@aura-stack/auth 0.4.0-rc.4 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +4 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +3 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +40 -25
- package/dist/actions/callback/access-token.d.ts +4 -3
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +287 -77
- package/dist/actions/callback/callback.d.ts +5 -26
- package/dist/actions/callback/callback.js +13 -10
- package/dist/actions/callback/userinfo.cjs +68 -7
- package/dist/actions/callback/userinfo.d.ts +4 -3
- package/dist/actions/callback/userinfo.js +8 -6
- package/dist/actions/csrfToken/csrfToken.cjs +63 -4
- package/dist/actions/csrfToken/csrfToken.d.ts +1 -3
- package/dist/actions/csrfToken/csrfToken.js +8 -6
- package/dist/actions/index.cjs +400 -175
- package/dist/actions/index.d.ts +3 -2
- package/dist/actions/index.js +21 -19
- package/dist/actions/session/session.cjs +40 -11
- package/dist/actions/session/session.d.ts +1 -3
- package/dist/actions/session/session.js +4 -4
- package/dist/actions/signIn/authorization.cjs +171 -132
- package/dist/actions/signIn/authorization.d.ts +21 -11
- package/dist/actions/signIn/authorization.js +8 -6
- package/dist/actions/signIn/signIn.cjs +220 -113
- package/dist/actions/signIn/signIn.d.ts +5 -25
- package/dist/actions/signIn/signIn.js +9 -7
- package/dist/actions/signOut/signOut.cjs +268 -119
- package/dist/actions/signOut/signOut.d.ts +1 -9
- package/dist/actions/signOut/signOut.js +10 -8
- package/dist/assert.cjs +117 -5
- package/dist/assert.d.ts +22 -3
- package/dist/assert.js +17 -3
- package/dist/chunk-4EKY7655.js +123 -0
- package/dist/chunk-4MYWAOLG.js +31 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-5W4BRQYG.js} +24 -20
- package/dist/chunk-6MXFPFR3.js +143 -0
- package/dist/{chunk-3EUWD5BB.js → chunk-7QF22LHP.js} +13 -9
- package/dist/chunk-ALG3GIV4.js +95 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-TLE4PXY3.js → chunk-FRJFWTOY.js} +38 -7
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-ICAZ4OVS.js} +10 -8
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/{chunk-YRCB5FLE.js → chunk-KJBAQZX2.js} +13 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/{chunk-N2APGLXA.js → chunk-NUDITUKX.js} +18 -16
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/{chunk-JVFTCTTE.js → chunk-PHFH2MGS.js} +12 -9
- package/dist/chunk-QQVSRXGX.js +149 -0
- package/dist/chunk-TM5IPSNF.js +113 -0
- package/dist/{chunk-GA2SMTJO.js → chunk-TZB6MUXN.js} +33 -13
- package/dist/chunk-VNCNJKS2.js +267 -0
- package/dist/{chunk-IVET23KF.js → chunk-XGLBNXL4.js} +31 -14
- package/dist/chunk-XUP6KKNG.js +106 -0
- package/dist/cookie.cjs +24 -20
- package/dist/cookie.d.ts +4 -3
- package/dist/cookie.js +1 -1
- package/dist/env.cjs +56 -0
- package/dist/env.d.ts +7 -0
- package/dist/env.js +6 -0
- package/dist/errors.d.ts +4 -3
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/{index-DkaLJFn8.d.ts → index-CSyIJmCM.d.ts} +373 -45
- package/dist/index.cjs +1128 -483
- package/dist/index.d.ts +6 -10
- package/dist/index.js +83 -42
- package/dist/jose.cjs +62 -25
- package/dist/jose.d.ts +7 -5
- package/dist/jose.js +8 -6
- package/dist/logger.cjs +292 -0
- package/dist/logger.d.ts +8 -0
- package/dist/logger.js +8 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +3 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +3 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +3 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +3 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +3 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +266 -166
- package/dist/oauth/index.d.ts +3 -2
- package/dist/oauth/index.js +22 -21
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +3 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +3 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +3 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +3 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +3 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +16 -2
- package/dist/schemas.d.ts +17 -1
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +58 -16
- package/dist/secure.d.ts +4 -10
- package/dist/secure.js +5 -5
- package/dist/utils.cjs +94 -87
- package/dist/utils.d.ts +9 -39
- package/dist/utils.js +11 -9
- package/package.json +3 -4
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-DIVDFNAP.js +0 -0
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
|
@@ -1,9 +1,269 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { OAuthAuthorizationErrorResponse, OAuthAccessTokenErrorResponse, OAuthEnvSchema } from './schemas.js';
|
|
3
|
+
import { createJoseInstance } from './jose.js';
|
|
3
4
|
import { SerializeOptions } from '@aura-stack/router/cookie';
|
|
4
|
-
import { JWTVerifyOptions, EncryptOptions, JWTDecryptOptions } from '@aura-stack/jose';
|
|
5
|
-
import { JWTPayload } from '@aura-stack/jose/jose';
|
|
6
5
|
import { LiteralUnion, Prettify } from './@types/utility.js';
|
|
6
|
+
import { JWTPayload } from '@aura-stack/jose/jose';
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* Log message definitions organized by category.
|
|
10
|
+
* Each message includes facility, severity, msgId, and default message.
|
|
11
|
+
*/
|
|
12
|
+
declare const logMessages: {
|
|
13
|
+
readonly ROUTER_INTERNAL_ERROR: {
|
|
14
|
+
readonly facility: 10;
|
|
15
|
+
readonly severity: "error";
|
|
16
|
+
readonly msgId: "ROUTER_INTERNAL_ERROR";
|
|
17
|
+
readonly message: "Unhandled router error while processing the request";
|
|
18
|
+
};
|
|
19
|
+
readonly INVALID_REQUEST: {
|
|
20
|
+
readonly facility: 10;
|
|
21
|
+
readonly severity: "warning";
|
|
22
|
+
readonly msgId: "INVALID_REQUEST";
|
|
23
|
+
readonly message: "Request validation failed against the expected schema";
|
|
24
|
+
};
|
|
25
|
+
readonly SERVER_ERROR: {
|
|
26
|
+
readonly facility: 10;
|
|
27
|
+
readonly severity: "error";
|
|
28
|
+
readonly msgId: "SERVER_ERROR";
|
|
29
|
+
readonly message: "Unexpected internal server error during authentication";
|
|
30
|
+
};
|
|
31
|
+
readonly OAUTH_PROTOCOL_ERROR: {
|
|
32
|
+
readonly facility: 10;
|
|
33
|
+
readonly severity: "warning";
|
|
34
|
+
readonly msgId: "OAUTH_PROTOCOL_ERROR";
|
|
35
|
+
readonly message: "OAuth provider returned an invalid or unexpected protocol response";
|
|
36
|
+
};
|
|
37
|
+
readonly OAUTH_AUTHORIZATION_ERROR: {
|
|
38
|
+
readonly facility: 10;
|
|
39
|
+
readonly severity: "error";
|
|
40
|
+
readonly msgId: "OAUTH_AUTHORIZATION_ERROR";
|
|
41
|
+
readonly message: "OAuth authorization request was rejected or failed";
|
|
42
|
+
};
|
|
43
|
+
readonly INVALID_OAUTH_CONFIGURATION: {
|
|
44
|
+
readonly facility: 10;
|
|
45
|
+
readonly severity: "error";
|
|
46
|
+
readonly msgId: "INVALID_OAUTH_CONFIGURATION";
|
|
47
|
+
readonly message: "The OAuth provider configuration is invalid or incomplete";
|
|
48
|
+
};
|
|
49
|
+
readonly OAUTH_ACCESS_TOKEN_REQUEST_INITIATED: {
|
|
50
|
+
readonly facility: 10;
|
|
51
|
+
readonly severity: "debug";
|
|
52
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_REQUEST_INITIATED";
|
|
53
|
+
readonly message: "Starting OAuth access token request to the provider";
|
|
54
|
+
};
|
|
55
|
+
readonly INVALID_OAUTH_ACCESS_TOKEN_RESPONSE: {
|
|
56
|
+
readonly facility: 10;
|
|
57
|
+
readonly severity: "error";
|
|
58
|
+
readonly msgId: "INVALID_OAUTH_ACCESS_TOKEN_RESPONSE";
|
|
59
|
+
readonly message: "OAuth access token endpoint returned an invalid or malformed response";
|
|
60
|
+
};
|
|
61
|
+
readonly OAUTH_ACCESS_TOKEN_ERROR: {
|
|
62
|
+
readonly facility: 10;
|
|
63
|
+
readonly severity: "error";
|
|
64
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_ERROR";
|
|
65
|
+
readonly message: "OAuth access token endpoint returned an error response";
|
|
66
|
+
};
|
|
67
|
+
readonly OAUTH_ACCESS_TOKEN_SUCCESS: {
|
|
68
|
+
readonly facility: 10;
|
|
69
|
+
readonly severity: "info";
|
|
70
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_SUCCESS";
|
|
71
|
+
readonly message: "Successfully retrieved OAuth access token from the provider";
|
|
72
|
+
};
|
|
73
|
+
readonly OAUTH_ACCESS_TOKEN_REQUEST_FAILED: {
|
|
74
|
+
readonly facility: 10;
|
|
75
|
+
readonly severity: "error";
|
|
76
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_REQUEST_FAILED";
|
|
77
|
+
readonly message: "Network or server error while requesting OAuth access token";
|
|
78
|
+
};
|
|
79
|
+
readonly OAUTH_USERINFO_REQUEST_INITIATED: {
|
|
80
|
+
readonly facility: 10;
|
|
81
|
+
readonly severity: "debug";
|
|
82
|
+
readonly msgId: "OAUTH_USERINFO_REQUEST_INITIATED";
|
|
83
|
+
readonly message: "Starting OAuth userinfo request to the provider";
|
|
84
|
+
};
|
|
85
|
+
readonly OAUTH_USERINFO_INVALID_RESPONSE: {
|
|
86
|
+
readonly facility: 10;
|
|
87
|
+
readonly severity: "error";
|
|
88
|
+
readonly msgId: "OAUTH_USERINFO_INVALID_RESPONSE";
|
|
89
|
+
readonly message: "OAuth userinfo endpoint returned an invalid or malformed response";
|
|
90
|
+
};
|
|
91
|
+
readonly OAUTH_USERINFO_ERROR: {
|
|
92
|
+
readonly facility: 10;
|
|
93
|
+
readonly severity: "error";
|
|
94
|
+
readonly msgId: "OAUTH_USERINFO_ERROR";
|
|
95
|
+
readonly message: "OAuth userinfo endpoint returned an error response";
|
|
96
|
+
};
|
|
97
|
+
readonly OAUTH_USERINFO_SUCCESS: {
|
|
98
|
+
readonly facility: 10;
|
|
99
|
+
readonly severity: "info";
|
|
100
|
+
readonly msgId: "OAUTH_USERINFO_SUCCESS";
|
|
101
|
+
readonly message: "Successfully retrieved user information from the OAuth provider";
|
|
102
|
+
};
|
|
103
|
+
readonly OAUTH_USERINFO_REQUEST_FAILED: {
|
|
104
|
+
readonly facility: 10;
|
|
105
|
+
readonly severity: "error";
|
|
106
|
+
readonly msgId: "OAUTH_USERINFO_REQUEST_FAILED";
|
|
107
|
+
readonly message: "Network or server error while requesting user information from the OAuth provider";
|
|
108
|
+
};
|
|
109
|
+
readonly OAUTH_CALLBACK_SUCCESS: {
|
|
110
|
+
readonly facility: 4;
|
|
111
|
+
readonly severity: "info";
|
|
112
|
+
readonly msgId: "OAUTH_CALLBACK_SUCCESS";
|
|
113
|
+
readonly message: "OAuth callback completed successfully and session was created";
|
|
114
|
+
};
|
|
115
|
+
readonly MISMATCHING_STATE: {
|
|
116
|
+
readonly facility: 4;
|
|
117
|
+
readonly severity: "critical";
|
|
118
|
+
readonly msgId: "MISMATCHING_STATE";
|
|
119
|
+
readonly message: "OAuth response state parameter does not match the stored state value";
|
|
120
|
+
};
|
|
121
|
+
readonly POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED: {
|
|
122
|
+
readonly facility: 4;
|
|
123
|
+
readonly severity: "critical";
|
|
124
|
+
readonly msgId: "POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED";
|
|
125
|
+
readonly message: "Blocked redirect to untrusted or external URL (potential open redirect attack)";
|
|
126
|
+
};
|
|
127
|
+
readonly OPEN_REDIRECT_ATTACK: {
|
|
128
|
+
readonly facility: 4;
|
|
129
|
+
readonly severity: "warning";
|
|
130
|
+
readonly msgId: "OPEN_REDIRECT_ATTACK";
|
|
131
|
+
readonly message: "Detected redirect target that does not match the trusted origin";
|
|
132
|
+
};
|
|
133
|
+
readonly SESSION_TOKEN_MISSING: {
|
|
134
|
+
readonly facility: 4;
|
|
135
|
+
readonly severity: "warning";
|
|
136
|
+
readonly msgId: "SESSION_TOKEN_MISSING";
|
|
137
|
+
readonly message: "Session cookie is missing from the request";
|
|
138
|
+
};
|
|
139
|
+
readonly CSRF_TOKEN_MISSING: {
|
|
140
|
+
readonly facility: 4;
|
|
141
|
+
readonly severity: "warning";
|
|
142
|
+
readonly msgId: "CSRF_TOKEN_MISSING";
|
|
143
|
+
readonly message: "CSRF token cookie is missing from the request";
|
|
144
|
+
};
|
|
145
|
+
readonly CSRF_HEADER_MISSING: {
|
|
146
|
+
readonly facility: 4;
|
|
147
|
+
readonly severity: "warning";
|
|
148
|
+
readonly msgId: "CSRF_HEADER_MISSING";
|
|
149
|
+
readonly message: "CSRF header is missing from the request";
|
|
150
|
+
};
|
|
151
|
+
readonly CSRF_TOKEN_INVALID: {
|
|
152
|
+
readonly facility: 4;
|
|
153
|
+
readonly severity: "error";
|
|
154
|
+
readonly msgId: "CSRF_TOKEN_INVALID";
|
|
155
|
+
readonly message: "CSRF token verification failed or token is invalid";
|
|
156
|
+
};
|
|
157
|
+
readonly SIGN_IN_INITIATED: {
|
|
158
|
+
readonly facility: 4;
|
|
159
|
+
readonly severity: "info";
|
|
160
|
+
readonly msgId: "SIGN_IN_INITIATED";
|
|
161
|
+
readonly message: "Starting OAuth sign-in flow for the selected provider";
|
|
162
|
+
};
|
|
163
|
+
readonly SIGN_OUT_ATTEMPT: {
|
|
164
|
+
readonly facility: 4;
|
|
165
|
+
readonly severity: "debug";
|
|
166
|
+
readonly msgId: "SIGN_OUT_ATTEMPT";
|
|
167
|
+
readonly message: "Received sign-out request from client";
|
|
168
|
+
};
|
|
169
|
+
readonly SIGN_OUT_CSRF_VERIFIED: {
|
|
170
|
+
readonly facility: 4;
|
|
171
|
+
readonly severity: "info";
|
|
172
|
+
readonly msgId: "SIGN_OUT_CSRF_VERIFIED";
|
|
173
|
+
readonly message: "CSRF token was successfully verified during sign-out";
|
|
174
|
+
};
|
|
175
|
+
readonly SIGN_OUT_SUCCESS: {
|
|
176
|
+
readonly facility: 4;
|
|
177
|
+
readonly severity: "info";
|
|
178
|
+
readonly msgId: "SIGN_OUT_SUCCESS";
|
|
179
|
+
readonly message: "User session was cleared and sign-out completed successfully";
|
|
180
|
+
};
|
|
181
|
+
readonly SIGN_OUT_REDIRECT: {
|
|
182
|
+
readonly facility: 4;
|
|
183
|
+
readonly severity: "debug";
|
|
184
|
+
readonly msgId: "SIGN_OUT_REDIRECT";
|
|
185
|
+
readonly message: "Redirecting client after successful sign-out";
|
|
186
|
+
};
|
|
187
|
+
readonly AUTH_SESSION_VALID: {
|
|
188
|
+
readonly facility: 4;
|
|
189
|
+
readonly severity: "info";
|
|
190
|
+
readonly msgId: "AUTH_SESSION_VALID";
|
|
191
|
+
readonly message: "Session token is valid and user session was returned";
|
|
192
|
+
};
|
|
193
|
+
readonly AUTH_SESSION_INVALID: {
|
|
194
|
+
readonly facility: 4;
|
|
195
|
+
readonly severity: "notice";
|
|
196
|
+
readonly msgId: "AUTH_SESSION_INVALID";
|
|
197
|
+
readonly message: "Session token is missing, expired, or invalid";
|
|
198
|
+
};
|
|
199
|
+
readonly INVALID_JWT_TOKEN: {
|
|
200
|
+
readonly facility: 4;
|
|
201
|
+
readonly severity: "warning";
|
|
202
|
+
readonly msgId: "INVALID_JWT_TOKEN";
|
|
203
|
+
readonly message: "JWT session token failed validation during sign-out";
|
|
204
|
+
};
|
|
205
|
+
readonly CSRF_TOKEN_REQUESTED: {
|
|
206
|
+
readonly facility: 4;
|
|
207
|
+
readonly severity: "debug";
|
|
208
|
+
readonly msgId: "CSRF_TOKEN_REQUESTED";
|
|
209
|
+
readonly message: "Client requested a CSRF token";
|
|
210
|
+
};
|
|
211
|
+
readonly CSRF_TOKEN_ISSUED: {
|
|
212
|
+
readonly facility: 4;
|
|
213
|
+
readonly severity: "debug";
|
|
214
|
+
readonly msgId: "CSRF_TOKEN_ISSUED";
|
|
215
|
+
readonly message: "Issued a new CSRF token to the client";
|
|
216
|
+
};
|
|
217
|
+
readonly INVALID_URL: {
|
|
218
|
+
readonly facility: 10;
|
|
219
|
+
readonly severity: "error";
|
|
220
|
+
readonly msgId: "INVALID_URL";
|
|
221
|
+
readonly message: "Derived origin URL is invalid or malformed";
|
|
222
|
+
};
|
|
223
|
+
readonly COOKIE_HTTPONLY_DISABLED: {
|
|
224
|
+
readonly facility: 10;
|
|
225
|
+
readonly severity: "critical";
|
|
226
|
+
readonly msgId: "COOKIE_HTTPONLY_DISABLED";
|
|
227
|
+
readonly message: "Cookie is configured without HttpOnly. This allows JavaScript access via document.cookie and increases XSS exposure.";
|
|
228
|
+
};
|
|
229
|
+
readonly COOKIE_WILDCARD_DOMAIN: {
|
|
230
|
+
readonly facility: 10;
|
|
231
|
+
readonly severity: "critical";
|
|
232
|
+
readonly msgId: "COOKIE_WILDCARD_DOMAIN";
|
|
233
|
+
readonly message: "Cookie 'Domain' is set to a wildcard, which is insecure and should be avoided.";
|
|
234
|
+
};
|
|
235
|
+
readonly COOKIE_SECURE_DISABLED: {
|
|
236
|
+
readonly facility: 10;
|
|
237
|
+
readonly severity: "warning";
|
|
238
|
+
readonly msgId: "COOKIE_SECURE_DISABLED";
|
|
239
|
+
readonly message: "Cookie is configured with 'Secure' but the request is not HTTPS. The 'Secure' attribute will be ignored by the browser.";
|
|
240
|
+
};
|
|
241
|
+
readonly COOKIE_SAMESITE_NONE_WITHOUT_SECURE: {
|
|
242
|
+
readonly facility: 10;
|
|
243
|
+
readonly severity: "warning";
|
|
244
|
+
readonly msgId: "COOKIE_SAMESITE_NONE_WITHOUT_SECURE";
|
|
245
|
+
readonly message: "Cookie uses SameSite=None without Secure. Falling back to SameSite=Lax for safer defaults.";
|
|
246
|
+
};
|
|
247
|
+
readonly COOKIE_INSECURE_IN_PRODUCTION: {
|
|
248
|
+
readonly facility: 10;
|
|
249
|
+
readonly severity: "critical";
|
|
250
|
+
readonly msgId: "COOKIE_INSECURE_IN_PRODUCTION";
|
|
251
|
+
readonly message: "Cookies are being served over an insecure connection in production, which is a serious security risk.";
|
|
252
|
+
};
|
|
253
|
+
readonly COOKIE_HOST_STRATEGY_INSECURE: {
|
|
254
|
+
readonly facility: 10;
|
|
255
|
+
readonly severity: "critical";
|
|
256
|
+
readonly msgId: "COOKIE_HOST_STRATEGY_INSECURE";
|
|
257
|
+
readonly message: "__Host- cookies require a secure HTTPS context. Falling back to standard cookie settings.";
|
|
258
|
+
};
|
|
259
|
+
readonly UNTRUSTED_ORIGIN: {
|
|
260
|
+
readonly facility: 10;
|
|
261
|
+
readonly severity: "error";
|
|
262
|
+
readonly msgId: "UNTRUSTED_ORIGIN";
|
|
263
|
+
readonly message: "The constructed origin URL is not trusted.";
|
|
264
|
+
};
|
|
265
|
+
};
|
|
266
|
+
declare const createLogEntry: <T extends keyof typeof logMessages>(key: T, overrides?: Partial<SyslogOptions>) => SyslogOptions;
|
|
7
267
|
|
|
8
268
|
/**
|
|
9
269
|
* @see [Pinterest - Get User Account](https://developers.pinterest.com/docs/api/v5/user_account-get)
|
|
@@ -27,7 +287,7 @@ interface PinterestProfile {
|
|
|
27
287
|
* @see [Pinterest - My Apps](https://developers.pinterest.com/apps/)
|
|
28
288
|
* @see [Pinterest - Get User Account](https://developers.pinterest.com/docs/api/v5/user_account-get)
|
|
29
289
|
*/
|
|
30
|
-
declare const pinterest:
|
|
290
|
+
declare const pinterest: (options?: Partial<OAuthProviderCredentials<PinterestProfile>>) => OAuthProviderCredentials<PinterestProfile>;
|
|
31
291
|
|
|
32
292
|
interface Login {
|
|
33
293
|
email: string;
|
|
@@ -36,6 +296,9 @@ interface Login {
|
|
|
36
296
|
login_name: string;
|
|
37
297
|
login_email: string;
|
|
38
298
|
}
|
|
299
|
+
/**
|
|
300
|
+
* @see [Mailchimp - API Root](https://mailchimp.com/developer/marketing/api/authentication/)
|
|
301
|
+
*/
|
|
39
302
|
interface MailchimpProfile {
|
|
40
303
|
dc: string;
|
|
41
304
|
role: string;
|
|
@@ -46,9 +309,14 @@ interface MailchimpProfile {
|
|
|
46
309
|
api_endpoint: string;
|
|
47
310
|
}
|
|
48
311
|
/**
|
|
49
|
-
*
|
|
312
|
+
* Mailchimp OAuth Provider
|
|
313
|
+
* @see [Mailchimp - Marketing API](https://mailchimp.com/developer/marketing/api/)
|
|
314
|
+
* @see [Mailchimp - Apps](https://us1.admin.mailchimp.com/account/oauth2/)
|
|
315
|
+
* @see [Mailchimp - Create an Application](https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/#register-your-app)
|
|
316
|
+
* @see [Mailchimp - OAuth 2.0 Docs](https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/)
|
|
317
|
+
* @see [Mailchimp - API Root](https://mailchimp.com/developer/marketing/api/root/)
|
|
50
318
|
*/
|
|
51
|
-
declare const mailchimp:
|
|
319
|
+
declare const mailchimp: (options?: Partial<OAuthProviderCredentials<MailchimpProfile>>) => OAuthProviderCredentials<MailchimpProfile>;
|
|
52
320
|
|
|
53
321
|
/**
|
|
54
322
|
* @see [Strava - SummaryClub](https://developers.strava.com/docs/reference/#api-models-SummaryClub)
|
|
@@ -120,7 +388,7 @@ interface StravaProfile {
|
|
|
120
388
|
* @see [Strava - API Application](https://www.strava.com/settings/api)
|
|
121
389
|
* @see [Strava - API Reference](https://developers.strava.com/docs/reference/)
|
|
122
390
|
*/
|
|
123
|
-
declare const strava:
|
|
391
|
+
declare const strava: (options?: Partial<OAuthProviderCredentials<StravaProfile>>) => OAuthProviderCredentials<StravaProfile>;
|
|
124
392
|
|
|
125
393
|
/**
|
|
126
394
|
* @see [X - Get my User](https://docs.x.com/x-api/users/get-my-user)
|
|
@@ -141,9 +409,9 @@ interface XProfile {
|
|
|
141
409
|
* @see [X - OAuth 2.0 Scopes](https://docs.x.com/fundamentals/authentication/oauth-2-0/authorization-code#scopes)
|
|
142
410
|
* @see [X - OAuth 2.0 Bearer Token](https://docs.x.com/fundamentals/authentication/oauth-2-0/application-only)
|
|
143
411
|
*/
|
|
144
|
-
declare const x:
|
|
412
|
+
declare const x: (options?: Partial<OAuthProviderCredentials<XProfile>>) => OAuthProviderCredentials<XProfile>;
|
|
145
413
|
|
|
146
|
-
interface
|
|
414
|
+
interface SpotifyImage {
|
|
147
415
|
url: string;
|
|
148
416
|
height: number;
|
|
149
417
|
width: number;
|
|
@@ -159,7 +427,7 @@ interface SpotifyProfile {
|
|
|
159
427
|
uri: string;
|
|
160
428
|
country: string;
|
|
161
429
|
href: string;
|
|
162
|
-
images:
|
|
430
|
+
images: SpotifyImage[];
|
|
163
431
|
product: string;
|
|
164
432
|
explicit_content: {
|
|
165
433
|
filter_enabled: boolean;
|
|
@@ -182,10 +450,10 @@ interface SpotifyProfile {
|
|
|
182
450
|
* @see [Spotify - Scopes](https://developer.spotify.com/documentation/web-api/concepts/scopes)
|
|
183
451
|
* @see [Spotify - Redirect URIs](https://developer.spotify.com/documentation/web-api/concepts/redirect_uri)
|
|
184
452
|
*/
|
|
185
|
-
declare const spotify:
|
|
453
|
+
declare const spotify: (options?: Partial<OAuthProviderCredentials<SpotifyProfile>>) => OAuthProviderCredentials<SpotifyProfile>;
|
|
186
454
|
|
|
187
455
|
/**
|
|
188
|
-
* @see [GitLab -
|
|
456
|
+
* @see [GitLab - User Structure](https://docs.gitlab.com/ee/api/users.html#external-user-structure)
|
|
189
457
|
*/
|
|
190
458
|
interface GitLabProfile {
|
|
191
459
|
id: number;
|
|
@@ -244,7 +512,7 @@ interface GitLabProfile {
|
|
|
244
512
|
* @see [GitLab - Scopes](https://docs.gitlab.com/integration/oauth_provider/#view-all-authorized-applications)
|
|
245
513
|
* @see [GitLab - Get current user](https://docs.gitlab.com/api/users/#get-the-current-user)
|
|
246
514
|
*/
|
|
247
|
-
declare const gitlab:
|
|
515
|
+
declare const gitlab: (options?: Partial<OAuthProviderCredentials<GitLabProfile>>) => OAuthProviderCredentials<GitLabProfile>;
|
|
248
516
|
|
|
249
517
|
/**
|
|
250
518
|
* @see [Discord - Nameplate Object](https://discord.com/developers/docs/resources/user#nameplate-nameplate-structure)
|
|
@@ -303,7 +571,7 @@ interface DiscordProfile {
|
|
|
303
571
|
* @see [Discord - Image Formatting](https://discord.com/developers/docs/reference#image-formatting)
|
|
304
572
|
* @see [Discord - Display Names](https://discord.com/developers/docs/change-log#display-names)
|
|
305
573
|
*/
|
|
306
|
-
declare const discord:
|
|
574
|
+
declare const discord: (options?: Partial<OAuthProviderCredentials<DiscordProfile>>) => OAuthProviderCredentials<DiscordProfile>;
|
|
307
575
|
|
|
308
576
|
/**
|
|
309
577
|
* @see [Figma API - Users](https://developers.figma.com/docs/rest-api/users-types/)
|
|
@@ -321,7 +589,7 @@ interface FigmaProfile {
|
|
|
321
589
|
* @see [Figma - Create an OAuth App](https://developers.figma.com/docs/rest-api/authentication/#create-an-oauth-app)
|
|
322
590
|
* @see [Figma - OAuth Scopes](https://developers.figma.com/docs/rest-api/scopes/)
|
|
323
591
|
*/
|
|
324
|
-
declare const figma:
|
|
592
|
+
declare const figma: (options?: Partial<OAuthProviderCredentials<FigmaProfile>>) => OAuthProviderCredentials<FigmaProfile>;
|
|
325
593
|
|
|
326
594
|
/**
|
|
327
595
|
* @see [Get current user](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-get)
|
|
@@ -353,7 +621,7 @@ interface BitbucketProfile {
|
|
|
353
621
|
* @see [Bitbucket - Cloud REST API](https://developer.atlassian.com/cloud/bitbucket/rest/intro/)
|
|
354
622
|
* @see [Bitbucket - User Endpoint](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-users-endpoint)
|
|
355
623
|
*/
|
|
356
|
-
declare const bitbucket:
|
|
624
|
+
declare const bitbucket: (options?: Partial<OAuthProviderCredentials<BitbucketProfile>>) => OAuthProviderCredentials<BitbucketProfile>;
|
|
357
625
|
|
|
358
626
|
/**
|
|
359
627
|
* @see [Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
|
|
@@ -414,19 +682,19 @@ interface GitHubProfile {
|
|
|
414
682
|
* @see [GitHub - Configure your GitHub OAuth Apps](https://github.com/settings/developers)
|
|
415
683
|
* @see [Github - Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
|
|
416
684
|
*/
|
|
417
|
-
declare const github:
|
|
685
|
+
declare const github: (options?: Partial<OAuthProviderCredentials<GitHubProfile>>) => OAuthProviderCredentials<GitHubProfile>;
|
|
418
686
|
|
|
419
687
|
declare const builtInOAuthProviders: {
|
|
420
|
-
readonly github:
|
|
421
|
-
readonly bitbucket:
|
|
422
|
-
readonly figma:
|
|
423
|
-
readonly discord:
|
|
424
|
-
readonly gitlab:
|
|
425
|
-
readonly spotify:
|
|
426
|
-
readonly x:
|
|
427
|
-
readonly strava:
|
|
428
|
-
readonly mailchimp:
|
|
429
|
-
readonly pinterest:
|
|
688
|
+
readonly github: (options?: Partial<OAuthProviderCredentials<GitHubProfile>>) => OAuthProviderCredentials<GitHubProfile>;
|
|
689
|
+
readonly bitbucket: (options?: Partial<OAuthProviderCredentials<BitbucketProfile>>) => OAuthProviderCredentials<BitbucketProfile>;
|
|
690
|
+
readonly figma: (options?: Partial<OAuthProviderCredentials<FigmaProfile>>) => OAuthProviderCredentials<FigmaProfile>;
|
|
691
|
+
readonly discord: (options?: Partial<OAuthProviderCredentials<DiscordProfile>>) => OAuthProviderCredentials<DiscordProfile>;
|
|
692
|
+
readonly gitlab: (options?: Partial<OAuthProviderCredentials<GitLabProfile>>) => OAuthProviderCredentials<GitLabProfile>;
|
|
693
|
+
readonly spotify: (options?: Partial<OAuthProviderCredentials<SpotifyProfile>>) => OAuthProviderCredentials<SpotifyProfile>;
|
|
694
|
+
readonly x: (options?: Partial<OAuthProviderCredentials<XProfile>>) => OAuthProviderCredentials<XProfile>;
|
|
695
|
+
readonly strava: (options?: Partial<OAuthProviderCredentials<StravaProfile>>) => OAuthProviderCredentials<StravaProfile>;
|
|
696
|
+
readonly mailchimp: (options?: Partial<OAuthProviderCredentials<MailchimpProfile>>) => OAuthProviderCredentials<MailchimpProfile>;
|
|
697
|
+
readonly pinterest: (options?: Partial<OAuthProviderCredentials<PinterestProfile>>) => OAuthProviderCredentials<PinterestProfile>;
|
|
430
698
|
};
|
|
431
699
|
/**
|
|
432
700
|
* Constructs OAuth provider configurations from an array of provider names or configurations.
|
|
@@ -434,8 +702,14 @@ declare const builtInOAuthProviders: {
|
|
|
434
702
|
*
|
|
435
703
|
* @param oauth - Array of OAuth provider configurations or provider names to be defined from environment variables
|
|
436
704
|
* @returns A record of OAuth provider configurations
|
|
705
|
+
* @example
|
|
706
|
+
* // Using built-in provider with env variables
|
|
707
|
+
* createBuiltInOAuthProviders(["github"])
|
|
708
|
+
*
|
|
709
|
+
* // Using built-in provider with explicit credentials via factory
|
|
710
|
+
* createBuiltInOAuthProviders([github({ clientId: "...", clientSecret: "..." })])
|
|
437
711
|
*/
|
|
438
|
-
declare const createBuiltInOAuthProviders: (oauth?: (BuiltInOAuthProvider | OAuthProviderCredentials)[]) => Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials
|
|
712
|
+
declare const createBuiltInOAuthProviders: (oauth?: (BuiltInOAuthProvider | OAuthProviderCredentials<any>)[]) => Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials<any>>;
|
|
439
713
|
type BuiltInOAuthProvider = keyof typeof builtInOAuthProviders;
|
|
440
714
|
|
|
441
715
|
/**
|
|
@@ -470,7 +744,7 @@ interface Session {
|
|
|
470
744
|
* Configuration for an OAuth provider without credentials.
|
|
471
745
|
* Use this type when defining provider metadata and endpoints.
|
|
472
746
|
*/
|
|
473
|
-
interface OAuthProviderConfig<Profile extends object =
|
|
747
|
+
interface OAuthProviderConfig<Profile extends object = Record<string, any>> {
|
|
474
748
|
id: string;
|
|
475
749
|
name: string;
|
|
476
750
|
authorizeURL: string;
|
|
@@ -484,14 +758,14 @@ interface OAuthProviderConfig<Profile extends object = {}> {
|
|
|
484
758
|
* OAuth provider configuration with client credentials.
|
|
485
759
|
* Extends OAuthProviderConfig with clientId and clientSecret.
|
|
486
760
|
*/
|
|
487
|
-
interface OAuthProviderCredentials<Profile extends object =
|
|
488
|
-
clientId
|
|
489
|
-
clientSecret
|
|
761
|
+
interface OAuthProviderCredentials<Profile extends object = Record<string, any>> extends OAuthProviderConfig<Profile> {
|
|
762
|
+
clientId?: string;
|
|
763
|
+
clientSecret?: string;
|
|
490
764
|
}
|
|
491
765
|
/**
|
|
492
766
|
* Complete OAuth provider type combining configuration and credentials.
|
|
493
767
|
*/
|
|
494
|
-
type OAuthProvider<Profile extends object =
|
|
768
|
+
type OAuthProvider<Profile extends object = Record<string, any>> = OAuthProviderCredentials<Profile>;
|
|
495
769
|
/**
|
|
496
770
|
* Cookie type with __Secure- prefix, must be Secure.
|
|
497
771
|
* @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
|
|
@@ -555,6 +829,9 @@ interface AuthConfig {
|
|
|
555
829
|
* Built-in OAuth providers:
|
|
556
830
|
* oauth: ["github", "google"]
|
|
557
831
|
*
|
|
832
|
+
* Custom credentials via factory:
|
|
833
|
+
* oauth: [github({ clientId: "...", clientSecret: "..." })]
|
|
834
|
+
*
|
|
558
835
|
* Custom OAuth providers:
|
|
559
836
|
* oauth: [
|
|
560
837
|
* {
|
|
@@ -565,12 +842,12 @@ interface AuthConfig {
|
|
|
565
842
|
* scope: "profile email",
|
|
566
843
|
* responseType: "code",
|
|
567
844
|
* userInfo: "https://example.com/oauth/userinfo",
|
|
568
|
-
* clientId: process.env.
|
|
569
|
-
* clientSecret: process.env.
|
|
845
|
+
* clientId: process.env.AURA_AUTH_PROVIDER_CLIENT_ID,
|
|
846
|
+
* clientSecret: process.env.AURA_AUTH_PROVIDER_CLIENT_SECRET,
|
|
570
847
|
* }
|
|
571
848
|
* ]
|
|
572
849
|
*/
|
|
573
|
-
oauth: (BuiltInOAuthProvider | OAuthProviderCredentials)[];
|
|
850
|
+
oauth: (BuiltInOAuthProvider | OAuthProviderCredentials<any>)[];
|
|
574
851
|
/**
|
|
575
852
|
* Cookie options defines the configuration for cookies used in Aura Auth.
|
|
576
853
|
* It includes a prefix for cookie names and flag options to determine
|
|
@@ -615,16 +892,37 @@ interface AuthConfig {
|
|
|
615
892
|
* @experimental
|
|
616
893
|
*/
|
|
617
894
|
trustedProxyHeaders?: boolean;
|
|
895
|
+
logger?: Logger;
|
|
896
|
+
/**
|
|
897
|
+
* Defines trusted origins for your application to prevent open redirect attacks.
|
|
898
|
+
* URLs from the Referer header, Origin header, request URL, and redirectTo option
|
|
899
|
+
* are validated against this list before redirecting.
|
|
900
|
+
*
|
|
901
|
+
* - **Exact URL**: `https://example.com` matches only that origin.
|
|
902
|
+
* - **Subdomain wildcard**: `https://*.example.com` matches `https://app.example.com`, `https://api.example.com`, etc.
|
|
903
|
+
* @example
|
|
904
|
+
* trustedOrigins: ["https://example.com", "https://*.example.com", "http://localhost:3000"]
|
|
905
|
+
*
|
|
906
|
+
*
|
|
907
|
+
* trustedOrigins: async (request) => {
|
|
908
|
+
* const origin = new URL(request.url).origin
|
|
909
|
+
* return [origin, "https://admin.example.com"]
|
|
910
|
+
* }
|
|
911
|
+
*/
|
|
912
|
+
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
618
913
|
}
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
}
|
|
914
|
+
/**
|
|
915
|
+
* A trusted origin URL or pattern. Supports:
|
|
916
|
+
* - Exact: `https://example.com`
|
|
917
|
+
* - Subdomain wildcard: `https://*.example.com`
|
|
918
|
+
*/
|
|
919
|
+
type TrustedOrigin = string;
|
|
920
|
+
type JoseInstance = ReturnType<typeof createJoseInstance>;
|
|
627
921
|
type OAuthProviderRecord = Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>;
|
|
922
|
+
type InternalLogger = {
|
|
923
|
+
level: LogLevel;
|
|
924
|
+
log: typeof createLogEntry;
|
|
925
|
+
};
|
|
628
926
|
interface RouterGlobalContext {
|
|
629
927
|
oauth: OAuthProviderRecord;
|
|
630
928
|
cookies: CookieStoreConfig;
|
|
@@ -632,6 +930,8 @@ interface RouterGlobalContext {
|
|
|
632
930
|
secret?: string;
|
|
633
931
|
basePath: string;
|
|
634
932
|
trustedProxyHeaders: boolean;
|
|
933
|
+
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
934
|
+
logger?: InternalLogger;
|
|
635
935
|
}
|
|
636
936
|
/**
|
|
637
937
|
* Internal runtime configuration used within Aura Auth after initialization.
|
|
@@ -668,12 +968,40 @@ type AccessTokenError = OAuthError<z.infer<typeof OAuthAccessTokenErrorResponse>
|
|
|
668
968
|
*/
|
|
669
969
|
type TokenRevocationError = OAuthError<"invalid_session_token">;
|
|
670
970
|
type ErrorType = AuthorizationError["error"] | AccessTokenError["error"] | TokenRevocationError["error"];
|
|
671
|
-
type AuthInternalErrorCode = "INVALID_OAUTH_CONFIGURATION" | "INVALID_JWT_TOKEN" | "JOSE_INITIALIZATION_FAILED" | "SESSION_STORE_NOT_INITIALIZED" | "COOKIE_STORE_NOT_INITIALIZED" | "COOKIE_PARSING_FAILED" | "COOKIE_NOT_FOUND" | "INVALID_ENVIRONMENT_CONFIGURATION";
|
|
971
|
+
type AuthInternalErrorCode = "INVALID_OAUTH_CONFIGURATION" | "INVALID_JWT_TOKEN" | "JOSE_INITIALIZATION_FAILED" | "SESSION_STORE_NOT_INITIALIZED" | "COOKIE_STORE_NOT_INITIALIZED" | "COOKIE_PARSING_FAILED" | "COOKIE_NOT_FOUND" | "INVALID_ENVIRONMENT_CONFIGURATION" | "INVALID_URL" | "INVALID_SALT_SECRET_VALUE" | "UNTRUSTED_ORIGIN" | "INVALID_OAUTH_PROVIDER_CONFIGURATION" | "DUPLICATED_OAUTH_PROVIDER_ID";
|
|
672
972
|
type AuthSecurityErrorCode = "INVALID_STATE" | "MISMATCHING_STATE" | "POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED" | "CSRF_TOKEN_INVALID" | "CSRF_TOKEN_MISSING" | "SESSION_TOKEN_MISSING";
|
|
673
973
|
type OAuthEnv = z.infer<typeof OAuthEnvSchema>;
|
|
674
974
|
type APIErrorMap = Record<string, {
|
|
675
975
|
code: string;
|
|
676
976
|
message: string;
|
|
677
977
|
}>;
|
|
978
|
+
/**
|
|
979
|
+
* Log level for logger messages.
|
|
980
|
+
*/
|
|
981
|
+
type LogLevel = "warn" | "error" | "debug" | "info";
|
|
982
|
+
/** Defines the Severity between 0 to 7 */
|
|
983
|
+
type Severity = "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug";
|
|
984
|
+
/**
|
|
985
|
+
* @see https://datatracker.ietf.org/doc/html/rfc5424
|
|
986
|
+
*/
|
|
987
|
+
type SyslogOptions = {
|
|
988
|
+
facility: 4 | 10;
|
|
989
|
+
severity: Severity;
|
|
990
|
+
timestamp?: string;
|
|
991
|
+
hostname?: string;
|
|
992
|
+
appName?: string;
|
|
993
|
+
procId?: string;
|
|
994
|
+
msgId: string;
|
|
995
|
+
message: string;
|
|
996
|
+
structuredData?: Record<string, string | number | boolean>;
|
|
997
|
+
};
|
|
998
|
+
/**
|
|
999
|
+
* Logger function interface for structured logging.
|
|
1000
|
+
* Called when errors or warnings occur during authentication flows.
|
|
1001
|
+
*/
|
|
1002
|
+
type Logger = {
|
|
1003
|
+
level: LogLevel;
|
|
1004
|
+
log: (args: SyslogOptions) => void;
|
|
1005
|
+
};
|
|
678
1006
|
|
|
679
|
-
export { type
|
|
1007
|
+
export { type SecureCookie as $, type AuthRuntimeConfig as A, figma as B, type CookieConfig as C, type DiscordProfile as D, type ErrorType as E, type FigmaProfile as F, type GitLabProfile as G, type BitbucketProfile as H, type InternalLogger as I, type JWTPayloadWithToken as J, bitbucket as K, type Logger as L, type MailchimpProfile as M, type Nameplate as N, type OAuthProvider as O, type PinterestProfile as P, type GitHubProfile as Q, type RouterGlobalContext as R, type Session as S, type TrustedOrigin as T, type User as U, github as V, builtInOAuthProviders as W, type XProfile as X, createBuiltInOAuthProviders as Y, type BuiltInOAuthProvider as Z, type JWTStandardClaims as _, type CookieStoreConfig as a, type HostCookie as a0, type StandardCookie as a1, type CookieStrategyAttributes as a2, type CookieName as a3, type OAuthError as a4, type AuthorizationError as a5, type AccessTokenError as a6, type TokenRevocationError as a7, type OAuthEnv as a8, type Severity as a9, type SyslogOptions as aa, type AuthInternalErrorCode as b, type AuthSecurityErrorCode as c, type AuthConfig as d, type AuthInstance as e, type JoseInstance as f, type OAuthProviderConfig as g, type OAuthProviderCredentials as h, type LogLevel as i, type APIErrorMap as j, type OAuthProviderRecord as k, logMessages as l, createLogEntry as m, type Login as n, mailchimp as o, pinterest as p, type SummaryClub as q, type SummaryGear as r, type StravaProfile as s, strava as t, type SpotifyImage as u, type SpotifyProfile as v, spotify as w, x, gitlab as y, discord as z };
|