npm - @mulverse/mulguard-core - Versions diffs - 1.0.0 - Mend

@mulverse/mulguard-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (600) hide show

package/README.md +24 -0
package/adapters.d.ts +522 -0
package/adapters.d.ts.map +1 -0
package/adapters.js +170 -0
package/errors.d.ts +429 -0
package/errors.d.ts.map +1 -0
package/errors.js +473 -0
package/index.d.ts +547 -0
package/index.d.ts.map +1 -0
package/index.js +142 -0
package/jwt.d.ts +132 -0
package/jwt.d.ts.map +1 -0
package/jwt.js +123 -0
package/lib/actions/callback/handle-login.d.ts +35 -0
package/lib/actions/callback/handle-login.d.ts.map +1 -0
package/lib/actions/callback/handle-login.js +275 -0
package/lib/actions/callback/index.d.ts +5 -0
package/lib/actions/callback/index.d.ts.map +1 -0
package/lib/actions/callback/index.js +409 -0
package/lib/actions/callback/oauth/callback.d.ts +36 -0
package/lib/actions/callback/oauth/callback.d.ts.map +1 -0
package/lib/actions/callback/oauth/callback.js +248 -0
package/lib/actions/callback/oauth/checks.d.ts +70 -0
package/lib/actions/callback/oauth/checks.d.ts.map +1 -0
package/lib/actions/callback/oauth/checks.js +188 -0
package/lib/actions/callback/oauth/csrf-token.d.ts +33 -0
package/lib/actions/callback/oauth/csrf-token.d.ts.map +1 -0
package/lib/actions/callback/oauth/csrf-token.js +39 -0
package/lib/actions/index.d.ts +6 -0
package/lib/actions/index.d.ts.map +1 -0
package/lib/actions/index.js +5 -0
package/lib/actions/session.d.ts +5 -0
package/lib/actions/session.d.ts.map +1 -0
package/lib/actions/session.js +127 -0
package/lib/actions/signin/authorization-url.d.ts +12 -0
package/lib/actions/signin/authorization-url.d.ts.map +1 -0
package/lib/actions/signin/authorization-url.js +94 -0
package/lib/actions/signin/index.d.ts +4 -0
package/lib/actions/signin/index.d.ts.map +1 -0
package/lib/actions/signin/index.js +22 -0
package/lib/actions/signin/send-token.d.ts +10 -0
package/lib/actions/signin/send-token.d.ts.map +1 -0
package/lib/actions/signin/send-token.js +98 -0
package/lib/actions/signout.d.ts +11 -0
package/lib/actions/signout.d.ts.map +1 -0
package/lib/actions/signout.js +30 -0
package/lib/actions/webauthn-options.d.ts +8 -0
package/lib/actions/webauthn-options.d.ts.map +1 -0
package/lib/actions/webauthn-options.js +60 -0
package/lib/index.d.ts +2 -0
package/lib/index.d.ts.map +1 -0
package/lib/index.js +70 -0
package/lib/init.d.ts +25 -0
package/lib/init.d.ts.map +1 -0
package/lib/init.js +172 -0
package/lib/pages/error.d.ts +17 -0
package/lib/pages/error.d.ts.map +1 -0
package/lib/pages/error.js +40 -0
package/lib/pages/index.d.ts +42 -0
package/lib/pages/index.d.ts.map +1 -0
package/lib/pages/index.js +136 -0
package/lib/pages/signin.d.ts +10 -0
package/lib/pages/signin.d.ts.map +1 -0
package/lib/pages/signin.js +75 -0
package/lib/pages/signout.d.ts +8 -0
package/lib/pages/signout.d.ts.map +1 -0
package/lib/pages/signout.js +17 -0
package/lib/pages/styles.d.ts +3 -0
package/lib/pages/styles.d.ts.map +1 -0
package/lib/pages/styles.js +381 -0
package/lib/pages/verify-request.d.ts +8 -0
package/lib/pages/verify-request.d.ts.map +1 -0
package/lib/pages/verify-request.js +11 -0
package/lib/symbols.d.ts +50 -0
package/lib/symbols.d.ts.map +1 -0
package/lib/symbols.js +57 -0
package/lib/utils/actions.d.ts +3 -0
package/lib/utils/actions.d.ts.map +1 -0
package/lib/utils/actions.js +14 -0
package/lib/utils/assert.d.ts +14 -0
package/lib/utils/assert.d.ts.map +1 -0
package/lib/utils/assert.js +168 -0
package/lib/utils/callback-url.d.ts +17 -0
package/lib/utils/callback-url.d.ts.map +1 -0
package/lib/utils/callback-url.js +27 -0
package/lib/utils/cookie.d.ts +111 -0
package/lib/utils/cookie.d.ts.map +1 -0
package/lib/utils/cookie.js +205 -0
package/lib/utils/date.d.ts +7 -0
package/lib/utils/date.d.ts.map +1 -0
package/lib/utils/date.js +8 -0
package/lib/utils/email.d.ts +20 -0
package/lib/utils/email.d.ts.map +1 -0
package/lib/utils/email.js +57 -0
package/lib/utils/env.d.ts +9 -0
package/lib/utils/env.d.ts.map +1 -0
package/lib/utils/env.js +96 -0
package/lib/utils/logger.d.ts +18 -0
package/lib/utils/logger.d.ts.map +1 -0
package/lib/utils/logger.js +50 -0
package/lib/utils/merge.d.ts +3 -0
package/lib/utils/merge.d.ts.map +1 -0
package/lib/utils/merge.js +23 -0
package/lib/utils/providers.d.ts +19 -0
package/lib/utils/providers.d.ts.map +1 -0
package/lib/utils/providers.js +149 -0
package/lib/utils/session.d.ts +7 -0
package/lib/utils/session.d.ts.map +1 -0
package/lib/utils/session.js +29 -0
package/lib/utils/web.d.ts +10 -0
package/lib/utils/web.d.ts.map +1 -0
package/lib/utils/web.js +109 -0
package/lib/utils/webauthn-client.d.ts +30 -0
package/lib/utils/webauthn-client.d.ts.map +1 -0
package/lib/utils/webauthn-client.js +197 -0
package/lib/utils/webauthn-utils.d.ts +81 -0
package/lib/utils/webauthn-utils.d.ts.map +1 -0
package/lib/utils/webauthn-utils.js +343 -0
package/lib/vendored/cookie.d.ts +120 -0
package/lib/vendored/cookie.d.ts.map +1 -0
package/lib/vendored/cookie.js +237 -0
package/package.json +118 -0
package/providers/42-school.d.ts +240 -0
package/providers/42-school.d.ts.map +1 -0
package/providers/42-school.js +78 -0
package/providers/apple.d.ts +149 -0
package/providers/apple.d.ts.map +1 -0
package/providers/apple.js +104 -0
package/providers/asgardeo.d.ts +102 -0
package/providers/asgardeo.d.ts.map +1 -0
package/providers/asgardeo.js +93 -0
package/providers/atlassian.d.ts +94 -0
package/providers/atlassian.d.ts.map +1 -0
package/providers/atlassian.js +84 -0
package/providers/auth0.d.ts +116 -0
package/providers/auth0.d.ts.map +1 -0
package/providers/auth0.js +49 -0
package/providers/authentik.d.ts +90 -0
package/providers/authentik.d.ts.map +1 -0
package/providers/authentik.js +65 -0
package/providers/azure-ad-b2c.d.ts +104 -0
package/providers/azure-ad-b2c.d.ts.map +1 -0
package/providers/azure-ad-b2c.js +100 -0
package/providers/azure-ad.d.ts +19 -0
package/providers/azure-ad.d.ts.map +1 -0
package/providers/azure-ad.js +23 -0
package/providers/azure-devops.d.ts +128 -0
package/providers/azure-devops.d.ts.map +1 -0
package/providers/azure-devops.js +158 -0
package/providers/bankid-no.d.ts +134 -0
package/providers/bankid-no.d.ts.map +1 -0
package/providers/bankid-no.js +65 -0
package/providers/battlenet.d.ts +85 -0
package/providers/battlenet.d.ts.map +1 -0
package/providers/battlenet.js +81 -0
package/providers/beyondidentity.d.ts +77 -0
package/providers/beyondidentity.d.ts.map +1 -0
package/providers/beyondidentity.js +84 -0
package/providers/bitbucket.d.ts +89 -0
package/providers/bitbucket.d.ts.map +1 -0
package/providers/bitbucket.js +92 -0
package/providers/box.d.ts +63 -0
package/providers/box.d.ts.map +1 -0
package/providers/box.js +73 -0
package/providers/boxyhq-saml.d.ts +121 -0
package/providers/boxyhq-saml.d.ts.map +1 -0
package/providers/boxyhq-saml.js +127 -0
package/providers/bungie.d.ts +167 -0
package/providers/bungie.d.ts.map +1 -0
package/providers/bungie.js +174 -0
package/providers/click-up.d.ts +75 -0
package/providers/click-up.d.ts.map +1 -0
package/providers/click-up.js +89 -0
package/providers/cognito.d.ts +81 -0
package/providers/cognito.d.ts.map +1 -0
package/providers/cognito.js +73 -0
package/providers/coinbase.d.ts +69 -0
package/providers/coinbase.d.ts.map +1 -0
package/providers/coinbase.js +78 -0
package/providers/concept2.d.ts +81 -0
package/providers/concept2.d.ts.map +1 -0
package/providers/concept2.js +86 -0
package/providers/credentials.d.ts +132 -0
package/providers/credentials.d.ts.map +1 -0
package/providers/credentials.js +74 -0
package/providers/descope.d.ts +91 -0
package/providers/descope.d.ts.map +1 -0
package/providers/descope.js +78 -0
package/providers/discord.d.ts +139 -0
package/providers/discord.d.ts.map +1 -0
package/providers/discord.js +86 -0
package/providers/dribbble.d.ts +88 -0
package/providers/dribbble.d.ts.map +1 -0
package/providers/dribbble.js +85 -0
package/providers/dropbox.d.ts +65 -0
package/providers/dropbox.d.ts.map +1 -0
package/providers/dropbox.js +88 -0
package/providers/duende-identity-server6.d.ts +91 -0
package/providers/duende-identity-server6.d.ts.map +1 -0
package/providers/duende-identity-server6.js +80 -0
package/providers/email.d.ts +41 -0
package/providers/email.d.ts.map +1 -0
package/providers/email.js +18 -0
package/providers/eventbrite.d.ts +78 -0
package/providers/eventbrite.d.ts.map +1 -0
package/providers/eventbrite.js +88 -0
package/providers/eveonline.d.ts +94 -0
package/providers/eveonline.d.ts.map +1 -0
package/providers/eveonline.js +92 -0
package/providers/facebook.d.ts +84 -0
package/providers/facebook.d.ts.map +1 -0
package/providers/facebook.js +93 -0
package/providers/faceit.d.ts +64 -0
package/providers/faceit.d.ts.map +1 -0
package/providers/faceit.js +74 -0
package/providers/figma.d.ts +75 -0
package/providers/figma.d.ts.map +1 -0
package/providers/figma.js +81 -0
package/providers/forwardemail.d.ts +4 -0
package/providers/forwardemail.d.ts.map +1 -0
package/providers/forwardemail.js +32 -0
package/providers/foursquare.d.ts +71 -0
package/providers/foursquare.d.ts.map +1 -0
package/providers/foursquare.js +91 -0
package/providers/freshbooks.d.ts +66 -0
package/providers/freshbooks.d.ts.map +1 -0
package/providers/freshbooks.js +76 -0
package/providers/frontegg.d.ts +95 -0
package/providers/frontegg.d.ts.map +1 -0
package/providers/frontegg.js +88 -0
package/providers/fusionauth.d.ts +279 -0
package/providers/fusionauth.d.ts.map +1 -0
package/providers/fusionauth.js +292 -0
package/providers/github.d.ts +127 -0
package/providers/github.d.ts.map +1 -0
package/providers/github.js +115 -0
package/providers/gitlab.d.ts +115 -0
package/providers/gitlab.d.ts.map +1 -0
package/providers/gitlab.js +75 -0
package/providers/google.d.ts +138 -0
package/providers/google.d.ts.map +1 -0
package/providers/google.js +119 -0
package/providers/hubspot.d.ts +76 -0
package/providers/hubspot.d.ts.map +1 -0
package/providers/hubspot.js +93 -0
package/providers/huggingface.d.ts +216 -0
package/providers/huggingface.d.ts.map +1 -0
package/providers/huggingface.js +101 -0
package/providers/identity-server4.d.ts +69 -0
package/providers/identity-server4.d.ts.map +1 -0
package/providers/identity-server4.js +64 -0
package/providers/index.d.ts +61 -0
package/providers/index.d.ts.map +1 -0
package/providers/index.js +3 -0
package/providers/instagram.d.ts +74 -0
package/providers/instagram.d.ts.map +1 -0
package/providers/instagram.js +87 -0
package/providers/kakao.d.ts +148 -0
package/providers/kakao.d.ts.map +1 -0
package/providers/kakao.js +103 -0
package/providers/keycloak.d.ts +100 -0
package/providers/keycloak.d.ts.map +1 -0
package/providers/keycloak.js +73 -0
package/providers/kinde.d.ts +73 -0
package/providers/kinde.d.ts.map +1 -0
package/providers/kinde.js +51 -0
package/providers/line.d.ts +83 -0
package/providers/line.d.ts.map +1 -0
package/providers/line.js +73 -0
package/providers/linkedin.d.ts +77 -0
package/providers/linkedin.d.ts.map +1 -0
package/providers/linkedin.js +65 -0
package/providers/logto.d.ts +98 -0
package/providers/logto.d.ts.map +1 -0
package/providers/logto.js +81 -0
package/providers/loops.d.ts +40 -0
package/providers/loops.d.ts.map +1 -0
package/providers/loops.js +59 -0
package/providers/mailchimp.d.ts +66 -0
package/providers/mailchimp.d.ts.map +1 -0
package/providers/mailchimp.js +76 -0
package/providers/mailgun.d.ts +55 -0
package/providers/mailgun.d.ts.map +1 -0
package/providers/mailgun.js +74 -0
package/providers/mailru.d.ts +63 -0
package/providers/mailru.d.ts.map +1 -0
package/providers/mailru.js +61 -0
package/providers/mastodon.d.ts +90 -0
package/providers/mastodon.d.ts.map +1 -0
package/providers/mastodon.js +75 -0
package/providers/mattermost.d.ts +132 -0
package/providers/mattermost.d.ts.map +1 -0
package/providers/mattermost.js +83 -0
package/providers/medium.d.ts +68 -0
package/providers/medium.d.ts.map +1 -0
package/providers/medium.js +84 -0
package/providers/microsoft-entra-id.d.ts +428 -0
package/providers/microsoft-entra-id.d.ts.map +1 -0
package/providers/microsoft-entra-id.js +156 -0
package/providers/naver.d.ts +80 -0
package/providers/naver.d.ts.map +1 -0
package/providers/naver.js +79 -0
package/providers/netlify.d.ts +66 -0
package/providers/netlify.d.ts.map +1 -0
package/providers/netlify.js +85 -0
package/providers/netsuite.d.ts +189 -0
package/providers/netsuite.d.ts.map +1 -0
package/providers/netsuite.js +170 -0
package/providers/nextcloud.d.ts +150 -0
package/providers/nextcloud.d.ts.map +1 -0
package/providers/nextcloud.js +99 -0
package/providers/nodemailer.d.ts +27 -0
package/providers/nodemailer.d.ts.map +1 -0
package/providers/nodemailer.js +34 -0
package/providers/notion.d.ts +99 -0
package/providers/notion.d.ts.map +1 -0
package/providers/notion.js +110 -0
package/providers/oauth.d.ts +188 -0
package/providers/oauth.d.ts.map +1 -0
package/providers/oauth.js +1 -0
package/providers/okta.d.ts +99 -0
package/providers/okta.d.ts.map +1 -0
package/providers/okta.js +63 -0
package/providers/onelogin.d.ts +65 -0
package/providers/onelogin.d.ts.map +1 -0
package/providers/onelogin.js +61 -0
package/providers/ory-hydra.d.ts +79 -0
package/providers/ory-hydra.d.ts.map +1 -0
package/providers/ory-hydra.js +67 -0
package/providers/osso.d.ts +79 -0
package/providers/osso.d.ts.map +1 -0
package/providers/osso.js +77 -0
package/providers/osu.d.ts +116 -0
package/providers/osu.d.ts.map +1 -0
package/providers/osu.js +75 -0
package/providers/passage.d.ts +88 -0
package/providers/passage.d.ts.map +1 -0
package/providers/passage.js +75 -0
package/providers/passkey.d.ts +65 -0
package/providers/passkey.d.ts.map +1 -0
package/providers/passkey.js +87 -0
package/providers/patreon.d.ts +73 -0
package/providers/patreon.d.ts.map +1 -0
package/providers/patreon.js +77 -0
package/providers/ping-id.d.ts +57 -0
package/providers/ping-id.d.ts.map +1 -0
package/providers/ping-id.js +40 -0
package/providers/pinterest.d.ts +79 -0
package/providers/pinterest.d.ts.map +1 -0
package/providers/pinterest.js +85 -0
package/providers/pipedrive.d.ts +99 -0
package/providers/pipedrive.d.ts.map +1 -0
package/providers/pipedrive.js +71 -0
package/providers/postmark.d.ts +4 -0
package/providers/postmark.d.ts.map +1 -0
package/providers/postmark.js +36 -0
package/providers/provider-types.d.ts +3 -0
package/providers/provider-types.d.ts.map +1 -0
package/providers/provider-types.js +1 -0
package/providers/reddit.d.ts +88 -0
package/providers/reddit.d.ts.map +1 -0
package/providers/reddit.js +90 -0
package/providers/resend.d.ts +4 -0
package/providers/resend.d.ts.map +1 -0
package/providers/resend.js +32 -0
package/providers/roblox.d.ts +67 -0
package/providers/roblox.d.ts.map +1 -0
package/providers/roblox.js +53 -0
package/providers/salesforce.d.ts +59 -0
package/providers/salesforce.d.ts.map +1 -0
package/providers/salesforce.js +52 -0
package/providers/sendgrid.d.ts +4 -0
package/providers/sendgrid.d.ts.map +1 -0
package/providers/sendgrid.js +35 -0
package/providers/simplelogin.d.ts +87 -0
package/providers/simplelogin.d.ts.map +1 -0
package/providers/simplelogin.js +83 -0
package/providers/slack.d.ts +102 -0
package/providers/slack.d.ts.map +1 -0
package/providers/slack.js +69 -0
package/providers/spotify.d.ts +75 -0
package/providers/spotify.d.ts.map +1 -0
package/providers/spotify.js +73 -0
package/providers/strava.d.ts +68 -0
package/providers/strava.d.ts.map +1 -0
package/providers/strava.js +80 -0
package/providers/threads.d.ts +108 -0
package/providers/threads.d.ts.map +1 -0
package/providers/threads.js +89 -0
package/providers/tiktok.d.ts +248 -0
package/providers/tiktok.d.ts.map +1 -0
package/providers/tiktok.js +195 -0
package/providers/todoist.d.ts +76 -0
package/providers/todoist.d.ts.map +1 -0
package/providers/todoist.js +97 -0
package/providers/trakt.d.ts +93 -0
package/providers/trakt.d.ts.map +1 -0
package/providers/trakt.js +91 -0
package/providers/twitch.d.ts +71 -0
package/providers/twitch.d.ts.map +1 -0
package/providers/twitch.js +96 -0
package/providers/twitter.d.ts +183 -0
package/providers/twitter.d.ts.map +1 -0
package/providers/twitter.js +100 -0
package/providers/united-effects.d.ts +80 -0
package/providers/united-effects.d.ts.map +1 -0
package/providers/united-effects.js +72 -0
package/providers/vipps.d.ts +71 -0
package/providers/vipps.d.ts.map +1 -0
package/providers/vipps.js +33 -0
package/providers/vk.d.ts +334 -0
package/providers/vk.d.ts.map +1 -0
package/providers/vk.js +103 -0
package/providers/webauthn.d.ts +148 -0
package/providers/webauthn.d.ts.map +1 -0
package/providers/webauthn.js +128 -0
package/providers/webex.d.ts +78 -0
package/providers/webex.d.ts.map +1 -0
package/providers/webex.js +73 -0
package/providers/wechat.d.ts +78 -0
package/providers/wechat.d.ts.map +1 -0
package/providers/wechat.js +105 -0
package/providers/wikimedia.d.ts +99 -0
package/providers/wikimedia.d.ts.map +1 -0
package/providers/wikimedia.js +90 -0
package/providers/wordpress.d.ts +65 -0
package/providers/wordpress.d.ts.map +1 -0
package/providers/wordpress.js +71 -0
package/providers/workos.d.ts +154 -0
package/providers/workos.d.ts.map +1 -0
package/providers/workos.js +143 -0
package/providers/yandex.d.ts +131 -0
package/providers/yandex.d.ts.map +1 -0
package/providers/yandex.js +80 -0
package/providers/zitadel.d.ts +117 -0
package/providers/zitadel.d.ts.map +1 -0
package/providers/zitadel.js +95 -0
package/providers/zoho.d.ts +63 -0
package/providers/zoho.d.ts.map +1 -0
package/providers/zoho.js +79 -0
package/providers/zoom.d.ts +93 -0
package/providers/zoom.d.ts.map +1 -0
package/providers/zoom.js +82 -0
package/src/adapters/server-actions-helpers.ts +126 -0
package/src/adapters.ts +603 -0
package/src/errors.ts +551 -0
package/src/index.ts +689 -0
package/src/jwt.ts +283 -0
package/src/lib/actions/callback/handle-login.ts +334 -0
package/src/lib/actions/callback/index.ts +554 -0
package/src/lib/actions/callback/oauth/callback.ts +347 -0
package/src/lib/actions/callback/oauth/checks.ts +258 -0
package/src/lib/actions/callback/oauth/csrf-token.ts +60 -0
package/src/lib/actions/index.ts +5 -0
package/src/lib/actions/session.ts +167 -0
package/src/lib/actions/signin/authorization-url.ts +123 -0
package/src/lib/actions/signin/index.ts +37 -0
package/src/lib/actions/signin/send-token.ts +124 -0
package/src/lib/actions/signout.ts +38 -0
package/src/lib/actions/webauthn-options.ts +100 -0
package/src/lib/index.ts +97 -0
package/src/lib/init.ts +236 -0
package/src/lib/pages/error.tsx +106 -0
package/src/lib/pages/index.ts +181 -0
package/src/lib/pages/signin.tsx +255 -0
package/src/lib/pages/signout.tsx +49 -0
package/src/lib/pages/styles.css +377 -0
package/src/lib/pages/styles.ts +381 -0
package/src/lib/pages/verify-request.tsx +36 -0
package/src/lib/symbols.ts +60 -0
package/src/lib/utils/actions.ts +17 -0
package/src/lib/utils/assert.ts +259 -0
package/src/lib/utils/callback-url.ts +42 -0
package/src/lib/utils/cookie.ts +248 -0
package/src/lib/utils/date.ts +8 -0
package/src/lib/utils/email.ts +65 -0
package/src/lib/utils/env.ts +113 -0
package/src/lib/utils/logger.ts +75 -0
package/src/lib/utils/merge.ts +30 -0
package/src/lib/utils/providers.ts +203 -0
package/src/lib/utils/session.ts +41 -0
package/src/lib/utils/web.ts +151 -0
package/src/lib/utils/webauthn-client.js +229 -0
package/src/lib/utils/webauthn-utils.ts +531 -0
package/src/lib/vendored/cookie.ts +383 -0
package/src/providers/42-school.ts +256 -0
package/src/providers/apple.ts +206 -0
package/src/providers/asgardeo.ts +118 -0
package/src/providers/atlassian.ts +120 -0
package/src/providers/auth0.ts +127 -0
package/src/providers/authentik.ts +100 -0
package/src/providers/azure-ad-b2c.ts +124 -0
package/src/providers/azure-ad.ts +30 -0
package/src/providers/azure-devops.ts +184 -0
package/src/providers/bankid-no.ts +161 -0
package/src/providers/battlenet.ts +107 -0
package/src/providers/beyondidentity.ts +102 -0
package/src/providers/bitbucket.ts +122 -0
package/src/providers/box.ts +87 -0
package/src/providers/boxyhq-saml.ts +148 -0
package/src/providers/bungie.ts +192 -0
package/src/providers/click-up.ts +104 -0
package/src/providers/cognito.ts +94 -0
package/src/providers/coinbase.ts +93 -0
package/src/providers/concept2.ts +108 -0
package/src/providers/credentials.ts +157 -0
package/src/providers/descope.ts +105 -0
package/src/providers/discord.ts +176 -0
package/src/providers/dribbble.ts +122 -0
package/src/providers/dropbox.ts +102 -0
package/src/providers/duende-identity-server6.ts +101 -0
package/src/providers/email.ts +60 -0
package/src/providers/eventbrite.ts +105 -0
package/src/providers/eveonline.ts +117 -0
package/src/providers/facebook.ts +119 -0
package/src/providers/faceit.ts +90 -0
package/src/providers/figma.ts +105 -0
package/src/providers/forwardemail.ts +37 -0
package/src/providers/foursquare.ts +105 -0
package/src/providers/freshbooks.ts +90 -0
package/src/providers/frontegg.ts +111 -0
package/src/providers/fusionauth.ts +336 -0
package/src/providers/github.ts +187 -0
package/src/providers/gitlab.ts +140 -0
package/src/providers/google.ts +152 -0
package/src/providers/hubspot.ts +117 -0
package/src/providers/huggingface.ts +234 -0
package/src/providers/identity-server4.ts +78 -0
package/src/providers/index.ts +115 -0
package/src/providers/instagram.ts +103 -0
package/src/providers/kakao.ts +184 -0
package/src/providers/keycloak.ts +111 -0
package/src/providers/kinde.ts +85 -0
package/src/providers/line.ts +99 -0
package/src/providers/linkedin.ts +91 -0
package/src/providers/logto.ts +122 -0
package/src/providers/loops.ts +79 -0
package/src/providers/mailchimp.ts +90 -0
package/src/providers/mailgun.ts +98 -0
package/src/providers/mailru.ts +75 -0
package/src/providers/mastodon.ts +112 -0
package/src/providers/mattermost.ts +154 -0
package/src/providers/medium.ts +89 -0
package/src/providers/microsoft-entra-id.ts +497 -0
package/src/providers/naver.ts +102 -0
package/src/providers/netlify.ts +90 -0
package/src/providers/netsuite.ts +225 -0
package/src/providers/nextcloud.ts +207 -0
package/src/providers/nodemailer.ts +84 -0
package/src/providers/notion.ts +166 -0
package/src/providers/oauth.ts +310 -0
package/src/providers/okta.ts +111 -0
package/src/providers/onelogin.ts +75 -0
package/src/providers/ory-hydra.ts +93 -0
package/src/providers/osso.ts +91 -0
package/src/providers/osu.ts +138 -0
package/src/providers/passage.ts +103 -0
package/src/providers/passkey.ts +94 -0
package/src/providers/patreon.ts +98 -0
package/src/providers/ping-id.ts +68 -0
package/src/providers/pinterest.ts +106 -0
package/src/providers/pipedrive.ts +120 -0
package/src/providers/postmark.ts +38 -0
package/src/providers/provider-types.ts +107 -0
package/src/providers/reddit.ts +104 -0
package/src/providers/resend.ts +35 -0
package/src/providers/roblox.ts +94 -0
package/src/providers/salesforce.ts +73 -0
package/src/providers/sendgrid.ts +36 -0
package/src/providers/simplelogin.ts +107 -0
package/src/providers/slack.ts +115 -0
package/src/providers/spotify.ts +99 -0
package/src/providers/strava.ts +101 -0
package/src/providers/threads.ts +135 -0
package/src/providers/tiktok.ts +319 -0
package/src/providers/todoist.ts +122 -0
package/src/providers/trakt.ts +120 -0
package/src/providers/twitch.ts +121 -0
package/src/providers/twitter.ts +207 -0
package/src/providers/united-effects.ts +89 -0
package/src/providers/vipps.ts +86 -0
package/src/providers/vk.ts +401 -0
package/src/providers/webauthn.ts +296 -0
package/src/providers/webex.ts +102 -0
package/src/providers/wechat.ts +141 -0
package/src/providers/wikimedia.ts +258 -0
package/src/providers/wordpress.ts +86 -0
package/src/providers/workos.ts +180 -0
package/src/providers/yandex.ts +159 -0
package/src/providers/zitadel.ts +128 -0
package/src/providers/zoho.ts +84 -0
package/src/providers/zoom.ts +119 -0
package/src/types.ts +430 -0
package/src/warnings.ts +21 -0
package/types.d.ts +309 -0
package/types.d.ts.map +1 -0
package/types.js +53 -0
package/warnings.d.ts +17 -0
package/warnings.d.ts.map +1 -0
package/warnings.js +1 -0

package/src/index.ts ADDED Viewed

@@ -0,0 +1,689 @@
+/**
+ *
+ * :::warning Experimental
+ * `@mulverse/mulguard-core` is under active development.
+ * :::
+ *
+ * This is the main entry point to the MulGuard library.
+ *
+ * Based on the {@link https://developer.mozilla.org/en-US/docs/Web/API/Request Request}
+ * and {@link https://developer.mozilla.org/en-US/docs/Web/API/Response Response} Web standard APIs.
+ * Primarily used to implement framework-specific packages,
+ * but it can also be used directly.
+ *
+ * ## Installation
+ *
+ * ```bash npm2yarn
+ * npm install @mulverse/mulguard-core
+ * ```
+ *
+ * ## Usage
+ *
+ * ```ts
+ * import { Auth } from "@mulverse/mulguard-core"
+ *
+ * const request = new Request("https://example.com")
+ * const response = await Auth(request, {...})
+ *
+ * console.log(response instanceof Response) // true
+ * ```
+ *
+ * ## Resources
+ *
+ * - [Getting started](https://authjs.dev/getting-started)
+ * - [Guides](https://authjs.dev/guides)
+ *
+ * @module @mulverse/mulguard-core
+ */
+import { assertConfig } from "./lib/utils/assert.js"
+import {
+  AuthError,
+  CredentialsSignin,
+  ErrorPageLoop,
+  isClientError,
+} from "./errors.js"
+import { AuthInternal, raw, skipCSRFCheck } from "./lib/index.js"
+import { setEnvDefaults, createActionURL } from "./lib/utils/env.js"
+import renderPage from "./lib/pages/index.js"
+import { setLogger, type LoggerInstance } from "./lib/utils/logger.js"
+import { toInternalRequest, toResponse } from "./lib/utils/web.js"
+import type { Adapter, AdapterSession, AdapterUser, ServerActionsAdapter } from "./adapters.js"
+import type {
+  Account,
+  AuthAction,
+  Awaitable,
+  CookiesOptions,
+  DefaultSession,
+  PagesOptions,
+  Profile,
+  ResponseInternal,
+  Session,
+  Theme,
+  User,
+} from "./types.js"
+import type { CredentialInput, Provider } from "./providers/index.js"
+import { JWT, JWTOptions } from "./jwt.js"
+import { isAuthAction } from "./lib/utils/actions.js"
+export { customFetch } from "./lib/symbols.js"
+export { skipCSRFCheck, raw, setEnvDefaults, createActionURL, isAuthAction }
+export async function Auth(
+  request: Request,
+  config: AuthConfig & { raw: typeof raw }
+): Promise<ResponseInternal>
+export async function Auth(
+  request: Request,
+  config: Omit<AuthConfig, "raw">
+): Promise<Response>
+/**
+ * Core functionality provided by Auth.js.
+ *
+ * Receives a standard {@link Request} and returns a {@link Response}.
+ *
+ * @example
+ * ```ts
+ * import { Auth } from "@mulverse/mulguard-core"
+ *
+ * const request = new Request("https://example.com")
+ * const response = await Auth(request, {
+ *   providers: [Google],
+ *   secret: "...",
+ *   trustHost: true,
+ * })
+ *```
+ * @see [Documentation](https://authjs.dev)
+ */
+export async function Auth(
+  request: Request,
+  config: AuthConfig
+): Promise<Response | ResponseInternal> {
+  const logger = setLogger(config)
+  const internalRequest = await toInternalRequest(request, config)
+  // There was an error parsing the request
+  if (!internalRequest) return Response.json(`Bad request.`, { status: 400 })
+  const warningsOrError = assertConfig(internalRequest, config)
+  if (Array.isArray(warningsOrError)) {
+    warningsOrError.forEach(logger.warn)
+  } else if (warningsOrError) {
+    // If there's an error in the user config, bail out early
+    logger.error(warningsOrError)
+    const htmlPages = new Set<AuthAction>([
+      "signin",
+      "signout",
+      "error",
+      "verify-request",
+    ])
+    if (
+      !htmlPages.has(internalRequest.action) ||
+      internalRequest.method !== "GET"
+    ) {
+      const message =
+        "There was a problem with the server configuration. Check the server logs for more information."
+      return Response.json({ message }, { status: 500 })
+    }
+    const { pages, theme } = config
+    // If this is true, the config required auth on the error page
+    // which could cause a redirect loop
+    const authOnErrorPage =
+      pages?.error &&
+      internalRequest.url.searchParams
+        .get("callbackUrl")
+        ?.startsWith(pages.error)
+    // Either there was no error page configured or the configured one contains infinite redirects
+    if (!pages?.error || authOnErrorPage) {
+      if (authOnErrorPage) {
+        logger.error(
+          new ErrorPageLoop(
+            `The error page ${pages?.error} should not require authentication`
+          )
+        )
+      }
+      const page = renderPage({ theme }).error("Configuration")
+      return toResponse(page)
+    }
+    const url = `${internalRequest.url.origin}${pages.error}?error=Configuration`
+    return Response.redirect(url)
+  }
+  const isRedirect = request.headers?.has("X-Auth-Return-Redirect")
+  const isRaw = config.raw === raw
+  try {
+    const internalResponse = await AuthInternal(internalRequest, config)
+    if (isRaw) return internalResponse
+    const response = toResponse(internalResponse)
+    const url = response.headers.get("Location")
+    if (!isRedirect || !url) return response
+    return Response.json({ url }, { headers: response.headers })
+  } catch (e) {
+    const error = e as Error
+    logger.error(error)
+    const isAuthError = error instanceof AuthError
+    if (isAuthError && isRaw && !isRedirect) throw error
+    // If the CSRF check failed for POST/session, return a 400 status code.
+    // We should not redirect to a page as this is an API route
+    if (request.method === "POST" && internalRequest.action === "session")
+      return Response.json(null, { status: 400 })
+    const isClientSafeErrorType = isClientError(error)
+    const type = isClientSafeErrorType ? error.type : "Configuration"
+    const params = new URLSearchParams({ error: type })
+    if (error instanceof CredentialsSignin) params.set("code", error.code)
+    const pageKind = (isAuthError && error.kind) || "error"
+    const pagePath =
+      config.pages?.[pageKind] ?? `${config.basePath}/${pageKind.toLowerCase()}`
+    const url = `${internalRequest.url.origin}${pagePath}?${params}`
+    if (isRedirect) return Response.json({ url })
+    return Response.redirect(url)
+  }
+}
+/**
+ * Configure the {@link Auth} method.
+ *
+ * @example
+ * ```ts
+ * import Auth, { type AuthConfig } from "@mulverse/mulguard-core"
+ *
+ * export const authConfig: AuthConfig = {...}
+ *
+ * const request = new Request("https://example.com")
+ * const response = await AuthHandler(request, authConfig)
+ * ```
+ *
+ * @see [Initialization](https://authjs.dev/reference/core/types#authconfig)
+ */
+export interface AuthConfig {
+  /**
+   * List of authentication providers for signing in
+   * (e.g. Google, Facebook, Twitter, GitHub, Email, etc) in any order.
+   * This can be one of the built-in providers or an object with a custom provider.
+   *
+   * @default []
+   */
+  providers: Provider[]
+  /**
+   * A random string used to hash tokens, sign cookies and generate cryptographic keys.
+   *
+   * To generate a random string, you can use the Auth.js CLI: `npx auth secret`
+   *
+   * @note
+   * You can also pass an array of secrets, in which case the first secret that successfully
+   * decrypts the JWT will be used. This is useful for rotating secrets without invalidating existing sessions.
+   * The newer secret should be added to the start of the array, which will be used for all new sessions.
+   *
+   */
+  secret?: string | string[]
+  /**
+   * Configure your session like if you want to use JWT or a database,
+   * how long until an idle session expires, or to throttle write operations in case you are using a database.
+   */
+  session?: {
+    /**
+     * Choose how you want to save the user session.
+     * The default is `"jwt"`, an encrypted JWT (JWE) in the session cookie.
+     *
+     * If you use an `adapter` however, we default it to `"database"` instead.
+     * You can still force a JWT session by explicitly defining `"jwt"`.
+     *
+     * When using `"database"`, the session cookie will only contain a `sessionToken` value,
+     * which is used to look up the session in the database.
+     *
+     * [Documentation](https://authjs.dev/reference/core#authconfig#session) | [Adapter](https://authjs.dev/reference/core#authconfig#adapter) | [About JSON Web Tokens](https://authjs.dev/concepts/session-strategies#jwt-session)
+     */
+    strategy?: "jwt" | "database"
+    /**
+     * Relative time from now in seconds when to expire the session
+     *
+     * @default 2592000 // 30 days
+     */
+    maxAge?: number
+    /**
+     * How often the session should be updated in seconds.
+     * If set to `0`, session is updated every time.
+     *
+     * @default 86400 // 1 day
+     */
+    updateAge?: number
+    /**
+     * Generate a custom session token for database-based sessions.
+     * By default, a random UUID or string is generated depending on the Node.js version.
+     * However, you can specify your own custom string (such as CUID) to be used.
+     *
+     * @default `randomUUID` or `randomBytes.toHex` depending on the Node.js version
+     */
+    generateSessionToken?: () => string
+  }
+  /**
+   * JSON Web Tokens are enabled by default if you have not specified an {@link AuthConfig.adapter}.
+   * JSON Web Tokens are encrypted (JWE) by default. We recommend you keep this behaviour.
+   */
+  jwt?: Partial<JWTOptions>
+  /**
+   * Specify URLs to be used if you want to create custom sign in, sign out and error pages.
+   * Pages specified will override the corresponding built-in page.
+   *
+   * @default {}
+   * @example
+   *
+   * ```ts
+   *   pages: {
+   *     signIn: '/auth/signin',
+   *     signOut: '/auth/signout',
+   *     error: '/auth/error',
+   *     verifyRequest: '/auth/verify-request',
+   *     newUser: '/auth/new-user'
+   *   }
+   * ```
+   */
+  pages?: Partial<PagesOptions>
+  /**
+   * Callbacks are asynchronous functions you can use to control what happens when an action is performed.
+   * Callbacks are *extremely powerful*, especially in scenarios involving JSON Web Tokens
+   * as they **allow you to implement access controls without a database** and to **integrate with external databases or APIs**.
+   */
+  callbacks?: {
+    /**
+     * Controls whether a user is allowed to sign in or not.
+     * Returning `true` continues the sign-in flow.
+     * Returning `false` or throwing an error will stop the sign-in flow and redirect the user to the error page.
+     * Returning a string will redirect the user to the specified URL.
+     *
+     * Unhandled errors will throw an `AccessDenied` with the message set to the original error.
+     *
+     * [`AccessDenied`](https://authjs.dev/reference/core/errors#accessdenied)
+     *
+     * @example
+     * ```ts
+     * callbacks: {
+     *  async signIn({ profile }) {
+     *   // Only allow sign in for users with email addresses ending with "yourdomain.com"
+     *   return profile?.email?.endsWith("@yourdomain.com")
+     *  }
+     * }
+     * ```
+     */
+    signIn?: (params: {
+      user: User | AdapterUser
+      account?: Account | null
+      /**
+       * If OAuth provider is used, it contains the full
+       * OAuth profile returned by your provider.
+       */
+      profile?: Profile
+      /**
+       * If Email provider is used, on the first call, it contains a
+       * `verificationRequest: true` property to indicate it is being triggered in the verification request flow.
+       * When the callback is invoked after a user has clicked on a sign in link,
+       * this property will not be present. You can check for the `verificationRequest` property
+       * to avoid sending emails to addresses or domains on a blocklist or to only explicitly generate them
+       * for email address in an allow list.
+       */
+      email?: {
+        verificationRequest?: boolean
+      }
+      /** If Credentials provider is used, it contains the user credentials */
+      credentials?: Record<string, CredentialInput>
+    }) => Awaitable<boolean | string>
+    /**
+     * This callback is called anytime the user is redirected to a callback URL (i.e. on signin or signout).
+     * By default only URLs on the same host as the origin are allowed.
+     * You can use this callback to customise that behaviour.
+     *
+     * [Documentation](https://authjs.dev/reference/core/types#redirect)
+     *
+     * @example
+     * callbacks: {
+     *   async redirect({ url, baseUrl }) {
+     *     // Allows relative callback URLs
+     *     if (url.startsWith("/")) return `${baseUrl}${url}`
+     *
+     *     // Allows callback URLs on the same origin
+     *     if (new URL(url).origin === baseUrl) return url
+     *
+     *     return baseUrl
+     *   }
+     * }
+     */
+    redirect?: (params: {
+      /** URL provided as callback URL by the client */
+      url: string
+      /** Default base URL of site (can be used as fallback) */
+      baseUrl: string
+    }) => Awaitable<string>
+    /**
+     * This callback is called whenever a session is checked.
+     * (i.e. when invoking the `/api/session` endpoint, using `useSession` or `getSession`).
+     * The return value will be exposed to the client, so be careful what you return here!
+     * If you want to make anything available to the client which you've added to the token
+     * through the JWT callback, you have to explicitly return it here as well.
+     *
+     * :::note
+     * ⚠ By default, only a subset (email, name, image)
+     * of the token is returned for increased security.
+     * :::
+     *
+     * The token argument is only available when using the jwt session strategy, and the
+     * user argument is only available when using the database session strategy.
+     *
+     * [`jwt` callback](https://authjs.dev/reference/core/types#jwt)
+     *
+     * @example
+     * ```ts
+     * callbacks: {
+     *   async session({ session, token, user }) {
+     *     // Send properties to the client, like an access_token from a provider.
+     *     session.accessToken = token.accessToken
+     *
+     *     return session
+     *   }
+     * }
+     * ```
+     */
+    session?: (
+      params: ({
+        session: { user: AdapterUser } & AdapterSession
+        /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */
+        user: AdapterUser
+      } & {
+        session: Session
+        /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */
+        token: JWT
+      }) & {
+        /**
+         * Available when using {@link AuthConfig.session} `strategy: "database"` and an update is triggered for the session.
+         *
+         * :::note
+         * You should validate this data before using it.
+         * :::
+         */
+        newSession: any
+        trigger?: "update"
+      }
+    ) => Awaitable<Session | DefaultSession>
+    /**
+     * This callback is called whenever a JSON Web Token is created (i.e. at sign in)
+     * or updated (i.e whenever a session is accessed in the client). Anything you
+     * return here will be saved in the JWT and forwarded to the session callback.
+     * There you can control what should be returned to the client. Anything else
+     * will be kept from your frontend. The JWT is encrypted by default via your
+     * AUTH_SECRET environment variable.
+     *
+     * [`session` callback](https://authjs.dev/reference/core/types#session)
+     */
+    jwt?: (params: {
+      /**
+       * When `trigger` is `"signIn"` or `"signUp"`, it will be a subset of {@link JWT},
+       * `name`, `email` and `image` will be included.
+       *
+       * Otherwise, it will be the full {@link JWT} for subsequent calls.
+       */
+      token: JWT
+      /**
+       * Either the result of the {@link OAuthConfig.profile} or the {@link CredentialsConfig.authorize} callback.
+       * @note available when `trigger` is `"signIn"` or `"signUp"`.
+       *
+       * Resources:
+       * - [Credentials Provider](https://authjs.dev/getting-started/authentication/credentials)
+       * - [User database model](https://authjs.dev/guides/creating-a-database-adapter#user-management)
+       */
+      user: User | AdapterUser
+      /**
+       * Contains information about the provider that was used to sign in.
+       * Also includes {@link TokenSet}
+       * @note available when `trigger` is `"signIn"` or `"signUp"`
+       */
+      account?: Account | null
+      /**
+       * The OAuth profile returned from your provider.
+       * (In case of OIDC it will be the decoded ID Token or /userinfo response)
+       * @note available when `trigger` is `"signIn"`.
+       */
+      profile?: Profile
+      /**
+       * Check why was the jwt callback invoked. Possible reasons are:
+       * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present.
+       * - user sign-up: a user is created for the first time in the database (when {@link AuthConfig.session}.strategy is set to `"database"`)
+       * - update event: Triggered by the `useSession().update` method.
+       * In case of the latter, `trigger` will be `undefined`.
+       */
+      trigger?: "signIn" | "signUp" | "update"
+      /** @deprecated use `trigger === "signUp"` instead */
+      isNewUser?: boolean
+      /**
+       * When using {@link AuthConfig.session} `strategy: "jwt"`, this is the data
+       * sent from the client via the `useSession().update` method.
+       *
+       * ⚠ Note, you should validate this data before using it.
+       */
+      session?: any
+    }) => Awaitable<JWT | null>
+  }
+  /**
+   * Events are asynchronous functions that do not return a response, they are useful for audit logging.
+   * You can specify a handler for any of these events below - e.g. for debugging or to create an audit log.
+   * The content of the message object varies depending on the flow
+   * (e.g. OAuth or Email authentication flow, JWT or database sessions, etc),
+   * but typically contains a user object and/or contents of the JSON Web Token
+   * and other information relevant to the event.
+   *
+   * @default {}
+   */
+  events?: {
+    /**
+     * If using a `credentials` type auth, the user is the raw response from your
+     * credential provider.
+     * For other providers, you'll get the User object from your adapter, the account,
+     * and an indicator if the user was new to your Adapter.
+     */
+    signIn?: (message: {
+      user: User
+      account?: Account | null
+      profile?: Profile
+      isNewUser?: boolean
+    }) => Awaitable<void>
+    /**
+     * The message object will contain one of these depending on
+     * if you use JWT or database persisted sessions:
+     * - `token`: The JWT for this session.
+     * - `session`: The session object from your adapter that is being ended.
+     */
+    signOut?: (
+      message:
+        | { session: Awaited<ReturnType<Required<Adapter>["deleteSession"]>> }
+        | { token: Awaited<ReturnType<JWTOptions["decode"]>> }
+    ) => Awaitable<void>
+    createUser?: (message: { user: User }) => Awaitable<void>
+    updateUser?: (message: { user: User }) => Awaitable<void>
+    linkAccount?: (message: {
+      user: User | AdapterUser
+      account: Account
+      profile: User | AdapterUser
+    }) => Awaitable<void>
+    /**
+     * The message object will contain one of these depending on
+     * if you use JWT or database persisted sessions:
+     * - `token`: The JWT for this session.
+     * - `session`: The session object from your adapter.
+     */
+    session?: (message: { session: Session; token: JWT }) => Awaitable<void>
+  }
+  /** You can use the adapter option to pass in your database adapter. */
+  adapter?: Adapter
+  /**
+   * Server Actions Adapter allows you to use server actions instead of database adapters.
+   * This enables a backend-first architecture where authentication operations are handled
+   * through server actions that can call your backend API.
+   *
+   * @example
+   * ```ts
+   * import MulGuard from "mulguard"
+   * import { signinApiV1AuthLoginCredentialsPost } from "./authentication"
+   *
+   * export const { handlers, auth } = MulGuard({
+   *   serverActions: {
+   *     getUser: async (id) => {
+   *       const profile = await getProfileApiV1AuthMeGet()
+   *       return transformToAdapterUser(profile)
+   *     },
+   *   }
+   * })
+   * ```
+   *
+   * @note If both `adapter` and `serverActions` are provided, `adapter` takes precedence.
+   */
+  serverActions?: ServerActionsAdapter
+  /**
+   * Set debug to true to enable debug messages for authentication and database operations.
+   *
+   * - ⚠ If you added a custom {@link AuthConfig.logger}, this setting is ignored.
+   *
+   * @default false
+   */
+  debug?: boolean
+  /**
+   * Override any of the logger levels (`undefined` levels will use the built-in logger),
+   * and intercept logs in MulGuard. You can use this option to send MulGuard logs to a third-party logging service.
+   *
+   * @example
+   *
+   * ```ts
+   * // /auth.ts
+   * import log from "logging-service"
+   *
+   * export const { handlers, auth, signIn, signOut } = MulGuard({
+   *   logger: {
+   *     error(code, ...message) {
+   *       log.error(code, message)
+   *     },
+   *     warn(code, ...message) {
+   *       log.warn(code, message)
+   *     },
+   *     debug(code, ...message) {
+   *       log.debug(code, message)
+   *     }
+   *   }
+   * })
+   * ```
+   *
+   * - ⚠ When set, the {@link AuthConfig.debug} option is ignored
+   *
+   * @default console
+   */
+  logger?: Partial<LoggerInstance>
+  /** Changes the theme of built-in {@link AuthConfig.pages}. */
+  theme?: Theme
+  /**
+   * When set to `true` then all cookies set by MulGuard will only be accessible from HTTPS URLs.
+   * This option defaults to `false` on URLs that start with `http://` (e.g. http://localhost:3000) for developer convenience.
+   * You can manually set this option to `false` to disable this security feature and allow cookies
+   * to be accessible from non-secured URLs (this is not recommended).
+   *
+   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
+   * but **may have complex implications** or side effects.
+   * You should **try to avoid using advanced options** unless you are very comfortable using them.
+   *
+   * The default is `false` HTTP and `true` for HTTPS sites.
+   */
+  useSecureCookies?: boolean
+  /**
+   * You can override the default cookie names and options for any of the cookies used by Auth.js.
+   * You can specify one or more cookies with custom properties
+   * and missing options will use the default values defined by Auth.js.
+   * If you use this feature, you will likely want to create conditional behavior
+   * to support setting different cookies policies in development and production builds,
+   * as you will be opting out of the built-in dynamic policy.
+   *
+   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
+   * but **may have complex implications** or side effects.
+   * You should **try to avoid using advanced options** unless you are very comfortable using them.
+   *
+   * @default {}
+   */
+  cookies?: Partial<CookiesOptions>
+  /**
+   * Auth.js relies on the incoming request's `host` header to function correctly. For this reason this property needs to be set to `true`.
+   *
+   * Make sure that your deployment platform sets the `host` header safely.
+   *
+   * :::note
+   * Official Auth.js-based libraries will attempt to set this value automatically for some deployment platforms (eg.: Vercel) that are known to set the `host` header safely.
+   * :::
+   */
+  trustHost?: boolean
+  skipCSRFCheck?: typeof skipCSRFCheck
+  raw?: typeof raw
+  /**
+   * When set, during an OAuth sign-in flow,
+   * the `redirect_uri` of the authorization request
+   * will be set based on this value.
+   *
+   * This is useful if your OAuth Provider only supports a single `redirect_uri`
+   * or you want to use OAuth on preview URLs (like Vercel), where you don't know the final deployment URL beforehand.
+   *
+   * The url needs to include the full path up to where Auth.js is initialized.
+   *
+   * @note This will auto-enable the `state` {@link OAuth2Config.checks} on the provider.
+   *
+   * @example
+   * ```
+   * "https://authjs.example.com/api/auth"
+   * ```
+   *
+   * You can also override this individually for each provider.
+   *
+   * @example
+   * ```ts
+   * GitHub({
+   *   ...
+   *   redirectProxyUrl: "https://github.example.com/api/auth"
+   * })
+   * ```
+   *
+   * @default `AUTH_REDIRECT_PROXY_URL` environment variable
+   *
+   * See also: [Guide: Securing a Preview Deployment](https://authjs.dev/getting-started/deployment#securing-a-preview-deployment)
+   */
+  redirectProxyUrl?: string
+  /**
+   * Use this option to enable experimental features.
+   * When enabled, it will print a warning message to the console.
+   * @note Experimental features are not guaranteed to be stable and may change or be removed without notice. Please use with caution.
+   * @default {}
+   */
+  experimental?: {
+    /**
+     * Enable WebAuthn support.
+     *
+     * @default false
+     */
+    enableWebAuthn?: boolean
+  }
+  /**
+   * The base path of the Auth.js API endpoints.
+   *
+   * @default "/api/auth" in "mulguard"; "/auth" with all other frameworks
+   */
+  basePath?: string
+}