@openid4vc/oauth2 0.3.0-alpha-20250425121212 → 0.3.0-alpha-20250511115959
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +26 -0
- package/dist/index.d.ts +26 -0
- package/dist/index.js +5 -3
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +5 -3
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -763,26 +763,52 @@ type JwtSignerDid = {
|
|
|
763
763
|
method: 'did';
|
|
764
764
|
didUrl: string;
|
|
765
765
|
alg: string;
|
|
766
|
+
/**
|
|
767
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
768
|
+
* with the key associated with the didUrl.
|
|
769
|
+
*/
|
|
770
|
+
kid?: string;
|
|
766
771
|
};
|
|
767
772
|
type JwtSignerJwk = {
|
|
768
773
|
method: 'jwk';
|
|
769
774
|
publicJwk: Jwk;
|
|
770
775
|
alg: string;
|
|
776
|
+
/**
|
|
777
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
778
|
+
* with the key associated with the jwk.
|
|
779
|
+
*
|
|
780
|
+
* If not provided the kid can also be extracted from the `publicJwk`. Providing it here means the `kid` won't
|
|
781
|
+
* be included in the JWT header.
|
|
782
|
+
*/
|
|
783
|
+
kid?: string;
|
|
771
784
|
};
|
|
772
785
|
type JwtSignerX5c = {
|
|
773
786
|
method: 'x5c';
|
|
774
787
|
x5c: string[];
|
|
775
788
|
alg: string;
|
|
789
|
+
/**
|
|
790
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
791
|
+
* with the key associated with the leaf certificate.
|
|
792
|
+
*/
|
|
793
|
+
kid?: string;
|
|
776
794
|
};
|
|
777
795
|
type JwtSignerFederation = {
|
|
778
796
|
method: 'federation';
|
|
779
797
|
trustChain?: [string, ...string[]];
|
|
780
798
|
alg: string;
|
|
799
|
+
/**
|
|
800
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
801
|
+
* with a key present in the federation.
|
|
802
|
+
*/
|
|
781
803
|
kid: string;
|
|
782
804
|
};
|
|
783
805
|
type JwtSignerCustom = {
|
|
784
806
|
method: 'custom';
|
|
785
807
|
alg: string;
|
|
808
|
+
/**
|
|
809
|
+
* The key id that should be used for signing.
|
|
810
|
+
*/
|
|
811
|
+
kid?: string;
|
|
786
812
|
};
|
|
787
813
|
type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerFederation | JwtSignerCustom;
|
|
788
814
|
type JwtSignerWithJwk = JwtSigner & {
|
package/dist/index.d.ts
CHANGED
|
@@ -763,26 +763,52 @@ type JwtSignerDid = {
|
|
|
763
763
|
method: 'did';
|
|
764
764
|
didUrl: string;
|
|
765
765
|
alg: string;
|
|
766
|
+
/**
|
|
767
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
768
|
+
* with the key associated with the didUrl.
|
|
769
|
+
*/
|
|
770
|
+
kid?: string;
|
|
766
771
|
};
|
|
767
772
|
type JwtSignerJwk = {
|
|
768
773
|
method: 'jwk';
|
|
769
774
|
publicJwk: Jwk;
|
|
770
775
|
alg: string;
|
|
776
|
+
/**
|
|
777
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
778
|
+
* with the key associated with the jwk.
|
|
779
|
+
*
|
|
780
|
+
* If not provided the kid can also be extracted from the `publicJwk`. Providing it here means the `kid` won't
|
|
781
|
+
* be included in the JWT header.
|
|
782
|
+
*/
|
|
783
|
+
kid?: string;
|
|
771
784
|
};
|
|
772
785
|
type JwtSignerX5c = {
|
|
773
786
|
method: 'x5c';
|
|
774
787
|
x5c: string[];
|
|
775
788
|
alg: string;
|
|
789
|
+
/**
|
|
790
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
791
|
+
* with the key associated with the leaf certificate.
|
|
792
|
+
*/
|
|
793
|
+
kid?: string;
|
|
776
794
|
};
|
|
777
795
|
type JwtSignerFederation = {
|
|
778
796
|
method: 'federation';
|
|
779
797
|
trustChain?: [string, ...string[]];
|
|
780
798
|
alg: string;
|
|
799
|
+
/**
|
|
800
|
+
* The key id that should be used for signing. You need to make sure the kid actuall matches
|
|
801
|
+
* with a key present in the federation.
|
|
802
|
+
*/
|
|
781
803
|
kid: string;
|
|
782
804
|
};
|
|
783
805
|
type JwtSignerCustom = {
|
|
784
806
|
method: 'custom';
|
|
785
807
|
alg: string;
|
|
808
|
+
/**
|
|
809
|
+
* The key id that should be used for signing.
|
|
810
|
+
*/
|
|
811
|
+
kid?: string;
|
|
786
812
|
};
|
|
787
813
|
type JwtSigner = JwtSignerDid | JwtSignerJwk | JwtSignerX5c | JwtSignerFederation | JwtSignerCustom;
|
|
788
814
|
type JwtSignerWithJwk = JwtSigner & {
|
package/dist/index.js
CHANGED
|
@@ -295,7 +295,7 @@ var import_zod4 = __toESM(require("zod"));
|
|
|
295
295
|
var zAlgValueNotNone = import_zod4.default.string().refine((alg) => alg !== "none", { message: `alg value may not be 'none'` });
|
|
296
296
|
|
|
297
297
|
// src/common/jwt/z-jwt.ts
|
|
298
|
-
var zCompactJwt = import_zod5.default.string().regex(/^([a-zA-Z0-
|
|
298
|
+
var zCompactJwt = import_zod5.default.string().regex(/^([a-zA-Z0-9-_]+)\.([a-zA-Z0-9-_]+)\.([a-zA-Z0-9-_]+)$/, {
|
|
299
299
|
message: "Not a valid compact jwt"
|
|
300
300
|
});
|
|
301
301
|
var zJwtConfirmationPayload = import_zod5.default.object({
|
|
@@ -415,7 +415,8 @@ function jwtSignerFromJwt({
|
|
|
415
415
|
signer: {
|
|
416
416
|
alg: header.alg,
|
|
417
417
|
method: "x5c",
|
|
418
|
-
x5c: header.x5c
|
|
418
|
+
x5c: header.x5c,
|
|
419
|
+
kid: header.kid
|
|
419
420
|
}
|
|
420
421
|
});
|
|
421
422
|
}
|
|
@@ -491,7 +492,8 @@ ${found.map((m) => m.valid ? `SUCCEEDED: method ${m.method}` : `FAILED: method $
|
|
|
491
492
|
if (!allowedSignerMethods || allowedSignerMethods.includes("custom")) {
|
|
492
493
|
return {
|
|
493
494
|
method: "custom",
|
|
494
|
-
alg: header.alg
|
|
495
|
+
alg: header.alg,
|
|
496
|
+
kid: header.kid
|
|
495
497
|
};
|
|
496
498
|
}
|
|
497
499
|
throw new Oauth2Error(
|