@aura-stack/auth 0.1.0-rc.9 → 0.2.0-rc.1

package/dist/@types/index.cjs

@@ -1,18 +1,18 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/@types/index.ts
-var types_exports = {}
-module.exports = __toCommonJS(types_exports)
+var types_exports = {};
+module.exports = __toCommonJS(types_exports);

package/dist/@types/index.d.ts

@@ -1,31 +1,7 @@
-import "zod/v4"
-import "@aura-stack/jose/jose"
-import "../schemas.js"
-import "cookie"
-export { LiteralUnion, Prettify } from "./utility.js"
-export {
-    y as AccessTokenError,
-    c as AuthConfig,
-    d as AuthInstance,
-    A as AuthRuntimeConfig,
-    w as AuthorizationError,
-    C as CookieConfig,
-    a as CookieConfigInternal,
-    b as CookieName,
-    u as CookieStrategyOptions,
-    E as ErrorType,
-    H as HostCookie,
-    q as JWTStandardClaims,
-    J as JoseInstance,
-    v as OAuthError,
-    O as OAuthProvider,
-    e as OAuthProviderConfig,
-    f as OAuthProviderCredentials,
-    R as RouterGlobalContext,
-    r as SecureCookie,
-    S as Session,
-    t as StandardCookie,
-    T as TokenRevocationError,
-    U as User,
-} from "../index-DpfbvTZ_.js"
-import "zod/v4/core"
+import 'zod';
+import '../schemas.js';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';
+export { i as APIErrorMap, a0 as AccessTokenError, d as AuthConfig, e as AuthInstance, b as AuthInternalErrorCode, A as AuthRuntimeConfig, c as AuthSecurityErrorCode, $ as AuthorizationError, C as CookieConfig, Z as CookieName, a as CookieStoreConfig, Y as CookieStrategyAttributes, E as ErrorType, V as HostCookie, J as JWTPayloadWithToken, Q as JWTStandardClaims, f as JoseInstance, a2 as OAuthEnv, _ as OAuthError, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, j as OAuthProviderRecord, R as RouterGlobalContext, T as SecureCookie, S as Session, W as StandardCookie, a1 as TokenRevocationError, U as User } from '../index-DkaLJFn8.js';
+export { LiteralUnion, Prettify } from './utility.js';

package/dist/@types/index.js

@@ -1 +1 @@
-import "../chunk-PG7UYFG5.js"
+import "../chunk-PG7UYFG5.js";

package/dist/@types/router.d.cjs

@@ -1 +1 @@
-"use strict"
+"use strict";

package/dist/@types/router.d.d.ts

@@ -1,10 +1,10 @@
-import { R as RouterGlobalContext } from "../index-DpfbvTZ_.js"
-import "zod/v4"
-import "@aura-stack/jose/jose"
-import "../schemas.js"
-import "zod/v4/core"
-import "cookie"
-import "./utility.js"
+import { R as RouterGlobalContext } from '../index-DkaLJFn8.js';
+import 'zod';
+import '../schemas.js';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';
+import './utility.js';
 
 declare module "@aura-stack/router" {
     interface GlobalContext extends RouterGlobalContext {}

package/dist/@types/utility.cjs

@@ -1,18 +1,18 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/@types/utility.ts
-var utility_exports = {}
-module.exports = __toCommonJS(utility_exports)
+var utility_exports = {};
+module.exports = __toCommonJS(utility_exports);

package/dist/@types/utility.d.ts

@@ -1,10 +1,6 @@
 type Prettify<T> = {
-    [K in keyof T]: T[K]
-} & {
-    __aura_auth_prettify_brand?: never
-}
-type LiteralUnion<T extends U, U = string> = (T | (U & Record<never, never>)) & {
-    __aura_auth_literal_union_brand?: never
-}
+    [K in keyof T]: T[K];
+};
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
 
-export type { LiteralUnion, Prettify }
+export type { LiteralUnion, Prettify };

package/dist/@types/utility.js

@@ -1 +1 @@
-import "../chunk-PG7UYFG5.js"
+import "../chunk-PG7UYFG5.js";

package/dist/actions/callback/access-token.cjs

@@ -1,170 +1,191 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
-    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
-}
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/actions/callback/access-token.ts
-var access_token_exports = {}
+var access_token_exports = {};
 __export(access_token_exports, {
-    createAccessToken: () => createAccessToken,
-})
-module.exports = __toCommonJS(access_token_exports)
+  createAccessToken: () => createAccessToken
+});
+module.exports = __toCommonJS(access_token_exports);
 
-// src/error.ts
-var AuthError = class extends Error {
-    constructor(type, message) {
-        super(message)
-        this.type = type
-        this.name = "AuthError"
-    }
-}
-var isAuthError = (error) => {
-    return error instanceof AuthError
-}
-var throwAuthError = (error, message) => {
-    if (error instanceof Error) {
-        if (isAuthError(error)) {
-            throw error
-        }
-        throw new AuthError("invalid_request", error.message ?? message)
-    }
-}
-var ERROR_RESPONSE = {
-    AUTHORIZATION: {
-        INVALID_REQUEST: "invalid_request",
-        UNAUTHORIZED_CLIENT: "unauthorized_client",
-        ACCESS_DENIED: "access_denied",
-        UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
-        INVALID_SCOPE: "invalid_scope",
-        SERVER_ERROR: "server_error",
-        TEMPORARILY_UNAVAILABLE: "temporarily_unavailable",
-    },
-    ACCESS_TOKEN: {
-        INVALID_REQUEST: "invalid_request",
-        INVALID_CLIENT: "invalid_client",
-        INVALID_GRANT: "invalid_grant",
-        UNAUTHORIZED_CLIENT: "unauthorized_client",
-        UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
-        INVALID_SCOPE: "invalid_scope",
-    },
-}
+// src/request.ts
+var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  const response = await fetch(url, {
+    ...options2,
+    signal: controller.signal
+  }).finally(() => clearTimeout(timeoutId));
+  return response;
+};
+
+// src/utils.ts
+var import_router = require("@aura-stack/router");
+
+// src/errors.ts
+var OAuthProtocolError = class extends Error {
+  type = "OAUTH_PROTOCOL_ERROR";
+  error;
+  errorURI;
+  constructor(error, description, errorURI, options2) {
+    super(description, options2);
+    this.error = error;
+    this.errorURI = errorURI;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options2) {
+    super(message, options2);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+
+// src/utils.ts
+var formatZodError = (error) => {
+  if (!error.issues || error.issues.length === 0) {
+    return {};
+  }
+  return error.issues.reduce((previous, issue) => {
+    const key = issue.path.join(".");
+    return {
+      ...previous,
+      [key]: {
+        code: issue.code,
+        message: issue.message
+      }
+    };
+  }, {});
+};
 
 // src/schemas.ts
-var import_v4 = require("zod/v4")
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-    authorizeURL: (0, import_v4.url)(),
-    accessToken: (0, import_v4.url)(),
-    scope: (0, import_v4.string)().optional(),
-    userInfo: (0, import_v4.url)(),
-    responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-    clientId: (0, import_v4.string)(),
-    clientSecret: (0, import_v4.string)(),
-})
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
+});
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-    redirectURI: (0, import_v4.string)(),
-    state: (0, import_v4.string)(),
-    codeChallenge: (0, import_v4.string)(),
-    codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"]),
-})
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-    state: (0, import_v4.string)(),
-    code: (0, import_v4.string)(),
-})
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-    error: (0, import_v4.enum)([
-        "invalid_request",
-        "unauthorized_client",
-        "access_denied",
-        "unsupported_response_type",
-        "invalid_scope",
-        "server_error",
-        "temporarily_unavailable",
-    ]),
-    error_description: (0, import_v4.string)().optional(),
-    error_uri: (0, import_v4.string)().optional(),
-    state: (0, import_v4.string)(),
-})
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
+});
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
+});
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
+    "invalid_request",
+    "unauthorized_client",
+    "access_denied",
+    "unsupported_response_type",
+    "invalid_scope",
+    "server_error",
+    "temporarily_unavailable"
+  ]),
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
+});
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-    redirectURI: (0, import_v4.string)(),
-    code: (0, import_v4.string)(),
-    codeVerifier: (0, import_v4.string)().min(43).max(128),
-})
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-    access_token: (0, import_v4.string)(),
-    token_type: (0, import_v4.string)(),
-    expires_in: (0, import_v4.number)().optional(),
-    refresh_token: (0, import_v4.string)().optional(),
-    scope: (0, import_v4.string)().optional(),
-})
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-    error: (0, import_v4.enum)([
-        "invalid_request",
-        "invalid_client",
-        "invalid_grant",
-        "unauthorized_client",
-        "unsupported_grant_type",
-        "invalid_scope",
-    ]),
-    error_description: (0, import_v4.string)().optional(),
-    error_uri: (0, import_v4.string)().optional(),
-})
-var OAuthErrorResponse = (0, import_v4.object)({
-    error: (0, import_v4.string)(),
-    error_description: (0, import_v4.string)().optional(),
-})
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
+});
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
+});
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
+    "invalid_request",
+    "invalid_client",
+    "invalid_grant",
+    "unauthorized_client",
+    "unsupported_grant_type",
+    "invalid_scope"
+  ]),
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
+});
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
+});
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+});
 
 // src/actions/callback/access-token.ts
 var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
-    const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier })
-    if (!parsed.success) {
-        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration")
-    }
-    const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data
-    try {
-        const response = await fetch(accessToken, {
-            method: "POST",
-            headers: {
-                Accept: "application/json",
-                "Content-Type": "application/x-www-form-urlencoded",
-            },
-            body: new URLSearchParams({
-                client_id: clientId,
-                client_secret: clientSecret,
-                code: codeParsed,
-                redirect_uri: redirectParsed,
-                grant_type: "authorization_code",
-                code_verifier: codeVerifier,
-            }).toString(),
-        })
-        const json = await response.json()
-        const token = OAuthAccessTokenResponse.safeParse(json)
-        if (!token.success) {
-            const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json)
-            if (!success) {
-                throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format")
-            }
-            throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token")
-        }
-        return token.data
-    } catch (error) {
-        throw throwAuthError(error, "Failed to create access token")
+  const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier });
+  if (!parsed.success) {
+    const msg = JSON.stringify(formatZodError(parsed.error), null, 2);
+    throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", msg);
+  }
+  const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
+  try {
+    const response = await fetchAsync(accessToken, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        client_id: clientId,
+        client_secret: clientSecret,
+        code: codeParsed,
+        redirect_uri: redirectParsed,
+        grant_type: "authorization_code",
+        code_verifier: codeVerifier
+      }).toString()
+    });
+    const json = await response.json();
+    const token = OAuthAccessTokenResponse.safeParse(json);
+    if (!token.success) {
+      const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
+      if (!success) {
+        throw new OAuthProtocolError("INVALID_REQUEST", "Invalid access token response format");
+      }
+      throw new OAuthProtocolError(data.error, data?.error_description ?? "Failed to retrieve access token");
     }
-}
+    return token.data;
+  } catch (error) {
+    throw error;
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
-0 &&
-    (module.exports = {
-        createAccessToken,
-    })
+0 && (module.exports = {
+  createAccessToken
+});

package/dist/actions/callback/access-token.d.ts

@@ -1,10 +1,10 @@
-import { f as OAuthProviderCredentials } from "../../index-DpfbvTZ_.js"
-import "zod/v4"
-import "@aura-stack/jose/jose"
-import "../../schemas.js"
-import "zod/v4/core"
-import "cookie"
-import "../../@types/utility.js"
+import { h as OAuthProviderCredentials } from '../../index-DkaLJFn8.js';
+import 'zod';
+import '../../schemas.js';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';
+import '../../@types/utility.js';
 
 /**
  * Make a request to the OAuth provider to the token endpoint to exchange the authorization code provided
@@ -17,17 +17,12 @@ import "../../@types/utility.js"
  * @param code - The authorization code received from the OAuth server
  * @returns The access token response from the OAuth server
  */
-declare const createAccessToken: (
-    oauthConfig: OAuthProviderCredentials,
-    redirectURI: string,
-    code: string,
-    codeVerifier: string
-) => Promise<{
-    access_token: string
-    token_type: string
-    expires_in?: number | undefined
-    refresh_token?: string | undefined
-    scope?: string | undefined
-}>
+declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string) => Promise<{
+    access_token: string;
+    token_type?: string | undefined;
+    expires_in?: number | undefined;
+    refresh_token?: string | undefined;
+    scope?: string | null | undefined;
+}>;
 
-export { createAccessToken }
+export { createAccessToken };

package/dist/actions/callback/access-token.js

@@ -1,4 +1,10 @@
-import { createAccessToken } from "../../chunk-UJJ7R56J.js"
-import "../../chunk-FJUDBLCP.js"
-import "../../chunk-HMRKN75I.js"
-export { createAccessToken }
+import {
+  createAccessToken
+} from "../../chunk-GA2SMTJO.js";
+import "../../chunk-CXLATHS5.js";
+import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-ZNCZVF6U.js";
+import "../../chunk-YRCB5FLE.js";
+export {
+  createAccessToken
+};