import * as oauth from "oauth4webapi"; /** * Creates a mock factory for next/headers.js * * Usage in test files: * vi.mock("next/headers.js", () => createNextHeadersMock()); * * Options: * - cookies: whether to mock the cookies function (default: true) */ export declare function createNextHeadersMock(options?: { cookies?: boolean; }): Promise>; /** * Creates a mock factory for oauth4webapi with DPoP support * * Usage in test files: * vi.mock("oauth4webapi", () => createOAuth4WebapiDPopMock()); * * Mocks: * - protectedResourceRequest: vi.fn() * - isDPoPNonceError: vi.fn() * - DPoP: vi.fn((client, keyPair) => ({ client, keyPair })) * - generateKeyPair: vi.fn() returning mock CryptoKey objects * - discoveryRequest: vi.fn() * - processDiscoveryResponse: vi.fn() * - customFetch: Symbol("customFetch") * - allowInsecureRequests: Symbol("allowInsecureRequests") */ export declare function createOAuth4WebapiDPopMock(): Promise<{ protectedResourceRequest: import("vitest").Mock<(...args: any[]) => any>; isDPoPNonceError: import("vitest").Mock<(...args: any[]) => any>; DPoP: import("vitest").Mock<(client: any, keyPair: any) => { client: any; keyPair: any; }>; generateKeyPair: import("vitest").Mock<() => Promise<{ privateKey: CryptoKey; publicKey: CryptoKey; }>>; discoveryRequest: import("vitest").Mock<(...args: any[]) => any>; processDiscoveryResponse: import("vitest").Mock<(...args: any[]) => any>; customFetch: symbol; allowInsecureRequests: symbol; generateRandomCodeVerifier(): string; generateRandomState(): string; generateRandomNonce(): string; calculatePKCECodeChallenge(codeVerifier: string): Promise; ClientSecretPost(clientSecret: string): oauth.ClientAuth; ClientSecretBasic(clientSecret: string): oauth.ClientAuth; PrivateKeyJwt(clientPrivateKey: oauth.CryptoKey | oauth.PrivateKey, options?: oauth.ModifyAssertionOptions): oauth.ClientAuth; ClientSecretJwt(clientSecret: string, options?: oauth.ModifyAssertionOptions): oauth.ClientAuth; None(): oauth.ClientAuth; TlsClientAuth(): oauth.ClientAuth; issueRequestObject(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | Record | string[][], privateKey: oauth.CryptoKey | oauth.PrivateKey, options?: oauth.ModifyAssertionOptions): Promise; checkProtocol(url: URL, enforceHttps: boolean | undefined): void; pushedAuthorizationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.PushedAuthorizationRequestOptions): Promise; processPushedAuthorizationResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response): Promise; userInfoRequest(as: oauth.AuthorizationServer, client: oauth.Client, accessToken: string, options?: oauth.UserInfoRequestOptions): Promise; processUserInfoResponse(as: oauth.AuthorizationServer, client: oauth.Client, expectedSubject: string | typeof oauth.skipSubjectCheck, response: Response, options?: oauth.JWEDecryptOptions): Promise; refreshTokenGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, refreshToken: string, options?: oauth.TokenEndpointRequestOptions): Promise; getValidatedIdTokenClaims(ref: oauth.TokenEndpointResponse): oauth.IDToken | undefined; validateApplicationLevelSignature(as: oauth.AuthorizationServer, ref: Response, options?: oauth.ValidateSignatureOptions): Promise; processRefreshTokenResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; authorizationCodeGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, callbackParameters: URLSearchParams, redirectUri: string, codeVerifier: string | typeof oauth.nopkce, options?: oauth.TokenEndpointRequestOptions): Promise; processAuthorizationCodeResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessAuthorizationCodeResponseOptions): Promise; clientCredentialsGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.ClientCredentialsGrantRequestOptions): Promise; genericTokenEndpointRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, grantType: string, parameters: URLSearchParams | Record | string[][], options?: Omit): Promise; processGenericTokenEndpointResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; processClientCredentialsResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; revocationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, token: string, options?: oauth.RevocationRequestOptions): Promise; processRevocationResponse(response: Response): Promise; introspectionRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, token: string, options?: oauth.IntrospectionRequestOptions): Promise; processIntrospectionResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.JWEDecryptOptions): Promise; validateJwtAuthResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL, expectedState?: string | typeof oauth.expectNoState | typeof oauth.skipStateCheck, options?: oauth.ValidateSignatureOptions & oauth.JWEDecryptOptions): Promise; validateDetachedSignatureResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL | Request, expectedNonce: string, expectedState?: string | typeof oauth.expectNoState, maxAge?: number | typeof oauth.skipAuthTimeCheck, options?: oauth.ValidateSignatureOptions & oauth.JWEDecryptOptions): Promise; validateCodeIdTokenResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL | Request, expectedNonce: string, expectedState?: string | typeof oauth.expectNoState, maxAge?: number | typeof oauth.skipAuthTimeCheck, options?: oauth.ValidateSignatureOptions & oauth.JWEDecryptOptions): Promise; validateAuthResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL, expectedState?: string | typeof oauth.expectNoState | typeof oauth.skipStateCheck): URLSearchParams; deviceAuthorizationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.DeviceAuthorizationRequestOptions): Promise; processDeviceAuthorizationResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response): Promise; deviceCodeGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, deviceCode: string, options?: oauth.TokenEndpointRequestOptions): Promise; processDeviceCodeResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; validateJwtAccessToken(as: oauth.AuthorizationServer, request: Request, expectedAudience: string, options?: oauth.ValidateJWTAccessTokenOptions): Promise; backchannelAuthenticationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.BackchannelAuthenticationRequestOptions): Promise; processBackchannelAuthenticationResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response): Promise; backchannelAuthenticationGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, authReqId: string, options?: oauth.TokenEndpointRequestOptions): Promise; processBackchannelAuthenticationGrantResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; dynamicClientRegistrationRequest(as: oauth.AuthorizationServer, metadata: Partial>, options?: oauth.DynamicClientRegistrationRequestOptions): Promise; processDynamicClientRegistrationResponse(response: Response): Promise>; resourceDiscoveryRequest(resourceIdentifier: URL, options?: oauth.HttpRequestOptions<"GET">): Promise; processResourceDiscoveryResponse(expectedResourceIdentifier: URL, response: Response): Promise; clockSkew: typeof oauth.clockSkew; clockTolerance: typeof oauth.clockTolerance; modifyAssertion: typeof oauth.modifyAssertion; jweDecrypt: typeof oauth.jweDecrypt; jwksCache: typeof oauth.jwksCache; UnsupportedOperationError: typeof oauth.UnsupportedOperationError; OperationProcessingError: typeof oauth.OperationProcessingError; ResponseBodyError: typeof oauth.ResponseBodyError; AuthorizationResponseError: typeof oauth.AuthorizationResponseError; WWWAuthenticateChallengeError: typeof oauth.WWWAuthenticateChallengeError; skipSubjectCheck: typeof oauth.skipSubjectCheck; nopkce: typeof oauth.nopkce; expectNoNonce: typeof oauth.expectNoNonce; skipAuthTimeCheck: typeof oauth.skipAuthTimeCheck; WWW_AUTHENTICATE_CHALLENGE: "OAUTH_WWW_AUTHENTICATE_CHALLENGE"; RESPONSE_BODY_ERROR: "OAUTH_RESPONSE_BODY_ERROR"; UNSUPPORTED_OPERATION: "OAUTH_UNSUPPORTED_OPERATION"; AUTHORIZATION_RESPONSE_ERROR: "OAUTH_AUTHORIZATION_RESPONSE_ERROR"; JWT_USERINFO_EXPECTED: "OAUTH_JWT_USERINFO_EXPECTED"; PARSE_ERROR: "OAUTH_PARSE_ERROR"; INVALID_RESPONSE: "OAUTH_INVALID_RESPONSE"; INVALID_REQUEST: "OAUTH_INVALID_REQUEST"; RESPONSE_IS_NOT_JSON: "OAUTH_RESPONSE_IS_NOT_JSON"; RESPONSE_IS_NOT_CONFORM: "OAUTH_RESPONSE_IS_NOT_CONFORM"; HTTP_REQUEST_FORBIDDEN: "OAUTH_HTTP_REQUEST_FORBIDDEN"; REQUEST_PROTOCOL_FORBIDDEN: "OAUTH_REQUEST_PROTOCOL_FORBIDDEN"; JWT_TIMESTAMP_CHECK: "OAUTH_JWT_TIMESTAMP_CHECK_FAILED"; JWT_CLAIM_COMPARISON: "OAUTH_JWT_CLAIM_COMPARISON_FAILED"; JSON_ATTRIBUTE_COMPARISON: "OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED"; KEY_SELECTION: "OAUTH_KEY_SELECTION_FAILED"; MISSING_SERVER_METADATA: "OAUTH_MISSING_SERVER_METADATA"; INVALID_SERVER_METADATA: "OAUTH_INVALID_SERVER_METADATA"; skipStateCheck: typeof oauth.skipStateCheck; expectNoState: typeof oauth.expectNoState; }>; /** * Creates a minimal mock factory for oauth4webapi * * Usage in test files: * vi.mock("oauth4webapi", () => createOAuth4WebapiMock()); * * Mocks only essential functions: * - protectedResourceRequest: vi.fn() * - isDPoPNonceError: vi.fn() * - DPoP: vi.fn() */ export declare function createOAuth4WebapiMock(): Promise<{ protectedResourceRequest: import("vitest").Mock<(...args: any[]) => any>; isDPoPNonceError: import("vitest").Mock<(...args: any[]) => any>; DPoP: import("vitest").Mock<(...args: any[]) => any>; discoveryRequest(issuerIdentifier: URL, options?: oauth.DiscoveryRequestOptions): Promise; processDiscoveryResponse(expectedIssuerIdentifier: URL, response: Response): Promise; generateRandomCodeVerifier(): string; generateRandomState(): string; generateRandomNonce(): string; calculatePKCECodeChallenge(codeVerifier: string): Promise; ClientSecretPost(clientSecret: string): oauth.ClientAuth; ClientSecretBasic(clientSecret: string): oauth.ClientAuth; PrivateKeyJwt(clientPrivateKey: oauth.CryptoKey | oauth.PrivateKey, options?: oauth.ModifyAssertionOptions): oauth.ClientAuth; ClientSecretJwt(clientSecret: string, options?: oauth.ModifyAssertionOptions): oauth.ClientAuth; None(): oauth.ClientAuth; TlsClientAuth(): oauth.ClientAuth; issueRequestObject(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | Record | string[][], privateKey: oauth.CryptoKey | oauth.PrivateKey, options?: oauth.ModifyAssertionOptions): Promise; checkProtocol(url: URL, enforceHttps: boolean | undefined): void; pushedAuthorizationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.PushedAuthorizationRequestOptions): Promise; processPushedAuthorizationResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response): Promise; userInfoRequest(as: oauth.AuthorizationServer, client: oauth.Client, accessToken: string, options?: oauth.UserInfoRequestOptions): Promise; processUserInfoResponse(as: oauth.AuthorizationServer, client: oauth.Client, expectedSubject: string | typeof oauth.skipSubjectCheck, response: Response, options?: oauth.JWEDecryptOptions): Promise; refreshTokenGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, refreshToken: string, options?: oauth.TokenEndpointRequestOptions): Promise; getValidatedIdTokenClaims(ref: oauth.TokenEndpointResponse): oauth.IDToken | undefined; validateApplicationLevelSignature(as: oauth.AuthorizationServer, ref: Response, options?: oauth.ValidateSignatureOptions): Promise; processRefreshTokenResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; authorizationCodeGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, callbackParameters: URLSearchParams, redirectUri: string, codeVerifier: string | typeof oauth.nopkce, options?: oauth.TokenEndpointRequestOptions): Promise; processAuthorizationCodeResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessAuthorizationCodeResponseOptions): Promise; clientCredentialsGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.ClientCredentialsGrantRequestOptions): Promise; genericTokenEndpointRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, grantType: string, parameters: URLSearchParams | Record | string[][], options?: Omit): Promise; processGenericTokenEndpointResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; processClientCredentialsResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; revocationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, token: string, options?: oauth.RevocationRequestOptions): Promise; processRevocationResponse(response: Response): Promise; introspectionRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, token: string, options?: oauth.IntrospectionRequestOptions): Promise; processIntrospectionResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.JWEDecryptOptions): Promise; validateJwtAuthResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL, expectedState?: string | typeof oauth.expectNoState | typeof oauth.skipStateCheck, options?: oauth.ValidateSignatureOptions & oauth.JWEDecryptOptions): Promise; validateDetachedSignatureResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL | Request, expectedNonce: string, expectedState?: string | typeof oauth.expectNoState, maxAge?: number | typeof oauth.skipAuthTimeCheck, options?: oauth.ValidateSignatureOptions & oauth.JWEDecryptOptions): Promise; validateCodeIdTokenResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL | Request, expectedNonce: string, expectedState?: string | typeof oauth.expectNoState, maxAge?: number | typeof oauth.skipAuthTimeCheck, options?: oauth.ValidateSignatureOptions & oauth.JWEDecryptOptions): Promise; validateAuthResponse(as: oauth.AuthorizationServer, client: oauth.Client, parameters: URLSearchParams | URL, expectedState?: string | typeof oauth.expectNoState | typeof oauth.skipStateCheck): URLSearchParams; deviceAuthorizationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.DeviceAuthorizationRequestOptions): Promise; processDeviceAuthorizationResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response): Promise; deviceCodeGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, deviceCode: string, options?: oauth.TokenEndpointRequestOptions): Promise; processDeviceCodeResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; generateKeyPair(alg: string, options?: oauth.GenerateKeyPairOptions): Promise; validateJwtAccessToken(as: oauth.AuthorizationServer, request: Request, expectedAudience: string, options?: oauth.ValidateJWTAccessTokenOptions): Promise; backchannelAuthenticationRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, parameters: URLSearchParams | Record | string[][], options?: oauth.BackchannelAuthenticationRequestOptions): Promise; processBackchannelAuthenticationResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response): Promise; backchannelAuthenticationGrantRequest(as: oauth.AuthorizationServer, client: oauth.Client, clientAuthentication: oauth.ClientAuth, authReqId: string, options?: oauth.TokenEndpointRequestOptions): Promise; processBackchannelAuthenticationGrantResponse(as: oauth.AuthorizationServer, client: oauth.Client, response: Response, options?: oauth.ProcessTokenResponseOptions): Promise; dynamicClientRegistrationRequest(as: oauth.AuthorizationServer, metadata: Partial>, options?: oauth.DynamicClientRegistrationRequestOptions): Promise; processDynamicClientRegistrationResponse(response: Response): Promise>; resourceDiscoveryRequest(resourceIdentifier: URL, options?: oauth.HttpRequestOptions<"GET">): Promise; processResourceDiscoveryResponse(expectedResourceIdentifier: URL, response: Response): Promise; allowInsecureRequests: typeof oauth.allowInsecureRequests; clockSkew: typeof oauth.clockSkew; clockTolerance: typeof oauth.clockTolerance; customFetch: typeof oauth.customFetch; modifyAssertion: typeof oauth.modifyAssertion; jweDecrypt: typeof oauth.jweDecrypt; jwksCache: typeof oauth.jwksCache; UnsupportedOperationError: typeof oauth.UnsupportedOperationError; OperationProcessingError: typeof oauth.OperationProcessingError; ResponseBodyError: typeof oauth.ResponseBodyError; AuthorizationResponseError: typeof oauth.AuthorizationResponseError; WWWAuthenticateChallengeError: typeof oauth.WWWAuthenticateChallengeError; skipSubjectCheck: typeof oauth.skipSubjectCheck; nopkce: typeof oauth.nopkce; expectNoNonce: typeof oauth.expectNoNonce; skipAuthTimeCheck: typeof oauth.skipAuthTimeCheck; WWW_AUTHENTICATE_CHALLENGE: "OAUTH_WWW_AUTHENTICATE_CHALLENGE"; RESPONSE_BODY_ERROR: "OAUTH_RESPONSE_BODY_ERROR"; UNSUPPORTED_OPERATION: "OAUTH_UNSUPPORTED_OPERATION"; AUTHORIZATION_RESPONSE_ERROR: "OAUTH_AUTHORIZATION_RESPONSE_ERROR"; JWT_USERINFO_EXPECTED: "OAUTH_JWT_USERINFO_EXPECTED"; PARSE_ERROR: "OAUTH_PARSE_ERROR"; INVALID_RESPONSE: "OAUTH_INVALID_RESPONSE"; INVALID_REQUEST: "OAUTH_INVALID_REQUEST"; RESPONSE_IS_NOT_JSON: "OAUTH_RESPONSE_IS_NOT_JSON"; RESPONSE_IS_NOT_CONFORM: "OAUTH_RESPONSE_IS_NOT_CONFORM"; HTTP_REQUEST_FORBIDDEN: "OAUTH_HTTP_REQUEST_FORBIDDEN"; REQUEST_PROTOCOL_FORBIDDEN: "OAUTH_REQUEST_PROTOCOL_FORBIDDEN"; JWT_TIMESTAMP_CHECK: "OAUTH_JWT_TIMESTAMP_CHECK_FAILED"; JWT_CLAIM_COMPARISON: "OAUTH_JWT_CLAIM_COMPARISON_FAILED"; JSON_ATTRIBUTE_COMPARISON: "OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED"; KEY_SELECTION: "OAUTH_KEY_SELECTION_FAILED"; MISSING_SERVER_METADATA: "OAUTH_MISSING_SERVER_METADATA"; INVALID_SERVER_METADATA: "OAUTH_INVALID_SERVER_METADATA"; skipStateCheck: typeof oauth.skipStateCheck; expectNoState: typeof oauth.expectNoState; }>;