@go-mondo/nextjs-auth 0.1.0

package/dist/errors.cjs

@@ -0,0 +1,189 @@
+'use strict';
+
+// src/errors/auth.ts
+function appendCause(errorMessage, cause) {
+  if (!cause) return errorMessage;
+  const separator = errorMessage.endsWith(".") ? "" : ".";
+  return `${errorMessage}${separator} CAUSE: ${cause.message}`;
+}
+var AuthError = class extends Error {
+  /**
+   * A machine-readable error code that remains stable within a major version of the SDK. You
+   * should rely on this error code to handle errors. In contrast, the error message is not part of
+   * the API and can change anytime. Do **not** parse or otherwise rely on the error message to
+   * handle errors.
+   */
+  code;
+  /**
+   * The error class name.
+   */
+  name;
+  /**
+   * The underlying error, if any.
+   *
+   * **IMPORTANT** When this error is from the Identity Provider ({@link IdentityProviderError}) it can contain user
+   * input and is only escaped using basic escaping for putting untrusted data directly into the HTML body.
+   *
+   * You should **not** render this error without using a templating engine that will properly escape it for other
+   * HTML contexts first.
+   */
+  cause;
+  /**
+   * The HTTP status code, if any.
+   */
+  status;
+  /**
+   * @param options - Error metadata used by SDK-specific subclasses.
+   */
+  constructor(options) {
+    super(appendCause(options.message, options.cause));
+    this.code = options.code;
+    this.name = options.name;
+    this.cause = options.cause;
+    this.status = options.status;
+  }
+};
+
+// src/errors/access-token.ts
+var AccessTokenErrorCode = /* @__PURE__ */ ((AccessTokenErrorCode2) => {
+  AccessTokenErrorCode2["MISSING_SESSION"] = "ERR_MISSING_SESSION";
+  AccessTokenErrorCode2["MISSING_ACCESS_TOKEN"] = "ERR_MISSING_ACCESS_TOKEN";
+  AccessTokenErrorCode2["MISSING_REFRESH_TOKEN"] = "ERR_MISSING_REFRESH_TOKEN";
+  AccessTokenErrorCode2["EXPIRED_ACCESS_TOKEN"] = "ERR_EXPIRED_ACCESS_TOKEN";
+  AccessTokenErrorCode2["INSUFFICIENT_SCOPE"] = "ERR_INSUFFICIENT_SCOPE";
+  AccessTokenErrorCode2["FAILED_REFRESH_GRANT"] = "ERR_FAILED_REFRESH_GRANT";
+  return AccessTokenErrorCode2;
+})(AccessTokenErrorCode || {});
+var AccessTokenError = class _AccessTokenError extends AuthError {
+  /**
+   * @param code - Stable machine-readable error code.
+   * @param message - Human-readable diagnostic message.
+   * @param cause - Optional lower-level error.
+   */
+  constructor(code, message, cause) {
+    super({ code, message, name: "AccessTokenError", cause });
+    Error.captureStackTrace(this, this.constructor);
+    Object.setPrototypeOf(this, _AccessTokenError.prototype);
+  }
+};
+
+// src/errors/config.ts
+var ConfigError = class _ConfigError extends AuthError {
+  static code = "ERR_CONFIG_VALIDATION";
+  /**
+   * Standard Schema validation issues for the invalid configuration.
+   */
+  issues;
+  /**
+   * @param issues - Standard Schema validation issues.
+   */
+  constructor(issues) {
+    super({
+      code: _ConfigError.code,
+      message: `Invalid @go-mondo/nextjs-auth configuration:
+${formatIssues(
+        issues
+      )}`,
+      name: "ConfigError"
+    });
+    this.issues = issues;
+    Error.captureStackTrace(this, this.constructor);
+    Object.setPrototypeOf(this, _ConfigError.prototype);
+  }
+};
+function formatIssues(issues) {
+  return issues.map((issue) => {
+    const path = issue.path?.length ? issue.path.map(formatPathSegment).join(".") : "config";
+    return `- ${path}: ${issue.message}`;
+  }).join("\n");
+}
+function formatPathSegment(segment) {
+  return typeof segment === "object" && segment !== null && "key" in segment ? String(segment.key) : String(segment);
+}
+
+// src/errors/handlers.ts
+var HandlerError = class extends AuthError {
+  constructor(options) {
+    let status;
+    if ("status" in options.cause) status = options.cause.status;
+    super({ ...options, status });
+  }
+};
+var CallbackHandlerError = class _CallbackHandlerError extends HandlerError {
+  static code = "ERR_CALLBACK_HANDLER_FAILURE";
+  constructor(cause) {
+    super({
+      code: _CallbackHandlerError.code,
+      message: "Callback handler failed.",
+      name: "CallbackHandlerError",
+      cause
+    });
+    Object.setPrototypeOf(this, _CallbackHandlerError.prototype);
+  }
+};
+var LoginHandlerError = class _LoginHandlerError extends HandlerError {
+  static code = "ERR_LOGIN_HANDLER_FAILURE";
+  constructor(cause) {
+    super({
+      code: _LoginHandlerError.code,
+      message: "Login handler failed.",
+      name: "LoginHandlerError",
+      cause
+    });
+    Object.setPrototypeOf(this, _LoginHandlerError.prototype);
+  }
+};
+var LogoutHandlerError = class _LogoutHandlerError extends HandlerError {
+  static code = "ERR_LOGOUT_HANDLER_FAILURE";
+  constructor(cause) {
+    super({
+      code: _LogoutHandlerError.code,
+      message: "Logout handler failed.",
+      name: "LogoutHandlerError",
+      cause
+    });
+    Object.setPrototypeOf(this, _LogoutHandlerError.prototype);
+  }
+};
+
+// src/errors/state.ts
+var MissingStateParamError = class _MissingStateParamError extends Error {
+  static message = "Missing state parameter in Authorization Response.";
+  status = 400;
+  statusCode = 400;
+  constructor() {
+    super(_MissingStateParamError.message);
+    Object.setPrototypeOf(this, _MissingStateParamError.prototype);
+  }
+};
+var MalformedStateCookieError = class _MalformedStateCookieError extends Error {
+  static message = "Your state cookie is not valid JSON.";
+  status = 400;
+  statusCode = 400;
+  constructor() {
+    super(_MalformedStateCookieError.message);
+    Object.setPrototypeOf(this, _MalformedStateCookieError.prototype);
+  }
+};
+var MissingStateCookieError = class _MissingStateCookieError extends Error {
+  static message = "Missing state cookie from login request (check login URL, callback URL and cookie config).";
+  status = 400;
+  statusCode = 400;
+  constructor() {
+    super(_MissingStateCookieError.message);
+    Object.setPrototypeOf(this, _MissingStateCookieError.prototype);
+  }
+};
+
+exports.AccessTokenError = AccessTokenError;
+exports.AccessTokenErrorCode = AccessTokenErrorCode;
+exports.AuthError = AuthError;
+exports.CallbackHandlerError = CallbackHandlerError;
+exports.ConfigError = ConfigError;
+exports.LoginHandlerError = LoginHandlerError;
+exports.LogoutHandlerError = LogoutHandlerError;
+exports.MalformedStateCookieError = MalformedStateCookieError;
+exports.MissingStateCookieError = MissingStateCookieError;
+exports.MissingStateParamError = MissingStateParamError;
+//# sourceMappingURL=errors.cjs.map
+//# sourceMappingURL=errors.cjs.map

package/dist/errors.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/errors/auth.ts","../src/errors/access-token.ts","../src/errors/config.ts","../src/errors/handlers.ts","../src/errors/state.ts"],"names":["AccessTokenErrorCode"],"mappings":";;;AAAA,SAAS,WAAA,CAAY,cAAsB,KAAA,EAAuB;AAChE,EAAA,IAAI,CAAC,OAAO,OAAO,YAAA;AACnB,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,QAAA,CAAS,GAAG,IAAI,EAAA,GAAK,GAAA;AACpD,EAAA,OAAO,GAAG,YAAY,CAAA,EAAG,SAAS,CAAA,QAAA,EAAW,MAAM,OAAO,CAAA,CAAA;AAC5D;AAgBO,IAAe,SAAA,GAAf,cAAiC,KAAA,CAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO5B,IAAA;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,KAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAA;AAAA;AAAA;AAAA;AAAA,EAKhB,YAAY,OAAA,EAA2B;AAErC,IAAA,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,OAAA,EAAS,OAAA,CAAQ,KAAK,CAAC,CAAA;AACjD,IAAA,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AACpB,IAAA,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AACpB,IAAA,IAAA,CAAK,QAAQ,OAAA,CAAQ,KAAA;AACrB,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AAAA,EACxB;AACF;;;ACxDO,IAAK,oBAAA,qBAAAA,qBAAAA,KAAL;AAEL,EAAAA,sBAAA,iBAAA,CAAA,GAAkB,qBAAA;AAGlB,EAAAA,sBAAA,sBAAA,CAAA,GAAuB,0BAAA;AAGvB,EAAAA,sBAAA,uBAAA,CAAA,GAAwB,2BAAA;AAGxB,EAAAA,sBAAA,sBAAA,CAAA,GAAuB,0BAAA;AAGvB,EAAAA,sBAAA,oBAAA,CAAA,GAAqB,wBAAA;AAGrB,EAAAA,sBAAA,sBAAA,CAAA,GAAuB,0BAAA;AAjBb,EAAA,OAAAA,qBAAAA;AAAA,CAAA,EAAA,oBAAA,IAAA,EAAA;AAyBL,IAAM,gBAAA,GAAN,MAAM,iBAAA,SAAyB,SAAA,CAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9C,WAAA,CAAY,IAAA,EAA4B,OAAA,EAAiB,KAAA,EAAe;AAEtE,IAAA,KAAA,CAAM,EAAE,IAAA,EAAY,OAAA,EAAkB,IAAA,EAAM,kBAAA,EAAoB,OAAO,CAAA;AAEvE,IAAA,KAAA,CAAM,iBAAA,CAAkB,IAAA,EAAM,IAAA,CAAK,WAAW,CAAA;AAC9C,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,iBAAA,CAAiB,SAAS,CAAA;AAAA,EACxD;AACF;;;ACvBO,IAAM,WAAA,GAAN,MAAM,YAAA,SAAoB,SAAA,CAAU;AAAA,EACzC,OAAuB,IAAA,GAAO,uBAAA;AAAA;AAAA;AAAA;AAAA,EAKd,MAAA;AAAA;AAAA;AAAA;AAAA,EAKhB,YAAY,MAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM;AAAA,MACJ,MAAM,YAAA,CAAY,IAAA;AAAA,MAClB,OAAA,EAAS,CAAA;AAAA,EAAiD,YAAA;AAAA,QACxD;AAAA,OACD,CAAA,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,KAAA,CAAM,iBAAA,CAAkB,IAAA,EAAM,IAAA,CAAK,WAAW,CAAA;AAC9C,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,YAAA,CAAY,SAAS,CAAA;AAAA,EACnD;AACF;AAEA,SAAS,aAAa,MAAA,EAAwC;AAC5D,EAAA,OAAO,MAAA,CACJ,GAAA,CAAI,CAAC,KAAA,KAAU;AACd,IAAA,MAAM,IAAA,GAAO,KAAA,CAAM,IAAA,EAAM,MAAA,GACrB,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,iBAAiB,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,GAC1C,QAAA;AACJ,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAA,EAAK,KAAA,CAAM,OAAO,CAAA,CAAA;AAAA,EACpC,CAAC,CAAA,CACA,IAAA,CAAK,IAAI,CAAA;AACd;AAEA,SAAS,kBACP,OAAA,EACQ;AACR,EAAA,OAAO,OAAO,OAAA,KAAY,QAAA,IAAY,OAAA,KAAY,IAAA,IAAQ,KAAA,IAAS,OAAA,GAC/D,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA,GAClB,MAAA,CAAO,OAAO,CAAA;AACpB;;;ACvCA,IAAM,YAAA,GAAN,cAA2B,SAAA,CAAU;AAAA,EACnC,YAAY,OAAA,EAA8B;AACxC,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI,QAAA,IAAY,OAAA,CAAQ,KAAA,EAAO,MAAA,GAAS,QAAQ,KAAA,CAAM,MAAA;AAEtD,IAAA,KAAA,CAAM,EAAE,GAAG,OAAA,EAAS,MAAA,EAAQ,CAAA;AAAA,EAC9B;AACF,CAAA;AAKO,IAAM,oBAAA,GAAN,MAAM,qBAAA,SAA6B,YAAA,CAAa;AAAA,EACrD,OAAuB,IAAA,GAAe,8BAAA;AAAA,EAEtC,YAAY,KAAA,EAA0B;AACpC,IAAA,KAAA,CAAM;AAAA,MACJ,MAAM,qBAAA,CAAqB,IAAA;AAAA,MAC3B,OAAA,EAAS,0BAAA;AAAA,MACT,IAAA,EAAM,sBAAA;AAAA,MACN;AAAA,KACD,CAAA;AACD,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,qBAAA,CAAqB,SAAS,CAAA;AAAA,EAC5D;AACF;AAKO,IAAM,iBAAA,GAAN,MAAM,kBAAA,SAA0B,YAAA,CAAa;AAAA,EAClD,OAAuB,IAAA,GAAe,2BAAA;AAAA,EAEtC,YAAY,KAAA,EAA0B;AACpC,IAAA,KAAA,CAAM;AAAA,MACJ,MAAM,kBAAA,CAAkB,IAAA;AAAA,MACxB,OAAA,EAAS,uBAAA;AAAA,MACT,IAAA,EAAM,mBAAA;AAAA,MACN;AAAA,KACD,CAAA;AACD,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,kBAAA,CAAkB,SAAS,CAAA;AAAA,EACzD;AACF;AAKO,IAAM,kBAAA,GAAN,MAAM,mBAAA,SAA2B,YAAA,CAAa;AAAA,EACnD,OAAuB,IAAA,GAAe,4BAAA;AAAA,EAEtC,YAAY,KAAA,EAA0B;AACpC,IAAA,KAAA,CAAM;AAAA,MACJ,MAAM,mBAAA,CAAmB,IAAA;AAAA,MACzB,OAAA,EAAS,wBAAA;AAAA,MACT,IAAA,EAAM,oBAAA;AAAA,MACN;AAAA,KACD,CAAA;AACD,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,mBAAA,CAAmB,SAAS,CAAA;AAAA,EAC1D;AACF;;;AChFO,IAAM,sBAAA,GAAN,MAAM,uBAAA,SAA+B,KAAA,CAAM;AAAA,EAChD,OAAO,OAAA,GAAU,oDAAA;AAAA,EACjB,MAAA,GAAS,GAAA;AAAA,EACT,UAAA,GAAa,GAAA;AAAA,EAEb,WAAA,GAAc;AAEZ,IAAA,KAAA,CAAM,wBAAuB,OAAO,CAAA;AACpC,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,uBAAA,CAAuB,SAAS,CAAA;AAAA,EAC9D;AACF;AAKO,IAAM,yBAAA,GAAN,MAAM,0BAAA,SAAkC,KAAA,CAAM;AAAA,EACnD,OAAO,OAAA,GAAU,sCAAA;AAAA,EACjB,MAAA,GAAS,GAAA;AAAA,EACT,UAAA,GAAa,GAAA;AAAA,EAEb,WAAA,GAAc;AAEZ,IAAA,KAAA,CAAM,2BAA0B,OAAO,CAAA;AACvC,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,0BAAA,CAA0B,SAAS,CAAA;AAAA,EACjE;AACF;AAKO,IAAM,uBAAA,GAAN,MAAM,wBAAA,SAAgC,KAAA,CAAM;AAAA,EACjD,OAAO,OAAA,GACL,4FAAA;AAAA,EACF,MAAA,GAAS,GAAA;AAAA,EACT,UAAA,GAAa,GAAA;AAAA,EAEb,WAAA,GAAc;AAEZ,IAAA,KAAA,CAAM,yBAAwB,OAAO,CAAA;AACrC,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,wBAAA,CAAwB,SAAS,CAAA;AAAA,EAC/D;AACF","file":"errors.cjs","sourcesContent":["function appendCause(errorMessage: string, cause?: Error): string {\n  if (!cause) return errorMessage;\n  const separator = errorMessage.endsWith('.') ? '' : '.';\n  return `${errorMessage}${separator} CAUSE: ${cause.message}`;\n}\n\ntype AuthErrorOptions = {\n  code: string;\n  message: string;\n  name: string;\n  cause?: Error;\n  status?: number;\n};\n\n/**\n * The base class for all SDK errors.\n *\n * Subclasses expose stable machine-readable codes for application-level error\n * handling.\n */\nexport abstract class AuthError extends Error {\n  /**\n   * A machine-readable error code that remains stable within a major version of the SDK. You\n   * should rely on this error code to handle errors. In contrast, the error message is not part of\n   * the API and can change anytime. Do **not** parse or otherwise rely on the error message to\n   * handle errors.\n   */\n  public readonly code: string;\n\n  /**\n   * The error class name.\n   */\n  public readonly name: string;\n\n  /**\n   * The underlying error, if any.\n   *\n   * **IMPORTANT** When this error is from the Identity Provider ({@link IdentityProviderError}) it can contain user\n   * input and is only escaped using basic escaping for putting untrusted data directly into the HTML body.\n   *\n   * You should **not** render this error without using a templating engine that will properly escape it for other\n   * HTML contexts first.\n   */\n  public readonly cause?: Error;\n\n  /**\n   * The HTTP status code, if any.\n   */\n  public readonly status?: number;\n\n  /**\n   * @param options - Error metadata used by SDK-specific subclasses.\n   */\n  constructor(options: AuthErrorOptions) {\n    /* c8 ignore next */\n    super(appendCause(options.message, options.cause));\n    this.code = options.code;\n    this.name = options.name;\n    this.cause = options.cause;\n    this.status = options.status;\n  }\n}\n","import { AuthError } from './auth';\n\n/**\n * Error codes for {@link AccessTokenError}.\n */\nexport enum AccessTokenErrorCode {\n  /** No valid session was available. */\n  MISSING_SESSION = 'ERR_MISSING_SESSION',\n\n  /** Session exists but does not contain an access token. */\n  MISSING_ACCESS_TOKEN = 'ERR_MISSING_ACCESS_TOKEN',\n\n  /** Refresh was required but no refresh token was stored. */\n  MISSING_REFRESH_TOKEN = 'ERR_MISSING_REFRESH_TOKEN',\n\n  /** Access token is expired and cannot be returned as-is. */\n  EXPIRED_ACCESS_TOKEN = 'ERR_EXPIRED_ACCESS_TOKEN',\n\n  /** Access token does not include the requested scopes. */\n  INSUFFICIENT_SCOPE = 'ERR_INSUFFICIENT_SCOPE',\n\n  /** Refresh token grant failed or returned an invalid response. */\n  FAILED_REFRESH_GRANT = 'ERR_FAILED_REFRESH_GRANT',\n}\n\n/**\n * Error thrown when an access token cannot be returned or refreshed.\n *\n * Use {@link AccessTokenError.code} for stable error handling.\n */\nexport class AccessTokenError extends AuthError {\n  /**\n   * @param code - Stable machine-readable error code.\n   * @param message - Human-readable diagnostic message.\n   * @param cause - Optional lower-level error.\n   */\n  constructor(code: AccessTokenErrorCode, message: string, cause?: Error) {\n    /* c8 ignore next */\n    super({ code: code, message: message, name: 'AccessTokenError', cause });\n\n    Error.captureStackTrace(this, this.constructor);\n    Object.setPrototypeOf(this, AccessTokenError.prototype);\n  }\n}\n","import { AuthError } from './auth';\n\n/**\n * Standard Schema V1 path segment shape.\n */\nexport interface ConfigIssuePathSegment {\n  readonly key: PropertyKey;\n}\n\n/**\n * Standard Schema V1 issue shape returned by configuration validation.\n */\nexport interface ConfigIssue {\n  readonly message: string;\n  readonly path?: readonly (PropertyKey | ConfigIssuePathSegment)[] | undefined;\n}\n\n/**\n * Error thrown when auth configuration validation fails.\n */\nexport class ConfigError extends AuthError {\n  public static readonly code = 'ERR_CONFIG_VALIDATION';\n\n  /**\n   * Standard Schema validation issues for the invalid configuration.\n   */\n  public readonly issues: readonly ConfigIssue[];\n\n  /**\n   * @param issues - Standard Schema validation issues.\n   */\n  constructor(issues: readonly ConfigIssue[]) {\n    super({\n      code: ConfigError.code,\n      message: `Invalid @go-mondo/nextjs-auth configuration:\\n${formatIssues(\n        issues,\n      )}`,\n      name: 'ConfigError',\n    });\n\n    this.issues = issues;\n\n    Error.captureStackTrace(this, this.constructor);\n    Object.setPrototypeOf(this, ConfigError.prototype);\n  }\n}\n\nfunction formatIssues(issues: readonly ConfigIssue[]): string {\n  return issues\n    .map((issue) => {\n      const path = issue.path?.length\n        ? issue.path.map(formatPathSegment).join('.')\n        : 'config';\n      return `- ${path}: ${issue.message}`;\n    })\n    .join('\\n');\n}\n\nfunction formatPathSegment(\n  segment: NonNullable<ConfigIssue['path']>[number],\n): string {\n  return typeof segment === 'object' && segment !== null && 'key' in segment\n    ? String(segment.key)\n    : String(segment);\n}\n","import { AuthError } from './auth';\n\n/**\n * Error shape used by lower-level HTTP libraries.\n */\ninterface HttpError extends Error {\n  status: number;\n  statusCode: number;\n}\n\n/**\n * Supported causes for route-handler errors.\n */\nexport type HandlerErrorCause = Error | AuthError | HttpError;\n\ntype HandlerErrorOptions = {\n  code: string;\n  message: string;\n  name: string;\n  cause: HandlerErrorCause;\n};\n\n/**\n * Base class for errors thrown by route handlers.\n */\nclass HandlerError extends AuthError {\n  constructor(options: HandlerErrorOptions) {\n    let status: number | undefined;\n    if ('status' in options.cause) status = options.cause.status;\n    /* c8 ignore next */\n    super({ ...options, status });\n  }\n}\n\n/**\n * Error thrown when callback handling fails.\n */\nexport class CallbackHandlerError extends HandlerError {\n  public static readonly code: string = 'ERR_CALLBACK_HANDLER_FAILURE';\n\n  constructor(cause: HandlerErrorCause) {\n    super({\n      code: CallbackHandlerError.code,\n      message: 'Callback handler failed.',\n      name: 'CallbackHandlerError',\n      cause,\n    }); /* c8 ignore next */\n    Object.setPrototypeOf(this, CallbackHandlerError.prototype);\n  }\n}\n\n/**\n * Error thrown when login handling fails.\n */\nexport class LoginHandlerError extends HandlerError {\n  public static readonly code: string = 'ERR_LOGIN_HANDLER_FAILURE';\n\n  constructor(cause: HandlerErrorCause) {\n    super({\n      code: LoginHandlerError.code,\n      message: 'Login handler failed.',\n      name: 'LoginHandlerError',\n      cause,\n    }); /* c8 ignore next */\n    Object.setPrototypeOf(this, LoginHandlerError.prototype);\n  }\n}\n\n/**\n * Error thrown when logout handling fails.\n */\nexport class LogoutHandlerError extends HandlerError {\n  public static readonly code: string = 'ERR_LOGOUT_HANDLER_FAILURE';\n\n  constructor(cause: HandlerErrorCause) {\n    super({\n      code: LogoutHandlerError.code,\n      message: 'Logout handler failed.',\n      name: 'LogoutHandlerError',\n      cause,\n    }); /* c8 ignore next */\n    Object.setPrototypeOf(this, LogoutHandlerError.prototype);\n  }\n}\n","/**\n * Error used when the callback response is missing a `state` parameter.\n */\nexport class MissingStateParamError extends Error {\n  static message = 'Missing state parameter in Authorization Response.';\n  status = 400;\n  statusCode = 400;\n\n  constructor() {\n    /* c8 ignore next */\n    super(MissingStateParamError.message);\n    Object.setPrototypeOf(this, MissingStateParamError.prototype);\n  }\n}\n\n/**\n * Error used when transaction state exists but cannot be parsed.\n */\nexport class MalformedStateCookieError extends Error {\n  static message = 'Your state cookie is not valid JSON.';\n  status = 400;\n  statusCode = 400;\n\n  constructor() {\n    /* c8 ignore next */\n    super(MalformedStateCookieError.message);\n    Object.setPrototypeOf(this, MalformedStateCookieError.prototype);\n  }\n}\n\n/**\n * Error used when the callback cannot find the login transaction cookie.\n */\nexport class MissingStateCookieError extends Error {\n  static message =\n    'Missing state cookie from login request (check login URL, callback URL and cookie config).';\n  status = 400;\n  statusCode = 400;\n\n  constructor() {\n    /* c8 ignore next */\n    super(MissingStateCookieError.message);\n    Object.setPrototypeOf(this, MissingStateCookieError.prototype);\n  }\n}\n"]}

package/dist/errors.d.cts

@@ -0,0 +1,178 @@
+type AuthErrorOptions = {
+    code: string;
+    message: string;
+    name: string;
+    cause?: Error;
+    status?: number;
+};
+/**
+ * The base class for all SDK errors.
+ *
+ * Subclasses expose stable machine-readable codes for application-level error
+ * handling.
+ */
+declare abstract class AuthError extends Error {
+    /**
+     * A machine-readable error code that remains stable within a major version of the SDK. You
+     * should rely on this error code to handle errors. In contrast, the error message is not part of
+     * the API and can change anytime. Do **not** parse or otherwise rely on the error message to
+     * handle errors.
+     */
+    readonly code: string;
+    /**
+     * The error class name.
+     */
+    readonly name: string;
+    /**
+     * The underlying error, if any.
+     *
+     * **IMPORTANT** When this error is from the Identity Provider ({@link IdentityProviderError}) it can contain user
+     * input and is only escaped using basic escaping for putting untrusted data directly into the HTML body.
+     *
+     * You should **not** render this error without using a templating engine that will properly escape it for other
+     * HTML contexts first.
+     */
+    readonly cause?: Error;
+    /**
+     * The HTTP status code, if any.
+     */
+    readonly status?: number;
+    /**
+     * @param options - Error metadata used by SDK-specific subclasses.
+     */
+    constructor(options: AuthErrorOptions);
+}
+
+/**
+ * Error codes for {@link AccessTokenError}.
+ */
+declare enum AccessTokenErrorCode {
+    /** No valid session was available. */
+    MISSING_SESSION = "ERR_MISSING_SESSION",
+    /** Session exists but does not contain an access token. */
+    MISSING_ACCESS_TOKEN = "ERR_MISSING_ACCESS_TOKEN",
+    /** Refresh was required but no refresh token was stored. */
+    MISSING_REFRESH_TOKEN = "ERR_MISSING_REFRESH_TOKEN",
+    /** Access token is expired and cannot be returned as-is. */
+    EXPIRED_ACCESS_TOKEN = "ERR_EXPIRED_ACCESS_TOKEN",
+    /** Access token does not include the requested scopes. */
+    INSUFFICIENT_SCOPE = "ERR_INSUFFICIENT_SCOPE",
+    /** Refresh token grant failed or returned an invalid response. */
+    FAILED_REFRESH_GRANT = "ERR_FAILED_REFRESH_GRANT"
+}
+/**
+ * Error thrown when an access token cannot be returned or refreshed.
+ *
+ * Use {@link AccessTokenError.code} for stable error handling.
+ */
+declare class AccessTokenError extends AuthError {
+    /**
+     * @param code - Stable machine-readable error code.
+     * @param message - Human-readable diagnostic message.
+     * @param cause - Optional lower-level error.
+     */
+    constructor(code: AccessTokenErrorCode, message: string, cause?: Error);
+}
+
+/**
+ * Standard Schema V1 path segment shape.
+ */
+interface ConfigIssuePathSegment {
+    readonly key: PropertyKey;
+}
+/**
+ * Standard Schema V1 issue shape returned by configuration validation.
+ */
+interface ConfigIssue {
+    readonly message: string;
+    readonly path?: readonly (PropertyKey | ConfigIssuePathSegment)[] | undefined;
+}
+/**
+ * Error thrown when auth configuration validation fails.
+ */
+declare class ConfigError extends AuthError {
+    static readonly code = "ERR_CONFIG_VALIDATION";
+    /**
+     * Standard Schema validation issues for the invalid configuration.
+     */
+    readonly issues: readonly ConfigIssue[];
+    /**
+     * @param issues - Standard Schema validation issues.
+     */
+    constructor(issues: readonly ConfigIssue[]);
+}
+
+/**
+ * Error shape used by lower-level HTTP libraries.
+ */
+interface HttpError extends Error {
+    status: number;
+    statusCode: number;
+}
+/**
+ * Supported causes for route-handler errors.
+ */
+type HandlerErrorCause = Error | AuthError | HttpError;
+type HandlerErrorOptions = {
+    code: string;
+    message: string;
+    name: string;
+    cause: HandlerErrorCause;
+};
+/**
+ * Base class for errors thrown by route handlers.
+ */
+declare class HandlerError extends AuthError {
+    constructor(options: HandlerErrorOptions);
+}
+/**
+ * Error thrown when callback handling fails.
+ */
+declare class CallbackHandlerError extends HandlerError {
+    static readonly code: string;
+    constructor(cause: HandlerErrorCause);
+}
+/**
+ * Error thrown when login handling fails.
+ */
+declare class LoginHandlerError extends HandlerError {
+    static readonly code: string;
+    constructor(cause: HandlerErrorCause);
+}
+/**
+ * Error thrown when logout handling fails.
+ */
+declare class LogoutHandlerError extends HandlerError {
+    static readonly code: string;
+    constructor(cause: HandlerErrorCause);
+}
+
+/**
+ * Error used when the callback response is missing a `state` parameter.
+ */
+declare class MissingStateParamError extends Error {
+    static message: string;
+    status: number;
+    statusCode: number;
+    constructor();
+}
+/**
+ * Error used when transaction state exists but cannot be parsed.
+ */
+declare class MalformedStateCookieError extends Error {
+    static message: string;
+    status: number;
+    statusCode: number;
+    constructor();
+}
+/**
+ * Error used when the callback cannot find the login transaction cookie.
+ */
+declare class MissingStateCookieError extends Error {
+    static message: string;
+    status: number;
+    statusCode: number;
+    constructor();
+}
+
+export { AccessTokenError, AccessTokenErrorCode, AuthError, CallbackHandlerError, ConfigError, type ConfigIssue, type ConfigIssuePathSegment, type HandlerErrorCause, LoginHandlerError, LogoutHandlerError, MalformedStateCookieError, MissingStateCookieError, MissingStateParamError };

package/dist/errors.d.ts

@@ -0,0 +1,178 @@
+type AuthErrorOptions = {
+    code: string;
+    message: string;
+    name: string;
+    cause?: Error;
+    status?: number;
+};
+/**
+ * The base class for all SDK errors.
+ *
+ * Subclasses expose stable machine-readable codes for application-level error
+ * handling.
+ */
+declare abstract class AuthError extends Error {
+    /**
+     * A machine-readable error code that remains stable within a major version of the SDK. You
+     * should rely on this error code to handle errors. In contrast, the error message is not part of
+     * the API and can change anytime. Do **not** parse or otherwise rely on the error message to
+     * handle errors.
+     */
+    readonly code: string;
+    /**
+     * The error class name.
+     */
+    readonly name: string;
+    /**
+     * The underlying error, if any.
+     *
+     * **IMPORTANT** When this error is from the Identity Provider ({@link IdentityProviderError}) it can contain user
+     * input and is only escaped using basic escaping for putting untrusted data directly into the HTML body.
+     *
+     * You should **not** render this error without using a templating engine that will properly escape it for other
+     * HTML contexts first.
+     */
+    readonly cause?: Error;
+    /**
+     * The HTTP status code, if any.
+     */
+    readonly status?: number;
+    /**
+     * @param options - Error metadata used by SDK-specific subclasses.
+     */
+    constructor(options: AuthErrorOptions);
+}
+
+/**
+ * Error codes for {@link AccessTokenError}.
+ */
+declare enum AccessTokenErrorCode {
+    /** No valid session was available. */
+    MISSING_SESSION = "ERR_MISSING_SESSION",
+    /** Session exists but does not contain an access token. */
+    MISSING_ACCESS_TOKEN = "ERR_MISSING_ACCESS_TOKEN",
+    /** Refresh was required but no refresh token was stored. */
+    MISSING_REFRESH_TOKEN = "ERR_MISSING_REFRESH_TOKEN",
+    /** Access token is expired and cannot be returned as-is. */
+    EXPIRED_ACCESS_TOKEN = "ERR_EXPIRED_ACCESS_TOKEN",
+    /** Access token does not include the requested scopes. */
+    INSUFFICIENT_SCOPE = "ERR_INSUFFICIENT_SCOPE",
+    /** Refresh token grant failed or returned an invalid response. */
+    FAILED_REFRESH_GRANT = "ERR_FAILED_REFRESH_GRANT"
+}
+/**
+ * Error thrown when an access token cannot be returned or refreshed.
+ *
+ * Use {@link AccessTokenError.code} for stable error handling.
+ */
+declare class AccessTokenError extends AuthError {
+    /**
+     * @param code - Stable machine-readable error code.
+     * @param message - Human-readable diagnostic message.
+     * @param cause - Optional lower-level error.
+     */
+    constructor(code: AccessTokenErrorCode, message: string, cause?: Error);
+}
+
+/**
+ * Standard Schema V1 path segment shape.
+ */
+interface ConfigIssuePathSegment {
+    readonly key: PropertyKey;
+}
+/**
+ * Standard Schema V1 issue shape returned by configuration validation.
+ */
+interface ConfigIssue {
+    readonly message: string;
+    readonly path?: readonly (PropertyKey | ConfigIssuePathSegment)[] | undefined;
+}
+/**
+ * Error thrown when auth configuration validation fails.
+ */
+declare class ConfigError extends AuthError {
+    static readonly code = "ERR_CONFIG_VALIDATION";
+    /**
+     * Standard Schema validation issues for the invalid configuration.
+     */
+    readonly issues: readonly ConfigIssue[];
+    /**
+     * @param issues - Standard Schema validation issues.
+     */
+    constructor(issues: readonly ConfigIssue[]);
+}
+
+/**
+ * Error shape used by lower-level HTTP libraries.
+ */
+interface HttpError extends Error {
+    status: number;
+    statusCode: number;
+}
+/**
+ * Supported causes for route-handler errors.
+ */
+type HandlerErrorCause = Error | AuthError | HttpError;
+type HandlerErrorOptions = {
+    code: string;
+    message: string;
+    name: string;
+    cause: HandlerErrorCause;
+};
+/**
+ * Base class for errors thrown by route handlers.
+ */
+declare class HandlerError extends AuthError {
+    constructor(options: HandlerErrorOptions);
+}
+/**
+ * Error thrown when callback handling fails.
+ */
+declare class CallbackHandlerError extends HandlerError {
+    static readonly code: string;
+    constructor(cause: HandlerErrorCause);
+}
+/**
+ * Error thrown when login handling fails.
+ */
+declare class LoginHandlerError extends HandlerError {
+    static readonly code: string;
+    constructor(cause: HandlerErrorCause);
+}
+/**
+ * Error thrown when logout handling fails.
+ */
+declare class LogoutHandlerError extends HandlerError {
+    static readonly code: string;
+    constructor(cause: HandlerErrorCause);
+}
+
+/**
+ * Error used when the callback response is missing a `state` parameter.
+ */
+declare class MissingStateParamError extends Error {
+    static message: string;
+    status: number;
+    statusCode: number;
+    constructor();
+}
+/**
+ * Error used when transaction state exists but cannot be parsed.
+ */
+declare class MalformedStateCookieError extends Error {
+    static message: string;
+    status: number;
+    statusCode: number;
+    constructor();
+}
+/**
+ * Error used when the callback cannot find the login transaction cookie.
+ */
+declare class MissingStateCookieError extends Error {
+    static message: string;
+    status: number;
+    statusCode: number;
+    constructor();
+}
+
+export { AccessTokenError, AccessTokenErrorCode, AuthError, CallbackHandlerError, ConfigError, type ConfigIssue, type ConfigIssuePathSegment, type HandlerErrorCause, LoginHandlerError, LogoutHandlerError, MalformedStateCookieError, MissingStateCookieError, MissingStateParamError };