@aura-stack/auth 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +6 -2
- package/dist/@types/router.d.d.ts +6 -2
- package/dist/actions/callback/access-token.cjs +103 -59
- package/dist/actions/callback/access-token.d.ts +7 -3
- package/dist/actions/callback/access-token.js +3 -3
- package/dist/actions/callback/callback.cjs +200 -134
- package/dist/actions/callback/callback.d.ts +32 -3
- package/dist/actions/callback/callback.js +11 -12
- package/dist/actions/callback/userinfo.cjs +103 -70
- package/dist/actions/callback/userinfo.d.ts +6 -2
- package/dist/actions/callback/userinfo.js +7 -8
- package/dist/actions/csrfToken/csrfToken.cjs +7 -15
- package/dist/actions/csrfToken/csrfToken.d.ts +3 -1
- package/dist/actions/csrfToken/csrfToken.js +7 -8
- package/dist/actions/index.cjs +502 -295
- package/dist/actions/index.d.ts +5 -2
- package/dist/actions/index.js +23 -20
- package/dist/actions/session/session.cjs +76 -24
- package/dist/actions/session/session.d.ts +3 -1
- package/dist/actions/session/session.js +6 -4
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +91 -132
- package/dist/actions/signIn/authorization.d.ts +17 -16
- package/dist/actions/signIn/authorization.js +8 -7
- package/dist/actions/signIn/signIn.cjs +319 -191
- package/dist/actions/signIn/signIn.d.ts +32 -3
- package/dist/actions/signIn/signIn.js +10 -9
- package/dist/actions/signOut/signOut.cjs +211 -212
- package/dist/actions/signOut/signOut.d.ts +9 -1
- package/dist/actions/signOut/signOut.js +9 -10
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +42 -9
- package/dist/assert.d.ts +8 -4
- package/dist/assert.js +5 -5
- package/dist/{chunk-KJBAQZX2.js → chunk-2A5B7GWR.js} +44 -11
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-5X7JZMEF.js +0 -0
- package/dist/{chunk-TZB6MUXN.js → chunk-7BE46WWS.js} +21 -11
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/{chunk-ICAZ4OVS.js → chunk-FPCVZUVG.js} +2 -2
- package/dist/{chunk-XGLBNXL4.js → chunk-GNNBM2WJ.js} +17 -9
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/{chunk-XUP6KKNG.js → chunk-LATR3NIV.js} +48 -37
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/{chunk-6MXFPFR3.js → chunk-NHZBQNRR.js} +19 -19
- package/dist/{chunk-TM5IPSNF.js → chunk-PDP3PHB3.js} +33 -19
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/{chunk-VNCNJKS2.js → chunk-U4RK4LKJ.js} +82 -1
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/{chunk-NUDITUKX.js → chunk-V6LLEAR4.js} +22 -15
- package/dist/{chunk-4MYWAOLG.js → chunk-WHNDRO3N.js} +20 -1
- package/dist/{chunk-5W4BRQYG.js → chunk-XY5R3EHH.js} +6 -3
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +33 -2
- package/dist/cookie.d.ts +9 -5
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +24 -2
- package/dist/env.d.ts +4 -1
- package/dist/env.js +9 -3
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +13 -3
- package/dist/errors.js +5 -1
- package/dist/{index-CSyIJmCM.d.ts → index-_aXtxb_s.d.ts} +383 -13
- package/dist/index.cjs +2135 -1547
- package/dist/index.d.ts +9 -30
- package/dist/index.js +46 -119
- package/dist/jose.cjs +52 -14
- package/dist/jose.d.ts +12 -25
- package/dist/jose.js +11 -3
- package/dist/logger.cjs +132 -0
- package/dist/logger.d.ts +6 -2
- package/dist/logger.js +10 -1
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.d.ts +6 -2
- package/dist/oauth/discord.d.ts +6 -2
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.d.ts +6 -2
- package/dist/oauth/github.d.ts +6 -2
- package/dist/oauth/gitlab.d.ts +6 -2
- package/dist/oauth/index.cjs +278 -88
- package/dist/oauth/index.d.ts +6 -2
- package/dist/oauth/index.js +27 -11
- package/dist/oauth/mailchimp.d.ts +6 -2
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.d.ts +6 -2
- package/dist/oauth/spotify.d.ts +6 -2
- package/dist/oauth/strava.d.ts +6 -2
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.d.ts +6 -2
- package/dist/schemas.cjs +84 -51
- package/dist/schemas.d.ts +103 -23
- package/dist/schemas.js +1 -1
- package/dist/secure.cjs +36 -36
- package/dist/secure.d.ts +10 -4
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +109 -3
- package/dist/utils.d.ts +15 -4
- package/dist/utils.js +11 -4
- package/package.json +9 -5
- package/dist/chunk-4EKY7655.js +0 -123
- package/dist/chunk-7QF22LHP.js +0 -67
- package/dist/chunk-ALG3GIV4.js +0 -95
- package/dist/chunk-FRJFWTOY.js +0 -70
- package/dist/chunk-PHFH2MGS.js +0 -36
- package/dist/chunk-QQVSRXGX.js +0 -149
|
@@ -1,9 +1,17 @@
|
|
|
1
|
+
import * as zod from 'zod';
|
|
1
2
|
import { z } from 'zod';
|
|
2
3
|
import { OAuthAuthorizationErrorResponse, OAuthAccessTokenErrorResponse, OAuthEnvSchema } from './schemas.js';
|
|
3
|
-
import
|
|
4
|
+
import * as _aura_stack_jose from '@aura-stack/jose';
|
|
5
|
+
import { DecodedJWTPayloadOptions, TypedJWTPayload, JWTVerifyOptions } from '@aura-stack/jose';
|
|
6
|
+
import * as _aura_stack_jose_jose from '@aura-stack/jose/jose';
|
|
7
|
+
import { JWTPayload } from '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/jose/crypto';
|
|
4
9
|
import { SerializeOptions } from '@aura-stack/router/cookie';
|
|
5
10
|
import { LiteralUnion, Prettify } from './@types/utility.js';
|
|
6
|
-
import
|
|
11
|
+
import * as jose from 'jose';
|
|
12
|
+
import * as _aura_stack_router from '@aura-stack/router';
|
|
13
|
+
import { GlobalContext, ClientOptions } from '@aura-stack/router';
|
|
14
|
+
import * as zod_v4_core from 'zod/v4/core';
|
|
7
15
|
|
|
8
16
|
/**
|
|
9
17
|
* Log message definitions organized by category.
|
|
@@ -264,6 +272,169 @@ declare const logMessages: {
|
|
|
264
272
|
};
|
|
265
273
|
};
|
|
266
274
|
declare const createLogEntry: <T extends keyof typeof logMessages>(key: T, overrides?: Partial<SyslogOptions>) => SyslogOptions;
|
|
275
|
+
declare const createSyslogMessage: (options: SyslogOptions) => string;
|
|
276
|
+
declare const createLogger: (logger?: Required<Logger>) => InternalLogger | undefined;
|
|
277
|
+
/**
|
|
278
|
+
* Creates the logger instance based on the provided configuration and environment variables.
|
|
279
|
+
* Priority: config.logger, LOG_LEVEL env, DEBUG env and defaults to undefined if logging is not enabled.
|
|
280
|
+
*
|
|
281
|
+
*/
|
|
282
|
+
declare const createProxyLogger: (config?: AuthConfig) => InternalLogger | undefined;
|
|
283
|
+
|
|
284
|
+
/**
|
|
285
|
+
* Creates the JOSE instance used for signing and verifying tokens. It derives keys
|
|
286
|
+
* for session tokens and CSRF tokens. For security and determinism, it's required
|
|
287
|
+
* to set a salt value in `AURA_AUTH_SALT` or `AUTH_SALT` env.
|
|
288
|
+
*
|
|
289
|
+
* @param secret the base secret for key derivation
|
|
290
|
+
* @returns jose instance with methods for encoding/decoding JWTs and signing/verifying JWSs
|
|
291
|
+
*/
|
|
292
|
+
declare const createJoseInstance: (secret?: string) => {
|
|
293
|
+
decodeJWT: (token: string, options?: DecodedJWTPayloadOptions) => Promise<TypedJWTPayload<User>>;
|
|
294
|
+
encodeJWT: (payload: TypedJWTPayload<Partial<User>>) => Promise<string>;
|
|
295
|
+
signJWS: (payload: TypedJWTPayload<Partial<_aura_stack_jose_jose.JWTPayload>>) => Promise<string>;
|
|
296
|
+
verifyJWS: (payload: string, options?: JWTVerifyOptions | undefined) => Promise<_aura_stack_jose_jose.JWTPayload>;
|
|
297
|
+
encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions | undefined) => Promise<string>;
|
|
298
|
+
decryptJWE: (payload: string, options?: _aura_stack_jose.JWTDecryptOptions | undefined) => Promise<string>;
|
|
299
|
+
};
|
|
300
|
+
declare const jwtVerificationOptions: JWTVerifyOptions;
|
|
301
|
+
declare const decodeJWTOptions: DecodedJWTPayloadOptions;
|
|
302
|
+
|
|
303
|
+
interface ExtendedProfile {
|
|
304
|
+
job_title: string;
|
|
305
|
+
organization: string;
|
|
306
|
+
department: string;
|
|
307
|
+
location: string;
|
|
308
|
+
}
|
|
309
|
+
interface AtlassianProfile {
|
|
310
|
+
account_id: string;
|
|
311
|
+
account_type: string;
|
|
312
|
+
account_status: LiteralUnion<"active">;
|
|
313
|
+
email: string;
|
|
314
|
+
email_verified: boolean;
|
|
315
|
+
name: string;
|
|
316
|
+
picture: string;
|
|
317
|
+
nickname: string;
|
|
318
|
+
zoneinfo: string;
|
|
319
|
+
locale: string;
|
|
320
|
+
extended_profile: ExtendedProfile;
|
|
321
|
+
last_updated: string;
|
|
322
|
+
created_at: string;
|
|
323
|
+
}
|
|
324
|
+
/**
|
|
325
|
+
* @see [Atlassian - OAuth Apps](https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/)
|
|
326
|
+
* @see [Atlassian - My Apps](https://developer.atlassian.com/console/myapps/)
|
|
327
|
+
* @see [Atlassian - Retrieve Authenticated User](https://developer.atlassian.com/cloud/jira/software/oauth-2-3lo-apps/#how-do-i-retrieve-the-public-profile-of-the-authenticated-user-)
|
|
328
|
+
*/
|
|
329
|
+
declare const atlassian: (options?: Partial<OAuthProviderCredentials<AtlassianProfile>>) => OAuthProviderCredentials<AtlassianProfile>;
|
|
330
|
+
|
|
331
|
+
type AccountType = "basic" | "pro" | "business";
|
|
332
|
+
interface Name {
|
|
333
|
+
given_name: string;
|
|
334
|
+
surname: string;
|
|
335
|
+
familiar_name: string;
|
|
336
|
+
display_name: string;
|
|
337
|
+
abbreviated_name: string;
|
|
338
|
+
}
|
|
339
|
+
interface RootInfo {
|
|
340
|
+
team: RootInfo;
|
|
341
|
+
user: RootInfo;
|
|
342
|
+
}
|
|
343
|
+
interface FullTeam {
|
|
344
|
+
id: string;
|
|
345
|
+
name: string;
|
|
346
|
+
sharing_policies: Record<string, unknown>;
|
|
347
|
+
office_addin_policy: unknown;
|
|
348
|
+
top_level_content_policy: unknown;
|
|
349
|
+
}
|
|
350
|
+
interface DropboxProfile {
|
|
351
|
+
account_id: string;
|
|
352
|
+
name: Name;
|
|
353
|
+
email: string;
|
|
354
|
+
email_verified: boolean;
|
|
355
|
+
disabled: boolean;
|
|
356
|
+
locale: string;
|
|
357
|
+
referral_link: string;
|
|
358
|
+
is_paired: boolean;
|
|
359
|
+
account_type: AccountType;
|
|
360
|
+
root_info: unknown;
|
|
361
|
+
profile_photo_url?: string;
|
|
362
|
+
country: string;
|
|
363
|
+
team?: unknown;
|
|
364
|
+
team_member_id?: string;
|
|
365
|
+
}
|
|
366
|
+
/**
|
|
367
|
+
* @see [Dropbox - OAuth Guide](https://developers.dropbox.com/oauth-guide)
|
|
368
|
+
* @see [Dropbox - API v2](https://www.dropbox.com/developers/documentation/http/documentation)
|
|
369
|
+
* @see [Dropbox - Get Current Account](https://www.dropbox.com/developers/documentation/http/documentation#users-get_current_account)
|
|
370
|
+
* @see [Dropbox - My Apps](https://www.dropbox.com/developers/apps)
|
|
371
|
+
* @see [Dropbox - Developer Guide](https://www.dropbox.com/developers/reference/developer-guide)
|
|
372
|
+
*/
|
|
373
|
+
declare const dropbox: (options?: Partial<OAuthProviderCredentials<DropboxProfile>>) => OAuthProviderCredentials<DropboxProfile>;
|
|
374
|
+
|
|
375
|
+
interface Person {
|
|
376
|
+
email: string;
|
|
377
|
+
}
|
|
378
|
+
interface User$1 {
|
|
379
|
+
object: "user";
|
|
380
|
+
id: string;
|
|
381
|
+
name: string;
|
|
382
|
+
avatar_url: string | null;
|
|
383
|
+
type: "person";
|
|
384
|
+
person: Person;
|
|
385
|
+
}
|
|
386
|
+
interface Owner {
|
|
387
|
+
type: "user";
|
|
388
|
+
user: User$1;
|
|
389
|
+
}
|
|
390
|
+
interface Bot {
|
|
391
|
+
owner: Owner;
|
|
392
|
+
}
|
|
393
|
+
/**
|
|
394
|
+
* @see [Notion - Retrieve your token's bot user](https://developers.notion.com/reference/get-self)
|
|
395
|
+
*/
|
|
396
|
+
interface NotionProfile {
|
|
397
|
+
object: "user";
|
|
398
|
+
id: string;
|
|
399
|
+
name: string;
|
|
400
|
+
avatar_url: string | null;
|
|
401
|
+
type: "bot";
|
|
402
|
+
bot: Bot;
|
|
403
|
+
}
|
|
404
|
+
/**
|
|
405
|
+
* @see [Notion - Developer Documentation](https://developers.notion.com/)
|
|
406
|
+
* @see [Notion - Authorization](https://developers.notion.com/docs/authorization)
|
|
407
|
+
* @see [Notion - Authentication](https://developers.notion.com/reference/authentication)
|
|
408
|
+
* @see [Notion - Retrieve your token's bot user](https://developers.notion.com/reference/get-self)
|
|
409
|
+
*/
|
|
410
|
+
declare const notion: (options?: Partial<OAuthProviderCredentials<NotionProfile>>) => OAuthProviderCredentials<NotionProfile>;
|
|
411
|
+
|
|
412
|
+
/**
|
|
413
|
+
* @see [Twitch - Get Users](https://dev.twitch.tv/docs/api/reference#get-users)
|
|
414
|
+
*/
|
|
415
|
+
interface TwitchProfile {
|
|
416
|
+
id: string;
|
|
417
|
+
login: string;
|
|
418
|
+
display_name: string;
|
|
419
|
+
type: string;
|
|
420
|
+
broadcaster_type: string;
|
|
421
|
+
description: string;
|
|
422
|
+
profile_image_url: string;
|
|
423
|
+
offline_image_url: string;
|
|
424
|
+
view_count: number;
|
|
425
|
+
email?: string;
|
|
426
|
+
created_at: string;
|
|
427
|
+
}
|
|
428
|
+
/**
|
|
429
|
+
* @see [Twitch - Get Started with the Twitch API](https://dev.twitch.tv/docs/api/get-started/)
|
|
430
|
+
* @see [Twitch - Authorization code grant flow](https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#authorization-code-grant-flow)
|
|
431
|
+
* @see [Twitch - Register Your App](https://dev.twitch.tv/docs/authentication/register-app)
|
|
432
|
+
* @see [Twitch - Setting up Two-Factor Authentication (2FA)](https://help.twitch.tv/s/article/two-factor-authentication?language=en_US)
|
|
433
|
+
* @see [Twitch - Security and Privacy](https://www.twitch.tv/settings/security)
|
|
434
|
+
* @see [Twitch - Get Users](https://dev.twitch.tv/docs/api/reference#get-users)
|
|
435
|
+
* @see [Twitch - Scopes](https://dev.twitch.tv/docs/authentication/scopes/)
|
|
436
|
+
*/
|
|
437
|
+
declare const twitch: (options?: Partial<OAuthProviderCredentials<TwitchProfile>>) => OAuthProviderCredentials<TwitchProfile>;
|
|
267
438
|
|
|
268
439
|
/**
|
|
269
440
|
* @see [Pinterest - Get User Account](https://developers.pinterest.com/docs/api/v5/user_account-get)
|
|
@@ -695,6 +866,10 @@ declare const builtInOAuthProviders: {
|
|
|
695
866
|
readonly strava: (options?: Partial<OAuthProviderCredentials<StravaProfile>>) => OAuthProviderCredentials<StravaProfile>;
|
|
696
867
|
readonly mailchimp: (options?: Partial<OAuthProviderCredentials<MailchimpProfile>>) => OAuthProviderCredentials<MailchimpProfile>;
|
|
697
868
|
readonly pinterest: (options?: Partial<OAuthProviderCredentials<PinterestProfile>>) => OAuthProviderCredentials<PinterestProfile>;
|
|
869
|
+
readonly twitch: (options?: Partial<OAuthProviderCredentials<TwitchProfile>>) => OAuthProviderCredentials<TwitchProfile>;
|
|
870
|
+
readonly notion: (options?: Partial<OAuthProviderCredentials<NotionProfile>>) => OAuthProviderCredentials<NotionProfile>;
|
|
871
|
+
readonly dropbox: (options?: Partial<OAuthProviderCredentials<DropboxProfile>>) => OAuthProviderCredentials<DropboxProfile>;
|
|
872
|
+
readonly atlassian: (options?: Partial<OAuthProviderCredentials<AtlassianProfile>>) => OAuthProviderCredentials<AtlassianProfile>;
|
|
698
873
|
};
|
|
699
874
|
/**
|
|
700
875
|
* Constructs OAuth provider configurations from an array of provider names or configurations.
|
|
@@ -712,6 +887,115 @@ declare const builtInOAuthProviders: {
|
|
|
712
887
|
declare const createBuiltInOAuthProviders: (oauth?: (BuiltInOAuthProvider | OAuthProviderCredentials<any>)[]) => Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials<any>>;
|
|
713
888
|
type BuiltInOAuthProvider = keyof typeof builtInOAuthProviders;
|
|
714
889
|
|
|
890
|
+
/**
|
|
891
|
+
* Creates the authentication instance with the configuration provided for OAuth provider.
|
|
892
|
+
* > NOTE: The handlers returned by this function should be used in the server to handle the authentication routes
|
|
893
|
+
* and within the `/auth` base path
|
|
894
|
+
*
|
|
895
|
+
* @param authConfig - Authentication configuration including OAuth provider
|
|
896
|
+
* @returns Authentication instance with handlers to be used in the server
|
|
897
|
+
* @example
|
|
898
|
+
* const auth = createAuth({
|
|
899
|
+
* oauth: ["github", {
|
|
900
|
+
* id: "custom-oauth",
|
|
901
|
+
* name: "custom-oauth",
|
|
902
|
+
* authorizationURL: "https://custom-oauth.com/oauth/authorize",
|
|
903
|
+
* accessToken: "https://custom-oauth.com/oauth/token",
|
|
904
|
+
* scope: "profile email",
|
|
905
|
+
* responseType: "code",
|
|
906
|
+
* userInfo: "https://custom-oauth.com/api/userinfo",
|
|
907
|
+
* clientId: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_ID!,
|
|
908
|
+
* clientSecret: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_SECRET!,
|
|
909
|
+
* }]
|
|
910
|
+
* })
|
|
911
|
+
*/
|
|
912
|
+
declare const createAuthInstance: (authConfig: AuthConfig) => {
|
|
913
|
+
handlers: _aura_stack_router.Router<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
|
|
914
|
+
schemas?: {
|
|
915
|
+
params: zod.ZodObject<{
|
|
916
|
+
oauth: zod.ZodEnum<{
|
|
917
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
918
|
+
github: "github";
|
|
919
|
+
bitbucket: "bitbucket";
|
|
920
|
+
figma: "figma";
|
|
921
|
+
discord: "discord";
|
|
922
|
+
gitlab: "gitlab";
|
|
923
|
+
spotify: "spotify";
|
|
924
|
+
x: "x";
|
|
925
|
+
strava: "strava";
|
|
926
|
+
mailchimp: "mailchimp";
|
|
927
|
+
pinterest: "pinterest";
|
|
928
|
+
twitch: "twitch";
|
|
929
|
+
notion: "notion";
|
|
930
|
+
dropbox: "dropbox";
|
|
931
|
+
atlassian: "atlassian";
|
|
932
|
+
}>;
|
|
933
|
+
}, zod_v4_core.$strip>;
|
|
934
|
+
searchParams: zod.ZodObject<{
|
|
935
|
+
redirect: zod.ZodDefault<zod.ZodOptional<zod.ZodCodec<zod.ZodString, zod.ZodBoolean>>>;
|
|
936
|
+
redirectTo: zod.ZodOptional<zod.ZodString>;
|
|
937
|
+
}, zod_v4_core.$strip>;
|
|
938
|
+
} | undefined;
|
|
939
|
+
}>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
940
|
+
schemas?: {
|
|
941
|
+
params: zod.ZodObject<{
|
|
942
|
+
oauth: zod.ZodEnum<{
|
|
943
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
944
|
+
github: "github";
|
|
945
|
+
bitbucket: "bitbucket";
|
|
946
|
+
figma: "figma";
|
|
947
|
+
discord: "discord";
|
|
948
|
+
gitlab: "gitlab";
|
|
949
|
+
spotify: "spotify";
|
|
950
|
+
x: "x";
|
|
951
|
+
strava: "strava";
|
|
952
|
+
mailchimp: "mailchimp";
|
|
953
|
+
pinterest: "pinterest";
|
|
954
|
+
twitch: "twitch";
|
|
955
|
+
notion: "notion";
|
|
956
|
+
dropbox: "dropbox";
|
|
957
|
+
atlassian: "atlassian";
|
|
958
|
+
}>;
|
|
959
|
+
}, zod_v4_core.$strip>;
|
|
960
|
+
searchParams: zod.ZodObject<{
|
|
961
|
+
code: zod.ZodString;
|
|
962
|
+
state: zod.ZodString;
|
|
963
|
+
}, zod_v4_core.$strip>;
|
|
964
|
+
} | undefined;
|
|
965
|
+
}>, _aura_stack_router.RouteEndpoint<"GET", "/session", {
|
|
966
|
+
schemas?: _aura_stack_router.EndpointSchemas | undefined;
|
|
967
|
+
}>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
|
|
968
|
+
schemas?: {
|
|
969
|
+
searchParams: zod.ZodObject<{
|
|
970
|
+
token_type_hint: zod.ZodLiteral<"session_token">;
|
|
971
|
+
redirectTo: zod.ZodOptional<zod.ZodString>;
|
|
972
|
+
}, zod_v4_core.$strip>;
|
|
973
|
+
} | undefined;
|
|
974
|
+
}>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
|
|
975
|
+
schemas?: _aura_stack_router.EndpointSchemas | undefined;
|
|
976
|
+
}>]>;
|
|
977
|
+
jose: {
|
|
978
|
+
decodeJWT: (token: string, options?: _aura_stack_jose.DecodedJWTPayloadOptions) => Promise<_aura_stack_jose.TypedJWTPayload<User>>;
|
|
979
|
+
encodeJWT: (payload: _aura_stack_jose.TypedJWTPayload<Partial<User>>) => Promise<string>;
|
|
980
|
+
signJWS: (payload: _aura_stack_jose.TypedJWTPayload<Partial<jose.JWTPayload>>) => Promise<string>;
|
|
981
|
+
verifyJWS: (payload: string, options?: jose.JWTVerifyOptions | undefined) => Promise<jose.JWTPayload>;
|
|
982
|
+
encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions | undefined) => Promise<string>;
|
|
983
|
+
decryptJWE: (payload: string, options?: jose.JWTDecryptOptions | undefined) => Promise<string>;
|
|
984
|
+
};
|
|
985
|
+
api: {
|
|
986
|
+
getSession: (options: GetSessionAPIOptions) => Promise<SessionResponse>;
|
|
987
|
+
signIn: <Redirect extends boolean = true>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: SignInAPIOptions<Redirect>) => Promise<SignInReturn<Redirect>>;
|
|
988
|
+
signOut: (options: SignOutAPIOptions) => Promise<Response>;
|
|
989
|
+
};
|
|
990
|
+
};
|
|
991
|
+
declare const createAuth: (config: AuthConfig) => AuthInstance;
|
|
992
|
+
|
|
993
|
+
declare const createAuthAPI: (ctx: GlobalContext) => {
|
|
994
|
+
getSession: (options: GetSessionAPIOptions) => Promise<SessionResponse>;
|
|
995
|
+
signIn: <Redirect extends boolean = true>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: SignInAPIOptions<Redirect>) => Promise<SignInReturn<Redirect>>;
|
|
996
|
+
signOut: (options: SignOutAPIOptions) => Promise<Response>;
|
|
997
|
+
};
|
|
998
|
+
|
|
715
999
|
/**
|
|
716
1000
|
* Standard JWT claims that are managed internally by the token system.
|
|
717
1001
|
* These fields are typically filtered out before returning user data.
|
|
@@ -727,7 +1011,7 @@ type JWTPayloadWithToken = JWTPayload & {
|
|
|
727
1011
|
* Standardized user profile returned by OAuth providers after fetching user information
|
|
728
1012
|
* and mapping the response to this format by default or via the `profile` custom function.
|
|
729
1013
|
*/
|
|
730
|
-
interface User {
|
|
1014
|
+
interface User extends Record<string, unknown> {
|
|
731
1015
|
sub: string;
|
|
732
1016
|
name?: string | null;
|
|
733
1017
|
email?: string | null;
|
|
@@ -740,6 +1024,8 @@ interface Session {
|
|
|
740
1024
|
user: User;
|
|
741
1025
|
expires: string;
|
|
742
1026
|
}
|
|
1027
|
+
type AuthorizeParams = LiteralUnion<"clientId" | "prompt" | "scope" | "responseMode" | "audience" | "loginHint" | "nonce" | "display">;
|
|
1028
|
+
type ResponseType = LiteralUnion<"code" | "token" | "refresh_token" | "id_token">;
|
|
743
1029
|
/**
|
|
744
1030
|
* Configuration for an OAuth provider without credentials.
|
|
745
1031
|
* Use this type when defining provider metadata and endpoints.
|
|
@@ -747,11 +1033,36 @@ interface Session {
|
|
|
747
1033
|
interface OAuthProviderConfig<Profile extends object = Record<string, any>> {
|
|
748
1034
|
id: string;
|
|
749
1035
|
name: string;
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
1036
|
+
/**
|
|
1037
|
+
* @deprecated
|
|
1038
|
+
* use `authorize` instead of `authorizeURL`
|
|
1039
|
+
*/
|
|
1040
|
+
authorizeURL?: string;
|
|
1041
|
+
authorize: string | {
|
|
1042
|
+
url: string;
|
|
1043
|
+
params?: Partial<Record<AuthorizeParams, string> & {
|
|
1044
|
+
responseType: ResponseType;
|
|
1045
|
+
}>;
|
|
1046
|
+
};
|
|
1047
|
+
accessToken: string | {
|
|
1048
|
+
url: string;
|
|
1049
|
+
headers?: Record<string, string>;
|
|
1050
|
+
};
|
|
1051
|
+
userInfo: string | {
|
|
1052
|
+
url: string;
|
|
1053
|
+
headers?: Record<string, string>;
|
|
1054
|
+
method?: string;
|
|
1055
|
+
};
|
|
1056
|
+
/**
|
|
1057
|
+
* @deprecated
|
|
1058
|
+
* use `authorize.params.scope` instead of `scope`
|
|
1059
|
+
*/
|
|
1060
|
+
scope?: string;
|
|
1061
|
+
/**
|
|
1062
|
+
* @deprecated
|
|
1063
|
+
* use `authorize.params.response_type` instead of `responseType`
|
|
1064
|
+
*/
|
|
1065
|
+
responseType?: ResponseType;
|
|
755
1066
|
profile?: (profile: Profile) => User | Promise<User>;
|
|
756
1067
|
}
|
|
757
1068
|
/**
|
|
@@ -873,6 +1184,10 @@ interface AuthConfig {
|
|
|
873
1184
|
* doesn't exist, it will throw an error during the initialization of the Auth module.
|
|
874
1185
|
*/
|
|
875
1186
|
secret?: string;
|
|
1187
|
+
/**
|
|
1188
|
+
* Base URL of the application, used to construct the incoming request's origin.
|
|
1189
|
+
*/
|
|
1190
|
+
baseURL?: string;
|
|
876
1191
|
/**
|
|
877
1192
|
* Base path for all authentication routes. Default is `/auth`.
|
|
878
1193
|
*/
|
|
@@ -886,13 +1201,15 @@ interface AuthConfig {
|
|
|
886
1201
|
* Misconfiguration can lead to security vulnerabilities, such as incorrect handling of secure cookies or
|
|
887
1202
|
* inaccurate client IP logging.
|
|
888
1203
|
*
|
|
1204
|
+
* This value can also be set via environment variable as `AURA_AUTH_TRUSTED_PROXY_HEADERS`
|
|
1205
|
+
*
|
|
889
1206
|
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
|
890
1207
|
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
|
|
891
1208
|
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
|
892
1209
|
* @experimental
|
|
893
1210
|
*/
|
|
894
1211
|
trustedProxyHeaders?: boolean;
|
|
895
|
-
logger?: Logger;
|
|
1212
|
+
logger?: boolean | Logger;
|
|
896
1213
|
/**
|
|
897
1214
|
* Defines trusted origins for your application to prevent open redirect attacks.
|
|
898
1215
|
* URLs from the Referer header, Origin header, request URL, and redirectTo option
|
|
@@ -923,11 +1240,23 @@ type InternalLogger = {
|
|
|
923
1240
|
level: LogLevel;
|
|
924
1241
|
log: typeof createLogEntry;
|
|
925
1242
|
};
|
|
1243
|
+
type SessionResponse = {
|
|
1244
|
+
session: Session;
|
|
1245
|
+
authenticated: true;
|
|
1246
|
+
} | {
|
|
1247
|
+
session: null;
|
|
1248
|
+
authenticated: false;
|
|
1249
|
+
};
|
|
1250
|
+
type GetSessionAPI = (options: {
|
|
1251
|
+
headers: HeadersInit;
|
|
1252
|
+
}) => Promise<SessionResponse>;
|
|
1253
|
+
type AuthAPI = ReturnType<typeof createAuthAPI>;
|
|
926
1254
|
interface RouterGlobalContext {
|
|
927
1255
|
oauth: OAuthProviderRecord;
|
|
928
1256
|
cookies: CookieStoreConfig;
|
|
929
1257
|
jose: JoseInstance;
|
|
930
1258
|
secret?: string;
|
|
1259
|
+
baseURL?: string;
|
|
931
1260
|
basePath: string;
|
|
932
1261
|
trustedProxyHeaders: boolean;
|
|
933
1262
|
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
@@ -942,8 +1271,10 @@ interface AuthInstance {
|
|
|
942
1271
|
handlers: {
|
|
943
1272
|
GET: (request: Request) => Response | Promise<Response>;
|
|
944
1273
|
POST: (request: Request) => Response | Promise<Response>;
|
|
1274
|
+
ALL: (request: Request) => Response | Promise<Response>;
|
|
945
1275
|
};
|
|
946
1276
|
jose: JoseInstance;
|
|
1277
|
+
api: AuthAPI;
|
|
947
1278
|
}
|
|
948
1279
|
/**
|
|
949
1280
|
* Base OAuth error response structure.
|
|
@@ -999,9 +1330,48 @@ type SyslogOptions = {
|
|
|
999
1330
|
* Logger function interface for structured logging.
|
|
1000
1331
|
* Called when errors or warnings occur during authentication flows.
|
|
1001
1332
|
*/
|
|
1002
|
-
|
|
1003
|
-
level
|
|
1004
|
-
log
|
|
1333
|
+
interface Logger {
|
|
1334
|
+
level?: LogLevel;
|
|
1335
|
+
log?: (args: SyslogOptions) => void;
|
|
1336
|
+
}
|
|
1337
|
+
type AuthClient = ReturnType<typeof createAuthInstance>["handlers"];
|
|
1338
|
+
type AuthClientOptions = Prettify<Omit<ClientOptions, "baseURL"> & {
|
|
1339
|
+
baseURL?: string;
|
|
1340
|
+
}>;
|
|
1341
|
+
interface SignInOptions {
|
|
1342
|
+
redirect?: boolean;
|
|
1343
|
+
redirectTo?: string;
|
|
1344
|
+
}
|
|
1345
|
+
interface SignOutOptions {
|
|
1346
|
+
redirect?: boolean;
|
|
1347
|
+
redirectTo?: string;
|
|
1348
|
+
}
|
|
1349
|
+
interface GetSessionAPIOptions {
|
|
1350
|
+
headers: HeadersInit;
|
|
1351
|
+
}
|
|
1352
|
+
interface SignOutAPIOptions {
|
|
1353
|
+
headers: HeadersInit;
|
|
1354
|
+
redirectTo?: string;
|
|
1355
|
+
skipCSRFCheck?: boolean;
|
|
1356
|
+
}
|
|
1357
|
+
interface SignInAPIOptions<Redirect extends boolean = boolean> {
|
|
1358
|
+
headers?: HeadersInit;
|
|
1359
|
+
redirect?: Redirect;
|
|
1360
|
+
redirectTo?: string;
|
|
1361
|
+
request?: Request;
|
|
1362
|
+
}
|
|
1363
|
+
type FunctionAPIContext<Options extends object> = {
|
|
1364
|
+
ctx: RouterGlobalContext;
|
|
1365
|
+
} & Options;
|
|
1366
|
+
type SignInReturn<Redirect extends boolean = boolean> = Redirect extends true ? Response : {
|
|
1367
|
+
redirect: false;
|
|
1368
|
+
signInURL: string;
|
|
1369
|
+
};
|
|
1370
|
+
type InternalContext = RouterGlobalContext & {
|
|
1371
|
+
cookieConfig: {
|
|
1372
|
+
secure: CookieStoreConfig;
|
|
1373
|
+
standard: CookieStoreConfig;
|
|
1374
|
+
};
|
|
1005
1375
|
};
|
|
1006
1376
|
|
|
1007
|
-
export {
|
|
1377
|
+
export { dropbox as $, type AuthConfig as A, type BuiltInOAuthProvider as B, type CookieConfig as C, createProxyLogger as D, type ErrorType as E, type FunctionAPIContext as F, type GetSessionAPIOptions as G, logMessages as H, type InternalContext as I, type JWTPayloadWithToken as J, createJoseInstance as K, type LogLevel as L, decodeJWTOptions as M, jwtVerificationOptions as N, type OAuthProviderRecord as O, type AtlassianProfile as P, type ExtendedProfile as Q, type RouterGlobalContext as R, type SessionResponse as S, type TrustedOrigin as T, type User as U, atlassian as V, type AccountType as W, type DropboxProfile as X, type FullTeam as Y, type Name as Z, type RootInfo as _, type InternalLogger as a, type Bot as a0, type NotionProfile as a1, type Owner as a2, type Person as a3, type User$1 as a4, notion as a5, type TwitchProfile as a6, twitch as a7, type PinterestProfile as a8, pinterest as a9, type AccessTokenError as aA, type AuthorizationError as aB, type AuthorizeParams as aC, type CookieName as aD, type CookieStrategyAttributes as aE, type GetSessionAPI as aF, type HostCookie as aG, type JWTStandardClaims as aH, type OAuthEnv as aI, type OAuthError as aJ, type ResponseType as aK, type SecureCookie as aL, type Severity as aM, type StandardCookie as aN, type SyslogOptions as aO, type TokenRevocationError as aP, type Login as aa, type MailchimpProfile as ab, mailchimp as ac, type StravaProfile as ad, type SummaryClub as ae, type SummaryGear as af, strava as ag, type XProfile as ah, x as ai, type SpotifyImage as aj, type SpotifyProfile as ak, spotify as al, type GitLabProfile as am, gitlab as an, type DiscordProfile as ao, type Nameplate as ap, discord as aq, type FigmaProfile as ar, figma as as, type BitbucketProfile as at, bitbucket as au, type GitHubProfile as av, github as aw, createBuiltInOAuthProviders as ax, createAuthInstance as ay, createAuthAPI as az, type CookieStoreConfig as b, type AuthRuntimeConfig as c, type AuthInternalErrorCode as d, type AuthSecurityErrorCode as e, type APIErrorMap as f, type SignInAPIOptions as g, type SignInReturn as h, type SignOutAPIOptions as i, type OAuthProviderCredentials as j, type OAuthProvider as k, type AuthClientOptions as l, type Session as m, type SignInOptions as n, type SignOutOptions as o, type AuthClient as p, type AuthAPI as q, type AuthInstance as r, type JoseInstance as s, type Logger as t, type OAuthProviderConfig as u, builtInOAuthProviders as v, createAuth as w, createSyslogMessage as x, createLogEntry as y, createLogger as z };
|