@aura-stack/auth 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/README.md +36 -1
  2. package/dist/@types/index.cjs +0 -18
  3. package/dist/@types/index.d.ts +2 -12
  4. package/dist/@types/index.js +0 -1
  5. package/dist/assert-_fBNnaOk.js +3 -0
  6. package/dist/assert-hDwQ_SPO.cjs +3 -0
  7. package/dist/client/index.cjs +1 -135
  8. package/dist/client/index.d.ts +11 -14
  9. package/dist/client/index.js +1 -10
  10. package/dist/crypto-D6_SoGMH.cjs +1 -0
  11. package/dist/crypto-DyrRzBSQ.js +1 -0
  12. package/dist/env-7as-tgzO.cjs +1 -0
  13. package/dist/env-CJtSi1eX.js +1 -0
  14. package/dist/errors-Czt_w1t_.js +1 -0
  15. package/dist/errors-DcK2ELlk.cjs +1 -0
  16. package/dist/identity-b8FCr0Oa.cjs +1 -0
  17. package/dist/index-C9U6ICDT.d.ts +2796 -0
  18. package/dist/index.cjs +1 -2427
  19. package/dist/index.d.ts +2 -14
  20. package/dist/index.js +1 -59
  21. package/dist/logger-DjXkgSn5.js +1 -0
  22. package/dist/logger-G5PinyEc.cjs +1 -0
  23. package/dist/oauth/atlassian.cjs +1 -57
  24. package/dist/oauth/atlassian.d.ts +2 -12
  25. package/dist/oauth/atlassian.js +1 -6
  26. package/dist/oauth/bitbucket.cjs +1 -49
  27. package/dist/oauth/bitbucket.d.ts +2 -12
  28. package/dist/oauth/bitbucket.js +1 -6
  29. package/dist/oauth/click-up.cjs +1 -0
  30. package/dist/oauth/click-up.d.ts +2 -0
  31. package/dist/oauth/click-up.js +1 -0
  32. package/dist/oauth/discord.cjs +1 -57
  33. package/dist/oauth/discord.d.ts +2 -12
  34. package/dist/oauth/discord.js +1 -6
  35. package/dist/oauth/dribbble.cjs +1 -0
  36. package/dist/oauth/dribbble.d.ts +2 -0
  37. package/dist/oauth/dribbble.js +1 -0
  38. package/dist/oauth/dropbox.cjs +1 -53
  39. package/dist/oauth/dropbox.d.ts +2 -12
  40. package/dist/oauth/dropbox.js +1 -6
  41. package/dist/oauth/figma.cjs +1 -49
  42. package/dist/oauth/figma.d.ts +2 -12
  43. package/dist/oauth/figma.js +1 -6
  44. package/dist/oauth/github.cjs +1 -49
  45. package/dist/oauth/github.d.ts +2 -12
  46. package/dist/oauth/github.js +1 -6
  47. package/dist/oauth/gitlab.cjs +1 -49
  48. package/dist/oauth/gitlab.d.ts +2 -12
  49. package/dist/oauth/gitlab.js +1 -6
  50. package/dist/oauth/index.cjs +1 -673
  51. package/dist/oauth/index.d.ts +2 -12
  52. package/dist/oauth/index.js +1 -68
  53. package/dist/oauth/mailchimp.cjs +1 -49
  54. package/dist/oauth/mailchimp.d.ts +2 -12
  55. package/dist/oauth/mailchimp.js +1 -6
  56. package/dist/oauth/notion.cjs +1 -131
  57. package/dist/oauth/notion.d.ts +2 -12
  58. package/dist/oauth/notion.js +1 -9
  59. package/dist/oauth/pinterest.cjs +1 -49
  60. package/dist/oauth/pinterest.d.ts +2 -12
  61. package/dist/oauth/pinterest.js +1 -6
  62. package/dist/oauth/spotify.cjs +1 -49
  63. package/dist/oauth/spotify.d.ts +2 -12
  64. package/dist/oauth/spotify.js +1 -6
  65. package/dist/oauth/strava.cjs +1 -49
  66. package/dist/oauth/strava.d.ts +2 -12
  67. package/dist/oauth/strava.js +1 -6
  68. package/dist/oauth/twitch.cjs +1 -95
  69. package/dist/oauth/twitch.d.ts +2 -12
  70. package/dist/oauth/twitch.js +1 -7
  71. package/dist/oauth/x.cjs +1 -49
  72. package/dist/oauth/x.d.ts +2 -12
  73. package/dist/oauth/x.js +1 -6
  74. package/dist/oauth-D3_mnBOx.js +1 -0
  75. package/dist/oauth-gPiWxjBd.cjs +1 -0
  76. package/dist/shared/crypto.cjs +1 -0
  77. package/dist/shared/crypto.d.ts +71 -0
  78. package/dist/shared/crypto.js +1 -0
  79. package/dist/shared/identity.cjs +1 -0
  80. package/dist/shared/identity.d.ts +2 -0
  81. package/dist/shared/identity.js +1 -0
  82. package/dist/shared/index.cjs +1 -0
  83. package/dist/shared/index.d.ts +5 -0
  84. package/dist/shared/index.js +1 -0
  85. package/package.json +37 -11
  86. package/dist/@types/router.d.cjs +0 -1
  87. package/dist/@types/router.d.d.ts +0 -16
  88. package/dist/@types/router.d.js +0 -0
  89. package/dist/@types/utility.cjs +0 -18
  90. package/dist/@types/utility.d.ts +0 -6
  91. package/dist/@types/utility.js +0 -1
  92. package/dist/actions/callback/access-token.cjs +0 -250
  93. package/dist/actions/callback/access-token.d.ts +0 -33
  94. package/dist/actions/callback/access-token.js +0 -9
  95. package/dist/actions/callback/callback.cjs +0 -715
  96. package/dist/actions/callback/callback.d.ts +0 -42
  97. package/dist/actions/callback/callback.js +0 -18
  98. package/dist/actions/callback/userinfo.cjs +0 -283
  99. package/dist/actions/callback/userinfo.d.ts +0 -25
  100. package/dist/actions/callback/userinfo.js +0 -13
  101. package/dist/actions/csrfToken/csrfToken.cjs +0 -189
  102. package/dist/actions/csrfToken/csrfToken.d.ts +0 -7
  103. package/dist/actions/csrfToken/csrfToken.js +0 -13
  104. package/dist/actions/index.cjs +0 -1161
  105. package/dist/actions/index.d.ts +0 -17
  106. package/dist/actions/index.js +0 -39
  107. package/dist/actions/session/session.cjs +0 -188
  108. package/dist/actions/session/session.d.ts +0 -7
  109. package/dist/actions/session/session.js +0 -12
  110. package/dist/actions/signIn/authorization-url.cjs +0 -288
  111. package/dist/actions/signIn/authorization-url.d.ts +0 -31
  112. package/dist/actions/signIn/authorization-url.js +0 -16
  113. package/dist/actions/signIn/authorization.cjs +0 -281
  114. package/dist/actions/signIn/authorization.d.ts +0 -54
  115. package/dist/actions/signIn/authorization.js +0 -19
  116. package/dist/actions/signIn/signIn.cjs +0 -595
  117. package/dist/actions/signIn/signIn.d.ts +0 -42
  118. package/dist/actions/signIn/signIn.js +0 -16
  119. package/dist/actions/signOut/signOut.cjs +0 -492
  120. package/dist/actions/signOut/signOut.d.ts +0 -16
  121. package/dist/actions/signOut/signOut.js +0 -15
  122. package/dist/api/createApi.cjs +0 -750
  123. package/dist/api/createApi.d.ts +0 -12
  124. package/dist/api/createApi.js +0 -19
  125. package/dist/api/getSession.cjs +0 -141
  126. package/dist/api/getSession.d.ts +0 -16
  127. package/dist/api/getSession.js +0 -10
  128. package/dist/api/signIn.cjs +0 -549
  129. package/dist/api/signIn.d.ts +0 -26
  130. package/dist/api/signIn.js +0 -15
  131. package/dist/api/signOut.cjs +0 -279
  132. package/dist/api/signOut.d.ts +0 -16
  133. package/dist/api/signOut.js +0 -13
  134. package/dist/assert.cjs +0 -194
  135. package/dist/assert.d.ts +0 -37
  136. package/dist/assert.js +0 -26
  137. package/dist/chunk-2A5B7GWR.js +0 -125
  138. package/dist/chunk-2GQLSIJ2.js +0 -40
  139. package/dist/chunk-2IR674WX.js +0 -44
  140. package/dist/chunk-3J5TUH2I.js +0 -50
  141. package/dist/chunk-4RWSYUKX.js +0 -98
  142. package/dist/chunk-4YHJ4IEQ.js +0 -25
  143. package/dist/chunk-54CZPKR4.js +0 -25
  144. package/dist/chunk-5LZ7TOM3.js +0 -25
  145. package/dist/chunk-5X7JZMEF.js +0 -0
  146. package/dist/chunk-7BE46WWS.js +0 -88
  147. package/dist/chunk-7YYXFKLR.js +0 -35
  148. package/dist/chunk-C3A37LQC.js +0 -33
  149. package/dist/chunk-CITNGXDA.js +0 -31
  150. package/dist/chunk-CWX724AG.js +0 -78
  151. package/dist/chunk-D2CSIUKP.js +0 -74
  152. package/dist/chunk-E6G5YCI6.js +0 -25
  153. package/dist/chunk-EBAMFRB7.js +0 -34
  154. package/dist/chunk-EEE7UM5T.js +0 -25
  155. package/dist/chunk-FPCVZUVG.js +0 -37
  156. package/dist/chunk-FW4W3REU.js +0 -25
  157. package/dist/chunk-GNNBM2WJ.js +0 -83
  158. package/dist/chunk-IPKO6UQN.js +0 -25
  159. package/dist/chunk-ITQ7352M.js +0 -0
  160. package/dist/chunk-JOCGX3RP.js +0 -59
  161. package/dist/chunk-KBXWTD6E.js +0 -94
  162. package/dist/chunk-KMMAZFSJ.js +0 -25
  163. package/dist/chunk-LATR3NIV.js +0 -117
  164. package/dist/chunk-LAYPUDQF.js +0 -39
  165. package/dist/chunk-LDU7A2JE.js +0 -25
  166. package/dist/chunk-LX3TJ2TJ.js +0 -294
  167. package/dist/chunk-NHZBQNRR.js +0 -143
  168. package/dist/chunk-OVHNRULD.js +0 -33
  169. package/dist/chunk-PDP3PHB3.js +0 -127
  170. package/dist/chunk-PG7UYFG5.js +0 -0
  171. package/dist/chunk-PHYNROD4.js +0 -47
  172. package/dist/chunk-QQEKY4XP.js +0 -29
  173. package/dist/chunk-U4RK4LKJ.js +0 -348
  174. package/dist/chunk-U5663F2U.js +0 -70
  175. package/dist/chunk-UN7X6SU5.js +0 -53
  176. package/dist/chunk-UZQJJD6A.js +0 -100
  177. package/dist/chunk-V6LLEAR4.js +0 -80
  178. package/dist/chunk-WHNDRO3N.js +0 -50
  179. package/dist/chunk-XY5R3EHH.js +0 -204
  180. package/dist/chunk-ZNCZVF6U.js +0 -14
  181. package/dist/client/client.cjs +0 -135
  182. package/dist/client/client.d.ts +0 -85
  183. package/dist/client/client.js +0 -9
  184. package/dist/context.cjs +0 -1237
  185. package/dist/context.d.ts +0 -16
  186. package/dist/context.js +0 -28
  187. package/dist/cookie.cjs +0 -277
  188. package/dist/cookie.d.ts +0 -89
  189. package/dist/cookie.js +0 -30
  190. package/dist/createAuth.cjs +0 -2320
  191. package/dist/createAuth.d.ts +0 -12
  192. package/dist/createAuth.js +0 -48
  193. package/dist/env.cjs +0 -78
  194. package/dist/env.d.ts +0 -10
  195. package/dist/env.js +0 -12
  196. package/dist/errors.cjs +0 -102
  197. package/dist/errors.d.ts +0 -60
  198. package/dist/errors.js +0 -22
  199. package/dist/headers.cjs +0 -61
  200. package/dist/headers.d.ts +0 -33
  201. package/dist/headers.js +0 -12
  202. package/dist/index-_aXtxb_s.d.ts +0 -1377
  203. package/dist/jose.cjs +0 -166
  204. package/dist/jose.d.ts +0 -12
  205. package/dist/jose.js +0 -20
  206. package/dist/logger.cjs +0 -424
  207. package/dist/logger.d.ts +0 -12
  208. package/dist/logger.js +0 -17
  209. package/dist/request.cjs +0 -38
  210. package/dist/request.d.ts +0 -13
  211. package/dist/request.js +0 -6
  212. package/dist/schemas.cjs +0 -158
  213. package/dist/schemas.d.ts +0 -229
  214. package/dist/schemas.js +0 -24
  215. package/dist/secure.cjs +0 -170
  216. package/dist/secure.d.ts +0 -41
  217. package/dist/secure.js +0 -20
  218. package/dist/utils.cjs +0 -329
  219. package/dist/utils.d.ts +0 -35
  220. package/dist/utils.js +0 -36
package/dist/oauth/x.cjs CHANGED
@@ -1,49 +1 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/oauth/x.ts
21
- var x_exports = {};
22
- __export(x_exports, {
23
- x: () => x
24
- });
25
- module.exports = __toCommonJS(x_exports);
26
- var x = (options) => {
27
- return {
28
- id: "x",
29
- name: "X",
30
- authorizeURL: "https://twitter.com/i/oauth2/authorize",
31
- accessToken: "https://api.twitter.com/2/oauth2/token",
32
- userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
33
- scope: "tweet.read users.read offline.access",
34
- responseType: "code",
35
- profile(profile) {
36
- return {
37
- sub: profile.data.id,
38
- name: profile.data.name,
39
- image: profile.data.profile_image_url,
40
- email: void 0
41
- };
42
- },
43
- ...options
44
- };
45
- };
46
- // Annotate the CommonJS export names for ESM import in node:
47
- 0 && (module.exports = {
48
- x
49
- });
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=e=>({id:`x`,name:`X`,authorize:{url:`https://twitter.com/i/oauth2/authorize`,params:{scope:`tweet.read users.read offline.access`,response_type:`code`}},accessToken:`https://api.twitter.com/2/oauth2/token`,userInfo:`https://api.twitter.com/2/users/me?user.fields=profile_image_url`,profile:e=>({sub:e.data.id,name:e.data.name,image:e.data.profile_image_url,email:void 0}),...e});exports.x=e;
package/dist/oauth/x.d.ts CHANGED
@@ -1,12 +1,2 @@
1
- export { ah as XProfile, ai as x } from '../index-_aXtxb_s.js';
2
- import 'zod';
3
- import '../schemas.js';
4
- import 'zod/v4';
5
- import '@aura-stack/jose';
6
- import '@aura-stack/jose/jose';
7
- import '@aura-stack/jose/crypto';
8
- import '@aura-stack/router/cookie';
9
- import '../@types/utility.js';
10
- import 'jose';
11
- import '@aura-stack/router';
12
- import 'zod/v4/core';
1
+ import { Gn as XProfile, Kn as x } from "../index-C9U6ICDT.js";
2
+ export { XProfile, x };
package/dist/oauth/x.js CHANGED
@@ -1,6 +1 @@
1
- import {
2
- x
3
- } from "../chunk-EEE7UM5T.js";
4
- export {
5
- x
6
- };
1
+ const e=e=>({id:`x`,name:`X`,authorize:{url:`https://twitter.com/i/oauth2/authorize`,params:{scope:`tweet.read users.read offline.access`,response_type:`code`}},accessToken:`https://api.twitter.com/2/oauth2/token`,userInfo:`https://api.twitter.com/2/users/me?user.fields=profile_image_url`,profile:e=>({sub:e.data.id,name:e.data.name,image:e.data.profile_image_url,email:void 0}),...e});export{e as x};
@@ -0,0 +1 @@
1
+ import{n as e}from"./errors-Czt_w1t_.js";import{n as t}from"./env-CJtSi1eX.js";import{T as n}from"./assert-_fBNnaOk.js";import{github as r}from"./oauth/github.js";import{bitbucket as i}from"./oauth/bitbucket.js";import{figma as a}from"./oauth/figma.js";import{discord as o}from"./oauth/discord.js";import{gitlab as s}from"./oauth/gitlab.js";import{spotify as c}from"./oauth/spotify.js";import{x as l}from"./oauth/x.js";import{strava as u}from"./oauth/strava.js";import{mailchimp as d}from"./oauth/mailchimp.js";import{pinterest as f}from"./oauth/pinterest.js";import{twitch as p}from"./oauth/twitch.js";import{notion as m}from"./oauth/notion.js";import{dropbox as h}from"./oauth/dropbox.js";import{atlassian as g}from"./oauth/atlassian.js";import{clickUp as _}from"./oauth/click-up.js";import{dribbble as v}from"./oauth/dribbble.js";import{array as y,enum as b,null as x,number as S,object as C,string as w,union as T,z as E}from"zod/v4";const D=E.union([w().url(),C({url:w().url(),params:C({owner:w().optional(),responseType:b([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:w().optional()})})]),O=E.union([w().url(),C({url:w().url(),headers:E.record(w(),w()).optional()})]),k=E.union([w().url(),C({url:w().url(),headers:E.record(w(),w()).optional(),method:w().optional()})]),A=C({id:w(),name:w(),authorize:D.optional(),authorizeURL:w().url().optional(),accessToken:O,scope:w().optional(),userInfo:k,responseType:b([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:w(),clientSecret:w(),profile:E.function().optional()}),j=C({authorize:D.optional(),authorizeURL:w().url().optional(),accessToken:O,scope:w().optional(),userInfo:k,responseType:b([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:w(),clientSecret:w()}),M=j.extend({redirectURI:w(),state:w(),codeChallenge:w(),codeChallengeMethod:b([`plain`,`S256`])});C({state:w({message:`Missing state parameter in the OAuth authorization response.`}),code:w({message:`Missing code parameter in the OAuth authorization response.`})});const N=C({error:b([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:w().optional(),error_uri:w().optional(),state:w()});j.extend({redirectURI:w(),code:w(),codeVerifier:w().min(43).max(128)});const P=C({access_token:w(),token_type:w().optional(),expires_in:S().optional(),refresh_token:w().optional(),scope:T([w().optional().or(x()),y(w()).optional()])}),F=C({error:b([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:w().optional(),error_uri:w().optional()}),I=C({error:w(),error_description:w().optional()}),L=C({clientId:E.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:E.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),R={github:r,bitbucket:i,figma:a,discord:o,gitlab:s,spotify:c,x:l,strava:u,mailchimp:d,pinterest:f,twitch:p,notion:m,dropbox:h,atlassian:g,clickUp:_,dribbble:v},z=r=>{let i=L.safeParse({clientId:t(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_ID`),clientSecret:t(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_SECRET`)});if(!i.success)throw new e(`INVALID_ENVIRONMENT_CONFIGURATION`,JSON.stringify({[r]:n(i.error)},null,2));return i.data},B=t=>{if(typeof t==`string`){let r=z(t),i=R[t](),a=A.safeParse({...i,...r});if(!a.success)throw new e(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t}": ${JSON.stringify({[t]:n(a.error)},null,2)}`);return a.data}let r=t.clientId&&t.clientSecret?{}:z(t.id),i=A.safeParse({...r,...t});if(!i.success){let r=JSON.stringify({[t.id]:n(i.error)},null,2);throw new e(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t.id}": ${r}`)}return i.data},V=(t=[])=>t.reduce((t,n)=>{let r=B(n);if(r.id in t)throw new e(`DUPLICATED_OAUTH_PROVIDER_ID`,`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`);return{...t,[r.id]:r}},{});export{M as a,P as i,V as n,N as o,F as r,I as s,R as t};
@@ -0,0 +1 @@
1
+ require(`./identity-b8FCr0Oa.cjs`);const e=require(`./errors-DcK2ELlk.cjs`),t=require(`./env-7as-tgzO.cjs`),n=require(`./assert-hDwQ_SPO.cjs`),r=require(`./oauth/github.cjs`),i=require(`./oauth/bitbucket.cjs`),a=require(`./oauth/figma.cjs`),o=require(`./oauth/discord.cjs`),s=require(`./oauth/gitlab.cjs`),c=require(`./oauth/spotify.cjs`),l=require(`./oauth/x.cjs`),u=require(`./oauth/strava.cjs`),d=require(`./oauth/mailchimp.cjs`),f=require(`./oauth/pinterest.cjs`),p=require(`./oauth/twitch.cjs`),m=require(`./oauth/notion.cjs`),h=require(`./oauth/dropbox.cjs`),g=require(`./oauth/atlassian.cjs`),_=require(`./oauth/click-up.cjs`),v=require(`./oauth/dribbble.cjs`);let y=require(`zod/v4`);const b=y.z.union([(0,y.string)().url(),(0,y.object)({url:(0,y.string)().url(),params:(0,y.object)({owner:(0,y.string)().optional(),responseType:(0,y.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:(0,y.string)().optional()})})]),x=y.z.union([(0,y.string)().url(),(0,y.object)({url:(0,y.string)().url(),headers:y.z.record((0,y.string)(),(0,y.string)()).optional()})]),S=y.z.union([(0,y.string)().url(),(0,y.object)({url:(0,y.string)().url(),headers:y.z.record((0,y.string)(),(0,y.string)()).optional(),method:(0,y.string)().optional()})]),C=(0,y.object)({id:(0,y.string)(),name:(0,y.string)(),authorize:b.optional(),authorizeURL:(0,y.string)().url().optional(),accessToken:x,scope:(0,y.string)().optional(),userInfo:S,responseType:(0,y.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,y.string)(),clientSecret:(0,y.string)(),profile:y.z.function().optional()}),w=(0,y.object)({authorize:b.optional(),authorizeURL:(0,y.string)().url().optional(),accessToken:x,scope:(0,y.string)().optional(),userInfo:S,responseType:(0,y.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,y.string)(),clientSecret:(0,y.string)()}),T=w.extend({redirectURI:(0,y.string)(),state:(0,y.string)(),codeChallenge:(0,y.string)(),codeChallengeMethod:(0,y.enum)([`plain`,`S256`])});(0,y.object)({state:(0,y.string)({message:`Missing state parameter in the OAuth authorization response.`}),code:(0,y.string)({message:`Missing code parameter in the OAuth authorization response.`})});const E=(0,y.object)({error:(0,y.enum)([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:(0,y.string)().optional(),error_uri:(0,y.string)().optional(),state:(0,y.string)()});w.extend({redirectURI:(0,y.string)(),code:(0,y.string)(),codeVerifier:(0,y.string)().min(43).max(128)});const D=(0,y.object)({access_token:(0,y.string)(),token_type:(0,y.string)().optional(),expires_in:(0,y.number)().optional(),refresh_token:(0,y.string)().optional(),scope:(0,y.union)([(0,y.string)().optional().or((0,y.null)()),(0,y.array)((0,y.string)()).optional()])}),O=(0,y.object)({error:(0,y.enum)([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:(0,y.string)().optional(),error_uri:(0,y.string)().optional()}),k=(0,y.object)({error:(0,y.string)(),error_description:(0,y.string)().optional()}),A=(0,y.object)({clientId:y.z.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:y.z.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),j={github:r.github,bitbucket:i.bitbucket,figma:a.figma,discord:o.discord,gitlab:s.gitlab,spotify:c.spotify,x:l.x,strava:u.strava,mailchimp:d.mailchimp,pinterest:f.pinterest,twitch:p.twitch,notion:m.notion,dropbox:h.dropbox,atlassian:g.atlassian,clickUp:_.clickUp,dribbble:v.dribbble},M=r=>{let i=A.safeParse({clientId:t.n(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_ID`),clientSecret:t.n(`${r.replace(`-`,`_`).toUpperCase()}_CLIENT_SECRET`)});if(!i.success)throw new e.n(`INVALID_ENVIRONMENT_CONFIGURATION`,JSON.stringify({[r]:n.T(i.error)},null,2));return i.data},N=t=>{if(typeof t==`string`){let r=M(t),i=j[t](),a=C.safeParse({...i,...r});if(!a.success)throw new e.n(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t}": ${JSON.stringify({[t]:n.T(a.error)},null,2)}`);return a.data}let r=t.clientId&&t.clientSecret?{}:M(t.id),i=C.safeParse({...r,...t});if(!i.success){let r=JSON.stringify({[t.id]:n.T(i.error)},null,2);throw new e.n(`INVALID_OAUTH_PROVIDER_CONFIGURATION`,`Invalid configuration for OAuth provider "${t.id}": ${r}`)}return i.data},P=(t=[])=>t.reduce((t,n)=>{let r=N(n);if(r.id in t)throw new e.n(`DUPLICATED_OAUTH_PROVIDER_ID`,`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`);return{...t,[r.id]:r}},{});Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return D}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return P}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return E}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return O}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return k}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return j}});
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-b8FCr0Oa.cjs`);const e=require(`../crypto-D6_SoGMH.cjs`);let t=require(`@aura-stack/jose/jose`);exports.createCSRF=e.t,exports.createHash=e.n,Object.defineProperty(exports,`createKeyPair`,{enumerable:!0,get:function(){return t.generateKeyPair}}),exports.createPKCE=e.r,exports.createSecretValue=e.i,exports.exportJWKKeyPair=e.a,exports.hashPassword=e.o,exports.importPEMKeyPair=e.s,exports.verifyCSRF=e.c,exports.verifyPassword=e.l;
@@ -0,0 +1,71 @@
1
+ import { Ct as JoseInstance, Vt as AsymmetricKeyPairFromEnv, dt as AuthRuntimeConfig, ln as User } from "../index-C9U6ICDT.js";
2
+ import * as _$_aura_stack_jose_jose0 from "@aura-stack/jose/jose";
3
+ import { GenerateKeyPairOptions, generateKeyPair as createKeyPair } from "@aura-stack/jose/jose";
4
+
5
+ //#region src/shared/crypto.d.ts
6
+ declare const createSecretValue: (length?: number) => string;
7
+ declare const createHash: (data: string) => Promise<string>;
8
+ /**
9
+ * Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
10
+ * code challenge using SHA-256 hashing.
11
+ * - code_verifier: A cryptographically random string used to mitigate authorization code interception attacks.
12
+ * - code_challenge: A hashed version of the code_verifier sent in the authorization request.
13
+ * - method: The method used to generate the code challenge, typically "S256" for SHA-256.
14
+ *
15
+ * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
16
+ */
17
+ declare const createPKCE: (verifier?: string) => Promise<{
18
+ codeVerifier: string;
19
+ codeChallenge: string;
20
+ method: string;
21
+ }>;
22
+ /**
23
+ * Creates a CSRF token to be used in OAuth flows to prevent cross-site request forgery attacks.
24
+ *
25
+ * @param csrfCookie - Optional existing CSRF cookie to verify and reuse
26
+ * @returns Signed CSRF token
27
+ */
28
+ declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
29
+ declare const verifyCSRF: <DefaultUser extends User = User>(jose: JoseInstance<DefaultUser>, cookie: string, header: string) => Promise<boolean>;
30
+ /**
31
+ * Hashes a password using PBKDF2 with SHA-256.
32
+ * PBKDF2 is available in standard Web Crypto (SubtleCrypto).
33
+ *
34
+ * @param password - The password to hash.
35
+ * @param salt - Optional salt (base64url encoded). If not provided, a random salt will be generated.
36
+ * @param iterations - The number of PBKDF2 iterations. Default is 100,000.
37
+ * @returns The hashed password in the format `iterations:salt:hash` (all segments base64url encoded).
38
+ */
39
+ declare const hashPassword: (password: string, salt?: string, iterations?: number) => Promise<string>;
40
+ /**
41
+ * Verifies a password against a hashed value.
42
+ *
43
+ * @param password - The password to verify.
44
+ * @param hashedPassword - The hashed password to compare against.
45
+ * @returns A promise that resolves to true if the password matches the hash, false otherwise.
46
+ */
47
+ declare const verifyPassword: (password: string, hashedPassword: string) => Promise<boolean>;
48
+ /**
49
+ * Imports a PEM-formatted asymmetric key pair from strings.
50
+ *
51
+ * @param key - An object containing the public and private keys as PEM-formatted strings
52
+ * @param algorithm - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
53
+ * @returns A Promise that resolves to a CryptoKeyPair with the imported keys
54
+ */
55
+ declare const importPEMKeyPair: (key: AsymmetricKeyPairFromEnv, algorithm: string) => Promise<{
56
+ publicKey: CryptoKey;
57
+ privateKey: CryptoKey;
58
+ }>;
59
+ /**
60
+ * Generates a new asymmetric key pair and exports it in JWK format.
61
+ *
62
+ * @param alg - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
63
+ * @param options - Optional parameters for key generation (e.g. modulusLength for RSA)
64
+ * @returns A Promise that resolves to an object containing the public and private keys in JWK format
65
+ */
66
+ declare const exportJWKKeyPair: (alg: string, options?: GenerateKeyPairOptions) => Promise<{
67
+ publicKey: _$_aura_stack_jose_jose0.JWK;
68
+ privateKey: _$_aura_stack_jose_jose0.JWK;
69
+ }>;
70
+ //#endregion
71
+ export { createCSRF, createHash, createKeyPair, createPKCE, createSecretValue, exportJWKKeyPair, hashPassword, importPEMKeyPair, verifyCSRF, verifyPassword };
@@ -0,0 +1 @@
1
+ import{a as e,c as t,i as n,l as r,n as i,o as a,r as o,s,t as c,u as l}from"../crypto-DyrRzBSQ.js";export{c as createCSRF,i as createHash,o as createKeyPair,n as createPKCE,e as createSecretValue,a as exportJWKKeyPair,s as hashPassword,t as importPEMKeyPair,r as verifyCSRF,l as verifyPassword};
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../identity-b8FCr0Oa.cjs`);exports.UserIdentity=e.t,exports.UserIdentityArkType=e.n,exports.UserIdentityTypeBox=e.r,exports.UserIdentityValibot=e.i,exports.createIdentity=e.a;
@@ -0,0 +1,2 @@
1
+ import { Q as InferZodShape, W as EditableShape, X as InferSession, Y as FromShapeToObject, Z as InferUser, _r as UserShape, at as ValibotShapeToObject, br as UserShapeValibot, cr as Identities, dr as IsZod, fr as SchemaTypes, gr as UserIdentityValibot, hr as UserIdentityTypeBox, it as UserFrom, lr as IsArkType, mr as UserIdentityArkType, nt as SessionFrom, pr as UserIdentity, rt as TypeboxShapeToObject, st as ZodShapeToObject, ur as IsValibot, vr as UserShapeArkType, xr as createIdentity, yr as UserShapeTypeBox, z as ArktypeShapeToObject } from "../index-C9U6ICDT.js";
2
+ export { ArktypeShapeToObject, EditableShape, FromShapeToObject, Identities, InferSession, InferUser, InferZodShape, IsArkType, IsValibot, IsZod, SchemaTypes, SessionFrom, TypeboxShapeToObject, UserFrom, UserIdentity, UserIdentityArkType, UserIdentityTypeBox, UserIdentityValibot, UserShape, UserShapeArkType, UserShapeTypeBox, UserShapeValibot, ValibotShapeToObject, ZodShapeToObject, createIdentity };
@@ -0,0 +1 @@
1
+ import{g as e,h as t,t as n,y as r}from"../assert-_fBNnaOk.js";import{z as i}from"zod/v4";import*as a from"valibot";import{type as o}from"arktype";import{Type as s}from"typebox";const c=i.object({sub:i.string(),name:i.string().nullable().optional(),image:i.string().nullable().optional(),email:i.email().nullable().optional()}),l=a.object({sub:a.string(),name:a.optional(a.nullable(a.string())),image:a.optional(a.nullable(a.string())),email:a.optional(a.nullable(a.pipe(a.string(),a.email())))}),u=o({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),d=s.Object({sub:s.String(),name:s.Optional(s.Union([s.String(),s.Null()])),image:s.Optional(s.Union([s.String(),s.Null()])),email:s.Optional(s.Union([s.String({format:`email`}),s.Null()]))}),f=o=>n(o)?o:e(o)?a.object(o):r(o)?i.object(o):t(o)?s.Object(o):i.object(o);export{c as UserIdentity,u as UserIdentityArkType,d as UserIdentityTypeBox,l as UserIdentityValibot,f as createIdentity};
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-hDwQ_SPO.cjs`),t=require(`../logger-G5PinyEc.cjs`);exports.createBasicAuthHeader=e.S,exports.createSyslogMessage=t.n;
@@ -0,0 +1,5 @@
1
+ import { sr as createSyslogMessage } from "../index-C9U6ICDT.js";
2
+ //#region src/shared/utils.d.ts
3
+ declare const createBasicAuthHeader: (username: string, password: string) => string;
4
+ //#endregion
5
+ export { createBasicAuthHeader, createSyslogMessage };
@@ -0,0 +1 @@
1
+ import{S as e}from"../assert-_fBNnaOk.js";import{n as t}from"../logger-DjXkgSn5.js";export{e as createBasicAuthHeader,t as createSyslogMessage};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aura-stack/auth",
3
- "version": "0.5.0",
3
+ "version": "0.7.0",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "description": "Core auth for @aura-stack/auth",
@@ -12,6 +12,7 @@
12
12
  "access": "public",
13
13
  "registry": "https://registry.npmjs.org/@aura-stack/auth"
14
14
  },
15
+ "sideEffects": false,
15
16
  "files": [
16
17
  "dist"
17
18
  ],
@@ -21,6 +22,11 @@
21
22
  "import": "./dist/index.js",
22
23
  "require": "./dist/index.cjs"
23
24
  },
25
+ "./oauth": {
26
+ "types": "./dist/oauth/index.d.ts",
27
+ "import": "./dist/oauth/index.js",
28
+ "require": "./dist/oauth/index.cjs"
29
+ },
24
30
  "./oauth/*": {
25
31
  "types": "./dist/oauth/*.d.ts",
26
32
  "import": "./dist/oauth/*.js",
@@ -35,6 +41,21 @@
35
41
  "types": "./dist/client/index.d.ts",
36
42
  "import": "./dist/client/index.js",
37
43
  "require": "./dist/client/index.cjs"
44
+ },
45
+ "./identity": {
46
+ "types": "./dist/shared/identity.d.ts",
47
+ "import": "./dist/shared/identity.js",
48
+ "require": "./dist/shared/identity.cjs"
49
+ },
50
+ "./crypto": {
51
+ "types": "./dist/shared/crypto.d.ts",
52
+ "import": "./dist/shared/crypto.js",
53
+ "require": "./dist/shared/crypto.cjs"
54
+ },
55
+ "./shared": {
56
+ "types": "./dist/shared/index.d.ts",
57
+ "import": "./dist/shared/index.js",
58
+ "require": "./dist/shared/index.cjs"
38
59
  }
39
60
  },
40
61
  "keywords": [
@@ -49,26 +70,31 @@
49
70
  },
50
71
  "license": "MIT",
51
72
  "dependencies": {
52
- "@aura-stack/router": "^0.6.0",
73
+ "@aura-stack/router": "^0.7.0",
74
+ "arktype": "^2.2.0",
75
+ "typebox": "^1.1.38",
76
+ "valibot": "^1.4.0",
53
77
  "zod": "4.3.5",
54
- "@aura-stack/jose": "0.4.0"
78
+ "@aura-stack/jose": "0.6.0"
55
79
  },
56
80
  "devDependencies": {
57
81
  "typescript": "^5.9.2",
58
- "@aura-stack/tsconfig": "0.0.0",
59
- "@aura-stack/tsup-config": "0.0.0"
82
+ "vitest": "4.1.4",
83
+ "@aura-stack/tsdown-config": "0.0.0",
84
+ "@aura-stack/tsconfig": "0.0.0"
60
85
  },
61
86
  "scripts": {
62
- "dev": "tsup --watch",
63
- "build": "tsup",
87
+ "dev": "tsdown --watch",
88
+ "build": "tsdown",
89
+ "lint": "oxlint",
90
+ "lint:fix": "oxlint --fix",
64
91
  "test": "vitest --run",
65
92
  "test:watch": "vitest",
66
93
  "test:coverage": "vitest --run --coverage",
67
- "format": "prettier --write . --cache --cache-location .cache/.prettiercache",
68
- "format:check": "prettier --check . --cache --cache-location .cache/.prettiercache",
94
+ "format": "oxfmt",
95
+ "format:check": "oxfmt --check",
69
96
  "type-check": "tsc --noEmit",
70
97
  "clean": "rm -rf dist",
71
- "clean:cts": "find dist -type f -name \"*.cts\" -delete",
72
- "prepublish": "pnpm clean:cts"
98
+ "clean:cts": "find dist -type f -name \"*.cts\" -delete"
73
99
  }
74
100
  }
@@ -1 +0,0 @@
1
- "use strict";
@@ -1,16 +0,0 @@
1
- import { R as RouterGlobalContext } from '../index-_aXtxb_s.js';
2
- import 'zod';
3
- import '../schemas.js';
4
- import 'zod/v4';
5
- import '@aura-stack/jose';
6
- import '@aura-stack/jose/jose';
7
- import '@aura-stack/jose/crypto';
8
- import '@aura-stack/router/cookie';
9
- import './utility.js';
10
- import 'jose';
11
- import '@aura-stack/router';
12
- import 'zod/v4/core';
13
-
14
- declare module "@aura-stack/router" {
15
- interface GlobalContext extends RouterGlobalContext {}
16
- }
File without changes
@@ -1,18 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __copyProps = (to, from, except, desc) => {
7
- if (from && typeof from === "object" || typeof from === "function") {
8
- for (let key of __getOwnPropNames(from))
9
- if (!__hasOwnProp.call(to, key) && key !== except)
10
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
11
- }
12
- return to;
13
- };
14
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
15
-
16
- // src/@types/utility.ts
17
- var utility_exports = {};
18
- module.exports = __toCommonJS(utility_exports);
@@ -1,6 +0,0 @@
1
- type Prettify<T> = {
2
- [K in keyof T]: T[K];
3
- };
4
- type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
5
-
6
- export type { LiteralUnion, Prettify };
@@ -1 +0,0 @@
1
- import "../chunk-PG7UYFG5.js";
@@ -1,250 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/actions/callback/access-token.ts
21
- var access_token_exports = {};
22
- __export(access_token_exports, {
23
- createAccessToken: () => createAccessToken
24
- });
25
- module.exports = __toCommonJS(access_token_exports);
26
-
27
- // src/request.ts
28
- var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
29
- const controller = new AbortController();
30
- const timeoutId = setTimeout(() => controller.abort(), timeout);
31
- const response = await fetch(url, {
32
- ...options2,
33
- signal: controller.signal
34
- }).finally(() => clearTimeout(timeoutId));
35
- return response;
36
- };
37
-
38
- // src/errors.ts
39
- var OAuthProtocolError = class extends Error {
40
- type = "OAUTH_PROTOCOL_ERROR";
41
- error;
42
- errorURI;
43
- constructor(error, description, errorURI, options2) {
44
- super(description, options2);
45
- this.error = error;
46
- this.errorURI = errorURI;
47
- this.name = new.target.name;
48
- Error.captureStackTrace(this, new.target);
49
- }
50
- };
51
- var AuthInternalError = class extends Error {
52
- type = "AUTH_INTERNAL_ERROR";
53
- code;
54
- constructor(code, message, options2) {
55
- super(message, options2);
56
- this.code = code;
57
- this.name = new.target.name;
58
- Error.captureStackTrace(this, new.target);
59
- }
60
- };
61
-
62
- // src/schemas.ts
63
- var import_v4 = require("zod/v4");
64
- var AuthorizeConfigSchema = import_v4.z.union([
65
- (0, import_v4.string)().url(),
66
- (0, import_v4.object)({
67
- url: (0, import_v4.string)().url(),
68
- params: (0, import_v4.object)({
69
- responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
70
- scope: (0, import_v4.string)().optional()
71
- })
72
- })
73
- ]);
74
- var AccessTokenConfigSchema = import_v4.z.union([
75
- (0, import_v4.string)().url(),
76
- (0, import_v4.object)({
77
- url: (0, import_v4.string)().url(),
78
- headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
79
- })
80
- ]);
81
- var UserInfoConfigSchema = import_v4.z.union([
82
- (0, import_v4.string)().url(),
83
- (0, import_v4.object)({
84
- url: (0, import_v4.string)().url(),
85
- headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
86
- method: (0, import_v4.string)().optional()
87
- })
88
- ]);
89
- var OAuthProviderCredentialsSchema = (0, import_v4.object)({
90
- id: (0, import_v4.string)(),
91
- name: (0, import_v4.string)(),
92
- authorize: AuthorizeConfigSchema.optional(),
93
- /** @deprecated */
94
- authorizeURL: (0, import_v4.string)().url().optional(),
95
- accessToken: AccessTokenConfigSchema,
96
- /** @deprecated */
97
- scope: (0, import_v4.string)().optional(),
98
- userInfo: UserInfoConfigSchema,
99
- /** @deprecated */
100
- responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
101
- clientId: (0, import_v4.string)(),
102
- clientSecret: (0, import_v4.string)(),
103
- profile: import_v4.z.function().optional()
104
- });
105
- var OAuthProviderConfigSchema = (0, import_v4.object)({
106
- authorize: AuthorizeConfigSchema.optional(),
107
- /** @deprecated */
108
- authorizeURL: (0, import_v4.string)().url().optional(),
109
- accessToken: AccessTokenConfigSchema,
110
- /** @deprecated */
111
- scope: (0, import_v4.string)().optional(),
112
- userInfo: UserInfoConfigSchema,
113
- /** @deprecated */
114
- responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
115
- clientId: (0, import_v4.string)(),
116
- clientSecret: (0, import_v4.string)()
117
- });
118
- var OAuthAuthorization = OAuthProviderConfigSchema.extend({
119
- redirectURI: (0, import_v4.string)(),
120
- state: (0, import_v4.string)(),
121
- codeChallenge: (0, import_v4.string)(),
122
- codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
123
- });
124
- var OAuthAuthorizationResponse = (0, import_v4.object)({
125
- state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
126
- code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
127
- });
128
- var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
129
- error: (0, import_v4.enum)([
130
- "invalid_request",
131
- "unauthorized_client",
132
- "access_denied",
133
- "unsupported_response_type",
134
- "invalid_scope",
135
- "server_error",
136
- "temporarily_unavailable"
137
- ]),
138
- error_description: (0, import_v4.string)().optional(),
139
- error_uri: (0, import_v4.string)().optional(),
140
- state: (0, import_v4.string)()
141
- });
142
- var OAuthAccessToken = OAuthProviderConfigSchema.extend({
143
- redirectURI: (0, import_v4.string)(),
144
- code: (0, import_v4.string)(),
145
- codeVerifier: (0, import_v4.string)().min(43).max(128)
146
- });
147
- var OAuthAccessTokenResponse = (0, import_v4.object)({
148
- access_token: (0, import_v4.string)(),
149
- token_type: (0, import_v4.string)().optional(),
150
- expires_in: (0, import_v4.number)().optional(),
151
- refresh_token: (0, import_v4.string)().optional(),
152
- scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
153
- });
154
- var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
155
- error: (0, import_v4.enum)([
156
- "invalid_request",
157
- "invalid_client",
158
- "invalid_grant",
159
- "unauthorized_client",
160
- "unsupported_grant_type",
161
- "invalid_scope"
162
- ]),
163
- error_description: (0, import_v4.string)().optional(),
164
- error_uri: (0, import_v4.string)().optional()
165
- });
166
- var OAuthErrorResponse = (0, import_v4.object)({
167
- error: (0, import_v4.string)(),
168
- error_description: (0, import_v4.string)().optional()
169
- });
170
- var OAuthEnvSchema = (0, import_v4.object)({
171
- clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
172
- clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
173
- });
174
-
175
- // src/actions/callback/access-token.ts
176
- var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier, logger) => {
177
- const { accessToken, clientId, clientSecret } = oauthConfig;
178
- if (!clientId || !clientSecret || !redirectURI || !code || !codeVerifier || !accessToken) {
179
- logger?.log("INVALID_OAUTH_CONFIGURATION", {
180
- structuredData: {
181
- has_client_id: Boolean(clientId),
182
- has_client_secret: Boolean(clientSecret),
183
- has_access_token: Boolean(accessToken),
184
- has_redirect_uri: Boolean(redirectURI),
185
- has_code: Boolean(code),
186
- has_code_verifier: Boolean(codeVerifier)
187
- }
188
- });
189
- throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "The OAuth provider configuration is invalid.");
190
- }
191
- const tokenURL = typeof accessToken === "string" ? accessToken : accessToken.url;
192
- const extraHeaders = typeof accessToken === "string" ? void 0 : accessToken.headers;
193
- try {
194
- logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_INITIATED", {
195
- structuredData: {
196
- has_client_id: Boolean(clientId),
197
- redirect_uri: redirectURI,
198
- grant_type: "authorization_code"
199
- }
200
- });
201
- const response = await fetchAsync(tokenURL, {
202
- method: "POST",
203
- headers: {
204
- ...extraHeaders ?? {},
205
- Accept: "application/json",
206
- "Content-Type": "application/x-www-form-urlencoded"
207
- },
208
- body: new URLSearchParams({
209
- client_id: clientId,
210
- client_secret: clientSecret,
211
- code,
212
- redirect_uri: redirectURI,
213
- grant_type: "authorization_code",
214
- code_verifier: codeVerifier
215
- }).toString()
216
- });
217
- if (!response.ok) {
218
- logger?.log("INVALID_OAUTH_ACCESS_TOKEN_RESPONSE");
219
- throw new OAuthProtocolError("invalid_request", "Invalid access token response");
220
- }
221
- const json = await response.json();
222
- const token = OAuthAccessTokenResponse.safeParse(json);
223
- if (!token.success) {
224
- const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
225
- if (!success) {
226
- logger?.log("INVALID_OAUTH_ACCESS_TOKEN_RESPONSE");
227
- throw new OAuthProtocolError("invalid_request", "Invalid access token response format");
228
- }
229
- logger?.log("OAUTH_ACCESS_TOKEN_ERROR", {
230
- structuredData: {
231
- error: data.error,
232
- error_description: data.error_description ?? ""
233
- }
234
- });
235
- throw new OAuthProtocolError("INVALID_ACCESS_TOKEN", "Failed to retrieve access token");
236
- }
237
- logger?.log("OAUTH_ACCESS_TOKEN_SUCCESS");
238
- return token.data;
239
- } catch (error) {
240
- logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_FAILED");
241
- if (error instanceof Error) {
242
- throw new OAuthProtocolError("server_error", "Failed to communicate with OAuth provider", "", { cause: error });
243
- }
244
- throw error;
245
- }
246
- };
247
- // Annotate the CommonJS export names for ESM import in node:
248
- 0 && (module.exports = {
249
- createAccessToken
250
- });
@@ -1,33 +0,0 @@
1
- import { j as OAuthProviderCredentials, a as InternalLogger } from '../../index-_aXtxb_s.js';
2
- import 'zod';
3
- import '../../schemas.js';
4
- import 'zod/v4';
5
- import '@aura-stack/jose';
6
- import '@aura-stack/jose/jose';
7
- import '@aura-stack/jose/crypto';
8
- import '@aura-stack/router/cookie';
9
- import '../../@types/utility.js';
10
- import 'jose';
11
- import '@aura-stack/router';
12
- import 'zod/v4/core';
13
-
14
- /**
15
- * Make a request to the OAuth provider to the token endpoint to exchange the authorization code provided
16
- * by the authorization server.
17
- *
18
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
19
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5
20
- * @param oauthConfig - OAuth provider configuration
21
- * @param redirectURI - The redirect URI registered in the Resource Owner's authorization request and sent in the authorization code exchange
22
- * @param code - The authorization code received from the OAuth server
23
- * @returns The access token response from the OAuth server
24
- */
25
- declare const createAccessToken: (oauthConfig: OAuthProviderCredentials, redirectURI: string, code: string, codeVerifier: string, logger?: InternalLogger) => Promise<{
26
- access_token: string;
27
- token_type?: string | undefined;
28
- expires_in?: number | undefined;
29
- refresh_token?: string | undefined;
30
- scope?: string | string[] | null | undefined;
31
- }>;
32
-
33
- export { createAccessToken };
@@ -1,9 +0,0 @@
1
- import {
2
- createAccessToken
3
- } from "../../chunk-7BE46WWS.js";
4
- import "../../chunk-ZNCZVF6U.js";
5
- import "../../chunk-2A5B7GWR.js";
6
- import "../../chunk-U5663F2U.js";
7
- export {
8
- createAccessToken
9
- };