onDelete: "cascade";
|
|
2227
|
+
};
|
|
2228
|
+
index: true;
|
|
2229
|
+
};
|
|
2230
|
+
resourceId: {
|
|
2231
|
+
type: "string";
|
|
2232
|
+
required: true;
|
|
2233
|
+
references: {
|
|
2234
|
+
model: string;
|
|
2235
|
+
field: string;
|
|
2236
|
+
onDelete: "cascade";
|
|
2237
|
+
};
|
|
2238
|
+
index: true;
|
|
2239
|
+
};
|
|
2240
|
+
metadata: {
|
|
2241
|
+
type: "json";
|
|
2242
|
+
required: false;
|
|
2243
|
+
};
|
|
2244
|
+
createdAt: {
|
|
2245
|
+
type: "date";
|
|
2246
|
+
required: false;
|
|
2247
|
+
};
|
|
2248
|
+
};
|
|
2249
|
+
};
|
|
1936
2250
|
oauthRefreshToken: {
|
|
1937
2251
|
fields: {
|
|
1938
2252
|
token: {
|
|
1939
2253
|
type: "string";
|
|
1940
2254
|
required: true;
|
|
2255
|
+
unique: true;
|
|
1941
2256
|
};
|
|
1942
2257
|
clientId: {
|
|
1943
2258
|
type: "string";
|
|
@@ -1946,6 +2261,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1946
2261
|
model: string;
|
|
1947
2262
|
field: string;
|
|
1948
2263
|
};
|
|
2264
|
+
index: true;
|
|
1949
2265
|
};
|
|
1950
2266
|
sessionId: {
|
|
1951
2267
|
type: "string";
|
|
@@ -1955,6 +2271,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1955
2271
|
field: string;
|
|
1956
2272
|
onDelete: "set null";
|
|
1957
2273
|
};
|
|
2274
|
+
index: true;
|
|
1958
2275
|
};
|
|
1959
2276
|
userId: {
|
|
1960
2277
|
type: "string";
|
|
@@ -1963,11 +2280,25 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1963
2280
|
model: string;
|
|
1964
2281
|
field: string;
|
|
1965
2282
|
};
|
|
2283
|
+
index: true;
|
|
1966
2284
|
};
|
|
1967
2285
|
referenceId: {
|
|
1968
2286
|
type: "string";
|
|
1969
2287
|
required: false;
|
|
1970
2288
|
};
|
|
2289
|
+
authorizationCodeId: {
|
|
2290
|
+
type: "string";
|
|
2291
|
+
required: false;
|
|
2292
|
+
index: true;
|
|
2293
|
+
};
|
|
2294
|
+
resources: {
|
|
2295
|
+
type: "string[]";
|
|
2296
|
+
required: false;
|
|
2297
|
+
};
|
|
2298
|
+
requestedUserInfoClaims: {
|
|
2299
|
+
type: "string[]";
|
|
2300
|
+
required: false;
|
|
2301
|
+
};
|
|
1971
2302
|
expiresAt: {
|
|
1972
2303
|
type: "date";
|
|
1973
2304
|
};
|
|
@@ -1978,10 +2309,26 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1978
2309
|
type: "date";
|
|
1979
2310
|
required: false;
|
|
1980
2311
|
};
|
|
2312
|
+
rotatedAt: {
|
|
2313
|
+
type: "date";
|
|
2314
|
+
required: false;
|
|
2315
|
+
};
|
|
2316
|
+
rotationReplayResponse: {
|
|
2317
|
+
type: "string";
|
|
2318
|
+
required: false;
|
|
2319
|
+
};
|
|
2320
|
+
rotationReplayExpiresAt: {
|
|
2321
|
+
type: "date";
|
|
2322
|
+
required: false;
|
|
2323
|
+
};
|
|
1981
2324
|
authTime: {
|
|
1982
2325
|
type: "date";
|
|
1983
2326
|
required: false;
|
|
1984
2327
|
};
|
|
2328
|
+
confirmation: {
|
|
2329
|
+
type: "json";
|
|
2330
|
+
required: false;
|
|
2331
|
+
};
|
|
1985
2332
|
scopes: {
|
|
1986
2333
|
type: "string[]";
|
|
1987
2334
|
required: true;
|
|
@@ -2002,6 +2349,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2002
2349
|
model: string;
|
|
2003
2350
|
field: string;
|
|
2004
2351
|
};
|
|
2352
|
+
index: true;
|
|
2005
2353
|
};
|
|
2006
2354
|
sessionId: {
|
|
2007
2355
|
type: "string";
|
|
@@ -2011,6 +2359,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2011
2359
|
field: string;
|
|
2012
2360
|
onDelete: "set null";
|
|
2013
2361
|
};
|
|
2362
|
+
index: true;
|
|
2014
2363
|
};
|
|
2015
2364
|
userId: {
|
|
2016
2365
|
type: "string";
|
|
@@ -2019,11 +2368,25 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2019
2368
|
model: string;
|
|
2020
2369
|
field: string;
|
|
2021
2370
|
};
|
|
2371
|
+
index: true;
|
|
2022
2372
|
};
|
|
2023
2373
|
referenceId: {
|
|
2024
2374
|
type: "string";
|
|
2025
2375
|
required: false;
|
|
2026
2376
|
};
|
|
2377
|
+
authorizationCodeId: {
|
|
2378
|
+
type: "string";
|
|
2379
|
+
required: false;
|
|
2380
|
+
index: true;
|
|
2381
|
+
};
|
|
2382
|
+
resources: {
|
|
2383
|
+
type: "string[]";
|
|
2384
|
+
required: false;
|
|
2385
|
+
};
|
|
2386
|
+
requestedUserInfoClaims: {
|
|
2387
|
+
type: "string[]";
|
|
2388
|
+
required: false;
|
|
2389
|
+
};
|
|
2027
2390
|
refreshId: {
|
|
2028
2391
|
type: "string";
|
|
2029
2392
|
required: false;
|
|
@@ -2031,6 +2394,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2031
2394
|
model: string;
|
|
2032
2395
|
field: string;
|
|
2033
2396
|
};
|
|
2397
|
+
index: true;
|
|
2034
2398
|
};
|
|
2035
2399
|
expiresAt: {
|
|
2036
2400
|
type: "date";
|
|
@@ -2038,6 +2402,14 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2038
2402
|
createdAt: {
|
|
2039
2403
|
type: "date";
|
|
2040
2404
|
};
|
|
2405
|
+
revoked: {
|
|
2406
|
+
type: "date";
|
|
2407
|
+
required: false;
|
|
2408
|
+
};
|
|
2409
|
+
confirmation: {
|
|
2410
|
+
type: "json";
|
|
2411
|
+
required: false;
|
|
2412
|
+
};
|
|
2041
2413
|
scopes: {
|
|
2042
2414
|
type: "string[]";
|
|
2043
2415
|
required: true;
|
|
@@ -2054,6 +2426,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2054
2426
|
model: string;
|
|
2055
2427
|
field: string;
|
|
2056
2428
|
};
|
|
2429
|
+
index: true;
|
|
2057
2430
|
};
|
|
2058
2431
|
userId: {
|
|
2059
2432
|
type: "string";
|
|
@@ -2062,11 +2435,20 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2062
2435
|
model: string;
|
|
2063
2436
|
field: string;
|
|
2064
2437
|
};
|
|
2438
|
+
index: true;
|
|
2065
2439
|
};
|
|
2066
2440
|
referenceId: {
|
|
2067
2441
|
type: "string";
|
|
2068
2442
|
required: false;
|
|
2069
2443
|
};
|
|
2444
|
+
resources: {
|
|
2445
|
+
type: "string[]";
|
|
2446
|
+
required: false;
|
|
2447
|
+
};
|
|
2448
|
+
requestedUserInfoClaims: {
|
|
2449
|
+
type: "string[]";
|
|
2450
|
+
required: false;
|
|
2451
|
+
};
|
|
2070
2452
|
scopes: {
|
|
2071
2453
|
type: "string[]";
|
|
2072
2454
|
required: true;
|
|
@@ -2079,6 +2461,15 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2079
2461
|
};
|
|
2080
2462
|
};
|
|
2081
2463
|
};
|
|
2464
|
+
oauthClientAssertion: {
|
|
2465
|
+
modelName: string;
|
|
2466
|
+
fields: {
|
|
2467
|
+
expiresAt: {
|
|
2468
|
+
type: "date";
|
|
2469
|
+
required: true;
|
|
2470
|
+
};
|
|
2471
|
+
};
|
|
2472
|
+
};
|
|
2082
2473
|
};
|
|
2083
2474
|
rateLimit: ({
|
|
2084
2475
|
pathMatcher: (path: string) => path is "/oauth2/token";
|
|
@@ -2107,4 +2498,4 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2107
2498
|
})[];
|
|
2108
2499
|
};
|
|
2109
2500
|
//#endregion
|
|
2110
|
-
export {
|
|
2501
|
+
export { OAuthEndpointErrorResult as a, OAuthFieldErrorCode as c, getIssuer as i, OAuthFieldErrorCodeMap as l, getOAuthProviderState as n, OAuthEndpointRedirectContext as o, oauthProvider as r, OAuthErrorCode as s, DEFAULT_OAUTH_SCOPES as t, OAuthRedirectOnError as u };
|