feat(schemas): add grantTypes and responseTypes to app oidcClientMetadata

add grantTypes and responseTypes to app oidcClientMetadata
2024-12-16 20:26:19 -05:00 · 2024-09-14 15:50:37 +08:00 · 2024-09-14 15:50:37 +08:00 · 7b440d0248
commit 7b440d0248
parent 5aab7c01bf
2 changed files with 26 additions and 1 deletions
--- a/packages/schemas/src/foundations/jsonb-types/oidc-module.ts
+++ b/packages/schemas/src/foundations/jsonb-types/oidc-module.ts
@ -1,6 +1,7 @@
 import { validateRedirectUrl } from '@logto/core-kit';
 import { z } from 'zod';

+import { GrantType, ResponseType } from '../../types/oidc-config.js';
 import { type ToZodObject } from '../../utils/zod.js';

 export const oidcModelInstancePayloadGuard = z
@ -21,7 +22,7 @@ export type OidcClientMetadata = {
  /**
   * The redirect URIs that the client is allowed to use.
   *
-   * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata | OpenID Connect Dynamic Client Registration 1.0}
+   * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata | OpenID Connect Registration 1.0}
   */
  redirectUris: string[];
  /**
@ -43,6 +44,18 @@ export type OidcClientMetadata = {
   */
  backchannelLogoutSessionRequired?: boolean;
  logoUri?: string;
+  /**
+   * The allowed grant types for the client.
+   *
+   * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ClientMetadata | OpenID Connect Registration 1.0}
+   */
+  grantTypes?: GrantType[];
+  /**
+   * The allowed response types for the client.
+   *
+   * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ClientMetadata | OpenID Connect Registration 1.0}
+   */
+  responseTypes?: ResponseType[];
 };

 export const oidcClientMetadataGuard = z.object({
@ -55,6 +68,8 @@ export const oidcClientMetadataGuard = z.object({
  backchannelLogoutUri: z.string().url().optional(),
  backchannelLogoutSessionRequired: z.boolean().optional(),
  logoUri: z.string().optional(),
+  grantTypes: z.nativeEnum(GrantType).array().optional(),
+  responseTypes: z.nativeEnum(ResponseType).array().optional(),
 }) satisfies ToZodObject<OidcClientMetadata>;

 export enum CustomClientMetadataKey {
--- a/packages/schemas/src/types/oidc-config.ts
+++ b/packages/schemas/src/types/oidc-config.ts
@ -13,4 +13,14 @@ export enum GrantType {
  RefreshToken = 'refresh_token',
  ClientCredentials = 'client_credentials',
  TokenExchange = 'urn:ietf:params:oauth:grant-type:token-exchange',
+  Implicit = 'implicit',
+}
+
+export enum ResponseType {
+  /** Authorization code flow */
+  Code = 'code',
+  /** Implicit flow */
+  IdToken = 'id_token',
+  /** Hybrid flow */
+  HybridIdToken = 'code id_token',
 }