@@ -17,7 +17,7 @@ export type FindAccount = (
1717 token ?: AuthorizationCode | AccessToken | DeviceCode | BackchannelAuthenticationRequest ,
1818) => CanBePromise < Account | undefined > ;
1919export type TokenFormat = "opaque" | "jwt" ;
20- export type FapiProfile = "1.0 ID2" | "1.0 Final" ;
20+ export type FapiProfile = "1.0 ID2" | "1.0 Final" | "2.0" ;
2121
2222export type TTLFunction < T > = ( ctx : KoaContextWithOIDC , token : T , client : Client ) => number ;
2323
@@ -56,6 +56,7 @@ export interface AllClientMetadata {
5656 redirect_uris ?: string [ ] | undefined ;
5757 grant_types ?: string [ ] | undefined ;
5858 response_types ?: ResponseType [ ] | undefined ;
59+ response_modes ?: string [ ] | undefined ;
5960
6061 application_type ?: "web" | "native" | undefined ;
6162 client_id_issued_at ?: number | undefined ;
@@ -103,7 +104,6 @@ export interface AllClientMetadata {
103104 authorization_signed_response_alg ?: SigningAlgorithm | undefined ;
104105 authorization_encrypted_response_alg ?: EncryptionAlgValues | undefined ;
105106 authorization_encrypted_response_enc ?: EncryptionEncValues | undefined ;
106- web_message_uris ?: string [ ] | undefined ;
107107 tls_client_certificate_bound_access_tokens ?: boolean | undefined ;
108108
109109 require_signed_request_object ?: boolean | undefined ;
@@ -604,9 +604,9 @@ declare class IdToken {
604604
605605declare class Client {
606606 responseTypeAllowed ( type : ResponseType ) : boolean ;
607+ responseModeAllowed ( type : string , responseType : ResponseType , fapiProfile : FapiProfile | undefined ) : boolean ;
607608 grantTypeAllowed ( type : string ) : boolean ;
608609 redirectUriAllowed ( redirectUri : string ) : boolean ;
609- webMessageUriAllowed ( webMessageUri : string ) : boolean ;
610610 requestUriAllowed ( requestUri : string ) : boolean ;
611611 postLogoutRedirectUriAllowed ( postLogoutRedirectUri : string ) : boolean ;
612612 includeSid ( ) : boolean ;
@@ -621,6 +621,7 @@ declare class Client {
621621 readonly grantTypes ?: string [ ] | undefined ;
622622 readonly redirectUris ?: string [ ] | undefined ;
623623 readonly responseTypes ?: ResponseType [ ] | undefined ;
624+ readonly responseModes ?: string [ ] | undefined ;
624625
625626 readonly applicationType ?: "web" | "native" | undefined ;
626627 readonly clientIdIssuedAt ?: number | undefined ;
@@ -670,7 +671,6 @@ declare class Client {
670671 readonly authorizationSignedResponseAlg ?: string | undefined ;
671672 readonly authorizationEncryptedResponseAlg ?: string | undefined ;
672673 readonly authorizationEncryptedResponseEnc ?: string | undefined ;
673- readonly webMessageUris ?: string [ ] | undefined ;
674674 readonly tlsClientCertificateBoundAccessTokens ?: boolean | undefined ;
675675
676676 readonly backchannelUserCodeParameter ?: boolean | undefined ;
@@ -681,6 +681,7 @@ declare class Client {
681681 [ key : string ] : unknown ;
682682
683683 static find ( id : string ) : Promise < Client | undefined > ;
684+ static validate ( metadata : ClientMetadata ) : Promise < void > ;
684685}
685686
686687export interface ResourceServer {
@@ -756,7 +757,6 @@ declare class OIDCContext {
756757 readonly prompts : Set < string > ;
757758 readonly result ?: InteractionResults | undefined ;
758759
759- readonly webMessageUriCheckPerformed ?: boolean | undefined ;
760760 readonly redirectUriCheckPerformed ?: boolean | undefined ;
761761 readonly trusted ?: string [ ] | undefined ;
762762 readonly registrationAccessToken ?: RegistrationAccessToken | undefined ;
@@ -966,7 +966,11 @@ export interface Configuration {
966966
967967 discovery ?: UnknownObject | undefined ;
968968
969- extraParams ?: string [ ] | undefined ;
969+ extraParams ?: string [ ] | {
970+ [ param : string ] :
971+ | null
972+ | ( ( ctx : KoaContextWithOIDC , value : string | undefined , client : Client ) => CanBePromise < void > ) ;
973+ } | undefined ;
970974
971975 features ?:
972976 | {
@@ -979,6 +983,13 @@ export interface Configuration {
979983 claimsParameter ?:
980984 | {
981985 enabled ?: boolean | undefined ;
986+ assertClaimsParameter ?:
987+ | ( (
988+ ctx : KoaContextWithOIDC ,
989+ claims : ClaimsParameter ,
990+ client : Client ,
991+ ) => CanBePromise < void > )
992+ | undefined ;
982993 }
983994 | undefined ;
984995
@@ -1092,6 +1103,7 @@ export interface Configuration {
10921103 enabled ?: boolean | undefined ;
10931104 nonceSecret ?: Buffer | undefined ;
10941105 requireNonce ?: ( ctx : KoaContextWithOIDC ) => boolean ;
1106+ allowReplay ?: boolean ;
10951107 }
10961108 | undefined ;
10971109
@@ -1161,6 +1173,7 @@ export interface Configuration {
11611173 pushedAuthorizationRequests ?:
11621174 | {
11631175 requirePushedAuthorizationRequests ?: boolean | undefined ;
1176+ allowUnregisteredRedirectUris ?: boolean | undefined ;
11641177 enabled ?: boolean | undefined ;
11651178 }
11661179 | undefined ;
@@ -2292,9 +2305,6 @@ export namespace errors {
22922305 class UnsupportedResponseType extends OIDCProviderError {
22932306 constructor ( description ?: string , detail ?: string ) ;
22942307 }
2295- class WebMessageUriMismatch extends OIDCProviderError {
2296- constructor ( description ?: string , detail ?: string ) ;
2297- }
22982308 class CustomOIDCProviderError extends OIDCProviderError {
22992309 constructor ( message : string , description ?: string ) ;
23002310 }
0 commit comments