add type and schema for protected resource metadata

itsuki · itsuki · commit b90d5ba25cf0 · 2025-04-27T19:01:57.000+09:00
diff --git a/src/shared/auth.ts b/src/shared/auth.ts
@@ -1,5 +1,27 @@
 import { z } from "zod";
 
+/**
+ * RFC 8414 OAuth 2.0 Authorization Server Metadata
+ */
+export const OAuthProtectedResourceMetadataSchema = z
+  .object({
+    resource: z.string(),
+    authorization_servers: z.array(z.string()).optional(),
+    jwks_uri: z.string().optional(),
+    scopes_supported: z.array(z.string()).optional(),
+    bearer_methods_supported: z.array(z.string()).optional(),
+    resource_signing_alg_values_supported: z.array(z.string()).optional(),
+    resource_name: z.string().optional(),
+    resource_documentation: z.string().optional(),
+    resource_policy_uri: z.string().optional(),
+    resource_tos_uri: z.string().optional(),
+    tls_client_certificate_bound_access_tokens: z.boolean().optional(),
+    authorization_details_types_supported: z.array(z.string()).optional(),
+    dpop_signing_alg_values_supported: z.array(z.string()).optional(),
+    dpop_bound_access_tokens_required: z.boolean().optional(),
+  })
+  .passthrough();
+
 /**
  * RFC 8414 OAuth 2.0 Authorization Server Metadata
  */
@@ -109,6 +131,7 @@ export const OAuthTokenRevocationRequestSchema = z.object({
   token_type_hint: z.string().optional(),
 }).strip();
 
+export type OAuthProtectedResourceMetadata = z.infer<typeof OAuthProtectedResourceMetadataSchema>;
 export type OAuthMetadata = z.infer<typeof OAuthMetadataSchema>;
 export type OAuthTokens = z.infer<typeof OAuthTokensSchema>;
 export type OAuthErrorResponse = z.infer<typeof OAuthErrorResponseSchema>;
