@hexclave/next 1.0.0 → 1.0.1

package/dist/esm/index.d.ts

@@ -1,10 +1,10 @@
-import { StackConfig, StackConfig as HexclaveConfig, defineStackConfig, defineStackConfig as defineHexclaveConfig } from "@hexclave/shared/config";
+import { HexclaveConfig, StackConfig, defineHexclaveConfig, defineStackConfig } from "@hexclave/shared/config";
 import { getConvexProvidersConfig } from "./integrations/convex";
 import { AnalyticsOptions, AnalyticsReplayOptions } from "./lib/stack-app/apps/implementations/session-replay";
-import HexclaveHandler, { default as StackHandler } from "./components-page/stack-handler";
-import { useStackApp, useStackApp as useHexclaveApp, useUser } from "./lib/hooks";
-import HexclaveProvider, { default as StackProvider } from "./providers/stack-provider";
-import { StackTheme, StackTheme as HexclaveTheme } from "./providers/theme-provider";
+import { HexclaveHandler, StackHandler } from "./components-page/stack-handler";
+import { useHexclaveApp, useStackApp, useUser } from "./lib/hooks";
+import { HexclaveProvider, StackProvider } from "./providers/stack-provider";
+import { HexclaveTheme, StackTheme } from "./providers/theme-provider";
 import { AccountSettings } from "./components-page/account-settings";
 import { AuthPage } from "./components-page/auth-page";
 import { CliAuthConfirmation, CliAuthConfirmationState, CliAuthConfirmationStatus, useCliAuthConfirmation } from "./components-page/cli-auth-confirm";

package/dist/esm/index.js

@@ -1,10 +1,9 @@
-import "./internal/deprecation-warning.js";
 import { getConvexProvidersConfig } from "./integrations/convex.js";
-import { defineStackConfig, defineStackConfig as defineHexclaveConfig } from "@hexclave/shared/config";
-import HexclaveHandler, { default as StackHandler } from "./components-page/stack-handler.js";
-import { useStackApp, useStackApp as useHexclaveApp, useUser } from "./lib/hooks.js";
-import HexclaveProvider, { default as StackProvider } from "./providers/stack-provider.js";
-import { StackTheme, StackTheme as HexclaveTheme } from "./providers/theme-provider.js";
+import { defineHexclaveConfig, defineStackConfig } from "@hexclave/shared/config";
+import { HexclaveHandler, StackHandler } from "./components-page/stack-handler.js";
+import { useHexclaveApp, useStackApp, useUser } from "./lib/hooks.js";
+import { HexclaveProvider, StackProvider } from "./providers/stack-provider.js";
+import { HexclaveTheme, StackTheme } from "./providers/theme-provider.js";
 import { AccountSettings } from "./components-page/account-settings.js";
 import { AuthPage } from "./components-page/auth-page.js";
 import { CliAuthConfirmation, useCliAuthConfirmation } from "./components-page/cli-auth-confirm.js";

package/dist/esm/integrations/convex.js.map

@@ -1 +1 @@
-{"version":3,"file":"convex.js","names":[],"sources":["../../../src/integrations/convex.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { urlString } from \"@stackframe/stack-shared/dist/utils/urls\";\nimport { defaultBaseUrl } from \"../lib/stack-app/apps/implementations/common\";\n\nexport function getConvexProvidersConfig(options: {\n  baseUrl?: string,\n  projectId: string,\n}) {\n  const baseUrl = options.baseUrl || defaultBaseUrl;\n  const projectId = options.projectId;\n  return [\n    {\n      type: \"customJwt\",\n      issuer: new URL(urlString`/api/v1/projects/${projectId}`, baseUrl),\n      jwks: new URL(urlString`/api/v1/projects/${projectId}/.well-known/jwks.json`, baseUrl),\n      algorithm: \"ES256\",\n    },\n    {\n      type: \"customJwt\",\n      issuer: new URL(urlString`/api/v1/projects-anonymous-users/${projectId}`, baseUrl),\n      jwks: new URL(urlString`/api/v1/projects/${projectId}/.well-known/jwks.json?include_anonymous=true`, baseUrl),\n      algorithm: \"ES256\",\n    },\n  ];\n}\n"],"mappings":";;;;AAOA,SAAgB,yBAAyB,SAGtC;CACD,MAAM,UAAU,QAAQ,WAAW;CACnC,MAAM,YAAY,QAAQ;AAC1B,QAAO,CACL;EACE,MAAM;EACN,QAAQ,IAAI,IAAI,SAAS,oBAAoB,aAAa,QAAQ;EAClE,MAAM,IAAI,IAAI,SAAS,oBAAoB,UAAU,yBAAyB,QAAQ;EACtF,WAAW;EACZ,EACD;EACE,MAAM;EACN,QAAQ,IAAI,IAAI,SAAS,oCAAoC,aAAa,QAAQ;EAClF,MAAM,IAAI,IAAI,SAAS,oBAAoB,UAAU,gDAAgD,QAAQ;EAC7G,WAAW;EACZ,CACF"}
+{"version":3,"file":"convex.js","names":[],"sources":["../../../src/integrations/convex.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { urlString } from \"@hexclave/shared/dist/utils/urls\";\nimport { defaultBaseUrl } from \"../lib/stack-app/apps/implementations/common\";\n\nexport function getConvexProvidersConfig(options: {\n  baseUrl?: string,\n  projectId: string,\n}) {\n  const baseUrl = options.baseUrl || defaultBaseUrl;\n  const projectId = options.projectId;\n  return [\n    {\n      type: \"customJwt\",\n      issuer: new URL(urlString`/api/v1/projects/${projectId}`, baseUrl),\n      jwks: new URL(urlString`/api/v1/projects/${projectId}/.well-known/jwks.json`, baseUrl),\n      algorithm: \"ES256\",\n    },\n    {\n      type: \"customJwt\",\n      issuer: new URL(urlString`/api/v1/projects-anonymous-users/${projectId}`, baseUrl),\n      jwks: new URL(urlString`/api/v1/projects/${projectId}/.well-known/jwks.json?include_anonymous=true`, baseUrl),\n      algorithm: \"ES256\",\n    },\n  ];\n}\n"],"mappings":";;;;AAOA,SAAgB,yBAAyB,SAGtC;CACD,MAAM,UAAU,QAAQ,WAAW;CACnC,MAAM,YAAY,QAAQ;AAC1B,QAAO,CACL;EACE,MAAM;EACN,QAAQ,IAAI,IAAI,SAAS,oBAAoB,aAAa,QAAQ;EAClE,MAAM,IAAI,IAAI,SAAS,oBAAoB,UAAU,yBAAyB,QAAQ;EACtF,WAAW;EACZ,EACD;EACE,MAAM;EACN,QAAQ,IAAI,IAAI,SAAS,oCAAoC,aAAa,QAAQ;EAClF,MAAM,IAAI,IAAI,SAAS,oBAAoB,UAAU,gDAAgD,QAAQ;EAC7G,WAAW;EACZ,CACF"}

package/dist/esm/lib/auth.js

@@ -1,7 +1,7 @@
 import { HexclaveAssertionError, throwErr } from "@hexclave/shared/dist/utils/errors";
 import { KnownError } from "@hexclave/shared";
-import { deindent } from "@hexclave/shared/dist/utils/strings";
 import { Result } from "@hexclave/shared/dist/utils/results";
+import { deindent } from "@hexclave/shared/dist/utils/strings";
 import { constructRedirectUrl } from "../utils/url.js";
 import { consumeVerifierAndStateCookie, saveVerifierAndState } from "./cookie.js";
 

package/dist/esm/lib/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","names":[],"sources":["../../../src/lib/auth.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { KnownError, HexclaveClientInterface } from \"@stackframe/stack-shared\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { HexclaveAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { deindent } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { consumeVerifierAndStateCookie, saveVerifierAndState } from \"./cookie\";\nexport async function getNewOAuthProviderOrScopeUrl(\n  iface: HexclaveClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n): Promise<string> {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  return await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl, \"redirectUrl\"),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl, \"errorRedirectUrl\"),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href, \"afterCallbackRedirectUrl\"),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n *\n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\ntype OAuthCallbackConsumptionResult =\n  | {\n    type: \"oauth-response\",\n    originalUrl: URL,\n    codeVerifier: string,\n    state: string,\n  }\n  | {\n    type: \"known-error\",\n    error: KnownError,\n  };\n\nfunction consumeOAuthCallbackQueryParams(options?: {\n  dontWarnAboutMissingQueryParams?: boolean,\n}): OAuthCallbackConsumptionResult | null {\n  const oauthErrorParams = [\"error\", \"error_description\", \"errorCode\", \"message\", \"details\"] as const;\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  const knownErrorCode = originalUrl.searchParams.get(\"errorCode\");\n  const knownErrorMessage = originalUrl.searchParams.get(\"message\");\n  if (knownErrorCode && knownErrorMessage) {\n    const details = originalUrl.searchParams.get(\"details\");\n    let detailsJson = {};\n    if (details) {\n      try {\n        detailsJson = JSON.parse(details);\n      } catch (error) {\n        throw new HexclaveAssertionError(\"OAuth callback returned malformed known-error details\", {\n          details,\n          cause: error,\n        });\n      }\n    }\n\n    const newUrl = new URL(originalUrl);\n    for (const param of oauthErrorParams) {\n      newUrl.searchParams.delete(param);\n    }\n    window.history.replaceState({}, \"\", newUrl.toString());\n\n    return {\n      type: \"known-error\",\n      error: KnownError.fromJson({\n        code: knownErrorCode,\n        message: knownErrorMessage,\n        details: detailsJson,\n      }),\n    };\n  }\n\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      if (!options?.dontWarnAboutMissingQueryParams) {\n        console.warn(new Error(`Missing required query parameter on OAuth callback: ${param}. Maybe you opened or reloaded the oauth-callback page from your history?`));\n      }\n      return null;\n    }\n  }\n\n  const expectedState = originalUrl.searchParams.get(\"state\") ?? throwErr(\"This should never happen; isn't state required above?\");\n  const cookieResult = consumeVerifierAndStateCookie(expectedState);\n\n  if (!cookieResult) {\n    // If the state can't be found in the cookies, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    console.warn(deindent`\n      Stack found an outer OAuth callback state in the query parameters, but not in cookies.\n\n      This could have multiple reasons:\n        - The cookie expired, because the OAuth flow took too long.\n        - The user's browser deleted the cookie, either manually or because of a very strict cookie policy.\n        - The cookie was already consumed by this page, and the user already logged in.\n        - You are using another OAuth client library with the same callback URL as Stack.\n        - The user opened the OAuth callback page from their history.\n\n      Either way, it is probably safe to ignore this warning unless you are debugging an OAuth issue.\n    `);\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return {\n    type: \"oauth-response\",\n    originalUrl,\n    codeVerifier: cookieResult.codeVerifier,\n    state: expectedState,\n  };\n}\n\nexport async function callOAuthCallback(\n  iface: HexclaveClientInterface,\n  redirectUrl: string,\n  options?: {\n    dontWarnAboutMissingQueryParams?: boolean,\n  },\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const consumed = consumeOAuthCallbackQueryParams(options);\n  if (!consumed) return Result.ok(undefined);\n  if (consumed.type === \"known-error\") {\n    throw consumed.error;\n  }\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback, and the only instance\n  // of callOAuthCallback that's running)\n  try {\n    return Result.ok(await iface.callOAuthCallback({\n      oauthParams: consumed.originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl, \"redirectUri\"),\n      codeVerifier: consumed.codeVerifier,\n      state: consumed.state,\n    }));\n  } catch (e) {\n    if (KnownError.isKnownError(e)) {\n      throw e;\n    }\n    throw new HexclaveAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;AAWA,eAAsB,8BACpB,OACA,SAMA,SACiB;CACjB,MAAM,EAAE,eAAe,UAAU,MAAM,sBAAsB;AAC7D,QAAO,MAAM,MAAM,YAAY;EAC7B,UAAU,QAAQ;EAClB,aAAa,qBAAqB,QAAQ,aAAa,cAAc;EACrE,kBAAkB,qBAAqB,QAAQ,kBAAkB,mBAAmB;EACpF,0BAA0B,qBAAqB,OAAO,SAAS,MAAM,2BAA2B;EAChG;EACA;EACA,MAAM;EACN;EACA,eAAe,QAAQ;EACxB,CAAC;;AAoBJ,SAAS,gCAAgC,SAEC;CACxC,MAAM,mBAAmB;EAAC;EAAS;EAAqB;EAAa;EAAW;EAAU;CAC1F,MAAM,iBAAiB,CAAC,QAAQ,QAAQ;CACxC,MAAM,cAAc,IAAI,IAAI,OAAO,SAAS,KAAK;CACjD,MAAM,iBAAiB,YAAY,aAAa,IAAI,YAAY;CAChE,MAAM,oBAAoB,YAAY,aAAa,IAAI,UAAU;AACjE,KAAI,kBAAkB,mBAAmB;EACvC,MAAM,UAAU,YAAY,aAAa,IAAI,UAAU;EACvD,IAAI,cAAc,EAAE;AACpB,MAAI,QACF,KAAI;AACF,iBAAc,KAAK,MAAM,QAAQ;WAC1B,OAAO;AACd,SAAM,IAAI,uBAAuB,yDAAyD;IACxF;IACA,OAAO;IACR,CAAC;;EAIN,MAAM,SAAS,IAAI,IAAI,YAAY;AACnC,OAAK,MAAM,SAAS,iBAClB,QAAO,aAAa,OAAO,MAAM;AAEnC,SAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,OAAO,UAAU,CAAC;AAEtD,SAAO;GACL,MAAM;GACN,OAAO,WAAW,SAAS;IACzB,MAAM;IACN,SAAS;IACT,SAAS;IACV,CAAC;GACH;;AAGH,MAAK,MAAM,SAAS,eAClB,KAAI,CAAC,YAAY,aAAa,IAAI,MAAM,EAAE;AACxC,MAAI,CAAC,SAAS,gCACZ,SAAQ,qBAAK,IAAI,MAAM,uDAAuD,MAAM,2EAA2E,CAAC;AAElK,SAAO;;CAIX,MAAM,gBAAgB,YAAY,aAAa,IAAI,QAAQ,IAAI,SAAS,wDAAwD;CAChI,MAAM,eAAe,8BAA8B,cAAc;AAEjE,KAAI,CAAC,cAAc;AAGjB,UAAQ,KAAK,QAAQ;;;;;;;;;;;MAWnB;AACF,SAAO;;CAIT,MAAM,SAAS,IAAI,IAAI,YAAY;AACnC,MAAK,MAAM,SAAS,eAClB,QAAO,aAAa,OAAO,MAAM;AASnC,QAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,OAAO,UAAU,CAAC;AAEtD,QAAO;EACL,MAAM;EACN;EACA,cAAc,aAAa;EAC3B,OAAO;EACR;;AAGH,eAAsB,kBACpB,OACA,aACA,SAGA;CAIA,MAAM,WAAW,gCAAgC,QAAQ;AACzD,KAAI,CAAC,SAAU,QAAO,OAAO,GAAG,OAAU;AAC1C,KAAI,SAAS,SAAS,cACpB,OAAM,SAAS;AAMjB,KAAI;AACF,SAAO,OAAO,GAAG,MAAM,MAAM,kBAAkB;GAC7C,aAAa,SAAS,YAAY;GAClC,aAAa,qBAAqB,aAAa,cAAc;GAC7D,cAAc,SAAS;GACvB,OAAO,SAAS;GACjB,CAAC,CAAC;UACI,GAAG;AACV,MAAI,WAAW,aAAa,EAAE,CAC5B,OAAM;AAER,QAAM,IAAI,uBAAuB,6DAA6D,EAAE,OAAO,GAAG,CAAC"}
+{"version":3,"file":"auth.js","names":[],"sources":["../../../src/lib/auth.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { KnownError, HexclaveClientInterface } from \"@hexclave/shared\";\nimport { InternalSession } from \"@hexclave/shared/dist/sessions\";\nimport { HexclaveAssertionError, throwErr } from \"@hexclave/shared/dist/utils/errors\";\nimport { Result } from \"@hexclave/shared/dist/utils/results\";\nimport { deindent } from \"@hexclave/shared/dist/utils/strings\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { consumeVerifierAndStateCookie, saveVerifierAndState } from \"./cookie\";\nexport async function getNewOAuthProviderOrScopeUrl(\n  iface: HexclaveClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n): Promise<string> {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  return await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl, \"redirectUrl\"),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl, \"errorRedirectUrl\"),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href, \"afterCallbackRedirectUrl\"),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n *\n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\ntype OAuthCallbackConsumptionResult =\n  | {\n    type: \"oauth-response\",\n    originalUrl: URL,\n    codeVerifier: string,\n    state: string,\n  }\n  | {\n    type: \"known-error\",\n    error: KnownError,\n  };\n\nfunction consumeOAuthCallbackQueryParams(options?: {\n  dontWarnAboutMissingQueryParams?: boolean,\n}): OAuthCallbackConsumptionResult | null {\n  const oauthErrorParams = [\"error\", \"error_description\", \"errorCode\", \"message\", \"details\"] as const;\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  const knownErrorCode = originalUrl.searchParams.get(\"errorCode\");\n  const knownErrorMessage = originalUrl.searchParams.get(\"message\");\n  if (knownErrorCode && knownErrorMessage) {\n    const details = originalUrl.searchParams.get(\"details\");\n    let detailsJson = {};\n    if (details) {\n      try {\n        detailsJson = JSON.parse(details);\n      } catch (error) {\n        throw new HexclaveAssertionError(\"OAuth callback returned malformed known-error details\", {\n          details,\n          cause: error,\n        });\n      }\n    }\n\n    const newUrl = new URL(originalUrl);\n    for (const param of oauthErrorParams) {\n      newUrl.searchParams.delete(param);\n    }\n    window.history.replaceState({}, \"\", newUrl.toString());\n\n    return {\n      type: \"known-error\",\n      error: KnownError.fromJson({\n        code: knownErrorCode,\n        message: knownErrorMessage,\n        details: detailsJson,\n      }),\n    };\n  }\n\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      if (!options?.dontWarnAboutMissingQueryParams) {\n        console.warn(new Error(`Missing required query parameter on OAuth callback: ${param}. Maybe you opened or reloaded the oauth-callback page from your history?`));\n      }\n      return null;\n    }\n  }\n\n  const expectedState = originalUrl.searchParams.get(\"state\") ?? throwErr(\"This should never happen; isn't state required above?\");\n  const cookieResult = consumeVerifierAndStateCookie(expectedState);\n\n  if (!cookieResult) {\n    // If the state can't be found in the cookies, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    console.warn(deindent`\n      Stack found an outer OAuth callback state in the query parameters, but not in cookies.\n\n      This could have multiple reasons:\n        - The cookie expired, because the OAuth flow took too long.\n        - The user's browser deleted the cookie, either manually or because of a very strict cookie policy.\n        - The cookie was already consumed by this page, and the user already logged in.\n        - You are using another OAuth client library with the same callback URL as Stack.\n        - The user opened the OAuth callback page from their history.\n\n      Either way, it is probably safe to ignore this warning unless you are debugging an OAuth issue.\n    `);\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return {\n    type: \"oauth-response\",\n    originalUrl,\n    codeVerifier: cookieResult.codeVerifier,\n    state: expectedState,\n  };\n}\n\nexport async function callOAuthCallback(\n  iface: HexclaveClientInterface,\n  redirectUrl: string,\n  options?: {\n    dontWarnAboutMissingQueryParams?: boolean,\n  },\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const consumed = consumeOAuthCallbackQueryParams(options);\n  if (!consumed) return Result.ok(undefined);\n  if (consumed.type === \"known-error\") {\n    throw consumed.error;\n  }\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback, and the only instance\n  // of callOAuthCallback that's running)\n  try {\n    return Result.ok(await iface.callOAuthCallback({\n      oauthParams: consumed.originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl, \"redirectUri\"),\n      codeVerifier: consumed.codeVerifier,\n      state: consumed.state,\n    }));\n  } catch (e) {\n    if (KnownError.isKnownError(e)) {\n      throw e;\n    }\n    throw new HexclaveAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;AAWA,eAAsB,8BACpB,OACA,SAMA,SACiB;CACjB,MAAM,EAAE,eAAe,UAAU,MAAM,sBAAsB;AAC7D,QAAO,MAAM,MAAM,YAAY;EAC7B,UAAU,QAAQ;EAClB,aAAa,qBAAqB,QAAQ,aAAa,cAAc;EACrE,kBAAkB,qBAAqB,QAAQ,kBAAkB,mBAAmB;EACpF,0BAA0B,qBAAqB,OAAO,SAAS,MAAM,2BAA2B;EAChG;EACA;EACA,MAAM;EACN;EACA,eAAe,QAAQ;EACxB,CAAC;;AAoBJ,SAAS,gCAAgC,SAEC;CACxC,MAAM,mBAAmB;EAAC;EAAS;EAAqB;EAAa;EAAW;EAAU;CAC1F,MAAM,iBAAiB,CAAC,QAAQ,QAAQ;CACxC,MAAM,cAAc,IAAI,IAAI,OAAO,SAAS,KAAK;CACjD,MAAM,iBAAiB,YAAY,aAAa,IAAI,YAAY;CAChE,MAAM,oBAAoB,YAAY,aAAa,IAAI,UAAU;AACjE,KAAI,kBAAkB,mBAAmB;EACvC,MAAM,UAAU,YAAY,aAAa,IAAI,UAAU;EACvD,IAAI,cAAc,EAAE;AACpB,MAAI,QACF,KAAI;AACF,iBAAc,KAAK,MAAM,QAAQ;WAC1B,OAAO;AACd,SAAM,IAAI,uBAAuB,yDAAyD;IACxF;IACA,OAAO;IACR,CAAC;;EAIN,MAAM,SAAS,IAAI,IAAI,YAAY;AACnC,OAAK,MAAM,SAAS,iBAClB,QAAO,aAAa,OAAO,MAAM;AAEnC,SAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,OAAO,UAAU,CAAC;AAEtD,SAAO;GACL,MAAM;GACN,OAAO,WAAW,SAAS;IACzB,MAAM;IACN,SAAS;IACT,SAAS;IACV,CAAC;GACH;;AAGH,MAAK,MAAM,SAAS,eAClB,KAAI,CAAC,YAAY,aAAa,IAAI,MAAM,EAAE;AACxC,MAAI,CAAC,SAAS,gCACZ,SAAQ,qBAAK,IAAI,MAAM,uDAAuD,MAAM,2EAA2E,CAAC;AAElK,SAAO;;CAIX,MAAM,gBAAgB,YAAY,aAAa,IAAI,QAAQ,IAAI,SAAS,wDAAwD;CAChI,MAAM,eAAe,8BAA8B,cAAc;AAEjE,KAAI,CAAC,cAAc;AAGjB,UAAQ,KAAK,QAAQ;;;;;;;;;;;MAWnB;AACF,SAAO;;CAIT,MAAM,SAAS,IAAI,IAAI,YAAY;AACnC,MAAK,MAAM,SAAS,eAClB,QAAO,aAAa,OAAO,MAAM;AASnC,QAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,OAAO,UAAU,CAAC;AAEtD,QAAO;EACL,MAAM;EACN;EACA,cAAc,aAAa;EAC3B,OAAO;EACR;;AAGH,eAAsB,kBACpB,OACA,aACA,SAGA;CAIA,MAAM,WAAW,gCAAgC,QAAQ;AACzD,KAAI,CAAC,SAAU,QAAO,OAAO,GAAG,OAAU;AAC1C,KAAI,SAAS,SAAS,cACpB,OAAM,SAAS;AAMjB,KAAI;AACF,SAAO,OAAO,GAAG,MAAM,MAAM,kBAAkB;GAC7C,aAAa,SAAS,YAAY;GAClC,aAAa,qBAAqB,aAAa,cAAc;GAC7D,cAAc,SAAS;GACvB,OAAO,SAAS;GACjB,CAAC,CAAC;UACI,GAAG;AACV,MAAI,WAAW,aAAa,EAAE,CAC5B,OAAM;AAER,QAAM,IAAI,uBAAuB,6DAA6D,EAAE,OAAO,GAAG,CAAC"}

package/dist/esm/lib/auth.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.test.js","names":[],"sources":["../../../src/lib/auth.test.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\n// @vitest-environment jsdom\n\nimport { HexclaveClientInterface } from \"@stackframe/stack-shared\";\nimport { describe, expect, it, vi } from \"vitest\";\nimport { getNewOAuthProviderOrScopeUrl } from \"./auth\";\n\nvi.mock(\"./cookie\", async (importOriginal) => {\n  const actual = await importOriginal<typeof import(\"./cookie\")>();\n  return {\n    ...actual,\n    saveVerifierAndState: async () => ({\n      codeChallenge: \"<stripped code challenge>\",\n      state: \"<stripped state>\",\n    }),\n  };\n});\n\ndescribe(\"getNewOAuthProviderOrScopeUrl\", () => {\n  it(\"returns the OAuth URL without performing navigation\", async () => {\n    window.history.replaceState({}, \"\", \"/account?after_auth_return_to=%2Fsettings\");\n\n    const iface = new HexclaveClientInterface({\n      clientVersion: \"test\",\n      getBaseUrl: () => \"https://api.example.com\",\n      getApiUrls: () => [\"https://api.example.com\"],\n      extraRequestHeaders: {},\n      projectId: \"00000000-0000-4000-8000-000000000000\",\n      publishableClientKey: \"pck_test\",\n    });\n    const session = iface.createSession({ refreshToken: null, accessToken: null });\n\n    const location = await getNewOAuthProviderOrScopeUrl(\n      iface,\n      {\n        provider: \"github\",\n        redirectUrl: \"/handler/oauth-callback\",\n        errorRedirectUrl: \"/handler/error\",\n        providerScope: \"repo user\",\n      },\n      session,\n    );\n\n    const url = new URL(location);\n    expect(`${url.origin}${url.pathname}`).toBe(\"https://api.example.com/api/v1/auth/oauth/authorize/github\");\n    expect(Object.fromEntries(url.searchParams.entries())).toMatchInlineSnapshot(`\n      {\n        \"after_callback_redirect_url\": \"http://localhost:3000/account?after_auth_return_to=%2Fsettings\",\n        \"client_id\": \"00000000-0000-4000-8000-000000000000\",\n        \"client_secret\": \"pck_test\",\n        \"code_challenge\": \"<stripped code challenge>\",\n        \"code_challenge_method\": \"S256\",\n        \"error_redirect_url\": \"http://localhost:3000/handler/error?after_auth_return_to=%2Fsettings\",\n        \"grant_type\": \"authorization_code\",\n        \"provider_scope\": \"repo user\",\n        \"redirect_uri\": \"http://localhost:3000/handler/oauth-callback?after_auth_return_to=%2Fsettings\",\n        \"response_type\": \"code\",\n        \"scope\": \"legacy\",\n        \"state\": \"<stripped state>\",\n        \"type\": \"link\",\n      }\n    `);\n  });\n});\n"],"mappings":";;;;;;AAUA,GAAG,KAAK,YAAY,OAAO,mBAAmB;AAE5C,QAAO;EACL,GAFa,MAAM,gBAA2C;EAG9D,sBAAsB,aAAa;GACjC,eAAe;GACf,OAAO;GACR;EACF;EACD;AAEF,SAAS,uCAAuC;AAC9C,IAAG,uDAAuD,YAAY;AACpE,SAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,4CAA4C;EAEhF,MAAM,QAAQ,IAAI,wBAAwB;GACxC,eAAe;GACf,kBAAkB;GAClB,kBAAkB,CAAC,0BAA0B;GAC7C,qBAAqB,EAAE;GACvB,WAAW;GACX,sBAAsB;GACvB,CAAC;EAGF,MAAM,WAAW,MAAM,8BACrB,OACA;GACE,UAAU;GACV,aAAa;GACb,kBAAkB;GAClB,eAAe;GAChB,EATa,MAAM,cAAc;GAAE,cAAc;GAAM,aAAa;GAAM,CAAC,CAW7E;EAED,MAAM,MAAM,IAAI,IAAI,SAAS;AAC7B,SAAO,GAAG,IAAI,SAAS,IAAI,WAAW,CAAC,KAAK,6DAA6D;AACzG,SAAO,OAAO,YAAY,IAAI,aAAa,SAAS,CAAC,CAAC,CAAC,sBAAsB;;;;;;;;;;;;;;;;MAgB3E;GACF;EACF"}
+{"version":3,"file":"auth.test.js","names":[],"sources":["../../../src/lib/auth.test.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\n// @vitest-environment jsdom\n\nimport { HexclaveClientInterface } from \"@hexclave/shared\";\nimport { describe, expect, it, vi } from \"vitest\";\nimport { getNewOAuthProviderOrScopeUrl } from \"./auth\";\n\nvi.mock(\"./cookie\", async (importOriginal) => {\n  const actual = await importOriginal<typeof import(\"./cookie\")>();\n  return {\n    ...actual,\n    saveVerifierAndState: async () => ({\n      codeChallenge: \"<stripped code challenge>\",\n      state: \"<stripped state>\",\n    }),\n  };\n});\n\ndescribe(\"getNewOAuthProviderOrScopeUrl\", () => {\n  it(\"returns the OAuth URL without performing navigation\", async () => {\n    window.history.replaceState({}, \"\", \"/account?after_auth_return_to=%2Fsettings\");\n\n    const iface = new HexclaveClientInterface({\n      clientVersion: \"test\",\n      getBaseUrl: () => \"https://api.example.com\",\n      getApiUrls: () => [\"https://api.example.com\"],\n      extraRequestHeaders: {},\n      projectId: \"00000000-0000-4000-8000-000000000000\",\n      publishableClientKey: \"pck_test\",\n    });\n    const session = iface.createSession({ refreshToken: null, accessToken: null });\n\n    const location = await getNewOAuthProviderOrScopeUrl(\n      iface,\n      {\n        provider: \"github\",\n        redirectUrl: \"/handler/oauth-callback\",\n        errorRedirectUrl: \"/handler/error\",\n        providerScope: \"repo user\",\n      },\n      session,\n    );\n\n    const url = new URL(location);\n    expect(`${url.origin}${url.pathname}`).toBe(\"https://api.example.com/api/v1/auth/oauth/authorize/github\");\n    expect(Object.fromEntries(url.searchParams.entries())).toMatchInlineSnapshot(`\n      {\n        \"after_callback_redirect_url\": \"http://localhost:3000/account?after_auth_return_to=%2Fsettings\",\n        \"client_id\": \"00000000-0000-4000-8000-000000000000\",\n        \"client_secret\": \"pck_test\",\n        \"code_challenge\": \"<stripped code challenge>\",\n        \"code_challenge_method\": \"S256\",\n        \"error_redirect_url\": \"http://localhost:3000/handler/error?after_auth_return_to=%2Fsettings\",\n        \"grant_type\": \"authorization_code\",\n        \"provider_scope\": \"repo user\",\n        \"redirect_uri\": \"http://localhost:3000/handler/oauth-callback?after_auth_return_to=%2Fsettings\",\n        \"response_type\": \"code\",\n        \"scope\": \"legacy\",\n        \"state\": \"<stripped state>\",\n        \"type\": \"link\",\n      }\n    `);\n  });\n});\n"],"mappings":";;;;;;AAUA,GAAG,KAAK,YAAY,OAAO,mBAAmB;AAE5C,QAAO;EACL,GAFa,MAAM,gBAA2C;EAG9D,sBAAsB,aAAa;GACjC,eAAe;GACf,OAAO;GACR;EACF;EACD;AAEF,SAAS,uCAAuC;AAC9C,IAAG,uDAAuD,YAAY;AACpE,SAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,4CAA4C;EAEhF,MAAM,QAAQ,IAAI,wBAAwB;GACxC,eAAe;GACf,kBAAkB;GAClB,kBAAkB,CAAC,0BAA0B;GAC7C,qBAAqB,EAAE;GACvB,WAAW;GACX,sBAAsB;GACvB,CAAC;EAGF,MAAM,WAAW,MAAM,8BACrB,OACA;GACE,UAAU;GACV,aAAa;GACb,kBAAkB;GAClB,eAAe;GAChB,EATa,MAAM,cAAc;GAAE,cAAc;GAAM,aAAa;GAAM,CAAC,CAW7E;EAED,MAAM,MAAM,IAAI,IAAI,SAAS;AAC7B,SAAO,GAAG,IAAI,SAAS,IAAI,WAAW,CAAC,KAAK,6DAA6D;AACzG,SAAO,OAAO,YAAY,IAAI,aAAa,SAAS,CAAC,CAAC,CAAC,sBAAsB;;;;;;;;;;;;;;;;MAgB3E;GACF;EACF"}