@nhost/nhost-js 4.4.0 → 4.5.0

package/dist/src/auth/client.d.ts

@@ -1401,6 +1401,397 @@ export interface VerifyTokenRequest {
      */
     token?: string;
 }
+/**
+ *
+ @property error (`string`) - OAuth2 error code
+ @property error_description? (`string`) - Human-readable error description*/
+export interface OAuth2ErrorResponse {
+    /**
+     * OAuth2 error code
+     */
+    error: string;
+    /**
+     * Human-readable error description
+     */
+    error_description?: string;
+}
+/**
+ *
+ @property issuer (`string`) -
+ @property authorization_endpoint (`string`) -
+ @property token_endpoint (`string`) -
+ @property userinfo_endpoint? (`string`) -
+ @property jwks_uri (`string`) -
+ @property revocation_endpoint? (`string`) -
+ @property introspection_endpoint? (`string`) -
+ @property scopes_supported? (`string[]`) -
+ @property response_types_supported (`string[]`) -
+ @property grant_types_supported? (`string[]`) -
+ @property subject_types_supported? (`string[]`) -
+ @property id_token_signing_alg_values_supported? (`string[]`) -
+ @property token_endpoint_auth_methods_supported? (`string[]`) -
+ @property code_challenge_methods_supported? (`string[]`) -
+ @property claims_supported? (`string[]`) -
+ @property request_parameter_supported? (`boolean`) -
+ @property authorization_response_iss_parameter_supported? (`boolean`) -
+ @property client_id_metadata_document_supported? (`boolean`) - */
+export interface OAuth2DiscoveryResponse {
+    /**
+     *
+     */
+    issuer: string;
+    /**
+     *
+     */
+    authorization_endpoint: string;
+    /**
+     *
+     */
+    token_endpoint: string;
+    /**
+     *
+     */
+    userinfo_endpoint?: string;
+    /**
+     *
+     */
+    jwks_uri: string;
+    /**
+     *
+     */
+    revocation_endpoint?: string;
+    /**
+     *
+     */
+    introspection_endpoint?: string;
+    /**
+     *
+     */
+    scopes_supported?: string[];
+    /**
+     *
+     */
+    response_types_supported: string[];
+    /**
+     *
+     */
+    grant_types_supported?: string[];
+    /**
+     *
+     */
+    subject_types_supported?: string[];
+    /**
+     *
+     */
+    id_token_signing_alg_values_supported?: string[];
+    /**
+     *
+     */
+    token_endpoint_auth_methods_supported?: string[];
+    /**
+     *
+     */
+    code_challenge_methods_supported?: string[];
+    /**
+     *
+     */
+    claims_supported?: string[];
+    /**
+     *
+     */
+    request_parameter_supported?: boolean;
+    /**
+     *
+     */
+    authorization_response_iss_parameter_supported?: boolean;
+    /**
+     *
+     */
+    client_id_metadata_document_supported?: boolean;
+}
+/**
+ *
+ */
+export type OAuth2TokenRequestGrant_type = 'authorization_code' | 'refresh_token';
+/**
+ *
+ @property grant_type (`OAuth2TokenRequestGrant_type`) -
+ @property code? (`string`) -
+ @property redirect_uri? (`string`) -
+ @property client_id? (`string`) -
+ @property client_secret? (`string`) -
+ @property code_verifier? (`string`) -
+ @property refresh_token? (`string`) -
+ @property resource? (`string`) - */
+export interface OAuth2TokenRequest {
+    /**
+     *
+     */
+    grant_type: OAuth2TokenRequestGrant_type;
+    /**
+     *
+     */
+    code?: string;
+    /**
+     *
+     */
+    redirect_uri?: string;
+    /**
+     *
+     */
+    client_id?: string;
+    /**
+     *
+     */
+    client_secret?: string;
+    /**
+     *
+     */
+    code_verifier?: string;
+    /**
+     *
+     */
+    refresh_token?: string;
+    /**
+     *
+     */
+    resource?: string;
+}
+/**
+ *
+ @property access_token (`string`) -
+ @property token_type (`string`) -
+ @property expires_in (`number`) -
+ @property refresh_token? (`string`) -
+ @property id_token? (`string`) -
+ @property scope? (`string`) - */
+export interface OAuth2TokenResponse {
+    /**
+     *
+     */
+    access_token: string;
+    /**
+     *
+     */
+    token_type: string;
+    /**
+     *
+     */
+    expires_in: number;
+    /**
+     *
+     */
+    refresh_token?: string;
+    /**
+     *
+     */
+    id_token?: string;
+    /**
+     *
+     */
+    scope?: string;
+}
+/**
+ *
+ @property sub (`string`) -
+ @property name? (`string`) -
+ @property email? (`string`) -
+ @property email_verified? (`boolean`) -
+ @property picture? (`string`) -
+ @property locale? (`string`) -
+ @property phone_number? (`string`) -
+ @property phone_number_verified? (`boolean`) - */
+export interface OAuth2UserinfoResponse {
+    /**
+     *
+     */
+    sub: string;
+    /**
+     *
+     */
+    name?: string;
+    /**
+     *
+     */
+    email?: string;
+    /**
+     *
+     */
+    email_verified?: boolean;
+    /**
+     *
+     */
+    picture?: string;
+    /**
+     *
+     */
+    locale?: string;
+    /**
+     *
+     */
+    phone_number?: string;
+    /**
+     *
+     */
+    phone_number_verified?: boolean;
+}
+/**
+ *
+ @property keys (`JWK[]`) - */
+export interface OAuth2JWKSResponse {
+    /**
+     *
+     */
+    keys: JWK[];
+}
+/**
+ *
+ */
+export type OAuth2RevokeRequestToken_type_hint = 'access_token' | 'refresh_token';
+/**
+ *
+ @property token (`string`) -
+ @property token_type_hint? (`OAuth2RevokeRequestToken_type_hint`) -
+ @property client_id? (`string`) -
+ @property client_secret? (`string`) - */
+export interface OAuth2RevokeRequest {
+    /**
+     *
+     */
+    token: string;
+    /**
+     *
+     */
+    token_type_hint?: OAuth2RevokeRequestToken_type_hint;
+    /**
+     *
+     */
+    client_id?: string;
+    /**
+     *
+     */
+    client_secret?: string;
+}
+/**
+ *
+ */
+export type OAuth2IntrospectRequestToken_type_hint = 'access_token' | 'refresh_token';
+/**
+ *
+ @property token (`string`) -
+ @property token_type_hint? (`OAuth2IntrospectRequestToken_type_hint`) -
+ @property client_id? (`string`) -
+ @property client_secret? (`string`) - */
+export interface OAuth2IntrospectRequest {
+    /**
+     *
+     */
+    token: string;
+    /**
+     *
+     */
+    token_type_hint?: OAuth2IntrospectRequestToken_type_hint;
+    /**
+     *
+     */
+    client_id?: string;
+    /**
+     *
+     */
+    client_secret?: string;
+}
+/**
+ *
+ @property active (`boolean`) -
+ @property scope? (`string`) -
+ @property client_id? (`string`) -
+ @property sub? (`string`) -
+ @property exp? (`number`) -
+ @property iat? (`number`) -
+ @property iss? (`string`) -
+ @property token_type? (`string`) - */
+export interface OAuth2IntrospectResponse {
+    /**
+     *
+     */
+    active: boolean;
+    /**
+     *
+     */
+    scope?: string;
+    /**
+     *
+     */
+    client_id?: string;
+    /**
+     *
+     */
+    sub?: string;
+    /**
+     *
+     */
+    exp?: number;
+    /**
+     *
+     */
+    iat?: number;
+    /**
+     *
+     */
+    iss?: string;
+    /**
+     *
+     */
+    token_type?: string;
+}
+/**
+ *
+ @property requestId (`string`) -
+    *    Format - uuid
+ @property clientId (`string`) -
+ @property scopes (`string[]`) -
+ @property redirectUri (`string`) - */
+export interface OAuth2LoginResponse {
+    /**
+     *
+     *    Format - uuid
+     */
+    requestId: string;
+    /**
+     *
+     */
+    clientId: string;
+    /**
+     *
+     */
+    scopes: string[];
+    /**
+     *
+     */
+    redirectUri: string;
+}
+/**
+ *
+ @property requestId (`string`) -
+    *    Format - uuid*/
+export interface OAuth2LoginRequest {
+    /**
+     *
+     *    Format - uuid
+     */
+    requestId: string;
+}
+/**
+ *
+ @property redirectUri (`string`) -
+    *    Format - uri*/
+export interface OAuth2LoginCompleteResponse {
+    /**
+     *
+     *    Format - uri
+     */
+    redirectUri: string;
+}
 /**
  * Target URL for the redirect
  */
@@ -1428,6 +1819,64 @@ export interface GetVersionResponse200 {
      */
     version: string;
 }
+/**
+ *
+ */
+export type GetCode_challenge_method = 'S256';
+/**
+ *
+ @property client_id (`string`) -
+ @property redirect_uri (`string`) -
+ @property response_type (`string`) -
+ @property scope? (`string`) -
+ @property state? (`string`) -
+ @property nonce? (`string`) -
+ @property code_challenge? (`string`) -
+ @property code_challenge_method? (`string`) - Only S256 is supported. The plain method is not allowed.
+ @property resource? (`string`) -
+ @property prompt? (`string`) - */
+export interface Oauth2AuthorizePostBody {
+    /**
+     *
+     */
+    client_id: string;
+    /**
+     *
+     */
+    redirect_uri: string;
+    /**
+     *
+     */
+    response_type: string;
+    /**
+     *
+     */
+    scope?: string;
+    /**
+     *
+     */
+    state?: string;
+    /**
+     *
+     */
+    nonce?: string;
+    /**
+     *
+     */
+    code_challenge?: string;
+    /**
+     * Only S256 is supported. The plain method is not allowed.
+     */
+    code_challenge_method?: string;
+    /**
+     *
+     */
+    resource?: string;
+    /**
+     *
+     */
+    prompt?: string;
+}
 /**
  * Parameters for the signInProvider method.
     @property allowedRoles? (string[]) - Array of allowed roles for the user
@@ -1526,6 +1975,91 @@ export interface VerifyTicketParams {
      */
     redirectTo: RedirectToQuery;
 }
+/**
+ * Parameters for the oauth2Authorize method.
+    @property client_id (string) - The OAuth2 client identifier (RFC 6749 Section 2.2).
+  
+    @property redirect_uri (string) - The URI to redirect the user-agent to after authorization (RFC 6749 Section 3.1.2).
+  
+    @property response_type (string) - The authorization response type. Only 'code' is supported (RFC 6749 Section 3.1.1).
+  
+    @property scope? (string) - Space-delimited list of requested scopes (RFC 6749 Section 3.3).
+  
+    @property state? (string) - Opaque value used to maintain state between the request and callback (RFC 6749 Section 4.1.1).
+  
+    @property nonce? (string) - String value used to associate a client session with an ID token (OpenID Connect Core Section 3.1.2.1).
+  
+    @property code_challenge? (string) - PKCE code challenge derived from the code verifier (RFC 7636 Section 4.2).
+  
+    @property code_challenge_method? (GetCode_challenge_method) - Only S256 is supported. The plain method is not allowed.
+  
+    @property resource? (string) - Resource indicator for the target service (RFC 8707).
+  
+    @property prompt? (string) - Space-delimited list of prompts to present to the user (OpenID Connect Core Section 3.1.2.1).
+  */
+export interface Oauth2AuthorizeParams {
+    /**
+     * The OAuth2 client identifier (RFC 6749 Section 2.2).
+    
+     */
+    client_id: string;
+    /**
+     * The URI to redirect the user-agent to after authorization (RFC 6749 Section 3.1.2).
+    
+     */
+    redirect_uri: string;
+    /**
+     * The authorization response type. Only 'code' is supported (RFC 6749 Section 3.1.1).
+    
+     */
+    response_type: string;
+    /**
+     * Space-delimited list of requested scopes (RFC 6749 Section 3.3).
+    
+     */
+    scope?: string;
+    /**
+     * Opaque value used to maintain state between the request and callback (RFC 6749 Section 4.1.1).
+    
+     */
+    state?: string;
+    /**
+     * String value used to associate a client session with an ID token (OpenID Connect Core Section 3.1.2.1).
+    
+     */
+    nonce?: string;
+    /**
+     * PKCE code challenge derived from the code verifier (RFC 7636 Section 4.2).
+    
+     */
+    code_challenge?: string;
+    /**
+     * Only S256 is supported. The plain method is not allowed.
+    
+     */
+    code_challenge_method?: GetCode_challenge_method;
+    /**
+     * Resource indicator for the target service (RFC 8707).
+    
+     */
+    resource?: string;
+    /**
+     * Space-delimited list of prompts to present to the user (OpenID Connect Core Section 3.1.2.1).
+    
+     */
+    prompt?: string;
+}
+/**
+ * Parameters for the oauth2LoginGet method.
+    @property request_id (string) - The pending authorization request identifier.
+  */
+export interface Oauth2LoginGetParams {
+    /**
+     * The pending authorization request identifier.
+    
+     */
+    request_id: string;
+}
 export interface Client {
     baseURL: string;
     /** Add a middleware function to the fetch chain
@@ -1850,6 +2384,100 @@ export interface Client {
        - 200: GetVersionResponse200
        */
     getVersion(options?: RequestInit): Promise<FetchResponse<GetVersionResponse200>>;
+    /**
+       Summary: OpenID Connect Discovery
+       Returns the OpenID Provider Metadata (RFC 8414)
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2DiscoveryResponse
+       */
+    getOpenIDConfiguration(options?: RequestInit): Promise<FetchResponse<OAuth2DiscoveryResponse>>;
+    /**
+       Summary: OAuth2 Authorization Server Metadata
+       Returns the Authorization Server Metadata (RFC 8414). Same content as OpenID Discovery.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2DiscoveryResponse
+       */
+    getOAuthAuthorizationServer(options?: RequestInit): Promise<FetchResponse<OAuth2DiscoveryResponse>>;
+    /**
+       Summary: OAuth2 Authorization Endpoint
+       Initiates an OAuth2 authorization code flow. Validates the request and redirects to the login UI for user authentication and consent.
+  
+       As this method is a redirect, it returns a URL string instead of a Promise
+       */
+    oauth2AuthorizeURL(params?: Oauth2AuthorizeParams, options?: RequestInit): string;
+    /**
+       Summary: OAuth2 Authorization Endpoint (POST)
+       Initiates an OAuth2 authorization code flow via POST. Validates the request and redirects to the login UI for user authentication and consent.
+  
+       As this method is a redirect, it returns a URL string instead of a Promise
+       */
+    oauth2AuthorizePostURL(body: Oauth2AuthorizePostBody, options?: RequestInit): string;
+    /**
+       Summary: OAuth2 Token Endpoint
+       Exchange an authorization code for tokens, or refresh an existing token. Supports grant_type authorization_code and refresh_token.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2TokenResponse
+       */
+    oauth2Token(body: OAuth2TokenRequest, options?: RequestInit): Promise<FetchResponse<OAuth2TokenResponse>>;
+    /**
+       Summary: OpenID Connect UserInfo Endpoint (GET)
+       Returns claims about the authenticated user based on the access token scopes.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2UserinfoResponse
+       */
+    oauth2UserinfoGet(options?: RequestInit): Promise<FetchResponse<OAuth2UserinfoResponse>>;
+    /**
+       Summary: OpenID Connect UserInfo Endpoint (POST)
+       Returns claims about the authenticated user based on the access token scopes.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2UserinfoResponse
+       */
+    oauth2UserinfoPost(options?: RequestInit): Promise<FetchResponse<OAuth2UserinfoResponse>>;
+    /**
+       Summary: OAuth2 Provider JWKS Endpoint
+       Returns the JSON Web Key Set containing public keys used for OAuth2/OIDC token signing.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2JWKSResponse
+       */
+    oauth2Jwks(options?: RequestInit): Promise<FetchResponse<OAuth2JWKSResponse>>;
+    /**
+       Summary: OAuth2 Token Revocation (RFC 7009)
+       Revoke an access token or refresh token.
+  
+       This method may return different T based on the response code:
+       - 200: void
+       */
+    oauth2Revoke(body: OAuth2RevokeRequest, options?: RequestInit): Promise<FetchResponse<void>>;
+    /**
+       Summary: OAuth2 Token Introspection (RFC 7662)
+       Introspect a token to determine its current state and metadata.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2IntrospectResponse
+       */
+    oauth2Introspect(body: OAuth2IntrospectRequest, options?: RequestInit): Promise<FetchResponse<OAuth2IntrospectResponse>>;
+    /**
+       Summary: Get authorization request details for consent screen
+       Called by the consent UI to get details about the pending authorization request.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2LoginResponse
+       */
+    oauth2LoginGet(params?: Oauth2LoginGetParams, options?: RequestInit): Promise<FetchResponse<OAuth2LoginResponse>>;
+    /**
+       Summary: Complete login/consent for an authorization request
+       Called by the consent UI after user authenticates and consents. Sets the user on the auth request and redirects back to the client with an authorization code.
+  
+       This method may return different T based on the response code:
+       - 200: OAuth2LoginCompleteResponse
+       */
+    oauth2LoginPost(body: OAuth2LoginRequest, options?: RequestInit): Promise<FetchResponse<OAuth2LoginCompleteResponse>>;
 }
 export declare const createAPIClient: (baseURL: string, chainFunctions?: ChainFunction[]) => Client;
 //# sourceMappingURL=client.d.ts.map