1 | export type OAuthServiceConfiguration = {
|
2 | revocationEndpoint?: string;
|
3 | authorizationEndpoint?: string;
|
4 | registrationEndpoint?: string;
|
5 | tokenEndpoint: string;
|
6 | };
|
7 |
|
8 | /* ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. */
|
9 | export type OAuthDisplayParameter = 'page' | 'popup' | 'touch' | 'wap';
|
10 |
|
11 | /*
|
12 | * Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization
|
13 | * Server prompts the End-User for reauthentication and consent.
|
14 | */
|
15 | export type OAuthPromptParameter = 'none' | 'login' | 'consent' | 'select_account';
|
16 |
|
17 | /*
|
18 | * String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
|
19 | * The value is passed through unmodified from the Authentication Request to the ID Token.
|
20 | * Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.
|
21 | * For implementation notes, see: https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes
|
22 | */
|
23 | export type OAuthNonceParameter = string;
|
24 |
|
25 | /*
|
26 | * End-User's preferred languages and scripts for the user interface,
|
27 | * represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.
|
28 | * For instance, the value "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation),
|
29 | * followed by English (without a region designation).
|
30 | * An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.
|
31 | */
|
32 | export type OAuthUILocalesParameter = string;
|
33 |
|
34 | /*
|
35 | * ID Token previously issued by the Authorization Server being passed as a
|
36 | * hint about the End-User's current or past authenticated session with the Client.
|
37 | * If the End-User identified by the ID Token is logged in or is logged in by the
|
38 | * request, then the Authorization Server returns a positive response; otherwise,
|
39 | * it SHOULD return an error, such as login_required.
|
40 | * When possible, an id_token_hint SHOULD be present when prompt=none is used and an
|
41 | * invalid_request error MAY be returned if it is not; however, the server
|
42 | * SHOULD respond successfully when possible, even if it is not present.
|
43 | * The Authorization Server need not be listed as an audience of the ID
|
44 | * Token when it is used as an id_token_hint value.
|
45 | * If the ID Token received by the RP from the OP is encrypted, to use it as an
|
46 | * `id_token_hint`, the Client MUST decrypt the signed ID Token contained within the
|
47 | * encrypted ID Token.
|
48 | * The Client MAY re-encrypt the signed ID token to the Authentication Server using
|
49 | * a key that enables the server to decrypt the ID Token, and use the re-encrypted
|
50 | * ID token as the `id_token_hint` value.
|
51 | */
|
52 | export type OAuthIDTokenHintParameter = string;
|
53 |
|
54 | /*
|
55 | * Maximum Authentication Age.
|
56 | * Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP.
|
57 | * If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User.
|
58 | * (The max_age request parameter corresponds to the OpenID 2.0
|
59 | * https://openid.net/specs/openid-connect-core-1_0.html#OpenID.PAPE `max_auth_age` request parameter.)
|
60 | * When max_age is used, the ID Token returned MUST include an auth_time Claim Value.
|
61 | */
|
62 | export type OAuthMaxAgeParameter = string;
|
63 |
|
64 | /*
|
65 | * Hint to the Authorization Server about the login identifier the End-User
|
66 | * might use to log in (if necessary).
|
67 | * This hint can be used by an RP if it first asks the End-User for their
|
68 | * e-mail address (or other identifier) and then wants to pass that value
|
69 | * as a hint to the discovered authorization service.
|
70 | * It is RECOMMENDED that the hint value match the value used for discovery.
|
71 | * This value MAY also be a phone number in the format specified for the
|
72 | * `phone_number` Claim.
|
73 | * The use of this parameter is left to the OP's discretion.
|
74 | */
|
75 | export type OAuthLoginHintParameter = string;
|
76 |
|
77 | /*
|
78 | * Requested Authentication Context Class Reference values.
|
79 | * Space-separated string that specifies the acr values that the Authorization Server
|
80 | * is being requested to use for processing this Authentication Request, with the
|
81 | * values appearing in order of preference.
|
82 | * The Authentication Context Class satisfied by the authentication performed is
|
83 | * returned as the acr Claim Value, as specified in Section 2.
|
84 | * The acr Claim is requested as a Voluntary Claim by this parameter.
|
85 | */
|
86 | export type OAuthACRValuesParameter = string;
|
87 |
|
88 | export type OAuthParameters = {
|
89 | nonce?: OAuthNonceParameter;
|
90 | display?: OAuthDisplayParameter;
|
91 | prompt?: OAuthPromptParameter;
|
92 | max_age?: OAuthMaxAgeParameter;
|
93 | ui_locales?: OAuthUILocalesParameter;
|
94 | id_token_hint?: OAuthIDTokenHintParameter;
|
95 | login_hint?: OAuthLoginHintParameter;
|
96 | acr_values?: OAuthACRValuesParameter;
|
97 | [key: string]: any;
|
98 | };
|
99 |
|
100 | export type OAuthBaseProps = {
|
101 | clientId: string;
|
102 | issuer: string;
|
103 | serviceConfiguration?: OAuthServiceConfiguration;
|
104 | };
|
105 |
|
106 | export type OAuthProps = OAuthBaseProps & {
|
107 | redirectUrl?: string;
|
108 | clientSecret?: string;
|
109 | scopes?: Array<string>;
|
110 | additionalParameters?: OAuthParameters;
|
111 | canMakeInsecureRequests?: boolean;
|
112 | isRefresh?: boolean;
|
113 | refreshToken?: string;
|
114 | };
|
115 |
|
116 | export type OAuthRevokeOptions = {
|
117 | token: string;
|
118 | isClientIdProvided?: boolean;
|
119 | };
|
120 |
|
121 | export type TokenResponse = {
|
122 | accessToken: string | null;
|
123 | accessTokenExpirationDate: string | null;
|
124 | additionalParameters: { [key: string]: any } | null;
|
125 | idToken: string | null;
|
126 | tokenType: string | null;
|
127 | refreshToken: string | null;
|
128 | };
|