/** * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1 Client Information Response} * * * File automatically generated using json-schema-to-typescript. * ! DO NOT MODIFY IT BY HAND ! * Instead, modify the source file ./oauth-dyn-reg/response.schema.json of @oada/formats * and run `$ yarn build` to regenerate this file. * * @packageDocumentation */ /** * `$id` of the source schema * @see {@link https://formats.openag.io/oauth-dyn-reg/response.schema.json} */ export declare const $id = "https://formats.openag.io/oauth-dyn-reg/response.schema.json"; /** * JSON Schema used to generate this type * @see {@link https://formats.openag.io/oauth-dyn-reg/response.schema.json} */ export declare const schema: { readonly $id: "https://formats.openag.io/oauth-dyn-reg/response.schema.json"; readonly $schema: "http://json-schema.org/draft-07/schema#"; readonly title: "application/vnd.oada.oauth-dny-reg.register-response.1+json"; readonly description: "@see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1 Client Information Response}"; readonly required: readonly ["client_id"]; readonly allOf: readonly [{ readonly $ref: "./metadata.schema.json"; }]; readonly properties: { readonly client_id: { readonly type: "string"; readonly description: "OAuth 2.0 client identifier string"; }; readonly client_secret: { readonly type: "string"; readonly description: "OAuth 2.0 client secret string"; }; readonly client_id_issued_at: { readonly type: "number"; readonly description: "Time at which the client identifier was issued. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of issuance."; }; readonly client_secret_expires_at: { readonly type: "number"; readonly description: "Time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration."; }; }; readonly type: "object"; }; /** * Returns true if `val` is a @type `ApplicationVndOadaOauthDnyRegRegisterResponse1Json`, false otherwise */ export declare function is(val: unknown): val is ApplicationVndOadaOauthDnyRegRegisterResponse1Json; /** * Asserts that `val` is a @type `ApplicationVndOadaOauthDnyRegRegisterResponse1Json` */ export declare function assert(val: unknown): asserts val is ApplicationVndOadaOauthDnyRegRegisterResponse1Json; /** * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1 Client Information Response} * */ export default ApplicationVndOadaOauthDnyRegRegisterResponse1Json; /** * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1 Client Information Response} */ export type ApplicationVndOadaOauthDnyRegRegisterResponse1Json = ApplicationVndOadaOauthDnyRegRegisterResponse1Json1 & { /** * OAuth 2.0 client identifier string */ client_id: string; /** * OAuth 2.0 client secret string */ client_secret?: string; /** * Time at which the client identifier was issued. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of issuance. */ client_id_issued_at?: number; /** * Time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration. */ client_secret_expires_at?: number; [k: string]: unknown; }; /** * JWT Bearer Token Profile for OAuth 2.0 Client Authentication * @see {@link https://datatracker.ietf.org/doc/html/rfc7523} */ export type UrnIetfParamsOauthClientAssertionTypeJwtBearer = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'; /** * SAML 2.0 Bearer Assertion Profile for OAuth 2.0 Client Authentication * @see {@link https://datatracker.ietf.org/doc/html/rfc7522} */ export type UrnIetfParamsOauthClientAssertionTypeSaml2Bearer = 'urn:ietf:params:oauth:client-assertion-type:saml2-bearer'; /** * JWT Bearer Token Grant Type Profile for OAuth 2.0 * @see {@link https://datatracker.ietf.org/doc/html/rfc7523} */ export type UrnIetfParamsOauthGrantTypeJwtBearer = 'urn:ietf:params:oauth:grant-type:jwt-bearer'; /** * SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 * @see {@link https://datatracker.ietf.org/doc/html/rfc7522} */ export type UrnIetfParamsOauthGrantTypeSaml2Bearer = 'urn:ietf:params:oauth:grant-type:saml2-bearer'; /** * Device flow grant type for OAuth 2.0 * @see {@link https://datatracker.ietf.org/doc/html/rfc8628#section-3.1} */ export type UrnIetfParamsOauthGrantTypeDeviceCode = 'urn:ietf:params:oauth:grant-type:device_code'; /** * Token exchange grant type for OAuth 2.0 * @see {@link https://datatracker.ietf.org/doc/html/rfc8693#section-2.1} */ export type UrnIetfParamsOauthGrantTypeTokenExchange = 'urn:ietf:params:oauth:grant-type:token-exchange'; /** * Key Type * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.1} */ export type Kty = KtyKeyTypeParameter; /** * Identifies the cryptographic algorithm family used with the key */ export type KtyKeyTypeParameter = RegisteredKty | AnyOtherString; /** * IANA registered values for JSON Web Key Types * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-key-types} */ export type RegisteredKty = EC | RSA | Oct | OKP | AKP; /** * Elliptic Curve * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.2} */ export type EC = 'EC'; /** * RSA * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3} */ export type RSA = 'RSA'; /** * Octet sequence * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.4} */ export type Oct = 'oct'; /** * Octet string key pairs * @see {@link https://datatracker.ietf.org/doc/html/rfc8037#section-2} */ export type OKP = 'OKP'; /** * Algorithm Key Pair * @see {@link https://datatracker.ietf.org/doc/html/rfcNaN} */ export type AKP = 'AKP'; /** * Workaround to make TypeScript autocomplete better for string enums */ export type AnyOtherString = string & Record; /** * Public Key Use * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.2} */ export type Use = (Sig | Enc) | AnyOtherString; /** * Digital Signature or MAC * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.2} */ export type Sig = 'sig'; /** * Encryption * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.2} */ export type Enc = 'enc'; /** * Compute digital signature or MAC * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type Sign = 'sign'; /** * Verify digital signature or MAC * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type Verify = 'verify'; /** * Encrypt content * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type Encrypt = 'encrypt'; /** * Decrypt content and validate decryption, if applicable * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type Decrypt = 'decrypt'; /** * Encrypt key * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type WrapKey = 'wrapKey'; /** * Decrypt key and validate decryption, if applicable * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type UnwrapKey = 'unwrapKey'; /** * Derive key * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type DeriveKey = 'deriveKey'; /** * Derive bits not to be used as a key * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.3} */ export type DeriveBits = 'deriveBits'; /** * @see {@link https://www.w3.org/TR/WebCryptoAPI/#dfn-KeyUsage Web Crypto API} */ export type KeyOps = ((Sign | Verify | Encrypt | Decrypt | WrapKey | UnwrapKey | DeriveKey | DeriveBits) | AnyOtherString)[]; /** * Algorithm * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.4} */ export type Alg = AlgAlgorithmParameter; /** * JSON Web Signature and Encryption Algorithms */ export type AlgAlgorithmParameter = RegisteredAlg | AnyOtherString; /** * IANA registered values for JSON Web Signature and Encryption Algorithms * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms} */ export type RegisteredAlg = HS256 | HS384 | HS512 | RS256 | RS384 | RS512 | ES256 | ES384 | ES512 | PS256 | PS384 | PS512 | None | RSA1_5 | RSAOAEP | RSAOAEP256 | A128KW | A192KW | A256KW | Dir | ECDHES | ECDHESA128KW | ECDHESA192KW | ECDHESA256KW | A128GCMKW | A192GCMKW | A256GCMKW | PBES2HS256A128KW | PBES2HS384A192KW | PBES2HS512A256KW | A128CBCHS256 | A192CBCHS384 | A256CBCHS512 | A128GCM | A192GCM | A256GCM | EdDSA | RS1 | RSAOAEP384 | RSAOAEP512 | A128CBC | A192CBC | A256CBC | A128CTR | A192CTR | A256CTR | HS1 | ES256K | MLDSA44 | MLDSA65 | MLDSA87 | Ed25519 | Ed448; /** * HMAC using SHA-256 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.2} */ export type HS256 = 'HS256'; /** * HMAC using SHA-384 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.2} */ export type HS384 = 'HS384'; /** * HMAC using SHA-512 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.2} */ export type HS512 = 'HS512'; /** * RSASSA-PKCS1-v1_5 using SHA-256 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.3} */ export type RS256 = 'RS256'; /** * RSASSA-PKCS1-v1_5 using SHA-384 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.3} */ export type RS384 = 'RS384'; /** * RSASSA-PKCS1-v1_5 using SHA-512 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.3} */ export type RS512 = 'RS512'; /** * ECDSA using P-256 and SHA-256 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.4} */ export type ES256 = 'ES256'; /** * ECDSA using P-384 and SHA-384 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.4} */ export type ES384 = 'ES384'; /** * ECDSA using P-521 and SHA-512 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.4} */ export type ES512 = 'ES512'; /** * RSASSA-PSS using SHA-256 and MGF1 with SHA-256 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.5} */ export type PS256 = 'PS256'; /** * RSASSA-PSS using SHA-384 and MGF1 with SHA-384 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.5} */ export type PS384 = 'PS384'; /** * RSASSA-PSS using SHA-512 and MGF1 with SHA-512 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.5} */ export type PS512 = 'PS512'; /** * No digital signature or MAC performed * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.6} */ export type None = 'none'; /** * RSAES-PKCS1-v1_5 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.2} */ export type RSA1_5 = 'RSA1_5'; /** * RSAES OAEP using default parameters * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.3} */ export type RSAOAEP = 'RSA-OAEP'; /** * RSAES OAEP using SHA-256 and MGF1 with SHA-256 * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.3} */ export type RSAOAEP256 = 'RSA-OAEP-256'; /** * AES Key Wrap using 128-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.4} */ export type A128KW = 'A128KW'; /** * AES Key Wrap using 192-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.4} */ export type A192KW = 'A192KW'; /** * AES Key Wrap using 256-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.4} */ export type A256KW = 'A256KW'; /** * Direct use of a shared symmetric key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.5} */ export type Dir = 'dir'; /** * ECDH-ES using Concat KDF * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.6} */ export type ECDHES = 'ECDH-ES'; /** * ECDH-ES using Concat KDF and "A128KW" wrapping * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.6} */ export type ECDHESA128KW = 'ECDH-ES+A128KW'; /** * ECDH-ES using Concat KDF and "A192KW" wrapping * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.6} */ export type ECDHESA192KW = 'ECDH-ES+A192KW'; /** * ECDH-ES using Concat KDF and "A256KW" wrapping * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.6} */ export type ECDHESA256KW = 'ECDH-ES+A256KW'; /** * Key wrapping with AES GCM using 128-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.7} */ export type A128GCMKW = 'A128GCMKW'; /** * Key wrapping with AES GCM using 192-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.7} */ export type A192GCMKW = 'A192GCMKW'; /** * Key wrapping with AES GCM using 256-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.7} */ export type A256GCMKW = 'A256GCMKW'; /** * PBES2 with HMAC SHA-256 and "A128KW" wrapping * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.8} */ export type PBES2HS256A128KW = 'PBES2-HS256+A128KW'; /** * PBES2 with HMAC SHA-384 and "A192KW" wrapping * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.8} */ export type PBES2HS384A192KW = 'PBES2-HS384+A192KW'; /** * PBES2 with HMAC SHA-512 and "A256KW" wrapping * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-4.8} */ export type PBES2HS512A256KW = 'PBES2-HS512+A256KW'; /** * AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.3} */ export type A128CBCHS256 = 'A128CBC-HS256'; /** * AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.4} */ export type A192CBCHS384 = 'A192CBC-HS384'; /** * AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.5} */ export type A256CBCHS512 = 'A256CBC-HS512'; /** * AES GCM using 128-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-5.3} */ export type A128GCM = 'A128GCM'; /** * AES GCM using 192-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-5.3} */ export type A192GCM = 'A192GCM'; /** * AES GCM using 256-bit key * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-5.3} */ export type A256GCM = 'A256GCM'; /** * EdDSA signature algorithms * @see {@link https://datatracker.ietf.org/doc/html/rfc9864#section-2.2} */ export type EdDSA = 'EdDSA'; /** * RSASSA-PKCS1-v1_5 with SHA-1 * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type RS1 = 'RS1'; /** * RSA-OAEP using SHA-384 and MGF1 with SHA-384 * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type RSAOAEP384 = 'RSA-OAEP-384'; /** * RSA-OAEP using SHA-512 and MGF1 with SHA-512 * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type RSAOAEP512 = 'RSA-OAEP-512'; /** * AES CBC using 128 bit key * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type A128CBC = 'A128CBC'; /** * AES CBC using 192 bit key * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type A192CBC = 'A192CBC'; /** * AES CBC using 256 bit key * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type A256CBC = 'A256CBC'; /** * AES CTR using 128 bit key * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type A128CTR = 'A128CTR'; /** * AES CTR using 192 bit key * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type A192CTR = 'A192CTR'; /** * AES CTR using 256 bit key * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type A256CTR = 'A256CTR'; /** * HMAC using SHA-1 * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export type HS1 = 'HS1'; /** * ECDSA using secp256k1 curve and SHA-256 * @see {@link https://datatracker.ietf.org/doc/html/rfc8812#section-3.2} */ export type ES256K = 'ES256K'; /** * ML-DSA-44 as described in US NIST FIPS 204 * @see {@link https://datatracker.ietf.org/doc/html/rfcNaN} */ export type MLDSA44 = 'ML-DSA-44'; /** * ML-DSA-65 as described in US NIST FIPS 204 * @see {@link https://datatracker.ietf.org/doc/html/rfcNaN} */ export type MLDSA65 = 'ML-DSA-65'; /** * ML-DSA-87 as described in US NIST FIPS 204 * @see {@link https://datatracker.ietf.org/doc/html/rfcNaN} */ export type MLDSA87 = 'ML-DSA-87'; /** * EdDSA using the Ed25519 parameter set in Section 5.1 of [RFC8032] * @see {@link https://datatracker.ietf.org/doc/html/rfc9864#section-2.2} */ export type Ed25519 = 'Ed25519'; /** * EdDSA using the Ed448 parameter set in Section 5.2 of [RFC8032] * @see {@link https://datatracker.ietf.org/doc/html/rfc9864#section-2.2} */ export type Ed448 = 'Ed448'; /** * Key ID * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.5} */ export type Kid = string; /** * X.509 URL * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.6} */ export type X5U = string; /** * X.509 Certificate Chain * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.7} * * @minItems 1 */ export type X5C = [string, ...string[]]; /** * X.509 Certificate SHA-1 Thumbprint * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.8} */ export type X5T = string; /** * X.509 Certificate SHA-256 Thumbprint * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.9} */ export type X5TS256 = string; /** * JWS alg algorithm REQUIRED for signing the ID Token issued to this Client * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter1 = RegisteredAlg | AnyOtherString; /** * JWE alg algorithm REQUIRED for encrypting the ID Token issued to this Client * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter2 = RegisteredAlg | AnyOtherString; /** * JWS alg algorithm REQUIRED for signing UserInfo Responses * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter3 = RegisteredAlg | AnyOtherString; /** * JWE alg algorithm REQUIRED for encrypting UserInfo Responses * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter4 = RegisteredAlg | AnyOtherString; /** * JWS alg algorithm that MUST be used for signing Request Objects sent to the OP * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter5 = RegisteredAlg | AnyOtherString; /** * JWE alg algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter6 = RegisteredAlg | AnyOtherString; /** * JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ export type AlgAlgorithmParameter7 = RegisteredAlg | AnyOtherString; /** * JWS alg algorithm required for signing the nfv Token issued to this Client * @see {@link ETSI GS NFV-SEC 022 V2.7.1} */ export type AlgAlgorithmParameter8 = RegisteredAlg | AnyOtherString; /** * JWE alg algorithm required for encrypting the nfv Token issued to this Client * @see {@link ETSI GS NFV-SEC 022 V2.7.1} */ export type AlgAlgorithmParameter9 = RegisteredAlg | AnyOtherString; /** * String value indicating the client’s * desired introspection response signing algorithm * @see {@link https://datatracker.ietf.org/doc/html/rfc9701#section-6} */ export type AlgAlgorithmParameter10 = RegisteredAlg | AnyOtherString; /** * String value specifying the desired * introspection response content key encryption algorithm (alg * value) * @see {@link https://datatracker.ietf.org/doc/html/rfc9701#section-6} */ export type AlgAlgorithmParameter11 = RegisteredAlg | AnyOtherString; /** * JSON Web Signature and Encryption Algorithms * * This interface was referenced by `ApplicationVndOadaOauthDnyRegRegisterResponse1Json1`'s JSON-Schema * via the `definition` "jws_alg". */ export type AlgAlgorithmParameter12 = RegisteredAlg | AnyOtherString; /** * JSON Web Signature and Encryption Algorithms * * This interface was referenced by `ApplicationVndOadaOauthDnyRegRegisterResponse1Json1`'s JSON-Schema * via the `definition` "jwe_alg". */ export type AlgAlgorithmParameter13 = RegisteredAlg | AnyOtherString; /** * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-2 Client Metadata} */ export interface ApplicationVndOadaOauthDnyRegRegisterResponse1Json1 { /** * Array of redirection URIs for use in redirect-based flows * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ redirect_uris?: string[]; /** * Requested authentication method for the token endpoint * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ token_endpoint_auth_method?: ('none' | 'client_secret_post' | 'client_secret_basic' | (UrnIetfParamsOauthClientAssertionTypeJwtBearer | UrnIetfParamsOauthClientAssertionTypeSaml2Bearer)) & string; /** * Array of OAuth 2.0 grant types that the client may use * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} * * @minItems 1 */ grant_types?: [ ('authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | (UrnIetfParamsOauthGrantTypeJwtBearer | UrnIetfParamsOauthGrantTypeSaml2Bearer | UrnIetfParamsOauthGrantTypeDeviceCode | UrnIetfParamsOauthGrantTypeTokenExchange)) & string & ('authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | (UrnIetfParamsOauthGrantTypeJwtBearer | UrnIetfParamsOauthGrantTypeSaml2Bearer | UrnIetfParamsOauthGrantTypeDeviceCode | UrnIetfParamsOauthGrantTypeTokenExchange)) & string, ...(('authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | (UrnIetfParamsOauthGrantTypeJwtBearer | UrnIetfParamsOauthGrantTypeSaml2Bearer | UrnIetfParamsOauthGrantTypeDeviceCode | UrnIetfParamsOauthGrantTypeTokenExchange)) & string & ('authorization_code' | 'implicit' | 'password' | 'client_credentials' | 'refresh_token' | (UrnIetfParamsOauthGrantTypeJwtBearer | UrnIetfParamsOauthGrantTypeSaml2Bearer | UrnIetfParamsOauthGrantTypeDeviceCode | UrnIetfParamsOauthGrantTypeTokenExchange)) & string)[] ]; /** * Array of the OAuth 2.0 response types that the client may use * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ response_types?: string[]; /** * Human-readable name of the client to be presented to the user * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ client_name?: string; /** * URL of a web page providing information about the client * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ client_uri?: string; /** * URL that references a logo for the client * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ logo_uri?: string; /** * Space-separated list of OAuth 2.0 scope values * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ scope?: string; /** * Array of strings representing ways to contact people responsible for this client, typically email addresses * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ contacts?: string[]; /** * URL that points to a human-readable terms of service document for the client * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ tos_uri?: string; /** * URL that points to a human-readable policy document for the client * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ policy_uri?: string; /** * URL referencing the client's JSON Web Key Set [RFC7517] document representing the client's public keys * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ jwks_uri?: string; jwks?: Jwks; /** * Identifier for the software that comprises a client * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ software_id?: string; /** * Version identifier for the software that comprises a client * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ software_version?: string; /** * Client identifier * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ client_id?: string; /** * Client secret * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ client_secret?: string; /** * Time at which the client identifier was issued * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ client_id_issued_at?: number; /** * Time at which the client secret will expire * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ client_secret_expires_at?: number; /** * Signed JWT asserting client metadata values * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-2.3 Software Statement} */ software_statement?: string; /** * OAuth 2.0 Bearer Token used to access * the client configuration endpoint * @see {@link https://datatracker.ietf.org/doc/html/rfc7592} */ registration_access_token?: { [k: string]: unknown; }; /** * Fully qualified URI of the client * registration endpoint * @see {@link https://datatracker.ietf.org/doc/html/rfc7592} */ registration_client_uri?: { [k: string]: unknown; }; /** * Kind of the application -- "native" or "web" * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ application_type?: 'web' | 'native'; /** * URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ sector_identifier_uri?: string; /** * subject_type requested for responses to this Client -- "pairwise" or "public" * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ subject_type?: 'public' | 'pairwise'; id_token_signed_response_alg?: AlgAlgorithmParameter1; id_token_encrypted_response_alg?: AlgAlgorithmParameter2; /** * JWE enc algorithm REQUIRED for encrypting the ID Token issued to this Client * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ id_token_encrypted_response_enc?: string; userinfo_signed_response_alg?: AlgAlgorithmParameter3; userinfo_encrypted_response_alg?: AlgAlgorithmParameter4; /** * JWE enc algorithm REQUIRED for encrypting UserInfo Responses * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ userinfo_encrypted_response_enc?: string; request_object_signing_alg?: AlgAlgorithmParameter5; request_object_encryption_alg?: AlgAlgorithmParameter6; /** * JWE enc algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ request_object_encryption_enc?: string; token_endpoint_auth_signing_alg?: AlgAlgorithmParameter7; /** * Default Maximum Authentication Age * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ default_max_age?: number; /** * Boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ require_auth_time?: boolean; /** * Default requested Authentication Context Class Reference values * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ default_acr_values?: string[]; /** * URI using the https scheme that a third party can use to initiate a login by the RP * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ initiate_login_uri?: string; /** * Array of request_uri values that are pre-registered by the RP for use at the OP * @see {@link OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 2} */ request_uris?: string[]; /** * claims redirection endpoints * @see {@link UMA 2.0 Grant for OAuth 2.0, Section 2} */ claims_redirect_uris?: string[]; nfv_token_signed_response_alg?: AlgAlgorithmParameter8; nfv_token_encrypted_response_alg?: AlgAlgorithmParameter9; /** * JWE enc algorithm required for encrypting the nfv Token issued to this Client * @see {@link ETSI GS NFV-SEC 022 V2.7.1} */ nfv_token_encrypted_response_enc?: string; /** * Indicates the client's intention to * use mutual-TLS client certificate-bound access tokens. * @see {@link https://datatracker.ietf.org/doc/html/rfc8705#section-3.4} */ tls_client_certificate_bound_access_tokens?: boolean; /** * String value specifying the expected * subject DN of the client certificate. * @see {@link https://datatracker.ietf.org/doc/html/rfc8705#section-2.1.2} */ tls_client_auth_subject_dn?: string; /** * String value specifying the expected * dNSName SAN entry in the client certificate. * @see {@link https://datatracker.ietf.org/doc/html/rfc8705#section-2.1.2} */ tls_client_auth_san_dns?: string; /** * String value specifying the expected * uniformResourceIdentifier SAN entry in the client certificate. * @see {@link https://datatracker.ietf.org/doc/html/rfc8705#section-2.1.2} */ tls_client_auth_san_uri?: string; /** * String value specifying the expected * iPAddress SAN entry in the client certificate. * @see {@link https://datatracker.ietf.org/doc/html/rfc8705#section-2.1.2} */ tls_client_auth_san_ip?: { [k: string]: unknown; } & string; /** * String value specifying the expected * rfc822Name SAN entry in the client certificate. * @see {@link https://datatracker.ietf.org/doc/html/rfc8705#section-2.1.2} */ tls_client_auth_san_email?: string; /** * Indicates where authorization request needs * to be protected as Request Object and provided through either * request or request_uri parameter. * @see {@link https://datatracker.ietf.org/doc/html/rfc9101#section-10.5} */ require_signed_request_object?: boolean; /** * Indicates whether the client is required to use PAR to initiate authorization requests. * @see {@link https://datatracker.ietf.org/doc/html/rfc9126#section-6} */ require_pushed_authorization_requests?: boolean; introspection_signed_response_alg?: AlgAlgorithmParameter10; introspection_encrypted_response_alg?: AlgAlgorithmParameter11; /** * String value specifying the desired * introspection response content encryption algorithm (enc value) * @see {@link https://datatracker.ietf.org/doc/html/rfc9701#section-6} */ introspection_encrypted_response_enc?: string; /** * RP URL that will cause the RP to log itself out when rendered in an iframe by the OP * @see {@link OpenID Connect Front-Channel Logout 1.0, Section 2} */ frontchannel_logout_uri?: string; /** * Boolean value specifying whether the RP requires that a sid (session ID) query parameter be included to identify the RP session with the OP when the frontchannel_logout_uri is used * @see {@link OpenID Connect Front-Channel Logout 1.0, Section 2} */ frontchannel_logout_session_required?: boolean; /** * RP URL that will cause the RP to log itself out when sent a Logout Token by the OP * @see {@link OpenID Connect Back-Channel Logout 1.0, Section 2.2} */ backchannel_logout_uri?: string; /** * Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used * @see {@link OpenID Connect Back-Channel Logout 1.0, Section 2.2} */ backchannel_logout_session_required?: boolean; /** * Array of URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed * @see {@link OpenID Connect RP-Initiated Logout 1.0, Section 3.1} */ post_logout_redirect_uris?: string[]; /** * Indicates what authorization details types the client uses. * @see {@link https://datatracker.ietf.org/doc/html/rfc9396#section-10} */ authorization_details_types?: string[]; /** * Boolean value specifying whether the client always uses DPoP for token requests * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#section-5.2} */ dpop_bound_access_tokens?: boolean; /** * An array of strings specifying the client registration types the RP wants to use * @see {@link Section 5.1.2 of OpenID Federation 1.0} */ client_registration_types?: { [k: string]: unknown; }; /** * URL referencing a signed JWT having the client's JWK Set document as its payload * @see {@link Section 5.2.1 of OpenID Federation 1.0} */ signed_jwks_uri?: { [k: string]: unknown; }; /** * Human-readable name representing the organization owning this client * @see {@link Section 5.2.2 of OpenID Federation 1.0} */ organization_name?: { [k: string]: unknown; }; /** * Human-readable brief description of this client presentable to the End-User * @see {@link Section 5.2.2 of OpenID Federation 1.0} */ description?: { [k: string]: unknown; }; /** * JSON array with one or more strings representing search keywords, tags, categories, or labels that apply to this client * @see {@link Section 5.2.2 of OpenID Federation 1.0} */ keywords?: { [k: string]: unknown; }; /** * URL for documentation of additional information about this client viewable by the End-User * @see {@link Section 5.2.2 of OpenID Federation 1.0} */ information_uri?: { [k: string]: unknown; }; /** * URL of a Web page for the organization owning this client * @see {@link Section 5.2.2 of OpenID Federation 1.0} */ organization_uri?: { [k: string]: unknown; }; /** * Boolean value indicating the requirement for a client * to use mutual-TLS endpoint aliases [RFC8705] declared by the authorization * server in its metadata even beyond the Mutual-TLS Client Authentication and * Certificate-Bound Access Tokens use cases. * @see {@link Section 5.2.2.1.1 of FAPI 2.0 Security Profile} */ use_mtls_endpoint_aliases?: { [k: string]: unknown; }; /** * Non-empty array of strings, where each string is a JWE [RFC7516] enc algorithm that can be used as the content encryption algorithm for encrypting the Response * @see {@link Section 5.1 of OpenID for Verifiable Presentations 1.0} */ encrypted_response_enc_values_supported?: { [k: string]: unknown; }; /** * An object containing a list of name/value pairs, where the name is a string identifying a Credential format supported by the Verifier * @see {@link Section 11.1 of OpenID for Verifiable Presentations 1.0} */ vp_formats_supported?: { [k: string]: unknown; }; [k: string]: unknown; } /** * Client's JSON Web Key Set [RFC7517] document representing the client's public keys * @see {@link https://datatracker.ietf.org/doc/html/rfc7591} */ export interface Jwks { keys: Jwk[]; [k: string]: unknown; } /** * @see {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4 JSON Web Key (JWK) Format} */ export interface Jwk { 'kty': Kty; 'use'?: Use; 'key_ops'?: KeyOps; 'alg'?: Alg; 'kid'?: Kid; 'x5u'?: X5U; 'x5c'?: X5C; 'x5t'?: X5T; 'x5t#S256'?: X5TS256; 'crv'?: Crv; 'x'?: X; 'y'?: Y; 'd'?: D; 'n'?: N; 'e'?: E; 'p'?: P; 'q'?: Q; 'dp'?: Dp; 'dq'?: Dq; 'qi'?: Qi; 'oth'?: Oth; 'k'?: K; 'ext'?: Ext; 'iat'?: Iat; 'nbf'?: Nbf; 'exp'?: Exp; 'revoked'?: Revoked; 'pub'?: Pub; 'priv'?: Priv; [k: string]: unknown; } /** * The subtype of key pair * @see {@link https://datatracker.ietf.org/doc/html/rfc8037#section-2} */ export interface Crv { [k: string]: unknown; } /** * The public key * @see {@link https://datatracker.ietf.org/doc/html/rfc8037#section-2} */ export interface X { [k: string]: unknown; } /** * Y Coordinate * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.3} */ export interface Y { [k: string]: unknown; } /** * The private key * @see {@link https://datatracker.ietf.org/doc/html/rfc8037#section-2} */ export interface D { [k: string]: unknown; } /** * Modulus * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1} */ export interface N { [k: string]: unknown; } /** * Exponent * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.2} */ export interface E { [k: string]: unknown; } /** * First Prime Factor * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.2} */ export interface P { [k: string]: unknown; } /** * Second Prime Factor * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.3} */ export interface Q { [k: string]: unknown; } /** * First Factor CRT Exponent * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.4} */ export interface Dp { [k: string]: unknown; } /** * Second Factor CRT Exponent * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.5} */ export interface Dq { [k: string]: unknown; } /** * First CRT Coefficient * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.6} */ export interface Qi { [k: string]: unknown; } /** * Other Primes Info * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.2.7} */ export interface Oth { [k: string]: unknown; } /** * Key Value * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-6.4.1} */ export interface K { [k: string]: unknown; } /** * Extractable * @see {@link https://www.w3.org/TR/WebCryptoAPI} */ export interface Ext { [k: string]: unknown; } /** * Issued At, as defined in [RFC7519] * @see {@link OpenID Federation 1.0, Section 8.7.2} */ export interface Iat { [k: string]: unknown; } /** * Not Before, as defined in [RFC7519] * @see {@link OpenID Federation 1.0, Section 8.7.2} */ export interface Nbf { [k: string]: unknown; } /** * Expiration Time, as defined in [RFC7519] * @see {@link OpenID Federation 1.0, Section 8.7.2} */ export interface Exp { [k: string]: unknown; } /** * Revoked Key Properties * @see {@link OpenID Federation 1.0, Section 8.7.2} */ export interface Revoked { [k: string]: unknown; } /** * Public key * @see {@link https://datatracker.ietf.org/doc/html/rfcNaN} */ export interface Pub { [k: string]: unknown; } /** * Private key * @see {@link https://datatracker.ietf.org/doc/html/rfcNaN} */ export interface Priv { [k: string]: unknown; }