@aura-stack/auth 0.1.0-rc.10 → 0.1.0-rc.2

package/dist/@types/index.d.cts

@@ -0,0 +1,9 @@
+import 'zod/v4';
+import '../jose.cjs';
+import '../schemas.cjs';
+import '@aura-stack/router';
+import 'cookie';
+export { LiteralUnion, Prettify } from './utility.cjs';
+export { w as AccessTokenError, c as AuthConfig, A as AuthRuntimeConfig, v as AuthorizationError, C as CookieConfig, a as CookieConfigInternal, b as CookieName, t as CookieStrategyOptions, E as ErrorType, H as HostCookie, m as JWTStandardClaims, J as JoseInstance, u as OAuthError, p as OAuthProvider, o as OAuthProviderConfig, O as OAuthProviderCredentials, q as SecureCookie, n as Session, r as StandardCookie, T as TokenRevocationError, U as User } from '../index-B1vDUGwh.cjs';
+import '@aura-stack/jose/jose';
+import 'zod/v4/core';

package/dist/@types/index.d.ts

@@ -1,7 +1,9 @@
 import 'zod/v4';
-import '@aura-stack/jose/jose';
+import '../jose.js';
 import '../schemas.js';
+import '@aura-stack/router';
 import 'cookie';
 export { LiteralUnion, Prettify } from './utility.js';
-export { y as AccessTokenError, c as AuthConfig, d as AuthInstance, A as AuthRuntimeConfig, w as AuthorizationError, C as CookieConfig, a as CookieConfigInternal, b as CookieName, u as CookieStrategyOptions, E as ErrorType, H as HostCookie, q as JWTStandardClaims, J as JoseInstance, v as OAuthError, O as OAuthProvider, e as OAuthProviderConfig, f as OAuthProviderCredentials, R as RouterGlobalContext, r as SecureCookie, S as Session, t as StandardCookie, T as TokenRevocationError, U as User } from '../index-DpfbvTZ_.js';
+export { w as AccessTokenError, c as AuthConfig, A as AuthRuntimeConfig, v as AuthorizationError, C as CookieConfig, a as CookieConfigInternal, b as CookieName, t as CookieStrategyOptions, E as ErrorType, H as HostCookie, m as JWTStandardClaims, J as JoseInstance, u as OAuthError, p as OAuthProvider, o as OAuthProviderConfig, O as OAuthProviderCredentials, q as SecureCookie, n as Session, r as StandardCookie, T as TokenRevocationError, U as User } from '../index-CGRZ0wrw.js';
+import '@aura-stack/jose/jose';
 import 'zod/v4/core';

package/dist/@types/module.cjs

@@ -0,0 +1 @@
+"use strict";

package/dist/@types/module.d.cts

@@ -0,0 +1,16 @@
+import { c as AuthConfig, d as createBuiltInOAuthProviders, J as JoseInstance } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import './utility.cjs';
+
+declare module "@aura-stack/router" {
+    interface GlobalContext extends Required<Omit<AuthConfig, "secret" | "oauth">> {
+        oauth: ReturnType<typeof createBuiltInOAuthProviders>;
+        jose: JoseInstance;
+    }
+}

package/dist/@types/module.d.ts

@@ -0,0 +1,16 @@
+import { c as AuthConfig, d as createBuiltInOAuthProviders, J as JoseInstance } from '../index-CGRZ0wrw.js';
+import 'zod/v4';
+import '../jose.js';
+import '@aura-stack/jose/jose';
+import '../schemas.js';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import './utility.js';
+
+declare module "@aura-stack/router" {
+    interface GlobalContext extends Required<Omit<AuthConfig, "secret" | "oauth">> {
+        oauth: ReturnType<typeof createBuiltInOAuthProviders>;
+        jose: JoseInstance;
+    }
+}

package/dist/@types/router.d.d.cts

@@ -0,0 +1,16 @@
+import { c as AuthConfig, d as createBuiltInOAuthProviders, J as JoseInstance } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import './utility.cjs';
+
+declare module "@aura-stack/router" {
+    interface GlobalContext extends Required<Omit<AuthConfig, "secret" | "oauth">> {
+        oauth: ReturnType<typeof createBuiltInOAuthProviders>
+        jose: JoseInstance
+    }
+}

package/dist/@types/router.d.d.ts

@@ -1,11 +1,16 @@
-import { R as RouterGlobalContext } from '../index-DpfbvTZ_.js';
+import { c as AuthConfig, d as createBuiltInOAuthProviders, J as JoseInstance } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import './utility.js';
 
-declare module "@aura-stack/router" {
-    interface GlobalContext extends RouterGlobalContext {}
+declare module "@aura-stack/router" {
+    interface GlobalContext extends Required<Omit<AuthConfig, "secret" | "oauth">> {
+        oauth: ReturnType<typeof createBuiltInOAuthProviders>
+        jose: JoseInstance
+    }
 }

package/dist/@types/utility.d.cts

@@ -0,0 +1,6 @@
+type Prettify<T> = {
+    [K in keyof T]: T[K];
+} & {};
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
+
+export type { LiteralUnion, Prettify };

package/dist/@types/utility.d.ts

@@ -1,10 +1,6 @@
 type Prettify<T> = {
     [K in keyof T]: T[K];
-} & {
-    __aura_auth_prettify_brand?: never;
-};
-type LiteralUnion<T extends U, U = string> = (T | (U & Record<never, never>)) & {
-    __aura_auth_literal_union_brand?: never;
-};
+} & {};
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
 
 export type { LiteralUnion, Prettify };

package/dist/actions/callback/access-token.d.cts

@@ -0,0 +1,30 @@
+import { O as OAuthProviderCredentials } from '../../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../../@types/utility.cjs';
+
+/**
+ * Make a request to the OAuth provider to the token endpoint to exchange the authorization code provided
+ * by the authorization server.
+ *
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5
+ * @param oauthConfig - OAuth provider configuration
+ * @param redirectURI - The redirect URI registered in the Resource Owner's authorization request and sent in the authorization code exchange
+ * @param code - The authorization code received from the OAuth server
+ * @returns The access token response from the OAuth server
+ */
+declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string) => Promise<{
+    access_token: string;
+    token_type: string;
+    expires_in?: number | undefined;
+    refresh_token?: string | undefined;
+    scope?: string | undefined;
+}>;
+
+export { createAccessToken };

package/dist/actions/callback/access-token.d.ts

@@ -1,8 +1,10 @@
-import { f as OAuthProviderCredentials } from '../../index-DpfbvTZ_.js';
+import { O as OAuthProviderCredentials } from '../../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../../jose.js';
 import '@aura-stack/jose/jose';
 import '../../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../../@types/utility.js';
 

package/dist/actions/callback/callback.d.cts

@@ -0,0 +1,13 @@
+import * as _aura_stack_router from '@aura-stack/router';
+import { A as AuthRuntimeConfig } from '../../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../../schemas.cjs';
+import 'zod/v4/core';
+import 'cookie';
+import '../../@types/utility.cjs';
+
+declare const callbackAction: (oauth: AuthRuntimeConfig["oauth"]) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {}>;
+
+export { callbackAction };

package/dist/actions/callback/callback.d.ts

@@ -1,6 +1,7 @@
 import * as _aura_stack_router from '@aura-stack/router';
-import { A as AuthRuntimeConfig } from '../../index-DpfbvTZ_.js';
+import { A as AuthRuntimeConfig } from '../../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../../jose.js';
 import '@aura-stack/jose/jose';
 import '../../schemas.js';
 import 'zod/v4/core';

package/dist/actions/callback/userinfo.d.cts

@@ -0,0 +1,22 @@
+import { O as OAuthProviderCredentials, U as User } from '../../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../../@types/utility.cjs';
+
+/**
+ * Get user information from the OAuth provider's userinfo endpoint using the provided access token.
+ * The response by default is mapped to the standardized `User` format unless a custom
+ * `profile` function is provided in the `oauthConfig`.
+ *
+ * @param oauthConfig - OAuth provider configuration
+ * @param accessToken - Access Token to access the userinfo endpoint
+ * @returns The user information retrieved from the userinfo endpoint
+ */
+declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string) => Promise<User>;
+
+export { getUserInfo };

package/dist/actions/callback/userinfo.d.ts

@@ -1,8 +1,10 @@
-import { f as OAuthProviderCredentials, U as User } from '../../index-DpfbvTZ_.js';
+import { O as OAuthProviderCredentials, U as User } from '../../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../../jose.js';
 import '@aura-stack/jose/jose';
 import '../../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../../@types/utility.js';
 

package/dist/actions/csrfToken/csrfToken.d.cts

@@ -0,0 +1,5 @@
+import * as _aura_stack_router from '@aura-stack/router';
+
+declare const csrfTokenAction: _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {}>;
+
+export { csrfTokenAction };

package/dist/actions/index.d.cts

@@ -0,0 +1,14 @@
+export { signInAction } from './signIn/signIn.cjs';
+export { callbackAction } from './callback/callback.cjs';
+export { sessionAction } from './session/session.cjs';
+export { signOutAction } from './signOut/signOut.cjs';
+export { csrfTokenAction } from './csrfToken/csrfToken.cjs';
+import '@aura-stack/router';
+import '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/actions/index.d.ts

@@ -4,8 +4,9 @@ export { sessionAction } from './session/session.js';
 export { signOutAction } from './signOut/signOut.js';
 export { csrfTokenAction } from './csrfToken/csrfToken.js';
 import '@aura-stack/router';
-import '../index-DpfbvTZ_.js';
+import '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';

package/dist/actions/index.js

@@ -1,10 +1,14 @@
 import "../chunk-ITQ7352M.js";
 import {
-  sessionAction
-} from "../chunk-XXJKNKGQ.js";
+  callbackAction
+} from "../chunk-HGJ4TXY4.js";
+import "../chunk-RLT4RFKV.js";
 import {
   csrfTokenAction
 } from "../chunk-SMQO5WD7.js";
+import {
+  sessionAction
+} from "../chunk-XXJKNKGQ.js";
 import {
   signInAction
 } from "../chunk-LLR722CL.js";
@@ -12,10 +16,6 @@ import {
   signOutAction
 } from "../chunk-SJPDVKUS.js";
 import "../chunk-CAKJT3KS.js";
-import {
-  callbackAction
-} from "../chunk-HGJ4TXY4.js";
-import "../chunk-RLT4RFKV.js";
 import "../chunk-UJJ7R56J.js";
 import "../chunk-ZV4BH47P.js";
 import "../chunk-6SM22VVJ.js";

package/dist/actions/session/session.d.cts

@@ -0,0 +1,5 @@
+import * as _aura_stack_router from '@aura-stack/router';
+
+declare const sessionAction: _aura_stack_router.RouteEndpoint<"GET", "/session", {}>;
+
+export { sessionAction };

package/dist/actions/signIn/authorization.d.cts

@@ -0,0 +1,45 @@
+import { O as OAuthProviderCredentials } from '../../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../../@types/utility.cjs';
+
+/**
+ * Constructs the request URI for the Authorization Request to the third-party OAuth service. It includes
+ * the necessary query parameters such as `client_id`, `redirect_uri`, `response_type`, `scope`, `state`,
+ * `code_challenge`, and `code_challenge_method`.
+ *
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
+ * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4
+ *
+ * @param oauthConfig - The OAuth configuration for the third-party service.
+ * @param redirectURI - The redirect URI where the OAuth service will send the user after authorization.
+ * @param state - A unique string used to maintain state between the request and callback.
+ */
+declare const createAuthorizationURL: (oauthConfig: OAuthProviderCredentials, redirectURI: string, state: string, codeChallenge: string, codeChallengeMethod: string) => string;
+declare const getOriginURL: (request: Request, trustedProxyHeaders?: boolean) => URL;
+/**
+ * Creates the redirect URI for the OAuth callback based on the original request URL and the OAuth provider.
+ *
+ * @param requestURL - the original request URL
+ * @param oauth - OAuth provider name
+ * @returns The redirect URI for the OAuth callback.
+ */
+declare const createRedirectURI: (request: Request, oauth: string, basePath: string, trustedProxyHeaders?: boolean) => string;
+/**
+ * Verifies if the request's origin matches the expected origin. It accepts the redirectTo search
+ * parameter for redirection. It checks the 'Referer' header of the request with the origin where
+ * the authentication flow is hosted. If they do not match, it throws an AuthError to avoid
+ * potential `Open URL Redirection` attacks.
+ *
+ * @param request The incoming request object
+ * @param redirectTo Optional redirectTo parameter to override the referer
+ * @returns The pathname of the referer URL if origins match
+ */
+declare const createRedirectTo: (request: Request, redirectTo?: string, trustedProxyHeaders?: boolean) => string;
+
+export { createAuthorizationURL, createRedirectTo, createRedirectURI, getOriginURL };

package/dist/actions/signIn/authorization.d.ts

@@ -1,8 +1,10 @@
-import { f as OAuthProviderCredentials } from '../../index-DpfbvTZ_.js';
+import { O as OAuthProviderCredentials } from '../../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../../jose.js';
 import '@aura-stack/jose/jose';
 import '../../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../../@types/utility.js';
 

package/dist/actions/signIn/signIn.d.cts

@@ -0,0 +1,13 @@
+import * as _aura_stack_router from '@aura-stack/router';
+import { A as AuthRuntimeConfig } from '../../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../../schemas.cjs';
+import 'zod/v4/core';
+import 'cookie';
+import '../../@types/utility.cjs';
+
+declare const signInAction: (oauth: AuthRuntimeConfig["oauth"]) => _aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {}>;
+
+export { signInAction };

package/dist/actions/signIn/signIn.d.ts

@@ -1,6 +1,7 @@
 import * as _aura_stack_router from '@aura-stack/router';
-import { A as AuthRuntimeConfig } from '../../index-DpfbvTZ_.js';
+import { A as AuthRuntimeConfig } from '../../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../../jose.js';
 import '@aura-stack/jose/jose';
 import '../../schemas.js';
 import 'zod/v4/core';

package/dist/actions/signOut/signOut.d.cts

@@ -0,0 +1,8 @@
+import * as _aura_stack_router from '@aura-stack/router';
+
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc7009
+ */
+declare const signOutAction: _aura_stack_router.RouteEndpoint<"POST", "/signOut", {}>;
+
+export { signOutAction };

package/dist/{chunk-UTDLUEEG.js → chunk-X7M4CQTN.js}

@@ -1,18 +1,12 @@
 import {
   createDerivedSalt
 } from "./chunk-GZU3RBTB.js";
-import {
-  AuthError
-} from "./chunk-FJUDBLCP.js";
 
 // src/jose.ts
 import "dotenv/config";
 import { createJWT, createJWS, createDeriveKey } from "@aura-stack/jose";
 var createJoseInstance = (secret) => {
   secret ?? (secret = process.env.AURA_AUTH_SECRET);
-  if (!secret) {
-    throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.");
-  }
   const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret);
   const { derivedKey: derivedSessionKey } = createDeriveKey(secret, salt, "session");
   const { derivedKey: derivedCsrfTokenKey } = createDeriveKey(secret, salt, "csrfToken");

package/dist/cookie.d.ts

@@ -1,11 +1,13 @@
 import { SerializeOptions } from 'cookie';
 export { parse } from 'cookie';
 import { JWTPayload } from '@aura-stack/jose/jose';
-import { C as CookieConfig, a as CookieConfigInternal, b as CookieName, A as AuthRuntimeConfig } from './index-DpfbvTZ_.js';
+import { C as CookieConfig, a as CookieConfigInternal, b as CookieName, A as AuthRuntimeConfig } from './index-CGRZ0wrw.js';
 import { LiteralUnion } from './@types/utility.js';
 import 'zod/v4';
+import './jose.js';
 import './schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 
 /**
  * Prefix for all cookies set by Aura Auth.

package/dist/error.d.ts

@@ -1,9 +1,11 @@
-import { E as ErrorType } from './index-DpfbvTZ_.js';
+import { E as ErrorType } from './index-CGRZ0wrw.js';
 import { LiteralUnion } from './@types/utility.js';
 import 'zod/v4';
+import './jose.js';
 import '@aura-stack/jose/jose';
 import './schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 
 /**

package/dist/{index-DpfbvTZ_.d.ts → index-CGRZ0wrw.d.ts}

@@ -1,8 +1,10 @@
 import { z } from 'zod/v4';
-import { JWTPayload } from '@aura-stack/jose/jose';
+import { createJoseInstance } from './jose.js';
 import { OAuthAuthorizationErrorResponse, OAuthAccessTokenErrorResponse } from './schemas.js';
+import { Prettify, RoutePattern } from '@aura-stack/router';
 import { SerializeOptions } from 'cookie';
-import { LiteralUnion, Prettify } from './@types/utility.js';
+import { LiteralUnion } from './@types/utility.js';
+import { JWTPayload } from '@aura-stack/jose/jose';
 
 /**
  * @see [X - Get my User](https://docs.x.com/x-api/users/get-my-user)
@@ -472,7 +474,7 @@ interface AuthConfig {
     /**
      * Base path for all authentication routes. Default is `/auth`.
      */
-    basePath?: `/${string}`;
+    basePath?: RoutePattern;
     /**
      * Enable trusted proxy headers for scenarios where the application is behind a reverse proxy or load balancer.
      * This setting allows Aura Auth to correctly interpret headers like `X-Forwarded-For` and `X-Forwarded-Proto`
@@ -489,17 +491,11 @@ interface AuthConfig {
      */
     trustedProxyHeaders?: boolean;
 }
-interface JoseInstance {
-    decodeJWT: (token: string) => Promise<JWTPayload>;
-    encodeJWT: (payload: JWTPayload) => Promise<string>;
-    signJWS: (payload: JWTPayload) => Promise<string>;
-    verifyJWS: (payload: string) => Promise<JWTPayload>;
-}
+type JoseInstance = ReturnType<typeof createJoseInstance>;
 /**
  * Internal runtime configuration used within Aura Auth after initialization.
  * All optional fields from AuthConfig are resolved to their default values.
  * @internal
- * @todo: is this needed?
  */
 interface AuthRuntimeConfig {
     oauth: Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>;
@@ -507,20 +503,6 @@ interface AuthRuntimeConfig {
     secret: string;
     jose: JoseInstance;
 }
-interface RouterGlobalContext {
-    oauth: Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>;
-    cookies: CookieConfigInternal;
-    jose: JoseInstance;
-    basePath: string;
-    trustedProxyHeaders: boolean;
-}
-interface AuthInstance {
-    handlers: {
-        GET: (request: Request) => Response | Promise<Response>;
-        POST: (request: Request) => Response | Promise<Response>;
-    };
-    jose: JoseInstance;
-}
 /**
  * Base OAuth error response structure.
  */
@@ -545,4 +527,4 @@ type AccessTokenError = OAuthError<z.infer<typeof OAuthAccessTokenErrorResponse>
 type TokenRevocationError = OAuthError<"invalid_session_token" | "invalid_csrf_token" | "invalid_redirect_to">;
 type ErrorType = AuthorizationError["error"] | AccessTokenError["error"] | TokenRevocationError["error"];
 
-export { type AuthRuntimeConfig as A, type BitbucketProfile as B, type CookieConfig as C, type DiscordProfile as D, type ErrorType as E, type FigmaProfile as F, type GitLabProfile as G, type HostCookie as H, type JoseInstance as J, type Nameplate as N, type OAuthProvider as O, type RouterGlobalContext as R, type Session as S, type TokenRevocationError as T, type User as U, type XProfile as X, type CookieConfigInternal as a, type CookieName as b, type AuthConfig as c, type AuthInstance as d, type OAuthProviderConfig as e, type OAuthProviderCredentials as f, type SpotifyProfile as g, gitlab as h, discord as i, figma as j, bitbucket as k, type GitHubProfile as l, github as m, builtInOAuthProviders as n, createBuiltInOAuthProviders as o, type BuiltInOAuthProvider as p, type JWTStandardClaims as q, type SecureCookie as r, spotify as s, type StandardCookie as t, type CookieStrategyOptions as u, type OAuthError as v, type AuthorizationError as w, x, type AccessTokenError as y };
+export { type AuthRuntimeConfig as A, type BitbucketProfile as B, type CookieConfig as C, type DiscordProfile as D, type ErrorType as E, type FigmaProfile as F, type GitLabProfile as G, type HostCookie as H, type JoseInstance as J, type Nameplate as N, type OAuthProviderCredentials as O, type SpotifyProfile as S, type TokenRevocationError as T, type User as U, type XProfile as X, type CookieConfigInternal as a, type CookieName as b, type AuthConfig as c, createBuiltInOAuthProviders as d, discord as e, figma as f, gitlab as g, bitbucket as h, type GitHubProfile as i, github as j, builtInOAuthProviders as k, type BuiltInOAuthProvider as l, type JWTStandardClaims as m, type Session as n, type OAuthProviderConfig as o, type OAuthProvider as p, type SecureCookie as q, type StandardCookie as r, spotify as s, type CookieStrategyOptions as t, type OAuthError as u, type AuthorizationError as v, type AccessTokenError as w, x };

package/dist/index.cjs

@@ -227,9 +227,6 @@ var createDerivedSalt = (secret) => {
 // src/jose.ts
 var createJoseInstance = (secret) => {
   secret ?? (secret = process.env.AURA_AUTH_SECRET);
-  if (!secret) {
-    throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.");
-  }
   const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret);
   const { derivedKey: derivedSessionKey } = (0, import_jose.createDeriveKey)(secret, salt, "session");
   const { derivedKey: derivedCsrfTokenKey } = (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");

package/dist/index.d.ts

@@ -1,7 +1,8 @@
-import { c as AuthConfig, d as AuthInstance } from './index-DpfbvTZ_.js';
-export { C as CookieConfig, E as ErrorType, J as JoseInstance, O as OAuthProvider, e as OAuthProviderConfig, f as OAuthProviderCredentials, S as Session, U as User } from './index-DpfbvTZ_.js';
+import { JWTPayload } from '@aura-stack/jose/jose';
+import * as _aura_stack_router from '@aura-stack/router';
+import { c as AuthConfig } from './index-CGRZ0wrw.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
+import './jose.js';
 import './schemas.js';
 import 'zod/v4/core';
 import 'cookie';
@@ -29,6 +30,14 @@ import './@types/utility.js';
  *   }]
  * })
  */
-declare const createAuth: (authConfig: AuthConfig) => AuthInstance;
+declare const createAuth: (authConfig: AuthConfig) => {
+    handlers: _aura_stack_router.GetHttpHandlers<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {}>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {}>, _aura_stack_router.RouteEndpoint<"GET", "/session", {}>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {}>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {}>]>;
+    jose: {
+        decodeJWT: (token: string) => Promise<JWTPayload>;
+        encodeJWT: (payload: JWTPayload) => Promise<string>;
+        signJWS: (payload: JWTPayload) => Promise<string>;
+        verifyJWS: (payload: string) => Promise<JWTPayload>;
+    };
+};
 
-export { AuthConfig, AuthInstance, createAuth };
+export { createAuth };

package/dist/index.js

@@ -1,6 +1,7 @@
 import {
   createBuiltInOAuthProviders
-} from "./chunk-VFTYH33W.js";
+} from "./chunk-NWSD4JNX.js";
+import "./chunk-EBPE35JT.js";
 import "./chunk-FKRDCWBF.js";
 import "./chunk-IKHPGFCW.js";
 import "./chunk-KRNOMBXQ.js";
@@ -8,11 +9,15 @@ import "./chunk-E3OXBRYF.js";
 import "./chunk-42XB3YCW.js";
 import "./chunk-ITQ7352M.js";
 import {
-  sessionAction
-} from "./chunk-XXJKNKGQ.js";
+  callbackAction
+} from "./chunk-HGJ4TXY4.js";
+import "./chunk-RLT4RFKV.js";
 import {
   csrfTokenAction
 } from "./chunk-SMQO5WD7.js";
+import {
+  sessionAction
+} from "./chunk-XXJKNKGQ.js";
 import {
   signInAction
 } from "./chunk-LLR722CL.js";
@@ -20,13 +25,8 @@ import {
   signOutAction
 } from "./chunk-SJPDVKUS.js";
 import "./chunk-CAKJT3KS.js";
-import {
-  callbackAction
-} from "./chunk-HGJ4TXY4.js";
-import "./chunk-RLT4RFKV.js";
 import "./chunk-UJJ7R56J.js";
 import "./chunk-FIPU4MLT.js";
-import "./chunk-EBPE35JT.js";
 import {
   defaultCookieConfig
 } from "./chunk-ZV4BH47P.js";
@@ -34,7 +34,7 @@ import "./chunk-6SM22VVJ.js";
 import "./chunk-STHEPPUZ.js";
 import {
   createJoseInstance
-} from "./chunk-UTDLUEEG.js";
+} from "./chunk-X7M4CQTN.js";
 import "./chunk-GZU3RBTB.js";
 import {
   onErrorHandler

package/dist/jose.cjs

@@ -42,15 +42,6 @@ var import_node_crypto = __toESM(require("crypto"), 1);
 // src/utils.ts
 var import_router = require("@aura-stack/router");
 
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
-  }
-};
-
 // src/secure.ts
 var createDerivedSalt = (secret) => {
   return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
@@ -59,9 +50,6 @@ var createDerivedSalt = (secret) => {
 // src/jose.ts
 var createJoseInstance = (secret) => {
   secret ?? (secret = process.env.AURA_AUTH_SECRET);
-  if (!secret) {
-    throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.");
-  }
   const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret);
   const { derivedKey: derivedSessionKey } = (0, import_jose.createDeriveKey)(secret, salt, "session");
   const { derivedKey: derivedCsrfTokenKey } = (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");

package/dist/jose.js

@@ -1,6 +1,6 @@
 import {
   createJoseInstance
-} from "./chunk-UTDLUEEG.js";
+} from "./chunk-X7M4CQTN.js";
 import "./chunk-GZU3RBTB.js";
 import "./chunk-256KIVJL.js";
 import "./chunk-FJUDBLCP.js";

package/dist/oauth/bitbucket.d.cts

@@ -0,0 +1,9 @@
+export { B as BitbucketProfile, h as bitbucket } from '../index-B1vDUGwh.cjs';
+import '../@types/utility.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';

package/dist/oauth/bitbucket.d.ts

@@ -1,7 +1,9 @@
-export { B as BitbucketProfile, k as bitbucket } from '../index-DpfbvTZ_.js';
+export { B as BitbucketProfile, h as bitbucket } from '../index-CGRZ0wrw.js';
 import '../@types/utility.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';

package/dist/oauth/discord.d.cts

@@ -0,0 +1,9 @@
+export { D as DiscordProfile, N as Nameplate, e as discord } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/discord.d.ts

@@ -1,7 +1,9 @@
-export { D as DiscordProfile, N as Nameplate, i as discord } from '../index-DpfbvTZ_.js';
+export { D as DiscordProfile, N as Nameplate, e as discord } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../@types/utility.js';

package/dist/oauth/figma.d.cts

@@ -0,0 +1,9 @@
+export { F as FigmaProfile, f as figma } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/figma.d.ts

@@ -1,7 +1,9 @@
-export { F as FigmaProfile, j as figma } from '../index-DpfbvTZ_.js';
+export { F as FigmaProfile, f as figma } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../@types/utility.js';

package/dist/oauth/github.d.cts

@@ -0,0 +1,9 @@
+export { i as GitHubProfile, j as github } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/github.d.ts

@@ -1,7 +1,9 @@
-export { l as GitHubProfile, m as github } from '../index-DpfbvTZ_.js';
+export { i as GitHubProfile, j as github } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../@types/utility.js';

package/dist/oauth/gitlab.d.cts

@@ -0,0 +1,9 @@
+export { G as GitLabProfile, g as gitlab } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/gitlab.d.ts

@@ -1,7 +1,9 @@
-export { G as GitLabProfile, h as gitlab } from '../index-DpfbvTZ_.js';
+export { G as GitLabProfile, g as gitlab } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../@types/utility.js';

package/dist/oauth/index.d.cts

@@ -0,0 +1,9 @@
+export { B as BitbucketProfile, l as BuiltInOAuthProvider, D as DiscordProfile, F as FigmaProfile, i as GitHubProfile, G as GitLabProfile, N as Nameplate, S as SpotifyProfile, X as XProfile, h as bitbucket, k as builtInOAuthProviders, d as createBuiltInOAuthProviders, e as discord, f as figma, j as github, g as gitlab, s as spotify, x } from '../index-B1vDUGwh.cjs';
+import '../@types/utility.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';

package/dist/oauth/index.d.ts

@@ -1,7 +1,9 @@
-export { B as BitbucketProfile, p as BuiltInOAuthProvider, D as DiscordProfile, F as FigmaProfile, l as GitHubProfile, G as GitLabProfile, N as Nameplate, g as SpotifyProfile, X as XProfile, k as bitbucket, n as builtInOAuthProviders, o as createBuiltInOAuthProviders, i as discord, j as figma, m as github, h as gitlab, s as spotify, x } from '../index-DpfbvTZ_.js';
+export { B as BitbucketProfile, l as BuiltInOAuthProvider, D as DiscordProfile, F as FigmaProfile, i as GitHubProfile, G as GitLabProfile, N as Nameplate, S as SpotifyProfile, X as XProfile, h as bitbucket, k as builtInOAuthProviders, d as createBuiltInOAuthProviders, e as discord, f as figma, j as github, g as gitlab, s as spotify, x } from '../index-CGRZ0wrw.js';
 import '../@types/utility.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';

package/dist/oauth/index.js

@@ -1,7 +1,10 @@
 import {
   builtInOAuthProviders,
   createBuiltInOAuthProviders
-} from "../chunk-VFTYH33W.js";
+} from "../chunk-NWSD4JNX.js";
+import {
+  discord
+} from "../chunk-EBPE35JT.js";
 import {
   figma
 } from "../chunk-FKRDCWBF.js";
@@ -20,9 +23,6 @@ import {
 import {
   bitbucket
 } from "../chunk-FIPU4MLT.js";
-import {
-  discord
-} from "../chunk-EBPE35JT.js";
 export {
   bitbucket,
   builtInOAuthProviders,

package/dist/oauth/spotify.d.cts

@@ -0,0 +1,9 @@
+export { S as SpotifyProfile, s as spotify } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/spotify.d.ts

@@ -1,7 +1,9 @@
-export { g as SpotifyProfile, s as spotify } from '../index-DpfbvTZ_.js';
+export { S as SpotifyProfile, s as spotify } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../@types/utility.js';

package/dist/oauth/x.d.cts

@@ -0,0 +1,9 @@
+export { X as XProfile, x } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/x.d.ts

@@ -1,7 +1,9 @@
-export { X as XProfile, x } from '../index-DpfbvTZ_.js';
+export { X as XProfile, x } from '../index-CGRZ0wrw.js';
 import 'zod/v4';
+import '../jose.js';
 import '@aura-stack/jose/jose';
 import '../schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import '../@types/utility.js';

package/dist/secure.d.ts

@@ -1,8 +1,10 @@
-import { A as AuthRuntimeConfig } from './index-DpfbvTZ_.js';
+import { A as AuthRuntimeConfig } from './index-CGRZ0wrw.js';
 import 'zod/v4';
+import './jose.js';
 import '@aura-stack/jose/jose';
 import './schemas.js';
 import 'zod/v4/core';
+import '@aura-stack/router';
 import 'cookie';
 import './@types/utility.js';
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aura-stack/auth",
-  "version": "0.1.0-rc.10",
+  "version": "0.1.0-rc.2",
   "private": false,
   "type": "module",
   "description": "Core auth for @aura-stack/auth",
@@ -51,8 +51,8 @@
     "@aura-stack/jose": "0.1.0-rc.1"
   },
   "devDependencies": {
-    "@aura-stack/tsconfig": "0.0.0",
-    "@aura-stack/tsup-config": "0.0.0"
+    "@aura-stack/tsup-config": "0.0.0",
+    "@aura-stack/tsconfig": "0.0.0"
   },
   "scripts": {
     "dev": "tsup --watch",
@@ -64,7 +64,7 @@
     "format:check": "prettier --check . --cache --cache-location .cache/.prettiercache",
     "type-check": "tsc --noEmit",
     "clean": "rm -rf dist",
-    "clean:cts": "find dist -type f -name \"*.cts\" -delete",
+    "clean:cts": "rm -rf dist/*.cts",
     "prepublish": "pnpm clean:cts"
   }
 }

package/dist/{chunk-VFTYH33W.js → chunk-NWSD4JNX.js}

@@ -1,3 +1,6 @@
+import {
+  discord
+} from "./chunk-EBPE35JT.js";
 import {
   figma
 } from "./chunk-FKRDCWBF.js";
@@ -16,9 +19,6 @@ import {
 import {
   bitbucket
 } from "./chunk-FIPU4MLT.js";
-import {
-  discord
-} from "./chunk-EBPE35JT.js";
 
 // src/oauth/index.ts
 var builtInOAuthProviders = {