@openid4vc/oauth2 0.3.0-alpha-20251021082313 → 0.3.0-alpha-20251029091020

package/dist/index.mjs

@@ -18,7 +18,7 @@ let HashAlgorithm = /* @__PURE__ */ function(HashAlgorithm$1) {
 //#region src/error/Oauth2Error.ts
 var Oauth2Error = class extends Error {
 	constructor(message, options) {
-		const errorMessage = message ?? "Unknown error occured.";
+		const errorMessage = message ?? "Unknown error occurred.";
 		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
 		super(`${errorMessage}${causeMessage}`);
 		this.cause = options?.cause;
@@ -263,7 +263,7 @@ function jwtSignerFromJwt({ header, payload, allowedSignerMethods }) {
 	if (header.kid?.startsWith("did:") || payload.iss?.startsWith("did:")) if (payload.iss && header.kid?.startsWith("did:") && !header.kid.startsWith(payload.iss)) found.push({
 		method: "did",
 		valid: false,
-		error: `kid in header starst with did that is different from did value in 'iss'`
+		error: `kid in header starts with did that is different from did value in 'iss'`
 	});
 	else if (!header.kid?.startsWith("did:") && !header.kid?.startsWith("#")) found.push({
 		method: "did",
@@ -1386,6 +1386,7 @@ const zAuthorizationRequest = z$1.object({
 	redirect_uri: z$1.url().optional(),
 	resource: z$1.optional(zHttpsUrl),
 	scope: z$1.optional(z$1.string()),
+	state: z$1.optional(z$1.string()),
 	dpop_jkt: z$1.optional(z$1.base64url()),
 	code_challenge: z$1.optional(z$1.string()),
 	code_challenge_method: z$1.optional(z$1.string())
@@ -1424,7 +1425,7 @@ const zAuthorizationChallengeErrorResponse = z$1.object({
 /**
 * Create an authorization challenge response
 *
-* @throws {ValidationError} if an error occured during verification of the {@link AuthorizationChallengeResponse}
+* @throws {ValidationError} if an error occurred during verification of the {@link AuthorizationChallengeResponse}
 */
 function createAuthorizationChallengeResponse(options) {
 	return { authorizationChallengeResponse: parseWithErrorHandling(zAuthorizationChallengeResponse, {
@@ -1435,7 +1436,7 @@ function createAuthorizationChallengeResponse(options) {
 /**
 * Create an authorization challenge error response
 *
-* @throws {ValidationError} if an error occured during validation of the {@link AuthorizationChallengeErrorResponse}
+* @throws {ValidationError} if an error occurred during validation of the {@link AuthorizationChallengeErrorResponse}
 */
 function createAuthorizationChallengeErrorResponse(options) {
 	return parseWithErrorHandling(zAuthorizationChallengeErrorResponse, {
@@ -1591,7 +1592,7 @@ async function verifyAuthorizationChallengeRequest(options) {
 /**
 * Create an pushed authorization response
 *
-* @throws {ValidationError} if an error occured during verification of the {@link PushedAuthorizationResponse}
+* @throws {ValidationError} if an error occurred during verification of the {@link PushedAuthorizationResponse}
 */
 function createPushedAuthorizationResponse(options) {
 	return { pushedAuthorizationResponse: parseWithErrorHandling(zPushedAuthorizationResponse, {
@@ -1603,7 +1604,7 @@ function createPushedAuthorizationResponse(options) {
 /**
 * Create a pushed authorization error response
 *
-* @throws {ValidationError} if an error occured during validation of the {@link PushedAuthorizationErrorResponse}
+* @throws {ValidationError} if an error occurred during validation of the {@link PushedAuthorizationErrorResponse}
 */
 function createPushedAuthorizationErrorResponse(options) {
 	return parseWithErrorHandling(zAccessTokenErrorResponse, {
@@ -1624,7 +1625,7 @@ function parsePushedAuthorizationRequest(options) {
 	const parsedAuthorizationRequest = zAuthorizationRequest.safeParse(options.authorizationRequest);
 	if (!parsedAuthorizationRequest.success) throw new Oauth2ServerErrorResponseError({
 		error: Oauth2ErrorCodes.InvalidRequest,
-		error_description: `Error occured during validation of pushed authorization request.\n${formatZodError(parsedAuthorizationRequest.error)}`
+		error_description: `Error occurred during validation of pushed authorization request.\n${formatZodError(parsedAuthorizationRequest.error)}`
 	});
 	const authorizationRequest = parsedAuthorizationRequest.data;
 	const { clientAttestation, dpop } = parseAuthorizationRequest({
@@ -1935,13 +1936,13 @@ async function retrieveAccessToken(options) {
 *
 * @throws {Oauth2ClientAuthorizationChallengeError} if the request failed and a {@link AuthorizationChallengeErrorResponse} is returned
 * @throws {InvalidFetchResponseError} if the request failed but no error response could be parsed
-* @throws {ValidationError} if a successful response was received but an error occured during verification of the {@link AuthorizationChallengeResponse}
+* @throws {ValidationError} if a successful response was received but an error occurred during verification of the {@link AuthorizationChallengeResponse}
 */
 async function sendAuthorizationChallengeRequest(options) {
 	const fetchWithZod = createZodFetcher(options.callbacks.fetch);
 	const authorizationServerMetadata = options.authorizationServerMetadata;
 	const authorizationChallengeEndpoint = authorizationServerMetadata.authorization_challenge_endpoint;
-	if (!authorizationChallengeEndpoint) throw new Oauth2Error(`Unable to send authorization challange. Authorization server '${authorizationServerMetadata.issuer}' has no 'authorization_challenge_endpoint'`);
+	if (!authorizationChallengeEndpoint) throw new Oauth2Error(`Unable to send authorization challenge. Authorization server '${authorizationServerMetadata.issuer}' has no 'authorization_challenge_endpoint'`);
 	const pkce = authorizationServerMetadata.code_challenge_methods_supported && !options.authSession ? await createPkce({
 		allowedCodeChallengeMethods: authorizationServerMetadata.code_challenge_methods_supported,
 		callbacks: options.callbacks,
@@ -2028,6 +2029,7 @@ async function createAuthorizationRequestUrl(options) {
 		redirect_uri: options.redirectUri,
 		resource: options.resource,
 		scope: options.scope,
+		state: options.state,
 		code_challenge: pkce?.codeChallenge,
 		code_challenge_method: pkce?.codeChallengeMethod
 	};
@@ -2077,7 +2079,7 @@ async function createAuthorizationRequestUrl(options) {
 }
 async function pushAuthorizationRequest(options) {
 	const fetchWithZod = createZodFetcher(options.callbacks.fetch);
-	if (options.authorizationRequest.request_uri) throw new Oauth2Error(`Authorization request contains 'request_uri' parameter. This is not allowed for pushed authorization reuqests.`);
+	if (options.authorizationRequest.request_uri) throw new Oauth2Error(`Authorization request contains 'request_uri' parameter. This is not allowed for pushed authorization requests.`);
 	const headers = new Headers({
 		...options.headers,
 		"Content-Type": ContentType.XWwwFormUrlencoded
@@ -2431,7 +2433,7 @@ async function verifyResourceRequest(options) {
 			})).header.jwk;
 		} catch (error) {
 			const errorMessage = error instanceof Oauth2Error ? error.message : "Error verifying DPoP jwt";
-			throw new Oauth2ResourceUnauthorizedError(`Error occured during verification of jwt profile access token: ${error instanceof Error ? error.message : error}`, {
+			throw new Oauth2ResourceUnauthorizedError(`Error occurred during verification of jwt profile access token: ${error instanceof Error ? error.message : error}`, {
 				scheme,
 				error: Oauth2ErrorCodes.InvalidDpopProof,
 				error_description: errorMessage