@aura-stack/auth 0.2.0 → 0.4.0-rc.1

package/dist/index.cjs

@@ -30,12 +30,20 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  createAuth: () => createAuth
+  createAuth: () => createAuth,
+  createClient: () => import_router7.createClient
 });
 module.exports = __toCommonJS(index_exports);
 var import_config2 = require("dotenv/config");
 var import_router7 = require("@aura-stack/router");
 
+// src/jose.ts
+var import_config = require("dotenv/config");
+var import_jose = require("@aura-stack/jose");
+
+// src/secure.ts
+var import_crypto = __toESM(require("crypto"), 1);
+
 // src/utils.ts
 var import_router = require("@aura-stack/router");
 
@@ -208,13 +216,6 @@ var formatZodError = (error) => {
   }, {});
 };
 
-// src/jose.ts
-var import_config = require("dotenv/config");
-var import_jose = require("@aura-stack/jose");
-
-// src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
-
 // src/assert.ts
 var isValidURL = (value) => {
   if (value.includes("\r\n") || value.includes("\n") || value.includes("\r")) return false;
@@ -227,10 +228,10 @@ var isJWTPayloadWithToken = (payload) => {
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-  return import_node_crypto.default.randomBytes(length).toString("base64url");
+  return import_crypto.default.randomBytes(length).toString("base64url");
 };
 var createHash = (data, base = "hex") => {
-  return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base);
+  return import_crypto.default.createHash("sha256").update(data).digest().toString(base);
 };
 var createPKCE = async (verifier) => {
   const codeVerifier = verifier ?? generateSecure(86);
@@ -265,7 +266,7 @@ var verifyCSRF = async (jose, cookie, header) => {
     if (!equals(headerBuffer.length, cookieBuffer.length)) {
       throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
     }
-    if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
+    if (!import_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
       throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
     }
     return true;
@@ -274,7 +275,7 @@ var verifyCSRF = async (jose, cookie, header) => {
   }
 };
 var createDerivedSalt = (secret) => {
-  return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
+  return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
 };
 
 // src/jose.ts
@@ -404,7 +405,7 @@ var createCookieStore = (useSecure, prefix, overrides) => {
   const hostPrefix = useSecure ? "__Host-" : "";
   return {
     sessionToken: {
-      name: `${securePrefix}${prefix}.${overrides?.sessionToken?.name ?? "sessionToken"}`,
+      name: `${securePrefix}${prefix}.${overrides?.sessionToken?.name ?? "session_token"}`,
       attributes: defineSecureCookieOptions(
         useSecure,
         {
@@ -426,7 +427,7 @@ var createCookieStore = (useSecure, prefix, overrides) => {
       )
     },
     csrfToken: {
-      name: `${hostPrefix}${prefix}.${overrides?.csrfToken?.name ?? "csrfToken"}`,
+      name: `${hostPrefix}${prefix}.${overrides?.csrfToken?.name ?? "csrf_token"}`,
       attributes: defineSecureCookieOptions(
         useSecure,
         {
@@ -436,37 +437,37 @@ var createCookieStore = (useSecure, prefix, overrides) => {
         overrides?.csrfToken?.attributes?.strategy ?? "host"
       )
     },
-    redirect_to: {
-      name: `${securePrefix}${prefix}.${overrides?.redirect_to?.name ?? "redirect_to"}`,
+    redirectTo: {
+      name: `${securePrefix}${prefix}.${overrides?.redirectTo?.name ?? "redirect_to"}`,
       attributes: defineSecureCookieOptions(
         useSecure,
         {
           ...oauthCookieOptions,
-          ...overrides?.redirect_to?.attributes
+          ...overrides?.redirectTo?.attributes
         },
-        overrides?.redirect_to?.attributes?.strategy ?? "secure"
+        overrides?.redirectTo?.attributes?.strategy ?? "secure"
       )
     },
-    redirect_uri: {
-      name: `${securePrefix}${prefix}.${overrides?.redirect_uri?.name ?? "redirect_uri"}`,
+    redirectURI: {
+      name: `${securePrefix}${prefix}.${overrides?.redirectURI?.name ?? "redirect_uri"}`,
       attributes: defineSecureCookieOptions(
         useSecure,
         {
           ...oauthCookieOptions,
-          ...overrides?.redirect_uri?.attributes
+          ...overrides?.redirectURI?.attributes
         },
-        overrides?.redirect_uri?.attributes?.strategy ?? "secure"
+        overrides?.redirectURI?.attributes?.strategy ?? "secure"
       )
     },
-    code_verifier: {
-      name: `${securePrefix}${prefix}.${overrides?.code_verifier?.name ?? "code_verifier"}`,
+    codeVerifier: {
+      name: `${securePrefix}${prefix}.${overrides?.codeVerifier?.name ?? "code_verifier"}`,
       attributes: defineSecureCookieOptions(
         useSecure,
         {
           ...oauthCookieOptions,
-          ...overrides?.code_verifier?.attributes
+          ...overrides?.codeVerifier?.attributes
         },
-        overrides?.code_verifier?.attributes?.strategy ?? "secure"
+        overrides?.codeVerifier?.attributes?.strategy ?? "secure"
       )
     }
   };
@@ -623,29 +624,67 @@ var strava = {
   }
 };
 
+// src/oauth/mailchimp.ts
+var mailchimp = {
+  id: "mailchimp",
+  name: "Mailchimp",
+  authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
+  accessToken: "https://login.mailchimp.com/oauth2/token",
+  userInfo: "https://login.mailchimp.com/oauth2/metadata",
+  scope: "",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.user_id,
+      name: profile.accountname,
+      email: profile.login.login_email,
+      image: null
+    };
+  }
+};
+
+// src/oauth/pinterest.ts
+var pinterest = {
+  id: "pinterest",
+  name: "Pinterest",
+  authorizeURL: "https://api.pinterest.com/oauth/",
+  accessToken: "https://api.pinterest.com/v5/oauth/token",
+  userInfo: "https://api.pinterest.com/v5/user_account",
+  scope: "user_accounts:read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id,
+      name: profile.username,
+      email: null,
+      image: profile.profile_image
+    };
+  }
+};
+
 // src/schemas.ts
-var import_v4 = require("zod/v4");
-var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.httpUrl)(),
-  accessToken: (0, import_v4.httpUrl)(),
-  scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.httpUrl)(),
-  responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
-  clientId: (0, import_v4.string)(),
-  clientSecret: (0, import_v4.string)()
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
 });
 var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  state: (0, import_v4.string)(),
-  codeChallenge: (0, import_v4.string)(),
-  codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
 });
-var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
-  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
 });
-var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "unauthorized_client",
     "access_denied",
@@ -654,24 +693,24 @@ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
     "server_error",
     "temporarily_unavailable"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional(),
-  state: (0, import_v4.string)()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
 });
 var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-  redirectURI: (0, import_v4.string)(),
-  code: (0, import_v4.string)(),
-  codeVerifier: (0, import_v4.string)().min(43).max(128)
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
 });
-var OAuthAccessTokenResponse = (0, import_v4.object)({
-  access_token: (0, import_v4.string)(),
-  token_type: (0, import_v4.string)(),
-  expires_in: (0, import_v4.number)().optional(),
-  refresh_token: (0, import_v4.string)().optional(),
-  scope: (0, import_v4.string)().optional()
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
 });
-var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.enum)([
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
     "invalid_request",
     "invalid_client",
     "invalid_grant",
@@ -679,16 +718,16 @@ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
     "unsupported_grant_type",
     "invalid_scope"
   ]),
-  error_description: (0, import_v4.string)().optional(),
-  error_uri: (0, import_v4.string)().optional()
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
 });
-var OAuthErrorResponse = (0, import_v4.object)({
-  error: (0, import_v4.string)(),
-  error_description: (0, import_v4.string)().optional()
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
 });
-var OAuthEnvSchema = (0, import_v4.object)({
-  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
-  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
 });
 
 // src/oauth/index.ts
@@ -700,7 +739,9 @@ var builtInOAuthProviders = {
   gitlab,
   spotify,
   x,
-  strava
+  strava,
+  mailchimp,
+  pinterest
 };
 var defineOAuthEnvironment = (oauth) => {
   const env = process.env;
@@ -735,9 +776,17 @@ var createBuiltInOAuthProviders = (oauth = []) => {
 };
 
 // src/actions/signIn/signIn.ts
-var import_zod = __toESM(require("zod"), 1);
+var import_zod2 = require("zod");
 var import_router2 = require("@aura-stack/router");
 
+// src/headers.ts
+var cacheControl = {
+  "Cache-Control": "no-store",
+  Pragma: "no-cache",
+  Expires: "0",
+  Vary: "Cookie"
+};
+
 // src/actions/signIn/authorization.ts
 var createAuthorizationURL = (oauthConfig, redirectURI, state, codeChallenge, codeChallengeMethod) => {
   const parsed = OAuthAuthorization.safeParse({ ...oauthConfig, redirectURI, state, codeChallenge, codeChallengeMethod });
@@ -813,9 +862,14 @@ var createRedirectTo = (request, redirectTo, trustedProxyHeaders) => {
 var signInConfig = (oauth) => {
   return (0, import_router2.createEndpointConfig)("/signIn/:oauth", {
     schemas: {
-      params: import_zod.default.object({
-        oauth: import_zod.default.enum(Object.keys(oauth), "The OAuth provider is not supported or invalid."),
-        redirectTo: import_zod.default.string().optional()
+      params: import_zod2.z.object({
+        oauth: import_zod2.z.enum(
+          Object.keys(oauth),
+          "The OAuth provider is not supported or invalid."
+        )
+      }),
+      searchParams: import_zod2.z.object({
+        redirectTo: import_zod2.z.string().optional()
       })
     }
   });
@@ -827,8 +881,8 @@ var signInAction = (oauth) => {
     async (ctx) => {
       const {
         request,
-        headers: headersBuilder,
-        params: { oauth: oauth2, redirectTo },
+        params: { oauth: oauth2 },
+        searchParams: { redirectTo },
         context: { oauth: providers, cookies, trustedProxyHeaders, basePath }
       } = ctx;
       const state = generateSecure();
@@ -836,7 +890,7 @@ var signInAction = (oauth) => {
       const redirectToValue = createRedirectTo(request, redirectTo, trustedProxyHeaders);
       const { codeVerifier, codeChallenge, method } = await createPKCE();
       const authorization = createAuthorizationURL(providers[oauth2], redirectURI, state, codeChallenge, method);
-      const headers = headersBuilder.setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirect_uri.name, redirectURI, cookies.redirect_uri.attributes).setCookie(cookies.redirect_to.name, redirectToValue, cookies.redirect_to.attributes).setCookie(cookies.code_verifier.name, codeVerifier, cookies.code_verifier.attributes).toHeaders();
+      const headers = new import_router2.HeadersBuilder(cacheControl).setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirectURI.name, redirectURI, cookies.redirectURI.attributes).setCookie(cookies.redirectTo.name, redirectToValue, cookies.redirectTo.attributes).setCookie(cookies.codeVerifier.name, codeVerifier, cookies.codeVerifier.attributes).toHeaders();
       return Response.json(
         { oauth: oauth2 },
         {
@@ -850,15 +904,18 @@ var signInAction = (oauth) => {
 };
 
 // src/actions/callback/callback.ts
-var import_zod2 = __toESM(require("zod"), 1);
+var import_zod3 = require("zod");
 var import_router3 = require("@aura-stack/router");
 
-// src/headers.ts
-var cacheControl = {
-  "Cache-Control": "no-store",
-  Pragma: "no-cache",
-  Expires: "0",
-  Vary: "Cookie"
+// src/request.ts
+var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  const response = await fetch(url, {
+    ...options2,
+    signal: controller.signal
+  }).finally(() => clearTimeout(timeoutId));
+  return response;
 };
 
 // src/actions/callback/userinfo.ts
@@ -874,7 +931,7 @@ var getDefaultUserInfo = (profile) => {
 var getUserInfo = async (oauthConfig, accessToken) => {
   const userinfoEndpoint = oauthConfig.userInfo;
   try {
-    const response = await fetch(userinfoEndpoint, {
+    const response = await fetchAsync(userinfoEndpoint, {
       method: "GET",
       headers: {
         Accept: "application/json",
@@ -910,7 +967,7 @@ var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) =>
   }
   const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
   try {
-    const response = await fetch(accessToken, {
+    const response = await fetchAsync(accessToken, {
       method: "POST",
       headers: {
         Accept: "application/json",
@@ -944,9 +1001,15 @@ var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) =>
 var callbackConfig = (oauth) => {
   return (0, import_router3.createEndpointConfig)("/callback/:oauth", {
     schemas: {
-      searchParams: OAuthAuthorizationResponse,
-      params: import_zod2.default.object({
-        oauth: import_zod2.default.enum(Object.keys(oauth), "The OAuth provider is not supported or invalid.")
+      params: import_zod3.z.object({
+        oauth: import_zod3.z.enum(
+          Object.keys(oauth),
+          "The OAuth provider is not supported or invalid."
+        )
+      }),
+      searchParams: import_zod3.z.object({
+        code: import_zod3.z.string("Missing code parameter in the OAuth authorization response."),
+        state: import_zod3.z.string("Missing state parameter in the OAuth authorization response.")
       })
     },
     middlewares: [
@@ -974,9 +1037,9 @@ var callbackAction = (oauth) => {
       } = ctx;
       const oauthConfig = providers[oauth2];
       const cookieState = getCookie(request, cookies.state.name);
-      const cookieRedirectTo = getCookie(request, cookies.redirect_to.name);
-      const cookieRedirectURI = getCookie(request, cookies.redirect_uri.name);
-      const codeVerifier = getCookie(request, cookies.code_verifier.name);
+      const cookieRedirectTo = getCookie(request, cookies.redirectTo.name);
+      const cookieRedirectURI = getCookie(request, cookies.redirectURI.name);
+      const codeVerifier = getCookie(request, cookies.codeVerifier.name);
       if (!equals(cookieState, state)) {
         throw new AuthSecurityError(
           "MISMATCHING_STATE",
@@ -994,7 +1057,7 @@ var callbackAction = (oauth) => {
       const userInfo = await getUserInfo(oauthConfig, accessToken.access_token);
       const sessionCookie = await createSessionCookie(jose, userInfo);
       const csrfToken = await createCSRF(jose);
-      const headers = new import_router3.HeadersBuilder(cacheControl).setHeader("Location", sanitized).setCookie(cookies.sessionToken.name, sessionCookie, cookies.sessionToken.attributes).setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes).setCookie(cookies.state.name, "", expiredCookieAttributes).setCookie(cookies.redirect_uri.name, "", expiredCookieAttributes).setCookie(cookies.redirect_to.name, "", expiredCookieAttributes).setCookie(cookies.code_verifier.name, "", expiredCookieAttributes).toHeaders();
+      const headers = new import_router3.HeadersBuilder(cacheControl).setHeader("Location", sanitized).setCookie(cookies.sessionToken.name, sessionCookie, cookies.sessionToken.attributes).setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes).setCookie(cookies.state.name, "", expiredCookieAttributes).setCookie(cookies.redirectURI.name, "", expiredCookieAttributes).setCookie(cookies.redirectTo.name, "", expiredCookieAttributes).setCookie(cookies.codeVerifier.name, "", expiredCookieAttributes).toHeaders();
       return Response.json({ oauth: oauth2 }, { status: 302, headers });
     },
     callbackConfig(oauth)
@@ -1021,13 +1084,13 @@ var sessionAction = (0, import_router4.createEndpoint)("GET", "/session", async
 });
 
 // src/actions/signOut/signOut.ts
-var import_zod3 = __toESM(require("zod"), 1);
+var import_zod4 = require("zod");
 var import_router5 = require("@aura-stack/router");
 var config = (0, import_router5.createEndpointConfig)({
   schemas: {
-    searchParams: import_zod3.default.object({
-      token_type_hint: import_zod3.default.literal("session_token"),
-      redirectTo: import_zod3.default.string().optional()
+    searchParams: import_zod4.z.object({
+      token_type_hint: import_zod4.z.literal("session_token"),
+      redirectTo: import_zod4.z.string().optional()
     })
   }
 });
@@ -1126,5 +1189,6 @@ var createAuth = (authConfig) => {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  createAuth
+  createAuth,
+  createClient
 });

package/dist/index.d.ts

@@ -1,8 +1,12 @@
-import { d as AuthConfig, e as AuthInstance } from './index-EqsoyjrF.js';
-export { C as CookieConfig, E as ErrorType, f as JoseInstance, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, S as Session, U as User } from './index-EqsoyjrF.js';
-import 'zod/v4';
+import { d as AuthConfig, e as JoseInstance } from './index-B8jeIElf.js';
+export { f as AuthInstance, C as CookieConfig, E as ErrorType, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, S as Session, U as User } from './index-B8jeIElf.js';
+import * as _aura_stack_router from '@aura-stack/router';
+export { createClient } from '@aura-stack/router';
+import * as zod_v4_core from 'zod/v4/core';
+import * as zod from 'zod';
 import './schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import './@types/utility.js';
 
@@ -28,6 +32,63 @@ import './@types/utility.js';
  *   }]
  * })
  */
-declare const createAuth: (authConfig: AuthConfig) => AuthInstance;
+declare const createAuth: (authConfig: AuthConfig) => {
+    handlers: _aura_stack_router.Router<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
+        schemas?: {
+            params: zod.ZodObject<{
+                oauth: zod.ZodEnum<{
+                    [x: string & Record<never, never>]: string & Record<never, never>;
+                    github: "github";
+                    bitbucket: "bitbucket";
+                    figma: "figma";
+                    discord: "discord";
+                    gitlab: "gitlab";
+                    spotify: "spotify";
+                    x: "x";
+                    strava: "strava";
+                    mailchimp: "mailchimp";
+                    pinterest: "pinterest";
+                }>;
+            }, zod_v4_core.$strip>;
+            searchParams: zod.ZodObject<{
+                redirectTo: zod.ZodOptional<zod.ZodString>;
+            }, zod_v4_core.$strip>;
+        } | undefined;
+    }>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
+        schemas?: {
+            params: zod.ZodObject<{
+                oauth: zod.ZodEnum<{
+                    [x: string & Record<never, never>]: string & Record<never, never>;
+                    github: "github";
+                    bitbucket: "bitbucket";
+                    figma: "figma";
+                    discord: "discord";
+                    gitlab: "gitlab";
+                    spotify: "spotify";
+                    x: "x";
+                    strava: "strava";
+                    mailchimp: "mailchimp";
+                    pinterest: "pinterest";
+                }>;
+            }, zod_v4_core.$strip>;
+            searchParams: zod.ZodObject<{
+                code: zod.ZodString;
+                state: zod.ZodString;
+            }, zod_v4_core.$strip>;
+        } | undefined;
+    }>, _aura_stack_router.RouteEndpoint<"GET", "/session", {
+        schemas?: _aura_stack_router.EndpointSchemas | undefined;
+    }>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
+        schemas?: {
+            searchParams: zod.ZodObject<{
+                token_type_hint: zod.ZodLiteral<"session_token">;
+                redirectTo: zod.ZodOptional<zod.ZodString>;
+            }, zod_v4_core.$strip>;
+        } | undefined;
+    }>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
+        schemas?: _aura_stack_router.EndpointSchemas | undefined;
+    }>]>;
+    jose: JoseInstance;
+};
 
-export { AuthConfig, AuthInstance, createAuth };
+export { AuthConfig, JoseInstance, createAuth };

package/dist/index.js

@@ -1,41 +1,42 @@
 import {
   createBuiltInOAuthProviders
-} from "./chunk-7H3OR6UU.js";
+} from "./chunk-EMKJA2GJ.js";
+import "./chunk-42XB3YCW.js";
+import "./chunk-FKRDCWBF.js";
 import "./chunk-IKHPGFCW.js";
 import "./chunk-KRNOMBXQ.js";
+import "./chunk-B737EUJV.js";
+import "./chunk-HP34YGGJ.js";
 import "./chunk-E3OXBRYF.js";
 import "./chunk-6R2YZ4AC.js";
-import "./chunk-42XB3YCW.js";
 import "./chunk-ITQ7352M.js";
-import {
-  csrfTokenAction
-} from "./chunk-QDO2KSRJ.js";
 import {
   signInAction
-} from "./chunk-2RXNXMCZ.js";
+} from "./chunk-3EUWD5BB.js";
+import {
+  callbackAction
+} from "./chunk-KSWLO5ZU.js";
+import "./chunk-GA2SMTJO.js";
+import "./chunk-IVET23KF.js";
 import {
   sessionAction
-} from "./chunk-PTJUYB33.js";
+} from "./chunk-JVFTCTTE.js";
 import {
-  signOutAction
-} from "./chunk-NEVKX6K2.js";
-import "./chunk-QEZL7EYN.js";
+  csrfTokenAction
+} from "./chunk-HT4YLL7N.js";
 import {
-  callbackAction
-} from "./chunk-UEH3LVON.js";
-import "./chunk-ZLR3LI6X.js";
-import "./chunk-4V4JNXVF.js";
+  signOutAction
+} from "./chunk-A3N4PVAT.js";
+import "./chunk-N4SX7TZT.js";
 import "./chunk-FIPU4MLT.js";
 import "./chunk-IUYZQTJV.js";
-import "./chunk-FKRDCWBF.js";
 import {
   createCookieStore
-} from "./chunk-IMICRJ5U.js";
+} from "./chunk-W6LG7BFW.js";
 import "./chunk-STHEPPUZ.js";
 import {
   createJoseInstance
 } from "./chunk-TLE4PXY3.js";
-import "./chunk-WD7AUHQ5.js";
 import "./chunk-N2APGLXA.js";
 import {
   onErrorHandler,
@@ -43,10 +44,12 @@ import {
 } from "./chunk-CXLATHS5.js";
 import "./chunk-EIL2FPSS.js";
 import "./chunk-RRLIF4PQ.js";
+import "./chunk-ZNCZVF6U.js";
+import "./chunk-YRCB5FLE.js";
 
 // src/index.ts
 import "dotenv/config";
-import { createRouter } from "@aura-stack/router";
+import { createRouter, createClient } from "@aura-stack/router";
 var createInternalConfig = (authConfig) => {
   const useSecure = authConfig?.trustedProxyHeaders ?? false;
   return {
@@ -82,5 +85,6 @@ var createAuth = (authConfig) => {
   };
 };
 export {
-  createAuth
+  createAuth,
+  createClient
 };

package/dist/jose.cjs

@@ -37,7 +37,7 @@ var import_config = require("dotenv/config");
 var import_jose = require("@aura-stack/jose");
 
 // src/secure.ts
-var import_node_crypto = __toESM(require("crypto"), 1);
+var import_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
 var import_router = require("@aura-stack/router");
@@ -56,7 +56,7 @@ var AuthInternalError = class extends Error {
 
 // src/secure.ts
 var createDerivedSalt = (secret) => {
-  return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
+  return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
 };
 
 // src/jose.ts

package/dist/oauth/bitbucket.d.ts

@@ -1,6 +1,7 @@
-export { B as BitbucketProfile, r as bitbucket } from '../index-EqsoyjrF.js';
+export { B as BitbucketProfile, v as bitbucket } from '../index-B8jeIElf.js';
 import '../@types/utility.js';
-import 'zod/v4';
+import 'zod';
 import '../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';

package/dist/oauth/discord.d.ts

@@ -1,6 +1,7 @@
-export { D as DiscordProfile, N as Nameplate, p as discord } from '../index-EqsoyjrF.js';
-import 'zod/v4';
+export { D as DiscordProfile, N as Nameplate, t as discord } from '../index-B8jeIElf.js';
+import 'zod';
 import '../schemas.js';
 import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
 import '@aura-stack/jose/jose';
 import '../@types/utility.js';