feat(types): add interfaces for RFC 9396 (Rich Authorization Requests)

docs/README.md

@@ -135,6 +135,7 @@
 ### Interfaces
 
 - [AuthenticatedRequestOptions](interfaces/AuthenticatedRequestOptions.md)
+- [AuthorizationDetails](interfaces/AuthorizationDetails.md)
 - [AuthorizationServer](interfaces/AuthorizationServer.md)
 - [Client](interfaces/Client.md)
 - [ClientCredentialsGrantRequestOptions](interfaces/ClientCredentialsGrantRequestOptions.md)

docs/interfaces/AuthorizationDetails.md

@@ -0,0 +1,54 @@
+# Interface: AuthorizationDetails
+
+[💗 Help the project](https://github.com/sponsors/panva)
+
+## Indexable
+
+▪ [parameter: `string`]: [`JsonValue`](../types/JsonValue.md) \| `undefined`
+
+## Table of contents
+
+### Properties
+
+- [type](AuthorizationDetails.md#type)
+- [actions](AuthorizationDetails.md#actions)
+- [datatypes](AuthorizationDetails.md#datatypes)
+- [identifier](AuthorizationDetails.md#identifier)
+- [locations](AuthorizationDetails.md#locations)
+- [privileges](AuthorizationDetails.md#privileges)
+
+## Properties
+
+### type
+
+• `Readonly` **type**: `string`
+
+___
+
+### actions
+
+• `Optional` `Readonly` **actions**: `string`[]
+
+___
+
+### datatypes
+
+• `Optional` `Readonly` **datatypes**: `string`[]
+
+___
+
+### identifier
+
+• `Optional` `Readonly` **identifier**: `string`
+
+___
+
+### locations
+
+• `Optional` `Readonly` **locations**: `string`[]
+
+___
+
+### privileges
+
+• `Optional` `Readonly` **privileges**: `string`[]

docs/interfaces/ClientCredentialsGrantResponse.md

@@ -12,6 +12,7 @@
 
 - [access\_token](ClientCredentialsGrantResponse.md#access_token)
 - [token\_type](ClientCredentialsGrantResponse.md#token_type)
+- [authorization\_details](ClientCredentialsGrantResponse.md#authorization_details)
 - [expires\_in](ClientCredentialsGrantResponse.md#expires_in)
 - [scope](ClientCredentialsGrantResponse.md#scope)
 
@@ -31,6 +32,12 @@ NOTE: because the value is case insensitive it is always returned lowercased
 
 ___
 
+### authorization\_details
+
+• `Optional` `Readonly` **authorization\_details**: [`AuthorizationDetails`](AuthorizationDetails.md)[]
+
+___
+
 ### expires\_in
 
 • `Optional` `Readonly` **expires\_in**: `number`

docs/interfaces/IntrospectionResponse.md

@@ -12,6 +12,7 @@
 
 - [active](IntrospectionResponse.md#active)
 - [aud](IntrospectionResponse.md#aud)
+- [authorization\_details](IntrospectionResponse.md#authorization_details)
 - [client\_id](IntrospectionResponse.md#client_id)
 - [cnf](IntrospectionResponse.md#cnf)
 - [exp](IntrospectionResponse.md#exp)
@@ -39,6 +40,12 @@ ___
 
 ___
 
+### authorization\_details
+
+• `Optional` `Readonly` **authorization\_details**: [`AuthorizationDetails`](AuthorizationDetails.md)[]
+
+___
+
 ### client\_id
 
 • `Optional` `Readonly` **client\_id**: `string`

docs/interfaces/JWTAccessTokenClaims.md

@@ -17,6 +17,7 @@
 - [iss](JWTAccessTokenClaims.md#iss)
 - [jti](JWTAccessTokenClaims.md#jti)
 - [sub](JWTAccessTokenClaims.md#sub)
+- [authorization\_details](JWTAccessTokenClaims.md#authorization_details)
 - [cnf](JWTAccessTokenClaims.md#cnf)
 - [nbf](JWTAccessTokenClaims.md#nbf)
 - [scope](JWTAccessTokenClaims.md#scope)
@@ -65,6 +66,12 @@ ___
 
 ___
 
+### authorization\_details
+
+• `Optional` `Readonly` **authorization\_details**: [`AuthorizationDetails`](AuthorizationDetails.md)[]
+
+___
+
 ### cnf
 
 • `Optional` `Readonly` **cnf**: [`ConfirmationClaims`](ConfirmationClaims.md)

docs/interfaces/OAuth2TokenEndpointResponse.md

@@ -12,6 +12,7 @@
 
 - [access\_token](OAuth2TokenEndpointResponse.md#access_token)
 - [token\_type](OAuth2TokenEndpointResponse.md#token_type)
+- [authorization\_details](OAuth2TokenEndpointResponse.md#authorization_details)
 - [expires\_in](OAuth2TokenEndpointResponse.md#expires_in)
 - [id\_token](OAuth2TokenEndpointResponse.md#id_token)
 - [refresh\_token](OAuth2TokenEndpointResponse.md#refresh_token)
@@ -33,6 +34,12 @@ NOTE: because the value is case insensitive it is always returned lowercased
 
 ___
 
+### authorization\_details
+
+• `Optional` `Readonly` **authorization\_details**: [`AuthorizationDetails`](AuthorizationDetails.md)[]
+
+___
+
 ### expires\_in
 
 • `Optional` `Readonly` **expires\_in**: `number`

docs/interfaces/OpenIDTokenEndpointResponse.md

@@ -13,6 +13,7 @@
 - [access\_token](OpenIDTokenEndpointResponse.md#access_token)
 - [id\_token](OpenIDTokenEndpointResponse.md#id_token)
 - [token\_type](OpenIDTokenEndpointResponse.md#token_type)
+- [authorization\_details](OpenIDTokenEndpointResponse.md#authorization_details)
 - [expires\_in](OpenIDTokenEndpointResponse.md#expires_in)
 - [refresh\_token](OpenIDTokenEndpointResponse.md#refresh_token)
 - [scope](OpenIDTokenEndpointResponse.md#scope)
@@ -39,6 +40,12 @@ NOTE: because the value is case insensitive it is always returned lowercased
 
 ___
 
+### authorization\_details
+
+• `Optional` `Readonly` **authorization\_details**: [`AuthorizationDetails`](AuthorizationDetails.md)[]
+
+___
+
 ### expires\_in
 
 • `Optional` `Readonly` **expires\_in**: `number`

docs/interfaces/TokenEndpointResponse.md

@@ -12,6 +12,7 @@
 
 - [access\_token](TokenEndpointResponse.md#access_token)
 - [token\_type](TokenEndpointResponse.md#token_type)
+- [authorization\_details](TokenEndpointResponse.md#authorization_details)
 - [expires\_in](TokenEndpointResponse.md#expires_in)
 - [id\_token](TokenEndpointResponse.md#id_token)
 - [refresh\_token](TokenEndpointResponse.md#refresh_token)
@@ -33,6 +34,12 @@ NOTE: because the value is case insensitive it is always returned lowercased
 
 ___
 
+### authorization\_details
+
+• `Optional` `Readonly` **authorization\_details**: [`AuthorizationDetails`](AuthorizationDetails.md)[]
+
+___
+
 ### expires\_in
 
 • `Optional` `Readonly` **expires\_in**: `number`

src/index.ts

@@ -2780,12 +2780,24 @@ function validatePresence(
   return result
 }
 
+export interface AuthorizationDetails {
+  readonly type: string
+  readonly locations?: string[]
+  readonly actions?: string[]
+  readonly datatypes?: string[]
+  readonly privileges?: string[]
+  readonly identifier?: string
+
+  readonly [parameter: string]: JsonValue | undefined
+}
+
 export interface TokenEndpointResponse {
   readonly access_token: string
   readonly expires_in?: number
   readonly id_token?: string
   readonly refresh_token?: string
   readonly scope?: string
+  readonly authorization_details?: AuthorizationDetails[]
   /**
    * NOTE: because the value is case insensitive it is always returned lowercased
    */
@@ -2800,6 +2812,7 @@ export interface OpenIDTokenEndpointResponse {
   readonly id_token: string
   readonly refresh_token?: string
   readonly scope?: string
+  readonly authorization_details?: AuthorizationDetails[]
   /**
    * NOTE: because the value is case insensitive it is always returned lowercased
    */
@@ -2814,6 +2827,7 @@ export interface OAuth2TokenEndpointResponse {
   readonly id_token?: undefined
   readonly refresh_token?: string
   readonly scope?: string
+  readonly authorization_details?: AuthorizationDetails[]
   /**
    * NOTE: because the value is case insensitive it is always returned lowercased
    */
@@ -2826,6 +2840,7 @@ export interface ClientCredentialsGrantResponse {
   readonly access_token: string
   readonly expires_in?: number
   readonly scope?: string
+  readonly authorization_details?: AuthorizationDetails[]
   /**
    * NOTE: because the value is case insensitive it is always returned lowercased
    */
@@ -3206,6 +3221,7 @@ export interface IntrospectionResponse {
   readonly nbf?: number
   readonly token_type?: string
   readonly cnf?: ConfirmationClaims
+  readonly authorization_details?: AuthorizationDetails[]
 
   readonly [claim: string]: JsonValue | undefined
 }
@@ -4240,6 +4256,7 @@ export interface JWTAccessTokenClaims extends JWTPayload {
   readonly iat: number
   readonly jti: string
   readonly client_id: string
+  readonly authorization_details?: AuthorizationDetails[]
   readonly scope?: string
 
   readonly [claim: string]: JsonValue | undefined