@aura-stack/auth 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +2 -2
- package/dist/assert-_fBNnaOk.js +3 -0
- package/dist/assert-hDwQ_SPO.cjs +3 -0
- package/dist/client/index.cjs +1 -1
- package/dist/client/index.d.ts +1 -1
- package/dist/client/index.js +1 -1
- package/dist/crypto-D6_SoGMH.cjs +1 -0
- package/dist/crypto-DyrRzBSQ.js +1 -0
- package/dist/env-7as-tgzO.cjs +1 -0
- package/dist/env-CJtSi1eX.js +1 -0
- package/dist/errors-Czt_w1t_.js +1 -0
- package/dist/errors-DcK2ELlk.cjs +1 -0
- package/dist/identity-b8FCr0Oa.cjs +1 -0
- package/dist/{index-BkpwQ0l4.d.cts → index-C9U6ICDT.d.ts} +792 -275
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/{logger-C59_CDMk.js → logger-DjXkgSn5.js} +1 -1
- package/dist/{logger-UnUhYL2V.cjs → logger-G5PinyEc.cjs} +1 -1
- package/dist/oauth/atlassian.d.ts +1 -1
- package/dist/oauth/bitbucket.d.ts +1 -1
- package/dist/oauth/click-up.cjs +1 -0
- package/dist/oauth/click-up.d.ts +2 -0
- package/dist/oauth/click-up.js +1 -0
- package/dist/oauth/discord.d.ts +1 -1
- package/dist/oauth/dribbble.cjs +1 -0
- package/dist/oauth/dribbble.d.ts +2 -0
- package/dist/oauth/dribbble.js +1 -0
- package/dist/oauth/dropbox.d.ts +1 -1
- package/dist/oauth/figma.d.ts +1 -1
- package/dist/oauth/github.d.ts +1 -1
- package/dist/oauth/gitlab.d.ts +1 -1
- package/dist/oauth/index.cjs +1 -1
- package/dist/oauth/index.d.ts +2 -2
- package/dist/oauth/index.js +1 -1
- package/dist/oauth/mailchimp.d.ts +1 -1
- package/dist/oauth/notion.cjs +1 -1
- package/dist/oauth/notion.d.ts +1 -1
- package/dist/oauth/notion.js +1 -1
- package/dist/oauth/pinterest.d.ts +1 -1
- package/dist/oauth/spotify.d.ts +1 -1
- package/dist/oauth/strava.d.ts +1 -1
- package/dist/oauth/twitch.cjs +1 -1
- package/dist/oauth/twitch.d.ts +1 -1
- package/dist/oauth/twitch.js +1 -1
- package/dist/oauth/x.d.ts +1 -1
- package/dist/oauth-D3_mnBOx.js +1 -0
- package/dist/oauth-gPiWxjBd.cjs +1 -0
- package/dist/shared/crypto.cjs +1 -1
- package/dist/shared/crypto.d.ts +26 -2
- package/dist/shared/crypto.js +1 -1
- package/dist/shared/identity.cjs +1 -1
- package/dist/shared/identity.d.ts +2 -2
- package/dist/shared/identity.js +1 -1
- package/dist/shared/index.cjs +1 -1
- package/dist/shared/index.d.ts +1 -1
- package/dist/shared/index.js +1 -1
- package/package.json +9 -6
- package/dist/assert-B3iQSYlK.js +0 -3
- package/dist/assert-NJGroSJd.cjs +0 -3
- package/dist/crypto-Bz8nIciY.js +0 -1
- package/dist/crypto-CoXA5w_4.cjs +0 -1
- package/dist/env-bq387KyP.cjs +0 -1
- package/dist/env-nvh8QBNz.js +0 -1
- package/dist/errors-CCYPHuBO.cjs +0 -1
- package/dist/errors-DFWHOho6.js +0 -1
- package/dist/index-nqLV2t91.d.ts +0 -2279
- package/dist/index.d.cts +0 -2
- package/dist/oauth-BntNm6aE.cjs +0 -1
- package/dist/oauth-DmHy9VrB.js +0 -1
|
@@ -1,11 +1,17 @@
|
|
|
1
|
-
import { ZodObject, ZodRawShape, ZodTypeAny, z } from "zod/v4";
|
|
2
|
-
import { JWTPayload } from "@aura-stack/jose/jose";
|
|
3
|
-
import { DecodeJWTOptions, EncodeJWTOptions, JWEHeaderParameters, JWTDecryptOptions, JWTHeaderParameters, JWTVerifyOptions, Prettify, TypedJWTPayload, TypedJWTPayload as TypedJWTPayload$1 } from "@aura-stack/jose";
|
|
4
1
|
import * as _$_aura_stack_router0 from "@aura-stack/router";
|
|
5
2
|
import { ClientOptions, GlobalContext } from "@aura-stack/router";
|
|
3
|
+
import { ZodObject, ZodRawShape, ZodTypeAny, infer as __Infer, z } from "zod/v4";
|
|
4
|
+
import { JWK, JWTPayload } from "@aura-stack/jose/jose";
|
|
5
|
+
import { DecodeJWTOptions, EncodeJWTOptions, JWEHeaderParameters, JWTDecryptOptions, JWTHeaderParameters, JWTVerifyOptions, Prettify, TypedJWTPayload, TypedJWTPayload as TypedJWTPayload$1 } from "@aura-stack/jose";
|
|
6
6
|
import { SerializeOptions } from "@aura-stack/router/cookie";
|
|
7
|
-
import * as
|
|
7
|
+
import * as valibot from "valibot";
|
|
8
|
+
import { AnySchema, BaseSchema, InferOutput, ObjectEntries, ObjectSchema } from "valibot";
|
|
9
|
+
import { Type } from "arktype";
|
|
10
|
+
import { Static, TObject, TProperties, TSchema, Type as Type$1 } from "typebox";
|
|
11
|
+
import * as _$arktype_internal_variants_object_ts0 from "arktype/internal/variants/object.ts";
|
|
8
12
|
import * as _$zod_v4_core0 from "zod/v4/core";
|
|
13
|
+
import { infer as infer$1 } from "zod/v4/core";
|
|
14
|
+
import * as _$zod from "zod";
|
|
9
15
|
|
|
10
16
|
//#region src/schemas.d.ts
|
|
11
17
|
/**
|
|
@@ -72,17 +78,6 @@ declare const createJoseInstance: <DefaultUser extends User = User>(secret?: JWT
|
|
|
72
78
|
decodeJWT: (token: string, options?: DecodeJWTOptions) => Promise<TypedJWTPayload<DefaultUser>>;
|
|
73
79
|
};
|
|
74
80
|
//#endregion
|
|
75
|
-
//#region src/shared/identity.d.ts
|
|
76
|
-
declare const UserIdentity: z.ZodObject<{
|
|
77
|
-
sub: z.ZodString;
|
|
78
|
-
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
79
|
-
image: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
80
|
-
email: z.ZodOptional<z.ZodNullable<z.ZodEmail>>;
|
|
81
|
-
}, z.core.$strip>;
|
|
82
|
-
type UserShape = (typeof UserIdentity)["shape"];
|
|
83
|
-
type UserIdentityType = z.infer<typeof UserIdentity>;
|
|
84
|
-
declare const createIdentity: <S extends EditableShape<UserShape>>(shape: S) => z.ZodObject<{ -readonly [P in keyof S]: S[P] }, z.core.$strip>;
|
|
85
|
-
//#endregion
|
|
86
81
|
//#region src/api/createApi.d.ts
|
|
87
82
|
declare const createAuthAPI: <DefaultUser extends User = User>(ctx: GlobalContext) => {
|
|
88
83
|
/**
|
|
@@ -165,6 +160,43 @@ declare const createAuthAPI: <DefaultUser extends User = User>(ctx: GlobalContex
|
|
|
165
160
|
signOut: (options: SignOutAPIOptions) => Promise<SignOutAPIReturn>;
|
|
166
161
|
};
|
|
167
162
|
//#endregion
|
|
163
|
+
//#region src/shared/identity.d.ts
|
|
164
|
+
declare const UserIdentity: z.ZodObject<{
|
|
165
|
+
sub: z.ZodString;
|
|
166
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
167
|
+
image: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
168
|
+
email: z.ZodOptional<z.ZodNullable<z.ZodEmail>>;
|
|
169
|
+
}, z.core.$strip>;
|
|
170
|
+
declare const UserIdentityValibot: valibot.ObjectSchema<{
|
|
171
|
+
readonly sub: valibot.StringSchema<undefined>;
|
|
172
|
+
readonly name: valibot.OptionalSchema<valibot.NullableSchema<valibot.StringSchema<undefined>, undefined>, undefined>;
|
|
173
|
+
readonly image: valibot.OptionalSchema<valibot.NullableSchema<valibot.StringSchema<undefined>, undefined>, undefined>;
|
|
174
|
+
readonly email: valibot.OptionalSchema<valibot.NullableSchema<valibot.SchemaWithPipe<readonly [valibot.StringSchema<undefined>, valibot.EmailAction<string, undefined>]>, undefined>, undefined>;
|
|
175
|
+
}, undefined>;
|
|
176
|
+
declare const UserIdentityArkType: _$arktype_internal_variants_object_ts0.ObjectType<{
|
|
177
|
+
sub: string;
|
|
178
|
+
name?: string | null | undefined;
|
|
179
|
+
image?: string | null | undefined;
|
|
180
|
+
email?: string | null | undefined;
|
|
181
|
+
}, {}>;
|
|
182
|
+
declare const UserIdentityTypeBox: Type$1.TObject<{
|
|
183
|
+
sub: Type$1.TString;
|
|
184
|
+
name: Type$1.TOptional<Type$1.TUnion<[Type$1.TString, Type$1.TNull]>>;
|
|
185
|
+
image: Type$1.TOptional<Type$1.TUnion<[Type$1.TString, Type$1.TNull]>>;
|
|
186
|
+
email: Type$1.TOptional<Type$1.TUnion<[Type$1.TString, Type$1.TNull]>>;
|
|
187
|
+
}>;
|
|
188
|
+
type UserShape = typeof UserIdentity.shape;
|
|
189
|
+
type UserShapeValibot = typeof UserIdentityValibot.entries;
|
|
190
|
+
type UserShapeArkType = typeof UserIdentityArkType;
|
|
191
|
+
type UserShapeTypeBox = typeof UserIdentityTypeBox.properties;
|
|
192
|
+
type IsArkType<T extends Identities> = T extends EditableShapeArkType<UserShapeArkType> ? true : false;
|
|
193
|
+
type IsZod<T extends Identities> = T extends EditableShape<UserShape> ? true : false;
|
|
194
|
+
type IsValibot<T extends Identities> = T extends EditableShapeValibot<UserShapeValibot> ? true : false;
|
|
195
|
+
type SchemaTypes = ZodObject<any> | valibot.ObjectSchema<any, undefined> | Type<{}> | Type$1.TObject;
|
|
196
|
+
type Identities = EditableShape<UserShape> | EditableShapeValibot<UserShapeValibot> | EditableShapeArkType<UserShapeArkType> | EditableShapeTypebox<UserShapeTypeBox>;
|
|
197
|
+
type ReturnShapeType<T> = T extends EditableShape<UserShape> ? z.ZodObject<T> : T extends EditableShapeValibot<UserShapeValibot> ? valibot.ObjectSchema<T, undefined> : T extends EditableShapeArkType<UserShapeArkType> ? T : T extends EditableShapeTypebox<UserShapeTypeBox> ? Type$1.TObject<T> : never;
|
|
198
|
+
declare const createIdentity: <S extends Identities>(shape: S) => ReturnShapeType<S>;
|
|
199
|
+
//#endregion
|
|
168
200
|
//#region src/shared/logger.d.ts
|
|
169
201
|
/**
|
|
170
202
|
* Log message definitions organized by category.
|
|
@@ -475,6 +507,16 @@ declare const logMessages: {
|
|
|
475
507
|
declare const createLogEntry: <T extends keyof typeof logMessages>(key: T, overrides?: Partial<SyslogOptions>) => SyslogOptions;
|
|
476
508
|
declare const createSyslogMessage: (options: SyslogOptions) => string;
|
|
477
509
|
//#endregion
|
|
510
|
+
//#region src/validator/registry.d.ts
|
|
511
|
+
declare const createSchemaRegistry: <Identity extends SchemaTypes>(config: IdentityConfig<Identity>) => {
|
|
512
|
+
parse: (data?: unknown) => Promise<any>;
|
|
513
|
+
parseAsPartial: (data?: unknown) => Promise<any>;
|
|
514
|
+
parseWithJWT: (data?: unknown) => Promise<any>;
|
|
515
|
+
schema: any;
|
|
516
|
+
schemaAsPartial: any;
|
|
517
|
+
schemaWithJWT: any;
|
|
518
|
+
};
|
|
519
|
+
//#endregion
|
|
478
520
|
//#region src/oauth/github.d.ts
|
|
479
521
|
/**
|
|
480
522
|
* @see [Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
|
|
@@ -1044,6 +1086,73 @@ interface AtlassianProfile {
|
|
|
1044
1086
|
*/
|
|
1045
1087
|
declare const atlassian: <DefaultUser extends User = User>(options?: Partial<OAuthProviderCredentials<AtlassianProfile, DefaultUser>>) => OAuthProviderCredentials<AtlassianProfile, DefaultUser>;
|
|
1046
1088
|
//#endregion
|
|
1089
|
+
//#region src/oauth/click-up.d.ts
|
|
1090
|
+
/**
|
|
1091
|
+
* @see [Click Up - Get Authorized User](https://developer.clickup.com/reference/getauthorizeduser)
|
|
1092
|
+
*/
|
|
1093
|
+
interface ClickUpProfile {
|
|
1094
|
+
user: {
|
|
1095
|
+
id: number;
|
|
1096
|
+
username: string;
|
|
1097
|
+
email: string;
|
|
1098
|
+
color: string;
|
|
1099
|
+
profilePicture: string;
|
|
1100
|
+
initials: string;
|
|
1101
|
+
week_start_day: number;
|
|
1102
|
+
global_font_support: boolean;
|
|
1103
|
+
timezone: string;
|
|
1104
|
+
};
|
|
1105
|
+
}
|
|
1106
|
+
/**
|
|
1107
|
+
* ClickUp OAuth Provider
|
|
1108
|
+
*
|
|
1109
|
+
* @see [Click Up - Create your own app](https://help.clickup.com/hc/en-us/articles/6303422883095-Create-your-own-app-with-the-ClickUp-API)
|
|
1110
|
+
* @see [Click Up - Authentication](https://developer.clickup.com/docs/authentication)
|
|
1111
|
+
* @see [Click UP - Get Access Token](https://developer.clickup.com/reference/getaccesstoken)
|
|
1112
|
+
* @see [Click Up - Get Authorized User](https://developer.clickup.com/reference/getauthorizeduser)
|
|
1113
|
+
*/
|
|
1114
|
+
declare const clickUp: <DefaultUser extends User = User>(options?: Partial<OAuthProviderCredentials<ClickUpProfile, DefaultUser>>) => OAuthProviderCredentials<ClickUpProfile, DefaultUser>;
|
|
1115
|
+
//#endregion
|
|
1116
|
+
//#region src/oauth/dribbble.d.ts
|
|
1117
|
+
/**
|
|
1118
|
+
* @see [Dribble - User](https://developer.dribbble.com/v2/user/)
|
|
1119
|
+
*/
|
|
1120
|
+
interface DribbbleDefault {
|
|
1121
|
+
id: number;
|
|
1122
|
+
name: string;
|
|
1123
|
+
login: string;
|
|
1124
|
+
html_url: string;
|
|
1125
|
+
avatar_url: string;
|
|
1126
|
+
bio: string;
|
|
1127
|
+
location: string;
|
|
1128
|
+
links?: {
|
|
1129
|
+
web?: string;
|
|
1130
|
+
twitter?: string;
|
|
1131
|
+
};
|
|
1132
|
+
created_at: string;
|
|
1133
|
+
}
|
|
1134
|
+
interface DribbbleTeams extends DribbbleDefault {
|
|
1135
|
+
type: "Team";
|
|
1136
|
+
updated_at: string;
|
|
1137
|
+
}
|
|
1138
|
+
interface DribbbleProfile extends DribbbleDefault {
|
|
1139
|
+
type: "User";
|
|
1140
|
+
/** Not documented but available in the API response */
|
|
1141
|
+
email: string | null;
|
|
1142
|
+
can_upload_shot: boolean;
|
|
1143
|
+
pro: boolean;
|
|
1144
|
+
followers_count: number;
|
|
1145
|
+
teams: DribbbleTeams[];
|
|
1146
|
+
}
|
|
1147
|
+
/**
|
|
1148
|
+
* Dribbble OAuth provider
|
|
1149
|
+
*
|
|
1150
|
+
* @see [Dribbble - Register Application](https://dribbble.com/account/applications/new)
|
|
1151
|
+
* @see [Dribbble - OAuth](https://developer.dribbble.com/v2/oauth/)
|
|
1152
|
+
* @see [Dribbble - User](https://developer.dribbble.com/v2/user/)
|
|
1153
|
+
*/
|
|
1154
|
+
declare const dribbble: <DefaultUser extends User = User>(options?: Partial<OAuthProviderCredentials<DribbbleProfile, DefaultUser>>) => OAuthProviderCredentials<DribbbleProfile, DefaultUser>;
|
|
1155
|
+
//#endregion
|
|
1047
1156
|
//#region src/oauth/index.d.ts
|
|
1048
1157
|
declare const builtInOAuthProviders: {
|
|
1049
1158
|
readonly github: <DefaultUser extends User = {
|
|
@@ -1130,6 +1239,18 @@ declare const builtInOAuthProviders: {
|
|
|
1130
1239
|
image?: string | null | undefined;
|
|
1131
1240
|
email?: string | null | undefined;
|
|
1132
1241
|
}>(options?: Partial<OAuthProviderCredentials<AtlassianProfile, DefaultUser>>) => OAuthProviderCredentials<AtlassianProfile, DefaultUser>;
|
|
1242
|
+
readonly clickUp: <DefaultUser extends User = {
|
|
1243
|
+
sub: string;
|
|
1244
|
+
name?: string | null | undefined;
|
|
1245
|
+
image?: string | null | undefined;
|
|
1246
|
+
email?: string | null | undefined;
|
|
1247
|
+
}>(options?: Partial<OAuthProviderCredentials<ClickUpProfile, DefaultUser>>) => OAuthProviderCredentials<ClickUpProfile, DefaultUser>;
|
|
1248
|
+
readonly dribbble: <DefaultUser extends User = {
|
|
1249
|
+
sub: string;
|
|
1250
|
+
name?: string | null | undefined;
|
|
1251
|
+
image?: string | null | undefined;
|
|
1252
|
+
email?: string | null | undefined;
|
|
1253
|
+
}>(options?: Partial<OAuthProviderCredentials<DribbbleProfile, DefaultUser>>) => OAuthProviderCredentials<DribbbleProfile, DefaultUser>;
|
|
1133
1254
|
};
|
|
1134
1255
|
/**
|
|
1135
1256
|
* Constructs OAuth provider configurations from an array of provider names or configurations.
|
|
@@ -1147,6 +1268,196 @@ declare const builtInOAuthProviders: {
|
|
|
1147
1268
|
declare const createBuiltInOAuthProviders: (oauth?: (BuiltInOAuthProvider | OAuthProviderCredentials<any>)[]) => Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials<any>>;
|
|
1148
1269
|
type BuiltInOAuthProvider = keyof typeof builtInOAuthProviders;
|
|
1149
1270
|
//#endregion
|
|
1271
|
+
//#region src/@types/session.d.ts
|
|
1272
|
+
/** Application user type, inferred from the configured identity schema (defaults to the built-in user shape). */
|
|
1273
|
+
type User = infer$1<typeof UserIdentity>;
|
|
1274
|
+
/**
|
|
1275
|
+
* Session data returned by the session endpoint.
|
|
1276
|
+
*/
|
|
1277
|
+
interface Session<DefaultUser extends User = User> {
|
|
1278
|
+
user: DefaultUser;
|
|
1279
|
+
expires: string;
|
|
1280
|
+
}
|
|
1281
|
+
interface CryptoSecret {
|
|
1282
|
+
sign: CryptoKey | CryptoKeyPair | JWK | JsonWebKey | AsymmetricKeyPair;
|
|
1283
|
+
encrypt: CryptoKey | CryptoKeyPair | JWK | JsonWebKey | AsymmetricKeyPair;
|
|
1284
|
+
}
|
|
1285
|
+
interface AsymmetricKeyPairFromEnv {
|
|
1286
|
+
publicKey: string;
|
|
1287
|
+
privateKey: string;
|
|
1288
|
+
}
|
|
1289
|
+
interface AsymmetricKeyPair {
|
|
1290
|
+
publicKey: CryptoKey | JWK;
|
|
1291
|
+
privateKey: CryptoKey | JWK;
|
|
1292
|
+
}
|
|
1293
|
+
/**
|
|
1294
|
+
* A symmetric secret or asymmetric key pair used for JWT operations.
|
|
1295
|
+
*
|
|
1296
|
+
* - string / Uint8Array: used as-is for HMAC (signed) or AES (encrypted)
|
|
1297
|
+
* - CryptoKey: Web Crypto API key, for environments that support it
|
|
1298
|
+
* - CryptoKeyPair: asymmetric signing/encryption (RS256, ES256, EdDSA, RSA-OAEP, etc.)
|
|
1299
|
+
*/
|
|
1300
|
+
type SecretKey = string | Uint8Array | CryptoKey | CryptoKeyPair | CryptoSecret | JWK | AsymmetricKeyPair;
|
|
1301
|
+
/**
|
|
1302
|
+
* @todo: add key rotation support for "SecretKey | CryptoKeyPair | [SecretKey | CryptoKeyPair, ...(SecretKey | CryptoKeyPair)[]]"
|
|
1303
|
+
*/
|
|
1304
|
+
type JWTKey = SecretKey;
|
|
1305
|
+
/**
|
|
1306
|
+
* - "signed" → standard JWS (e.g. HS256, RS256, ES256).
|
|
1307
|
+
* - "encrypted" → JWE only. (e.g. A256GCM with RSA-OAEP key wrapping).
|
|
1308
|
+
* - "sealed" → JWS nested inside JWE (signed then encrypted).
|
|
1309
|
+
*/
|
|
1310
|
+
type JWTMode = "signed" | "encrypted" | "sealed";
|
|
1311
|
+
/**
|
|
1312
|
+
* Signing algorithms for "signed" and "sealed" modes.
|
|
1313
|
+
* Symmetric: HS256 | HS384 | HS512
|
|
1314
|
+
* Asymmetric: RS256 | RS384 | RS512 | ES256 | ES384 | ES512 | EdDSA | PS256
|
|
1315
|
+
*/
|
|
1316
|
+
type JWTSigningAlgorithm = "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "EdDSA" | "PS256";
|
|
1317
|
+
/**
|
|
1318
|
+
* Key-wrapping algorithms for "encrypted" and "sealed" modes.
|
|
1319
|
+
* Symmetric: A128KW | A192KW | A256KW | dir (direct)
|
|
1320
|
+
* ECDH: ECDH-ES | ECDH-ES+A128KW | ECDH-ES+A256KW
|
|
1321
|
+
* RSA: RSA-OAEP | RSA-OAEP-256
|
|
1322
|
+
*/
|
|
1323
|
+
type JWTKeyAlgorithm = "A128KW" | "A192KW" | "A256KW" | "dir" | "ECDH-ES" | "ECDH-ES+A128KW" | "ECDH-ES+A256KW" | "RSA-OAEP" | "RSA-OAEP-256";
|
|
1324
|
+
/** Content-encryption algorithms for JWE. */
|
|
1325
|
+
type JWTEncryptionAlgorithm = "A128CBC-HS256" | "A192CBC-HS384" | "A256CBC-HS512" | "A128GCM" | "A192GCM" | "A256GCM";
|
|
1326
|
+
/** Signed JWT mode configuration. */
|
|
1327
|
+
type JWTSignedMode = {
|
|
1328
|
+
mode: "signed";
|
|
1329
|
+
signingAlgorithm?: JWTSigningAlgorithm;
|
|
1330
|
+
};
|
|
1331
|
+
/** Encrypted JWT mode configuration. */
|
|
1332
|
+
type JWTEncryptedMode = {
|
|
1333
|
+
mode: "encrypted";
|
|
1334
|
+
keyAlgorithm?: JWTKeyAlgorithm;
|
|
1335
|
+
encryptionAlgorithm?: JWTEncryptionAlgorithm;
|
|
1336
|
+
};
|
|
1337
|
+
/** Signed and Encrypted JWT mode configuration. */
|
|
1338
|
+
type JWTSealedMode = {
|
|
1339
|
+
mode?: "sealed";
|
|
1340
|
+
signingAlgorithm?: JWTSigningAlgorithm;
|
|
1341
|
+
keyAlgorithm?: JWTKeyAlgorithm;
|
|
1342
|
+
encryptionAlgorithm?: JWTEncryptionAlgorithm;
|
|
1343
|
+
};
|
|
1344
|
+
/** Discriminated union of JWT wire format: signed JWS, encrypted JWE, or nested sealed (JWS in JWE). */
|
|
1345
|
+
type JWTConfigBase = JWTSignedMode | JWTEncryptedMode | JWTSealedMode;
|
|
1346
|
+
/** How session/JWT lifetime is enforced relative to `iat`, absolute caps, and sliding windows. */
|
|
1347
|
+
type JWTExpirationStrategy = "fixed" | "rolling" | "absolute" | "sliding";
|
|
1348
|
+
type JWTConfig = Prettify$1<{
|
|
1349
|
+
/**
|
|
1350
|
+
* Token lifetime.
|
|
1351
|
+
*/
|
|
1352
|
+
maxAge?: number;
|
|
1353
|
+
/**
|
|
1354
|
+
* JWT `iss` (issuer) claim. Set this to your app's canonical URL.
|
|
1355
|
+
* @example "https://auth.example.com"
|
|
1356
|
+
*/
|
|
1357
|
+
issuer?: string;
|
|
1358
|
+
/**
|
|
1359
|
+
* JWT `aud` claim. Single value or array for multi-audience tokens.
|
|
1360
|
+
* @example ["https://api.example.com", "https://app.example.com"]
|
|
1361
|
+
*/
|
|
1362
|
+
audience?: string | string[];
|
|
1363
|
+
/**
|
|
1364
|
+
* Maximum absolute session duration in seconds.
|
|
1365
|
+
* Required for "absolute" and "sliding" strategies.
|
|
1366
|
+
* Enforced via jose's maxTokenAge against the iat claim.
|
|
1367
|
+
*/
|
|
1368
|
+
maxExpiration?: number;
|
|
1369
|
+
/**
|
|
1370
|
+
* Policy for renewing or capping token lifetime (pairs with `maxExpiration` where applicable).
|
|
1371
|
+
*/
|
|
1372
|
+
expirationStrategy?: JWTExpirationStrategy;
|
|
1373
|
+
} & JWTConfigBase>;
|
|
1374
|
+
/**
|
|
1375
|
+
* Stateless JWT strategy.
|
|
1376
|
+
* No database required. Tokens are self-contained and cannot be revoked
|
|
1377
|
+
* before they expire — keep `jwt.maxAge` short or enable refresh tokens.
|
|
1378
|
+
*
|
|
1379
|
+
* @example
|
|
1380
|
+
* {
|
|
1381
|
+
* strategy: "jwt",
|
|
1382
|
+
* jwt: { mode: "sealed", maxAge: "15m", issuer: "https://auth.example.com" },
|
|
1383
|
+
* refreshToken: { enabled: true, maxAge: "7d" },
|
|
1384
|
+
* }
|
|
1385
|
+
*/
|
|
1386
|
+
type StatelessStrategyConfig = {
|
|
1387
|
+
strategy?: "jwt";
|
|
1388
|
+
jwt?: JWTConfig;
|
|
1389
|
+
};
|
|
1390
|
+
/**
|
|
1391
|
+
* The session strategy. Determines which fields below are required.
|
|
1392
|
+
*
|
|
1393
|
+
* - "jwt": stateless. No database needed. JWTs are self-contained.
|
|
1394
|
+
* - "database": stateful. Every request hits the DB to validate the session.
|
|
1395
|
+
* - "hybrid": JWT transport + DB revocation. Best of both for most apps.
|
|
1396
|
+
*
|
|
1397
|
+
* @default "jwt"
|
|
1398
|
+
*/
|
|
1399
|
+
type SessionConfig = StatelessStrategyConfig;
|
|
1400
|
+
/** Result of reading a stateless (JWT) session from a request: session payload and outgoing header mutations. */
|
|
1401
|
+
interface GetStatelessSessionReturn<DefaultUser extends User = User> {
|
|
1402
|
+
session: Session<DefaultUser> | null;
|
|
1403
|
+
headers: Headers;
|
|
1404
|
+
}
|
|
1405
|
+
/**
|
|
1406
|
+
* Abstraction layer for session management.
|
|
1407
|
+
*/
|
|
1408
|
+
interface SessionStrategy<DefaultUser extends User = User> {
|
|
1409
|
+
/**
|
|
1410
|
+
* Read and validate the session from an incoming request.
|
|
1411
|
+
* Returns null if absent, invalid, or expired. Never throws on auth failure.
|
|
1412
|
+
*/
|
|
1413
|
+
getSession(request: Headers): Promise<GetStatelessSessionReturn<DefaultUser>>;
|
|
1414
|
+
/**
|
|
1415
|
+
* Create a session after successful authentication.
|
|
1416
|
+
* Signs the JWT / writes the DB row / sets cookies.
|
|
1417
|
+
*/
|
|
1418
|
+
createSession(session: User): Promise<string>;
|
|
1419
|
+
/**
|
|
1420
|
+
* Attempt to refresh using the refresh token cookie.
|
|
1421
|
+
* Returns null session + cookie-clearing response on any failure.
|
|
1422
|
+
*/
|
|
1423
|
+
refreshSession(headers: Headers, session: DeepPartial<Session<DefaultUser>>, skipCSRFCheck?: boolean): Promise<{
|
|
1424
|
+
session: Session<DefaultUser> | null;
|
|
1425
|
+
headers: Headers;
|
|
1426
|
+
}>;
|
|
1427
|
+
/**
|
|
1428
|
+
* Revoke a session by ID.
|
|
1429
|
+
* JWT strategy: best-effort (clears cookies, no server state).
|
|
1430
|
+
* Database / hybrid: marks row inactive.
|
|
1431
|
+
*/
|
|
1432
|
+
revokeSession(sessionId: string): Promise<void>;
|
|
1433
|
+
/**
|
|
1434
|
+
* Destroy the session attached to this request (logout).
|
|
1435
|
+
* Returns a response that clears cookies.
|
|
1436
|
+
*/
|
|
1437
|
+
destroySession(request: Headers, skipCSRFCheck?: boolean): Promise<Headers>;
|
|
1438
|
+
}
|
|
1439
|
+
/** Inputs for constructing a session strategy implementation for a given identity schema. */
|
|
1440
|
+
interface CreateSessionStrategyOptions<Identity extends Identities> {
|
|
1441
|
+
config?: SessionConfig;
|
|
1442
|
+
jose: JoseInstance<FromShapeToObject<Identity> & User>;
|
|
1443
|
+
cookies: () => CookieStoreConfig;
|
|
1444
|
+
logger?: InternalLogger;
|
|
1445
|
+
identity: SchemaRegistryContext;
|
|
1446
|
+
}
|
|
1447
|
+
/** Options specialized for the JWT-backed session strategy. */
|
|
1448
|
+
interface JWTStrategyOptions<DefaultUser extends User = User> {
|
|
1449
|
+
config?: StatelessStrategyConfig;
|
|
1450
|
+
jose: JoseInstance<DefaultUser>;
|
|
1451
|
+
logger?: InternalLogger;
|
|
1452
|
+
cookies: () => CookieStoreConfig;
|
|
1453
|
+
identity: SchemaRegistryContext;
|
|
1454
|
+
}
|
|
1455
|
+
/** Minimal token issue/verify surface used by session code paths. */
|
|
1456
|
+
type JWTManager<DefaultUser extends User = User> = {
|
|
1457
|
+
createToken(user: TypedJWTPayload<Partial<DefaultUser>>): Promise<string>;
|
|
1458
|
+
verifyToken(token: string): Promise<TypedJWTPayload<DefaultUser>>;
|
|
1459
|
+
};
|
|
1460
|
+
//#endregion
|
|
1150
1461
|
//#region src/@types/oauth.d.ts
|
|
1151
1462
|
/** Known query parameter names supported when building an OAuth authorization URL. */
|
|
1152
1463
|
type AuthorizeParams = LiteralUnion<"clientId" | "prompt" | "scope" | "responseMode" | "audience" | "loginHint" | "nonce" | "display">;
|
|
@@ -1214,7 +1525,7 @@ type OAuthProviderRecord<DefaultUser extends User = User> = Record<LiteralUnion<
|
|
|
1214
1525
|
* Main configuration interface for Aura Auth.
|
|
1215
1526
|
* This is the user-facing configuration object passed to `createAuth()`.
|
|
1216
1527
|
*/
|
|
1217
|
-
|
|
1528
|
+
type AuthConfig<Identity extends Identities> = {
|
|
1218
1529
|
/**
|
|
1219
1530
|
* OAuth providers available in the authentication and authorization flows. It provides a type-inference
|
|
1220
1531
|
* for the OAuth providers that are supported by Aura Stack Auth; alternatively, you can provide a custom
|
|
@@ -1245,7 +1556,7 @@ interface AuthConfig<Identity extends EditableShape<UserShape> = EditableShape<U
|
|
|
1245
1556
|
* ]
|
|
1246
1557
|
* ```
|
|
1247
1558
|
*/
|
|
1248
|
-
oauth: (BuiltInOAuthProvider | OAuthProviderCredentials<any,
|
|
1559
|
+
oauth: (BuiltInOAuthProvider | OAuthProviderCredentials<any, FromShapeToObject<Identity>>)[];
|
|
1249
1560
|
/**
|
|
1250
1561
|
* Cookie options defines the configuration for cookies used in Aura Auth.
|
|
1251
1562
|
* It includes a prefix for cookie names and flag options to determine
|
|
@@ -1269,6 +1580,27 @@ interface AuthConfig<Identity extends EditableShape<UserShape> = EditableShape<U
|
|
|
1269
1580
|
* Secret used to sign and verify JWT tokens for session and csrf protection.
|
|
1270
1581
|
* If not provided, it will load from the environment variable `AURA_AUTH_SECRET` or `AUTH_SECRET`, but if it
|
|
1271
1582
|
* doesn't exist, it will throw an error during the initialization of the Auth module.
|
|
1583
|
+
*
|
|
1584
|
+
* > It can be a string, a Uint8Array, a CryptoKey, a CryptoKeyPair, or an object containing separate keys for
|
|
1585
|
+
* signing and encryption. It depends on the JWT mode and algorithms you choose in the session configuration.
|
|
1586
|
+
* The default mode is "sealed" (signing + encryption), so if the secret is a string or Uint8Array, it will derive
|
|
1587
|
+
* separate keys for signing and encryption using HKDF, but if you provide a CryptoKeyPair, it will required to
|
|
1588
|
+
* pass separate keys for signing and encryption in the `CryptoSecret` format.
|
|
1589
|
+
* @example
|
|
1590
|
+
* import { createSecretValue } from "@aura-stack/auth/crypto"
|
|
1591
|
+
*
|
|
1592
|
+
* secret: createSecretValue(32)
|
|
1593
|
+
*
|
|
1594
|
+
* // For asymmetric keys, generate a key pair and pass the private
|
|
1595
|
+
* import { createKeyPair } from "@aura-stack/auth/crypto"
|
|
1596
|
+
*
|
|
1597
|
+
* const signing = await createKeyPair("RS256", { extractable: true })
|
|
1598
|
+
* const encryption = await createKeyPair("RSA-OAEP-256", { extractable: true })
|
|
1599
|
+
*
|
|
1600
|
+
* secret: {
|
|
1601
|
+
* sign: signing,
|
|
1602
|
+
* encrypt: encryption,
|
|
1603
|
+
* }
|
|
1272
1604
|
*/
|
|
1273
1605
|
secret?: JWTKey;
|
|
1274
1606
|
/**
|
|
@@ -1279,45 +1611,11 @@ interface AuthConfig<Identity extends EditableShape<UserShape> = EditableShape<U
|
|
|
1279
1611
|
* Base path for all authentication routes. Default is `/auth`.
|
|
1280
1612
|
*/
|
|
1281
1613
|
basePath?: `/${string}`;
|
|
1282
|
-
/**
|
|
1283
|
-
* Enable trusted proxy headers for scenarios where the application is behind a reverse proxy or load balancer.
|
|
1284
|
-
* This setting allows Aura Auth to correctly interpret headers like `X-Forwarded-For` and `X-Forwarded-Proto`
|
|
1285
|
-
* to determine the original client IP address and protocol.
|
|
1286
|
-
*
|
|
1287
|
-
* Default is `false`. Enable this option only if you are certain that your application is behind a trusted proxy.
|
|
1288
|
-
* Misconfiguration can lead to security vulnerabilities, such as incorrect handling of secure cookies or
|
|
1289
|
-
* inaccurate client IP logging.
|
|
1290
|
-
*
|
|
1291
|
-
* This value can also be set via environment variable as `AURA_AUTH_TRUSTED_PROXY_HEADERS`
|
|
1292
|
-
*
|
|
1293
|
-
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
|
1294
|
-
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
|
|
1295
|
-
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
|
1296
|
-
* @experimental
|
|
1297
|
-
*/
|
|
1298
|
-
trustedProxyHeaders?: boolean;
|
|
1299
1614
|
/**
|
|
1300
1615
|
* Logger configuration for handling authentication-related logs and errors. It can be set to `true`,
|
|
1301
1616
|
* `DEBUG=true`, `LOG_LEVEL=debug`, or a custom logger. It implements the syslog format.
|
|
1302
1617
|
*/
|
|
1303
1618
|
logger?: boolean | Logger;
|
|
1304
|
-
/**
|
|
1305
|
-
* Defines trusted origins for your application to prevent open redirect attacks.
|
|
1306
|
-
* URLs from the Referer header, Origin header, request URL, and redirectTo option
|
|
1307
|
-
* are validated against this list before redirecting.
|
|
1308
|
-
*
|
|
1309
|
-
* - **Exact URL**: `https://example.com` matches only that origin.
|
|
1310
|
-
* - **Subdomain wildcard**: `https://*.example.com` matches `https://app.example.com`, `https://api.example.com`, etc.
|
|
1311
|
-
* @example
|
|
1312
|
-
* trustedOrigins: ["https://example.com", "https://*.example.com", "http://localhost:3000"]
|
|
1313
|
-
*
|
|
1314
|
-
*
|
|
1315
|
-
* trustedOrigins: async (request) => {
|
|
1316
|
-
* const origin = new URL(request.url).origin
|
|
1317
|
-
* return [origin, "https://admin.example.com"]
|
|
1318
|
-
* }
|
|
1319
|
-
*/
|
|
1320
|
-
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
1321
1619
|
/**
|
|
1322
1620
|
* Defines the session management strategy for Aura Auth. It determines how sessions are created, stored, and validated.
|
|
1323
1621
|
*/
|
|
@@ -1344,15 +1642,110 @@ interface AuthConfig<Identity extends EditableShape<UserShape> = EditableShape<U
|
|
|
1344
1642
|
* }
|
|
1345
1643
|
*/
|
|
1346
1644
|
identity?: Partial<{
|
|
1645
|
+
/**
|
|
1646
|
+
* Skip schema validation for session data, JWT payloads, and OAuth profiles.
|
|
1647
|
+
* This can be useful for performance optimization if you are certain that the
|
|
1648
|
+
* data is valid, but it can lead to security vulnerabilities if misused.
|
|
1649
|
+
* > ⚠️ WARNING: Use this option with caution.
|
|
1650
|
+
*/
|
|
1347
1651
|
skipValidation: boolean;
|
|
1348
|
-
|
|
1652
|
+
/**
|
|
1653
|
+
* Custom schema validation for user identity data. It supports any Zod, Arktype,
|
|
1654
|
+
* Valibot or Typebox schema. Use `createIdentity` helper function to create a schema
|
|
1655
|
+
* with the correct shape and inference.
|
|
1656
|
+
*/
|
|
1657
|
+
schema: ConfigSchema<Identity>;
|
|
1658
|
+
/**
|
|
1659
|
+
* Defines how unknown keys are handled during schema validation. It can be set to:
|
|
1660
|
+
* - `passthrough`: Unknown keys are allowed and included in the validated data.
|
|
1661
|
+
* - `strict`: Unknown keys will cause validation to fail with an error.
|
|
1662
|
+
* - `strip`: Unknown keys are removed from the validated data.
|
|
1663
|
+
*/
|
|
1349
1664
|
unknownKeys: "passthrough" | "strict" | "strip";
|
|
1350
1665
|
}>;
|
|
1351
1666
|
/**
|
|
1352
1667
|
* Credentials provider for username/password or similar authentication.
|
|
1353
1668
|
*/
|
|
1354
1669
|
credentials?: CredentialsProvider<Identity>;
|
|
1355
|
-
}
|
|
1670
|
+
} & TrustedProxyHeadersConfig;
|
|
1671
|
+
type TrustedProxyHeadersConfig = {
|
|
1672
|
+
/**
|
|
1673
|
+
* Enable trusted proxy headers for scenarios where the application is behind a reverse proxy or load balancer.
|
|
1674
|
+
* This setting allows Aura Auth to correctly interpret headers like `X-Forwarded-For` and `X-Forwarded-Proto`
|
|
1675
|
+
* to determine the original client IP address and protocol.
|
|
1676
|
+
*
|
|
1677
|
+
* Default is `false`. Enable this option only if you are certain that your application is behind a trusted proxy.
|
|
1678
|
+
* Misconfiguration can lead to security vulnerabilities, such as incorrect handling of secure cookies or
|
|
1679
|
+
* inaccurate client IP logging.
|
|
1680
|
+
*
|
|
1681
|
+
* This value can also be set via environment variable as `AURA_AUTH_TRUSTED_PROXY_HEADERS`
|
|
1682
|
+
*
|
|
1683
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
|
1684
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
|
|
1685
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
|
1686
|
+
* @experimental
|
|
1687
|
+
*/
|
|
1688
|
+
trustedProxyHeaders: true;
|
|
1689
|
+
/**
|
|
1690
|
+
* Defines trusted origins for your application to prevent open redirect attacks.
|
|
1691
|
+
* URLs from the Referer header, Origin header, request URL, and redirectTo option
|
|
1692
|
+
* are validated against this list before redirecting.
|
|
1693
|
+
*
|
|
1694
|
+
* - **Exact URL**: `https://example.com` matches only that origin.
|
|
1695
|
+
* - **Subdomain wildcard**: `https://*.example.com` matches `https://app.example.com`, `https://api.example.com`, etc.
|
|
1696
|
+
*
|
|
1697
|
+
* > **⚠️ WARNING:** Ensure that the trusted origins are configured correctly to prevent open redirect vulnerabilities.
|
|
1698
|
+
* Only include origins that you control and trust.
|
|
1699
|
+
*
|
|
1700
|
+
* @example
|
|
1701
|
+
* trustedOrigins: ["https://example.com", "https://*.example.com", "http://localhost:3000"]
|
|
1702
|
+
*
|
|
1703
|
+
* trustedOrigins: async (request) => {
|
|
1704
|
+
* const origin = new URL(request.url).origin
|
|
1705
|
+
* return [origin, "https://admin.example.com"]
|
|
1706
|
+
* }
|
|
1707
|
+
*/
|
|
1708
|
+
trustedOrigins: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
1709
|
+
} | {
|
|
1710
|
+
/**
|
|
1711
|
+
* Enable trusted proxy headers for scenarios where the application is behind a reverse proxy or load balancer.
|
|
1712
|
+
* This setting allows Aura Auth to correctly interpret headers like `X-Forwarded-For` and `X-Forwarded-Proto`
|
|
1713
|
+
* to determine the original client IP address and protocol.
|
|
1714
|
+
*
|
|
1715
|
+
* Default is `false`. Enable this option only if you are certain that your application is behind a trusted proxy.
|
|
1716
|
+
* Misconfiguration can lead to security vulnerabilities, such as incorrect handling of secure cookies or
|
|
1717
|
+
* inaccurate client IP logging.
|
|
1718
|
+
*
|
|
1719
|
+
* This value can also be set via environment variable as `AURA_AUTH_TRUSTED_PROXY_HEADERS`
|
|
1720
|
+
*
|
|
1721
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
|
|
1722
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
|
|
1723
|
+
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
|
1724
|
+
* @experimental
|
|
1725
|
+
*/
|
|
1726
|
+
trustedProxyHeaders?: false;
|
|
1727
|
+
/**
|
|
1728
|
+
* Defines trusted origins for your application to prevent open redirect attacks.
|
|
1729
|
+
* URLs from the Referer header, Origin header, request URL, and redirectTo option
|
|
1730
|
+
* are validated against this list before redirecting.
|
|
1731
|
+
*
|
|
1732
|
+
* - **Exact URL**: `https://example.com` matches only that origin.
|
|
1733
|
+
* - **Subdomain wildcard**: `https://*.example.com` matches `https://app.example.com`, `https://api.example.com`, etc.
|
|
1734
|
+
*
|
|
1735
|
+
* > **⚠️ WARNING:** Ensure that the trusted origins are configured correctly to prevent open redirect vulnerabilities.
|
|
1736
|
+
* Only include origins that you control and trust.
|
|
1737
|
+
*
|
|
1738
|
+
* @example
|
|
1739
|
+
* trustedOrigins: ["https://example.com", "https://*.example.com", "http://localhost:3000"]
|
|
1740
|
+
*
|
|
1741
|
+
* trustedOrigins: async (request) => {
|
|
1742
|
+
* const origin = new URL(request.url).origin
|
|
1743
|
+
* return [origin, "https://admin.example.com"]
|
|
1744
|
+
* }
|
|
1745
|
+
*
|
|
1746
|
+
*/
|
|
1747
|
+
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
1748
|
+
};
|
|
1356
1749
|
/**
|
|
1357
1750
|
* Cookie type with __Secure- prefix, must be Secure.
|
|
1358
1751
|
* @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
|
|
@@ -1386,10 +1779,9 @@ type CookieStrategyAttributes = StandardCookie | SecureCookie | HostCookie;
|
|
|
1386
1779
|
* - `sessionToken`: User session JWT
|
|
1387
1780
|
* - `csrfToken`: CSRF protection token
|
|
1388
1781
|
* - `state`: OAuth state parameter for CSRF protection
|
|
1389
|
-
* - `
|
|
1390
|
-
* - `
|
|
1391
|
-
* - `
|
|
1392
|
-
* - `nonce`: OpenID Connect nonce parameter
|
|
1782
|
+
* - `codeVerifier`: PKCE code verifier for authorization code flow
|
|
1783
|
+
* - `redirectURI`: OAuth callback URI
|
|
1784
|
+
* - `redirectTo`: Post-authentication redirect path
|
|
1393
1785
|
*/
|
|
1394
1786
|
type CookieName = "sessionToken" | "csrfToken" | "state" | "codeVerifier" | "redirectTo" | "redirectURI";
|
|
1395
1787
|
/** Resolved cookie names and serialization attributes for each logical auth cookie. */
|
|
@@ -1402,6 +1794,10 @@ interface CookieConfig {
|
|
|
1402
1794
|
* Prefix to be added to all cookie names. By default "aura-stack".
|
|
1403
1795
|
*/
|
|
1404
1796
|
prefix?: string;
|
|
1797
|
+
/**
|
|
1798
|
+
* Overrides for individual cookie configurations.
|
|
1799
|
+
* @see {@link CookieStoreConfig} for the structure of each cookie configuration.
|
|
1800
|
+
*/
|
|
1405
1801
|
overrides?: Partial<CookieStoreConfig>;
|
|
1406
1802
|
}
|
|
1407
1803
|
/**
|
|
@@ -1454,8 +1850,9 @@ interface InternalLogger {
|
|
|
1454
1850
|
* Identity validation settings used when building session strategy and OAuth profile mapping.
|
|
1455
1851
|
* Controls the Zod schema and how unknown keys are handled on user objects.
|
|
1456
1852
|
*/
|
|
1457
|
-
interface IdentityConfig<Schema extends
|
|
1853
|
+
interface IdentityConfig<Schema extends SchemaTypes = typeof UserIdentity> {
|
|
1458
1854
|
schema?: Schema;
|
|
1855
|
+
schemaAsPartial?: Schema;
|
|
1459
1856
|
skipValidation?: boolean;
|
|
1460
1857
|
unknownKeys?: "passthrough" | "strict" | "strip";
|
|
1461
1858
|
}
|
|
@@ -1485,14 +1882,14 @@ interface CredentialsProviderContext<T> {
|
|
|
1485
1882
|
/**
|
|
1486
1883
|
* Interface for the credentials provider.
|
|
1487
1884
|
*/
|
|
1488
|
-
interface CredentialsProvider<Identity extends
|
|
1885
|
+
interface CredentialsProvider<Identity extends Identities> {
|
|
1489
1886
|
hash?: (password: string, salt?: string, iterations?: number) => Promise<string>;
|
|
1490
1887
|
verify?: (password: string, hashedPassword: string) => Promise<boolean>;
|
|
1491
1888
|
/**
|
|
1492
1889
|
* Authenticates a user using credentials.
|
|
1493
1890
|
* Must return a User object or the identity type if the identity schema is provided.
|
|
1494
1891
|
*/
|
|
1495
|
-
authorize: (ctx: CredentialsProviderContext<CredentialsPayload>) => Promise<
|
|
1892
|
+
authorize: (ctx: CredentialsProviderContext<CredentialsPayload>) => Promise<FromShapeToObject<Identity> | null> | FromShapeToObject<Identity> | null;
|
|
1496
1893
|
}
|
|
1497
1894
|
/**
|
|
1498
1895
|
* Runtime context passed into auth actions and API handlers: OAuth map, cookies, JWT, session strategy, trusted origins, etc.
|
|
@@ -1510,11 +1907,12 @@ interface RouterGlobalContext<DefaultUser extends User = User> {
|
|
|
1510
1907
|
trustedOrigins?: TrustedOrigin[] | ((request: Request) => Promise<TrustedOrigin[]> | TrustedOrigin[]);
|
|
1511
1908
|
logger?: InternalLogger;
|
|
1512
1909
|
sessionStrategy: SessionStrategy<DefaultUser>;
|
|
1513
|
-
identity:
|
|
1514
|
-
|
|
1515
|
-
|
|
1516
|
-
|
|
1517
|
-
|
|
1910
|
+
identity: SchemaRegistryContext;
|
|
1911
|
+
}
|
|
1912
|
+
interface SchemaRegistryContext {
|
|
1913
|
+
schemaRegistry: ReturnType<typeof createSchemaRegistry>;
|
|
1914
|
+
skipValidation?: boolean;
|
|
1915
|
+
unknownKeys: "passthrough" | "strict" | "strip";
|
|
1518
1916
|
}
|
|
1519
1917
|
/**
|
|
1520
1918
|
* Internal runtime configuration used within Aura Auth after initialization.
|
|
@@ -1525,8 +1923,17 @@ type AuthRuntimeConfig<DefaultUser extends User = User> = RouterGlobalContext<De
|
|
|
1525
1923
|
* Public auth instance: programmatic {@link AuthAPI}, {@link JoseInstance}, and HTTP {@link AuthClient} handlers.
|
|
1526
1924
|
*/
|
|
1527
1925
|
interface AuthInstance<DefaultUser extends User = User> {
|
|
1926
|
+
/**
|
|
1927
|
+
* Programmatic API for authentication actions (getSession, signIn, signOut, etc.) that can be used in server-side contexts or API routes.
|
|
1928
|
+
*/
|
|
1528
1929
|
api: AuthAPI<DefaultUser>;
|
|
1930
|
+
/**
|
|
1931
|
+
* JOSE helper functions for signin, encryption and verification of JWTs.
|
|
1932
|
+
*/
|
|
1529
1933
|
jose: JoseInstance<DefaultUser>;
|
|
1934
|
+
/**
|
|
1935
|
+
* HTTP handlers for mounting on a router or server.
|
|
1936
|
+
*/
|
|
1530
1937
|
handlers: {
|
|
1531
1938
|
GET: (request: Request) => Response | Promise<Response>;
|
|
1532
1939
|
POST: (request: Request) => Response | Promise<Response>;
|
|
@@ -1537,196 +1944,13 @@ interface AuthInstance<DefaultUser extends User = User> {
|
|
|
1537
1944
|
/**
|
|
1538
1945
|
* Extended context used inside the library with both secure and standard cookie materializations.
|
|
1539
1946
|
*/
|
|
1540
|
-
type InternalContext<Identity extends
|
|
1947
|
+
type InternalContext<Identity extends Identities> = RouterGlobalContext<FromShapeToObject<Identity> & User> & {
|
|
1541
1948
|
cookieConfig: {
|
|
1542
1949
|
secure: CookieStoreConfig;
|
|
1543
1950
|
standard: CookieStoreConfig;
|
|
1544
1951
|
};
|
|
1545
1952
|
};
|
|
1546
1953
|
//#endregion
|
|
1547
|
-
//#region src/@types/session.d.ts
|
|
1548
|
-
/** Application user type, inferred from the configured identity schema (defaults to the built-in user shape). */
|
|
1549
|
-
type User = UserIdentityType;
|
|
1550
|
-
/**
|
|
1551
|
-
* Session data returned by the session endpoint.
|
|
1552
|
-
*/
|
|
1553
|
-
interface Session<DefaultUser extends User = User> {
|
|
1554
|
-
user: DefaultUser;
|
|
1555
|
-
expires: string;
|
|
1556
|
-
}
|
|
1557
|
-
/**
|
|
1558
|
-
* A symmetric secret or asymmetric key pair used for JWT operations.
|
|
1559
|
-
*
|
|
1560
|
-
* - string / Uint8Array: used as-is for HMAC (signed) or AES (encrypted)
|
|
1561
|
-
* - CryptoKey: Web Crypto API key, for environments that support it
|
|
1562
|
-
* - KeyPair: asymmetric signing (RS256, ES256, EdDSA, etc.)
|
|
1563
|
-
*/
|
|
1564
|
-
type SecretKey = string | Uint8Array | CryptoKey;
|
|
1565
|
-
/** Asymmetric key pair for signing or key agreement (Web Crypto `CryptoKey` pair). */
|
|
1566
|
-
interface KeyPair {
|
|
1567
|
-
privateKey: CryptoKey;
|
|
1568
|
-
publicKey: CryptoKey;
|
|
1569
|
-
}
|
|
1570
|
-
/**
|
|
1571
|
-
* @todo: add key rotation support for "SecretKey | KeyPair | [SecretKey | KeyPair, ...(SecretKey | KeyPair)[]]"
|
|
1572
|
-
*/
|
|
1573
|
-
type JWTKey = SecretKey;
|
|
1574
|
-
/**
|
|
1575
|
-
* - "signed" → standard JWS (e.g. HS256, RS256, ES256).
|
|
1576
|
-
* - "encrypted" → JWE only. (e.g. A256GCM with RSA-OAEP key wrapping).
|
|
1577
|
-
* - "sealed" → JWS nested inside JWE (signed then encrypted).
|
|
1578
|
-
*/
|
|
1579
|
-
type JWTMode = "signed" | "encrypted" | "sealed";
|
|
1580
|
-
/**
|
|
1581
|
-
* Signing algorithms for "signed" and "sealed" modes.
|
|
1582
|
-
* Symmetric: HS256 | HS384 | HS512
|
|
1583
|
-
* Asymmetric: RS256 | RS384 | RS512 | ES256 | ES384 | ES512 | EdDSA | PS256
|
|
1584
|
-
*/
|
|
1585
|
-
type JWTSigningAlgorithm = "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "EdDSA" | "PS256";
|
|
1586
|
-
/**
|
|
1587
|
-
* Key-wrapping algorithms for "encrypted" and "sealed" modes.
|
|
1588
|
-
* Symmetric: A128KW | A192KW | A256KW | dir (direct)
|
|
1589
|
-
* ECDH: ECDH-ES | ECDH-ES+A128KW | ECDH-ES+A256KW
|
|
1590
|
-
* RSA: RSA-OAEP | RSA-OAEP-256
|
|
1591
|
-
*/
|
|
1592
|
-
type JWTKeyAlgorithm = "A128KW" | "A192KW" | "A256KW" | "dir" | "ECDH-ES" | "ECDH-ES+A128KW" | "ECDH-ES+A256KW" | "RSA-OAEP" | "RSA-OAEP-256";
|
|
1593
|
-
/** Content-encryption algorithms for JWE. */
|
|
1594
|
-
type JWTEncryptionAlgorithm = "A128CBC-HS256" | "A192CBC-HS384" | "A256CBC-HS512" | "A128GCM" | "A192GCM" | "A256GCM";
|
|
1595
|
-
/** Signed JWT mode configuration. */
|
|
1596
|
-
type JWTSignedMode = {
|
|
1597
|
-
mode: "signed";
|
|
1598
|
-
signingAlgorithm?: JWTSigningAlgorithm;
|
|
1599
|
-
};
|
|
1600
|
-
/** Encrypted JWT mode configuration. */
|
|
1601
|
-
type JWTEncryptedMode = {
|
|
1602
|
-
mode: "encrypted";
|
|
1603
|
-
keyAlgorithm?: JWTKeyAlgorithm;
|
|
1604
|
-
encryptionAlgorithm?: JWTEncryptionAlgorithm;
|
|
1605
|
-
};
|
|
1606
|
-
/** Signed and Encrypted JWT mode configuration. */
|
|
1607
|
-
type JWTSealedMode = {
|
|
1608
|
-
mode?: "sealed";
|
|
1609
|
-
signingAlgorithm?: JWTSigningAlgorithm;
|
|
1610
|
-
keyAlgorithm?: JWTKeyAlgorithm;
|
|
1611
|
-
encryptionAlgorithm?: JWTEncryptionAlgorithm;
|
|
1612
|
-
};
|
|
1613
|
-
/** Discriminated union of JWT wire format: signed JWS, encrypted JWE, or nested sealed (JWS in JWE). */
|
|
1614
|
-
type JWTConfigBase = JWTSignedMode | JWTEncryptedMode | JWTSealedMode;
|
|
1615
|
-
/** How session/JWT lifetime is enforced relative to `iat`, absolute caps, and sliding windows. */
|
|
1616
|
-
type JWTExpirationStrategy = "fixed" | "rolling" | "absolute" | "sliding";
|
|
1617
|
-
type JWTConfig = {
|
|
1618
|
-
/**
|
|
1619
|
-
* Token lifetime.
|
|
1620
|
-
*/
|
|
1621
|
-
maxAge?: number;
|
|
1622
|
-
/**
|
|
1623
|
-
* JWT `iss` (issuer) claim. Set this to your app's canonical URL.
|
|
1624
|
-
* @example "https://auth.example.com"
|
|
1625
|
-
*/
|
|
1626
|
-
issuer?: string;
|
|
1627
|
-
/**
|
|
1628
|
-
* JWT `aud` claim. Single value or array for multi-audience tokens.
|
|
1629
|
-
* @example ["https://api.example.com", "https://app.example.com"]
|
|
1630
|
-
*/
|
|
1631
|
-
audience?: string | string[];
|
|
1632
|
-
/**
|
|
1633
|
-
* Maximum absolute session duration in seconds.
|
|
1634
|
-
* Required for "absolute" and "sliding" strategies.
|
|
1635
|
-
* Enforced via jose's maxTokenAge against the iat claim.
|
|
1636
|
-
*/
|
|
1637
|
-
maxExpiration?: number;
|
|
1638
|
-
/**
|
|
1639
|
-
* Policy for renewing or capping token lifetime (pairs with `maxExpiration` where applicable).
|
|
1640
|
-
*/
|
|
1641
|
-
expirationStrategy?: JWTExpirationStrategy;
|
|
1642
|
-
} & JWTConfigBase;
|
|
1643
|
-
/**
|
|
1644
|
-
* Stateless JWT strategy.
|
|
1645
|
-
* No database required. Tokens are self-contained and cannot be revoked
|
|
1646
|
-
* before they expire — keep `jwt.maxAge` short or enable refresh tokens.
|
|
1647
|
-
*
|
|
1648
|
-
* @example
|
|
1649
|
-
* {
|
|
1650
|
-
* strategy: "jwt",
|
|
1651
|
-
* jwt: { mode: "sealed", maxAge: "15m", issuer: "https://auth.example.com" },
|
|
1652
|
-
* refreshToken: { enabled: true, maxAge: "7d" },
|
|
1653
|
-
* }
|
|
1654
|
-
*/
|
|
1655
|
-
type StatelessStrategyConfig = {
|
|
1656
|
-
strategy?: "jwt";
|
|
1657
|
-
jwt?: JWTConfig;
|
|
1658
|
-
};
|
|
1659
|
-
/**
|
|
1660
|
-
* The session strategy. Determines which fields below are required.
|
|
1661
|
-
*
|
|
1662
|
-
* - "jwt": stateless. No database needed. JWTs are self-contained.
|
|
1663
|
-
* - "database": stateful. Every request hits the DB to validate the session.
|
|
1664
|
-
* - "hybrid": JWT transport + DB revocation. Best of both for most apps.
|
|
1665
|
-
*
|
|
1666
|
-
* @default "jwt"
|
|
1667
|
-
*/
|
|
1668
|
-
type SessionConfig = StatelessStrategyConfig;
|
|
1669
|
-
/** Result of reading a stateless (JWT) session from a request: session payload and outgoing header mutations. */
|
|
1670
|
-
interface GetStatelessSessionReturn<DefaultUser extends User = User> {
|
|
1671
|
-
session: Session<DefaultUser> | null;
|
|
1672
|
-
headers: Headers;
|
|
1673
|
-
}
|
|
1674
|
-
/**
|
|
1675
|
-
* Abstraction layer for session management.
|
|
1676
|
-
*/
|
|
1677
|
-
interface SessionStrategy<DefaultUser extends User = User> {
|
|
1678
|
-
/**
|
|
1679
|
-
* Read and validate the session from an incoming request.
|
|
1680
|
-
* Returns null if absent, invalid, or expired. Never throws on auth failure.
|
|
1681
|
-
*/
|
|
1682
|
-
getSession(request: Headers): Promise<GetStatelessSessionReturn<DefaultUser>>;
|
|
1683
|
-
/**
|
|
1684
|
-
* Create a session after successful authentication.
|
|
1685
|
-
* Signs the JWT / writes the DB row / sets cookies.
|
|
1686
|
-
*/
|
|
1687
|
-
createSession(session: User): Promise<string>;
|
|
1688
|
-
/**
|
|
1689
|
-
* Attempt to refresh using the refresh token cookie.
|
|
1690
|
-
* Returns null session + cookie-clearing response on any failure.
|
|
1691
|
-
*/
|
|
1692
|
-
refreshSession(headers: Headers, session: DeepPartial<Session<DefaultUser>>, skipCSRFCheck?: boolean): Promise<{
|
|
1693
|
-
session: Session<DefaultUser> | null;
|
|
1694
|
-
headers: Headers;
|
|
1695
|
-
}>;
|
|
1696
|
-
/**
|
|
1697
|
-
* Revoke a session by ID.
|
|
1698
|
-
* JWT strategy: best-effort (clears cookies, no server state).
|
|
1699
|
-
* Database / hybrid: marks row inactive.
|
|
1700
|
-
*/
|
|
1701
|
-
revokeSession(sessionId: string): Promise<void>;
|
|
1702
|
-
/**
|
|
1703
|
-
* Destroy the session attached to this request (logout).
|
|
1704
|
-
* Returns a response that clears cookies.
|
|
1705
|
-
*/
|
|
1706
|
-
destroySession(request: Headers, skipCSRFCheck?: boolean): Promise<Headers>;
|
|
1707
|
-
}
|
|
1708
|
-
/** Inputs for constructing a session strategy implementation for a given identity schema. */
|
|
1709
|
-
interface CreateSessionStrategyOptions<Identity extends EditableShape<UserShape>> {
|
|
1710
|
-
config?: SessionConfig;
|
|
1711
|
-
jose: JoseInstance<ShapeToObject<Identity> & User>;
|
|
1712
|
-
cookies: () => CookieStoreConfig;
|
|
1713
|
-
logger?: InternalLogger;
|
|
1714
|
-
identity: IdentityConfig;
|
|
1715
|
-
}
|
|
1716
|
-
/** Options specialized for the JWT-backed session strategy. */
|
|
1717
|
-
interface JWTStrategyOptions<DefaultUser extends User = User> {
|
|
1718
|
-
config?: StatelessStrategyConfig;
|
|
1719
|
-
jose: JoseInstance<DefaultUser>;
|
|
1720
|
-
logger?: InternalLogger;
|
|
1721
|
-
cookies: () => CookieStoreConfig;
|
|
1722
|
-
identity: IdentityConfig;
|
|
1723
|
-
}
|
|
1724
|
-
/** Minimal token issue/verify surface used by session code paths. */
|
|
1725
|
-
type JWTManager<DefaultUser extends User = User> = {
|
|
1726
|
-
createToken(user: TypedJWTPayload<Partial<DefaultUser>>): Promise<string>;
|
|
1727
|
-
verifyToken(token: string): Promise<TypedJWTPayload<DefaultUser>>;
|
|
1728
|
-
};
|
|
1729
|
-
//#endregion
|
|
1730
1954
|
//#region src/@types/utility.d.ts
|
|
1731
1955
|
/** Expands intersection types into a single flat object type for readable editor hints. */
|
|
1732
1956
|
type Prettify$1<T> = { [K in keyof T]: T[K] };
|
|
@@ -1739,23 +1963,85 @@ type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
|
|
|
1739
1963
|
* Transforms a Zod raw shape so nested `ZodObject` fields become editable (same structure, for config authoring).
|
|
1740
1964
|
*/
|
|
1741
1965
|
type EditableShape<T extends ZodRawShape> = { [K in keyof T]: T[K] extends ZodObject<infer Inner extends ZodRawShape> ? ZodObject<EditableShape<Inner>> : ZodTypeAny };
|
|
1966
|
+
type EditableShapeZod<T extends ZodRawShape> = EditableShape<T>;
|
|
1967
|
+
type AnyShape = Record<string, AnySchema>;
|
|
1968
|
+
type EditableShapeValibot<T extends ObjectEntries> = { [K in keyof T]: T[K] extends ObjectSchema<infer Inner extends AnyShape, undefined> ? ObjectSchema<EditableShapeValibot<Inner>, undefined> : BaseSchema<any, any, any> };
|
|
1969
|
+
type EditableShapeTypebox<T extends TProperties> = { [K in keyof T]: T[K] extends TObject ? Wrap<EditableShapeTypebox<T[K]["properties"]>> : TSchema };
|
|
1970
|
+
type ConfigSchema<T extends Identities> = IsZod<T> extends true ? ZodObject<T & ZodRawShape> : T extends EditableShapeValibot<UserShapeValibot> ? ObjectSchema<T & ObjectEntries, undefined> : IsArkType<T> extends true ? T : T extends EditableShapeTypebox<UserShapeTypeBox> ? TObject<T & TProperties> : never;
|
|
1971
|
+
type ValibotShapeToObject<S extends ObjectEntries> = Merge<InferOutput<ObjectSchema<S, undefined>>, User>;
|
|
1972
|
+
type ArktypeShapeToObject<S extends Type> = S extends Type<infer Shape> ? Wrap<Merge<Shape, User>> : never;
|
|
1973
|
+
type TypeboxShapeToObject<S extends TProperties> = S extends TProperties ? Wrap<Merge<Static<TObject<S>>, User>> : never;
|
|
1974
|
+
type EditableShapeArkType<T extends Type> = T extends Type<infer Shape> ? Type<{ [K in keyof Shape]: any }> : never;
|
|
1742
1975
|
/** Merges type `B` over `A`, replacing overlapping keys with `B`. */
|
|
1743
1976
|
type Merge<A, B> = Omit<A, keyof B> & B;
|
|
1744
1977
|
/**
|
|
1745
1978
|
* Infers the runtime object type from a Zod `shape` and intersects it with {@link User}
|
|
1746
1979
|
* so identity fields always include the base user contract.
|
|
1747
1980
|
*/
|
|
1748
|
-
type
|
|
1981
|
+
type ZodShapeToObject<S extends ZodRawShape = ZodRawShape> = Merge<__Infer<ZodObject<S>>, User>;
|
|
1982
|
+
type FromShapeToObject<S> = S extends ZodRawShape ? ZodShapeToObject<S> : S extends ObjectEntries ? ValibotShapeToObject<S> : S extends Type ? ArktypeShapeToObject<S> : S extends TProperties ? TypeboxShapeToObject<S> : never;
|
|
1749
1983
|
/** Recursively makes every property required. */
|
|
1750
1984
|
type DeepRequired<T> = { [K in keyof T]-?: T[K] extends object ? DeepRequired<T[K]> : T[K] };
|
|
1751
1985
|
/** Recursively makes every property optional. */
|
|
1752
1986
|
type DeepPartial<T> = { [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P] };
|
|
1753
|
-
/**
|
|
1754
|
-
type
|
|
1755
|
-
/**
|
|
1756
|
-
type
|
|
1757
|
-
|
|
1758
|
-
|
|
1987
|
+
/** Wraps a type in an object with the same keys. */
|
|
1988
|
+
type Wrap<T> = T extends any ? { [K in keyof T]: T[K] } : never;
|
|
1989
|
+
/**
|
|
1990
|
+
* Infers the user type from an {@link AuthInstance} config, or falls back to {@link User}.
|
|
1991
|
+
* @example
|
|
1992
|
+
* const auth = createAuth({
|
|
1993
|
+
* oauth: [],
|
|
1994
|
+
* identity: UserIdentity.extend({
|
|
1995
|
+
* role: z.string().nullable().optional(),
|
|
1996
|
+
* username: z.string().optional(),
|
|
1997
|
+
* })
|
|
1998
|
+
* })
|
|
1999
|
+
*
|
|
2000
|
+
* type User = InferUser<typeof auth>
|
|
2001
|
+
*/
|
|
2002
|
+
type InferUser<Config extends AuthInstance> = Config extends AuthInstance<infer Identity> ? Prettify$1<Identity> : User;
|
|
2003
|
+
/**
|
|
2004
|
+
* Infers the session type from an {@link AuthInstance} config.
|
|
2005
|
+
* @example
|
|
2006
|
+
* const auth = createAuth({
|
|
2007
|
+
* oauth: [],
|
|
2008
|
+
* identity: UserIdentity.extend({
|
|
2009
|
+
* role: z.string().nullable().optional(),
|
|
2010
|
+
* username: z.string().optional(),
|
|
2011
|
+
* })
|
|
2012
|
+
* })
|
|
2013
|
+
*
|
|
2014
|
+
* type Session = InferSession<typeof auth>
|
|
2015
|
+
*/
|
|
2016
|
+
type InferSession<Config extends AuthInstance> = Prettify$1<Session<Wrap<InferUser<Config>>>>;
|
|
2017
|
+
/**
|
|
2018
|
+
* Shorthand for a Zod object’s `.shape` property.
|
|
2019
|
+
*/
|
|
2020
|
+
type InferZodShape<T extends ZodObject> = T["shape"];
|
|
2021
|
+
/**
|
|
2022
|
+
* Infers the user type from a Zod identity schema, or falls back to {@link User}.
|
|
2023
|
+
* @example
|
|
2024
|
+
* const schema = z.object({
|
|
2025
|
+
* sub: z.string(),
|
|
2026
|
+
* role: z.string().nullable().optional(),
|
|
2027
|
+
* username: z.string().optional(),
|
|
2028
|
+
* })
|
|
2029
|
+
*
|
|
2030
|
+
* type User = UserFrom<typeof schema>
|
|
2031
|
+
*/
|
|
2032
|
+
type UserFrom<T extends ZodObject> = Prettify$1<ZodShapeToObject<InferZodShape<T>>>;
|
|
2033
|
+
/**
|
|
2034
|
+
* Infers the session type from a Zod identity schema.
|
|
2035
|
+
* @example
|
|
2036
|
+
* const schema = z.object({
|
|
2037
|
+
* sub: z.string(),
|
|
2038
|
+
* role: z.string().nullable().optional(),
|
|
2039
|
+
* username: z.string().optional(),
|
|
2040
|
+
* })
|
|
2041
|
+
*
|
|
2042
|
+
* type Session = SessionFrom<typeof schema>
|
|
2043
|
+
*/
|
|
2044
|
+
type SessionFrom<T extends ZodObject> = Wrap<Session<Wrap<UserFrom<T>>>>;
|
|
1759
2045
|
/**
|
|
1760
2046
|
* HTTP `Response` with `json()` typed to resolve to `Body` (defaults to `unknown`).
|
|
1761
2047
|
*/
|
|
@@ -1764,7 +2050,7 @@ type AuthResponse<Body = unknown> = Prettify$1<Omit<Response, "json"> & {
|
|
|
1764
2050
|
}>;
|
|
1765
2051
|
//#endregion
|
|
1766
2052
|
//#region src/createAuth.d.ts
|
|
1767
|
-
declare const createAuthInstance: <Identity extends
|
|
2053
|
+
declare const createAuthInstance: <Identity extends Identities>(authConfig: AuthConfig<Identity>) => {
|
|
1768
2054
|
handlers: _$_aura_stack_router0.Router<[_$_aura_stack_router0.RouteEndpoint<"GET", "/signIn/:oauth", {
|
|
1769
2055
|
schemas?: {
|
|
1770
2056
|
params: _$zod.ZodObject<{
|
|
@@ -1784,6 +2070,8 @@ declare const createAuthInstance: <Identity extends EditableShape<UserShape>>(au
|
|
|
1784
2070
|
notion: "notion";
|
|
1785
2071
|
dropbox: "dropbox";
|
|
1786
2072
|
atlassian: "atlassian";
|
|
2073
|
+
clickUp: "clickUp";
|
|
2074
|
+
dribbble: "dribbble";
|
|
1787
2075
|
}>;
|
|
1788
2076
|
}, _$zod_v4_core0.$strip>;
|
|
1789
2077
|
searchParams: _$zod.ZodObject<{
|
|
@@ -1791,7 +2079,62 @@ declare const createAuthInstance: <Identity extends EditableShape<UserShape>>(au
|
|
|
1791
2079
|
redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
|
|
1792
2080
|
}, _$zod_v4_core0.$strip>;
|
|
1793
2081
|
} | undefined;
|
|
1794
|
-
|
|
2082
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<"/signIn/:oauth", {
|
|
2083
|
+
params: _$zod.ZodObject<{
|
|
2084
|
+
oauth: _$zod.ZodEnum<{
|
|
2085
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
2086
|
+
github: "github";
|
|
2087
|
+
bitbucket: "bitbucket";
|
|
2088
|
+
figma: "figma";
|
|
2089
|
+
discord: "discord";
|
|
2090
|
+
gitlab: "gitlab";
|
|
2091
|
+
spotify: "spotify";
|
|
2092
|
+
x: "x";
|
|
2093
|
+
strava: "strava";
|
|
2094
|
+
mailchimp: "mailchimp";
|
|
2095
|
+
pinterest: "pinterest";
|
|
2096
|
+
twitch: "twitch";
|
|
2097
|
+
notion: "notion";
|
|
2098
|
+
dropbox: "dropbox";
|
|
2099
|
+
atlassian: "atlassian";
|
|
2100
|
+
clickUp: "clickUp";
|
|
2101
|
+
dribbble: "dribbble";
|
|
2102
|
+
}>;
|
|
2103
|
+
}, _$zod_v4_core0.$strip>;
|
|
2104
|
+
searchParams: _$zod.ZodObject<{
|
|
2105
|
+
redirect: _$zod.ZodDefault<_$zod.ZodOptional<_$zod.ZodCodec<_$zod.ZodString, _$zod.ZodBoolean>>>;
|
|
2106
|
+
redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
|
|
2107
|
+
}, _$zod_v4_core0.$strip>;
|
|
2108
|
+
}>[] | undefined;
|
|
2109
|
+
}, (ctx: {
|
|
2110
|
+
params: {
|
|
2111
|
+
oauth: "github" | "bitbucket" | "figma" | "discord" | "gitlab" | "spotify" | "x" | "strava" | "mailchimp" | "pinterest" | "twitch" | "notion" | "dropbox" | "atlassian" | "clickUp" | "dribbble" | (string & Record<never, never>);
|
|
2112
|
+
};
|
|
2113
|
+
body: undefined;
|
|
2114
|
+
searchParams: {
|
|
2115
|
+
redirect: boolean;
|
|
2116
|
+
redirectTo?: string | undefined;
|
|
2117
|
+
};
|
|
2118
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2119
|
+
request: Request;
|
|
2120
|
+
url: URL;
|
|
2121
|
+
method: "GET";
|
|
2122
|
+
route: "/signIn/:oauth";
|
|
2123
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2124
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2125
|
+
}) => Promise<Prettify$1<Omit<Response, "json"> & {
|
|
2126
|
+
json(): Promise<{
|
|
2127
|
+
success: true;
|
|
2128
|
+
redirect: boolean;
|
|
2129
|
+
signInURL: string;
|
|
2130
|
+
}>;
|
|
2131
|
+
}> | Prettify$1<Omit<Response, "json"> & {
|
|
2132
|
+
json(): Promise<{
|
|
2133
|
+
success: false;
|
|
2134
|
+
redirect: false;
|
|
2135
|
+
signInURL: null;
|
|
2136
|
+
}>;
|
|
2137
|
+
}>>>, _$_aura_stack_router0.RouteEndpoint<"POST", `/${string}`, {
|
|
1795
2138
|
schemas?: {
|
|
1796
2139
|
body: _$zod.ZodObject<{
|
|
1797
2140
|
username: _$zod.ZodString;
|
|
@@ -1801,7 +2144,42 @@ declare const createAuthInstance: <Identity extends EditableShape<UserShape>>(au
|
|
|
1801
2144
|
redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
|
|
1802
2145
|
}, _$zod_v4_core0.$strip>;
|
|
1803
2146
|
} | undefined;
|
|
1804
|
-
|
|
2147
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<`/${string}`, {
|
|
2148
|
+
body: _$zod.ZodObject<{
|
|
2149
|
+
username: _$zod.ZodString;
|
|
2150
|
+
password: _$zod.ZodString;
|
|
2151
|
+
}, _$zod_v4_core0.$strip>;
|
|
2152
|
+
searchParams: _$zod.ZodObject<{
|
|
2153
|
+
redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
|
|
2154
|
+
}, _$zod_v4_core0.$strip>;
|
|
2155
|
+
}>[] | undefined;
|
|
2156
|
+
}, (ctx: {
|
|
2157
|
+
params: {};
|
|
2158
|
+
body: {
|
|
2159
|
+
username: string;
|
|
2160
|
+
password: string;
|
|
2161
|
+
};
|
|
2162
|
+
searchParams: {
|
|
2163
|
+
redirectTo?: string | undefined;
|
|
2164
|
+
};
|
|
2165
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2166
|
+
request: Request;
|
|
2167
|
+
url: URL;
|
|
2168
|
+
method: "POST";
|
|
2169
|
+
route: `/${string}`;
|
|
2170
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2171
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2172
|
+
}) => Promise<Prettify$1<Omit<Response, "json"> & {
|
|
2173
|
+
json(): Promise<{
|
|
2174
|
+
success: true;
|
|
2175
|
+
redirectURL: string;
|
|
2176
|
+
}>;
|
|
2177
|
+
}> | Prettify$1<Omit<Response, "json"> & {
|
|
2178
|
+
json(): Promise<{
|
|
2179
|
+
success: false;
|
|
2180
|
+
redirectURL: null;
|
|
2181
|
+
}>;
|
|
2182
|
+
}>>>, _$_aura_stack_router0.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
1805
2183
|
schemas?: {
|
|
1806
2184
|
params: _$zod.ZodObject<{
|
|
1807
2185
|
oauth: _$zod.ZodEnum<{
|
|
@@ -1820,6 +2198,8 @@ declare const createAuthInstance: <Identity extends EditableShape<UserShape>>(au
|
|
|
1820
2198
|
notion: "notion";
|
|
1821
2199
|
dropbox: "dropbox";
|
|
1822
2200
|
atlassian: "atlassian";
|
|
2201
|
+
clickUp: "clickUp";
|
|
2202
|
+
dribbble: "dribbble";
|
|
1823
2203
|
}>;
|
|
1824
2204
|
}, _$zod_v4_core0.$strip>;
|
|
1825
2205
|
searchParams: _$zod.ZodObject<{
|
|
@@ -1827,30 +2207,167 @@ declare const createAuthInstance: <Identity extends EditableShape<UserShape>>(au
|
|
|
1827
2207
|
state: _$zod.ZodString;
|
|
1828
2208
|
}, _$zod_v4_core0.$strip>;
|
|
1829
2209
|
} | undefined;
|
|
1830
|
-
|
|
2210
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<"/callback/:oauth", {
|
|
2211
|
+
params: _$zod.ZodObject<{
|
|
2212
|
+
oauth: _$zod.ZodEnum<{
|
|
2213
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
2214
|
+
github: "github";
|
|
2215
|
+
bitbucket: "bitbucket";
|
|
2216
|
+
figma: "figma";
|
|
2217
|
+
discord: "discord";
|
|
2218
|
+
gitlab: "gitlab";
|
|
2219
|
+
spotify: "spotify";
|
|
2220
|
+
x: "x";
|
|
2221
|
+
strava: "strava";
|
|
2222
|
+
mailchimp: "mailchimp";
|
|
2223
|
+
pinterest: "pinterest";
|
|
2224
|
+
twitch: "twitch";
|
|
2225
|
+
notion: "notion";
|
|
2226
|
+
dropbox: "dropbox";
|
|
2227
|
+
atlassian: "atlassian";
|
|
2228
|
+
clickUp: "clickUp";
|
|
2229
|
+
dribbble: "dribbble";
|
|
2230
|
+
}>;
|
|
2231
|
+
}, _$zod_v4_core0.$strip>;
|
|
2232
|
+
searchParams: _$zod.ZodObject<{
|
|
2233
|
+
code: _$zod.ZodString;
|
|
2234
|
+
state: _$zod.ZodString;
|
|
2235
|
+
}, _$zod_v4_core0.$strip>;
|
|
2236
|
+
}>[] | undefined;
|
|
2237
|
+
}, (ctx: {
|
|
2238
|
+
params: {
|
|
2239
|
+
oauth: "github" | "bitbucket" | "figma" | "discord" | "gitlab" | "spotify" | "x" | "strava" | "mailchimp" | "pinterest" | "twitch" | "notion" | "dropbox" | "atlassian" | "clickUp" | "dribbble" | (string & Record<never, never>);
|
|
2240
|
+
};
|
|
2241
|
+
body: undefined;
|
|
2242
|
+
searchParams: {
|
|
2243
|
+
code: string;
|
|
2244
|
+
state: string;
|
|
2245
|
+
};
|
|
2246
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2247
|
+
request: Request;
|
|
2248
|
+
url: URL;
|
|
2249
|
+
method: "GET";
|
|
2250
|
+
route: "/callback/:oauth";
|
|
2251
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2252
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2253
|
+
}) => Promise<Response>>, _$_aura_stack_router0.RouteEndpoint<"GET", "/session", {
|
|
1831
2254
|
schemas?: _$_aura_stack_router0.EndpointSchemas | undefined;
|
|
1832
|
-
|
|
2255
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<"/session", _$_aura_stack_router0.EndpointSchemas>[] | undefined;
|
|
2256
|
+
}, (ctx: {
|
|
2257
|
+
params: {};
|
|
2258
|
+
body: undefined;
|
|
2259
|
+
searchParams: URLSearchParams;
|
|
2260
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2261
|
+
request: Request;
|
|
2262
|
+
url: URL;
|
|
2263
|
+
method: "GET";
|
|
2264
|
+
route: "/session";
|
|
2265
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2266
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2267
|
+
}) => Promise<Prettify$1<Omit<Response, "json"> & {
|
|
2268
|
+
json(): Promise<{
|
|
2269
|
+
success: true;
|
|
2270
|
+
session: Session<{
|
|
2271
|
+
sub: string;
|
|
2272
|
+
name?: string | null | undefined;
|
|
2273
|
+
image?: string | null | undefined;
|
|
2274
|
+
email?: string | null | undefined;
|
|
2275
|
+
}>;
|
|
2276
|
+
}>;
|
|
2277
|
+
}> | Prettify$1<Omit<Response, "json"> & {
|
|
2278
|
+
json(): Promise<{
|
|
2279
|
+
success: false;
|
|
2280
|
+
session: null;
|
|
2281
|
+
}>;
|
|
2282
|
+
}>>>, _$_aura_stack_router0.RouteEndpoint<"POST", `/${string}`, {
|
|
1833
2283
|
schemas?: {
|
|
1834
2284
|
searchParams: _$zod.ZodObject<{
|
|
1835
2285
|
token_type_hint: _$zod.ZodLiteral<"session_token">;
|
|
1836
2286
|
redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
|
|
1837
2287
|
}, _$zod_v4_core0.$strip>;
|
|
1838
2288
|
} | undefined;
|
|
1839
|
-
|
|
2289
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<`/${string}`, {
|
|
2290
|
+
searchParams: _$zod.ZodObject<{
|
|
2291
|
+
token_type_hint: _$zod.ZodLiteral<"session_token">;
|
|
2292
|
+
redirectTo: _$zod.ZodOptional<_$zod.ZodString>;
|
|
2293
|
+
}, _$zod_v4_core0.$strip>;
|
|
2294
|
+
}>[] | undefined;
|
|
2295
|
+
}, (ctx: {
|
|
2296
|
+
params: {};
|
|
2297
|
+
body: undefined;
|
|
2298
|
+
searchParams: {
|
|
2299
|
+
token_type_hint: "session_token";
|
|
2300
|
+
redirectTo?: string | undefined;
|
|
2301
|
+
};
|
|
2302
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2303
|
+
request: Request;
|
|
2304
|
+
url: URL;
|
|
2305
|
+
method: "POST";
|
|
2306
|
+
route: `/${string}`;
|
|
2307
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2308
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2309
|
+
}) => Promise<Prettify$1<Omit<Response, "json"> & {
|
|
2310
|
+
json(): Promise<{
|
|
2311
|
+
success: true;
|
|
2312
|
+
redirect: boolean;
|
|
2313
|
+
redirectURL: string;
|
|
2314
|
+
}>;
|
|
2315
|
+
}> | Prettify$1<Omit<Response, "json"> & {
|
|
2316
|
+
json(): Promise<{
|
|
2317
|
+
success: false;
|
|
2318
|
+
redirect: boolean;
|
|
2319
|
+
redirectURL: null;
|
|
2320
|
+
}>;
|
|
2321
|
+
}>>>, _$_aura_stack_router0.RouteEndpoint<"GET", "/csrfToken", {
|
|
1840
2322
|
schemas?: _$_aura_stack_router0.EndpointSchemas | undefined;
|
|
1841
|
-
|
|
2323
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<"/csrfToken", _$_aura_stack_router0.EndpointSchemas>[] | undefined;
|
|
2324
|
+
}, (ctx: {
|
|
2325
|
+
params: {};
|
|
2326
|
+
body: undefined;
|
|
2327
|
+
searchParams: URLSearchParams;
|
|
2328
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2329
|
+
request: Request;
|
|
2330
|
+
url: URL;
|
|
2331
|
+
method: "GET";
|
|
2332
|
+
route: "/csrfToken";
|
|
2333
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2334
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2335
|
+
}) => Promise<Response>>, _$_aura_stack_router0.RouteEndpoint<"PATCH", `/${string}`, {
|
|
1842
2336
|
schemas?: {
|
|
1843
|
-
body:
|
|
1844
|
-
user: _$zod.ZodOptional<_$zod.ZodObject<{
|
|
1845
|
-
sub: _$zod.ZodOptional<_$zod.ZodString>;
|
|
1846
|
-
name: _$zod.ZodOptional<_$zod.ZodOptional<_$zod.ZodNullable<_$zod.ZodString>>>;
|
|
1847
|
-
image: _$zod.ZodOptional<_$zod.ZodOptional<_$zod.ZodNullable<_$zod.ZodString>>>;
|
|
1848
|
-
email: _$zod.ZodOptional<_$zod.ZodOptional<_$zod.ZodNullable<_$zod.ZodEmail>>>;
|
|
1849
|
-
}, _$zod_v4_core0.$strip>> | undefined;
|
|
1850
|
-
expires: _$zod.ZodOptional<_$zod.ZodCoercedDate<unknown>>;
|
|
1851
|
-
}, _$zod_v4_core0.$strip>;
|
|
2337
|
+
body: any;
|
|
1852
2338
|
} | undefined;
|
|
1853
|
-
|
|
2339
|
+
use?: _$_aura_stack_router0.MiddlewareFunction<`/${string}`, {
|
|
2340
|
+
body: any;
|
|
2341
|
+
}>[] | undefined;
|
|
2342
|
+
}, (ctx: {
|
|
2343
|
+
params: {};
|
|
2344
|
+
body: any;
|
|
2345
|
+
searchParams: URLSearchParams;
|
|
2346
|
+
headers: _$_aura_stack_router0.HeadersBuilder;
|
|
2347
|
+
request: Request;
|
|
2348
|
+
url: URL;
|
|
2349
|
+
method: "PATCH";
|
|
2350
|
+
route: `/${string}`;
|
|
2351
|
+
context: _$_aura_stack_router0.GlobalContext;
|
|
2352
|
+
json: <T>(data: T, init?: ResponseInit) => _$_aura_stack_router0.JsonResponse<T>;
|
|
2353
|
+
}) => Promise<Prettify$1<Omit<Response, "json"> & {
|
|
2354
|
+
json(): Promise<{
|
|
2355
|
+
success: true;
|
|
2356
|
+
session: Session<{
|
|
2357
|
+
sub: string;
|
|
2358
|
+
name?: string | null | undefined;
|
|
2359
|
+
image?: string | null | undefined;
|
|
2360
|
+
email?: string | null | undefined;
|
|
2361
|
+
}>;
|
|
2362
|
+
redirectURL: string;
|
|
2363
|
+
}>;
|
|
2364
|
+
}> | Prettify$1<Omit<Response, "json"> & {
|
|
2365
|
+
json(): Promise<{
|
|
2366
|
+
success: false;
|
|
2367
|
+
session: null;
|
|
2368
|
+
redirectURL: null;
|
|
2369
|
+
}>;
|
|
2370
|
+
}>>>]>;
|
|
1854
2371
|
jose: any;
|
|
1855
2372
|
api: {
|
|
1856
2373
|
getSession: (options: GetSessionAPIOptions) => Promise<GetSessionAPIReturn<{
|
|
@@ -1898,7 +2415,7 @@ declare const createAuthInstance: <Identity extends EditableShape<UserShape>>(au
|
|
|
1898
2415
|
* }]
|
|
1899
2416
|
* })
|
|
1900
2417
|
*/
|
|
1901
|
-
declare const createAuth: <Identity extends EditableShape<UserShape>>(config: AuthConfig<Identity>) => AuthInstance<
|
|
2418
|
+
declare const createAuth: <Identity extends Identities = EditableShape<UserShape>>(config: AuthConfig<Identity>) => AuthInstance<FromShapeToObject<Identity>>;
|
|
1902
2419
|
//#endregion
|
|
1903
2420
|
//#region src/@types/errors.d.ts
|
|
1904
2421
|
/** Map of field or logical keys to API validation error payloads (code + message). */
|
|
@@ -2276,4 +2793,4 @@ type AuthClientOptions = Prettify$1<Omit<ClientOptions, "baseURL"> & {
|
|
|
2276
2793
|
baseURL?: string;
|
|
2277
2794
|
}>;
|
|
2278
2795
|
//#endregion
|
|
2279
|
-
export {
|
|
2796
|
+
export { LiteralUnion as $, Nameplate as $n, JWTMode as $t, APIErrorMap as A, NotionUser as An, StandardCookie as At, AuthResponse as B, mailchimp as Bn, AsymmetricKeyPair as Bt, SignOutAPIReturn as C, DropboxProfile as Cn, JoseInstance as Ct, UpdateSessionAPIReturn as D, dropbox as Dn, SchemaRegistryContext as Dt, UpdateSessionAPIOptions as E, RootInfo as En, RouterGlobalContext as Et, ErrorType as F, twitch as Fn, OAuthProvider as Ft, EditableShapeArkType as G, XProfile as Gn, JWTConfig as Gt, DeepPartial as H, SummaryClub as Hn, CreateSessionStrategyOptions as Ht, OAuthError as I, PinterestProfile as In, OAuthProviderConfig as It, EditableShapeZod as J, SpotifyProfile as Jn, JWTEncryptionAlgorithm as Jt, EditableShapeTypebox as K, x as Kn, JWTConfigBase as Kt, TokenRevocationError as L, pinterest as Ln, OAuthProviderCredentials as Lt, AuthInternalErrorCode as M, Person as Mn, TrustedOrigin as Mt, AuthSecurityErrorCode as N, notion as Nn, TrustedProxyHeadersConfig as Nt, UpdateSessionOptions as O, Bot as On, SecureCookie as Ot, AuthorizationError as P, TwitchProfile as Pn, AuthorizeParams as Pt, InferZodShape as Q, DiscordProfile as Qn, JWTManager as Qt, createAuth as R, Login as Rn, OAuthProviderRecord as Rt, SignOutAPIOptions as S, AccountType as Sn, InternalLogger as St, SignOutReturn as T, Name as Tn, Logger as Tt, DeepRequired as U, SummaryGear as Un, CryptoSecret as Ut, ConfigSchema as V, StravaProfile as Vn, AsymmetricKeyPairFromEnv as Vt, EditableShape as W, strava as Wn, GetStatelessSessionReturn as Wt, InferSession as X, GitLabProfile as Xn, JWTKey as Xt, FromShapeToObject as Y, spotify as Yn, JWTExpirationStrategy as Yt, InferUser as Z, gitlab as Zn, JWTKeyAlgorithm as Zt, SignInCredentialsAPIReturn as _, ClickUpProfile as _n, UserShape as _r, CredentialsProvider as _t, OAuthEnv as a, Session as an, GitHubProfile as ar, ValibotShapeToObject as at, SignInOptions as b, ExtendedProfile as bn, UserShapeValibot as br, IdentityConfig as bt, APIOptionsWithRequest as c, StatelessStrategyConfig as cn, Identities as cr, AuthAPI as ct, GetSessionAPIOptions as d, builtInOAuthProviders as dn, IsZod as dr, AuthRuntimeConfig as dt, JWTSealedMode as en, discord as er, Merge as et, GetSessionAPIReturn as f, createBuiltInOAuthProviders as fn, SchemaTypes as fr, CookieConfig as ft, SignInCredentialsAPIOptions as g, dribbble as gn, UserIdentityValibot as gr, CredentialsPayload as gt, SignInAPIReturn as h, DribbbleTeams as hn, UserIdentityTypeBox as hr, CookieStrategyAttributes as ht, JWTStandardClaims as i, SecretKey as in, bitbucket as ir, UserFrom as it, AccessTokenError as j, Owner as jn, SyslogOptions as jt, UpdateSessionReturn as k, NotionProfile as kn, Severity as kt, APIOptionsWithSkipCSRFCheck as l, User as ln, IsArkType as lr, AuthConfig as lt, SignInAPIOptions as m, DribbbleProfile as mn, UserIdentityArkType as mr, CookieStoreConfig as mt, AuthClientOptions as n, JWTSigningAlgorithm as nn, figma as nr, SessionFrom as nt, TypedJWTPayload$1 as o, SessionConfig as on, github as or, Wrap as ot, OptionsWithRedirectTo as p, DribbbleDefault as pn, UserIdentity as pr, CookieName as pt, EditableShapeValibot as q, SpotifyImage as qn, JWTEncryptedMode as qt, JWTPayloadWithToken as r, JWTStrategyOptions as rn, BitbucketProfile as rr, TypeboxShapeToObject as rt, APIOptionsWithRedirectTo as s, SessionStrategy as sn, createSyslogMessage as sr, ZodShapeToObject as st, AuthClient as t, JWTSignedMode as tn, FigmaProfile as tr, Prettify$1 as tt, FunctionAPIContext as u, BuiltInOAuthProvider as un, IsValibot as ur, AuthInstance as ut, SignInCredentialsOptions as v, clickUp as vn, UserShapeArkType as vr, CredentialsProviderContext as vt, SignOutOptions as w, FullTeam as wn, LogLevel as wt, SignInReturn as x, atlassian as xn, createIdentity as xr, InternalContext as xt, SignInCredentialsReturn as y, AtlassianProfile as yn, UserShapeTypeBox as yr, HostCookie as yt, ArktypeShapeToObject as z, MailchimpProfile as zn, ResponseType as zt };
|