@aura-stack/auth 0.4.0-rc.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/dist/@types/index.d.ts +8 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +7 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +130 -71
  6. package/dist/actions/callback/access-token.d.ts +9 -4
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +428 -152
  9. package/dist/actions/callback/callback.d.ts +11 -3
  10. package/dist/actions/callback/callback.js +12 -10
  11. package/dist/actions/callback/userinfo.cjs +159 -65
  12. package/dist/actions/callback/userinfo.d.ts +8 -3
  13. package/dist/actions/callback/userinfo.js +7 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +70 -19
  15. package/dist/actions/csrfToken/csrfToken.js +8 -7
  16. package/dist/actions/index.cjs +780 -348
  17. package/dist/actions/index.d.ts +6 -2
  18. package/dist/actions/index.js +23 -18
  19. package/dist/actions/session/session.cjs +107 -26
  20. package/dist/actions/session/session.js +7 -5
  21. package/dist/actions/signIn/authorization-url.cjs +288 -0
  22. package/dist/actions/signIn/authorization-url.d.ts +31 -0
  23. package/dist/actions/signIn/authorization-url.js +16 -0
  24. package/dist/actions/signIn/authorization.cjs +209 -211
  25. package/dist/actions/signIn/authorization.d.ts +32 -21
  26. package/dist/actions/signIn/authorization.js +12 -9
  27. package/dist/actions/signIn/signIn.cjs +470 -235
  28. package/dist/actions/signIn/signIn.d.ts +12 -3
  29. package/dist/actions/signIn/signIn.js +11 -8
  30. package/dist/actions/signOut/signOut.cjs +376 -228
  31. package/dist/actions/signOut/signOut.d.ts +1 -1
  32. package/dist/actions/signOut/signOut.js +10 -9
  33. package/dist/api/createApi.cjs +750 -0
  34. package/dist/api/createApi.d.ts +12 -0
  35. package/dist/api/createApi.js +19 -0
  36. package/dist/api/getSession.cjs +141 -0
  37. package/dist/api/getSession.d.ts +16 -0
  38. package/dist/api/getSession.js +10 -0
  39. package/dist/api/signIn.cjs +549 -0
  40. package/dist/api/signIn.d.ts +26 -0
  41. package/dist/api/signIn.js +15 -0
  42. package/dist/api/signOut.cjs +279 -0
  43. package/dist/api/signOut.d.ts +16 -0
  44. package/dist/api/signOut.js +13 -0
  45. package/dist/assert.cjs +150 -5
  46. package/dist/assert.d.ts +26 -3
  47. package/dist/assert.js +17 -3
  48. package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
  49. package/dist/chunk-2GQLSIJ2.js +40 -0
  50. package/dist/chunk-2IR674WX.js +44 -0
  51. package/dist/chunk-3J5TUH2I.js +50 -0
  52. package/dist/chunk-4RWSYUKX.js +98 -0
  53. package/dist/chunk-4YHJ4IEQ.js +25 -0
  54. package/dist/chunk-54CZPKR4.js +25 -0
  55. package/dist/chunk-5LZ7TOM3.js +25 -0
  56. package/dist/chunk-7BE46WWS.js +88 -0
  57. package/dist/chunk-7YYXFKLR.js +35 -0
  58. package/dist/chunk-C3A37LQC.js +33 -0
  59. package/dist/chunk-CITNGXDA.js +31 -0
  60. package/dist/chunk-CWX724AG.js +78 -0
  61. package/dist/chunk-D2CSIUKP.js +74 -0
  62. package/dist/chunk-E6G5YCI6.js +25 -0
  63. package/dist/chunk-EBAMFRB7.js +34 -0
  64. package/dist/chunk-EEE7UM5T.js +25 -0
  65. package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
  66. package/dist/chunk-FW4W3REU.js +25 -0
  67. package/dist/chunk-GNNBM2WJ.js +83 -0
  68. package/dist/chunk-IPKO6UQN.js +25 -0
  69. package/dist/chunk-JOCGX3RP.js +59 -0
  70. package/dist/chunk-KBXWTD6E.js +94 -0
  71. package/dist/chunk-KMMAZFSJ.js +25 -0
  72. package/dist/chunk-LATR3NIV.js +117 -0
  73. package/dist/chunk-LAYPUDQF.js +39 -0
  74. package/dist/chunk-LDU7A2JE.js +25 -0
  75. package/dist/chunk-LX3TJ2TJ.js +294 -0
  76. package/dist/chunk-NHZBQNRR.js +143 -0
  77. package/dist/chunk-OVHNRULD.js +33 -0
  78. package/dist/chunk-PDP3PHB3.js +127 -0
  79. package/dist/chunk-PHYNROD4.js +47 -0
  80. package/dist/chunk-QQEKY4XP.js +29 -0
  81. package/dist/chunk-U4RK4LKJ.js +348 -0
  82. package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
  83. package/dist/chunk-UN7X6SU5.js +53 -0
  84. package/dist/chunk-UZQJJD6A.js +100 -0
  85. package/dist/chunk-V6LLEAR4.js +80 -0
  86. package/dist/chunk-WHNDRO3N.js +50 -0
  87. package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
  88. package/dist/client/client.cjs +135 -0
  89. package/dist/client/client.d.ts +85 -0
  90. package/dist/client/client.js +9 -0
  91. package/dist/client/index.cjs +135 -0
  92. package/dist/client/index.d.ts +14 -0
  93. package/dist/client/index.js +10 -0
  94. package/dist/context.cjs +1237 -0
  95. package/dist/context.d.ts +16 -0
  96. package/dist/context.js +28 -0
  97. package/dist/cookie.cjs +57 -22
  98. package/dist/cookie.d.ts +11 -6
  99. package/dist/cookie.js +3 -2
  100. package/dist/createAuth.cjs +2320 -0
  101. package/dist/createAuth.d.ts +12 -0
  102. package/dist/createAuth.js +48 -0
  103. package/dist/env.cjs +78 -0
  104. package/dist/env.d.ts +10 -0
  105. package/dist/env.js +12 -0
  106. package/dist/errors.cjs +17 -0
  107. package/dist/errors.d.ts +15 -4
  108. package/dist/errors.js +5 -1
  109. package/dist/headers.cjs +28 -2
  110. package/dist/headers.d.ts +25 -1
  111. package/dist/headers.js +9 -3
  112. package/dist/index-_aXtxb_s.d.ts +1377 -0
  113. package/dist/index.cjs +1843 -610
  114. package/dist/index.d.ts +11 -92
  115. package/dist/index.js +53 -85
  116. package/dist/jose.cjs +113 -38
  117. package/dist/jose.d.ts +12 -23
  118. package/dist/jose.js +17 -7
  119. package/dist/logger.cjs +424 -0
  120. package/dist/logger.d.ts +12 -0
  121. package/dist/logger.js +17 -0
  122. package/dist/oauth/atlassian.cjs +57 -0
  123. package/dist/oauth/atlassian.d.ts +12 -0
  124. package/dist/oauth/atlassian.js +6 -0
  125. package/dist/oauth/bitbucket.cjs +19 -15
  126. package/dist/oauth/bitbucket.d.ts +7 -2
  127. package/dist/oauth/bitbucket.js +1 -1
  128. package/dist/oauth/discord.cjs +27 -24
  129. package/dist/oauth/discord.d.ts +7 -2
  130. package/dist/oauth/discord.js +1 -1
  131. package/dist/oauth/dropbox.cjs +53 -0
  132. package/dist/oauth/dropbox.d.ts +12 -0
  133. package/dist/oauth/dropbox.js +6 -0
  134. package/dist/oauth/figma.cjs +19 -16
  135. package/dist/oauth/figma.d.ts +7 -2
  136. package/dist/oauth/figma.js +1 -1
  137. package/dist/oauth/github.cjs +19 -8
  138. package/dist/oauth/github.d.ts +7 -2
  139. package/dist/oauth/github.js +1 -1
  140. package/dist/oauth/gitlab.cjs +19 -16
  141. package/dist/oauth/gitlab.d.ts +7 -2
  142. package/dist/oauth/gitlab.js +1 -1
  143. package/dist/oauth/index.cjs +529 -239
  144. package/dist/oauth/index.d.ts +7 -2
  145. package/dist/oauth/index.js +39 -22
  146. package/dist/oauth/mailchimp.cjs +19 -16
  147. package/dist/oauth/mailchimp.d.ts +7 -2
  148. package/dist/oauth/mailchimp.js +1 -1
  149. package/dist/oauth/notion.cjs +131 -0
  150. package/dist/oauth/notion.d.ts +12 -0
  151. package/dist/oauth/notion.js +9 -0
  152. package/dist/oauth/pinterest.cjs +19 -16
  153. package/dist/oauth/pinterest.d.ts +7 -2
  154. package/dist/oauth/pinterest.js +1 -1
  155. package/dist/oauth/spotify.cjs +19 -16
  156. package/dist/oauth/spotify.d.ts +7 -2
  157. package/dist/oauth/spotify.js +1 -1
  158. package/dist/oauth/strava.cjs +19 -16
  159. package/dist/oauth/strava.d.ts +7 -2
  160. package/dist/oauth/strava.js +1 -1
  161. package/dist/oauth/twitch.cjs +95 -0
  162. package/dist/oauth/twitch.d.ts +12 -0
  163. package/dist/oauth/twitch.js +7 -0
  164. package/dist/oauth/x.cjs +19 -16
  165. package/dist/oauth/x.d.ts +7 -2
  166. package/dist/oauth/x.js +1 -1
  167. package/dist/schemas.cjs +89 -42
  168. package/dist/schemas.d.ts +114 -18
  169. package/dist/schemas.js +5 -3
  170. package/dist/secure.cjs +73 -31
  171. package/dist/secure.d.ts +11 -11
  172. package/dist/secure.js +7 -6
  173. package/dist/utils.cjs +203 -90
  174. package/dist/utils.d.ts +21 -40
  175. package/dist/utils.js +21 -12
  176. package/package.json +9 -6
  177. package/dist/chunk-3EUWD5BB.js +0 -63
  178. package/dist/chunk-42XB3YCW.js +0 -22
  179. package/dist/chunk-6R2YZ4AC.js +0 -22
  180. package/dist/chunk-A3N4PVAT.js +0 -70
  181. package/dist/chunk-B737EUJV.js +0 -22
  182. package/dist/chunk-CXLATHS5.js +0 -143
  183. package/dist/chunk-E3OXBRYF.js +0 -22
  184. package/dist/chunk-EIL2FPSS.js +0 -22
  185. package/dist/chunk-EMKJA2GJ.js +0 -89
  186. package/dist/chunk-FIPU4MLT.js +0 -21
  187. package/dist/chunk-FKRDCWBF.js +0 -22
  188. package/dist/chunk-GA2SMTJO.js +0 -58
  189. package/dist/chunk-HP34YGGJ.js +0 -22
  190. package/dist/chunk-IKHPGFCW.js +0 -14
  191. package/dist/chunk-IUYZQTJV.js +0 -30
  192. package/dist/chunk-IVET23KF.js +0 -58
  193. package/dist/chunk-JVFTCTTE.js +0 -33
  194. package/dist/chunk-KRNOMBXQ.js +0 -22
  195. package/dist/chunk-KSWLO5ZU.js +0 -102
  196. package/dist/chunk-N2APGLXA.js +0 -71
  197. package/dist/chunk-N4SX7TZT.js +0 -96
  198. package/dist/chunk-STHEPPUZ.js +0 -11
  199. package/dist/chunk-TLE4PXY3.js +0 -39
  200. package/dist/index-B8jeIElf.d.ts +0 -679
  201. /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
package/dist/oauth/x.cjs CHANGED
@@ -23,22 +23,25 @@ __export(x_exports, {
23
23
  x: () => x
24
24
  });
25
25
  module.exports = __toCommonJS(x_exports);
26
- var x = {
27
- id: "x",
28
- name: "X",
29
- authorizeURL: "https://x.com/i/oauth2/authorize",
30
- accessToken: "https://api.x.com/2/oauth2/token",
31
- userInfo: "https://api.x.com/2/users/me?user.fields=profile_image_url",
32
- scope: "users.read users.email tweet.read offline.access",
33
- responseType: "code",
34
- profile({ data }) {
35
- return {
36
- sub: data.id,
37
- name: data.name,
38
- image: data.profile_image_url,
39
- email: ""
40
- };
41
- }
26
+ var x = (options) => {
27
+ return {
28
+ id: "x",
29
+ name: "X",
30
+ authorizeURL: "https://twitter.com/i/oauth2/authorize",
31
+ accessToken: "https://api.twitter.com/2/oauth2/token",
32
+ userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
33
+ scope: "tweet.read users.read offline.access",
34
+ responseType: "code",
35
+ profile(profile) {
36
+ return {
37
+ sub: profile.data.id,
38
+ name: profile.data.name,
39
+ image: profile.data.profile_image_url,
40
+ email: void 0
41
+ };
42
+ },
43
+ ...options
44
+ };
42
45
  };
43
46
  // Annotate the CommonJS export names for ESM import in node:
44
47
  0 && (module.exports = {
package/dist/oauth/x.d.ts CHANGED
@@ -1,7 +1,12 @@
1
- export { X as XProfile, x } from '../index-B8jeIElf.js';
1
+ export { ah as XProfile, ai as x } from '../index-_aXtxb_s.js';
2
2
  import 'zod';
3
3
  import '../schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import 'zod/v4';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/jose/crypto';
8
+ import '@aura-stack/router/cookie';
7
9
  import '../@types/utility.js';
10
+ import 'jose';
11
+ import '@aura-stack/router';
12
+ import 'zod/v4/core';
package/dist/oauth/x.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  x
3
- } from "../chunk-42XB3YCW.js";
3
+ } from "../chunk-EEE7UM5T.js";
4
4
  export {
5
5
  x
6
6
  };
package/dist/schemas.cjs CHANGED
@@ -28,31 +28,77 @@ __export(schemas_exports, {
28
28
  OAuthAuthorizationResponse: () => OAuthAuthorizationResponse,
29
29
  OAuthEnvSchema: () => OAuthEnvSchema,
30
30
  OAuthErrorResponse: () => OAuthErrorResponse,
31
- OAuthProviderConfigSchema: () => OAuthProviderConfigSchema
31
+ OAuthProviderConfigSchema: () => OAuthProviderConfigSchema,
32
+ OAuthProviderCredentialsSchema: () => OAuthProviderCredentialsSchema
32
33
  });
33
34
  module.exports = __toCommonJS(schemas_exports);
34
- var import_zod = require("zod");
35
- var OAuthProviderConfigSchema = (0, import_zod.object)({
36
- authorizeURL: (0, import_zod.string)().url(),
37
- accessToken: (0, import_zod.string)().url(),
38
- scope: (0, import_zod.string)().optional(),
39
- userInfo: (0, import_zod.string)().url(),
40
- responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
41
- clientId: (0, import_zod.string)(),
42
- clientSecret: (0, import_zod.string)()
35
+ var import_v4 = require("zod/v4");
36
+ var AuthorizeConfigSchema = import_v4.z.union([
37
+ (0, import_v4.string)().url(),
38
+ (0, import_v4.object)({
39
+ url: (0, import_v4.string)().url(),
40
+ params: (0, import_v4.object)({
41
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
42
+ scope: (0, import_v4.string)().optional()
43
+ })
44
+ })
45
+ ]);
46
+ var AccessTokenConfigSchema = import_v4.z.union([
47
+ (0, import_v4.string)().url(),
48
+ (0, import_v4.object)({
49
+ url: (0, import_v4.string)().url(),
50
+ headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
51
+ })
52
+ ]);
53
+ var UserInfoConfigSchema = import_v4.z.union([
54
+ (0, import_v4.string)().url(),
55
+ (0, import_v4.object)({
56
+ url: (0, import_v4.string)().url(),
57
+ headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
58
+ method: (0, import_v4.string)().optional()
59
+ })
60
+ ]);
61
+ var OAuthProviderCredentialsSchema = (0, import_v4.object)({
62
+ id: (0, import_v4.string)(),
63
+ name: (0, import_v4.string)(),
64
+ authorize: AuthorizeConfigSchema.optional(),
65
+ /** @deprecated */
66
+ authorizeURL: (0, import_v4.string)().url().optional(),
67
+ accessToken: AccessTokenConfigSchema,
68
+ /** @deprecated */
69
+ scope: (0, import_v4.string)().optional(),
70
+ userInfo: UserInfoConfigSchema,
71
+ /** @deprecated */
72
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
73
+ clientId: (0, import_v4.string)(),
74
+ clientSecret: (0, import_v4.string)(),
75
+ profile: import_v4.z.function().optional()
76
+ });
77
+ var OAuthProviderConfigSchema = (0, import_v4.object)({
78
+ authorize: AuthorizeConfigSchema.optional(),
79
+ /** @deprecated */
80
+ authorizeURL: (0, import_v4.string)().url().optional(),
81
+ accessToken: AccessTokenConfigSchema,
82
+ /** @deprecated */
83
+ scope: (0, import_v4.string)().optional(),
84
+ userInfo: UserInfoConfigSchema,
85
+ /** @deprecated */
86
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
87
+ clientId: (0, import_v4.string)(),
88
+ clientSecret: (0, import_v4.string)()
43
89
  });
44
90
  var OAuthAuthorization = OAuthProviderConfigSchema.extend({
45
- redirectURI: (0, import_zod.string)(),
46
- state: (0, import_zod.string)(),
47
- codeChallenge: (0, import_zod.string)(),
48
- codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
91
+ redirectURI: (0, import_v4.string)(),
92
+ state: (0, import_v4.string)(),
93
+ codeChallenge: (0, import_v4.string)(),
94
+ codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
49
95
  });
50
- var OAuthAuthorizationResponse = (0, import_zod.object)({
51
- state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
52
- code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
96
+ var OAuthAuthorizationResponse = (0, import_v4.object)({
97
+ state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
98
+ code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
53
99
  });
54
- var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
55
- error: (0, import_zod.enum)([
100
+ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
101
+ error: (0, import_v4.enum)([
56
102
  "invalid_request",
57
103
  "unauthorized_client",
58
104
  "access_denied",
@@ -61,24 +107,24 @@ var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
61
107
  "server_error",
62
108
  "temporarily_unavailable"
63
109
  ]),
64
- error_description: (0, import_zod.string)().optional(),
65
- error_uri: (0, import_zod.string)().optional(),
66
- state: (0, import_zod.string)()
110
+ error_description: (0, import_v4.string)().optional(),
111
+ error_uri: (0, import_v4.string)().optional(),
112
+ state: (0, import_v4.string)()
67
113
  });
68
114
  var OAuthAccessToken = OAuthProviderConfigSchema.extend({
69
- redirectURI: (0, import_zod.string)(),
70
- code: (0, import_zod.string)(),
71
- codeVerifier: (0, import_zod.string)().min(43).max(128)
115
+ redirectURI: (0, import_v4.string)(),
116
+ code: (0, import_v4.string)(),
117
+ codeVerifier: (0, import_v4.string)().min(43).max(128)
72
118
  });
73
- var OAuthAccessTokenResponse = (0, import_zod.object)({
74
- access_token: (0, import_zod.string)(),
75
- token_type: (0, import_zod.string)().optional(),
76
- expires_in: (0, import_zod.number)().optional(),
77
- refresh_token: (0, import_zod.string)().optional(),
78
- scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
119
+ var OAuthAccessTokenResponse = (0, import_v4.object)({
120
+ access_token: (0, import_v4.string)(),
121
+ token_type: (0, import_v4.string)().optional(),
122
+ expires_in: (0, import_v4.number)().optional(),
123
+ refresh_token: (0, import_v4.string)().optional(),
124
+ scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
79
125
  });
80
- var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
81
- error: (0, import_zod.enum)([
126
+ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
127
+ error: (0, import_v4.enum)([
82
128
  "invalid_request",
83
129
  "invalid_client",
84
130
  "invalid_grant",
@@ -86,16 +132,16 @@ var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
86
132
  "unsupported_grant_type",
87
133
  "invalid_scope"
88
134
  ]),
89
- error_description: (0, import_zod.string)().optional(),
90
- error_uri: (0, import_zod.string)().optional()
135
+ error_description: (0, import_v4.string)().optional(),
136
+ error_uri: (0, import_v4.string)().optional()
91
137
  });
92
- var OAuthErrorResponse = (0, import_zod.object)({
93
- error: (0, import_zod.string)(),
94
- error_description: (0, import_zod.string)().optional()
138
+ var OAuthErrorResponse = (0, import_v4.object)({
139
+ error: (0, import_v4.string)(),
140
+ error_description: (0, import_v4.string)().optional()
95
141
  });
96
- var OAuthEnvSchema = (0, import_zod.object)({
97
- clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
98
- clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
142
+ var OAuthEnvSchema = (0, import_v4.object)({
143
+ clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
144
+ clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
99
145
  });
100
146
  // Annotate the CommonJS export names for ESM import in node:
101
147
  0 && (module.exports = {
@@ -107,5 +153,6 @@ var OAuthEnvSchema = (0, import_zod.object)({
107
153
  OAuthAuthorizationResponse,
108
154
  OAuthEnvSchema,
109
155
  OAuthErrorResponse,
110
- OAuthProviderConfigSchema
156
+ OAuthProviderConfigSchema,
157
+ OAuthProviderCredentialsSchema
111
158
  });
package/dist/schemas.d.ts CHANGED
@@ -1,18 +1,74 @@
1
- import { z } from 'zod';
1
+ import { z } from 'zod/v4';
2
2
 
3
+ declare const OAuthProviderCredentialsSchema: z.ZodObject<{
4
+ id: z.ZodString;
5
+ name: z.ZodString;
6
+ authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
7
+ url: z.ZodString;
8
+ params: z.ZodObject<{
9
+ responseType: z.ZodOptional<z.ZodEnum<{
10
+ token: "token";
11
+ code: "code";
12
+ id_token: "id_token";
13
+ refresh_token: "refresh_token";
14
+ }>>;
15
+ scope: z.ZodOptional<z.ZodString>;
16
+ }, z.core.$strip>;
17
+ }, z.core.$strip>]>>;
18
+ authorizeURL: z.ZodOptional<z.ZodString>;
19
+ accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
20
+ url: z.ZodString;
21
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
22
+ }, z.core.$strip>]>;
23
+ scope: z.ZodOptional<z.ZodString>;
24
+ userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
25
+ url: z.ZodString;
26
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
27
+ method: z.ZodOptional<z.ZodString>;
28
+ }, z.core.$strip>]>;
29
+ responseType: z.ZodOptional<z.ZodEnum<{
30
+ token: "token";
31
+ code: "code";
32
+ id_token: "id_token";
33
+ refresh_token: "refresh_token";
34
+ }>>;
35
+ clientId: z.ZodString;
36
+ clientSecret: z.ZodString;
37
+ profile: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
38
+ }, z.core.$strip>;
3
39
  /**
4
40
  * Schema for OAuth Provider Configuration
5
41
  */
6
42
  declare const OAuthProviderConfigSchema: z.ZodObject<{
7
- authorizeURL: z.ZodString;
8
- accessToken: z.ZodString;
43
+ authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
44
+ url: z.ZodString;
45
+ params: z.ZodObject<{
46
+ responseType: z.ZodOptional<z.ZodEnum<{
47
+ token: "token";
48
+ code: "code";
49
+ id_token: "id_token";
50
+ refresh_token: "refresh_token";
51
+ }>>;
52
+ scope: z.ZodOptional<z.ZodString>;
53
+ }, z.core.$strip>;
54
+ }, z.core.$strip>]>>;
55
+ authorizeURL: z.ZodOptional<z.ZodString>;
56
+ accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
57
+ url: z.ZodString;
58
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
59
+ }, z.core.$strip>]>;
9
60
  scope: z.ZodOptional<z.ZodString>;
10
- userInfo: z.ZodString;
11
- responseType: z.ZodEnum<{
61
+ userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
62
+ url: z.ZodString;
63
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
64
+ method: z.ZodOptional<z.ZodString>;
65
+ }, z.core.$strip>]>;
66
+ responseType: z.ZodOptional<z.ZodEnum<{
12
67
  token: "token";
13
68
  code: "code";
14
69
  id_token: "id_token";
15
- }>;
70
+ refresh_token: "refresh_token";
71
+ }>>;
16
72
  clientId: z.ZodString;
17
73
  clientSecret: z.ZodString;
18
74
  }, z.core.$strip>;
@@ -22,15 +78,35 @@ declare const OAuthProviderConfigSchema: z.ZodObject<{
22
78
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
23
79
  */
24
80
  declare const OAuthAuthorization: z.ZodObject<{
25
- authorizeURL: z.ZodString;
26
- accessToken: z.ZodString;
81
+ authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
82
+ url: z.ZodString;
83
+ params: z.ZodObject<{
84
+ responseType: z.ZodOptional<z.ZodEnum<{
85
+ token: "token";
86
+ code: "code";
87
+ id_token: "id_token";
88
+ refresh_token: "refresh_token";
89
+ }>>;
90
+ scope: z.ZodOptional<z.ZodString>;
91
+ }, z.core.$strip>;
92
+ }, z.core.$strip>]>>;
93
+ authorizeURL: z.ZodOptional<z.ZodString>;
94
+ accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
95
+ url: z.ZodString;
96
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
97
+ }, z.core.$strip>]>;
27
98
  scope: z.ZodOptional<z.ZodString>;
28
- userInfo: z.ZodString;
29
- responseType: z.ZodEnum<{
99
+ userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
100
+ url: z.ZodString;
101
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
102
+ method: z.ZodOptional<z.ZodString>;
103
+ }, z.core.$strip>]>;
104
+ responseType: z.ZodOptional<z.ZodEnum<{
30
105
  token: "token";
31
106
  code: "code";
32
107
  id_token: "id_token";
33
- }>;
108
+ refresh_token: "refresh_token";
109
+ }>>;
34
110
  clientId: z.ZodString;
35
111
  clientSecret: z.ZodString;
36
112
  redirectURI: z.ZodString;
@@ -74,15 +150,35 @@ declare const OAuthAuthorizationErrorResponse: z.ZodObject<{
74
150
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
75
151
  */
76
152
  declare const OAuthAccessToken: z.ZodObject<{
77
- authorizeURL: z.ZodString;
78
- accessToken: z.ZodString;
153
+ authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
154
+ url: z.ZodString;
155
+ params: z.ZodObject<{
156
+ responseType: z.ZodOptional<z.ZodEnum<{
157
+ token: "token";
158
+ code: "code";
159
+ id_token: "id_token";
160
+ refresh_token: "refresh_token";
161
+ }>>;
162
+ scope: z.ZodOptional<z.ZodString>;
163
+ }, z.core.$strip>;
164
+ }, z.core.$strip>]>>;
165
+ authorizeURL: z.ZodOptional<z.ZodString>;
166
+ accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
167
+ url: z.ZodString;
168
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
169
+ }, z.core.$strip>]>;
79
170
  scope: z.ZodOptional<z.ZodString>;
80
- userInfo: z.ZodString;
81
- responseType: z.ZodEnum<{
171
+ userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
172
+ url: z.ZodString;
173
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
174
+ method: z.ZodOptional<z.ZodString>;
175
+ }, z.core.$strip>]>;
176
+ responseType: z.ZodOptional<z.ZodEnum<{
82
177
  token: "token";
83
178
  code: "code";
84
179
  id_token: "id_token";
85
- }>;
180
+ refresh_token: "refresh_token";
181
+ }>>;
86
182
  clientId: z.ZodString;
87
183
  clientSecret: z.ZodString;
88
184
  redirectURI: z.ZodString;
@@ -99,7 +195,7 @@ declare const OAuthAccessTokenResponse: z.ZodObject<{
99
195
  token_type: z.ZodOptional<z.ZodString>;
100
196
  expires_in: z.ZodOptional<z.ZodNumber>;
101
197
  refresh_token: z.ZodOptional<z.ZodString>;
102
- scope: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodNull]>;
198
+ scope: z.ZodUnion<readonly [z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodNull]>, z.ZodOptional<z.ZodArray<z.ZodString>>]>;
103
199
  }, z.core.$strip>;
104
200
  /**
105
201
  * Schema for OAuth Access Token Error Response
@@ -130,4 +226,4 @@ declare const OAuthEnvSchema: z.ZodObject<{
130
226
  clientSecret: z.ZodString;
131
227
  }, z.core.$strip>;
132
228
 
133
- export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema };
229
+ export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema, OAuthProviderCredentialsSchema };
package/dist/schemas.js CHANGED
@@ -7,8 +7,9 @@ import {
7
7
  OAuthAuthorizationResponse,
8
8
  OAuthEnvSchema,
9
9
  OAuthErrorResponse,
10
- OAuthProviderConfigSchema
11
- } from "./chunk-YRCB5FLE.js";
10
+ OAuthProviderConfigSchema,
11
+ OAuthProviderCredentialsSchema
12
+ } from "./chunk-2A5B7GWR.js";
12
13
  export {
13
14
  OAuthAccessToken,
14
15
  OAuthAccessTokenErrorResponse,
@@ -18,5 +19,6 @@ export {
18
19
  OAuthAuthorizationResponse,
19
20
  OAuthEnvSchema,
20
21
  OAuthErrorResponse,
21
- OAuthProviderConfigSchema
22
+ OAuthProviderConfigSchema,
23
+ OAuthProviderCredentialsSchema
22
24
  };
package/dist/secure.cjs CHANGED
@@ -1,9 +1,7 @@
1
1
  "use strict";
2
- var __create = Object.create;
3
2
  var __defProp = Object.defineProperty;
4
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
6
  var __export = (target, all) => {
9
7
  for (var name in all)
@@ -17,28 +15,19 @@ var __copyProps = (to, from, except, desc) => {
17
15
  }
18
16
  return to;
19
17
  };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
19
 
30
20
  // src/secure.ts
31
21
  var secure_exports = {};
32
22
  __export(secure_exports, {
33
23
  createCSRF: () => createCSRF,
34
- createDerivedSalt: () => createDerivedSalt,
35
24
  createHash: () => createHash,
36
25
  createPKCE: () => createPKCE,
26
+ createSecretValue: () => createSecretValue,
37
27
  generateSecure: () => generateSecure,
38
28
  verifyCSRF: () => verifyCSRF
39
29
  });
40
30
  module.exports = __toCommonJS(secure_exports);
41
- var import_crypto = __toESM(require("crypto"), 1);
42
31
 
43
32
  // src/utils.ts
44
33
  var import_router = require("@aura-stack/router");
@@ -55,34 +44,92 @@ var AuthSecurityError = class extends Error {
55
44
  }
56
45
  };
57
46
 
47
+ // src/env.ts
48
+ var import_meta = {};
49
+ var env = new Proxy({}, {
50
+ get(_, prop) {
51
+ if (typeof prop !== "string") return void 0;
52
+ const hasProperty = (process2) => {
53
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
54
+ };
55
+ try {
56
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
57
+ return process.env[prop];
58
+ }
59
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
60
+ return import_meta.env[prop];
61
+ }
62
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
63
+ return Deno.env.get(prop);
64
+ }
65
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
66
+ return Bun.env[prop];
67
+ }
68
+ const globalValue = globalThis[prop];
69
+ return typeof globalValue === "string" ? globalValue : void 0;
70
+ } catch {
71
+ return void 0;
72
+ }
73
+ }
74
+ });
75
+
76
+ // src/assert.ts
77
+ var import_crypto = require("@aura-stack/jose/crypto");
78
+ var isJWTPayloadWithToken = (payload) => {
79
+ return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
80
+ };
81
+ var timingSafeEqual = (a, b) => {
82
+ const bufferA = import_crypto.encoder.encode(a);
83
+ const bufferB = import_crypto.encoder.encode(b);
84
+ const len = Math.max(bufferA.length, bufferB.length);
85
+ let diff = 0;
86
+ for (let i = 0; i < len; i++) {
87
+ diff |= (bufferA[i] ?? 0) ^ (bufferB[i] ?? 0);
88
+ }
89
+ return diff === 0 && bufferA.length === bufferB.length;
90
+ };
91
+
58
92
  // src/utils.ts
59
93
  var equals = (a, b) => {
60
94
  if (a === null || b === null || a === void 0 || b === void 0) return false;
61
95
  return a === b;
62
96
  };
63
97
 
64
- // src/assert.ts
65
- var isJWTPayloadWithToken = (payload) => {
66
- return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
98
+ // src/jose.ts
99
+ var import_jose = require("@aura-stack/jose");
100
+ var import_jose2 = require("@aura-stack/jose/jose");
101
+ var import_crypto2 = require("@aura-stack/jose/crypto");
102
+ var jwtVerificationOptions = {
103
+ algorithms: ["HS256"],
104
+ typ: "JWT"
67
105
  };
68
106
 
69
107
  // src/secure.ts
70
108
  var generateSecure = (length = 32) => {
71
- return import_crypto.default.randomBytes(length).toString("base64url");
109
+ return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
110
+ };
111
+ var createSecretValue = (length = 32) => {
112
+ return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
72
113
  };
73
- var createHash = (data, base = "hex") => {
74
- return import_crypto.default.createHash("sha256").update(data).digest().toString(base);
114
+ var createHash = async (data) => {
115
+ const subtle = (0, import_crypto2.getSubtleCrypto)();
116
+ const digest = await subtle.digest("SHA-256", import_crypto2.encoder.encode(data));
117
+ return import_jose2.base64url.encode(new Uint8Array(digest));
75
118
  };
76
119
  var createPKCE = async (verifier) => {
77
- const codeVerifier = verifier ?? generateSecure(86);
78
- const codeChallenge = createHash(codeVerifier, "base64url");
120
+ const byteLength = verifier ? void 0 : Math.floor(Math.random() * (96 - 32 + 1) + 32);
121
+ const codeVerifier = verifier ?? generateSecure(byteLength ?? 64);
122
+ if (codeVerifier.length < 43 || codeVerifier.length > 128) {
123
+ throw new AuthSecurityError("PKCE_VERIFIER_INVALID", "The code verifier must be between 43 and 128 characters in length.");
124
+ }
125
+ const codeChallenge = await createHash(codeVerifier);
79
126
  return { codeVerifier, codeChallenge, method: "S256" };
80
127
  };
81
128
  var createCSRF = async (jose, csrfCookie) => {
82
129
  try {
83
130
  const token = generateSecure(32);
84
131
  if (csrfCookie) {
85
- await jose.verifyJWS(csrfCookie);
132
+ await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
86
133
  return csrfCookie;
87
134
  }
88
135
  return jose.signJWS({ token });
@@ -93,20 +140,18 @@ var createCSRF = async (jose, csrfCookie) => {
93
140
  };
94
141
  var verifyCSRF = async (jose, cookie, header) => {
95
142
  try {
96
- const cookiePayload = await jose.verifyJWS(cookie);
97
- const headerPayload = await jose.verifyJWS(header);
143
+ const cookiePayload = await jose.verifyJWS(cookie, jwtVerificationOptions);
144
+ const headerPayload = await jose.verifyJWS(header, jwtVerificationOptions);
98
145
  if (!isJWTPayloadWithToken(cookiePayload)) {
99
146
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
100
147
  }
101
148
  if (!isJWTPayloadWithToken(headerPayload)) {
102
149
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
103
150
  }
104
- const cookieBuffer = Buffer.from(cookiePayload.token);
105
- const headerBuffer = Buffer.from(headerPayload.token);
106
- if (!equals(headerBuffer.length, cookieBuffer.length)) {
151
+ if (!equals(cookiePayload.token.length, headerPayload.token.length)) {
107
152
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
108
153
  }
109
- if (!import_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
154
+ if (!timingSafeEqual(cookiePayload.token, headerPayload.token)) {
110
155
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
111
156
  }
112
157
  return true;
@@ -114,15 +159,12 @@ var verifyCSRF = async (jose, cookie, header) => {
114
159
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
115
160
  }
116
161
  };
117
- var createDerivedSalt = (secret) => {
118
- return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
119
- };
120
162
  // Annotate the CommonJS export names for ESM import in node:
121
163
  0 && (module.exports = {
122
164
  createCSRF,
123
- createDerivedSalt,
124
165
  createHash,
125
166
  createPKCE,
167
+ createSecretValue,
126
168
  generateSecure,
127
169
  verifyCSRF
128
170
  });
package/dist/secure.d.ts CHANGED
@@ -1,13 +1,20 @@
1
- import { A as AuthRuntimeConfig } from './index-B8jeIElf.js';
1
+ import { c as AuthRuntimeConfig } from './index-_aXtxb_s.js';
2
2
  import 'zod';
3
3
  import './schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import 'zod/v4';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/jose/crypto';
8
+ import '@aura-stack/router/cookie';
7
9
  import './@types/utility.js';
10
+ import 'jose';
11
+ import '@aura-stack/router';
12
+ import 'zod/v4/core';
8
13
 
14
+ /** @deprecated use `createSecretValue` instead */
9
15
  declare const generateSecure: (length?: number) => string;
10
- declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string;
16
+ declare const createSecretValue: (length?: number) => string;
17
+ declare const createHash: (data: string) => Promise<string>;
11
18
  /**
12
19
  * Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
13
20
  * code challenge using SHA-256 hashing.
@@ -30,12 +37,5 @@ declare const createPKCE: (verifier?: string) => Promise<{
30
37
  */
31
38
  declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
32
39
  declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
33
- /**
34
- * Creates a deterministic derived salt from the provided secret.
35
- *
36
- * @param secret the base secret to derive the salt from
37
- * @returns the derived salt as a hexadecimal string
38
- */
39
- declare const createDerivedSalt: (secret: string) => string;
40
40
 
41
- export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF };
41
+ export { createCSRF, createHash, createPKCE, createSecretValue, generateSecure, verifyCSRF };