1import { CreateURLOptions } from 'expo-linking'; 2import { WebBrowserOpenOptions, WebBrowserWindowFeatures } from 'expo-web-browser'; 3 4// @needsAudit 5export enum CodeChallengeMethod { 6 /** 7 * The default and recommended method for transforming the code verifier. 8 * - Convert the code verifier to ASCII. 9 * - Create a digest of the string using crypto method SHA256. 10 * - Convert the digest to Base64 and URL encode it. 11 */ 12 S256 = 'S256', 13 /** 14 * This should not be used. When used, the code verifier will be sent to the server as-is. 15 */ 16 Plain = 'plain', 17} 18 19// @needsAudit 20/** 21 * The client informs the authorization server of the desired grant type by using the response type. 22 * 23 * @see [Section 3.1.1](https://tools.ietf.org/html/rfc6749#section-3.1.1). 24 */ 25export enum ResponseType { 26 /** 27 * For requesting an authorization code as described by [Section 4.1.1](https://tools.ietf.org/html/rfc6749#section-4.1.1). 28 */ 29 Code = 'code', 30 /** 31 * For requesting an access token (implicit grant) as described by [Section 4.2.1](https://tools.ietf.org/html/rfc6749#section-4.2.1). 32 */ 33 Token = 'token', 34 /** 35 * A custom registered type for getting an `id_token` from Google OAuth. 36 */ 37 IdToken = 'id_token', 38} 39 40// @needsAudit 41/** 42 * Informs the server if the user should be prompted to login or consent again. 43 * This can be used to present a dialog for switching accounts after the user has already been logged in. 44 * You should use this in favor of clearing cookies (which is mostly not possible on iOS). 45 * 46 * @see [Section 3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationRequest). 47 */ 48export enum Prompt { 49 /** 50 * Server must not display any auth or consent UI. Can be used to check for existing auth or consent. 51 * An error is returned if a user isn't already authenticated or the client doesn't have pre-configured consent for the requested claims, or does not fulfill other conditions for processing the request. 52 * The error code will typically be `login_required`, `interaction_required`, or another code defined in [Section 3.1.2.6](https://openid.net/specs/openid-connect-core-1_0.html#AuthError). 53 */ 54 None = 'none', 55 /** 56 * The server should prompt the user to reauthenticate. 57 * If it cannot reauthenticate the End-User, it must return an error, typically `login_required`. 58 */ 59 Login = 'login', 60 /** 61 * Server should prompt the user for consent before returning information to the client. 62 * If it cannot obtain consent, it must return an error, typically `consent_required`. 63 */ 64 Consent = 'consent', 65 /** 66 * Server should prompt the user to select an account. Can be used to switch accounts. 67 * If it can't obtain an account selection choice made by the user, it must return an error, typically `account_selection_required`. 68 */ 69 SelectAccount = 'select_account', 70} 71 72// @needsAudit 73/** 74 * Options passed to the `promptAsync()` method of `AuthRequest`s. 75 * This can be used to configure how the web browser should look and behave. 76 */ 77export type AuthRequestPromptOptions = Omit<WebBrowserOpenOptions, 'windowFeatures'> & { 78 /** 79 * URL to open when prompting the user. This usually should be defined internally and left `undefined` in most cases. 80 */ 81 url?: string; 82 /** 83 * Should the authentication request use the Expo proxy service `auth.expo.io`. 84 * @default false 85 */ 86 useProxy?: boolean; 87 /** 88 * Project name to use for the \`auth.expo.io\` proxy when `useProxy` is true. 89 */ 90 projectNameForProxy?: string; 91 /** 92 * URL options to be used when creating the redirect URL for the auth proxy. 93 */ 94 proxyOptions?: Omit<CreateURLOptions, 'queryParams'> & { path?: string }; 95 /** 96 * Features to use with `window.open()`. 97 * @platform web 98 */ 99 windowFeatures?: WebBrowserWindowFeatures; 100}; 101 102// @needsAudit 103/** 104 * Represents an OAuth authorization request as JSON. 105 */ 106export interface AuthRequestConfig { 107 /** 108 * Specifies what is returned from the authorization server. 109 * 110 * [Section 3.1.1](https://tools.ietf.org/html/rfc6749#section-3.1.1) 111 * 112 * @default ResponseType.Code 113 */ 114 responseType?: ResponseType | string; 115 /** 116 * A unique string representing the registration information provided by the client. 117 * The client identifier is not a secret; it is exposed to the resource owner and shouldn't be used 118 * alone for client authentication. 119 * 120 * The client identifier is unique to the authorization server. 121 * 122 * [Section 2.2](https://tools.ietf.org/html/rfc6749#section-2.2) 123 */ 124 clientId: string; 125 /** 126 * After completing an interaction with a resource owner the 127 * server will redirect to this URI. Learn more about [linking in Expo](https://docs.expo.dev/versions/latest/workflow/linking/). 128 * 129 * [Section 3.1.2](https://tools.ietf.org/html/rfc6749#section-3.1.2) 130 */ 131 redirectUri: string; 132 /** 133 * List of strings to request access to. 134 * 135 * [Section 3.3](https://tools.ietf.org/html/rfc6749#section-3.3) 136 */ 137 scopes?: string[]; 138 /** 139 * Client secret supplied by an auth provider. 140 * There is no secure way to store this on the client. 141 * 142 * [Section 2.3.1](https://tools.ietf.org/html/rfc6749#section-2.3.1) 143 */ 144 clientSecret?: string; 145 /** 146 * Method used to generate the code challenge. You should never use `Plain` as it's not good enough for secure verification. 147 * @default CodeChallengeMethod.S256 148 */ 149 codeChallengeMethod?: CodeChallengeMethod; 150 /** 151 * Derived from the code verifier by using the `CodeChallengeMethod`. 152 * 153 * [Section 4.2](https://tools.ietf.org/html/rfc7636#section-4.2) 154 */ 155 codeChallenge?: string; 156 /** 157 * Informs the server if the user should be prompted to login or consent again. 158 * This can be used to present a dialog for switching accounts after the user has already been logged in. 159 * 160 * [Section 3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationRequest) 161 */ 162 prompt?: Prompt; 163 /** 164 * Used for protection against [Cross-Site Request Forgery](https://tools.ietf.org/html/rfc6749#section-10.12). 165 */ 166 state?: string; 167 /** 168 * Extra query params that'll be added to the query string. 169 */ 170 extraParams?: Record<string, string>; 171 /** 172 * Should use [Proof Key for Code Exchange](https://oauth.net/2/pkce/). 173 * @default true 174 */ 175 usePKCE?: boolean; 176} 177