@animo-id/oauth2 - npm Package Compare versions

Comparing version 0.0.2-alpha-20241108155454 to 0.0.2-alpha-20241109051458

dist/index.d.ts

 import * as v from 'valibot';
-import { HttpMethod, FetchHeaders, ContentType, Fetch, BaseSchema, FetchResponse, FetchRequestInit } from '@animo-id/oauth2-utils';
+import { HttpMethod, FetchHeaders, ContentType, Fetch, BaseSchema, FetchResponse, FetchRequestInit, StringWithAutoCompletion } from '@animo-id/oauth2-utils';
 export { HttpMethod, InvalidFetchResponseError, Oid4vcTsConfig, getGlobalConfig, setGlobalConfig } from '@animo-id/oauth2-utils';
@@ -687,2 +687,7 @@
 }
+interface CreatePkceReturn {
+    codeVerifier: string;
+    codeChallenge: string;
+    codeChallengeMethod: PkceCodeChallengeMethod;
+}
 
@@ -1091,2 +1096,62 @@ declare const vPreAuthorizedCodeGrantIdentifier: v.LiteralSchema<"urn:ietf:params:oauth:grant-type:pre-authorized_code", undefined>;
 
+interface CreateAuthorizationChallengeResponseOptions {
+    /**
+     * The authorization code
+     */
+    authorizationCode: string;
+    /**
+     * Additional payload to include in the authorization challenge response.
+     */
+    additionalPayload?: Record<string, unknown>;
+}
+interface CreateAuthorizationChallengeErrorResponseOptions {
+    /**
+     * Auth session identifier for the authorization challenge. The client MUST include this
+     * in subsequent requests to the authorization challenge endpoint.
+     */
+    authSession?: string;
+    /**
+     * The presentation during issuance error.
+     *
+     * Error codes specific to authorization challenge are:
+     *  - @see Oauth2ErrorCodes.RedirectToWeb
+     *  - @see Oauth2ErrorCodes.InvalidSession
+     *  - @see Oauth2ErrorCodes.InsufficientAuthorization
+     *
+     * If you want to require presentation of a
+     */
+    error: Oauth2ErrorCodes | StringWithAutoCompletion;
+    /**
+     * Optional error description
+     */
+    errorDescription?: string;
+    /**
+     * OpenID4VP authorization request url that must be completed before authorization
+     * can be granted
+     *
+     * Should be combined with `error` @see Oauth2ErrorCodes.InsufficientAuthorization
+     */
+    presentation?: string;
+    /**
+     * Optional PAR request uri, allowing the authorization challenge request to be treated
+     * as a succesfull pushed authorization request.
+     *
+     * Should be combined with `error` @see Oauth2ErrorCodes.RedirectToWeb
+     */
+    requestUri?: string;
+    /**
+     * Duration is seconds after which the `requestUri` parameter will expire. Should only be included
+     * if the `requestUri` is also included, and has no meaning otherwise
+     */
+    expiresIn?: number;
+    /**
+     * Additional payload to include in the authorization challenge error response.
+     */
+    additionalPayload?: Record<string, unknown>;
+}
+
+interface ParseAuthorizationChallengeRequestOptions {
+    authorizationChallengeRequest: unknown;
+}
+
 interface Oauth2AuthorizationServerOptions {
@@ -1153,2 +1218,54 @@ /**
     }>;
+    /**
+     * Parse an authorization challenge request
+     */
+    parseAuthorizationChallengeRequest(options: ParseAuthorizationChallengeRequestOptions): Promise<{
+        authorizationChallengeRequest: {
+            resource?: string | undefined;
+            scope?: string | undefined;
+            client_id?: string | undefined;
+            auth_session?: string | undefined;
+            code_challenge?: string | undefined;
+            code_challenge_method?: string | undefined;
+            presentation_during_issuance_session?: string | undefined;
+        } & {
+            [key: string]: unknown;
+        };
+    }>;
+    createAuthorizationChallengeResponse(options: CreateAuthorizationChallengeResponseOptions): {
+        authorizationChallengeResponse: {
+            authorization_code: string;
+        } & {
+            [key: string]: unknown;
+        };
+    };
+    /**
+     * Create an authorization challenge error response indicating presentation of credenitals
+     * using OpenID4VP is required before authorization can be granted.
+     *
+     * The `presentation` parameter should be an OpenID4VP authorization request url.
+     * The `authSession` should be used to track the session
+     */
+    createAuthorizationChallengePresentationErrorResponse(options: Pick<CreateAuthorizationChallengeErrorResponseOptions, 'errorDescription' | 'additionalPayload'> & Required<Pick<CreateAuthorizationChallengeErrorResponseOptions, 'authSession' | 'presentation'>>): {
+        error: string;
+        error_description?: string | undefined;
+        error_uri?: string | undefined;
+        expires_in?: number | undefined;
+        auth_session?: string | undefined;
+        request_uri?: string | undefined;
+        presentation?: string | undefined;
+    } & {
+        [key: string]: unknown;
+    };
+    createAuthorizationChallengeErrorResponse(options: CreateAuthorizationChallengeErrorResponseOptions): {
+        error: string;
+        error_description?: string | undefined;
+        error_uri?: string | undefined;
+        expires_in?: number | undefined;
+        auth_session?: string | undefined;
+        request_uri?: string | undefined;
+        presentation?: string | undefined;
+    } & {
+        [key: string]: unknown;
+    };
 }
@@ -1334,14 +1451,6 @@
         authorizationRequestUrl: string;
-        pkce: {
-            codeVerifier: string;
-            codeChallenge: string;
-            codeChallengeMethod: PkceCodeChallengeMethod;
-        } | undefined;
+        pkce: CreatePkceReturn | undefined;
     }>;
     sendAuthorizationChallengeRequest(options: Omit<SendAuthorizationChallengeRequestOptions, 'callbacks'>): Promise<{
-        pkce: {
-            codeVerifier: string;
-            codeChallenge: string;
-            codeChallengeMethod: PkceCodeChallengeMethod;
-        } | undefined;
+        pkce: CreatePkceReturn | undefined;
         authorizationChallengeResponse: {
@@ -1355,7 +1464,3 @@ authorization_code: string;
         authorizationRequestUrl: string;
-        pkce: {
-            codeVerifier: string;
-            codeChallenge: string;
-            codeChallengeMethod: PkceCodeChallengeMethod;
-        } | undefined;
+        pkce: CreatePkceReturn | undefined;
     }>;
@@ -1367,2 +1472,2 @@ retrievePreAuthorizedCodeAccessToken({ authorizationServerMetadata, preAuthorizedCode, additionalRequestPayload, txCode, dpop, resource, }: Omit<RetrievePreAuthorizedCodeAccessTokenOptions, 'callbacks'>): Promise<RetrieveAccessTokenReturn>;
 
-export { type AccessTokenErrorResponse, type AccessTokenResponse, type AuthorizationCodeGrantIdentifier, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type CreateAuthorizationRequestUrlOptions, type DecodeJwtOptions, type DecodeJwtResult, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type Jwk, type JwkSet, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type RequestDpopOptions, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type ResponseDpopReturn, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, type VerifyAccessTokenRequestReturn, type VerifyJwtCallback, type VerifyJwtOptions, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, decodeJwt, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, resourceRequest, vAuthorizationCodeGrantIdentifier, vAuthorizationServerMetadata, vCompactJwt, vJwk, vJwtHeader, vJwtPayload, vOauth2ErrorResponse, vPreAuthorizedCodeGrantIdentifier, verifyJwt, verifyResourceRequest };
+export { type AccessTokenErrorResponse, type AccessTokenResponse, type AuthorizationCodeGrantIdentifier, type AuthorizationServerMetadata, type CalculateJwkThumbprintOptions, type CallbackContext, type ClientAuthenticationCallback, type ClientAuthenticationCallbackOptions, type ClientAuthenticationClientSecretBasicOptions, type ClientAuthenticationClientSecretPostOptions, type ClientAuthenticationDynamicOptions, type CreateAuthorizationRequestUrlOptions, type CreatePkceReturn, type DecodeJwtOptions, type DecodeJwtResult, type GenerateRandomCallback, HashAlgorithm, type HashCallback, type Jwk, type JwkSet, type JwtSigner, type JwtSignerCustom, type JwtSignerDid, type JwtSignerJwk, type JwtSignerX5c, Oauth2AuthorizationServer, type Oauth2AuthorizationServerOptions, Oauth2Client, Oauth2ClientAuthorizationChallengeError, Oauth2ClientErrorResponseError, type Oauth2ClientOptions, Oauth2Error, Oauth2ErrorCodes, type Oauth2ErrorOptions, type Oauth2ErrorResponse, Oauth2JwtParseError, Oauth2JwtVerificationError, Oauth2ResourceServer, type Oauth2ResourceServerOptions, Oauth2ResourceUnauthorizedError, Oauth2ServerErrorResponseError, PkceCodeChallengeMethod, type PreAuthorizedCodeGrantIdentifier, type RequestDpopOptions, type ResourceRequestOptions, type ResourceRequestResponseNotOk, type ResourceRequestResponseOk, type ResponseDpopReturn, type RetrieveAuthorizationCodeAccessTokenOptions, type RetrievePreAuthorizedCodeAccessTokenOptions, type SignJwtCallback, SupportedAuthenticationScheme, type VerifyAccessTokenRequestReturn, type VerifyJwtCallback, type VerifyJwtOptions, type VerifyResourceRequestOptions, type WwwAuthenticateHeaderChallenge, authorizationCodeGrantIdentifier, calculateJwkThumbprint, clientAuthenticationClientSecretBasic, clientAuthenticationClientSecretPost, clientAuthenticationDynamic, clientAuthenticationNone, decodeJwt, fetchAuthorizationServerMetadata, fetchJwks, fetchWellKnownMetadata, getAuthorizationServerMetadataFromList, jwtHeaderFromJwtSigner, jwtSignerFromJwt, preAuthorizedCodeGrantIdentifier, resourceRequest, vAuthorizationCodeGrantIdentifier, vAuthorizationServerMetadata, vCompactJwt, vJwk, vJwtHeader, vJwtPayload, vOauth2ErrorResponse, vPreAuthorizedCodeGrantIdentifier, verifyJwt, verifyResourceRequest };

package.json

 {
   "name": "@animo-id/oauth2",
-  "version": "0.0.2-alpha-20241108155454",
+  "version": "0.0.2-alpha-20241109051458",
   "exports": {
@@ -18,3 +18,3 @@ ".": {
     "valibot": "^0.42.1",
-    "@animo-id/oauth2-utils": "0.0.2-alpha-20241108155454"
+    "@animo-id/oauth2-utils": "0.0.2-alpha-20241109051458"
   },
@@ -21,0 +21,0 @@ "devDependencies": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

665016

increased by4.61%

Lines of code

5778

increased by4.05%

Dependency changes

• + Added@animo-id/oauth2-utils@0.0.2-alpha-20241109051458(transitive)

• - Removed@animo-id/oauth2-utils@0.0.2-alpha-20241108155454(transitive)

• Updated@animo-id/oauth2-utils@0.0.2-alpha-20241109051458