@go-mondo/identity-sdk 0.0.1 → 0.0.2-beta.3

package/dist/cjs/oauth/authorize/index.d.ts

@@ -0,0 +1,2 @@
+export * from './schema/schema.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/oauth/authorize/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/oauth/authorize/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC"}

package/dist/cjs/oauth/authorize/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./schema/schema.js"), exports);

package/dist/cjs/oauth/authorize/schema/grants/authorization-code.d.ts

@@ -0,0 +1,29 @@
+export declare const AuthorizationCodeSchema: import("arktype/out/methods/object.js").ObjectType<{
+    response_type: "code";
+    client_id: string;
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    state?: string | undefined;
+    nonce?: string | undefined;
+    display?: "page" | "popup" | "touch" | "wap" | undefined;
+    prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+    max_age?: number | undefined;
+    code_challenge_method?: "S256" | "plain" | undefined;
+    code_challenge?: string | undefined;
+    audience?: string | undefined;
+} | {
+    response_type: "code";
+    client_id: string;
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    state?: string | undefined;
+    nonce?: string | undefined;
+    display?: "page" | "popup" | "touch" | "wap" | undefined;
+    prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+    max_age?: number | undefined;
+    code_challenge_method: "S256" | "plain";
+    code_challenge: string;
+    audience?: string | undefined;
+}, {}>;
+export type AuthorizationCodePayload = typeof AuthorizationCodeSchema.inferOut;
+//# sourceMappingURL=authorization-code.d.ts.map

package/dist/cjs/oauth/authorize/schema/grants/authorization-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAwCA,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;MAEd,CAAC;AACvB,MAAM,MAAM,wBAAwB,GAAG,OAAO,uBAAuB,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/authorize/schema/grants/authorization-code.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationCodeSchema = void 0;
+const arktype_1 = require("arktype");
+const app_js_1 = require("../../../../app/schema/app.js");
+const schema_js_1 = require("../../../common/schema.js");
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1
+ */
+const ResponseTypeSchema = arktype_1.type.enumerated(schema_js_1.ResponseType.CODE);
+const PKCESchema = (0, arktype_1.type)({
+    code_challenge_method: schema_js_1.CodeChallengeMethodSchema.optional(),
+    code_challenge: (0, arktype_1.type)('string').optional(),
+}).or({
+    code_challenge_method: schema_js_1.CodeChallengeMethodSchema,
+    code_challenge: (0, arktype_1.type)('string'),
+});
+const OAuthSchema = (0, arktype_1.type)({
+    response_type: ResponseTypeSchema,
+    client_id: app_js_1.AppIdSchema,
+    redirect_uri: (0, arktype_1.type)('string.url').optional(),
+    scope: (0, arktype_1.type)('string').optional(),
+    state: (0, arktype_1.type)('string').optional(),
+});
+const OIDCSchema = (0, arktype_1.type)({
+    nonce: (0, arktype_1.type)('string').optional(),
+    display: schema_js_1.AuthorizationDisplaySchema.optional(),
+    prompt: schema_js_1.AuthorizationPromptSchema.optional(),
+    max_age: (0, arktype_1.type)('number').optional(),
+});
+exports.AuthorizationCodeSchema = OAuthSchema.and(OIDCSchema)
+    .and(PKCESchema)
+    .and(schema_js_1.OptionalSchema);

package/dist/cjs/oauth/authorize/schema/grants/implicit.d.ts

@@ -0,0 +1,11 @@
+export declare const ImplicitSchema: import("arktype/out/methods/object.js").ObjectType<{
+    response_type: "token" | "id_token" | "string string" | "string number" | "string bigint" | "string boolean" | "string symbol" | "string undefined" | "string object" | "string function" | "number string" | "number number" | "number bigint" | "number boolean" | "number symbol" | "number undefined" | "number object" | "number function" | "bigint string" | "bigint number" | "bigint bigint" | "bigint boolean" | "bigint symbol" | "bigint undefined" | "bigint object" | "bigint function" | "boolean string" | "boolean number" | "boolean bigint" | "boolean boolean" | "boolean symbol" | "boolean undefined" | "boolean object" | "boolean function" | "symbol string" | "symbol number" | "symbol bigint" | "symbol boolean" | "symbol symbol" | "symbol undefined" | "symbol object" | "symbol function" | "undefined string" | "undefined number" | "undefined bigint" | "undefined boolean" | "undefined symbol" | "undefined undefined" | "undefined object" | "undefined function" | "object string" | "object number" | "object bigint" | "object boolean" | "object symbol" | "object undefined" | "object object" | "object function" | "function string" | "function number" | "function bigint" | "function boolean" | "function symbol" | "function undefined" | "function object" | "function function";
+    client_id: string;
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    state?: string | undefined;
+    nonce?: string | undefined;
+    audience?: string | undefined;
+}, {}>;
+export type ImplicitPayload = typeof ImplicitSchema.inferOut;
+//# sourceMappingURL=implicit.d.ts.map

package/dist/cjs/oauth/authorize/schema/grants/implicit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"implicit.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/implicit.ts"],"names":[],"mappings":"AA2BA,eAAO,MAAM,cAAc;;;;;;;;MAAkD,CAAC;AAC9E,MAAM,MAAM,eAAe,GAAG,OAAO,cAAc,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/authorize/schema/grants/implicit.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ImplicitSchema = void 0;
+const arktype_1 = require("arktype");
+const schema_js_1 = require("../../../common/schema.js");
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.1
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.2.2.1
+ */
+const ResponseTypeSchema = arktype_1.type.enumerated(schema_js_1.ResponseType.TOKEN, schema_js_1.ResponseType.ID_TOKEN, `${typeof schema_js_1.ResponseType.ID_TOKEN} ${typeof schema_js_1.ResponseType.TOKEN}`, `${typeof schema_js_1.ResponseType.TOKEN} ${typeof schema_js_1.ResponseType.ID_TOKEN}`);
+const OAuthSchema = (0, arktype_1.type)({
+    response_type: ResponseTypeSchema,
+    client_id: (0, arktype_1.type)('string'),
+    redirect_uri: (0, arktype_1.type)('string.url').optional(),
+    scope: (0, arktype_1.type)('string').optional(),
+    state: (0, arktype_1.type)('string').optional(),
+});
+const OIDCSchema = (0, arktype_1.type)({
+    nonce: (0, arktype_1.type)('string').optional(), // OIDC (this is required if resposne_type includes ID TOKEN)
+});
+exports.ImplicitSchema = OAuthSchema.and(OIDCSchema).and(schema_js_1.OptionalSchema);

package/dist/cjs/oauth/authorize/schema/schema.d.ts

@@ -0,0 +1,42 @@
+export * from './grants/authorization-code.js';
+export * from './grants/implicit.js';
+/**
+ * Union(s)
+ */
+export declare const Schema: import("arktype/out/methods/object.js").ObjectType<{
+    response_type: "code";
+    client_id: string;
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    state?: string | undefined;
+    nonce?: string | undefined;
+    display?: "page" | "popup" | "touch" | "wap" | undefined;
+    prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+    max_age?: number | undefined;
+    code_challenge_method?: "S256" | "plain" | undefined;
+    code_challenge?: string | undefined;
+    audience?: string | undefined;
+} | {
+    response_type: "code";
+    client_id: string;
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    state?: string | undefined;
+    nonce?: string | undefined;
+    display?: "page" | "popup" | "touch" | "wap" | undefined;
+    prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+    max_age?: number | undefined;
+    code_challenge_method: "S256" | "plain";
+    code_challenge: string;
+    audience?: string | undefined;
+} | {
+    response_type: "token" | "id_token" | "string string" | "string number" | "string bigint" | "string boolean" | "string symbol" | "string undefined" | "string object" | "string function" | "number string" | "number number" | "number bigint" | "number boolean" | "number symbol" | "number undefined" | "number object" | "number function" | "bigint string" | "bigint number" | "bigint bigint" | "bigint boolean" | "bigint symbol" | "bigint undefined" | "bigint object" | "bigint function" | "boolean string" | "boolean number" | "boolean bigint" | "boolean boolean" | "boolean symbol" | "boolean undefined" | "boolean object" | "boolean function" | "symbol string" | "symbol number" | "symbol bigint" | "symbol boolean" | "symbol symbol" | "symbol undefined" | "symbol object" | "symbol function" | "undefined string" | "undefined number" | "undefined bigint" | "undefined boolean" | "undefined symbol" | "undefined undefined" | "undefined object" | "undefined function" | "object string" | "object number" | "object bigint" | "object boolean" | "object symbol" | "object undefined" | "object object" | "object function" | "function string" | "function number" | "function bigint" | "function boolean" | "function symbol" | "function undefined" | "function object" | "function function";
+    client_id: string;
+    redirect_uri?: string | undefined;
+    scope?: string | undefined;
+    state?: string | undefined;
+    nonce?: string | undefined;
+    audience?: string | undefined;
+}, {}>;
+export type Payload = typeof Schema.inferOut;
+//# sourceMappingURL=schema.d.ts.map

package/dist/cjs/oauth/authorize/schema/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/authorize/schema/schema.ts"],"names":[],"mappings":"AAGA,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sBAAsB,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAA6C,CAAC;AACjE,MAAM,MAAM,OAAO,GAAG,OAAO,MAAM,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/authorize/schema/schema.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Schema = void 0;
+const authorization_code_js_1 = require("./grants/authorization-code.js");
+const implicit_js_1 = require("./grants/implicit.js");
+__exportStar(require("./grants/authorization-code.js"), exports);
+__exportStar(require("./grants/implicit.js"), exports);
+/**
+ * Union(s)
+ */
+exports.Schema = authorization_code_js_1.AuthorizationCodeSchema.or(implicit_js_1.ImplicitSchema);

package/dist/cjs/oauth/common/schema.d.ts

@@ -0,0 +1,62 @@
+export declare const GrantType: {
+    readonly CLIENT_CREDENTIALS: "client_credentials";
+    readonly AUTHORIZATION_CODE: "authorization_code";
+    readonly IMPLICIT: "implicit";
+    readonly REFRESH_TOKEN: "refresh_token";
+};
+export type AnyGrantType = (typeof GrantType)[keyof typeof GrantType];
+export declare const ResponseType: {
+    readonly ID_TOKEN: "id_token";
+    readonly TOKEN: "token";
+    readonly CODE: "code";
+};
+export type AnyResponseType = (typeof ResponseType)[keyof typeof ResponseType];
+export declare const CodeChallengeMethod: {
+    readonly DEFAULT: "S256";
+    readonly S256: "S256";
+    readonly PLAIN: "plain";
+};
+export type AnyCodeChallengeMethod = (typeof CodeChallengeMethod)[keyof typeof CodeChallengeMethod];
+export declare const CodeChallengeMethodSchema: import("arktype/out/methods/string").StringType<"S256" | "plain", {}>;
+export declare const AuthorizationDisplay: {
+    readonly PAGE: "page";
+    readonly POPUP: "popup";
+    readonly TOUCH: "touch";
+    readonly WAP: "wap";
+};
+export type AnyAuthorizationDisplay = (typeof AuthorizationDisplay)[keyof typeof AuthorizationDisplay];
+export declare const AuthorizationDisplaySchema: import("arktype/out/methods/string").StringType<"page" | "popup" | "touch" | "wap", {}>;
+export declare const AuthorizationPrompt: {
+    readonly NONE: "none";
+    readonly LOGIN: "login";
+    readonly CONSENT: "consent";
+    readonly SELECT_ACCOUNT: "select_account";
+};
+export type AnyAuthorizationPrompt = (typeof AuthorizationPrompt)[keyof typeof AuthorizationPrompt];
+export declare const AuthorizationPromptSchema: import("arktype/out/methods/string").StringType<"none" | "login" | "consent" | "select_account", {}>;
+export declare const OptionalSchema: import("arktype/out/methods/object").ObjectType<{
+    audience?: string | undefined;
+}, {}>;
+export declare const OIDCScope: {
+    readonly OPENID: "openid";
+    readonly PROFILE: "profile";
+    readonly EMAIL: "email";
+    readonly ADDRESS: "address";
+    readonly PHONE: "phone";
+};
+export type AnyOIDCScope = (typeof OIDCScope)[keyof typeof OIDCScope];
+export declare const OAuthScope: {
+    readonly OFFLINE_ACCESS: "offline_access";
+};
+export type AnyOAuthScope = (typeof OAuthScope)[keyof typeof OAuthScope];
+export declare const Scope: {
+    OFFLINE_ACCESS: "offline_access";
+    OPENID: "openid";
+    PROFILE: "profile";
+    EMAIL: "email";
+    ADDRESS: "address";
+    PHONE: "phone";
+};
+export type AnyScope = AnyOAuthScope | AnyOIDCScope | string;
+export declare const ScopeSchema: import("arktype/out/methods/string").StringType<string, {}>;
+//# sourceMappingURL=schema.d.ts.map

package/dist/cjs/oauth/common/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/oauth/common/schema.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,SAAS;;;;;CAKZ,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,YAAY;;;;CAIf,CAAC;AACX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC;AAG/E,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AACX,MAAM,MAAM,sBAAsB,GAChC,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AACjE,eAAO,MAAM,yBAAyB,uEAGrC,CAAC;AAEF,eAAO,MAAM,oBAAoB;;;;;CAKvB,CAAC;AACX,MAAM,MAAM,uBAAuB,GACjC,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,OAAO,oBAAoB,CAAC,CAAC;AACnE,eAAO,MAAM,0BAA0B,yFAKtC,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AACX,MAAM,MAAM,sBAAsB,GAChC,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AACjE,eAAO,MAAM,yBAAyB,sGAKrC,CAAC;AAEF,eAAO,MAAM,cAAc;;MAEzB,CAAC;AAEH,eAAO,MAAM,SAAS;;;;;;CAMZ,CAAC;AACX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,UAAU;;CAEb,CAAC;AACX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEzE,eAAO,MAAM,KAAK;;;;;;;CAGjB,CAAC;AACF,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,YAAY,GAAG,MAAM,CAAC;AAC7D,eAAO,MAAM,WAAW,6DAAiB,CAAC"}

package/dist/cjs/oauth/common/schema.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeSchema = exports.Scope = exports.OAuthScope = exports.OIDCScope = exports.OptionalSchema = exports.AuthorizationPromptSchema = exports.AuthorizationPrompt = exports.AuthorizationDisplaySchema = exports.AuthorizationDisplay = exports.CodeChallengeMethodSchema = exports.CodeChallengeMethod = exports.ResponseType = exports.GrantType = void 0;
+const arktype_1 = require("arktype");
+exports.GrantType = {
+    CLIENT_CREDENTIALS: 'client_credentials',
+    AUTHORIZATION_CODE: 'authorization_code',
+    IMPLICIT: 'implicit',
+    REFRESH_TOKEN: 'refresh_token',
+};
+exports.ResponseType = {
+    ID_TOKEN: 'id_token',
+    TOKEN: 'token',
+    CODE: 'code',
+};
+// export const ResponseTypeSchema = type.enumerated(ResponseType.CODE, ResponseType.ID_TOKEN, ResponseType.TOKEN)
+exports.CodeChallengeMethod = {
+    DEFAULT: 'S256',
+    S256: 'S256',
+    PLAIN: 'plain',
+};
+exports.CodeChallengeMethodSchema = arktype_1.type.enumerated(exports.CodeChallengeMethod.PLAIN, exports.CodeChallengeMethod.S256);
+exports.AuthorizationDisplay = {
+    PAGE: 'page',
+    POPUP: 'popup',
+    TOUCH: 'touch',
+    WAP: 'wap',
+};
+exports.AuthorizationDisplaySchema = arktype_1.type.enumerated(exports.AuthorizationDisplay.PAGE, exports.AuthorizationDisplay.POPUP, exports.AuthorizationDisplay.TOUCH, exports.AuthorizationDisplay.WAP);
+exports.AuthorizationPrompt = {
+    NONE: 'none',
+    LOGIN: 'login',
+    CONSENT: 'consent',
+    SELECT_ACCOUNT: 'select_account',
+};
+exports.AuthorizationPromptSchema = arktype_1.type.enumerated(exports.AuthorizationPrompt.NONE, exports.AuthorizationPrompt.LOGIN, exports.AuthorizationPrompt.CONSENT, exports.AuthorizationPrompt.SELECT_ACCOUNT);
+exports.OptionalSchema = (0, arktype_1.type)({
+    audience: (0, arktype_1.type)('string').optional(),
+});
+exports.OIDCScope = {
+    OPENID: 'openid',
+    PROFILE: 'profile',
+    EMAIL: 'email',
+    ADDRESS: 'address',
+    PHONE: 'phone',
+};
+exports.OAuthScope = {
+    OFFLINE_ACCESS: 'offline_access',
+};
+exports.Scope = {
+    ...exports.OIDCScope,
+    ...exports.OAuthScope,
+};
+exports.ScopeSchema = (0, arktype_1.type)('string');

package/dist/cjs/oauth/index.d.ts

@@ -0,0 +1,4 @@
+export { AuthorizationDisplay, AuthorizationDisplaySchema, AuthorizationPrompt, AuthorizationPromptSchema, CodeChallengeMethod, CodeChallengeMethodSchema, GrantType, OAuthScope, OIDCScope, ResponseType, type AnyAuthorizationDisplay, type AnyAuthorizationPrompt, type AnyCodeChallengeMethod, type AnyGrantType, type AnyOAuthScope, type AnyOIDCScope, type AnyResponseType, type AnyScope, } from './common/schema.js';
+export * as Authorize from './authorize/index.js';
+export * as Token from './token/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,mBAAmB,EACnB,yBAAyB,EACzB,mBAAmB,EACnB,yBAAyB,EACzB,SAAS,EACT,UAAU,EACV,SAAS,EACT,YAAY,EACZ,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,EAC3B,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,QAAQ,GACd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,SAAS,MAAM,sBAAsB,CAAC;AAClD,OAAO,KAAK,KAAK,MAAM,kBAAkB,CAAC"}

package/dist/cjs/oauth/index.js

@@ -0,0 +1,49 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Token = exports.Authorize = exports.ResponseType = exports.OIDCScope = exports.OAuthScope = exports.GrantType = exports.CodeChallengeMethodSchema = exports.CodeChallengeMethod = exports.AuthorizationPromptSchema = exports.AuthorizationPrompt = exports.AuthorizationDisplaySchema = exports.AuthorizationDisplay = void 0;
+var schema_js_1 = require("./common/schema.js");
+Object.defineProperty(exports, "AuthorizationDisplay", { enumerable: true, get: function () { return schema_js_1.AuthorizationDisplay; } });
+Object.defineProperty(exports, "AuthorizationDisplaySchema", { enumerable: true, get: function () { return schema_js_1.AuthorizationDisplaySchema; } });
+Object.defineProperty(exports, "AuthorizationPrompt", { enumerable: true, get: function () { return schema_js_1.AuthorizationPrompt; } });
+Object.defineProperty(exports, "AuthorizationPromptSchema", { enumerable: true, get: function () { return schema_js_1.AuthorizationPromptSchema; } });
+Object.defineProperty(exports, "CodeChallengeMethod", { enumerable: true, get: function () { return schema_js_1.CodeChallengeMethod; } });
+Object.defineProperty(exports, "CodeChallengeMethodSchema", { enumerable: true, get: function () { return schema_js_1.CodeChallengeMethodSchema; } });
+Object.defineProperty(exports, "GrantType", { enumerable: true, get: function () { return schema_js_1.GrantType; } });
+Object.defineProperty(exports, "OAuthScope", { enumerable: true, get: function () { return schema_js_1.OAuthScope; } });
+Object.defineProperty(exports, "OIDCScope", { enumerable: true, get: function () { return schema_js_1.OIDCScope; } });
+Object.defineProperty(exports, "ResponseType", { enumerable: true, get: function () { return schema_js_1.ResponseType; } });
+exports.Authorize = __importStar(require("./authorize/index.js"));
+exports.Token = __importStar(require("./token/index.js"));

package/dist/cjs/oauth/token/index.d.ts

@@ -0,0 +1,2 @@
+export * from './schema/schema.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/oauth/token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/oauth/token/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC"}

package/dist/cjs/oauth/token/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./schema/schema.js"), exports);

package/dist/cjs/oauth/token/schema/grants/authorization-code.d.ts

@@ -0,0 +1,10 @@
+export declare const AuthorizationCodeSchema: import("arktype/out/methods/object.js").ObjectType<{
+    grant_type: "authorization_code";
+    code: string;
+    client_id: string;
+    redirect_uri: string;
+    client_secret?: string | undefined;
+    code_verifier?: string | undefined;
+}, {}>;
+export type AuthorizationCodePayload = typeof AuthorizationCodeSchema.inferOut;
+//# sourceMappingURL=authorization-code.d.ts.map

package/dist/cjs/oauth/token/schema/grants/authorization-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,uBAAuB;;;;;;;MAMlB,CAAC;AACnB,MAAM,MAAM,wBAAwB,GAAG,OAAO,uBAAuB,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/token/schema/grants/authorization-code.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationCodeSchema = void 0;
+const arktype_1 = require("arktype");
+const schema_js_1 = require("../../../common/schema.js");
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.3.1
+ */
+const GrantTypeSchema = arktype_1.type.enumerated(schema_js_1.GrantType.AUTHORIZATION_CODE);
+const PKCESchema = (0, arktype_1.type)({
+    code_verifier: (0, arktype_1.type)('string').optional(),
+});
+exports.AuthorizationCodeSchema = (0, arktype_1.type)({
+    grant_type: GrantTypeSchema,
+    code: (0, arktype_1.type)('string'),
+    client_id: (0, arktype_1.type)('string'),
+    client_secret: (0, arktype_1.type)('string').optional(),
+    redirect_uri: (0, arktype_1.type)('string.url'),
+}).and(PKCESchema);

package/dist/cjs/oauth/token/schema/grants/client-credentials.d.ts

@@ -0,0 +1,21 @@
+/**
+ * What the incoming body may look like.
+ *
+ * Note: the client_id and client_secrete may (likely) be in Authorization header
+ */
+export declare const ClientCredentialsPayloadSchema: import("arktype/out/methods/object.js").ObjectType<{
+    grant_type: "client_credentials";
+    scope?: string | undefined;
+    client_id?: string | undefined;
+    client_secret?: string | undefined;
+    audience?: string | undefined;
+}, {}>;
+export declare const ClientCredentialsSchema: import("arktype/out/methods/object.js").ObjectType<{
+    grant_type: "client_credentials";
+    scope?: string | undefined;
+    audience?: string | undefined;
+    client_id: string;
+    client_secret: string;
+}, {}>;
+export type ClientCredentialsPayload = typeof ClientCredentialsSchema.inferOut;
+//# sourceMappingURL=client-credentials.d.ts.map

package/dist/cjs/oauth/token/schema/grants/client-credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-credentials.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/client-credentials.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;MAKrB,CAAC;AAEvB,eAAO,MAAM,uBAAuB;;;;;;MAMlC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,OAAO,uBAAuB,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/token/schema/grants/client-credentials.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientCredentialsSchema = exports.ClientCredentialsPayloadSchema = void 0;
+const arktype_1 = require("arktype");
+const app_js_1 = require("../../../../app/schema/app.js");
+const schema_js_1 = require("../../../common/schema.js");
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
+ */
+const GrantTypeSchema = arktype_1.type.enumerated(schema_js_1.GrantType.CLIENT_CREDENTIALS);
+/**
+ * What the incoming body may look like.
+ *
+ * Note: the client_id and client_secrete may (likely) be in Authorization header
+ */
+exports.ClientCredentialsPayloadSchema = (0, arktype_1.type)({
+    grant_type: GrantTypeSchema,
+    scope: (0, arktype_1.type)('string').optional(),
+    client_id: app_js_1.AppIdSchema.optional(),
+    client_secret: (0, arktype_1.type)('string').optional(),
+}).and(schema_js_1.OptionalSchema);
+exports.ClientCredentialsSchema = exports.ClientCredentialsPayloadSchema.omit('client_id', 'client_secret').and({
+    client_id: app_js_1.AppIdSchema,
+    client_secret: (0, arktype_1.type)('string'),
+});

package/dist/cjs/oauth/token/schema/grants/refresh-token.d.ts

@@ -0,0 +1,9 @@
+export declare const RefreshTokenSchema: import("arktype/out/methods/object.js").ObjectType<{
+    grant_type: "refresh_token";
+    refresh_token: string;
+    client_id: string;
+    client_secret: string;
+    scope?: string | undefined;
+}, {}>;
+export type RefreshTokenPayload = typeof RefreshTokenSchema.inferOut;
+//# sourceMappingURL=refresh-token.d.ts.map

package/dist/cjs/oauth/token/schema/grants/refresh-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/refresh-token.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,kBAAkB;;;;;;MAM7B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,OAAO,kBAAkB,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/token/schema/grants/refresh-token.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenSchema = void 0;
+const arktype_1 = require("arktype");
+const app_js_1 = require("../../../../app/schema/app.js");
+const schema_js_1 = require("../../../common/schema.js");
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+ */
+const GrantTypeSchema = arktype_1.type.enumerated(schema_js_1.GrantType.REFRESH_TOKEN);
+exports.RefreshTokenSchema = (0, arktype_1.type)({
+    grant_type: GrantTypeSchema,
+    refresh_token: (0, arktype_1.type)('string'),
+    scope: (0, arktype_1.type)('string').optional(),
+    client_id: app_js_1.AppIdSchema,
+    client_secret: (0, arktype_1.type)('string'),
+});

package/dist/cjs/oauth/token/schema/schema.d.ts

@@ -0,0 +1,28 @@
+export * from './grants/authorization-code.js';
+export * from './grants/client-credentials.js';
+export * from './grants/refresh-token.js';
+/**
+ * Union(s)
+ */
+export declare const Schema: import("arktype/out/methods/object.js").ObjectType<{
+    grant_type: "authorization_code";
+    code: string;
+    client_id: string;
+    redirect_uri: string;
+    client_secret?: string | undefined;
+    code_verifier?: string | undefined;
+} | {
+    grant_type: "client_credentials";
+    scope?: string | undefined;
+    audience?: string | undefined;
+    client_id: string;
+    client_secret: string;
+} | {
+    grant_type: "refresh_token";
+    refresh_token: string;
+    client_id: string;
+    client_secret: string;
+    scope?: string | undefined;
+}, {}>;
+export type Payload = typeof Schema.inferOut;
+//# sourceMappingURL=schema.d.ts.map

package/dist/cjs/oauth/token/schema/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/token/schema/schema.ts"],"names":[],"mappings":"AAIA,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2BAA2B,CAAC;AAE1C;;GAEG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;MAElB,CAAC;AACF,MAAM,MAAM,OAAO,GAAG,OAAO,MAAM,CAAC,QAAQ,CAAC"}

package/dist/cjs/oauth/token/schema/schema.js

@@ -0,0 +1,27 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Schema = void 0;
+const authorization_code_js_1 = require("./grants/authorization-code.js");
+const client_credentials_js_1 = require("./grants/client-credentials.js");
+const refresh_token_js_1 = require("./grants/refresh-token.js");
+__exportStar(require("./grants/authorization-code.js"), exports);
+__exportStar(require("./grants/client-credentials.js"), exports);
+__exportStar(require("./grants/refresh-token.js"), exports);
+/**
+ * Union(s)
+ */
+exports.Schema = authorization_code_js_1.AuthorizationCodeSchema.or(client_credentials_js_1.ClientCredentialsSchema).or(refresh_token_js_1.RefreshTokenSchema);

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{ "type": "commonjs" }

package/dist/cjs/workspace/index.d.ts

@@ -0,0 +1,2 @@
+export * from './schema/schema.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/workspace/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/workspace/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC"}