@idp.global/interfaces 2.0.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/changelog.md +16 -0
  2. package/dist_ts/00_commitinfo_data.js +1 -1
  3. package/dist_ts/data/oidc.d.ts +7 -5
  4. package/dist_ts/request/authorization.d.ts +4 -4
  5. package/package.json +1 -1
  6. package/ts/00_commitinfo_data.ts +1 -1
  7. package/ts/data/oidc.ts +7 -5
  8. package/ts/request/authorization.ts +4 -4
package/changelog.md CHANGED
@@ -1,5 +1,21 @@
1
1
  # Changelog
2
2
 
3
+ ## 2026-06-21 - 4.0.0
4
+
5
+ ### Breaking Changes
6
+
7
+ - require PKCE parameters for OIDC authorization code flow (oidc)
8
+ - Make code_challenge and code_challenge_method mandatory on authorization requests
9
+ - Make code_verifier mandatory on authorization code token requests
10
+
11
+ ## 2026-06-21 - 3.0.0
12
+
13
+ ### Breaking Changes
14
+
15
+ - require PKCE parameters and refresh token family IDs (oidc)
16
+ - Require codeChallenge and codeChallengeMethod on OIDC authorization code data and authorization request contracts.
17
+ - Add required familyId to refresh token data for rotation family tracking.
18
+
3
19
  ## 2026-06-20 - 2.0.0
4
20
 
5
21
  ### Breaking Changes
package/dist_ts/00_commitinfo_data.js CHANGED
@@ -3,7 +3,7 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '2.0.0',
6
+ version: '4.0.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  };
9
9
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSx3QkFBd0I7SUFDOUIsT0FBTyxFQUFFLE9BQU87SUFDaEIsV0FBVyxFQUFFLHVGQUF1RjtDQUNyRyxDQUFBIn0=
package/dist_ts/data/oidc.d.ts CHANGED
@@ -22,9 +22,9 @@ export interface IAuthorizationCode {
22
22
  /** Redirect URI used in authorization request */
23
23
  redirectUri: string;
24
24
  /** PKCE code challenge (S256 hashed) */
25
- codeChallenge?: string;
25
+ codeChallenge: string;
26
26
  /** PKCE code challenge method */
27
- codeChallengeMethod?: 'S256';
27
+ codeChallengeMethod: 'S256';
28
28
  /** Nonce from authorization request (for ID token) */
29
29
  nonce?: string;
30
30
  /** Expiration timestamp (10 minutes from creation) */
@@ -69,6 +69,8 @@ export interface IOidcRefreshToken {
69
69
  userId: string;
70
70
  /** Granted scopes */
71
71
  scopes: TOidcScope[];
72
+ /** Rotation family identifier for refresh token reuse detection */
73
+ familyId: string;
72
74
  /** Expiration timestamp */
73
75
  expiresAt: number;
74
76
  /** Creation timestamp */
@@ -216,8 +218,8 @@ export interface IAuthorizationRequest {
216
218
  response_type: 'code';
217
219
  scope: string;
218
220
  state: string;
219
- code_challenge?: string;
220
- code_challenge_method?: 'S256';
221
+ code_challenge: string;
222
+ code_challenge_method: 'S256';
221
223
  nonce?: string;
222
224
  prompt?: 'none' | 'login' | 'consent';
223
225
  }
@@ -230,7 +232,7 @@ export interface ITokenRequestAuthCode {
230
232
  redirect_uri: string;
231
233
  client_id: string;
232
234
  client_secret?: string;
233
- code_verifier?: string;
235
+ code_verifier: string;
234
236
  }
235
237
  /**
236
238
  * Token request for refresh_token grant
package/dist_ts/request/authorization.d.ts CHANGED
@@ -22,8 +22,8 @@ export interface IReq_CompleteOidcAuthorization extends plugins.typedRequestInte
22
22
  scope: string;
23
23
  state: string;
24
24
  prompt?: 'none' | 'login' | 'consent';
25
- codeChallenge?: string;
26
- codeChallengeMethod?: 'S256';
25
+ codeChallenge: string;
26
+ codeChallengeMethod: 'S256';
27
27
  nonce?: string;
28
28
  consentApproved?: boolean;
29
29
  };
@@ -41,8 +41,8 @@ export interface IReq_PrepareOidcAuthorization extends plugins.typedRequestInter
41
41
  scope: string;
42
42
  state: string;
43
43
  prompt?: 'none' | 'login' | 'consent';
44
- codeChallenge?: string;
45
- codeChallengeMethod?: 'S256';
44
+ codeChallenge: string;
45
+ codeChallengeMethod: 'S256';
46
46
  nonce?: string;
47
47
  };
48
48
  response: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@idp.global/interfaces",
3
- "version": "2.0.0",
3
+ "version": "4.0.0",
4
4
  "private": false,
5
5
  "description": "Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.",
6
6
  "exports": {
package/ts/00_commitinfo_data.ts CHANGED
@@ -3,6 +3,6 @@
3
3
  */
4
4
  export const commitinfo = {
5
5
  name: '@idp.global/interfaces',
6
- version: '2.0.0',
6
+ version: '4.0.0',
7
7
  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
8
8
  }
package/ts/data/oidc.ts CHANGED
@@ -24,9 +24,9 @@ export interface IAuthorizationCode {
24
24
  /** Redirect URI used in authorization request */
25
25
  redirectUri: string;
26
26
  /** PKCE code challenge (S256 hashed) */
27
- codeChallenge?: string;
27
+ codeChallenge: string;
28
28
  /** PKCE code challenge method */
29
- codeChallengeMethod?: 'S256';
29
+ codeChallengeMethod: 'S256';
30
30
  /** Nonce from authorization request (for ID token) */
31
31
  nonce?: string;
32
32
  /** Expiration timestamp (10 minutes from creation) */
@@ -73,6 +73,8 @@ export interface IOidcRefreshToken {
73
73
  userId: string;
74
74
  /** Granted scopes */
75
75
  scopes: TOidcScope[];
76
+ /** Rotation family identifier for refresh token reuse detection */
77
+ familyId: string;
76
78
  /** Expiration timestamp */
77
79
  expiresAt: number;
78
80
  /** Creation timestamp */
@@ -246,8 +248,8 @@ export interface IAuthorizationRequest {
246
248
  response_type: 'code';
247
249
  scope: string;
248
250
  state: string;
249
- code_challenge?: string;
250
- code_challenge_method?: 'S256';
251
+ code_challenge: string;
252
+ code_challenge_method: 'S256';
251
253
  nonce?: string;
252
254
  prompt?: 'none' | 'login' | 'consent';
253
255
  }
@@ -261,7 +263,7 @@ export interface ITokenRequestAuthCode {
261
263
  redirect_uri: string;
262
264
  client_id: string;
263
265
  client_secret?: string;
264
- code_verifier?: string;
266
+ code_verifier: string;
265
267
  }
266
268
 
267
269
  /**
package/ts/request/authorization.ts CHANGED
@@ -32,8 +32,8 @@ export interface IReq_CompleteOidcAuthorization
32
32
  scope: string;
33
33
  state: string;
34
34
  prompt?: 'none' | 'login' | 'consent';
35
- codeChallenge?: string;
36
- codeChallengeMethod?: 'S256';
35
+ codeChallenge: string;
36
+ codeChallengeMethod: 'S256';
37
37
  nonce?: string;
38
38
  consentApproved?: boolean;
39
39
  };
@@ -56,8 +56,8 @@ export interface IReq_PrepareOidcAuthorization
56
56
  scope: string;
57
57
  state: string;
58
58
  prompt?: 'none' | 'login' | 'consent';
59
- codeChallenge?: string;
60
- codeChallengeMethod?: 'S256';
59
+ codeChallenge: string;
60
+ codeChallengeMethod: 'S256';
61
61
  nonce?: string;
62
62
  };
63
63
  response: {