@go-mondo/identity-sdk 0.0.2-beta.44 → 0.0.2-beta.45

package/dist/esm/oauth/token/schema/grants/refresh-token.js

@@ -1,14 +1,27 @@
 import * as z from 'zod/v4';
-import { AppIdSchema } from '../../../../app/schema.js';
-import { GrantType } from '../../../common/schema.js';
+import { GrantType, ScopeSchema } from '../../../common/schema.js';
+import { ClientRequestSchema } from './common.js';
 /**
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
  */
 const GrantTypeSchema = z.enum([GrantType.REFRESH_TOKEN]);
-export const RefreshTokenSchema = z.object({
-    grant_type: GrantTypeSchema,
-    refresh_token: z.string(),
-    scope: z.string().optional(),
-    client_id: AppIdSchema,
-    client_secret: z.string(),
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+ */
+export const RefreshTokenRequestSchema = z.object({
+    /**
+     * REQUIRED. Value MUST be set to "refresh_token".
+     */
+    grant_type: GrantTypeSchema.describe('The grant type.'),
+    /**
+     * REQUIRED. The refresh token issued to the client.
+     */
+    refresh_token: z.string().min(1).describe('The refresh token.'),
+    /**
+     * OPTIONAL. The scope of the access request. If omitted, the scope is
+     * unchanged from the original grant. If specified, it must be equal to or
+     * a subset of the original scope.
+     */
+    scope: ScopeSchema.optional(),
+    ...ClientRequestSchema.shape,
 });

package/dist/esm/oauth/token/schema/schema.d.ts

@@ -5,31 +5,41 @@ export * from './grants/refresh-token.js';
 /**
  * Union(s)
  */
-export declare const Schema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+export declare const RequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     code_verifier: z.ZodOptional<z.ZodString>;
+    client_id: any;
+    client_secret: z.ZodString;
     grant_type: z.ZodEnum<{
         authorization_code: "authorization_code";
     }>;
     code: z.ZodString;
-    client_id: z.ZodString;
-    client_secret: z.ZodOptional<z.ZodString>;
-    redirect_uri: z.ZodURL;
+    redirect_uri: z.ZodOptional<z.ZodURL>;
 }, z.core.$strip>, z.ZodObject<{
-    client_id: z.ZodString;
+    client_id: any;
     client_secret: z.ZodString;
-    audience: z.ZodOptional<z.ZodString>;
-    scope: z.ZodOptional<z.ZodString>;
     grant_type: z.ZodEnum<{
         client_credentials: "client_credentials";
     }>;
+    scope: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>, z.ZodObject<{
+    client_id: any;
+    client_secret: z.ZodString;
     grant_type: z.ZodEnum<{
         refresh_token: "refresh_token";
     }>;
     refresh_token: z.ZodString;
     scope: z.ZodOptional<z.ZodString>;
-    client_id: z.ZodString;
-    client_secret: z.ZodString;
 }, z.core.$strip>], "grant_type">;
-export type Payload = z.output<typeof Schema>;
+export type RequestInput = z.input<typeof RequestSchema>;
+export type RequestPayload = z.output<typeof RequestSchema>;
+export declare const ResponseSchema: z.ZodObject<{
+    access_token: z.ZodString;
+    token_type: z.ZodLiteral<"Bearer">;
+    expires_in: z.ZodOptional<z.ZodNumber>;
+    refresh_token: z.ZodOptional<z.ZodString>;
+    scope: z.ZodOptional<z.ZodString>;
+    id_token: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type ResponseInput = z.input<typeof ResponseSchema>;
+export type ResponsePayload = z.output<typeof ResponseSchema>;
 //# sourceMappingURL=schema.d.ts.map

package/dist/esm/oauth/token/schema/schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/token/schema/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAM5B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2BAA2B,CAAC;AAE1C;;GAEG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;iCAIjB,CAAC;AACH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC"}
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/token/schema/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAO5B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2BAA2B,CAAC;AAE1C;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;iCAIxB,CAAC;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACzD,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;AAK5D,eAAO,MAAM,cAAc;;;;;;;iBA6CzB,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAC3D,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,cAAc,CAAC,CAAC"}

package/dist/esm/oauth/token/schema/schema.js

@@ -1,15 +1,60 @@
 import * as z from 'zod/v4';
-import { AuthorizationCodeSchema } from './grants/authorization-code.js';
-import { ClientCredentialsSchema } from './grants/client-credentials.js';
-import { RefreshTokenSchema } from './grants/refresh-token.js';
+import { ScopeSchema } from '../../common/schema.js';
+import { AuthorizationCodeRequestSchema } from './grants/authorization-code.js';
+import { ClientCredentialsRequestSchema } from './grants/client-credentials.js';
+import { RefreshTokenRequestSchema } from './grants/refresh-token.js';
 export * from './grants/authorization-code.js';
 export * from './grants/client-credentials.js';
 export * from './grants/refresh-token.js';
 /**
  * Union(s)
  */
-export const Schema = z.discriminatedUnion('grant_type', [
-    AuthorizationCodeSchema,
-    ClientCredentialsSchema,
-    RefreshTokenSchema,
+export const RequestSchema = z.discriminatedUnion('grant_type', [
+    AuthorizationCodeRequestSchema,
+    ClientCredentialsRequestSchema,
+    RefreshTokenRequestSchema,
 ]);
+/*
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
+ */
+export const ResponseSchema = z.object({
+    /**
+     * REQUIRED. The access token issued by the authorization server.
+     * Typically a JWT or an opaque string.
+     */
+    access_token: z
+        .string()
+        .min(1)
+        .describe('The access token issued by the authorization server.'),
+    /**
+     * REQUIRED. The type of the token issued. Value is typically 'Bearer'.
+     */
+    token_type: z
+        .literal('Bearer')
+        .describe('The type of the token issued. Must be "Bearer".'),
+    /**
+     * RECOMMENDED. The lifetime in seconds of the access token.
+     * For example, the value 3600 represents an expiration time of one hour.
+     */
+    expires_in: z
+        .number()
+        .int()
+        .positive()
+        .optional()
+        .describe('The lifetime in seconds of the access token.'),
+    /**
+     * OPTIONAL. The refresh token, which can be used to obtain a new access token
+     * when the current one expires.
+     */
+    refresh_token: z.string().min(1).optional().describe('The refresh token.'),
+    /**
+     * OPTIONAL. The scope of the access token as issued by the authorization server.
+     * If omitted, the scope is the same as the scope originally requested by the client.
+     */
+    scope: ScopeSchema.optional(),
+    /**
+     * OPTIONAL, for OpenID Connect (OIDC). The ID token, a JWT that contains claims
+     * about the authentication of the end-user.
+     */
+    id_token: z.string().min(1).optional().describe('The ID Token (OIDC only).'),
+});

package/dist/esm/oauth/token/schema/schema.test.js

@@ -1,6 +1,6 @@
 import { describe, expect, test } from 'vitest';
 import { generateAppId } from '../../../app/utils.js';
-import { Schema } from './schema.js';
+import { RequestSchema } from './schema.js';
 describe('OAuth Token - Schema', () => {
     describe('Schema union', () => {
         test('should accept authorization code grant', () => {
@@ -8,9 +8,10 @@ describe('OAuth Token - Schema', () => {
                 grant_type: 'authorization_code',
                 code: 'auth_code_123',
                 client_id: generateAppId(),
+                client_secret: 'secret_123',
                 redirect_uri: 'https://example.com/callback',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             expect(result.success).toBe(true);
             if (result.success) {
@@ -22,10 +23,11 @@ describe('OAuth Token - Schema', () => {
                 grant_type: 'authorization_code',
                 code: 'auth_code_123',
                 client_id: generateAppId(),
+                client_secret: 'secret_123',
                 redirect_uri: 'https://example.com/callback',
                 code_verifier: 'pkce_verifier_123',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             expect(result.success).toBe(true);
             if (result.success) {
@@ -40,7 +42,7 @@ describe('OAuth Token - Schema', () => {
                 client_secret: 'secret_123',
                 redirect_uri: 'https://example.com/callback',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             expect(result.success).toBe(true);
             if (result.success) {
@@ -54,7 +56,7 @@ describe('OAuth Token - Schema', () => {
                 client_secret: 'secret_123',
                 scope: 'read write',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             expect(result.success).toBe(true);
             if (result.success) {
@@ -69,7 +71,7 @@ describe('OAuth Token - Schema', () => {
                 client_secret: 'secret_123',
                 scope: 'read',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             expect(result.success).toBe(true);
             if (result.success) {
@@ -83,7 +85,7 @@ describe('OAuth Token - Schema', () => {
                 client_id: generateAppId(),
                 redirect_uri: 'https://example.com/callback',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             expect(result.success).toBe(false);
         });
         test('should reject authorization code without required fields', () => {
@@ -92,7 +94,7 @@ describe('OAuth Token - Schema', () => {
                 client_id: generateAppId(),
                 // missing code and redirect_uri
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             expect(result.success).toBe(false);
         });
         test('should reject invalid redirect URI', () => {
@@ -102,7 +104,7 @@ describe('OAuth Token - Schema', () => {
                 client_id: generateAppId(),
                 redirect_uri: 'not-a-valid-url',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             expect(result.success).toBe(false);
         });
         test('should reject client credentials without required fields', () => {
@@ -111,7 +113,7 @@ describe('OAuth Token - Schema', () => {
                 client_id: generateAppId(),
                 // missing client_secret
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             expect(result.success).toBe(false);
         });
         test('should reject refresh token without required fields', () => {
@@ -120,14 +122,14 @@ describe('OAuth Token - Schema', () => {
                 client_id: 'app_123',
                 // missing refresh_token and client_secret
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             expect(result.success).toBe(false);
         });
         test('should reject completely invalid payload', () => {
             const payload = {
                 invalid: 'data',
             };
-            const result = Schema.safeParse(payload);
+            const result = RequestSchema.safeParse(payload);
             expect(result.success).toBe(false);
         });
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@go-mondo/identity-sdk",
-  "version": "0.0.2-beta.44",
+  "version": "0.0.2-beta.45",
   "type": "module",
   "description": "A node SDK for Mondo Identity",
   "license": "MIT",

package/dist/esm/package.json

@@ -1 +0,0 @@
-{ "type": "module" }