@go-mondo/identity-sdk 0.0.2-beta.44 → 0.0.2-beta.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.release-please-manifest.json +1 -1
- package/.tsbuildinfo/cjs.json +1 -1
- package/.tsbuildinfo/esm.json +1 -1
- package/CHANGELOG.md +7 -0
- package/dist/cjs/oauth/authorize/schema/grants/authorization-code.d.ts +3 -2
- package/dist/cjs/oauth/authorize/schema/grants/authorization-code.d.ts.map +1 -1
- package/dist/cjs/oauth/authorize/schema/grants/authorization-code.js +11 -7
- package/dist/cjs/oauth/authorize/schema/grants/authorization-code.test.js +34 -34
- package/dist/cjs/oauth/authorize/schema/grants/implicit.d.ts +3 -2
- package/dist/cjs/oauth/authorize/schema/grants/implicit.d.ts.map +1 -1
- package/dist/cjs/oauth/authorize/schema/grants/implicit.js +2 -2
- package/dist/cjs/oauth/authorize/schema/schema.d.ts +3 -2
- package/dist/cjs/oauth/authorize/schema/schema.d.ts.map +1 -1
- package/dist/cjs/oauth/authorize/schema/schema.js +2 -2
- package/dist/cjs/oauth/common/schema.d.ts.map +1 -1
- package/dist/cjs/oauth/common/schema.js +7 -5
- package/dist/cjs/oauth/common/schema.test.js +0 -7
- package/dist/cjs/oauth/token/schema/grants/authorization-code.d.ts +9 -5
- package/dist/cjs/oauth/token/schema/grants/authorization-code.d.ts.map +1 -1
- package/dist/cjs/oauth/token/schema/grants/authorization-code.js +31 -11
- package/dist/cjs/oauth/token/schema/grants/client-credentials.d.ts +8 -15
- package/dist/cjs/oauth/token/schema/grants/client-credentials.d.ts.map +1 -1
- package/dist/cjs/oauth/token/schema/grants/client-credentials.js +18 -20
- package/dist/cjs/oauth/token/schema/grants/common.d.ts +6 -0
- package/dist/cjs/oauth/token/schema/grants/common.d.ts.map +1 -0
- package/dist/cjs/oauth/token/schema/grants/common.js +52 -0
- package/dist/cjs/oauth/token/schema/grants/refresh-token.d.ts +8 -4
- package/dist/cjs/oauth/token/schema/grants/refresh-token.d.ts.map +1 -1
- package/dist/cjs/oauth/token/schema/grants/refresh-token.js +23 -10
- package/dist/cjs/oauth/token/schema/schema.d.ts +19 -9
- package/dist/cjs/oauth/token/schema/schema.d.ts.map +1 -1
- package/dist/cjs/oauth/token/schema/schema.js +50 -5
- package/dist/cjs/oauth/token/schema/schema.test.js +13 -11
- package/dist/esm/oauth/authorize/schema/grants/authorization-code.d.ts +3 -2
- package/dist/esm/oauth/authorize/schema/grants/authorization-code.d.ts.map +1 -1
- package/dist/esm/oauth/authorize/schema/grants/authorization-code.js +10 -6
- package/dist/esm/oauth/authorize/schema/grants/authorization-code.test.js +35 -35
- package/dist/esm/oauth/authorize/schema/grants/implicit.d.ts +3 -2
- package/dist/esm/oauth/authorize/schema/grants/implicit.d.ts.map +1 -1
- package/dist/esm/oauth/authorize/schema/grants/implicit.js +1 -1
- package/dist/esm/oauth/authorize/schema/schema.d.ts +3 -2
- package/dist/esm/oauth/authorize/schema/schema.d.ts.map +1 -1
- package/dist/esm/oauth/authorize/schema/schema.js +3 -3
- package/dist/esm/oauth/common/schema.d.ts.map +1 -1
- package/dist/esm/oauth/common/schema.js +7 -5
- package/dist/esm/oauth/common/schema.test.js +0 -7
- package/dist/esm/oauth/token/schema/grants/authorization-code.d.ts +9 -5
- package/dist/esm/oauth/token/schema/grants/authorization-code.d.ts.map +1 -1
- package/dist/esm/oauth/token/schema/grants/authorization-code.js +30 -10
- package/dist/esm/oauth/token/schema/grants/client-credentials.d.ts +9 -16
- package/dist/esm/oauth/token/schema/grants/client-credentials.d.ts.map +1 -1
- package/dist/esm/oauth/token/schema/grants/client-credentials.js +16 -18
- package/dist/esm/oauth/token/schema/grants/common.d.ts +6 -0
- package/dist/esm/oauth/token/schema/grants/common.d.ts.map +1 -0
- package/dist/esm/oauth/token/schema/grants/common.js +16 -0
- package/dist/esm/oauth/token/schema/grants/refresh-token.d.ts +8 -4
- package/dist/esm/oauth/token/schema/grants/refresh-token.d.ts.map +1 -1
- package/dist/esm/oauth/token/schema/grants/refresh-token.js +21 -8
- package/dist/esm/oauth/token/schema/schema.d.ts +20 -10
- package/dist/esm/oauth/token/schema/schema.d.ts.map +1 -1
- package/dist/esm/oauth/token/schema/schema.js +52 -7
- package/dist/esm/oauth/token/schema/schema.test.js +14 -12
- package/package.json +1 -1
- package/dist/esm/package.json +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.0.2-beta.45](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.44...identity-sdk-v0.0.2-beta.45) (2025-12-02)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* oauth schema names ([353a848](https://github.com/go-mondo/identity-node-sdk/commit/353a8483d5f95891dc45e5ef153c2cd5e5642ece))
|
|
9
|
+
|
|
3
10
|
## [0.0.2-beta.44](https://github.com/go-mondo/identity-node-sdk/compare/identity-sdk-v0.0.2-beta.43...identity-sdk-v0.0.2-beta.44) (2025-11-30)
|
|
4
11
|
|
|
5
12
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as z from 'zod/v4';
|
|
2
2
|
export declare const CodeChallengeSchema: z.ZodString;
|
|
3
|
-
export declare const
|
|
3
|
+
export declare const AuthorizationCodeRequestSchema: z.ZodObject<{
|
|
4
4
|
code_challenge_method: z.ZodOptional<z.ZodEnum<{
|
|
5
5
|
S256: "S256";
|
|
6
6
|
plain: "plain";
|
|
@@ -29,5 +29,6 @@ export declare const AuthorizationCodeSchema: z.ZodObject<{
|
|
|
29
29
|
scope: z.ZodOptional<z.ZodString>;
|
|
30
30
|
state: z.ZodOptional<z.ZodString>;
|
|
31
31
|
}, z.core.$strip>;
|
|
32
|
-
export type
|
|
32
|
+
export type AuthorizationCodeRequestInput = z.input<typeof AuthorizationCodeRequestSchema>;
|
|
33
|
+
export type AuthorizationCodeRequestPayload = z.output<typeof AuthorizationCodeRequestSchema>;
|
|
33
34
|
//# sourceMappingURL=authorization-code.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAiB5B,eAAO,MAAM,mBAAmB,aAKmC,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAiB5B,eAAO,MAAM,mBAAmB,aAKmC,CAAC;AAyCpE,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAyBvC,CAAC;AACL,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CACjD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CACpD,OAAO,8BAA8B,CACtC,CAAC"}
|
|
@@ -33,7 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
-
exports.
|
|
36
|
+
exports.AuthorizationCodeRequestSchema = exports.CodeChallengeSchema = void 0;
|
|
37
37
|
const z = __importStar(require("zod/v4"));
|
|
38
38
|
const schema_js_1 = require("../../../../app/schema.js");
|
|
39
39
|
const schema_js_2 = require("../../../common/schema.js");
|
|
@@ -66,11 +66,15 @@ exports.CodeChallengeSchema = z
|
|
|
66
66
|
// message: 'code_challenge and code_challenge_method must both be present or both be absent',
|
|
67
67
|
// });
|
|
68
68
|
const OAuthSchema = z.object({
|
|
69
|
-
response_type: ResponseTypeSchema,
|
|
70
|
-
client_id: schema_js_1.AppIdSchema,
|
|
71
|
-
redirect_uri: z.url().optional(),
|
|
72
|
-
scope: z
|
|
73
|
-
|
|
69
|
+
response_type: ResponseTypeSchema.describe('Must be set to "code" for Authorization Code flow.'),
|
|
70
|
+
client_id: schema_js_1.AppIdSchema.describe('The Client ID.'),
|
|
71
|
+
redirect_uri: z.url().optional().describe('The callback URL.'),
|
|
72
|
+
scope: z
|
|
73
|
+
.string()
|
|
74
|
+
.min(1)
|
|
75
|
+
.optional()
|
|
76
|
+
.describe('Space-delimited scope strings.'),
|
|
77
|
+
state: z.string().min(1).optional().describe('Opaque value to prevent CSRF.'),
|
|
74
78
|
});
|
|
75
79
|
const OIDCSchema = z.object({
|
|
76
80
|
nonce: z.string().optional(),
|
|
@@ -78,7 +82,7 @@ const OIDCSchema = z.object({
|
|
|
78
82
|
prompt: schema_js_2.AuthorizationPromptSchema.optional(),
|
|
79
83
|
max_age: z.number().int().min(0).optional(),
|
|
80
84
|
});
|
|
81
|
-
exports.
|
|
85
|
+
exports.AuthorizationCodeRequestSchema = z
|
|
82
86
|
.object({
|
|
83
87
|
...OAuthSchema.shape,
|
|
84
88
|
...OIDCSchema.shape,
|
|
@@ -11,7 +11,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
11
11
|
response_type: schema_js_1.ResponseType.CODE,
|
|
12
12
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
13
13
|
};
|
|
14
|
-
const result = authorization_code_js_1.
|
|
14
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(minimalPayload);
|
|
15
15
|
(0, vitest_1.expect)(result).toEqual(minimalPayload);
|
|
16
16
|
});
|
|
17
17
|
(0, vitest_1.test)('should validate complete authorization code request', () => {
|
|
@@ -29,7 +29,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
29
29
|
max_age: 3600,
|
|
30
30
|
audience: 'https://api.example.com',
|
|
31
31
|
};
|
|
32
|
-
const result = authorization_code_js_1.
|
|
32
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(completePayload);
|
|
33
33
|
(0, vitest_1.expect)(result).toEqual(completePayload);
|
|
34
34
|
});
|
|
35
35
|
(0, vitest_1.test)('should validate authorization code request with PKCE', () => {
|
|
@@ -42,7 +42,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
42
42
|
scope: 'openid',
|
|
43
43
|
state: 'xyz',
|
|
44
44
|
};
|
|
45
|
-
const result = authorization_code_js_1.
|
|
45
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(pkcePayload);
|
|
46
46
|
(0, vitest_1.expect)(result).toEqual(pkcePayload);
|
|
47
47
|
});
|
|
48
48
|
(0, vitest_1.test)('should validate authorization code request with plain PKCE', () => {
|
|
@@ -52,7 +52,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
52
52
|
code_challenge: 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk',
|
|
53
53
|
code_challenge_method: schema_js_1.CodeChallengeMethod.PLAIN,
|
|
54
54
|
};
|
|
55
|
-
const result = authorization_code_js_1.
|
|
55
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(plainPkcePayload);
|
|
56
56
|
(0, vitest_1.expect)(result).toEqual(plainPkcePayload);
|
|
57
57
|
});
|
|
58
58
|
(0, vitest_1.test)('should validate request without PKCE parameters', () => {
|
|
@@ -63,7 +63,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
63
63
|
scope: 'openid profile',
|
|
64
64
|
state: 'legacy-state',
|
|
65
65
|
};
|
|
66
|
-
const result = authorization_code_js_1.
|
|
66
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(noPkcePayload);
|
|
67
67
|
(0, vitest_1.expect)(result).toEqual(noPkcePayload);
|
|
68
68
|
});
|
|
69
69
|
(0, vitest_1.test)('should validate OIDC specific parameters', () => {
|
|
@@ -76,7 +76,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
76
76
|
max_age: 7200,
|
|
77
77
|
scope: 'openid profile email address phone',
|
|
78
78
|
};
|
|
79
|
-
const result = authorization_code_js_1.
|
|
79
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(oidcPayload);
|
|
80
80
|
(0, vitest_1.expect)(result).toEqual(oidcPayload);
|
|
81
81
|
});
|
|
82
82
|
(0, vitest_1.test)('should validate with optional audience parameter', () => {
|
|
@@ -85,7 +85,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
85
85
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
86
86
|
audience: 'https://api.myservice.com',
|
|
87
87
|
};
|
|
88
|
-
const result = authorization_code_js_1.
|
|
88
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(audiencePayload);
|
|
89
89
|
(0, vitest_1.expect)(result).toEqual(audiencePayload);
|
|
90
90
|
});
|
|
91
91
|
});
|
|
@@ -94,7 +94,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
94
94
|
const invalidPayload = {
|
|
95
95
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
96
96
|
};
|
|
97
|
-
const result = authorization_code_js_1.
|
|
97
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
98
98
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
99
99
|
});
|
|
100
100
|
(0, vitest_1.test)('should reject invalid response_type', () => {
|
|
@@ -102,14 +102,14 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
102
102
|
response_type: 'invalid_type',
|
|
103
103
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
104
104
|
};
|
|
105
|
-
const result = authorization_code_js_1.
|
|
105
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
106
106
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
107
107
|
});
|
|
108
108
|
(0, vitest_1.test)('should reject missing client_id', () => {
|
|
109
109
|
const invalidPayload = {
|
|
110
110
|
response_type: schema_js_1.ResponseType.CODE,
|
|
111
111
|
};
|
|
112
|
-
const result = authorization_code_js_1.
|
|
112
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
113
113
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
114
114
|
});
|
|
115
115
|
(0, vitest_1.test)('should reject invalid client_id format', () => {
|
|
@@ -117,7 +117,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
117
117
|
response_type: schema_js_1.ResponseType.CODE,
|
|
118
118
|
client_id: 'invalid-client-id',
|
|
119
119
|
};
|
|
120
|
-
const result = authorization_code_js_1.
|
|
120
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
121
121
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
122
122
|
});
|
|
123
123
|
(0, vitest_1.test)('should reject invalid redirect_uri format', () => {
|
|
@@ -126,7 +126,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
126
126
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
127
127
|
redirect_uri: 'not-a-url',
|
|
128
128
|
};
|
|
129
|
-
const result = authorization_code_js_1.
|
|
129
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
130
130
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
131
131
|
});
|
|
132
132
|
(0, vitest_1.test)('should reject invalid code_challenge_method', () => {
|
|
@@ -136,7 +136,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
136
136
|
code_challenge: 'valid-challenge',
|
|
137
137
|
code_challenge_method: 'invalid_method',
|
|
138
138
|
};
|
|
139
|
-
const result = authorization_code_js_1.
|
|
139
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
140
140
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
141
141
|
});
|
|
142
142
|
(0, vitest_1.test)('should reject invalid display value', () => {
|
|
@@ -145,7 +145,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
145
145
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
146
146
|
display: 'invalid_display',
|
|
147
147
|
};
|
|
148
|
-
const result = authorization_code_js_1.
|
|
148
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
149
149
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
150
150
|
});
|
|
151
151
|
(0, vitest_1.test)('should reject invalid prompt value', () => {
|
|
@@ -154,7 +154,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
154
154
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
155
155
|
prompt: 'invalid_prompt',
|
|
156
156
|
};
|
|
157
|
-
const result = authorization_code_js_1.
|
|
157
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
158
158
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
159
159
|
});
|
|
160
160
|
(0, vitest_1.test)('should reject non-number max_age', () => {
|
|
@@ -163,7 +163,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
163
163
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
164
164
|
max_age: 'not-a-number',
|
|
165
165
|
};
|
|
166
|
-
const result = authorization_code_js_1.
|
|
166
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
167
167
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
168
168
|
});
|
|
169
169
|
(0, vitest_1.test)('should reject negative max_age', () => {
|
|
@@ -172,7 +172,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
172
172
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
173
173
|
max_age: -100,
|
|
174
174
|
};
|
|
175
|
-
const result = authorization_code_js_1.
|
|
175
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(invalidPayload);
|
|
176
176
|
(0, vitest_1.expect)(result.success).toBe(false);
|
|
177
177
|
});
|
|
178
178
|
});
|
|
@@ -183,14 +183,14 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
183
183
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
184
184
|
code_challenge: 'challenge-without-method',
|
|
185
185
|
};
|
|
186
|
-
const result1 = authorization_code_js_1.
|
|
186
|
+
const result1 = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(onlyChallenge);
|
|
187
187
|
(0, vitest_1.expect)(result1.success).toBe(false);
|
|
188
188
|
const onlyMethod = {
|
|
189
189
|
response_type: schema_js_1.ResponseType.CODE,
|
|
190
190
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
191
191
|
code_challenge_method: schema_js_1.CodeChallengeMethod.S256,
|
|
192
192
|
};
|
|
193
|
-
const result2 = authorization_code_js_1.
|
|
193
|
+
const result2 = authorization_code_js_1.AuthorizationCodeRequestSchema.safeParse(onlyMethod);
|
|
194
194
|
(0, vitest_1.expect)(result2.success).toBe(false);
|
|
195
195
|
});
|
|
196
196
|
(0, vitest_1.test)('should allow neither code_challenge nor code_challenge_method', () => {
|
|
@@ -199,7 +199,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
199
199
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
200
200
|
redirect_uri: 'https://example.com/callback',
|
|
201
201
|
};
|
|
202
|
-
const result = authorization_code_js_1.
|
|
202
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(noPkce);
|
|
203
203
|
(0, vitest_1.expect)(result).toEqual(noPkce);
|
|
204
204
|
});
|
|
205
205
|
(0, vitest_1.test)('should validate PKCE with S256 method', () => {
|
|
@@ -209,7 +209,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
209
209
|
code_challenge: 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk',
|
|
210
210
|
code_challenge_method: schema_js_1.CodeChallengeMethod.S256,
|
|
211
211
|
};
|
|
212
|
-
const result = authorization_code_js_1.
|
|
212
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(s256Pkce);
|
|
213
213
|
(0, vitest_1.expect)(result).toEqual(s256Pkce);
|
|
214
214
|
});
|
|
215
215
|
(0, vitest_1.test)('should validate PKCE with plain method', () => {
|
|
@@ -219,7 +219,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
219
219
|
code_challenge: 'E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM',
|
|
220
220
|
code_challenge_method: schema_js_1.CodeChallengeMethod.PLAIN,
|
|
221
221
|
};
|
|
222
|
-
const result = authorization_code_js_1.
|
|
222
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(plainPkce);
|
|
223
223
|
(0, vitest_1.expect)(result).toEqual(plainPkce);
|
|
224
224
|
});
|
|
225
225
|
});
|
|
@@ -235,7 +235,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
235
235
|
code_challenge_method: schema_js_1.CodeChallengeMethod.S256,
|
|
236
236
|
nonce: 'xyz789',
|
|
237
237
|
};
|
|
238
|
-
const result = authorization_code_js_1.
|
|
238
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(spaRequest);
|
|
239
239
|
(0, vitest_1.expect)(result).toEqual(spaRequest);
|
|
240
240
|
});
|
|
241
241
|
(0, vitest_1.test)('should validate server-side web app authorization request', () => {
|
|
@@ -246,7 +246,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
246
246
|
scope: 'openid profile email address phone',
|
|
247
247
|
state: 'secure-random-state-12345',
|
|
248
248
|
};
|
|
249
|
-
const result = authorization_code_js_1.
|
|
249
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(webAppRequest);
|
|
250
250
|
(0, vitest_1.expect)(result).toEqual(webAppRequest);
|
|
251
251
|
});
|
|
252
252
|
(0, vitest_1.test)('should validate mobile app authorization request', () => {
|
|
@@ -260,7 +260,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
260
260
|
code_challenge_method: schema_js_1.CodeChallengeMethod.S256,
|
|
261
261
|
display: 'touch',
|
|
262
262
|
};
|
|
263
|
-
const result = authorization_code_js_1.
|
|
263
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(mobileRequest);
|
|
264
264
|
(0, vitest_1.expect)(result).toEqual(mobileRequest);
|
|
265
265
|
});
|
|
266
266
|
(0, vitest_1.test)('should validate enterprise SSO request', () => {
|
|
@@ -274,7 +274,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
274
274
|
max_age: 28800, // 8 hours
|
|
275
275
|
audience: 'https://api.enterprise.example.com',
|
|
276
276
|
};
|
|
277
|
-
const result = authorization_code_js_1.
|
|
277
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(enterpriseRequest);
|
|
278
278
|
(0, vitest_1.expect)(result).toEqual(enterpriseRequest);
|
|
279
279
|
});
|
|
280
280
|
(0, vitest_1.test)('should validate request with multiple scopes', () => {
|
|
@@ -284,7 +284,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
284
284
|
scope: 'openid profile email address phone offline_access custom:read custom:write',
|
|
285
285
|
redirect_uri: 'https://example.com/callback',
|
|
286
286
|
};
|
|
287
|
-
const result = authorization_code_js_1.
|
|
287
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(multiScopeRequest);
|
|
288
288
|
(0, vitest_1.expect)(result).toEqual(multiScopeRequest);
|
|
289
289
|
});
|
|
290
290
|
});
|
|
@@ -293,11 +293,11 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
293
293
|
const emptyStringsPayload = {
|
|
294
294
|
response_type: schema_js_1.ResponseType.CODE,
|
|
295
295
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
296
|
-
scope: '',
|
|
297
|
-
state: '',
|
|
298
|
-
nonce: '',
|
|
296
|
+
scope: 'test',
|
|
297
|
+
state: 'test',
|
|
298
|
+
nonce: 'test',
|
|
299
299
|
};
|
|
300
|
-
const result = authorization_code_js_1.
|
|
300
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(emptyStringsPayload);
|
|
301
301
|
(0, vitest_1.expect)(result).toEqual(emptyStringsPayload);
|
|
302
302
|
});
|
|
303
303
|
(0, vitest_1.test)('should handle very long valid values', () => {
|
|
@@ -308,7 +308,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
308
308
|
nonce: 'b'.repeat(500),
|
|
309
309
|
scope: `openid profile email ${'custom:scope'.repeat(100)}`,
|
|
310
310
|
};
|
|
311
|
-
const result = authorization_code_js_1.
|
|
311
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(longValuesPayload);
|
|
312
312
|
(0, vitest_1.expect)(result).toEqual(longValuesPayload);
|
|
313
313
|
});
|
|
314
314
|
(0, vitest_1.test)('should handle zero max_age', () => {
|
|
@@ -317,7 +317,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
317
317
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
318
318
|
max_age: 0,
|
|
319
319
|
};
|
|
320
|
-
const result = authorization_code_js_1.
|
|
320
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(zeroMaxAge);
|
|
321
321
|
(0, vitest_1.expect)(result).toEqual(zeroMaxAge);
|
|
322
322
|
});
|
|
323
323
|
(0, vitest_1.test)('should handle large max_age values', () => {
|
|
@@ -326,7 +326,7 @@ const authorization_code_js_1 = require("./authorization-code.js");
|
|
|
326
326
|
client_id: (0, utils_js_1.generateAppId)(),
|
|
327
327
|
max_age: 31536000, // 1 year in seconds
|
|
328
328
|
};
|
|
329
|
-
const result = authorization_code_js_1.
|
|
329
|
+
const result = authorization_code_js_1.AuthorizationCodeRequestSchema.parse(largeMaxAge);
|
|
330
330
|
(0, vitest_1.expect)(result).toEqual(largeMaxAge);
|
|
331
331
|
});
|
|
332
332
|
});
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as z from 'zod/v4';
|
|
2
|
-
export declare const
|
|
2
|
+
export declare const ImplicitRequestSchema: z.ZodObject<{
|
|
3
3
|
audience: z.ZodOptional<z.ZodString>;
|
|
4
4
|
nonce: z.ZodOptional<z.ZodString>;
|
|
5
5
|
response_type: z.ZodEnum<{
|
|
@@ -13,5 +13,6 @@ export declare const ImplicitSchema: z.ZodObject<{
|
|
|
13
13
|
scope: z.ZodOptional<z.ZodString>;
|
|
14
14
|
state: z.ZodOptional<z.ZodString>;
|
|
15
15
|
}, z.core.$strip>;
|
|
16
|
-
export type
|
|
16
|
+
export type ImplicitRequestInput = z.input<typeof ImplicitRequestSchema>;
|
|
17
|
+
export type ImplicitRequestPayload = z.output<typeof ImplicitRequestSchema>;
|
|
17
18
|
//# sourceMappingURL=implicit.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"implicit.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/implicit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AA2B5B,eAAO,MAAM,
|
|
1
|
+
{"version":3,"file":"implicit.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/implicit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AA2B5B,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;iBAIhC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACzE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,qBAAqB,CAAC,CAAC"}
|
|
@@ -33,7 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
-
exports.
|
|
36
|
+
exports.ImplicitRequestSchema = void 0;
|
|
37
37
|
const z = __importStar(require("zod/v4"));
|
|
38
38
|
const schema_js_1 = require("../../../common/schema.js");
|
|
39
39
|
/**
|
|
@@ -56,7 +56,7 @@ const OAuthSchema = z.object({
|
|
|
56
56
|
const OIDCSchema = z.object({
|
|
57
57
|
nonce: z.string().optional(), // OIDC (this is required if resposne_type includes ID TOKEN)
|
|
58
58
|
});
|
|
59
|
-
exports.
|
|
59
|
+
exports.ImplicitRequestSchema = z.object({
|
|
60
60
|
...OAuthSchema.shape,
|
|
61
61
|
...OIDCSchema.shape,
|
|
62
62
|
...schema_js_1.OptionalSchema.shape,
|
|
@@ -4,7 +4,7 @@ export * from './grants/implicit.js';
|
|
|
4
4
|
/**
|
|
5
5
|
* Union(s)
|
|
6
6
|
*/
|
|
7
|
-
export declare const
|
|
7
|
+
export declare const RequestSchema: import("zod/v4/index.js").ZodUnion<[import("zod/v4/index.js").ZodObject<{
|
|
8
8
|
code_challenge_method: import("zod/v4/index.js").ZodOptional<import("zod/v4/index.js").ZodEnum<{
|
|
9
9
|
S256: "S256";
|
|
10
10
|
plain: "plain";
|
|
@@ -46,6 +46,7 @@ export declare const Schema: import("zod/v4/index.js").ZodUnion<[import("zod/v4/
|
|
|
46
46
|
scope: import("zod/v4/index.js").ZodOptional<import("zod/v4/index.js").ZodString>;
|
|
47
47
|
state: import("zod/v4/index.js").ZodOptional<import("zod/v4/index.js").ZodString>;
|
|
48
48
|
}, import("zod/v4/core/schemas.js").$strip>]>;
|
|
49
|
-
export type
|
|
49
|
+
export type RequestInput = z.input<typeof RequestSchema>;
|
|
50
|
+
export type RequestPayload = z.output<typeof RequestSchema>;
|
|
50
51
|
export { CodeChallengeSchema } from './grants/authorization-code.js';
|
|
51
52
|
//# sourceMappingURL=schema.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/authorize/schema/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAK7B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sBAAsB,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/authorize/schema/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAK7B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sBAAsB,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6CAEzB,CAAC;AACF,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACzD,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;AAE5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC"}
|
|
@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.CodeChallengeSchema = exports.
|
|
17
|
+
exports.CodeChallengeSchema = exports.RequestSchema = void 0;
|
|
18
18
|
const authorization_code_js_1 = require("./grants/authorization-code.js");
|
|
19
19
|
const implicit_js_1 = require("./grants/implicit.js");
|
|
20
20
|
__exportStar(require("./grants/authorization-code.js"), exports);
|
|
@@ -22,6 +22,6 @@ __exportStar(require("./grants/implicit.js"), exports);
|
|
|
22
22
|
/**
|
|
23
23
|
* Union(s)
|
|
24
24
|
*/
|
|
25
|
-
exports.
|
|
25
|
+
exports.RequestSchema = authorization_code_js_1.AuthorizationCodeRequestSchema.or(implicit_js_1.ImplicitRequestSchema);
|
|
26
26
|
var authorization_code_js_2 = require("./grants/authorization-code.js");
|
|
27
27
|
Object.defineProperty(exports, "CodeChallengeSchema", { enumerable: true, get: function () { return authorization_code_js_2.CodeChallengeSchema; } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/oauth/common/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B,eAAO,MAAM,SAAS;;;;;CAKZ,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,cAAc;;;;;CAKjB,CAAC;AAEX,eAAO,MAAM,YAAY;;;;CAIf,CAAC;AACX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC;AAG/E,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AACX,MAAM,MAAM,sBAAsB,GAChC,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AACjE,eAAO,MAAM,yBAAyB;;;
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/oauth/common/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B,eAAO,MAAM,SAAS;;;;;CAKZ,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,cAAc;;;;;CAKjB,CAAC;AAEX,eAAO,MAAM,YAAY;;;;CAIf,CAAC;AACX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC;AAG/E,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AACX,MAAM,MAAM,sBAAsB,GAChC,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AACjE,eAAO,MAAM,yBAAyB;;;EAED,CAAC;AAEtC,eAAO,MAAM,oBAAoB;;;;;CAKvB,CAAC;AACX,MAAM,MAAM,uBAAuB,GACjC,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,OAAO,oBAAoB,CAAC,CAAC;AACnE,eAAO,MAAM,0BAA0B;;;;;EAK5B,CAAC;AAEZ,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AACX,MAAM,MAAM,sBAAsB,GAChC,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AACjE,eAAO,MAAM,yBAAyB;;;;;EAK3B,CAAC;AAEZ,eAAO,MAAM,cAAc;;iBAEzB,CAAC;AAEH,eAAO,MAAM,SAAS;;;;;;CAMZ,CAAC;AACX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEtE,eAAO,MAAM,UAAU;;CAEb,CAAC;AACX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEzE,eAAO,MAAM,KAAK;;;;;;;CAGjB,CAAC;AACF,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,YAAY,GAAG,MAAM,CAAC;AAC7D,eAAO,MAAM,WAAW,aAGyC,CAAC"}
|
|
@@ -58,10 +58,9 @@ exports.CodeChallengeMethod = {
|
|
|
58
58
|
S256: 'S256',
|
|
59
59
|
PLAIN: 'plain',
|
|
60
60
|
};
|
|
61
|
-
exports.CodeChallengeMethodSchema = z
|
|
62
|
-
exports.CodeChallengeMethod.PLAIN,
|
|
63
|
-
|
|
64
|
-
]);
|
|
61
|
+
exports.CodeChallengeMethodSchema = z
|
|
62
|
+
.enum([exports.CodeChallengeMethod.PLAIN, exports.CodeChallengeMethod.S256])
|
|
63
|
+
.describe('PKCE Challenge Method.');
|
|
65
64
|
exports.AuthorizationDisplay = {
|
|
66
65
|
PAGE: 'page',
|
|
67
66
|
POPUP: 'popup',
|
|
@@ -103,4 +102,7 @@ exports.Scope = {
|
|
|
103
102
|
...exports.OIDCScope,
|
|
104
103
|
...exports.OAuthScope,
|
|
105
104
|
};
|
|
106
|
-
exports.ScopeSchema = z
|
|
105
|
+
exports.ScopeSchema = z
|
|
106
|
+
.string()
|
|
107
|
+
.min(1)
|
|
108
|
+
.describe('A list of space-delimited, case-sensitive strings.');
|
|
@@ -262,13 +262,6 @@ const schema_js_1 = require("./schema.js");
|
|
|
262
262
|
});
|
|
263
263
|
});
|
|
264
264
|
(0, vitest_1.describe)('Schema edge cases', () => {
|
|
265
|
-
(0, vitest_1.test)('should handle empty strings appropriately', () => {
|
|
266
|
-
const emptyString = '';
|
|
267
|
-
const scopeResult = schema_js_1.ScopeSchema.parse(emptyString);
|
|
268
|
-
(0, vitest_1.expect)(scopeResult).toBe(emptyString); // Empty string is valid string
|
|
269
|
-
const challengeResult = schema_js_1.CodeChallengeMethodSchema.safeParse(emptyString);
|
|
270
|
-
(0, vitest_1.expect)(challengeResult.success).toBe(false); // Empty string not valid enum
|
|
271
|
-
});
|
|
272
265
|
(0, vitest_1.test)('should handle whitespace and special characters', () => {
|
|
273
266
|
const spacedScope = ' openid profile ';
|
|
274
267
|
const result = schema_js_1.ScopeSchema.parse(spacedScope);
|
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
import * as z from 'zod/v4';
|
|
2
|
-
|
|
2
|
+
/**
|
|
3
|
+
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
|
|
4
|
+
*/
|
|
5
|
+
export declare const AuthorizationCodeRequestSchema: z.ZodObject<{
|
|
3
6
|
code_verifier: z.ZodOptional<z.ZodString>;
|
|
7
|
+
client_id: z.ZodString;
|
|
8
|
+
client_secret: z.ZodString;
|
|
4
9
|
grant_type: z.ZodEnum<{
|
|
5
10
|
authorization_code: "authorization_code";
|
|
6
11
|
}>;
|
|
7
12
|
code: z.ZodString;
|
|
8
|
-
|
|
9
|
-
client_secret: z.ZodOptional<z.ZodString>;
|
|
10
|
-
redirect_uri: z.ZodURL;
|
|
13
|
+
redirect_uri: z.ZodOptional<z.ZodURL>;
|
|
11
14
|
}, z.core.$strip>;
|
|
12
|
-
export type
|
|
15
|
+
export type AuthorizationCodeRequestInput = z.input<typeof AuthorizationCodeRequestSchema>;
|
|
16
|
+
export type AuthorizationCodeRequestPayload = z.output<typeof AuthorizationCodeRequestSchema>;
|
|
13
17
|
//# sourceMappingURL=authorization-code.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAW5B;;GAEG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;iBA8BzC,CAAC;AACH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CACjD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CACpD,OAAO,8BAA8B,CACtC,CAAC"}
|
|
@@ -33,22 +33,42 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
-
exports.
|
|
36
|
+
exports.AuthorizationCodeRequestSchema = void 0;
|
|
37
37
|
const z = __importStar(require("zod/v4"));
|
|
38
38
|
const schema_js_1 = require("../../../common/schema.js");
|
|
39
|
+
const common_js_1 = require("./common.js");
|
|
39
40
|
/**
|
|
40
41
|
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
|
|
41
42
|
* @see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.3.1
|
|
42
43
|
*/
|
|
43
44
|
const GrantTypeSchema = z.enum([schema_js_1.GrantType.AUTHORIZATION_CODE]);
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
exports.
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
45
|
+
/**
|
|
46
|
+
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
|
|
47
|
+
*/
|
|
48
|
+
exports.AuthorizationCodeRequestSchema = z.object({
|
|
49
|
+
/**
|
|
50
|
+
* REQUIRED. Must be set to "authorization_code".
|
|
51
|
+
*/
|
|
52
|
+
grant_type: GrantTypeSchema.describe('The grant type.'),
|
|
53
|
+
/**
|
|
54
|
+
* REQUIRED. The authorization code received from the authorization server.
|
|
55
|
+
*/
|
|
56
|
+
code: z
|
|
57
|
+
.string()
|
|
58
|
+
.min(1)
|
|
59
|
+
.describe('The authorization code received in the redirect.'),
|
|
60
|
+
/**
|
|
61
|
+
* REQUIRED. If the "redirect_uri" parameter was included in the
|
|
62
|
+
* authorization request, it must be identical here.
|
|
63
|
+
*/
|
|
64
|
+
redirect_uri: z
|
|
65
|
+
.url()
|
|
66
|
+
.optional()
|
|
67
|
+
.describe('The callback URL used in the initial request.'),
|
|
68
|
+
...common_js_1.ClientRequestSchema.shape,
|
|
69
|
+
/**
|
|
70
|
+
* PKCE EXTENSION. REQUIRED if "code_challenge" was present in the authorization request.
|
|
71
|
+
* The unhashed, original random string created by the client.
|
|
72
|
+
*/
|
|
73
|
+
code_verifier: z.string().min(1).optional().describe('PKCE Code Verifier.'),
|
|
54
74
|
});
|
|
@@ -1,26 +1,19 @@
|
|
|
1
1
|
import * as z from 'zod/v4';
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* Note: Prior to using this schema, the headers should be checked for
|
|
4
|
+
* HTTP Basic Authentication. If present, the client_id and client_secret
|
|
5
|
+
* should be included in with the payload before parsing.
|
|
4
6
|
*
|
|
5
|
-
*
|
|
7
|
+
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
|
|
6
8
|
*/
|
|
7
|
-
export declare const
|
|
8
|
-
audience: z.ZodOptional<z.ZodString>;
|
|
9
|
-
grant_type: z.ZodEnum<{
|
|
10
|
-
client_credentials: "client_credentials";
|
|
11
|
-
}>;
|
|
12
|
-
scope: z.ZodOptional<z.ZodString>;
|
|
13
|
-
client_id: z.ZodOptional<z.ZodString>;
|
|
14
|
-
client_secret: z.ZodOptional<z.ZodString>;
|
|
15
|
-
}, z.core.$strip>;
|
|
16
|
-
export declare const ClientCredentialsSchema: z.ZodObject<{
|
|
9
|
+
export declare const ClientCredentialsRequestSchema: z.ZodObject<{
|
|
17
10
|
client_id: z.ZodString;
|
|
18
11
|
client_secret: z.ZodString;
|
|
19
|
-
audience: z.ZodOptional<z.ZodString>;
|
|
20
|
-
scope: z.ZodOptional<z.ZodString>;
|
|
21
12
|
grant_type: z.ZodEnum<{
|
|
22
13
|
client_credentials: "client_credentials";
|
|
23
14
|
}>;
|
|
15
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
24
16
|
}, z.core.$strip>;
|
|
25
|
-
export type
|
|
17
|
+
export type ClientCredentialsRequestInput = z.input<typeof ClientCredentialsRequestSchema>;
|
|
18
|
+
export type ClientCredentialsRequestPayload = z.output<typeof ClientCredentialsRequestSchema>;
|
|
26
19
|
//# sourceMappingURL=client-credentials.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-credentials.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAU5B
|
|
1
|
+
{"version":3,"file":"client-credentials.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAU5B;;;;;;GAMG;AACH,eAAO,MAAM,8BAA8B;;;;;;;iBAYzC,CAAC;AACH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CACjD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CACpD,OAAO,8BAA8B,CACtC,CAAC"}
|