refactor(types)!: force types without string defaults

This is so that type autocompletion can offer the supported values.
panva · Apr 10, 2022 · 188b252 · 188b252
1 parent cbe5e60
commit 188b252
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 23 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -80,6 +80,7 @@
 ### Type aliases
 
 - [ContentEncryptionAlgorithm](types/ContentEncryptionAlgorithm.md)
+- [HMACAlgorithms](types/HMACAlgorithms.md)
 - [JWSAlgorithm](types/JWSAlgorithm.md)
 - [KeyManagementAlgorithm](types/KeyManagementAlgorithm.md)
 - [ProcessingMode](types/ProcessingMode.md)

diff --git a/docs/interfaces/Client.md b/docs/interfaces/Client.md
@@ -24,7 +24,7 @@ Recognized Client Metadata that have an effect on the exposed functionality.
 
 ### authorization\_signed\_response\_alg
 
-• `Optional` **authorization\_signed\_response\_alg**: `string`
+• `Optional` **authorization\_signed\_response\_alg**: [`JWSAlgorithm`](../types/JWSAlgorithm.md)
 
 JWS "alg" algorithm required for signing authorization responses.
 
@@ -56,7 +56,7 @@ ___
 
 ### id\_token\_signed\_response\_alg
 
-• `Optional` **id\_token\_signed\_response\_alg**: `string`
+• `Optional` **id\_token\_signed\_response\_alg**: [`JWSAlgorithm`](../types/JWSAlgorithm.md)
 
 JWS "alg" algorithm required for signing the ID Token issued to this
 Client.
@@ -65,15 +65,15 @@ ___
 
 ### introspection\_signed\_response\_alg
 
-• `Optional` **introspection\_signed\_response\_alg**: `string`
+• `Optional` **introspection\_signed\_response\_alg**: [`JWSAlgorithm`](../types/JWSAlgorithm.md)
 
 JWS "alg" algorithm REQUIRED for signed introspection responses.
 
 ___
 
 ### request\_object\_encryption\_enc
 
-• `Optional` **request\_object\_encryption\_enc**: `string`
+• `Optional` **request\_object\_encryption\_enc**: [`ContentEncryptionAlgorithm`](../types/ContentEncryptionAlgorithm.md)
 
 JWE "enc" algorithm the RP is declaring that it may use for encrypting
 Request Objects sent to the authorization server.
@@ -91,7 +91,7 @@ ___
 
 ### token\_endpoint\_auth\_method
 
-• `Optional` **token\_endpoint\_auth\_method**: `string`
+• `Optional` **token\_endpoint\_auth\_method**: [`TokenEndpointAuthMethod`](../types/TokenEndpointAuthMethod.md)
 
 Client [authentication method](../types/TokenEndpointAuthMethod.md) for the
 client's authenticated requests.
@@ -100,16 +100,18 @@ ___
 
 ### token\_endpoint\_auth\_signing\_alg
 
-• `Optional` **token\_endpoint\_auth\_signing\_alg**: `string`
+• `Optional` **token\_endpoint\_auth\_signing\_alg**: [`HMACAlgorithms`](../types/HMACAlgorithms.md)
 
-JWS "alg" algorithm for `client_secret_jwt`
-[authentication method](../types/TokenEndpointAuthMethod.md). It is ignored
-for every other method.
+Symmetric JWS "alg" Algorithm for `client_secret_jwt`
+[authentication method](../types/TokenEndpointAuthMethod.md). It is not used
+for `private_key_jwt` due to use of
+[CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey)
+instances that can have a particular "alg" inferred.
 
 ___
 
 ### userinfo\_signed\_response\_alg
 
-• `Optional` **userinfo\_signed\_response\_alg**: `string`
+• `Optional` **userinfo\_signed\_response\_alg**: [`JWSAlgorithm`](../types/JWSAlgorithm.md)
 
 JWS "alg" algorithm REQUIRED for signing UserInfo Responses.
diff --git a/docs/interfaces/DiscoveryRequestOptions.md b/docs/interfaces/DiscoveryRequestOptions.md
@@ -11,7 +11,7 @@
 
 ### algorithm
 
-• `Optional` **algorithm**: `string`
+• `Optional` **algorithm**: [`ProcessingMode`](../types/ProcessingMode.md)
 
 The issuer transformation algorithm to use.
 

diff --git a/docs/types/HMACAlgorithms.md b/docs/types/HMACAlgorithms.md
@@ -0,0 +1,3 @@
+# Type alias: HMACAlgorithms
+
+Ƭ **HMACAlgorithms**: ``"HS256"`` \| ``"HS384"`` \| ``"HS512"``
diff --git a/src/index.ts b/src/index.ts
@@ -631,6 +631,8 @@ export interface AuthorizationServer {
   readonly [metadata: string]: unknown
 }
 
+export type HMACAlgorithms = 'HS256' | 'HS384' | 'HS512'
+
 /**
  * Recognized Client Metadata that have an effect on the exposed functionality.
  *
@@ -649,21 +651,21 @@ export interface Client {
    * Client {@link TokenEndpointAuthMethod authentication method} for the
    * client's authenticated requests.
    */
-  token_endpoint_auth_method?: TokenEndpointAuthMethod | string
+  token_endpoint_auth_method?: TokenEndpointAuthMethod
   /**
    * JWS "alg" algorithm required for signing the ID Token issued to this
    * Client.
    */
-  id_token_signed_response_alg?: JWSAlgorithm | string
+  id_token_signed_response_alg?: JWSAlgorithm
   /**
    * JWS "alg" algorithm required for signing authorization responses.
    */
-  authorization_signed_response_alg?: JWSAlgorithm | string
+  authorization_signed_response_alg?: JWSAlgorithm
   /**
    * JWE "enc" algorithm the RP is declaring that it may use for encrypting
    * Request Objects sent to the authorization server.
    */
-  request_object_encryption_enc?: ContentEncryptionAlgorithm | string
+  request_object_encryption_enc?: ContentEncryptionAlgorithm
   /**
    * Boolean value specifying whether the {@link IDToken.auth_time auth_time}
    * Claim in the ID Token is REQUIRED.
@@ -672,21 +674,23 @@ export interface Client {
   /**
    * JWS "alg" algorithm REQUIRED for signing UserInfo Responses.
    */
-  userinfo_signed_response_alg?: JWSAlgorithm | string
+  userinfo_signed_response_alg?: JWSAlgorithm
   /**
    * JWS "alg" algorithm REQUIRED for signed introspection responses.
    */
-  introspection_signed_response_alg?: JWSAlgorithm | string
+  introspection_signed_response_alg?: JWSAlgorithm
   /**
    * Default Maximum Authentication Age.
    */
   default_max_age?: number
   /**
-   * JWS "alg" algorithm for `client_secret_jwt`
-   * {@link TokenEndpointAuthMethod authentication method}. It is ignored
-   * for every other method.
+   * Symmetric JWS "alg" Algorithm for `client_secret_jwt`
+   * {@link TokenEndpointAuthMethod authentication method}. It is not used
+   * for `private_key_jwt` due to use of
+   * {@link https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey CryptoKey}
+   * instances that can have a particular "alg" inferred.
    */
-  token_endpoint_auth_signing_alg?: 'HS256' | 'HS384' | 'HS512' | string
+  token_endpoint_auth_signing_alg?: HMACAlgorithms
 
   [metadata: string]: unknown
 }
@@ -833,7 +837,7 @@ export interface DiscoveryRequestOptions extends SignalledRequestOptions {
   /**
    * The issuer transformation algorithm to use.
    */
-  algorithm?: ProcessingMode | string
+  algorithm?: ProcessingMode
 }
 
 function preserveBodyStream(response: Response) {

diff --git a/test/client_auth.test.ts b/test/client_auth.test.ts
@@ -220,7 +220,7 @@ test('client_secret_jwt', async (t) => {
   t.pass()
 })
 
-for (const alg of ['HS256', 'HS384', 'HS512']) {
+for (const alg of <lib.HMACAlgorithms[]>['HS256', 'HS384', 'HS512']) {
   test(`client_secret_jwt using ${alg}`, async (t) => {
     let assertion!: string
     t.context