@scalar/oas-utils 0.2.43 → 0.2.45

package/dist/entities/spec/security.d.ts

@@ -0,0 +1,964 @@
+import { z } from 'zod';
+/**
+ * Value schema for each type of OAuth Flow
+ * Request Examples can store populated values for a given security scheme
+ */
+export declare const securitySchemeExampleValueSchema: z.ZodUnion<[z.ZodObject<{
+    type: z.ZodDefault<z.ZodLiteral<"apiKey">>;
+    name: z.ZodDefault<z.ZodString>;
+    value: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "apiKey";
+    value: string;
+    name: string;
+}, {
+    type?: "apiKey" | undefined;
+    value?: string | undefined;
+    name?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodDefault<z.ZodLiteral<"http">>;
+    username: z.ZodDefault<z.ZodString>;
+    password: z.ZodDefault<z.ZodString>;
+    token: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "http";
+    username: string;
+    password: string;
+    token: string;
+}, {
+    type?: "http" | undefined;
+    username?: string | undefined;
+    password?: string | undefined;
+    token?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodDefault<z.ZodLiteral<"oauth-implicit">>;
+    token: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "oauth-implicit";
+    token: string;
+}, {
+    type?: "oauth-implicit" | undefined;
+    token?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodDefault<z.ZodLiteral<"oauth-password">>;
+    token: z.ZodDefault<z.ZodString>;
+    username: z.ZodDefault<z.ZodString>;
+    password: z.ZodDefault<z.ZodString>;
+    clientSecret: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "oauth-password";
+    username: string;
+    password: string;
+    token: string;
+    clientSecret: string;
+}, {
+    type?: "oauth-password" | undefined;
+    username?: string | undefined;
+    password?: string | undefined;
+    token?: string | undefined;
+    clientSecret?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodDefault<z.ZodLiteral<"oauth-clientCredentials">>;
+    token: z.ZodDefault<z.ZodString>;
+    clientSecret: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "oauth-clientCredentials";
+    token: string;
+    clientSecret: string;
+}, {
+    type?: "oauth-clientCredentials" | undefined;
+    token?: string | undefined;
+    clientSecret?: string | undefined;
+}>, z.ZodObject<{
+    type: z.ZodDefault<z.ZodLiteral<"oauth-authorizationCode">>;
+    token: z.ZodDefault<z.ZodString>;
+    clientSecret: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "oauth-authorizationCode";
+    token: string;
+    clientSecret: string;
+}, {
+    type?: "oauth-authorizationCode" | undefined;
+    token?: string | undefined;
+    clientSecret?: string | undefined;
+}>]>;
+export type SecuritySchemeExampleValue = z.infer<typeof securitySchemeExampleValueSchema>;
+/** The example values for the oauth2 schemes */
+export type SecuritySchemeOauth2ExampleValue = Extract<SecuritySchemeExampleValue, {
+    type: `oauth-${string}`;
+}>;
+/**
+ * Generates a base set of example data for a given securityScheme
+ *
+ * TODO: we can probably remove this unless we really want to keep it separate
+ */
+export declare function authExampleFromSchema(scheme: SecurityScheme, baseValues?: any): {
+    type: "apiKey";
+    value: string;
+    name: string;
+} | {
+    type: "http";
+    username: string;
+    password: string;
+    token: string;
+} | {
+    type: "oauth-implicit";
+    token: string;
+} | {
+    type: "oauth-password";
+    username: string;
+    password: string;
+    token: string;
+    clientSecret: string;
+} | {
+    type: "oauth-clientCredentials";
+    token: string;
+    clientSecret: string;
+} | {
+    type: "oauth-authorizationCode";
+    token: string;
+    clientSecret: string;
+};
+export declare const securitySchemeApiKeyIn: readonly ["query", "header", "cookie"];
+export declare const securityApiKeySchema: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"apiKey">;
+    /** REQUIRED. The name of the header, query or cookie parameter to be used. */
+    name: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** REQUIRED. The location of the API key. Valid values are "query", "header" or "cookie". */
+    in: z.ZodDefault<z.ZodOptional<z.ZodEnum<["query", "header", "cookie"]>>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "apiKey";
+    uid: string;
+    name: string;
+    in: "query" | "header" | "cookie";
+    nameKey: string;
+    description?: string | undefined;
+}, {
+    type: "apiKey";
+    uid?: string | undefined;
+    name?: string | undefined;
+    description?: string | undefined;
+    in?: "query" | "header" | "cookie" | undefined;
+    nameKey?: string | undefined;
+}>;
+export type SecuritySchemeApiKey = z.infer<typeof securityApiKeySchema>;
+export declare const securityHttpSchema: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"http">;
+    /**
+     * REQUIRED. The name of the HTTP Authorization scheme to be used in the Authorization header as defined in
+     * [RFC7235]. The values used SHOULD be registered in the IANA Authentication Scheme registry.
+     */
+    scheme: z.ZodDefault<z.ZodOptional<z.ZodEnum<["basic", "bearer"]>>>;
+    /**
+     * A hint to the client to identify how the bearer token is formatted.
+     * Bearer tokens are usually generated by an authorization server, so
+     * this information is primarily for documentation purposes.
+     */
+    bearerFormat: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"JWT">, z.ZodString]>>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "http";
+    uid: string;
+    nameKey: string;
+    scheme: "basic" | "bearer";
+    bearerFormat: string;
+    description?: string | undefined;
+}, {
+    type: "http";
+    uid?: string | undefined;
+    description?: string | undefined;
+    nameKey?: string | undefined;
+    scheme?: "basic" | "bearer" | undefined;
+    bearerFormat?: string | undefined;
+}>;
+export type SecuritySchemaHttp = z.infer<typeof securityHttpSchema>;
+export declare const securityOpenIdSchema: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"openIdConnect">;
+    /**
+     * REQUIRED. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the
+     * form of a URL. The OpenID Connect standard requires the use of TLS.
+     */
+    openIdConnectUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "openIdConnect";
+    uid: string;
+    nameKey: string;
+    openIdConnectUrl: string;
+    description?: string | undefined;
+}, {
+    type: "openIdConnect";
+    uid?: string | undefined;
+    description?: string | undefined;
+    nameKey?: string | undefined;
+    openIdConnectUrl?: string | undefined;
+}>;
+export type SecuritySchemaOpenId = z.infer<typeof securityOpenIdSchema>;
+export declare const securityOauthSchema: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"oauth2">;
+    /** REQUIRED. An object containing configuration information for the flow types supported. */
+    flow: z.ZodDefault<z.ZodOptional<z.ZodDiscriminatedUnion<"type", [z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"implicit">;
+        authorizationUrl: z.ZodDefault<z.ZodString>;
+        'x-scalar-redirect-uri': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "implicit";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+    }, {
+        type: "implicit";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"password">;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "password";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    }, {
+        type: "password";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"clientCredentials">;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "clientCredentials";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    }, {
+        type: "clientCredentials";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"authorizationCode">;
+        authorizationUrl: z.ZodDefault<z.ZodString>;
+        'x-scalar-redirect-uri': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "authorizationCode";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+        tokenUrl: string;
+    }, {
+        type: "authorizationCode";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+        tokenUrl?: string | undefined;
+    }>]>>>;
+    /** Extension to save the client Id associated with an oauth flow */
+    'x-scalar-client-id': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "oauth2";
+    uid: string;
+    nameKey: string;
+    flow: {
+        type: "implicit";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+    } | {
+        type: "password";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    } | {
+        type: "clientCredentials";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    } | {
+        type: "authorizationCode";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+        tokenUrl: string;
+    };
+    'x-scalar-client-id': string;
+    description?: string | undefined;
+}, {
+    type: "oauth2";
+    uid?: string | undefined;
+    description?: string | undefined;
+    nameKey?: string | undefined;
+    flow?: {
+        type: "implicit";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+    } | {
+        type: "password";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    } | {
+        type: "clientCredentials";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    } | {
+        type: "authorizationCode";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+        tokenUrl?: string | undefined;
+    } | undefined;
+    'x-scalar-client-id'?: string | undefined;
+}>;
+export type SecuritySchemeOauth2 = z.infer<typeof securityOauthSchema>;
+/**
+ * Security Requirement
+ * Lists the required security schemes to execute this operation OR the whole collection/spec.
+ * The name used for each property MUST correspond to a security scheme declared in the Security
+ * Schemes under the Components Object.
+ *
+ * The key (name) here will be matched to the key of the securityScheme for linking
+ *
+ * @see https://spec.openapis.org/oas/latest.html#security-requirement-object
+ */
+export declare const oasSecurityRequirementSchema: z.ZodRecord<z.ZodString, z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>>;
+/** OAS Compliant security schemes */
+export declare const oasSecuritySchemeSchema: z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"apiKey">;
+    /** REQUIRED. The name of the header, query or cookie parameter to be used. */
+    name: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** REQUIRED. The location of the API key. Valid values are "query", "header" or "cookie". */
+    in: z.ZodDefault<z.ZodOptional<z.ZodEnum<["query", "header", "cookie"]>>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "apiKey";
+    name: string;
+    in: "query" | "header" | "cookie";
+    description?: string | undefined;
+}, {
+    type: "apiKey";
+    name?: string | undefined;
+    description?: string | undefined;
+    in?: "query" | "header" | "cookie" | undefined;
+}>, z.ZodObject<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"http">;
+    /**
+     * REQUIRED. The name of the HTTP Authorization scheme to be used in the Authorization header as defined in
+     * [RFC7235]. The values used SHOULD be registered in the IANA Authentication Scheme registry.
+     */
+    scheme: z.ZodDefault<z.ZodOptional<z.ZodEnum<["basic", "bearer"]>>>;
+    /**
+     * A hint to the client to identify how the bearer token is formatted.
+     * Bearer tokens are usually generated by an authorization server, so
+     * this information is primarily for documentation purposes.
+     */
+    bearerFormat: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"JWT">, z.ZodString]>>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "http";
+    scheme: "basic" | "bearer";
+    bearerFormat: string;
+    description?: string | undefined;
+}, {
+    type: "http";
+    description?: string | undefined;
+    scheme?: "basic" | "bearer" | undefined;
+    bearerFormat?: string | undefined;
+}>, z.ZodObject<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"oauth2">;
+    /** REQUIRED. An object containing configuration information for the flow types supported. */
+    flow: z.ZodDefault<z.ZodOptional<z.ZodDiscriminatedUnion<"type", [z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"implicit">;
+        authorizationUrl: z.ZodDefault<z.ZodString>;
+        'x-scalar-redirect-uri': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "implicit";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+    }, {
+        type: "implicit";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"password">;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "password";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    }, {
+        type: "password";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"clientCredentials">;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "clientCredentials";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    }, {
+        type: "clientCredentials";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"authorizationCode">;
+        authorizationUrl: z.ZodDefault<z.ZodString>;
+        'x-scalar-redirect-uri': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "authorizationCode";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+        tokenUrl: string;
+    }, {
+        type: "authorizationCode";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+        tokenUrl?: string | undefined;
+    }>]>>>;
+    /** Extension to save the client Id associated with an oauth flow */
+    'x-scalar-client-id': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "oauth2";
+    flow: {
+        type: "implicit";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+    } | {
+        type: "password";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    } | {
+        type: "clientCredentials";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    } | {
+        type: "authorizationCode";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+        tokenUrl: string;
+    };
+    'x-scalar-client-id': string;
+    description?: string | undefined;
+}, {
+    type: "oauth2";
+    description?: string | undefined;
+    flow?: {
+        type: "implicit";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+    } | {
+        type: "password";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    } | {
+        type: "clientCredentials";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    } | {
+        type: "authorizationCode";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+        tokenUrl?: string | undefined;
+    } | undefined;
+    'x-scalar-client-id'?: string | undefined;
+}>, z.ZodObject<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"openIdConnect">;
+    /**
+     * REQUIRED. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the
+     * form of a URL. The OpenID Connect standard requires the use of TLS.
+     */
+    openIdConnectUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "openIdConnect";
+    openIdConnectUrl: string;
+    description?: string | undefined;
+}, {
+    type: "openIdConnect";
+    description?: string | undefined;
+    openIdConnectUrl?: string | undefined;
+}>]>;
+/** Extended security schemes for workspace usage */
+export declare const securitySchemeSchema: z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"apiKey">;
+    /** REQUIRED. The name of the header, query or cookie parameter to be used. */
+    name: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** REQUIRED. The location of the API key. Valid values are "query", "header" or "cookie". */
+    in: z.ZodDefault<z.ZodOptional<z.ZodEnum<["query", "header", "cookie"]>>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "apiKey";
+    uid: string;
+    name: string;
+    in: "query" | "header" | "cookie";
+    nameKey: string;
+    description?: string | undefined;
+}, {
+    type: "apiKey";
+    uid?: string | undefined;
+    name?: string | undefined;
+    description?: string | undefined;
+    in?: "query" | "header" | "cookie" | undefined;
+    nameKey?: string | undefined;
+}>, z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"http">;
+    /**
+     * REQUIRED. The name of the HTTP Authorization scheme to be used in the Authorization header as defined in
+     * [RFC7235]. The values used SHOULD be registered in the IANA Authentication Scheme registry.
+     */
+    scheme: z.ZodDefault<z.ZodOptional<z.ZodEnum<["basic", "bearer"]>>>;
+    /**
+     * A hint to the client to identify how the bearer token is formatted.
+     * Bearer tokens are usually generated by an authorization server, so
+     * this information is primarily for documentation purposes.
+     */
+    bearerFormat: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"JWT">, z.ZodString]>>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "http";
+    uid: string;
+    nameKey: string;
+    scheme: "basic" | "bearer";
+    bearerFormat: string;
+    description?: string | undefined;
+}, {
+    type: "http";
+    uid?: string | undefined;
+    description?: string | undefined;
+    nameKey?: string | undefined;
+    scheme?: "basic" | "bearer" | undefined;
+    bearerFormat?: string | undefined;
+}>, z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"openIdConnect">;
+    /**
+     * REQUIRED. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the
+     * form of a URL. The OpenID Connect standard requires the use of TLS.
+     */
+    openIdConnectUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "openIdConnect";
+    uid: string;
+    nameKey: string;
+    openIdConnectUrl: string;
+    description?: string | undefined;
+}, {
+    type: "openIdConnect";
+    uid?: string | undefined;
+    description?: string | undefined;
+    nameKey?: string | undefined;
+    openIdConnectUrl?: string | undefined;
+}>, z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<{
+    description: z.ZodOptional<z.ZodString>;
+}, {
+    type: z.ZodLiteral<"oauth2">;
+    /** REQUIRED. An object containing configuration information for the flow types supported. */
+    flow: z.ZodDefault<z.ZodOptional<z.ZodDiscriminatedUnion<"type", [z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"implicit">;
+        authorizationUrl: z.ZodDefault<z.ZodString>;
+        'x-scalar-redirect-uri': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "implicit";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+    }, {
+        type: "implicit";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"password">;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "password";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    }, {
+        type: "password";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"clientCredentials">;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "clientCredentials";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    }, {
+        type: "clientCredentials";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    }>, z.ZodObject<z.objectUtil.extendShape<{
+        /**
+         * The URL to be used for obtaining refresh tokens. This MUST be in the form of a
+         * URL. The OAuth2 standard requires the use of TLS.
+         */
+        refreshUrl: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        /**
+         * REQUIRED. The available scopes for the OAuth2 security scheme. A map
+         * between the scope name and a short description for it. The map MAY be empty.
+         */
+        scopes: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodMap<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>, z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>]>>>;
+        selectedScopes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, {
+        type: z.ZodLiteral<"authorizationCode">;
+        authorizationUrl: z.ZodDefault<z.ZodString>;
+        'x-scalar-redirect-uri': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+        tokenUrl: z.ZodDefault<z.ZodString>;
+    }>, "strip", z.ZodTypeAny, {
+        type: "authorizationCode";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+        tokenUrl: string;
+    }, {
+        type: "authorizationCode";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+        tokenUrl?: string | undefined;
+    }>]>>>;
+    /** Extension to save the client Id associated with an oauth flow */
+    'x-scalar-client-id': z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, {
+    uid: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    /** The name key that links a security requirement to a security object */
+    nameKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+}>, "strip", z.ZodTypeAny, {
+    type: "oauth2";
+    uid: string;
+    nameKey: string;
+    flow: {
+        type: "implicit";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+    } | {
+        type: "password";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    } | {
+        type: "clientCredentials";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        tokenUrl: string;
+    } | {
+        type: "authorizationCode";
+        refreshUrl: string;
+        scopes: Map<string, string | undefined> | Record<string, string | undefined> | {};
+        selectedScopes: string[];
+        authorizationUrl: string;
+        'x-scalar-redirect-uri': string;
+        tokenUrl: string;
+    };
+    'x-scalar-client-id': string;
+    description?: string | undefined;
+}, {
+    type: "oauth2";
+    uid?: string | undefined;
+    description?: string | undefined;
+    nameKey?: string | undefined;
+    flow?: {
+        type: "implicit";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+    } | {
+        type: "password";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    } | {
+        type: "clientCredentials";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        tokenUrl?: string | undefined;
+    } | {
+        type: "authorizationCode";
+        refreshUrl?: string | undefined;
+        scopes?: Map<string, string | undefined> | Record<string, string | undefined> | {} | undefined;
+        selectedScopes?: string[] | undefined;
+        authorizationUrl?: string | undefined;
+        'x-scalar-redirect-uri'?: string | undefined;
+        tokenUrl?: string | undefined;
+    } | undefined;
+    'x-scalar-client-id'?: string | undefined;
+}>]>;
+/**
+ * Security Scheme Object
+ *
+ * @see https://spec.openapis.org/oas/latest.html#security-scheme-object
+ */
+export type SecurityScheme = z.infer<typeof securitySchemeSchema>;
+export type SecuritySchemePayload = z.input<typeof securitySchemeSchema>;
+//# sourceMappingURL=security.d.ts.map