@openid4vc/oauth2 0.3.0-alpha-20251107130226 → 0.3.0-alpha-20251110114129

package/dist/index.d.mts

@@ -1651,9 +1651,15 @@ type AuthorizationRequest = z$1.infer<typeof zAuthorizationRequest>;
 interface ParsePushedAuthorizationRequestOptions {
   request: RequestLike;
   authorizationRequest: unknown;
+  callbacks: Pick<CallbackContext, 'fetch'>;
 }
 interface ParsePushedAuthorizationRequestResult extends ParseAuthorizationRequestResult {
   authorizationRequest: AuthorizationRequest;
+  /**
+   * The JWT-secured request object, if the request was pushed as a JAR.
+   * May be undefined if the request object is not a JAR.
+   */
+  authorizationRequestJwt?: string;
 }
 interface ParsePushedAuthorizationRequestUriReferenceValueOptions {
   uri: string;
@@ -1666,72 +1672,6 @@ interface ParsePushedAuthorizationRequestUriReferenceValueOptions {
  */
 declare function parsePushedAuthorizationRequestUriReferenceValue(options: ParsePushedAuthorizationRequestUriReferenceValueOptions): string;
 //#endregion
-//#region src/authorization-request/verify-pushed-authorization-request.d.ts
-type VerifyPushedAuthorizationRequestReturn = VerifyAuthorizationRequestReturn;
-interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationRequestOptions {
-  authorizationRequest: AuthorizationRequest;
-}
-//#endregion
-//#region src/authorization-response/z-authorization-response.d.ts
-declare const zAuthorizationResponse: z$1.ZodObject<{
-  state: z$1.ZodOptional<z$1.ZodString>;
-  code: z$1.ZodString;
-  error: z$1.ZodOptional<z$1.ZodNever>;
-}, z$1.core.$loose>;
-declare const zAuthorizationResponseFromUriParams: z$1.ZodPipe<z$1.ZodPipe<z$1.ZodURL, z$1.ZodTransform<unknown, string>>, z$1.ZodObject<{
-  state: z$1.ZodOptional<z$1.ZodString>;
-  code: z$1.ZodString;
-  error: z$1.ZodOptional<z$1.ZodNever>;
-}, z$1.core.$loose>>;
-type AuthorizationResponse = z$1.infer<typeof zAuthorizationResponse>;
-declare const zAuthorizationErrorResponse: z$1.ZodObject<{
-  state: z$1.ZodOptional<z$1.ZodString>;
-  code: z$1.ZodOptional<z$1.ZodNever>;
-  error: z$1.ZodUnion<readonly [z$1.ZodEnum<typeof Oauth2ErrorCodes>, z$1.ZodString]>;
-  error_description: z$1.ZodOptional<z$1.ZodString>;
-  error_uri: z$1.ZodOptional<z$1.ZodString>;
-}, z$1.core.$loose>;
-type AuthorizationErrorResponse = z$1.infer<typeof zAuthorizationErrorResponse>;
-//#endregion
-//#region src/authorization-response/parse-authorization-response.d.ts
-interface ParseAuthorizationRequestOptions {
-  url: string;
-}
-/**
- * Parse an authorization response redirect URL.
- *
- * @throws {Oauth2ServerErrorResponseError}
- */
-declare function parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationRequestOptions): AuthorizationResponse | AuthorizationErrorResponse;
-//#endregion
-//#region src/common/jwk/jwk-thumbprint.d.ts
-interface CalculateJwkThumbprintOptions {
-  /**
-   * The jwk to calcualte the thumbprint for.
-   */
-  jwk: Jwk;
-  /**
-   * The hashing algorithm to use for calculating the thumbprint
-   */
-  hashAlgorithm: HashAlgorithm;
-  /**
-   * The hash callback to calculate the digest
-   */
-  hashCallback: HashCallback;
-}
-declare function calculateJwkThumbprint(options: CalculateJwkThumbprintOptions): Promise<string>;
-//#endregion
-//#region src/common/jwk/jwks.d.ts
-declare function isJwkInSet({
-  jwk,
-  jwks,
-  callbacks
-}: {
-  jwk: Jwk;
-  jwks: Jwk[];
-  callbacks: Pick<CallbackContext, 'hash'>;
-}): Promise<boolean>;
-//#endregion
 //#region src/common/jwt/decode-jwt.d.ts
 interface DecodeJwtOptions<HeaderSchema extends BaseSchema | undefined, PayloadSchema extends BaseSchema | undefined> {
   /**
@@ -1827,6 +1767,158 @@ declare function jwtSignerFromJwt({
 type IsSchemaProvided<T> = T extends undefined ? false : true;
 type InferSchemaOrDefaultOutput<ProvidedSchema extends BaseSchema | undefined, DefaultSchema extends BaseSchema> = IsSchemaProvided<ProvidedSchema> extends true ? ProvidedSchema extends BaseSchema ? z$1.infer<ProvidedSchema> : never : z$1.infer<DefaultSchema>;
 //#endregion
+//#region src/jar/z-jar-authorization-request.d.ts
+declare const zJarAuthorizationRequest: z.ZodObject<{
+  request: z.ZodOptional<z.ZodString>;
+  request_uri: z.ZodOptional<z.ZodString>;
+  client_id: z.ZodOptional<z.ZodString>;
+}, z.core.$loose>;
+type JarAuthorizationRequest = z.infer<typeof zJarAuthorizationRequest>;
+declare function validateJarRequestParams(options: {
+  jarRequestParams: JarAuthorizationRequest;
+}): JarAuthorizationRequest & ({
+  request_uri: string;
+  request?: never;
+} | {
+  request: string;
+  request_uri?: never;
+});
+//#endregion
+//#region src/jar/z-jar-request-object.d.ts
+declare const zJarRequestObjectPayload: z.ZodObject<{
+  client_id: z.ZodString;
+  iss: z.ZodOptional<z.ZodString>;
+  aud: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+  iat: z.ZodOptional<z.ZodNumber>;
+  exp: z.ZodOptional<z.ZodNumber>;
+  nbf: z.ZodOptional<z.ZodNumber>;
+  nonce: z.ZodOptional<z.ZodString>;
+  jti: z.ZodOptional<z.ZodString>;
+  sub: z.ZodOptional<z.ZodString>;
+  cnf: z.ZodOptional<z.ZodObject<{
+    jwk: z.ZodOptional<z.ZodObject<{
+      kty: z.ZodString;
+      crv: z.ZodOptional<z.ZodString>;
+      x: z.ZodOptional<z.ZodString>;
+      y: z.ZodOptional<z.ZodString>;
+      e: z.ZodOptional<z.ZodString>;
+      n: z.ZodOptional<z.ZodString>;
+      alg: z.ZodOptional<z.ZodString>;
+      d: z.ZodOptional<z.ZodString>;
+      dp: z.ZodOptional<z.ZodString>;
+      dq: z.ZodOptional<z.ZodString>;
+      ext: z.ZodOptional<z.ZodBoolean>;
+      k: z.ZodOptional<z.ZodString>;
+      key_ops: z.ZodOptional<z.ZodArray<z.ZodString>>;
+      kid: z.ZodOptional<z.ZodString>;
+      oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        d: z.ZodOptional<z.ZodString>;
+        r: z.ZodOptional<z.ZodString>;
+        t: z.ZodOptional<z.ZodString>;
+      }, z.core.$loose>>>;
+      p: z.ZodOptional<z.ZodString>;
+      q: z.ZodOptional<z.ZodString>;
+      qi: z.ZodOptional<z.ZodString>;
+      use: z.ZodOptional<z.ZodString>;
+      x5c: z.ZodOptional<z.ZodArray<z.ZodString>>;
+      x5t: z.ZodOptional<z.ZodString>;
+      'x5t#S256': z.ZodOptional<z.ZodString>;
+      x5u: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>;
+    jkt: z.ZodOptional<z.ZodString>;
+  }, z.core.$loose>>;
+  status: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+  trust_chain: z.ZodOptional<z.ZodTuple<[z.ZodString], z.ZodString>>;
+}, z.core.$loose>;
+type JarRequestObjectPayload = z.infer<typeof zJarRequestObjectPayload>;
+declare const signedAuthorizationRequestJwtHeaderTyp: "oauth-authz-req+jwt";
+declare const jwtAuthorizationRequestJwtHeaderTyp: "jwt";
+//#endregion
+//#region src/jar/handle-jar-request/verify-jar-request.d.ts
+interface VerifiedJarRequest {
+  authorizationRequestPayload: JarRequestObjectPayload;
+  signer: JwtSignerWithJwk;
+  jwt: ReturnType<typeof decodeJwt<undefined, typeof zJarRequestObjectPayload>>;
+}
+//#endregion
+//#region src/authorization-request/verify-pushed-authorization-request.d.ts
+interface VerifyPushedAuthorizationRequestReturn extends VerifyAuthorizationRequestReturn {
+  /**
+   * The verified JAR request, if `authorizationRequestJwt` was provided
+   */
+  jar?: VerifiedJarRequest;
+}
+interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationRequestOptions {
+  /**
+   * The authorization request JWT to verify. If this value was returned from `parsePushedAuthorizationRequest`
+   * you MUST provide this value to ensure the JWT is verified.
+   */
+  authorizationRequestJwt?: {
+    jwt: string;
+    signer: JwtSigner;
+  };
+}
+//#endregion
+//#region src/authorization-response/z-authorization-response.d.ts
+declare const zAuthorizationResponse: z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodString;
+  error: z$1.ZodOptional<z$1.ZodNever>;
+}, z$1.core.$loose>;
+declare const zAuthorizationResponseFromUriParams: z$1.ZodPipe<z$1.ZodPipe<z$1.ZodURL, z$1.ZodTransform<unknown, string>>, z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodString;
+  error: z$1.ZodOptional<z$1.ZodNever>;
+}, z$1.core.$loose>>;
+type AuthorizationResponse = z$1.infer<typeof zAuthorizationResponse>;
+declare const zAuthorizationErrorResponse: z$1.ZodObject<{
+  state: z$1.ZodOptional<z$1.ZodString>;
+  code: z$1.ZodOptional<z$1.ZodNever>;
+  error: z$1.ZodUnion<readonly [z$1.ZodEnum<typeof Oauth2ErrorCodes>, z$1.ZodString]>;
+  error_description: z$1.ZodOptional<z$1.ZodString>;
+  error_uri: z$1.ZodOptional<z$1.ZodString>;
+}, z$1.core.$loose>;
+type AuthorizationErrorResponse = z$1.infer<typeof zAuthorizationErrorResponse>;
+//#endregion
+//#region src/authorization-response/parse-authorization-response.d.ts
+interface ParseAuthorizationRequestOptions {
+  url: string;
+}
+/**
+ * Parse an authorization response redirect URL.
+ *
+ * @throws {Oauth2ServerErrorResponseError}
+ */
+declare function parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationRequestOptions): AuthorizationResponse | AuthorizationErrorResponse;
+//#endregion
+//#region src/common/jwk/jwk-thumbprint.d.ts
+interface CalculateJwkThumbprintOptions {
+  /**
+   * The jwk to calcualte the thumbprint for.
+   */
+  jwk: Jwk;
+  /**
+   * The hashing algorithm to use for calculating the thumbprint
+   */
+  hashAlgorithm: HashAlgorithm;
+  /**
+   * The hash callback to calculate the digest
+   */
+  hashCallback: HashCallback;
+}
+declare function calculateJwkThumbprint(options: CalculateJwkThumbprintOptions): Promise<string>;
+//#endregion
+//#region src/common/jwk/jwks.d.ts
+declare function isJwkInSet({
+  jwk,
+  jwks,
+  callbacks
+}: {
+  jwk: Jwk;
+  jwks: Jwk[];
+  callbacks: Pick<CallbackContext, 'hash'>;
+}): Promise<boolean>;
+//#endregion
 //#region src/common/jwt/decode-jwt-header.d.ts
 interface DecodeJwtHeaderOptions<HeaderSchema extends BaseSchema | undefined> {
   /**
@@ -2257,6 +2349,108 @@ declare const zIdTokenJwtPayload: z$1.ZodObject<{
 }, z$1.core.$loose>;
 type IdTokenJwtPayload = z$1.infer<typeof zIdTokenJwtPayload>;
 //#endregion
+//#region src/jar/create-jar-authorization-request.d.ts
+interface CreateJarAuthorizationRequestOptions {
+  authorizationRequestPayload: JwtPayload & {
+    client_id?: string;
+  };
+  requestUri?: string;
+  jwtSigner: JwtSigner;
+  jweEncryptor?: JweEncryptor;
+  callbacks: Pick<CallbackContext, 'signJwt' | 'encryptJwe'>;
+  /**
+   * Number of seconds after which the signed authorization request will expire
+   */
+  expiresInSeconds: number;
+  /**
+   * Date that should be used as now. If not provided current date will be used.
+   */
+  now?: Date;
+  additionalJwtPayload?: Record<string, unknown>;
+}
+/**
+ * Creates a JAR (JWT Authorization Request) request object.
+ *
+ * @param options - The input parameters
+ * @param options.authorizationRequestPayload - The authorization request parameters
+ * @param options.jwtSigner - The JWT signer
+ * @param options.jweEncryptor - The JWE encryptor (optional) if provided, the request object will be encrypted
+ * @param options.requestUri - The request URI (optional) if provided, the request object needs to be fetched from the URI
+ * @param options.callbacks - The callback context
+ * @returns the requestParams, signerJwk, encryptionJwk, and requestObjectJwt
+ */
+declare function createJarAuthorizationRequest(options: CreateJarAuthorizationRequestOptions): Promise<{
+  jarAuthorizationRequest: {
+    [x: string]: unknown;
+    request?: string | undefined;
+    request_uri?: string | undefined;
+    client_id?: string | undefined;
+  };
+  signerJwk: {
+    [x: string]: unknown;
+    kty: string;
+    crv?: string | undefined;
+    x?: string | undefined;
+    y?: string | undefined;
+    e?: string | undefined;
+    n?: string | undefined;
+    alg?: string | undefined;
+    d?: string | undefined;
+    dp?: string | undefined;
+    dq?: string | undefined;
+    ext?: boolean | undefined;
+    k?: string | undefined;
+    key_ops?: string[] | undefined;
+    kid?: string | undefined;
+    oth?: {
+      [x: string]: unknown;
+      d?: string | undefined;
+      r?: string | undefined;
+      t?: string | undefined;
+    }[] | undefined;
+    p?: string | undefined;
+    q?: string | undefined;
+    qi?: string | undefined;
+    use?: string | undefined;
+    x5c?: string[] | undefined;
+    x5t?: string | undefined;
+    'x5t#S256'?: string | undefined;
+    x5u?: string | undefined;
+  };
+  encryptionJwk: {
+    [x: string]: unknown;
+    kty: string;
+    crv?: string | undefined;
+    x?: string | undefined;
+    y?: string | undefined;
+    e?: string | undefined;
+    n?: string | undefined;
+    alg?: string | undefined;
+    d?: string | undefined;
+    dp?: string | undefined;
+    dq?: string | undefined;
+    ext?: boolean | undefined;
+    k?: string | undefined;
+    key_ops?: string[] | undefined;
+    kid?: string | undefined;
+    oth?: {
+      [x: string]: unknown;
+      d?: string | undefined;
+      r?: string | undefined;
+      t?: string | undefined;
+    }[] | undefined;
+    p?: string | undefined;
+    q?: string | undefined;
+    qi?: string | undefined;
+    use?: string | undefined;
+    x5c?: string[] | undefined;
+    x5t?: string | undefined;
+    'x5t#S256'?: string | undefined;
+    x5u?: string | undefined;
+  } | undefined;
+  authorizationRequestJwt: string;
+}>;
+//#endregion
 //#region src/metadata/authorization-server/authorization-server-metadata.d.ts
 /**
  * fetch authorization server metadata. It first tries to fetch the oauth-authorization-server metadata. If that returns
@@ -2529,8 +2723,13 @@ declare class Oauth2AuthorizationServer {
   /**
    * Parse a pushed authorization request
    */
-  parsePushedAuthorizationRequest(options: ParsePushedAuthorizationRequestOptions): ParsePushedAuthorizationRequestResult;
-  verifyPushedAuthorizationRequest(options: Omit<VerifyPushedAuthorizationRequestOptions, 'callbacks'>): Promise<VerifyAuthorizationRequestReturn>;
+  parsePushedAuthorizationRequest(options: ParsePushedAuthorizationRequestOptions): Promise<ParsePushedAuthorizationRequestResult>;
+  /**
+   * Verify pushed authorization request.
+   *
+   * Make sure to provide the `authorizationRequestJwt` if this was returned in the `parsePushedAuthorizationRequest`
+   */
+  verifyPushedAuthorizationRequest(options: Omit<VerifyPushedAuthorizationRequestOptions, 'callbacks'>): Promise<VerifyPushedAuthorizationRequestReturn>;
   createPushedAuthorizationResponse(options: CreatePushedAuthorizationResponseOptions): {
     pushedAuthorizationResponse: {
       [x: string]: unknown;
@@ -3385,5 +3584,5 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
   authorizationServer: string;
 }>;
 //#endregion
-export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationRequestOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
+export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationRequestOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
 //# sourceMappingURL=index.d.mts.map