@aura-stack/auth 0.4.0-rc.5 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +8 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +7 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +130 -71
- package/dist/actions/callback/access-token.d.ts +9 -4
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +428 -152
- package/dist/actions/callback/callback.d.ts +11 -3
- package/dist/actions/callback/callback.js +12 -10
- package/dist/actions/callback/userinfo.cjs +159 -65
- package/dist/actions/callback/userinfo.d.ts +8 -3
- package/dist/actions/callback/userinfo.js +7 -6
- package/dist/actions/csrfToken/csrfToken.cjs +70 -19
- package/dist/actions/csrfToken/csrfToken.js +8 -7
- package/dist/actions/index.cjs +780 -348
- package/dist/actions/index.d.ts +6 -2
- package/dist/actions/index.js +23 -18
- package/dist/actions/session/session.cjs +107 -26
- package/dist/actions/session/session.js +7 -5
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +209 -211
- package/dist/actions/signIn/authorization.d.ts +32 -21
- package/dist/actions/signIn/authorization.js +12 -9
- package/dist/actions/signIn/signIn.cjs +470 -235
- package/dist/actions/signIn/signIn.d.ts +12 -3
- package/dist/actions/signIn/signIn.js +11 -8
- package/dist/actions/signOut/signOut.cjs +376 -228
- package/dist/actions/signOut/signOut.d.ts +1 -1
- package/dist/actions/signOut/signOut.js +10 -9
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +150 -5
- package/dist/assert.d.ts +26 -3
- package/dist/assert.js +17 -3
- package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/chunk-7BE46WWS.js +88 -0
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/chunk-GNNBM2WJ.js +83 -0
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LATR3NIV.js +117 -0
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/chunk-NHZBQNRR.js +143 -0
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/chunk-PDP3PHB3.js +127 -0
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/chunk-U4RK4LKJ.js +348 -0
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/chunk-V6LLEAR4.js +80 -0
- package/dist/chunk-WHNDRO3N.js +50 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +57 -22
- package/dist/cookie.d.ts +11 -6
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +78 -0
- package/dist/env.d.ts +10 -0
- package/dist/env.js +12 -0
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +15 -4
- package/dist/errors.js +5 -1
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/index-_aXtxb_s.d.ts +1377 -0
- package/dist/index.cjs +1843 -610
- package/dist/index.d.ts +11 -92
- package/dist/index.js +53 -85
- package/dist/jose.cjs +113 -38
- package/dist/jose.d.ts +12 -23
- package/dist/jose.js +17 -7
- package/dist/logger.cjs +424 -0
- package/dist/logger.d.ts +12 -0
- package/dist/logger.js +17 -0
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +7 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +7 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +7 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +7 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +7 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +529 -239
- package/dist/oauth/index.d.ts +7 -2
- package/dist/oauth/index.js +39 -22
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +7 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +7 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +7 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +7 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +7 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +89 -42
- package/dist/schemas.d.ts +114 -18
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +73 -31
- package/dist/secure.d.ts +11 -11
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +203 -90
- package/dist/utils.d.ts +21 -40
- package/dist/utils.js +21 -12
- package/package.json +9 -6
- package/dist/chunk-3EUWD5BB.js +0 -63
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-GA2SMTJO.js +0 -58
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-IVET23KF.js +0 -58
- package/dist/chunk-JVFTCTTE.js +0 -33
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N2APGLXA.js +0 -71
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
- package/dist/chunk-TLE4PXY3.js +0 -39
- package/dist/index-B8jeIElf.d.ts +0 -679
- /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
package/dist/oauth/x.cjs
CHANGED
|
@@ -23,22 +23,25 @@ __export(x_exports, {
|
|
|
23
23
|
x: () => x
|
|
24
24
|
});
|
|
25
25
|
module.exports = __toCommonJS(x_exports);
|
|
26
|
-
var x = {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
26
|
+
var x = (options) => {
|
|
27
|
+
return {
|
|
28
|
+
id: "x",
|
|
29
|
+
name: "X",
|
|
30
|
+
authorizeURL: "https://twitter.com/i/oauth2/authorize",
|
|
31
|
+
accessToken: "https://api.twitter.com/2/oauth2/token",
|
|
32
|
+
userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
|
|
33
|
+
scope: "tweet.read users.read offline.access",
|
|
34
|
+
responseType: "code",
|
|
35
|
+
profile(profile) {
|
|
36
|
+
return {
|
|
37
|
+
sub: profile.data.id,
|
|
38
|
+
name: profile.data.name,
|
|
39
|
+
image: profile.data.profile_image_url,
|
|
40
|
+
email: void 0
|
|
41
|
+
};
|
|
42
|
+
},
|
|
43
|
+
...options
|
|
44
|
+
};
|
|
42
45
|
};
|
|
43
46
|
// Annotate the CommonJS export names for ESM import in node:
|
|
44
47
|
0 && (module.exports = {
|
package/dist/oauth/x.d.ts
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
|
-
export {
|
|
1
|
+
export { ah as XProfile, ai as x } from '../index-_aXtxb_s.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import '../schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import 'zod/v4';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/jose/crypto';
|
|
8
|
+
import '@aura-stack/router/cookie';
|
|
7
9
|
import '../@types/utility.js';
|
|
10
|
+
import 'jose';
|
|
11
|
+
import '@aura-stack/router';
|
|
12
|
+
import 'zod/v4/core';
|
package/dist/oauth/x.js
CHANGED
package/dist/schemas.cjs
CHANGED
|
@@ -28,31 +28,77 @@ __export(schemas_exports, {
|
|
|
28
28
|
OAuthAuthorizationResponse: () => OAuthAuthorizationResponse,
|
|
29
29
|
OAuthEnvSchema: () => OAuthEnvSchema,
|
|
30
30
|
OAuthErrorResponse: () => OAuthErrorResponse,
|
|
31
|
-
OAuthProviderConfigSchema: () => OAuthProviderConfigSchema
|
|
31
|
+
OAuthProviderConfigSchema: () => OAuthProviderConfigSchema,
|
|
32
|
+
OAuthProviderCredentialsSchema: () => OAuthProviderCredentialsSchema
|
|
32
33
|
});
|
|
33
34
|
module.exports = __toCommonJS(schemas_exports);
|
|
34
|
-
var
|
|
35
|
-
var
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
35
|
+
var import_v4 = require("zod/v4");
|
|
36
|
+
var AuthorizeConfigSchema = import_v4.z.union([
|
|
37
|
+
(0, import_v4.string)().url(),
|
|
38
|
+
(0, import_v4.object)({
|
|
39
|
+
url: (0, import_v4.string)().url(),
|
|
40
|
+
params: (0, import_v4.object)({
|
|
41
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
42
|
+
scope: (0, import_v4.string)().optional()
|
|
43
|
+
})
|
|
44
|
+
})
|
|
45
|
+
]);
|
|
46
|
+
var AccessTokenConfigSchema = import_v4.z.union([
|
|
47
|
+
(0, import_v4.string)().url(),
|
|
48
|
+
(0, import_v4.object)({
|
|
49
|
+
url: (0, import_v4.string)().url(),
|
|
50
|
+
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
|
|
51
|
+
})
|
|
52
|
+
]);
|
|
53
|
+
var UserInfoConfigSchema = import_v4.z.union([
|
|
54
|
+
(0, import_v4.string)().url(),
|
|
55
|
+
(0, import_v4.object)({
|
|
56
|
+
url: (0, import_v4.string)().url(),
|
|
57
|
+
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
|
|
58
|
+
method: (0, import_v4.string)().optional()
|
|
59
|
+
})
|
|
60
|
+
]);
|
|
61
|
+
var OAuthProviderCredentialsSchema = (0, import_v4.object)({
|
|
62
|
+
id: (0, import_v4.string)(),
|
|
63
|
+
name: (0, import_v4.string)(),
|
|
64
|
+
authorize: AuthorizeConfigSchema.optional(),
|
|
65
|
+
/** @deprecated */
|
|
66
|
+
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
67
|
+
accessToken: AccessTokenConfigSchema,
|
|
68
|
+
/** @deprecated */
|
|
69
|
+
scope: (0, import_v4.string)().optional(),
|
|
70
|
+
userInfo: UserInfoConfigSchema,
|
|
71
|
+
/** @deprecated */
|
|
72
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
73
|
+
clientId: (0, import_v4.string)(),
|
|
74
|
+
clientSecret: (0, import_v4.string)(),
|
|
75
|
+
profile: import_v4.z.function().optional()
|
|
76
|
+
});
|
|
77
|
+
var OAuthProviderConfigSchema = (0, import_v4.object)({
|
|
78
|
+
authorize: AuthorizeConfigSchema.optional(),
|
|
79
|
+
/** @deprecated */
|
|
80
|
+
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
81
|
+
accessToken: AccessTokenConfigSchema,
|
|
82
|
+
/** @deprecated */
|
|
83
|
+
scope: (0, import_v4.string)().optional(),
|
|
84
|
+
userInfo: UserInfoConfigSchema,
|
|
85
|
+
/** @deprecated */
|
|
86
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
87
|
+
clientId: (0, import_v4.string)(),
|
|
88
|
+
clientSecret: (0, import_v4.string)()
|
|
43
89
|
});
|
|
44
90
|
var OAuthAuthorization = OAuthProviderConfigSchema.extend({
|
|
45
|
-
redirectURI: (0,
|
|
46
|
-
state: (0,
|
|
47
|
-
codeChallenge: (0,
|
|
48
|
-
codeChallengeMethod: (0,
|
|
91
|
+
redirectURI: (0, import_v4.string)(),
|
|
92
|
+
state: (0, import_v4.string)(),
|
|
93
|
+
codeChallenge: (0, import_v4.string)(),
|
|
94
|
+
codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
|
|
49
95
|
});
|
|
50
|
-
var OAuthAuthorizationResponse = (0,
|
|
51
|
-
state: (0,
|
|
52
|
-
code: (0,
|
|
96
|
+
var OAuthAuthorizationResponse = (0, import_v4.object)({
|
|
97
|
+
state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
|
|
98
|
+
code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
|
|
53
99
|
});
|
|
54
|
-
var OAuthAuthorizationErrorResponse = (0,
|
|
55
|
-
error: (0,
|
|
100
|
+
var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
|
|
101
|
+
error: (0, import_v4.enum)([
|
|
56
102
|
"invalid_request",
|
|
57
103
|
"unauthorized_client",
|
|
58
104
|
"access_denied",
|
|
@@ -61,24 +107,24 @@ var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
|
|
|
61
107
|
"server_error",
|
|
62
108
|
"temporarily_unavailable"
|
|
63
109
|
]),
|
|
64
|
-
error_description: (0,
|
|
65
|
-
error_uri: (0,
|
|
66
|
-
state: (0,
|
|
110
|
+
error_description: (0, import_v4.string)().optional(),
|
|
111
|
+
error_uri: (0, import_v4.string)().optional(),
|
|
112
|
+
state: (0, import_v4.string)()
|
|
67
113
|
});
|
|
68
114
|
var OAuthAccessToken = OAuthProviderConfigSchema.extend({
|
|
69
|
-
redirectURI: (0,
|
|
70
|
-
code: (0,
|
|
71
|
-
codeVerifier: (0,
|
|
115
|
+
redirectURI: (0, import_v4.string)(),
|
|
116
|
+
code: (0, import_v4.string)(),
|
|
117
|
+
codeVerifier: (0, import_v4.string)().min(43).max(128)
|
|
72
118
|
});
|
|
73
|
-
var OAuthAccessTokenResponse = (0,
|
|
74
|
-
access_token: (0,
|
|
75
|
-
token_type: (0,
|
|
76
|
-
expires_in: (0,
|
|
77
|
-
refresh_token: (0,
|
|
78
|
-
scope: (0,
|
|
119
|
+
var OAuthAccessTokenResponse = (0, import_v4.object)({
|
|
120
|
+
access_token: (0, import_v4.string)(),
|
|
121
|
+
token_type: (0, import_v4.string)().optional(),
|
|
122
|
+
expires_in: (0, import_v4.number)().optional(),
|
|
123
|
+
refresh_token: (0, import_v4.string)().optional(),
|
|
124
|
+
scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
|
|
79
125
|
});
|
|
80
|
-
var OAuthAccessTokenErrorResponse = (0,
|
|
81
|
-
error: (0,
|
|
126
|
+
var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
|
|
127
|
+
error: (0, import_v4.enum)([
|
|
82
128
|
"invalid_request",
|
|
83
129
|
"invalid_client",
|
|
84
130
|
"invalid_grant",
|
|
@@ -86,16 +132,16 @@ var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
|
|
|
86
132
|
"unsupported_grant_type",
|
|
87
133
|
"invalid_scope"
|
|
88
134
|
]),
|
|
89
|
-
error_description: (0,
|
|
90
|
-
error_uri: (0,
|
|
135
|
+
error_description: (0, import_v4.string)().optional(),
|
|
136
|
+
error_uri: (0, import_v4.string)().optional()
|
|
91
137
|
});
|
|
92
|
-
var OAuthErrorResponse = (0,
|
|
93
|
-
error: (0,
|
|
94
|
-
error_description: (0,
|
|
138
|
+
var OAuthErrorResponse = (0, import_v4.object)({
|
|
139
|
+
error: (0, import_v4.string)(),
|
|
140
|
+
error_description: (0, import_v4.string)().optional()
|
|
95
141
|
});
|
|
96
|
-
var OAuthEnvSchema = (0,
|
|
97
|
-
clientId:
|
|
98
|
-
clientSecret:
|
|
142
|
+
var OAuthEnvSchema = (0, import_v4.object)({
|
|
143
|
+
clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
|
|
144
|
+
clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
|
|
99
145
|
});
|
|
100
146
|
// Annotate the CommonJS export names for ESM import in node:
|
|
101
147
|
0 && (module.exports = {
|
|
@@ -107,5 +153,6 @@ var OAuthEnvSchema = (0, import_zod.object)({
|
|
|
107
153
|
OAuthAuthorizationResponse,
|
|
108
154
|
OAuthEnvSchema,
|
|
109
155
|
OAuthErrorResponse,
|
|
110
|
-
OAuthProviderConfigSchema
|
|
156
|
+
OAuthProviderConfigSchema,
|
|
157
|
+
OAuthProviderCredentialsSchema
|
|
111
158
|
});
|
package/dist/schemas.d.ts
CHANGED
|
@@ -1,18 +1,74 @@
|
|
|
1
|
-
import { z } from 'zod';
|
|
1
|
+
import { z } from 'zod/v4';
|
|
2
2
|
|
|
3
|
+
declare const OAuthProviderCredentialsSchema: z.ZodObject<{
|
|
4
|
+
id: z.ZodString;
|
|
5
|
+
name: z.ZodString;
|
|
6
|
+
authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
7
|
+
url: z.ZodString;
|
|
8
|
+
params: z.ZodObject<{
|
|
9
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
10
|
+
token: "token";
|
|
11
|
+
code: "code";
|
|
12
|
+
id_token: "id_token";
|
|
13
|
+
refresh_token: "refresh_token";
|
|
14
|
+
}>>;
|
|
15
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
16
|
+
}, z.core.$strip>;
|
|
17
|
+
}, z.core.$strip>]>>;
|
|
18
|
+
authorizeURL: z.ZodOptional<z.ZodString>;
|
|
19
|
+
accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
20
|
+
url: z.ZodString;
|
|
21
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
22
|
+
}, z.core.$strip>]>;
|
|
23
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
24
|
+
userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
25
|
+
url: z.ZodString;
|
|
26
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
27
|
+
method: z.ZodOptional<z.ZodString>;
|
|
28
|
+
}, z.core.$strip>]>;
|
|
29
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
30
|
+
token: "token";
|
|
31
|
+
code: "code";
|
|
32
|
+
id_token: "id_token";
|
|
33
|
+
refresh_token: "refresh_token";
|
|
34
|
+
}>>;
|
|
35
|
+
clientId: z.ZodString;
|
|
36
|
+
clientSecret: z.ZodString;
|
|
37
|
+
profile: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
|
|
38
|
+
}, z.core.$strip>;
|
|
3
39
|
/**
|
|
4
40
|
* Schema for OAuth Provider Configuration
|
|
5
41
|
*/
|
|
6
42
|
declare const OAuthProviderConfigSchema: z.ZodObject<{
|
|
7
|
-
|
|
8
|
-
|
|
43
|
+
authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
44
|
+
url: z.ZodString;
|
|
45
|
+
params: z.ZodObject<{
|
|
46
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
47
|
+
token: "token";
|
|
48
|
+
code: "code";
|
|
49
|
+
id_token: "id_token";
|
|
50
|
+
refresh_token: "refresh_token";
|
|
51
|
+
}>>;
|
|
52
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
53
|
+
}, z.core.$strip>;
|
|
54
|
+
}, z.core.$strip>]>>;
|
|
55
|
+
authorizeURL: z.ZodOptional<z.ZodString>;
|
|
56
|
+
accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
57
|
+
url: z.ZodString;
|
|
58
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
59
|
+
}, z.core.$strip>]>;
|
|
9
60
|
scope: z.ZodOptional<z.ZodString>;
|
|
10
|
-
userInfo: z.ZodString
|
|
11
|
-
|
|
61
|
+
userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
62
|
+
url: z.ZodString;
|
|
63
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
64
|
+
method: z.ZodOptional<z.ZodString>;
|
|
65
|
+
}, z.core.$strip>]>;
|
|
66
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
12
67
|
token: "token";
|
|
13
68
|
code: "code";
|
|
14
69
|
id_token: "id_token";
|
|
15
|
-
|
|
70
|
+
refresh_token: "refresh_token";
|
|
71
|
+
}>>;
|
|
16
72
|
clientId: z.ZodString;
|
|
17
73
|
clientSecret: z.ZodString;
|
|
18
74
|
}, z.core.$strip>;
|
|
@@ -22,15 +78,35 @@ declare const OAuthProviderConfigSchema: z.ZodObject<{
|
|
|
22
78
|
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
|
|
23
79
|
*/
|
|
24
80
|
declare const OAuthAuthorization: z.ZodObject<{
|
|
25
|
-
|
|
26
|
-
|
|
81
|
+
authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
82
|
+
url: z.ZodString;
|
|
83
|
+
params: z.ZodObject<{
|
|
84
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
85
|
+
token: "token";
|
|
86
|
+
code: "code";
|
|
87
|
+
id_token: "id_token";
|
|
88
|
+
refresh_token: "refresh_token";
|
|
89
|
+
}>>;
|
|
90
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
91
|
+
}, z.core.$strip>;
|
|
92
|
+
}, z.core.$strip>]>>;
|
|
93
|
+
authorizeURL: z.ZodOptional<z.ZodString>;
|
|
94
|
+
accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
95
|
+
url: z.ZodString;
|
|
96
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
97
|
+
}, z.core.$strip>]>;
|
|
27
98
|
scope: z.ZodOptional<z.ZodString>;
|
|
28
|
-
userInfo: z.ZodString
|
|
29
|
-
|
|
99
|
+
userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
100
|
+
url: z.ZodString;
|
|
101
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
102
|
+
method: z.ZodOptional<z.ZodString>;
|
|
103
|
+
}, z.core.$strip>]>;
|
|
104
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
30
105
|
token: "token";
|
|
31
106
|
code: "code";
|
|
32
107
|
id_token: "id_token";
|
|
33
|
-
|
|
108
|
+
refresh_token: "refresh_token";
|
|
109
|
+
}>>;
|
|
34
110
|
clientId: z.ZodString;
|
|
35
111
|
clientSecret: z.ZodString;
|
|
36
112
|
redirectURI: z.ZodString;
|
|
@@ -74,15 +150,35 @@ declare const OAuthAuthorizationErrorResponse: z.ZodObject<{
|
|
|
74
150
|
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
|
|
75
151
|
*/
|
|
76
152
|
declare const OAuthAccessToken: z.ZodObject<{
|
|
77
|
-
|
|
78
|
-
|
|
153
|
+
authorize: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
154
|
+
url: z.ZodString;
|
|
155
|
+
params: z.ZodObject<{
|
|
156
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
157
|
+
token: "token";
|
|
158
|
+
code: "code";
|
|
159
|
+
id_token: "id_token";
|
|
160
|
+
refresh_token: "refresh_token";
|
|
161
|
+
}>>;
|
|
162
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
163
|
+
}, z.core.$strip>;
|
|
164
|
+
}, z.core.$strip>]>>;
|
|
165
|
+
authorizeURL: z.ZodOptional<z.ZodString>;
|
|
166
|
+
accessToken: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
167
|
+
url: z.ZodString;
|
|
168
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
169
|
+
}, z.core.$strip>]>;
|
|
79
170
|
scope: z.ZodOptional<z.ZodString>;
|
|
80
|
-
userInfo: z.ZodString
|
|
81
|
-
|
|
171
|
+
userInfo: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
|
|
172
|
+
url: z.ZodString;
|
|
173
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
174
|
+
method: z.ZodOptional<z.ZodString>;
|
|
175
|
+
}, z.core.$strip>]>;
|
|
176
|
+
responseType: z.ZodOptional<z.ZodEnum<{
|
|
82
177
|
token: "token";
|
|
83
178
|
code: "code";
|
|
84
179
|
id_token: "id_token";
|
|
85
|
-
|
|
180
|
+
refresh_token: "refresh_token";
|
|
181
|
+
}>>;
|
|
86
182
|
clientId: z.ZodString;
|
|
87
183
|
clientSecret: z.ZodString;
|
|
88
184
|
redirectURI: z.ZodString;
|
|
@@ -99,7 +195,7 @@ declare const OAuthAccessTokenResponse: z.ZodObject<{
|
|
|
99
195
|
token_type: z.ZodOptional<z.ZodString>;
|
|
100
196
|
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
101
197
|
refresh_token: z.ZodOptional<z.ZodString>;
|
|
102
|
-
scope: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodNull]>;
|
|
198
|
+
scope: z.ZodUnion<readonly [z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodNull]>, z.ZodOptional<z.ZodArray<z.ZodString>>]>;
|
|
103
199
|
}, z.core.$strip>;
|
|
104
200
|
/**
|
|
105
201
|
* Schema for OAuth Access Token Error Response
|
|
@@ -130,4 +226,4 @@ declare const OAuthEnvSchema: z.ZodObject<{
|
|
|
130
226
|
clientSecret: z.ZodString;
|
|
131
227
|
}, z.core.$strip>;
|
|
132
228
|
|
|
133
|
-
export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema };
|
|
229
|
+
export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema, OAuthProviderCredentialsSchema };
|
package/dist/schemas.js
CHANGED
|
@@ -7,8 +7,9 @@ import {
|
|
|
7
7
|
OAuthAuthorizationResponse,
|
|
8
8
|
OAuthEnvSchema,
|
|
9
9
|
OAuthErrorResponse,
|
|
10
|
-
OAuthProviderConfigSchema
|
|
11
|
-
|
|
10
|
+
OAuthProviderConfigSchema,
|
|
11
|
+
OAuthProviderCredentialsSchema
|
|
12
|
+
} from "./chunk-2A5B7GWR.js";
|
|
12
13
|
export {
|
|
13
14
|
OAuthAccessToken,
|
|
14
15
|
OAuthAccessTokenErrorResponse,
|
|
@@ -18,5 +19,6 @@ export {
|
|
|
18
19
|
OAuthAuthorizationResponse,
|
|
19
20
|
OAuthEnvSchema,
|
|
20
21
|
OAuthErrorResponse,
|
|
21
|
-
OAuthProviderConfigSchema
|
|
22
|
+
OAuthProviderConfigSchema,
|
|
23
|
+
OAuthProviderCredentialsSchema
|
|
22
24
|
};
|
package/dist/secure.cjs
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,28 +15,19 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/secure.ts
|
|
31
21
|
var secure_exports = {};
|
|
32
22
|
__export(secure_exports, {
|
|
33
23
|
createCSRF: () => createCSRF,
|
|
34
|
-
createDerivedSalt: () => createDerivedSalt,
|
|
35
24
|
createHash: () => createHash,
|
|
36
25
|
createPKCE: () => createPKCE,
|
|
26
|
+
createSecretValue: () => createSecretValue,
|
|
37
27
|
generateSecure: () => generateSecure,
|
|
38
28
|
verifyCSRF: () => verifyCSRF
|
|
39
29
|
});
|
|
40
30
|
module.exports = __toCommonJS(secure_exports);
|
|
41
|
-
var import_crypto = __toESM(require("crypto"), 1);
|
|
42
31
|
|
|
43
32
|
// src/utils.ts
|
|
44
33
|
var import_router = require("@aura-stack/router");
|
|
@@ -55,34 +44,92 @@ var AuthSecurityError = class extends Error {
|
|
|
55
44
|
}
|
|
56
45
|
};
|
|
57
46
|
|
|
47
|
+
// src/env.ts
|
|
48
|
+
var import_meta = {};
|
|
49
|
+
var env = new Proxy({}, {
|
|
50
|
+
get(_, prop) {
|
|
51
|
+
if (typeof prop !== "string") return void 0;
|
|
52
|
+
const hasProperty = (process2) => {
|
|
53
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
54
|
+
};
|
|
55
|
+
try {
|
|
56
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
57
|
+
return process.env[prop];
|
|
58
|
+
}
|
|
59
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
60
|
+
return import_meta.env[prop];
|
|
61
|
+
}
|
|
62
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
63
|
+
return Deno.env.get(prop);
|
|
64
|
+
}
|
|
65
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
66
|
+
return Bun.env[prop];
|
|
67
|
+
}
|
|
68
|
+
const globalValue = globalThis[prop];
|
|
69
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
70
|
+
} catch {
|
|
71
|
+
return void 0;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
// src/assert.ts
|
|
77
|
+
var import_crypto = require("@aura-stack/jose/crypto");
|
|
78
|
+
var isJWTPayloadWithToken = (payload) => {
|
|
79
|
+
return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
|
|
80
|
+
};
|
|
81
|
+
var timingSafeEqual = (a, b) => {
|
|
82
|
+
const bufferA = import_crypto.encoder.encode(a);
|
|
83
|
+
const bufferB = import_crypto.encoder.encode(b);
|
|
84
|
+
const len = Math.max(bufferA.length, bufferB.length);
|
|
85
|
+
let diff = 0;
|
|
86
|
+
for (let i = 0; i < len; i++) {
|
|
87
|
+
diff |= (bufferA[i] ?? 0) ^ (bufferB[i] ?? 0);
|
|
88
|
+
}
|
|
89
|
+
return diff === 0 && bufferA.length === bufferB.length;
|
|
90
|
+
};
|
|
91
|
+
|
|
58
92
|
// src/utils.ts
|
|
59
93
|
var equals = (a, b) => {
|
|
60
94
|
if (a === null || b === null || a === void 0 || b === void 0) return false;
|
|
61
95
|
return a === b;
|
|
62
96
|
};
|
|
63
97
|
|
|
64
|
-
// src/
|
|
65
|
-
var
|
|
66
|
-
|
|
98
|
+
// src/jose.ts
|
|
99
|
+
var import_jose = require("@aura-stack/jose");
|
|
100
|
+
var import_jose2 = require("@aura-stack/jose/jose");
|
|
101
|
+
var import_crypto2 = require("@aura-stack/jose/crypto");
|
|
102
|
+
var jwtVerificationOptions = {
|
|
103
|
+
algorithms: ["HS256"],
|
|
104
|
+
typ: "JWT"
|
|
67
105
|
};
|
|
68
106
|
|
|
69
107
|
// src/secure.ts
|
|
70
108
|
var generateSecure = (length = 32) => {
|
|
71
|
-
return
|
|
109
|
+
return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
|
|
110
|
+
};
|
|
111
|
+
var createSecretValue = (length = 32) => {
|
|
112
|
+
return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
|
|
72
113
|
};
|
|
73
|
-
var createHash = (data
|
|
74
|
-
|
|
114
|
+
var createHash = async (data) => {
|
|
115
|
+
const subtle = (0, import_crypto2.getSubtleCrypto)();
|
|
116
|
+
const digest = await subtle.digest("SHA-256", import_crypto2.encoder.encode(data));
|
|
117
|
+
return import_jose2.base64url.encode(new Uint8Array(digest));
|
|
75
118
|
};
|
|
76
119
|
var createPKCE = async (verifier) => {
|
|
77
|
-
const
|
|
78
|
-
const
|
|
120
|
+
const byteLength = verifier ? void 0 : Math.floor(Math.random() * (96 - 32 + 1) + 32);
|
|
121
|
+
const codeVerifier = verifier ?? generateSecure(byteLength ?? 64);
|
|
122
|
+
if (codeVerifier.length < 43 || codeVerifier.length > 128) {
|
|
123
|
+
throw new AuthSecurityError("PKCE_VERIFIER_INVALID", "The code verifier must be between 43 and 128 characters in length.");
|
|
124
|
+
}
|
|
125
|
+
const codeChallenge = await createHash(codeVerifier);
|
|
79
126
|
return { codeVerifier, codeChallenge, method: "S256" };
|
|
80
127
|
};
|
|
81
128
|
var createCSRF = async (jose, csrfCookie) => {
|
|
82
129
|
try {
|
|
83
130
|
const token = generateSecure(32);
|
|
84
131
|
if (csrfCookie) {
|
|
85
|
-
await jose.verifyJWS(csrfCookie);
|
|
132
|
+
await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
|
|
86
133
|
return csrfCookie;
|
|
87
134
|
}
|
|
88
135
|
return jose.signJWS({ token });
|
|
@@ -93,20 +140,18 @@ var createCSRF = async (jose, csrfCookie) => {
|
|
|
93
140
|
};
|
|
94
141
|
var verifyCSRF = async (jose, cookie, header) => {
|
|
95
142
|
try {
|
|
96
|
-
const cookiePayload = await jose.verifyJWS(cookie);
|
|
97
|
-
const headerPayload = await jose.verifyJWS(header);
|
|
143
|
+
const cookiePayload = await jose.verifyJWS(cookie, jwtVerificationOptions);
|
|
144
|
+
const headerPayload = await jose.verifyJWS(header, jwtVerificationOptions);
|
|
98
145
|
if (!isJWTPayloadWithToken(cookiePayload)) {
|
|
99
146
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
|
|
100
147
|
}
|
|
101
148
|
if (!isJWTPayloadWithToken(headerPayload)) {
|
|
102
149
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
|
|
103
150
|
}
|
|
104
|
-
|
|
105
|
-
const headerBuffer = Buffer.from(headerPayload.token);
|
|
106
|
-
if (!equals(headerBuffer.length, cookieBuffer.length)) {
|
|
151
|
+
if (!equals(cookiePayload.token.length, headerPayload.token.length)) {
|
|
107
152
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
|
|
108
153
|
}
|
|
109
|
-
if (!
|
|
154
|
+
if (!timingSafeEqual(cookiePayload.token, headerPayload.token)) {
|
|
110
155
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
|
|
111
156
|
}
|
|
112
157
|
return true;
|
|
@@ -114,15 +159,12 @@ var verifyCSRF = async (jose, cookie, header) => {
|
|
|
114
159
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
|
|
115
160
|
}
|
|
116
161
|
};
|
|
117
|
-
var createDerivedSalt = (secret) => {
|
|
118
|
-
return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
|
|
119
|
-
};
|
|
120
162
|
// Annotate the CommonJS export names for ESM import in node:
|
|
121
163
|
0 && (module.exports = {
|
|
122
164
|
createCSRF,
|
|
123
|
-
createDerivedSalt,
|
|
124
165
|
createHash,
|
|
125
166
|
createPKCE,
|
|
167
|
+
createSecretValue,
|
|
126
168
|
generateSecure,
|
|
127
169
|
verifyCSRF
|
|
128
170
|
});
|
package/dist/secure.d.ts
CHANGED
|
@@ -1,13 +1,20 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { c as AuthRuntimeConfig } from './index-_aXtxb_s.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import './schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import 'zod/v4';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/jose/crypto';
|
|
8
|
+
import '@aura-stack/router/cookie';
|
|
7
9
|
import './@types/utility.js';
|
|
10
|
+
import 'jose';
|
|
11
|
+
import '@aura-stack/router';
|
|
12
|
+
import 'zod/v4/core';
|
|
8
13
|
|
|
14
|
+
/** @deprecated use `createSecretValue` instead */
|
|
9
15
|
declare const generateSecure: (length?: number) => string;
|
|
10
|
-
declare const
|
|
16
|
+
declare const createSecretValue: (length?: number) => string;
|
|
17
|
+
declare const createHash: (data: string) => Promise<string>;
|
|
11
18
|
/**
|
|
12
19
|
* Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
|
|
13
20
|
* code challenge using SHA-256 hashing.
|
|
@@ -30,12 +37,5 @@ declare const createPKCE: (verifier?: string) => Promise<{
|
|
|
30
37
|
*/
|
|
31
38
|
declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
|
|
32
39
|
declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
|
|
33
|
-
/**
|
|
34
|
-
* Creates a deterministic derived salt from the provided secret.
|
|
35
|
-
*
|
|
36
|
-
* @param secret the base secret to derive the salt from
|
|
37
|
-
* @returns the derived salt as a hexadecimal string
|
|
38
|
-
*/
|
|
39
|
-
declare const createDerivedSalt: (secret: string) => string;
|
|
40
40
|
|
|
41
|
-
export { createCSRF,
|
|
41
|
+
export { createCSRF, createHash, createPKCE, createSecretValue, generateSecure, verifyCSRF };
|