@aura-stack/auth 0.1.0 → 0.2.0

package/dist/index.d.ts

@@ -1,10 +1,9 @@
-import { c as AuthConfig, d as AuthInstance } from './index-DpfbvTZ_.js';
-export { C as CookieConfig, E as ErrorType, J as JoseInstance, O as OAuthProvider, e as OAuthProviderConfig, f as OAuthProviderCredentials, S as Session, U as User } from './index-DpfbvTZ_.js';
+import { d as AuthConfig, e as AuthInstance } from './index-EqsoyjrF.js';
+export { C as CookieConfig, E as ErrorType, f as JoseInstance, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, S as Session, U as User } from './index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import './schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import './@types/utility.js';
 
 /**

package/dist/index.js

@@ -1,62 +1,73 @@
 import {
   createBuiltInOAuthProviders
-} from "./chunk-VFTYH33W.js";
-import "./chunk-FKRDCWBF.js";
+} from "./chunk-7H3OR6UU.js";
 import "./chunk-IKHPGFCW.js";
 import "./chunk-KRNOMBXQ.js";
 import "./chunk-E3OXBRYF.js";
+import "./chunk-6R2YZ4AC.js";
 import "./chunk-42XB3YCW.js";
 import "./chunk-ITQ7352M.js";
 import {
   csrfTokenAction
-} from "./chunk-SMQO5WD7.js";
-import {
-  sessionAction
-} from "./chunk-XXJKNKGQ.js";
+} from "./chunk-QDO2KSRJ.js";
 import {
   signInAction
-} from "./chunk-LLR722CL.js";
+} from "./chunk-2RXNXMCZ.js";
+import {
+  sessionAction
+} from "./chunk-PTJUYB33.js";
 import {
   signOutAction
-} from "./chunk-SJPDVKUS.js";
-import "./chunk-CAKJT3KS.js";
+} from "./chunk-NEVKX6K2.js";
+import "./chunk-QEZL7EYN.js";
 import {
   callbackAction
-} from "./chunk-HGJ4TXY4.js";
-import "./chunk-RLT4RFKV.js";
-import "./chunk-UJJ7R56J.js";
+} from "./chunk-UEH3LVON.js";
+import "./chunk-ZLR3LI6X.js";
+import "./chunk-4V4JNXVF.js";
 import "./chunk-FIPU4MLT.js";
-import "./chunk-EBPE35JT.js";
+import "./chunk-IUYZQTJV.js";
+import "./chunk-FKRDCWBF.js";
 import {
-  defaultCookieConfig
-} from "./chunk-ZV4BH47P.js";
-import "./chunk-6SM22VVJ.js";
+  createCookieStore
+} from "./chunk-IMICRJ5U.js";
 import "./chunk-STHEPPUZ.js";
 import {
   createJoseInstance
-} from "./chunk-UTDLUEEG.js";
-import "./chunk-GZU3RBTB.js";
+} from "./chunk-TLE4PXY3.js";
+import "./chunk-WD7AUHQ5.js";
+import "./chunk-N2APGLXA.js";
 import {
-  onErrorHandler
-} from "./chunk-256KIVJL.js";
-import "./chunk-FJUDBLCP.js";
-import "./chunk-JAPMIE6S.js";
-import "./chunk-HMRKN75I.js";
+  onErrorHandler,
+  useSecureCookies
+} from "./chunk-CXLATHS5.js";
+import "./chunk-EIL2FPSS.js";
+import "./chunk-RRLIF4PQ.js";
 
 // src/index.ts
 import "dotenv/config";
 import { createRouter } from "@aura-stack/router";
 var createInternalConfig = (authConfig) => {
+  const useSecure = authConfig?.trustedProxyHeaders ?? false;
   return {
     basePath: authConfig?.basePath ?? "/auth",
     onError: onErrorHandler,
     context: {
       oauth: createBuiltInOAuthProviders(authConfig?.oauth),
-      cookies: authConfig?.cookies ?? defaultCookieConfig,
+      cookies: createCookieStore(useSecure, authConfig?.cookies?.prefix, authConfig?.cookies?.overrides ?? {}),
       jose: createJoseInstance(authConfig?.secret),
+      secret: authConfig?.secret,
       basePath: authConfig?.basePath ?? "/auth",
-      trustedProxyHeaders: !!authConfig?.trustedProxyHeaders
-    }
+      trustedProxyHeaders: useSecure
+    },
+    middlewares: [
+      (ctx) => {
+        const useSecure2 = useSecureCookies(ctx.request, ctx.context.trustedProxyHeaders);
+        const cookies = createCookieStore(useSecure2, authConfig?.cookies?.prefix, authConfig?.cookies?.overrides ?? {});
+        ctx.context.cookies = cookies;
+        return ctx;
+      }
+    ]
   };
 };
 var createAuth = (authConfig) => {

package/dist/jose.cjs

@@ -42,12 +42,15 @@ var import_node_crypto = __toESM(require("crypto"), 1);
 // src/utils.ts
 var import_router = require("@aura-stack/router");
 
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
+// src/errors.ts
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
   }
 };
 
@@ -58,20 +61,28 @@ var createDerivedSalt = (secret) => {
 
 // src/jose.ts
 var createJoseInstance = (secret) => {
-  secret ?? (secret = process.env.AURA_AUTH_SECRET);
+  const env = process.env;
+  secret ??= env.AURA_AUTH_SECRET ?? env.AUTH_SECRET;
   if (!secret) {
-    throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.");
+    throw new AuthInternalError(
+      "JOSE_INITIALIZATION_FAILED",
+      "AURA_AUTH_SECRET environment variable is not set and no secret was provided."
+    );
   }
-  const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret);
-  const { derivedKey: derivedSessionKey } = (0, import_jose.createDeriveKey)(secret, salt, "session");
+  const salt = env.AURA_AUTH_SALT ?? env.AUTH_SALT ?? createDerivedSalt(secret);
+  const { derivedKey: derivedSigningKey } = (0, import_jose.createDeriveKey)(secret, salt, "signing");
+  const { derivedKey: derivedEncryptionKey } = (0, import_jose.createDeriveKey)(secret, salt, "encryption");
   const { derivedKey: derivedCsrfTokenKey } = (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");
-  const { decodeJWT, encodeJWT } = (0, import_jose.createJWT)(derivedSessionKey);
+  const { decodeJWT, encodeJWT } = (0, import_jose.createJWT)({ jws: derivedSigningKey, jwe: derivedEncryptionKey });
   const { signJWS, verifyJWS } = (0, import_jose.createJWS)(derivedCsrfTokenKey);
+  const { encryptJWE, decryptJWE } = (0, import_jose.createJWE)(derivedEncryptionKey);
   return {
     decodeJWT,
     encodeJWT,
     signJWS,
-    verifyJWS
+    verifyJWS,
+    encryptJWE,
+    decryptJWE
   };
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/jose.d.ts

@@ -1,3 +1,4 @@
+import * as _aura_stack_jose from '@aura-stack/jose';
 import * as _aura_stack_jose_jose from '@aura-stack/jose/jose';
 export { JWTPayload } from '@aura-stack/jose/jose';
 
@@ -14,7 +15,9 @@ declare const createJoseInstance: (secret?: string) => {
     decodeJWT: (token: string) => Promise<_aura_stack_jose_jose.JWTPayload>;
     encodeJWT: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
     signJWS: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
-    verifyJWS: (payload: string) => Promise<_aura_stack_jose_jose.JWTPayload>;
+    verifyJWS: (payload: string, options?: _aura_stack_jose.JWTVerifyOptions) => Promise<_aura_stack_jose_jose.JWTPayload>;
+    encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions) => Promise<string>;
+    decryptJWE: (payload: string, options?: _aura_stack_jose.JWTDecryptOptions) => Promise<string>;
 };
 
 export { createJoseInstance };

package/dist/jose.js

@@ -1,9 +1,10 @@
 import {
   createJoseInstance
-} from "./chunk-UTDLUEEG.js";
-import "./chunk-GZU3RBTB.js";
-import "./chunk-256KIVJL.js";
-import "./chunk-FJUDBLCP.js";
+} from "./chunk-TLE4PXY3.js";
+import "./chunk-N2APGLXA.js";
+import "./chunk-CXLATHS5.js";
+import "./chunk-EIL2FPSS.js";
+import "./chunk-RRLIF4PQ.js";
 export {
   createJoseInstance
 };

package/dist/oauth/bitbucket.d.ts

@@ -1,7 +1,6 @@
-export { B as BitbucketProfile, k as bitbucket } from '../index-DpfbvTZ_.js';
+export { B as BitbucketProfile, r as bitbucket } from '../index-EqsoyjrF.js';
 import '../@types/utility.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';

package/dist/oauth/discord.cjs

@@ -42,7 +42,6 @@ var discord = {
     }
     return {
       sub: profile.id,
-      // https://discord.com/developers/docs/change-log#display-names
       name: profile.global_name ?? profile.username,
       email: profile.email ?? "",
       image

package/dist/oauth/discord.d.ts

@@ -1,7 +1,6 @@
-export { D as DiscordProfile, N as Nameplate, i as discord } from '../index-DpfbvTZ_.js';
+export { D as DiscordProfile, N as Nameplate, p as discord } from '../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../@types/utility.js';

package/dist/oauth/discord.js

@@ -1,6 +1,6 @@
 import {
   discord
-} from "../chunk-EBPE35JT.js";
+} from "../chunk-IUYZQTJV.js";
 export {
   discord
 };

package/dist/oauth/figma.d.ts

@@ -1,7 +1,6 @@
-export { F as FigmaProfile, j as figma } from '../index-DpfbvTZ_.js';
+export { F as FigmaProfile, q as figma } from '../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../@types/utility.js';

package/dist/oauth/github.d.ts

@@ -1,7 +1,6 @@
-export { l as GitHubProfile, m as github } from '../index-DpfbvTZ_.js';
+export { t as GitHubProfile, u as github } from '../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../@types/utility.js';

package/dist/oauth/gitlab.d.ts

@@ -1,7 +1,6 @@
-export { G as GitLabProfile, h as gitlab } from '../index-DpfbvTZ_.js';
+export { G as GitLabProfile, o as gitlab } from '../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../@types/utility.js';

package/dist/oauth/index.cjs

@@ -28,6 +28,7 @@ __export(oauth_exports, {
   github: () => github,
   gitlab: () => gitlab,
   spotify: () => spotify,
+  strava: () => strava,
   x: () => x
 });
 module.exports = __toCommonJS(oauth_exports);
@@ -100,7 +101,6 @@ var discord = {
     }
     return {
       sub: profile.id,
-      // https://discord.com/developers/docs/change-log#display-names
       name: profile.global_name ?? profile.username,
       email: profile.email ?? "",
       image
@@ -165,6 +165,123 @@ var x = {
   }
 };
 
+// src/oauth/strava.ts
+var strava = {
+  id: "strava",
+  name: "Strava",
+  authorizeURL: "https://www.strava.com/oauth/authorize",
+  accessToken: "https://www.strava.com/oauth/token",
+  userInfo: "https://www.strava.com/api/v3/athlete",
+  scope: "read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id.toString(),
+      name: `${profile.firstname} ${profile.lastname}`,
+      image: profile.profile,
+      email: ""
+    };
+  }
+};
+
+// src/schemas.ts
+var import_v4 = require("zod/v4");
+var OAuthProviderConfigSchema = (0, import_v4.object)({
+  authorizeURL: (0, import_v4.httpUrl)(),
+  accessToken: (0, import_v4.httpUrl)(),
+  scope: (0, import_v4.string)().optional(),
+  userInfo: (0, import_v4.httpUrl)(),
+  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_v4.string)(),
+  clientSecret: (0, import_v4.string)()
+});
+var OAuthAuthorization = OAuthProviderConfigSchema.extend({
+  redirectURI: (0, import_v4.string)(),
+  state: (0, import_v4.string)(),
+  codeChallenge: (0, import_v4.string)(),
+  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+});
+var OAuthAuthorizationResponse = (0, import_v4.object)({
+  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
+  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+});
+var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
+  error: (0, import_v4.enum)([
+    "invalid_request",
+    "unauthorized_client",
+    "access_denied",
+    "unsupported_response_type",
+    "invalid_scope",
+    "server_error",
+    "temporarily_unavailable"
+  ]),
+  error_description: (0, import_v4.string)().optional(),
+  error_uri: (0, import_v4.string)().optional(),
+  state: (0, import_v4.string)()
+});
+var OAuthAccessToken = OAuthProviderConfigSchema.extend({
+  redirectURI: (0, import_v4.string)(),
+  code: (0, import_v4.string)(),
+  codeVerifier: (0, import_v4.string)().min(43).max(128)
+});
+var OAuthAccessTokenResponse = (0, import_v4.object)({
+  access_token: (0, import_v4.string)(),
+  token_type: (0, import_v4.string)(),
+  expires_in: (0, import_v4.number)().optional(),
+  refresh_token: (0, import_v4.string)().optional(),
+  scope: (0, import_v4.string)().optional()
+});
+var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
+  error: (0, import_v4.enum)([
+    "invalid_request",
+    "invalid_client",
+    "invalid_grant",
+    "unauthorized_client",
+    "unsupported_grant_type",
+    "invalid_scope"
+  ]),
+  error_description: (0, import_v4.string)().optional(),
+  error_uri: (0, import_v4.string)().optional()
+});
+var OAuthErrorResponse = (0, import_v4.object)({
+  error: (0, import_v4.string)(),
+  error_description: (0, import_v4.string)().optional()
+});
+var OAuthEnvSchema = (0, import_v4.object)({
+  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+});
+
+// src/errors.ts
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options2) {
+    super(message, options2);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+
+// src/utils.ts
+var import_router = require("@aura-stack/router");
+var formatZodError = (error) => {
+  if (!error.issues || error.issues.length === 0) {
+    return {};
+  }
+  return error.issues.reduce((previous, issue) => {
+    const key = issue.path.join(".");
+    return {
+      ...previous,
+      [key]: {
+        code: issue.code,
+        message: issue.message
+      }
+    };
+  }, {});
+};
+
 // src/oauth/index.ts
 var builtInOAuthProviders = {
   github,
@@ -173,14 +290,22 @@ var builtInOAuthProviders = {
   discord,
   gitlab,
   spotify,
-  x
+  x,
+  strava
 };
 var defineOAuthEnvironment = (oauth) => {
   const env = process.env;
-  return {
-    clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
-    clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`]
-  };
+  const clientIdSuffix = `${oauth.toUpperCase()}_CLIENT_ID`;
+  const clientSecretSuffix = `${oauth.toUpperCase()}_CLIENT_SECRET`;
+  const loadEnvs = OAuthEnvSchema.safeParse({
+    clientId: env[`AURA_AUTH_${clientIdSuffix}`] ?? env[`AUTH_${clientIdSuffix}`] ?? env[`${clientIdSuffix}`],
+    clientSecret: env[`AURA_AUTH_${clientSecretSuffix}`] ?? env[`AUTH_${clientSecretSuffix}`] ?? env[`${clientSecretSuffix}`]
+  });
+  if (!loadEnvs.success) {
+    const msg = JSON.stringify(formatZodError(loadEnvs.error), null, 2);
+    throw new AuthInternalError("INVALID_ENVIRONMENT_CONFIGURATION", msg);
+  }
+  return loadEnvs.data;
 };
 var defineOAuthProviderConfig = (config) => {
   if (typeof config === "string") {
@@ -209,5 +334,6 @@ var createBuiltInOAuthProviders = (oauth = []) => {
   github,
   gitlab,
   spotify,
+  strava,
   x
 });

package/dist/oauth/index.d.ts

@@ -1,7 +1,6 @@
-export { B as BitbucketProfile, p as BuiltInOAuthProvider, D as DiscordProfile, F as FigmaProfile, l as GitHubProfile, G as GitLabProfile, N as Nameplate, g as SpotifyProfile, X as XProfile, k as bitbucket, n as builtInOAuthProviders, o as createBuiltInOAuthProviders, i as discord, j as figma, m as github, h as gitlab, s as spotify, x } from '../index-DpfbvTZ_.js';
+export { B as BitbucketProfile, y as BuiltInOAuthProvider, D as DiscordProfile, F as FigmaProfile, t as GitHubProfile, G as GitLabProfile, I as Image, N as Nameplate, m as SpotifyProfile, l as StravaProfile, j as SummaryClub, k as SummaryGear, X as XProfile, r as bitbucket, v as builtInOAuthProviders, w as createBuiltInOAuthProviders, p as discord, q as figma, u as github, o as gitlab, n as spotify, s as strava, x } from '../index-EqsoyjrF.js';
 import '../@types/utility.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';

package/dist/oauth/index.js

@@ -1,10 +1,7 @@
 import {
   builtInOAuthProviders,
   createBuiltInOAuthProviders
-} from "../chunk-VFTYH33W.js";
-import {
-  figma
-} from "../chunk-FKRDCWBF.js";
+} from "../chunk-7H3OR6UU.js";
 import {
   github
 } from "../chunk-IKHPGFCW.js";
@@ -14,6 +11,9 @@ import {
 import {
   spotify
 } from "../chunk-E3OXBRYF.js";
+import {
+  strava
+} from "../chunk-6R2YZ4AC.js";
 import {
   x
 } from "../chunk-42XB3YCW.js";
@@ -22,7 +22,13 @@ import {
 } from "../chunk-FIPU4MLT.js";
 import {
   discord
-} from "../chunk-EBPE35JT.js";
+} from "../chunk-IUYZQTJV.js";
+import {
+  figma
+} from "../chunk-FKRDCWBF.js";
+import "../chunk-WD7AUHQ5.js";
+import "../chunk-CXLATHS5.js";
+import "../chunk-RRLIF4PQ.js";
 export {
   bitbucket,
   builtInOAuthProviders,
@@ -32,5 +38,6 @@ export {
   github,
   gitlab,
   spotify,
+  strava,
   x
 };

package/dist/oauth/spotify.d.ts

@@ -1,7 +1,6 @@
-export { g as SpotifyProfile, s as spotify } from '../index-DpfbvTZ_.js';
+export { I as Image, m as SpotifyProfile, n as spotify } from '../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../@types/utility.js';

package/dist/{response.cjs → oauth/strava.cjs}

@@ -17,18 +17,30 @@ var __copyProps = (to, from, except, desc) => {
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
-// src/response.ts
-var response_exports = {};
-__export(response_exports, {
-  AuraResponse: () => AuraResponse
+// src/oauth/strava.ts
+var strava_exports = {};
+__export(strava_exports, {
+  strava: () => strava
 });
-module.exports = __toCommonJS(response_exports);
-var AuraResponse = class extends Response {
-  static json(body, init) {
-    return Response.json(body, init);
+module.exports = __toCommonJS(strava_exports);
+var strava = {
+  id: "strava",
+  name: "Strava",
+  authorizeURL: "https://www.strava.com/oauth/authorize",
+  accessToken: "https://www.strava.com/oauth/token",
+  userInfo: "https://www.strava.com/api/v3/athlete",
+  scope: "read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id.toString(),
+      name: `${profile.firstname} ${profile.lastname}`,
+      image: profile.profile,
+      email: ""
+    };
   }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  AuraResponse
+  strava
 });

package/dist/oauth/strava.d.ts

@@ -0,0 +1,6 @@
+export { l as StravaProfile, j as SummaryClub, k as SummaryGear, s as strava } from '../index-EqsoyjrF.js';
+import 'zod/v4';
+import '../schemas.js';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
+import '../@types/utility.js';

package/dist/oauth/strava.js

@@ -0,0 +1,6 @@
+import {
+  strava
+} from "../chunk-6R2YZ4AC.js";
+export {
+  strava
+};

package/dist/oauth/x.d.ts

@@ -1,7 +1,6 @@
-export { X as XProfile, x } from '../index-DpfbvTZ_.js';
+export { X as XProfile, x } from '../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../@types/utility.js';

package/dist/schemas.cjs

@@ -26,16 +26,17 @@ __export(schemas_exports, {
   OAuthAuthorization: () => OAuthAuthorization,
   OAuthAuthorizationErrorResponse: () => OAuthAuthorizationErrorResponse,
   OAuthAuthorizationResponse: () => OAuthAuthorizationResponse,
+  OAuthEnvSchema: () => OAuthEnvSchema,
   OAuthErrorResponse: () => OAuthErrorResponse,
   OAuthProviderConfigSchema: () => OAuthProviderConfigSchema
 });
 module.exports = __toCommonJS(schemas_exports);
 var import_v4 = require("zod/v4");
 var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.url)(),
-  accessToken: (0, import_v4.url)(),
+  authorizeURL: (0, import_v4.httpUrl)(),
+  accessToken: (0, import_v4.httpUrl)(),
   scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.url)(),
+  userInfo: (0, import_v4.httpUrl)(),
   responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
   clientId: (0, import_v4.string)(),
   clientSecret: (0, import_v4.string)()
@@ -47,8 +48,8 @@ var OAuthAuthorization = OAuthProviderConfigSchema.extend({
   codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
 });
 var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)(),
-  code: (0, import_v4.string)()
+  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
+  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
 });
 var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
   error: (0, import_v4.enum)([
@@ -92,6 +93,10 @@ var OAuthErrorResponse = (0, import_v4.object)({
   error: (0, import_v4.string)(),
   error_description: (0, import_v4.string)().optional()
 });
+var OAuthEnvSchema = (0, import_v4.object)({
+  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+});
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   OAuthAccessToken,
@@ -100,6 +105,7 @@ var OAuthErrorResponse = (0, import_v4.object)({
   OAuthAuthorization,
   OAuthAuthorizationErrorResponse,
   OAuthAuthorizationResponse,
+  OAuthEnvSchema,
   OAuthErrorResponse,
   OAuthProviderConfigSchema
 });