trustflows-client 0.1.0-alpha.0

package/dist/index.js

@@ -0,0 +1,9 @@
+export * from './auth';
+export * from './types';
+export * from './utils';
+export * from './uma/claims/accessToken';
+export * from './uma/claims/idToken';
+export * from './uma/claims/registry';
+export * from './uma/claims/types';
+export * from './uma/types';
+export * from './uma/utils';

package/dist/types.d.ts

@@ -0,0 +1,39 @@
+export type JsonObject = Record<string, unknown>;
+/**
+ * The dereferencable identifier of a client, which is also the URL where the client's metadata document is served.
+ */
+export interface ClientMetadata extends JsonObject {
+    /**
+     * Client identifier URL.
+     */
+    client_id: string;
+    /**
+     * Redirect URIs for redirect-based flows.
+     */
+    redirect_uris?: string[];
+    /**
+     * JWK Set (inline).
+     */
+    jwks?: {
+        keys: Record<string, unknown>[];
+    };
+    /**
+     * URI pointing to the JWK Set.
+     */
+    jwks_uri?: string;
+    /**
+     * Authentication method at the token endpoint.
+     * REQUIRED for confidential clients and MUST be "private_key_jwt".
+     */
+    token_endpoint_auth_method?: 'private_key_jwt';
+    /**
+     * Declares UMA / A4DS profiles supported by the client.
+     */
+    uma_profiles_supported?: string[];
+    /**
+     * Indicates the client can act as an automated requesting party
+     * (e.g., Aggregator-style non-interactive access).
+     */
+    automated?: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEjD;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,IAAI,CAAC,EAAE;QACL,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;KACjC,CAAC;IAEF;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,0BAA0B,CAAC,EAAE,iBAAiB,CAAC;IAE/C;;OAEG;IACH,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAElC;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+;
+export {};

package/dist/uma/claims/accessToken.d.ts

@@ -0,0 +1,8 @@
+import type { Auth } from '../../auth';
+import type { Claim } from '../types';
+import type { ClaimResolverDefinition, RequiredClaims } from './types';
+export declare const ACCESS_TOKEN_CLAIM_FORMAT = "urn:ietf:params:oauth:token-type:access_token";
+export declare const ACCESS_TOKEN_CLAIM_TYPE = "https://spec.knows.idlab.ugent.be/aggregator-protocol/latest/#derivation-access";
+export declare function accessTokenClaimResolver(required: RequiredClaims, auth: Auth): Promise<Claim | undefined>;
+export declare const accessTokenClaimResolvers: ClaimResolverDefinition[];
+//# sourceMappingURL=accessToken.d.ts.map

package/dist/uma/claims/accessToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessToken.d.ts","sourceRoot":"","sources":["../../../src/uma/claims/accessToken.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,KAAK,EACV,uBAAuB,EACvB,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,eAAO,MAAM,yBAAyB,kDACW,CAAC;AAClD,eAAO,MAAM,uBAAuB,oFAC+C,CAAC;AAkBpF,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,CAiB5B;AAED,eAAO,MAAM,yBAAyB,EAAE,uBAAuB,EAU9D,CAAC"}

package/dist/uma/claims/accessToken.js

@@ -0,0 +1,42 @@
+/* eslint-disable @typescript-eslint/naming-convention */
+import { fetchAccessToken } from '../utils';
+export const ACCESS_TOKEN_CLAIM_FORMAT = 'urn:ietf:params:oauth:token-type:access_token';
+export const ACCESS_TOKEN_CLAIM_TYPE = 'https://spec.knows.idlab.ugent.be/aggregator-protocol/latest/#derivation-access';
+function pickSingle(value, field) {
+    if (!value) {
+        return undefined;
+    }
+    if (!Array.isArray(value)) {
+        return value;
+    }
+    if (value.length === 1) {
+        return value[0];
+    }
+    throw new Error(`UMA claim field "${field}" must be a single value.`);
+}
+export async function accessTokenClaimResolver(required, auth) {
+    const issuer = pickSingle(required.issuer, 'issuer');
+    const resourceId = required.name ?? pickSingle(required.claim_type, 'claim_type');
+    if (!issuer || !resourceId) {
+        throw new Error('UMA access_token claim requires issuer and resource identifier.');
+    }
+    const endpoint = `${issuer.replace(/\/$/u, '')}/token`;
+    const tokenResult = await fetchAccessToken(auth, endpoint, [
+        { resource_id: resourceId },
+    ]);
+    return {
+        claim_token: tokenResult.access_token,
+        claim_token_format: ACCESS_TOKEN_CLAIM_FORMAT,
+    };
+}
+export const accessTokenClaimResolvers = [
+    {
+        id: 'access-token',
+        match: [
+            { claim_token_format: ACCESS_TOKEN_CLAIM_FORMAT },
+            { claim_type: ACCESS_TOKEN_CLAIM_FORMAT },
+            { claim_type: ACCESS_TOKEN_CLAIM_TYPE },
+        ],
+        resolve: accessTokenClaimResolver,
+    },
+];

package/dist/uma/claims/idToken.d.ts

@@ -0,0 +1,8 @@
+import type { Auth } from '../../auth';
+import type { Claim } from '../types';
+import type { ClaimResolverDefinition, RequiredClaims } from './types';
+export declare const ID_TOKEN_CLAIM_FORMAT = "http://openid.net/specs/openid-connect-core-1_0.html#IDToken";
+export declare const ID_TOKEN_CLAIM_FORMAT_URN = "urn:ietf:params:oauth:token-type:id_token";
+export declare function idTokenClaimResolver(required: RequiredClaims, auth: Auth): Promise<Claim | undefined>;
+export declare const idTokenClaimResolvers: ClaimResolverDefinition[];
+//# sourceMappingURL=idToken.d.ts.map

package/dist/uma/claims/idToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"idToken.d.ts","sourceRoot":"","sources":["../../../src/uma/claims/idToken.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,KAAK,EACV,uBAAuB,EACvB,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,eAAO,MAAM,qBAAqB,iEAC8B,CAAC;AACjE,eAAO,MAAM,yBAAyB,8CACO,CAAC;AAE9C,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,CAM5B;AAED,eAAO,MAAM,qBAAqB,EAAE,uBAAuB,EAW1D,CAAC"}

package/dist/uma/claims/idToken.js

@@ -0,0 +1,21 @@
+export const ID_TOKEN_CLAIM_FORMAT = 'http://openid.net/specs/openid-connect-core-1_0.html#IDToken';
+export const ID_TOKEN_CLAIM_FORMAT_URN = 'urn:ietf:params:oauth:token-type:id_token';
+export async function idTokenClaimResolver(required, auth) {
+    void required;
+    return {
+        claim_token: await auth.createClaimToken(),
+        claim_token_format: ID_TOKEN_CLAIM_FORMAT,
+    };
+}
+export const idTokenClaimResolvers = [
+    {
+        id: 'id-token',
+        match: [
+            {
+                claim_token_format: [ID_TOKEN_CLAIM_FORMAT, ID_TOKEN_CLAIM_FORMAT_URN],
+            },
+            { claim_type: [ID_TOKEN_CLAIM_FORMAT, ID_TOKEN_CLAIM_FORMAT_URN] },
+        ],
+        resolve: idTokenClaimResolver,
+    },
+];

package/dist/uma/claims/registry.d.ts

@@ -0,0 +1,7 @@
+import type { Claim } from '../types';
+import type { Auth } from '../../auth';
+import type { ClaimResolverDefinition, ClaimResolverRegistry, RequiredClaims } from './types';
+export declare function createDefaultClaimResolvers(): ClaimResolverRegistry;
+export declare function resolveClaimResolver(requiredClaim: RequiredClaims, resolvers: ClaimResolverRegistry): ClaimResolverDefinition | undefined;
+export declare function gatherClaims(existing: Claim[], requiredClaims: RequiredClaims[] | undefined, auth: Auth, resolvers: ClaimResolverRegistry): Promise<Claim[]>;
+//# sourceMappingURL=registry.d.ts.map

package/dist/uma/claims/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../src/uma/claims/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAIV,uBAAuB,EAEvB,qBAAqB,EACrB,cAAc,EACf,MAAM,SAAS,CAAC;AAIjB,wBAAgB,2BAA2B,IAAI,qBAAqB,CAEnE;AA0DD,wBAAgB,oBAAoB,CAClC,aAAa,EAAE,cAAc,EAC7B,SAAS,EAAE,qBAAqB,GAC/B,uBAAuB,GAAG,SAAS,CA0BrC;AAED,wBAAsB,YAAY,CAChC,QAAQ,EAAE,KAAK,EAAE,EACjB,cAAc,EAAE,cAAc,EAAE,GAAG,SAAS,EAC5C,IAAI,EAAE,IAAI,EACV,SAAS,EAAE,qBAAqB,GAC/B,OAAO,CAAC,KAAK,EAAE,CAAC,CAqBlB"}

package/dist/uma/claims/registry.js

@@ -0,0 +1,82 @@
+import { accessTokenClaimResolvers } from './accessToken';
+import { idTokenClaimResolvers } from './idToken';
+export function createDefaultClaimResolvers() {
+    return [...idTokenClaimResolvers, ...accessTokenClaimResolvers];
+}
+function matchesField(value, matcher) {
+    if (!value) {
+        return false;
+    }
+    const values = Array.isArray(value) ? value : [value];
+    const matchers = Array.isArray(matcher) ? matcher : [matcher];
+    return matchers.some((match) => values.includes(match));
+}
+function evaluateMatcher(claim, matcher) {
+    const keys = Object.keys(matcher);
+    let specificity = 0;
+    for (const key of keys) {
+        const fieldMatcher = matcher[key];
+        if (!fieldMatcher) {
+            continue;
+        }
+        specificity += 1;
+        const value = claim[key];
+        if (!matchesField(value, fieldMatcher)) {
+            return { matched: false, specificity };
+        }
+    }
+    return { matched: true, specificity };
+}
+function evaluateMatch(claim, matcher) {
+    if (!matcher) {
+        return { matched: true, specificity: 0 };
+    }
+    const matchers = Array.isArray(matcher) ? matcher : [matcher];
+    let bestSpecificity = -1;
+    for (const entry of matchers) {
+        const result = evaluateMatcher(claim, entry);
+        if (result.matched && result.specificity > bestSpecificity) {
+            bestSpecificity = result.specificity;
+        }
+    }
+    if (bestSpecificity >= 0) {
+        return { matched: true, specificity: bestSpecificity };
+    }
+    return { matched: false, specificity: 0 };
+}
+export function resolveClaimResolver(requiredClaim, resolvers) {
+    let best;
+    let bestPriority = Number.NEGATIVE_INFINITY;
+    let bestSpecificity = -1;
+    for (const resolver of resolvers) {
+        const { matched, specificity } = evaluateMatch(requiredClaim, resolver.match);
+        if (!matched) {
+            continue;
+        }
+        const priority = resolver.priority ?? 0;
+        if (priority > bestPriority ||
+            (priority === bestPriority && specificity > bestSpecificity)) {
+            best = resolver;
+            bestPriority = priority;
+            bestSpecificity = specificity;
+        }
+    }
+    return best;
+}
+export async function gatherClaims(existing, requiredClaims, auth, resolvers) {
+    if (!Array.isArray(requiredClaims) || requiredClaims.length === 0) {
+        return existing;
+    }
+    const claims = [...existing];
+    for (const requiredClaim of requiredClaims) {
+        const resolver = resolveClaimResolver(requiredClaim, resolvers);
+        if (!resolver) {
+            throw new Error(`No claim resolver matched required claim: ${JSON.stringify(requiredClaim)}`);
+        }
+        const claim = await resolver.resolve(requiredClaim, auth);
+        if (claim) {
+            claims.push(claim);
+        }
+    }
+    return claims;
+}

package/dist/uma/claims/types.d.ts

@@ -0,0 +1,59 @@
+import type { Auth } from '../../auth';
+import type { JsonObject } from '../../types';
+import type { Claim } from '../types';
+/**
+ * An UMA Required Claim object.
+ */
+export interface RequiredClaims extends JsonObject {
+    /**
+     * A URI(s) that identifies the claim token format.
+     */
+    claim_token_format?: string | string[];
+    /**
+     * A URI(s) that identifies the type of claim.
+     */
+    claim_type?: string | string[];
+    /**
+     * The issuer(s) the claim needs to come from.
+     */
+    issuer?: string | string[];
+    /**
+     * The name of the claim request.
+     */
+    name?: string;
+    /**
+     * A human-friendly name for the claim.
+     */
+    friendly_name?: string;
+}
+/**
+ * Resolves a required claim into a claim token.
+ */
+export type ClaimResolver = (required: RequiredClaims, auth: Auth) => Promise<Claim | undefined> | Claim | undefined;
+export type ClaimField = 'claim_token_format' | 'claim_type' | 'issuer' | 'name' | 'friendly_name';
+export type ClaimFieldMatcher = string | string[];
+export type ClaimMatcher = Partial<Record<ClaimField, ClaimFieldMatcher>>;
+export type ClaimResolverMatch = ClaimMatcher | ClaimMatcher[];
+/**
+ * A claim resolver definition that can be registered with the registry.
+ */
+export interface ClaimResolverDefinition {
+    /**
+     * Resolver identifier.
+     */
+    id: string;
+    /**
+     * Declarative matchers for required claim fields.
+     */
+    match?: ClaimResolverMatch;
+    /**
+     * Resolver priority (higher wins).
+     */
+    priority?: number;
+    /**
+     * Resolver implementation.
+     */
+    resolve: ClaimResolver;
+}
+export type ClaimResolverRegistry = ClaimResolverDefinition[];
+//# sourceMappingURL=types.d.ts.map

package/dist/uma/claims/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/uma/claims/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAEtC;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAEvC;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE/B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,CAC1B,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,IAAI,KACP,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,GAAG,KAAK,GAAG,SAAS,CAAC;AAEpD,MAAM,MAAM,UAAU,GAClB,oBAAoB,GACtB,YAAY,GACZ,QAAQ,GACR,MAAM,GACN,eAAe,CAAC;AAClB,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;AAClD,MAAM,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAC1E,MAAM,MAAM,kBAAkB,GAAG,YAAY,GAAG,YAAY,EAAE,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;OAEG;IACH,EAAE,EAAE,MAAM,CAAC;IAEX;;OAEG;IACH,KAAK,CAAC,EAAE,kBAAkB,CAAC;IAE3B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,MAAM,qBAAqB,GAAG,uBAAuB,EAAE,CAAC"}

package/dist/uma/claims/types.js

@@ -0,0 +1 @@
+export {};

package/dist/uma/types.d.ts

@@ -0,0 +1,161 @@
+import type { JsonObject } from '../types';
+import type { RequiredClaims } from './claims/types';
+/**
+ * The WWW-Authenticate challenge for UMA authorization.
+ */
+export interface AuthorizationChallenge extends JsonObject {
+    /**
+     * The scheme, which is always "UMA".
+     */
+    scheme: 'UMA';
+    /**
+     * The authorization server URI.
+     */
+    as_uri: string;
+    /**
+     * The ticket issued by the authorization server.
+     */
+    ticket: string;
+}
+/**
+ * The .well-known UMA authorization server metadata.
+ */
+export interface AuthorizationServerMetadata extends JsonObject {
+    /**
+     * The UMA profiles supported by the authorization server.
+     */
+    uma_profiles_supported: string[];
+    /**
+     * Whether the authorization server supports client ID metadata documents.
+     */
+    client_id_metadata_document_supported: true;
+    /**
+     * The issuer identifier for the authorization server.
+     */
+    issuer: string;
+    /**
+     * The resource registration endpoint URL.
+     */
+    resource_registration_endpoint: string;
+    /**
+     * The permission endpoint URL.
+     */
+    permission_endpoint: string;
+    /**
+     * The token endpoint URL.
+     */
+    token_endpoint: string;
+    /**
+     * The introspection endpoint URL.
+     */
+    introspection_endpoint: string;
+    /**
+     * The claim interaction endpoint URL.
+     */
+    claims_interaction_endpoint?: string;
+    /**
+     * The JWKS URI for the authorization server.
+     */
+    jwks_uri?: string;
+}
+/**
+ * The UMA token request payload.
+ */
+export interface TokenRequest extends Claim, JsonObject {
+    /**
+     * The grant type, which is always "urn:ietf:params:oauth:grant-type:uma-ticket".
+     */
+    grant_type: 'urn:ietf:params:oauth:grant-type:uma-ticket';
+    /**
+     * The ticket issued by the authorization server.
+     * Either this or permissions must be provided.
+     */
+    ticket?: string;
+    /**
+     * The permissions being requested.
+     * Either this or ticket must be provided.
+     */
+    permissions?: PermissionDescription | PermissionDescription[];
+    /**
+     * An optional global scope.
+     */
+    scope?: string;
+}
+/**
+ * UMA claim.
+ */
+export interface Claim {
+    /**
+     * A claim token to satisfy required claims.
+     */
+    claim_token?: string;
+    /**
+     * The format of the claim token.
+     */
+    claim_token_format?: string;
+}
+/**
+ * A UMA permission description.
+ */
+export interface PermissionDescription {
+    /**
+     * The resource ID for the permission.
+     */
+    resource_id: string;
+    /**
+     * The scopes associated with the permission.
+     */
+    resource_scopes?: string[];
+}
+/**
+ * A UMA need_info response indicating additional claims are required.
+ */
+export interface FailedTokenResponse extends JsonObject {
+    /**
+     * The error code.
+     */
+    error: 'need_info';
+    /**
+     * The error description.
+     */
+    error_description?: string;
+    /**
+     * The URI reference of a web page with human-readable information about the error.
+     */
+    error_uri?: string;
+    /**
+     * If a state parameter was present in the request that triggered the error.
+     */
+    state?: string;
+    /**
+     * The ticket issued by the authorization server.
+     */
+    ticket?: string;
+    /**
+     * The required claims to satisfy the authorization request.
+     */
+    required_claims?: RequiredClaims[];
+    /**
+     * The URI to redirect the user to for interactive authorization, if applicable.
+     */
+    redirect_user?: string;
+    /**
+     * The minimum amount of time in seconds that the client SHOULD wait between polling requests
+     */
+    interval?: number;
+}
+/**
+ * The UMA token response.
+ */
+export interface SuccessfulTokenResponse extends JsonObject {
+    /**
+     * The access token issued by the authorization server.
+     */
+    access_token: string;
+    /**
+     * The type of the token, which is typically "Bearer".
+     */
+    token_type: string;
+}
+export type TokenResponse = SuccessfulTokenResponse | FailedTokenResponse;
+//# sourceMappingURL=types.d.ts.map

package/dist/uma/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/uma/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,UAAU;IACxD;;OAEG;IACH,MAAM,EAAE,KAAK,CAAC;IAEd;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,UAAU;IAC7D;;OAEG;IACH,sBAAsB,EAAE,MAAM,EAAE,CAAC;IAEjC;;OAEG;IACH,qCAAqC,EAAE,IAAI,CAAC;IAE5C;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,8BAA8B,EAAE,MAAM,CAAC;IAEvC;;OAEG;IACH,mBAAmB,EAAE,MAAM,CAAC;IAE5B;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,sBAAsB,EAAE,MAAM,CAAC;IAE/B;;OAEG;IACH,2BAA2B,CAAC,EAAE,MAAM,CAAC;IAErC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAa,SAAQ,KAAK,EAAE,UAAU;IACrD;;OAEG;IACH,UAAU,EAAE,6CAA6C,CAAC;IAE1D;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,WAAW,CAAC,EAAE,qBAAqB,GAAG,qBAAqB,EAAE,CAAC;IAE9D;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,KAAK;IACpB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,UAAU;IACrD;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;IAEnC;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAwB,SAAQ,UAAU;IACzD;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,mBAAmB,CAAC"}

package/dist/uma/types.js

@@ -0,0 +1 @@
+export {};

package/dist/uma/utils.d.ts

@@ -0,0 +1,16 @@
+import type { Auth } from '../auth';
+import type { AuthorizationChallenge, AuthorizationServerMetadata, PermissionDescription, SuccessfulTokenResponse } from './types';
+export declare class TokenRequestError extends Error {
+    readonly status: number;
+    readonly payload?: unknown;
+    constructor(message: string, status: number, payload?: unknown);
+}
+export declare function parseUmaAuthenticateHeader(headers: Headers): AuthorizationChallenge | null;
+export declare function discoverUmaConfiguration(asUri: string, fetchFn?: typeof fetch): Promise<AuthorizationServerMetadata>;
+export declare function fetchAccessToken(auth: Auth, tokenEndpoint: string, request: string | PermissionDescription[]): Promise<SuccessfulTokenResponse>;
+export interface UmaFetchOptions {
+    auth: Auth;
+    challenge: AuthorizationChallenge;
+}
+export declare function fetchWithUma(input: RequestInfo | URL, init?: RequestInit, options?: UmaFetchOptions): Promise<Response>;
+//# sourceMappingURL=utils.d.ts.map

package/dist/uma/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/uma/utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAEpC,OAAO,KAAK,EACV,sBAAsB,EACtB,2BAA2B,EAE3B,qBAAqB,EACrB,uBAAuB,EAGxB,MAAM,SAAS,CAAC;AAQjB,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,SAAgB,MAAM,EAAE,MAAM,CAAC;IAC/B,SAAgB,OAAO,CAAC,EAAE,OAAO,CAAC;gBAEf,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAMtE;AAED,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,OAAO,GACf,sBAAsB,GAAG,IAAI,CAgC/B;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,OAAO,KAAa,GAC5B,OAAO,CAAC,2BAA2B,CAAC,CAwBtC;AAED,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,IAAI,EACV,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,GAAG,qBAAqB,EAAE,GACxC,OAAO,CAAC,uBAAuB,CAAC,CAiHlC;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,sBAAsB,CAAC;CACnC;AAED,wBAAsB,YAAY,CAChC,KAAK,EAAE,WAAW,GAAG,GAAG,EACxB,IAAI,CAAC,EAAE,WAAW,EAClB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,QAAQ,CAAC,CA+BnB"}