@modelcontextprotocol/sdk 1.17.3 → 1.17.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/cjs/client/auth.js +1 -1
  2. package/dist/cjs/client/auth.js.map +1 -1
  3. package/dist/cjs/client/middleware.d.ts +169 -0
  4. package/dist/cjs/client/middleware.d.ts.map +1 -0
  5. package/dist/cjs/client/middleware.js +256 -0
  6. package/dist/cjs/client/middleware.js.map +1 -0
  7. package/dist/cjs/shared/auth.d.ts +89 -85
  8. package/dist/cjs/shared/auth.d.ts.map +1 -1
  9. package/dist/cjs/shared/auth.js +36 -19
  10. package/dist/cjs/shared/auth.js.map +1 -1
  11. package/dist/esm/client/auth.js +1 -1
  12. package/dist/esm/client/auth.js.map +1 -1
  13. package/dist/esm/client/middleware.d.ts +169 -0
  14. package/dist/esm/client/middleware.d.ts.map +1 -0
  15. package/dist/esm/client/middleware.js +249 -0
  16. package/dist/esm/client/middleware.js.map +1 -0
  17. package/dist/esm/shared/auth.d.ts +89 -85
  18. package/dist/esm/shared/auth.d.ts.map +1 -1
  19. package/dist/esm/shared/auth.js +35 -18
  20. package/dist/esm/shared/auth.js.map +1 -1
  21. package/package.json +1 -1
package/dist/cjs/shared/auth.d.ts CHANGED
@@ -1,10 +1,14 @@
1
1
  import { z } from "zod";
2
+ /**
3
+ * Reusable URL validation that disallows javascript: scheme
4
+ */
5
+ export declare const SafeUrlSchema: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
2
6
  /**
3
7
  * RFC 9728 OAuth Protected Resource Metadata
4
8
  */
5
9
  export declare const OAuthProtectedResourceMetadataSchema: z.ZodObject<{
6
10
  resource: z.ZodString;
7
- authorization_servers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
11
+ authorization_servers: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">>;
8
12
  jwks_uri: z.ZodOptional<z.ZodString>;
9
13
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
10
14
  bearer_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -19,7 +23,7 @@ export declare const OAuthProtectedResourceMetadataSchema: z.ZodObject<{
19
23
  dpop_bound_access_tokens_required: z.ZodOptional<z.ZodBoolean>;
20
24
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
21
25
  resource: z.ZodString;
22
- authorization_servers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
26
+ authorization_servers: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">>;
23
27
  jwks_uri: z.ZodOptional<z.ZodString>;
24
28
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
25
29
  bearer_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -34,7 +38,7 @@ export declare const OAuthProtectedResourceMetadataSchema: z.ZodObject<{
34
38
  dpop_bound_access_tokens_required: z.ZodOptional<z.ZodBoolean>;
35
39
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
36
40
  resource: z.ZodString;
37
- authorization_servers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
41
+ authorization_servers: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">>;
38
42
  jwks_uri: z.ZodOptional<z.ZodString>;
39
43
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
40
44
  bearer_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -53,17 +57,17 @@ export declare const OAuthProtectedResourceMetadataSchema: z.ZodObject<{
53
57
  */
54
58
  export declare const OAuthMetadataSchema: z.ZodObject<{
55
59
  issuer: z.ZodString;
56
- authorization_endpoint: z.ZodString;
57
- token_endpoint: z.ZodString;
58
- registration_endpoint: z.ZodOptional<z.ZodString>;
60
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
61
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
62
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
59
63
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
60
64
  response_types_supported: z.ZodArray<z.ZodString, "many">;
61
65
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
62
66
  grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
63
67
  token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
64
68
  token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
65
- service_documentation: z.ZodOptional<z.ZodString>;
66
- revocation_endpoint: z.ZodOptional<z.ZodString>;
69
+ service_documentation: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
70
+ revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
67
71
  revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
68
72
  revocation_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
69
73
  introspection_endpoint: z.ZodOptional<z.ZodString>;
@@ -72,17 +76,17 @@ export declare const OAuthMetadataSchema: z.ZodObject<{
72
76
  code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
73
77
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
74
78
  issuer: z.ZodString;
75
- authorization_endpoint: z.ZodString;
76
- token_endpoint: z.ZodString;
77
- registration_endpoint: z.ZodOptional<z.ZodString>;
79
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
80
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
81
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
78
82
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
79
83
  response_types_supported: z.ZodArray<z.ZodString, "many">;
80
84
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
81
85
  grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
82
86
  token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
83
87
  token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
84
- service_documentation: z.ZodOptional<z.ZodString>;
85
- revocation_endpoint: z.ZodOptional<z.ZodString>;
88
+ service_documentation: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
89
+ revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
86
90
  revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
87
91
  revocation_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
88
92
  introspection_endpoint: z.ZodOptional<z.ZodString>;
@@ -91,17 +95,17 @@ export declare const OAuthMetadataSchema: z.ZodObject<{
91
95
  code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
92
96
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
93
97
  issuer: z.ZodString;
94
- authorization_endpoint: z.ZodString;
95
- token_endpoint: z.ZodString;
96
- registration_endpoint: z.ZodOptional<z.ZodString>;
98
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
99
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
100
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
97
101
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
98
102
  response_types_supported: z.ZodArray<z.ZodString, "many">;
99
103
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
100
104
  grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
101
105
  token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
102
106
  token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
103
- service_documentation: z.ZodOptional<z.ZodString>;
104
- revocation_endpoint: z.ZodOptional<z.ZodString>;
107
+ service_documentation: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
108
+ revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
105
109
  revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
106
110
  revocation_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
107
111
  introspection_endpoint: z.ZodOptional<z.ZodString>;
@@ -115,11 +119,11 @@ export declare const OAuthMetadataSchema: z.ZodObject<{
115
119
  */
116
120
  export declare const OpenIdProviderMetadataSchema: z.ZodObject<{
117
121
  issuer: z.ZodString;
118
- authorization_endpoint: z.ZodString;
119
- token_endpoint: z.ZodString;
120
- userinfo_endpoint: z.ZodOptional<z.ZodString>;
121
- jwks_uri: z.ZodString;
122
- registration_endpoint: z.ZodOptional<z.ZodString>;
122
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
123
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
124
+ userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
125
+ jwks_uri: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
126
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
123
127
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
124
128
  response_types_supported: z.ZodArray<z.ZodString, "many">;
125
129
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -147,15 +151,15 @@ export declare const OpenIdProviderMetadataSchema: z.ZodObject<{
147
151
  request_parameter_supported: z.ZodOptional<z.ZodBoolean>;
148
152
  request_uri_parameter_supported: z.ZodOptional<z.ZodBoolean>;
149
153
  require_request_uri_registration: z.ZodOptional<z.ZodBoolean>;
150
- op_policy_uri: z.ZodOptional<z.ZodString>;
151
- op_tos_uri: z.ZodOptional<z.ZodString>;
154
+ op_policy_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
155
+ op_tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
152
156
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
153
157
  issuer: z.ZodString;
154
- authorization_endpoint: z.ZodString;
155
- token_endpoint: z.ZodString;
156
- userinfo_endpoint: z.ZodOptional<z.ZodString>;
157
- jwks_uri: z.ZodString;
158
- registration_endpoint: z.ZodOptional<z.ZodString>;
158
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
159
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
160
+ userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
161
+ jwks_uri: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
162
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
159
163
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
160
164
  response_types_supported: z.ZodArray<z.ZodString, "many">;
161
165
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -183,15 +187,15 @@ export declare const OpenIdProviderMetadataSchema: z.ZodObject<{
183
187
  request_parameter_supported: z.ZodOptional<z.ZodBoolean>;
184
188
  request_uri_parameter_supported: z.ZodOptional<z.ZodBoolean>;
185
189
  require_request_uri_registration: z.ZodOptional<z.ZodBoolean>;
186
- op_policy_uri: z.ZodOptional<z.ZodString>;
187
- op_tos_uri: z.ZodOptional<z.ZodString>;
190
+ op_policy_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
191
+ op_tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
188
192
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
189
193
  issuer: z.ZodString;
190
- authorization_endpoint: z.ZodString;
191
- token_endpoint: z.ZodString;
192
- userinfo_endpoint: z.ZodOptional<z.ZodString>;
193
- jwks_uri: z.ZodString;
194
- registration_endpoint: z.ZodOptional<z.ZodString>;
194
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
195
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
196
+ userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
197
+ jwks_uri: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
198
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
195
199
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
196
200
  response_types_supported: z.ZodArray<z.ZodString, "many">;
197
201
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -219,8 +223,8 @@ export declare const OpenIdProviderMetadataSchema: z.ZodObject<{
219
223
  request_parameter_supported: z.ZodOptional<z.ZodBoolean>;
220
224
  request_uri_parameter_supported: z.ZodOptional<z.ZodBoolean>;
221
225
  require_request_uri_registration: z.ZodOptional<z.ZodBoolean>;
222
- op_policy_uri: z.ZodOptional<z.ZodString>;
223
- op_tos_uri: z.ZodOptional<z.ZodString>;
226
+ op_policy_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
227
+ op_tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
224
228
  }, z.ZodTypeAny, "passthrough">>;
225
229
  /**
226
230
  * OpenID Connect Discovery metadata that may include OAuth 2.0 fields
@@ -229,11 +233,11 @@ export declare const OpenIdProviderMetadataSchema: z.ZodObject<{
229
233
  */
230
234
  export declare const OpenIdProviderDiscoveryMetadataSchema: z.ZodObject<z.objectUtil.extendShape<{
231
235
  issuer: z.ZodString;
232
- authorization_endpoint: z.ZodString;
233
- token_endpoint: z.ZodString;
234
- userinfo_endpoint: z.ZodOptional<z.ZodString>;
235
- jwks_uri: z.ZodString;
236
- registration_endpoint: z.ZodOptional<z.ZodString>;
236
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
237
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
238
+ userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
239
+ jwks_uri: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
240
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
237
241
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
238
242
  response_types_supported: z.ZodArray<z.ZodString, "many">;
239
243
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -261,21 +265,21 @@ export declare const OpenIdProviderDiscoveryMetadataSchema: z.ZodObject<z.object
261
265
  request_parameter_supported: z.ZodOptional<z.ZodBoolean>;
262
266
  request_uri_parameter_supported: z.ZodOptional<z.ZodBoolean>;
263
267
  require_request_uri_registration: z.ZodOptional<z.ZodBoolean>;
264
- op_policy_uri: z.ZodOptional<z.ZodString>;
265
- op_tos_uri: z.ZodOptional<z.ZodString>;
268
+ op_policy_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
269
+ op_tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
266
270
  }, Pick<{
267
271
  issuer: z.ZodString;
268
- authorization_endpoint: z.ZodString;
269
- token_endpoint: z.ZodString;
270
- registration_endpoint: z.ZodOptional<z.ZodString>;
272
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
273
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
274
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
271
275
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
272
276
  response_types_supported: z.ZodArray<z.ZodString, "many">;
273
277
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
274
278
  grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
275
279
  token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
276
280
  token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
277
- service_documentation: z.ZodOptional<z.ZodString>;
278
- revocation_endpoint: z.ZodOptional<z.ZodString>;
281
+ service_documentation: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
282
+ revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
279
283
  revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
280
284
  revocation_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
281
285
  introspection_endpoint: z.ZodOptional<z.ZodString>;
@@ -284,11 +288,11 @@ export declare const OpenIdProviderDiscoveryMetadataSchema: z.ZodObject<z.object
284
288
  code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
285
289
  }, "code_challenge_methods_supported">>, "passthrough", z.ZodTypeAny, z.objectOutputType<z.objectUtil.extendShape<{
286
290
  issuer: z.ZodString;
287
- authorization_endpoint: z.ZodString;
288
- token_endpoint: z.ZodString;
289
- userinfo_endpoint: z.ZodOptional<z.ZodString>;
290
- jwks_uri: z.ZodString;
291
- registration_endpoint: z.ZodOptional<z.ZodString>;
291
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
292
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
293
+ userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
294
+ jwks_uri: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
295
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
292
296
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
293
297
  response_types_supported: z.ZodArray<z.ZodString, "many">;
294
298
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -316,21 +320,21 @@ export declare const OpenIdProviderDiscoveryMetadataSchema: z.ZodObject<z.object
316
320
  request_parameter_supported: z.ZodOptional<z.ZodBoolean>;
317
321
  request_uri_parameter_supported: z.ZodOptional<z.ZodBoolean>;
318
322
  require_request_uri_registration: z.ZodOptional<z.ZodBoolean>;
319
- op_policy_uri: z.ZodOptional<z.ZodString>;
320
- op_tos_uri: z.ZodOptional<z.ZodString>;
323
+ op_policy_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
324
+ op_tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
321
325
  }, Pick<{
322
326
  issuer: z.ZodString;
323
- authorization_endpoint: z.ZodString;
324
- token_endpoint: z.ZodString;
325
- registration_endpoint: z.ZodOptional<z.ZodString>;
327
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
328
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
329
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
326
330
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
327
331
  response_types_supported: z.ZodArray<z.ZodString, "many">;
328
332
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
329
333
  grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
330
334
  token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
331
335
  token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
332
- service_documentation: z.ZodOptional<z.ZodString>;
333
- revocation_endpoint: z.ZodOptional<z.ZodString>;
336
+ service_documentation: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
337
+ revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
334
338
  revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
335
339
  revocation_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
336
340
  introspection_endpoint: z.ZodOptional<z.ZodString>;
@@ -339,11 +343,11 @@ export declare const OpenIdProviderDiscoveryMetadataSchema: z.ZodObject<z.object
339
343
  code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
340
344
  }, "code_challenge_methods_supported">>, z.ZodTypeAny, "passthrough">, z.objectInputType<z.objectUtil.extendShape<{
341
345
  issuer: z.ZodString;
342
- authorization_endpoint: z.ZodString;
343
- token_endpoint: z.ZodString;
344
- userinfo_endpoint: z.ZodOptional<z.ZodString>;
345
- jwks_uri: z.ZodString;
346
- registration_endpoint: z.ZodOptional<z.ZodString>;
346
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
347
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
348
+ userinfo_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
349
+ jwks_uri: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
350
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
347
351
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
348
352
  response_types_supported: z.ZodArray<z.ZodString, "many">;
349
353
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -371,21 +375,21 @@ export declare const OpenIdProviderDiscoveryMetadataSchema: z.ZodObject<z.object
371
375
  request_parameter_supported: z.ZodOptional<z.ZodBoolean>;
372
376
  request_uri_parameter_supported: z.ZodOptional<z.ZodBoolean>;
373
377
  require_request_uri_registration: z.ZodOptional<z.ZodBoolean>;
374
- op_policy_uri: z.ZodOptional<z.ZodString>;
375
- op_tos_uri: z.ZodOptional<z.ZodString>;
378
+ op_policy_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
379
+ op_tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
376
380
  }, Pick<{
377
381
  issuer: z.ZodString;
378
- authorization_endpoint: z.ZodString;
379
- token_endpoint: z.ZodString;
380
- registration_endpoint: z.ZodOptional<z.ZodString>;
382
+ authorization_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
383
+ token_endpoint: z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>;
384
+ registration_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
381
385
  scopes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
382
386
  response_types_supported: z.ZodArray<z.ZodString, "many">;
383
387
  response_modes_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
384
388
  grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
385
389
  token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
386
390
  token_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
387
- service_documentation: z.ZodOptional<z.ZodString>;
388
- revocation_endpoint: z.ZodOptional<z.ZodString>;
391
+ service_documentation: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
392
+ revocation_endpoint: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
389
393
  revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
390
394
  revocation_endpoint_auth_signing_alg_values_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
391
395
  introspection_endpoint: z.ZodOptional<z.ZodString>;
@@ -438,18 +442,18 @@ export declare const OAuthErrorResponseSchema: z.ZodObject<{
438
442
  * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata
439
443
  */
440
444
  export declare const OAuthClientMetadataSchema: z.ZodObject<{
441
- redirect_uris: z.ZodEffects<z.ZodArray<z.ZodString, "many">, string[], string[]>;
445
+ redirect_uris: z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">;
442
446
  token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
443
447
  grant_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
444
448
  response_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
445
449
  client_name: z.ZodOptional<z.ZodString>;
446
- client_uri: z.ZodOptional<z.ZodString>;
447
- logo_uri: z.ZodOptional<z.ZodString>;
450
+ client_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
451
+ logo_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
448
452
  scope: z.ZodOptional<z.ZodString>;
449
453
  contacts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
450
- tos_uri: z.ZodOptional<z.ZodString>;
454
+ tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
451
455
  policy_uri: z.ZodOptional<z.ZodString>;
452
- jwks_uri: z.ZodOptional<z.ZodString>;
456
+ jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
453
457
  jwks: z.ZodOptional<z.ZodAny>;
454
458
  software_id: z.ZodOptional<z.ZodString>;
455
459
  software_version: z.ZodOptional<z.ZodString>;
@@ -512,18 +516,18 @@ export declare const OAuthClientInformationSchema: z.ZodObject<{
512
516
  * RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)
513
517
  */
514
518
  export declare const OAuthClientInformationFullSchema: z.ZodObject<z.objectUtil.extendShape<{
515
- redirect_uris: z.ZodEffects<z.ZodArray<z.ZodString, "many">, string[], string[]>;
519
+ redirect_uris: z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">;
516
520
  token_endpoint_auth_method: z.ZodOptional<z.ZodString>;
517
521
  grant_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
518
522
  response_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
519
523
  client_name: z.ZodOptional<z.ZodString>;
520
- client_uri: z.ZodOptional<z.ZodString>;
521
- logo_uri: z.ZodOptional<z.ZodString>;
524
+ client_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
525
+ logo_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
522
526
  scope: z.ZodOptional<z.ZodString>;
523
527
  contacts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
524
- tos_uri: z.ZodOptional<z.ZodString>;
528
+ tos_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
525
529
  policy_uri: z.ZodOptional<z.ZodString>;
526
- jwks_uri: z.ZodOptional<z.ZodString>;
530
+ jwks_uri: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>>;
527
531
  jwks: z.ZodOptional<z.ZodAny>;
528
532
  software_id: z.ZodOptional<z.ZodString>;
529
533
  software_version: z.ZodOptional<z.ZodString>;
package/dist/cjs/shared/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/shared/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAiBjC,CAAC;AAEjB;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA6BhB,CAAC;AAEjB;;;GAGG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA4CzB,CAAC;AAEjB;;;;GAIG;AACH,eAAO,MAAM,qCAAqC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sEAK/C,CAAC;AAEJ;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;EASpB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;EAKjC,CAAC;AAEL;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiB5B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;EAK/B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAgE,CAAC;AAE9G;;GAEG;AACH,eAAO,MAAM,kCAAkC;;;;;;;;;EAGrC,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,iCAAiC;;;;;;;;;EAGpC,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AAEpG,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAC1F,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAC9F,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAC5F,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAGlG,MAAM,MAAM,2BAA2B,GAAG,aAAa,GAAG,+BAA+B,CAAC"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/shared/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,aAAa,yEAiBzB,CAAC;AAGF;;GAEG;AACH,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAiBjC,CAAC;AAEjB;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA6BhB,CAAC;AAEjB;;;GAGG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA4CzB,CAAC;AAEjB;;;;GAIG;AACH,eAAO,MAAM,qCAAqC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sEAK/C,CAAC;AAEJ;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;EASpB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;EAKjC,CAAC;AAEL;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiB5B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;EAK/B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAgE,CAAC;AAE9G;;GAEG;AACH,eAAO,MAAM,kCAAkC;;;;;;;;;EAGrC,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,iCAAiC;;;;;;;;;EAGpC,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AAEpG,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAC1F,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAC9F,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAC5F,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAGlG,MAAM,MAAM,2BAA2B,GAAG,aAAa,GAAG,+BAA+B,CAAC"}
package/dist/cjs/shared/auth.js CHANGED
@@ -1,14 +1,31 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OAuthTokenRevocationRequestSchema = exports.OAuthClientRegistrationErrorSchema = exports.OAuthClientInformationFullSchema = exports.OAuthClientInformationSchema = exports.OAuthClientMetadataSchema = exports.OAuthErrorResponseSchema = exports.OAuthTokensSchema = exports.OpenIdProviderDiscoveryMetadataSchema = exports.OpenIdProviderMetadataSchema = exports.OAuthMetadataSchema = exports.OAuthProtectedResourceMetadataSchema = void 0;
3
+ exports.OAuthTokenRevocationRequestSchema = exports.OAuthClientRegistrationErrorSchema = exports.OAuthClientInformationFullSchema = exports.OAuthClientInformationSchema = exports.OAuthClientMetadataSchema = exports.OAuthErrorResponseSchema = exports.OAuthTokensSchema = exports.OpenIdProviderDiscoveryMetadataSchema = exports.OpenIdProviderMetadataSchema = exports.OAuthMetadataSchema = exports.OAuthProtectedResourceMetadataSchema = exports.SafeUrlSchema = void 0;
4
4
  const zod_1 = require("zod");
5
+ /**
6
+ * Reusable URL validation that disallows javascript: scheme
7
+ */
8
+ exports.SafeUrlSchema = zod_1.z.string().url()
9
+ .superRefine((val, ctx) => {
10
+ if (!URL.canParse(val)) {
11
+ ctx.addIssue({
12
+ code: zod_1.z.ZodIssueCode.custom,
13
+ message: "URL must be parseable",
14
+ fatal: true,
15
+ });
16
+ return zod_1.z.NEVER;
17
+ }
18
+ }).refine((url) => {
19
+ const u = new URL(url);
20
+ return u.protocol !== 'javascript:' && u.protocol !== 'data:' && u.protocol !== 'vbscript:';
21
+ }, { message: "URL cannot use javascript:, data:, or vbscript: scheme" });
5
22
  /**
6
23
  * RFC 9728 OAuth Protected Resource Metadata
7
24
  */
8
25
  exports.OAuthProtectedResourceMetadataSchema = zod_1.z
9
26
  .object({
10
27
  resource: zod_1.z.string().url(),
11
- authorization_servers: zod_1.z.array(zod_1.z.string().url()).optional(),
28
+ authorization_servers: zod_1.z.array(exports.SafeUrlSchema).optional(),
12
29
  jwks_uri: zod_1.z.string().url().optional(),
13
30
  scopes_supported: zod_1.z.array(zod_1.z.string()).optional(),
14
31
  bearer_methods_supported: zod_1.z.array(zod_1.z.string()).optional(),
@@ -29,9 +46,9 @@ exports.OAuthProtectedResourceMetadataSchema = zod_1.z
29
46
  exports.OAuthMetadataSchema = zod_1.z
30
47
  .object({
31
48
  issuer: zod_1.z.string(),
32
- authorization_endpoint: zod_1.z.string(),
33
- token_endpoint: zod_1.z.string(),
34
- registration_endpoint: zod_1.z.string().optional(),
49
+ authorization_endpoint: exports.SafeUrlSchema,
50
+ token_endpoint: exports.SafeUrlSchema,
51
+ registration_endpoint: exports.SafeUrlSchema.optional(),
35
52
  scopes_supported: zod_1.z.array(zod_1.z.string()).optional(),
36
53
  response_types_supported: zod_1.z.array(zod_1.z.string()),
37
54
  response_modes_supported: zod_1.z.array(zod_1.z.string()).optional(),
@@ -40,8 +57,8 @@ exports.OAuthMetadataSchema = zod_1.z
40
57
  token_endpoint_auth_signing_alg_values_supported: zod_1.z
41
58
  .array(zod_1.z.string())
42
59
  .optional(),
43
- service_documentation: zod_1.z.string().optional(),
44
- revocation_endpoint: zod_1.z.string().optional(),
60
+ service_documentation: exports.SafeUrlSchema.optional(),
61
+ revocation_endpoint: exports.SafeUrlSchema.optional(),
45
62
  revocation_endpoint_auth_methods_supported: zod_1.z.array(zod_1.z.string()).optional(),
46
63
  revocation_endpoint_auth_signing_alg_values_supported: zod_1.z
47
64
  .array(zod_1.z.string())
@@ -63,11 +80,11 @@ exports.OAuthMetadataSchema = zod_1.z
63
80
  exports.OpenIdProviderMetadataSchema = zod_1.z
64
81
  .object({
65
82
  issuer: zod_1.z.string(),
66
- authorization_endpoint: zod_1.z.string(),
67
- token_endpoint: zod_1.z.string(),
68
- userinfo_endpoint: zod_1.z.string().optional(),
69
- jwks_uri: zod_1.z.string(),
70
- registration_endpoint: zod_1.z.string().optional(),
83
+ authorization_endpoint: exports.SafeUrlSchema,
84
+ token_endpoint: exports.SafeUrlSchema,
85
+ userinfo_endpoint: exports.SafeUrlSchema.optional(),
86
+ jwks_uri: exports.SafeUrlSchema,
87
+ registration_endpoint: exports.SafeUrlSchema.optional(),
71
88
  scopes_supported: zod_1.z.array(zod_1.z.string()).optional(),
72
89
  response_types_supported: zod_1.z.array(zod_1.z.string()),
73
90
  response_modes_supported: zod_1.z.array(zod_1.z.string()).optional(),
@@ -101,8 +118,8 @@ exports.OpenIdProviderMetadataSchema = zod_1.z
101
118
  request_parameter_supported: zod_1.z.boolean().optional(),
102
119
  request_uri_parameter_supported: zod_1.z.boolean().optional(),
103
120
  require_request_uri_registration: zod_1.z.boolean().optional(),
104
- op_policy_uri: zod_1.z.string().optional(),
105
- op_tos_uri: zod_1.z.string().optional(),
121
+ op_policy_uri: exports.SafeUrlSchema.optional(),
122
+ op_tos_uri: exports.SafeUrlSchema.optional(),
106
123
  })
107
124
  .passthrough();
108
125
  /**
@@ -139,18 +156,18 @@ exports.OAuthErrorResponseSchema = zod_1.z
139
156
  * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata
140
157
  */
141
158
  exports.OAuthClientMetadataSchema = zod_1.z.object({
142
- redirect_uris: zod_1.z.array(zod_1.z.string()).refine((uris) => uris.every((uri) => URL.canParse(uri)), { message: "redirect_uris must contain valid URLs" }),
159
+ redirect_uris: zod_1.z.array(exports.SafeUrlSchema),
143
160
  token_endpoint_auth_method: zod_1.z.string().optional(),
144
161
  grant_types: zod_1.z.array(zod_1.z.string()).optional(),
145
162
  response_types: zod_1.z.array(zod_1.z.string()).optional(),
146
163
  client_name: zod_1.z.string().optional(),
147
- client_uri: zod_1.z.string().optional(),
148
- logo_uri: zod_1.z.string().optional(),
164
+ client_uri: exports.SafeUrlSchema.optional(),
165
+ logo_uri: exports.SafeUrlSchema.optional(),
149
166
  scope: zod_1.z.string().optional(),
150
167
  contacts: zod_1.z.array(zod_1.z.string()).optional(),
151
- tos_uri: zod_1.z.string().optional(),
168
+ tos_uri: exports.SafeUrlSchema.optional(),
152
169
  policy_uri: zod_1.z.string().optional(),
153
- jwks_uri: zod_1.z.string().optional(),
170
+ jwks_uri: exports.SafeUrlSchema.optional(),
154
171
  jwks: zod_1.z.any().optional(),
155
172
  software_id: zod_1.z.string().optional(),
156
173
  software_version: zod_1.z.string().optional(),
package/dist/cjs/shared/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/shared/auth.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAExB;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC;KAClD,MAAM,CAAC;IACN,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC1B,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACrC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChD,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC7C,0CAA0C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjE,iCAAiC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC1D,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;GAEG;AACU,QAAA,mBAAmB,GAAG,OAAC;KACjC,MAAM,CAAC;IACN,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE;IAClC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE;IAC1B,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC7C,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,0CAA0C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1E,qDAAqD,EAAE,OAAC;SACrD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,6CAA6C,EAAE,OAAC;SAC7C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,wDAAwD,EAAE,OAAC;SACxD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,gCAAgC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACjE,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;;GAGG;AACU,QAAA,4BAA4B,GAAG,OAAC;KAC1C,MAAM,CAAC;IACN,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE;IAClC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE;IAC1B,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC7C,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC5C,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC1D,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;;;GAIG;AACU,QAAA,qCAAqC,GAChD,oCAA4B,CAAC,KAAK,CAChC,2BAAmB,CAAC,IAAI,CAAC;IACvB,gCAAgC,EAAE,IAAI;CACvC,CAAC,CACH,CAAC;AAEJ;;GAEG;AACU,QAAA,iBAAiB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,0DAA0D;IAC3F,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEL;;GAEG;AACU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IACjJ,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3C,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC9C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,IAAI,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACxB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IACnD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,wBAAwB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,gCAAgC,GAAG,iCAAyB,CAAC,KAAK,CAAC,oCAA4B,CAAC,CAAC;AAE9G;;GAEG;AACU,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACxD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC,KAAK,EAAE,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/shared/auth.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAExB;;GAEG;AACU,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;KAC1C,WAAW,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,uBAAuB;YAChC,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,OAAO,OAAC,CAAC,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC,CAAC,MAAM,CACP,CAAC,GAAG,EAAE,EAAE;IACN,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,OAAO,CAAC,CAAC,QAAQ,KAAK,aAAa,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;AAC9F,CAAC,EACD,EAAE,OAAO,EAAE,wDAAwD,EAAE,CACxE,CAAC;AAGF;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC;KAClD,MAAM,CAAC;IACN,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC1B,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC,CAAC,QAAQ,EAAE;IACxD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACrC,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChD,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC7C,0CAA0C,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,iCAAiC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjE,iCAAiC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC1D,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;GAEG;AACU,QAAA,mBAAmB,GAAG,OAAC;KACjC,MAAM,CAAC;IACN,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,sBAAsB,EAAE,qBAAa;IACrC,cAAc,EAAE,qBAAa;IAC7B,qBAAqB,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAC/C,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC7C,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,qBAAqB,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAC/C,mBAAmB,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAC7C,0CAA0C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1E,qDAAqD,EAAE,OAAC;SACrD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,6CAA6C,EAAE,OAAC;SAC7C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,wDAAwD,EAAE,OAAC;SACxD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,gCAAgC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACjE,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;;GAGG;AACU,QAAA,4BAA4B,GAAG,OAAC;KAC1C,MAAM,CAAC;IACN,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,sBAAsB,EAAE,qBAAa;IACrC,cAAc,EAAE,qBAAa;IAC7B,iBAAiB,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAC3C,QAAQ,EAAE,qBAAa;IACvB,qBAAqB,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAC/C,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC7C,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,uBAAuB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC5C,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC1D,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,wCAAwC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxE,2CAA2C,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3E,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,8CAA8C,EAAE,OAAC;SAC9C,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,qCAAqC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrE,gDAAgD,EAAE,OAAC;SAChD,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;SACjB,QAAQ,EAAE;IACb,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,qBAAqB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD,0BAA0B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnD,+BAA+B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,gCAAgC,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxD,aAAa,EAAE,qBAAa,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,qBAAa,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;;;GAIG;AACU,QAAA,qCAAqC,GAChD,oCAA4B,CAAC,KAAK,CAChC,2BAAmB,CAAC,IAAI,CAAC;IACvB,gCAAgC,EAAE,IAAI;CACvC,CAAC,CACH,CAAC;AAEJ;;GAEG;AACU,QAAA,iBAAiB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,0DAA0D;IAC3F,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC;KACtC,MAAM,CAAC;IACN,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEL;;GAEG;AACU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC;IACrC,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjD,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3C,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC9C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,qBAAa,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,qBAAa,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,qBAAa,CAAC,QAAQ,EAAE;IAClC,IAAI,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACxB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IACnD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,wBAAwB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,gCAAgC,GAAG,iCAAyB,CAAC,KAAK,CAAC,oCAA4B,CAAC,CAAC;AAE9G;;GAEG;AACU,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC,KAAK,EAAE,CAAC;AAEX;;GAEG;AACU,QAAA,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACxD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC,KAAK,EAAE,CAAC"}
package/dist/esm/client/auth.js CHANGED
@@ -349,7 +349,7 @@ async function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) {
349
349
  * Determines if fallback to root discovery should be attempted
350
350
  */
351
351
  function shouldAttemptFallback(response, pathname) {
352
- return !response || response.status === 404 && pathname !== '/';
352
+ return !response || (response.status >= 400 && response.status < 500) && pathname !== '/';
353
353
  }
354
354
  /**
355
355
  * Generic function for discovering OAuth metadata with fallback support