UNPKG

28.9 kBTypeScriptView Raw
1/// <reference types="node" />
2declare module 'openid-client' {
3 /**
4 * @see https://github.com/panva/node-openid-client/blob/master/docs/README.md
5 */
6 import * as http from 'http';
7 import * as https from 'https';
8 import * as http2 from 'http2';
9 import * as tls from 'tls';
10 namespace JWKS {
11 class KeyStore {
12 }
13 }
14 type JSONWebKeySet = any;
15 type RetryFunction = (retry: number, error: Error) => number;
16 /**
17 * @see https://github.com/sindresorhus/got/tree/v9.6.0#options
18 */
19 interface HttpRequestOptions extends tls.SecureContextOptions {
20 url?: string;
21 headers?: {
22 [key: string]: unknown;
23 };
24 query?: {
25 [key: string]: unknown;
26 };
27 body?: {
28 [key: string]: unknown;
29 };
30 form?: boolean;
31 json?: boolean;
32 timeout?: number | {
33 lookup?: number;
34 connect?: number;
35 secureConnect?: number;
36 socket?: number;
37 response?: number;
38 send?: number;
39 request?: number;
40 };
41 retry?: number | {
42 retries?: number | RetryFunction;
43 methods?: Array<'GET' | 'POST' | 'PUT' | 'HEAD' | 'DELETE' | 'OPTIONS' | 'TRACE'>;
44 statusCodes?: Array<408 | 413 | 429 | 500 | 502 | 503 | 504>;
45 maxRetryAfter?: number;
46 errorCodes?: string[];
47 };
48 followRedirect?: boolean;
49 throwHttpErrors?: boolean;
50 agent?: http.Agent | https.Agent | boolean | {
51 http: http.Agent;
52 https: https.Agent;
53 };
54 [key: string]: unknown;
55 }
56 type CustomHttpOptionsProvider = (options: HttpRequestOptions) => HttpRequestOptions;
57 type TokenTypeHint = 'access_token' | 'refresh_token' | string;
58 /**
59 * @see https://github.com/panva/node-openid-client/blob/master/lib/index.js
60 */
61 const custom: {
62 setHttpOptionsDefaults(params: HttpRequestOptions): void;
63 readonly http_options: unique symbol;
64 readonly clock_tolerance: unique symbol;
65 };
66 /**
67 * @see https://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660
68 */
69 type ResponseType = 'code' | 'id_token' | 'code id_token' | 'code token' | 'code id_token token' | 'none';
70 /**
71 * @see https://github.com/panva/node-openid-client/blob/master/docs/README.md#client-authentication-methods
72 */
73 type ClientAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt' | 'tls_client_auth' | 'self_signed_tls_client_auth' | 'none';
74 /**
75 * @see https://github.com/panva/node-openid-client/blob/master/docs/README.md#new-clientmetadata-jwks
76 */
77 interface ClientMetadata {
78 client_id: string;
79 id_token_signed_response_alg?: string;
80 token_endpoint_auth_method?: ClientAuthMethod;
81 client_secret?: string;
82 redirect_uris?: string[];
83 response_types?: ResponseType[];
84 post_logout_redirect_uris?: string[];
85 default_max_age?: number;
86 require_auth_time?: boolean;
87 tls_client_certificate_bound_access_tokens?: boolean;
88 request_object_signing_alg?: string;
89 id_token_encrypted_response_alg?: string;
90 id_token_encrypted_response_enc?: string;
91 introspection_endpoint_auth_method?: ClientAuthMethod;
92 introspection_endpoint_auth_signing_alg?: string;
93 request_object_encryption_alg?: string;
94 request_object_encryption_enc?: string;
95 revocation_endpoint_auth_method?: ClientAuthMethod;
96 revocation_endpoint_auth_signing_alg?: string;
97 token_endpoint_auth_signing_alg?: string;
98 userinfo_encrypted_response_alg?: string;
99 userinfo_encrypted_response_enc?: string;
100 userinfo_signed_response_alg?: string;
101 [key: string]: unknown;
102 }
103 interface ClaimsParameterMember {
104 essential?: boolean;
105 value?: string;
106 values?: string[];
107 [key: string]: unknown;
108 }
109 interface AuthorizationParameters {
110 acr_values?: string;
111 audience?: string;
112 claims?: string | {
113 id_token?: {
114 [key: string]: null | ClaimsParameterMember;
115 };
116 userinfo?: {
117 [key: string]: null | ClaimsParameterMember;
118 };
119 };
120 claims_locales?: string;
121 client_id?: string;
122 code_challenge_method?: string;
123 code_challenge?: string;
124 display?: string;
125 id_token_hint?: string;
126 login_hint?: string;
127 max_age?: string;
128 nonce?: string;
129 prompt?: string;
130 redirect_uri?: string;
131 registration?: string;
132 request_uri?: string;
133 request?: string;
134 resource?: string | string[];
135 response_mode?: string;
136 response_type?: string;
137 scope?: string;
138 ui_locales?: string;
139 [key: string]: unknown;
140 }
141 interface EndSessionParameters {
142 id_token_hint?: TokenSet | string;
143 post_logout_redirect_uri?: string;
144 state?: string;
145 [key: string]: unknown;
146 }
147 interface CallbackParamsType {
148 access_token?: string;
149 code?: string;
150 error?: string;
151 error_description?: string;
152 error_uri?: string;
153 expires_in?: string;
154 id_token?: string;
155 state?: string;
156 token_type?: string;
157 session_state?: string;
158 [key: string]: unknown;
159 }
160 interface OAuthCallbackChecks {
161 /**
162 * When provided the authorization response will be checked for presence of required parameters for a
163 * given response_type. Use of this check is recommended.
164 */
165 response_type?: string;
166 /**
167 * When provided the authorization response's state parameter will be checked to be the this expected one.
168 * Use of this check is required if you sent a state parameter into an authorization request.
169 */
170 state?: string;
171 /**
172 * PKCE code_verifier to be sent to the token endpoint during code exchange. Use of this check is required
173 * if you sent a code_challenge parameter into an authorization request.
174 */
175 code_verifier?: string;
176 }
177 interface OpenIDCallbackChecks extends OAuthCallbackChecks {
178 /**
179 * When provided the authorization response's ID Token auth_time parameter will be checked to be conform to the
180 * max_age value. Use of this check is required if you sent a max_age parameter into an authorization request.
181 */
182 max_age?: number;
183 /**
184 * When provided the authorization response's ID Token nonce parameter will be checked to be the this expected
185 * one. Use of this check is required if you sent a nonce parameter into an authorization request.
186 */
187 nonce?: string;
188 }
189 interface CallbackExtras {
190 /**
191 * extra request body properties to be sent to the AS during code exchange.
192 */
193 exchangeBody?: object;
194 /**
195 * extra client assertion payload parameters to be sent as part of a client JWT assertion. This is only used
196 * when the client's token_endpoint_auth_method is either client_secret_jwt or private_key_jwt.
197 */
198 clientAssertionPayload?: object;
199 }
200 interface RefreshExtras {
201 /**
202 * extra request body properties to be sent to the AS during refresh token exchange.
203 */
204 exchangeBody?: object;
205 /**
206 * extra client assertion payload parameters to be sent as part of a client JWT assertion.
207 * This is only used when the client's token_endpoint_auth_method is either client_secret_jwt or private_key_jwt.
208 */
209 clientAssertionPayload?: object;
210 }
211 interface GrantBody {
212 grant_type: string;
213 [key: string]: unknown;
214 }
215 interface GrantExtras {
216 /**
217 * extra client assertion payload parameters to be sent as part of a client JWT assertion.
218 * This is only used when the client's token_endpoint_auth_method is either client_secret_jwt or private_key_jwt.
219 */
220 clientAssertionPayload?: object;
221 }
222 interface IntrospectExtras {
223 /**
224 * extra request body properties to be sent to the introspection endpoint.
225 */
226 introspectBody?: object;
227 /**
228 * extra client assertion payload parameters to be sent as part of a client JWT assertion.
229 * This is only used when the client's token_endpoint_auth_method is either client_secret_jwt or private_key_jwt.
230 */
231 clientAssertionPayload?: object;
232 }
233 interface RevokeExtras {
234 /**
235 * extra request body properties to be sent to the revocation endpoint.
236 */
237 revokeBody?: object;
238 /**
239 * extra client assertion payload parameters to be sent as part of a client JWT assertion.
240 * This is only used when the client's token_endpoint_auth_method is either client_secret_jwt or private_key_jwt.
241 */
242 clientAssertionPayload?: object;
243 }
244 interface RequestObjectPayload extends AuthorizationParameters {
245 client_id?: string;
246 iss?: string;
247 aud?: string;
248 iat?: number;
249 exp?: number;
250 jti?: string;
251 [key: string]: unknown;
252 }
253 interface RegisterOther {
254 /**
255 * JWK Set formatted object with private keys used for signing client assertions or decrypting responses.
256 * When neither jwks_uri or jwks is present in metadata the key's public parts will be registered as jwks.
257 */
258 jwks?: JSONWebKeySet;
259 /**
260 * Initial Access Token to use as a Bearer token during the registration call.
261 */
262 initialAccessToken?: string;
263 }
264 interface DeviceAuthorizationParameters {
265 client_id?: string;
266 scope?: string;
267 [key: string]: unknown;
268 }
269 interface DeviceAuthorizationExtras {
270 /**
271 * extra request body properties to be sent to the AS during the Device Access Token Request
272 */
273 exchangeBody?: object;
274 /**
275 * extra client assertion payload parameters to be sent as part of a client JWT assertion.
276 * This is only used when the client's token_endpoint_auth_method is either client_secret_jwt or private_key_jwt.
277 */
278 clientAssertionPayload?: object;
279 }
280 interface UserinfoResponse {
281 sub: string;
282 name?: string;
283 given_name?: string;
284 family_name?: string;
285 middle_name?: string;
286 nickname?: string;
287 preferred_username?: string;
288 profile?: string;
289 picture?: string;
290 website?: string;
291 email?: string;
292 email_verified?: boolean;
293 gender?: string;
294 birthdate?: string;
295 zoneinfo?: string;
296 locale?: string;
297 phone_number?: string;
298 updated_at?: number;
299 address?: {
300 formatted?: string;
301 street_address?: string;
302 locality?: string;
303 region?: string;
304 postal_code?: string;
305 country?: string;
306 [key: string]: unknown;
307 };
308 [key: string]: unknown;
309 }
310 interface IntrospectionResponse {
311 active: boolean;
312 client_id?: string;
313 exp?: number;
314 iat?: number;
315 sid?: string;
316 iss?: string;
317 jti?: string;
318 username?: string;
319 aud?: string | string[];
320 scope: string;
321 token_type?: string;
322 cnf?: {
323 'x5t#S256'?: string;
324 [key: string]: unknown;
325 };
326 [key: string]: unknown;
327 }
328 /**
329 * Encapsulates a dynamically registered, discovered or instantiated OpenID Connect Client (Client),
330 * Relying Party (RP), and its metadata, its instances hold the methods for getting an authorization URL,
331 * consuming callbacks, triggering token endpoint grants, revoking and introspecting tokens.
332 */
333 class Client {
334 constructor(metadata: ClientMetadata, jwks?: JSONWebKeySet);
335 [custom.http_options]: CustomHttpOptionsProvider;
336 [custom.clock_tolerance]: number;
337 metadata: ClientMetadata;
338 /**
339 * Returns the target authorization redirect URI to redirect End-Users to using the provided parameters.
340 * @param parameters Authorization Request parameters
341 */
342 authorizationUrl(parameters?: AuthorizationParameters): string;
343 /**
344 * Returns the target logout redirect URI to redirect End-Users to using the provided parameters.
345 * @param parameters RP-Initiated Logout Request parameters
346 */
347 endSessionUrl(parameters?: EndSessionParameters): string;
348 /**
349 * Returns recognized callback parameters from a provided input.
350 *
351 * - When input is of type string it will be parsed using url.parse and its query component will be returned
352 * - When input is a GET http/http2 request object its url property will be parsed using url.parse and its
353 * query component will be returned
354 * - When input is a POST http/http2 request object its body property will be parsed or returned if it is already
355 * an object. Note: the request read stream will not be parsed, it is expected that you will have a body parser
356 * prior to calling this method. This parser would set the req.body property
357 */
358 callbackParams(input: string | http.IncomingMessage | http2.Http2ServerRequest): CallbackParamsType;
359 /**
360 * Performs the callback for Authorization Server's authorization response.
361 * @param redirectUri redirect_uri used for the authorization request
362 * @param parameters returned authorization response, see client.callbackParams if you need help getting them.
363 * @param checks checks to perform on the Authorization Response
364 * @param extras add extra parameters to the Token Endpoint Request and/or Client Authentication JWT Assertion
365 */
366 callback(redirectUri: string | undefined, parameters: CallbackParamsType, checks?: OpenIDCallbackChecks, extras?: CallbackExtras): Promise<TokenSet>;
367 /**
368 * Pure OAuth 2.0 version of callback().
369 * @param redirectUri redirect_uri used for the authorization request
370 * @param parameters returned authorization response, see client.callbackParams if you need help getting them.
371 * @param checks checks to perform on the Authorization Response
372 * @param extras add extra parameters to the Token Endpoint Request and/or Client Authentication JWT Assertion
373 */
374 oauthCallback(redirectUri: string | undefined, parameters: CallbackParamsType, checks?: OAuthCallbackChecks, extras?: CallbackExtras): Promise<TokenSet>;
375 /**
376 * Performs refresh_token grant type exchange.
377 * @param refreshToken Refresh Token value. When TokenSet instance is provided its refresh_token property
378 * will be used automatically.
379 * @param extras Add extra parameters to the Token Endpoint Request and/or Client Authentication JWT Assertion
380 */
381 refresh(refreshToken: TokenSet | string, extras?: RefreshExtras): Promise<TokenSet>;
382 /**
383 * Fetches the OIDC userinfo response with the provided Access Token. Also handles signed and/or
384 * encrypted userinfo responses. When TokenSet is provided as an argument the userinfo sub property
385 * will also be checked to match the on in the TokenSet's ID Token.
386 *
387 * @param accessToken Access Token value. When TokenSet instance is provided its access_token property
388 * will be used automatically.
389 */
390 userinfo(accessToken: TokenSet | string): Promise<UserinfoResponse>;
391 /**
392 * Performs an arbitrary grant_type exchange at the token_endpoint.
393 */
394 grant(body: GrantBody, extras?: GrantExtras): Promise<TokenSet>;
395 /**
396 * Introspects a token at the Authorization Server's introspection_endpoint.
397 */
398 introspect(token: string, tokenTypeHint?: TokenTypeHint, extras?: IntrospectExtras): Promise<IntrospectionResponse>;
399 /**
400 * Revokes a token at the Authorization Server's revocation_endpoint.
401 */
402 revoke(token: string, tokenTypeHint?: TokenTypeHint, extras?: RevokeExtras): Promise<void>;
403 /**
404 * Creates a signed and optionally encrypted Request Object to send to the AS. Uses the client's
405 * request_object_signing_alg, request_object_encryption_alg, request_object_encryption_enc metadata for
406 * determining the algorithms to use.
407 */
408 requestObject(payload: RequestObjectPayload): Promise<string>;
409 /**
410 * Starts a Device Authorization Request at the issuer's device_authorization_endpoint and returns a handle
411 * for subsequent Device Access Token Request polling.
412 */
413 deviceAuthorization(parameters?: DeviceAuthorizationParameters, extras?: DeviceAuthorizationExtras): Promise<DeviceFlowHandle<Client>>;
414 static register(metadata: object, other?: RegisterOther): Promise<Client>;
415 static fromUri(registrationClientUri: string, registrationAccessToken: string, jwks?: JSONWebKeySet): Promise<Client>;
416 static [custom.http_options]: CustomHttpOptionsProvider;
417 [key: string]: unknown;
418 }
419 class DeviceFlowHandle<TClient extends Client> {
420 poll(): Promise<TokenSet>;
421 expired(): boolean;
422 expires_at: number;
423 client: TClient;
424 user_code: string;
425 device_code: string;
426 verification_uri: string;
427 verification_uri_complete: string;
428 expires_in: number;
429 }
430 interface IssuerMetadata {
431 issuer: string;
432 authorization_endpoint?: string;
433 token_endpoint?: string;
434 jwks_uri?: string;
435 userinfo_endpoint?: string;
436 revocation_endpoint?: string;
437 end_session_endpoint?: string;
438 registration_endpoint?: string;
439 token_endpoint_auth_methods_supported?: string[];
440 token_endpoint_auth_signing_alg_values_supported?: string[];
441 introspection_endpoint_auth_methods_supported?: string[];
442 introspection_endpoint_auth_signing_alg_values_supported?: string[];
443 revocation_endpoint_auth_methods_supported?: string[];
444 revocation_endpoint_auth_signing_alg_values_supported?: string[];
445 request_object_signing_alg_values_supported?: string[];
446 mtls_endpoint_aliases?: MtlsEndpointAliases;
447 [key: string]: unknown;
448 }
449 interface MtlsEndpointAliases {
450 token_endpoint?: string;
451 userinfo_endpoint?: string;
452 revocation_endpoint?: string;
453 introspection_endpoint?: string;
454 device_authorization_endpoint?: string;
455 }
456 interface TypeOfGenericClient<TClient extends Client> {
457 new (metadata: ClientMetadata, jwks?: JSONWebKeySet): TClient;
458 [custom.http_options]: CustomHttpOptionsProvider;
459 [custom.clock_tolerance]: number;
460 }
461 /**
462 * Encapsulates a discovered or instantiated OpenID Connect Issuer (Issuer), Identity Provider (IdP),
463 * Authorization Server (AS) and its metadata.
464 */
465 class Issuer<TClient extends Client> {
466 constructor(metadata: IssuerMetadata);
467 /**
468 * Returns the <Client> class tied to this issuer.
469 */
470 Client: TypeOfGenericClient<TClient>;
471 /**
472 * Returns metadata from the issuer's discovery document.
473 */
474 metadata: IssuerMetadata;
475 [custom.http_options]: CustomHttpOptionsProvider;
476 /**
477 * Returns the issuer's jwks_uri keys as a @panva/jose parsed JWKS.Keystore.
478 * @param forceReload forces a reload of the issuer's jwks_uri
479 */
480 keystore(forceReload?: boolean): Promise<JWKS.KeyStore>;
481 /**
482 * Loads OpenID Connect 1.0 and/or OAuth 2.0 Authorization Server Metadata documents.
483 * When the issuer argument contains '.well-known' only that document is loaded, otherwise
484 * performs both openid-configuration and oauth-authorization-server requests.
485 * @param issuer Issuer Identifier or metadata URL
486 */
487 static discover(issuer: string): Promise<Issuer<Client>>;
488 /**
489 * Performs OpenID Provider Issuer Discovery based on End-User input.
490 * @param input EMAIL, URL, Hostname and Port, acct or syntax input
491 */
492 static webfinger(input: string): Promise<Issuer<Client>>;
493 static [custom.http_options]: CustomHttpOptionsProvider;
494 [key: string]: unknown;
495 }
496 interface TokenSetParameters {
497 /**
498 * The raw access token in JWT format
499 */
500 access_token?: string;
501 /**
502 * Usually "Bearer"
503 */
504 token_type?: string;
505 /**
506 * The raw id token in JWT format
507 */
508 id_token?: string;
509 /**
510 * Refresh token, opaque string value
511 */
512 refresh_token?: string;
513 /**
514 * space-separated scope(s) used for the authentication request
515 */
516 scope?: string;
517 /**
518 * When the token set was received the expires_at field was calculated based on current timestamp
519 * and the expires_in. When recalling a TokenSet instance just the expires_at should be passed in.
520 */
521 expires_at?: number;
522 /**
523 * State value passed in the authentication request
524 */
525 session_state?: string;
526 [key: string]: unknown;
527 }
528 interface IdTokenClaims extends UserinfoResponse {
529 acr?: string;
530 amr?: string[];
531 at_hash?: string;
532 aud: string | string[];
533 auth_time?: number;
534 azp?: string;
535 c_hash?: string;
536 exp: number;
537 iat: number;
538 iss: string;
539 nonce?: string;
540 s_hash?: string;
541 sub: string;
542 [key: string]: unknown;
543 }
544 /**
545 * Creates a new TokenSet from the provided response. E.g. parsed token endpoint response, parsed callback
546 * parameters. You only need to instantiate a TokenSet yourself if you recall it from e.g. distributed cache
547 * storage or a database. Note: manually constructed TokenSet instances do not undergo any validations.
548 */
549 class TokenSet implements TokenSetParameters {
550 access_token?: string;
551 token_type?: string;
552 id_token?: string;
553 refresh_token?: string;
554 expires_in?: number;
555 expires_at?: number;
556 session_state?: string;
557 scope?: string;
558 constructor(input?: TokenSetParameters);
559 /**
560 * Given that the instance has expires_at / expires_in this function returns true / false when the
561 * access token (which expires properties are for) is beyond its lifetime.
562 */
563 expired(): boolean;
564 /**
565 * Given that the instance has an id_token this function returns its parsed payload object.
566 * Does not perform any validations as these were done prior to openid-client returning the
567 * tokenset in the first place.
568 */
569 claims(): IdTokenClaims;
570 [key: string]: unknown;
571 }
572 type StrategyVerifyCallbackUserInfo<TUser> = (tokenset: TokenSet, userinfo: UserinfoResponse, done: (err: any, user?: TUser) => void) => void;
573 type StrategyVerifyCallback<TUser> = (tokenset: TokenSet, done: (err: any, user?: TUser) => void) => void;
574 type StrategyVerifyCallbackReqUserInfo<TUser> = (req: http.IncomingMessage, tokenset: TokenSet, userinfo: UserinfoResponse, done: (err: any, user?: TUser) => void) => void;
575 type StrategyVerifyCallbackReq<TUser> = (req: http.IncomingMessage, tokenset: TokenSet, done: (err: any, user?: TUser) => void) => void;
576 interface StrategyOptions<TClient extends Client> {
577 client: TClient;
578 /**
579 * Authorization Request parameters. The strategy will use these.
580 */
581 params?: AuthorizationParameters;
582 /**
583 * Boolean specifying whether the verify function should get the request object as first argument instead.
584 * Default: 'false'
585 */
586 passReqToCallback?: boolean;
587 /**
588 * The PKCE method to use. When 'true' it will resolve based on the issuer metadata, when 'false' no PKCE will be
589 * used. Default: 'false'
590 */
591 usePKCE?: boolean | string;
592 /**
593 * The PKCE method to use. When 'true' it will resolve based on the issuer metadata, when 'false' no PKCE will be
594 * used. Default: 'false'
595 */
596 sessionKey?: string;
597 }
598 class Strategy<TUser, TClient extends Client> {
599 constructor(options: StrategyOptions<TClient>, verify: StrategyVerifyCallback<TUser> | StrategyVerifyCallbackUserInfo<TUser> | StrategyVerifyCallbackReq<TUser> | StrategyVerifyCallbackReqUserInfo<TUser>);
600 authenticate(req: any, options?: any): void;
601 success(user: any, info?: any): void;
602 fail(challenge: any, status: number): void;
603 fail(status: number): void;
604 redirect(url: string, status?: number): void;
605 pass(): void;
606 error(err: Error): void;
607 }
608 /**
609 * @see https://github.com/panva/node-openid-client/blob/master/lib/helpers/generators.js
610 */
611 namespace generators {
612 /**
613 * Generates random bytes and encodes them in url safe base64.
614 * @param bytes Number indicating the number of bytes to generate. Default: 32
615 */
616 function random(bytes?: number): string;
617 /**
618 * Generates random bytes and encodes them in url safe base64.
619 * @param bytes Number indicating the number of bytes to generate. Default: 32
620 */
621 function state(bytes?: number): string;
622 /**
623 * Generates random bytes and encodes them in url safe base64.
624 * @param bytes Number indicating the number of bytes to generate. Default: 32
625 */
626 function nonce(bytes?: number): string;
627 /**
628 * Generates random bytes and encodes them in url safe base64.
629 * @param bytes Number indicating the number of bytes to generate. Default: 32
630 */
631 function codeVerifier(bytes?: number): string;
632 /**
633 * Calculates the S256 PKCE code challenge for an arbitrary code verifier.
634 * Encodes in url safe base64.
635 * @param verifier Code verifier to calculate the S256 code challenge for
636 */
637 function codeChallenge(verifier: string): string;
638 }
639 /**
640 * @see https://github.com/panva/node-openid-client/blob/master/lib/errors.js
641 */
642 namespace errors {
643 /**
644 * Error class thrown when a regular OAuth 2.0 / OIDC style error is returned by the AS or an
645 * unexpected response is sent by the OP.
646 */
647 class OPError extends Error {
648 /**
649 * The 'error_description' parameter from the AS response.
650 */
651 error_description?: string;
652 /**
653 * The 'error' parameter from the AS response.
654 */
655 error?: string;
656 /**
657 * The 'error_uri' parameter from the AS response.
658 */
659 error_uri?: string;
660 /**
661 * The 'state' parameter from the AS response.
662 */
663 state?: string;
664 /**
665 * The 'scope' parameter from the AS response.
666 */
667 scope?: string;
668 /**
669 * The 'session_state' parameter from the AS response.
670 */
671 session_state?: string;
672 /**
673 * When the error is related to an http(s) request this propetty will hold the response object
674 * from got.
675 */
676 response?: any;
677 }
678 /**
679 * Error class thrown when client-side response expectations/validations fail to pass.
680 * Depending on the context it may or may not have additional context-based properties like
681 * checks, jwt, params or body.
682 */
683 class RPError extends Error {
684 jwt?: string;
685 checks?: object;
686 params?: object;
687 body?: object;
688 /**
689 * When the error is related to an http(s) request this propetty will hold the response object
690 * from got.
691 */
692 response?: any;
693 }
694 }
695}
696declare module 'prompt';