@aura-stack/auth 0.4.0-rc.5 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +8 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +7 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +130 -71
- package/dist/actions/callback/access-token.d.ts +9 -4
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +428 -152
- package/dist/actions/callback/callback.d.ts +11 -3
- package/dist/actions/callback/callback.js +12 -10
- package/dist/actions/callback/userinfo.cjs +159 -65
- package/dist/actions/callback/userinfo.d.ts +8 -3
- package/dist/actions/callback/userinfo.js +7 -6
- package/dist/actions/csrfToken/csrfToken.cjs +70 -19
- package/dist/actions/csrfToken/csrfToken.js +8 -7
- package/dist/actions/index.cjs +780 -348
- package/dist/actions/index.d.ts +6 -2
- package/dist/actions/index.js +23 -18
- package/dist/actions/session/session.cjs +107 -26
- package/dist/actions/session/session.js +7 -5
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +209 -211
- package/dist/actions/signIn/authorization.d.ts +32 -21
- package/dist/actions/signIn/authorization.js +12 -9
- package/dist/actions/signIn/signIn.cjs +470 -235
- package/dist/actions/signIn/signIn.d.ts +12 -3
- package/dist/actions/signIn/signIn.js +11 -8
- package/dist/actions/signOut/signOut.cjs +376 -228
- package/dist/actions/signOut/signOut.d.ts +1 -1
- package/dist/actions/signOut/signOut.js +10 -9
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +150 -5
- package/dist/assert.d.ts +26 -3
- package/dist/assert.js +17 -3
- package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/chunk-7BE46WWS.js +88 -0
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/chunk-GNNBM2WJ.js +83 -0
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LATR3NIV.js +117 -0
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/chunk-NHZBQNRR.js +143 -0
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/chunk-PDP3PHB3.js +127 -0
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/chunk-U4RK4LKJ.js +348 -0
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/chunk-V6LLEAR4.js +80 -0
- package/dist/chunk-WHNDRO3N.js +50 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +57 -22
- package/dist/cookie.d.ts +11 -6
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +78 -0
- package/dist/env.d.ts +10 -0
- package/dist/env.js +12 -0
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +15 -4
- package/dist/errors.js +5 -1
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/index-_aXtxb_s.d.ts +1377 -0
- package/dist/index.cjs +1843 -610
- package/dist/index.d.ts +11 -92
- package/dist/index.js +53 -85
- package/dist/jose.cjs +113 -38
- package/dist/jose.d.ts +12 -23
- package/dist/jose.js +17 -7
- package/dist/logger.cjs +424 -0
- package/dist/logger.d.ts +12 -0
- package/dist/logger.js +17 -0
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +7 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +7 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +7 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +7 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +7 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +529 -239
- package/dist/oauth/index.d.ts +7 -2
- package/dist/oauth/index.js +39 -22
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +7 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +7 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +7 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +7 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +7 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +89 -42
- package/dist/schemas.d.ts +114 -18
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +73 -31
- package/dist/secure.d.ts +11 -11
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +203 -90
- package/dist/utils.d.ts +21 -40
- package/dist/utils.js +21 -12
- package/package.json +9 -6
- package/dist/chunk-3EUWD5BB.js +0 -63
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-GA2SMTJO.js +0 -58
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-IVET23KF.js +0 -58
- package/dist/chunk-JVFTCTTE.js +0 -33
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N2APGLXA.js +0 -71
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
- package/dist/chunk-TLE4PXY3.js +0 -39
- package/dist/index-B8jeIElf.d.ts +0 -679
- /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
|
@@ -0,0 +1,1377 @@
|
|
|
1
|
+
import * as zod from 'zod';
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
import { OAuthAuthorizationErrorResponse, OAuthAccessTokenErrorResponse, OAuthEnvSchema } from './schemas.js';
|
|
4
|
+
import * as _aura_stack_jose from '@aura-stack/jose';
|
|
5
|
+
import { DecodedJWTPayloadOptions, TypedJWTPayload, JWTVerifyOptions } from '@aura-stack/jose';
|
|
6
|
+
import * as _aura_stack_jose_jose from '@aura-stack/jose/jose';
|
|
7
|
+
import { JWTPayload } from '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/jose/crypto';
|
|
9
|
+
import { SerializeOptions } from '@aura-stack/router/cookie';
|
|
10
|
+
import { LiteralUnion, Prettify } from './@types/utility.js';
|
|
11
|
+
import * as jose from 'jose';
|
|
12
|
+
import * as _aura_stack_router from '@aura-stack/router';
|
|
13
|
+
import { GlobalContext, ClientOptions } from '@aura-stack/router';
|
|
14
|
+
import * as zod_v4_core from 'zod/v4/core';
|
|
15
|
+
|
|
16
|
+
/**
|
|
17
|
+
* Log message definitions organized by category.
|
|
18
|
+
* Each message includes facility, severity, msgId, and default message.
|
|
19
|
+
*/
|
|
20
|
+
declare const logMessages: {
|
|
21
|
+
readonly ROUTER_INTERNAL_ERROR: {
|
|
22
|
+
readonly facility: 10;
|
|
23
|
+
readonly severity: "error";
|
|
24
|
+
readonly msgId: "ROUTER_INTERNAL_ERROR";
|
|
25
|
+
readonly message: "Unhandled router error while processing the request";
|
|
26
|
+
};
|
|
27
|
+
readonly INVALID_REQUEST: {
|
|
28
|
+
readonly facility: 10;
|
|
29
|
+
readonly severity: "warning";
|
|
30
|
+
readonly msgId: "INVALID_REQUEST";
|
|
31
|
+
readonly message: "Request validation failed against the expected schema";
|
|
32
|
+
};
|
|
33
|
+
readonly SERVER_ERROR: {
|
|
34
|
+
readonly facility: 10;
|
|
35
|
+
readonly severity: "error";
|
|
36
|
+
readonly msgId: "SERVER_ERROR";
|
|
37
|
+
readonly message: "Unexpected internal server error during authentication";
|
|
38
|
+
};
|
|
39
|
+
readonly OAUTH_PROTOCOL_ERROR: {
|
|
40
|
+
readonly facility: 10;
|
|
41
|
+
readonly severity: "warning";
|
|
42
|
+
readonly msgId: "OAUTH_PROTOCOL_ERROR";
|
|
43
|
+
readonly message: "OAuth provider returned an invalid or unexpected protocol response";
|
|
44
|
+
};
|
|
45
|
+
readonly OAUTH_AUTHORIZATION_ERROR: {
|
|
46
|
+
readonly facility: 10;
|
|
47
|
+
readonly severity: "error";
|
|
48
|
+
readonly msgId: "OAUTH_AUTHORIZATION_ERROR";
|
|
49
|
+
readonly message: "OAuth authorization request was rejected or failed";
|
|
50
|
+
};
|
|
51
|
+
readonly INVALID_OAUTH_CONFIGURATION: {
|
|
52
|
+
readonly facility: 10;
|
|
53
|
+
readonly severity: "error";
|
|
54
|
+
readonly msgId: "INVALID_OAUTH_CONFIGURATION";
|
|
55
|
+
readonly message: "The OAuth provider configuration is invalid or incomplete";
|
|
56
|
+
};
|
|
57
|
+
readonly OAUTH_ACCESS_TOKEN_REQUEST_INITIATED: {
|
|
58
|
+
readonly facility: 10;
|
|
59
|
+
readonly severity: "debug";
|
|
60
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_REQUEST_INITIATED";
|
|
61
|
+
readonly message: "Starting OAuth access token request to the provider";
|
|
62
|
+
};
|
|
63
|
+
readonly INVALID_OAUTH_ACCESS_TOKEN_RESPONSE: {
|
|
64
|
+
readonly facility: 10;
|
|
65
|
+
readonly severity: "error";
|
|
66
|
+
readonly msgId: "INVALID_OAUTH_ACCESS_TOKEN_RESPONSE";
|
|
67
|
+
readonly message: "OAuth access token endpoint returned an invalid or malformed response";
|
|
68
|
+
};
|
|
69
|
+
readonly OAUTH_ACCESS_TOKEN_ERROR: {
|
|
70
|
+
readonly facility: 10;
|
|
71
|
+
readonly severity: "error";
|
|
72
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_ERROR";
|
|
73
|
+
readonly message: "OAuth access token endpoint returned an error response";
|
|
74
|
+
};
|
|
75
|
+
readonly OAUTH_ACCESS_TOKEN_SUCCESS: {
|
|
76
|
+
readonly facility: 10;
|
|
77
|
+
readonly severity: "info";
|
|
78
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_SUCCESS";
|
|
79
|
+
readonly message: "Successfully retrieved OAuth access token from the provider";
|
|
80
|
+
};
|
|
81
|
+
readonly OAUTH_ACCESS_TOKEN_REQUEST_FAILED: {
|
|
82
|
+
readonly facility: 10;
|
|
83
|
+
readonly severity: "error";
|
|
84
|
+
readonly msgId: "OAUTH_ACCESS_TOKEN_REQUEST_FAILED";
|
|
85
|
+
readonly message: "Network or server error while requesting OAuth access token";
|
|
86
|
+
};
|
|
87
|
+
readonly OAUTH_USERINFO_REQUEST_INITIATED: {
|
|
88
|
+
readonly facility: 10;
|
|
89
|
+
readonly severity: "debug";
|
|
90
|
+
readonly msgId: "OAUTH_USERINFO_REQUEST_INITIATED";
|
|
91
|
+
readonly message: "Starting OAuth userinfo request to the provider";
|
|
92
|
+
};
|
|
93
|
+
readonly OAUTH_USERINFO_INVALID_RESPONSE: {
|
|
94
|
+
readonly facility: 10;
|
|
95
|
+
readonly severity: "error";
|
|
96
|
+
readonly msgId: "OAUTH_USERINFO_INVALID_RESPONSE";
|
|
97
|
+
readonly message: "OAuth userinfo endpoint returned an invalid or malformed response";
|
|
98
|
+
};
|
|
99
|
+
readonly OAUTH_USERINFO_ERROR: {
|
|
100
|
+
readonly facility: 10;
|
|
101
|
+
readonly severity: "error";
|
|
102
|
+
readonly msgId: "OAUTH_USERINFO_ERROR";
|
|
103
|
+
readonly message: "OAuth userinfo endpoint returned an error response";
|
|
104
|
+
};
|
|
105
|
+
readonly OAUTH_USERINFO_SUCCESS: {
|
|
106
|
+
readonly facility: 10;
|
|
107
|
+
readonly severity: "info";
|
|
108
|
+
readonly msgId: "OAUTH_USERINFO_SUCCESS";
|
|
109
|
+
readonly message: "Successfully retrieved user information from the OAuth provider";
|
|
110
|
+
};
|
|
111
|
+
readonly OAUTH_USERINFO_REQUEST_FAILED: {
|
|
112
|
+
readonly facility: 10;
|
|
113
|
+
readonly severity: "error";
|
|
114
|
+
readonly msgId: "OAUTH_USERINFO_REQUEST_FAILED";
|
|
115
|
+
readonly message: "Network or server error while requesting user information from the OAuth provider";
|
|
116
|
+
};
|
|
117
|
+
readonly OAUTH_CALLBACK_SUCCESS: {
|
|
118
|
+
readonly facility: 4;
|
|
119
|
+
readonly severity: "info";
|
|
120
|
+
readonly msgId: "OAUTH_CALLBACK_SUCCESS";
|
|
121
|
+
readonly message: "OAuth callback completed successfully and session was created";
|
|
122
|
+
};
|
|
123
|
+
readonly MISMATCHING_STATE: {
|
|
124
|
+
readonly facility: 4;
|
|
125
|
+
readonly severity: "critical";
|
|
126
|
+
readonly msgId: "MISMATCHING_STATE";
|
|
127
|
+
readonly message: "OAuth response state parameter does not match the stored state value";
|
|
128
|
+
};
|
|
129
|
+
readonly POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED: {
|
|
130
|
+
readonly facility: 4;
|
|
131
|
+
readonly severity: "critical";
|
|
132
|
+
readonly msgId: "POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED";
|
|
133
|
+
readonly message: "Blocked redirect to untrusted or external URL (potential open redirect attack)";
|
|
134
|
+
};
|
|
135
|
+
readonly OPEN_REDIRECT_ATTACK: {
|
|
136
|
+
readonly facility: 4;
|
|
137
|
+
readonly severity: "warning";
|
|
138
|
+
readonly msgId: "OPEN_REDIRECT_ATTACK";
|
|
139
|
+
readonly message: "Detected redirect target that does not match the trusted origin";
|
|
140
|
+
};
|
|
141
|
+
readonly SESSION_TOKEN_MISSING: {
|
|
142
|
+
readonly facility: 4;
|
|
143
|
+
readonly severity: "warning";
|
|
144
|
+
readonly msgId: "SESSION_TOKEN_MISSING";
|
|
145
|
+
readonly message: "Session cookie is missing from the request";
|
|
146
|
+
};
|
|
147
|
+
readonly CSRF_TOKEN_MISSING: {
|
|
148
|
+
readonly facility: 4;
|
|
149
|
+
readonly severity: "warning";
|
|
150
|
+
readonly msgId: "CSRF_TOKEN_MISSING";
|
|
151
|
+
readonly message: "CSRF token cookie is missing from the request";
|
|
152
|
+
};
|
|
153
|
+
readonly CSRF_HEADER_MISSING: {
|
|
154
|
+
readonly facility: 4;
|
|
155
|
+
readonly severity: "warning";
|
|
156
|
+
readonly msgId: "CSRF_HEADER_MISSING";
|
|
157
|
+
readonly message: "CSRF header is missing from the request";
|
|
158
|
+
};
|
|
159
|
+
readonly CSRF_TOKEN_INVALID: {
|
|
160
|
+
readonly facility: 4;
|
|
161
|
+
readonly severity: "error";
|
|
162
|
+
readonly msgId: "CSRF_TOKEN_INVALID";
|
|
163
|
+
readonly message: "CSRF token verification failed or token is invalid";
|
|
164
|
+
};
|
|
165
|
+
readonly SIGN_IN_INITIATED: {
|
|
166
|
+
readonly facility: 4;
|
|
167
|
+
readonly severity: "info";
|
|
168
|
+
readonly msgId: "SIGN_IN_INITIATED";
|
|
169
|
+
readonly message: "Starting OAuth sign-in flow for the selected provider";
|
|
170
|
+
};
|
|
171
|
+
readonly SIGN_OUT_ATTEMPT: {
|
|
172
|
+
readonly facility: 4;
|
|
173
|
+
readonly severity: "debug";
|
|
174
|
+
readonly msgId: "SIGN_OUT_ATTEMPT";
|
|
175
|
+
readonly message: "Received sign-out request from client";
|
|
176
|
+
};
|
|
177
|
+
readonly SIGN_OUT_CSRF_VERIFIED: {
|
|
178
|
+
readonly facility: 4;
|
|
179
|
+
readonly severity: "info";
|
|
180
|
+
readonly msgId: "SIGN_OUT_CSRF_VERIFIED";
|
|
181
|
+
readonly message: "CSRF token was successfully verified during sign-out";
|
|
182
|
+
};
|
|
183
|
+
readonly SIGN_OUT_SUCCESS: {
|
|
184
|
+
readonly facility: 4;
|
|
185
|
+
readonly severity: "info";
|
|
186
|
+
readonly msgId: "SIGN_OUT_SUCCESS";
|
|
187
|
+
readonly message: "User session was cleared and sign-out completed successfully";
|
|
188
|
+
};
|
|
189
|
+
readonly SIGN_OUT_REDIRECT: {
|
|
190
|
+
readonly facility: 4;
|
|
191
|
+
readonly severity: "debug";
|
|
192
|
+
readonly msgId: "SIGN_OUT_REDIRECT";
|
|
193
|
+
readonly message: "Redirecting client after successful sign-out";
|
|
194
|
+
};
|
|
195
|
+
readonly AUTH_SESSION_VALID: {
|
|
196
|
+
readonly facility: 4;
|
|
197
|
+
readonly severity: "info";
|
|
198
|
+
readonly msgId: "AUTH_SESSION_VALID";
|
|
199
|
+
readonly message: "Session token is valid and user session was returned";
|
|
200
|
+
};
|
|
201
|
+
readonly AUTH_SESSION_INVALID: {
|
|
202
|
+
readonly facility: 4;
|
|
203
|
+
readonly severity: "notice";
|
|
204
|
+
readonly msgId: "AUTH_SESSION_INVALID";
|
|
205
|
+
readonly message: "Session token is missing, expired, or invalid";
|
|
206
|
+
};
|
|
207
|
+
readonly INVALID_JWT_TOKEN: {
|
|
208
|
+
readonly facility: 4;
|
|
209
|
+
readonly severity: "warning";
|
|
210
|
+
readonly msgId: "INVALID_JWT_TOKEN";
|
|
211
|
+
readonly message: "JWT session token failed validation during sign-out";
|
|
212
|
+
};
|
|
213
|
+
readonly CSRF_TOKEN_REQUESTED: {
|
|
214
|
+
readonly facility: 4;
|
|
215
|
+
readonly severity: "debug";
|
|
216
|
+
readonly msgId: "CSRF_TOKEN_REQUESTED";
|
|
217
|
+
readonly message: "Client requested a CSRF token";
|
|
218
|
+
};
|
|
219
|
+
readonly CSRF_TOKEN_ISSUED: {
|
|
220
|
+
readonly facility: 4;
|
|
221
|
+
readonly severity: "debug";
|
|
222
|
+
readonly msgId: "CSRF_TOKEN_ISSUED";
|
|
223
|
+
readonly message: "Issued a new CSRF token to the client";
|
|
224
|
+
};
|
|
225
|
+
readonly INVALID_URL: {
|
|
226
|
+
readonly facility: 10;
|
|
227
|
+
readonly severity: "error";
|
|
228
|
+
readonly msgId: "INVALID_URL";
|
|
229
|
+
readonly message: "Derived origin URL is invalid or malformed";
|
|
230
|
+
};
|
|
231
|
+
readonly COOKIE_HTTPONLY_DISABLED: {
|
|
232
|
+
readonly facility: 10;
|
|
233
|
+
readonly severity: "critical";
|
|
234
|
+
readonly msgId: "COOKIE_HTTPONLY_DISABLED";
|
|
235
|
+
readonly message: "Cookie is configured without HttpOnly. This allows JavaScript access via document.cookie and increases XSS exposure.";
|
|
236
|
+
};
|
|
237
|
+
readonly COOKIE_WILDCARD_DOMAIN: {
|
|
238
|
+
readonly facility: 10;
|
|
239
|
+
readonly severity: "critical";
|
|
240
|
+
readonly msgId: "COOKIE_WILDCARD_DOMAIN";
|
|
241
|
+
readonly message: "Cookie 'Domain' is set to a wildcard, which is insecure and should be avoided.";
|
|
242
|
+
};
|
|
243
|
+
readonly COOKIE_SECURE_DISABLED: {
|
|
244
|
+
readonly facility: 10;
|
|
245
|
+
readonly severity: "warning";
|
|
246
|
+
readonly msgId: "COOKIE_SECURE_DISABLED";
|
|
247
|
+
readonly message: "Cookie is configured with 'Secure' but the request is not HTTPS. The 'Secure' attribute will be ignored by the browser.";
|
|
248
|
+
};
|
|
249
|
+
readonly COOKIE_SAMESITE_NONE_WITHOUT_SECURE: {
|
|
250
|
+
readonly facility: 10;
|
|
251
|
+
readonly severity: "warning";
|
|
252
|
+
readonly msgId: "COOKIE_SAMESITE_NONE_WITHOUT_SECURE";
|
|
253
|
+
readonly message: "Cookie uses SameSite=None without Secure. Falling back to SameSite=Lax for safer defaults.";
|
|
254
|
+
};
|
|
255
|
+
readonly COOKIE_INSECURE_IN_PRODUCTION: {
|
|
256
|
+
readonly facility: 10;
|
|
257
|
+
readonly severity: "critical";
|
|
258
|
+
readonly msgId: "COOKIE_INSECURE_IN_PRODUCTION";
|
|
259
|
+
readonly message: "Cookies are being served over an insecure connection in production, which is a serious security risk.";
|
|
260
|
+
};
|
|
261
|
+
readonly COOKIE_HOST_STRATEGY_INSECURE: {
|
|
262
|
+
readonly facility: 10;
|
|
263
|
+
readonly severity: "critical";
|
|
264
|
+
readonly msgId: "COOKIE_HOST_STRATEGY_INSECURE";
|
|
265
|
+
readonly message: "__Host- cookies require a secure HTTPS context. Falling back to standard cookie settings.";
|
|
266
|
+
};
|
|
267
|
+
readonly UNTRUSTED_ORIGIN: {
|
|
268
|
+
readonly facility: 10;
|
|
269
|
+
readonly severity: "error";
|
|
270
|
+
readonly msgId: "UNTRUSTED_ORIGIN";
|
|
271
|
+
readonly message: "The constructed origin URL is not trusted.";
|
|
272
|
+
};
|
|
273
|
+
};
|
|
274
|
+
declare const createLogEntry: <T extends keyof typeof logMessages>(key: T, overrides?: Partial<SyslogOptions>) => SyslogOptions;
|
|
275
|
+
declare const createSyslogMessage: (options: SyslogOptions) => string;
|
|
276
|
+
declare const createLogger: (logger?: Required<Logger>) => InternalLogger | undefined;
|
|
277
|
+
/**
|
|
278
|
+
* Creates the logger instance based on the provided configuration and environment variables.
|
|
279
|
+
* Priority: config.logger, LOG_LEVEL env, DEBUG env and defaults to undefined if logging is not enabled.
|
|
280
|
+
*
|
|
281
|
+
*/
|
|
282
|
+
declare const createProxyLogger: (config?: AuthConfig) => InternalLogger | undefined;
|
|
283
|
+
|
|
284
|
+
/**
|
|
285
|
+
* Creates the JOSE instance used for signing and verifying tokens. It derives keys
|
|
286
|
+
* for session tokens and CSRF tokens. For security and determinism, it's required
|
|
287
|
+
* to set a salt value in `AURA_AUTH_SALT` or `AUTH_SALT` env.
|
|
288
|
+
*
|
|
289
|
+
* @param secret the base secret for key derivation
|
|
290
|
+
* @returns jose instance with methods for encoding/decoding JWTs and signing/verifying JWSs
|
|
291
|
+
*/
|
|
292
|
+
declare const createJoseInstance: (secret?: string) => {
|
|
293
|
+
decodeJWT: (token: string, options?: DecodedJWTPayloadOptions) => Promise<TypedJWTPayload<User>>;
|
|
294
|
+
encodeJWT: (payload: TypedJWTPayload<Partial<User>>) => Promise<string>;
|
|
295
|
+
signJWS: (payload: TypedJWTPayload<Partial<_aura_stack_jose_jose.JWTPayload>>) => Promise<string>;
|
|
296
|
+
verifyJWS: (payload: string, options?: JWTVerifyOptions | undefined) => Promise<_aura_stack_jose_jose.JWTPayload>;
|
|
297
|
+
encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions | undefined) => Promise<string>;
|
|
298
|
+
decryptJWE: (payload: string, options?: _aura_stack_jose.JWTDecryptOptions | undefined) => Promise<string>;
|
|
299
|
+
};
|
|
300
|
+
declare const jwtVerificationOptions: JWTVerifyOptions;
|
|
301
|
+
declare const decodeJWTOptions: DecodedJWTPayloadOptions;
|
|
302
|
+
|
|
303
|
+
interface ExtendedProfile {
|
|
304
|
+
job_title: string;
|
|
305
|
+
organization: string;
|
|
306
|
+
department: string;
|
|
307
|
+
location: string;
|
|
308
|
+
}
|
|
309
|
+
interface AtlassianProfile {
|
|
310
|
+
account_id: string;
|
|
311
|
+
account_type: string;
|
|
312
|
+
account_status: LiteralUnion<"active">;
|
|
313
|
+
email: string;
|
|
314
|
+
email_verified: boolean;
|
|
315
|
+
name: string;
|
|
316
|
+
picture: string;
|
|
317
|
+
nickname: string;
|
|
318
|
+
zoneinfo: string;
|
|
319
|
+
locale: string;
|
|
320
|
+
extended_profile: ExtendedProfile;
|
|
321
|
+
last_updated: string;
|
|
322
|
+
created_at: string;
|
|
323
|
+
}
|
|
324
|
+
/**
|
|
325
|
+
* @see [Atlassian - OAuth Apps](https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/)
|
|
326
|
+
* @see [Atlassian - My Apps](https://developer.atlassian.com/console/myapps/)
|
|
327
|
+
* @see [Atlassian - Retrieve Authenticated User](https://developer.atlassian.com/cloud/jira/software/oauth-2-3lo-apps/#how-do-i-retrieve-the-public-profile-of-the-authenticated-user-)
|
|
328
|
+
*/
|
|
329
|
+
declare const atlassian: (options?: Partial<OAuthProviderCredentials<AtlassianProfile>>) => OAuthProviderCredentials<AtlassianProfile>;
|
|
330
|
+
|
|
331
|
+
type AccountType = "basic" | "pro" | "business";
|
|
332
|
+
interface Name {
|
|
333
|
+
given_name: string;
|
|
334
|
+
surname: string;
|
|
335
|
+
familiar_name: string;
|
|
336
|
+
display_name: string;
|
|
337
|
+
abbreviated_name: string;
|
|
338
|
+
}
|
|
339
|
+
interface RootInfo {
|
|
340
|
+
team: RootInfo;
|
|
341
|
+
user: RootInfo;
|
|
342
|
+
}
|
|
343
|
+
interface FullTeam {
|
|
344
|
+
id: string;
|
|
345
|
+
name: string;
|
|
346
|
+
sharing_policies: Record<string, unknown>;
|
|
347
|
+
office_addin_policy: unknown;
|
|
348
|
+
top_level_content_policy: unknown;
|
|
349
|
+
}
|
|
350
|
+
interface DropboxProfile {
|
|
351
|
+
account_id: string;
|
|
352
|
+
name: Name;
|
|
353
|
+
email: string;
|
|
354
|
+
email_verified: boolean;
|
|
355
|
+
disabled: boolean;
|
|
356
|
+
locale: string;
|
|
357
|
+
referral_link: string;
|
|
358
|
+
is_paired: boolean;
|
|
359
|
+
account_type: AccountType;
|
|
360
|
+
root_info: unknown;
|
|
361
|
+
profile_photo_url?: string;
|
|
362
|
+
country: string;
|
|
363
|
+
team?: unknown;
|
|
364
|
+
team_member_id?: string;
|
|
365
|
+
}
|
|
366
|
+
/**
|
|
367
|
+
* @see [Dropbox - OAuth Guide](https://developers.dropbox.com/oauth-guide)
|
|
368
|
+
* @see [Dropbox - API v2](https://www.dropbox.com/developers/documentation/http/documentation)
|
|
369
|
+
* @see [Dropbox - Get Current Account](https://www.dropbox.com/developers/documentation/http/documentation#users-get_current_account)
|
|
370
|
+
* @see [Dropbox - My Apps](https://www.dropbox.com/developers/apps)
|
|
371
|
+
* @see [Dropbox - Developer Guide](https://www.dropbox.com/developers/reference/developer-guide)
|
|
372
|
+
*/
|
|
373
|
+
declare const dropbox: (options?: Partial<OAuthProviderCredentials<DropboxProfile>>) => OAuthProviderCredentials<DropboxProfile>;
|
|
374
|
+
|
|
375
|
+
interface Person {
|
|
376
|
+
email: string;
|
|
377
|
+
}
|
|
378
|
+
interface User$1 {
|
|
379
|
+
object: "user";
|
|
380
|
+
id: string;
|
|
381
|
+
name: string;
|
|
382
|
+
avatar_url: string | null;
|
|
383
|
+
type: "person";
|
|
384
|
+
person: Person;
|
|
385
|
+
}
|
|
386
|
+
interface Owner {
|
|
387
|
+
type: "user";
|
|
388
|
+
user: User$1;
|
|
389
|
+
}
|
|
390
|
+
interface Bot {
|
|
391
|
+
owner: Owner;
|
|
392
|
+
}
|
|
393
|
+
/**
|
|
394
|
+
* @see [Notion - Retrieve your token's bot user](https://developers.notion.com/reference/get-self)
|
|
395
|
+
*/
|
|
396
|
+
interface NotionProfile {
|
|
397
|
+
object: "user";
|
|
398
|
+
id: string;
|
|
399
|
+
name: string;
|
|
400
|
+
avatar_url: string | null;
|
|
401
|
+
type: "bot";
|
|
402
|
+
bot: Bot;
|
|
403
|
+
}
|
|
404
|
+
/**
|
|
405
|
+
* @see [Notion - Developer Documentation](https://developers.notion.com/)
|
|
406
|
+
* @see [Notion - Authorization](https://developers.notion.com/docs/authorization)
|
|
407
|
+
* @see [Notion - Authentication](https://developers.notion.com/reference/authentication)
|
|
408
|
+
* @see [Notion - Retrieve your token's bot user](https://developers.notion.com/reference/get-self)
|
|
409
|
+
*/
|
|
410
|
+
declare const notion: (options?: Partial<OAuthProviderCredentials<NotionProfile>>) => OAuthProviderCredentials<NotionProfile>;
|
|
411
|
+
|
|
412
|
+
/**
|
|
413
|
+
* @see [Twitch - Get Users](https://dev.twitch.tv/docs/api/reference#get-users)
|
|
414
|
+
*/
|
|
415
|
+
interface TwitchProfile {
|
|
416
|
+
id: string;
|
|
417
|
+
login: string;
|
|
418
|
+
display_name: string;
|
|
419
|
+
type: string;
|
|
420
|
+
broadcaster_type: string;
|
|
421
|
+
description: string;
|
|
422
|
+
profile_image_url: string;
|
|
423
|
+
offline_image_url: string;
|
|
424
|
+
view_count: number;
|
|
425
|
+
email?: string;
|
|
426
|
+
created_at: string;
|
|
427
|
+
}
|
|
428
|
+
/**
|
|
429
|
+
* @see [Twitch - Get Started with the Twitch API](https://dev.twitch.tv/docs/api/get-started/)
|
|
430
|
+
* @see [Twitch - Authorization code grant flow](https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#authorization-code-grant-flow)
|
|
431
|
+
* @see [Twitch - Register Your App](https://dev.twitch.tv/docs/authentication/register-app)
|
|
432
|
+
* @see [Twitch - Setting up Two-Factor Authentication (2FA)](https://help.twitch.tv/s/article/two-factor-authentication?language=en_US)
|
|
433
|
+
* @see [Twitch - Security and Privacy](https://www.twitch.tv/settings/security)
|
|
434
|
+
* @see [Twitch - Get Users](https://dev.twitch.tv/docs/api/reference#get-users)
|
|
435
|
+
* @see [Twitch - Scopes](https://dev.twitch.tv/docs/authentication/scopes/)
|
|
436
|
+
*/
|
|
437
|
+
declare const twitch: (options?: Partial<OAuthProviderCredentials<TwitchProfile>>) => OAuthProviderCredentials<TwitchProfile>;
|
|
438
|
+
|
|
439
|
+
/**
|
|
440
|
+
* @see [Pinterest - Get User Account](https://developers.pinterest.com/docs/api/v5/user_account-get)
|
|
441
|
+
*/
|
|
442
|
+
interface PinterestProfile {
|
|
443
|
+
account_type: LiteralUnion<"PINNER">;
|
|
444
|
+
id: string;
|
|
445
|
+
profile_image: string;
|
|
446
|
+
website_url: string;
|
|
447
|
+
username: string;
|
|
448
|
+
about: string;
|
|
449
|
+
business_name: string;
|
|
450
|
+
board_count: number;
|
|
451
|
+
pin_count: number;
|
|
452
|
+
follower_count: number;
|
|
453
|
+
following_count: number;
|
|
454
|
+
monthly_views: number;
|
|
455
|
+
}
|
|
456
|
+
/**
|
|
457
|
+
* @see [Pinterest - Connect App](https://developers.pinterest.com/docs/getting-started/connect-app/)
|
|
458
|
+
* @see [Pinterest - My Apps](https://developers.pinterest.com/apps/)
|
|
459
|
+
* @see [Pinterest - Get User Account](https://developers.pinterest.com/docs/api/v5/user_account-get)
|
|
460
|
+
*/
|
|
461
|
+
declare const pinterest: (options?: Partial<OAuthProviderCredentials<PinterestProfile>>) => OAuthProviderCredentials<PinterestProfile>;
|
|
462
|
+
|
|
463
|
+
interface Login {
|
|
464
|
+
email: string;
|
|
465
|
+
avatar: string | null;
|
|
466
|
+
login_id: number;
|
|
467
|
+
login_name: string;
|
|
468
|
+
login_email: string;
|
|
469
|
+
}
|
|
470
|
+
/**
|
|
471
|
+
* @see [Mailchimp - API Root](https://mailchimp.com/developer/marketing/api/authentication/)
|
|
472
|
+
*/
|
|
473
|
+
interface MailchimpProfile {
|
|
474
|
+
dc: string;
|
|
475
|
+
role: string;
|
|
476
|
+
accountname: string;
|
|
477
|
+
user_id: string;
|
|
478
|
+
login: Login;
|
|
479
|
+
login_url: string;
|
|
480
|
+
api_endpoint: string;
|
|
481
|
+
}
|
|
482
|
+
/**
|
|
483
|
+
* Mailchimp OAuth Provider
|
|
484
|
+
* @see [Mailchimp - Marketing API](https://mailchimp.com/developer/marketing/api/)
|
|
485
|
+
* @see [Mailchimp - Apps](https://us1.admin.mailchimp.com/account/oauth2/)
|
|
486
|
+
* @see [Mailchimp - Create an Application](https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/#register-your-app)
|
|
487
|
+
* @see [Mailchimp - OAuth 2.0 Docs](https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/)
|
|
488
|
+
* @see [Mailchimp - API Root](https://mailchimp.com/developer/marketing/api/root/)
|
|
489
|
+
*/
|
|
490
|
+
declare const mailchimp: (options?: Partial<OAuthProviderCredentials<MailchimpProfile>>) => OAuthProviderCredentials<MailchimpProfile>;
|
|
491
|
+
|
|
492
|
+
/**
|
|
493
|
+
* @see [Strava - SummaryClub](https://developers.strava.com/docs/reference/#api-models-SummaryClub)
|
|
494
|
+
*/
|
|
495
|
+
interface SummaryClub {
|
|
496
|
+
id: number;
|
|
497
|
+
resource_state: number;
|
|
498
|
+
name: string;
|
|
499
|
+
profile_medium: string;
|
|
500
|
+
cover_photo: string;
|
|
501
|
+
cover_photo_small: string;
|
|
502
|
+
sport_type: "cycling" | "running" | "triathlon" | "other";
|
|
503
|
+
activity_types: string[];
|
|
504
|
+
city: string;
|
|
505
|
+
state: string;
|
|
506
|
+
country: string;
|
|
507
|
+
private: boolean;
|
|
508
|
+
member_count: number;
|
|
509
|
+
featured: boolean;
|
|
510
|
+
verified: boolean;
|
|
511
|
+
url: string;
|
|
512
|
+
}
|
|
513
|
+
/**
|
|
514
|
+
* @see [Strava - SummaryGear](https://developers.strava.com/docs/reference/#api-models-SummaryGear)
|
|
515
|
+
*/
|
|
516
|
+
interface SummaryGear {
|
|
517
|
+
id: string;
|
|
518
|
+
resource_state: number;
|
|
519
|
+
primary: boolean;
|
|
520
|
+
name: string;
|
|
521
|
+
distance: number;
|
|
522
|
+
}
|
|
523
|
+
/**
|
|
524
|
+
* @see [Strava - DetailedAthlete](https://developers.strava.com/docs/reference/#api-models-DetailedAthlete)
|
|
525
|
+
*/
|
|
526
|
+
interface StravaProfile {
|
|
527
|
+
id: number;
|
|
528
|
+
resource_state: number;
|
|
529
|
+
firstname: string;
|
|
530
|
+
lastname: string;
|
|
531
|
+
bio: string | null;
|
|
532
|
+
profile: string;
|
|
533
|
+
profile_medium: string;
|
|
534
|
+
city: string;
|
|
535
|
+
state: string;
|
|
536
|
+
country: string;
|
|
537
|
+
sex: string;
|
|
538
|
+
premium: boolean;
|
|
539
|
+
summit: boolean;
|
|
540
|
+
created_at: Date;
|
|
541
|
+
updated_at: Date;
|
|
542
|
+
badge_type_id: number;
|
|
543
|
+
weight: number;
|
|
544
|
+
friend: null;
|
|
545
|
+
follower: null;
|
|
546
|
+
follower_count: number;
|
|
547
|
+
friend_count: number;
|
|
548
|
+
measurement_preference: string;
|
|
549
|
+
ftp: number;
|
|
550
|
+
clubs: SummaryClub[];
|
|
551
|
+
bikes: SummaryGear[];
|
|
552
|
+
shoes: SummaryGear[];
|
|
553
|
+
}
|
|
554
|
+
/**
|
|
555
|
+
* Strava OAuth Provider
|
|
556
|
+
* @see [Strava - Getting Started with the Strava API](https://developers.strava.com/docs/getting-started/)
|
|
557
|
+
* @see [Strava - My Applications](https://www.strava.com/settings/api)
|
|
558
|
+
* @see [Strava - Authentication](https://developers.strava.com/docs/authentication/)
|
|
559
|
+
* @see [Strava - API Application](https://www.strava.com/settings/api)
|
|
560
|
+
* @see [Strava - API Reference](https://developers.strava.com/docs/reference/)
|
|
561
|
+
*/
|
|
562
|
+
declare const strava: (options?: Partial<OAuthProviderCredentials<StravaProfile>>) => OAuthProviderCredentials<StravaProfile>;
|
|
563
|
+
|
|
564
|
+
/**
|
|
565
|
+
* @see [X - Get my User](https://docs.x.com/x-api/users/get-my-user)
|
|
566
|
+
*/
|
|
567
|
+
interface XProfile {
|
|
568
|
+
data: {
|
|
569
|
+
id: string;
|
|
570
|
+
name: string;
|
|
571
|
+
username: string;
|
|
572
|
+
profile_image_url: string;
|
|
573
|
+
};
|
|
574
|
+
}
|
|
575
|
+
/**
|
|
576
|
+
* X (Twitter) OAuth Provider
|
|
577
|
+
* @see [X - Developer Portal](https://developer.x.com/en/portal/projects-and-apps)
|
|
578
|
+
* @see [X - Get my User](https://docs.x.com/x-api/users/get-my-user)
|
|
579
|
+
* @see [X - OAuth 2.0 Authorization Code Flow with PKCE](https://docs.x.com/fundamentals/authentication/oauth-2-0/authorization-code)
|
|
580
|
+
* @see [X - OAuth 2.0 Scopes](https://docs.x.com/fundamentals/authentication/oauth-2-0/authorization-code#scopes)
|
|
581
|
+
* @see [X - OAuth 2.0 Bearer Token](https://docs.x.com/fundamentals/authentication/oauth-2-0/application-only)
|
|
582
|
+
*/
|
|
583
|
+
declare const x: (options?: Partial<OAuthProviderCredentials<XProfile>>) => OAuthProviderCredentials<XProfile>;
|
|
584
|
+
|
|
585
|
+
interface SpotifyImage {
|
|
586
|
+
url: string;
|
|
587
|
+
height: number;
|
|
588
|
+
width: number;
|
|
589
|
+
}
|
|
590
|
+
/**
|
|
591
|
+
* @see [Spotify - User Object](https://developer.spotify.com/documentation/web-api/reference/object-model/#user-object-private)
|
|
592
|
+
*/
|
|
593
|
+
interface SpotifyProfile {
|
|
594
|
+
id: string;
|
|
595
|
+
display_name: string;
|
|
596
|
+
email: string;
|
|
597
|
+
type: string;
|
|
598
|
+
uri: string;
|
|
599
|
+
country: string;
|
|
600
|
+
href: string;
|
|
601
|
+
images: SpotifyImage[];
|
|
602
|
+
product: string;
|
|
603
|
+
explicit_content: {
|
|
604
|
+
filter_enabled: boolean;
|
|
605
|
+
filter_locked: boolean;
|
|
606
|
+
};
|
|
607
|
+
external_urls: {
|
|
608
|
+
spotify: string;
|
|
609
|
+
};
|
|
610
|
+
followers: {
|
|
611
|
+
href: string;
|
|
612
|
+
total: number;
|
|
613
|
+
};
|
|
614
|
+
}
|
|
615
|
+
/**
|
|
616
|
+
* Spotify OAuth Provider
|
|
617
|
+
*
|
|
618
|
+
* @see [Spotify - Spotify Developer Dashboard](https://developer.spotify.com/dashboard)
|
|
619
|
+
* @see [Spotify - Getting started with Web API](https://developer.spotify.com/documentation/web-api/tutorials/getting-started)
|
|
620
|
+
* @see [Spotify - Get Current User's Profile](https://developer.spotify.com/documentation/web-api/reference/get-current-users-profile)
|
|
621
|
+
* @see [Spotify - Scopes](https://developer.spotify.com/documentation/web-api/concepts/scopes)
|
|
622
|
+
* @see [Spotify - Redirect URIs](https://developer.spotify.com/documentation/web-api/concepts/redirect_uri)
|
|
623
|
+
*/
|
|
624
|
+
declare const spotify: (options?: Partial<OAuthProviderCredentials<SpotifyProfile>>) => OAuthProviderCredentials<SpotifyProfile>;
|
|
625
|
+
|
|
626
|
+
/**
|
|
627
|
+
* @see [GitLab - User Structure](https://docs.gitlab.com/ee/api/users.html#external-user-structure)
|
|
628
|
+
*/
|
|
629
|
+
interface GitLabProfile {
|
|
630
|
+
id: number;
|
|
631
|
+
username: string;
|
|
632
|
+
email: string;
|
|
633
|
+
name: string;
|
|
634
|
+
state: string;
|
|
635
|
+
locked: boolean;
|
|
636
|
+
avatar_url: string;
|
|
637
|
+
web_url: string;
|
|
638
|
+
created_at: string;
|
|
639
|
+
bio: string;
|
|
640
|
+
location: string | null;
|
|
641
|
+
public_email: string;
|
|
642
|
+
linkedin: string;
|
|
643
|
+
twitter: string;
|
|
644
|
+
discord: string;
|
|
645
|
+
github: string;
|
|
646
|
+
website_url: string;
|
|
647
|
+
organization: string;
|
|
648
|
+
job_title: string;
|
|
649
|
+
pronouns: string;
|
|
650
|
+
bot: boolean;
|
|
651
|
+
work_information: string | null;
|
|
652
|
+
followers: number;
|
|
653
|
+
following: number;
|
|
654
|
+
local_time: string;
|
|
655
|
+
last_sign_in_at: string;
|
|
656
|
+
confirmed_at: string;
|
|
657
|
+
theme_id: number;
|
|
658
|
+
last_activity_on: string;
|
|
659
|
+
color_scheme_id: number;
|
|
660
|
+
projects_limit: number;
|
|
661
|
+
current_sign_in_at: string;
|
|
662
|
+
identities: {
|
|
663
|
+
provider: string;
|
|
664
|
+
extern_uid: string;
|
|
665
|
+
saml_provider_id: number | null;
|
|
666
|
+
}[];
|
|
667
|
+
can_create_group: boolean;
|
|
668
|
+
can_create_project: boolean;
|
|
669
|
+
two_factor_enabled: boolean;
|
|
670
|
+
external: boolean;
|
|
671
|
+
private_profile: boolean;
|
|
672
|
+
commit_email: string;
|
|
673
|
+
preferred_language: string;
|
|
674
|
+
shared_runners_minutes_limit: number | null;
|
|
675
|
+
extra_shared_runners_minutes_limit: number | null;
|
|
676
|
+
scim_identities: unknown[];
|
|
677
|
+
}
|
|
678
|
+
/**
|
|
679
|
+
* GitLab OAuth Provider
|
|
680
|
+
*
|
|
681
|
+
* @see [GitLab - Applications](https://gitlab.com/-/user_settings/applications)
|
|
682
|
+
* @see [GitLab - OAuth 2.0 identify provider API](https://docs.gitlab.com/api/oauth2/)
|
|
683
|
+
* @see [GitLab - Scopes](https://docs.gitlab.com/integration/oauth_provider/#view-all-authorized-applications)
|
|
684
|
+
* @see [GitLab - Get current user](https://docs.gitlab.com/api/users/#get-the-current-user)
|
|
685
|
+
*/
|
|
686
|
+
declare const gitlab: (options?: Partial<OAuthProviderCredentials<GitLabProfile>>) => OAuthProviderCredentials<GitLabProfile>;
|
|
687
|
+
|
|
688
|
+
/**
|
|
689
|
+
* @see [Discord - Nameplate Object](https://discord.com/developers/docs/resources/user#nameplate-nameplate-structure)
|
|
690
|
+
*/
|
|
691
|
+
interface Nameplate {
|
|
692
|
+
sku_id: string;
|
|
693
|
+
asset: string;
|
|
694
|
+
label: string;
|
|
695
|
+
palette: string;
|
|
696
|
+
}
|
|
697
|
+
/**
|
|
698
|
+
* The `snowflake` type is a string type. The attributes defined with this type are:
|
|
699
|
+
* - `id`: The unique identifier for the object.
|
|
700
|
+
* - `primary_guild.identity_guild_id`: The unique identifier for the guild.
|
|
701
|
+
* - `avatar_decoration_data.sku_id`: The unique identifier for the SKU.
|
|
702
|
+
*
|
|
703
|
+
* @see [Discord - User Object](https://discord.com/developers/docs/resources/user#user-object)
|
|
704
|
+
*/
|
|
705
|
+
interface DiscordProfile {
|
|
706
|
+
id: string;
|
|
707
|
+
username: string;
|
|
708
|
+
discriminator: string;
|
|
709
|
+
global_name: string | null;
|
|
710
|
+
avatar: string | null;
|
|
711
|
+
bot?: boolean;
|
|
712
|
+
system?: boolean;
|
|
713
|
+
mfa_enabled?: boolean;
|
|
714
|
+
banner?: string | null;
|
|
715
|
+
accent_color?: number | null;
|
|
716
|
+
locale?: string;
|
|
717
|
+
verified?: boolean;
|
|
718
|
+
email?: string | null;
|
|
719
|
+
flags?: number;
|
|
720
|
+
premium_type?: number;
|
|
721
|
+
public_flags?: number;
|
|
722
|
+
avatar_decoration_data?: {
|
|
723
|
+
asset: string;
|
|
724
|
+
sku_id: string;
|
|
725
|
+
};
|
|
726
|
+
collections?: Record<string, Nameplate>;
|
|
727
|
+
primary_guild?: {
|
|
728
|
+
identity_guild_id: string;
|
|
729
|
+
identity_enabled: boolean | null;
|
|
730
|
+
tag: string | null;
|
|
731
|
+
badge: string | null;
|
|
732
|
+
};
|
|
733
|
+
}
|
|
734
|
+
/**
|
|
735
|
+
* Discord OAuth Provider
|
|
736
|
+
*
|
|
737
|
+
* @see [Discord - Applications](https://discord.com/developers/applications)
|
|
738
|
+
* @see [Discord - OAuth2](https://discord.com/developers/docs/topics/oauth2)
|
|
739
|
+
* @see [Discord - Get Current User](https://discord.com/developers/docs/resources/user#get-current-user)
|
|
740
|
+
* @see [Discord - User Object](https://discord.com/developers/docs/resources/user#user-object)
|
|
741
|
+
* @see [Discord - OAuth2 Scopes](https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes)
|
|
742
|
+
* @see [Discord - Image Formatting](https://discord.com/developers/docs/reference#image-formatting)
|
|
743
|
+
* @see [Discord - Display Names](https://discord.com/developers/docs/change-log#display-names)
|
|
744
|
+
*/
|
|
745
|
+
declare const discord: (options?: Partial<OAuthProviderCredentials<DiscordProfile>>) => OAuthProviderCredentials<DiscordProfile>;
|
|
746
|
+
|
|
747
|
+
/**
|
|
748
|
+
* @see [Figma API - Users](https://developers.figma.com/docs/rest-api/users-types/)
|
|
749
|
+
*/
|
|
750
|
+
interface FigmaProfile {
|
|
751
|
+
id: string;
|
|
752
|
+
handle: string;
|
|
753
|
+
img_url: string;
|
|
754
|
+
email: string;
|
|
755
|
+
}
|
|
756
|
+
/**
|
|
757
|
+
* Figma OAuth Provider
|
|
758
|
+
* @see [Figma - REST API Introduction](https://developers.figma.com/docs/rest-api/)
|
|
759
|
+
* @see [Figma - OAuth App](https://www.figma.com/developers/apps/)
|
|
760
|
+
* @see [Figma - Create an OAuth App](https://developers.figma.com/docs/rest-api/authentication/#create-an-oauth-app)
|
|
761
|
+
* @see [Figma - OAuth Scopes](https://developers.figma.com/docs/rest-api/scopes/)
|
|
762
|
+
*/
|
|
763
|
+
declare const figma: (options?: Partial<OAuthProviderCredentials<FigmaProfile>>) => OAuthProviderCredentials<FigmaProfile>;
|
|
764
|
+
|
|
765
|
+
/**
|
|
766
|
+
* @see [Get current user](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-get)
|
|
767
|
+
*/
|
|
768
|
+
interface BitbucketProfile {
|
|
769
|
+
display_name: string;
|
|
770
|
+
links: Record<LiteralUnion<"self" | "avatar" | "repositories" | "snippets" | "html" | "hooks">, {
|
|
771
|
+
href?: string;
|
|
772
|
+
}>;
|
|
773
|
+
created_on: string;
|
|
774
|
+
type: string;
|
|
775
|
+
uuid: string;
|
|
776
|
+
has_2fa_enabled: boolean;
|
|
777
|
+
username: string;
|
|
778
|
+
nickname: string;
|
|
779
|
+
is_staff: boolean;
|
|
780
|
+
account_id: string;
|
|
781
|
+
account_status: LiteralUnion<"active" | "inactive" | "closed">;
|
|
782
|
+
location: string | null;
|
|
783
|
+
}
|
|
784
|
+
/**
|
|
785
|
+
* Bitbucket OAuth Provider
|
|
786
|
+
*
|
|
787
|
+
* @see [Bitbucket - Official App](https://bitbucket.org/)
|
|
788
|
+
* @see [Bitbucket - Workspaces](https://bitbucket.org/account/workspaces/)
|
|
789
|
+
* @see [Bitbucket - Workspace Settings](https://bitbucket.org/{workspace-name}/workspace/settings/)
|
|
790
|
+
* @see [Bitbucket - OAuth 2.0](https://developer.atlassian.com/cloud/bitbucket/oauth-2/)
|
|
791
|
+
* @see [Bitbucket - Use OAuth on Bitbucket Cloud](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/)
|
|
792
|
+
* @see [Bitbucket - Cloud REST API](https://developer.atlassian.com/cloud/bitbucket/rest/intro/)
|
|
793
|
+
* @see [Bitbucket - User Endpoint](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-users-endpoint)
|
|
794
|
+
*/
|
|
795
|
+
declare const bitbucket: (options?: Partial<OAuthProviderCredentials<BitbucketProfile>>) => OAuthProviderCredentials<BitbucketProfile>;
|
|
796
|
+
|
|
797
|
+
/**
|
|
798
|
+
* @see [Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
|
|
799
|
+
*/
|
|
800
|
+
interface GitHubProfile {
|
|
801
|
+
login: string;
|
|
802
|
+
id: number;
|
|
803
|
+
user_view_type: string;
|
|
804
|
+
node_id: string;
|
|
805
|
+
avatar_url: string;
|
|
806
|
+
gravatar_id: string | null;
|
|
807
|
+
url: string;
|
|
808
|
+
html_url: string;
|
|
809
|
+
followers_url: string;
|
|
810
|
+
following_url: string;
|
|
811
|
+
gists_url: string;
|
|
812
|
+
starred_url: string;
|
|
813
|
+
subscriptions_url: string;
|
|
814
|
+
organizations_url: string;
|
|
815
|
+
repos_url: string;
|
|
816
|
+
events_url: string;
|
|
817
|
+
received_events_url: string;
|
|
818
|
+
type: string;
|
|
819
|
+
site_admin: boolean;
|
|
820
|
+
name: string | null;
|
|
821
|
+
company: string | null;
|
|
822
|
+
blog: string | null;
|
|
823
|
+
location: string | null;
|
|
824
|
+
email: string | null;
|
|
825
|
+
notification_email: string | null;
|
|
826
|
+
hireable: boolean | null;
|
|
827
|
+
bio: string | null;
|
|
828
|
+
twitter_username?: string | null;
|
|
829
|
+
public_repos: number;
|
|
830
|
+
public_gists: number;
|
|
831
|
+
followers: number;
|
|
832
|
+
following: number;
|
|
833
|
+
created_at: string;
|
|
834
|
+
updated_at: string;
|
|
835
|
+
private_gists?: number;
|
|
836
|
+
total_private_repos?: number;
|
|
837
|
+
owned_private_repos?: number;
|
|
838
|
+
disk_usage?: number;
|
|
839
|
+
collaborators?: number;
|
|
840
|
+
two_factor_authentication: boolean;
|
|
841
|
+
plan?: {
|
|
842
|
+
collaborators: number;
|
|
843
|
+
name: string;
|
|
844
|
+
space: number;
|
|
845
|
+
private_repos: number;
|
|
846
|
+
};
|
|
847
|
+
}
|
|
848
|
+
/**
|
|
849
|
+
* GitHub OAuth Provider
|
|
850
|
+
*
|
|
851
|
+
* @see [GitHub - Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
|
|
852
|
+
* @see [GitHub - Authorizing OAuth Apps](https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps)
|
|
853
|
+
* @see [GitHub - Configure your GitHub OAuth Apps](https://github.com/settings/developers)
|
|
854
|
+
* @see [Github - Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
|
|
855
|
+
*/
|
|
856
|
+
declare const github: (options?: Partial<OAuthProviderCredentials<GitHubProfile>>) => OAuthProviderCredentials<GitHubProfile>;
|
|
857
|
+
|
|
858
|
+
declare const builtInOAuthProviders: {
|
|
859
|
+
readonly github: (options?: Partial<OAuthProviderCredentials<GitHubProfile>>) => OAuthProviderCredentials<GitHubProfile>;
|
|
860
|
+
readonly bitbucket: (options?: Partial<OAuthProviderCredentials<BitbucketProfile>>) => OAuthProviderCredentials<BitbucketProfile>;
|
|
861
|
+
readonly figma: (options?: Partial<OAuthProviderCredentials<FigmaProfile>>) => OAuthProviderCredentials<FigmaProfile>;
|
|
862
|
+
readonly discord: (options?: Partial<OAuthProviderCredentials<DiscordProfile>>) => OAuthProviderCredentials<DiscordProfile>;
|
|
863
|
+
readonly gitlab: (options?: Partial<OAuthProviderCredentials<GitLabProfile>>) => OAuthProviderCredentials<GitLabProfile>;
|
|
864
|
+
readonly spotify: (options?: Partial<OAuthProviderCredentials<SpotifyProfile>>) => OAuthProviderCredentials<SpotifyProfile>;
|
|
865
|
+
readonly x: (options?: Partial<OAuthProviderCredentials<XProfile>>) => OAuthProviderCredentials<XProfile>;
|
|
866
|
+
readonly strava: (options?: Partial<OAuthProviderCredentials<StravaProfile>>) => OAuthProviderCredentials<StravaProfile>;
|
|
867
|
+
readonly mailchimp: (options?: Partial<OAuthProviderCredentials<MailchimpProfile>>) => OAuthProviderCredentials<MailchimpProfile>;
|
|
868
|
+
readonly pinterest: (options?: Partial<OAuthProviderCredentials<PinterestProfile>>) => OAuthProviderCredentials<PinterestProfile>;
|
|
869
|
+
readonly twitch: (options?: Partial<OAuthProviderCredentials<TwitchProfile>>) => OAuthProviderCredentials<TwitchProfile>;
|
|
870
|
+
readonly notion: (options?: Partial<OAuthProviderCredentials<NotionProfile>>) => OAuthProviderCredentials<NotionProfile>;
|
|
871
|
+
readonly dropbox: (options?: Partial<OAuthProviderCredentials<DropboxProfile>>) => OAuthProviderCredentials<DropboxProfile>;
|
|
872
|
+
readonly atlassian: (options?: Partial<OAuthProviderCredentials<AtlassianProfile>>) => OAuthProviderCredentials<AtlassianProfile>;
|
|
873
|
+
};
|
|
874
|
+
/**
|
|
875
|
+
* Constructs OAuth provider configurations from an array of provider names or configurations.
|
|
876
|
+
* It loads the client ID and client secret from environment variables if only the provider name is provided.
|
|
877
|
+
*
|
|
878
|
+
* @param oauth - Array of OAuth provider configurations or provider names to be defined from environment variables
|
|
879
|
+
* @returns A record of OAuth provider configurations
|
|
880
|
+
* @example
|
|
881
|
+
* // Using built-in provider with env variables
|
|
882
|
+
* createBuiltInOAuthProviders(["github"])
|
|
883
|
+
*
|
|
884
|
+
* // Using built-in provider with explicit credentials via factory
|
|
885
|
+
* createBuiltInOAuthProviders([github({ clientId: "...", clientSecret: "..." })])
|
|
886
|
+
*/
|
|
887
|
+
declare const createBuiltInOAuthProviders: (oauth?: (BuiltInOAuthProvider | OAuthProviderCredentials<any>)[]) => Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials<any>>;
|
|
888
|
+
type BuiltInOAuthProvider = keyof typeof builtInOAuthProviders;
|
|
889
|
+
|
|
890
|
+
/**
|
|
891
|
+
* Creates the authentication instance with the configuration provided for OAuth provider.
|
|
892
|
+
* > NOTE: The handlers returned by this function should be used in the server to handle the authentication routes
|
|
893
|
+
* and within the `/auth` base path
|
|
894
|
+
*
|
|
895
|
+
* @param authConfig - Authentication configuration including OAuth provider
|
|
896
|
+
* @returns Authentication instance with handlers to be used in the server
|
|
897
|
+
* @example
|
|
898
|
+
* const auth = createAuth({
|
|
899
|
+
* oauth: ["github", {
|
|
900
|
+
* id: "custom-oauth",
|
|
901
|
+
* name: "custom-oauth",
|
|
902
|
+
* authorizationURL: "https://custom-oauth.com/oauth/authorize",
|
|
903
|
+
* accessToken: "https://custom-oauth.com/oauth/token",
|
|
904
|
+
* scope: "profile email",
|
|
905
|
+
* responseType: "code",
|
|
906
|
+
* userInfo: "https://custom-oauth.com/api/userinfo",
|
|
907
|
+
* clientId: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_ID!,
|
|
908
|
+
* clientSecret: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_SECRET!,
|
|
909
|
+
* }]
|
|
910
|
+
* })
|
|
911
|
+
*/
|
|
912
|
+
declare const createAuthInstance: (authConfig: AuthConfig) => {
|
|
913
|
+
handlers: _aura_stack_router.Router<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
|
|
914
|
+
schemas?: {
|
|
915
|
+
params: zod.ZodObject<{
|
|
916
|
+
oauth: zod.ZodEnum<{
|
|
917
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
918
|
+
github: "github";
|
|
919
|
+
bitbucket: "bitbucket";
|
|
920
|
+
figma: "figma";
|
|
921
|
+
discord: "discord";
|
|
922
|
+
gitlab: "gitlab";
|
|
923
|
+
spotify: "spotify";
|
|
924
|
+
x: "x";
|
|
925
|
+
strava: "strava";
|
|
926
|
+
mailchimp: "mailchimp";
|
|
927
|
+
pinterest: "pinterest";
|
|
928
|
+
twitch: "twitch";
|
|
929
|
+
notion: "notion";
|
|
930
|
+
dropbox: "dropbox";
|
|
931
|
+
atlassian: "atlassian";
|
|
932
|
+
}>;
|
|
933
|
+
}, zod_v4_core.$strip>;
|
|
934
|
+
searchParams: zod.ZodObject<{
|
|
935
|
+
redirect: zod.ZodDefault<zod.ZodOptional<zod.ZodCodec<zod.ZodString, zod.ZodBoolean>>>;
|
|
936
|
+
redirectTo: zod.ZodOptional<zod.ZodString>;
|
|
937
|
+
}, zod_v4_core.$strip>;
|
|
938
|
+
} | undefined;
|
|
939
|
+
}>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
940
|
+
schemas?: {
|
|
941
|
+
params: zod.ZodObject<{
|
|
942
|
+
oauth: zod.ZodEnum<{
|
|
943
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
944
|
+
github: "github";
|
|
945
|
+
bitbucket: "bitbucket";
|
|
946
|
+
figma: "figma";
|
|
947
|
+
discord: "discord";
|
|
948
|
+
gitlab: "gitlab";
|
|
949
|
+
spotify: "spotify";
|
|
950
|
+
x: "x";
|
|
951
|
+
strava: "strava";
|
|
952
|
+
mailchimp: "mailchimp";
|
|
953
|
+
pinterest: "pinterest";
|
|
954
|
+
twitch: "twitch";
|
|
955
|
+
notion: "notion";
|
|
956
|
+
dropbox: "dropbox";
|
|
957
|
+
atlassian: "atlassian";
|
|
958
|
+
}>;
|
|
959
|
+
}, zod_v4_core.$strip>;
|
|
960
|
+
searchParams: zod.ZodObject<{
|
|
961
|
+
code: zod.ZodString;
|
|
962
|
+
state: zod.ZodString;
|
|
963
|
+
}, zod_v4_core.$strip>;
|
|
964
|
+
} | undefined;
|
|
965
|
+
}>, _aura_stack_router.RouteEndpoint<"GET", "/session", {
|
|
966
|
+
schemas?: _aura_stack_router.EndpointSchemas | undefined;
|
|
967
|
+
}>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
|
|
968
|
+
schemas?: {
|
|
969
|
+
searchParams: zod.ZodObject<{
|
|
970
|
+
token_type_hint: zod.ZodLiteral<"session_token">;
|
|
971
|
+
redirectTo: zod.ZodOptional<zod.ZodString>;
|
|
972
|
+
}, zod_v4_core.$strip>;
|
|
973
|
+
} | undefined;
|
|
974
|
+
}>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
|
|
975
|
+
schemas?: _aura_stack_router.EndpointSchemas | undefined;
|
|
976
|
+
}>]>;
|
|
977
|
+
jose: {
|
|
978
|
+
decodeJWT: (token: string, options?: _aura_stack_jose.DecodedJWTPayloadOptions) => Promise<_aura_stack_jose.TypedJWTPayload<User>>;
|
|
979
|
+
encodeJWT: (payload: _aura_stack_jose.TypedJWTPayload<Partial<User>>) => Promise<string>;
|
|
980
|
+
signJWS: (payload: _aura_stack_jose.TypedJWTPayload<Partial<jose.JWTPayload>>) => Promise<string>;
|
|
981
|
+
verifyJWS: (payload: string, options?: jose.JWTVerifyOptions | undefined) => Promise<jose.JWTPayload>;
|
|
982
|
+
encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions | undefined) => Promise<string>;
|
|
983
|
+
decryptJWE: (payload: string, options?: jose.JWTDecryptOptions | undefined) => Promise<string>;
|
|
984
|
+
};
|
|
985
|
+
api: {
|
|
986
|
+
getSession: (options: GetSessionAPIOptions) => Promise<SessionResponse>;
|
|
987
|
+
signIn: <Redirect extends boolean = true>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: SignInAPIOptions<Redirect>) => Promise<SignInReturn<Redirect>>;
|
|
988
|
+
signOut: (options: SignOutAPIOptions) => Promise<Response>;
|
|
989
|
+
};
|
|
990
|
+
};
|
|
991
|
+
declare const createAuth: (config: AuthConfig) => AuthInstance;
|
|
992
|
+
|
|
993
|
+
declare const createAuthAPI: (ctx: GlobalContext) => {
|
|
994
|
+
getSession: (options: GetSessionAPIOptions) => Promise<SessionResponse>;
|
|
995
|
+
signIn: <Redirect extends boolean = true>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: SignInAPIOptions<Redirect>) => Promise<SignInReturn<Redirect>>;
|
|
996
|
+
signOut: (options: SignOutAPIOptions) => Promise<Response>;
|
|
997
|
+
};
|
|
998
|
+
|
|
999
|
+
/**
|
|
1000
|
+
* Standard JWT claims that are managed internally by the token system.
|
|
1001
|
+
* These fields are typically filtered out before returning user data.
|
|
1002
|
+
*/
|
|
1003
|
+
type JWTStandardClaims = Pick<JWTPayload, "exp" | "iat" | "jti" | "nbf" | "sub" | "aud" | "iss">;
|
|
1004
|
+
/**
|
|
1005
|
+
* JWT payload structure that includes a mandatory `token` field used to verify CSRF Tokens
|
|
1006
|
+
*/
|
|
1007
|
+
type JWTPayloadWithToken = JWTPayload & {
|
|
1008
|
+
token: string;
|
|
1009
|
+
};
|
|
1010
|
+
/**
|
|
1011
|
+
* Standardized user profile returned by OAuth providers after fetching user information
|
|
1012
|
+
* and mapping the response to this format by default or via the `profile` custom function.
|
|
1013
|
+
*/
|
|
1014
|
+
interface User extends Record<string, unknown> {
|
|
1015
|
+
sub: string;
|
|
1016
|
+
name?: string | null;
|
|
1017
|
+
email?: string | null;
|
|
1018
|
+
image?: string | null;
|
|
1019
|
+
}
|
|
1020
|
+
/**
|
|
1021
|
+
* Session data returned by the session endpoint.
|
|
1022
|
+
*/
|
|
1023
|
+
interface Session {
|
|
1024
|
+
user: User;
|
|
1025
|
+
expires: string;
|
|
1026
|
+
}
|
|
1027
|
+
type AuthorizeParams = LiteralUnion<"clientId" | "prompt" | "scope" | "responseMode" | "audience" | "loginHint" | "nonce" | "display">;
|
|
1028
|
+
type ResponseType = LiteralUnion<"code" | "token" | "refresh_token" | "id_token">;
|
|
1029
|
+
/**
|
|
1030
|
+
* Configuration for an OAuth provider without credentials.
|
|
1031
|
+
* Use this type when defining provider metadata and endpoints.
|
|
1032
|
+
*/
|
|
1033
|
+
interface OAuthProviderConfig<Profile extends object = Record<string, any>> {
|
|
1034
|
+
id: string;
|
|
1035
|
+
name: string;
|
|
1036
|
+
/**
|
|
1037
|
+
* @deprecated
|
|
1038
|
+
* use `authorize` instead of `authorizeURL`
|
|
1039
|
+
*/
|
|
1040
|
+
authorizeURL?: string;
|
|
1041
|
+
authorize: string | {
|
|
1042
|
+
url: string;
|
|
1043
|
+
params?: Partial<Record<AuthorizeParams, string> & {
|
|
1044
|
+
responseType: ResponseType;
|
|
1045
|
+
}>;
|
|
1046
|
+
};
|
|
1047
|
+
accessToken: string | {
|
|
1048
|
+
url: string;
|
|
1049
|
+
headers?: Record<string, string>;
|
|
1050
|
+
};
|
|
1051
|
+
userInfo: string | {
|
|
1052
|
+
url: string;
|
|
1053
|
+
headers?: Record<string, string>;
|
|
1054
|
+
method?: string;
|
|
1055
|
+
};
|
|
1056
|
+
/**
|
|
1057
|
+
* @deprecated
|
|
1058
|
+
* use `authorize.params.scope` instead of `scope`
|
|
1059
|
+
*/
|
|
1060
|
+
scope?: string;
|
|
1061
|
+
/**
|
|
1062
|
+
* @deprecated
|
|
1063
|
+
* use `authorize.params.response_type` instead of `responseType`
|
|
1064
|
+
*/
|
|
1065
|
+
responseType?: ResponseType;
|
|
1066
|
+
profile?: (profile: Profile) => User | Promise<User>;
|
|
1067
|
+
}
|
|
1068
|
+
/**
|
|
1069
|
+
* OAuth provider configuration with client credentials.
|
|
1070
|
+
* Extends OAuthProviderConfig with clientId and clientSecret.
|
|
1071
|
+
*/
|
|
1072
|
+
interface OAuthProviderCredentials<Profile extends object = Record<string, any>> extends OAuthProviderConfig<Profile> {
|
|
1073
|
+
clientId?: string;
|
|
1074
|
+
clientSecret?: string;
|
|
1075
|
+
}
|
|
1076
|
+
/**
|
|
1077
|
+
* Complete OAuth provider type combining configuration and credentials.
|
|
1078
|
+
*/
|
|
1079
|
+
type OAuthProvider<Profile extends object = Record<string, any>> = OAuthProviderCredentials<Profile>;
|
|
1080
|
+
/**
|
|
1081
|
+
* Cookie type with __Secure- prefix, must be Secure.
|
|
1082
|
+
* @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
|
|
1083
|
+
*/
|
|
1084
|
+
type SecureCookie = {
|
|
1085
|
+
strategy: "secure";
|
|
1086
|
+
} & Prettify<Omit<SerializeOptions, "secure" | "encode">>;
|
|
1087
|
+
/**
|
|
1088
|
+
* Cookie type with __Host- prefix, must be Secure, Path=/, no Domain attribute.
|
|
1089
|
+
* @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__host-prefix
|
|
1090
|
+
*/
|
|
1091
|
+
type HostCookie = {
|
|
1092
|
+
strategy: "host";
|
|
1093
|
+
} & Prettify<Omit<SerializeOptions, "secure" | "path" | "domain" | "encode">>;
|
|
1094
|
+
/**
|
|
1095
|
+
* Standard cookie type without security prefixes.
|
|
1096
|
+
* Can be sent over both HTTP and HTTPS connections (default in development).
|
|
1097
|
+
*/
|
|
1098
|
+
type StandardCookie = {
|
|
1099
|
+
strategy?: "standard";
|
|
1100
|
+
} & Prettify<Omit<SerializeOptions, "encode">>;
|
|
1101
|
+
/**
|
|
1102
|
+
* Union type for cookie options based on the specified strategy.
|
|
1103
|
+
* - `secure`: Cookies are only sent over HTTPS connections
|
|
1104
|
+
* - `host`: Cookies use the __Host- prefix and are only sent over HTTPS connections
|
|
1105
|
+
* - `standard`: Cookies can be sent over both HTTP and HTTPS connections (default in development)
|
|
1106
|
+
*/
|
|
1107
|
+
type CookieStrategyAttributes = StandardCookie | SecureCookie | HostCookie;
|
|
1108
|
+
/**
|
|
1109
|
+
* Names of cookies used by Aura Auth for session management and OAuth flows.
|
|
1110
|
+
* - `sessionToken`: User session JWT
|
|
1111
|
+
* - `csrfToken`: CSRF protection token
|
|
1112
|
+
* - `state`: OAuth state parameter for CSRF protection
|
|
1113
|
+
* - `code_verifier`: PKCE code verifier for authorization code flow
|
|
1114
|
+
* - `redirect_uri`: OAuth callback URI
|
|
1115
|
+
* - `redirect_to`: Post-authentication redirect path
|
|
1116
|
+
* - `nonce`: OpenID Connect nonce parameter
|
|
1117
|
+
*/
|
|
1118
|
+
type CookieName = "sessionToken" | "csrfToken" | "state" | "codeVerifier" | "redirectTo" | "redirectURI";
|
|
1119
|
+
type CookieStoreConfig = Record<CookieName, {
|
|
1120
|
+
name: string;
|
|
1121
|
+
attributes: CookieStrategyAttributes;
|
|
1122
|
+
}>;
|
|
1123
|
+
interface CookieConfig {
|
|
1124
|
+
/**
|
|
1125
|
+
* Prefix to be added to all cookie names. By default "aura-stack".
|
|
1126
|
+
*/
|
|
1127
|
+
prefix?: string;
|
|
1128
|
+
overrides?: Partial<CookieStoreConfig>;
|
|
1129
|
+
}
|
|
1130
|
+
/**
|
|
1131
|
+
* Main configuration interface for Aura Auth.
|
|
1132
|
+
* This is the user-facing configuration object passed to `createAuth()`.
|
|
1133
|
+
*/
|
|
1134
|
+
interface AuthConfig {
|
|
1135
|
+
/**
|
|
1136
|
+
* OAuth providers available in the authentication and authorization flows. It provides a type-inference
|
|
1137
|
+
* for the OAuth providers that are supported by Aura Stack Auth; alternatively, you can provide a custom
|
|
1138
|
+
* OAuth third-party authorization service by implementing the `OAuthProviderCredentials` interface.
|
|
1139
|
+
*
|
|
1140
|
+
* Built-in OAuth providers:
|
|
1141
|
+
* oauth: ["github", "google"]
|
|
1142
|
+
*
|
|
1143
|
+
* Custom credentials via factory:
|
|
1144
|
+
* oauth: [github({ clientId: "...", clientSecret: "..." })]
|
|
1145
|
+
*
|
|
1146
|
+
* Custom OAuth providers:
|
|
1147
|
+
* oauth: [
|
|
1148
|
+
* {
|
|
1149
|
+
* id: "oauth-providers",
|
|
1150
|
+
* name: "OAuth",
|
|
1151
|
+
* authorizeURL: "https://example.com/oauth/authorize",
|
|
1152
|
+
* accessToken: "https://example.com/oauth/token",
|
|
1153
|
+
* scope: "profile email",
|
|
1154
|
+
* responseType: "code",
|
|
1155
|
+
* userInfo: "https://example.com/oauth/userinfo",
|
|
1156
|
+
* clientId: process.env.AURA_AUTH_PROVIDER_CLIENT_ID,
|
|
1157
|
+
* clientSecret: process.env.AURA_AUTH_PROVIDER_CLIENT_SECRET,
|
|
1158
|
+
* }
|
|
1159
|
+
* ]
|
|
1160
|
+
*/
|
|
1161
|
+
oauth: (BuiltInOAuthProvider | OAuthProviderCredentials<any>)[];
|
|
1162
|
+
/**
|
|
1163
|
+
* Cookie options defines the configuration for cookies used in Aura Auth.
|
|
1164
|
+
* It includes a prefix for cookie names and flag options to determine
|
|
1165
|
+
* the security and scope of the cookies.
|
|
1166
|
+
*
|
|
1167
|
+
* **⚠️ WARNING:** Ensure that the cookie options are configured correctly to
|
|
1168
|
+
* maintain the security and integrity of the authentication process. `Aura Auth`
|
|
1169
|
+
* is not responsible for misconfigured cookies that may lead to security vulnerabilities.
|
|
1170
|
+
*
|
|
1171
|
+
* - prefix: A string prefix to be added to all cookie names, by default "aura-stack".
|
|
1172
|
+
* - flag options (This attributes help to define the security level of the cookies):
|
|
1173
|
+
* - secure: Cookies use the __Secure- prefix and are only sent over HTTPS connections.
|
|
1174
|
+
* - host: Cookies use the __Host- prefix and are only sent over HTTPS connections.
|
|
1175
|
+
* - standard: Cookies can be sent over both HTTP and HTTPS connections. (default in development)
|
|
1176
|
+
*
|
|
1177
|
+
* @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
|
|
1178
|
+
* @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__host-prefix
|
|
1179
|
+
*/
|
|
1180
|
+
cookies?: Partial<CookieConfig>;
|
|
1181
|
+
/**
|
|
1182
|
+
* Secret used to sign and verify JWT tokens for session and csrf protection.
|
|
1183
|
+
* If not provided, it will load from the environment variable `AURA_AUTH_SECRET` or `AUTH_SECRET`, but if it
|
|
1184
|
+
* doesn't exist, it will throw an error during the initialization of the Auth module.
|
|
1185
|
+
*/
|
|
1186
|
+
secret?: string;
|
|
1187
|
+
/**
|
|
1188
|
+
* Base URL of the application, used to construct the incoming request's origin.
|
|
1189
|
+
*/
|
|
1190
|
+
baseURL?: string;
|
|
1191
|
+
/**
|
|
1192
|
+
* Base path for all authentication routes. Default is `/auth`.
|
|
1193
|
+
*/
|
|
1194
|
+
basePath?: `/${string}`;
|
|
1195
|
+
/**
|
|
1196
|
+
* Enable trusted proxy headers for scenarios where the application is behind a reverse proxy or load balancer.
|
|
1197
|
+
* This setting allows Aura Auth to correctly interpret headers like `X-Forwarded-For` and `X-Forwarded-Proto`
|
|
1198
|
+
* to determine the original client IP address and protocol.
|
|
1199
|
+
*
|
|
1200
|
+
* Default is `false`. Enable this option only if you are certain that your application is behind a trusted proxy.
|
|
1201
|
+
* Misconfiguration can lead to security vulnerabilities, such as incorrect handling of secure cookies or
|
|
1202
|
+
* inaccurate client IP logging.
|
|
1203
|
+
*
|
|
1204
|
+
* This value can also be set via environment variable as `AURA_AUTH_TRUSTED_PROXY_HEADERS`
|
|
1205
|
+
*
|
|
1206
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
|
1207
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
|
|
1208
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
|
1209
|
+
* @experimental
|
|
1210
|
+
*/
|
|
1211
|
+
trustedProxyHeaders?: boolean;
|
|
1212
|
+
logger?: boolean | Logger;
|
|
1213
|
+
/**
|
|
1214
|
+
* Defines trusted origins for your application to prevent open redirect attacks.
|
|
1215
|
+
* URLs from the Referer header, Origin header, request URL, and redirectTo option
|
|
1216
|
+
* are validated against this list before redirecting.
|
|
1217
|
+
*
|
|
1218
|
+
* - **Exact URL**: `https://example.com` matches only that origin.
|
|
1219
|
+
* - **Subdomain wildcard**: `https://*.example.com` matches `https://app.example.com`, `https://api.example.com`, etc.
|
|
1220
|
+
* @example
|
|
1221
|
+
* trustedOrigins: ["https://example.com", "https://*.example.com", "http://localhost:3000"]
|
|
1222
|
+
*
|
|
1223
|
+
*
|
|
1224
|
+
* trustedOrigins: async (request) => {
|
|
1225
|
+
* const origin = new URL(request.url).origin
|
|
1226
|
+
* return [origin, "https://admin.example.com"]
|
|
1227
|
+
* }
|
|
1228
|
+
*/
|
|
1229
|
+
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
1230
|
+
}
|
|
1231
|
+
/**
|
|
1232
|
+
* A trusted origin URL or pattern. Supports:
|
|
1233
|
+
* - Exact: `https://example.com`
|
|
1234
|
+
* - Subdomain wildcard: `https://*.example.com`
|
|
1235
|
+
*/
|
|
1236
|
+
type TrustedOrigin = string;
|
|
1237
|
+
type JoseInstance = ReturnType<typeof createJoseInstance>;
|
|
1238
|
+
type OAuthProviderRecord = Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>;
|
|
1239
|
+
type InternalLogger = {
|
|
1240
|
+
level: LogLevel;
|
|
1241
|
+
log: typeof createLogEntry;
|
|
1242
|
+
};
|
|
1243
|
+
type SessionResponse = {
|
|
1244
|
+
session: Session;
|
|
1245
|
+
authenticated: true;
|
|
1246
|
+
} | {
|
|
1247
|
+
session: null;
|
|
1248
|
+
authenticated: false;
|
|
1249
|
+
};
|
|
1250
|
+
type GetSessionAPI = (options: {
|
|
1251
|
+
headers: HeadersInit;
|
|
1252
|
+
}) => Promise<SessionResponse>;
|
|
1253
|
+
type AuthAPI = ReturnType<typeof createAuthAPI>;
|
|
1254
|
+
interface RouterGlobalContext {
|
|
1255
|
+
oauth: OAuthProviderRecord;
|
|
1256
|
+
cookies: CookieStoreConfig;
|
|
1257
|
+
jose: JoseInstance;
|
|
1258
|
+
secret?: string;
|
|
1259
|
+
baseURL?: string;
|
|
1260
|
+
basePath: string;
|
|
1261
|
+
trustedProxyHeaders: boolean;
|
|
1262
|
+
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
1263
|
+
logger?: InternalLogger;
|
|
1264
|
+
}
|
|
1265
|
+
/**
|
|
1266
|
+
* Internal runtime configuration used within Aura Auth after initialization.
|
|
1267
|
+
* All optional fields from AuthConfig are resolved to their default values.
|
|
1268
|
+
*/
|
|
1269
|
+
type AuthRuntimeConfig = RouterGlobalContext;
|
|
1270
|
+
interface AuthInstance {
|
|
1271
|
+
handlers: {
|
|
1272
|
+
GET: (request: Request) => Response | Promise<Response>;
|
|
1273
|
+
POST: (request: Request) => Response | Promise<Response>;
|
|
1274
|
+
ALL: (request: Request) => Response | Promise<Response>;
|
|
1275
|
+
};
|
|
1276
|
+
jose: JoseInstance;
|
|
1277
|
+
api: AuthAPI;
|
|
1278
|
+
}
|
|
1279
|
+
/**
|
|
1280
|
+
* Base OAuth error response structure.
|
|
1281
|
+
*/
|
|
1282
|
+
interface OAuthError<T extends string> {
|
|
1283
|
+
error: T;
|
|
1284
|
+
error_description?: string;
|
|
1285
|
+
}
|
|
1286
|
+
/**
|
|
1287
|
+
* OAuth 2.0 Authorization Error Response Types
|
|
1288
|
+
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
|
|
1289
|
+
*/
|
|
1290
|
+
type AuthorizationError = OAuthError<z.infer<typeof OAuthAuthorizationErrorResponse>["error"]>;
|
|
1291
|
+
/**
|
|
1292
|
+
* OAuth 2.0 Access Token Error Response Types
|
|
1293
|
+
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
|
|
1294
|
+
*/
|
|
1295
|
+
type AccessTokenError = OAuthError<z.infer<typeof OAuthAccessTokenErrorResponse>["error"]>;
|
|
1296
|
+
/**
|
|
1297
|
+
* OAuth 2.0 Token Revocation Error Response Types
|
|
1298
|
+
* @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2.1
|
|
1299
|
+
*/
|
|
1300
|
+
type TokenRevocationError = OAuthError<"invalid_session_token">;
|
|
1301
|
+
type ErrorType = AuthorizationError["error"] | AccessTokenError["error"] | TokenRevocationError["error"];
|
|
1302
|
+
type AuthInternalErrorCode = "INVALID_OAUTH_CONFIGURATION" | "INVALID_JWT_TOKEN" | "JOSE_INITIALIZATION_FAILED" | "SESSION_STORE_NOT_INITIALIZED" | "COOKIE_STORE_NOT_INITIALIZED" | "COOKIE_PARSING_FAILED" | "COOKIE_NOT_FOUND" | "INVALID_ENVIRONMENT_CONFIGURATION" | "INVALID_URL" | "INVALID_SALT_SECRET_VALUE" | "UNTRUSTED_ORIGIN" | "INVALID_OAUTH_PROVIDER_CONFIGURATION" | "DUPLICATED_OAUTH_PROVIDER_ID";
|
|
1303
|
+
type AuthSecurityErrorCode = "INVALID_STATE" | "MISMATCHING_STATE" | "POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED" | "CSRF_TOKEN_INVALID" | "CSRF_TOKEN_MISSING" | "SESSION_TOKEN_MISSING";
|
|
1304
|
+
type OAuthEnv = z.infer<typeof OAuthEnvSchema>;
|
|
1305
|
+
type APIErrorMap = Record<string, {
|
|
1306
|
+
code: string;
|
|
1307
|
+
message: string;
|
|
1308
|
+
}>;
|
|
1309
|
+
/**
|
|
1310
|
+
* Log level for logger messages.
|
|
1311
|
+
*/
|
|
1312
|
+
type LogLevel = "warn" | "error" | "debug" | "info";
|
|
1313
|
+
/** Defines the Severity between 0 to 7 */
|
|
1314
|
+
type Severity = "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug";
|
|
1315
|
+
/**
|
|
1316
|
+
* @see https://datatracker.ietf.org/doc/html/rfc5424
|
|
1317
|
+
*/
|
|
1318
|
+
type SyslogOptions = {
|
|
1319
|
+
facility: 4 | 10;
|
|
1320
|
+
severity: Severity;
|
|
1321
|
+
timestamp?: string;
|
|
1322
|
+
hostname?: string;
|
|
1323
|
+
appName?: string;
|
|
1324
|
+
procId?: string;
|
|
1325
|
+
msgId: string;
|
|
1326
|
+
message: string;
|
|
1327
|
+
structuredData?: Record<string, string | number | boolean>;
|
|
1328
|
+
};
|
|
1329
|
+
/**
|
|
1330
|
+
* Logger function interface for structured logging.
|
|
1331
|
+
* Called when errors or warnings occur during authentication flows.
|
|
1332
|
+
*/
|
|
1333
|
+
interface Logger {
|
|
1334
|
+
level?: LogLevel;
|
|
1335
|
+
log?: (args: SyslogOptions) => void;
|
|
1336
|
+
}
|
|
1337
|
+
type AuthClient = ReturnType<typeof createAuthInstance>["handlers"];
|
|
1338
|
+
type AuthClientOptions = Prettify<Omit<ClientOptions, "baseURL"> & {
|
|
1339
|
+
baseURL?: string;
|
|
1340
|
+
}>;
|
|
1341
|
+
interface SignInOptions {
|
|
1342
|
+
redirect?: boolean;
|
|
1343
|
+
redirectTo?: string;
|
|
1344
|
+
}
|
|
1345
|
+
interface SignOutOptions {
|
|
1346
|
+
redirect?: boolean;
|
|
1347
|
+
redirectTo?: string;
|
|
1348
|
+
}
|
|
1349
|
+
interface GetSessionAPIOptions {
|
|
1350
|
+
headers: HeadersInit;
|
|
1351
|
+
}
|
|
1352
|
+
interface SignOutAPIOptions {
|
|
1353
|
+
headers: HeadersInit;
|
|
1354
|
+
redirectTo?: string;
|
|
1355
|
+
skipCSRFCheck?: boolean;
|
|
1356
|
+
}
|
|
1357
|
+
interface SignInAPIOptions<Redirect extends boolean = boolean> {
|
|
1358
|
+
headers?: HeadersInit;
|
|
1359
|
+
redirect?: Redirect;
|
|
1360
|
+
redirectTo?: string;
|
|
1361
|
+
request?: Request;
|
|
1362
|
+
}
|
|
1363
|
+
type FunctionAPIContext<Options extends object> = {
|
|
1364
|
+
ctx: RouterGlobalContext;
|
|
1365
|
+
} & Options;
|
|
1366
|
+
type SignInReturn<Redirect extends boolean = boolean> = Redirect extends true ? Response : {
|
|
1367
|
+
redirect: false;
|
|
1368
|
+
signInURL: string;
|
|
1369
|
+
};
|
|
1370
|
+
type InternalContext = RouterGlobalContext & {
|
|
1371
|
+
cookieConfig: {
|
|
1372
|
+
secure: CookieStoreConfig;
|
|
1373
|
+
standard: CookieStoreConfig;
|
|
1374
|
+
};
|
|
1375
|
+
};
|
|
1376
|
+
|
|
1377
|
+
export { dropbox as $, type AuthConfig as A, type BuiltInOAuthProvider as B, type CookieConfig as C, createProxyLogger as D, type ErrorType as E, type FunctionAPIContext as F, type GetSessionAPIOptions as G, logMessages as H, type InternalContext as I, type JWTPayloadWithToken as J, createJoseInstance as K, type LogLevel as L, decodeJWTOptions as M, jwtVerificationOptions as N, type OAuthProviderRecord as O, type AtlassianProfile as P, type ExtendedProfile as Q, type RouterGlobalContext as R, type SessionResponse as S, type TrustedOrigin as T, type User as U, atlassian as V, type AccountType as W, type DropboxProfile as X, type FullTeam as Y, type Name as Z, type RootInfo as _, type InternalLogger as a, type Bot as a0, type NotionProfile as a1, type Owner as a2, type Person as a3, type User$1 as a4, notion as a5, type TwitchProfile as a6, twitch as a7, type PinterestProfile as a8, pinterest as a9, type AccessTokenError as aA, type AuthorizationError as aB, type AuthorizeParams as aC, type CookieName as aD, type CookieStrategyAttributes as aE, type GetSessionAPI as aF, type HostCookie as aG, type JWTStandardClaims as aH, type OAuthEnv as aI, type OAuthError as aJ, type ResponseType as aK, type SecureCookie as aL, type Severity as aM, type StandardCookie as aN, type SyslogOptions as aO, type TokenRevocationError as aP, type Login as aa, type MailchimpProfile as ab, mailchimp as ac, type StravaProfile as ad, type SummaryClub as ae, type SummaryGear as af, strava as ag, type XProfile as ah, x as ai, type SpotifyImage as aj, type SpotifyProfile as ak, spotify as al, type GitLabProfile as am, gitlab as an, type DiscordProfile as ao, type Nameplate as ap, discord as aq, type FigmaProfile as ar, figma as as, type BitbucketProfile as at, bitbucket as au, type GitHubProfile as av, github as aw, createBuiltInOAuthProviders as ax, createAuthInstance as ay, createAuthAPI as az, type CookieStoreConfig as b, type AuthRuntimeConfig as c, type AuthInternalErrorCode as d, type AuthSecurityErrorCode as e, type APIErrorMap as f, type SignInAPIOptions as g, type SignInReturn as h, type SignOutAPIOptions as i, type OAuthProviderCredentials as j, type OAuthProvider as k, type AuthClientOptions as l, type Session as m, type SignInOptions as n, type SignOutOptions as o, type AuthClient as p, type AuthAPI as q, type AuthInstance as r, type JoseInstance as s, type Logger as t, type OAuthProviderConfig as u, builtInOAuthProviders as v, createAuth as w, createSyslogMessage as x, createLogEntry as y, createLogger as z };
|