@supabase/gotrue-js 2.77.0 → 2.77.1-canary.0

package/src/lib/types.ts

@@ -1492,6 +1492,8 @@ export type OAuthClient = {
   registration_type: OAuthClientRegistrationType
   /** URI of the OAuth client */
   client_uri?: string
+  /** URI of the OAuth client's logo */
+  logo_uri?: string
   /** Array of allowed redirect URIs */
   redirect_uris: string[]
   /** Array of allowed grant types */
@@ -1525,6 +1527,24 @@ export type CreateOAuthClientParams = {
   scope?: string
 }
 
+/**
+ * Parameters for updating an existing OAuth client.
+ * All fields are optional. Only provided fields will be updated.
+ * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+ */
+export type UpdateOAuthClientParams = {
+  /** Human-readable name of the OAuth client */
+  client_name?: string
+  /** URI of the OAuth client */
+  client_uri?: string
+  /** URI of the OAuth client's logo */
+  logo_uri?: string
+  /** Array of allowed redirect URIs */
+  redirect_uris?: string[]
+  /** Array of allowed grant types */
+  grant_types?: OAuthClientGrantType[]
+}
+
 /**
  * Response type for OAuth client operations.
  * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
@@ -1574,6 +1594,14 @@ export interface GoTrueAdminOAuthApi {
    */
   getClient(clientId: string): Promise<OAuthClientResponse>
 
+  /**
+   * Updates an existing OAuth client.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This function should only be called on a server. Never expose your `service_role` key in the browser.
+   */
+  updateClient(clientId: string, params: UpdateOAuthClientParams): Promise<OAuthClientResponse>
+
   /**
    * Deletes an OAuth client.
    * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
@@ -1590,3 +1618,103 @@ export interface GoTrueAdminOAuthApi {
    */
   regenerateClientSecret(clientId: string): Promise<OAuthClientResponse>
 }
+
+/**
+ * OAuth client details in an authorization request.
+ * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+ */
+export type OAuthAuthorizationClient = {
+  /** Unique identifier for the OAuth client (UUID) */
+  client_id: string
+  /** Human-readable name of the OAuth client */
+  client_name: string
+  /** URI of the OAuth client's website */
+  client_uri: string
+  /** URI of the OAuth client's logo */
+  logo_uri: string
+}
+
+/**
+ * OAuth authorization details for the consent flow.
+ * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+ */
+export type OAuthAuthorizationDetails = {
+  /** The authorization ID */
+  authorization_id: string
+  /** Redirect URI - present if user already consented (can be used to trigger immediate redirect) */
+  redirect_uri?: string
+  /** OAuth client requesting authorization */
+  client: OAuthAuthorizationClient
+  /** User object associated with the authorization */
+  user: {
+    /** User ID (UUID) */
+    id: string
+    /** User email */
+    email: string
+  }
+  /** Space-separated list of requested scopes */
+  scope: string
+}
+
+/**
+ * Response type for getting OAuth authorization details.
+ * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+ */
+export type AuthOAuthAuthorizationDetailsResponse = RequestResult<OAuthAuthorizationDetails>
+
+/**
+ * Response type for OAuth consent decision (approve/deny).
+ * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+ */
+export type AuthOAuthConsentResponse = RequestResult<{
+  /** URL to redirect the user back to the OAuth client */
+  redirect_url: string
+}>
+
+/**
+ * Contains all OAuth 2.1 authorization server user-facing methods.
+ * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+ *
+ * These methods are used to implement the consent page.
+ */
+export interface AuthOAuthServerApi {
+  /**
+   * Retrieves details about an OAuth authorization request.
+   * Used to display consent information to the user.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * This method returns authorization details including client info, scopes, and user information.
+   * If the response includes a redirect_uri, it means consent was already given - the caller
+   * should handle the redirect manually if needed.
+   *
+   * @param authorizationId - The authorization ID from the authorization request
+   * @returns Authorization details including client info and requested scopes
+   */
+  getAuthorizationDetails(authorizationId: string): Promise<AuthOAuthAuthorizationDetailsResponse>
+
+  /**
+   * Approves an OAuth authorization request.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * @param authorizationId - The authorization ID to approve
+   * @param options - Optional parameters including skipBrowserRedirect
+   * @returns Redirect URL to send the user back to the OAuth client
+   */
+  approveAuthorization(
+    authorizationId: string,
+    options?: { skipBrowserRedirect?: boolean }
+  ): Promise<AuthOAuthConsentResponse>
+
+  /**
+   * Denies an OAuth authorization request.
+   * Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.
+   *
+   * @param authorizationId - The authorization ID to deny
+   * @param options - Optional parameters including skipBrowserRedirect
+   * @returns Redirect URL to send the user back to the OAuth client
+   */
+  denyAuthorization(
+    authorizationId: string,
+    options?: { skipBrowserRedirect?: boolean }
+  ): Promise<AuthOAuthConsentResponse>
+}

package/src/lib/version.ts

@@ -4,4 +4,4 @@
 // - Debugging and support (identifying which version is running)
 // - Telemetry and logging (version reporting in errors/analytics)
 // - Ensuring build artifacts match the published package version
-export const version = '2.77.0'
+export const version = '2.77.1-canary.0'