auth.provider API
    Preparing search index...

    Interface ContributionCollectorMap

    Declaration-merged map of contribution-kind collectors. Core seeds the built-in kinds; consumers add custom kinds via declare module augmentation.

    Per A2-β §6.2.

    interface ContributionCollectorMap {
        auditHooks?: ListCollector<AuditSink>;
        discoveryMetadata?: ListCollector<OidcDiscoveryContribution>;
        federationRedirectPolicies?: NameKeyedCollector<unknown>;
        federations?: NameKeyedCollector<unknown>;
        grantMiddleware?: ListCollector<
            | RequestHandler<
                ParamsDictionary,
                any,
                any,
                ParsedQs,
                Record<string, any>,
            >
            | null,
        >;
        grantPolicyHooks?: ListCollector<GrantPolicyHook>;
        grants?: NameKeyedCollector<GrantHandler>;
        mfaFactors?: NameKeyedCollector<MfaProvider>;
        routes?: RouteCollector;
        tokenBindingMechanisms?: ListCollector<TokenBindingMechanism | null>;
        tokenExchangeValidators?: NameKeyedCollector<unknown>;
    }
    Index

    Properties

    auditHooks?: ListCollector<AuditSink>

    Collector for discoveryMetadata contributions. Each entry is a OidcDiscoveryContribution partial. assembleApp aggregates all entries into the single /.well-known/openid-configuration document via buildDiscoveryDocument (mounted only when an issuer is configured).

    federationRedirectPolicies?: NameKeyedCollector<unknown>

    Collector for federationRedirectPolicies contributions. The concrete policy type (FederationRedirectPolicy) is declared in the session package via declare module augmentation; core stores it as unknown to avoid a cross-package dependency. Per A5 §8.1.

    federations?: NameKeyedCollector<unknown>
    grantMiddleware?: ListCollector<
        | RequestHandler<
            ParamsDictionary,
            any,
            any,
            ParsedQs,
            Record<string, any>,
        >
        | null,
    >

    Collector for grantMiddleware contributions. Each entry is a RequestHandler | null returned by a GrantMiddlewareFactory. Null entries (disabled-by-config path) are filtered at consumption time in assembleApp — they are appended to the collector for value-identity dedup with sibling contributions but skipped when mounting on the OAuth token endpoint (/oauth/token with the bundled oauthModule).

    Per Wave 2 Token-binding Cluster spec §4.7 / Phase 2 DPoP spec §11.1.

    grantPolicyHooks?: ListCollector<GrantPolicyHook>
    tokenBindingMechanisms?: ListCollector<TokenBindingMechanism | null>

    Collector for tokenBindingMechanisms contributions. Each entry is a TokenBindingMechanism | null returned by a TokenBindingMechanismFactory. Null entries (disabled-by-config) are filtered at consumption time in assembleApp.

    Unlike grantMiddleware which contributes pre-composed middleware, this slot contributes raw mechanisms. assembleApp composes ONE tokenBindingMw across all collected mechanisms so the configured DispatchPolicy can arbitrate cross-module. See ADR packages/core/docs/adr/2026-05-20-token-binding-first-class-abstraction.md for the cross-mechanism design rationale.

    tokenExchangeValidators?: NameKeyedCollector<unknown>