* Add `device_authorization_endpoint` field to OIDC issuer well-known metadata
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Allow `validateIdToken` to skip handling nonce when none is present
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Tweak registerOidcClient to check OIDC grant_types_supported before registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* use oidc-client-ts during oidc discovery
* export new type for auth config
* deprecate generateAuthorizationUrl in favour of generateOidcAuthorizationUrl
* testing util for oidc configurations
* test generateOidcAuthorizationUrl
* lint
* test discovery
* dont pass whole client wellknown to oidc validation funcs
* add nonce
* use client userState for homeserver
