@nya-account/node-sdk 2.0.0 → 2.0.2

package/README.md

@@ -1,172 +1,187 @@
-# @nya-account/node-sdk
-
-Official Node.js SDK for [Nya Account](https://github.com/alongw/sso) SSO system.
-
-Provides a complete OAuth 2.1 / OIDC client with PKCE, JWT verification, and Express middleware.
-
-## Installation
-
-```bash
-npm install @nya-account/node-sdk
-# or
-pnpm add @nya-account/node-sdk
-# or
-yarn add @nya-account/node-sdk
-```
-
-## Quick Start
-
-```typescript
-import { NyaAccountClient } from '@nya-account/node-sdk'
-
-const client = new NyaAccountClient({
-    issuer: 'https://account.example.com',
-    clientId: 'my-app',
-    clientSecret: 'my-secret',
-})
-
-// Create authorization URL (with PKCE)
-const { url, codeVerifier, state } = await client.createAuthorizationUrl({
-    redirectUri: 'https://myapp.com/callback',
-    scope: 'openid profile email',
-})
-
-// Exchange code for tokens
-const tokens = await client.exchangeCode({
-    code: callbackCode,
-    redirectUri: 'https://myapp.com/callback',
-    codeVerifier,
-})
-
-// Get user info
-const userInfo = await client.getUserInfo(tokens.accessToken)
-```
-
-## Express Middleware
-
-```typescript
-import express from 'express'
-import { NyaAccountClient } from '@nya-account/node-sdk'
-import { getAuth } from '@nya-account/node-sdk/express'
-
-const app = express()
-const client = new NyaAccountClient({
-    issuer: 'https://account.example.com',
-    clientId: 'my-app',
-    clientSecret: 'my-secret',
-})
-
-// Protect all /api routes
-app.use('/api', client.authenticate())
-
-app.get('/api/me', (req, res) => {
-    const auth = getAuth(req)
-    res.json({ userId: auth?.sub, scopes: auth?.scope })
-})
-
-// Require specific scopes
-app.get('/api/profile',
-    client.authenticate(),
-    client.requireScopes('profile'),
-    (req, res) => {
-        const auth = getAuth(req)
-        res.json({ name: auth?.sub })
-    }
-)
-
-// Use introspection for sensitive operations
-app.post('/api/sensitive',
-    client.authenticate({ strategy: 'introspection' }),
-    handler
-)
-```
-
-## Configuration
-
-| Option | Type | Default | Description |
-|---|---|---|---|
-| `issuer` | `string` | *required* | SSO service URL (Issuer URL) |
-| `clientId` | `string` | *required* | OAuth client ID |
-| `clientSecret` | `string` | *required* | OAuth client secret |
-| `timeout` | `number` | `10000` | HTTP request timeout in milliseconds |
-| `discoveryCacheTtl` | `number` | `3600000` | Discovery document cache TTL in milliseconds (default: 1 hour) |
-| `endpoints` | `EndpointConfig` | — | Explicitly specify endpoint URLs (auto-discovered via OIDC Discovery if omitted) |
-
-## API Reference
-
-### `NyaAccountClient`
-
-#### Authorization
-
-- **`createAuthorizationUrl(options)`** — Create an OAuth authorization URL with PKCE
-
-#### Token Operations
-
-- **`exchangeCode(options)`** — Exchange an authorization code for tokens
-- **`refreshToken(refreshToken)`** — Refresh an Access Token
-- **`revokeToken(token)`** — Revoke a token (RFC 7009)
-- **`introspectToken(token)`** — Token introspection (RFC 7662)
-
-#### User Info
-
-- **`getUserInfo(accessToken)`** — Get user info via OIDC UserInfo endpoint
-
-#### JWT Verification
-
-- **`verifyAccessToken(token, options?)`** — Locally verify a JWT Access Token (RFC 9068)
-- **`verifyIdToken(token, options?)`** — Locally verify an OIDC ID Token
-
-#### Express Middleware
-
-- **`authenticate(options?)`** — Middleware to verify Bearer Token (`local` or `introspection` strategy)
-- **`requireScopes(...scopes)`** — Middleware to validate token scopes
-
-#### Cache
-
-- **`discover()`** — Fetch OIDC Discovery document (cached with TTL)
-- **`clearCache()`** — Clear Discovery and JWT verifier cache
-
-### Express Helpers
-
-Available from `@nya-account/node-sdk/express`:
-
-- **`getAuth(req)`** — Retrieve the verified Access Token payload from a request
-- **`extractBearerToken(req)`** — Extract Bearer token from the Authorization header
-- **`sendOAuthError(res, statusCode, error, errorDescription)`** — Send an OAuth-standard error response
-
-### PKCE Utilities
-
-- **`generatePkce()`** — Generate a code_verifier and code_challenge pair
-- **`generateCodeVerifier()`** — Generate a PKCE code_verifier
-- **`generateCodeChallenge(codeVerifier)`** — Generate an S256 code_challenge
-
-## Error Handling
-
-The SDK provides typed error classes:
-
-```typescript
-import {
-    NyaAccountError,       // Base error class
-    OAuthError,            // OAuth protocol errors from the server
-    TokenVerificationError, // JWT verification failures
-    DiscoveryError,        // OIDC Discovery failures
-} from '@nya-account/node-sdk'
-
-try {
-    await client.verifyAccessToken(token)
-} catch (error) {
-    if (error instanceof TokenVerificationError) {
-        console.log(error.code)        // 'token_verification_failed'
-        console.log(error.description) // Human-readable description
-    }
-}
-```
-
-## Requirements
-
-- Node.js >= 20.0.0
-- Express 4.x or 5.x (optional, for middleware features)
-
-## License
-
-[MIT](./LICENSE)
+# @nya-account/node-sdk
+
+Official Node.js SDK for [Nya Account](https://account.lolinya.net) SSO system.
+
+Provides a complete OAuth 2.1 / OIDC client with PKCE, JWT verification, and Express middleware.
+
+## Installation
+
+```bash
+npm install @nya-account/node-sdk
+# or
+pnpm add @nya-account/node-sdk
+# or
+yarn add @nya-account/node-sdk
+```
+
+## Quick Start
+
+```typescript
+import { NyaAccountClient } from '@nya-account/node-sdk'
+
+const client = new NyaAccountClient({
+    // See https://account.lolinya.net/docs/developer/service-endpoints#integration-endpoints
+    issuer: 'https://account-api.edge.lolinya.net',
+    clientId: 'my-app',
+    clientSecret: 'my-secret'
+})
+
+// Create authorization URL (with PKCE)
+const { url, codeVerifier, state } = await client.createAuthorizationUrl({
+    redirectUri: 'https://myapp.com/callback',
+    scope: 'openid profile email'
+})
+
+// Exchange code for tokens
+const tokens = await client.exchangeCode({
+    code: callbackCode,
+    redirectUri: 'https://myapp.com/callback',
+    codeVerifier
+})
+
+// Get user info
+const userInfo = await client.getUserInfo(tokens.accessToken)
+
+// Revoke refresh token on logout
+await client.revokeToken(tokens.refreshToken, { tokenTypeHint: 'refresh_token' })
+
+// Build RP-initiated logout URL
+const logoutUrl = await client.createEndSessionUrl({
+    idTokenHint: tokens.idToken,
+    postLogoutRedirectUri: 'https://myapp.com/logout/callback',
+    state: 'logout-csrf-state'
+})
+```
+
+## Express Middleware
+
+```typescript
+import express from 'express'
+import { NyaAccountClient } from '@nya-account/node-sdk'
+import { getAuth } from '@nya-account/node-sdk/express'
+
+const app = express()
+const client = new NyaAccountClient({
+    issuer: 'https://account-api.edge.lolinya.net',
+    clientId: 'my-app',
+    clientSecret: 'my-secret'
+})
+
+// Protect all /api routes
+app.use('/api', client.authenticate())
+
+app.get('/api/me', (req, res) => {
+    const auth = getAuth(req)
+    res.json({ userId: auth?.sub, scopes: auth?.scope })
+})
+
+// Require specific scopes
+app.get(
+    '/api/profile',
+    client.authenticate(),
+    client.requireScopes('profile'),
+    (req, res) => {
+        const auth = getAuth(req)
+        res.json({ name: auth?.sub })
+    }
+)
+
+// Use introspection for sensitive operations
+app.post('/api/sensitive', client.authenticate({ strategy: 'introspection' }), handler)
+```
+
+## Configuration
+
+| Option              | Type             | Default                                  | Description                                                                                                                                                        |
+| ------------------- | ---------------- | ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `issuer`            | `string`         | `'https://account-api.edge.lolinya.net'` | SSO service URL (Issuer URL). See [Service Endpoints](https://account.lolinya.net/docs/developer/service-endpoints#integration-endpoints) for available endpoints. |
+| `clientId`          | `string`         | _required_                               | OAuth client ID                                                                                                                                                    |
+| `clientSecret`      | `string`         | _required_                               | OAuth client secret                                                                                                                                                |
+| `timeout`           | `number`         | `10000`                                  | HTTP request timeout in milliseconds                                                                                                                               |
+| `discoveryCacheTtl` | `number`         | `3600000`                                | Discovery document cache TTL in milliseconds (default: 1 hour)                                                                                                     |
+| `endpoints`         | `EndpointConfig` | —                                        | Explicitly specify endpoint URLs (auto-discovered via OIDC Discovery if omitted)                                                                                   |
+
+## API Reference
+
+### `NyaAccountClient`
+
+#### Authorization
+
+- **`createAuthorizationUrl(options)`** — Create an OAuth authorization URL with PKCE
+- **`pushAuthorizationRequest(options)`** — Push authorization request to PAR endpoint (RFC 9126)
+- **`createAuthorizationUrlWithPar(options)`** — Create authorization URL using PAR `request_uri`
+
+#### Token Operations
+
+- **`exchangeCode(options)`** — Exchange an authorization code for tokens
+- **`refreshToken(refreshToken)`** — Refresh an Access Token
+- **`revokeToken(token, options?)`** — Revoke a token (RFC 7009)
+- **`introspectToken(token, options?)`** — Token introspection (RFC 7662)
+
+#### User Info
+
+- **`getUserInfo(accessToken)`** — Get user info via OIDC UserInfo endpoint
+
+#### JWT Verification
+
+- **`verifyAccessToken(token, options?)`** — Locally verify a JWT Access Token (RFC 9068)
+- **`verifyIdToken(token, options?)`** — Locally verify an OIDC ID Token
+
+#### Express Middleware
+
+- **`authenticate(options?)`** — Middleware to verify Bearer Token (`local` or `introspection` strategy)
+- **`requireScopes(...scopes)`** — Middleware to validate token scopes
+
+#### Cache
+
+- **`discover()`** — Fetch OIDC Discovery document (cached with TTL)
+- **`clearCache()`** — Clear Discovery and JWT verifier cache
+
+#### OIDC Logout
+
+- **`createEndSessionUrl(options?)`** — Create OIDC RP-initiated logout URL (`end_session_endpoint`)
+
+### Express Helpers
+
+Available from `@nya-account/node-sdk/express`:
+
+- **`getAuth(req)`** — Retrieve the verified Access Token payload from a request
+- **`extractBearerToken(req)`** — Extract Bearer token from the Authorization header
+- **`sendOAuthError(res, statusCode, error, errorDescription)`** — Send an OAuth-standard error response
+
+### PKCE Utilities
+
+- **`generatePkce()`** — Generate a code_verifier and code_challenge pair
+- **`generateCodeVerifier()`** — Generate a PKCE code_verifier
+- **`generateCodeChallenge(codeVerifier)`** — Generate an S256 code_challenge
+
+## Error Handling
+
+The SDK provides typed error classes:
+
+```typescript
+import {
+    NyaAccountError, // Base error class
+    OAuthError, // OAuth protocol errors from the server
+    TokenVerificationError, // JWT verification failures
+    DiscoveryError // OIDC Discovery failures
+} from '@nya-account/node-sdk'
+
+try {
+    await client.verifyAccessToken(token)
+} catch (error) {
+    if (error instanceof TokenVerificationError) {
+        console.log(error.code) // 'token_verification_failed'
+        console.log(error.description) // Human-readable description
+    }
+}
+```
+
+## Requirements
+
+- Node.js >= 20.0.0
+- Express 4.x or 5.x (optional, for middleware features)
+
+## License
+
+[MIT](./LICENSE)

package/dist/{express-yO7hxKKd.d.ts → express-Bn8IUnft.d.ts}

@@ -9,6 +9,8 @@ declare const AccessTokenPayloadSchema: z.ZodObject<{
   aud: z.ZodString;
   scope: z.ZodString;
   ver: z.ZodString;
+  sid: z.ZodString;
+  sv: z.ZodNumber;
   iat: z.ZodNumber;
   exp: z.ZodNumber;
   jti: z.ZodString;
@@ -27,6 +29,8 @@ declare const AccessTokenPayloadSchema: z.ZodObject<{
   aud: string;
   iss: string;
   jti: string;
+  sid: string;
+  sv: number;
   ver: string;
   cnf?: {
     jkt: string;
@@ -39,6 +43,8 @@ declare const AccessTokenPayloadSchema: z.ZodObject<{
   aud: string;
   iss: string;
   jti: string;
+  sid: string;
+  sv: number;
   ver: string;
   cnf?: {
     jkt: string;
@@ -49,11 +55,11 @@ declare const IdTokenPayloadSchema: z.ZodObject<{
   iss: z.ZodString;
   sub: z.ZodString;
   aud: z.ZodString;
+  sid: z.ZodOptional<z.ZodString>;
   iat: z.ZodNumber;
   exp: z.ZodNumber;
   nonce: z.ZodOptional<z.ZodString>;
   name: z.ZodOptional<z.ZodString>;
-  preferred_username: z.ZodOptional<z.ZodString>;
   email: z.ZodOptional<z.ZodString>;
   email_verified: z.ZodOptional<z.ZodBoolean>;
   updated_at: z.ZodOptional<z.ZodNumber>;
@@ -63,8 +69,8 @@ declare const IdTokenPayloadSchema: z.ZodObject<{
   sub: string;
   aud: string;
   iss: string;
+  sid?: string | undefined;
   name?: string | undefined;
-  preferred_username?: string | undefined;
   email?: string | undefined;
   email_verified?: boolean | undefined;
   updated_at?: number | undefined;
@@ -75,8 +81,8 @@ declare const IdTokenPayloadSchema: z.ZodObject<{
   sub: string;
   aud: string;
   iss: string;
+  sid?: string | undefined;
   name?: string | undefined;
-  preferred_username?: string | undefined;
   email?: string | undefined;
   email_verified?: boolean | undefined;
   updated_at?: number | undefined;
@@ -115,4 +121,4 @@ declare function sendOAuthError(res: Response, statusCode: number, error: string
 
 //#endregion
 export { AccessTokenPayload, IdTokenPayload, extractBearerToken as extractBearerToken$1, getAuth as getAuth$1, sendOAuthError as sendOAuthError$1 };
-//# sourceMappingURL=express-yO7hxKKd.d.ts.map
+//# sourceMappingURL=express-Bn8IUnft.d.ts.map

package/dist/express-Bn8IUnft.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express-Bn8IUnft.d.ts","names":[],"sources":["../src/core/schemas.d.ts","../src/middleware/express.d.ts"],"sourcesContent":null,"mappings":";;;;AAcA,IAAW,2BAAM;CAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;AAAA;AACjB,IAAW,qBAAqB;CAAC;CAAA,MAAA;CAAA,MAAA,EAAA;AAAA;AACjC,IAAG,uBAAA;CAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;CAAA,MAAA,EAAA;AAAA;AACH,IAAW,iBAAa;CAAA;CAAA,MAAA;CAAA,MAAA,EAAA;AAAA;;;;;;;;;;;;;;;;;;;ACAxB,IAAW,UAAU,CAAC,GAAG,MAAM,kBAAmB;;;;AAQlD,IAAW,qBAAqB,CAAC,GAAG,MAAM,OAAQ;;;;AAIlD,IAAW,iBAAiB,CAAC,GAAG,MAAM,QAAS"}

package/dist/express.d.ts

@@ -1,2 +1,2 @@
-import { extractBearerToken$1 as extractBearerToken, getAuth$1 as getAuth, sendOAuthError$1 as sendOAuthError } from "./express-yO7hxKKd.js";
+import { extractBearerToken$1 as extractBearerToken, getAuth$1 as getAuth, sendOAuthError$1 as sendOAuthError } from "./express-Bn8IUnft.js";
 export { extractBearerToken, getAuth, sendOAuthError };

package/dist/index.d.ts

@@ -1,10 +1,14 @@
-import { AccessTokenPayload, IdTokenPayload, getAuth$1 as getAuth } from "./express-yO7hxKKd.js";
+import { AccessTokenPayload, IdTokenPayload, getAuth$1 as getAuth } from "./express-Bn8IUnft.js";
 import { NextFunction, Request, Response } from "express";
 
 //#region src/core/types.d.ts
 interface NyaAccountConfig {
-  /** SSO service URL (Issuer URL), can be the service or daemon address */
-  issuer: string;
+  /**
+   * SSO service URL (Issuer URL), can be the service or daemon address (default: 'https://account-api.edge.lolinya.net')
+   *
+   * @see https://account.lolinya.net/docs/developer/service-endpoints#integration-endpoints
+   */
+  issuer?: string;
   /** OAuth client ID */
   clientId: string;
   /** OAuth client secret */
@@ -18,6 +22,7 @@ interface NyaAccountConfig {
 }
 interface EndpointConfig {
   authorization?: string;
+  pushedAuthorizationRequest?: string;
   token?: string;
   userinfo?: string;
   revocation?: string;
@@ -36,7 +41,7 @@ interface TokenResponse {
 interface UserInfo {
   sub: string;
   name?: string;
-  preferredUsername?: string;
+  picture?: string;
   email?: string;
   emailVerified?: boolean;
   updatedAt?: number;
@@ -53,6 +58,8 @@ interface IntrospectionResponse {
   aud?: string;
   iss?: string;
   jti?: string;
+  sid?: string;
+  sv?: number;
 }
 interface DiscoveryDocument {
   issuer: string;
@@ -83,6 +90,20 @@ interface CreateAuthorizationUrlOptions {
   /** ID Token replay protection parameter */
   nonce?: string;
 }
+interface PushAuthorizationRequestOptions extends CreateAuthorizationUrlOptions {
+  /** Optional JAR request object */
+  request?: string;
+}
+interface PushAuthorizationRequestResult {
+  /** PAR request URI */
+  requestUri: string;
+  /** PAR request URI lifetime in seconds */
+  expiresIn: number;
+  /** PKCE code_verifier, must be stored in session for later token exchange */
+  codeVerifier: string;
+  /** State parameter, must be stored in session for CSRF validation */
+  state: string;
+}
 interface AuthorizationUrlResult {
   /** Full authorization URL to redirect the user to */
   url: string;
@@ -91,6 +112,16 @@ interface AuthorizationUrlResult {
   /** State parameter, must be stored in session for CSRF validation */
   state: string;
 }
+interface CreateEndSessionUrlOptions {
+  /** Previously issued ID Token */
+  idTokenHint?: string;
+  /** Redirect URL after logout, must match registered post-logout URI */
+  postLogoutRedirectUri?: string;
+  /** Opaque state value returned to post_logout_redirect_uri */
+  state?: string;
+  /** Optional client ID override (defaults to configured clientId) */
+  clientId?: string;
+}
 interface ExchangeCodeOptions {
   /** Authorization code received in the callback */
   code: string;
@@ -108,43 +139,6 @@ interface PkcePair {
   codeChallenge: string;
 } //#endregion
 //#region src/client.d.ts
-
-/**
- * Nya Account Node.js SDK client.
- *
- * Provides full OAuth 2.1 / OIDC flow support:
- * - Authorization Code + PKCE
- * - Token exchange / refresh / revocation / introspection
- * - Local JWT verification (via JWKS)
- * - OIDC UserInfo
- * - OIDC Discovery auto-discovery
- * - Express middleware (Bearer Token auth + scope validation)
- *
- * @example
- * ```typescript
- * const client = new NyaAccountClient({
- *     issuer: 'https://account.example.com',
- *     clientId: 'my-app',
- *     clientSecret: 'my-secret',
- * })
- *
- * // Create authorization URL (with PKCE)
- * const { url, codeVerifier, state } = await client.createAuthorizationUrl({
- *     redirectUri: 'https://myapp.com/callback',
- *     scope: 'openid profile email',
- * })
- *
- * // Exchange code for tokens
- * const tokens = await client.exchangeCode({
- *     code: callbackCode,
- *     redirectUri: 'https://myapp.com/callback',
- *     codeVerifier,
- * })
- *
- * // Get user info
- * const userInfo = await client.getUserInfo(tokens.accessToken)
- * ```
- */
 declare class NyaAccountClient {
   private httpClient;
   private config;
@@ -168,6 +162,23 @@ declare class NyaAccountClient {
    * for later use in token exchange and CSRF validation.
    */
   createAuthorizationUrl(options: CreateAuthorizationUrlOptions): Promise<AuthorizationUrlResult>;
+  /**
+   * Push authorization parameters to PAR endpoint (RFC 9126).
+   *
+   * Returns a `request_uri` that can be used in the authorization endpoint.
+   */
+  pushAuthorizationRequest(options: PushAuthorizationRequestOptions): Promise<PushAuthorizationRequestResult>;
+  /**
+   * Create an authorization URL using PAR `request_uri`.
+   */
+  createAuthorizationUrlWithPar(options: PushAuthorizationRequestOptions): Promise<AuthorizationUrlResult & {
+    requestUri: string;
+    expiresIn: number;
+  }>;
+  /**
+   * Create OIDC RP-Initiated Logout URL (`end_session_endpoint`).
+   */
+  createEndSessionUrl(options?: CreateEndSessionUrlOptions): Promise<string>;
   /**
    * Exchange an authorization code for tokens (Authorization Code Grant).
    */
@@ -182,18 +193,22 @@ declare class NyaAccountClient {
    * Supports revoking Access Tokens or Refresh Tokens.
    * Revoking a Refresh Token also revokes its entire token family.
    */
-  revokeToken(token: string): Promise<void>;
+  revokeToken(token: string, options?: {
+    tokenTypeHint?: 'access_token' | 'refresh_token';
+  }): Promise<void>;
   /**
    * Token introspection (RFC 7662).
    *
    * Query the server for the current state of a token (active status, associated user info, etc.).
    */
-  introspectToken(token: string): Promise<IntrospectionResponse>;
+  introspectToken(token: string, options?: {
+    tokenTypeHint?: 'access_token' | 'refresh_token';
+  }): Promise<IntrospectionResponse>;
   /**
    * Get user info using an Access Token (OIDC UserInfo Endpoint).
    *
    * The returned fields depend on the scopes included in the token:
-   * - `profile`: name, preferredUsername, updatedAt
+   * - `profile`: name, picture, updatedAt
    * - `email`: email, emailVerified
    */
   getUserInfo(accessToken: string): Promise<UserInfo>;
@@ -303,5 +318,5 @@ declare function generateCodeChallenge(codeVerifier: string): string;
 declare function generatePkce(): PkcePair;
 
 //#endregion
-export { AccessTokenPayload, AuthenticateOptions, AuthorizationUrlResult, CreateAuthorizationUrlOptions, DiscoveryDocument, DiscoveryError, EndpointConfig, ExchangeCodeOptions, IdTokenPayload, IntrospectionResponse, NyaAccountClient, NyaAccountConfig, NyaAccountError, OAuthError, PkcePair, TokenResponse, TokenVerificationError, UserInfo, generateCodeChallenge, generateCodeVerifier, generatePkce, getAuth };
+export { AccessTokenPayload, AuthenticateOptions, AuthorizationUrlResult, CreateAuthorizationUrlOptions, CreateEndSessionUrlOptions, DiscoveryDocument, DiscoveryError, EndpointConfig, ExchangeCodeOptions, IdTokenPayload, IntrospectionResponse, NyaAccountClient, NyaAccountConfig, NyaAccountError, OAuthError, PkcePair, PushAuthorizationRequestOptions, PushAuthorizationRequestResult, TokenResponse, TokenVerificationError, UserInfo, generateCodeChallenge, generateCodeVerifier, generatePkce, getAuth };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../src/core/types.d.ts","../src/client.d.ts","../src/core/errors.d.ts","../src/utils/pkce.d.ts"],"sourcesContent":null,"mappings":";;;;AAEA,IAAW,mBAAmB,CAAC,IAAG,MAAA,cAAA;AAClC,IAAW,iBAAiB,CAAC,EAAG;AAChC,IAAW,gBAAO,CAAA,EAAA;AAClB,IAAW,WAAW,CAAC,EAAE;AACzB,IAAW,wBAAS,CAAA,EAAA;AACpB,IAAW,oBAAkB,CAAA,EAAA;AAC7B,IAAW,gCAAa,CAAA,EAAA;AACxB,IAAW,yBAAyB,CAAC,EAAG;AACxC,IAAW,sBAAS,CAAA,EAAA;AACpB,IAAW,sBAAsB,CAAC,EAAG;AACrC,IAAW,WAAW,CAAC,EAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC2B1B,IAAW,mBAAmB;CAAC;CAAG,MAAI;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;AAAA;;;;;;;ACpCtC,IAAW,kBAAkB,CAAC,IAAI,MAAM,KAAM;;;;AAI9C,IAAA,aAAA,CAAA,IAAA,MAAA,eAAA;;;;AAIA,IAAW,yBAAyB,CAAC,IAAI,MAAM,eAAS;;;;AAIxD,IAAW,iBAAc,CAAA,IAAA,MAAA,eAAA;;;;;;;ACXzB,IAAW,uBAAuB,CAAC,EAAG;;;;AAItC,IAAW,wBAAwB,CAAC,EAAG;;;;AAIvC,IAAW,eAAe,CAAC,IAAI,MAAM,QAAS"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../src/core/types.d.ts","../src/client.d.ts","../src/core/errors.d.ts","../src/utils/pkce.d.ts"],"sourcesContent":null,"mappings":";;;;AAEA,IAAW,mBAAmB,CAAC,IAAG,MAAA,cAAA;AAClC,IAAM,iBAAA,CAAA,EAAA;AACN,IAAW,gBAAgB,CAAC,EAAG;AAC/B,IAAK,WAAA,CAAA,EAAA;AACL,IAAW,wBAAwB,CAAC,EAAG;AACvC,IAAM,oBAAA,CAAA,EAAA;AACN,IAAW,gCAAQ,CAAA,EAAA;AACnB,IAAW,kCAAc,CAAA,IAAA,MAAA,6BAAA;AACzB,IAAW,iCAAS,CAAA,EAAA;AACpB,IAAW,yBAAkB,CAAA,EAAA;AAC7B,IAAW,6BAAa,CAAA,EAAA;AACxB,IAAW,sBAAsB,CAAC,EAAG;AACrC,IAAW,sBAAS,CAAA,EAAA;AACpB,IAAW,WAAW,CAAC,EAAG;;;;ACZ1B,IAAW,mBAAmB;CAAC;CAAG,MAAI;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;CAAA,MAAA;AAAA;;;;;;;ACAtC,IAAW,kBAAkB,CAAC,IAAI,MAAM,KAAM;;;;AAI9C,IAAA,aAAA,CAAA,IAAA,MAAA,eAAA;;;;AAIA,IAAW,yBAAyB,CAAC,IAAI,MAAM,eAAS;;;;AAIxD,IAAW,iBAAc,CAAA,IAAA,MAAA,eAAA;;;;;;;ACXzB,IAAW,uBAAuB,CAAC,EAAG;;;;AAItC,IAAW,wBAAwB,CAAC,EAAG;;;;AAIvC,IAAW,eAAe,CAAC,IAAI,MAAM,QAAS"}