@better-auth/oauth-provider 1.7.0-beta.1 → 1.7.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{client-assertion-CderPEmR.mjs → client-assertion-D-tAYsKC.mjs} +105 -90
- package/dist/client-resource.d.mts +43 -7
- package/dist/client-resource.mjs +45 -25
- package/dist/client.d.mts +1 -1
- package/dist/client.mjs +3 -13
- package/dist/index.d.mts +111 -22
- package/dist/index.mjs +2401 -2045
- package/dist/introspect-DvHp2a64.mjs +2507 -0
- package/dist/{oauth-B_qonG53.d.mts → oauth-BrNRbP2A.d.mts} +507 -205
- package/dist/{oauth-CU79t-eG.d.mts → oauth-ScTJEcFV.d.mts} +1167 -60
- package/dist/resource-challenge-B-cqv4ur.mjs +63 -0
- package/dist/rolldown-runtime-wcPFST8Q.mjs +13 -0
- package/dist/signed-query-Df1MNiSH.mjs +44 -0
- package/dist/utils-DO8lmoDw.mjs +769 -0
- package/dist/{version-DIwdpXrQ.mjs → version-a5HhJg8A.mjs} +1 -1
- package/package.json +9 -10
- package/dist/mcp-CYnz-MXn.mjs +0 -56
- package/dist/utils-Cx_XnD9i.mjs +0 -449
|
@@ -1,11 +1,58 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { C as OAuthConsent, L as Prompt, M as OAuthResource, O as OAuthOptions, a as GrantType, l as TokenEndpointAuthMethod, n as AuthServerMetadata, o as OAuthClient, u as TokenType, z as Scope } from "./oauth-ScTJEcFV.mjs";
|
|
2
2
|
import * as better_call0 from "better-call";
|
|
3
3
|
import * as z from "zod";
|
|
4
|
-
import * as better_auth_plugins0 from "better-auth/plugins";
|
|
5
4
|
import * as jose from "jose";
|
|
5
|
+
import * as better_auth_plugins0 from "better-auth/plugins";
|
|
6
|
+
import { AuthContext, GenericEndpointContext } from "@better-auth/core";
|
|
6
7
|
import * as better_auth0 from "better-auth";
|
|
7
8
|
|
|
9
|
+
//#region src/oauth-endpoint.d.ts
|
|
10
|
+
/**
|
|
11
|
+
* Canonical OAuth 2.0 / OpenID Connect error codes. The union is the single
|
|
12
|
+
* vocabulary for every error-emitting surface in this plugin: token, authorize,
|
|
13
|
+
* revoke, introspect, register, userinfo, logout, consent, and the redirect
|
|
14
|
+
* error channel. Entries are grouped by source RFC so the declaration doubles
|
|
15
|
+
* as a specification map.
|
|
16
|
+
*
|
|
17
|
+
* The trailing `(string & {})` keeps the type open for product-specific codes
|
|
18
|
+
* (e.g. `"invalid_verification"`, `"invalid_user"`) while preserving editor
|
|
19
|
+
* autocomplete for the listed standard codes. Prefer a standard code whenever
|
|
20
|
+
* one applies; fall back to a custom string only for states no RFC covers.
|
|
21
|
+
*/
|
|
22
|
+
type OAuthErrorCode = "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "unsupported_response_type" | "invalid_scope" | "access_denied" | "server_error" | "temporarily_unavailable" | "invalid_token" | "unsupported_token_type" | "invalid_redirect_uri" | "invalid_client_metadata" | "invalid_software_statement" | "unapproved_software_statement" | "invalid_target" | "invalid_request_object" | "login_required" | "consent_required" | "interaction_required" | "account_selection_required" | "invalid_request_uri" | "request_not_supported" | "request_uri_not_supported" | "registration_not_supported" | (string & {});
|
|
23
|
+
type OAuthFieldErrorCodeMap = {
|
|
24
|
+
missing?: OAuthErrorCode;
|
|
25
|
+
invalid?: OAuthErrorCode;
|
|
26
|
+
};
|
|
27
|
+
type OAuthFieldErrorCode = OAuthErrorCode | OAuthFieldErrorCodeMap;
|
|
28
|
+
interface OAuthEndpointErrorResult {
|
|
29
|
+
error: OAuthErrorCode;
|
|
30
|
+
error_description: string;
|
|
31
|
+
}
|
|
32
|
+
interface OAuthEndpointRedirectContext<Ctx = unknown> {
|
|
33
|
+
error: OAuthErrorCode;
|
|
34
|
+
error_description: string;
|
|
35
|
+
ctx: Ctx;
|
|
36
|
+
}
|
|
37
|
+
type OAuthRedirectOnError<Ctx = unknown, Result = unknown> = (result: OAuthEndpointRedirectContext<Ctx>) => Result | Promise<Result>;
|
|
38
|
+
//#endregion
|
|
39
|
+
//#region src/authorize.d.ts
|
|
40
|
+
type OAuthRedirectResult = {
|
|
41
|
+
redirect: true;
|
|
42
|
+
url: string;
|
|
43
|
+
};
|
|
44
|
+
/**
|
|
45
|
+
* Gets the issuer identifier
|
|
46
|
+
*/
|
|
47
|
+
declare function getIssuer(ctx: GenericEndpointContext, opts: OAuthOptions<Scope[]>): string;
|
|
48
|
+
//#endregion
|
|
8
49
|
//#region src/oauth.d.ts
|
|
50
|
+
/**
|
|
51
|
+
* Default scopes advertised and accepted when a configuration sets none. Shared
|
|
52
|
+
* with the MCP preset so the resource metadata it serves matches what the
|
|
53
|
+
* authorization-server metadata advertises.
|
|
54
|
+
*/
|
|
55
|
+
declare const DEFAULT_OAUTH_SCOPES: readonly ["openid", "profile", "email", "offline_access"];
|
|
9
56
|
declare module "@better-auth/core" {
|
|
10
57
|
interface BetterAuthPluginRegistry<AuthOptions, Options> {
|
|
11
58
|
"oauth-provider": {
|
|
@@ -15,6 +62,8 @@ declare module "@better-auth/core" {
|
|
|
15
62
|
}
|
|
16
63
|
declare const getOAuthProviderState: () => Promise<{
|
|
17
64
|
query?: string;
|
|
65
|
+
signedQueryIssuedAt?: Date;
|
|
66
|
+
postLoginClearedForSession?: string;
|
|
18
67
|
} | null>;
|
|
19
68
|
/**
|
|
20
69
|
* oAuth 2.1 provider plugin for Better Auth.
|
|
@@ -27,7 +76,31 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
27
76
|
id: "oauth-provider";
|
|
28
77
|
version: string;
|
|
29
78
|
options: NoInfer<O>;
|
|
30
|
-
|
|
79
|
+
onRequest: (request: Request, ctx: better_auth0.AuthContext) => Promise<{
|
|
80
|
+
response: Response;
|
|
81
|
+
} | {
|
|
82
|
+
request: Request;
|
|
83
|
+
} | void>;
|
|
84
|
+
init: (ctx: better_auth0.AuthContext) => Promise<{
|
|
85
|
+
options: {
|
|
86
|
+
databaseHooks: {
|
|
87
|
+
session: {
|
|
88
|
+
delete: {
|
|
89
|
+
before(session: {
|
|
90
|
+
id: string;
|
|
91
|
+
createdAt: Date;
|
|
92
|
+
updatedAt: Date;
|
|
93
|
+
userId: string;
|
|
94
|
+
expiresAt: Date;
|
|
95
|
+
token: string;
|
|
96
|
+
ipAddress?: string | null | undefined;
|
|
97
|
+
userAgent?: string | null | undefined;
|
|
98
|
+
} & Record<string, unknown>, hookCtx: GenericEndpointContext | null): Promise<void>;
|
|
99
|
+
};
|
|
100
|
+
};
|
|
101
|
+
};
|
|
102
|
+
};
|
|
103
|
+
}>;
|
|
31
104
|
hooks: {
|
|
32
105
|
before: {
|
|
33
106
|
matcher(ctx: better_auth0.HookEndpointContext): any;
|
|
@@ -35,10 +108,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
35
108
|
}[];
|
|
36
109
|
after: {
|
|
37
110
|
matcher(ctx: better_auth0.HookEndpointContext): boolean;
|
|
38
|
-
handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<
|
|
39
|
-
redirect: boolean;
|
|
40
|
-
url: string;
|
|
41
|
-
} | undefined>;
|
|
111
|
+
handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<OAuthRedirectResult | undefined>;
|
|
42
112
|
}[];
|
|
43
113
|
};
|
|
44
114
|
endpoints: {
|
|
@@ -54,64 +124,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
54
124
|
metadata: {
|
|
55
125
|
SERVER_ONLY: true;
|
|
56
126
|
};
|
|
57
|
-
},
|
|
58
|
-
jwks_uri?: string | undefined;
|
|
59
|
-
userinfo_endpoint: string;
|
|
60
|
-
acr_values_supported: string[];
|
|
61
|
-
subject_types_supported: ("public" | "pairwise")[];
|
|
62
|
-
claims_supported: string[];
|
|
63
|
-
end_session_endpoint: string;
|
|
64
|
-
prompt_values_supported: Prompt[];
|
|
65
|
-
issuer: string;
|
|
66
|
-
authorization_endpoint: string;
|
|
67
|
-
token_endpoint: string;
|
|
68
|
-
registration_endpoint: string;
|
|
69
|
-
scopes_supported?: string[] | undefined;
|
|
70
|
-
response_types_supported: "code"[];
|
|
71
|
-
response_modes_supported: "query"[];
|
|
72
|
-
grant_types_supported: GrantType[];
|
|
73
|
-
token_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
74
|
-
token_endpoint_auth_signing_alg_values_supported?: better_auth0.AssertionSigningAlgorithm[] | undefined;
|
|
75
|
-
service_documentation?: string | undefined;
|
|
76
|
-
ui_locales_supported?: string[] | undefined;
|
|
77
|
-
op_policy_uri?: string | undefined;
|
|
78
|
-
op_tos_uri?: string | undefined;
|
|
79
|
-
revocation_endpoint?: string | undefined;
|
|
80
|
-
revocation_endpoint_auth_methods_supported?: AuthMethod[] | undefined;
|
|
81
|
-
revocation_endpoint_auth_signing_alg_values_supported?: better_auth0.AssertionSigningAlgorithm[] | undefined;
|
|
82
|
-
introspection_endpoint?: string | undefined;
|
|
83
|
-
introspection_endpoint_auth_methods_supported?: AuthMethod[] | undefined;
|
|
84
|
-
introspection_endpoint_auth_signing_alg_values_supported?: better_auth0.AssertionSigningAlgorithm[] | undefined;
|
|
85
|
-
code_challenge_methods_supported: "S256"[];
|
|
86
|
-
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
87
|
-
client_id_metadata_document_supported?: boolean | undefined;
|
|
88
|
-
id_token_signing_alg_values_supported: better_auth_plugins0.JWSAlgorithms[] | ["HS256"];
|
|
89
|
-
} | {
|
|
90
|
-
issuer: string;
|
|
91
|
-
authorization_endpoint: string;
|
|
92
|
-
token_endpoint: string;
|
|
93
|
-
jwks_uri?: string;
|
|
94
|
-
registration_endpoint: string;
|
|
95
|
-
scopes_supported?: string[];
|
|
96
|
-
response_types_supported: "code"[];
|
|
97
|
-
response_modes_supported: "query"[];
|
|
98
|
-
grant_types_supported: GrantType[];
|
|
99
|
-
token_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[];
|
|
100
|
-
token_endpoint_auth_signing_alg_values_supported?: better_auth0.AssertionSigningAlgorithm[];
|
|
101
|
-
service_documentation?: string;
|
|
102
|
-
ui_locales_supported?: string[];
|
|
103
|
-
op_policy_uri?: string;
|
|
104
|
-
op_tos_uri?: string;
|
|
105
|
-
revocation_endpoint?: string;
|
|
106
|
-
revocation_endpoint_auth_methods_supported?: AuthMethod[];
|
|
107
|
-
revocation_endpoint_auth_signing_alg_values_supported?: better_auth0.AssertionSigningAlgorithm[];
|
|
108
|
-
introspection_endpoint?: string;
|
|
109
|
-
introspection_endpoint_auth_methods_supported?: AuthMethod[];
|
|
110
|
-
introspection_endpoint_auth_signing_alg_values_supported?: better_auth0.AssertionSigningAlgorithm[];
|
|
111
|
-
code_challenge_methods_supported: "S256"[];
|
|
112
|
-
authorization_response_iss_parameter_supported?: boolean;
|
|
113
|
-
client_id_metadata_document_supported?: boolean;
|
|
114
|
-
}>;
|
|
127
|
+
}, AuthServerMetadata>;
|
|
115
128
|
/**
|
|
116
129
|
* A server-only endpoint that helps provide the
|
|
117
130
|
* OpenId configuration at the well-known endpoint.
|
|
@@ -127,63 +140,48 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
127
140
|
}, {
|
|
128
141
|
jwks_uri?: string | undefined;
|
|
129
142
|
userinfo_endpoint: string;
|
|
130
|
-
acr_values_supported
|
|
143
|
+
acr_values_supported?: string[] | undefined;
|
|
131
144
|
subject_types_supported: ("public" | "pairwise")[];
|
|
132
145
|
claims_supported: string[];
|
|
146
|
+
claims_parameter_supported?: boolean | undefined;
|
|
133
147
|
end_session_endpoint: string;
|
|
148
|
+
request_parameter_supported?: boolean | undefined;
|
|
149
|
+
request_uri_parameter_supported?: boolean | undefined;
|
|
134
150
|
prompt_values_supported: Prompt[];
|
|
135
151
|
issuer: string;
|
|
136
152
|
authorization_endpoint: string;
|
|
137
153
|
token_endpoint: string;
|
|
138
|
-
registration_endpoint
|
|
154
|
+
registration_endpoint?: string | undefined;
|
|
139
155
|
scopes_supported?: string[] | undefined;
|
|
140
156
|
response_types_supported: "code"[];
|
|
141
157
|
response_modes_supported: "query"[];
|
|
142
158
|
grant_types_supported: GrantType[];
|
|
143
159
|
token_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
144
|
-
token_endpoint_auth_signing_alg_values_supported?: better_auth0.
|
|
160
|
+
token_endpoint_auth_signing_alg_values_supported?: better_auth0.PrivateKeyJwtSigningAlgorithm[] | undefined;
|
|
145
161
|
service_documentation?: string | undefined;
|
|
146
162
|
ui_locales_supported?: string[] | undefined;
|
|
147
163
|
op_policy_uri?: string | undefined;
|
|
148
164
|
op_tos_uri?: string | undefined;
|
|
149
165
|
revocation_endpoint?: string | undefined;
|
|
150
|
-
revocation_endpoint_auth_methods_supported?:
|
|
151
|
-
revocation_endpoint_auth_signing_alg_values_supported?: better_auth0.
|
|
166
|
+
revocation_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
167
|
+
revocation_endpoint_auth_signing_alg_values_supported?: better_auth0.PrivateKeyJwtSigningAlgorithm[] | undefined;
|
|
152
168
|
introspection_endpoint?: string | undefined;
|
|
153
|
-
introspection_endpoint_auth_methods_supported?:
|
|
154
|
-
introspection_endpoint_auth_signing_alg_values_supported?: better_auth0.
|
|
169
|
+
introspection_endpoint_auth_methods_supported?: TokenEndpointAuthMethod[] | undefined;
|
|
170
|
+
introspection_endpoint_auth_signing_alg_values_supported?: better_auth0.PrivateKeyJwtSigningAlgorithm[] | undefined;
|
|
155
171
|
code_challenge_methods_supported: "S256"[];
|
|
156
172
|
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
157
173
|
client_id_metadata_document_supported?: boolean | undefined;
|
|
174
|
+
backchannel_logout_supported?: boolean | undefined;
|
|
175
|
+
backchannel_logout_session_supported?: boolean | undefined;
|
|
176
|
+
dpop_signing_alg_values_supported?: better_auth_plugins0.JWSAlgorithms[] | undefined;
|
|
158
177
|
id_token_signing_alg_values_supported: better_auth_plugins0.JWSAlgorithms[] | ["HS256"];
|
|
159
178
|
}>;
|
|
160
179
|
oauth2Authorize: better_call0.StrictEndpoint<"/oauth2/authorize", {
|
|
161
|
-
method: "GET";
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
code: "code";
|
|
165
|
-
}>>;
|
|
166
|
-
client_id: z.ZodString;
|
|
167
|
-
redirect_uri: z.ZodOptional<z.ZodURL>;
|
|
168
|
-
scope: z.ZodOptional<z.ZodString>;
|
|
169
|
-
state: z.ZodOptional<z.ZodString>;
|
|
170
|
-
request_uri: z.ZodOptional<z.ZodString>;
|
|
171
|
-
code_challenge: z.ZodOptional<z.ZodString>;
|
|
172
|
-
code_challenge_method: z.ZodOptional<z.ZodEnum<{
|
|
173
|
-
S256: "S256";
|
|
174
|
-
}>>;
|
|
175
|
-
nonce: z.ZodOptional<z.ZodString>;
|
|
176
|
-
prompt: z.ZodOptional<z.ZodEnum<{
|
|
177
|
-
none: "none";
|
|
178
|
-
consent: "consent";
|
|
179
|
-
login: "login";
|
|
180
|
-
create: "create";
|
|
181
|
-
select_account: "select_account";
|
|
182
|
-
"login consent": "login consent";
|
|
183
|
-
"select_account consent": "select_account consent";
|
|
184
|
-
}>>;
|
|
185
|
-
}, z.core.$strip>;
|
|
180
|
+
method: ("GET" | "POST")[];
|
|
181
|
+
body: z.ZodObject<{}, z.core.$loose>;
|
|
182
|
+
redirectOnError: OAuthRedirectOnError<GenericEndpointContext, OAuthRedirectResult>;
|
|
186
183
|
metadata: {
|
|
184
|
+
allowedMediaTypes: string[];
|
|
187
185
|
openapi: {
|
|
188
186
|
description: string;
|
|
189
187
|
parameters: ({
|
|
@@ -193,6 +191,8 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
193
191
|
schema: {
|
|
194
192
|
type: "string";
|
|
195
193
|
format?: undefined;
|
|
194
|
+
minimum?: undefined;
|
|
195
|
+
items?: undefined;
|
|
196
196
|
};
|
|
197
197
|
description: string;
|
|
198
198
|
} | {
|
|
@@ -202,6 +202,8 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
202
202
|
schema: {
|
|
203
203
|
type: "string";
|
|
204
204
|
format?: undefined;
|
|
205
|
+
minimum?: undefined;
|
|
206
|
+
items?: undefined;
|
|
205
207
|
};
|
|
206
208
|
description: string;
|
|
207
209
|
} | {
|
|
@@ -211,6 +213,32 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
211
213
|
schema: {
|
|
212
214
|
type: "string";
|
|
213
215
|
format: string;
|
|
216
|
+
minimum?: undefined;
|
|
217
|
+
items?: undefined;
|
|
218
|
+
};
|
|
219
|
+
description: string;
|
|
220
|
+
} | {
|
|
221
|
+
name: string;
|
|
222
|
+
in: "query";
|
|
223
|
+
required: false;
|
|
224
|
+
schema: {
|
|
225
|
+
type: "integer";
|
|
226
|
+
minimum: number;
|
|
227
|
+
format?: undefined;
|
|
228
|
+
items?: undefined;
|
|
229
|
+
};
|
|
230
|
+
description: string;
|
|
231
|
+
} | {
|
|
232
|
+
name: string;
|
|
233
|
+
in: "query";
|
|
234
|
+
required: false;
|
|
235
|
+
schema: {
|
|
236
|
+
type: "array";
|
|
237
|
+
items: {
|
|
238
|
+
type: "string";
|
|
239
|
+
};
|
|
240
|
+
format?: undefined;
|
|
241
|
+
minimum?: undefined;
|
|
214
242
|
};
|
|
215
243
|
description: string;
|
|
216
244
|
})[];
|
|
@@ -252,15 +280,13 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
252
280
|
};
|
|
253
281
|
};
|
|
254
282
|
};
|
|
255
|
-
},
|
|
256
|
-
redirect: boolean;
|
|
257
|
-
url: string;
|
|
258
|
-
}>;
|
|
283
|
+
}, OAuthRedirectResult>;
|
|
259
284
|
oauth2Consent: better_call0.StrictEndpoint<"/oauth2/consent", {
|
|
260
285
|
method: "POST";
|
|
261
286
|
body: z.ZodObject<{
|
|
262
287
|
accept: z.ZodBoolean;
|
|
263
288
|
scope: z.ZodOptional<z.ZodString>;
|
|
289
|
+
claims: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>;
|
|
264
290
|
oauth_query: z.ZodOptional<z.ZodString>;
|
|
265
291
|
}, z.core.$strip>;
|
|
266
292
|
use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
|
|
@@ -311,7 +337,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
311
337
|
};
|
|
312
338
|
};
|
|
313
339
|
};
|
|
314
|
-
}, {
|
|
340
|
+
}, OAuthRedirectResult | {
|
|
315
341
|
redirect: boolean;
|
|
316
342
|
url: string;
|
|
317
343
|
}>;
|
|
@@ -371,18 +397,12 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
371
397
|
};
|
|
372
398
|
};
|
|
373
399
|
};
|
|
374
|
-
},
|
|
375
|
-
redirect: boolean;
|
|
376
|
-
url: string;
|
|
377
|
-
}>;
|
|
400
|
+
}, OAuthRedirectResult>;
|
|
378
401
|
oauth2Token: better_call0.StrictEndpoint<"/oauth2/token", {
|
|
379
402
|
method: "POST";
|
|
403
|
+
cloneRequest: true;
|
|
380
404
|
body: z.ZodObject<{
|
|
381
|
-
grant_type: z.
|
|
382
|
-
authorization_code: "authorization_code";
|
|
383
|
-
client_credentials: "client_credentials";
|
|
384
|
-
refresh_token: "refresh_token";
|
|
385
|
-
}>;
|
|
405
|
+
grant_type: z.ZodString;
|
|
386
406
|
client_id: z.ZodOptional<z.ZodString>;
|
|
387
407
|
client_secret: z.ZodOptional<z.ZodString>;
|
|
388
408
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
@@ -391,13 +411,32 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
391
411
|
code_verifier: z.ZodOptional<z.ZodString>;
|
|
392
412
|
redirect_uri: z.ZodOptional<z.ZodURL>;
|
|
393
413
|
refresh_token: z.ZodOptional<z.ZodString>;
|
|
394
|
-
resource: z.ZodOptional<z.ZodString
|
|
414
|
+
resource: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
|
|
395
415
|
scope: z.ZodOptional<z.ZodString>;
|
|
396
|
-
}, z.core.$
|
|
416
|
+
}, z.core.$loose>;
|
|
417
|
+
errorCodesByField: {
|
|
418
|
+
grant_type: {
|
|
419
|
+
missing: "invalid_request";
|
|
420
|
+
invalid: "unsupported_grant_type";
|
|
421
|
+
};
|
|
422
|
+
resource: {
|
|
423
|
+
invalid: "invalid_target";
|
|
424
|
+
};
|
|
425
|
+
};
|
|
397
426
|
metadata: {
|
|
427
|
+
noStore: boolean;
|
|
398
428
|
allowedMediaTypes: string[];
|
|
399
429
|
openapi: {
|
|
400
430
|
description: string;
|
|
431
|
+
parameters: {
|
|
432
|
+
name: string;
|
|
433
|
+
in: "header";
|
|
434
|
+
required: false;
|
|
435
|
+
schema: {
|
|
436
|
+
type: "string";
|
|
437
|
+
};
|
|
438
|
+
description: string;
|
|
439
|
+
}[];
|
|
401
440
|
requestBody: {
|
|
402
441
|
required: boolean;
|
|
403
442
|
content: {
|
|
@@ -407,7 +446,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
407
446
|
properties: {
|
|
408
447
|
grant_type: {
|
|
409
448
|
type: string;
|
|
410
|
-
enum: string[];
|
|
411
449
|
description: string;
|
|
412
450
|
};
|
|
413
451
|
client_id: {
|
|
@@ -436,7 +474,17 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
436
474
|
description: string;
|
|
437
475
|
};
|
|
438
476
|
resource: {
|
|
439
|
-
|
|
477
|
+
oneOf: ({
|
|
478
|
+
type: string;
|
|
479
|
+
description: string;
|
|
480
|
+
items?: undefined;
|
|
481
|
+
} | {
|
|
482
|
+
type: string;
|
|
483
|
+
items: {
|
|
484
|
+
type: string;
|
|
485
|
+
};
|
|
486
|
+
description: string;
|
|
487
|
+
})[];
|
|
440
488
|
description: string;
|
|
441
489
|
};
|
|
442
490
|
scope: {
|
|
@@ -514,10 +562,10 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
514
562
|
};
|
|
515
563
|
};
|
|
516
564
|
}, {
|
|
517
|
-
access_token: string;
|
|
518
565
|
expires_in: number;
|
|
566
|
+
access_token: string;
|
|
519
567
|
expires_at: number;
|
|
520
|
-
token_type:
|
|
568
|
+
token_type: TokenType;
|
|
521
569
|
refresh_token: string | undefined;
|
|
522
570
|
scope: string;
|
|
523
571
|
id_token: string | undefined;
|
|
@@ -530,12 +578,10 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
530
578
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
531
579
|
client_assertion_type: z.ZodOptional<z.ZodString>;
|
|
532
580
|
token: z.ZodString;
|
|
533
|
-
token_type_hint: z.ZodOptional<z.
|
|
534
|
-
refresh_token: "refresh_token";
|
|
535
|
-
access_token: "access_token";
|
|
536
|
-
}>>;
|
|
581
|
+
token_type_hint: z.ZodOptional<z.ZodString>;
|
|
537
582
|
}, z.core.$strip>;
|
|
538
583
|
metadata: {
|
|
584
|
+
noStore: boolean;
|
|
539
585
|
allowedMediaTypes: string[];
|
|
540
586
|
openapi: {
|
|
541
587
|
description: string;
|
|
@@ -559,11 +605,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
559
605
|
description: string;
|
|
560
606
|
};
|
|
561
607
|
token_type_hint: {
|
|
562
|
-
type: string;
|
|
563
|
-
enum: string[];
|
|
564
|
-
description: string;
|
|
565
|
-
};
|
|
566
|
-
resource: {
|
|
567
608
|
type: string;
|
|
568
609
|
description: string;
|
|
569
610
|
};
|
|
@@ -669,10 +710,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
669
710
|
client_assertion: z.ZodOptional<z.ZodString>;
|
|
670
711
|
client_assertion_type: z.ZodOptional<z.ZodString>;
|
|
671
712
|
token: z.ZodString;
|
|
672
|
-
token_type_hint: z.ZodOptional<z.
|
|
673
|
-
refresh_token: "refresh_token";
|
|
674
|
-
access_token: "access_token";
|
|
675
|
-
}>>;
|
|
713
|
+
token_type_hint: z.ZodOptional<z.ZodString>;
|
|
676
714
|
}, z.core.$strip>;
|
|
677
715
|
metadata: {
|
|
678
716
|
allowedMediaTypes: string[];
|
|
@@ -699,7 +737,6 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
699
737
|
};
|
|
700
738
|
token_type_hint: {
|
|
701
739
|
type: string;
|
|
702
|
-
enum: string[];
|
|
703
740
|
description: string;
|
|
704
741
|
};
|
|
705
742
|
};
|
|
@@ -747,8 +784,13 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
747
784
|
};
|
|
748
785
|
}, null | undefined>;
|
|
749
786
|
oauth2UserInfo: better_call0.StrictEndpoint<"/oauth2/userinfo", {
|
|
750
|
-
method: "GET";
|
|
787
|
+
method: ("GET" | "POST")[];
|
|
788
|
+
body: z.ZodOptional<z.ZodObject<{
|
|
789
|
+
access_token: z.ZodOptional<z.ZodString>;
|
|
790
|
+
}, z.core.$loose>>;
|
|
751
791
|
metadata: {
|
|
792
|
+
noStore: boolean;
|
|
793
|
+
allowedMediaTypes: string[];
|
|
752
794
|
openapi: {
|
|
753
795
|
description: string;
|
|
754
796
|
security: ({
|
|
@@ -859,13 +901,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
859
901
|
};
|
|
860
902
|
};
|
|
861
903
|
}, {
|
|
862
|
-
|
|
863
|
-
email_verified?: boolean | undefined;
|
|
864
|
-
name?: string | undefined;
|
|
865
|
-
picture?: string | undefined;
|
|
866
|
-
given_name?: string | undefined;
|
|
867
|
-
family_name?: string | undefined;
|
|
868
|
-
sub: string;
|
|
904
|
+
sub: unknown;
|
|
869
905
|
}>;
|
|
870
906
|
oauth2EndSession: better_call0.StrictEndpoint<"/oauth2/end-session", {
|
|
871
907
|
method: "GET";
|
|
@@ -903,14 +939,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
903
939
|
};
|
|
904
940
|
};
|
|
905
941
|
};
|
|
906
|
-
},
|
|
907
|
-
redirect: boolean;
|
|
908
|
-
url: string;
|
|
909
|
-
} | undefined>;
|
|
942
|
+
}, OAuthRedirectResult | undefined>;
|
|
910
943
|
registerOAuthClient: better_call0.StrictEndpoint<"/oauth2/register", {
|
|
911
944
|
method: "POST";
|
|
912
945
|
body: z.ZodObject<{
|
|
913
|
-
redirect_uris: z.ZodArray<z.ZodURL
|
|
946
|
+
redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
914
947
|
scope: z.ZodOptional<z.ZodString>;
|
|
915
948
|
client_name: z.ZodOptional<z.ZodString>;
|
|
916
949
|
client_uri: z.ZodOptional<z.ZodString>;
|
|
@@ -922,24 +955,17 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
922
955
|
software_version: z.ZodOptional<z.ZodString>;
|
|
923
956
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
924
957
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
client_secret_post: "client_secret_post";
|
|
929
|
-
private_key_jwt: "private_key_jwt";
|
|
930
|
-
}>>>;
|
|
958
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
959
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
960
|
+
token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
|
|
931
961
|
jwks: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodObject<{
|
|
932
962
|
keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
933
963
|
}, z.core.$strip>]>>;
|
|
934
964
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
935
|
-
grant_types: z.ZodOptional<z.
|
|
936
|
-
|
|
937
|
-
client_credentials: "client_credentials";
|
|
938
|
-
refresh_token: "refresh_token";
|
|
939
|
-
}>>>>;
|
|
940
|
-
response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
|
|
965
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
966
|
+
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
941
967
|
code: "code";
|
|
942
|
-
}
|
|
968
|
+
}>>>;
|
|
943
969
|
type: z.ZodOptional<z.ZodEnum<{
|
|
944
970
|
web: "web";
|
|
945
971
|
native: "native";
|
|
@@ -949,13 +975,23 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
949
975
|
public: "public";
|
|
950
976
|
pairwise: "pairwise";
|
|
951
977
|
}>>;
|
|
978
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
979
|
+
resources: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
952
980
|
skip_consent: z.ZodOptional<z.ZodNever>;
|
|
953
981
|
}, z.core.$strip>;
|
|
982
|
+
errorCodesByField: {
|
|
983
|
+
redirect_uris: "invalid_redirect_uri";
|
|
984
|
+
post_logout_redirect_uris: "invalid_redirect_uri";
|
|
985
|
+
software_statement: "invalid_software_statement";
|
|
986
|
+
resources: "invalid_target";
|
|
987
|
+
};
|
|
988
|
+
defaultError: "invalid_client_metadata";
|
|
954
989
|
metadata: {
|
|
990
|
+
noStore: boolean;
|
|
955
991
|
openapi: {
|
|
956
992
|
description: string;
|
|
957
993
|
responses: {
|
|
958
|
-
"
|
|
994
|
+
"201": {
|
|
959
995
|
description: string;
|
|
960
996
|
content: {
|
|
961
997
|
"application/json": {
|
|
@@ -1041,16 +1077,23 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1041
1077
|
};
|
|
1042
1078
|
description: string;
|
|
1043
1079
|
};
|
|
1080
|
+
backchannel_logout_uri: {
|
|
1081
|
+
type: string;
|
|
1082
|
+
format: string;
|
|
1083
|
+
description: string;
|
|
1084
|
+
};
|
|
1085
|
+
backchannel_logout_session_required: {
|
|
1086
|
+
type: string;
|
|
1087
|
+
description: string;
|
|
1088
|
+
};
|
|
1044
1089
|
token_endpoint_auth_method: {
|
|
1045
1090
|
type: string;
|
|
1046
1091
|
description: string;
|
|
1047
|
-
enum: string[];
|
|
1048
1092
|
};
|
|
1049
1093
|
grant_types: {
|
|
1050
1094
|
type: string;
|
|
1051
1095
|
items: {
|
|
1052
1096
|
type: string;
|
|
1053
|
-
enum: string[];
|
|
1054
1097
|
};
|
|
1055
1098
|
description: string;
|
|
1056
1099
|
};
|
|
@@ -1088,7 +1131,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1088
1131
|
adminCreateOAuthClient: better_call0.StrictEndpoint<"/admin/oauth2/create-client", {
|
|
1089
1132
|
method: "POST";
|
|
1090
1133
|
body: z.ZodObject<{
|
|
1091
|
-
redirect_uris: z.ZodArray<z.ZodURL
|
|
1134
|
+
redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1092
1135
|
scope: z.ZodOptional<z.ZodString>;
|
|
1093
1136
|
client_name: z.ZodOptional<z.ZodString>;
|
|
1094
1137
|
client_uri: z.ZodOptional<z.ZodString>;
|
|
@@ -1100,24 +1143,17 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1100
1143
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1101
1144
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1102
1145
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1103
|
-
|
|
1104
|
-
|
|
1105
|
-
|
|
1106
|
-
client_secret_post: "client_secret_post";
|
|
1107
|
-
private_key_jwt: "private_key_jwt";
|
|
1108
|
-
}>>>;
|
|
1146
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1147
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1148
|
+
token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
|
|
1109
1149
|
jwks: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodObject<{
|
|
1110
1150
|
keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1111
1151
|
}, z.core.$strip>]>>;
|
|
1112
1152
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
1113
|
-
grant_types: z.ZodOptional<z.
|
|
1114
|
-
|
|
1115
|
-
client_credentials: "client_credentials";
|
|
1116
|
-
refresh_token: "refresh_token";
|
|
1117
|
-
}>>>>;
|
|
1118
|
-
response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
|
|
1153
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1154
|
+
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1119
1155
|
code: "code";
|
|
1120
|
-
}
|
|
1156
|
+
}>>>;
|
|
1121
1157
|
type: z.ZodOptional<z.ZodEnum<{
|
|
1122
1158
|
web: "web";
|
|
1123
1159
|
native: "native";
|
|
@@ -1127,6 +1163,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1127
1163
|
skip_consent: z.ZodOptional<z.ZodBoolean>;
|
|
1128
1164
|
enable_end_session: z.ZodOptional<z.ZodBoolean>;
|
|
1129
1165
|
require_pkce: z.ZodOptional<z.ZodBoolean>;
|
|
1166
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
1130
1167
|
subject_type: z.ZodOptional<z.ZodEnum<{
|
|
1131
1168
|
public: "public";
|
|
1132
1169
|
pairwise: "pairwise";
|
|
@@ -1134,11 +1171,12 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1134
1171
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1135
1172
|
}, z.core.$strip>;
|
|
1136
1173
|
metadata: {
|
|
1174
|
+
noStore: boolean;
|
|
1137
1175
|
SERVER_ONLY: true;
|
|
1138
1176
|
openapi: {
|
|
1139
1177
|
description: string;
|
|
1140
1178
|
responses: {
|
|
1141
|
-
"
|
|
1179
|
+
"201": {
|
|
1142
1180
|
description: string;
|
|
1143
1181
|
content: {
|
|
1144
1182
|
"application/json": {
|
|
@@ -1219,13 +1257,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1219
1257
|
token_endpoint_auth_method: {
|
|
1220
1258
|
type: string;
|
|
1221
1259
|
description: string;
|
|
1222
|
-
enum: string[];
|
|
1223
1260
|
};
|
|
1224
1261
|
grant_types: {
|
|
1225
1262
|
type: string;
|
|
1226
1263
|
items: {
|
|
1227
1264
|
type: string;
|
|
1228
|
-
enum: string[];
|
|
1229
1265
|
};
|
|
1230
1266
|
description: string;
|
|
1231
1267
|
};
|
|
@@ -1297,7 +1333,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1297
1333
|
};
|
|
1298
1334
|
}>)[];
|
|
1299
1335
|
body: z.ZodObject<{
|
|
1300
|
-
redirect_uris: z.ZodArray<z.ZodURL
|
|
1336
|
+
redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1301
1337
|
scope: z.ZodOptional<z.ZodString>;
|
|
1302
1338
|
client_name: z.ZodOptional<z.ZodString>;
|
|
1303
1339
|
client_uri: z.ZodOptional<z.ZodString>;
|
|
@@ -1309,35 +1345,30 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1309
1345
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1310
1346
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1311
1347
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1312
|
-
|
|
1313
|
-
|
|
1314
|
-
|
|
1315
|
-
client_secret_post: "client_secret_post";
|
|
1316
|
-
private_key_jwt: "private_key_jwt";
|
|
1317
|
-
}>>>;
|
|
1348
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1349
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1350
|
+
token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
|
|
1318
1351
|
jwks: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodObject<{
|
|
1319
1352
|
keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1320
1353
|
}, z.core.$strip>]>>;
|
|
1321
1354
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
1322
|
-
grant_types: z.ZodOptional<z.
|
|
1323
|
-
|
|
1324
|
-
client_credentials: "client_credentials";
|
|
1325
|
-
refresh_token: "refresh_token";
|
|
1326
|
-
}>>>>;
|
|
1327
|
-
response_types: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodEnum<{
|
|
1355
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1356
|
+
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1328
1357
|
code: "code";
|
|
1329
|
-
}
|
|
1358
|
+
}>>>;
|
|
1330
1359
|
type: z.ZodOptional<z.ZodEnum<{
|
|
1331
1360
|
web: "web";
|
|
1332
1361
|
native: "native";
|
|
1333
1362
|
"user-agent-based": "user-agent-based";
|
|
1334
1363
|
}>>;
|
|
1364
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
1335
1365
|
}, z.core.$strip>;
|
|
1336
1366
|
metadata: {
|
|
1367
|
+
noStore: boolean;
|
|
1337
1368
|
openapi: {
|
|
1338
1369
|
description: string;
|
|
1339
1370
|
responses: {
|
|
1340
|
-
"
|
|
1371
|
+
"201": {
|
|
1341
1372
|
description: string;
|
|
1342
1373
|
content: {
|
|
1343
1374
|
"application/json": {
|
|
@@ -1418,13 +1449,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1418
1449
|
token_endpoint_auth_method: {
|
|
1419
1450
|
type: string;
|
|
1420
1451
|
description: string;
|
|
1421
|
-
enum: string[];
|
|
1422
1452
|
};
|
|
1423
1453
|
grant_types: {
|
|
1424
1454
|
type: string;
|
|
1425
1455
|
items: {
|
|
1426
1456
|
type: string;
|
|
1427
|
-
enum: string[];
|
|
1428
1457
|
};
|
|
1429
1458
|
description: string;
|
|
1430
1459
|
};
|
|
@@ -1594,11 +1623,9 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1594
1623
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1595
1624
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1596
1625
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1597
|
-
|
|
1598
|
-
|
|
1599
|
-
|
|
1600
|
-
refresh_token: "refresh_token";
|
|
1601
|
-
}>>>;
|
|
1626
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1627
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1628
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1602
1629
|
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1603
1630
|
code: "code";
|
|
1604
1631
|
}>>>;
|
|
@@ -1610,6 +1637,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1610
1637
|
client_secret_expires_at: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
|
|
1611
1638
|
skip_consent: z.ZodOptional<z.ZodBoolean>;
|
|
1612
1639
|
enable_end_session: z.ZodOptional<z.ZodBoolean>;
|
|
1640
|
+
dpop_bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
|
|
1613
1641
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1614
1642
|
}, z.core.$strip>;
|
|
1615
1643
|
}, z.core.$strip>;
|
|
@@ -1660,11 +1688,9 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1660
1688
|
software_version: z.ZodOptional<z.ZodString>;
|
|
1661
1689
|
software_statement: z.ZodOptional<z.ZodString>;
|
|
1662
1690
|
post_logout_redirect_uris: z.ZodOptional<z.ZodArray<z.ZodURL>>;
|
|
1663
|
-
|
|
1664
|
-
|
|
1665
|
-
|
|
1666
|
-
refresh_token: "refresh_token";
|
|
1667
|
-
}>>>;
|
|
1691
|
+
backchannel_logout_uri: z.ZodOptional<z.ZodURL>;
|
|
1692
|
+
backchannel_logout_session_required: z.ZodOptional<z.ZodBoolean>;
|
|
1693
|
+
grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1668
1694
|
response_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
1669
1695
|
code: "code";
|
|
1670
1696
|
}>>>;
|
|
@@ -1710,6 +1736,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1710
1736
|
client_id: z.ZodString;
|
|
1711
1737
|
}, z.core.$strip>;
|
|
1712
1738
|
metadata: {
|
|
1739
|
+
noStore: boolean;
|
|
1713
1740
|
openapi: {
|
|
1714
1741
|
description: string;
|
|
1715
1742
|
};
|
|
@@ -1885,6 +1912,92 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1885
1912
|
};
|
|
1886
1913
|
};
|
|
1887
1914
|
}, void>;
|
|
1915
|
+
adminCreateOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources", {
|
|
1916
|
+
method: "POST";
|
|
1917
|
+
body: z.ZodObject<{
|
|
1918
|
+
identifier: z.ZodNonOptional<z.ZodOptional<z.ZodString>>;
|
|
1919
|
+
name: z.ZodOptional<z.ZodString>;
|
|
1920
|
+
accessTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1921
|
+
refreshTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1922
|
+
signingAlgorithm: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
1923
|
+
RS256: "RS256";
|
|
1924
|
+
PS256: "PS256";
|
|
1925
|
+
ES256: "ES256";
|
|
1926
|
+
ES512: "ES512";
|
|
1927
|
+
EdDSA: "EdDSA";
|
|
1928
|
+
}>>>;
|
|
1929
|
+
signingKeyId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
1930
|
+
allowedScopes: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
1931
|
+
customClaims: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1932
|
+
dpopBoundAccessTokensRequired: z.ZodOptional<z.ZodBoolean>;
|
|
1933
|
+
disabled: z.ZodOptional<z.ZodBoolean>;
|
|
1934
|
+
metadata: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1935
|
+
}, z.core.$strip>;
|
|
1936
|
+
metadata: {
|
|
1937
|
+
SERVER_ONLY: true;
|
|
1938
|
+
};
|
|
1939
|
+
}, OAuthResource>;
|
|
1940
|
+
adminListOAuthResources: better_call0.StrictEndpoint<"/admin/oauth2/resources", {
|
|
1941
|
+
method: "GET";
|
|
1942
|
+
metadata: {
|
|
1943
|
+
SERVER_ONLY: true;
|
|
1944
|
+
};
|
|
1945
|
+
}, OAuthResource[]>;
|
|
1946
|
+
adminGetOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier", {
|
|
1947
|
+
method: "GET";
|
|
1948
|
+
metadata: {
|
|
1949
|
+
SERVER_ONLY: true;
|
|
1950
|
+
};
|
|
1951
|
+
}, OAuthResource>;
|
|
1952
|
+
adminUpdateOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier", {
|
|
1953
|
+
method: "PATCH";
|
|
1954
|
+
body: z.ZodObject<{
|
|
1955
|
+
identifier: z.ZodOptional<z.ZodString>;
|
|
1956
|
+
name: z.ZodOptional<z.ZodString>;
|
|
1957
|
+
accessTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1958
|
+
refreshTokenTtl: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
1959
|
+
signingAlgorithm: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
1960
|
+
RS256: "RS256";
|
|
1961
|
+
PS256: "PS256";
|
|
1962
|
+
ES256: "ES256";
|
|
1963
|
+
ES512: "ES512";
|
|
1964
|
+
EdDSA: "EdDSA";
|
|
1965
|
+
}>>>;
|
|
1966
|
+
signingKeyId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
1967
|
+
allowedScopes: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
1968
|
+
customClaims: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1969
|
+
dpopBoundAccessTokensRequired: z.ZodOptional<z.ZodBoolean>;
|
|
1970
|
+
disabled: z.ZodOptional<z.ZodBoolean>;
|
|
1971
|
+
metadata: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
1972
|
+
}, z.core.$strip>;
|
|
1973
|
+
metadata: {
|
|
1974
|
+
SERVER_ONLY: true;
|
|
1975
|
+
};
|
|
1976
|
+
}, OAuthResource>;
|
|
1977
|
+
adminDeleteOAuthResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier", {
|
|
1978
|
+
method: "DELETE";
|
|
1979
|
+
metadata: {
|
|
1980
|
+
SERVER_ONLY: true;
|
|
1981
|
+
};
|
|
1982
|
+
}, {
|
|
1983
|
+
deleted: boolean;
|
|
1984
|
+
}>;
|
|
1985
|
+
adminLinkClientResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier/clients/:client_id", {
|
|
1986
|
+
method: "POST";
|
|
1987
|
+
metadata: {
|
|
1988
|
+
SERVER_ONLY: true;
|
|
1989
|
+
};
|
|
1990
|
+
}, {
|
|
1991
|
+
linked: boolean;
|
|
1992
|
+
}>;
|
|
1993
|
+
adminUnlinkClientResource: better_call0.StrictEndpoint<"/admin/oauth2/resources/:identifier/clients/:client_id", {
|
|
1994
|
+
method: "DELETE";
|
|
1995
|
+
metadata: {
|
|
1996
|
+
SERVER_ONLY: true;
|
|
1997
|
+
};
|
|
1998
|
+
}, {
|
|
1999
|
+
unlinked: boolean;
|
|
2000
|
+
}>;
|
|
1888
2001
|
};
|
|
1889
2002
|
schema: {
|
|
1890
2003
|
oauthClient: {
|
|
@@ -1927,6 +2040,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1927
2040
|
model: string;
|
|
1928
2041
|
field: string;
|
|
1929
2042
|
};
|
|
2043
|
+
index: true;
|
|
1930
2044
|
};
|
|
1931
2045
|
createdAt: {
|
|
1932
2046
|
type: "date";
|
|
@@ -1980,6 +2094,14 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
1980
2094
|
type: "string[]";
|
|
1981
2095
|
required: false;
|
|
1982
2096
|
};
|
|
2097
|
+
backchannelLogoutUri: {
|
|
2098
|
+
type: "string";
|
|
2099
|
+
required: false;
|
|
2100
|
+
};
|
|
2101
|
+
backchannelLogoutSessionRequired: {
|
|
2102
|
+
type: "boolean";
|
|
2103
|
+
required: false;
|
|
2104
|
+
};
|
|
1983
2105
|
tokenEndpointAuthMethod: {
|
|
1984
2106
|
type: "string";
|
|
1985
2107
|
required: false;
|
|
@@ -2012,6 +2134,11 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2012
2134
|
type: "boolean";
|
|
2013
2135
|
required: false;
|
|
2014
2136
|
};
|
|
2137
|
+
dpopBoundAccessTokens: {
|
|
2138
|
+
type: "boolean";
|
|
2139
|
+
required: false;
|
|
2140
|
+
defaultValue: false;
|
|
2141
|
+
};
|
|
2015
2142
|
referenceId: {
|
|
2016
2143
|
type: "string";
|
|
2017
2144
|
required: false;
|
|
@@ -2022,11 +2149,110 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2022
2149
|
};
|
|
2023
2150
|
};
|
|
2024
2151
|
};
|
|
2152
|
+
oauthResource: {
|
|
2153
|
+
modelName: string;
|
|
2154
|
+
fields: {
|
|
2155
|
+
identifier: {
|
|
2156
|
+
type: "string";
|
|
2157
|
+
required: true;
|
|
2158
|
+
unique: true;
|
|
2159
|
+
};
|
|
2160
|
+
name: {
|
|
2161
|
+
type: "string";
|
|
2162
|
+
required: true;
|
|
2163
|
+
};
|
|
2164
|
+
accessTokenTtl: {
|
|
2165
|
+
type: "number";
|
|
2166
|
+
required: false;
|
|
2167
|
+
};
|
|
2168
|
+
refreshTokenTtl: {
|
|
2169
|
+
type: "number";
|
|
2170
|
+
required: false;
|
|
2171
|
+
};
|
|
2172
|
+
signingAlgorithm: {
|
|
2173
|
+
type: "string";
|
|
2174
|
+
required: false;
|
|
2175
|
+
};
|
|
2176
|
+
signingKeyId: {
|
|
2177
|
+
type: "string";
|
|
2178
|
+
required: false;
|
|
2179
|
+
};
|
|
2180
|
+
allowedScopes: {
|
|
2181
|
+
type: "string[]";
|
|
2182
|
+
required: false;
|
|
2183
|
+
};
|
|
2184
|
+
customClaims: {
|
|
2185
|
+
type: "json";
|
|
2186
|
+
required: false;
|
|
2187
|
+
};
|
|
2188
|
+
dpopBoundAccessTokensRequired: {
|
|
2189
|
+
type: "boolean";
|
|
2190
|
+
required: false;
|
|
2191
|
+
defaultValue: false;
|
|
2192
|
+
};
|
|
2193
|
+
disabled: {
|
|
2194
|
+
type: "boolean";
|
|
2195
|
+
required: false;
|
|
2196
|
+
defaultValue: false;
|
|
2197
|
+
};
|
|
2198
|
+
createdAt: {
|
|
2199
|
+
type: "date";
|
|
2200
|
+
required: false;
|
|
2201
|
+
};
|
|
2202
|
+
updatedAt: {
|
|
2203
|
+
type: "date";
|
|
2204
|
+
required: false;
|
|
2205
|
+
};
|
|
2206
|
+
policyVersion: {
|
|
2207
|
+
type: "number";
|
|
2208
|
+
required: false;
|
|
2209
|
+
defaultValue: number;
|
|
2210
|
+
};
|
|
2211
|
+
metadata: {
|
|
2212
|
+
type: "json";
|
|
2213
|
+
required: false;
|
|
2214
|
+
};
|
|
2215
|
+
};
|
|
2216
|
+
};
|
|
2217
|
+
oauthClientResource: {
|
|
2218
|
+
modelName: string;
|
|
2219
|
+
fields: {
|
|
2220
|
+
clientId: {
|
|
2221
|
+
type: "string";
|
|
2222
|
+
required: true;
|
|
2223
|
+
references: {
|
|
2224
|
+
model: string;
|
|
2225
|
+
field: string;
|
|
2226
|
+
onDelete: "cascade";
|
|
2227
|
+
};
|
|
2228
|
+
index: true;
|
|
2229
|
+
};
|
|
2230
|
+
resourceId: {
|
|
2231
|
+
type: "string";
|
|
2232
|
+
required: true;
|
|
2233
|
+
references: {
|
|
2234
|
+
model: string;
|
|
2235
|
+
field: string;
|
|
2236
|
+
onDelete: "cascade";
|
|
2237
|
+
};
|
|
2238
|
+
index: true;
|
|
2239
|
+
};
|
|
2240
|
+
metadata: {
|
|
2241
|
+
type: "json";
|
|
2242
|
+
required: false;
|
|
2243
|
+
};
|
|
2244
|
+
createdAt: {
|
|
2245
|
+
type: "date";
|
|
2246
|
+
required: false;
|
|
2247
|
+
};
|
|
2248
|
+
};
|
|
2249
|
+
};
|
|
2025
2250
|
oauthRefreshToken: {
|
|
2026
2251
|
fields: {
|
|
2027
2252
|
token: {
|
|
2028
2253
|
type: "string";
|
|
2029
2254
|
required: true;
|
|
2255
|
+
unique: true;
|
|
2030
2256
|
};
|
|
2031
2257
|
clientId: {
|
|
2032
2258
|
type: "string";
|
|
@@ -2035,6 +2261,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2035
2261
|
model: string;
|
|
2036
2262
|
field: string;
|
|
2037
2263
|
};
|
|
2264
|
+
index: true;
|
|
2038
2265
|
};
|
|
2039
2266
|
sessionId: {
|
|
2040
2267
|
type: "string";
|
|
@@ -2044,6 +2271,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2044
2271
|
field: string;
|
|
2045
2272
|
onDelete: "set null";
|
|
2046
2273
|
};
|
|
2274
|
+
index: true;
|
|
2047
2275
|
};
|
|
2048
2276
|
userId: {
|
|
2049
2277
|
type: "string";
|
|
@@ -2052,11 +2280,25 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2052
2280
|
model: string;
|
|
2053
2281
|
field: string;
|
|
2054
2282
|
};
|
|
2283
|
+
index: true;
|
|
2055
2284
|
};
|
|
2056
2285
|
referenceId: {
|
|
2057
2286
|
type: "string";
|
|
2058
2287
|
required: false;
|
|
2059
2288
|
};
|
|
2289
|
+
authorizationCodeId: {
|
|
2290
|
+
type: "string";
|
|
2291
|
+
required: false;
|
|
2292
|
+
index: true;
|
|
2293
|
+
};
|
|
2294
|
+
resources: {
|
|
2295
|
+
type: "string[]";
|
|
2296
|
+
required: false;
|
|
2297
|
+
};
|
|
2298
|
+
requestedUserInfoClaims: {
|
|
2299
|
+
type: "string[]";
|
|
2300
|
+
required: false;
|
|
2301
|
+
};
|
|
2060
2302
|
expiresAt: {
|
|
2061
2303
|
type: "date";
|
|
2062
2304
|
};
|
|
@@ -2067,10 +2309,26 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2067
2309
|
type: "date";
|
|
2068
2310
|
required: false;
|
|
2069
2311
|
};
|
|
2312
|
+
rotatedAt: {
|
|
2313
|
+
type: "date";
|
|
2314
|
+
required: false;
|
|
2315
|
+
};
|
|
2316
|
+
rotationReplayResponse: {
|
|
2317
|
+
type: "string";
|
|
2318
|
+
required: false;
|
|
2319
|
+
};
|
|
2320
|
+
rotationReplayExpiresAt: {
|
|
2321
|
+
type: "date";
|
|
2322
|
+
required: false;
|
|
2323
|
+
};
|
|
2070
2324
|
authTime: {
|
|
2071
2325
|
type: "date";
|
|
2072
2326
|
required: false;
|
|
2073
2327
|
};
|
|
2328
|
+
confirmation: {
|
|
2329
|
+
type: "json";
|
|
2330
|
+
required: false;
|
|
2331
|
+
};
|
|
2074
2332
|
scopes: {
|
|
2075
2333
|
type: "string[]";
|
|
2076
2334
|
required: true;
|
|
@@ -2091,6 +2349,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2091
2349
|
model: string;
|
|
2092
2350
|
field: string;
|
|
2093
2351
|
};
|
|
2352
|
+
index: true;
|
|
2094
2353
|
};
|
|
2095
2354
|
sessionId: {
|
|
2096
2355
|
type: "string";
|
|
@@ -2100,6 +2359,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2100
2359
|
field: string;
|
|
2101
2360
|
onDelete: "set null";
|
|
2102
2361
|
};
|
|
2362
|
+
index: true;
|
|
2103
2363
|
};
|
|
2104
2364
|
userId: {
|
|
2105
2365
|
type: "string";
|
|
@@ -2108,11 +2368,25 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2108
2368
|
model: string;
|
|
2109
2369
|
field: string;
|
|
2110
2370
|
};
|
|
2371
|
+
index: true;
|
|
2111
2372
|
};
|
|
2112
2373
|
referenceId: {
|
|
2113
2374
|
type: "string";
|
|
2114
2375
|
required: false;
|
|
2115
2376
|
};
|
|
2377
|
+
authorizationCodeId: {
|
|
2378
|
+
type: "string";
|
|
2379
|
+
required: false;
|
|
2380
|
+
index: true;
|
|
2381
|
+
};
|
|
2382
|
+
resources: {
|
|
2383
|
+
type: "string[]";
|
|
2384
|
+
required: false;
|
|
2385
|
+
};
|
|
2386
|
+
requestedUserInfoClaims: {
|
|
2387
|
+
type: "string[]";
|
|
2388
|
+
required: false;
|
|
2389
|
+
};
|
|
2116
2390
|
refreshId: {
|
|
2117
2391
|
type: "string";
|
|
2118
2392
|
required: false;
|
|
@@ -2120,6 +2394,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2120
2394
|
model: string;
|
|
2121
2395
|
field: string;
|
|
2122
2396
|
};
|
|
2397
|
+
index: true;
|
|
2123
2398
|
};
|
|
2124
2399
|
expiresAt: {
|
|
2125
2400
|
type: "date";
|
|
@@ -2127,6 +2402,14 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2127
2402
|
createdAt: {
|
|
2128
2403
|
type: "date";
|
|
2129
2404
|
};
|
|
2405
|
+
revoked: {
|
|
2406
|
+
type: "date";
|
|
2407
|
+
required: false;
|
|
2408
|
+
};
|
|
2409
|
+
confirmation: {
|
|
2410
|
+
type: "json";
|
|
2411
|
+
required: false;
|
|
2412
|
+
};
|
|
2130
2413
|
scopes: {
|
|
2131
2414
|
type: "string[]";
|
|
2132
2415
|
required: true;
|
|
@@ -2143,6 +2426,7 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2143
2426
|
model: string;
|
|
2144
2427
|
field: string;
|
|
2145
2428
|
};
|
|
2429
|
+
index: true;
|
|
2146
2430
|
};
|
|
2147
2431
|
userId: {
|
|
2148
2432
|
type: "string";
|
|
@@ -2151,11 +2435,20 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2151
2435
|
model: string;
|
|
2152
2436
|
field: string;
|
|
2153
2437
|
};
|
|
2438
|
+
index: true;
|
|
2154
2439
|
};
|
|
2155
2440
|
referenceId: {
|
|
2156
2441
|
type: "string";
|
|
2157
2442
|
required: false;
|
|
2158
2443
|
};
|
|
2444
|
+
resources: {
|
|
2445
|
+
type: "string[]";
|
|
2446
|
+
required: false;
|
|
2447
|
+
};
|
|
2448
|
+
requestedUserInfoClaims: {
|
|
2449
|
+
type: "string[]";
|
|
2450
|
+
required: false;
|
|
2451
|
+
};
|
|
2159
2452
|
scopes: {
|
|
2160
2453
|
type: "string[]";
|
|
2161
2454
|
required: true;
|
|
@@ -2168,6 +2461,15 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2168
2461
|
};
|
|
2169
2462
|
};
|
|
2170
2463
|
};
|
|
2464
|
+
oauthClientAssertion: {
|
|
2465
|
+
modelName: string;
|
|
2466
|
+
fields: {
|
|
2467
|
+
expiresAt: {
|
|
2468
|
+
type: "date";
|
|
2469
|
+
required: true;
|
|
2470
|
+
};
|
|
2471
|
+
};
|
|
2472
|
+
};
|
|
2171
2473
|
};
|
|
2172
2474
|
rateLimit: ({
|
|
2173
2475
|
pathMatcher: (path: string) => path is "/oauth2/token";
|
|
@@ -2196,4 +2498,4 @@ declare const oauthProvider: <O extends OAuthOptions<Scope[]>>(options: O) => {
|
|
|
2196
2498
|
})[];
|
|
2197
2499
|
};
|
|
2198
2500
|
//#endregion
|
|
2199
|
-
export {
|
|
2501
|
+
export { OAuthEndpointErrorResult as a, OAuthFieldErrorCode as c, getIssuer as i, OAuthFieldErrorCodeMap as l, getOAuthProviderState as n, OAuthEndpointRedirectContext as o, oauthProvider as r, OAuthErrorCode as s, DEFAULT_OAUTH_SCOPES as t, OAuthRedirectOnError as u };
|