Data persisted in the code record at /authorize time.
consumeByCode (atomic single-use) is the sole authenticity gate; client_id
and redirect_uri embedded in the record replace the session-based identity
gates removed in v0.5.1 (see CHANGELOG for the historical context — the
design rationale is the D-1 code-repository rewrite shipped in that release).
Breaking change for custom CodeRepository implementations: client_id and
redirect_uri are now required. The compile-time guard
Parameters<CodeRepository["createCode"]>[0] makes any implementation that
misses either field fail typecheck at the destructure site.
Data persisted in the code record at /authorize time.
consumeByCode(atomic single-use) is the sole authenticity gate;client_idandredirect_uriembedded in the record replace the session-based identity gates removed in v0.5.1 (see CHANGELOG for the historical context — the design rationale is the D-1 code-repository rewrite shipped in that release).Breaking change for custom CodeRepository implementations:
client_idandredirect_uriare now required. The compile-time guardParameters<CodeRepository["createCode"]>[0]makes any implementation that misses either field fail typecheck at the destructure site.