@codefox-inc/oauth-provider 0.2.0

package/dist/client/index.js

@@ -0,0 +1,230 @@
+import { openIdConfigurationHandler, jwksHandler, tokenHandler, userInfoHandler, registerHandler, authorizeHandler, oauthProtectedResourceHandler, } from "../component/handlers.js";
+export { OAuthError, verifyAccessToken, isOAuthToken, getOAuthClientId, DEFAULT_OAUTH_ISSUER_PATTERN, } from "../lib/oauth.js";
+export { OAUTH_CONSTANTS, OAUTH_ERROR_CODES } from "../component/constants.js";
+// Auth helper for getCurrentUser pattern
+export { createAuthHelper } from "./auth-helper.js";
+// Route registration helper
+export { registerOAuthRoutes } from "./routes.js";
+// Auth config generator
+export { generateAuthConfig, createAuthConfig } from "./auth-config.js";
+/**
+ * OAuth Provider SDK
+ *
+ * Usage:
+ * ```typescript
+ * import { OAuthProvider } from "@codefox-inc/oauth-provider";
+ * import { components } from "./_generated/api";
+ *
+ * const oauthProvider = new OAuthProvider(components.oauthProvider, {
+ *   privateKey: process.env.OAUTH_PRIVATE_KEY!,
+ *   publicKey: process.env.OAUTH_PUBLIC_KEY!,
+ *   siteUrl: process.env.SITE_URL!,
+ * });
+ *
+ * // In http.ts
+ * http.route({
+ *   path: "/oauth/.well-known/openid-configuration",
+ *   method: "GET",
+ *   handler: httpAction((ctx, req) => oauthProvider.handlers.openIdConfiguration(ctx, req)),
+ * });
+ * ```
+ */
+export class OAuthProvider {
+    config;
+    api;
+    component;
+    constructor(component, config) {
+        this.config = config;
+        this.component = component;
+        this.api = this.createAPI(component);
+    }
+    getConfig() {
+        return this.config;
+    }
+    createAPI(component) {
+        return {
+            queries: {
+                getClient: (ctx, args) => ctx.runQuery(component.queries.getClient, args),
+                getRefreshToken: (ctx, args) => ctx.runQuery(component.queries.getRefreshToken, args),
+                getTokensByUser: (ctx, args) => ctx.runQuery(component.queries.getTokensByUser, args),
+            },
+            mutations: {
+                issueAuthorizationCode: (ctx, args) => ctx.runMutation(component.mutations.issueAuthorizationCode, args),
+                consumeAuthCode: (ctx, args) => ctx.runMutation(component.mutations.consumeAuthCode, args),
+                saveTokens: (ctx, args) => ctx.runMutation(component.mutations.saveTokens, args),
+                rotateRefreshToken: (ctx, args) => ctx.runMutation(component.mutations.rotateRefreshToken, args),
+                upsertAuthorization: (ctx, args) => ctx.runMutation(component.mutations.upsertAuthorization, args),
+                updateAuthorizationLastUsed: (ctx, args) => ctx.runMutation(component.mutations.updateAuthorizationLastUsed, args),
+            },
+            clientManagement: {
+                registerClient: (ctx, args) => ctx.runMutation(component.clientManagement.registerClient, args),
+                verifyClientSecret: (ctx, args) => ctx.runMutation(component.clientManagement.verifyClientSecret, args),
+            },
+        };
+    }
+    /**
+     * HTTP Handlers for mounting in http.ts
+     *
+     * Note: ctx expects Convex ActionCtx (HTTP Action context).
+     * RunActionCtx is used as the base type for compatibility.
+     */
+    get handlers() {
+        return {
+            /**
+             * OpenID Connect Discovery
+             * Mount at: /oauth/.well-known/openid-configuration
+             */
+            openIdConfiguration: (ctx, request) => openIdConfigurationHandler(ctx, request, this.config),
+            /**
+             * Authorization Endpoint
+             * Mount at: /oauth/authorize
+             */
+            authorize: (ctx, request) => authorizeHandler(ctx, request, this.config, this.api),
+            /**
+             * JWKS Endpoint
+             * Mount at: /oauth/.well-known/jwks.json
+             */
+            jwks: (ctx, request) => jwksHandler(ctx, request, this.config),
+            /**
+             * Token Endpoint
+             * Mount at: /oauth/token
+             */
+            token: (ctx, request) => tokenHandler(ctx, request, this.config, this.api),
+            /**
+             * UserInfo Endpoint
+             * Mount at: /oauth/userinfo
+             * Requires getUserProfile callback
+             */
+            userInfo: (ctx, request, getUserProfile) => userInfoHandler(ctx, request, this.config, getUserProfile),
+            /**
+             * Dynamic Client Registration
+             * Mount at: /oauth/register
+             */
+            register: (ctx, request) => registerHandler(ctx, request, this.config, this.api),
+            /**
+             * Protected Resource Metadata
+             * Mount at: /.well-known/oauth-protected-resource
+             */
+            protectedResource: (ctx, request) => oauthProtectedResourceHandler(ctx, request, this.config),
+        };
+    }
+    /**
+     * Issue Authorization Code
+     * Called from consent approval mutation
+     * Also creates/updates authorization record automatically
+     */
+    async issueAuthorizationCode(ctx, args) {
+        if (!args.codeChallenge) {
+            throw new Error("codeChallenge required");
+        }
+        const codeChallengeMethod = args.codeChallengeMethod ?? "S256";
+        if (codeChallengeMethod !== "S256") {
+            throw new Error("codeChallengeMethod must be S256");
+        }
+        // 1. Create/update authorization record (user consented)
+        await this.api.mutations.upsertAuthorization(ctx, {
+            userId: args.userId,
+            clientId: args.clientId,
+            scopes: args.scopes,
+        });
+        // 2. Issue the authorization code
+        return this.api.mutations.issueAuthorizationCode(ctx, {
+            ...args,
+            codeChallenge: args.codeChallenge,
+            codeChallengeMethod,
+        });
+    }
+    /**
+     * Get OAuth Client
+     */
+    async getClient(ctx, clientId) {
+        return this.api.queries.getClient(ctx, { clientId });
+    }
+    /**
+     * Register OAuth Client (for admin use)
+     */
+    async registerClient(ctx, args) {
+        return this.api.clientManagement.registerClient(ctx, args);
+    }
+    /**
+     * Get user's active tokens
+     */
+    async getTokensByUser(ctx, userId) {
+        return this.api.queries.getTokensByUser(ctx, { userId });
+    }
+    // -------------------------------------------------------------------------
+    // Authorization Management
+    // -------------------------------------------------------------------------
+    /**
+     * Get authorization for a specific user-client pair
+     * Returns null if user has not authorized this client
+     */
+    async getAuthorization(ctx, userId, clientId) {
+        return ctx.runQuery(this.component.queries.getAuthorization, { userId, clientId });
+    }
+    /**
+     * List all authorized apps for a user
+     * Returns client info along with authorization details
+     */
+    async listUserAuthorizations(ctx, userId) {
+        return ctx.runQuery(this.component.queries.listUserAuthorizations, { userId });
+    }
+    /**
+     * Create or update authorization when user grants consent
+     * Call this when user approves OAuth consent
+     */
+    async upsertAuthorization(ctx, args) {
+        return ctx.runMutation(this.component.mutations.upsertAuthorization, args);
+    }
+    /**
+     * Revoke authorization and delete all associated tokens
+     * Call this when user wants to disconnect an app
+     */
+    async revokeAuthorization(ctx, userId, clientId) {
+        return ctx.runMutation(this.component.mutations.revokeAuthorization, { userId, clientId });
+    }
+    /**
+     * Check if user has already authorized this client with sufficient scopes
+     * Useful for "skip consent" flow
+     */
+    async hasAuthorization(ctx, userId, clientId, requiredScopes) {
+        const auth = await this.getAuthorization(ctx, userId, clientId);
+        if (!auth)
+            return false;
+        // Check if all required scopes are authorized
+        return requiredScopes.every(scope => auth.scopes.includes(scope));
+    }
+    /**
+     * Check if authorization exists (for revocation check)
+     * Use this with createAuthHelper's checkAuthorization option
+     */
+    async checkAuthorizationValid(ctx, userId, clientId) {
+        if (clientId) {
+            // Check specific client authorization
+            return ctx.runQuery(this.component.queries.hasAuthorization, { userId, clientId });
+        }
+        else {
+            // Check if user has any authorization
+            return ctx.runQuery(this.component.queries.hasAnyAuthorization, { userId });
+        }
+    }
+    /**
+     * Create a checkAuthorization function for use with createAuthHelper
+     * This ensures revoked authorizations are rejected
+     *
+     * @example
+     * ```typescript
+     * const oauthProvider = new OAuthProvider(components.oauthProvider, config);
+     * const authHelper = createAuthHelper({
+     *   providers: ["anonymous"],
+     *   checkAuthorization: oauthProvider.createAuthorizationChecker(),
+     * });
+     * ```
+     */
+    createAuthorizationChecker() {
+        return async (ctx, userId, clientId) => {
+            return this.checkAuthorizationValid(ctx, userId, clientId);
+        };
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,0BAA0B,EAC1B,WAAW,EACX,YAAY,EACZ,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,6BAA6B,GAChC,MAAM,0BAA0B,CAAC;AAOlC,OAAO,EACH,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,4BAA4B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE/E,yCAAyC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,4BAA4B;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,wBAAwB;AACxB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQxE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,aAAa;IACd,MAAM,CAAsB;IAC5B,GAAG,CAAoB;IAEvB,SAAS,CAAM;IAEvB,YAEI,SAAc,EACd,MAA2B;QAE3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,SAAS;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAGO,SAAS,CAAC,SAAc;QAC5B,OAAO;YACH,OAAO,EAAE;gBACL,SAAS,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;gBACzE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;gBACrF,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC;aACxF;YACD,SAAS,EAAE;gBACP,sBAAsB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAClC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC;gBACrE,eAAe,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC3B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,CAAC;gBAC9D,UAAU,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACtB,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC;gBACzD,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,kBAAkB,EAAE,IAAI,CAAC;gBACjE,mBAAmB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC/B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC;gBAClE,2BAA2B,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACvC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,SAAS,CAAC,2BAA2B,EAAE,IAAI,CAAC;aAC7E;YACD,gBAAgB,EAAE;gBACd,cAAc,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC1B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,cAAc,EAAE,IAAI,CAAC;gBACpE,kBAAkB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAC9B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,CAAC;aAC3E;SACJ,CAAC;IACN,CAAC;IAED;;;;;OAKG;IACH,IAAI,QAAQ;QACR,OAAO;YACH;;;eAGG;YACH,mBAAmB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACzD,0BAA0B,CAAC,GAAuD,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE7G;;;eAGG;YACH,SAAS,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC/C,gBAAgB,CAAC,GAA6C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEnG;;;eAGG;YACH,IAAI,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC1C,WAAW,CAAC,GAAwC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YAE/E;;;eAGG;YACH,KAAK,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC3C,YAAY,CAAC,GAAyC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAE3F;;;;eAIG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,cAA+D,EAAE,EAAE,CAC/G,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC;YAEvG;;;eAGG;YACH,QAAQ,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CAC9C,eAAe,CAAC,GAA4C,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;YAEjG;;;eAGG;YACH,iBAAiB,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE,CACvD,6BAA6B,CAAC,GAA0D,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;SACtH,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAmB,EAAE,IAQjD;QACG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,IAAI,MAAM,CAAC;QAC/D,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC;QAED,yDAAyD;QACzD,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE;YAC9C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC,CAAC;QAEH,kCAAkC;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,GAAG,EAAE;YAClD,GAAG,IAAI;YACP,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,mBAAmB;SACtB,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,GAAgB,EAAE,QAAgB;QAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB,EAAE,IASzC;QACG,OAAO,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,MAAc;QAClD,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAE5E;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAgB;QACrE,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IACvF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,GAAgB,EAAE,MAAc;QACzD,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACnF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAmB,EAAE,IAI9C;QACG,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAmB,EAAE,MAAc,EAAE,QAAgB;QAC3E,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAgB,EAAE,cAAwB;QAC/F,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,8CAA8C;QAC9C,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,uBAAuB,CAAC,GAAgB,EAAE,MAAc,EAAE,QAAiB;QAC7E,IAAI,QAAQ,EAAE,CAAC;YACX,sCAAsC;YACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACJ,sCAAsC;YACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAChF,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,0BAA0B;QACtB,OAAO,KAAK,EAAE,GAAgB,EAAE,MAAc,EAAE,QAAiB,EAAoB,EAAE;YACnF,OAAO,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC;IACN,CAAC;CACJ"}

package/dist/client/routes.d.ts

@@ -0,0 +1,94 @@
+/**
+ * OAuth Route Registration Helper
+ *
+ * Simplifies registering all OAuth endpoints in http.ts
+ */
+import type { OAuthProvider } from "./index.js";
+import type { UserProfile } from "../lib/oauth.js";
+import type { RunActionCtx, RunQueryCtx } from "../lib/convex-types.js";
+import type { Auth } from "convex/server";
+/**
+ * HTTP Router interface (compatible with Convex httpRouter)
+ */
+interface HttpRouter {
+    route: (config: {
+        path: string;
+        method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "OPTIONS";
+        handler: any;
+    }) => void;
+}
+/**
+ * HTTP Action creator function
+ * Note: Actual Convex ActionCtx extends RunActionCtx with additional HTTP-specific properties
+ */
+type HttpActionCreator = (handler: (ctx: RunActionCtx & {
+    auth: Auth;
+}, request: Request) => Promise<Response>) => unknown;
+/**
+ * Options for registering OAuth routes
+ */
+export interface RegisterOAuthRoutesOptions {
+    /**
+     * URL prefix for OAuth endpoints
+     * @default "/oauth"
+     */
+    prefix?: string;
+    /**
+     * Callback to get user profile for UserInfo endpoint
+     * Receives ctx for DB access (e.g., ctx.runQuery)
+     * If not provided, UserInfo endpoint returns only { sub: userId }
+     */
+    getUserProfile?: (ctx: RunQueryCtx, userId: string) => Promise<UserProfile | null>;
+    /**
+     * Custom authorize handler for authentication check before consent
+     * If not provided, simply redirects to consent page
+     *
+     * @example
+     * ```typescript
+     * authorizeHandler: async (ctx, request, defaultRedirect) => {
+     *   const identity = await ctx.auth.getUserIdentity();
+     *   if (!identity) {
+     *     const loginUrl = new URL(`${siteUrl}/login`);
+     *     loginUrl.searchParams.set("returnTo", request.url);
+     *     return Response.redirect(loginUrl.toString());
+     *   }
+     *   return defaultRedirect();
+     * }
+     * ```
+     */
+    authorizeHandler?: (ctx: RunActionCtx & {
+        auth: Auth;
+    }, request: Request, defaultAuthorize: () => Promise<Response>) => Promise<Response>;
+    /**
+     * SITE_URL for authorize redirect
+     */
+    siteUrl?: string;
+    /**
+     * Also register routes without /oauth prefix for RFC 8414 compatibility
+     * @default true
+     */
+    registerRootWellKnown?: boolean;
+}
+/**
+ * Register all OAuth routes on an HTTP router
+ *
+ * @example
+ * ```typescript
+ * import { httpRouter } from "convex/server";
+ * import { httpAction } from "./_generated/server";
+ * import { OAuthProvider, registerOAuthRoutes } from "@codefox-inc/oauth-provider";
+ *
+ * const http = httpRouter();
+ * const oauthProvider = new OAuthProvider(components.oauthProvider, config);
+ *
+ * registerOAuthRoutes(http, httpAction, oauthProvider, {
+ *   siteUrl: process.env.SITE_URL,
+ *   getUserProfile: async (userId) => ({ sub: userId, name: "User" }),
+ * });
+ *
+ * export default http;
+ * ```
+ */
+export declare function registerOAuthRoutes(http: HttpRouter, httpAction: HttpActionCreator, oauthProvider: OAuthProvider, options?: RegisterOAuthRoutesOptions): void;
+export {};
+//# sourceMappingURL=routes.d.ts.map

package/dist/client/routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/client/routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C;;GAEG;AACH,UAAU,UAAU;IAChB,KAAK,EAAE,CAAC,MAAM,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,CAAC;QAEhE,OAAO,EAAE,GAAG,CAAC;KAChB,KAAK,IAAI,CAAC;CACd;AAED;;;GAGG;AACH,KAAK,iBAAiB,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,YAAY,GAAG;IAAE,IAAI,EAAE,IAAI,CAAA;CAAE,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC;AAE3H;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACvC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAEnF;;;;;;;;;;;;;;;;OAgBG;IACH,gBAAgB,CAAC,EAAE,CACf,GAAG,EAAE,YAAY,GAAG;QAAE,IAAI,EAAE,IAAI,CAAA;KAAE,EAClC,OAAO,EAAE,OAAO,EAChB,gBAAgB,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,KACxC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEvB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACnC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,mBAAmB,CAC/B,IAAI,EAAE,UAAU,EAChB,UAAU,EAAE,iBAAiB,EAC7B,aAAa,EAAE,aAAa,EAC5B,OAAO,GAAE,0BAA+B,GACzC,IAAI,CA+IN"}

package/dist/client/routes.js

@@ -0,0 +1,113 @@
+/**
+ * OAuth Route Registration Helper
+ *
+ * Simplifies registering all OAuth endpoints in http.ts
+ */
+import { normalizePrefix } from "../lib/oauth.js";
+/**
+ * Register all OAuth routes on an HTTP router
+ *
+ * @example
+ * ```typescript
+ * import { httpRouter } from "convex/server";
+ * import { httpAction } from "./_generated/server";
+ * import { OAuthProvider, registerOAuthRoutes } from "@codefox-inc/oauth-provider";
+ *
+ * const http = httpRouter();
+ * const oauthProvider = new OAuthProvider(components.oauthProvider, config);
+ *
+ * registerOAuthRoutes(http, httpAction, oauthProvider, {
+ *   siteUrl: process.env.SITE_URL,
+ *   getUserProfile: async (userId) => ({ sub: userId, name: "User" }),
+ * });
+ *
+ * export default http;
+ * ```
+ */
+export function registerOAuthRoutes(http, httpAction, oauthProvider, options = {}) {
+    const baseConfig = oauthProvider.getConfig?.();
+    const prefix = normalizePrefix(options.prefix ?? baseConfig?.prefix);
+    const { getUserProfile, authorizeHandler, siteUrl: _siteUrl = "http://localhost:5173", registerRootWellKnown = true, } = options;
+    const handlers = oauthProvider.handlers;
+    // Helper to register GET + OPTIONS for a path
+    const registerGetEndpoint = (path, handler) => {
+        http.route({
+            path,
+            method: "GET",
+            handler: httpAction((ctx, req) => handler(ctx, req)),
+        });
+        http.route({
+            path,
+            method: "OPTIONS",
+            handler: httpAction((ctx, req) => handler(ctx, req)),
+        });
+    };
+    // Helper to register POST + OPTIONS for a path
+    const registerPostEndpoint = (path, handler) => {
+        http.route({
+            path,
+            method: "POST",
+            handler: httpAction((ctx, req) => handler(ctx, req)),
+        });
+        http.route({
+            path,
+            method: "OPTIONS",
+            handler: httpAction((ctx, req) => handler(ctx, req)),
+        });
+    };
+    // 1. OpenID Configuration
+    registerGetEndpoint(`${prefix}/.well-known/openid-configuration`, (ctx, req) => handlers.openIdConfiguration(ctx, req));
+    // 2. OAuth Authorization Server Metadata (RFC 8414)
+    registerGetEndpoint(`${prefix}/.well-known/oauth-authorization-server`, (ctx, req) => handlers.openIdConfiguration(ctx, req));
+    // 3. JWKS
+    registerGetEndpoint(`${prefix}/.well-known/jwks.json`, (ctx, req) => handlers.jwks(ctx, req));
+    // 4. Protected Resource Metadata (RFC 9728)
+    registerGetEndpoint(`${prefix}/.well-known/oauth-protected-resource`, (ctx, req) => handlers.protectedResource(ctx, req));
+    // 5. Authorization Endpoint (redirect to frontend)
+    const authorizeEndpoint = async (ctx, request) => {
+        const defaultAuthorize = () => handlers.authorize(ctx, request);
+        if (authorizeHandler) {
+            return authorizeHandler(ctx, request, defaultAuthorize);
+        }
+        return defaultAuthorize();
+    };
+    registerGetEndpoint(`${prefix}/authorize`, (ctx, req) => authorizeEndpoint(ctx, req));
+    // 6. Token Endpoint
+    registerPostEndpoint(`${prefix}/token`, (ctx, req) => handlers.token(ctx, req));
+    // 7. UserInfo Endpoint
+    // Wrap getUserProfile to pass ctx for DB access
+    const userInfoHandler = getUserProfile
+        ? (ctx, req) => handlers.userInfo(ctx, req, (userId) => getUserProfile(ctx, userId))
+        : (ctx, req) => handlers.userInfo(ctx, req, async (userId) => ({ sub: userId }));
+    http.route({
+        path: `${prefix}/userinfo`,
+        method: "GET",
+        handler: httpAction(userInfoHandler),
+    });
+    http.route({
+        path: `${prefix}/userinfo`,
+        method: "POST",
+        handler: httpAction(userInfoHandler),
+    });
+    http.route({
+        path: `${prefix}/userinfo`,
+        method: "OPTIONS",
+        handler: httpAction(userInfoHandler),
+    });
+    // 8. Dynamic Client Registration
+    registerPostEndpoint(`${prefix}/register`, (ctx, req) => handlers.register(ctx, req));
+    // Root well-known paths (RFC 8414 compatibility)
+    if (registerRootWellKnown) {
+        // /.well-known/oauth-authorization-server
+        registerGetEndpoint("/.well-known/oauth-authorization-server", (ctx, req) => handlers.openIdConfiguration(ctx, req));
+        // /.well-known/oauth-authorization-server{prefix} (for issuer with custom prefix)
+        // RFC 8414: If issuer is https://example.com/oauth, well-known is /.well-known/oauth-authorization-server/oauth
+        // Only register if prefix is non-empty to avoid duplicate route registration
+        if (prefix && prefix !== "/") {
+            registerGetEndpoint(`/.well-known/oauth-authorization-server${prefix}`, (ctx, req) => handlers.openIdConfiguration(ctx, req));
+        }
+        // /.well-known/oauth-protected-resource
+        registerGetEndpoint("/.well-known/oauth-protected-resource", (ctx, req) => handlers.protectedResource(ctx, req));
+    }
+}
+//# sourceMappingURL=routes.js.map

package/dist/client/routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.js","sourceRoot":"","sources":["../../src/client/routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AA2ElD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,mBAAmB,CAC/B,IAAgB,EAChB,UAA6B,EAC7B,aAA4B,EAC5B,UAAsC,EAAE;IAExC,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,IAAI,UAAU,EAAE,MAAM,CAAC,CAAC;IACrE,MAAM,EACF,cAAc,EACd,gBAAgB,EAChB,OAAO,EAAE,QAAQ,GAAG,uBAAuB,EAC3C,qBAAqB,GAAG,IAAI,GAC/B,GAAG,OAAO,CAAC;IAEZ,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC;IAExC,8CAA8C;IAC9C,MAAM,mBAAmB,GAAG,CACxB,IAAY,EACZ,OAA+D,EACjE,EAAE;QACA,IAAI,CAAC,KAAK,CAAC;YACP,IAAI;YACJ,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC;YACP,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACvD,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,+CAA+C;IAC/C,MAAM,oBAAoB,GAAG,CACzB,IAAY,EACZ,OAA+D,EACjE,EAAE;QACA,IAAI,CAAC,KAAK,CAAC;YACP,IAAI;YACJ,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC;YACP,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACvD,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,0BAA0B;IAC1B,mBAAmB,CACf,GAAG,MAAM,mCAAmC,EAC5C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CACvD,CAAC;IAEF,oDAAoD;IACpD,mBAAmB,CACf,GAAG,MAAM,yCAAyC,EAClD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CACvD,CAAC;IAEF,UAAU;IACV,mBAAmB,CACf,GAAG,MAAM,wBAAwB,EACjC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CACxC,CAAC;IAEF,4CAA4C;IAC5C,mBAAmB,CACf,GAAG,MAAM,uCAAuC,EAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CACrD,CAAC;IAEF,mDAAmD;IACnD,MAAM,iBAAiB,GAAG,KAAK,EAAE,GAAiB,EAAE,OAAgB,EAAE,EAAE;QACpE,MAAM,gBAAgB,GAAG,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAEhE,IAAI,gBAAgB,EAAE,CAAC;YACnB,OAAO,gBAAgB,CAAC,GAAoC,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAC7F,CAAC;QAED,OAAO,gBAAgB,EAAE,CAAC;IAC9B,CAAC,CAAC;IACF,mBAAmB,CACf,GAAG,MAAM,YAAY,EACrB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAC5C,CAAC;IAEF,oBAAoB;IACpB,oBAAoB,CAChB,GAAG,MAAM,QAAQ,EACjB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CACzC,CAAC;IAEF,uBAAuB;IACvB,gDAAgD;IAChD,MAAM,eAAe,GAAG,cAAc;QAClC,CAAC,CAAC,CAAC,GAAiB,EAAE,GAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3G,CAAC,CAAC,CAAC,GAAiB,EAAE,GAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAE5G,IAAI,CAAC,KAAK,CAAC;QACP,IAAI,EAAE,GAAG,MAAM,WAAW;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,UAAU,CAAC,eAAe,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,CAAC,KAAK,CAAC;QACP,IAAI,EAAE,GAAG,MAAM,WAAW;QAC1B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,UAAU,CAAC,eAAe,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,CAAC,KAAK,CAAC;QACP,IAAI,EAAE,GAAG,MAAM,WAAW;QAC1B,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,UAAU,CAAC,eAAe,CAAC;KACvC,CAAC,CAAC;IAEH,iCAAiC;IACjC,oBAAoB,CAChB,GAAG,MAAM,WAAW,EACpB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAC5C,CAAC;IAEF,iDAAiD;IACjD,IAAI,qBAAqB,EAAE,CAAC;QACxB,0CAA0C;QAC1C,mBAAmB,CACf,yCAAyC,EACzC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CACvD,CAAC;QAEF,kFAAkF;QAClF,gHAAgH;QAChH,6EAA6E;QAC7E,IAAI,MAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3B,mBAAmB,CACf,0CAA0C,MAAM,EAAE,EAClD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CACvD,CAAC;QACN,CAAC;QAED,wCAAwC;QACxC,mBAAmB,CACf,uCAAuC,EACvC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CACrD,CAAC;IACN,CAAC;AACL,CAAC"}

package/dist/component/_generated/api.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Generated `api` utility.
+ *
+ * THIS CODE IS AUTOMATICALLY GENERATED.
+ *
+ * To regenerate, run `npx convex dev`.
+ * @module
+ */
+import type * as clientManagement from "../clientManagement.js";
+import type * as constants from "../constants.js";
+import type * as handlers from "../handlers.js";
+import type * as mutations from "../mutations.js";
+import type * as queries from "../queries.js";
+import type * as token_security from "../token_security.js";
+import type { ApiFromModules, FilterApi, FunctionReference } from "convex/server";
+declare const fullApi: ApiFromModules<{
+    clientManagement: typeof clientManagement;
+    constants: typeof constants;
+    handlers: typeof handlers;
+    mutations: typeof mutations;
+    queries: typeof queries;
+    token_security: typeof token_security;
+}>;
+/**
+ * A utility for referencing Convex functions in your app's public API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = api.myModule.myFunction;
+ * ```
+ */
+export declare const api: FilterApi<typeof fullApi, FunctionReference<any, "public">>;
+/**
+ * A utility for referencing Convex functions in your app's internal API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = internal.myModule.myFunction;
+ * ```
+ */
+export declare const internal: FilterApi<typeof fullApi, FunctionReference<any, "internal">>;
+export declare const components: {};
+export {};
+//# sourceMappingURL=api.d.ts.map

package/dist/component/_generated/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../src/component/_generated/api.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAEH,OAAO,KAAK,KAAK,gBAAgB,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,KAAK,SAAS,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAChD,OAAO,KAAK,KAAK,SAAS,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,KAAK,OAAO,MAAM,eAAe,CAAC;AAC9C,OAAO,KAAK,KAAK,cAAc,MAAM,sBAAsB,CAAC;AAE5D,OAAO,KAAK,EACV,cAAc,EACd,SAAS,EACT,iBAAiB,EAClB,MAAM,eAAe,CAAC;AAGvB,QAAA,MAAM,OAAO,EAAE,cAAc,CAAC;IAC5B,gBAAgB,EAAE,OAAO,gBAAgB,CAAC;IAC1C,SAAS,EAAE,OAAO,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,QAAQ,CAAC;IAC1B,SAAS,EAAE,OAAO,SAAS,CAAC;IAC5B,OAAO,EAAE,OAAO,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,cAAc,CAAC;CACvC,CAAiB,CAAC;AAEnB;;;;;;;GAOG;AACH,eAAO,MAAM,GAAG,EAAE,SAAS,CACzB,OAAO,OAAO,EACd,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CACjB,CAAC;AAElB;;;;;;;GAOG;AACH,eAAO,MAAM,QAAQ,EAAE,SAAS,CAC9B,OAAO,OAAO,EACd,iBAAiB,CAAC,GAAG,EAAE,UAAU,CAAC,CACnB,CAAC;AAElB,eAAO,MAAM,UAAU,EAAqC,EAAE,CAAC"}

package/dist/component/_generated/api.js

@@ -0,0 +1,31 @@
+/* eslint-disable */
+/**
+ * Generated `api` utility.
+ *
+ * THIS CODE IS AUTOMATICALLY GENERATED.
+ *
+ * To regenerate, run `npx convex dev`.
+ * @module
+ */
+import { anyApi, componentsGeneric } from "convex/server";
+const fullApi = anyApi;
+/**
+ * A utility for referencing Convex functions in your app's public API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = api.myModule.myFunction;
+ * ```
+ */
+export const api = anyApi;
+/**
+ * A utility for referencing Convex functions in your app's internal API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = internal.myModule.myFunction;
+ * ```
+ */
+export const internal = anyApi;
+export const components = componentsGeneric();
+//# sourceMappingURL=api.js.map

package/dist/component/_generated/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../src/component/_generated/api.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB;;;;;;;GAOG;AAcH,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAE1D,MAAM,OAAO,GAOR,MAAa,CAAC;AAEnB;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,GAAG,GAGZ,MAAa,CAAC;AAElB;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,QAAQ,GAGjB,MAAa,CAAC;AAElB,MAAM,CAAC,MAAM,UAAU,GAAG,iBAAiB,EAAmB,CAAC"}

package/dist/component/_generated/component.d.ts

@@ -0,0 +1,123 @@
+/**
+ * Generated `ComponentApi` utility.
+ *
+ * THIS CODE IS AUTOMATICALLY GENERATED.
+ *
+ * To regenerate, run `npx convex dev`.
+ * @module
+ */
+import type { FunctionReference } from "convex/server";
+/**
+ * A utility for referencing a Convex component's exposed API.
+ *
+ * Useful when expecting a parameter like `components.myComponent`.
+ * Usage:
+ * ```ts
+ * async function myFunction(ctx: QueryCtx, component: ComponentApi) {
+ *   return ctx.runQuery(component.someFile.someQuery, { ...args });
+ * }
+ * ```
+ */
+export type ComponentApi<Name extends string | undefined = string | undefined> = {
+    clientManagement: {
+        deleteClient: FunctionReference<"mutation", "internal", {
+            clientId: string;
+        }, any, Name>;
+        registerClient: FunctionReference<"mutation", "internal", {
+            description?: string;
+            isInternal?: boolean;
+            logoUrl?: string;
+            name: string;
+            policyUrl?: string;
+            redirectUris: Array<string>;
+            scopes: Array<string>;
+            tosUrl?: string;
+            type: "confidential" | "public";
+            website?: string;
+        }, any, Name>;
+        verifyClientSecret: FunctionReference<"mutation", "internal", {
+            clientId: string;
+            clientSecret: string;
+        }, any, Name>;
+    };
+    mutations: {
+        consumeAuthCode: FunctionReference<"mutation", "internal", {
+            clientId: string;
+            code: string;
+            codeVerifier: string;
+            redirectUri?: string;
+        }, any, Name>;
+        deleteClient: FunctionReference<"mutation", "internal", {
+            clientId: string;
+        }, any, Name>;
+        issueAuthorizationCode: FunctionReference<"mutation", "internal", {
+            clientId: string;
+            codeChallenge: string;
+            codeChallengeMethod: string;
+            nonce?: string;
+            redirectUri: string;
+            scopes: Array<string>;
+            userId: string;
+        }, any, Name>;
+        revokeAuthorization: FunctionReference<"mutation", "internal", {
+            clientId: string;
+            userId: string;
+        }, any, Name>;
+        rotateRefreshToken: FunctionReference<"mutation", "internal", {
+            accessToken: string;
+            clientId: string;
+            expiresAt: number;
+            oldRefreshToken: string;
+            refreshToken?: string;
+            refreshTokenExpiresAt?: number;
+            scopes: Array<string>;
+            userId: string;
+        }, any, Name>;
+        saveTokens: FunctionReference<"mutation", "internal", {
+            accessToken: string;
+            authorizationCode?: string;
+            clientId: string;
+            expiresAt: number;
+            refreshToken?: string;
+            refreshTokenExpiresAt?: number;
+            scopes: Array<string>;
+            userId: string;
+        }, any, Name>;
+        updateAuthorizationLastUsed: FunctionReference<"mutation", "internal", {
+            clientId: string;
+            userId: string;
+        }, any, Name>;
+        upsertAuthorization: FunctionReference<"mutation", "internal", {
+            clientId: string;
+            scopes: Array<string>;
+            userId: string;
+        }, any, Name>;
+    };
+    queries: {
+        getAuthorization: FunctionReference<"query", "internal", {
+            clientId: string;
+            userId: string;
+        }, any, Name>;
+        getClient: FunctionReference<"query", "internal", {
+            clientId: string;
+        }, any, Name>;
+        getRefreshToken: FunctionReference<"query", "internal", {
+            refreshToken: string;
+        }, any, Name>;
+        getTokensByUser: FunctionReference<"query", "internal", {
+            userId: string;
+        }, any, Name>;
+        hasAnyAuthorization: FunctionReference<"query", "internal", {
+            userId: string;
+        }, any, Name>;
+        hasAuthorization: FunctionReference<"query", "internal", {
+            clientId: string;
+            userId: string;
+        }, any, Name>;
+        listClients: FunctionReference<"query", "internal", {}, any, Name>;
+        listUserAuthorizations: FunctionReference<"query", "internal", {
+            userId: string;
+        }, any, Name>;
+    };
+};
+//# sourceMappingURL=component.d.ts.map