Authorization server metadata (RFC 8414). Discovered from the authorization server's well-known endpoint.

State for an in-progress authorization flow. Save this between the redirect to the authorization server and the callback.

Client metadata for OAuth registration. Describes the client application to the authorization server.

Authorization server and protected resource metadata discovery for the AT Protocol OAuth flow. Implements RFC 8414 (Authorization Server Metadata) and RFC 9728 (Protected Resource Metadata).

DPoP (Demonstration of Proof-of-Possession) proof generation. Creates JWT proofs that bind access tokens to a specific key pair, as specified in RFC 9449.

Bridges OAuth sessions with AtpAgent, enabling all convenience functions to work with DPoP-authenticated OAuth sessions.

OAuth client for the AT Protocol authorization flow. Implements PKCE (RFC 7636), PAR (RFC 9126), and DPoP (RFC 9449).

OAuth error types for the AT Protocol OAuth flow.

A completed OAuth session with DPoP-bound tokens.

PKCE code verifier and challenge pair (RFC 7636).

Protected resource metadata (RFC 9728). Discovered from the PDS's well-known endpoint.

Token response from the authorization server.