import { z } from 'zod'; /** * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html} * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} * @note we do not enforce https: scheme in URIs to support development * environments. Make sure to validate the URIs before using it in a production * environment. */ export declare const oauthClientMetadataSchema: z.ZodObject<{ /** * @note redirect_uris require additional validation */ redirect_uris: z.ZodArray, "atleastone">; response_types: z.ZodDefault, "atleastone">>; grant_types: z.ZodDefault, "atleastone">>; scope: z.ZodOptional>; token_endpoint_auth_method: z.ZodDefault>; token_endpoint_auth_signing_alg: z.ZodOptional; userinfo_signed_response_alg: z.ZodOptional; userinfo_encrypted_response_alg: z.ZodOptional; jwks_uri: z.ZodOptional>; jwks: z.ZodOptional, ((({ kty: "RSA"; n: string; e: string; alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; p?: string | undefined; q?: string | undefined; dp?: string | undefined; dq?: string | undefined; qi?: string | undefined; oth?: { d?: string | undefined; r?: string | undefined; t?: string | undefined; }[] | undefined; } & { kid: NonNullable; }) | ({ kty: "EC"; crv: "P-256" | "P-384" | "P-521"; x: string; y: string; alg?: "ES256" | "ES384" | "ES512" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; }) | ({ kty: "EC"; crv: "secp256k1"; x: string; y: string; alg?: "ES256K" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; }) | ({ kty: "OKP"; crv: "Ed25519" | "Ed448"; x: string; alg?: "EdDSA" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; })) & { d?: never; })[], unknown[]>; }, "strip", z.ZodTypeAny, { keys: ((({ kty: "RSA"; n: string; e: string; alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; p?: string | undefined; q?: string | undefined; dp?: string | undefined; dq?: string | undefined; qi?: string | undefined; oth?: { d?: string | undefined; r?: string | undefined; t?: string | undefined; }[] | undefined; } & { kid: NonNullable; }) | ({ kty: "EC"; crv: "P-256" | "P-384" | "P-521"; x: string; y: string; alg?: "ES256" | "ES384" | "ES512" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; }) | ({ kty: "EC"; crv: "secp256k1"; x: string; y: string; alg?: "ES256K" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; }) | ({ kty: "OKP"; crv: "Ed25519" | "Ed448"; x: string; alg?: "EdDSA" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; })) & { d?: never; })[]; }, { keys: unknown[]; }>>; application_type: z.ZodDefault>; subject_type: z.ZodDefault>; request_object_signing_alg: z.ZodOptional; id_token_signed_response_alg: z.ZodOptional; authorization_signed_response_alg: z.ZodDefault; authorization_encrypted_response_enc: z.ZodOptional>; authorization_encrypted_response_alg: z.ZodOptional; client_id: z.ZodOptional; client_name: z.ZodOptional; client_uri: z.ZodOptional>; policy_uri: z.ZodOptional>; tos_uri: z.ZodOptional>; logo_uri: z.ZodOptional>; /** * Default Maximum Authentication Age. Specifies that the End-User MUST be * actively authenticated if the End-User was authenticated longer ago than * the specified number of seconds. The max_age request parameter overrides * this default value. If omitted, no default Maximum Authentication Age is * specified. */ default_max_age: z.ZodOptional; require_auth_time: z.ZodOptional; contacts: z.ZodOptional>; tls_client_certificate_bound_access_tokens: z.ZodOptional; dpop_bound_access_tokens: z.ZodOptional; authorization_details_types: z.ZodOptional>; }, "strip", z.ZodTypeAny, { redirect_uris: [`http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`, ...(`http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}`)[]]; response_types: ["code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token", ...("code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token")[]]; grant_types: ["authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]]; token_endpoint_auth_method: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth"; application_type: "web" | "native"; subject_type: "public" | "pairwise"; authorization_signed_response_alg: string; scope?: string | undefined; token_endpoint_auth_signing_alg?: string | undefined; userinfo_signed_response_alg?: string | undefined; userinfo_encrypted_response_alg?: string | undefined; jwks_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined; jwks?: { keys: ((({ kty: "RSA"; n: string; e: string; alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; p?: string | undefined; q?: string | undefined; dp?: string | undefined; dq?: string | undefined; qi?: string | undefined; oth?: { d?: string | undefined; r?: string | undefined; t?: string | undefined; }[] | undefined; } & { kid: NonNullable; }) | ({ kty: "EC"; crv: "P-256" | "P-384" | "P-521"; x: string; y: string; alg?: "ES256" | "ES384" | "ES512" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; }) | ({ kty: "EC"; crv: "secp256k1"; x: string; y: string; alg?: "ES256K" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; }) | ({ kty: "OKP"; crv: "Ed25519" | "Ed448"; x: string; alg?: "EdDSA" | undefined; kid?: string | undefined; use?: "sig" | "enc" | undefined; key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined; x5c?: string[] | undefined; x5t?: string | undefined; "x5t#S256"?: string | undefined; x5u?: string | undefined; ext?: boolean | undefined; iat?: number | undefined; exp?: number | undefined; nbf?: number | undefined; revoked?: { revoked_at: number; reason?: string | undefined; } | undefined; d?: string | undefined; } & { kid: NonNullable; })) & { d?: never; })[]; } | undefined; request_object_signing_alg?: string | undefined; id_token_signed_response_alg?: string | undefined; authorization_encrypted_response_enc?: "A128CBC-HS256" | undefined; authorization_encrypted_response_alg?: string | undefined; client_id?: string | undefined; client_name?: string | undefined; client_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined; policy_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined; tos_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined; logo_uri?: `http://[::1]${string}` | "http://localhost" | `http://localhost#${string}` | `http://localhost?${string}` | `http://localhost/${string}` | `http://localhost:${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | undefined; default_max_age?: number | undefined; require_auth_time?: boolean | undefined; contacts?: string[] | undefined; tls_client_certificate_bound_access_tokens?: boolean | undefined; dpop_bound_access_tokens?: boolean | undefined; authorization_details_types?: string[] | undefined; }, { redirect_uris: [string, ...string[]]; scope?: string | undefined; response_types?: ["code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token", ...("code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token")[]] | undefined; grant_types?: ["authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer", ...("authorization_code" | "implicit" | "refresh_token" | "password" | "client_credentials" | "urn:ietf:params:oauth:grant-type:jwt-bearer" | "urn:ietf:params:oauth:grant-type:saml2-bearer")[]] | undefined; token_endpoint_auth_method?: "client_secret_basic" | "client_secret_jwt" | "client_secret_post" | "none" | "private_key_jwt" | "self_signed_tls_client_auth" | "tls_client_auth" | undefined; token_endpoint_auth_signing_alg?: string | undefined; userinfo_signed_response_alg?: string | undefined; userinfo_encrypted_response_alg?: string | undefined; jwks_uri?: string | undefined; jwks?: { keys: unknown[]; } | undefined; application_type?: "web" | "native" | undefined; subject_type?: "public" | "pairwise" | undefined; request_object_signing_alg?: string | undefined; id_token_signed_response_alg?: string | undefined; authorization_signed_response_alg?: string | undefined; authorization_encrypted_response_enc?: "A128CBC-HS256" | undefined; authorization_encrypted_response_alg?: string | undefined; client_id?: string | undefined; client_name?: string | undefined; client_uri?: string | undefined; policy_uri?: string | undefined; tos_uri?: string | undefined; logo_uri?: string | undefined; default_max_age?: number | undefined; require_auth_time?: boolean | undefined; contacts?: string[] | undefined; tls_client_certificate_bound_access_tokens?: boolean | undefined; dpop_bound_access_tokens?: boolean | undefined; authorization_details_types?: string[] | undefined; }>; export type OAuthClientMetadata = z.infer; export type OAuthClientMetadataInput = z.input; //# sourceMappingURL=oauth-client-metadata.d.ts.map