import type { Context } from "hono"; import type { Handler, MiddlewareHandler } from "hono/types"; import type { SignatureAlgorithm } from "hono/utils/jwt/jwa"; import type { SignatureKey } from "hono/utils/jwt/jws"; /** Not-null type */ type NonNull = Record; type AnyRecord = Record; /** Custom claims for JWT tokens */ type CustomClaims = { [key: Exclude]: NonNull | undefined; }; /** * Metadata for an OpenID Connect Issuer. * @template Issuer Union of the const-strings that represent Issuer URLs. */ interface AbstractIssuerMetadata { /** OpenID Connect Issuer */ issuer: IU; /** OpenID Connect authentication endpoint */ authEndpoint: string; /** OpenID Connect token endpoint */ tokenEndpoint: string; /** OpenID Connect token revocation endpoint */ tokenRevocationEndpoint: string; /** OpenID Connect client ID */ clientId: string; /** OpenID Connect client secret */ clientSecret: string; /** OpenID Connect scopes */ scopes: string[]; } /** * Options for local JWT signing. */ export interface LocalJwtOptions { /** Private key for signing */ privateKey: SignatureKey; /** Signature algorithm */ alg?: SignatureAlgorithm; /** Validity period (in milliseconds) */ maxAge: number; } /** * Metadata for an OpenID Connect Issuer. * @template I Union of the const-strings that represent Issuer URLs. */ export type IssuerMetadata = (AbstractIssuerMetadata & { /** Indicates if the Issuer supports refresh tokens */ useLocalJwt: true; /** Options for creating custom JWT when no refresh token is available */ localJwtOptions: LocalJwtOptions; /** Specify how Claims are generated using token and context */ createClaims: (c: Context, tokens: RefreshTokenGetter) => C | undefined | Promise; }) | (AbstractIssuerMetadata & { /** Indicates if the Issuer supports refresh tokens */ useLocalJwt: false; /** Specify how Claims are generated using token and context */ createClaims: (c: Context, tokens: TokenGetter) => C | undefined | Promise; }); /** * Options for OpenID Connect. * @template C Custom claims for JWT tokens * @template IU Union of the const-strings that represent Issuer URLs. */ export interface OIDCOptions { /** Issuer metadata */ issuers: IssuerMetadata[]; /** Function to get the Issuer URL */ getIssUrl: (c: Context) => IU | Promise | undefined; /** Client-side token store */ clientSideTokenStore: TokenStore; } /** * Refresh token setter. */ interface RefreshTokenSetter { setRefreshToken(c: Context, token: string | undefined): void | Promise; } /** * ID token setter. */ interface IDTokenSetter { setIDToken(c: Context, token: string | undefined): void | Promise; } /** * ID token getter. */ interface IDTokenGetter { getIDToken(c: Context): string | undefined | Promise; } /** * Refresh token getter. */ interface RefreshTokenGetter { getRefreshToken(c: Context): string | undefined | Promise; } /** * ID token & refresh token setter. */ type TokenSetter = IDTokenSetter & RefreshTokenSetter; /** * ID token & refresh token getter. */ type TokenGetter = IDTokenGetter & RefreshTokenGetter; /** * ID token & refresh token getter and setter. */ export type TokenStore = TokenGetter & TokenSetter; /** * Get type of OIDC */ type OIDCManagerType = T extends OIDCManager ? T : T extends { __oidc: infer U; } & AnyRecord ? OIDCManagerType : T extends { Variables: infer U; } & AnyRecord ? OIDCManagerType : T extends MiddlewareHandler ? OIDCManagerType : T extends OIDCSetupResult ? OIDCManager : never; /** * Get type of OIDC Custom Claims */ export type ClaimsType = OIDCManagerType extends OIDCManager ? C : T extends IssuerMetadata ? C : T extends OIDCOptions ? C : T extends CustomClaims ? T : never; /** * Get type of OIDC Issuer URL */ export type IssuerType = OIDCManagerType extends OIDCManager ? IU : T extends IssuerMetadata ? IU : T extends OIDCOptions ? IU : T extends string ? T : never; export type OIDCMiddlewareType = T extends OIDCMiddleware ? T : ClaimsType extends CustomClaims ? OIDCMiddleware> : never; type OIDCEnv = { Variables: { claims: C | undefined; } & AnyRecord; }; type OIDCMiddleware = MiddlewareHandler>; type OIDCHandler = Handler>; /** * @template C Custom claims for JWT tokens * @template IU Union of the const-strings that represent Issuer URLs. * @template P Path parameters * @template I Input */ export interface OIDCSetupResult { /** * Login handler for OpenID Connect. * @param iss Issuer URL * @param callback Callback function * @returns Handler */ loginHandler: (iss: IU, callback: (res: { type: "OK"; claims: C; } | { type: "ERR"; error: "OAuthServerError"; } | { type: "ERR"; error: "Unauthorized"; }, ...args: Parameters>) => ReturnType>) => OIDCHandler; /** * Middleware to obtain claims from OpenID Connect. */ useClaims: OIDCMiddleware; /** * Logout handler for OpenID Connect. * @param callback Callback function * @returns Handler */ logoutHandler: (callback: Handler) => Handler; } export declare function OIDC(opts: OIDCOptions | ((c: Context) => OIDCOptions | Promise>)): OIDCSetupResult; /** * Internal OpenID Connect client. * @template C Custom claims for JWT tokens * @template IU Union of the const-strings that represent Issuer URLs. */ declare class OIDCManager { #private; private constructor(); /** * Create an OIDC client. * @param c Context * @param opts OIDC options * @returns OIDC client */ static create(c: Context, opts: OIDCOptions): Promise>; /** * Manually Login with OpenID Connect. * @param c Context * @param issurl OpenID Connect Issuer URL * @returns Login result. If the login is successful, the claims are * returned. */ login(c: Context, issurl: IU): Promise<{ type: "OK"; claims: C; } | { type: "ERR"; error: "OAuthServerError"; } | { type: "ERR"; error: "Unauthorized"; } | { type: "RESPONSE"; response: Response; }>; getClaims(c: Context): Promise; logout(c: Context): Promise; } export {};