@openid4vc/oauth2 0.3.0-alpha-20250322171044 → 0.3.0-alpha-20250324183425

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +35 -17
  2. package/dist/index.d.ts +35 -17
  3. package/dist/index.js +86 -38
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +86 -38
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +2 -2
package/dist/index.d.mts CHANGED
@@ -745,9 +745,9 @@ type JwtSignerX5c = {
745
745
  x5c: string[];
746
746
  alg: string;
747
747
  };
748
- type JwtSignerTrustChain = {
749
- method: 'trustChain';
750
- trustChain: string[];
748
+ type JwtSignerFederation = {
749
+ method: 'federation';
750
+ trustChain?: [string, ...string[]];
751
751
  alg: string;
752
752
  kid: string;
753
753
  };
@@ -755,7 +755,7 @@ type JwtSignerCustom = {
755
755
  method: 'custom';
756
756
  alg: string;
757
757
  };
758
- type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerTrustChain | JwtSignerCustom;
758
+ type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerFederation | JwtSignerCustom;
759
759
  type JwtSignerWithJwk = JwtSigner & {
760
760
  publicJwk: Jwk;
761
761
  };
@@ -1108,6 +1108,7 @@ declare const zJwtPayload: z__default.ZodObject<{
1108
1108
  jkt: z__default.ZodOptional<z__default.ZodString>;
1109
1109
  }, z__default.ZodTypeAny, "passthrough">>>;
1110
1110
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
1111
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1111
1112
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
1112
1113
  iss: z__default.ZodOptional<z__default.ZodString>;
1113
1114
  aud: z__default.ZodOptional<z__default.ZodString>;
@@ -1451,6 +1452,7 @@ declare const zJwtPayload: z__default.ZodObject<{
1451
1452
  jkt: z__default.ZodOptional<z__default.ZodString>;
1452
1453
  }, z__default.ZodTypeAny, "passthrough">>>;
1453
1454
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
1455
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1454
1456
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
1455
1457
  iss: z__default.ZodOptional<z__default.ZodString>;
1456
1458
  aud: z__default.ZodOptional<z__default.ZodString>;
@@ -1794,6 +1796,7 @@ declare const zJwtPayload: z__default.ZodObject<{
1794
1796
  jkt: z__default.ZodOptional<z__default.ZodString>;
1795
1797
  }, z__default.ZodTypeAny, "passthrough">>>;
1796
1798
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
1799
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1797
1800
  }, z__default.ZodTypeAny, "passthrough">>;
1798
1801
  type JwtPayload = z__default.infer<typeof zJwtPayload>;
1799
1802
  declare const zJwtHeader: z__default.ZodObject<{
@@ -1910,7 +1913,7 @@ declare const zJwtHeader: z__default.ZodObject<{
1910
1913
  x5u: z__default.ZodOptional<z__default.ZodString>;
1911
1914
  }, z__default.ZodTypeAny, "passthrough">>>;
1912
1915
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
1913
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
1916
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1914
1917
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
1915
1918
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
1916
1919
  typ: z__default.ZodOptional<z__default.ZodString>;
@@ -2025,7 +2028,7 @@ declare const zJwtHeader: z__default.ZodObject<{
2025
2028
  x5u: z__default.ZodOptional<z__default.ZodString>;
2026
2029
  }, z__default.ZodTypeAny, "passthrough">>>;
2027
2030
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2028
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2031
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2029
2032
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
2030
2033
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
2031
2034
  typ: z__default.ZodOptional<z__default.ZodString>;
@@ -2140,7 +2143,7 @@ declare const zJwtHeader: z__default.ZodObject<{
2140
2143
  x5u: z__default.ZodOptional<z__default.ZodString>;
2141
2144
  }, z__default.ZodTypeAny, "passthrough">>>;
2142
2145
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2143
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2146
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2144
2147
  }, z__default.ZodTypeAny, "passthrough">>;
2145
2148
  type JwtHeader = z__default.infer<typeof zJwtHeader>;
2146
2149
 
@@ -2617,6 +2620,7 @@ declare const zAccessTokenProfileJwtPayload: z__default.ZodObject<{
2617
2620
  jkt: z__default.ZodOptional<z__default.ZodString>;
2618
2621
  }, z__default.ZodTypeAny, "passthrough">>>;
2619
2622
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
2623
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2620
2624
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
2621
2625
  iss: z__default.ZodString;
2622
2626
  exp: z__default.ZodNumber;
@@ -2963,6 +2967,7 @@ declare const zAccessTokenProfileJwtPayload: z__default.ZodObject<{
2963
2967
  jkt: z__default.ZodOptional<z__default.ZodString>;
2964
2968
  }, z__default.ZodTypeAny, "passthrough">>>;
2965
2969
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
2970
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2966
2971
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
2967
2972
  iss: z__default.ZodString;
2968
2973
  exp: z__default.ZodNumber;
@@ -3309,6 +3314,7 @@ declare const zAccessTokenProfileJwtPayload: z__default.ZodObject<{
3309
3314
  jkt: z__default.ZodOptional<z__default.ZodString>;
3310
3315
  }, z__default.ZodTypeAny, "passthrough">>>;
3311
3316
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
3317
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
3312
3318
  }, z__default.ZodTypeAny, "passthrough">>;
3313
3319
  type AccessTokenProfileJwtPayload = z__default.infer<typeof zAccessTokenProfileJwtPayload>;
3314
3320
 
@@ -3343,7 +3349,7 @@ declare function jwtHeaderFromJwtSigner(signer: JwtSigner): {
3343
3349
  } | {
3344
3350
  readonly alg: string;
3345
3351
  readonly kid: string;
3346
- readonly trust_chain: string[];
3352
+ readonly trust_chain: [string, ...string[]] | undefined;
3347
3353
  readonly jwk?: undefined;
3348
3354
  readonly x5c?: undefined;
3349
3355
  } | {
@@ -3401,7 +3407,9 @@ declare function jwtHeaderFromJwtSigner(signer: JwtSigner): {
3401
3407
  readonly jwk?: undefined;
3402
3408
  readonly x5c?: undefined;
3403
3409
  };
3404
- declare function jwtSignerFromJwt({ header, payload }: Pick<DecodeJwtResult, 'header' | 'payload'>): JwtSigner;
3410
+ declare function jwtSignerFromJwt({ header, payload, allowedSignerMethods, }: Pick<DecodeJwtResult, 'header' | 'payload'> & {
3411
+ allowedSignerMethods?: JwtSigner['method'][];
3412
+ }): JwtSigner;
3405
3413
  type IsSchemaProvided<T> = T extends undefined ? false : true;
3406
3414
  type InferSchemaOrDefaultOutput<ProvidedSchema extends BaseSchema | undefined, DefaultSchema extends BaseSchema> = IsSchemaProvided<ProvidedSchema> extends true ? ProvidedSchema extends BaseSchema ? z__default.infer<ProvidedSchema> : never : z__default.infer<DefaultSchema>;
3407
3415
 
@@ -3755,6 +3763,7 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
3755
3763
  nonce: z__default.ZodOptional<z__default.ZodString>;
3756
3764
  jti: z__default.ZodOptional<z__default.ZodString>;
3757
3765
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
3766
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
3758
3767
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
3759
3768
  iss: z__default.ZodString;
3760
3769
  sub: z__default.ZodString;
@@ -4103,6 +4112,7 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
4103
4112
  nonce: z__default.ZodOptional<z__default.ZodString>;
4104
4113
  jti: z__default.ZodOptional<z__default.ZodString>;
4105
4114
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
4115
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4106
4116
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
4107
4117
  iss: z__default.ZodString;
4108
4118
  sub: z__default.ZodString;
@@ -4451,6 +4461,7 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
4451
4461
  nonce: z__default.ZodOptional<z__default.ZodString>;
4452
4462
  jti: z__default.ZodOptional<z__default.ZodString>;
4453
4463
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
4464
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4454
4465
  }, z__default.ZodTypeAny, "passthrough">>;
4455
4466
  type ClientAttestationJwtPayload = z__default.infer<typeof zClientAttestationJwtPayload>;
4456
4467
  declare const zClientAttestationJwtHeader: z__default.ZodObject<{
@@ -4567,7 +4578,7 @@ declare const zClientAttestationJwtHeader: z__default.ZodObject<{
4567
4578
  x5u: z__default.ZodOptional<z__default.ZodString>;
4568
4579
  }, z__default.ZodTypeAny, "passthrough">>>;
4569
4580
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4570
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4581
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4571
4582
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
4572
4583
  typ: z__default.ZodLiteral<"oauth-client-attestation+jwt">;
4573
4584
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -4682,7 +4693,7 @@ declare const zClientAttestationJwtHeader: z__default.ZodObject<{
4682
4693
  x5u: z__default.ZodOptional<z__default.ZodString>;
4683
4694
  }, z__default.ZodTypeAny, "passthrough">>>;
4684
4695
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4685
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4696
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4686
4697
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
4687
4698
  typ: z__default.ZodLiteral<"oauth-client-attestation+jwt">;
4688
4699
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -4797,7 +4808,7 @@ declare const zClientAttestationJwtHeader: z__default.ZodObject<{
4797
4808
  x5u: z__default.ZodOptional<z__default.ZodString>;
4798
4809
  }, z__default.ZodTypeAny, "passthrough">>>;
4799
4810
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4800
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4811
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4801
4812
  }, z__default.ZodTypeAny, "passthrough">>;
4802
4813
  type ClientAttestationJwtHeader = z__default.infer<typeof zClientAttestationJwtHeader>;
4803
4814
  declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
@@ -5143,6 +5154,7 @@ declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
5143
5154
  jkt: z__default.ZodOptional<z__default.ZodString>;
5144
5155
  }, z__default.ZodTypeAny, "passthrough">>>;
5145
5156
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
5157
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5146
5158
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
5147
5159
  iss: z__default.ZodString;
5148
5160
  exp: z__default.ZodNumber;
@@ -5486,6 +5498,7 @@ declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
5486
5498
  jkt: z__default.ZodOptional<z__default.ZodString>;
5487
5499
  }, z__default.ZodTypeAny, "passthrough">>>;
5488
5500
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
5501
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5489
5502
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
5490
5503
  iss: z__default.ZodString;
5491
5504
  exp: z__default.ZodNumber;
@@ -5829,6 +5842,7 @@ declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
5829
5842
  jkt: z__default.ZodOptional<z__default.ZodString>;
5830
5843
  }, z__default.ZodTypeAny, "passthrough">>>;
5831
5844
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
5845
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5832
5846
  }, z__default.ZodTypeAny, "passthrough">>;
5833
5847
  type ClientAttestationPopJwtPayload = z__default.infer<typeof zClientAttestationPopJwtPayload>;
5834
5848
  declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
@@ -5945,7 +5959,7 @@ declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
5945
5959
  x5u: z__default.ZodOptional<z__default.ZodString>;
5946
5960
  }, z__default.ZodTypeAny, "passthrough">>>;
5947
5961
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
5948
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
5962
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5949
5963
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
5950
5964
  typ: z__default.ZodLiteral<"oauth-client-attestation-pop+jwt">;
5951
5965
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -6060,7 +6074,7 @@ declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
6060
6074
  x5u: z__default.ZodOptional<z__default.ZodString>;
6061
6075
  }, z__default.ZodTypeAny, "passthrough">>>;
6062
6076
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6063
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6077
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
6064
6078
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
6065
6079
  typ: z__default.ZodLiteral<"oauth-client-attestation-pop+jwt">;
6066
6080
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -6175,7 +6189,7 @@ declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
6175
6189
  x5u: z__default.ZodOptional<z__default.ZodString>;
6176
6190
  }, z__default.ZodTypeAny, "passthrough">>>;
6177
6191
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6178
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6192
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
6179
6193
  }, z__default.ZodTypeAny, "passthrough">>;
6180
6194
  type ClientAttestationPopJwtHeader = z__default.infer<typeof zClientAttestationPopJwtHeader>;
6181
6195
 
@@ -8093,6 +8107,7 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
8093
8107
  jkt: z.ZodOptional<z.ZodString>;
8094
8108
  }, z.ZodTypeAny, "passthrough">>>;
8095
8109
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
8110
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
8096
8111
  }, z.ZodTypeAny, "passthrough"> | z.objectOutputType<{
8097
8112
  active: z.ZodBoolean;
8098
8113
  scope: z.ZodOptional<z.ZodString>;
@@ -8841,7 +8856,7 @@ declare class Oauth2AuthorizationServer {
8841
8856
  x5u: z.ZodOptional<z.ZodString>;
8842
8857
  }, z.ZodTypeAny, "passthrough">>>;
8843
8858
  x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
8844
- trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
8859
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
8845
8860
  }, z.ZodTypeAny, "passthrough">;
8846
8861
  payload: z.objectOutputType<{
8847
8862
  iss: z.ZodString;
@@ -9191,6 +9206,7 @@ declare class Oauth2AuthorizationServer {
9191
9206
  nonce: z.ZodOptional<z.ZodString>;
9192
9207
  jti: z.ZodOptional<z.ZodString>;
9193
9208
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
9209
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
9194
9210
  }, z.ZodTypeAny, "passthrough">;
9195
9211
  signer: JwtSignerWithJwk;
9196
9212
  };
@@ -9309,7 +9325,7 @@ declare class Oauth2AuthorizationServer {
9309
9325
  x5u: z.ZodOptional<z.ZodString>;
9310
9326
  }, z.ZodTypeAny, "passthrough">>>;
9311
9327
  x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
9312
- trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
9328
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
9313
9329
  }, z.ZodTypeAny, "passthrough">;
9314
9330
  payload: z.objectOutputType<{
9315
9331
  iss: z.ZodString;
@@ -9654,6 +9670,7 @@ declare class Oauth2AuthorizationServer {
9654
9670
  jkt: z.ZodOptional<z.ZodString>;
9655
9671
  }, z.ZodTypeAny, "passthrough">>>;
9656
9672
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
9673
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
9657
9674
  }, z.ZodTypeAny, "passthrough">;
9658
9675
  signer: JwtSignerWithJwk;
9659
9676
  };
@@ -10186,6 +10203,7 @@ declare class Oauth2ResourceServer {
10186
10203
  jkt: z.ZodOptional<z.ZodString>;
10187
10204
  }, z.ZodTypeAny, "passthrough">>>;
10188
10205
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
10206
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
10189
10207
  }, z.ZodTypeAny, "passthrough"> | z.objectOutputType<{
10190
10208
  active: z.ZodBoolean;
10191
10209
  scope: z.ZodOptional<z.ZodString>;
package/dist/index.d.ts CHANGED
@@ -745,9 +745,9 @@ type JwtSignerX5c = {
745
745
  x5c: string[];
746
746
  alg: string;
747
747
  };
748
- type JwtSignerTrustChain = {
749
- method: 'trustChain';
750
- trustChain: string[];
748
+ type JwtSignerFederation = {
749
+ method: 'federation';
750
+ trustChain?: [string, ...string[]];
751
751
  alg: string;
752
752
  kid: string;
753
753
  };
@@ -755,7 +755,7 @@ type JwtSignerCustom = {
755
755
  method: 'custom';
756
756
  alg: string;
757
757
  };
758
- type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerTrustChain | JwtSignerCustom;
758
+ type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerFederation | JwtSignerCustom;
759
759
  type JwtSignerWithJwk = JwtSigner & {
760
760
  publicJwk: Jwk;
761
761
  };
@@ -1108,6 +1108,7 @@ declare const zJwtPayload: z__default.ZodObject<{
1108
1108
  jkt: z__default.ZodOptional<z__default.ZodString>;
1109
1109
  }, z__default.ZodTypeAny, "passthrough">>>;
1110
1110
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
1111
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1111
1112
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
1112
1113
  iss: z__default.ZodOptional<z__default.ZodString>;
1113
1114
  aud: z__default.ZodOptional<z__default.ZodString>;
@@ -1451,6 +1452,7 @@ declare const zJwtPayload: z__default.ZodObject<{
1451
1452
  jkt: z__default.ZodOptional<z__default.ZodString>;
1452
1453
  }, z__default.ZodTypeAny, "passthrough">>>;
1453
1454
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
1455
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1454
1456
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
1455
1457
  iss: z__default.ZodOptional<z__default.ZodString>;
1456
1458
  aud: z__default.ZodOptional<z__default.ZodString>;
@@ -1794,6 +1796,7 @@ declare const zJwtPayload: z__default.ZodObject<{
1794
1796
  jkt: z__default.ZodOptional<z__default.ZodString>;
1795
1797
  }, z__default.ZodTypeAny, "passthrough">>>;
1796
1798
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
1799
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1797
1800
  }, z__default.ZodTypeAny, "passthrough">>;
1798
1801
  type JwtPayload = z__default.infer<typeof zJwtPayload>;
1799
1802
  declare const zJwtHeader: z__default.ZodObject<{
@@ -1910,7 +1913,7 @@ declare const zJwtHeader: z__default.ZodObject<{
1910
1913
  x5u: z__default.ZodOptional<z__default.ZodString>;
1911
1914
  }, z__default.ZodTypeAny, "passthrough">>>;
1912
1915
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
1913
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
1916
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
1914
1917
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
1915
1918
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
1916
1919
  typ: z__default.ZodOptional<z__default.ZodString>;
@@ -2025,7 +2028,7 @@ declare const zJwtHeader: z__default.ZodObject<{
2025
2028
  x5u: z__default.ZodOptional<z__default.ZodString>;
2026
2029
  }, z__default.ZodTypeAny, "passthrough">>>;
2027
2030
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2028
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2031
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2029
2032
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
2030
2033
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
2031
2034
  typ: z__default.ZodOptional<z__default.ZodString>;
@@ -2140,7 +2143,7 @@ declare const zJwtHeader: z__default.ZodObject<{
2140
2143
  x5u: z__default.ZodOptional<z__default.ZodString>;
2141
2144
  }, z__default.ZodTypeAny, "passthrough">>>;
2142
2145
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2143
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
2146
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2144
2147
  }, z__default.ZodTypeAny, "passthrough">>;
2145
2148
  type JwtHeader = z__default.infer<typeof zJwtHeader>;
2146
2149
 
@@ -2617,6 +2620,7 @@ declare const zAccessTokenProfileJwtPayload: z__default.ZodObject<{
2617
2620
  jkt: z__default.ZodOptional<z__default.ZodString>;
2618
2621
  }, z__default.ZodTypeAny, "passthrough">>>;
2619
2622
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
2623
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2620
2624
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
2621
2625
  iss: z__default.ZodString;
2622
2626
  exp: z__default.ZodNumber;
@@ -2963,6 +2967,7 @@ declare const zAccessTokenProfileJwtPayload: z__default.ZodObject<{
2963
2967
  jkt: z__default.ZodOptional<z__default.ZodString>;
2964
2968
  }, z__default.ZodTypeAny, "passthrough">>>;
2965
2969
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
2970
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
2966
2971
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
2967
2972
  iss: z__default.ZodString;
2968
2973
  exp: z__default.ZodNumber;
@@ -3309,6 +3314,7 @@ declare const zAccessTokenProfileJwtPayload: z__default.ZodObject<{
3309
3314
  jkt: z__default.ZodOptional<z__default.ZodString>;
3310
3315
  }, z__default.ZodTypeAny, "passthrough">>>;
3311
3316
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
3317
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
3312
3318
  }, z__default.ZodTypeAny, "passthrough">>;
3313
3319
  type AccessTokenProfileJwtPayload = z__default.infer<typeof zAccessTokenProfileJwtPayload>;
3314
3320
 
@@ -3343,7 +3349,7 @@ declare function jwtHeaderFromJwtSigner(signer: JwtSigner): {
3343
3349
  } | {
3344
3350
  readonly alg: string;
3345
3351
  readonly kid: string;
3346
- readonly trust_chain: string[];
3352
+ readonly trust_chain: [string, ...string[]] | undefined;
3347
3353
  readonly jwk?: undefined;
3348
3354
  readonly x5c?: undefined;
3349
3355
  } | {
@@ -3401,7 +3407,9 @@ declare function jwtHeaderFromJwtSigner(signer: JwtSigner): {
3401
3407
  readonly jwk?: undefined;
3402
3408
  readonly x5c?: undefined;
3403
3409
  };
3404
- declare function jwtSignerFromJwt({ header, payload }: Pick<DecodeJwtResult, 'header' | 'payload'>): JwtSigner;
3410
+ declare function jwtSignerFromJwt({ header, payload, allowedSignerMethods, }: Pick<DecodeJwtResult, 'header' | 'payload'> & {
3411
+ allowedSignerMethods?: JwtSigner['method'][];
3412
+ }): JwtSigner;
3405
3413
  type IsSchemaProvided<T> = T extends undefined ? false : true;
3406
3414
  type InferSchemaOrDefaultOutput<ProvidedSchema extends BaseSchema | undefined, DefaultSchema extends BaseSchema> = IsSchemaProvided<ProvidedSchema> extends true ? ProvidedSchema extends BaseSchema ? z__default.infer<ProvidedSchema> : never : z__default.infer<DefaultSchema>;
3407
3415
 
@@ -3755,6 +3763,7 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
3755
3763
  nonce: z__default.ZodOptional<z__default.ZodString>;
3756
3764
  jti: z__default.ZodOptional<z__default.ZodString>;
3757
3765
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
3766
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
3758
3767
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
3759
3768
  iss: z__default.ZodString;
3760
3769
  sub: z__default.ZodString;
@@ -4103,6 +4112,7 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
4103
4112
  nonce: z__default.ZodOptional<z__default.ZodString>;
4104
4113
  jti: z__default.ZodOptional<z__default.ZodString>;
4105
4114
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
4115
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4106
4116
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
4107
4117
  iss: z__default.ZodString;
4108
4118
  sub: z__default.ZodString;
@@ -4451,6 +4461,7 @@ declare const zClientAttestationJwtPayload: z__default.ZodObject<{
4451
4461
  nonce: z__default.ZodOptional<z__default.ZodString>;
4452
4462
  jti: z__default.ZodOptional<z__default.ZodString>;
4453
4463
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
4464
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4454
4465
  }, z__default.ZodTypeAny, "passthrough">>;
4455
4466
  type ClientAttestationJwtPayload = z__default.infer<typeof zClientAttestationJwtPayload>;
4456
4467
  declare const zClientAttestationJwtHeader: z__default.ZodObject<{
@@ -4567,7 +4578,7 @@ declare const zClientAttestationJwtHeader: z__default.ZodObject<{
4567
4578
  x5u: z__default.ZodOptional<z__default.ZodString>;
4568
4579
  }, z__default.ZodTypeAny, "passthrough">>>;
4569
4580
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4570
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4581
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4571
4582
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
4572
4583
  typ: z__default.ZodLiteral<"oauth-client-attestation+jwt">;
4573
4584
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -4682,7 +4693,7 @@ declare const zClientAttestationJwtHeader: z__default.ZodObject<{
4682
4693
  x5u: z__default.ZodOptional<z__default.ZodString>;
4683
4694
  }, z__default.ZodTypeAny, "passthrough">>>;
4684
4695
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4685
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4696
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4686
4697
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
4687
4698
  typ: z__default.ZodLiteral<"oauth-client-attestation+jwt">;
4688
4699
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -4797,7 +4808,7 @@ declare const zClientAttestationJwtHeader: z__default.ZodObject<{
4797
4808
  x5u: z__default.ZodOptional<z__default.ZodString>;
4798
4809
  }, z__default.ZodTypeAny, "passthrough">>>;
4799
4810
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4800
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
4811
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
4801
4812
  }, z__default.ZodTypeAny, "passthrough">>;
4802
4813
  type ClientAttestationJwtHeader = z__default.infer<typeof zClientAttestationJwtHeader>;
4803
4814
  declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
@@ -5143,6 +5154,7 @@ declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
5143
5154
  jkt: z__default.ZodOptional<z__default.ZodString>;
5144
5155
  }, z__default.ZodTypeAny, "passthrough">>>;
5145
5156
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
5157
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5146
5158
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
5147
5159
  iss: z__default.ZodString;
5148
5160
  exp: z__default.ZodNumber;
@@ -5486,6 +5498,7 @@ declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
5486
5498
  jkt: z__default.ZodOptional<z__default.ZodString>;
5487
5499
  }, z__default.ZodTypeAny, "passthrough">>>;
5488
5500
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
5501
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5489
5502
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
5490
5503
  iss: z__default.ZodString;
5491
5504
  exp: z__default.ZodNumber;
@@ -5829,6 +5842,7 @@ declare const zClientAttestationPopJwtPayload: z__default.ZodObject<{
5829
5842
  jkt: z__default.ZodOptional<z__default.ZodString>;
5830
5843
  }, z__default.ZodTypeAny, "passthrough">>>;
5831
5844
  status: z__default.ZodOptional<z__default.ZodRecord<z__default.ZodString, z__default.ZodAny>>;
5845
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5832
5846
  }, z__default.ZodTypeAny, "passthrough">>;
5833
5847
  type ClientAttestationPopJwtPayload = z__default.infer<typeof zClientAttestationPopJwtPayload>;
5834
5848
  declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
@@ -5945,7 +5959,7 @@ declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
5945
5959
  x5u: z__default.ZodOptional<z__default.ZodString>;
5946
5960
  }, z__default.ZodTypeAny, "passthrough">>>;
5947
5961
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
5948
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
5962
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
5949
5963
  }, "passthrough", z__default.ZodTypeAny, z__default.objectOutputType<{
5950
5964
  typ: z__default.ZodLiteral<"oauth-client-attestation-pop+jwt">;
5951
5965
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -6060,7 +6074,7 @@ declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
6060
6074
  x5u: z__default.ZodOptional<z__default.ZodString>;
6061
6075
  }, z__default.ZodTypeAny, "passthrough">>>;
6062
6076
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6063
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6077
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
6064
6078
  }, z__default.ZodTypeAny, "passthrough">, z__default.objectInputType<{
6065
6079
  typ: z__default.ZodLiteral<"oauth-client-attestation-pop+jwt">;
6066
6080
  alg: z__default.ZodEffects<z__default.ZodString, string, string>;
@@ -6175,7 +6189,7 @@ declare const zClientAttestationPopJwtHeader: z__default.ZodObject<{
6175
6189
  x5u: z__default.ZodOptional<z__default.ZodString>;
6176
6190
  }, z__default.ZodTypeAny, "passthrough">>>;
6177
6191
  x5c: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6178
- trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "many">>;
6192
+ trust_chain: z__default.ZodOptional<z__default.ZodArray<z__default.ZodString, "atleastone">>;
6179
6193
  }, z__default.ZodTypeAny, "passthrough">>;
6180
6194
  type ClientAttestationPopJwtHeader = z__default.infer<typeof zClientAttestationPopJwtHeader>;
6181
6195
 
@@ -8093,6 +8107,7 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
8093
8107
  jkt: z.ZodOptional<z.ZodString>;
8094
8108
  }, z.ZodTypeAny, "passthrough">>>;
8095
8109
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
8110
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
8096
8111
  }, z.ZodTypeAny, "passthrough"> | z.objectOutputType<{
8097
8112
  active: z.ZodBoolean;
8098
8113
  scope: z.ZodOptional<z.ZodString>;
@@ -8841,7 +8856,7 @@ declare class Oauth2AuthorizationServer {
8841
8856
  x5u: z.ZodOptional<z.ZodString>;
8842
8857
  }, z.ZodTypeAny, "passthrough">>>;
8843
8858
  x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
8844
- trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
8859
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
8845
8860
  }, z.ZodTypeAny, "passthrough">;
8846
8861
  payload: z.objectOutputType<{
8847
8862
  iss: z.ZodString;
@@ -9191,6 +9206,7 @@ declare class Oauth2AuthorizationServer {
9191
9206
  nonce: z.ZodOptional<z.ZodString>;
9192
9207
  jti: z.ZodOptional<z.ZodString>;
9193
9208
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
9209
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
9194
9210
  }, z.ZodTypeAny, "passthrough">;
9195
9211
  signer: JwtSignerWithJwk;
9196
9212
  };
@@ -9309,7 +9325,7 @@ declare class Oauth2AuthorizationServer {
9309
9325
  x5u: z.ZodOptional<z.ZodString>;
9310
9326
  }, z.ZodTypeAny, "passthrough">>>;
9311
9327
  x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
9312
- trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
9328
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
9313
9329
  }, z.ZodTypeAny, "passthrough">;
9314
9330
  payload: z.objectOutputType<{
9315
9331
  iss: z.ZodString;
@@ -9654,6 +9670,7 @@ declare class Oauth2AuthorizationServer {
9654
9670
  jkt: z.ZodOptional<z.ZodString>;
9655
9671
  }, z.ZodTypeAny, "passthrough">>>;
9656
9672
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
9673
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
9657
9674
  }, z.ZodTypeAny, "passthrough">;
9658
9675
  signer: JwtSignerWithJwk;
9659
9676
  };
@@ -10186,6 +10203,7 @@ declare class Oauth2ResourceServer {
10186
10203
  jkt: z.ZodOptional<z.ZodString>;
10187
10204
  }, z.ZodTypeAny, "passthrough">>>;
10188
10205
  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
10206
+ trust_chain: z.ZodOptional<z.ZodArray<z.ZodString, "atleastone">>;
10189
10207
  }, z.ZodTypeAny, "passthrough"> | z.objectOutputType<{
10190
10208
  active: z.ZodBoolean;
10191
10209
  scope: z.ZodOptional<z.ZodString>;