@openid4vc/oauth2 0.4.5-alpha-20260126081433 → 0.4.5-alpha-20260201123930
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +24 -3
- package/dist/index.mjs +45 -17
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -557,7 +557,7 @@ declare const zAccessTokenRequest: z$1.ZodIntersection<z$1.ZodObject<{
|
|
|
557
557
|
refresh_token: z$1.ZodOptional<z$1.ZodString>;
|
|
558
558
|
resource: z$1.ZodOptional<z$1.ZodURL>;
|
|
559
559
|
code_verifier: z$1.ZodOptional<z$1.ZodString>;
|
|
560
|
-
grant_type: z$1.ZodUnion<readonly [z$1.ZodLiteral<"urn:ietf:params:oauth:grant-type:pre-authorized_code">, z$1.ZodLiteral<"authorization_code">, z$1.ZodLiteral<"refresh_token">, z$1.ZodString]>;
|
|
560
|
+
grant_type: z$1.ZodUnion<readonly [z$1.ZodLiteral<"urn:ietf:params:oauth:grant-type:pre-authorized_code">, z$1.ZodLiteral<"authorization_code">, z$1.ZodLiteral<"refresh_token">, z$1.ZodLiteral<"client_credentials">, z$1.ZodString]>;
|
|
561
561
|
}, z$1.core.$loose>, z$1.ZodPipe<z$1.ZodObject<{
|
|
562
562
|
tx_code: z$1.ZodOptional<z$1.ZodString>;
|
|
563
563
|
user_pin: z$1.ZodOptional<z$1.ZodString>;
|
|
@@ -656,6 +656,17 @@ interface RetrieveRefreshTokenAccessTokenOptions extends RetrieveAccessTokenBase
|
|
|
656
656
|
*/
|
|
657
657
|
additionalRequestPayload?: Record<string, unknown>;
|
|
658
658
|
}
|
|
659
|
+
interface RetrieveClientCredentialsAccessTokenOptions extends RetrieveAccessTokenBaseOptions {
|
|
660
|
+
/**
|
|
661
|
+
* The scope of the access request
|
|
662
|
+
*/
|
|
663
|
+
scope?: string;
|
|
664
|
+
/**
|
|
665
|
+
* Additional payload to include in the access token request. Items will be encoded and sent
|
|
666
|
+
* using x-www-form-urlencoded format. Nested items (JSON) will be stringified and url encoded.
|
|
667
|
+
*/
|
|
668
|
+
additionalRequestPayload?: Record<string, unknown>;
|
|
669
|
+
}
|
|
659
670
|
//#endregion
|
|
660
671
|
//#region src/access-token/verify-access-token.d.ts
|
|
661
672
|
declare enum SupportedAuthenticationScheme {
|
|
@@ -1149,6 +1160,9 @@ type AuthorizationCodeGrantIdentifier = z$1.infer<typeof zAuthorizationCodeGrant
|
|
|
1149
1160
|
declare const zRefreshTokenGrantIdentifier: z$1.ZodLiteral<"refresh_token">;
|
|
1150
1161
|
declare const refreshTokenGrantIdentifier: "refresh_token";
|
|
1151
1162
|
type RefreshTokenGrantIdentifier = z$1.infer<typeof zRefreshTokenGrantIdentifier>;
|
|
1163
|
+
declare const zClientCredentialsGrantIdentifier: z$1.ZodLiteral<"client_credentials">;
|
|
1164
|
+
declare const clientCredentialsGrantIdentifier: "client_credentials";
|
|
1165
|
+
type ClientCredentialsGrantIdentifier = z$1.infer<typeof zClientCredentialsGrantIdentifier>;
|
|
1152
1166
|
//#endregion
|
|
1153
1167
|
//#region src/access-token/parse-access-token-request.d.ts
|
|
1154
1168
|
interface ParsedAccessTokenPreAuthorizedCodeRequestGrant {
|
|
@@ -1428,9 +1442,9 @@ declare const zAuthorizationChallengeRequest: z$1.ZodObject<{
|
|
|
1428
1442
|
client_id: z$1.ZodOptional<z$1.ZodString>;
|
|
1429
1443
|
auth_session: z$1.ZodOptional<z$1.ZodString>;
|
|
1430
1444
|
presentation_during_issuance_session: z$1.ZodOptional<z$1.ZodString>;
|
|
1431
|
-
scope: z$1.ZodOptional<z$1.ZodString>;
|
|
1432
1445
|
redirect_uri: z$1.ZodOptional<z$1.ZodURL>;
|
|
1433
1446
|
resource: z$1.ZodOptional<z$1.ZodURL>;
|
|
1447
|
+
scope: z$1.ZodOptional<z$1.ZodString>;
|
|
1434
1448
|
state: z$1.ZodOptional<z$1.ZodString>;
|
|
1435
1449
|
issuer_state: z$1.ZodOptional<z$1.ZodString>;
|
|
1436
1450
|
dpop_jkt: z$1.ZodOptional<z$1.ZodBase64URL>;
|
|
@@ -3412,6 +3426,13 @@ declare class Oauth2Client {
|
|
|
3412
3426
|
resource,
|
|
3413
3427
|
dpop
|
|
3414
3428
|
}: Omit<RetrieveRefreshTokenAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
|
|
3429
|
+
retrieveClientCredentialsAccessToken({
|
|
3430
|
+
authorizationServerMetadata,
|
|
3431
|
+
additionalRequestPayload,
|
|
3432
|
+
scope,
|
|
3433
|
+
resource,
|
|
3434
|
+
dpop
|
|
3435
|
+
}: Omit<RetrieveClientCredentialsAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
|
|
3415
3436
|
resourceRequest(options: ResourceRequestOptions): Promise<ResourceRequestResponseOk | ResourceRequestResponseNotOk>;
|
|
3416
3437
|
/**
|
|
3417
3438
|
* Parses an authorization response redirect URL into an authorization (error) response.
|
|
@@ -3749,5 +3770,5 @@ declare function verifyResourceRequest(options: VerifyResourceRequestOptions): P
|
|
|
3749
3770
|
authorizationServer: string;
|
|
3750
3771
|
}>;
|
|
3751
3772
|
//#endregion
|
|
3752
|
-
export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationResponseOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyAuthorizationResponseOptions, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3773
|
+
export { type AccessTokenErrorResponse, type AccessTokenProfileJwtPayload, type AccessTokenResponse, type AuthorizationChallengeErrorResponse, type AuthorizationChallengeRequest, type AuthorizationChallengeResponse, type AuthorizationCodeGrantIdentifier, AuthorizationErrorResponse, AuthorizationResponse, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAttestationJwtHeader, type ClientAttestationJwtPayload, type ClientAttestationPopJwtHeader, type ClientAttestationPopJwtPayload, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientAttestationJwtOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type ClientAuthenticationNoneOptions, type ClientCredentialsGrantIdentifier, type CreateAuthorizationRequestUrlOptions, type CreateClientAttestationJwtOptions, type CreateJarAuthorizationRequestOptions, type CreatePkceReturn, type CreatePushedAuthorizationErrorResponseOptions, type CreatePushedAuthorizationResponseOptions, type DecodeJwtHeaderResult, type DecodeJwtOptions, type DecodeJwtResult, type DecryptJweCallback, type DecryptJweCallbackOptions, type EncryptJweCallback, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type HttpMethod, IdTokenJwtHeader, IdTokenJwtPayload, InvalidFetchResponseError, type JarAuthorizationRequest, type JarRequestObjectPayload, type JweEncryptor, type Jwk, type JwkSet, type JwtHeader, type JwtPayload, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerWithJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, type Oid4vcTsConfig, type ParseAuthorizationChallengeRequestOptions, type ParseAuthorizationChallengeRequestResult, ParseAuthorizationResponseOptions, type ParsePushedAuthorizationRequestOptions, type ParsePushedAuthorizationRequestResult, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type PushedAuthorizationRequestUriPrefix, type RefreshTokenGrantIdentifier, type RequestClientAttestationOptions, type RequestDpopOptions, type RequestLike, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrieveClientCredentialsAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, type TokenIntrospectionResponse, type VerifiedClientAttestationJwt, type VerifyAccessTokenRequestReturn, type VerifyAuthorizationChallengeRequestOptions, type VerifyAuthorizationChallengeRequestReturn, VerifyAuthorizationResponseOptions, VerifyIdTokenJwtOptions, type VerifyJwtCallback, type VerifyPushedAuthorizationRequestOptions, type VerifyPushedAuthorizationRequestReturn, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, clientCredentialsGrantIdentifier, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zClientCredentialsGrantIdentifier, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3753
3774
|
//# sourceMappingURL=index.d.mts.map
|
package/dist/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ContentType, Headers, InvalidFetchResponseError, InvalidFetchResponseError as InvalidFetchResponseError$1, OpenId4VcBaseError, URL, ValidationError, addSecondsToDate, createFetcher, createZodFetcher, dateToSeconds, decodeBase64, decodeUtf8String, encodeToBase64Url, encodeToUtf8String, encodeWwwAuthenticateHeader, formatZodError, getGlobalConfig, joinUriParts, objectToQueryParams, parseWithErrorHandling, parseWwwAuthenticateHeader, setGlobalConfig, stringToJsonWithErrorHandling, zHttpMethod, zHttpsUrl, zInteger } from "@openid4vc/utils";
|
|
1
|
+
import { ContentType, Headers, InvalidFetchResponseError, InvalidFetchResponseError as InvalidFetchResponseError$1, OpenId4VcBaseError, URL, ValidationError, addSecondsToDate, createFetcher, createZodFetcher, dateToSeconds, decodeBase64, decodeUtf8String, encodeToBase64Url, encodeToUtf8String, encodeWwwAuthenticateHeader, formatZodError, getGlobalConfig, joinUriParts, objectToQueryParams, parseWithErrorHandling, parseWwwAuthenticateHeader, setGlobalConfig, stringToJsonWithErrorHandling, zHttpMethod, zHttpsUrl, zInteger, zNumericDate } from "@openid4vc/utils";
|
|
2
2
|
import z$1, { z } from "zod";
|
|
3
3
|
import "zod/v4/core";
|
|
4
4
|
|
|
@@ -160,9 +160,9 @@ const zJwtConfirmationPayload = z$1.object({
|
|
|
160
160
|
const zJwtPayload = z$1.object({
|
|
161
161
|
iss: z$1.string().optional(),
|
|
162
162
|
aud: z$1.union([z$1.string(), z$1.array(z$1.string())]).optional(),
|
|
163
|
-
iat:
|
|
164
|
-
exp:
|
|
165
|
-
nbf:
|
|
163
|
+
iat: zNumericDate.optional(),
|
|
164
|
+
exp: zNumericDate.optional(),
|
|
165
|
+
nbf: zNumericDate.optional(),
|
|
166
166
|
nonce: z$1.string().optional(),
|
|
167
167
|
jti: z$1.string().optional(),
|
|
168
168
|
sub: z$1.string().optional(),
|
|
@@ -920,8 +920,8 @@ const zAccessTokenProfileJwtHeader = z$1.object({
|
|
|
920
920
|
const zAccessTokenProfileJwtPayload = z$1.object({
|
|
921
921
|
...zJwtPayload.shape,
|
|
922
922
|
iss: z$1.string(),
|
|
923
|
-
exp:
|
|
924
|
-
iat:
|
|
923
|
+
exp: zNumericDate,
|
|
924
|
+
iat: zNumericDate,
|
|
925
925
|
aud: z$1.union([z$1.string(), z$1.array(z$1.string())]),
|
|
926
926
|
sub: z$1.string(),
|
|
927
927
|
client_id: z$1.optional(z$1.string()),
|
|
@@ -1189,7 +1189,7 @@ const zClientAttestationJwtPayload = z$1.object({
|
|
|
1189
1189
|
...zJwtPayload.shape,
|
|
1190
1190
|
iss: z$1.string(),
|
|
1191
1191
|
sub: z$1.string(),
|
|
1192
|
-
exp:
|
|
1192
|
+
exp: zNumericDate,
|
|
1193
1193
|
cnf: z$1.object({ jwk: zJwk }).loose(),
|
|
1194
1194
|
wallet_name: z$1.string().optional(),
|
|
1195
1195
|
wallet_link: z$1.url().optional()
|
|
@@ -1203,7 +1203,7 @@ const oauthClientAttestationPopHeader = zOauthClientAttestationPopHeader.value;
|
|
|
1203
1203
|
const zClientAttestationPopJwtPayload = z$1.object({
|
|
1204
1204
|
...zJwtPayload.shape,
|
|
1205
1205
|
iss: z$1.string(),
|
|
1206
|
-
exp:
|
|
1206
|
+
exp: zNumericDate,
|
|
1207
1207
|
aud: z$1.union([zHttpsUrl, z$1.array(zHttpsUrl)]),
|
|
1208
1208
|
jti: z$1.string(),
|
|
1209
1209
|
nonce: z$1.optional(z$1.string())
|
|
@@ -1372,7 +1372,7 @@ async function verifyClientAttestation({ authorizationServer, clientAttestationJ
|
|
|
1372
1372
|
//#region src/dpop/z-dpop.ts
|
|
1373
1373
|
const zDpopJwtPayload = z$1.object({
|
|
1374
1374
|
...zJwtPayload.shape,
|
|
1375
|
-
iat:
|
|
1375
|
+
iat: zNumericDate,
|
|
1376
1376
|
htu: zHttpsUrl,
|
|
1377
1377
|
htm: zHttpMethod,
|
|
1378
1378
|
jti: z$1.string(),
|
|
@@ -1662,6 +1662,8 @@ const zAuthorizationCodeGrantIdentifier = z$1.literal("authorization_code");
|
|
|
1662
1662
|
const authorizationCodeGrantIdentifier = zAuthorizationCodeGrantIdentifier.value;
|
|
1663
1663
|
const zRefreshTokenGrantIdentifier = z$1.literal("refresh_token");
|
|
1664
1664
|
const refreshTokenGrantIdentifier = zRefreshTokenGrantIdentifier.value;
|
|
1665
|
+
const zClientCredentialsGrantIdentifier = z$1.literal("client_credentials");
|
|
1666
|
+
const clientCredentialsGrantIdentifier = zClientCredentialsGrantIdentifier.value;
|
|
1665
1667
|
|
|
1666
1668
|
//#endregion
|
|
1667
1669
|
//#region src/client-authentication.ts
|
|
@@ -1970,9 +1972,9 @@ const zIdTokenJwtPayload = z$1.object({
|
|
|
1970
1972
|
iss: z$1.string(),
|
|
1971
1973
|
sub: z$1.string(),
|
|
1972
1974
|
aud: z$1.union([z$1.string(), z$1.array(z$1.string())]),
|
|
1973
|
-
exp:
|
|
1974
|
-
iat:
|
|
1975
|
-
auth_time:
|
|
1975
|
+
exp: zNumericDate,
|
|
1976
|
+
iat: zNumericDate,
|
|
1977
|
+
auth_time: zNumericDate.optional(),
|
|
1976
1978
|
acr: z$1.string().optional(),
|
|
1977
1979
|
amr: z$1.array(z$1.string()).optional(),
|
|
1978
1980
|
azp: z$1.string().optional(),
|
|
@@ -2001,7 +2003,7 @@ const zIdTokenJwtPayload = z$1.object({
|
|
|
2001
2003
|
postal_code: z$1.string().optional(),
|
|
2002
2004
|
country: z$1.string().optional()
|
|
2003
2005
|
}).loose().optional(),
|
|
2004
|
-
updated_at:
|
|
2006
|
+
updated_at: zNumericDate.optional()
|
|
2005
2007
|
}).loose();
|
|
2006
2008
|
|
|
2007
2009
|
//#endregion
|
|
@@ -2234,6 +2236,7 @@ const zAccessTokenRequest = z$1.intersection(z$1.object({
|
|
|
2234
2236
|
zPreAuthorizedCodeGrantIdentifier,
|
|
2235
2237
|
zAuthorizationCodeGrantIdentifier,
|
|
2236
2238
|
zRefreshTokenGrantIdentifier,
|
|
2239
|
+
zClientCredentialsGrantIdentifier,
|
|
2237
2240
|
z$1.string()
|
|
2238
2241
|
])
|
|
2239
2242
|
}).loose(), z$1.object({
|
|
@@ -2960,6 +2963,21 @@ async function retrieveRefreshTokenAccessToken(options) {
|
|
|
2960
2963
|
resource: options.resource
|
|
2961
2964
|
});
|
|
2962
2965
|
}
|
|
2966
|
+
async function retrieveClientCredentialsAccessToken(options) {
|
|
2967
|
+
const request = {
|
|
2968
|
+
grant_type: clientCredentialsGrantIdentifier,
|
|
2969
|
+
scope: options.scope,
|
|
2970
|
+
resource: options.resource,
|
|
2971
|
+
...options.additionalRequestPayload
|
|
2972
|
+
};
|
|
2973
|
+
return retrieveAccessToken({
|
|
2974
|
+
authorizationServerMetadata: options.authorizationServerMetadata,
|
|
2975
|
+
request,
|
|
2976
|
+
dpop: options.dpop,
|
|
2977
|
+
callbacks: options.callbacks,
|
|
2978
|
+
resource: options.resource
|
|
2979
|
+
});
|
|
2980
|
+
}
|
|
2963
2981
|
/**
|
|
2964
2982
|
* Internal method
|
|
2965
2983
|
*/
|
|
@@ -3382,6 +3400,16 @@ var Oauth2Client = class {
|
|
|
3382
3400
|
dpop
|
|
3383
3401
|
});
|
|
3384
3402
|
}
|
|
3403
|
+
async retrieveClientCredentialsAccessToken({ authorizationServerMetadata, additionalRequestPayload, scope, resource, dpop }) {
|
|
3404
|
+
return await retrieveClientCredentialsAccessToken({
|
|
3405
|
+
authorizationServerMetadata,
|
|
3406
|
+
scope,
|
|
3407
|
+
additionalRequestPayload,
|
|
3408
|
+
resource,
|
|
3409
|
+
callbacks: this.options.callbacks,
|
|
3410
|
+
dpop
|
|
3411
|
+
});
|
|
3412
|
+
}
|
|
3385
3413
|
async resourceRequest(options) {
|
|
3386
3414
|
return resourceRequest(options);
|
|
3387
3415
|
}
|
|
@@ -3425,9 +3453,9 @@ const zTokenIntrospectionResponse = z$1.object({
|
|
|
3425
3453
|
client_id: z$1.optional(z$1.string()),
|
|
3426
3454
|
username: z$1.optional(z$1.string()),
|
|
3427
3455
|
token_type: z$1.optional(z$1.string()),
|
|
3428
|
-
exp: z$1.optional(
|
|
3429
|
-
iat: z$1.optional(
|
|
3430
|
-
nbf: z$1.optional(
|
|
3456
|
+
exp: z$1.optional(zNumericDate),
|
|
3457
|
+
iat: z$1.optional(zNumericDate),
|
|
3458
|
+
nbf: z$1.optional(zNumericDate),
|
|
3431
3459
|
sub: z$1.optional(z$1.string()),
|
|
3432
3460
|
aud: z$1.optional(z$1.union([z$1.string(), z$1.array(z$1.string())])),
|
|
3433
3461
|
iss: z$1.optional(z$1.string()),
|
|
@@ -3553,5 +3581,5 @@ async function verifyResourceRequest(options) {
|
|
|
3553
3581
|
}
|
|
3554
3582
|
|
|
3555
3583
|
//#endregion
|
|
3556
|
-
export { HashAlgorithm, InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3584
|
+
export { HashAlgorithm, InvalidFetchResponseError, Oauth2AuthorizationServer, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, Oauth2Error, Oauth2ErrorCodes, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, SupportedAuthenticationScheme, SupportedClientAuthenticationMethod, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationAnonymous, clientAuthenticationClientAttestationJwt, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, clientCredentialsGrantIdentifier, createClientAttestationJwt, createJarAuthorizationRequest, decodeJwt, decodeJwtHeader, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, fullySpecifiedCoseAlgorithmArrayToJwaSignatureAlgorithmArray, fullySpecifiedCoseAlgorithmToJwaSignatureAlgorithm, getAuthorizationServerMetadataFromList, getGlobalConfig, isJwkInSet, jwaSignatureAlgorithmArrayToFullySpecifiedCoseAlgorithmArray, jwaSignatureAlgorithmToFullySpecifiedCoseAlgorithm, jwtAuthorizationRequestJwtHeaderTyp, jwtHeaderFromJwtSigner, jwtSignerFromJwt, parseAuthorizationResponseRedirectUrl, parsePushedAuthorizationRequestUriReferenceValue, preAuthorizedCodeGrantIdentifier, pushedAuthorizationRequestUriPrefix, refreshTokenGrantIdentifier, resourceRequest, setGlobalConfig, signedAuthorizationRequestJwtHeaderTyp, validateJarRequestParams, verifyAuthorizationResponse, verifyClientAttestationJwt, verifyIdTokenJwt, verifyJwt, verifyResourceRequest, zAlgValueNotNone, zAuthorizationCodeGrantIdentifier, zAuthorizationErrorResponse, zAuthorizationResponse, zAuthorizationResponseFromUriParams, zAuthorizationServerMetadata, zClientCredentialsGrantIdentifier, zCompactJwe, zCompactJwt, zIdTokenJwtHeader, zIdTokenJwtPayload, zJarAuthorizationRequest, zJarRequestObjectPayload, zJwk, zJwkSet, zJwtHeader, zJwtPayload, zOauth2ErrorResponse, zPreAuthorizedCodeGrantIdentifier, zPushedAuthorizationRequestUriPrefix, zRefreshTokenGrantIdentifier };
|
|
3557
3585
|
//# sourceMappingURL=index.mjs.map
|