@aura-stack/auth 0.1.0 → 0.2.0

package/dist/schemas.d.ts

@@ -1,63 +1,62 @@
-import * as zod_v4_core from 'zod/v4/core';
-import * as zod_v4 from 'zod/v4';
+import { z } from 'zod/v4';
 
 /**
  * Schema for OAuth Provider Configuration
  */
-declare const OAuthProviderConfigSchema: zod_v4.ZodObject<{
-    authorizeURL: zod_v4.ZodURL;
-    accessToken: zod_v4.ZodURL;
-    scope: zod_v4.ZodOptional<zod_v4.ZodString>;
-    userInfo: zod_v4.ZodURL;
-    responseType: zod_v4.ZodEnum<{
-        token: "token";
+declare const OAuthProviderConfigSchema: z.ZodObject<{
+    authorizeURL: z.ZodURL;
+    accessToken: z.ZodURL;
+    scope: z.ZodOptional<z.ZodString>;
+    userInfo: z.ZodURL;
+    responseType: z.ZodEnum<{
         code: "code";
+        token: "token";
         id_token: "id_token";
     }>;
-    clientId: zod_v4.ZodString;
-    clientSecret: zod_v4.ZodString;
-}, zod_v4_core.$strip>;
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+}, z.core.$strip>;
 /**
  * Schema used to create the authorization URL for the OAuth flow and verify the
  * OAuth configuration.
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
  */
-declare const OAuthAuthorization: zod_v4.ZodObject<{
-    authorizeURL: zod_v4.ZodURL;
-    accessToken: zod_v4.ZodURL;
-    scope: zod_v4.ZodOptional<zod_v4.ZodString>;
-    userInfo: zod_v4.ZodURL;
-    responseType: zod_v4.ZodEnum<{
-        token: "token";
+declare const OAuthAuthorization: z.ZodObject<{
+    authorizeURL: z.ZodURL;
+    accessToken: z.ZodURL;
+    scope: z.ZodOptional<z.ZodString>;
+    userInfo: z.ZodURL;
+    responseType: z.ZodEnum<{
         code: "code";
+        token: "token";
         id_token: "id_token";
     }>;
-    clientId: zod_v4.ZodString;
-    clientSecret: zod_v4.ZodString;
-    redirectURI: zod_v4.ZodString;
-    state: zod_v4.ZodString;
-    codeChallenge: zod_v4.ZodString;
-    codeChallengeMethod: zod_v4.ZodEnum<{
-        S256: "S256";
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+    redirectURI: z.ZodString;
+    state: z.ZodString;
+    codeChallenge: z.ZodString;
+    codeChallengeMethod: z.ZodEnum<{
         plain: "plain";
+        S256: "S256";
     }>;
-}, zod_v4_core.$strip>;
+}, z.core.$strip>;
 /**
  * Schema used in the callback action to validate the authorization response when the resource owner
  * has granted.
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2
  */
-declare const OAuthAuthorizationResponse: zod_v4.ZodObject<{
-    state: zod_v4.ZodString;
-    code: zod_v4.ZodString;
-}, zod_v4_core.$strip>;
+declare const OAuthAuthorizationResponse: z.ZodObject<{
+    state: z.ZodString;
+    code: z.ZodString;
+}, z.core.$strip>;
 /**
  * Schema used in the callback action to validate the authorization error response when the resource owner
  * has denied the authorization request.
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
  */
-declare const OAuthAuthorizationErrorResponse: zod_v4.ZodObject<{
-    error: zod_v4.ZodEnum<{
+declare const OAuthAuthorizationErrorResponse: z.ZodObject<{
+    error: z.ZodEnum<{
         invalid_request: "invalid_request";
         unauthorized_client: "unauthorized_client";
         access_denied: "access_denied";
@@ -66,48 +65,48 @@ declare const OAuthAuthorizationErrorResponse: zod_v4.ZodObject<{
         server_error: "server_error";
         temporarily_unavailable: "temporarily_unavailable";
     }>;
-    error_description: zod_v4.ZodOptional<zod_v4.ZodString>;
-    error_uri: zod_v4.ZodOptional<zod_v4.ZodString>;
-    state: zod_v4.ZodString;
-}, zod_v4_core.$strip>;
+    error_description: z.ZodOptional<z.ZodString>;
+    error_uri: z.ZodOptional<z.ZodString>;
+    state: z.ZodString;
+}, z.core.$strip>;
 /**
  * Schema for OAuth Access Token Request and OAuth Configuration
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
  */
-declare const OAuthAccessToken: zod_v4.ZodObject<{
-    authorizeURL: zod_v4.ZodURL;
-    accessToken: zod_v4.ZodURL;
-    scope: zod_v4.ZodOptional<zod_v4.ZodString>;
-    userInfo: zod_v4.ZodURL;
-    responseType: zod_v4.ZodEnum<{
-        token: "token";
+declare const OAuthAccessToken: z.ZodObject<{
+    authorizeURL: z.ZodURL;
+    accessToken: z.ZodURL;
+    scope: z.ZodOptional<z.ZodString>;
+    userInfo: z.ZodURL;
+    responseType: z.ZodEnum<{
         code: "code";
+        token: "token";
         id_token: "id_token";
     }>;
-    clientId: zod_v4.ZodString;
-    clientSecret: zod_v4.ZodString;
-    redirectURI: zod_v4.ZodString;
-    code: zod_v4.ZodString;
-    codeVerifier: zod_v4.ZodString;
-}, zod_v4_core.$strip>;
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+    redirectURI: z.ZodString;
+    code: z.ZodString;
+    codeVerifier: z.ZodString;
+}, z.core.$strip>;
 /**
  * Schema for OAuth Access Token Response
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
  * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4
  */
-declare const OAuthAccessTokenResponse: zod_v4.ZodObject<{
-    access_token: zod_v4.ZodString;
-    token_type: zod_v4.ZodString;
-    expires_in: zod_v4.ZodOptional<zod_v4.ZodNumber>;
-    refresh_token: zod_v4.ZodOptional<zod_v4.ZodString>;
-    scope: zod_v4.ZodOptional<zod_v4.ZodString>;
-}, zod_v4_core.$strip>;
+declare const OAuthAccessTokenResponse: z.ZodObject<{
+    access_token: z.ZodString;
+    token_type: z.ZodString;
+    expires_in: z.ZodOptional<z.ZodNumber>;
+    refresh_token: z.ZodOptional<z.ZodString>;
+    scope: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
 /**
  * Schema for OAuth Access Token Error Response
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
  */
-declare const OAuthAccessTokenErrorResponse: zod_v4.ZodObject<{
-    error: zod_v4.ZodEnum<{
+declare const OAuthAccessTokenErrorResponse: z.ZodObject<{
+    error: z.ZodEnum<{
         invalid_request: "invalid_request";
         unauthorized_client: "unauthorized_client";
         invalid_scope: "invalid_scope";
@@ -115,16 +114,20 @@ declare const OAuthAccessTokenErrorResponse: zod_v4.ZodObject<{
         invalid_grant: "invalid_grant";
         unsupported_grant_type: "unsupported_grant_type";
     }>;
-    error_description: zod_v4.ZodOptional<zod_v4.ZodString>;
-    error_uri: zod_v4.ZodOptional<zod_v4.ZodString>;
-}, zod_v4_core.$strip>;
+    error_description: z.ZodOptional<z.ZodString>;
+    error_uri: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
 /**
  * @todo: verify if this schema is still needed
  * @deprecated
  */
-declare const OAuthErrorResponse: zod_v4.ZodObject<{
-    error: zod_v4.ZodString;
-    error_description: zod_v4.ZodOptional<zod_v4.ZodString>;
-}, zod_v4_core.$strip>;
+declare const OAuthErrorResponse: z.ZodObject<{
+    error: z.ZodString;
+    error_description: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+declare const OAuthEnvSchema: z.ZodObject<{
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+}, z.core.$strip>;
 
-export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthErrorResponse, OAuthProviderConfigSchema };
+export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema };

package/dist/schemas.js

@@ -5,9 +5,10 @@ import {
   OAuthAuthorization,
   OAuthAuthorizationErrorResponse,
   OAuthAuthorizationResponse,
+  OAuthEnvSchema,
   OAuthErrorResponse,
   OAuthProviderConfigSchema
-} from "./chunk-HMRKN75I.js";
+} from "./chunk-WD7AUHQ5.js";
 export {
   OAuthAccessToken,
   OAuthAccessTokenErrorResponse,
@@ -15,6 +16,7 @@ export {
   OAuthAuthorization,
   OAuthAuthorizationErrorResponse,
   OAuthAuthorizationResponse,
+  OAuthEnvSchema,
   OAuthErrorResponse,
   OAuthProviderConfigSchema
 };

package/dist/secure.cjs

@@ -43,18 +43,15 @@ var import_node_crypto = __toESM(require("crypto"), 1);
 // src/utils.ts
 var import_router = require("@aura-stack/router");
 
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
-  }
-};
-var InvalidCsrfTokenError = class extends AuthError {
-  constructor(message = "The provided CSRF token is invalid or has expired") {
-    super("invalid_csrf_token", message);
-    this.name = "InvalidCsrfTokenError";
+// src/errors.ts
+var AuthSecurityError = class extends Error {
+  type = "AUTH_SECURITY_ERROR";
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
   }
 };
 
@@ -64,6 +61,11 @@ var equals = (a, b) => {
   return a === b;
 };
 
+// src/assert.ts
+var isJWTPayloadWithToken = (payload) => {
+  return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
+};
+
 // src/secure.ts
 var generateSecure = (length = 32) => {
   return import_node_crypto.default.randomBytes(length).toString("base64url");
@@ -91,19 +93,25 @@ var createCSRF = async (jose, csrfCookie) => {
 };
 var verifyCSRF = async (jose, cookie, header) => {
   try {
-    const { token: cookieToken } = await jose.verifyJWS(cookie);
-    const { token: headerToken } = await jose.verifyJWS(header);
-    const cookieBuffer = Buffer.from(cookieToken);
-    const headerBuffer = Buffer.from(headerToken);
+    const cookiePayload = await jose.verifyJWS(cookie);
+    const headerPayload = await jose.verifyJWS(header);
+    if (!isJWTPayloadWithToken(cookiePayload)) {
+      throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
+    }
+    if (!isJWTPayloadWithToken(headerPayload)) {
+      throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
+    }
+    const cookieBuffer = Buffer.from(cookiePayload.token);
+    const headerBuffer = Buffer.from(headerPayload.token);
     if (!equals(headerBuffer.length, cookieBuffer.length)) {
-      throw new InvalidCsrfTokenError();
+      throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
     }
     if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
-      throw new InvalidCsrfTokenError();
+      throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
     }
     return true;
   } catch {
-    throw new InvalidCsrfTokenError();
+    throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
   }
 };
 var createDerivedSalt = (secret) => {

package/dist/secure.d.ts

@@ -1,9 +1,8 @@
-import { A as AuthRuntimeConfig } from './index-DpfbvTZ_.js';
+import { A as AuthRuntimeConfig } from './index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import './schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import './@types/utility.js';
 
 declare const generateSecure: (length?: number) => string;

package/dist/secure.js

@@ -5,9 +5,10 @@ import {
   createPKCE,
   generateSecure,
   verifyCSRF
-} from "./chunk-GZU3RBTB.js";
-import "./chunk-256KIVJL.js";
-import "./chunk-FJUDBLCP.js";
+} from "./chunk-N2APGLXA.js";
+import "./chunk-CXLATHS5.js";
+import "./chunk-EIL2FPSS.js";
+import "./chunk-RRLIF4PQ.js";
 export {
   createCSRF,
   createDerivedSalt,

package/dist/utils.cjs

@@ -21,6 +21,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var utils_exports = {};
 __export(utils_exports, {
   equals: () => equals,
+  formatZodError: () => formatZodError,
   getNormalizedOriginPath: () => getNormalizedOriginPath,
   isValidRelativePath: () => isValidRelativePath,
   onErrorHandler: () => onErrorHandler,
@@ -28,21 +29,53 @@ __export(utils_exports, {
   toCastCase: () => toCastCase,
   toISOString: () => toISOString,
   toSnakeCase: () => toSnakeCase,
-  toUpperCase: () => toUpperCase
+  toUpperCase: () => toUpperCase,
+  useSecureCookies: () => useSecureCookies
 });
 module.exports = __toCommonJS(utils_exports);
 var import_router = require("@aura-stack/router");
 
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
+// src/errors.ts
+var OAuthProtocolError = class extends Error {
+  type = "OAUTH_PROTOCOL_ERROR";
+  error;
+  errorURI;
+  constructor(error, description, errorURI, options) {
+    super(description, options);
+    this.error = error;
+    this.errorURI = errorURI;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
   }
 };
-var isAuthError = (error) => {
-  return error instanceof AuthError;
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var AuthSecurityError = class extends Error {
+  type = "AUTH_SECURITY_ERROR";
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var isOAuthProtocolError = (error) => {
+  return error instanceof OAuthProtocolError;
+};
+var isAuthInternalError = (error) => {
+  return error instanceof AuthInternalError;
+};
+var isAuthSecurityError = (error) => {
+  return error instanceof AuthSecurityError;
 };
 
 // src/utils.ts
@@ -106,13 +139,35 @@ var isValidRelativePath = (path) => {
 var onErrorHandler = (error) => {
   if ((0, import_router.isRouterError)(error)) {
     const { message, status, statusText } = error;
-    return Response.json({ error: "invalid_request", error_description: message }, { status, statusText });
+    return Response.json({ type: "ROUTER_ERROR", code: "ROUTER_INTERNAL_ERROR", message }, { status, statusText });
+  }
+  if ((0, import_router.isInvalidZodSchemaError)(error)) {
+    return Response.json({ type: "ROUTER_ERROR", code: "INVALID_REQUEST", message: error.errors }, { status: 422 });
   }
-  if (isAuthError(error)) {
-    const { type, message } = error;
-    return Response.json({ error: type, error_description: message }, { status: 400 });
+  if (isOAuthProtocolError(error)) {
+    const { error: errorCode, message, type, errorURI } = error;
+    return Response.json(
+      {
+        type,
+        error: errorCode,
+        error_description: message,
+        error_uri: errorURI
+      },
+      { status: 400 }
+    );
   }
-  return Response.json({ error: "server_error", error_description: "An unexpected error occurred" }, { status: 500 });
+  if (isAuthInternalError(error) || isAuthSecurityError(error)) {
+    const { type, code, message } = error;
+    return Response.json(
+      {
+        type,
+        code,
+        message
+      },
+      { status: 400 }
+    );
+  }
+  return Response.json({ type: "SERVER_ERROR", code: "server_error", message: "An unexpected error occurred" }, { status: 500 });
 };
 var getNormalizedOriginPath = (path) => {
   try {
@@ -127,9 +182,28 @@ var getNormalizedOriginPath = (path) => {
 var toISOString = (date) => {
   return new Date(date).toISOString();
 };
+var useSecureCookies = (request, trustedProxyHeaders) => {
+  return trustedProxyHeaders ? request.url.startsWith("https://") || request.headers.get("X-Forwarded-Proto") === "https" || (request.headers.get("Forwarded")?.includes("proto=https") ?? false) : request.url.startsWith("https://");
+};
+var formatZodError = (error) => {
+  if (!error.issues || error.issues.length === 0) {
+    return {};
+  }
+  return error.issues.reduce((previous, issue) => {
+    const key = issue.path.join(".");
+    return {
+      ...previous,
+      [key]: {
+        code: issue.code,
+        message: issue.message
+      }
+    };
+  }, {});
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   equals,
+  formatZodError,
   getNormalizedOriginPath,
   isValidRelativePath,
   onErrorHandler,
@@ -137,5 +211,6 @@ var toISOString = (date) => {
   toCastCase,
   toISOString,
   toSnakeCase,
-  toUpperCase
+  toUpperCase,
+  useSecureCookies
 });

package/dist/utils.d.ts

@@ -1,8 +1,15 @@
+import { ZodError } from 'zod';
 import { RouterConfig } from '@aura-stack/router';
+import { i as APIErrorMap } from './index-EqsoyjrF.js';
+import 'zod/v4';
+import './schemas.js';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
+import './@types/utility.js';
 
 declare const toSnakeCase: (str: string) => string;
 declare const toUpperCase: (str: string) => string;
-declare const toCastCase: <Obj extends Record<string, any>, Type extends "snake" | "upper">(obj: Obj, type?: Type) => Type extends "snake" ? { [K in keyof Obj as `${string & K}`]: Obj[K]; } : { [K in keyof Obj as Uppercase<string & K>]: Obj[K]; };
+declare const toCastCase: <Obj extends Record<string, string>, Type extends "snake" | "upper">(obj: Obj, type?: Type) => Type extends "snake" ? { [K in keyof Obj as `${string & K}`]: Obj[K]; } : { [K in keyof Obj as Uppercase<string & K>]: Obj[K]; };
 declare const equals: (a: string | number | undefined | null, b: string | number | undefined | null) => boolean;
 /**
  * Sanitizes a URL by removing dangerous patterns that could be used for path traversal
@@ -41,5 +48,7 @@ declare const onErrorHandler: RouterConfig["onError"];
  */
 declare const getNormalizedOriginPath: (path: string) => string;
 declare const toISOString: (date: Date | string | number) => string;
+declare const useSecureCookies: (request: Request, trustedProxyHeaders: boolean) => boolean;
+declare const formatZodError: <T extends Record<string, unknown> = Record<string, unknown>>(error: ZodError<T>) => APIErrorMap;
 
-export { equals, getNormalizedOriginPath, isValidRelativePath, onErrorHandler, sanitizeURL, toCastCase, toISOString, toSnakeCase, toUpperCase };
+export { equals, formatZodError, getNormalizedOriginPath, isValidRelativePath, onErrorHandler, sanitizeURL, toCastCase, toISOString, toSnakeCase, toUpperCase, useSecureCookies };

package/dist/utils.js

@@ -1,5 +1,6 @@
 import {
   equals,
+  formatZodError,
   getNormalizedOriginPath,
   isValidRelativePath,
   onErrorHandler,
@@ -7,11 +8,13 @@ import {
   toCastCase,
   toISOString,
   toSnakeCase,
-  toUpperCase
-} from "./chunk-256KIVJL.js";
-import "./chunk-FJUDBLCP.js";
+  toUpperCase,
+  useSecureCookies
+} from "./chunk-CXLATHS5.js";
+import "./chunk-RRLIF4PQ.js";
 export {
   equals,
+  formatZodError,
   getNormalizedOriginPath,
   isValidRelativePath,
   onErrorHandler,
@@ -19,5 +22,6 @@ export {
   toCastCase,
   toISOString,
   toSnakeCase,
-  toUpperCase
+  toUpperCase,
+  useSecureCookies
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aura-stack/auth",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "private": false,
   "type": "module",
   "description": "Core auth for @aura-stack/auth",
@@ -44,15 +44,14 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@aura-stack/router": "^0.4.0",
-    "cookie": "^1.0.2",
+    "@aura-stack/router": "^0.5.0",
     "dotenv": "^17.2.3",
     "zod": "^4.1.12",
-    "@aura-stack/jose": "0.1.0"
+    "@aura-stack/jose": "0.2.0"
   },
   "devDependencies": {
-    "@aura-stack/tsconfig": "0.0.0",
-    "@aura-stack/tsup-config": "0.0.0"
+    "@aura-stack/tsup-config": "0.0.0",
+    "@aura-stack/tsconfig": "0.0.0"
   },
   "scripts": {
     "dev": "tsup --watch",

package/dist/chunk-FJUDBLCP.js

@@ -1,59 +0,0 @@
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
-  }
-};
-var InvalidCsrfTokenError = class extends AuthError {
-  constructor(message = "The provided CSRF token is invalid or has expired") {
-    super("invalid_csrf_token", message);
-    this.name = "InvalidCsrfTokenError";
-  }
-};
-var InvalidRedirectToError = class extends AuthError {
-  constructor(message = "The redirectTo parameter does not match the hosted origin.") {
-    super("invalid_redirect_to", message);
-    this.name = "InvalidRedirectToError";
-  }
-};
-var isAuthError = (error) => {
-  return error instanceof AuthError;
-};
-var throwAuthError = (error, message) => {
-  if (error instanceof Error) {
-    if (isAuthError(error)) {
-      throw error;
-    }
-    throw new AuthError("invalid_request", error.message ?? message);
-  }
-};
-var ERROR_RESPONSE = {
-  AUTHORIZATION: {
-    INVALID_REQUEST: "invalid_request",
-    UNAUTHORIZED_CLIENT: "unauthorized_client",
-    ACCESS_DENIED: "access_denied",
-    UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
-    INVALID_SCOPE: "invalid_scope",
-    SERVER_ERROR: "server_error",
-    TEMPORARILY_UNAVAILABLE: "temporarily_unavailable"
-  },
-  ACCESS_TOKEN: {
-    INVALID_REQUEST: "invalid_request",
-    INVALID_CLIENT: "invalid_client",
-    INVALID_GRANT: "invalid_grant",
-    UNAUTHORIZED_CLIENT: "unauthorized_client",
-    UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
-    INVALID_SCOPE: "invalid_scope"
-  }
-};
-
-export {
-  AuthError,
-  InvalidCsrfTokenError,
-  InvalidRedirectToError,
-  isAuthError,
-  throwAuthError,
-  ERROR_RESPONSE
-};