Skip to content
VGI-RPC Logo vgi-rpc

OAuthResourceMetadata

Defined in: src/http/auth.ts:10

RFC 9728 OAuth Protected Resource Metadata.

Properties

Section titled “Properties”

authorizationServers

Section titled “authorizationServers”
authorizationServers: string[];

Defined in: src/http/auth.ts:16

Authorization-server issuer URLs. The PKCE flow uses authorizationServers[0] for OIDC discovery.

bearerMethodsSupported?

Section titled “bearerMethodsSupported?”
optional bearerMethodsSupported?: string[];

Defined in: src/http/auth.ts:22

Advertised bearer methods (e.g. ["header"]).

clientId?

Section titled “clientId?”
optional clientId?: string;

Defined in: src/http/auth.ts:34

OAuth client_id that clients should use with the authorization server.

clientSecret?

Section titled “clientSecret?”
optional clientSecret?: string;

Defined in: src/http/auth.ts:36

OAuth client_secret that clients should use with the authorization server.

deviceCodeClientId?

Section titled “deviceCodeClientId?”
optional deviceCodeClientId?: string;

Defined in: src/http/auth.ts:38

OAuth client_id for device code flow.

deviceCodeClientSecret?

Section titled “deviceCodeClientSecret?”
optional deviceCodeClientSecret?: string;

Defined in: src/http/auth.ts:40

OAuth client_secret for device code flow.

resource

Section titled “resource”
resource: string;

Defined in: src/http/auth.ts:13

The protected resource’s canonical URL. Doubles as the base for the /_oauth/callback redirect URI.

resourceDocumentation?

Section titled “resourceDocumentation?”
optional resourceDocumentation?: string;

Defined in: src/http/auth.ts:28

Documentation URL for the resource.

resourceName?

Section titled “resourceName?”
optional resourceName?: string;

Defined in: src/http/auth.ts:26

Human-readable resource name.

resourcePolicyUri?

Section titled “resourcePolicyUri?”
optional resourcePolicyUri?: string;

Defined in: src/http/auth.ts:30

Policy URL for the resource.

resourceSigningAlgValuesSupported?

Section titled “resourceSigningAlgValuesSupported?”
optional resourceSigningAlgValuesSupported?: string[];

Defined in: src/http/auth.ts:24

JWS algorithms the resource accepts.

resourceTosUri?

Section titled “resourceTosUri?”
optional resourceTosUri?: string;

Defined in: src/http/auth.ts:32

Terms-of-service URL for the resource.

scopesSupported?

Section titled “scopesSupported?”
optional scopesSupported?: string[];

Defined in: src/http/auth.ts:20

Scopes the resource advertises. When non-empty these become the PKCE authorization request’s space-joined scope, taking precedence over HttpHandlerOptions.oauthPkceScope.

useIdTokenAsBearer?

Section titled “useIdTokenAsBearer?”
optional useIdTokenAsBearer?: boolean;

Defined in: src/http/auth.ts:42

When true, clients should use the OIDC id_token as the Bearer token instead of access_token.