@openid4vc/oauth2 0.3.0-alpha-20251017122507 → 0.3.0-alpha-20251021082313

package/dist/index.d.mts

@@ -1699,6 +1699,7 @@ type DecodeJwtResult<HeaderSchema extends BaseSchema | undefined = undefined, Pa
   header: InferSchemaOrDefaultOutput<HeaderSchema, typeof zJwtHeader>;
   payload: InferSchemaOrDefaultOutput<PayloadSchema, typeof zJwtPayload>;
   signature: string;
+  compact: string;
 };
 declare function decodeJwt<HeaderSchema extends BaseSchema | undefined = undefined, PayloadSchema extends BaseSchema | undefined = undefined>(options: DecodeJwtOptions<HeaderSchema, PayloadSchema>): DecodeJwtResult<HeaderSchema, PayloadSchema>;
 declare function jwtHeaderFromJwtSigner(signer: JwtSigner): {
@@ -1973,6 +1974,18 @@ declare function getAuthorizationServerMetadataFromList(authorizationServersMeta
 declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
 //#endregion
 //#region src/metadata/fetch-well-known-metadata.d.ts
+interface FetchWellKnownMetadataOptions {
+  /**
+   * Custom fetch implementation to use for fetching the metadata
+   */
+  fetch?: Fetch;
+  /**
+   * The accepted content types. If not provided a default of `ContentType.Json`
+   * will be used. This will be used for the `Accept` header, as well as verified
+   * against the `Content-Type` response header.
+   */
+  acceptedContentType?: [ContentType, ...ContentType[]];
+}
 /**
  * Fetch well known metadata and validate the response.
  *
@@ -1984,7 +1997,7 @@ declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
  * @throws {InvalidFetchResponseError} if no successful or 404 response
  * @throws {Error} if parsing json from response fails
  */
-declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, fetch?: Fetch): Promise<z$1.infer<Schema> | null>;
+declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, options?: FetchWellKnownMetadataOptions): Promise<z$1.infer<Schema> | null>;
 //#endregion
 //#region src/access-token/create-access-token.d.ts
 interface CreateAccessTokenOptions {

package/dist/index.d.ts

@@ -1699,6 +1699,7 @@ type DecodeJwtResult<HeaderSchema extends BaseSchema | undefined = undefined, Pa
   header: InferSchemaOrDefaultOutput<HeaderSchema, typeof zJwtHeader>;
   payload: InferSchemaOrDefaultOutput<PayloadSchema, typeof zJwtPayload>;
   signature: string;
+  compact: string;
 };
 declare function decodeJwt<HeaderSchema extends BaseSchema | undefined = undefined, PayloadSchema extends BaseSchema | undefined = undefined>(options: DecodeJwtOptions<HeaderSchema, PayloadSchema>): DecodeJwtResult<HeaderSchema, PayloadSchema>;
 declare function jwtHeaderFromJwtSigner(signer: JwtSigner): {
@@ -1973,6 +1974,18 @@ declare function getAuthorizationServerMetadataFromList(authorizationServersMeta
 declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
 //#endregion
 //#region src/metadata/fetch-well-known-metadata.d.ts
+interface FetchWellKnownMetadataOptions {
+  /**
+   * Custom fetch implementation to use for fetching the metadata
+   */
+  fetch?: Fetch;
+  /**
+   * The accepted content types. If not provided a default of `ContentType.Json`
+   * will be used. This will be used for the `Accept` header, as well as verified
+   * against the `Content-Type` response header.
+   */
+  acceptedContentType?: [ContentType, ...ContentType[]];
+}
 /**
  * Fetch well known metadata and validate the response.
  *
@@ -1984,7 +1997,7 @@ declare function fetchJwks(jwksUrl: string, fetch?: Fetch): Promise<JwkSet>;
  * @throws {InvalidFetchResponseError} if no successful or 404 response
  * @throws {Error} if parsing json from response fails
  */
-declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, fetch?: Fetch): Promise<z$1.infer<Schema> | null>;
+declare function fetchWellKnownMetadata<Schema extends BaseSchema>(wellKnownMetadataUrl: string, schema: Schema, options?: FetchWellKnownMetadataOptions): Promise<z$1.infer<Schema> | null>;
 //#endregion
 //#region src/access-token/create-access-token.d.ts
 interface CreateAccessTokenOptions {

package/dist/index.js

@@ -234,7 +234,8 @@ function decodeJwt(options) {
 	return {
 		header,
 		payload: (0, __openid4vc_utils.parseWithErrorHandling)(options.payloadSchema ?? zJwtPayload, payloadJson),
-		signature: jwtParts[2]
+		signature: jwtParts[2],
+		compact: options.jwt
 	};
 }
 function jwtHeaderFromJwtSigner(signer) {
@@ -880,8 +881,8 @@ var Oauth2ResourceUnauthorizedError = class Oauth2ResourceUnauthorizedError exte
 * @throws {InvalidFetchResponseError} if no successful or 404 response
 * @throws {Error} if parsing json from response fails
 */
-async function fetchWellKnownMetadata(wellKnownMetadataUrl, schema, fetch) {
-	const { result, response } = await (0, __openid4vc_utils.createZodFetcher)(fetch)(schema, __openid4vc_utils.ContentType.Json, wellKnownMetadataUrl);
+async function fetchWellKnownMetadata(wellKnownMetadataUrl, schema, options) {
+	const { result, response } = await (0, __openid4vc_utils.createZodFetcher)(options?.fetch)(schema, options?.acceptedContentType ?? [__openid4vc_utils.ContentType.Json], wellKnownMetadataUrl);
 	if (response.status === 404) return null;
 	if (!response.ok) throw new __openid4vc_utils.InvalidFetchResponseError(`Fetching well known metadata from '${wellKnownMetadataUrl}' resulted in an unsuccessful response with status '${response.status}'.`, await response.clone().text(), response);
 	if (!result?.success) throw new ValidationError$1(`Validation of metadata from '${wellKnownMetadataUrl}' failed`, result?.error);
@@ -933,9 +934,9 @@ async function fetchAuthorizationServerMetadata(issuer, fetch) {
 	const openIdConfigurationWellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(issuer, [wellKnownOpenIdConfigurationServerSuffix]);
 	const authorizationServerWellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(parsedIssuerUrl.origin, [wellKnownAuthorizationServerSuffix, parsedIssuerUrl.pathname]);
 	const nonCompliantAuthorizationServerWellKnownMetadataUrl = (0, __openid4vc_utils.joinUriParts)(issuer, [wellKnownAuthorizationServerSuffix]);
-	let authorizationServerResult = await fetchWellKnownMetadata(authorizationServerWellKnownMetadataUrl, zAuthorizationServerMetadata, fetch);
-	if (!authorizationServerResult && nonCompliantAuthorizationServerWellKnownMetadataUrl !== authorizationServerWellKnownMetadataUrl) authorizationServerResult = await fetchWellKnownMetadata(nonCompliantAuthorizationServerWellKnownMetadataUrl, zAuthorizationServerMetadata, fetch);
-	if (!authorizationServerResult) authorizationServerResult = await fetchWellKnownMetadata(openIdConfigurationWellKnownMetadataUrl, zAuthorizationServerMetadata, fetch);
+	let authorizationServerResult = await fetchWellKnownMetadata(authorizationServerWellKnownMetadataUrl, zAuthorizationServerMetadata, { fetch });
+	if (!authorizationServerResult && nonCompliantAuthorizationServerWellKnownMetadataUrl !== authorizationServerWellKnownMetadataUrl) authorizationServerResult = await fetchWellKnownMetadata(nonCompliantAuthorizationServerWellKnownMetadataUrl, zAuthorizationServerMetadata, { fetch });
+	if (!authorizationServerResult) authorizationServerResult = await fetchWellKnownMetadata(openIdConfigurationWellKnownMetadataUrl, zAuthorizationServerMetadata, { fetch });
 	if (authorizationServerResult && authorizationServerResult.issuer !== issuer) throw new Oauth2Error(`The 'issuer' parameter '${authorizationServerResult.issuer}' in the well known authorization server metadata at '${authorizationServerWellKnownMetadataUrl}' does not match the provided issuer '${issuer}'.`);
 	return authorizationServerResult;
 }