@frontmcp/sdk 0.1.0

package/src/types/auth/session.types.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizationSchema = exports.sessionIdSchema = exports.sessionIdPayloadSchema = exports.userClaimSchema = void 0;
+const zod_1 = require("zod");
+exports.userClaimSchema = zod_1.z.object({
+    iss: zod_1.z.string(),
+    sid: zod_1.z.string().optional(),
+    sub: zod_1.z.string(),
+    exp: zod_1.z.number().optional(),
+    iat: zod_1.z.number().optional(),
+    aud: zod_1.z.union([zod_1.z.string(), zod_1.z.array(zod_1.z.string())]).optional(),
+    email: zod_1.z.string().optional(),
+    username: zod_1.z.string().optional(),
+    preferred_username: zod_1.z.string().optional(),
+    name: zod_1.z.string().optional(),
+    picture: zod_1.z.string().optional(),
+}).passthrough();
+exports.sessionIdPayloadSchema = zod_1.z.object({
+    nodeId: zod_1.z.string(),
+    authSig: zod_1.z.string(),
+    uuid: zod_1.z.string().uuid(),
+    iat: zod_1.z.number(),
+    protocol: zod_1.z.enum([
+        'legacy-sse',
+        'sse',
+        'streamable-http',
+        'stateful-http',
+        'stateless-http',
+    ]),
+});
+exports.sessionIdSchema = zod_1.z.object({
+    id: zod_1.z.string(),
+    payload: exports.sessionIdPayloadSchema,
+});
+exports.authorizationSchema = zod_1.z.object({
+    token: zod_1.z.string(),
+    session: exports.sessionIdSchema.optional(),
+    user: exports.userClaimSchema,
+});
+//# sourceMappingURL=session.types.js.map

package/src/types/auth/session.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.types.js","sourceRoot":"","sources":["../../../../src/types/auth/session.types.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAmBX,QAAA,eAAe,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1D,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACE,CAAC,CAAC,WAAW,EAAE,CAAC;AAerC,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IACvB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC;QACf,YAAY;QACZ,KAAK;QACL,iBAAiB;QACjB,eAAe;QACf,gBAAgB;KACjB,CAAC;CACqC,CAAC,CAAC;AAY9B,QAAA,eAAe,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,OAAO,EAAE,8BAAsB;CACiC,CAAC,CAAC;AAEvD,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,OAAO,EAAE,uBAAe,CAAC,QAAQ,EAAE;IACnC,IAAI,EAAE,uBAAe;CACe,CAAC,CAAC","sourcesContent":["import { z } from 'zod';\nimport { HttpRequestIntent, RawZodShape } from '@frontmcp/sdk';\n\n/**\n * Decoded JWT payload (if any) or empty object\n */\nexport type UserClaim = {\n  iss: string;\n  sid?: string;\n  sub: string;\n  exp?: number;\n  iat?: number;\n  aud?: string | string[];\n  email?: string;\n  username?: string;\n  preferred_username?: string;\n  name?: string;\n  picture?: string;\n}\nexport const userClaimSchema = z.object({\n  iss: z.string(),\n  sid: z.string().optional(),\n  sub: z.string(),\n  exp: z.number().optional(),\n  iat: z.number().optional(),\n  aud: z.union([z.string(), z.array(z.string())]).optional(),\n  email: z.string().optional(),\n  username: z.string().optional(),\n  preferred_username: z.string().optional(),\n  name: z.string().optional(),\n  picture: z.string().optional(),\n} satisfies RawZodShape<UserClaim>).passthrough();\n\n\nexport type SessionIdPayload = {\n  /* The actual node id that handle the transport session */\n  nodeId: string;\n  /* The signature of the token used to create the session */\n  authSig: string;\n  /* The unique id of the session */\n  uuid: string;\n  /* The timestamp of the session creation */\n  iat: number;\n  /* The protocol used in existing transport */\n  protocol: HttpRequestIntent;\n}\nexport const sessionIdPayloadSchema = z.object({\n  nodeId: z.string(),\n  authSig: z.string(),\n  uuid: z.string().uuid(),\n  iat: z.number(),\n  protocol: z.enum([\n    'legacy-sse',\n    'sse',\n    'streamable-http',\n    'stateful-http',\n    'stateless-http',\n  ]),\n} satisfies RawZodShape<SessionIdPayload>);\n\n\nexport interface Authorization {\n  token: string;\n  user: UserClaim;\n  session?: {\n    id: string;\n    payload: SessionIdPayload;\n  };\n}\n\nexport const sessionIdSchema = z.object({\n  id: z.string(),\n  payload: sessionIdPayloadSchema,\n} satisfies RawZodShape<{ id: string, payload: SessionIdPayload }>);\n\nexport const authorizationSchema = z.object({\n  token: z.string(),\n  session: sessionIdSchema.optional(),\n  user: userClaimSchema,\n} satisfies RawZodShape<Authorization>);\n"]}

package/src/types/common.types.d.ts

@@ -0,0 +1,11 @@
+import { z } from 'zod';
+export type RawZodShape<Type, Base = {}> = {
+    [K in keyof Omit<Type, keyof Base>]-?: z.ZodTypeAny;
+};
+export type RawMetadataShape<Type, Base = {}> = ({
+    [K in keyof Omit<Type, keyof Base>]-?: symbol;
+} & {
+    type: symbol;
+} & {
+    [K in any]: symbol;
+});

package/src/types/common.types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=common.types.js.map

package/src/types/common.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.types.js","sourceRoot":"","sources":["../../../src/types/common.types.ts"],"names":[],"mappings":"","sourcesContent":["import { z } from 'zod';\n\nexport type RawZodShape<Type, Base = {}> = {\n  [K in keyof Omit<Type, keyof Base>]-?: z.ZodTypeAny;\n}\nexport type RawMetadataShape<Type, Base = {}> = ({\n  [K in keyof Omit<Type, keyof Base>]-?: symbol;\n}  & { type: symbol }& { [K in any]:  symbol })"]}

package/src/types/index.d.ts

@@ -0,0 +1,3 @@
+export * from './auth';
+export * from './options';
+export * from './common.types';

package/src/types/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./auth"), exports);
+tslib_1.__exportStar(require("./options"), exports);
+tslib_1.__exportStar(require("./common.types"), exports);
+//# sourceMappingURL=index.js.map

package/src/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":";;;AAAA,iDAAuB;AACvB,oDAA0B;AAC1B,yDAA+B","sourcesContent":["export * from './auth';\nexport * from './options';\nexport * from './common.types';\n"]}

package/src/types/options/auth.options.d.ts

@@ -0,0 +1,513 @@
+import { z } from 'zod';
+import { JSONWebKeySet, JWK } from '../auth';
+export type RemoteAuthOptions = {
+    type: 'remote';
+    /**
+     * unique id for the provider
+     */
+    id?: string;
+    /**
+     * human-readable name for the provider
+     */
+    name: string;
+    /**
+     * base url of the provider
+     * if the provider does not support dcr it will be used with local auth provider proxy
+     * to register client dynamically you have to provide client id for the registration flow
+     * @example https://my-company.frontegg.com
+     */
+    baseUrl: string;
+    /**
+     * enable dynamic client registration (DCR) flow, if your provider does not support DCR
+     * you can set this to false and provide clientId for authorization flow, we will use local auth provider proxy
+     * to register a dynamic client with the provided clientId or by called clientId function with client info
+     * by default, the provider will use the registration endpoint to register the client dynamically
+     */
+    dcrEnabled?: boolean;
+    /**
+     * Only used if your auth provider does not support DCR.
+     * for Dcr auth provider the client id acquired by the registration flow
+     */
+    clientId?: string | ((clientInfo: {
+        clientId: string;
+    }) => string);
+    /**
+     * Set default gateway oauth server mode, this will be overridden by discovery flow.
+     * if set to transparent and the discovery flow detect orchestrated mode it will switch to orchestrated mode
+     * @default 'transparent'
+     */
+    mode?: 'orchestrated' | 'transparent';
+    /**
+     * allow anonymous access to the provider
+     * @default false - allowing anonymous access will make the provider to issue an orchestrated token
+     */
+    allowAnonymous?: boolean;
+    /**
+     * allow consent mode to select tools/resource/prompts after authorization
+     * for scoped based access token
+     * @default false - allowing anonymous access will make the provider to issue an orchestrated token
+     */
+    consent?: boolean;
+    /**
+     * scopes for the token endpoint
+     * @default undefined - all scopes supported by th provider
+     */
+    scopes?: string[];
+    /**
+     * authorization provider supported grant types, currently only authorization_code and refresh_token are supported
+     * @default undefined - default is what presented in the /.well-known/oauth-authorization-server
+     */
+    grantTypes?: ('authorization_code' | 'refresh_token')[];
+    /**
+     * authorization endpoint for the provider
+     * @default undefined - default is what presented in the /.well-known/oauth-authorization-server
+     */
+    authEndpoint?: string;
+    /**
+     * token endpoint for the provider
+     * @default undefined - default is what presented in the /.well-known/oauth-authorization-server
+     */
+    tokenEndpoint?: string;
+    /**
+     * registration endpoint for the provider (DCR)
+     * @default undefined - default is what presented in the /.well-known/oauth-authorization-server
+     */
+    registrationEndpoint?: string;
+    /**
+     * user info endpoint for the provider
+     * @default undefined - default is what presented in the /.well-known/oauth-authorization-server
+     */
+    userInfoEndpoint?: string;
+    /**
+     * Inline JWKS for the provider to verify tokens without automatic fetching
+     * @default undefined - default is what presented in the /.well-known/jwks.json
+     */
+    jwks?: JSONWebKeySet;
+    /**
+     * jwks uri for the provider
+     * @default undefined - default is what presented in the /.well-known/oauth-authorization-server
+     */
+    jwksUri?: string;
+};
+export declare const remoteAuthOptionsSchema: z.ZodObject<{
+    type: z.ZodLiteral<"remote">;
+    id: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    baseUrl: z.ZodString;
+    dcrEnabled: z.ZodOptional<z.ZodBoolean>;
+    clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodObject<{
+        clientId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        clientId: string;
+    }, {
+        clientId: string;
+    }>], z.ZodUnknown>, z.ZodString>]>>;
+    mode: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"orchestrated">, z.ZodLiteral<"transparent">]>>;
+    allowAnonymous: z.ZodOptional<z.ZodBoolean>;
+    consent: z.ZodOptional<z.ZodBoolean>;
+    jwks: z.ZodOptional<z.ZodObject<{
+        keys: z.ZodArray<z.ZodType<JWK, z.ZodTypeDef, JWK>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        keys: JWK[];
+    }, {
+        keys: JWK[];
+    }>>;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    grantTypes: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>, "many">>;
+    authEndpoint: z.ZodOptional<z.ZodString>;
+    tokenEndpoint: z.ZodOptional<z.ZodString>;
+    registrationEndpoint: z.ZodOptional<z.ZodString>;
+    userInfoEndpoint: z.ZodOptional<z.ZodString>;
+    jwksUri: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    type: "remote";
+    baseUrl: string;
+    id?: string | undefined;
+    dcrEnabled?: boolean | undefined;
+    clientId?: string | ((args_0: {
+        clientId: string;
+    }, ...args: unknown[]) => string) | undefined;
+    mode?: "orchestrated" | "transparent" | undefined;
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    authEndpoint?: string | undefined;
+    tokenEndpoint?: string | undefined;
+    registrationEndpoint?: string | undefined;
+    userInfoEndpoint?: string | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    jwksUri?: string | undefined;
+}, {
+    name: string;
+    type: "remote";
+    baseUrl: string;
+    id?: string | undefined;
+    dcrEnabled?: boolean | undefined;
+    clientId?: string | ((args_0: {
+        clientId: string;
+    }, ...args: unknown[]) => string) | undefined;
+    mode?: "orchestrated" | "transparent" | undefined;
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    authEndpoint?: string | undefined;
+    tokenEndpoint?: string | undefined;
+    registrationEndpoint?: string | undefined;
+    userInfoEndpoint?: string | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    jwksUri?: string | undefined;
+}>;
+export type LocalAuthOptions = {
+    type: 'local';
+    /**
+     * unique id for the provider
+     */
+    id: string;
+    /**
+     * human-readable name for the provider
+     */
+    name: string;
+    /**
+     * scopes for the token endpoint
+     * @default undefined - all scopes supported by th provider
+     */
+    scopes?: string[];
+    /**
+     * currently only authorization_code and refresh_token are supported
+     * @default ['authorization_code', 'refresh_token']
+     */
+    grantTypes?: ('authorization_code' | 'refresh_token')[];
+    /**
+     * allow anonymous access to the provider
+     * in this case the provider will act as an authorization server
+     * @default true
+     */
+    allowAnonymous?: boolean;
+    /**
+     * allow consent mode to select tools/resource/prompts after authorization
+     * for scoped based access token
+     * @default false - allowing anonymous access will make the provider to issue an orchestrated token
+     */
+    consent?: boolean;
+    /**
+     * Inline JWKS for the provider to verify tokens for local provider
+     * it will also used in /.well-known/jwks.json
+     * @default undefined - default is auto generated keys and saved in the temp folder
+     */
+    jwks?: JSONWebKeySet;
+    /**
+     * private key signing tokens for local provider
+     * @default undefined - default is auto generated keys and saved in the temp folder
+     */
+    signKey?: JWK | Uint8Array;
+};
+export declare const localAuthOptionsSchema: z.ZodObject<{
+    type: z.ZodLiteral<"local">;
+    id: z.ZodString;
+    name: z.ZodString;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    grantTypes: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>, "many">>;
+    allowAnonymous: z.ZodOptional<z.ZodBoolean>;
+    consent: z.ZodOptional<z.ZodBoolean>;
+    jwks: z.ZodOptional<z.ZodObject<{
+        keys: z.ZodArray<z.ZodType<JWK, z.ZodTypeDef, JWK>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        keys: JWK[];
+    }, {
+        keys: JWK[];
+    }>>;
+    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, z.ZodTypeDef, JWK>, z.ZodType<Uint8Array<ArrayBuffer>, z.ZodTypeDef, Uint8Array<ArrayBuffer>>]>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    id: string;
+    type: "local";
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    signKey?: JWK | Uint8Array<ArrayBuffer> | undefined;
+}, {
+    name: string;
+    id: string;
+    type: "local";
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    signKey?: JWK | Uint8Array<ArrayBuffer> | undefined;
+}>;
+export declare const authOptionsSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    type: z.ZodLiteral<"remote">;
+    id: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    baseUrl: z.ZodString;
+    dcrEnabled: z.ZodOptional<z.ZodBoolean>;
+    clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodObject<{
+        clientId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        clientId: string;
+    }, {
+        clientId: string;
+    }>], z.ZodUnknown>, z.ZodString>]>>;
+    mode: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"orchestrated">, z.ZodLiteral<"transparent">]>>;
+    allowAnonymous: z.ZodOptional<z.ZodBoolean>;
+    consent: z.ZodOptional<z.ZodBoolean>;
+    jwks: z.ZodOptional<z.ZodObject<{
+        keys: z.ZodArray<z.ZodType<JWK, z.ZodTypeDef, JWK>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        keys: JWK[];
+    }, {
+        keys: JWK[];
+    }>>;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    grantTypes: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>, "many">>;
+    authEndpoint: z.ZodOptional<z.ZodString>;
+    tokenEndpoint: z.ZodOptional<z.ZodString>;
+    registrationEndpoint: z.ZodOptional<z.ZodString>;
+    userInfoEndpoint: z.ZodOptional<z.ZodString>;
+    jwksUri: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    type: "remote";
+    baseUrl: string;
+    id?: string | undefined;
+    dcrEnabled?: boolean | undefined;
+    clientId?: string | ((args_0: {
+        clientId: string;
+    }, ...args: unknown[]) => string) | undefined;
+    mode?: "orchestrated" | "transparent" | undefined;
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    authEndpoint?: string | undefined;
+    tokenEndpoint?: string | undefined;
+    registrationEndpoint?: string | undefined;
+    userInfoEndpoint?: string | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    jwksUri?: string | undefined;
+}, {
+    name: string;
+    type: "remote";
+    baseUrl: string;
+    id?: string | undefined;
+    dcrEnabled?: boolean | undefined;
+    clientId?: string | ((args_0: {
+        clientId: string;
+    }, ...args: unknown[]) => string) | undefined;
+    mode?: "orchestrated" | "transparent" | undefined;
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    authEndpoint?: string | undefined;
+    tokenEndpoint?: string | undefined;
+    registrationEndpoint?: string | undefined;
+    userInfoEndpoint?: string | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    jwksUri?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodLiteral<"local">;
+    id: z.ZodString;
+    name: z.ZodString;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    grantTypes: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>, "many">>;
+    allowAnonymous: z.ZodOptional<z.ZodBoolean>;
+    consent: z.ZodOptional<z.ZodBoolean>;
+    jwks: z.ZodOptional<z.ZodObject<{
+        keys: z.ZodArray<z.ZodType<JWK, z.ZodTypeDef, JWK>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        keys: JWK[];
+    }, {
+        keys: JWK[];
+    }>>;
+    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, z.ZodTypeDef, JWK>, z.ZodType<Uint8Array<ArrayBuffer>, z.ZodTypeDef, Uint8Array<ArrayBuffer>>]>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    id: string;
+    type: "local";
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    signKey?: JWK | Uint8Array<ArrayBuffer> | undefined;
+}, {
+    name: string;
+    id: string;
+    type: "local";
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    signKey?: JWK | Uint8Array<ArrayBuffer> | undefined;
+}>]>;
+export type AuthOptions = RemoteAuthOptions | LocalAuthOptions;
+type StandaloneOption = {
+    /**
+     * if the provider is standalone or not, if standalone it will register an oauth service provider
+     * on app's entry path, if not standalone it will be registered as a child provider
+     * under the root provider
+     * @default false
+     */
+    standalone?: boolean;
+    /**
+     * if the provider should be excluded from the parent provider's discovery
+     * this used for standalone providers
+     * @default false
+     */
+    excludeFromParent?: boolean;
+};
+export declare const appAuthOptionsSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    type: z.ZodLiteral<"remote">;
+    id: z.ZodOptional<z.ZodString>;
+    name: z.ZodString;
+    baseUrl: z.ZodString;
+    dcrEnabled: z.ZodOptional<z.ZodBoolean>;
+    clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodObject<{
+        clientId: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        clientId: string;
+    }, {
+        clientId: string;
+    }>], z.ZodUnknown>, z.ZodString>]>>;
+    mode: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"orchestrated">, z.ZodLiteral<"transparent">]>>;
+    allowAnonymous: z.ZodOptional<z.ZodBoolean>;
+    consent: z.ZodOptional<z.ZodBoolean>;
+    jwks: z.ZodOptional<z.ZodObject<{
+        keys: z.ZodArray<z.ZodType<JWK, z.ZodTypeDef, JWK>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        keys: JWK[];
+    }, {
+        keys: JWK[];
+    }>>;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    grantTypes: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>, "many">>;
+    authEndpoint: z.ZodOptional<z.ZodString>;
+    tokenEndpoint: z.ZodOptional<z.ZodString>;
+    registrationEndpoint: z.ZodOptional<z.ZodString>;
+    userInfoEndpoint: z.ZodOptional<z.ZodString>;
+    jwksUri: z.ZodOptional<z.ZodString>;
+} & {
+    standalone: z.ZodOptional<z.ZodBoolean>;
+    excludeFromParent: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    type: "remote";
+    baseUrl: string;
+    id?: string | undefined;
+    dcrEnabled?: boolean | undefined;
+    clientId?: string | ((args_0: {
+        clientId: string;
+    }, ...args: unknown[]) => string) | undefined;
+    mode?: "orchestrated" | "transparent" | undefined;
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    authEndpoint?: string | undefined;
+    tokenEndpoint?: string | undefined;
+    registrationEndpoint?: string | undefined;
+    userInfoEndpoint?: string | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    jwksUri?: string | undefined;
+    standalone?: boolean | undefined;
+    excludeFromParent?: boolean | undefined;
+}, {
+    name: string;
+    type: "remote";
+    baseUrl: string;
+    id?: string | undefined;
+    dcrEnabled?: boolean | undefined;
+    clientId?: string | ((args_0: {
+        clientId: string;
+    }, ...args: unknown[]) => string) | undefined;
+    mode?: "orchestrated" | "transparent" | undefined;
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    authEndpoint?: string | undefined;
+    tokenEndpoint?: string | undefined;
+    registrationEndpoint?: string | undefined;
+    userInfoEndpoint?: string | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    jwksUri?: string | undefined;
+    standalone?: boolean | undefined;
+    excludeFromParent?: boolean | undefined;
+}>, z.ZodObject<{
+    type: z.ZodLiteral<"local">;
+    id: z.ZodString;
+    name: z.ZodString;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    grantTypes: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"authorization_code">, z.ZodLiteral<"refresh_token">]>, "many">>;
+    allowAnonymous: z.ZodOptional<z.ZodBoolean>;
+    consent: z.ZodOptional<z.ZodBoolean>;
+    jwks: z.ZodOptional<z.ZodObject<{
+        keys: z.ZodArray<z.ZodType<JWK, z.ZodTypeDef, JWK>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        keys: JWK[];
+    }, {
+        keys: JWK[];
+    }>>;
+    signKey: z.ZodOptional<z.ZodUnion<[z.ZodType<JWK, z.ZodTypeDef, JWK>, z.ZodType<Uint8Array<ArrayBuffer>, z.ZodTypeDef, Uint8Array<ArrayBuffer>>]>>;
+} & {
+    standalone: z.ZodOptional<z.ZodBoolean>;
+    excludeFromParent: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    id: string;
+    type: "local";
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    signKey?: JWK | Uint8Array<ArrayBuffer> | undefined;
+    standalone?: boolean | undefined;
+    excludeFromParent?: boolean | undefined;
+}, {
+    name: string;
+    id: string;
+    type: "local";
+    allowAnonymous?: boolean | undefined;
+    consent?: boolean | undefined;
+    scopes?: string[] | undefined;
+    grantTypes?: ("authorization_code" | "refresh_token")[] | undefined;
+    jwks?: {
+        keys: JWK[];
+    } | undefined;
+    signKey?: JWK | Uint8Array<ArrayBuffer> | undefined;
+    standalone?: boolean | undefined;
+    excludeFromParent?: boolean | undefined;
+}>]>;
+export type AppAuthOptions = (RemoteAuthOptions | LocalAuthOptions) & StandaloneOption;
+export {};

package/src/types/options/auth.options.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.appAuthOptionsSchema = exports.authOptionsSchema = exports.localAuthOptionsSchema = exports.remoteAuthOptionsSchema = void 0;
+const zod_1 = require("zod");
+const auth_1 = require("../auth");
+exports.remoteAuthOptionsSchema = zod_1.z.object({
+    type: zod_1.z.literal('remote'),
+    id: zod_1.z.string().optional(),
+    name: zod_1.z.string(),
+    baseUrl: zod_1.z.string(),
+    dcrEnabled: zod_1.z.boolean().optional(),
+    clientId: zod_1.z
+        .union([
+        zod_1.z.string(),
+        zod_1.z.function().args(zod_1.z.object({ clientId: zod_1.z.string() })).returns(zod_1.z.string())
+    ])
+        .optional(),
+    mode: zod_1.z.union([zod_1.z.literal('orchestrated'), zod_1.z.literal('transparent')]).optional(),
+    allowAnonymous: zod_1.z.boolean().optional(),
+    consent: zod_1.z.boolean().optional(),
+    jwks: auth_1.jsonWebKeySetSchema.optional(),
+    scopes: zod_1.z.array(zod_1.z.string()).optional(),
+    grantTypes: zod_1.z.array(zod_1.z.union([zod_1.z.literal('authorization_code'), zod_1.z.literal('refresh_token')])).optional(),
+    authEndpoint: zod_1.z.string().optional(),
+    tokenEndpoint: zod_1.z.string().optional(),
+    registrationEndpoint: zod_1.z.string().optional(),
+    userInfoEndpoint: zod_1.z.string().optional(),
+    jwksUri: zod_1.z.string().optional(),
+});
+exports.localAuthOptionsSchema = zod_1.z.object({
+    type: zod_1.z.literal('local'),
+    id: zod_1.z.string(),
+    name: zod_1.z.string(),
+    scopes: zod_1.z.array(zod_1.z.string()).optional(),
+    grantTypes: zod_1.z.array(zod_1.z.union([zod_1.z.literal('authorization_code'), zod_1.z.literal('refresh_token')])).optional(),
+    allowAnonymous: zod_1.z.boolean().optional(),
+    consent: zod_1.z.boolean().optional(),
+    jwks: auth_1.jsonWebKeySetSchema.optional(),
+    signKey: auth_1.jwkSchema.or(zod_1.z.instanceof(Uint8Array)).optional(),
+});
+exports.authOptionsSchema = zod_1.z.discriminatedUnion('type', [
+    exports.remoteAuthOptionsSchema,
+    exports.localAuthOptionsSchema,
+]);
+const standaloneOptionSchema = {
+    standalone: zod_1.z.boolean().optional(),
+    excludeFromParent: zod_1.z.boolean().optional(),
+};
+exports.appAuthOptionsSchema = zod_1.z.discriminatedUnion('type', [
+    exports.remoteAuthOptionsSchema.extend(standaloneOptionSchema),
+    exports.localAuthOptionsSchema.extend(standaloneOptionSchema),
+]);
+//# sourceMappingURL=auth.options.js.map