npm - @openid4vc/oauth2 - Versions diffs - 0.3.0-alpha-20251031085020 → 0.3.0-alpha-20251031102233 - Mend

@openid4vc/oauth2 0.3.0-alpha-20251031085020 → 0.3.0-alpha-20251031102233

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1630,6 +1630,9 @@ interface CreatePushedAuthorizationErrorResponseOptions {
 }
 //#endregion
 //#region src/authorization-request/z-authorization-request.d.ts
+declare const zPushedAuthorizationRequestUriPrefix: z$1.ZodLiteral<"urn:ietf:params:oauth:request_uri:">;
+declare const pushedAuthorizationRequestUriPrefix: "urn:ietf:params:oauth:request_uri:";
+type PushedAuthorizationRequestUriPrefix = z$1.infer<typeof zPushedAuthorizationRequestUriPrefix>;
 declare const zAuthorizationRequest: z$1.ZodObject<{
   response_type: z$1.ZodString;
   client_id: z$1.ZodString;
@@ -1652,6 +1655,16 @@ interface ParsePushedAuthorizationRequestOptions {
 interface ParsePushedAuthorizationRequestResult extends ParseAuthorizationRequestResult {
   authorizationRequest: AuthorizationRequest;
 }
+interface ParsePushedAuthorizationRequestUriOptions {
+  uri: string;
+}
+/**
+ * Parse a pushed authorization request URI prefixed with `urn:ietf:params:oauth:request_uri:`
+ * and returns the identifier, without the prefix.
+ *
+ * @throws {Oauth2ServerErrorResponseError}
+ */
+declare function parsePushedAuthorizationRequestUri(options: ParsePushedAuthorizationRequestUriOptions): string;
 //#endregion
 //#region src/authorization-request/verify-pushed-authorization-request.d.ts
 type VerifyPushedAuthorizationRequestReturn = VerifyAuthorizationRequestReturn;
@@ -1659,6 +1672,38 @@ interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationReq
   authorizationRequest: AuthorizationRequest;
 }
 //#endregion
+//#region src/authorization-response/z-authorization-response.d.ts
+declare const zAuthorizationResponse: z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodString;
+  error: z$1.ZodOptional<z$1.ZodNever>;
+}, z$1.core.$loose>;
+declare const zAuthorizationResponseFromUriParams: z$1.ZodPipe<z$1.ZodPipe<z$1.ZodURL, z$1.ZodTransform<unknown, string>>, z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodString;
+  error: z$1.ZodOptional<z$1.ZodNever>;
+}, z$1.core.$loose>>;
+type AuthorizationResponse = z$1.infer<typeof zAuthorizationResponse>;
+declare const zAuthorizationErrorResponse: z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodOptional<z$1.ZodNever>;
+  error: z$1.ZodUnion<readonly [z$1.ZodEnum<typeof Oauth2ErrorCodes>, z$1.ZodString]>;
+  error_description: z$1.ZodOptional<z$1.ZodString>;
+  error_uri: z$1.ZodOptional<z$1.ZodString>;
+}, z$1.core.$loose>;
+type AuthorizationErrorResponse = z$1.infer<typeof zAuthorizationErrorResponse>;
+//#endregion
+//#region src/authorization-response/parse-authorization-response.d.ts
+interface ParseAuthorizationRequestOptions {
+  url: string;
+}
+/**
+ * Parse an authorization response redirect URL.
+ *
+ * @throws {Oauth2ServerErrorResponseError}
+ */
+declare function parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationRequestOptions): AuthorizationResponse | AuthorizationErrorResponse;
+//#endregion
 //#region src/common/jwk/jwk-thumbprint.d.ts
 interface CalculateJwkThumbprintOptions {
   /**
@@ -3340,5 +3385,5 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
   authorizationServer: string;
 }>;
 //#endregion
-export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zRefreshTokenGrantIdentifier };
+export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationRequestOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUri, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
 //# sourceMappingURL=index.d.mts.map

package/dist/index.d.ts CHANGED Viewed

@@ -1630,6 +1630,9 @@ interface CreatePushedAuthorizationErrorResponseOptions {
 }
 //#endregion
 //#region src/authorization-request/z-authorization-request.d.ts
+declare const zPushedAuthorizationRequestUriPrefix: z$1.ZodLiteral<"urn:ietf:params:oauth:request_uri:">;
+declare const pushedAuthorizationRequestUriPrefix: "urn:ietf:params:oauth:request_uri:";
+type PushedAuthorizationRequestUriPrefix = z$1.infer<typeof zPushedAuthorizationRequestUriPrefix>;
 declare const zAuthorizationRequest: z$1.ZodObject<{
   response_type: z$1.ZodString;
   client_id: z$1.ZodString;
@@ -1652,6 +1655,16 @@ interface ParsePushedAuthorizationRequestOptions {
 interface ParsePushedAuthorizationRequestResult extends ParseAuthorizationRequestResult {
   authorizationRequest: AuthorizationRequest;
 }
+interface ParsePushedAuthorizationRequestUriOptions {
+  uri: string;
+}
+/**
+ * Parse a pushed authorization request URI prefixed with `urn:ietf:params:oauth:request_uri:`
+ * and returns the identifier, without the prefix.
+ *
+ * @throws {Oauth2ServerErrorResponseError}
+ */
+declare function parsePushedAuthorizationRequestUri(options: ParsePushedAuthorizationRequestUriOptions): string;
 //#endregion
 //#region src/authorization-request/verify-pushed-authorization-request.d.ts
 type VerifyPushedAuthorizationRequestReturn = VerifyAuthorizationRequestReturn;
@@ -1659,6 +1672,38 @@ interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationReq
   authorizationRequest: AuthorizationRequest;
 }
 //#endregion
+//#region src/authorization-response/z-authorization-response.d.ts
+declare const zAuthorizationResponse: z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodString;
+  error: z$1.ZodOptional<z$1.ZodNever>;
+}, z$1.core.$loose>;
+declare const zAuthorizationResponseFromUriParams: z$1.ZodPipe<z$1.ZodPipe<z$1.ZodURL, z$1.ZodTransform<unknown, string>>, z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodString;
+  error: z$1.ZodOptional<z$1.ZodNever>;
+}, z$1.core.$loose>>;
+type AuthorizationResponse = z$1.infer<typeof zAuthorizationResponse>;
+declare const zAuthorizationErrorResponse: z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodOptional<z$1.ZodNever>;
+  error: z$1.ZodUnion<readonly [z$1.ZodEnum<typeof Oauth2ErrorCodes>, z$1.ZodString]>;
+  error_description: z$1.ZodOptional<z$1.ZodString>;
+  error_uri: z$1.ZodOptional<z$1.ZodString>;
+}, z$1.core.$loose>;
+type AuthorizationErrorResponse = z$1.infer<typeof zAuthorizationErrorResponse>;
+//#endregion
+//#region src/authorization-response/parse-authorization-response.d.ts
+interface ParseAuthorizationRequestOptions {
+  url: string;
+}
+/**
+ * Parse an authorization response redirect URL.
+ *
+ * @throws {Oauth2ServerErrorResponseError}
+ */
+declare function parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationRequestOptions): AuthorizationResponse | AuthorizationErrorResponse;
+//#endregion
 //#region src/common/jwk/jwk-thumbprint.d.ts
 interface CalculateJwkThumbprintOptions {
   /**
@@ -3340,5 +3385,5 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
   authorizationServer: string;
 }>;
 //#endregion
-export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zRefreshTokenGrantIdentifier };
+export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationRequestOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUri, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js CHANGED Viewed

@@ -718,6 +718,248 @@ async function verifyClientAttestation({ authorizationServer, clientAttestationJ
 	}
 }
+//#endregion
+//#region src/dpop/z-dpop.ts
+const zDpopJwtPayload = zod.default.object({
+	...zJwtPayload.shape,
+	iat: __openid4vc_utils.zInteger,
+	htu: __openid4vc_utils.zHttpsUrl,
+	htm: __openid4vc_utils.zHttpMethod,
+	jti: zod.default.string(),
+	ath: zod.default.optional(zod.default.string())
+}).loose();
+const zDpopJwtHeader = zod.default.object({
+	...zJwtHeader.shape,
+	typ: zod.default.literal("dpop+jwt"),
+	jwk: zJwk
+}).loose();
+//#endregion
+//#region src/dpop/dpop.ts
+async function createDpopHeadersForRequest(options) {
+	return { DPoP: await createDpopJwt(options) };
+}
+async function createDpopJwt(options) {
+	let ath;
+	if (options.accessToken) ath = (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.hash((0, __openid4vc_utils.decodeUtf8String)(options.accessToken), HashAlgorithm.Sha256));
+	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zDpopJwtHeader, {
+		typ: "dpop+jwt",
+		jwk: options.signer.publicJwk,
+		alg: options.signer.alg
+	});
+	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zDpopJwtPayload, {
+		htu: htuFromRequestUrl(options.request.url),
+		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
+		htm: options.request.method,
+		jti: (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.generateRandom(32)),
+		ath,
+		nonce: options.nonce,
+		...options.additionalPayload
+	});
+	const { jwt } = await options.callbacks.signJwt(options.signer, {
+		header,
+		payload
+	});
+	return jwt;
+}
+async function verifyDpopJwt(options) {
+	try {
+		const { header, payload } = decodeJwt({
+			jwt: options.dpopJwt,
+			headerSchema: zDpopJwtHeader,
+			payloadSchema: zDpopJwtPayload
+		});
+		if (options.allowedSigningAlgs && !options.allowedSigningAlgs.includes(header.alg)) throw new Oauth2Error(`dpop jwt uses alg value '${header.alg}' but allowed dpop signging alg values are ${options.allowedSigningAlgs.join(", ")}.`);
+		if (options.expectedNonce) {
+			if (!payload.nonce) throw new Oauth2Error(`Dpop jwt does not have a nonce value, but expected nonce value '${options.expectedNonce}'`);
+			if (payload.nonce !== options.expectedNonce) throw new Oauth2Error(`Dpop jwt contains nonce value '${payload.nonce}', but expected nonce value '${options.expectedNonce}'`);
+		}
+		if (options.request.method !== payload.htm) throw new Oauth2Error(`Dpop jwt contains htm value '${payload.htm}', but expected htm value '${options.request.method}'`);
+		const expectedHtu = htuFromRequestUrl(options.request.url);
+		if (expectedHtu !== payload.htu) throw new Oauth2Error(`Dpop jwt contains htu value '${payload.htu}', but expected htu value '${expectedHtu}'.`);
+		if (options.accessToken) {
+			const expectedAth = (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.hash((0, __openid4vc_utils.decodeUtf8String)(options.accessToken), HashAlgorithm.Sha256));
+			if (!payload.ath) throw new Oauth2Error(`Dpop jwt does not have a ath value, but expected ath value '${expectedAth}'.`);
+			if (payload.ath !== expectedAth) throw new Oauth2Error(`Dpop jwt contains ath value '${payload.ath}', but expected ath value '${expectedAth}'.`);
+		}
+		const jwkThumbprint = await calculateJwkThumbprint({
+			hashAlgorithm: HashAlgorithm.Sha256,
+			hashCallback: options.callbacks.hash,
+			jwk: header.jwk
+		});
+		if (options.expectedJwkThumbprint && options.expectedJwkThumbprint !== jwkThumbprint) throw new Oauth2Error(`Dpop is signed with jwk with thumbprint value '${jwkThumbprint}', but expect jwk thumbprint value '${options.expectedJwkThumbprint}'`);
+		await verifyJwt({
+			signer: {
+				alg: header.alg,
+				method: "jwk",
+				publicJwk: header.jwk
+			},
+			now: options.now,
+			header,
+			payload,
+			compact: options.dpopJwt,
+			verifyJwtCallback: options.callbacks.verifyJwt,
+			errorMessage: "dpop jwt verification failed"
+		});
+		return {
+			header,
+			payload,
+			jwkThumbprint
+		};
+	} catch (error) {
+		if (error instanceof Oauth2Error) throw new Oauth2ServerErrorResponseError({
+			error: Oauth2ErrorCodes.InvalidDpopProof,
+			error_description: error.message
+		});
+		throw error;
+	}
+}
+function htuFromRequestUrl(requestUrl) {
+	const htu = new __openid4vc_utils.URL(requestUrl);
+	htu.search = "";
+	htu.hash = "";
+	return htu.toString();
+}
+function extractDpopNonceFromHeaders(headers) {
+	return headers.get("DPoP-Nonce");
+}
+function extractDpopJwtFromHeaders(headers) {
+	const dpopJwt = headers.get("DPoP");
+	if (!dpopJwt) return { valid: true };
+	if (!zCompactJwt.safeParse(dpopJwt).success) return { valid: false };
+	return {
+		valid: true,
+		dpopJwt
+	};
+}
+//#endregion
+//#region src/authorization-request/parse-authorization-request.ts
+/**
+* Parse an authorization request.
+*
+* @throws {Oauth2ServerErrorResponseError}
+*/
+function parseAuthorizationRequest(options) {
+	const extractedDpopJwt = extractDpopJwtFromHeaders(options.request.headers);
+	if (!extractedDpopJwt.valid) throw new Oauth2ServerErrorResponseError({
+		error: Oauth2ErrorCodes.InvalidDpopProof,
+		error_description: `Request contains a 'DPoP' header, but the value is not a valid DPoP jwt`
+	});
+	const extractedClientAttestationJwts = extractClientAttestationJwtsFromHeaders(options.request.headers);
+	if (!extractedClientAttestationJwts.valid) throw new Oauth2ServerErrorResponseError({
+		error: Oauth2ErrorCodes.InvalidClient,
+		error_description: "Request contains client attestation header, but the values are not valid client attestation and client attestation PoP header."
+	});
+	return {
+		dpop: extractedDpopJwt.dpopJwt ? {
+			jwt: extractedDpopJwt.dpopJwt,
+			jwkThumbprint: options.authorizationRequest.dpop_jkt
+		} : options.authorizationRequest.dpop_jkt ? {
+			jwt: extractedDpopJwt.dpopJwt,
+			jwkThumbprint: options.authorizationRequest.dpop_jkt
+		} : void 0,
+		clientAttestation: extractedClientAttestationJwts.clientAttestationHeader ? {
+			clientAttestationJwt: extractedClientAttestationJwts.clientAttestationHeader,
+			clientAttestationPopJwt: extractedClientAttestationJwts.clientAttestationPopHeader
+		} : void 0
+	};
+}
+//#endregion
+//#region src/authorization-request/z-authorization-request.ts
+const zPushedAuthorizationRequestUriPrefix = zod.default.literal("urn:ietf:params:oauth:request_uri:");
+const pushedAuthorizationRequestUriPrefix = zPushedAuthorizationRequestUriPrefix.value;
+const zAuthorizationRequest = zod.default.object({
+	response_type: zod.default.string(),
+	client_id: zod.default.string(),
+	issuer_state: zod.default.optional(zod.default.string()),
+	redirect_uri: zod.default.url().optional(),
+	resource: zod.default.optional(__openid4vc_utils.zHttpsUrl),
+	scope: zod.default.optional(zod.default.string()),
+	state: zod.default.optional(zod.default.string()),
+	dpop_jkt: zod.default.optional(zod.default.base64url()),
+	code_challenge: zod.default.optional(zod.default.string()),
+	code_challenge_method: zod.default.optional(zod.default.string())
+}).loose();
+const zPushedAuthorizationRequest = zod.default.object({
+	request_uri: zod.default.string(),
+	client_id: zod.default.string()
+}).loose();
+const zPushedAuthorizationResponse = zod.default.object({
+	request_uri: zod.default.string(),
+	expires_in: zod.default.number().int()
+}).loose();
+//#endregion
+//#region src/authorization-request/parse-pushed-authorization-request.ts
+/**
+* Parse an pushed authorization request.
+*
+* @throws {Oauth2ServerErrorResponseError}
+*/
+function parsePushedAuthorizationRequest(options) {
+	const parsedAuthorizationRequest = zAuthorizationRequest.safeParse(options.authorizationRequest);
+	if (!parsedAuthorizationRequest.success) throw new Oauth2ServerErrorResponseError({
+		error: Oauth2ErrorCodes.InvalidRequest,
+		error_description: `Error occurred during validation of pushed authorization request.\n${(0, __openid4vc_utils.formatZodError)(parsedAuthorizationRequest.error)}`
+	});
+	const authorizationRequest = parsedAuthorizationRequest.data;
+	const { clientAttestation, dpop } = parseAuthorizationRequest({
+		authorizationRequest,
+		request: options.request
+	});
+	return {
+		authorizationRequest,
+		dpop,
+		clientAttestation
+	};
+}
+/**
+* Parse a pushed authorization request URI prefixed with `urn:ietf:params:oauth:request_uri:`
+* and returns the identifier, without the prefix.
+*
+* @throws {Oauth2ServerErrorResponseError}
+*/
+function parsePushedAuthorizationRequestUri(options) {
+	if (!options.uri.startsWith(pushedAuthorizationRequestUriPrefix)) throw new Oauth2ServerErrorResponseError({
+		error: Oauth2ErrorCodes.InvalidRequest,
+		error_description: `The 'request_uri' must start with the prefix "${pushedAuthorizationRequestUriPrefix}".`
+	});
+	return options.uri.substring(pushedAuthorizationRequestUriPrefix.length);
+}
+//#endregion
+//#region src/authorization-response/z-authorization-response.ts
+const zAuthorizationResponse = zod.default.object({
+	state: zod.default.string().optional(),
+	code: zod.default.string().nonempty(),
+	error: zod.default.optional(zod.default.never())
+}).loose();
+const zAuthorizationResponseFromUriParams = zod.default.url().transform((url) => Object.fromEntries(new __openid4vc_utils.URL(url).searchParams)).pipe(zAuthorizationResponse);
+const zAuthorizationErrorResponse = zod.default.object({
+	...zOauth2ErrorResponse.shape,
+	state: zod.default.string().optional(),
+	code: zod.default.optional(zod.default.never())
+}).loose();
+//#endregion
+//#region src/authorization-response/parse-authorization-response.ts
+/**
+* Parse an authorization response redirect URL.
+*
+* @throws {Oauth2ServerErrorResponseError}
+*/
+function parseAuthorizationResponseRedirectUrl(options) {
+	const searchParams = Object.fromEntries(new __openid4vc_utils.URL(options.url).searchParams);
+	const parsedAuthorizationResponse = zod.default.union([zAuthorizationErrorResponse, zAuthorizationResponse]).safeParse(searchParams);
+	if (!parsedAuthorizationResponse.success) throw new Oauth2ServerErrorResponseError({
+		error: Oauth2ErrorCodes.InvalidRequest,
+		error_description: `Error occurred during validation of authorization response redirect URL.\n${(0, __openid4vc_utils.formatZodError)(parsedAuthorizationResponse.error)}`
+	});
+	return parsedAuthorizationResponse.data;
+}
 //#endregion
 //#region src/z-grant-type.ts
 const zPreAuthorizedCodeGrantIdentifier = zod.default.literal("urn:ietf:params:oauth:grant-type:pre-authorized_code");
@@ -1120,121 +1362,6 @@ async function createAccessTokenResponse(options) {
 	});
 }
-//#endregion
-//#region src/dpop/z-dpop.ts
-const zDpopJwtPayload = zod.default.object({
-	...zJwtPayload.shape,
-	iat: __openid4vc_utils.zInteger,
-	htu: __openid4vc_utils.zHttpsUrl,
-	htm: __openid4vc_utils.zHttpMethod,
-	jti: zod.default.string(),
-	ath: zod.default.optional(zod.default.string())
-}).loose();
-const zDpopJwtHeader = zod.default.object({
-	...zJwtHeader.shape,
-	typ: zod.default.literal("dpop+jwt"),
-	jwk: zJwk
-}).loose();
-//#endregion
-//#region src/dpop/dpop.ts
-async function createDpopHeadersForRequest(options) {
-	return { DPoP: await createDpopJwt(options) };
-}
-async function createDpopJwt(options) {
-	let ath;
-	if (options.accessToken) ath = (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.hash((0, __openid4vc_utils.decodeUtf8String)(options.accessToken), HashAlgorithm.Sha256));
-	const header = (0, __openid4vc_utils.parseWithErrorHandling)(zDpopJwtHeader, {
-		typ: "dpop+jwt",
-		jwk: options.signer.publicJwk,
-		alg: options.signer.alg
-	});
-	const payload = (0, __openid4vc_utils.parseWithErrorHandling)(zDpopJwtPayload, {
-		htu: htuFromRequestUrl(options.request.url),
-		iat: (0, __openid4vc_utils.dateToSeconds)(options.issuedAt),
-		htm: options.request.method,
-		jti: (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.generateRandom(32)),
-		ath,
-		nonce: options.nonce,
-		...options.additionalPayload
-	});
-	const { jwt } = await options.callbacks.signJwt(options.signer, {
-		header,
-		payload
-	});
-	return jwt;
-}
-async function verifyDpopJwt(options) {
-	try {
-		const { header, payload } = decodeJwt({
-			jwt: options.dpopJwt,
-			headerSchema: zDpopJwtHeader,
-			payloadSchema: zDpopJwtPayload
-		});
-		if (options.allowedSigningAlgs && !options.allowedSigningAlgs.includes(header.alg)) throw new Oauth2Error(`dpop jwt uses alg value '${header.alg}' but allowed dpop signging alg values are ${options.allowedSigningAlgs.join(", ")}.`);
-		if (options.expectedNonce) {
-			if (!payload.nonce) throw new Oauth2Error(`Dpop jwt does not have a nonce value, but expected nonce value '${options.expectedNonce}'`);
-			if (payload.nonce !== options.expectedNonce) throw new Oauth2Error(`Dpop jwt contains nonce value '${payload.nonce}', but expected nonce value '${options.expectedNonce}'`);
-		}
-		if (options.request.method !== payload.htm) throw new Oauth2Error(`Dpop jwt contains htm value '${payload.htm}', but expected htm value '${options.request.method}'`);
-		const expectedHtu = htuFromRequestUrl(options.request.url);
-		if (expectedHtu !== payload.htu) throw new Oauth2Error(`Dpop jwt contains htu value '${payload.htu}', but expected htu value '${expectedHtu}'.`);
-		if (options.accessToken) {
-			const expectedAth = (0, __openid4vc_utils.encodeToBase64Url)(await options.callbacks.hash((0, __openid4vc_utils.decodeUtf8String)(options.accessToken), HashAlgorithm.Sha256));
-			if (!payload.ath) throw new Oauth2Error(`Dpop jwt does not have a ath value, but expected ath value '${expectedAth}'.`);
-			if (payload.ath !== expectedAth) throw new Oauth2Error(`Dpop jwt contains ath value '${payload.ath}', but expected ath value '${expectedAth}'.`);
-		}
-		const jwkThumbprint = await calculateJwkThumbprint({
-			hashAlgorithm: HashAlgorithm.Sha256,
-			hashCallback: options.callbacks.hash,
-			jwk: header.jwk
-		});
-		if (options.expectedJwkThumbprint && options.expectedJwkThumbprint !== jwkThumbprint) throw new Oauth2Error(`Dpop is signed with jwk with thumbprint value '${jwkThumbprint}', but expect jwk thumbprint value '${options.expectedJwkThumbprint}'`);
-		await verifyJwt({
-			signer: {
-				alg: header.alg,
-				method: "jwk",
-				publicJwk: header.jwk
-			},
-			now: options.now,
-			header,
-			payload,
-			compact: options.dpopJwt,
-			verifyJwtCallback: options.callbacks.verifyJwt,
-			errorMessage: "dpop jwt verification failed"
-		});
-		return {
-			header,
-			payload,
-			jwkThumbprint
-		};
-	} catch (error) {
-		if (error instanceof Oauth2Error) throw new Oauth2ServerErrorResponseError({
-			error: Oauth2ErrorCodes.InvalidDpopProof,
-			error_description: error.message
-		});
-		throw error;
-	}
-}
-function htuFromRequestUrl(requestUrl) {
-	const htu = new __openid4vc_utils.URL(requestUrl);
-	htu.search = "";
-	htu.hash = "";
-	return htu.toString();
-}
-function extractDpopNonceFromHeaders(headers) {
-	return headers.get("DPoP-Nonce");
-}
-function extractDpopJwtFromHeaders(headers) {
-	const dpopJwt = headers.get("DPoP");
-	if (!dpopJwt) return { valid: true };
-	if (!zCompactJwt.safeParse(dpopJwt).success) return { valid: false };
-	return {
-		valid: true,
-		dpopJwt
-	};
-}
 //#endregion
 //#region src/access-token/parse-access-token-request.ts
 /**
@@ -1490,29 +1617,6 @@ async function verifyAccessTokenRequestPkce(options, callbacks) {
 	}
 }
-//#endregion
-//#region src/authorization-request/z-authorization-request.ts
-const zAuthorizationRequest = zod.default.object({
-	response_type: zod.default.string(),
-	client_id: zod.default.string(),
-	issuer_state: zod.default.optional(zod.default.string()),
-	redirect_uri: zod.default.url().optional(),
-	resource: zod.default.optional(__openid4vc_utils.zHttpsUrl),
-	scope: zod.default.optional(zod.default.string()),
-	state: zod.default.optional(zod.default.string()),
-	dpop_jkt: zod.default.optional(zod.default.base64url()),
-	code_challenge: zod.default.optional(zod.default.string()),
-	code_challenge_method: zod.default.optional(zod.default.string())
-}).loose();
-const zPushedAuthorizationRequest = zod.default.object({
-	request_uri: zod.default.string(),
-	client_id: zod.default.string()
-}).loose();
-const zPushedAuthorizationResponse = zod.default.object({
-	request_uri: zod.default.string(),
-	expires_in: zod.default.number().int()
-}).loose();
 //#endregion
 //#region src/authorization-challenge/z-authorization-challenge.ts
 const zAuthorizationChallengeRequest = zod.default.object({
@@ -1563,39 +1667,6 @@ function createAuthorizationChallengeErrorResponse(options) {
 	});
 }
-//#endregion
-//#region src/authorization-request/parse-authorization-request.ts
-/**
-* Parse an authorization request.
-*
-* @throws {Oauth2ServerErrorResponseError}
-*/
-function parseAuthorizationRequest(options) {
-	const extractedDpopJwt = extractDpopJwtFromHeaders(options.request.headers);
-	if (!extractedDpopJwt.valid) throw new Oauth2ServerErrorResponseError({
-		error: Oauth2ErrorCodes.InvalidDpopProof,
-		error_description: `Request contains a 'DPoP' header, but the value is not a valid DPoP jwt`
-	});
-	const extractedClientAttestationJwts = extractClientAttestationJwtsFromHeaders(options.request.headers);
-	if (!extractedClientAttestationJwts.valid) throw new Oauth2ServerErrorResponseError({
-		error: Oauth2ErrorCodes.InvalidClient,
-		error_description: "Request contains client attestation header, but the values are not valid client attestation and client attestation PoP header."
-	});
-	return {
-		dpop: extractedDpopJwt.dpopJwt ? {
-			jwt: extractedDpopJwt.dpopJwt,
-			jwkThumbprint: options.authorizationRequest.dpop_jkt
-		} : options.authorizationRequest.dpop_jkt ? {
-			jwt: extractedDpopJwt.dpopJwt,
-			jwkThumbprint: options.authorizationRequest.dpop_jkt
-		} : void 0,
-		clientAttestation: extractedClientAttestationJwts.clientAttestationHeader ? {
-			clientAttestationJwt: extractedClientAttestationJwts.clientAttestationHeader,
-			clientAttestationPopJwt: extractedClientAttestationJwts.clientAttestationPopHeader
-		} : void 0
-	};
-}
 //#endregion
 //#region src/authorization-challenge/parse-authorization-challenge-request.ts
 /**
@@ -1727,31 +1798,6 @@ function createPushedAuthorizationErrorResponse(options) {
 	});
 }
-//#endregion
-//#region src/authorization-request/parse-pushed-authorization-request.ts
-/**
-* Parse an pushed authorization request.
-*
-* @throws {Oauth2ServerErrorResponseError}
-*/
-function parsePushedAuthorizationRequest(options) {
-	const parsedAuthorizationRequest = zAuthorizationRequest.safeParse(options.authorizationRequest);
-	if (!parsedAuthorizationRequest.success) throw new Oauth2ServerErrorResponseError({
-		error: Oauth2ErrorCodes.InvalidRequest,
-		error_description: `Error occurred during validation of pushed authorization request.\n${(0, __openid4vc_utils.formatZodError)(parsedAuthorizationRequest.error)}`
-	});
-	const authorizationRequest = parsedAuthorizationRequest.data;
-	const { clientAttestation, dpop } = parseAuthorizationRequest({
-		authorizationRequest,
-		request: options.request
-	});
-	return {
-		authorizationRequest,
-		dpop,
-		clientAttestation
-	};
-}
 //#endregion
 //#region src/authorization-request/verify-pushed-authorization-request.ts
 async function verifyPushedAuthorizationRequest(options) {
@@ -2614,7 +2660,10 @@ Object.defineProperty(exports, 'getGlobalConfig', {
 exports.isJwkInSet = isJwkInSet;
 exports.jwtHeaderFromJwtSigner = jwtHeaderFromJwtSigner;
 exports.jwtSignerFromJwt = jwtSignerFromJwt;
+exports.parseAuthorizationResponseRedirectUrl = parseAuthorizationResponseRedirectUrl;
+exports.parsePushedAuthorizationRequestUri = parsePushedAuthorizationRequestUri;
 exports.preAuthorizedCodeGrantIdentifier = preAuthorizedCodeGrantIdentifier;
+exports.pushedAuthorizationRequestUriPrefix = pushedAuthorizationRequestUriPrefix;
 exports.refreshTokenGrantIdentifier = refreshTokenGrantIdentifier;
 exports.resourceRequest = resourceRequest;
 Object.defineProperty(exports, 'setGlobalConfig', {
@@ -2629,6 +2678,9 @@ exports.verifyJwt = verifyJwt;
 exports.verifyResourceRequest = verifyResourceRequest;
 exports.zAlgValueNotNone = zAlgValueNotNone;
 exports.zAuthorizationCodeGrantIdentifier = zAuthorizationCodeGrantIdentifier;
+exports.zAuthorizationErrorResponse = zAuthorizationErrorResponse;
+exports.zAuthorizationResponse = zAuthorizationResponse;
+exports.zAuthorizationResponseFromUriParams = zAuthorizationResponseFromUriParams;
 exports.zAuthorizationServerMetadata = zAuthorizationServerMetadata;
 exports.zCompactJwe = zCompactJwe;
 exports.zCompactJwt = zCompactJwt;
@@ -2640,5 +2692,6 @@ exports.zJwtHeader = zJwtHeader;
 exports.zJwtPayload = zJwtPayload;
 exports.zOauth2ErrorResponse = zOauth2ErrorResponse;
 exports.zPreAuthorizedCodeGrantIdentifier = zPreAuthorizedCodeGrantIdentifier;
+exports.zPushedAuthorizationRequestUriPrefix = zPushedAuthorizationRequestUriPrefix;
 exports.zRefreshTokenGrantIdentifier = zRefreshTokenGrantIdentifier;
 //# sourceMappingURL=index.js.map