npm - @draftlab/auth - Versions diffs - 0.15.0 → 0.16.0 - Mend

@draftlab/auth 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/dist/esm/allow.js +26 -0
package/dist/esm/client.js +254 -0
package/dist/esm/core.js +597 -0
package/dist/esm/css.d.js +0 -0
package/dist/esm/error.js +88 -0
package/dist/esm/index.js +5 -0
package/dist/esm/keys.js +126 -0
package/dist/esm/mutex.js +53 -0
package/dist/esm/pkce.js +87 -0
package/dist/esm/provider/apple.js +15 -0
package/dist/esm/provider/code.js +62 -0
package/dist/esm/provider/discord.js +15 -0
package/dist/esm/provider/facebook.js +15 -0
package/dist/esm/provider/github.js +15 -0
package/dist/esm/provider/gitlab.js +15 -0
package/dist/esm/provider/google.js +16 -0
package/dist/esm/provider/linkedin.js +15 -0
package/dist/esm/provider/magiclink.js +83 -0
package/dist/esm/provider/microsoft.js +15 -0
package/dist/esm/provider/oauth2.js +130 -0
package/dist/esm/provider/password.js +331 -0
package/dist/esm/provider/provider.js +18 -0
package/dist/esm/provider/reddit.js +15 -0
package/dist/esm/provider/slack.js +15 -0
package/dist/esm/provider/spotify.js +15 -0
package/dist/esm/provider/twitch.js +15 -0
package/dist/esm/provider/vercel.js +17 -0
package/dist/esm/random.js +40 -0
package/dist/esm/revocation.js +27 -0
package/dist/esm/storage/memory.js +110 -0
package/dist/esm/storage/storage.js +56 -0
package/dist/esm/storage/turso.js +93 -0
package/dist/esm/storage/unstorage.js +78 -0
package/dist/esm/subject.js +7 -0
package/dist/esm/themes/theme.js +115 -0
package/dist/esm/toolkit/client.js +119 -0
package/dist/esm/toolkit/index.js +25 -0
package/dist/esm/toolkit/providers/facebook.js +11 -0
package/dist/esm/toolkit/providers/github.js +11 -0
package/dist/esm/toolkit/providers/google.js +11 -0
package/dist/esm/toolkit/providers/strategy.js +0 -0
package/dist/esm/toolkit/storage.js +81 -0
package/dist/esm/toolkit/utils.js +18 -0
package/dist/esm/types.js +0 -0
package/dist/esm/ui/base.js +478 -0
package/dist/esm/ui/code.js +186 -0
package/dist/esm/ui/form.js +46 -0
package/dist/esm/ui/icon.js +242 -0
package/dist/esm/ui/magiclink.js +158 -0
package/dist/esm/ui/password.js +435 -0
package/dist/esm/ui/select.js +102 -0
package/dist/esm/util.js +59 -0
package/dist/{allow.d.mts → types/allow.d.ts} +9 -11
package/dist/types/allow.d.ts.map +1 -0
package/dist/types/client.d.ts +462 -0
package/dist/types/client.d.ts.map +1 -0
package/dist/types/core.d.ts +113 -0
package/dist/types/core.d.ts.map +1 -0
package/dist/{error.d.mts → types/error.d.ts} +95 -97
package/dist/types/error.d.ts.map +1 -0
package/dist/types/index.d.ts +2 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/{keys.d.mts → types/keys.d.ts} +20 -24
package/dist/types/keys.d.ts.map +1 -0
package/dist/types/mutex.d.ts +42 -0
package/dist/types/mutex.d.ts.map +1 -0
package/dist/{pkce.d.mts → types/pkce.d.ts} +10 -11
package/dist/types/pkce.d.ts.map +1 -0
package/dist/types/provider/apple.d.ts +197 -0
package/dist/types/provider/apple.d.ts.map +1 -0
package/dist/types/provider/code.d.ts +288 -0
package/dist/types/provider/code.d.ts.map +1 -0
package/dist/types/provider/discord.d.ts +206 -0
package/dist/types/provider/discord.d.ts.map +1 -0
package/dist/types/provider/facebook.d.ts +200 -0
package/dist/types/provider/facebook.d.ts.map +1 -0
package/dist/types/provider/github.d.ts +220 -0
package/dist/types/provider/github.d.ts.map +1 -0
package/dist/types/provider/gitlab.d.ts +180 -0
package/dist/types/provider/gitlab.d.ts.map +1 -0
package/dist/types/provider/google.d.ts +158 -0
package/dist/types/provider/google.d.ts.map +1 -0
package/dist/types/provider/linkedin.d.ts +190 -0
package/dist/types/provider/linkedin.d.ts.map +1 -0
package/dist/types/provider/magiclink.d.ts +141 -0
package/dist/types/provider/magiclink.d.ts.map +1 -0
package/dist/types/provider/microsoft.d.ts +247 -0
package/dist/types/provider/microsoft.d.ts.map +1 -0
package/dist/types/provider/oauth2.d.ts +229 -0
package/dist/types/provider/oauth2.d.ts.map +1 -0
package/dist/types/provider/password.d.ts +408 -0
package/dist/types/provider/password.d.ts.map +1 -0
package/dist/types/provider/provider.d.ts +226 -0
package/dist/types/provider/provider.d.ts.map +1 -0
package/dist/types/provider/reddit.d.ts +159 -0
package/dist/types/provider/reddit.d.ts.map +1 -0
package/dist/types/provider/slack.d.ts +171 -0
package/dist/types/provider/slack.d.ts.map +1 -0
package/dist/types/provider/spotify.d.ts +168 -0
package/dist/types/provider/spotify.d.ts.map +1 -0
package/dist/types/provider/twitch.d.ts +163 -0
package/dist/types/provider/twitch.d.ts.map +1 -0
package/dist/types/provider/vercel.d.ts +294 -0
package/dist/types/provider/vercel.d.ts.map +1 -0
package/dist/{random.d.mts → types/random.d.ts} +4 -6
package/dist/types/random.d.ts.map +1 -0
package/dist/types/revocation.d.ts +76 -0
package/dist/types/revocation.d.ts.map +1 -0
package/dist/{storage/memory.d.mts → types/storage/memory.d.ts} +17 -21
package/dist/types/storage/memory.d.ts.map +1 -0
package/dist/types/storage/storage.d.ts +177 -0
package/dist/types/storage/storage.d.ts.map +1 -0
package/dist/{storage/turso.d.mts → types/storage/turso.d.ts} +4 -8
package/dist/types/storage/turso.d.ts.map +1 -0
package/dist/{storage/unstorage.d.mts → types/storage/unstorage.d.ts} +12 -11
package/dist/types/storage/unstorage.d.ts.map +1 -0
package/dist/types/subject.d.ts +115 -0
package/dist/types/subject.d.ts.map +1 -0
package/dist/types/themes/theme.d.ts +207 -0
package/dist/types/themes/theme.d.ts.map +1 -0
package/dist/types/toolkit/client.d.ts +235 -0
package/dist/types/toolkit/client.d.ts.map +1 -0
package/dist/types/toolkit/index.d.ts +45 -0
package/dist/types/toolkit/index.d.ts.map +1 -0
package/dist/types/toolkit/providers/facebook.d.ts +8 -0
package/dist/types/toolkit/providers/facebook.d.ts.map +1 -0
package/dist/types/toolkit/providers/github.d.ts +8 -0
package/dist/types/toolkit/providers/github.d.ts.map +1 -0
package/dist/types/toolkit/providers/google.d.ts +8 -0
package/dist/types/toolkit/providers/google.d.ts.map +1 -0
package/dist/types/toolkit/providers/strategy.d.ts +38 -0
package/dist/types/toolkit/providers/strategy.d.ts.map +1 -0
package/dist/{toolkit/storage.d.mts → types/toolkit/storage.d.ts} +37 -39
package/dist/types/toolkit/storage.d.ts.map +1 -0
package/dist/{toolkit/utils.d.mts → types/toolkit/utils.d.ts} +2 -4
package/dist/types/toolkit/utils.d.ts.map +1 -0
package/dist/types/types.d.ts +92 -0
package/dist/types/types.d.ts.map +1 -0
package/dist/types/ui/base.d.ts +18 -0
package/dist/types/ui/base.d.ts.map +1 -0
package/dist/types/ui/code.d.ts +43 -0
package/dist/types/ui/code.d.ts.map +1 -0
package/dist/types/ui/form.d.ts +24 -0
package/dist/types/ui/form.d.ts.map +1 -0
package/dist/types/ui/icon.d.ts +60 -0
package/dist/types/ui/icon.d.ts.map +1 -0
package/dist/types/ui/magiclink.d.ts +41 -0
package/dist/types/ui/magiclink.d.ts.map +1 -0
package/dist/types/ui/password.d.ts +43 -0
package/dist/types/ui/password.d.ts.map +1 -0
package/dist/types/ui/select.d.ts +33 -0
package/dist/types/ui/select.d.ts.map +1 -0
package/dist/{util.d.mts → types/util.d.ts} +11 -13
package/dist/types/util.d.ts.map +1 -0
package/package.json +10 -16
package/dist/adapters/node.d.mts +0 -18
package/dist/adapters/node.mjs +0 -69
package/dist/allow.mjs +0 -63
package/dist/client.d.mts +0 -456
package/dist/client.mjs +0 -283
package/dist/core.d.mts +0 -110
package/dist/core.mjs +0 -595
package/dist/error.mjs +0 -237
package/dist/index.d.mts +0 -2
package/dist/index.mjs +0 -3
package/dist/keys.mjs +0 -146
package/dist/mutex.d.mts +0 -44
package/dist/mutex.mjs +0 -110
package/dist/pkce.mjs +0 -157
package/dist/provider/apple.d.mts +0 -111
package/dist/provider/apple.mjs +0 -164
package/dist/provider/code.d.mts +0 -228
package/dist/provider/code.mjs +0 -246
package/dist/provider/discord.d.mts +0 -146
package/dist/provider/discord.mjs +0 -156
package/dist/provider/facebook.d.mts +0 -142
package/dist/provider/facebook.mjs +0 -150
package/dist/provider/github.d.mts +0 -140
package/dist/provider/github.mjs +0 -169
package/dist/provider/gitlab.d.mts +0 -106
package/dist/provider/gitlab.mjs +0 -147
package/dist/provider/google.d.mts +0 -112
package/dist/provider/google.mjs +0 -109
package/dist/provider/linkedin.d.mts +0 -132
package/dist/provider/linkedin.mjs +0 -142
package/dist/provider/magiclink.d.mts +0 -89
package/dist/provider/magiclink.mjs +0 -143
package/dist/provider/microsoft.d.mts +0 -178
package/dist/provider/microsoft.mjs +0 -177
package/dist/provider/oauth2.d.mts +0 -176
package/dist/provider/oauth2.mjs +0 -222
package/dist/provider/passkey.d.mts +0 -104
package/dist/provider/passkey.mjs +0 -320
package/dist/provider/password.d.mts +0 -412
package/dist/provider/password.mjs +0 -363
package/dist/provider/provider.d.mts +0 -227
package/dist/provider/provider.mjs +0 -44
package/dist/provider/reddit.d.mts +0 -107
package/dist/provider/reddit.mjs +0 -127
package/dist/provider/slack.d.mts +0 -114
package/dist/provider/slack.mjs +0 -138
package/dist/provider/spotify.d.mts +0 -113
package/dist/provider/spotify.mjs +0 -135
package/dist/provider/totp.d.mts +0 -112
package/dist/provider/totp.mjs +0 -191
package/dist/provider/twitch.d.mts +0 -108
package/dist/provider/twitch.mjs +0 -131
package/dist/provider/vercel.d.mts +0 -177
package/dist/provider/vercel.mjs +0 -230
package/dist/random.mjs +0 -86
package/dist/revocation.d.mts +0 -55
package/dist/revocation.mjs +0 -63
package/dist/router/context.d.mts +0 -21
package/dist/router/context.mjs +0 -193
package/dist/router/cookies.d.mts +0 -8
package/dist/router/cookies.mjs +0 -13
package/dist/router/index.d.mts +0 -21
package/dist/router/index.mjs +0 -107
package/dist/router/matcher.d.mts +0 -15
package/dist/router/matcher.mjs +0 -76
package/dist/router/middleware/cors.d.mts +0 -15
package/dist/router/middleware/cors.mjs +0 -114
package/dist/router/safe-request.d.mts +0 -52
package/dist/router/safe-request.mjs +0 -160
package/dist/router/types.d.mts +0 -67
package/dist/router/types.mjs +0 -1
package/dist/router/variables.d.mts +0 -12
package/dist/router/variables.mjs +0 -20
package/dist/storage/memory.mjs +0 -125
package/dist/storage/storage.d.mts +0 -179
package/dist/storage/storage.mjs +0 -104
package/dist/storage/turso.mjs +0 -117
package/dist/storage/unstorage.mjs +0 -103
package/dist/subject.d.mts +0 -62
package/dist/subject.mjs +0 -36
package/dist/themes/theme.d.mts +0 -209
package/dist/themes/theme.mjs +0 -120
package/dist/toolkit/client.d.mts +0 -169
package/dist/toolkit/client.mjs +0 -209
package/dist/toolkit/index.d.mts +0 -9
package/dist/toolkit/index.mjs +0 -9
package/dist/toolkit/providers/facebook.d.mts +0 -12
package/dist/toolkit/providers/facebook.mjs +0 -16
package/dist/toolkit/providers/github.d.mts +0 -12
package/dist/toolkit/providers/github.mjs +0 -16
package/dist/toolkit/providers/google.d.mts +0 -12
package/dist/toolkit/providers/google.mjs +0 -20
package/dist/toolkit/providers/strategy.d.mts +0 -40
package/dist/toolkit/providers/strategy.mjs +0 -1
package/dist/toolkit/storage.mjs +0 -157
package/dist/toolkit/utils.mjs +0 -30
package/dist/types.d.mts +0 -94
package/dist/types.mjs +0 -1
package/dist/ui/base.d.mts +0 -30
package/dist/ui/base.mjs +0 -407
package/dist/ui/code.d.mts +0 -43
package/dist/ui/code.mjs +0 -173
package/dist/ui/form.d.mts +0 -32
package/dist/ui/form.mjs +0 -49
package/dist/ui/icon.d.mts +0 -58
package/dist/ui/icon.mjs +0 -247
package/dist/ui/magiclink.d.mts +0 -41
package/dist/ui/magiclink.mjs +0 -152
package/dist/ui/passkey.d.mts +0 -27
package/dist/ui/passkey.mjs +0 -323
package/dist/ui/password.d.mts +0 -42
package/dist/ui/password.mjs +0 -402
package/dist/ui/select.d.mts +0 -34
package/dist/ui/select.mjs +0 -98
package/dist/ui/totp.d.mts +0 -34
package/dist/ui/totp.mjs +0 -270
package/dist/util.mjs +0 -128

package/dist/client.mjs DELETED Viewed

@@ -1,283 +0,0 @@
-import { InvalidAccessTokenError, InvalidAuthorizationCodeError, InvalidRefreshTokenError, InvalidSubjectError } from "./error.mjs";
-import { generatePKCE } from "./pkce.mjs";
-import { createLocalJWKSet, errors, jwtVerify } from "jose";
-//#region src/client.ts
-/**
-* Draft Auth client for OAuth 2.0 authentication.
-*
-* ## Quick Start
-*
-* First, create a client.
-*
-* ```ts title="client.ts"
-* import { createClient } from "@draftlab/auth/client"
-*
-* const client = createClient({
-*   clientID: "my-client",
-*   issuer: "https://auth.myserver.com"
-* })
-* ```
-*
-* Start the OAuth flow by calling `authorize`.
-*
-* ```ts
-* const result = await client.authorize(
-*   "https://myapp.com/callback",
-*   "code"
-* )
-* if (result.success) {
-*   window.location.href = result.data.url
-* }
-* ```
-*
-* When the user completes the flow, exchange the code for tokens.
-*
-* ```ts
-* const result = await client.exchange(code, redirectUri)
-* if (result.success) {
-*   const { access, refresh } = result.data
-*   // Store tokens securely
-* }
-* ```
-*
-* Verify tokens to get user information.
-*
-* ```ts
-* const result = await client.verify(subjects, accessToken)
-* if (result.success) {
-*   // Access user properties: result.data.subject.properties
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Create a Draft Auth client.
-*
-* @param input - Client configuration
-* @returns Configured client instance
-*
-* @example Basic setup
-* ```ts
-* const client = createClient({
-*   clientID: "my-web-app",
-*   issuer: "https://auth.mycompany.com"
-* })
-* ```
-*/
-const createClient = (input) => {
-	const jwksCache = /* @__PURE__ */ new Map();
-	const issuerCache = /* @__PURE__ */ new Map();
-	const issuer = input.issuer;
-	if (!issuer) throw new Error("No issuer configured");
-	const f = input.fetch ?? fetch;
-	const getIssuer = async () => {
-		const cached = issuerCache.get(issuer);
-		if (cached) return cached;
-		const wellKnown = await f(`${issuer}/.well-known/oauth-authorization-server`).then((r) => r.json());
-		issuerCache.set(issuer, wellKnown);
-		return wellKnown;
-	};
-	const getJWKS = async () => {
-		const wk = await getIssuer();
-		const cached = jwksCache.get(issuer);
-		if (cached) return cached;
-		const result = createLocalJWKSet(await f(wk.jwks_uri).then((r) => r.json()));
-		jwksCache.set(issuer, result);
-		return result;
-	};
-	const client = {
-		async authorize(redirectURI, response, opts) {
-			try {
-				const wk = await getIssuer();
-				const authUrl = new URL(wk.authorization_endpoint);
-				const challenge = { state: crypto.randomUUID() };
-				authUrl.searchParams.set("client_id", input.clientID);
-				authUrl.searchParams.set("redirect_uri", redirectURI);
-				authUrl.searchParams.set("response_type", response);
-				authUrl.searchParams.set("state", challenge.state);
-				if (opts?.provider) authUrl.searchParams.set("provider", opts.provider);
-				if (opts?.pkce && response === "code") {
-					const pkce = await generatePKCE();
-					authUrl.searchParams.set("code_challenge_method", "S256");
-					authUrl.searchParams.set("code_challenge", pkce.challenge);
-					challenge.verifier = pkce.verifier;
-				}
-				return {
-					success: true,
-					data: {
-						challenge,
-						url: authUrl.toString()
-					}
-				};
-			} catch (error) {
-				return {
-					success: false,
-					error
-				};
-			}
-		},
-		async exchange(code, redirectURI, verifier) {
-			try {
-				const response = await f((await getIssuer()).token_endpoint, {
-					method: "POST",
-					headers: { "Content-Type": "application/x-www-form-urlencoded" },
-					body: new URLSearchParams({
-						code,
-						redirect_uri: redirectURI,
-						grant_type: "authorization_code",
-						client_id: input.clientID,
-						...verifier ? { code_verifier: verifier } : {}
-					}).toString()
-				});
-				if (!response.ok) return {
-					success: false,
-					error: new InvalidAuthorizationCodeError()
-				};
-				const responseText = await response.text();
-				let json;
-				try {
-					json = JSON.parse(responseText);
-				} catch {
-					return {
-						success: false,
-						error: new InvalidAuthorizationCodeError()
-					};
-				}
-				const tokenResponse = json;
-				return {
-					success: true,
-					data: {
-						access: tokenResponse.access_token,
-						refresh: tokenResponse.refresh_token,
-						expiresIn: tokenResponse.expires_in
-					}
-				};
-			} catch {
-				return {
-					success: false,
-					error: new InvalidAuthorizationCodeError()
-				};
-			}
-		},
-		async refresh(refresh, opts) {
-			try {
-				if (opts?.access) try {
-					const jwks = await getJWKS();
-					await jwtVerify(opts.access, jwks, { issuer });
-					return {
-						success: true,
-						data: {}
-					};
-				} catch {}
-				const response = await f((await getIssuer()).token_endpoint, {
-					method: "POST",
-					headers: { "Content-Type": "application/x-www-form-urlencoded" },
-					body: new URLSearchParams({
-						refresh_token: refresh,
-						grant_type: "refresh_token"
-					}).toString()
-				});
-				if (!response.ok) return {
-					success: false,
-					error: new InvalidRefreshTokenError()
-				};
-				const tokenResponse = await response.json();
-				return {
-					success: true,
-					data: { tokens: {
-						access: tokenResponse.access_token,
-						refresh: tokenResponse.refresh_token,
-						expiresIn: tokenResponse.expires_in
-					} }
-				};
-			} catch {
-				return {
-					success: false,
-					error: new InvalidRefreshTokenError()
-				};
-			}
-		},
-		async verify(subjects, token, options) {
-			try {
-				const jwtResult = await jwtVerify(token, await getJWKS(), {
-					issuer: options?.issuer ?? issuer,
-					audience: options?.audience ?? input.clientID
-				});
-				const validated = await subjects[jwtResult.payload.type]?.["~standard"].validate(jwtResult.payload.properties);
-				if (!validated?.issues && jwtResult.payload.mode === "access") return {
-					success: true,
-					data: {
-						aud: jwtResult.payload.aud,
-						subject: {
-							type: jwtResult.payload.type,
-							properties: validated?.value
-						}
-					}
-				};
-				return {
-					success: false,
-					error: new InvalidSubjectError()
-				};
-			} catch (e) {
-				if (e instanceof errors.JWTExpired && options?.refresh) {
-					const refreshed = await client.refresh(options.refresh);
-					if (!refreshed.success) return refreshed;
-					if (!refreshed.data.tokens) return {
-						success: false,
-						error: new InvalidAccessTokenError()
-					};
-					const verified = await client.verify(subjects, refreshed.data.tokens.access, {
-						refresh: refreshed.data.tokens.refresh,
-						issuer: options?.issuer,
-						audience: options?.audience,
-						fetch: options?.fetch
-					});
-					if (!verified.success) return verified;
-					return {
-						success: true,
-						data: {
-							...verified.data,
-							tokens: refreshed.data.tokens
-						}
-					};
-				}
-				return {
-					success: false,
-					error: new InvalidAccessTokenError()
-				};
-			}
-		},
-		async revoke(token, opts) {
-			try {
-				const wk = await getIssuer();
-				const body = new URLSearchParams({
-					token,
-					...opts?.tokenTypeHint ? { token_type_hint: opts.tokenTypeHint } : {}
-				});
-				if ((await f(wk.token_endpoint.replace("/token", "/revoke"), {
-					method: "POST",
-					headers: { "Content-Type": "application/x-www-form-urlencoded" },
-					body: body.toString()
-				})).ok) return {
-					success: true,
-					data: void 0
-				};
-				return {
-					success: false,
-					error: /* @__PURE__ */ new Error("Failed to revoke token")
-				};
-			} catch (error) {
-				return {
-					success: false,
-					error
-				};
-			}
-		}
-	};
-	return client;
-};
-//#endregion
-export { createClient };

package/dist/core.d.mts DELETED Viewed

@@ -1,110 +0,0 @@
-import { AllowCheckInput } from "./allow.mjs";
-import { UnknownStateError } from "./error.mjs";
-import { Prettify } from "./util.mjs";
-import { SubjectPayload, SubjectSchema } from "./subject.mjs";
-import { Router } from "./router/index.mjs";
-import { StorageAdapter } from "./storage/storage.mjs";
-import { Provider } from "./provider/provider.mjs";
-import { Theme } from "./themes/theme.mjs";
-import { AuthorizationState } from "./types.mjs";
-//#region src/core.d.ts
-/**
- * Sets the subject payload in the JWT token and returns the response.
- */
-interface OnSuccessResponder<T extends {
-  type: string;
-  properties: unknown;
-}> {
-  subject<Type extends T["type"]>(type: Type, properties: Extract<T, {
-    type: Type;
-  }>["properties"], opts?: {
-    ttl?: {
-      access?: number;
-      refresh?: number;
-    };
-    subject?: string;
-  }): Promise<Response>;
-}
-/**
- * Main issuer input configuration interface.
- */
-interface IssuerInput<Providers extends Record<string, Provider<unknown>>, Subjects extends SubjectSchema, Result = { [Key in keyof Providers]: Prettify<{
-  provider: Key;
-} & (Providers[Key] extends Provider<infer T> ? T : Record<string, unknown>)> }[keyof Providers]> {
-  /** The storage adapter for persisting tokens and sessions */
-  storage: StorageAdapter;
-  /** Auth providers configuration */
-  providers: Providers;
-  /** Subject schemas for token validation */
-  subjects: Subjects;
-  /** Base path for embedded scenarios */
-  basePath?: string;
-  /** Success callback for completed authentication */
-  success(response: OnSuccessResponder<SubjectPayload<Subjects>>, input: Result, req: Request, clientID: string): Promise<Response>;
-  /** Theme configuration for UI */
-  theme?: Theme;
-  /** TTL configuration for tokens and sessions */
-  ttl?: {
-    access?: number;
-    refresh?: number;
-    reuse?: number;
-    retention?: number;
-  };
-  /** Provider selection UI function */
-  select?(providers: Record<string, string>, req: Request): Promise<Response>;
-  /** Optional start callback */
-  start?(req: Request): Promise<void>;
-  /** Error handling callback */
-  error?(error: UnknownStateError, req: Request): Promise<Response>;
-  /** Client authorization check function */
-  allow?(input: AllowCheckInput, req: Request): Promise<boolean>;
-  /**
-   * Refresh callback for updating user claims.
-   *
-   * @example
-   * ```typescript
-   * refresh: async (payload, req) => {
-   *   const user = await getUserBySubject(payload.subject)
-   *   if (!user || !user.active) {
-   *     return undefined // Revoke the token
-   *   }
-   *
-   *   return {
-   *     type: payload.type,
-   *     properties: {
-   *       userID: user.id,
-   *       role: user.role,
-   *       permissions: user.permissions,
-   *       lastLogin: new Date().toISOString()
-   *     }
-   *   }
-   * }
-   * ```
-   */
-  refresh?(payload: {
-    type: SubjectPayload<Subjects>["type"];
-    properties: SubjectPayload<Subjects>["properties"];
-    subject: string;
-    clientID: string;
-    scopes?: string[];
-  }, req: Request): Promise<{
-    type: SubjectPayload<Subjects>["type"];
-    properties: SubjectPayload<Subjects>["properties"];
-    subject?: string;
-    scopes?: string[];
-  } | undefined>;
-}
-/**
- * Create an Draft Auth server, a Router app that handles OAuth 2.0 flows.
- */
-declare const issuer: <Providers extends Record<string, Provider<unknown>>, Subjects extends SubjectSchema, Result = { [key in keyof Providers]: {
-  provider: key;
-} & (Providers[key] extends Provider<infer T> ? T : Record<string, unknown>) }[keyof Providers]>(input: IssuerInput<Providers, Subjects, Result>) => Router<{
-  Variables: {
-    authorization: AuthorizationState;
-  };
-}>;
-//#endregion
-export { OnSuccessResponder, issuer };