@openid4vc/oauth2 0.4.4-alpha-20260106125931 → 0.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +51 -3
- package/dist/index.mjs +41 -2
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -31,6 +31,7 @@ declare const zAuthorizationServerMetadata: z$1.ZodObject<{
|
|
|
31
31
|
authorization_challenge_endpoint: z$1.ZodOptional<z$1.ZodURL>;
|
|
32
32
|
'pre-authorized_grant_anonymous_access_supported': z$1.ZodOptional<z$1.ZodBoolean>;
|
|
33
33
|
client_attestation_pop_nonce_required: z$1.ZodOptional<z$1.ZodBoolean>;
|
|
34
|
+
authorization_response_iss_parameter_supported: z$1.ZodOptional<z$1.ZodBoolean>;
|
|
34
35
|
}, z$1.core.$loose>;
|
|
35
36
|
type AuthorizationServerMetadata = z$1.infer<typeof zAuthorizationServerMetadata>;
|
|
36
37
|
//#endregion
|
|
@@ -1863,16 +1864,19 @@ interface VerifyPushedAuthorizationRequestOptions extends VerifyAuthorizationReq
|
|
|
1863
1864
|
declare const zAuthorizationResponse: z$1.ZodObject<{
|
|
1864
1865
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1865
1866
|
code: z$1.ZodString;
|
|
1867
|
+
iss: z$1.ZodOptional<z$1.ZodURL>;
|
|
1866
1868
|
error: z$1.ZodOptional<z$1.ZodNever>;
|
|
1867
1869
|
}, z$1.core.$loose>;
|
|
1868
1870
|
declare const zAuthorizationResponseFromUriParams: z$1.ZodPipe<z$1.ZodPipe<z$1.ZodURL, z$1.ZodTransform<unknown, string>>, z$1.ZodObject<{
|
|
1869
1871
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1870
1872
|
code: z$1.ZodString;
|
|
1873
|
+
iss: z$1.ZodOptional<z$1.ZodURL>;
|
|
1871
1874
|
error: z$1.ZodOptional<z$1.ZodNever>;
|
|
1872
1875
|
}, z$1.core.$loose>>;
|
|
1873
1876
|
type AuthorizationResponse = z$1.infer<typeof zAuthorizationResponse>;
|
|
1874
1877
|
declare const zAuthorizationErrorResponse: z$1.ZodObject<{
|
|
1875
1878
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1879
|
+
iss: z$1.ZodOptional<z$1.ZodURL>;
|
|
1876
1880
|
code: z$1.ZodOptional<z$1.ZodNever>;
|
|
1877
1881
|
error: z$1.ZodUnion<readonly [z$1.ZodEnum<typeof Oauth2ErrorCodes>, z$1.ZodString]>;
|
|
1878
1882
|
error_description: z$1.ZodOptional<z$1.ZodString>;
|
|
@@ -1881,7 +1885,7 @@ declare const zAuthorizationErrorResponse: z$1.ZodObject<{
|
|
|
1881
1885
|
type AuthorizationErrorResponse = z$1.infer<typeof zAuthorizationErrorResponse>;
|
|
1882
1886
|
//#endregion
|
|
1883
1887
|
//#region src/authorization-response/parse-authorization-response.d.ts
|
|
1884
|
-
interface
|
|
1888
|
+
interface ParseAuthorizationResponseOptions {
|
|
1885
1889
|
url: string;
|
|
1886
1890
|
}
|
|
1887
1891
|
/**
|
|
@@ -1889,7 +1893,26 @@ interface ParseAuthorizationRequestOptions {
|
|
|
1889
1893
|
*
|
|
1890
1894
|
* @throws {Oauth2ServerErrorResponseError}
|
|
1891
1895
|
*/
|
|
1892
|
-
declare function parseAuthorizationResponseRedirectUrl(options:
|
|
1896
|
+
declare function parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationResponseOptions): AuthorizationResponse | AuthorizationErrorResponse;
|
|
1897
|
+
//#endregion
|
|
1898
|
+
//#region src/authorization-response/verify-authorization-response.d.ts
|
|
1899
|
+
interface VerifyAuthorizationResponseOptions {
|
|
1900
|
+
authorizationServerMetadata: AuthorizationServerMetadata;
|
|
1901
|
+
authorizationResponse: AuthorizationResponse | AuthorizationErrorResponse;
|
|
1902
|
+
}
|
|
1903
|
+
/**
|
|
1904
|
+
* Verifies an authorization (error) response.
|
|
1905
|
+
*
|
|
1906
|
+
* Currently it only verifies that the 'iss' value in an authorization (error) response matches the 'issuer' value of the authorization server metadata
|
|
1907
|
+
* according to RFC 9207.
|
|
1908
|
+
*
|
|
1909
|
+
* You can call this method after calling `parseAuthorizationResponse` and having fetched the associated session/authorization server
|
|
1910
|
+
* for the authorization response, to be able to verify the issuer
|
|
1911
|
+
*/
|
|
1912
|
+
declare function verifyAuthorizationResponse({
|
|
1913
|
+
authorizationResponse,
|
|
1914
|
+
authorizationServerMetadata
|
|
1915
|
+
}: VerifyAuthorizationResponseOptions): void;
|
|
1893
1916
|
//#endregion
|
|
1894
1917
|
//#region src/common/algorithm/algorithm-transform.d.ts
|
|
1895
1918
|
/**
|
|
@@ -2592,6 +2615,7 @@ declare function getAuthorizationServerMetadataFromList(authorizationServersMeta
|
|
|
2592
2615
|
authorization_challenge_endpoint?: string | undefined;
|
|
2593
2616
|
'pre-authorized_grant_anonymous_access_supported'?: boolean | undefined;
|
|
2594
2617
|
client_attestation_pop_nonce_required?: boolean | undefined;
|
|
2618
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
2595
2619
|
};
|
|
2596
2620
|
//#endregion
|
|
2597
2621
|
//#region src/metadata/fetch-jwks-uri.d.ts
|
|
@@ -2797,6 +2821,7 @@ declare class Oauth2AuthorizationServer {
|
|
|
2797
2821
|
authorization_challenge_endpoint?: string | undefined;
|
|
2798
2822
|
'pre-authorized_grant_anonymous_access_supported'?: boolean | undefined;
|
|
2799
2823
|
client_attestation_pop_nonce_required?: boolean | undefined;
|
|
2824
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
2800
2825
|
};
|
|
2801
2826
|
/**
|
|
2802
2827
|
* Parse access token request and extract the grant specific properties.
|
|
@@ -3320,6 +3345,7 @@ declare class Oauth2Client {
|
|
|
3320
3345
|
authorization_challenge_endpoint?: string | undefined;
|
|
3321
3346
|
'pre-authorized_grant_anonymous_access_supported'?: boolean | undefined;
|
|
3322
3347
|
client_attestation_pop_nonce_required?: boolean | undefined;
|
|
3348
|
+
authorization_response_iss_parameter_supported?: boolean | undefined;
|
|
3323
3349
|
} | null>;
|
|
3324
3350
|
/**
|
|
3325
3351
|
* Initiate authorization.
|
|
@@ -3387,6 +3413,28 @@ declare class Oauth2Client {
|
|
|
3387
3413
|
dpop
|
|
3388
3414
|
}: Omit<RetrieveRefreshTokenAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
|
|
3389
3415
|
resourceRequest(options: ResourceRequestOptions): Promise<ResourceRequestResponseOk | ResourceRequestResponseNotOk>;
|
|
3416
|
+
/**
|
|
3417
|
+
* Parses an authorization response redirect URL into an authorization (error) response.
|
|
3418
|
+
*
|
|
3419
|
+
* Make sure to call `Oauth2Client.verifyAuthorizationResponse` after fetching the session
|
|
3420
|
+
* based on the parsed response, to ensure the authorization response `iss` value is verified.
|
|
3421
|
+
*/
|
|
3422
|
+
parseAuthorizationResponseRedirectUrl(options: ParseAuthorizationResponseOptions): {
|
|
3423
|
+
[x: string]: unknown;
|
|
3424
|
+
code: string;
|
|
3425
|
+
state?: string | undefined;
|
|
3426
|
+
iss?: string | undefined;
|
|
3427
|
+
error?: undefined;
|
|
3428
|
+
} | {
|
|
3429
|
+
[x: string]: unknown;
|
|
3430
|
+
error: string;
|
|
3431
|
+
state?: string | undefined;
|
|
3432
|
+
iss?: string | undefined;
|
|
3433
|
+
code?: undefined;
|
|
3434
|
+
error_description?: string | undefined;
|
|
3435
|
+
error_uri?: string | undefined;
|
|
3436
|
+
};
|
|
3437
|
+
verifyAuthorizationResponse(options: VerifyAuthorizationResponseOptions): void;
|
|
3390
3438
|
}
|
|
3391
3439
|
//#endregion
|
|
3392
3440
|
//#region src/Oauth2ResourceServer.d.ts
|
|
@@ -3701,5 +3749,5 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
|
|
|
3701
3749
|
authorizationServer: string;
|
|
3702
3750
|
}>;
|
|
3703
3751
|
//#endregion
|
|
3704
|
-
export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult,
|
|
3752
|
+
export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationResponseOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyAuthorizationResponseOptions, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3705
3753
|
//# sourceMappingURL=index.d.mts.map
|
package/dist/index.mjs
CHANGED
|
@@ -1602,12 +1602,14 @@ function parsePushedAuthorizationRequestUriReferenceValue(options) {
|
|
|
1602
1602
|
const zAuthorizationResponse = z$1.object({
|
|
1603
1603
|
state: z$1.string().optional(),
|
|
1604
1604
|
code: z$1.string().nonempty(),
|
|
1605
|
+
iss: zHttpsUrl.optional(),
|
|
1605
1606
|
error: z$1.optional(z$1.never())
|
|
1606
1607
|
}).loose();
|
|
1607
1608
|
const zAuthorizationResponseFromUriParams = z$1.url().transform((url) => Object.fromEntries(new URL(url).searchParams)).pipe(zAuthorizationResponse);
|
|
1608
1609
|
const zAuthorizationErrorResponse = z$1.object({
|
|
1609
1610
|
...zOauth2ErrorResponse.shape,
|
|
1610
1611
|
state: z$1.string().optional(),
|
|
1612
|
+
iss: zHttpsUrl.optional(),
|
|
1611
1613
|
code: z$1.optional(z$1.never())
|
|
1612
1614
|
}).loose();
|
|
1613
1615
|
|
|
@@ -1628,6 +1630,30 @@ function parseAuthorizationResponseRedirectUrl(options) {
|
|
|
1628
1630
|
return parsedAuthorizationResponse.data;
|
|
1629
1631
|
}
|
|
1630
1632
|
|
|
1633
|
+
//#endregion
|
|
1634
|
+
//#region src/authorization-response/verify-authorization-response.ts
|
|
1635
|
+
/**
|
|
1636
|
+
* Verifies an authorization (error) response.
|
|
1637
|
+
*
|
|
1638
|
+
* Currently it only verifies that the 'iss' value in an authorization (error) response matches the 'issuer' value of the authorization server metadata
|
|
1639
|
+
* according to RFC 9207.
|
|
1640
|
+
*
|
|
1641
|
+
* You can call this method after calling `parseAuthorizationResponse` and having fetched the associated session/authorization server
|
|
1642
|
+
* for the authorization response, to be able to verify the issuer
|
|
1643
|
+
*/
|
|
1644
|
+
function verifyAuthorizationResponse({ authorizationResponse, authorizationServerMetadata }) {
|
|
1645
|
+
const expectedIssuer = authorizationServerMetadata.issuer;
|
|
1646
|
+
const responseIssuer = authorizationResponse.iss;
|
|
1647
|
+
if (authorizationServerMetadata.authorization_response_iss_parameter_supported && !responseIssuer) throw new Oauth2ServerErrorResponseError({
|
|
1648
|
+
error: Oauth2ErrorCodes.InvalidRequest,
|
|
1649
|
+
error_description: "Authorization server requires 'iss' parameter in authorization response (authorization_response_iss_parameter_supported), but no 'iss' parameter is present in the authorization response."
|
|
1650
|
+
});
|
|
1651
|
+
if (responseIssuer && responseIssuer !== expectedIssuer) throw new Oauth2ServerErrorResponseError({
|
|
1652
|
+
error: Oauth2ErrorCodes.InvalidRequest,
|
|
1653
|
+
error_description: "The 'iss' value in the authorization response does not match the expected 'issuer' value from the authorization server metadata."
|
|
1654
|
+
});
|
|
1655
|
+
}
|
|
1656
|
+
|
|
1631
1657
|
//#endregion
|
|
1632
1658
|
//#region src/z-grant-type.ts
|
|
1633
1659
|
const zPreAuthorizedCodeGrantIdentifier = z$1.literal("urn:ietf:params:oauth:grant-type:pre-authorized_code");
|
|
@@ -2118,7 +2144,8 @@ const zAuthorizationServerMetadata = z$1.object({
|
|
|
2118
2144
|
introspection_endpoint_auth_signing_alg_values_supported: z$1.optional(z$1.array(zAlgValueNotNone)),
|
|
2119
2145
|
authorization_challenge_endpoint: z$1.optional(zHttpsUrl),
|
|
2120
2146
|
"pre-authorized_grant_anonymous_access_supported": z$1.optional(z$1.boolean()),
|
|
2121
|
-
client_attestation_pop_nonce_required: z$1.boolean().optional()
|
|
2147
|
+
client_attestation_pop_nonce_required: z$1.boolean().optional(),
|
|
2148
|
+
authorization_response_iss_parameter_supported: z$1.boolean().optional()
|
|
2122
2149
|
}).loose().refine(({ introspection_endpoint_auth_methods_supported: methodsSupported, introspection_endpoint_auth_signing_alg_values_supported: algValuesSupported }) => {
|
|
2123
2150
|
if (!methodsSupported) return true;
|
|
2124
2151
|
if (!methodsSupported.includes("private_key_jwt") && !methodsSupported.includes("client_secret_jwt")) return true;
|
|
@@ -3358,6 +3385,18 @@ var Oauth2Client = class {
|
|
|
3358
3385
|
async resourceRequest(options) {
|
|
3359
3386
|
return resourceRequest(options);
|
|
3360
3387
|
}
|
|
3388
|
+
/**
|
|
3389
|
+
* Parses an authorization response redirect URL into an authorization (error) response.
|
|
3390
|
+
*
|
|
3391
|
+
* Make sure to call `Oauth2Client.verifyAuthorizationResponse` after fetching the session
|
|
3392
|
+
* based on the parsed response, to ensure the authorization response `iss` value is verified.
|
|
3393
|
+
*/
|
|
3394
|
+
parseAuthorizationResponseRedirectUrl(options) {
|
|
3395
|
+
return parseAuthorizationResponseRedirectUrl(options);
|
|
3396
|
+
}
|
|
3397
|
+
verifyAuthorizationResponse(options) {
|
|
3398
|
+
return verifyAuthorizationResponse(options);
|
|
3399
|
+
}
|
|
3361
3400
|
};
|
|
3362
3401
|
|
|
3363
3402
|
//#endregion
|
|
@@ -3514,5 +3553,5 @@ async function verifyResourceRequest(options) {
|
|
|
3514
3553
|
}
|
|
3515
3554
|
|
|
3516
3555
|
//#endregion
|
|
3517
|
-
export { HashAlgorithm, InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3556
|
+
export { HashAlgorithm, InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3518
3557
|
//# sourceMappingURL=index.mjs.map
|