@openid4vc/oauth2 0.3.0-alpha-20251021082313 → 0.3.0-alpha-20251029093110

package/dist/index.d.mts

@@ -1427,6 +1427,7 @@ declare const zAuthorizationChallengeRequest: z$1.ZodObject<{
   scope: z$1.ZodOptional<z$1.ZodString>;
   redirect_uri: z$1.ZodOptional<z$1.ZodURL>;
   resource: z$1.ZodOptional<z$1.ZodString>;
+  state: z$1.ZodOptional<z$1.ZodString>;
   issuer_state: z$1.ZodOptional<z$1.ZodString>;
   dpop_jkt: z$1.ZodOptional<z$1.ZodBase64URL>;
   code_challenge: z$1.ZodOptional<z$1.ZodString>;
@@ -1565,6 +1566,10 @@ interface CreateAuthorizationRequestUrlOptions {
    * Scope to request for the authorization request
    */
   scope?: string;
+  /**
+   * State for the authorization request
+   */
+  state?: string;
   /**
    * The resource to which access is being requested. This can help the authorization
    * server in determining the resource server to handle the authorization request for
@@ -1629,6 +1634,7 @@ declare const zAuthorizationRequest: z$1.ZodObject<{
   redirect_uri: z$1.ZodOptional<z$1.ZodURL>;
   resource: z$1.ZodOptional<z$1.ZodString>;
   scope: z$1.ZodOptional<z$1.ZodString>;
+  state: z$1.ZodOptional<z$1.ZodString>;
   dpop_jkt: z$1.ZodOptional<z$1.ZodBase64URL>;
   code_challenge: z$1.ZodOptional<z$1.ZodString>;
   code_challenge_method: z$1.ZodOptional<z$1.ZodString>;
@@ -2608,7 +2614,12 @@ interface SendAuthorizationChallengeRequestOptions {
    */
   resource?: string;
   /**
-   * Presentation during issuance sessios if credentials were presented
+   * Redirect uri to include in the authorization challenge request. Maybe be used by the
+   * server when falling back to a PAR request.
+   */
+  redirectUri?: string;
+  /**
+   * Presentation during issuance session if credentials were presented
    * as part of an issuance session
    */
   presentationDuringIssuanceSession?: string;

package/dist/index.d.ts

@@ -1427,6 +1427,7 @@ declare const zAuthorizationChallengeRequest: z$1.ZodObject<{
   scope: z$1.ZodOptional<z$1.ZodString>;
   redirect_uri: z$1.ZodOptional<z$1.ZodURL>;
   resource: z$1.ZodOptional<z$1.ZodString>;
+  state: z$1.ZodOptional<z$1.ZodString>;
   issuer_state: z$1.ZodOptional<z$1.ZodString>;
   dpop_jkt: z$1.ZodOptional<z$1.ZodBase64URL>;
   code_challenge: z$1.ZodOptional<z$1.ZodString>;
@@ -1565,6 +1566,10 @@ interface CreateAuthorizationRequestUrlOptions {
    * Scope to request for the authorization request
    */
   scope?: string;
+  /**
+   * State for the authorization request
+   */
+  state?: string;
   /**
    * The resource to which access is being requested. This can help the authorization
    * server in determining the resource server to handle the authorization request for
@@ -1629,6 +1634,7 @@ declare const zAuthorizationRequest: z$1.ZodObject<{
   redirect_uri: z$1.ZodOptional<z$1.ZodURL>;
   resource: z$1.ZodOptional<z$1.ZodString>;
   scope: z$1.ZodOptional<z$1.ZodString>;
+  state: z$1.ZodOptional<z$1.ZodString>;
   dpop_jkt: z$1.ZodOptional<z$1.ZodBase64URL>;
   code_challenge: z$1.ZodOptional<z$1.ZodString>;
   code_challenge_method: z$1.ZodOptional<z$1.ZodString>;
@@ -2608,7 +2614,12 @@ interface SendAuthorizationChallengeRequestOptions {
    */
   resource?: string;
   /**
-   * Presentation during issuance sessios if credentials were presented
+   * Redirect uri to include in the authorization challenge request. Maybe be used by the
+   * server when falling back to a PAR request.
+   */
+  redirectUri?: string;
+  /**
+   * Presentation during issuance session if credentials were presented
    * as part of an issuance session
    */
   presentationDuringIssuanceSession?: string;

package/dist/index.js

@@ -43,7 +43,7 @@ let HashAlgorithm = /* @__PURE__ */ function(HashAlgorithm$1) {
 //#region src/error/Oauth2Error.ts
 var Oauth2Error = class extends Error {
 	constructor(message, options) {
-		const errorMessage = message ?? "Unknown error occured.";
+		const errorMessage = message ?? "Unknown error occurred.";
 		const causeMessage = options?.cause instanceof Error ? ` ${options.cause.message}` : options?.cause ? ` ${options?.cause}` : "";
 		super(`${errorMessage}${causeMessage}`);
 		this.cause = options?.cause;
@@ -288,7 +288,7 @@ function jwtSignerFromJwt({ header, payload, allowedSignerMethods }) {
 	if (header.kid?.startsWith("did:") || payload.iss?.startsWith("did:")) if (payload.iss && header.kid?.startsWith("did:") && !header.kid.startsWith(payload.iss)) found.push({
 		method: "did",
 		valid: false,
-		error: `kid in header starst with did that is different from did value in 'iss'`
+		error: `kid in header starts with did that is different from did value in 'iss'`
 	});
 	else if (!header.kid?.startsWith("did:") && !header.kid?.startsWith("#")) found.push({
 		method: "did",
@@ -1411,6 +1411,7 @@ const zAuthorizationRequest = zod.default.object({
 	redirect_uri: zod.default.url().optional(),
 	resource: zod.default.optional(__openid4vc_utils.zHttpsUrl),
 	scope: zod.default.optional(zod.default.string()),
+	state: zod.default.optional(zod.default.string()),
 	dpop_jkt: zod.default.optional(zod.default.base64url()),
 	code_challenge: zod.default.optional(zod.default.string()),
 	code_challenge_method: zod.default.optional(zod.default.string())
@@ -1449,7 +1450,7 @@ const zAuthorizationChallengeErrorResponse = zod.default.object({
 /**
 * Create an authorization challenge response
 *
-* @throws {ValidationError} if an error occured during verification of the {@link AuthorizationChallengeResponse}
+* @throws {ValidationError} if an error occurred during verification of the {@link AuthorizationChallengeResponse}
 */
 function createAuthorizationChallengeResponse(options) {
 	return { authorizationChallengeResponse: (0, __openid4vc_utils.parseWithErrorHandling)(zAuthorizationChallengeResponse, {
@@ -1460,7 +1461,7 @@ function createAuthorizationChallengeResponse(options) {
 /**
 * Create an authorization challenge error response
 *
-* @throws {ValidationError} if an error occured during validation of the {@link AuthorizationChallengeErrorResponse}
+* @throws {ValidationError} if an error occurred during validation of the {@link AuthorizationChallengeErrorResponse}
 */
 function createAuthorizationChallengeErrorResponse(options) {
 	return (0, __openid4vc_utils.parseWithErrorHandling)(zAuthorizationChallengeErrorResponse, {
@@ -1616,7 +1617,7 @@ async function verifyAuthorizationChallengeRequest(options) {
 /**
 * Create an pushed authorization response
 *
-* @throws {ValidationError} if an error occured during verification of the {@link PushedAuthorizationResponse}
+* @throws {ValidationError} if an error occurred during verification of the {@link PushedAuthorizationResponse}
 */
 function createPushedAuthorizationResponse(options) {
 	return { pushedAuthorizationResponse: (0, __openid4vc_utils.parseWithErrorHandling)(zPushedAuthorizationResponse, {
@@ -1628,7 +1629,7 @@ function createPushedAuthorizationResponse(options) {
 /**
 * Create a pushed authorization error response
 *
-* @throws {ValidationError} if an error occured during validation of the {@link PushedAuthorizationErrorResponse}
+* @throws {ValidationError} if an error occurred during validation of the {@link PushedAuthorizationErrorResponse}
 */
 function createPushedAuthorizationErrorResponse(options) {
 	return (0, __openid4vc_utils.parseWithErrorHandling)(zAccessTokenErrorResponse, {
@@ -1649,7 +1650,7 @@ function parsePushedAuthorizationRequest(options) {
 	const parsedAuthorizationRequest = zAuthorizationRequest.safeParse(options.authorizationRequest);
 	if (!parsedAuthorizationRequest.success) throw new Oauth2ServerErrorResponseError({
 		error: Oauth2ErrorCodes.InvalidRequest,
-		error_description: `Error occured during validation of pushed authorization request.\n${(0, __openid4vc_utils.formatZodError)(parsedAuthorizationRequest.error)}`
+		error_description: `Error occurred during validation of pushed authorization request.\n${(0, __openid4vc_utils.formatZodError)(parsedAuthorizationRequest.error)}`
 	});
 	const authorizationRequest = parsedAuthorizationRequest.data;
 	const { clientAttestation, dpop } = parseAuthorizationRequest({
@@ -1960,13 +1961,13 @@ async function retrieveAccessToken(options) {
 *
 * @throws {Oauth2ClientAuthorizationChallengeError} if the request failed and a {@link AuthorizationChallengeErrorResponse} is returned
 * @throws {InvalidFetchResponseError} if the request failed but no error response could be parsed
-* @throws {ValidationError} if a successful response was received but an error occured during verification of the {@link AuthorizationChallengeResponse}
+* @throws {ValidationError} if a successful response was received but an error occurred during verification of the {@link AuthorizationChallengeResponse}
 */
 async function sendAuthorizationChallengeRequest(options) {
 	const fetchWithZod = (0, __openid4vc_utils.createZodFetcher)(options.callbacks.fetch);
 	const authorizationServerMetadata = options.authorizationServerMetadata;
 	const authorizationChallengeEndpoint = authorizationServerMetadata.authorization_challenge_endpoint;
-	if (!authorizationChallengeEndpoint) throw new Oauth2Error(`Unable to send authorization challange. Authorization server '${authorizationServerMetadata.issuer}' has no 'authorization_challenge_endpoint'`);
+	if (!authorizationChallengeEndpoint) throw new Oauth2Error(`Unable to send authorization challenge. Authorization server '${authorizationServerMetadata.issuer}' has no 'authorization_challenge_endpoint'`);
 	const pkce = authorizationServerMetadata.code_challenge_methods_supported && !options.authSession ? await createPkce({
 		allowedCodeChallengeMethods: authorizationServerMetadata.code_challenge_methods_supported,
 		callbacks: options.callbacks,
@@ -1976,6 +1977,7 @@ async function sendAuthorizationChallengeRequest(options) {
 		...options.additionalRequestPayload,
 		auth_session: options.authSession,
 		scope: options.scope,
+		redirect_uri: options.redirectUri,
 		resource: options.resource,
 		code_challenge: pkce?.codeChallenge,
 		code_challenge_method: pkce?.codeChallengeMethod,
@@ -2053,6 +2055,7 @@ async function createAuthorizationRequestUrl(options) {
 		redirect_uri: options.redirectUri,
 		resource: options.resource,
 		scope: options.scope,
+		state: options.state,
 		code_challenge: pkce?.codeChallenge,
 		code_challenge_method: pkce?.codeChallengeMethod
 	};
@@ -2102,7 +2105,7 @@ async function createAuthorizationRequestUrl(options) {
 }
 async function pushAuthorizationRequest(options) {
 	const fetchWithZod = (0, __openid4vc_utils.createZodFetcher)(options.callbacks.fetch);
-	if (options.authorizationRequest.request_uri) throw new Oauth2Error(`Authorization request contains 'request_uri' parameter. This is not allowed for pushed authorization reuqests.`);
+	if (options.authorizationRequest.request_uri) throw new Oauth2Error(`Authorization request contains 'request_uri' parameter. This is not allowed for pushed authorization requests.`);
 	const headers = new __openid4vc_utils.Headers({
 		...options.headers,
 		"Content-Type": __openid4vc_utils.ContentType.XWwwFormUrlencoded
@@ -2226,6 +2229,7 @@ var Oauth2Client = class {
 				authorizationServerMetadata: options.authorizationServerMetadata,
 				additionalRequestPayload: options.additionalRequestPayload,
 				pkceCodeVerifier: pkce?.codeVerifier,
+				redirectUri: options.redirectUri,
 				scope: options.scope,
 				resource: options.resource,
 				dpop: options.dpop
@@ -2456,7 +2460,7 @@ async function verifyResourceRequest(options) {
 			})).header.jwk;
 		} catch (error) {
 			const errorMessage = error instanceof Oauth2Error ? error.message : "Error verifying DPoP jwt";
-			throw new Oauth2ResourceUnauthorizedError(`Error occured during verification of jwt profile access token: ${error instanceof Error ? error.message : error}`, {
+			throw new Oauth2ResourceUnauthorizedError(`Error occurred during verification of jwt profile access token: ${error instanceof Error ? error.message : error}`, {
 				scheme,
 				error: Oauth2ErrorCodes.InvalidDpopProof,
 				error_description: errorMessage