@openid4vc/oauth2 0.4.4-alpha-20260105092906 → 0.4.4-alpha-20260106132628
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +52 -4
- package/dist/index.mjs +571 -3
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -31,6 +31,7 @@ declare const zAuthorizationServerMetadata: z$1.ZodObject<{
|
|
|
31
31
|
authorization_challenge_endpoint: z$1.ZodOptional<z$1.ZodURL>;
|
|
32
32
|
'pre-authorized_grant_anonymous_access_supported': z$1.ZodOptional<z$1.ZodBoolean>;
|
|
33
33
|
client_attestation_pop_nonce_required: z$1.ZodOptional<z$1.ZodBoolean>;
|
|
34
|
+
authorization_response_iss_parameter_supported: z$1.ZodOptional<z$1.ZodBoolean>;
|
|
34
35
|
}, z$1.core.$loose>;
|
|
35
36
|
type AuthorizationServerMetadata = z$1.infer<typeof zAuthorizationServerMetadata>;
|
|
36
37
|
//#endregion
|
|
@@ -1427,9 +1428,9 @@ declare const zAuthorizationChallengeRequest: z$1.ZodObject<{
|
|
|
1427
1428
|
client_id: z$1.ZodOptional<z$1.ZodString>;
|
|
1428
1429
|
auth_session: z$1.ZodOptional<z$1.ZodString>;
|
|
1429
1430
|
presentation_during_issuance_session: z$1.ZodOptional<z$1.ZodString>;
|
|
1430
|
-
scope: z$1.ZodOptional<z$1.ZodString>;
|
|
1431
1431
|
redirect_uri: z$1.ZodOptional<z$1.ZodURL>;
|
|
1432
1432
|
resource: z$1.ZodOptional<z$1.ZodURL>;
|
|
1433
|
+
scope: z$1.ZodOptional<z$1.ZodString>;
|
|
1433
1434
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1434
1435
|
issuer_state: z$1.ZodOptional<z$1.ZodString>;
|
|
1435
1436
|
dpop_jkt: z$1.ZodOptional<z$1.ZodBase64URL>;
|
|
@@ -1863,16 +1864,19 @@ interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationReq
|
|
|
1863
1864
|
declare const zAuthorizationResponse: z$1.ZodObject<{
|
|
1864
1865
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1865
1866
|
code: z$1.ZodString;
|
|
1867
|
+
iss: z$1.ZodOptional<z$1.ZodURL>;
|
|
1866
1868
|
error: z$1.ZodOptional<z$1.ZodNever>;
|
|
1867
1869
|
}, z$1.core.$loose>;
|
|
1868
1870
|
declare const zAuthorizationResponseFromUriParams: z$1.ZodPipe<z$1.ZodPipe<z$1.ZodURL, z$1.ZodTransform<unknown, string>>, z$1.ZodObject<{
|
|
1869
1871
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1870
1872
|
code: z$1.ZodString;
|
|
1873
|
+
iss: z$1.ZodOptional<z$1.ZodURL>;
|
|
1871
1874
|
error: z$1.ZodOptional<z$1.ZodNever>;
|
|
1872
1875
|
}, z$1.core.$loose>>;
|
|
1873
1876
|
type AuthorizationResponse = z$1.infer<typeof zAuthorizationResponse>;
|
|
1874
1877
|
declare const zAuthorizationErrorResponse: z$1.ZodObject<{
|
|
1875
1878
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1879
|
+
iss: z$1.ZodOptional<z$1.ZodURL>;
|
|
1876
1880
|
code: z$1.ZodOptional<z$1.ZodNever>;
|
|
1877
1881
|
error: z$1.ZodUnion<readonly [z$1.ZodEnum<typeof Oauth2ErrorCodes>, z$1.ZodString]>;
|
|
1878
1882
|
error_description: z$1.ZodOptional<z$1.ZodString>;
|
|
@@ -1881,7 +1885,7 @@ declare const zAuthorizationErrorResponse: z$1.ZodObject<{
|
|
|
1881
1885
|
type AuthorizationErrorResponse = z$1.infer<typeof zAuthorizationErrorResponse>;
|
|
1882
1886
|
//#endregion
|
|
1883
1887
|
//#region src/authorization-response/parse-authorization-response.d.ts
|
|
1884
|
-
interface
|
|
1888
|
+
interface ParseAuthorizationResponseOptions {
|
|
1885
1889
|
url: string;
|
|
1886
1890
|
}
|
|
1887
1891
|
/**
|
|
@@ -1889,7 +1893,26 @@ interface ParseAuthorizationRequestOptions {
|
|
|
1889
1893
|
*
|
|
1890
1894
|
* @throws {Oauth2ServerErrorResponseError}
|
|
1891
1895
|
*/
|
|
1892
|
-
declare function parseAuthorizationResponseRedirectUrl(options:
|
|
1896
|
+
declare function parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationResponseOptions): AuthorizationResponse | AuthorizationErrorResponse;
|
|
1897
|
+
//#endregion
|
|
1898
|
+
//#region src/authorization-response/verify-authorization-response.d.ts
|
|
1899
|
+
interface VerifyAuthorizationResponseOptions {
|
|
1900
|
+
authorizationServerMetadata: AuthorizationServerMetadata;
|
|
1901
|
+
authorizationResponse: AuthorizationResponse | AuthorizationErrorResponse;
|
|
1902
|
+
}
|
|
1903
|
+
/**
|
|
1904
|
+
* Verifies an authorization (error) response.
|
|
1905
|
+
*
|
|
1906
|
+
* Currently it only verifies that the 'iss' value in an authorization (error) response matches the 'issuer' value of the authorization server metadata
|
|
1907
|
+
* according to RFC 9207.
|
|
1908
|
+
*
|
|
1909
|
+
* You can call this method after calling `parseAuthorizationResponse` and having fetched the associated session/authorization server
|
|
1910
|
+
* for the authorization response, to be able to verify the issuer
|
|
1911
|
+
*/
|
|
1912
|
+
declare function verifyAuthorizationResponse({
|
|
1913
|
+
authorizationResponse,
|
|
1914
|
+
authorizationServerMetadata
|
|
1915
|
+
}: VerifyAuthorizationResponseOptions): void;
|
|
1893
1916
|
//#endregion
|
|
1894
1917
|
//#region src/common/algorithm/algorithm-transform.d.ts
|
|
1895
1918
|
/**
|
|
@@ -2592,6 +2615,7 @@ declare function getAuthorizationServerMetadataFromList(authorizationServersMeta
|
|
|
2592
2615
|
authorization_challenge_endpoint?: string | undefined;
|
|
2593
2616
|
'pre-authorized_grant_anonymous_access_supported'?: boolean | undefined;
|
|
2594
2617
|
client_attestation_pop_nonce_required?: boolean | undefined;
|
|
2618
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
2595
2619
|
};
|
|
2596
2620
|
//#endregion
|
|
2597
2621
|
//#region src/metadata/fetch-jwks-uri.d.ts
|
|
@@ -2797,6 +2821,7 @@ declare class Oauth2AuthorizationServer {
|
|
|
2797
2821
|
authorization_challenge_endpoint?: string | undefined;
|
|
2798
2822
|
'pre-authorized_grant_anonymous_access_supported'?: boolean | undefined;
|
|
2799
2823
|
client_attestation_pop_nonce_required?: boolean | undefined;
|
|
2824
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
2800
2825
|
};
|
|
2801
2826
|
/**
|
|
2802
2827
|
* Parse access token request and extract the grant specific properties.
|
|
@@ -3320,6 +3345,7 @@ declare class Oauth2Client {
|
|
|
3320
3345
|
authorization_challenge_endpoint?: string | undefined;
|
|
3321
3346
|
'pre-authorized_grant_anonymous_access_supported'?: boolean | undefined;
|
|
3322
3347
|
client_attestation_pop_nonce_required?: boolean | undefined;
|
|
3348
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
3323
3349
|
} | null>;
|
|
3324
3350
|
/**
|
|
3325
3351
|
* Initiate authorization.
|
|
@@ -3387,6 +3413,28 @@ declare class Oauth2Client {
|
|
|
3387
3413
|
dpop
|
|
3388
3414
|
}: Omit<RetrieveRefreshTokenAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
|
|
3389
3415
|
resourceRequest(options: ResourceRequestOptions): Promise<ResourceRequestResponseOk | ResourceRequestResponseNotOk>;
|
|
3416
|
+
/**
|
|
3417
|
+
* Parses an authorization response redirect URL into an authorization (error) response.
|
|
3418
|
+
*
|
|
3419
|
+
* Make sure to call `Oauth2Client.verifyAuthorizationResponse` after fetching the session
|
|
3420
|
+
* based on the parsed response, to ensure the authorization response `iss` value is verified.
|
|
3421
|
+
*/
|
|
3422
|
+
parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationResponseOptions): {
|
|
3423
|
+
[x: string]: unknown;
|
|
3424
|
+
code: string;
|
|
3425
|
+
state?: string | undefined;
|
|
3426
|
+
iss?: string | undefined;
|
|
3427
|
+
error?: undefined;
|
|
3428
|
+
} | {
|
|
3429
|
+
[x: string]: unknown;
|
|
3430
|
+
error: string;
|
|
3431
|
+
state?: string | undefined;
|
|
3432
|
+
iss?: string | undefined;
|
|
3433
|
+
code?: undefined;
|
|
3434
|
+
error_description?: string | undefined;
|
|
3435
|
+
error_uri?: string | undefined;
|
|
3436
|
+
};
|
|
3437
|
+
verifyAuthorizationResponse(options: VerifyAuthorizationResponseOptions): void;
|
|
3390
3438
|
}
|
|
3391
3439
|
//#endregion
|
|
3392
3440
|
//#region src/Oauth2ResourceServer.d.ts
|
|
@@ -3701,5 +3749,5 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
|
|
|
3701
3749
|
authorizationServer: string;
|
|
3702
3750
|
}>;
|
|
3703
3751
|
//#endregion
|
|
3704
|
-
export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult,
|
|
3752
|
+
export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationResponseOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyAuthorizationResponseOptions, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3705
3753
|
//# sourceMappingURL=index.d.mts.map
|