@aura-stack/auth 0.2.0 → 0.4.0-rc.1

package/dist/actions/signIn/signIn.cjs

@@ -33,11 +33,19 @@ __export(signIn_exports, {
   signInAction: () => signInAction
 });
 module.exports = __toCommonJS(signIn_exports);
-var import_zod = __toESM(require("zod"), 1);
+var import_zod2 = require("zod");
 var import_router2 = require("@aura-stack/router");
 
+// src/headers.ts
+var cacheControl = {
+  "Cache-Control": "no-store",
+  Pragma: "no-cache",
+  Expires: "0",
+  Vary: "Cookie"
+};
+
 // src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
+var import_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
 var import_router = require("@aura-stack/router");
@@ -152,10 +160,10 @@ var isValidURL = (value) => {
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-  return import_node_crypto.default.randomBytes(length).toString("base64url");
+  return import_crypto.default.randomBytes(length).toString("base64url");
 };
 var createHash = (data, base = "hex") => {
-  return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base);
+  return import_crypto.default.createHash("sha256").update(data).digest().toString(base);
 };
 var createPKCE = async (verifier) => {
   const codeVerifier = verifier ?? generateSecure(86);
@@ -164,28 +172,28 @@ var createPKCE = async (verifier) => {
 };
 
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.httpUrl)(),
-  accessToken: (0, import_v4.httpUrl)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.httpUrl)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
-  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -194,24 +202,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -219,16 +227,16 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthEnvSchema = (0, import_v4.object)({
-  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
-  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/actions/signIn/authorization.ts
@@ -306,9 +314,14 @@ var createRedirectTo = (request, redirectTo, trustedProxyHeaders) => {
 var signInConfig = (oauth) => {
   return (0, import_router2.createEndpointConfig)("/signIn/:oauth", {
     schemas: {
-      params: import_zod.default.object({
-        oauth: import_zod.default.enum(Object.keys(oauth), "The OAuth provider is not supported or invalid."),
-        redirectTo: import_zod.default.string().optional()
+      params: import_zod2.z.object({
+        oauth: import_zod2.z.enum(
+          Object.keys(oauth),
+          "The OAuth provider is not supported or invalid."
+        )
+      }),
+      searchParams: import_zod2.z.object({
+        redirectTo: import_zod2.z.string().optional()
       })
     }
   });
@@ -320,8 +333,8 @@ var signInAction = (oauth) => {
     async (ctx) => {
       const {
         request,
-        headers: headersBuilder,
-        params: { oauth: oauth2, redirectTo },
+        params: { oauth: oauth2 },
+        searchParams: { redirectTo },
         context: { oauth: providers, cookies, trustedProxyHeaders, basePath }
       } = ctx;
       const state = generateSecure();
@@ -329,7 +342,7 @@ var signInAction = (oauth) => {
       const redirectToValue = createRedirectTo(request, redirectTo, trustedProxyHeaders);
       const { codeVerifier, codeChallenge, method } = await createPKCE();
       const authorization = createAuthorizationURL(providers[oauth2], redirectURI, state, codeChallenge, method);
-      const headers = headersBuilder.setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirect_uri.name, redirectURI, cookies.redirect_uri.attributes).setCookie(cookies.redirect_to.name, redirectToValue, cookies.redirect_to.attributes).setCookie(cookies.code_verifier.name, codeVerifier, cookies.code_verifier.attributes).toHeaders();
+      const headers = new import_router2.HeadersBuilder(cacheControl).setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirectURI.name, redirectURI, cookies.redirectURI.attributes).setCookie(cookies.redirectTo.name, redirectToValue, cookies.redirectTo.attributes).setCookie(cookies.codeVerifier.name, codeVerifier, cookies.codeVerifier.attributes).toHeaders();
       return Response.json(
         { oauth: oauth2 },
         {

package/dist/actions/signIn/signIn.d.ts

@@ -1,11 +1,33 @@
 import * as _aura_stack_router from '@aura-stack/router';
-import { A as AuthRuntimeConfig } from '../../index-EqsoyjrF.js';
-import 'zod/v4';
+import { z } from 'zod';
+import { j as OAuthProviderRecord } from '../../index-B8jeIElf.js';
 import '../../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 
-declare const signInAction: (oauth: AuthRuntimeConfig["oauth"]) => _aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {}>;
+declare const signInAction: (oauth: OAuthProviderRecord) => _aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
+    schemas?: {
+        params: z.ZodObject<{
+            oauth: z.ZodEnum<{
+                [x: string & Record<never, never>]: string & Record<never, never>;
+                github: "github";
+                bitbucket: "bitbucket";
+                figma: "figma";
+                discord: "discord";
+                gitlab: "gitlab";
+                spotify: "spotify";
+                x: "x";
+                strava: "strava";
+                mailchimp: "mailchimp";
+                pinterest: "pinterest";
+            }>;
+        }, z.core.$strip>;
+        searchParams: z.ZodObject<{
+            redirectTo: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+    } | undefined;
+}>;
 
 export { signInAction };

package/dist/actions/signIn/signIn.js

@@ -1,12 +1,13 @@
 import {
   signInAction
-} from "../../chunk-2RXNXMCZ.js";
-import "../../chunk-QEZL7EYN.js";
-import "../../chunk-WD7AUHQ5.js";
+} from "../../chunk-3EUWD5BB.js";
+import "../../chunk-N4SX7TZT.js";
+import "../../chunk-STHEPPUZ.js";
 import "../../chunk-N2APGLXA.js";
 import "../../chunk-CXLATHS5.js";
 import "../../chunk-EIL2FPSS.js";
 import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-YRCB5FLE.js";
 export {
   signInAction
 };

package/dist/actions/signOut/signOut.cjs

@@ -33,11 +33,11 @@ __export(signOut_exports, {
   signOutAction: () => signOutAction
 });
 module.exports = __toCommonJS(signOut_exports);
-var import_zod = __toESM(require("zod"), 1);
+var import_zod2 = require("zod");
 var import_router2 = require("@aura-stack/router");
 
 // src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
+var import_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
 var import_router = require("@aura-stack/router");
@@ -132,7 +132,7 @@ var verifyCSRF = async (jose, cookie, header) => {
     if (!equals(headerBuffer.length, cookieBuffer.length)) {
       throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
     }
-    if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
+    if (!import_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
       throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
     }
     return true;
@@ -149,29 +149,49 @@ var cacheControl = {
   Vary: "Cookie"
 };
 
+// src/cookie.ts
+var import_cookie = require("@aura-stack/router/cookie");
+var defaultCookieOptions = {
+  httpOnly: true,
+  sameSite: "lax",
+  path: "/",
+  maxAge: 60 * 60 * 24 * 15
+};
+var oauthCookieOptions = {
+  httpOnly: true,
+  maxAge: 5 * 60,
+  sameSite: "lax",
+  expires: new Date(Date.now() + 5 * 60 * 1e3)
+};
+var expiredCookieAttributes = {
+  ...defaultCookieOptions,
+  expires: /* @__PURE__ */ new Date(0),
+  maxAge: 0
+};
+
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.httpUrl)(),
-  accessToken: (0, import_v4.httpUrl)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.httpUrl)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
-  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -180,24 +200,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -205,16 +225,16 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthEnvSchema = (0, import_v4.object)({
-  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
-  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/actions/signIn/authorization.ts
@@ -273,32 +293,12 @@ var createRedirectTo = (request, redirectTo, trustedProxyHeaders) => {
   }
 };
 
-// src/cookie.ts
-var import_cookie = require("@aura-stack/router/cookie");
-var defaultCookieOptions = {
-  httpOnly: true,
-  sameSite: "lax",
-  path: "/",
-  maxAge: 60 * 60 * 24 * 15
-};
-var oauthCookieOptions = {
-  httpOnly: true,
-  maxAge: 5 * 60,
-  sameSite: "lax",
-  expires: new Date(Date.now() + 5 * 60 * 1e3)
-};
-var expiredCookieAttributes = {
-  ...defaultCookieOptions,
-  expires: /* @__PURE__ */ new Date(0),
-  maxAge: 0
-};
-
 // src/actions/signOut/signOut.ts
 var config = (0, import_router2.createEndpointConfig)({
   schemas: {
-    searchParams: import_zod.default.object({
-      token_type_hint: import_zod.default.literal("session_token"),
-      redirectTo: import_zod.default.string().optional()
+    searchParams: import_zod2.z.object({
+      token_type_hint: import_zod2.z.literal("session_token"),
+      redirectTo: import_zod2.z.string().optional()
     })
   }
 });

package/dist/actions/signOut/signOut.d.ts

@@ -1,8 +1,16 @@
 import * as _aura_stack_router from '@aura-stack/router';
+import { z } from 'zod';
 
 /**
  * @see https://datatracker.ietf.org/doc/html/rfc7009
  */
-declare const signOutAction: _aura_stack_router.RouteEndpoint<"POST", "/signOut", {}>;
+declare const signOutAction: _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
+    schemas?: {
+        searchParams: z.ZodObject<{
+            token_type_hint: z.ZodLiteral<"session_token">;
+            redirectTo: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+    } | undefined;
+}>;
 
 export { signOutAction };

package/dist/actions/signOut/signOut.js

@@ -1,14 +1,14 @@
 import {
   signOutAction
-} from "../../chunk-NEVKX6K2.js";
-import "../../chunk-QEZL7EYN.js";
-import "../../chunk-IMICRJ5U.js";
+} from "../../chunk-A3N4PVAT.js";
+import "../../chunk-N4SX7TZT.js";
+import "../../chunk-W6LG7BFW.js";
 import "../../chunk-STHEPPUZ.js";
-import "../../chunk-WD7AUHQ5.js";
 import "../../chunk-N2APGLXA.js";
 import "../../chunk-CXLATHS5.js";
 import "../../chunk-EIL2FPSS.js";
 import "../../chunk-RRLIF4PQ.js";
+import "../../chunk-YRCB5FLE.js";
 export {
   signOutAction
 };

package/dist/assert.d.ts

@@ -1,7 +1,8 @@
-import { J as JWTPayloadWithToken } from './index-EqsoyjrF.js';
-import 'zod/v4';
+import { J as JWTPayloadWithToken } from './index-B8jeIElf.js';
+import 'zod';
 import './schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import './@types/utility.js';
 

package/dist/{chunk-2RXNXMCZ.js → chunk-3EUWD5BB.js}

@@ -2,20 +2,28 @@ import {
   createAuthorizationURL,
   createRedirectTo,
   createRedirectURI
-} from "./chunk-QEZL7EYN.js";
+} from "./chunk-N4SX7TZT.js";
+import {
+  cacheControl
+} from "./chunk-STHEPPUZ.js";
 import {
   createPKCE,
   generateSecure
 } from "./chunk-N2APGLXA.js";
 
 // src/actions/signIn/signIn.ts
-import z from "zod";
-import { createEndpoint, createEndpointConfig } from "@aura-stack/router";
+import { z } from "zod";
+import { createEndpoint, createEndpointConfig, HeadersBuilder } from "@aura-stack/router";
 var signInConfig = (oauth) => {
   return createEndpointConfig("/signIn/:oauth", {
     schemas: {
       params: z.object({
-        oauth: z.enum(Object.keys(oauth), "The OAuth provider is not supported or invalid."),
+        oauth: z.enum(
+          Object.keys(oauth),
+          "The OAuth provider is not supported or invalid."
+        )
+      }),
+      searchParams: z.object({
         redirectTo: z.string().optional()
       })
     }
@@ -28,8 +36,8 @@ var signInAction = (oauth) => {
     async (ctx) => {
       const {
         request,
-        headers: headersBuilder,
-        params: { oauth: oauth2, redirectTo },
+        params: { oauth: oauth2 },
+        searchParams: { redirectTo },
         context: { oauth: providers, cookies, trustedProxyHeaders, basePath }
       } = ctx;
       const state = generateSecure();
@@ -37,7 +45,7 @@ var signInAction = (oauth) => {
       const redirectToValue = createRedirectTo(request, redirectTo, trustedProxyHeaders);
       const { codeVerifier, codeChallenge, method } = await createPKCE();
       const authorization = createAuthorizationURL(providers[oauth2], redirectURI, state, codeChallenge, method);
-      const headers = headersBuilder.setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirect_uri.name, redirectURI, cookies.redirect_uri.attributes).setCookie(cookies.redirect_to.name, redirectToValue, cookies.redirect_to.attributes).setCookie(cookies.code_verifier.name, codeVerifier, cookies.code_verifier.attributes).toHeaders();
+      const headers = new HeadersBuilder(cacheControl).setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirectURI.name, redirectURI, cookies.redirectURI.attributes).setCookie(cookies.redirectTo.name, redirectToValue, cookies.redirectTo.attributes).setCookie(cookies.codeVerifier.name, codeVerifier, cookies.codeVerifier.attributes).toHeaders();
       return Response.json(
         { oauth: oauth2 },
         {

package/dist/{chunk-NEVKX6K2.js → chunk-A3N4PVAT.js}

@@ -1,9 +1,9 @@
 import {
   createRedirectTo
-} from "./chunk-QEZL7EYN.js";
+} from "./chunk-N4SX7TZT.js";
 import {
   expiredCookieAttributes
-} from "./chunk-IMICRJ5U.js";
+} from "./chunk-W6LG7BFW.js";
 import {
   cacheControl
 } from "./chunk-STHEPPUZ.js";
@@ -18,7 +18,7 @@ import {
 } from "./chunk-RRLIF4PQ.js";
 
 // src/actions/signOut/signOut.ts
-import z from "zod";
+import { z } from "zod";
 import { createEndpoint, createEndpointConfig, HeadersBuilder, statusCode } from "@aura-stack/router";
 var config = createEndpointConfig({
   schemas: {

package/dist/chunk-B737EUJV.js

@@ -0,0 +1,22 @@
+// src/oauth/mailchimp.ts
+var mailchimp = {
+  id: "mailchimp",
+  name: "Mailchimp",
+  authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
+  accessToken: "https://login.mailchimp.com/oauth2/token",
+  userInfo: "https://login.mailchimp.com/oauth2/metadata",
+  scope: "",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.user_id,
+      name: profile.accountname,
+      email: profile.login.login_email,
+      image: null
+    };
+  }
+};
+
+export {
+  mailchimp
+};

package/dist/{chunk-7H3OR6UU.js → chunk-EMKJA2GJ.js}

@@ -1,36 +1,42 @@
+import {
+  x
+} from "./chunk-42XB3YCW.js";
+import {
+  figma
+} from "./chunk-FKRDCWBF.js";
 import {
   github
 } from "./chunk-IKHPGFCW.js";
 import {
   gitlab
 } from "./chunk-KRNOMBXQ.js";
+import {
+  mailchimp
+} from "./chunk-B737EUJV.js";
+import {
+  pinterest
+} from "./chunk-HP34YGGJ.js";
 import {
   spotify
 } from "./chunk-E3OXBRYF.js";
 import {
   strava
 } from "./chunk-6R2YZ4AC.js";
-import {
-  x
-} from "./chunk-42XB3YCW.js";
 import {
   bitbucket
 } from "./chunk-FIPU4MLT.js";
 import {
   discord
 } from "./chunk-IUYZQTJV.js";
-import {
-  figma
-} from "./chunk-FKRDCWBF.js";
-import {
-  OAuthEnvSchema
-} from "./chunk-WD7AUHQ5.js";
 import {
   formatZodError
 } from "./chunk-CXLATHS5.js";
 import {
   AuthInternalError
 } from "./chunk-RRLIF4PQ.js";
+import {
+  OAuthEnvSchema
+} from "./chunk-YRCB5FLE.js";
 
 // src/oauth/index.ts
 var builtInOAuthProviders = {
@@ -41,7 +47,9 @@ var builtInOAuthProviders = {
   gitlab,
   spotify,
   x,
-  strava
+  strava,
+  mailchimp,
+  pinterest
 };
 var defineOAuthEnvironment = (oauth) => {
   const env = process.env;