@aura-stack/auth 0.1.0 → 0.2.0-rc.1

package/dist/@types/index.d.ts

@@ -1,7 +1,7 @@
-import 'zod/v4';
-import '@aura-stack/jose/jose';
+import 'zod';
 import '../schemas.js';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';
+export { i as APIErrorMap, a0 as AccessTokenError, d as AuthConfig, e as AuthInstance, b as AuthInternalErrorCode, A as AuthRuntimeConfig, c as AuthSecurityErrorCode, $ as AuthorizationError, C as CookieConfig, Z as CookieName, a as CookieStoreConfig, Y as CookieStrategyAttributes, E as ErrorType, V as HostCookie, J as JWTPayloadWithToken, Q as JWTStandardClaims, f as JoseInstance, a2 as OAuthEnv, _ as OAuthError, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, j as OAuthProviderRecord, R as RouterGlobalContext, T as SecureCookie, S as Session, W as StandardCookie, a1 as TokenRevocationError, U as User } from '../index-DkaLJFn8.js';
 export { LiteralUnion, Prettify } from './utility.js';
-export { y as AccessTokenError, c as AuthConfig, d as AuthInstance, A as AuthRuntimeConfig, w as AuthorizationError, C as CookieConfig, a as CookieConfigInternal, b as CookieName, u as CookieStrategyOptions, E as ErrorType, H as HostCookie, q as JWTStandardClaims, J as JoseInstance, v as OAuthError, O as OAuthProvider, e as OAuthProviderConfig, f as OAuthProviderCredentials, R as RouterGlobalContext, r as SecureCookie, S as Session, t as StandardCookie, T as TokenRevocationError, U as User } from '../index-DpfbvTZ_.js';
-import 'zod/v4/core';

package/dist/@types/router.d.d.ts

@@ -1,9 +1,9 @@
-import { R as RouterGlobalContext } from '../index-DpfbvTZ_.js';
-import 'zod/v4';
-import '@aura-stack/jose/jose';
+import { R as RouterGlobalContext } from '../index-DkaLJFn8.js';
+import 'zod';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';
 import './utility.js';
 
 declare module "@aura-stack/router" {

package/dist/@types/utility.d.ts

@@ -1,10 +1,6 @@
 type Prettify<T> = {
     [K in keyof T]: T[K];
-} & {
-    __aura_auth_prettify_brand?: never;
-};
-type LiteralUnion<T extends U, U = string> = (T | (U & Record<never, never>)) & {
-    __aura_auth_literal_union_brand?: never;
 };
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
 
 export type { LiteralUnion, Prettify };

package/dist/actions/callback/access-token.cjs

@@ -24,68 +24,84 @@ __export(access_token_exports, {
 });
 module.exports = __toCommonJS(access_token_exports);
 
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
-  }
+// src/request.ts
+var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  const response = await fetch(url, {
+    ...options2,
+    signal: controller.signal
+  }).finally(() => clearTimeout(timeoutId));
+  return response;
 };
-var isAuthError = (error) => {
-  return error instanceof AuthError;
+
+// src/utils.ts
+var import_router = require("@aura-stack/router");
+
+// src/errors.ts
+var OAuthProtocolError = class extends Error {
+  type = "OAUTH_PROTOCOL_ERROR";
+  error;
+  errorURI;
+  constructor(error, description, errorURI, options2) {
+    super(description, options2);
+    this.error = error;
+    this.errorURI = errorURI;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
 };
-var throwAuthError = (error, message) => {
-  if (error instanceof Error) {
-    if (isAuthError(error)) {
-      throw error;
-    }
-    throw new AuthError("invalid_request", error.message ?? message);
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options2) {
+    super(message, options2);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
   }
 };
-var ERROR_RESPONSE = {
-  AUTHORIZATION: {
-    INVALID_REQUEST: "invalid_request",
-    UNAUTHORIZED_CLIENT: "unauthorized_client",
-    ACCESS_DENIED: "access_denied",
-    UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
-    INVALID_SCOPE: "invalid_scope",
-    SERVER_ERROR: "server_error",
-    TEMPORARILY_UNAVAILABLE: "temporarily_unavailable"
-  },
-  ACCESS_TOKEN: {
-    INVALID_REQUEST: "invalid_request",
-    INVALID_CLIENT: "invalid_client",
-    INVALID_GRANT: "invalid_grant",
-    UNAUTHORIZED_CLIENT: "unauthorized_client",
-    UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
-    INVALID_SCOPE: "invalid_scope"
+
+// src/utils.ts
+var formatZodError = (error) => {
+  if (!error.issues || error.issues.length === 0) {
+    return {};
   }
+  return error.issues.reduce((previous, issue) => {
+    const key = issue.path.join(".");
+    return {
+      ...previous,
+      [key]: {
+        code: issue.code,
+        message: issue.message
+      }
+    };
+  }, {});
 };
 
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.url)(),
-  accessToken: (0, import_v4.url)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.url)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)(),
-  code: (0, import_v4.string)()
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -94,24 +110,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -119,23 +135,28 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
+});
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/actions/callback/access-token.ts
 var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
   const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier });
   if (!parsed.success) {
-    throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration");
+    const msg = JSON.stringify(formatZodError(parsed.error), null, 2);
+    throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", msg);
   }
   const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
   try {
-    const response = await fetch(accessToken, {
+    const response = await fetchAsync(accessToken, {
       method: "POST",
       headers: {
         Accept: "application/json",
@@ -155,13 +176,13 @@ var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) =>
     if (!token.success) {
       const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
       if (!success) {
-        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format");
+        throw new OAuthProtocolError("INVALID_REQUEST", "Invalid access token response format");
       }
-      throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token");
+      throw new OAuthProtocolError(data.error, data?.error_description ?? "Failed to retrieve access token");
     }
     return token.data;
   } catch (error) {
-    throw throwAuthError(error, "Failed to create access token");
+    throw error;
   }
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/actions/callback/access-token.d.ts

@@ -1,9 +1,9 @@
-import { f as OAuthProviderCredentials } from '../../index-DpfbvTZ_.js';
-import 'zod/v4';
-import '@aura-stack/jose/jose';
+import { h as OAuthProviderCredentials } from '../../index-DkaLJFn8.js';
+import 'zod';
 import '../../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 
 /**
@@ -19,10 +19,10 @@ import '../../@types/utility.js';
  */
 declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string) => Promise<{
     access_token: string;
-    token_type: string;
+    token_type?: string | undefined;
     expires_in?: number | undefined;
     refresh_token?: string | undefined;
-    scope?: string | undefined;
+    scope?: string | null | undefined;
 }>;
 
 export { createAccessToken };

package/dist/actions/callback/access-token.js

@@ -1,8 +1,10 @@
 import {
   createAccessToken
-} from "../../chunk-UJJ7R56J.js";
-import "../../chunk-FJUDBLCP.js";
-import "../../chunk-HMRKN75I.js";
+} from "../../chunk-GA2SMTJO.js";
+import "../../chunk-CXLATHS5.js";
+import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-ZNCZVF6U.js";
+import "../../chunk-YRCB5FLE.js";
 export {
   createAccessToken
 };