@aura-stack/auth 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (215) hide show
  1. package/README.md +36 -1
  2. package/dist/@types/index.cjs +0 -18
  3. package/dist/@types/index.d.ts +2 -12
  4. package/dist/@types/index.js +0 -1
  5. package/dist/assert-B3iQSYlK.js +3 -0
  6. package/dist/assert-NJGroSJd.cjs +3 -0
  7. package/dist/client/index.cjs +1 -135
  8. package/dist/client/index.d.ts +11 -14
  9. package/dist/client/index.js +1 -10
  10. package/dist/crypto-Bz8nIciY.js +1 -0
  11. package/dist/crypto-CoXA5w_4.cjs +1 -0
  12. package/dist/env-bq387KyP.cjs +1 -0
  13. package/dist/env-nvh8QBNz.js +1 -0
  14. package/dist/errors-CCYPHuBO.cjs +1 -0
  15. package/dist/errors-DFWHOho6.js +1 -0
  16. package/dist/index-BkpwQ0l4.d.cts +2279 -0
  17. package/dist/index-nqLV2t91.d.ts +2279 -0
  18. package/dist/index.cjs +1 -2427
  19. package/dist/index.d.cts +2 -0
  20. package/dist/index.d.ts +2 -14
  21. package/dist/index.js +1 -59
  22. package/dist/logger-C59_CDMk.js +1 -0
  23. package/dist/logger-UnUhYL2V.cjs +1 -0
  24. package/dist/oauth/atlassian.cjs +1 -57
  25. package/dist/oauth/atlassian.d.ts +2 -12
  26. package/dist/oauth/atlassian.js +1 -6
  27. package/dist/oauth/bitbucket.cjs +1 -49
  28. package/dist/oauth/bitbucket.d.ts +2 -12
  29. package/dist/oauth/bitbucket.js +1 -6
  30. package/dist/oauth/discord.cjs +1 -57
  31. package/dist/oauth/discord.d.ts +2 -12
  32. package/dist/oauth/discord.js +1 -6
  33. package/dist/oauth/dropbox.cjs +1 -53
  34. package/dist/oauth/dropbox.d.ts +2 -12
  35. package/dist/oauth/dropbox.js +1 -6
  36. package/dist/oauth/figma.cjs +1 -49
  37. package/dist/oauth/figma.d.ts +2 -12
  38. package/dist/oauth/figma.js +1 -6
  39. package/dist/oauth/github.cjs +1 -49
  40. package/dist/oauth/github.d.ts +2 -12
  41. package/dist/oauth/github.js +1 -6
  42. package/dist/oauth/gitlab.cjs +1 -49
  43. package/dist/oauth/gitlab.d.ts +2 -12
  44. package/dist/oauth/gitlab.js +1 -6
  45. package/dist/oauth/index.cjs +1 -673
  46. package/dist/oauth/index.d.ts +2 -12
  47. package/dist/oauth/index.js +1 -68
  48. package/dist/oauth/mailchimp.cjs +1 -49
  49. package/dist/oauth/mailchimp.d.ts +2 -12
  50. package/dist/oauth/mailchimp.js +1 -6
  51. package/dist/oauth/notion.cjs +1 -131
  52. package/dist/oauth/notion.d.ts +2 -12
  53. package/dist/oauth/notion.js +1 -9
  54. package/dist/oauth/pinterest.cjs +1 -49
  55. package/dist/oauth/pinterest.d.ts +2 -12
  56. package/dist/oauth/pinterest.js +1 -6
  57. package/dist/oauth/spotify.cjs +1 -49
  58. package/dist/oauth/spotify.d.ts +2 -12
  59. package/dist/oauth/spotify.js +1 -6
  60. package/dist/oauth/strava.cjs +1 -49
  61. package/dist/oauth/strava.d.ts +2 -12
  62. package/dist/oauth/strava.js +1 -6
  63. package/dist/oauth/twitch.cjs +1 -95
  64. package/dist/oauth/twitch.d.ts +2 -12
  65. package/dist/oauth/twitch.js +1 -7
  66. package/dist/oauth/x.cjs +1 -49
  67. package/dist/oauth/x.d.ts +2 -12
  68. package/dist/oauth/x.js +1 -6
  69. package/dist/oauth-BntNm6aE.cjs +1 -0
  70. package/dist/oauth-DmHy9VrB.js +1 -0
  71. package/dist/shared/crypto.cjs +1 -0
  72. package/dist/shared/crypto.d.ts +47 -0
  73. package/dist/shared/crypto.js +1 -0
  74. package/dist/shared/identity.cjs +1 -0
  75. package/dist/shared/identity.d.ts +2 -0
  76. package/dist/shared/identity.js +1 -0
  77. package/dist/shared/index.cjs +1 -0
  78. package/dist/shared/index.d.ts +5 -0
  79. package/dist/shared/index.js +1 -0
  80. package/package.json +32 -9
  81. package/dist/@types/router.d.cjs +0 -1
  82. package/dist/@types/router.d.d.ts +0 -16
  83. package/dist/@types/router.d.js +0 -0
  84. package/dist/@types/utility.cjs +0 -18
  85. package/dist/@types/utility.d.ts +0 -6
  86. package/dist/@types/utility.js +0 -1
  87. package/dist/actions/callback/access-token.cjs +0 -250
  88. package/dist/actions/callback/access-token.d.ts +0 -33
  89. package/dist/actions/callback/access-token.js +0 -9
  90. package/dist/actions/callback/callback.cjs +0 -715
  91. package/dist/actions/callback/callback.d.ts +0 -42
  92. package/dist/actions/callback/callback.js +0 -18
  93. package/dist/actions/callback/userinfo.cjs +0 -283
  94. package/dist/actions/callback/userinfo.d.ts +0 -25
  95. package/dist/actions/callback/userinfo.js +0 -13
  96. package/dist/actions/csrfToken/csrfToken.cjs +0 -189
  97. package/dist/actions/csrfToken/csrfToken.d.ts +0 -7
  98. package/dist/actions/csrfToken/csrfToken.js +0 -13
  99. package/dist/actions/index.cjs +0 -1161
  100. package/dist/actions/index.d.ts +0 -17
  101. package/dist/actions/index.js +0 -39
  102. package/dist/actions/session/session.cjs +0 -188
  103. package/dist/actions/session/session.d.ts +0 -7
  104. package/dist/actions/session/session.js +0 -12
  105. package/dist/actions/signIn/authorization-url.cjs +0 -288
  106. package/dist/actions/signIn/authorization-url.d.ts +0 -31
  107. package/dist/actions/signIn/authorization-url.js +0 -16
  108. package/dist/actions/signIn/authorization.cjs +0 -281
  109. package/dist/actions/signIn/authorization.d.ts +0 -54
  110. package/dist/actions/signIn/authorization.js +0 -19
  111. package/dist/actions/signIn/signIn.cjs +0 -595
  112. package/dist/actions/signIn/signIn.d.ts +0 -42
  113. package/dist/actions/signIn/signIn.js +0 -16
  114. package/dist/actions/signOut/signOut.cjs +0 -492
  115. package/dist/actions/signOut/signOut.d.ts +0 -16
  116. package/dist/actions/signOut/signOut.js +0 -15
  117. package/dist/api/createApi.cjs +0 -750
  118. package/dist/api/createApi.d.ts +0 -12
  119. package/dist/api/createApi.js +0 -19
  120. package/dist/api/getSession.cjs +0 -141
  121. package/dist/api/getSession.d.ts +0 -16
  122. package/dist/api/getSession.js +0 -10
  123. package/dist/api/signIn.cjs +0 -549
  124. package/dist/api/signIn.d.ts +0 -26
  125. package/dist/api/signIn.js +0 -15
  126. package/dist/api/signOut.cjs +0 -279
  127. package/dist/api/signOut.d.ts +0 -16
  128. package/dist/api/signOut.js +0 -13
  129. package/dist/assert.cjs +0 -194
  130. package/dist/assert.d.ts +0 -37
  131. package/dist/assert.js +0 -26
  132. package/dist/chunk-2A5B7GWR.js +0 -125
  133. package/dist/chunk-2GQLSIJ2.js +0 -40
  134. package/dist/chunk-2IR674WX.js +0 -44
  135. package/dist/chunk-3J5TUH2I.js +0 -50
  136. package/dist/chunk-4RWSYUKX.js +0 -98
  137. package/dist/chunk-4YHJ4IEQ.js +0 -25
  138. package/dist/chunk-54CZPKR4.js +0 -25
  139. package/dist/chunk-5LZ7TOM3.js +0 -25
  140. package/dist/chunk-5X7JZMEF.js +0 -0
  141. package/dist/chunk-7BE46WWS.js +0 -88
  142. package/dist/chunk-7YYXFKLR.js +0 -35
  143. package/dist/chunk-C3A37LQC.js +0 -33
  144. package/dist/chunk-CITNGXDA.js +0 -31
  145. package/dist/chunk-CWX724AG.js +0 -78
  146. package/dist/chunk-D2CSIUKP.js +0 -74
  147. package/dist/chunk-E6G5YCI6.js +0 -25
  148. package/dist/chunk-EBAMFRB7.js +0 -34
  149. package/dist/chunk-EEE7UM5T.js +0 -25
  150. package/dist/chunk-FPCVZUVG.js +0 -37
  151. package/dist/chunk-FW4W3REU.js +0 -25
  152. package/dist/chunk-GNNBM2WJ.js +0 -83
  153. package/dist/chunk-IPKO6UQN.js +0 -25
  154. package/dist/chunk-ITQ7352M.js +0 -0
  155. package/dist/chunk-JOCGX3RP.js +0 -59
  156. package/dist/chunk-KBXWTD6E.js +0 -94
  157. package/dist/chunk-KMMAZFSJ.js +0 -25
  158. package/dist/chunk-LATR3NIV.js +0 -117
  159. package/dist/chunk-LAYPUDQF.js +0 -39
  160. package/dist/chunk-LDU7A2JE.js +0 -25
  161. package/dist/chunk-LX3TJ2TJ.js +0 -294
  162. package/dist/chunk-NHZBQNRR.js +0 -143
  163. package/dist/chunk-OVHNRULD.js +0 -33
  164. package/dist/chunk-PDP3PHB3.js +0 -127
  165. package/dist/chunk-PG7UYFG5.js +0 -0
  166. package/dist/chunk-PHYNROD4.js +0 -47
  167. package/dist/chunk-QQEKY4XP.js +0 -29
  168. package/dist/chunk-U4RK4LKJ.js +0 -348
  169. package/dist/chunk-U5663F2U.js +0 -70
  170. package/dist/chunk-UN7X6SU5.js +0 -53
  171. package/dist/chunk-UZQJJD6A.js +0 -100
  172. package/dist/chunk-V6LLEAR4.js +0 -80
  173. package/dist/chunk-WHNDRO3N.js +0 -50
  174. package/dist/chunk-XY5R3EHH.js +0 -204
  175. package/dist/chunk-ZNCZVF6U.js +0 -14
  176. package/dist/client/client.cjs +0 -135
  177. package/dist/client/client.d.ts +0 -85
  178. package/dist/client/client.js +0 -9
  179. package/dist/context.cjs +0 -1237
  180. package/dist/context.d.ts +0 -16
  181. package/dist/context.js +0 -28
  182. package/dist/cookie.cjs +0 -277
  183. package/dist/cookie.d.ts +0 -89
  184. package/dist/cookie.js +0 -30
  185. package/dist/createAuth.cjs +0 -2320
  186. package/dist/createAuth.d.ts +0 -12
  187. package/dist/createAuth.js +0 -48
  188. package/dist/env.cjs +0 -78
  189. package/dist/env.d.ts +0 -10
  190. package/dist/env.js +0 -12
  191. package/dist/errors.cjs +0 -102
  192. package/dist/errors.d.ts +0 -60
  193. package/dist/errors.js +0 -22
  194. package/dist/headers.cjs +0 -61
  195. package/dist/headers.d.ts +0 -33
  196. package/dist/headers.js +0 -12
  197. package/dist/index-_aXtxb_s.d.ts +0 -1377
  198. package/dist/jose.cjs +0 -166
  199. package/dist/jose.d.ts +0 -12
  200. package/dist/jose.js +0 -20
  201. package/dist/logger.cjs +0 -424
  202. package/dist/logger.d.ts +0 -12
  203. package/dist/logger.js +0 -17
  204. package/dist/request.cjs +0 -38
  205. package/dist/request.d.ts +0 -13
  206. package/dist/request.js +0 -6
  207. package/dist/schemas.cjs +0 -158
  208. package/dist/schemas.d.ts +0 -229
  209. package/dist/schemas.js +0 -24
  210. package/dist/secure.cjs +0 -170
  211. package/dist/secure.d.ts +0 -41
  212. package/dist/secure.js +0 -20
  213. package/dist/utils.cjs +0 -329
  214. package/dist/utils.d.ts +0 -35
  215. package/dist/utils.js +0 -36
package/dist/oauth/x.cjs CHANGED
@@ -1,49 +1 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/oauth/x.ts
21
- var x_exports = {};
22
- __export(x_exports, {
23
- x: () => x
24
- });
25
- module.exports = __toCommonJS(x_exports);
26
- var x = (options) => {
27
- return {
28
- id: "x",
29
- name: "X",
30
- authorizeURL: "https://twitter.com/i/oauth2/authorize",
31
- accessToken: "https://api.twitter.com/2/oauth2/token",
32
- userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
33
- scope: "tweet.read users.read offline.access",
34
- responseType: "code",
35
- profile(profile) {
36
- return {
37
- sub: profile.data.id,
38
- name: profile.data.name,
39
- image: profile.data.profile_image_url,
40
- email: void 0
41
- };
42
- },
43
- ...options
44
- };
45
- };
46
- // Annotate the CommonJS export names for ESM import in node:
47
- 0 && (module.exports = {
48
- x
49
- });
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=e=>({id:`x`,name:`X`,authorize:{url:`https://twitter.com/i/oauth2/authorize`,params:{scope:`tweet.read users.read offline.access`,response_type:`code`}},accessToken:`https://api.twitter.com/2/oauth2/token`,userInfo:`https://api.twitter.com/2/users/me?user.fields=profile_image_url`,profile:e=>({sub:e.data.id,name:e.data.name,image:e.data.profile_image_url,email:void 0}),...e});exports.x=e;
package/dist/oauth/x.d.ts CHANGED
@@ -1,12 +1,2 @@
1
- export { ah as XProfile, ai as x } from '../index-_aXtxb_s.js';
2
- import 'zod';
3
- import '../schemas.js';
4
- import 'zod/v4';
5
- import '@aura-stack/jose';
6
- import '@aura-stack/jose/jose';
7
- import '@aura-stack/jose/crypto';
8
- import '@aura-stack/router/cookie';
9
- import '../@types/utility.js';
10
- import 'jose';
11
- import '@aura-stack/router';
12
- import 'zod/v4/core';
1
+ import { Cn as XProfile, wn as x } from "../index-nqLV2t91.js";
2
+ export { XProfile, x };
package/dist/oauth/x.js CHANGED
@@ -1,6 +1 @@
1
- import {
2
- x
3
- } from "../chunk-EEE7UM5T.js";
4
- export {
5
- x
6
- };
1
+ const e=e=>({id:`x`,name:`X`,authorize:{url:`https://twitter.com/i/oauth2/authorize`,params:{scope:`tweet.read users.read offline.access`,response_type:`code`}},accessToken:`https://api.twitter.com/2/oauth2/token`,userInfo:`https://api.twitter.com/2/users/me?user.fields=profile_image_url`,profile:e=>({sub:e.data.id,name:e.data.name,image:e.data.profile_image_url,email:void 0}),...e});export{e as x};
@@ -0,0 +1 @@
1
+ const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`),n=require(`./assert-NJGroSJd.cjs`),r=require(`./oauth/github.cjs`),i=require(`./oauth/bitbucket.cjs`),a=require(`./oauth/figma.cjs`),o=require(`./oauth/discord.cjs`),s=require(`./oauth/gitlab.cjs`),c=require(`./oauth/spotify.cjs`),l=require(`./oauth/x.cjs`),u=require(`./oauth/strava.cjs`),d=require(`./oauth/mailchimp.cjs`),f=require(`./oauth/pinterest.cjs`),p=require(`./oauth/twitch.cjs`),m=require(`./oauth/notion.cjs`),h=require(`./oauth/dropbox.cjs`),g=require(`./oauth/atlassian.cjs`);let _=require(`zod/v4`);const v=_.z.union([(0,_.string)().url(),(0,_.object)({url:(0,_.string)().url(),params:(0,_.object)({owner:(0,_.string)().optional(),responseType:(0,_.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:(0,_.string)().optional()})})]),y=_.z.union([(0,_.string)().url(),(0,_.object)({url:(0,_.string)().url(),headers:_.z.record((0,_.string)(),(0,_.string)()).optional()})]),b=_.z.union([(0,_.string)().url(),(0,_.object)({url:(0,_.string)().url(),headers:_.z.record((0,_.string)(),(0,_.string)()).optional(),method:(0,_.string)().optional()})]),x=(0,_.object)({id:(0,_.string)(),name:(0,_.string)(),authorize:v.optional(),authorizeURL:(0,_.string)().url().optional(),accessToken:y,scope:(0,_.string)().optional(),userInfo:b,responseType:(0,_.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,_.string)(),clientSecret:(0,_.string)(),profile:_.z.function().optional()}),S=(0,_.object)({authorize:v.optional(),authorizeURL:(0,_.string)().url().optional(),accessToken:y,scope:(0,_.string)().optional(),userInfo:b,responseType:(0,_.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,_.string)(),clientSecret:(0,_.string)()}),C=S.extend({redirectURI:(0,_.string)(),state:(0,_.string)(),codeChallenge:(0,_.string)(),codeChallengeMethod:(0,_.enum)([`plain`,`S256`])});(0,_.object)({state:(0,_.string)({message:`Missing state parameter in the OAuth authorization response.`}),code:(0,_.string)({message:`Missing code parameter in the OAuth authorization response.`})});const w=(0,_.object)({error:(0,_.enum)([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:(0,_.string)().optional(),error_uri:(0,_.string)().optional(),state:(0,_.string)()});S.extend({redirectURI:(0,_.string)(),code:(0,_.string)(),codeVerifier:(0,_.string)().min(43).max(128)});const T=(0,_.object)({access_token:(0,_.string)(),token_type:(0,_.string)().optional(),expires_in:(0,_.number)().optional(),refresh_token:(0,_.string)().optional(),scope:(0,_.union)([(0,_.string)().optional().or((0,_.null)()),(0,_.array)((0,_.string)()).optional()])}),E=(0,_.object)({error:(0,_.enum)([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:(0,_.string)().optional(),error_uri:(0,_.string)().optional()}),D=(0,_.object)({error:(0,_.string)(),error_description:(0,_.string)().optional()}),O=(0,_.object)({clientId:_.z.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:_.z.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),k={github:r.github,bitbucket:i.bitbucket,figma:a.figma,discord:o.discord,gitlab:s.gitlab,spotify:c.spotify,x:l.x,strava:u.strava,mailchimp:d.mailchimp,pinterest:f.pinterest,twitch:p.twitch,notion:m.notion,dropbox:h.dropbox,atlassian:g.atlassian},A=r=>{let i=O.safeParse({clientId:t.n(`${r.toUpperCase()}_CLIENT_ID`),clientSecret:t.n(`${r.toUpperCase()}_CLIENT_SECRET`)});if(!i.success)throw new e.n(`INVALID_ENVIRONMENT_CONFIGURATION`,JSON.stringify({[r]:n.p(i.error)},null,2));return i.data},j=t=>{if(typeof t==`string`){let r=A(t),i=k[t](),a=x.safeParse({...i,...r});if(!a.success)throw new e.n(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t}": ${JSON.stringify({[t]:n.p(a.error)},null,2)}`);return a.data}let r=t.clientId&&t.clientSecret?{}:A(t.id),i=x.safeParse({...r,...t});if(!i.success){let r=JSON.stringify({[t.id]:n.p(i.error)},null,2);throw new e.n(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t.id}": ${r}`)}return i.data},M=(t=[])=>t.reduce((t,n)=>{let r=j(n);if(r.id in t)throw new e.n(`DUPLICATED_OAUTH_PROVIDER_ID`,`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`);return{...t,[r.id]:r}},{});Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return C}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return M}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return w}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return E}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return D}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return k}});
@@ -0,0 +1 @@
1
+ import{n as e}from"./errors-DFWHOho6.js";import{n as t}from"./env-nvh8QBNz.js";import{p as n}from"./assert-B3iQSYlK.js";import{github as r}from"./oauth/github.js";import{bitbucket as i}from"./oauth/bitbucket.js";import{figma as a}from"./oauth/figma.js";import{discord as o}from"./oauth/discord.js";import{gitlab as s}from"./oauth/gitlab.js";import{spotify as c}from"./oauth/spotify.js";import{x as l}from"./oauth/x.js";import{strava as u}from"./oauth/strava.js";import{mailchimp as d}from"./oauth/mailchimp.js";import{pinterest as f}from"./oauth/pinterest.js";import{twitch as p}from"./oauth/twitch.js";import{notion as m}from"./oauth/notion.js";import{dropbox as h}from"./oauth/dropbox.js";import{atlassian as g}from"./oauth/atlassian.js";import{array as _,enum as v,null as y,number as b,object as x,string as S,union as C,z as w}from"zod/v4";const T=w.union([S().url(),x({url:S().url(),params:x({owner:S().optional(),responseType:v([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:S().optional()})})]),E=w.union([S().url(),x({url:S().url(),headers:w.record(S(),S()).optional()})]),D=w.union([S().url(),x({url:S().url(),headers:w.record(S(),S()).optional(),method:S().optional()})]),O=x({id:S(),name:S(),authorize:T.optional(),authorizeURL:S().url().optional(),accessToken:E,scope:S().optional(),userInfo:D,responseType:v([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:S(),clientSecret:S(),profile:w.function().optional()}),k=x({authorize:T.optional(),authorizeURL:S().url().optional(),accessToken:E,scope:S().optional(),userInfo:D,responseType:v([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:S(),clientSecret:S()}),A=k.extend({redirectURI:S(),state:S(),codeChallenge:S(),codeChallengeMethod:v([`plain`,`S256`])});x({state:S({message:`Missing state parameter in the OAuth authorization response.`}),code:S({message:`Missing code parameter in the OAuth authorization response.`})});const j=x({error:v([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:S().optional(),error_uri:S().optional(),state:S()});k.extend({redirectURI:S(),code:S(),codeVerifier:S().min(43).max(128)});const M=x({access_token:S(),token_type:S().optional(),expires_in:b().optional(),refresh_token:S().optional(),scope:C([S().optional().or(y()),_(S()).optional()])}),N=x({error:v([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:S().optional(),error_uri:S().optional()}),P=x({error:S(),error_description:S().optional()}),F=x({clientId:w.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:w.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),I={github:r,bitbucket:i,figma:a,discord:o,gitlab:s,spotify:c,x:l,strava:u,mailchimp:d,pinterest:f,twitch:p,notion:m,dropbox:h,atlassian:g},L=r=>{let i=F.safeParse({clientId:t(`${r.toUpperCase()}_CLIENT_ID`),clientSecret:t(`${r.toUpperCase()}_CLIENT_SECRET`)});if(!i.success)throw new e(`INVALID_ENVIRONMENT_CONFIGURATION`,JSON.stringify({[r]:n(i.error)},null,2));return i.data},R=t=>{if(typeof t==`string`){let r=L(t),i=I[t](),a=O.safeParse({...i,...r});if(!a.success)throw new e(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t}": ${JSON.stringify({[t]:n(a.error)},null,2)}`);return a.data}let r=t.clientId&&t.clientSecret?{}:L(t.id),i=O.safeParse({...r,...t});if(!i.success){let r=JSON.stringify({[t.id]:n(i.error)},null,2);throw new e(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t.id}": ${r}`)}return i.data},z=(t=[])=>t.reduce((t,n)=>{let r=R(n);if(r.id in t)throw new e(`DUPLICATED_OAUTH_PROVIDER_ID`,`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`);return{...t,[r.id]:r}},{});export{A as a,M as i,z as n,j as o,N as r,P as s,I as t};
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../crypto-CoXA5w_4.cjs`);exports.createCSRF=e.t,exports.createHash=e.n,exports.createPKCE=e.r,exports.createSecretValue=e.i,exports.hashPassword=e.a,exports.verifyCSRF=e.o,exports.verifyPassword=e.s;
@@ -0,0 +1,47 @@
1
+ import { Nt as JoseInstance, _t as User, xt as AuthRuntimeConfig } from "../index-nqLV2t91.js";
2
+
3
+ //#region src/shared/crypto.d.ts
4
+ declare const createSecretValue: (length?: number) => string;
5
+ declare const createHash: (data: string) => Promise<string>;
6
+ /**
7
+ * Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
8
+ * code challenge using SHA-256 hashing.
9
+ * - code_verifier: A cryptographically random string used to mitigate authorization code interception attacks.
10
+ * - code_challenge: A hashed version of the code_verifier sent in the authorization request.
11
+ * - method: The method used to generate the code challenge, typically "S256" for SHA-256.
12
+ *
13
+ * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
14
+ */
15
+ declare const createPKCE: (verifier?: string) => Promise<{
16
+ codeVerifier: string;
17
+ codeChallenge: string;
18
+ method: string;
19
+ }>;
20
+ /**
21
+ * Creates a CSRF token to be used in OAuth flows to prevent cross-site request forgery attacks.
22
+ *
23
+ * @param csrfCookie - Optional existing CSRF cookie to verify and reuse
24
+ * @returns Signed CSRF token
25
+ */
26
+ declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
27
+ declare const verifyCSRF: <DefaultUser extends User = User>(jose: JoseInstance<DefaultUser>, cookie: string, header: string) => Promise<boolean>;
28
+ /**
29
+ * Hashes a password using PBKDF2 with SHA-256.
30
+ * PBKDF2 is available in standard Web Crypto (SubtleCrypto).
31
+ *
32
+ * @param password - The password to hash.
33
+ * @param salt - Optional salt (base64url encoded). If not provided, a random salt will be generated.
34
+ * @param iterations - The number of PBKDF2 iterations. Default is 100,000.
35
+ * @returns The hashed password in the format `iterations:salt:hash` (all segments base64url encoded).
36
+ */
37
+ declare const hashPassword: (password: string, salt?: string, iterations?: number) => Promise<string>;
38
+ /**
39
+ * Verifies a password against a hashed value.
40
+ *
41
+ * @param password - The password to verify.
42
+ * @param hashedPassword - The hashed password to compare against.
43
+ * @returns A promise that resolves to true if the password matches the hash, false otherwise.
44
+ */
45
+ declare const verifyPassword: (password: string, hashedPassword: string) => Promise<boolean>;
46
+ //#endregion
47
+ export { createCSRF, createHash, createPKCE, createSecretValue, hashPassword, verifyCSRF, verifyPassword };
@@ -0,0 +1 @@
1
+ import{a as e,i as t,n,o as r,r as i,s as a,t as o}from"../crypto-Bz8nIciY.js";export{o as createCSRF,n as createHash,i as createPKCE,t as createSecretValue,e as hashPassword,r as verifyCSRF,a as verifyPassword};
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});let e=require(`zod/v4`);const t=e.z.object({sub:(0,e.string)(),name:(0,e.string)().nullable().optional(),image:(0,e.string)().nullable().optional(),email:(0,e.email)().nullable().optional()}),n=t=>e.z.object(t);exports.UserIdentity=t,exports.createIdentity=n;
@@ -0,0 +1,2 @@
1
+ import { Bn as UserIdentity, G as InferShape, H as EditableShape, Hn as UserShape, U as InferAuthIdentity, Un as createIdentity, Vn as UserIdentityType, W as InferIdentity, Y as ShapeToObject } from "../index-nqLV2t91.js";
2
+ export { EditableShape, InferAuthIdentity, InferIdentity, InferShape, ShapeToObject, UserIdentity, UserIdentityType, UserShape, createIdentity };
@@ -0,0 +1 @@
1
+ import{email as e,string as t,z as n}from"zod/v4";const r=n.object({sub:t(),name:t().nullable().optional(),image:t().nullable().optional(),email:e().nullable().optional()}),i=e=>n.object(e);export{r as UserIdentity,i as createIdentity};
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-NJGroSJd.cjs`),t=require(`../logger-UnUhYL2V.cjs`);exports.createBasicAuthHeader=e.u,exports.createSyslogMessage=t.n;
@@ -0,0 +1,5 @@
1
+ import { zn as createSyslogMessage } from "../index-nqLV2t91.js";
2
+ //#region src/shared/utils.d.ts
3
+ declare const createBasicAuthHeader: (username: string, password: string) => string;
4
+ //#endregion
5
+ export { createBasicAuthHeader, createSyslogMessage };
@@ -0,0 +1 @@
1
+ import{u as e}from"../assert-B3iQSYlK.js";import{n as t}from"../logger-C59_CDMk.js";export{e as createBasicAuthHeader,t as createSyslogMessage};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aura-stack/auth",
3
- "version": "0.5.0",
3
+ "version": "0.6.0",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "description": "Core auth for @aura-stack/auth",
@@ -12,6 +12,7 @@
12
12
  "access": "public",
13
13
  "registry": "https://registry.npmjs.org/@aura-stack/auth"
14
14
  },
15
+ "sideEffects": false,
15
16
  "files": [
16
17
  "dist"
17
18
  ],
@@ -21,6 +22,11 @@
21
22
  "import": "./dist/index.js",
22
23
  "require": "./dist/index.cjs"
23
24
  },
25
+ "./oauth": {
26
+ "types": "./dist/oauth/index.d.ts",
27
+ "import": "./dist/oauth/index.js",
28
+ "require": "./dist/oauth/index.cjs"
29
+ },
24
30
  "./oauth/*": {
25
31
  "types": "./dist/oauth/*.d.ts",
26
32
  "import": "./dist/oauth/*.js",
@@ -35,6 +41,21 @@
35
41
  "types": "./dist/client/index.d.ts",
36
42
  "import": "./dist/client/index.js",
37
43
  "require": "./dist/client/index.cjs"
44
+ },
45
+ "./identity": {
46
+ "types": "./dist/shared/identity.d.ts",
47
+ "import": "./dist/shared/identity.js",
48
+ "require": "./dist/shared/identity.cjs"
49
+ },
50
+ "./crypto": {
51
+ "types": "./dist/shared/crypto.d.ts",
52
+ "import": "./dist/shared/crypto.js",
53
+ "require": "./dist/shared/crypto.cjs"
54
+ },
55
+ "./shared": {
56
+ "types": "./dist/shared/index.d.ts",
57
+ "import": "./dist/shared/index.js",
58
+ "require": "./dist/shared/index.cjs"
38
59
  }
39
60
  },
40
61
  "keywords": [
@@ -51,24 +72,26 @@
51
72
  "dependencies": {
52
73
  "@aura-stack/router": "^0.6.0",
53
74
  "zod": "4.3.5",
54
- "@aura-stack/jose": "0.4.0"
75
+ "@aura-stack/jose": "0.5.0"
55
76
  },
56
77
  "devDependencies": {
57
78
  "typescript": "^5.9.2",
79
+ "vitest": "4.1.4",
58
80
  "@aura-stack/tsconfig": "0.0.0",
59
- "@aura-stack/tsup-config": "0.0.0"
81
+ "@aura-stack/tsdown-config": "0.0.0"
60
82
  },
61
83
  "scripts": {
62
- "dev": "tsup --watch",
63
- "build": "tsup",
84
+ "dev": "tsdown --watch",
85
+ "build": "tsdown",
86
+ "lint": "oxlint",
87
+ "lint:fix": "oxlint --fix",
64
88
  "test": "vitest --run",
65
89
  "test:watch": "vitest",
66
90
  "test:coverage": "vitest --run --coverage",
67
- "format": "prettier --write . --cache --cache-location .cache/.prettiercache",
68
- "format:check": "prettier --check . --cache --cache-location .cache/.prettiercache",
91
+ "format": "oxfmt",
92
+ "format:check": "oxfmt --check",
69
93
  "type-check": "tsc --noEmit",
70
94
  "clean": "rm -rf dist",
71
- "clean:cts": "find dist -type f -name \"*.cts\" -delete",
72
- "prepublish": "pnpm clean:cts"
95
+ "clean:cts": "if [ -d dist ]; then find dist -type f -name \"*.cts\" -delete; fi"
73
96
  }
74
97
  }
@@ -1 +0,0 @@
1
- "use strict";
@@ -1,16 +0,0 @@
1
- import { R as RouterGlobalContext } from '../index-_aXtxb_s.js';
2
- import 'zod';
3
- import '../schemas.js';
4
- import 'zod/v4';
5
- import '@aura-stack/jose';
6
- import '@aura-stack/jose/jose';
7
- import '@aura-stack/jose/crypto';
8
- import '@aura-stack/router/cookie';
9
- import './utility.js';
10
- import 'jose';
11
- import '@aura-stack/router';
12
- import 'zod/v4/core';
13
-
14
- declare module "@aura-stack/router" {
15
- interface GlobalContext extends RouterGlobalContext {}
16
- }
File without changes
@@ -1,18 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __copyProps = (to, from, except, desc) => {
7
- if (from && typeof from === "object" || typeof from === "function") {
8
- for (let key of __getOwnPropNames(from))
9
- if (!__hasOwnProp.call(to, key) && key !== except)
10
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
11
- }
12
- return to;
13
- };
14
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
15
-
16
- // src/@types/utility.ts
17
- var utility_exports = {};
18
- module.exports = __toCommonJS(utility_exports);
@@ -1,6 +0,0 @@
1
- type Prettify<T> = {
2
- [K in keyof T]: T[K];
3
- };
4
- type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
5
-
6
- export type { LiteralUnion, Prettify };
@@ -1 +0,0 @@
1
- import "../chunk-PG7UYFG5.js";
@@ -1,250 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/actions/callback/access-token.ts
21
- var access_token_exports = {};
22
- __export(access_token_exports, {
23
- createAccessToken: () => createAccessToken
24
- });
25
- module.exports = __toCommonJS(access_token_exports);
26
-
27
- // src/request.ts
28
- var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
29
- const controller = new AbortController();
30
- const timeoutId = setTimeout(() => controller.abort(), timeout);
31
- const response = await fetch(url, {
32
- ...options2,
33
- signal: controller.signal
34
- }).finally(() => clearTimeout(timeoutId));
35
- return response;
36
- };
37
-
38
- // src/errors.ts
39
- var OAuthProtocolError = class extends Error {
40
- type = "OAUTH_PROTOCOL_ERROR";
41
- error;
42
- errorURI;
43
- constructor(error, description, errorURI, options2) {
44
- super(description, options2);
45
- this.error = error;
46
- this.errorURI = errorURI;
47
- this.name = new.target.name;
48
- Error.captureStackTrace(this, new.target);
49
- }
50
- };
51
- var AuthInternalError = class extends Error {
52
- type = "AUTH_INTERNAL_ERROR";
53
- code;
54
- constructor(code, message, options2) {
55
- super(message, options2);
56
- this.code = code;
57
- this.name = new.target.name;
58
- Error.captureStackTrace(this, new.target);
59
- }
60
- };
61
-
62
- // src/schemas.ts
63
- var import_v4 = require("zod/v4");
64
- var AuthorizeConfigSchema = import_v4.z.union([
65
- (0, import_v4.string)().url(),
66
- (0, import_v4.object)({
67
- url: (0, import_v4.string)().url(),
68
- params: (0, import_v4.object)({
69
- responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
70
- scope: (0, import_v4.string)().optional()
71
- })
72
- })
73
- ]);
74
- var AccessTokenConfigSchema = import_v4.z.union([
75
- (0, import_v4.string)().url(),
76
- (0, import_v4.object)({
77
- url: (0, import_v4.string)().url(),
78
- headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
79
- })
80
- ]);
81
- var UserInfoConfigSchema = import_v4.z.union([
82
- (0, import_v4.string)().url(),
83
- (0, import_v4.object)({
84
- url: (0, import_v4.string)().url(),
85
- headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
86
- method: (0, import_v4.string)().optional()
87
- })
88
- ]);
89
- var OAuthProviderCredentialsSchema = (0, import_v4.object)({
90
- id: (0, import_v4.string)(),
91
- name: (0, import_v4.string)(),
92
- authorize: AuthorizeConfigSchema.optional(),
93
- /** @deprecated */
94
- authorizeURL: (0, import_v4.string)().url().optional(),
95
- accessToken: AccessTokenConfigSchema,
96
- /** @deprecated */
97
- scope: (0, import_v4.string)().optional(),
98
- userInfo: UserInfoConfigSchema,
99
- /** @deprecated */
100
- responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
101
- clientId: (0, import_v4.string)(),
102
- clientSecret: (0, import_v4.string)(),
103
- profile: import_v4.z.function().optional()
104
- });
105
- var OAuthProviderConfigSchema = (0, import_v4.object)({
106
- authorize: AuthorizeConfigSchema.optional(),
107
- /** @deprecated */
108
- authorizeURL: (0, import_v4.string)().url().optional(),
109
- accessToken: AccessTokenConfigSchema,
110
- /** @deprecated */
111
- scope: (0, import_v4.string)().optional(),
112
- userInfo: UserInfoConfigSchema,
113
- /** @deprecated */
114
- responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
115
- clientId: (0, import_v4.string)(),
116
- clientSecret: (0, import_v4.string)()
117
- });
118
- var OAuthAuthorization = OAuthProviderConfigSchema.extend({
119
- redirectURI: (0, import_v4.string)(),
120
- state: (0, import_v4.string)(),
121
- codeChallenge: (0, import_v4.string)(),
122
- codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
123
- });
124
- var OAuthAuthorizationResponse = (0, import_v4.object)({
125
- state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
126
- code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
127
- });
128
- var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
129
- error: (0, import_v4.enum)([
130
- "invalid_request",
131
- "unauthorized_client",
132
- "access_denied",
133
- "unsupported_response_type",
134
- "invalid_scope",
135
- "server_error",
136
- "temporarily_unavailable"
137
- ]),
138
- error_description: (0, import_v4.string)().optional(),
139
- error_uri: (0, import_v4.string)().optional(),
140
- state: (0, import_v4.string)()
141
- });
142
- var OAuthAccessToken = OAuthProviderConfigSchema.extend({
143
- redirectURI: (0, import_v4.string)(),
144
- code: (0, import_v4.string)(),
145
- codeVerifier: (0, import_v4.string)().min(43).max(128)
146
- });
147
- var OAuthAccessTokenResponse = (0, import_v4.object)({
148
- access_token: (0, import_v4.string)(),
149
- token_type: (0, import_v4.string)().optional(),
150
- expires_in: (0, import_v4.number)().optional(),
151
- refresh_token: (0, import_v4.string)().optional(),
152
- scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
153
- });
154
- var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
155
- error: (0, import_v4.enum)([
156
- "invalid_request",
157
- "invalid_client",
158
- "invalid_grant",
159
- "unauthorized_client",
160
- "unsupported_grant_type",
161
- "invalid_scope"
162
- ]),
163
- error_description: (0, import_v4.string)().optional(),
164
- error_uri: (0, import_v4.string)().optional()
165
- });
166
- var OAuthErrorResponse = (0, import_v4.object)({
167
- error: (0, import_v4.string)(),
168
- error_description: (0, import_v4.string)().optional()
169
- });
170
- var OAuthEnvSchema = (0, import_v4.object)({
171
- clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
172
- clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
173
- });
174
-
175
- // src/actions/callback/access-token.ts
176
- var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier, logger) => {
177
- const { accessToken, clientId, clientSecret } = oauthConfig;
178
- if (!clientId || !clientSecret || !redirectURI || !code || !codeVerifier || !accessToken) {
179
- logger?.log("INVALID_OAUTH_CONFIGURATION", {
180
- structuredData: {
181
- has_client_id: Boolean(clientId),
182
- has_client_secret: Boolean(clientSecret),
183
- has_access_token: Boolean(accessToken),
184
- has_redirect_uri: Boolean(redirectURI),
185
- has_code: Boolean(code),
186
- has_code_verifier: Boolean(codeVerifier)
187
- }
188
- });
189
- throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "The OAuth provider configuration is invalid.");
190
- }
191
- const tokenURL = typeof accessToken === "string" ? accessToken : accessToken.url;
192
- const extraHeaders = typeof accessToken === "string" ? void 0 : accessToken.headers;
193
- try {
194
- logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_INITIATED", {
195
- structuredData: {
196
- has_client_id: Boolean(clientId),
197
- redirect_uri: redirectURI,
198
- grant_type: "authorization_code"
199
- }
200
- });
201
- const response = await fetchAsync(tokenURL, {
202
- method: "POST",
203
- headers: {
204
- ...extraHeaders ?? {},
205
- Accept: "application/json",
206
- "Content-Type": "application/x-www-form-urlencoded"
207
- },
208
- body: new URLSearchParams({
209
- client_id: clientId,
210
- client_secret: clientSecret,
211
- code,
212
- redirect_uri: redirectURI,
213
- grant_type: "authorization_code",
214
- code_verifier: codeVerifier
215
- }).toString()
216
- });
217
- if (!response.ok) {
218
- logger?.log("INVALID_OAUTH_ACCESS_TOKEN_RESPONSE");
219
- throw new OAuthProtocolError("invalid_request", "Invalid access token response");
220
- }
221
- const json = await response.json();
222
- const token = OAuthAccessTokenResponse.safeParse(json);
223
- if (!token.success) {
224
- const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
225
- if (!success) {
226
- logger?.log("INVALID_OAUTH_ACCESS_TOKEN_RESPONSE");
227
- throw new OAuthProtocolError("invalid_request", "Invalid access token response format");
228
- }
229
- logger?.log("OAUTH_ACCESS_TOKEN_ERROR", {
230
- structuredData: {
231
- error: data.error,
232
- error_description: data.error_description ?? ""
233
- }
234
- });
235
- throw new OAuthProtocolError("INVALID_ACCESS_TOKEN", "Failed to retrieve access token");
236
- }
237
- logger?.log("OAUTH_ACCESS_TOKEN_SUCCESS");
238
- return token.data;
239
- } catch (error) {
240
- logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_FAILED");
241
- if (error instanceof Error) {
242
- throw new OAuthProtocolError("server_error", "Failed to communicate with OAuth provider", "", { cause: error });
243
- }
244
- throw error;
245
- }
246
- };
247
- // Annotate the CommonJS export names for ESM import in node:
248
- 0 && (module.exports = {
249
- createAccessToken
250
- });
@@ -1,33 +0,0 @@
1
- import { j as OAuthProviderCredentials, a as InternalLogger } from '../../index-_aXtxb_s.js';
2
- import 'zod';
3
- import '../../schemas.js';
4
- import 'zod/v4';
5
- import '@aura-stack/jose';
6
- import '@aura-stack/jose/jose';
7
- import '@aura-stack/jose/crypto';
8
- import '@aura-stack/router/cookie';
9
- import '../../@types/utility.js';
10
- import 'jose';
11
- import '@aura-stack/router';
12
- import 'zod/v4/core';
13
-
14
- /**
15
- * Make a request to the OAuth provider to the token endpoint to exchange the authorization code provided
16
- * by the authorization server.
17
- *
18
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
19
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5
20
- * @param oauthConfig - OAuth provider configuration
21
- * @param redirectURI - The redirect URI registered in the Resource Owner's authorization request and sent in the authorization code exchange
22
- * @param code - The authorization code received from the OAuth server
23
- * @returns The access token response from the OAuth server
24
- */
25
- declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string, logger?: InternalLogger) => Promise<{
26
- access_token: string;
27
- token_type?: string | undefined;
28
- expires_in?: number | undefined;
29
- refresh_token?: string | undefined;
30
- scope?: string | string[] | null | undefined;
31
- }>;
32
-
33
- export { createAccessToken };
@@ -1,9 +0,0 @@
1
- import {
2
- createAccessToken
3
- } from "../../chunk-7BE46WWS.js";
4
- import "../../chunk-ZNCZVF6U.js";
5
- import "../../chunk-2A5B7GWR.js";
6
- import "../../chunk-U5663F2U.js";
7
- export {
8
- createAccessToken
9
- };