@zitadel/sdk 4.1.0-beta.13 → 4.1.0-beta.15

package/README.md

@@ -203,6 +203,76 @@ Choose the authentication method that best suits your needs based on your
 environment and security requirements. For more details, please refer to the
 [Zitadel documentation on authenticating service users](https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users).
 
+## Advanced Configuration
+
+The SDK provides a `TransportOptions` object that allows you to customise
+the underlying HTTP transport used for both OpenID discovery and API calls.
+
+### Disabling TLS Verification
+
+In development or testing environments with self-signed certificates, you can
+disable TLS verification entirely:
+
+```ts
+import Zitadel from '@zitadel/sdk';
+
+const zitadel = await Zitadel.withClientCredentials(
+  'https://your-instance.zitadel.cloud',
+  'client-id',
+  'client-secret',
+  { insecure: true },
+);
+```
+
+### Using a Custom CA Certificate
+
+If your Zitadel instance uses a certificate signed by a private CA, you can
+provide the path to the CA certificate in PEM format:
+
+```ts
+import Zitadel from '@zitadel/sdk';
+
+const zitadel = await Zitadel.withClientCredentials(
+  'https://your-instance.zitadel.cloud',
+  'client-id',
+  'client-secret',
+  { caCertPath: '/path/to/ca.pem' },
+);
+```
+
+### Custom Default Headers
+
+You can attach default headers to every outgoing request. This is useful for
+custom routing or tracing headers:
+
+```ts
+import Zitadel from '@zitadel/sdk';
+
+const zitadel = await Zitadel.withClientCredentials(
+  'https://your-instance.zitadel.cloud',
+  'client-id',
+  'client-secret',
+  { defaultHeaders: { 'X-Custom-Header': 'my-value' } },
+);
+```
+
+### Proxy Configuration
+
+If your environment requires routing traffic through an HTTP proxy, you can
+specify the proxy URL. To authenticate with the proxy, embed the credentials
+directly in the URL:
+
+```ts
+import Zitadel from '@zitadel/sdk';
+
+const zitadel = await Zitadel.withClientCredentials(
+  'https://your-instance.zitadel.cloud',
+  'client-id',
+  'client-secret',
+  { proxyUrl: 'http://user:pass@proxy:8080' },
+);
+```
+
 ## Design and Dependencies
 
 This SDK is designed to be lean and efficient, focusing on providing a

package/dist/auth/client-credentials-authenticator-builder.d.ts

@@ -1,5 +1,6 @@
 import { OAuthAuthenticatorBuilder } from './oauth-authenticator-builder.js';
 import { ClientCredentialsAuthenticator } from './client-credentials-authenticator.js';
+import type { TransportOptions } from '../transport-options.js';
 /**
  * Builder for ClientCredentialsAuthenticator.
  *
@@ -15,8 +16,9 @@ export declare class ClientCredentialsAuthenticatorBuilder extends OAuthAuthenti
      * @param host The base URL for API endpoints.
      * @param clientId The OAuth2 client identifier.
      * @param clientSecret The OAuth2 client secret.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(host: string, clientId: string, clientSecret: string);
+    constructor(host: string, clientId: string, clientSecret: string, transportOptions?: TransportOptions);
     /**
      * Builds and returns a new ClientCredentialsAuthenticator instance.
      *

package/dist/auth/client-credentials-authenticator-builder.js

@@ -15,9 +15,10 @@ export class ClientCredentialsAuthenticatorBuilder extends OAuthAuthenticatorBui
      * @param host The base URL for API endpoints.
      * @param clientId The OAuth2 client identifier.
      * @param clientSecret The OAuth2 client secret.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(host, clientId, clientSecret) {
-        super(host);
+    constructor(host, clientId, clientSecret, transportOptions) {
+        super(host, transportOptions);
         this.clientId = clientId;
         this.clientSecret = clientSecret;
     }
@@ -28,7 +29,7 @@ export class ClientCredentialsAuthenticatorBuilder extends OAuthAuthenticatorBui
      */
     async build() {
         await this.discoverOpenId();
-        return new ClientCredentialsAuthenticator(this.openId, this.clientId, this.clientSecret, this.authScopes);
+        return new ClientCredentialsAuthenticator(this.openId, this.clientId, this.clientSecret, this.authScopes, this.transportOptions);
     }
 }
 //# sourceMappingURL=client-credentials-authenticator-builder.js.map

package/dist/auth/client-credentials-authenticator-builder.js.map

@@ -1 +1 @@
-{"version":3,"file":"client-credentials-authenticator-builder.js","sourceRoot":"","sources":["../../src/auth/client-credentials-authenticator-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,8BAA8B,EAAE,MAAM,uCAAuC,CAAC;AAEvF;;;;;GAKG;AACH,MAAM,OAAO,qCAAsC,SAAQ,yBAAyB;IAU/D;IACA;IAVnB;;;;;;OAMG;IACH,YACE,IAAY,EACK,QAAgB,EAChB,YAAoB;QAErC,KAAK,CAAC,IAAI,CAAC,CAAC;QAHK,aAAQ,GAAR,QAAQ,CAAQ;QAChB,iBAAY,GAAZ,YAAY,CAAQ;IAGvC,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,OAAO,IAAI,8BAA8B,CACvC,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,CAChB,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"client-credentials-authenticator-builder.js","sourceRoot":"","sources":["../../src/auth/client-credentials-authenticator-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,8BAA8B,EAAE,MAAM,uCAAuC,CAAC;AAGvF;;;;;GAKG;AACH,MAAM,OAAO,qCAAsC,SAAQ,yBAAyB;IAW/D;IACA;IAXnB;;;;;;;OAOG;IACH,YACE,IAAY,EACK,QAAgB,EAChB,YAAoB,EACrC,gBAAmC;QAEnC,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QAJb,aAAQ,GAAR,QAAQ,CAAQ;QAChB,iBAAY,GAAZ,YAAY,CAAQ;IAIvC,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,OAAO,IAAI,8BAA8B,CACvC,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,gBAAgB,CACtB,CAAC;IACJ,CAAC;CACF"}

package/dist/auth/client-credentials-authenticator.d.ts

@@ -2,6 +2,7 @@ import { OAuthAuthenticator } from './oauth-authenticator.js';
 import { OpenId } from './openid.js';
 import { ClientCredentialsAuthenticatorBuilder } from './client-credentials-authenticator-builder.js';
 import * as oauth from 'oauth4webapi';
+import type { TransportOptions } from '../transport-options.js';
 /**
  * OAuth2 Client Credentials Authenticator.
  *
@@ -17,16 +18,18 @@ export declare class ClientCredentialsAuthenticator extends OAuthAuthenticator {
      * @param clientId The OAuth2 client identifier.
      * @param clientSecret The OAuth2 client secret.
      * @param scope The scope for the token request.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(openId: OpenId, clientId: string, clientSecret: string, scope?: string);
+    constructor(openId: OpenId, clientId: string, clientSecret: string, scope?: string, transportOptions?: TransportOptions);
     /**
      * Returns a new builder instance for ClientCredentialsAuthenticator.
      *
      * @param host The base URL for API endpoints.
      * @param clientId The OAuth2 client identifier.
      * @param clientSecret The OAuth2 client secret.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A new builder instance.
      */
-    static builder(host: string, clientId: string, clientSecret: string): ClientCredentialsAuthenticatorBuilder;
+    static builder(host: string, clientId: string, clientSecret: string, transportOptions?: TransportOptions): ClientCredentialsAuthenticatorBuilder;
     protected performTokenRequest(authServer: oauth.AuthorizationServer, client: oauth.Client): Promise<oauth.TokenEndpointResponse>;
 }

package/dist/auth/client-credentials-authenticator.js

@@ -16,11 +16,12 @@ export class ClientCredentialsAuthenticator extends OAuthAuthenticator {
      * @param clientId The OAuth2 client identifier.
      * @param clientSecret The OAuth2 client secret.
      * @param scope The scope for the token request.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(openId, clientId, clientSecret, scope = 'openid urn:zitadel:iam:org:project:id:zitadel:aud') {
+    constructor(openId, clientId, clientSecret, scope = 'openid urn:zitadel:iam:org:project:id:zitadel:aud', transportOptions) {
         const authServer = openId.getAuthorizationServer();
         const client = { client_id: clientId };
-        super(authServer, client, scope);
+        super(authServer, client, scope, transportOptions);
         this.clientAuth = oauth.ClientSecretBasic(clientSecret);
         this.parameters = new URLSearchParams({
             grant_type: 'client_credentials',
@@ -33,16 +34,19 @@ export class ClientCredentialsAuthenticator extends OAuthAuthenticator {
      * @param host The base URL for API endpoints.
      * @param clientId The OAuth2 client identifier.
      * @param clientSecret The OAuth2 client secret.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A new builder instance.
      */
-    static builder(host, clientId, clientSecret) {
-        return new ClientCredentialsAuthenticatorBuilder(host, clientId, clientSecret);
+    static builder(host, clientId, clientSecret, transportOptions) {
+        return new ClientCredentialsAuthenticatorBuilder(host, clientId, clientSecret, transportOptions);
     }
     async performTokenRequest(authServer, client) {
+        const tokenOptions = await this.buildTokenRequestOptions();
+        if (process.env.JEST_WORKER_ID !== undefined) {
+            tokenOptions[oauth.allowInsecureRequests] = true;
+        }
         // noinspection JSDeprecatedSymbols
-        const response = await oauth.clientCredentialsGrantRequest(authServer, client, this.clientAuth, this.parameters, {
-            [oauth.allowInsecureRequests]: process.env.JEST_WORKER_ID !== undefined,
-        });
+        const response = await oauth.clientCredentialsGrantRequest(authServer, client, this.clientAuth, this.parameters, tokenOptions);
         return oauth.processClientCredentialsResponse(authServer, client, response);
     }
 }

package/dist/auth/client-credentials-authenticator.js.map

@@ -1 +1 @@
-{"version":3,"file":"client-credentials-authenticator.js","sourceRoot":"","sources":["../../src/auth/client-credentials-authenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D,OAAO,EAAE,qCAAqC,EAAE,MAAM,+CAA+C,CAAC;AACtG,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AAEtC;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,kBAAkB;IACnD,UAAU,CAAmB;IAC7B,UAAU,CAAkB;IAE7C;;;;;;;OAOG;IACH,YACE,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,QAAgB,mDAAmD;QAEnE,MAAM,UAAU,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnD,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACrD,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,eAAe,CAAC;YACpC,UAAU,EAAE,oBAAoB;YAChC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,OAAO,CACnB,IAAY,EACZ,QAAgB,EAChB,YAAoB;QAEpB,OAAO,IAAI,qCAAqC,CAC9C,IAAI,EACJ,QAAQ,EACR,YAAY,CACb,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,UAAqC,EACrC,MAAoB;QAEpB,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,CACxD,UAAU,EACV,MAAM,EACN,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,UAAU,EACf;YACE,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,SAAS;SACxE,CACF,CAAC;QAEF,OAAO,KAAK,CAAC,gCAAgC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9E,CAAC;CACF"}
+{"version":3,"file":"client-credentials-authenticator.js","sourceRoot":"","sources":["../../src/auth/client-credentials-authenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D,OAAO,EAAE,qCAAqC,EAAE,MAAM,+CAA+C,CAAC;AACtG,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AAGtC;;;;GAIG;AACH,MAAM,OAAO,8BAA+B,SAAQ,kBAAkB;IACnD,UAAU,CAAmB;IAC7B,UAAU,CAAkB;IAE7C;;;;;;;;OAQG;IACH,YACE,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,QAAgB,mDAAmD,EACnE,gBAAmC;QAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnD,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACrD,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACnD,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,eAAe,CAAC;YACpC,UAAU,EAAE,oBAAoB;YAChC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,OAAO,CACnB,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,gBAAmC;QAEnC,OAAO,IAAI,qCAAqC,CAC9C,IAAI,EACJ,QAAQ,EACR,YAAY,EACZ,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,UAAqC,EACrC,MAAoB;QAEpB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAE3D,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YAC7C,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC;QACnD,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,CACxD,UAAU,EACV,MAAM,EACN,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,UAAU,EACf,YAAY,CACb,CAAC;QAEF,OAAO,KAAK,CAAC,gCAAgC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9E,CAAC;CACF"}

package/dist/auth/oauth-authenticator-builder.d.ts

@@ -1,5 +1,6 @@
 import { OpenId } from './openid.js';
 import { OAuthAuthenticator } from './oauth-authenticator.js';
+import type { TransportOptions } from '../transport-options.js';
 /**
  * Base builder for OAuth authenticators.
  *
@@ -9,14 +10,16 @@ import { OAuthAuthenticator } from './oauth-authenticator.js';
  */
 export declare abstract class OAuthAuthenticatorBuilder {
     protected readonly host: string;
+    protected readonly transportOptions?: TransportOptions | undefined;
     protected authScopes: string;
     protected openId: OpenId;
     /**
      * Constructs the builder with the required host.
      *
      * @param host The hostname of the OpenID provider.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    protected constructor(host: string);
+    protected constructor(host: string, transportOptions?: TransportOptions | undefined);
     /**
      * Overrides the default scopes.
      *

package/dist/auth/oauth-authenticator-builder.js

@@ -8,15 +8,18 @@ import { OpenId } from './openid.js';
  */
 export class OAuthAuthenticatorBuilder {
     host;
+    transportOptions;
     authScopes = 'openid urn:zitadel:iam:org:project:id:zitadel:aud';
     openId;
     /**
      * Constructs the builder with the required host.
      *
      * @param host The hostname of the OpenID provider.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(host) {
+    constructor(host, transportOptions) {
         this.host = host;
+        this.transportOptions = transportOptions;
     }
     /**
      * Overrides the default scopes.
@@ -30,7 +33,7 @@ export class OAuthAuthenticatorBuilder {
     }
     async discoverOpenId() {
         if (!this.openId) {
-            this.openId = await OpenId.discover(this.host);
+            this.openId = await OpenId.discover(this.host, this.transportOptions);
         }
     }
 }

package/dist/auth/oauth-authenticator-builder.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authenticator-builder.js","sourceRoot":"","sources":["../../src/auth/oauth-authenticator-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAGrC;;;;;;GAMG;AACH,MAAM,OAAgB,yBAAyB;IAUJ;IAT/B,UAAU,GAClB,mDAAmD,CAAC;IAC5C,MAAM,CAAU;IAE1B;;;;OAIG;IACH,YAAyC,IAAY;QAAZ,SAAI,GAAJ,IAAI,CAAQ;IAAG,CAAC;IAEzD;;;;;OAKG;IACI,MAAM,CAAC,MAAyB;QACrC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IAES,KAAK,CAAC,cAAc;QAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;CAGF"}
+{"version":3,"file":"oauth-authenticator-builder.js","sourceRoot":"","sources":["../../src/auth/oauth-authenticator-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC;;;;;;GAMG;AACH,MAAM,OAAgB,yBAAyB;IAYxB;IACA;IAZX,UAAU,GAClB,mDAAmD,CAAC;IAC5C,MAAM,CAAU;IAE1B;;;;;OAKG;IACH,YACqB,IAAY,EACZ,gBAAmC;QADnC,SAAI,GAAJ,IAAI,CAAQ;QACZ,qBAAgB,GAAhB,gBAAgB,CAAmB;IACrD,CAAC;IAEJ;;;;;OAKG;IACI,MAAM,CAAC,MAAyB;QACrC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IAES,KAAK,CAAC,cAAc;QAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;CAGF"}

package/dist/auth/oauth-authenticator.d.ts

@@ -1,5 +1,6 @@
 import { Authenticator } from './authenticator.js';
 import * as oauth from 'oauth4webapi';
+import { type TransportOptions } from '../transport-options.js';
 /**
  * Abstract base class for OAuth-based authenticators.
  *
@@ -10,6 +11,7 @@ export declare abstract class OAuthAuthenticator extends Authenticator {
     protected readonly authServer: oauth.AuthorizationServer;
     protected readonly client: oauth.Client;
     protected readonly scope: string;
+    protected readonly transportOptions?: TransportOptions | undefined;
     /**
      * The OAuth2 token.
      */
@@ -18,14 +20,30 @@ export declare abstract class OAuthAuthenticator extends Authenticator {
      * The token's expiration timestamp.
      */
     protected tokenExpiry: number | null;
+    /**
+     * Cached dispatcher for reuse across token requests.
+     */
+    private cachedDispatcher;
     /**
      * OAuthAuthenticator constructor.
      *
      * @param authServer The discovered authorization server metadata.
      * @param client The OAuth2 client metadata.
      * @param scope The scope for the token request.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
+     */
+    protected constructor(authServer: oauth.AuthorizationServer, client: oauth.Client, scope: string, transportOptions?: TransportOptions | undefined);
+    /**
+     * Builds oauth4webapi request options from transport options.
+     *
+     * Constructs a customFetch wrapper that applies the configured dispatcher
+     * (for TLS/proxy settings) and default headers to all HTTP requests made
+     * by oauth4webapi functions.
+     *
+     * @returns An options object suitable for passing to oauth4webapi token
+     *          request functions.
      */
-    protected constructor(authServer: oauth.AuthorizationServer, client: oauth.Client, scope: string);
+    protected buildTokenRequestOptions(): Promise<Record<string | symbol, unknown>>;
     /**
      * Retrieve the authentication token using the OAuth2 flow.
      *

package/dist/auth/oauth-authenticator.js

@@ -1,5 +1,7 @@
 import { Authenticator } from './authenticator.js';
+import * as oauth from 'oauth4webapi';
 import { ZitadelException } from '../zitadel-exception.js';
+import { buildDispatcher, } from '../transport-options.js';
 /**
  * Abstract base class for OAuth-based authenticators.
  *
@@ -10,6 +12,7 @@ export class OAuthAuthenticator extends Authenticator {
     authServer;
     client;
     scope;
+    transportOptions;
     /**
      * The OAuth2 token.
      */
@@ -18,18 +21,61 @@ export class OAuthAuthenticator extends Authenticator {
      * The token's expiration timestamp.
      */
     tokenExpiry = null;
+    /**
+     * Cached dispatcher for reuse across token requests.
+     */
+    cachedDispatcher = null;
     /**
      * OAuthAuthenticator constructor.
      *
      * @param authServer The discovered authorization server metadata.
      * @param client The OAuth2 client metadata.
      * @param scope The scope for the token request.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(authServer, client, scope) {
+    constructor(authServer, client, scope, transportOptions) {
         super(authServer.issuer);
         this.authServer = authServer;
         this.client = client;
         this.scope = scope;
+        this.transportOptions = transportOptions;
+    }
+    /**
+     * Builds oauth4webapi request options from transport options.
+     *
+     * Constructs a customFetch wrapper that applies the configured dispatcher
+     * (for TLS/proxy settings) and default headers to all HTTP requests made
+     * by oauth4webapi functions.
+     *
+     * @returns An options object suitable for passing to oauth4webapi token
+     *          request functions.
+     */
+    async buildTokenRequestOptions() {
+        const options = {};
+        if (this.authServer.issuer.startsWith('http://')) {
+            options[oauth.allowInsecureRequests] = true;
+        }
+        if (this.transportOptions?.defaultHeaders) {
+            options.headers = this.transportOptions.defaultHeaders;
+        }
+        if (this.cachedDispatcher === null) {
+            this.cachedDispatcher = buildDispatcher(this.transportOptions);
+        }
+        const dispatcher = await this.cachedDispatcher;
+        if (dispatcher || this.transportOptions?.defaultHeaders) {
+            const defaultHeaders = this.transportOptions?.defaultHeaders;
+            options[oauth.customFetch] = (url, fetchOptions) => {
+                if (defaultHeaders) {
+                    const existingHeaders = (fetchOptions.headers ?? {});
+                    fetchOptions.headers = { ...defaultHeaders, ...existingHeaders };
+                }
+                return fetch(url, {
+                    ...fetchOptions,
+                    ...(dispatcher ? { dispatcher } : {}),
+                });
+            };
+        }
+        return options;
     }
     /**
      * Retrieve the authentication token using the OAuth2 flow.

package/dist/auth/oauth-authenticator.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authenticator.js","sourceRoot":"","sources":["../../src/auth/oauth-authenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D;;;;;GAKG;AACH,MAAM,OAAgB,kBAAmB,SAAQ,aAAa;IAkBvC;IACA;IACA;IAnBrB;;OAEG;IACO,KAAK,GAAuC,IAAI,CAAC;IAC3D;;OAEG;IACO,WAAW,GAAkB,IAAI,CAAC;IAE5C;;;;;;OAMG;IACH,YACqB,UAAqC,EACrC,MAAoB,EACpB,KAAa;QAEhC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAJN,eAAU,GAAV,UAAU,CAA2B;QACrC,WAAM,GAAN,MAAM,CAAc;QACpB,UAAK,GAAL,KAAK,CAAQ;IAGlC,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,YAAY;QACvB,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACvE,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,YAAY;QACvB,IAAI,CAAC;YACH,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC;YAChD,MAAM,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC;YACzB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAAC;YAE1D,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,gBAAgB,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;CAMF"}
+{"version":3,"file":"oauth-authenticator.js","sourceRoot":"","sources":["../../src/auth/oauth-authenticator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EACL,eAAe,GAEhB,MAAM,yBAAyB,CAAC;AAEjC;;;;;GAKG;AACH,MAAM,OAAgB,kBAAmB,SAAQ,aAAa;IAuBvC;IACA;IACA;IACA;IAzBrB;;OAEG;IACO,KAAK,GAAuC,IAAI,CAAC;IAC3D;;OAEG;IACO,WAAW,GAAkB,IAAI,CAAC;IAC5C;;OAEG;IACK,gBAAgB,GAA2C,IAAI,CAAC;IAExE;;;;;;;OAOG;IACH,YACqB,UAAqC,EACrC,MAAoB,EACpB,KAAa,EACb,gBAAmC;QAEtD,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QALN,eAAU,GAAV,UAAU,CAA2B;QACrC,WAAM,GAAN,MAAM,CAAc;QACpB,UAAK,GAAL,KAAK,CAAQ;QACb,qBAAgB,GAAhB,gBAAgB,CAAmB;IAGxD,CAAC;IAED;;;;;;;;;OASG;IACO,KAAK,CAAC,wBAAwB;QAGtC,MAAM,OAAO,GAAqC,EAAE,CAAC;QAErD,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC;QAC9C,CAAC;QAED,IAAI,IAAI,CAAC,gBAAgB,EAAE,cAAc,EAAE,CAAC;YAC1C,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC;QACzD,CAAC;QAED,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC;QAC/C,IAAI,UAAU,IAAI,IAAI,CAAC,gBAAgB,EAAE,cAAc,EAAE,CAAC;YACxD,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,EAAE,cAAc,CAAC;YAC7D,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAC3B,GAAW,EACX,YAAqC,EACrC,EAAE;gBACF,IAAI,cAAc,EAAE,CAAC;oBACnB,MAAM,eAAe,GAAG,CAAC,YAAY,CAAC,OAAO,IAAI,EAAE,CAGlD,CAAC;oBACF,YAAY,CAAC,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,eAAe,EAAE,CAAC;gBACnE,CAAC;gBACD,OAAO,KAAK,CAAC,GAAG,EAAE;oBAChB,GAAG,YAAY;oBACf,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACZ,CAAC,CAAC;YAC/B,CAAC,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,YAAY;QACvB,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACvE,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,YAAY;QACvB,IAAI,CAAC;YACH,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC;YAChD,MAAM,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC;YACzB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAAC;YAE1D,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,gBAAgB,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;CAMF"}

package/dist/auth/openid.d.ts

@@ -1,4 +1,5 @@
 import * as oauth from 'oauth4webapi';
+import { type TransportOptions } from '../transport-options.js';
 /**
  * OpenId class is responsible for fetching and storing important OpenID
  * configuration endpoints. It interacts with the OpenID provider's
@@ -31,11 +32,12 @@ export declare class OpenId {
      * and returns a new OpenId instance.
      *
      * @param hostname The hostname of the OpenID provider.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A promise that resolves to an OpenId instance.
      * @throws {Error} If the provided hostname is empty, or if there's an
      * error during the HTTP request or JSON parsing.
      */
-    static discover(hostname: string): Promise<OpenId>;
+    static discover(hostname: string, transportOptions?: TransportOptions): Promise<OpenId>;
     /**
      * Returns the discovered Authorization Server metadata.
      */

package/dist/auth/openid.js

@@ -1,3 +1,4 @@
+import { buildDispatcher, } from '../transport-options.js';
 /**
  * OpenId class is responsible for fetching and storing important OpenID
  * configuration endpoints. It interacts with the OpenID provider's
@@ -11,7 +12,6 @@ export class OpenId {
      */
     constructor(authServer) {
         this.authServer = authServer;
-        //
     }
     /**
      * Builds and returns a URL object from the provided hostname.
@@ -34,9 +34,18 @@ export class OpenId {
     /**
      * Fetches the OpenID configuration from the well-known endpoint.
      */
-    static async fetchOpenIdConfiguration(hostname) {
+    static async fetchOpenIdConfiguration(hostname, transportOptions) {
         const wellKnownUrl = this.buildWellKnownUrl(hostname);
-        const response = await fetch(wellKnownUrl);
+        const fetchInit = {};
+        if (transportOptions?.defaultHeaders) {
+            fetchInit.headers = transportOptions.defaultHeaders;
+        }
+        const dispatcher = await buildDispatcher(transportOptions);
+        if (dispatcher) {
+            fetchInit.dispatcher = dispatcher;
+        }
+        // eslint-disable-next-line no-undef
+        const response = await fetch(wellKnownUrl, fetchInit);
         if (!response.ok) {
             throw new Error(`Failed to fetch OpenID configuration: ${response.status} ${response.statusText}`);
         }
@@ -55,15 +64,16 @@ export class OpenId {
      * and returns a new OpenId instance.
      *
      * @param hostname The hostname of the OpenID provider.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A promise that resolves to an OpenId instance.
      * @throws {Error} If the provided hostname is empty, or if there's an
      * error during the HTTP request or JSON parsing.
      */
-    static async discover(hostname) {
+    static async discover(hostname, transportOptions) {
         if (!hostname) {
             throw new Error('Hostname cannot be empty.');
         }
-        const authServer = await this.fetchOpenIdConfiguration(hostname);
+        const authServer = await this.fetchOpenIdConfiguration(hostname, transportOptions);
         return new OpenId(authServer);
     }
     /**

package/dist/auth/openid.js.map

@@ -1 +1 @@
-{"version":3,"file":"openid.js","sourceRoot":"","sources":["../../src/auth/openid.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,MAAM,OAAO,MAAM;IAIoB;IAHrC;;OAEG;IACH,YAAqC,UAAqC;QAArC,eAAU,GAAV,UAAU,CAA2B;QACxE,EAAE;IACJ,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,aAAa,CAAC,QAAgB;QAC3C,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,GAAG,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,iBAAiB,CAAC,QAAgB;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACzC,GAAG,CAAC,QAAQ,GAAG,mCAAmC,CAAC;QACnD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAC3C,QAAgB;QAEhB,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAE3C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,yCAAyC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAClF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,kDAAkD;YAClD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyC,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAgB;QAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;QACjE,OAAO,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,qCAAqC;IACrC;;;;;;OAMG;IACI,gBAAgB;QACrB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;IACxC,CAAC;IAED,qCAAqC;IACrC;;;;;;OAMG;IACI,wBAAwB;QAC7B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,sBAAsB,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,2DAA2D,CAC5D,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC;IAChD,CAAC;IAED,qCAAqC;IACrC;;;;;;;OAOG;IACI,mBAAmB;QACxB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;IAC3C,CAAC;CACF"}
+{"version":3,"file":"openid.js","sourceRoot":"","sources":["../../src/auth/openid.ts"],"names":[],"mappings":"AACA,OAAO,EACL,eAAe,GAEhB,MAAM,yBAAyB,CAAC;AAEjC;;;;;GAKG;AACH,MAAM,OAAO,MAAM;IAIoB;IAHrC;;OAEG;IACH,YAAqC,UAAqC;QAArC,eAAU,GAAV,UAAU,CAA2B;IAAG,CAAC;IAE9E;;;OAGG;IACK,MAAM,CAAC,aAAa,CAAC,QAAgB;QAC3C,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,GAAG,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,iBAAiB,CAAC,QAAgB;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACzC,GAAG,CAAC,QAAQ,GAAG,mCAAmC,CAAC;QACnD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAC3C,QAAgB,EAChB,gBAAmC;QAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAEtD,MAAM,SAAS,GAA4B,EAAE,CAAC;QAC9C,IAAI,gBAAgB,EAAE,cAAc,EAAE,CAAC;YACrC,SAAS,CAAC,OAAO,GAAG,gBAAgB,CAAC,cAAc,CAAC;QACtD,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,gBAAgB,CAAC,CAAC;QAC3D,IAAI,UAAU,EAAE,CAAC;YACf,SAAS,CAAC,UAAU,GAAG,UAAU,CAAC;QACpC,CAAC;QAED,oCAAoC;QACpC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE,SAAwB,CAAC,CAAC;QAErE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,yCAAyC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAClF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,kDAAkD;YAClD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyC,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAC1B,QAAgB,EAChB,gBAAmC;QAEnC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACpD,QAAQ,EACR,gBAAgB,CACjB,CAAC;QACF,OAAO,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,qCAAqC;IACrC;;;;;;OAMG;IACI,gBAAgB;QACrB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;IACxC,CAAC;IAED,qCAAqC;IACrC;;;;;;OAMG;IACI,wBAAwB;QAC7B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,sBAAsB,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,2DAA2D,CAC5D,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC;IAChD,CAAC;IAED,qCAAqC;IACrC;;;;;;;OAOG;IACI,mBAAmB;QACxB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;IAC3C,CAAC;CACF"}

package/dist/auth/webtoken-authenticator-builder.d.ts

@@ -1,5 +1,6 @@
 import { OAuthAuthenticatorBuilder } from './oauth-authenticator-builder.js';
 import { WebTokenAuthenticator } from './webtoken-authenticator.js';
+import type { TransportOptions } from '../transport-options.js';
 /**
  * Builder for WebTokenAuthenticator.
  *
@@ -36,8 +37,9 @@ export declare class WebTokenAuthenticatorBuilder extends OAuthAuthenticatorBuil
      * @param jwtSubject The subject claim for the JWT.
      * @param jwtAudience The audience claim for the JWT.
      * @param privateKey The PEM-formatted private key used to sign the JWT.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(host: string, jwtIssuer: string, jwtSubject: string, jwtAudience: string, privateKey: string);
+    constructor(host: string, jwtIssuer: string, jwtSubject: string, jwtAudience: string, privateKey: string, transportOptions?: TransportOptions);
     /**
      * Sets the token lifetime in seconds.
      *

package/dist/auth/webtoken-authenticator-builder.js

@@ -36,9 +36,10 @@ export class WebTokenAuthenticatorBuilder extends OAuthAuthenticatorBuilder {
      * @param jwtSubject The subject claim for the JWT.
      * @param jwtAudience The audience claim for the JWT.
      * @param privateKey The PEM-formatted private key used to sign the JWT.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(host, jwtIssuer, jwtSubject, jwtAudience, privateKey) {
-        super(host);
+    constructor(host, jwtIssuer, jwtSubject, jwtAudience, privateKey, transportOptions) {
+        super(host, transportOptions);
         this.jwtIssuer = jwtIssuer;
         this.jwtSubject = jwtSubject;
         this.jwtAudience = jwtAudience;
@@ -85,7 +86,7 @@ export class WebTokenAuthenticatorBuilder extends OAuthAuthenticatorBuilder {
      */
     async build() {
         await this.discoverOpenId();
-        return WebTokenAuthenticator.create(this.openId, 'zitadel', this.authScopes, this.jwtIssuer, this.jwtSubject, this.jwtAudience, this.privateKey, this.lifetimeSeconds, this.jwtAlg, this.kid);
+        return WebTokenAuthenticator.create(this.openId, 'zitadel', this.authScopes, this.jwtIssuer, this.jwtSubject, this.jwtAudience, this.privateKey, this.lifetimeSeconds, this.jwtAlg, this.kid, this.transportOptions);
     }
 }
 //# sourceMappingURL=webtoken-authenticator-builder.js.map

package/dist/auth/webtoken-authenticator-builder.js.map

@@ -1 +1 @@
-{"version":3,"file":"webtoken-authenticator-builder.js","sourceRoot":"","sources":["../../src/auth/webtoken-authenticator-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,4BAA6B,SAAQ,yBAAyB;IAgBtD;IACA;IACA;IACA;IAlBX,MAAM,GAAW,OAAO,CAAC;IACzB,eAAe,GAAW,IAAI,CAAC;IAC/B,GAAG,CAAU;IAErB;;;;;;;;OAQG;IACH,YACE,IAAY,EACK,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,UAAkB;QAEnC,KAAK,CAAC,IAAI,CAAC,CAAC;QALK,cAAS,GAAT,SAAS,CAAQ;QACjB,eAAU,GAAV,UAAU,CAAQ;QAClB,gBAAW,GAAX,WAAW,CAAQ;QACnB,eAAU,GAAV,UAAU,CAAQ;IAGrC,CAAC;IAED;;;;;OAKG;IACI,oBAAoB,CAAC,OAAe;QACzC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACI,YAAY,CAAC,SAAiB;QACnC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,KAAa;QACxB,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,OAAO,qBAAqB,CAAC,MAAM,CACjC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,GAAG,CACT,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"webtoken-authenticator-builder.js","sourceRoot":"","sources":["../../src/auth/webtoken-authenticator-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAGpE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,4BAA6B,SAAQ,yBAAyB;IAiBtD;IACA;IACA;IACA;IAnBX,MAAM,GAAW,OAAO,CAAC;IACzB,eAAe,GAAW,IAAI,CAAC;IAC/B,GAAG,CAAU;IAErB;;;;;;;;;OASG;IACH,YACE,IAAY,EACK,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,UAAkB,EACnC,gBAAmC;QAEnC,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QANb,cAAS,GAAT,SAAS,CAAQ;QACjB,eAAU,GAAV,UAAU,CAAQ;QAClB,gBAAW,GAAX,WAAW,CAAQ;QACnB,eAAU,GAAV,UAAU,CAAQ;IAIrC,CAAC;IAED;;;;;OAKG;IACI,oBAAoB,CAAC,OAAe;QACzC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACI,YAAY,CAAC,SAAiB;QACnC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,KAAa;QACxB,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,OAAO,qBAAqB,CAAC,MAAM,CACjC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,GAAG,EACR,IAAI,CAAC,gBAAgB,CACtB,CAAC;IACJ,CAAC;CACF"}

package/dist/auth/webtoken-authenticator.d.ts

@@ -2,6 +2,7 @@ import { OAuthAuthenticator } from './oauth-authenticator.js';
 import * as oauth from 'oauth4webapi';
 import { OpenId } from './openid.js';
 import { WebTokenAuthenticatorBuilder } from './webtoken-authenticator-builder.js';
+import type { TransportOptions } from '../transport-options.js';
 /**
  * JWT-based Authenticator using the JWT Bearer Grant (RFC7523).
  *
@@ -30,6 +31,7 @@ export declare class WebTokenAuthenticator extends OAuthAuthenticator {
      * @param jwtLifetimeSeconds The lifetime of the JWT in seconds.
      * @param jwtAlgorithm The signing algorithm.
      * @param keyId The key ID.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
     private constructor();
     /**
@@ -48,19 +50,21 @@ export declare class WebTokenAuthenticator extends OAuthAuthenticator {
      *
      * @param host The base URL for the API endpoints.
      * @param jsonPath The file path to the JSON configuration file.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A builder instance for WebTokenAuthenticator.
      * @throws {Error} if the file cannot be read or the JSON is invalid.
      */
-    static fromJson(host: string, jsonPath: string): Promise<WebTokenAuthenticator>;
+    static fromJson(host: string, jsonPath: string, transportOptions?: TransportOptions): Promise<WebTokenAuthenticator>;
     /**
      * Returns a new builder instance for WebTokenAuthenticator.
      *
      * @param host The base URL for API endpoints.
      * @param userId The user ID.
      * @param privateKey The PEM-formatted private key.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A new builder instance.
      */
-    static builder(host: string, userId: string, privateKey: string): WebTokenAuthenticatorBuilder;
+    static builder(host: string, userId: string, privateKey: string, transportOptions?: TransportOptions): WebTokenAuthenticatorBuilder;
     /**
      * Normalises any PKCS-1/PKCS-8 PEM string and returns a Node KeyObject.
      * Works with:
@@ -72,7 +76,19 @@ export declare class WebTokenAuthenticator extends OAuthAuthenticator {
     /**
      * Creates an instance of WebTokenAuthenticator.
      * @internal
+     *
+     * @param openId The OpenId configuration instance.
+     * @param clientId The OAuth2 client identifier.
+     * @param scope The scope for the token request.
+     * @param jwtIssuer The issuer claim for the JWT.
+     * @param jwtSubject The subject claim for the JWT.
+     * @param jwtAudience The audience claim for the JWT.
+     * @param privateKeyPem The PEM-formatted private key.
+     * @param jwtLifetimeSeconds The lifetime of the JWT in seconds.
+     * @param jwtAlgorithm The signing algorithm.
+     * @param keyId The key ID.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    static create(openId: OpenId, clientId: string, scope: string, jwtIssuer: string, jwtSubject: string, jwtAudience: string, privateKeyPem: string, jwtLifetimeSeconds: number, jwtAlgorithm: string, keyId?: string): Promise<WebTokenAuthenticator>;
+    static create(openId: OpenId, clientId: string, scope: string, jwtIssuer: string, jwtSubject: string, jwtAudience: string, privateKeyPem: string, jwtLifetimeSeconds: number, jwtAlgorithm: string, keyId?: string, transportOptions?: TransportOptions): Promise<WebTokenAuthenticator>;
     protected performTokenRequest(authServer: oauth.AuthorizationServer, client: oauth.Client): Promise<oauth.TokenEndpointResponse>;
 }

package/dist/auth/webtoken-authenticator.js

@@ -32,9 +32,10 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
      * @param jwtLifetimeSeconds The lifetime of the JWT in seconds.
      * @param jwtAlgorithm The signing algorithm.
      * @param keyId The key ID.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    constructor(authServer, client, scope, privateKey, jwtIssuer, jwtSubject, jwtAudience, jwtLifetimeSeconds, jwtAlgorithm, keyId) {
-        super(authServer, client, scope);
+    constructor(authServer, client, scope, privateKey, jwtIssuer, jwtSubject, jwtAudience, jwtLifetimeSeconds, jwtAlgorithm, keyId, transportOptions) {
+        super(authServer, client, scope, transportOptions);
         this.privateKey = privateKey;
         this.jwtIssuer = jwtIssuer;
         this.jwtSubject = jwtSubject;
@@ -60,10 +61,11 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
      *
      * @param host The base URL for the API endpoints.
      * @param jsonPath The file path to the JSON configuration file.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A builder instance for WebTokenAuthenticator.
      * @throws {Error} if the file cannot be read or the JSON is invalid.
      */
-    static async fromJson(host, jsonPath) {
+    static async fromJson(host, jsonPath, transportOptions) {
         const json = fs.readFileSync(jsonPath, 'utf-8').replaceAll('\\"', '"');
         const config = JSON.parse(json);
         const userId = config?.userId;
@@ -72,7 +74,7 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
         if (!userId || !privateKey || !keyId) {
             throw new Error('Missing required configuration keys in JSON file.');
         }
-        return WebTokenAuthenticator.builder(host, userId, privateKey)
+        return WebTokenAuthenticator.builder(host, userId, privateKey, transportOptions)
             .keyId(keyId)
             .build();
     }
@@ -82,10 +84,11 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
      * @param host The base URL for API endpoints.
      * @param userId The user ID.
      * @param privateKey The PEM-formatted private key.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns A new builder instance.
      */
-    static builder(host, userId, privateKey) {
-        return new WebTokenAuthenticatorBuilder(host, userId, userId, host, privateKey);
+    static builder(host, userId, privateKey, transportOptions) {
+        return new WebTokenAuthenticatorBuilder(host, userId, userId, host, privateKey, transportOptions);
     }
     /**
      * Normalises any PKCS-1/PKCS-8 PEM string and returns a Node KeyObject.
@@ -119,12 +122,24 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
     /**
      * Creates an instance of WebTokenAuthenticator.
      * @internal
+     *
+     * @param openId The OpenId configuration instance.
+     * @param clientId The OAuth2 client identifier.
+     * @param scope The scope for the token request.
+     * @param jwtIssuer The issuer claim for the JWT.
+     * @param jwtSubject The subject claim for the JWT.
+     * @param jwtAudience The audience claim for the JWT.
+     * @param privateKeyPem The PEM-formatted private key.
+     * @param jwtLifetimeSeconds The lifetime of the JWT in seconds.
+     * @param jwtAlgorithm The signing algorithm.
+     * @param keyId The key ID.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      */
-    static async create(openId, clientId, scope, jwtIssuer, jwtSubject, jwtAudience, privateKeyPem, jwtLifetimeSeconds, jwtAlgorithm, keyId) {
+    static async create(openId, clientId, scope, jwtIssuer, jwtSubject, jwtAudience, privateKeyPem, jwtLifetimeSeconds, jwtAlgorithm, keyId, transportOptions) {
         const privateKey = WebTokenAuthenticator.parsePem(privateKeyPem);
         const authServer = openId.getAuthorizationServer();
         const client = { client_id: clientId };
-        return new WebTokenAuthenticator(authServer, client, scope, privateKey, jwtIssuer, jwtSubject, jwtAudience, jwtLifetimeSeconds, jwtAlgorithm, keyId);
+        return new WebTokenAuthenticator(authServer, client, scope, privateKey, jwtIssuer, jwtSubject, jwtAudience, jwtLifetimeSeconds, jwtAlgorithm, keyId, transportOptions);
     }
     async performTokenRequest(authServer, client) {
         const protectedHeader = {
@@ -145,10 +160,12 @@ export class WebTokenAuthenticator extends OAuthAuthenticator {
             assertion: assertion,
             scope: this.scope,
         });
+        const tokenOptions = await this.buildTokenRequestOptions();
+        if (process.env.JEST_WORKER_ID !== undefined) {
+            tokenOptions[oauth.allowInsecureRequests] = true;
+        }
         // noinspection JSDeprecatedSymbols
-        const response = await oauth.genericTokenEndpointRequest(authServer, client, this.clientAuth, this.grantType, parameters, {
-            [oauth.allowInsecureRequests]: process.env.JEST_WORKER_ID !== undefined,
-        });
+        const response = await oauth.genericTokenEndpointRequest(authServer, client, this.clientAuth, this.grantType, parameters, tokenOptions);
         const responseBody = (await response.clone().json());
         // @ts-expect-error wgsg
         const idToken = responseBody.id_token;

package/dist/auth/webtoken-authenticator.js.map

@@ -1 +1 @@
-{"version":3,"file":"webtoken-authenticator.js","sourceRoot":"","sources":["../../src/auth/webtoken-authenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,4BAA4B,EAAE,MAAM,qCAAqC,CAAC;AAGnF,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,gBAAgB,EAAa,MAAM,aAAa,CAAC;AAE1D;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,kBAAkB;IAuBxC;IACA;IACA;IACA;IACA;IACA;IACA;IA5BF,UAAU,CAAmB;IAC7B,SAAS,GACxB,6CAA6C,CAAC;IAEhD;;;;;;;;;;;;;OAaG;IACH,YACE,UAAqC,EACrC,MAAoB,EACpB,KAAa,EACI,UAAqB,EACrB,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,kBAA0B,EAC1B,YAAoB,EACpB,KAAc;QAE/B,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QARhB,eAAU,GAAV,UAAU,CAAW;QACrB,cAAS,GAAT,SAAS,CAAQ;QACjB,eAAU,GAAV,UAAU,CAAQ;QAClB,gBAAW,GAAX,WAAW,CAAQ;QACnB,uBAAkB,GAAlB,kBAAkB,CAAQ;QAC1B,iBAAY,GAAZ,YAAY,CAAQ;QACpB,UAAK,GAAL,KAAK,CAAS;QAG/B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAC1B,IAAY,EACZ,QAAgB;QAEhB,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEhC,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,EAAE,GAAG,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,EAAE,KAAK,CAAC;QAE5B,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,qBAAqB,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC;aAC3D,KAAK,CAAC,KAAK,CAAC;aACZ,KAAK,EAAE,CAAC;IACb,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,OAAO,CACnB,IAAY,EACZ,MAAc,EACd,UAAkB;QAElB,OAAO,IAAI,4BAA4B,CACrC,IAAI,EACJ,MAAM,EACN,MAAM,EACN,IAAI,EACJ,UAAU,CACX,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,QAAQ,CAAC,OAAe;QACrC,yDAAyD;QACzD,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAEtE,sDAAsD;QACtD,GAAG,GAAG,GAAG;aACN,OAAO,CAAC,0CAA0C,EAAE,QAAQ,CAAC;aAC7D,OAAO,CAAC,wCAAwC,EAAE,QAAQ,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;YACxC,MAAM,WAAW,GACf,OAAO;iBACJ,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,0BAA0B;iBAC9C,KAAK,CAAC,UAAU,CAAC,CAAC,OAAO;gBAC1B,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC;YAC5B,GAAG,GAAG,GAAG,MAAM,KAAK,WAAW,KAAK,MAAM,EAAE,CAAC;QAC/C,CAAC;QAED,sDAAsD;QACtD,MAAM,IAAI,GAAG,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QAEnE,kCAAkC;QAClC,OAAO,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CACxB,MAAc,EACd,QAAgB,EAChB,KAAa,EACb,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,aAAqB,EACrB,kBAA0B,EAC1B,YAAoB,EACpB,KAAc;QAEd,MAAM,UAAU,GAAG,qBAAqB,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnD,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACrD,OAAO,IAAI,qBAAqB,CAC9B,UAAU,EACV,MAAM,EACN,KAAK,EACL,UAAU,EACV,SAAS,EACT,UAAU,EACV,WAAW,EACX,kBAAkB,EAClB,YAAY,EACZ,KAAK,CACN,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,UAAqC,EACrC,MAAoB;QAEpB,MAAM,eAAe,GAA6B;YAChD,GAAG,EAAE,IAAI,CAAC,YAAY;SACvB,CAAC;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,eAAe,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;QACnC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;aAC/D,kBAAkB,CAAC,eAAe,CAAC;aACnC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;aACzB,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC;aAC7B,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,IAAI,CAAC,kBAAkB,GAAG,CAAC;aAChD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEzB,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC;YACrC,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,SAAS,EAAE,SAAS;YACpB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,2BAA2B,CACtD,UAAU,EACV,MAAM,EACN,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,EACd,UAAU,EACV;YACE,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,SAAS;SACxE,CACF,CAAC;QAEF,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAa,CAAC;QACjE,wBAAwB;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC;QAEtC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC,mCAAmC,CAC9C,UAAU,EACV,MAAM,EACN,QAAQ,CACT,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAEvC,MAAM,kBAAkB,GAAG,MAAM,CAAC,GAAG,CAAC;YACtC,IAAI,CAAC,kBAAkB,IAAI,OAAO,kBAAkB,KAAK,QAAQ,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YAED,OAAO,KAAK,CAAC,mCAAmC,CAC9C,UAAU,EACV,EAAE,SAAS,EAAE,kBAAkB,EAAE,EACjC,QAAQ,CACT,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"webtoken-authenticator.js","sourceRoot":"","sources":["../../src/auth/webtoken-authenticator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AACtC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,4BAA4B,EAAE,MAAM,qCAAqC,CAAC;AAInF,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,gBAAgB,EAAa,MAAM,aAAa,CAAC;AAE1D;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,kBAAkB;IAwBxC;IACA;IACA;IACA;IACA;IACA;IACA;IA7BF,UAAU,CAAmB;IAC7B,SAAS,GACxB,6CAA6C,CAAC;IAEhD;;;;;;;;;;;;;;OAcG;IACH,YACE,UAAqC,EACrC,MAAoB,EACpB,KAAa,EACI,UAAqB,EACrB,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,kBAA0B,EAC1B,YAAoB,EACpB,KAAc,EAC/B,gBAAmC;QAEnC,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,CAAC,CAAC;QATlC,eAAU,GAAV,UAAU,CAAW;QACrB,cAAS,GAAT,SAAS,CAAQ;QACjB,eAAU,GAAV,UAAU,CAAQ;QAClB,gBAAW,GAAX,WAAW,CAAQ;QACnB,uBAAkB,GAAlB,kBAAkB,CAAQ;QAC1B,iBAAY,GAAZ,YAAY,CAAQ;QACpB,UAAK,GAAL,KAAK,CAAS;QAI/B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;;;;;;;;;;;;;;OAmBG;IACI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAC1B,IAAY,EACZ,QAAgB,EAChB,gBAAmC;QAEnC,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEhC,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,EAAE,GAAG,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,EAAE,KAAK,CAAC;QAE5B,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,qBAAqB,CAAC,OAAO,CAClC,IAAI,EACJ,MAAM,EACN,UAAU,EACV,gBAAgB,CACjB;aACE,KAAK,CAAC,KAAK,CAAC;aACZ,KAAK,EAAE,CAAC;IACb,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,OAAO,CACnB,IAAY,EACZ,MAAc,EACd,UAAkB,EAClB,gBAAmC;QAEnC,OAAO,IAAI,4BAA4B,CACrC,IAAI,EACJ,MAAM,EACN,MAAM,EACN,IAAI,EACJ,UAAU,EACV,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,QAAQ,CAAC,OAAe;QACrC,yDAAyD;QACzD,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAEtE,sDAAsD;QACtD,GAAG,GAAG,GAAG;aACN,OAAO,CAAC,0CAA0C,EAAE,QAAQ,CAAC;aAC7D,OAAO,CAAC,wCAAwC,EAAE,QAAQ,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;YACxC,MAAM,WAAW,GACf,OAAO;iBACJ,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,0BAA0B;iBAC9C,KAAK,CAAC,UAAU,CAAC,CAAC,OAAO;gBAC1B,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC;YAC5B,GAAG,GAAG,GAAG,MAAM,KAAK,WAAW,KAAK,MAAM,EAAE,CAAC;QAC/C,CAAC;QAED,sDAAsD;QACtD,MAAM,IAAI,GAAG,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QAEnE,kCAAkC;QAClC,OAAO,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CACxB,MAAc,EACd,QAAgB,EAChB,KAAa,EACb,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,aAAqB,EACrB,kBAA0B,EAC1B,YAAoB,EACpB,KAAc,EACd,gBAAmC;QAEnC,MAAM,UAAU,GAAG,qBAAqB,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnD,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACrD,OAAO,IAAI,qBAAqB,CAC9B,UAAU,EACV,MAAM,EACN,KAAK,EACL,UAAU,EACV,SAAS,EACT,UAAU,EACV,WAAW,EACX,kBAAkB,EAClB,YAAY,EACZ,KAAK,EACL,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,UAAqC,EACrC,MAAoB;QAEpB,MAAM,eAAe,GAA6B;YAChD,GAAG,EAAE,IAAI,CAAC,YAAY;SACvB,CAAC;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,eAAe,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;QACnC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;aAC/D,kBAAkB,CAAC,eAAe,CAAC;aACnC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;aACzB,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC;aAC7B,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,IAAI,CAAC,kBAAkB,GAAG,CAAC;aAChD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEzB,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC;YACrC,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,SAAS,EAAE,SAAS;YACpB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAE3D,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YAC7C,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC;QACnD,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,2BAA2B,CACtD,UAAU,EACV,MAAM,EACN,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,EACd,UAAU,EACV,YAAY,CACb,CAAC;QAEF,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAa,CAAC;QACjE,wBAAwB;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC;QAEtC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC,mCAAmC,CAC9C,UAAU,EACV,MAAM,EACN,QAAQ,CACT,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAEvC,MAAM,kBAAkB,GAAG,MAAM,CAAC,GAAG,CAAC;YACtC,IAAI,CAAC,kBAAkB,IAAI,OAAO,kBAAkB,KAAK,QAAQ,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YAED,OAAO,KAAK,CAAC,mCAAmC,CAC9C,UAAU,EACV,EAAE,SAAS,EAAE,kBAAkB,EAAE,EACjC,QAAQ,CACT,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/configuration.d.ts

@@ -1,15 +1,26 @@
+import type { Dispatcher } from 'undici';
 import { HTTPHeaders } from './runtime.js';
 import { Authenticator } from './auth/index.js';
+import { type TransportOptions } from './transport-options.js';
+export type { TransportOptions } from './transport-options.js';
+export { buildDispatcher } from './transport-options.js';
 export declare class Configuration {
     private readonly authenticator;
-    private readonly configuration;
     readonly userAgent: string;
+    private readonly configuration;
+    private cachedDispatcher;
     constructor(authenticator?: Authenticator, configuration?: {
         basePath?: string;
         headers?: HTTPHeaders;
         userAgent?: string;
+        transportOptions?: TransportOptions;
     });
+    /**
+     * Returns the cached dispatcher, building it lazily on first access.
+     */
+    getDispatcher(): Promise<Dispatcher | undefined>;
     get basePath(): string;
     get accessToken(): (name?: string, scopes?: string[]) => string | Promise<string>;
     get headers(): HTTPHeaders | undefined;
+    get transportOptions(): TransportOptions | undefined;
 }

package/dist/configuration.js

@@ -1,17 +1,41 @@
 import { NoAuthAuthenticator } from './auth/index.js';
 import { arch, platform, version as nodeVersion } from 'process';
 import { VERSION } from './version.js';
+import { buildDispatcher } from './transport-options.js';
+export { buildDispatcher } from './transport-options.js';
 export class Configuration {
     authenticator;
-    configuration;
     userAgent;
+    configuration;
+    cachedDispatcher = null;
     constructor(authenticator = new NoAuthAuthenticator(), configuration = {}) {
         this.authenticator = authenticator;
-        this.configuration = configuration;
+        this.configuration = {
+            ...configuration,
+            transportOptions: configuration.transportOptions
+                ? {
+                    ...configuration.transportOptions,
+                    defaultHeaders: configuration.transportOptions.defaultHeaders
+                        ? Object.freeze({
+                            ...configuration.transportOptions.defaultHeaders,
+                        })
+                        : undefined,
+                }
+                : undefined,
+        };
         this.userAgent =
             this.configuration.userAgent ??
                 `zitadel-client/${VERSION} (lang=ts; lang_version=${nodeVersion}; os=${platform}; arch=${arch})`;
     }
+    /**
+     * Returns the cached dispatcher, building it lazily on first access.
+     */
+    getDispatcher() {
+        if (this.cachedDispatcher === null) {
+            this.cachedDispatcher = buildDispatcher(this.configuration.transportOptions);
+        }
+        return this.cachedDispatcher;
+    }
     get basePath() {
         return this.authenticator.getHost().toString();
     }
@@ -19,7 +43,15 @@ export class Configuration {
         return async () => this.authenticator.getAuthToken();
     }
     get headers() {
-        return this.configuration.headers;
+        const transportHeaders = this.configuration.transportOptions?.defaultHeaders;
+        const configHeaders = this.configuration.headers;
+        if (!transportHeaders && !configHeaders) {
+            return undefined;
+        }
+        return { ...transportHeaders, ...configHeaders };
+    }
+    get transportOptions() {
+        return this.configuration.transportOptions;
     }
 }
 //# sourceMappingURL=configuration.js.map

package/dist/configuration.js.map

@@ -1 +1 @@
-{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../src/configuration.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAiB,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,SAAS,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,OAAO,aAAa;IAIL;IACA;IAJH,SAAS,CAAS;IAElC,YACmB,gBAA+B,IAAI,mBAAmB,EAAE,EACxD,gBAIb,EAAE;QALW,kBAAa,GAAb,aAAa,CAA2C;QACxD,kBAAa,GAAb,aAAa,CAIxB;QAEN,IAAI,CAAC,SAAS;YACZ,IAAI,CAAC,aAAa,CAAC,SAAS;gBAC5B,kBAAkB,OAAO,2BAA2B,WAAW,QAAQ,QAAQ,UAAU,IAAI,GAAG,CAAC;IACrG,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAED,IAAI,WAAW;QAIb,OAAO,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;IACpC,CAAC;CACF"}
+{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../src/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAiB,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,SAAS,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,eAAe,EAAyB,MAAM,wBAAwB,CAAC;AAGhF,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,MAAM,OAAO,aAAa;IAWL;IAVH,SAAS,CAAS;IACjB,aAAa,CAK5B;IACM,gBAAgB,GAA2C,IAAI,CAAC;IAExE,YACmB,gBAA+B,IAAI,mBAAmB,EAAE,EACzE,gBAKI,EAAE;QANW,kBAAa,GAAb,aAAa,CAA2C;QAQzE,IAAI,CAAC,aAAa,GAAG;YACnB,GAAG,aAAa;YAChB,gBAAgB,EAAE,aAAa,CAAC,gBAAgB;gBAC9C,CAAC,CAAC;oBACE,GAAG,aAAa,CAAC,gBAAgB;oBACjC,cAAc,EAAE,aAAa,CAAC,gBAAgB,CAAC,cAAc;wBAC3D,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;4BACZ,GAAG,aAAa,CAAC,gBAAgB,CAAC,cAAc;yBACjD,CAAC;wBACJ,CAAC,CAAC,SAAS;iBACd;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;QACF,IAAI,CAAC,SAAS;YACZ,IAAI,CAAC,aAAa,CAAC,SAAS;gBAC5B,kBAAkB,OAAO,2BAA2B,WAAW,QAAQ,QAAQ,UAAU,IAAI,GAAG,CAAC;IACrG,CAAC;IAED;;OAEG;IACH,aAAa;QACX,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,gBAAgB,GAAG,eAAe,CACrC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CACpC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAED,IAAI,WAAW;QAIb,OAAO,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,OAAO;QACT,MAAM,gBAAgB,GACpB,IAAI,CAAC,aAAa,CAAC,gBAAgB,EAAE,cAAc,CAAC;QACtD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,CAAC,aAAa,EAAE,CAAC;YACxC,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,EAAE,GAAG,gBAAgB,EAAE,GAAG,aAAa,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;IAC7C,CAAC;CACF"}

package/dist/index.d.ts

@@ -1,11 +1,17 @@
 import { ActionServiceApi, ApplicationServiceApi, AuthorizationServiceApi, BetaActionServiceApi, BetaAppServiceApi, BetaAuthorizationServiceApi, BetaFeatureServiceApi, BetaInstanceServiceApi, BetaInternalPermissionServiceApi, BetaOIDCServiceApi, BetaOrganizationServiceApi, BetaProjectServiceApi, BetaSessionServiceApi, BetaSettingsServiceApi, BetaTelemetryServiceApi, BetaUserServiceApi, BetaWebKeyServiceApi, FeatureServiceApi, IdentityProviderServiceApi, InstanceServiceApi, InternalPermissionServiceApi, OIDCServiceApi, OrganizationServiceApi, ProjectServiceApi, SAMLServiceApi, SessionServiceApi, SettingsServiceApi, UserServiceApi, WebKeyServiceApi } from './apis/index.js';
 import { Authenticator } from './auth/index.js';
 import { Configuration } from './configuration.js';
+import type { TransportOptions } from './transport-options.js';
 export * from './zitadel-exception.js';
 export * from './api-exception.js';
 export * from './configuration.js';
 export * from './models/index.js';
 export * from './auth/index.js';
+/**
+ * Main entry point for the Zitadel SDK.
+ *
+ * Provides access to all Zitadel API services through a single client instance.
+ */
 export default class Zitadel {
     readonly actions: ActionServiceApi;
     readonly applications: ApplicationServiceApi;
@@ -36,35 +42,45 @@ export default class Zitadel {
     readonly settings: SettingsServiceApi;
     readonly users: UserServiceApi;
     readonly webkeys: WebKeyServiceApi;
-    constructor(authenticator: Authenticator, mutateConfig?: (config: Configuration) => void);
+    /**
+     * Constructs a new Zitadel client instance.
+     *
+     * @param authenticator The authenticator to use for API requests.
+     * @param mutateConfig Optional callback to mutate the configuration.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
+     */
+    constructor(authenticator: Authenticator, mutateConfig?: (config: Configuration) => void, transportOptions?: TransportOptions);
     /**
      * Initialize the SDK with a Personal Access Token (PAT).
      *
      * @param host API URL (e.g. "https://api.zitadel.example.com").
      * @param accessToken Personal Access Token for Bearer authentication.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns Configured Zitadel client instance.
      * @see https://zitadel.com/docs/guides/integrate/service-users/personal-access-token
      */
-    static withAccessToken(host: string, accessToken: string): Zitadel;
+    static withAccessToken(host: string, accessToken: string, transportOptions?: TransportOptions): Zitadel;
     /**
      * Initialize the SDK using OAuth2 Client Credentials flow.
      *
      * @param host API URL.
      * @param clientId OAuth2 client identifier.
      * @param clientSecret OAuth2 client secret.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns Configured Zitadel client instance with token auto-refresh.
      * @throws {Error} If token retrieval fails.
      * @see https://zitadel.com/docs/guides/integrate/service-users/client-credentials
      */
-    static withClientCredentials(host: string, clientId: string, clientSecret: string): Promise<Zitadel>;
+    static withClientCredentials(host: string, clientId: string, clientSecret: string, transportOptions?: TransportOptions): Promise<Zitadel>;
     /**
      * Initialize the SDK via Private Key JWT assertion.
      *
      * @param host API URL.
      * @param keyFile Path to service account JSON or PEM key file.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns Configured Zitadel client instance using JWT assertion.
      * @throws {Error} If key parsing or token exchange fails.
      * @see https://zitadel.com/docs/guides/integrate/service-users/private-key-jwt
      */
-    static withPrivateKey(host: string, keyFile: string): Promise<Zitadel>;
+    static withPrivateKey(host: string, keyFile: string, transportOptions?: TransportOptions): Promise<Zitadel>;
 }

package/dist/index.js

@@ -6,6 +6,11 @@ export * from './api-exception.js';
 export * from './configuration.js';
 export * from './models/index.js';
 export * from './auth/index.js';
+/**
+ * Main entry point for the Zitadel SDK.
+ *
+ * Provides access to all Zitadel API services through a single client instance.
+ */
 export default class Zitadel {
     actions;
     applications;
@@ -36,8 +41,15 @@ export default class Zitadel {
     settings;
     users;
     webkeys;
-    constructor(authenticator, mutateConfig) {
-        const config = new Configuration(authenticator);
+    /**
+     * Constructs a new Zitadel client instance.
+     *
+     * @param authenticator The authenticator to use for API requests.
+     * @param mutateConfig Optional callback to mutate the configuration.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
+     */
+    constructor(authenticator, mutateConfig, transportOptions) {
+        const config = new Configuration(authenticator, { transportOptions });
         if (mutateConfig) {
             mutateConfig(config);
         }
@@ -76,11 +88,12 @@ export default class Zitadel {
      *
      * @param host API URL (e.g. "https://api.zitadel.example.com").
      * @param accessToken Personal Access Token for Bearer authentication.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns Configured Zitadel client instance.
      * @see https://zitadel.com/docs/guides/integrate/service-users/personal-access-token
      */
-    static withAccessToken(host, accessToken) {
-        return new this(new PersonalAccessAuthenticator(host, accessToken));
+    static withAccessToken(host, accessToken, transportOptions) {
+        return new this(new PersonalAccessAuthenticator(host, accessToken), undefined, transportOptions);
     }
     /**
      * Initialize the SDK using OAuth2 Client Credentials flow.
@@ -88,26 +101,28 @@ export default class Zitadel {
      * @param host API URL.
      * @param clientId OAuth2 client identifier.
      * @param clientSecret OAuth2 client secret.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns Configured Zitadel client instance with token auto-refresh.
      * @throws {Error} If token retrieval fails.
      * @see https://zitadel.com/docs/guides/integrate/service-users/client-credentials
      */
-    static async withClientCredentials(host, clientId, clientSecret) {
-        const authenticator = await ClientCredentialsAuthenticator.builder(host, clientId, clientSecret).build();
-        return new this(authenticator);
+    static async withClientCredentials(host, clientId, clientSecret, transportOptions) {
+        const authenticator = await ClientCredentialsAuthenticator.builder(host, clientId, clientSecret, transportOptions).build();
+        return new this(authenticator, undefined, transportOptions);
     }
     /**
      * Initialize the SDK via Private Key JWT assertion.
      *
      * @param host API URL.
      * @param keyFile Path to service account JSON or PEM key file.
+     * @param transportOptions Optional transport options for TLS, proxy, and headers.
      * @returns Configured Zitadel client instance using JWT assertion.
      * @throws {Error} If key parsing or token exchange fails.
      * @see https://zitadel.com/docs/guides/integrate/service-users/private-key-jwt
      */
-    static async withPrivateKey(host, keyFile) {
-        const authenticator = await WebTokenAuthenticator.fromJson(host, keyFile);
-        return new this(authenticator);
+    static async withPrivateKey(host, keyFile, transportOptions) {
+        const authenticator = await WebTokenAuthenticator.fromJson(host, keyFile, transportOptions);
+        return new this(authenticator, undefined, transportOptions);
     }
 }
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,2BAA2B,EAC3B,qBAAqB,EACrB,sBAAsB,EACtB,gCAAgC,EAChC,kBAAkB,EAClB,0BAA0B,EAC1B,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,0BAA0B,EAC1B,kBAAkB,EAClB,4BAA4B,EAC5B,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAEL,8BAA8B,EAC9B,2BAA2B,EAC3B,qBAAqB,GACtB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,MAAM,CAAC,OAAO,OAAO,OAAO;IACV,OAAO,CAAmB;IAC1B,YAAY,CAAwB;IACpC,cAAc,CAA0B;IACxC,WAAW,CAAuB;IAClC,QAAQ,CAAoB;IAC5B,kBAAkB,CAA8B;IAChD,YAAY,CAAwB;IACpC,aAAa,CAAyB;IACtC,uBAAuB,CAAmC;IAC1D,QAAQ,CAAqB;IAC7B,iBAAiB,CAA6B;IAC9C,YAAY,CAAwB;IACpC,YAAY,CAAwB;IACpC,YAAY,CAAyB;IACrC,aAAa,CAA0B;IACvC,SAAS,CAAqB;IAC9B,WAAW,CAAuB;IAClC,QAAQ,CAAoB;IAC5B,IAAI,CAA6B;IACjC,SAAS,CAAqB;IAC9B,mBAAmB,CAA+B;IAClD,IAAI,CAAiB;IACrB,aAAa,CAAyB;IACtC,QAAQ,CAAoB;IAC5B,IAAI,CAAiB;IACrB,QAAQ,CAAoB;IAC5B,QAAQ,CAAqB;IAC7B,KAAK,CAAiB;IACtB,OAAO,CAAmB;IAE1C,YACE,aAA4B,EAC5B,YAA8C;QAE9C,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,aAAa,CAAC,CAAC;QAEhD,IAAI,YAAY,EAAE,CAAC;YACjB,YAAY,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,cAAc,GAAG,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAC1D,IAAI,CAAC,WAAW,GAAG,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,kBAAkB,GAAG,IAAI,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,aAAa,GAAG,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,uBAAuB,GAAG,IAAI,gCAAgC,CAAC,MAAM,CAAC,CAAC;QAC5E,IAAI,CAAC,QAAQ,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,iBAAiB,GAAG,IAAI,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,SAAS,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,IAAI,0BAA0B,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,SAAS,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,mBAAmB,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,aAAa,GAAG,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,eAAe,CAAC,IAAY,EAAE,WAAmB;QAC7D,OAAO,IAAI,IAAI,CAAC,IAAI,2BAA2B,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;;;;;;;;OASG;IACI,MAAM,CAAC,KAAK,CAAC,qBAAqB,CACvC,IAAY,EACZ,QAAgB,EAChB,YAAoB;QAEpB,MAAM,aAAa,GAAG,MAAM,8BAA8B,CAAC,OAAO,CAChE,IAAI,EACJ,QAAQ,EACR,YAAY,CACb,CAAC,KAAK,EAAE,CAAC;QAEV,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,KAAK,CAAC,cAAc,CAChC,IAAY,EACZ,OAAe;QAEf,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE1E,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;CACF"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,2BAA2B,EAC3B,qBAAqB,EACrB,sBAAsB,EACtB,gCAAgC,EAChC,kBAAkB,EAClB,0BAA0B,EAC1B,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,0BAA0B,EAC1B,kBAAkB,EAClB,4BAA4B,EAC5B,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAEL,8BAA8B,EAC9B,2BAA2B,EAC3B,qBAAqB,GACtB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGnD,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,OAAO;IACV,OAAO,CAAmB;IAC1B,YAAY,CAAwB;IACpC,cAAc,CAA0B;IACxC,WAAW,CAAuB;IAClC,QAAQ,CAAoB;IAC5B,kBAAkB,CAA8B;IAChD,YAAY,CAAwB;IACpC,aAAa,CAAyB;IACtC,uBAAuB,CAAmC;IAC1D,QAAQ,CAAqB;IAC7B,iBAAiB,CAA6B;IAC9C,YAAY,CAAwB;IACpC,YAAY,CAAwB;IACpC,YAAY,CAAyB;IACrC,aAAa,CAA0B;IACvC,SAAS,CAAqB;IAC9B,WAAW,CAAuB;IAClC,QAAQ,CAAoB;IAC5B,IAAI,CAA6B;IACjC,SAAS,CAAqB;IAC9B,mBAAmB,CAA+B;IAClD,IAAI,CAAiB;IACrB,aAAa,CAAyB;IACtC,QAAQ,CAAoB;IAC5B,IAAI,CAAiB;IACrB,QAAQ,CAAoB;IAC5B,QAAQ,CAAqB;IAC7B,KAAK,CAAiB;IACtB,OAAO,CAAmB;IAE1C;;;;;;OAMG;IACH,YACE,aAA4B,EAC5B,YAA8C,EAC9C,gBAAmC;QAEnC,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,aAAa,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEtE,IAAI,YAAY,EAAE,CAAC;YACjB,YAAY,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,cAAc,GAAG,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAC1D,IAAI,CAAC,WAAW,GAAG,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,kBAAkB,GAAG,IAAI,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,aAAa,GAAG,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,uBAAuB,GAAG,IAAI,gCAAgC,CAAC,MAAM,CAAC,CAAC;QAC5E,IAAI,CAAC,QAAQ,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,iBAAiB,GAAG,IAAI,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,SAAS,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,IAAI,0BAA0B,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,SAAS,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,mBAAmB,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,aAAa,GAAG,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,eAAe,CAC3B,IAAY,EACZ,WAAmB,EACnB,gBAAmC;QAEnC,OAAO,IAAI,IAAI,CACb,IAAI,2BAA2B,CAAC,IAAI,EAAE,WAAW,CAAC,EAClD,SAAS,EACT,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,qBAAqB,CACvC,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,gBAAmC;QAEnC,MAAM,aAAa,GAAG,MAAM,8BAA8B,CAAC,OAAO,CAChE,IAAI,EACJ,QAAQ,EACR,YAAY,EACZ,gBAAgB,CACjB,CAAC,KAAK,EAAE,CAAC;QAEV,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAC9D,CAAC;IAED;;;;;;;;;OASG;IACI,MAAM,CAAC,KAAK,CAAC,cAAc,CAChC,IAAY,EACZ,OAAe,EACf,gBAAmC;QAEnC,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CACxD,IAAI,EACJ,OAAO,EACP,gBAAgB,CACjB,CAAC;QAEF,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAC9D,CAAC;CACF"}

package/dist/runtime.js

@@ -10,7 +10,6 @@ export class BaseAPI {
     static jsonRegex = new RegExp('^(:?application\/json|[^;/ \t]+\/[^;/ \t]+[+]json)[ \t]*(:?;.*)?$', 'i');
     constructor(configuration = new Configuration()) {
         this.configuration = configuration;
-        //
     }
     /**
      * Check if the given MIME is a JSON MIME.
@@ -83,6 +82,10 @@ export class BaseAPI {
             ...overriddenInit,
             body,
         };
+        const dispatcher = await this.configuration.getDispatcher();
+        if (dispatcher) {
+            Object.assign(init, { dispatcher });
+        }
         return { url, init };
     }
     fetchApi = async (url, init) => {

package/dist/runtime.js.map

@@ -1 +1 @@
-{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,oBAAoB;AACpB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD;;GAEG;AACH,MAAM,OAAO,OAAO;IAMI;IALd,MAAM,CAAU,SAAS,GAAG,IAAI,MAAM,CAC5C,mEAAmE,EACnE,GAAG,CACJ,CAAC;IAEF,YAAsB,gBAAgB,IAAI,aAAa,EAAE;QAAnC,kBAAa,GAAb,aAAa,CAAsB;QACvD,EAAE;IACJ,CAAC;IAED;;;;;;;;;OASG;IACO,UAAU,CAAC,IAA+B;QAClD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAES,KAAK,CAAC,OAAO,CACrB,OAAoB,EACpB,aAAkD;QAElD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAChD,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAChE,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,IAAI,YAAY,CACpB,iCAAiC,EACjC,QAAQ,CAAC,MAAM,EACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC3B,CAAC,CACH,EACD,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAC3B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,OAAoB,EACpB,aAAkD;QAElD,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxE,IACE,OAAO,CAAC,KAAK,KAAK,SAAS;YAC3B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EACvC,CAAC;YACD,qEAAqE;YACrE,gFAAgF;YAChF,qCAAqC;YACrC,GAAG,IAAI,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAC3B,EAAE,EACF,IAAI,CAAC,aAAa,CAAC,OAAO,EAC1B;YACE,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,SAAS;SAC3C,EACD,OAAO,CAAC,OAAO,CAChB,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CACnC,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CACtD,CAAC;QAEF,MAAM,cAAc,GAClB,OAAO,aAAa,KAAK,UAAU;YACjC,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,aAAa,CAAC;QAEhC,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC;QAEF,MAAM,cAAc,GAAgB;YAClC,GAAG,UAAU;YACb,GAAG,CAAC,MAAM,cAAc,CAAC;gBACvB,IAAI,EAAE,UAAU;gBAChB,OAAO;aACR,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,IAAS,CAAC;QACd,IACE,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC;YAC/B,cAAc,CAAC,IAAI,YAAY,eAAe;YAC9C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAC3B,CAAC;YACD,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACpD,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,GAAgB;YACxB,GAAG,cAAc;YACjB,IAAI;SACL,CAAC;QAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACvB,CAAC;IAEO,QAAQ,GAAG,KAAK,EAAE,GAAW,EAAE,IAAiB,EAAE,EAAE;QAC1D,IAAI,WAAW,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAChC,IAAI,QAAQ,GAAyB,SAAS,CAAC;QAC/C,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;oBACvB,MAAM,IAAI,UAAU,CAClB,CAAC,EACD,gFAAgF,CACjF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;;AAGJ,SAAS,MAAM,CAAC,KAAU;IACxB,OAAO,OAAO,IAAI,KAAK,WAAW,IAAI,KAAK,YAAY,IAAI,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,KAAU;IAC5B,OAAO,OAAO,QAAQ,KAAK,WAAW,IAAI,KAAK,YAAY,QAAQ,CAAC;AACtE,CAAC;AACD,MAAM,UAAW,SAAQ,KAAK;IAInB;IAHA,IAAI,GAAiB,YAAY,CAAC;IAE3C,YACS,KAAY,EACnB,GAAY;QAEZ,KAAK,CAAC,GAAG,CAAC,CAAC;QAHJ,UAAK,GAAL,KAAK,CAAO;IAIrB,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IAI7B;IAHA,IAAI,GAAoB,eAAe,CAAC;IAEjD,YACS,KAAa,EACpB,GAAY;QAEZ,KAAK,CAAC,GAAG,CAAC,CAAC;QAHJ,UAAK,GAAL,KAAK,CAAQ;IAItB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,IAAI;IACT,KAAK,EAAE,GAAG;CACX,CAAC;AA4CF,SAAS,WAAW,CAAC,MAAiB,EAAE,SAAiB,EAAE;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SACvB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;SAC5D,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;SACjC,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAW,EACX,KASQ,EACR,YAAoB,EAAE;IAEtB,MAAM,OAAO,GAAG,SAAS,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAClE,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,KAAK;aACrB,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;aAC7D,IAAI,CAAC,IAAI,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5C,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,KAAK,YAAY,GAAG,EAAE,CAAC;QACzB,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,OAAO,oBAAoB,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC1B,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;IACrF,CAAC;IACD,qCAAqC;IACrC,IAAI,KAAK,YAAY,MAAM,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC,KAAkB,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAS,EAAE,EAAsB;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAC7B,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAChD,EAAE,CACH,CAAC;AACJ,CAAC;AAYD,MAAM,OAAO,eAAe;IAEjB;IACC;IAFV,YACS,GAAa,EACZ,cAAsC,CAAC,SAAc,EAAE,EAAE,CAAC,SAAS;QADpE,QAAG,GAAH,GAAG,CAAU;QACZ,gBAAW,GAAX,WAAW,CAAwD;IAC1E,CAAC;IAEJ,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;CACF"}
+{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,oBAAoB;AACpB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD;;GAEG;AACH,MAAM,OAAO,OAAO;IAMI;IALd,MAAM,CAAU,SAAS,GAAG,IAAI,MAAM,CAC5C,mEAAmE,EACnE,GAAG,CACJ,CAAC;IAEF,YAAsB,gBAAgB,IAAI,aAAa,EAAE;QAAnC,kBAAa,GAAb,aAAa,CAAsB;IAAG,CAAC;IAE7D;;;;;;;;;OASG;IACO,UAAU,CAAC,IAA+B;QAClD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAES,KAAK,CAAC,OAAO,CACrB,OAAoB,EACpB,aAAkD;QAElD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAChD,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAChE,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,IAAI,YAAY,CACpB,iCAAiC,EACjC,QAAQ,CAAC,MAAM,EACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC3B,CAAC,CACH,EACD,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAC3B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,OAAoB,EACpB,aAAkD;QAElD,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxE,IACE,OAAO,CAAC,KAAK,KAAK,SAAS;YAC3B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EACvC,CAAC;YACD,qEAAqE;YACrE,gFAAgF;YAChF,qCAAqC;YACrC,GAAG,IAAI,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAC3B,EAAE,EACF,IAAI,CAAC,aAAa,CAAC,OAAO,EAC1B;YACE,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,SAAS;SAC3C,EACD,OAAO,CAAC,OAAO,CAChB,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CACnC,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CACtD,CAAC;QAEF,MAAM,cAAc,GAClB,OAAO,aAAa,KAAK,UAAU;YACjC,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,aAAa,CAAC;QAEhC,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC;QAEF,MAAM,cAAc,GAAgB;YAClC,GAAG,UAAU;YACb,GAAG,CAAC,MAAM,cAAc,CAAC;gBACvB,IAAI,EAAE,UAAU;gBAChB,OAAO;aACR,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,IAAS,CAAC;QACd,IACE,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC;YAC/B,cAAc,CAAC,IAAI,YAAY,eAAe;YAC9C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAC3B,CAAC;YACD,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACpD,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,GAAgB;YACxB,GAAG,cAAc;YACjB,IAAI;SACL,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC;QAC5D,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACvB,CAAC;IAEO,QAAQ,GAAG,KAAK,EAAE,GAAW,EAAE,IAAiB,EAAE,EAAE;QAC1D,IAAI,WAAW,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAChC,IAAI,QAAQ,GAAyB,SAAS,CAAC;QAC/C,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;oBACvB,MAAM,IAAI,UAAU,CAClB,CAAC,EACD,gFAAgF,CACjF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;;AAGJ,SAAS,MAAM,CAAC,KAAU;IACxB,OAAO,OAAO,IAAI,KAAK,WAAW,IAAI,KAAK,YAAY,IAAI,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,KAAU;IAC5B,OAAO,OAAO,QAAQ,KAAK,WAAW,IAAI,KAAK,YAAY,QAAQ,CAAC;AACtE,CAAC;AACD,MAAM,UAAW,SAAQ,KAAK;IAInB;IAHA,IAAI,GAAiB,YAAY,CAAC;IAE3C,YACS,KAAY,EACnB,GAAY;QAEZ,KAAK,CAAC,GAAG,CAAC,CAAC;QAHJ,UAAK,GAAL,KAAK,CAAO;IAIrB,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,KAAK;IAI7B;IAHA,IAAI,GAAoB,eAAe,CAAC;IAEjD,YACS,KAAa,EACpB,GAAY;QAEZ,KAAK,CAAC,GAAG,CAAC,CAAC;QAHJ,UAAK,GAAL,KAAK,CAAQ;IAItB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,IAAI;IACT,KAAK,EAAE,GAAG;CACX,CAAC;AA4CF,SAAS,WAAW,CAAC,MAAiB,EAAE,SAAiB,EAAE;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SACvB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;SAC5D,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;SACjC,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAW,EACX,KASQ,EACR,YAAoB,EAAE;IAEtB,MAAM,OAAO,GAAG,SAAS,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAClE,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,KAAK;aACrB,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;aAC7D,IAAI,CAAC,IAAI,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5C,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,KAAK,YAAY,GAAG,EAAE,CAAC;QACzB,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,OAAO,oBAAoB,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC1B,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;IACrF,CAAC;IACD,qCAAqC;IACrC,IAAI,KAAK,YAAY,MAAM,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC,KAAkB,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAS,EAAE,EAAsB;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAC7B,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAChD,EAAE,CACH,CAAC;AACJ,CAAC;AAYD,MAAM,OAAO,eAAe;IAEjB;IACC;IAFV,YACS,GAAa,EACZ,cAAsC,CAAC,SAAc,EAAE,EAAE,CAAC,SAAS;QADpE,QAAG,GAAH,GAAG,CAAU;QACZ,gBAAW,GAAX,WAAW,CAAwD;IAC1E,CAAC;IAEJ,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;CACF"}

package/dist/transport-options.d.ts

@@ -0,0 +1,20 @@
+import type { Dispatcher } from 'undici';
+/**
+ * Immutable transport options for configuring HTTP connections.
+ */
+export interface TransportOptions {
+    /** Default HTTP headers sent to the origin server with every request. */
+    defaultHeaders?: Record<string, string>;
+    /** Path to a custom CA certificate file for TLS verification. */
+    caCertPath?: string;
+    /** Whether to disable TLS certificate verification. */
+    insecure?: boolean;
+    /** Proxy URL for HTTP connections. */
+    proxyUrl?: string;
+}
+/**
+ * Builds an undici dispatcher (Agent or ProxyAgent) from transport options.
+ *
+ * Returns undefined if no custom TLS or proxy settings are needed.
+ */
+export declare function buildDispatcher(transportOptions?: TransportOptions): Promise<Dispatcher | undefined>;

package/dist/transport-options.js

@@ -0,0 +1,37 @@
+/**
+ * Builds an undici dispatcher (Agent or ProxyAgent) from transport options.
+ *
+ * Returns undefined if no custom TLS or proxy settings are needed.
+ */
+export async function buildDispatcher(transportOptions) {
+    if (!transportOptions?.insecure &&
+        !transportOptions?.caCertPath &&
+        !transportOptions?.proxyUrl) {
+        return undefined;
+    }
+    const connectOpts = {};
+    if (transportOptions.insecure) {
+        connectOpts.rejectUnauthorized = false;
+    }
+    else if (transportOptions.caCertPath) {
+        const { readFileSync } = await import('node:fs');
+        const tls = await import('node:tls');
+        const customCa = readFileSync(transportOptions.caCertPath, 'utf-8');
+        connectOpts.ca = [...(tls.rootCertificates ?? []), customCa];
+    }
+    if (transportOptions.proxyUrl) {
+        const { ProxyAgent } = await import('undici');
+        const proxyOpts = {
+            uri: transportOptions.proxyUrl,
+        };
+        if (Object.keys(connectOpts).length > 0) {
+            proxyOpts.requestTls = connectOpts;
+        }
+        return new ProxyAgent(proxyOpts);
+    }
+    else {
+        const { Agent } = await import('undici');
+        return new Agent({ connect: connectOpts });
+    }
+}
+//# sourceMappingURL=transport-options.js.map

package/dist/transport-options.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-options.js","sourceRoot":"","sources":["../src/transport-options.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,gBAAmC;IAEnC,IACE,CAAC,gBAAgB,EAAE,QAAQ;QAC3B,CAAC,gBAAgB,EAAE,UAAU;QAC7B,CAAC,gBAAgB,EAAE,QAAQ,EAC3B,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,WAAW,GAA4B,EAAE,CAAC;IAChD,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QAC9B,WAAW,CAAC,kBAAkB,GAAG,KAAK,CAAC;IACzC,CAAC;SAAM,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC;QACvC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,YAAY,CAAC,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpE,WAAW,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,SAAS,GAA0D;YACvE,GAAG,EAAE,gBAAgB,CAAC,QAAQ;SAC/B,CAAC;QACF,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS,CAAC,UAAU,GAAG,WAAW,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACzC,OAAO,IAAI,KAAK,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC"}

package/dist/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "4.1.0-beta.13-beta.12-beta.11-beta.10-beta.9-beta.8-beta.7-beta.6-beta.5-beta.4-beta.3-beta.2-beta.1-beta.1";
+export declare const VERSION = "4.1.0-beta.15";

package/dist/version.js

@@ -1,2 +1,2 @@
-export const VERSION = '4.1.0-beta.13-beta.12-beta.11-beta.10-beta.9-beta.8-beta.7-beta.6-beta.5-beta.4-beta.3-beta.2-beta.1-beta.1';
+export const VERSION = '4.1.0-beta.15';
 //# sourceMappingURL=version.js.map

package/dist/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAClB,6GAA6G,CAAC"}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG,eAAe,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zitadel/sdk",
-  "version": "4.1.0-beta.13",
+  "version": "4.1.0-beta.15",
   "type": "module",
   "scripts": {
     "prepack": "tsc",
@@ -52,6 +52,7 @@
   "devDependencies": {
     "@codedependant/semantic-release-docker": "^5.1.1",
     "@commitlint/config-conventional": "^20.0.0",
+    "@jest/globals": "^30.2.0",
     "@mridang/eslint-defaults": "^1.6.1",
     "@mridang/semantic-release-peer-version": "^1.2.0",
     "@semantic-release/commit-analyzer": "^13.0.1",
@@ -77,11 +78,8 @@
     "access": "public"
   },
   "dependencies": {
-    "@jest/globals": "^30.2.0",
     "jose": "^6.1.0",
-    "oauth4webapi": "^3.8.2"
-  },
-  "overrides": {
+    "oauth4webapi": "^3.8.2",
     "undici": "^6.23.0"
   }
 }