@aura-stack/auth 0.2.0 → 0.3.0

package/dist/@types/index.d.ts

@@ -1,6 +1,7 @@
-import 'zod/v4';
+import 'zod';
 import '../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
-export { i as APIErrorMap, V as AccessTokenError, d as AuthConfig, e as AuthInstance, b as AuthInternalErrorCode, A as AuthRuntimeConfig, c as AuthSecurityErrorCode, T as AuthorizationError, C as CookieConfig, P as CookieName, a as CookieStoreConfig, M as CookieStrategyAttributes, E as ErrorType, K as HostCookie, J as JWTPayloadWithToken, z as JWTStandardClaims, f as JoseInstance, Y as OAuthEnv, Q as OAuthError, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, R as RouterGlobalContext, H as SecureCookie, S as Session, L as StandardCookie, W as TokenRevocationError, U as User } from '../index-EqsoyjrF.js';
+export { i as APIErrorMap, a0 as AccessTokenError, d as AuthConfig, e as AuthInstance, b as AuthInternalErrorCode, A as AuthRuntimeConfig, c as AuthSecurityErrorCode, $ as AuthorizationError, C as CookieConfig, Z as CookieName, a as CookieStoreConfig, Y as CookieStrategyAttributes, E as ErrorType, V as HostCookie, J as JWTPayloadWithToken, Q as JWTStandardClaims, f as JoseInstance, a2 as OAuthEnv, _ as OAuthError, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, j as OAuthProviderRecord, R as RouterGlobalContext, T as SecureCookie, S as Session, W as StandardCookie, a1 as TokenRevocationError, U as User } from '../index-DkaLJFn8.js';
 export { LiteralUnion, Prettify } from './utility.js';

package/dist/@types/router.d.d.ts

@@ -1,7 +1,8 @@
-import { R as RouterGlobalContext } from '../index-EqsoyjrF.js';
-import 'zod/v4';
+import { R as RouterGlobalContext } from '../index-DkaLJFn8.js';
+import 'zod';
 import '../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import './utility.js';
 

package/dist/actions/callback/access-token.cjs

@@ -24,6 +24,17 @@ __export(access_token_exports, {
 });
 module.exports = __toCommonJS(access_token_exports);
 
+// src/request.ts
+var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  const response = await fetch(url, {
+    ...options2,
+    signal: controller.signal
+  }).finally(() => clearTimeout(timeoutId));
+  return response;
+};
+
 // src/utils.ts
 var import_router = require("@aura-stack/router");
 
@@ -69,28 +80,28 @@ var formatZodError = (error) => {
 };
 
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.httpUrl)(),
-  accessToken: (0, import_v4.httpUrl)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.httpUrl)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
-  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -99,24 +110,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -124,16 +135,16 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthEnvSchema = (0, import_v4.object)({
-  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
-  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/actions/callback/access-token.ts
@@ -145,7 +156,7 @@ var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) =>
   }
   const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
   try {
-    const response = await fetch(accessToken, {
+    const response = await fetchAsync(accessToken, {
       method: "POST",
       headers: {
         Accept: "application/json",

package/dist/actions/callback/access-token.d.ts

@@ -1,7 +1,8 @@
-import { h as OAuthProviderCredentials } from '../../index-EqsoyjrF.js';
-import 'zod/v4';
+import { h as OAuthProviderCredentials } from '../../index-DkaLJFn8.js';
+import 'zod';
 import '../../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 
@@ -18,10 +19,10 @@ import '../../@types/utility.js';
  */
 declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string) => Promise<{
     access_token: string;
-    token_type: string;
+    token_type?: string | undefined;
     expires_in?: number | undefined;
     refresh_token?: string | undefined;
-    scope?: string | undefined;
+    scope?: string | null | undefined;
 }>;
 
 export { createAccessToken };

package/dist/actions/callback/access-token.js

@@ -1,9 +1,10 @@
 import {
   createAccessToken
-} from "../../chunk-4V4JNXVF.js";
-import "../../chunk-WD7AUHQ5.js";
+} from "../../chunk-GA2SMTJO.js";
 import "../../chunk-CXLATHS5.js";
 import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-ZNCZVF6U.js";
+import "../../chunk-YRCB5FLE.js";
 export {
   createAccessToken
 };

package/dist/actions/callback/callback.cjs

@@ -33,11 +33,11 @@ __export(callback_exports, {
   callbackAction: () => callbackAction
 });
 module.exports = __toCommonJS(callback_exports);
-var import_zod = __toESM(require("zod"), 1);
+var import_zod2 = require("zod");
 var import_router2 = require("@aura-stack/router");
 
 // src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
+var import_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
 var import_router = require("@aura-stack/router");
@@ -146,7 +146,7 @@ var formatZodError = (error) => {
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-  return import_node_crypto.default.randomBytes(length).toString("base64url");
+  return import_crypto.default.randomBytes(length).toString("base64url");
 };
 var createCSRF = async (jose, csrfCookie) => {
   try {
@@ -170,29 +170,40 @@ var cacheControl = {
   Vary: "Cookie"
 };
 
+// src/request.ts
+var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  const response = await fetch(url, {
+    ...options2,
+    signal: controller.signal
+  }).finally(() => clearTimeout(timeoutId));
+  return response;
+};
+
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.httpUrl)(),
-  accessToken: (0, import_v4.httpUrl)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.httpUrl)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
-  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -201,24 +212,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -226,16 +237,16 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthEnvSchema = (0, import_v4.object)({
-  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
-  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/actions/callback/userinfo.ts
@@ -251,7 +262,7 @@ var getDefaultUserInfo = (profile) => {
 var getUserInfo = async (oauthConfig, accessToken) => {
   const userinfoEndpoint = oauthConfig.userInfo;
   try {
-    const response = await fetch(userinfoEndpoint, {
+    const response = await fetchAsync(userinfoEndpoint, {
       method: "GET",
       headers: {
         Accept: "application/json",
@@ -287,7 +298,7 @@ var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) =>
   }
   const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
   try {
-    const response = await fetch(accessToken, {
+    const response = await fetchAsync(accessToken, {
       method: "POST",
       headers: {
         Accept: "application/json",
@@ -360,9 +371,15 @@ var createSessionCookie = async (jose, session) => {
 var callbackConfig = (oauth) => {
   return (0, import_router2.createEndpointConfig)("/callback/:oauth", {
     schemas: {
-      searchParams: OAuthAuthorizationResponse,
-      params: import_zod.default.object({
-        oauth: import_zod.default.enum(Object.keys(oauth), "The OAuth provider is not supported or invalid.")
+      params: import_zod2.z.object({
+        oauth: import_zod2.z.enum(
+          Object.keys(oauth),
+          "The OAuth provider is not supported or invalid."
+        )
+      }),
+      searchParams: import_zod2.z.object({
+        code: import_zod2.z.string("Missing code parameter in the OAuth authorization response."),
+        state: import_zod2.z.string("Missing state parameter in the OAuth authorization response.")
       })
     },
     middlewares: [
@@ -390,9 +407,9 @@ var callbackAction = (oauth) => {
       } = ctx;
       const oauthConfig = providers[oauth2];
       const cookieState = getCookie(request, cookies.state.name);
-      const cookieRedirectTo = getCookie(request, cookies.redirect_to.name);
-      const cookieRedirectURI = getCookie(request, cookies.redirect_uri.name);
-      const codeVerifier = getCookie(request, cookies.code_verifier.name);
+      const cookieRedirectTo = getCookie(request, cookies.redirectTo.name);
+      const cookieRedirectURI = getCookie(request, cookies.redirectURI.name);
+      const codeVerifier = getCookie(request, cookies.codeVerifier.name);
       if (!equals(cookieState, state)) {
         throw new AuthSecurityError(
           "MISMATCHING_STATE",
@@ -410,7 +427,7 @@ var callbackAction = (oauth) => {
       const userInfo = await getUserInfo(oauthConfig, accessToken.access_token);
       const sessionCookie = await createSessionCookie(jose, userInfo);
       const csrfToken = await createCSRF(jose);
-      const headers = new import_router2.HeadersBuilder(cacheControl).setHeader("Location", sanitized).setCookie(cookies.sessionToken.name, sessionCookie, cookies.sessionToken.attributes).setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes).setCookie(cookies.state.name, "", expiredCookieAttributes).setCookie(cookies.redirect_uri.name, "", expiredCookieAttributes).setCookie(cookies.redirect_to.name, "", expiredCookieAttributes).setCookie(cookies.code_verifier.name, "", expiredCookieAttributes).toHeaders();
+      const headers = new import_router2.HeadersBuilder(cacheControl).setHeader("Location", sanitized).setCookie(cookies.sessionToken.name, sessionCookie, cookies.sessionToken.attributes).setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes).setCookie(cookies.state.name, "", expiredCookieAttributes).setCookie(cookies.redirectURI.name, "", expiredCookieAttributes).setCookie(cookies.redirectTo.name, "", expiredCookieAttributes).setCookie(cookies.codeVerifier.name, "", expiredCookieAttributes).toHeaders();
       return Response.json({ oauth: oauth2 }, { status: 302, headers });
     },
     callbackConfig(oauth)

package/dist/actions/callback/callback.d.ts

@@ -1,11 +1,12 @@
 import * as _aura_stack_router from '@aura-stack/router';
-import { A as AuthRuntimeConfig } from '../../index-EqsoyjrF.js';
-import 'zod/v4';
+import { j as OAuthProviderRecord } from '../../index-DkaLJFn8.js';
+import 'zod';
 import '../../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 
-declare const callbackAction: (oauth: AuthRuntimeConfig["oauth"]) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {}>;
+declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {}>;
 
 export { callbackAction };

package/dist/actions/callback/callback.js

@@ -1,15 +1,16 @@
 import {
   callbackAction
-} from "../../chunk-UEH3LVON.js";
-import "../../chunk-ZLR3LI6X.js";
-import "../../chunk-4V4JNXVF.js";
-import "../../chunk-IMICRJ5U.js";
+} from "../../chunk-KSWLO5ZU.js";
+import "../../chunk-GA2SMTJO.js";
+import "../../chunk-IVET23KF.js";
+import "../../chunk-W6LG7BFW.js";
 import "../../chunk-STHEPPUZ.js";
-import "../../chunk-WD7AUHQ5.js";
 import "../../chunk-N2APGLXA.js";
 import "../../chunk-CXLATHS5.js";
 import "../../chunk-EIL2FPSS.js";
 import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-ZNCZVF6U.js";
+import "../../chunk-YRCB5FLE.js";
 export {
   callbackAction
 };

package/dist/actions/callback/userinfo.cjs

@@ -34,8 +34,19 @@ __export(userinfo_exports, {
 });
 module.exports = __toCommonJS(userinfo_exports);
 
+// src/request.ts
+var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  const response = await fetch(url, {
+    ...options2,
+    signal: controller.signal
+  }).finally(() => clearTimeout(timeoutId));
+  return response;
+};
+
 // src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
+var import_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
 var import_router = require("@aura-stack/router");
@@ -62,32 +73,32 @@ var isOAuthProtocolError = (error) => {
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-  return import_node_crypto.default.randomBytes(length).toString("base64url");
+  return import_crypto.default.randomBytes(length).toString("base64url");
 };
 
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.httpUrl)(),
-  accessToken: (0, import_v4.httpUrl)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.httpUrl)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
-  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -96,24 +107,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -121,16 +132,16 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthEnvSchema = (0, import_v4.object)({
-  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
-  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/actions/callback/userinfo.ts
@@ -146,7 +157,7 @@ var getDefaultUserInfo = (profile) => {
 var getUserInfo = async (oauthConfig, accessToken) => {
   const userinfoEndpoint = oauthConfig.userInfo;
   try {
-    const response = await fetch(userinfoEndpoint, {
+    const response = await fetchAsync(userinfoEndpoint, {
       method: "GET",
       headers: {
         Accept: "application/json",

package/dist/actions/callback/userinfo.d.ts

@@ -1,7 +1,8 @@
-import { h as OAuthProviderCredentials, U as User } from '../../index-EqsoyjrF.js';
-import 'zod/v4';
+import { h as OAuthProviderCredentials, U as User } from '../../index-DkaLJFn8.js';
+import 'zod';
 import '../../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 

package/dist/actions/callback/userinfo.js

@@ -1,11 +1,12 @@
 import {
   getUserInfo
-} from "../../chunk-ZLR3LI6X.js";
-import "../../chunk-WD7AUHQ5.js";
+} from "../../chunk-IVET23KF.js";
 import "../../chunk-N2APGLXA.js";
 import "../../chunk-CXLATHS5.js";
 import "../../chunk-EIL2FPSS.js";
 import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-ZNCZVF6U.js";
+import "../../chunk-YRCB5FLE.js";
 export {
   getUserInfo
 };

package/dist/actions/csrfToken/csrfToken.cjs

@@ -36,7 +36,7 @@ module.exports = __toCommonJS(csrfToken_exports);
 var import_router2 = require("@aura-stack/router");
 
 // src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
+var import_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
 var import_router = require("@aura-stack/router");
@@ -55,7 +55,7 @@ var AuthInternalError = class extends Error {
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-  return import_node_crypto.default.randomBytes(length).toString("base64url");
+  return import_crypto.default.randomBytes(length).toString("base64url");
 };
 var createCSRF = async (jose, csrfCookie) => {
   try {

package/dist/actions/csrfToken/csrfToken.js

@@ -1,7 +1,7 @@
 import {
   csrfTokenAction
-} from "../../chunk-QDO2KSRJ.js";
-import "../../chunk-IMICRJ5U.js";
+} from "../../chunk-HT4YLL7N.js";
+import "../../chunk-W6LG7BFW.js";
 import "../../chunk-STHEPPUZ.js";
 import "../../chunk-N2APGLXA.js";
 import "../../chunk-CXLATHS5.js";