1import { WebBrowserOpenOptions, WebBrowserWindowFeatures } from 'expo-web-browser'; 2 3// @needsAudit 4export enum CodeChallengeMethod { 5 /** 6 * The default and recommended method for transforming the code verifier. 7 * - Convert the code verifier to ASCII. 8 * - Create a digest of the string using crypto method SHA256. 9 * - Convert the digest to Base64 and URL encode it. 10 */ 11 S256 = 'S256', 12 /** 13 * This should not be used. When used, the code verifier will be sent to the server as-is. 14 */ 15 Plain = 'plain', 16} 17 18// @needsAudit 19/** 20 * The client informs the authorization server of the desired grant type by using the response type. 21 * 22 * @see [Section 3.1.1](https://tools.ietf.org/html/rfc6749#section-3.1.1). 23 */ 24export enum ResponseType { 25 /** 26 * For requesting an authorization code as described by [Section 4.1.1](https://tools.ietf.org/html/rfc6749#section-4.1.1). 27 */ 28 Code = 'code', 29 /** 30 * For requesting an access token (implicit grant) as described by [Section 4.2.1](https://tools.ietf.org/html/rfc6749#section-4.2.1). 31 */ 32 Token = 'token', 33 /** 34 * A custom registered type for getting an `id_token` from Google OAuth. 35 */ 36 IdToken = 'id_token', 37} 38 39// @needsAudit 40/** 41 * Informs the server if the user should be prompted to login or consent again. 42 * This can be used to present a dialog for switching accounts after the user has already been logged in. 43 * You should use this in favor of clearing cookies (which is mostly not possible on iOS). 44 * 45 * @see [Section 3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationRequest). 46 */ 47export enum Prompt { 48 /** 49 * Server must not display any auth or consent UI. Can be used to check for existing auth or consent. 50 * An error is returned if a user isn't already authenticated or the client doesn't have pre-configured consent for the requested claims, or does not fulfill other conditions for processing the request. 51 * The error code will typically be `login_required`, `interaction_required`, or another code defined in [Section 3.1.2.6](https://openid.net/specs/openid-connect-core-1_0.html#AuthError). 52 */ 53 None = 'none', 54 /** 55 * The server should prompt the user to reauthenticate. 56 * If it cannot reauthenticate the End-User, it must return an error, typically `login_required`. 57 */ 58 Login = 'login', 59 /** 60 * Server should prompt the user for consent before returning information to the client. 61 * If it cannot obtain consent, it must return an error, typically `consent_required`. 62 */ 63 Consent = 'consent', 64 /** 65 * Server should prompt the user to select an account. Can be used to switch accounts. 66 * If it can't obtain an account selection choice made by the user, it must return an error, typically `account_selection_required`. 67 */ 68 SelectAccount = 'select_account', 69} 70 71// @needsAudit 72/** 73 * Options passed to the `promptAsync()` method of `AuthRequest`s. 74 * This can be used to configure how the web browser should look and behave. 75 */ 76export type AuthRequestPromptOptions = Omit<WebBrowserOpenOptions, 'windowFeatures'> & { 77 /** 78 * URL to open when prompting the user. This usually should be defined internally and left `undefined` in most cases. 79 */ 80 url?: string; 81 /** 82 * Features to use with `window.open()`. 83 * @platform web 84 */ 85 windowFeatures?: WebBrowserWindowFeatures; 86}; 87 88// @needsAudit 89/** 90 * Represents an OAuth authorization request as JSON. 91 */ 92export interface AuthRequestConfig { 93 /** 94 * Specifies what is returned from the authorization server. 95 * 96 * [Section 3.1.1](https://tools.ietf.org/html/rfc6749#section-3.1.1) 97 * 98 * @default ResponseType.Code 99 */ 100 responseType?: ResponseType | string; 101 /** 102 * A unique string representing the registration information provided by the client. 103 * The client identifier is not a secret; it is exposed to the resource owner and shouldn't be used 104 * alone for client authentication. 105 * 106 * The client identifier is unique to the authorization server. 107 * 108 * [Section 2.2](https://tools.ietf.org/html/rfc6749#section-2.2) 109 */ 110 clientId: string; 111 /** 112 * After completing an interaction with a resource owner the 113 * server will redirect to this URI. Learn more about [linking in Expo](/guides/linking/). 114 * 115 * [Section 3.1.2](https://tools.ietf.org/html/rfc6749#section-3.1.2) 116 */ 117 redirectUri: string; 118 /** 119 * List of strings to request access to. 120 * 121 * [Section 3.3](https://tools.ietf.org/html/rfc6749#section-3.3) 122 */ 123 scopes?: string[]; 124 /** 125 * Client secret supplied by an auth provider. 126 * There is no secure way to store this on the client. 127 * 128 * [Section 2.3.1](https://tools.ietf.org/html/rfc6749#section-2.3.1) 129 */ 130 clientSecret?: string; 131 /** 132 * Method used to generate the code challenge. You should never use `Plain` as it's not good enough for secure verification. 133 * @default CodeChallengeMethod.S256 134 */ 135 codeChallengeMethod?: CodeChallengeMethod; 136 /** 137 * Derived from the code verifier by using the `CodeChallengeMethod`. 138 * 139 * [Section 4.2](https://tools.ietf.org/html/rfc7636#section-4.2) 140 */ 141 codeChallenge?: string; 142 /** 143 * Informs the server if the user should be prompted to login or consent again. 144 * This can be used to present a dialog for switching accounts after the user has already been logged in. 145 * 146 * [Section 3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationRequest) 147 */ 148 prompt?: Prompt; 149 /** 150 * Used for protection against [Cross-Site Request Forgery](https://tools.ietf.org/html/rfc6749#section-10.12). 151 */ 152 state?: string; 153 /** 154 * Extra query params that'll be added to the query string. 155 */ 156 extraParams?: Record<string, string>; 157 /** 158 * Should use [Proof Key for Code Exchange](https://oauth.net/2/pkce/). 159 * @default true 160 */ 161 usePKCE?: boolean; 162} 163