@atproto/oauth-types - npm Package Compare versions

Comparing version 0.1.3 to 0.1.4

CHANGELOG.md

		# @atproto/oauth-types

		## 0.1.4

		### Patch Changes

		- [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Validate scopes characters according to OAuth 2.1 spec

		- [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Re-use code definition of oauthResponseTypeSchema

		- [#2734](https://github.com/bluesky-social/atproto/pull/2734) [`dee817b6e`](https://github.com/bluesky-social/atproto/commit/dee817b6e0fc02351d51ce310b5e65239b7c5ed7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove non-standard "sub" from OAuthTokenResponse

		## 0.1.3
		@@ -4,0 +14,0 @@

dist/atproto-loopback-client-metadata.js

		@@ -20,5 +20,4 @@ "use strict";
		client_name: 'Loopback client',
		response_types: ['code id_token', 'code'],
		grant_types: ['authorization_code', 'implicit', 'refresh_token'],
		scope: 'openid profile offline_access',
		response_types: ['code'],
		grant_types: ['authorization_code', 'refresh_token'],
		redirect_uris: (redirectUris.length
		@@ -25,0 +24,0 @@ ? redirectUris

dist/oauth-authentication-request-parameters.d.ts

		@@ -10,3 +10,3 @@ import { z } from 'zod';
		dpop_jkt: z.ZodOptional<z.ZodString>;
		response_type: z.ZodEnum<["code", "token", "id_token", "none", "code token", "code id_token", "id_token token", "code id_token token"]>;
		response_type: z.ZodEnum<["code", "token", "none", "code id_token token", "code id_token", "code token", "id_token token", "id_token"]>;
		response_mode: z.ZodOptional<z.ZodEnum<["query", "fragment", "form_post"]>>;
		@@ -13,0 +13,0 @@ code_challenge: z.ZodOptional<z.ZodString>;

dist/oauth-authentication-request-parameters.js

		@@ -8,2 +8,3 @@ "use strict";
		const oauth_client_id_js_1 = require("./oauth-client-id.js");
		const oauth_response_type_js_1 = require("./oauth-response-type.js");
		const oidc_claims_parameter_js_1 = require("./oidc-claims-parameter.js");
		@@ -20,14 +21,3 @@ const oidc_claims_properties_js_1 = require("./oidc-claims-properties.js");
		dpop_jkt: zod_1.z.string().optional(),
		response_type: zod_1.z.enum([
		// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
		'code',
		'token',
		// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
		'id_token',
		'none',
		'code token',
		'code id_token',
		'id_token token',
		'code id_token token',
		]),
		response_type: oauth_response_type_js_1.oauthResponseTypeSchema,
		// Default depend on response_type
		@@ -39,6 +29,9 @@ response_mode: zod_1.z.enum(['query', 'fragment', 'form_post']).optional(),
		redirect_uri: zod_1.z.string().url().optional(),
		// email profile openid (other?)
		// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
		// scope = scope-token *( SP scope-token )
		// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
		// = Basically most ASCII characters except backslash and double quote
		scope: zod_1.z
		.string()
		.regex(/^[a-zA-Z0-9_]+( [a-zA-Z0-9_]+)*$/)
		.regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
		.optional(),
		@@ -45,0 +38,0 @@ // OIDC

dist/oauth-response-type.js

		@@ -6,6 +6,6 @@ "use strict";
		exports.oauthResponseTypeSchema = zod_1.z.enum([
		// OAuth
		// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
		'code', // Authorization Code Grant
		'token', // Implicit Grant
		// OpenID
		// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
		'none',
		@@ -12,0 +12,0 @@ 'code id_token token',

dist/oauth-token-response.d.ts

		@@ -9,3 +9,2 @@ import { z } from 'zod';
		issuer: z.ZodOptional<z.ZodString>;
		sub: z.ZodOptional<z.ZodString>;
		scope: z.ZodOptional<z.ZodString>;
		@@ -41,3 +40,2 @@ id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
		issuer: z.ZodOptional<z.ZodString>;
		sub: z.ZodOptional<z.ZodString>;
		scope: z.ZodOptional<z.ZodString>;
		@@ -73,3 +71,2 @@ id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;
		issuer: z.ZodOptional<z.ZodString>;
		sub: z.ZodOptional<z.ZodString>;
		scope: z.ZodOptional<z.ZodString>;
		@@ -76,0 +73,0 @@ id_token: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, `${string}.${string}.${string}`, string>>;

dist/oauth-token-response.js

		@@ -16,3 +16,2 @@ "use strict";
		issuer: zod_1.z.string().url().optional(),
		sub: zod_1.z.string().optional(),
		scope: zod_1.z.string().optional(),
		@@ -19,0 +18,0 @@ id_token: jwk_1.signedJwtSchema.optional(),

package.json

		{
		"name": "@atproto/oauth-types",
		"version": "0.1.3",
		"version": "0.1.4",
		"license": "MIT",
		@@ -5,0 +5,0 @@ "description": "OAuth typing & validation library",

src/atproto-loopback-client-metadata.ts

		@@ -24,5 +24,4 @@ import { isOAuthClientIdLoopback } from './oauth-client-id-loopback.js'
		client_name: 'Loopback client',
		response_types: ['code id_token', 'code'],
		grant_types: ['authorization_code', 'implicit', 'refresh_token'],
		scope: 'openid profile offline_access',
		response_types: ['code'],
		grant_types: ['authorization_code', 'refresh_token'],
		redirect_uris: (redirectUris.length
		@@ -29,0 +28,0 @@ ? redirectUris

src/oauth-authentication-request-parameters.ts

		@@ -6,2 +6,3 @@ import { signedJwtSchema } from '@atproto/jwk'
		import { oauthClientIdSchema } from './oauth-client-id.js'
		import { oauthResponseTypeSchema } from './oauth-response-type.js'
		import { oidcClaimsParameterSchema } from './oidc-claims-parameter.js'
		@@ -21,16 +22,4 @@ import { oidcClaimsPropertiesSchema } from './oidc-claims-properties.js'

		response_type: z.enum([
		// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
		'code',
		'token',
		response_type: oauthResponseTypeSchema,

		// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
		'id_token',
		'none',
		'code token',
		'code id_token',
		'id_token token',
		'code id_token token',
		]),

		// Default depend on response_type
		@@ -45,6 +34,9 @@ response_mode: z.enum(['query', 'fragment', 'form_post']).optional(),

		// email profile openid (other?)
		// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-1.4.1
		// scope = scope-token *( SP scope-token )
		// scope-token = 1*( %x21 / %x23-5B / %x5D-7E )
		// = Basically most ASCII characters except backslash and double quote
		scope: z
		.string()
		.regex(/^[a-zA-Z0-9_]+( [a-zA-Z0-9_]+)*$/)
		.regex(/^[!\x23-\x5B\x5D-\x7E]+( [!\x23-\x5B\x5D-\x7E]+)*$/)
		.optional(),
		@@ -51,0 +43,0 @@

src/oauth-response-type.ts

		import { z } from 'zod'

		export const oauthResponseTypeSchema = z.enum([
		// OAuth
		// OAuth2 (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-4.1.1)
		'code', // Authorization Code Grant
		'token', // Implicit Grant

		// OpenID
		// OIDC (https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
		'none',
		@@ -10,0 +10,0 @@ 'code id_token token',

src/oauth-token-response.ts

		@@ -15,3 +15,2 @@ import { signedJwtSchema } from '@atproto/jwk'
		issuer: z.string().url().optional(),
		sub: z.string().optional(),
		scope: z.string().optional(),
		@@ -18,0 +17,0 @@ id_token: signedJwtSchema.optional(),

dist/atproto-loopback-client-metadata.d.ts.map