@idp.global/interfaces 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/changelog.md +8 -0
  2. package/dist_ts/00_commitinfo_data.js +1 -1
  3. package/dist_ts/data/oidc.d.ts +4 -2
  4. package/dist_ts/request/authorization.d.ts +4 -4
  5. package/package.json +1 -1
  6. package/ts/00_commitinfo_data.ts +1 -1
  7. package/ts/data/oidc.ts +4 -2
  8. package/ts/request/authorization.ts +4 -4
package/changelog.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## 2026-06-21 - 3.0.0
4
+
5
+ ### Breaking Changes
6
+
7
+ - require PKCE parameters and refresh token family IDs (oidc)
8
+ - Require codeChallenge and codeChallengeMethod on OIDC authorization code data and authorization request contracts.
9
+ - Add required familyId to refresh token data for rotation family tracking.
10
+
3
11
  ## 2026-06-20 - 2.0.0
4
12
 
5
13
  ### Breaking Changes
package/dist_ts/00_commitinfo_data.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '2.0.0',
6
+ version: '3.0.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  };
9
9
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSx3QkFBd0I7SUFDOUIsT0FBTyxFQUFFLE9BQU87SUFDaEIsV0FBVyxFQUFFLHVGQUF1RjtDQUNyRyxDQUFBIn0=
package/dist_ts/data/oidc.d.ts CHANGED
@@ -22,9 +22,9 @@ export interface IAuthorizationCode {
22
22
  /** Redirect URI used in authorization request */
23
23
  redirectUri: string;
24
24
  /** PKCE code challenge (S256 hashed) */
25
- codeChallenge?: string;
25
+ codeChallenge: string;
26
26
  /** PKCE code challenge method */
27
- codeChallengeMethod?: 'S256';
27
+ codeChallengeMethod: 'S256';
28
28
  /** Nonce from authorization request (for ID token) */
29
29
  nonce?: string;
30
30
  /** Expiration timestamp (10 minutes from creation) */
@@ -69,6 +69,8 @@ export interface IOidcRefreshToken {
69
69
  userId: string;
70
70
  /** Granted scopes */
71
71
  scopes: TOidcScope[];
72
+ /** Rotation family identifier for refresh token reuse detection */
73
+ familyId: string;
72
74
  /** Expiration timestamp */
73
75
  expiresAt: number;
74
76
  /** Creation timestamp */
package/dist_ts/request/authorization.d.ts CHANGED
@@ -22,8 +22,8 @@ export interface IReq_CompleteOidcAuthorization extends plugins.typedRequestInte
22
22
  scope: string;
23
23
  state: string;
24
24
  prompt?: 'none' | 'login' | 'consent';
25
- codeChallenge?: string;
26
- codeChallengeMethod?: 'S256';
25
+ codeChallenge: string;
26
+ codeChallengeMethod: 'S256';
27
27
  nonce?: string;
28
28
  consentApproved?: boolean;
29
29
  };
@@ -41,8 +41,8 @@ export interface IReq_PrepareOidcAuthorization extends plugins.typedRequestInter
41
41
  scope: string;
42
42
  state: string;
43
43
  prompt?: 'none' | 'login' | 'consent';
44
- codeChallenge?: string;
45
- codeChallengeMethod?: 'S256';
44
+ codeChallenge: string;
45
+ codeChallengeMethod: 'S256';
46
46
  nonce?: string;
47
47
  };
48
48
  response: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@idp.global/interfaces",
3
- "version": "2.0.0",
3
+ "version": "3.0.0",
4
4
  "private": false,
5
5
  "description": "Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.",
6
6
  "exports": {
package/ts/00_commitinfo_data.ts CHANGED
@@ -3,6 +3,6 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '2.0.0',
6
+ version: '3.0.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  }
package/ts/data/oidc.ts CHANGED
@@ -24,9 +24,9 @@ export interface IAuthorizationCode {
24
24
  /** Redirect URI used in authorization request */
25
25
  redirectUri: string;
26
26
  /** PKCE code challenge (S256 hashed) */
27
- codeChallenge?: string;
27
+ codeChallenge: string;
28
28
  /** PKCE code challenge method */
29
- codeChallengeMethod?: 'S256';
29
+ codeChallengeMethod: 'S256';
30
30
  /** Nonce from authorization request (for ID token) */
31
31
  nonce?: string;
32
32
  /** Expiration timestamp (10 minutes from creation) */
@@ -73,6 +73,8 @@ export interface IOidcRefreshToken {
73
73
  userId: string;
74
74
  /** Granted scopes */
75
75
  scopes: TOidcScope[];
76
+ /** Rotation family identifier for refresh token reuse detection */
77
+ familyId: string;
76
78
  /** Expiration timestamp */
77
79
  expiresAt: number;
78
80
  /** Creation timestamp */
package/ts/request/authorization.ts CHANGED
@@ -32,8 +32,8 @@ export interface IReq_CompleteOidcAuthorization
32
32
  scope: string;
33
33
  state: string;
34
34
  prompt?: 'none' | 'login' | 'consent';
35
- codeChallenge?: string;
36
- codeChallengeMethod?: 'S256';
35
+ codeChallenge: string;
36
+ codeChallengeMethod: 'S256';
37
37
  nonce?: string;
38
38
  consentApproved?: boolean;
39
39
  };
@@ -56,8 +56,8 @@ export interface IReq_PrepareOidcAuthorization
56
56
  scope: string;
57
57
  state: string;
58
58
  prompt?: 'none' | 'login' | 'consent';
59
- codeChallenge?: string;
60
- codeChallengeMethod?: 'S256';
59
+ codeChallenge: string;
60
+ codeChallengeMethod: 'S256';
61
61
  nonce?: string;
62
62
  };
63
63
  response: {