import { type Type } from 'arktype'; import { type TargetModelParams, type OnCallCreateModelResult } from '../../common'; import { type InferredTargetModelParams } from '../../common/model/model/model.param'; import { type ModelFirebaseCrudFunction, type FirebaseFunctionTypeConfigMap, type ModelFirebaseCrudFunctionConfigMap, type ModelFirebaseFunctionMap, type ModelFirebaseCreateFunction, type ModelFirebaseDeleteFunction, type ModelFirebaseUpdateFunction } from '../../client'; import { type WebsiteUrlWithPrefix, type Maybe } from '@dereekb/util'; import { type OidcEntryClientId } from './oidcmodel.id'; import { type OidcModelTypes } from './oidcmodel'; import { type OidcRedirectUri, type OidcTokenEndpointAuthMethod } from './oidcmodel.interaction'; /** * Fields that can be changed on an existing OIDC client. * * Does NOT include `token_endpoint_auth_method` — that is immutable after creation. */ export interface UpdateOidcClientFieldParams { readonly client_name: string; readonly redirect_uris: OidcRedirectUri[]; readonly logo_uri?: Maybe; readonly client_uri?: Maybe; } export declare const updateOidcClientFieldParamsType: Type; export declare const createOidcClientFieldParamsType: import("arktype/internal/variants/object.ts").ObjectType<{ readonly client_name: string; readonly redirect_uris: OidcRedirectUri[]; readonly logo_uri?: Maybe; readonly client_uri?: Maybe; token_endpoint_auth_method: "client_secret_basic" | "client_secret_post" | "client_secret_jwt" | "private_key_jwt"; }, {}>; /** * Parameters for registering a new OAuth client for the target entity. * * If no target model is provided, assumes the current user. * * The server generates `client_id` and `client_secret` and creates the adapter entry. * * Extends {@link UpdateOidcClientFieldParams} with `token_endpoint_auth_method` which is immutable after creation. */ export interface CreateOidcClientParams extends UpdateOidcClientFieldParams, InferredTargetModelParams { readonly token_endpoint_auth_method: OidcTokenEndpointAuthMethod; /** * URL where the client's public JSON Web Key Set can be fetched. * * Used with `private_key_jwt` authentication so the provider can retrieve * the client's public keys to verify `client_assertion` JWTs. * The client manages key rotation at this URL independently. */ readonly jwks_uri?: WebsiteUrlWithPrefix; } export declare const createOidcClientParamsType: Type; /** * Result of creating a new OAuth client. * * Includes the generated `client_secret` in plaintext — this is the only time * it is returned to the caller. */ export interface CreateOidcClientResult extends OnCallCreateModelResult { readonly client_id: OidcEntryClientId; /** * The generated client secret in plaintext. Only returned for auth methods that require a secret * (e.g., `client_secret_basic`, `client_secret_post`). Undefined for `private_key_jwt`. */ readonly client_secret?: string; } /** * Parameters for updating an existing OAuth client. * * Uses {@link UpdateOidcClientFieldParams} — `token_endpoint_auth_method` is immutable. */ export interface UpdateOidcClientParams extends UpdateOidcClientFieldParams, TargetModelParams { } export declare const updateOidcClientParamsType: Type; export type RotateOidcClientSecretParams = TargetModelParams; export declare const rotateOidcClientSecretParamsType: import("arktype/internal/variants/object.ts").ObjectType; export type RotateOidcClientSecretResult = Pick; /** * Parameters for revoking/deleting an OAuth client. */ export type DeleteOidcClientParams = TargetModelParams; export declare const deleteOidcClientParamsType: import("arktype/internal/variants/object.ts").ObjectType; /** * Custom (non-CRUD) function type map for OIDC. */ export type OidcModelFunctionTypeMap = {}; export declare const oidcFunctionTypeConfigMap: FirebaseFunctionTypeConfigMap; /** * CRUD function configuration map for the OIDC client model. * * Uses `oidcEntry` as the key, matching the adapter collection identity. */ export type OidcModelCrudFunctionsConfig = { readonly oidcEntry: { create: { client: [CreateOidcClientParams, CreateOidcClientResult]; }; update: { client: UpdateOidcClientParams; rotateClientSecret: [RotateOidcClientSecretParams, RotateOidcClientSecretResult]; }; delete: { client: DeleteOidcClientParams; }; }; }; export declare const oidcModelCrudFunctionsConfig: ModelFirebaseCrudFunctionConfigMap; /** * Abstract class defining all callable OIDC cloud functions. * * Implement this in your app module to wire up the function endpoints. */ export declare abstract class OidcModelFunctions implements ModelFirebaseFunctionMap { abstract oidcEntry: { createOidcEntry: { client: ModelFirebaseCreateFunction; }; updateOidcEntry: { client: ModelFirebaseCrudFunction; rotateClientSecret: ModelFirebaseUpdateFunction; }; deleteOidcEntry: { client: ModelFirebaseDeleteFunction; }; }; } /** * Client-side callable function map factory for OIDC client CRUD operations. * * @example * ```ts * const functions = oidcFunctionMap(callableFactory); * const result = await functions.oidcEntry.createOidcEntry.create({ * client_name: 'My App', * redirect_uris: ['https://myapp.com/callback'] * }); * ``` */ export declare const oidcModelFunctionMap: import("../..").ModelFirebaseFunctionMapFactory;