import { z } from 'zod'; export declare const oidcModelInstancePayloadGuard: z.ZodObject<{ userCode: z.ZodOptional; uid: z.ZodOptional; grantId: z.ZodOptional; }, "strip", z.ZodUnknown, z.objectOutputType<{ userCode: z.ZodOptional; uid: z.ZodOptional; grantId: z.ZodOptional; }, z.ZodUnknown, "strip">, z.objectInputType<{ userCode: z.ZodOptional; uid: z.ZodOptional; grantId: z.ZodOptional; }, z.ZodUnknown, "strip">>; export type OidcModelInstancePayload = z.infer; export type OidcClientMetadata = { /** * The redirect URIs that the client is allowed to use. * * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata | OpenID Connect Dynamic Client Registration 1.0} */ redirectUris: string[]; /** * The post-logout redirect URIs that the client is allowed to use. * * @see {@link https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ClientMetadata | OpenID Connect RP-Initiated Logout 1.0} */ postLogoutRedirectUris: string[]; /** * The URI for backchannel logout. * * @see {@link https://openid.net/specs/openid-connect-backchannel-1_0-final.html#BCRegistration | OpenID Connect Back-Channel Logout 1.0} */ backchannelLogoutUri?: string; /** * Whether the RP requires that a `sid` (session ID) Claim be included in the Logout Token. * * @see {@link https://openid.net/specs/openid-connect-backchannel-1_0-final.html#BCRegistration | OpenID Connect Back-Channel Logout 1.0} */ backchannelLogoutSessionRequired?: boolean; logoUri?: string; }; export declare const oidcClientMetadataGuard: z.ZodObject<{ redirectUris: z.ZodArray, "many">; postLogoutRedirectUris: z.ZodArray, "many">; backchannelLogoutUri: z.ZodOptional; backchannelLogoutSessionRequired: z.ZodOptional; logoUri: z.ZodOptional; }, "strip", z.ZodTypeAny, { redirectUris: string[]; postLogoutRedirectUris: string[]; backchannelLogoutUri?: string | undefined; backchannelLogoutSessionRequired?: boolean | undefined; logoUri?: string | undefined; }, { redirectUris: string[]; postLogoutRedirectUris: string[]; backchannelLogoutUri?: string | undefined; backchannelLogoutSessionRequired?: boolean | undefined; logoUri?: string | undefined; }>; export declare enum CustomClientMetadataKey { CorsAllowedOrigins = "corsAllowedOrigins", IdTokenTtl = "idTokenTtl", /** @deprecated Use {@link RefreshTokenTtlInDays} instead. */ RefreshTokenTtl = "refreshTokenTtl", RefreshTokenTtlInDays = "refreshTokenTtlInDays", TenantId = "tenantId", /** * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. * * It only works for web applications when the client allowed grant types includes `refresh_token`. * * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway). */ AlwaysIssueRefreshToken = "alwaysIssueRefreshToken", /** * When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed. * * It can be turned off for only traditional web apps for enhanced security. */ RotateRefreshToken = "rotateRefreshToken", /** * Whether the application is allowed to initiate token exchange requests. * * Only first-party applications can use token exchange. Third-party applications are always * forbidden. * * Defaults to `false` for all new applications. Users must explicitly enable it. */ AllowTokenExchange = "allowTokenExchange", /** * Whether the application uses the OAuth 2.0 Device Authorization Grant (RFC 8628) * instead of the standard Authorization Code flow. * * Only applicable to native applications. Defaults to `false`. */ IsDeviceFlow = "isDeviceFlow", /** * The maximum number of active sessions (devices) allowed per user for this application. * * When exceeded, old sessions should be revoked according to server policy. */ MaxAllowedGrants = "maxAllowedGrants" } export declare const customClientMetadataGuard: z.ZodObject<{ corsAllowedOrigins: z.ZodOptional>; idTokenTtl: z.ZodOptional; refreshTokenTtl: z.ZodOptional; refreshTokenTtlInDays: z.ZodOptional; tenantId: z.ZodOptional; alwaysIssueRefreshToken: z.ZodOptional; rotateRefreshToken: z.ZodOptional; allowTokenExchange: z.ZodOptional; isDeviceFlow: z.ZodOptional; maxAllowedGrants: z.ZodOptional; }, "strip", z.ZodTypeAny, { corsAllowedOrigins?: string[] | undefined; idTokenTtl?: number | undefined; refreshTokenTtl?: number | undefined; refreshTokenTtlInDays?: number | undefined; tenantId?: string | undefined; alwaysIssueRefreshToken?: boolean | undefined; rotateRefreshToken?: boolean | undefined; allowTokenExchange?: boolean | undefined; isDeviceFlow?: boolean | undefined; maxAllowedGrants?: number | undefined; }, { corsAllowedOrigins?: string[] | undefined; idTokenTtl?: number | undefined; refreshTokenTtl?: number | undefined; refreshTokenTtlInDays?: number | undefined; tenantId?: string | undefined; alwaysIssueRefreshToken?: boolean | undefined; rotateRefreshToken?: boolean | undefined; allowTokenExchange?: boolean | undefined; isDeviceFlow?: boolean | undefined; maxAllowedGrants?: number | undefined; }>; /** * @see {@link CustomClientMetadataKey} for key descriptions. */ export type CustomClientMetadata = z.infer; export declare const oidcSessionAuthorizationDetailsGuard: z.ZodObject<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, "strip", z.ZodUnknown, z.objectOutputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">, z.objectInputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">>; export type OidcSessionAuthorizationDetails = z.infer; export declare const oidcSessionInstancePayloadGuard: z.ZodObject<{ exp: z.ZodNumber; iat: z.ZodNumber; jti: z.ZodString; uid: z.ZodString; kind: z.ZodLiteral<"Session">; loginTs: z.ZodNumber; accountId: z.ZodString; /** * A map of client_id to session authorization details. @see OidcSessionAuthorizationDetails */ authorizations: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, "strip", z.ZodUnknown, z.objectOutputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">, z.objectInputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">>>>; }, "strip", z.ZodUnknown, z.objectOutputType<{ exp: z.ZodNumber; iat: z.ZodNumber; jti: z.ZodString; uid: z.ZodString; kind: z.ZodLiteral<"Session">; loginTs: z.ZodNumber; accountId: z.ZodString; /** * A map of client_id to session authorization details. @see OidcSessionAuthorizationDetails */ authorizations: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, "strip", z.ZodUnknown, z.objectOutputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">, z.objectInputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">>>>; }, z.ZodUnknown, "strip">, z.objectInputType<{ exp: z.ZodNumber; iat: z.ZodNumber; jti: z.ZodString; uid: z.ZodString; kind: z.ZodLiteral<"Session">; loginTs: z.ZodNumber; accountId: z.ZodString; /** * A map of client_id to session authorization details. @see OidcSessionAuthorizationDetails */ authorizations: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, "strip", z.ZodUnknown, z.objectOutputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">, z.objectInputType<{ /** * The `sid` (session ID) Claim associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details */ sid: z.ZodOptional; /** * The grantId associated with the session for the current client. * * @remarks * Mark optional to make the guard more robust. * Should always be present in the session authorization details when the session is authorized with a grant. */ grantId: z.ZodOptional; /** * Whether the grant associated with the session should be persisted after the session is terminated. * * @remarks * Mark optional to make the guard more robust. */ persistsLogout: z.ZodOptional; }, z.ZodUnknown, "strip">>>>; }, z.ZodUnknown, "strip">>; export type OidcSessionInstancePayload = z.infer;