@robelest/convex-auth 0.0.2-preview.0 → 0.0.2-preview.2

package/src/server/implementation/index.ts

@@ -1,19 +1,17 @@
 import { OAuth2Config, OAuthConfig } from "@auth/core/providers";
 import {
   Auth,
-  DocumentByName,
   GenericActionCtx,
   GenericDataModel,
   HttpRouter,
-  WithoutSystemFields,
   actionGeneric,
   httpActionGeneric,
   internalMutationGeneric,
 } from "convex/server";
-import { ConvexError, GenericId, Value, v } from "convex/values";
+import { ConvexError, GenericId, v } from "convex/values";
 import { parse as parseCookies, serialize as serializeCookie } from "cookie";
 import { redirectToParamCookie, useRedirectToParam } from "../cookies.js";
-import { FunctionReferenceFromExport, GenericDoc } from "../convex_types.js";
+import { FunctionReferenceFromExport } from "../convex_types.js";
 import {
   configDefaults,
   listAvailableProviders,
@@ -22,11 +20,10 @@ import {
 import {
   AuthProviderConfig,
   ConvexAuthConfig,
-  GenericActionCtxWithAuthConfig,
 } from "../types.js";
 import { requireEnv } from "../utils.js";
 import { ActionCtx, MutationCtx, Tokens } from "./types.js";
-export { authTables, Doc, Tokens } from "./types.js";
+export { Doc, Tokens } from "./types.js";
 import {
   LOG_LEVELS,
   TOKEN_SUB_CLAIM_DIVIDER,
@@ -53,7 +50,6 @@ import {
   oAuthConfigToInternalProvider,
 } from "../oauth/convexAuth.js";
 import { handleOAuth } from "../oauth/callback.js";
-export { getAuthSessionId } from "./sessions.js";
 
 /**
  * The type of the signIn Convex Action returned from the auth() helper.
@@ -80,8 +76,10 @@ export type SignOutAction = FunctionReferenceFromExport<
  *
  * ```ts filename="convex/auth.ts"
  * import { Auth } from "@robelest/convex-auth/component";
+ * import { components } from "./_generated/api";
  *
  * export const { auth, signIn, signOut, store } = Auth({
+ *   component: components.auth,
  *   providers: [],
  * });
  * ```
@@ -116,26 +114,32 @@ export function Auth(config_: ConvexAuthConfig) {
     }
     return provider;
   };
-  const enrichCtx = <DataModel extends GenericDataModel>(
-    ctx: GenericActionCtx<DataModel>,
-  ) => ({ ...ctx, auth: { ...ctx.auth, config } });
-  const requireComponent = () => {
-    if (config.component === undefined) {
-      throw new Error(
-        "Auth component is not configured. Pass `component: components.auth` in Auth config.",
-      );
-    }
-    return config.component;
-  };
   type ComponentCtx = Pick<
     GenericActionCtx<GenericDataModel>,
     "runQuery" | "runMutation"
   >;
   type ComponentReadCtx = Pick<GenericActionCtx<GenericDataModel>, "runQuery">;
   type ComponentAuthReadCtx = ComponentReadCtx & { auth: Auth };
+  type AccountCredentials = { id: string; secret?: string };
+  type CreateAccountArgs = {
+    provider: string;
+    account: AccountCredentials;
+    profile: Record<string, unknown>;
+    shouldLinkViaEmail?: boolean;
+    shouldLinkViaPhone?: boolean;
+  };
+  type RetrieveAccountArgs = { provider: string; account: AccountCredentials };
+  type UpdateAccountCredentialsArgs = {
+    provider: string;
+    account: { id: string; secret: string };
+  };
 
   const auth = {
     user: {
+      /**
+       * Get the current user's ID from the auth context, or `null` if
+       * not signed in.
+       */
       current: async (ctx: { auth: Auth }) => {
         const identity = await ctx.auth.getUserIdentity();
         if (identity === null) {
@@ -144,6 +148,10 @@ export function Auth(config_: ConvexAuthConfig) {
         const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
         return userId as GenericId<"user">;
       },
+      /**
+       * Get the current user's ID, or throw if not signed in.
+       * Use this when authentication is required.
+       */
       require: async (ctx: { auth: Auth }) => {
         const identity = await ctx.auth.getUserIdentity();
         if (identity === null) {
@@ -152,127 +160,383 @@ export function Auth(config_: ConvexAuthConfig) {
         const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
         return userId as GenericId<"user">;
       },
+      /**
+       * Retrieve a user document by their ID.
+       */
       get: async (ctx: ComponentReadCtx, userId: string) => {
-        const component = requireComponent();
-        return await ctx.runQuery(component.public.userGetById, { userId });
+        return await ctx.runQuery(config.component.public.userGetById, { userId });
       },
+      /**
+       * Get the currently signed-in user's document, or `null` if not
+       * signed in. Convenience method combining `current` + `get`.
+       */
       viewer: async (ctx: ComponentAuthReadCtx) => {
         const userId = await auth.user.current(ctx);
         if (userId === null) {
           return null;
         }
-        const component = requireComponent();
-        return await ctx.runQuery(component.public.userGetById, { userId });
+        return await ctx.runQuery(config.component.public.userGetById, { userId });
+      },
+      /**
+       * Query a user's group memberships.
+       */
+      group: {
+        /**
+         * List all groups a user belongs to. Returns member records which
+         * include the `groupId`, `role`, `status`, and `extend` for each.
+         */
+        list: async (ctx: ComponentReadCtx, opts: { userId: string }) => {
+          return await ctx.runQuery(config.component.public.memberListByUser, opts);
+        },
+        /**
+         * Look up a user's membership in a specific group. Returns the member
+         * record (with role, status, extend) or `null` if the user is not
+         * a member.
+         */
+        get: async (
+          ctx: ComponentReadCtx,
+          opts: { userId: string; groupId: string },
+        ) => {
+          return await ctx.runQuery(
+            config.component.public.memberGetByGroupAndUser,
+            opts,
+          );
+        },
+      },
+    },
+    session: {
+      /**
+       * Get the current session ID from the auth context, or `null` if
+       * not signed in.
+       */
+      current: async (ctx: { auth: Auth }) => {
+        const identity = await ctx.auth.getUserIdentity();
+        if (identity === null) {
+          return null;
+        }
+        const [, sessionId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
+        return sessionId as GenericId<"session">;
+      },
+      /**
+       * Invalidate sessions for a user, optionally preserving specific sessions.
+       */
+      invalidate: async <DataModel extends GenericDataModel>(
+        ctx: GenericActionCtx<DataModel>,
+        args: {
+          userId: GenericId<"user">;
+          except?: GenericId<"session">[];
+        },
+      ): Promise<void> => {
+        const actionCtx = ctx as unknown as ActionCtx;
+        return await callInvalidateSessions(actionCtx, args);
+      },
+    },
+    account: {
+      /**
+       * Create an account and user for a credentials provider.
+       */
+      create: async <DataModel extends GenericDataModel>(
+        ctx: GenericActionCtx<DataModel>,
+        args: CreateAccountArgs,
+      ) => {
+        const actionCtx = ctx as unknown as ActionCtx;
+        return await callCreateAccountFromCredentials(actionCtx, args as any);
+      },
+      /**
+       * Retrieve an account and user for a credentials provider.
+       */
+      get: async <DataModel extends GenericDataModel>(
+        ctx: GenericActionCtx<DataModel>,
+        args: RetrieveAccountArgs,
+      ) => {
+        const actionCtx = ctx as unknown as ActionCtx;
+        const result = await callRetreiveAccountWithCredentials(actionCtx, args);
+        if (typeof result === "string") {
+          throw new Error(result);
+        }
+        return result;
+      },
+      /**
+       * Update credentials for an existing account.
+       */
+      updateCredentials: async <DataModel extends GenericDataModel>(
+        ctx: GenericActionCtx<DataModel>,
+        args: UpdateAccountCredentialsArgs,
+      ): Promise<void> => {
+        const actionCtx = ctx as unknown as ActionCtx;
+        return await callModifyAccount(actionCtx, args);
+      },
+    },
+    provider: {
+      /**
+       * Sign in via another provider, typically from a credentials flow.
+       */
+      signIn: async <DataModel extends GenericDataModel>(
+        ctx: GenericActionCtx<DataModel>,
+        provider: AuthProviderConfig,
+        args: {
+          accountId?: GenericId<"account">;
+          params?: Record<string, unknown>;
+        },
+      ) => {
+        const result = await signInImpl(
+          enrichCtx(ctx),
+          materializeProvider(provider),
+          args as any,
+          {
+            generateTokens: false,
+            allowExtraProviders: true,
+          },
+        );
+        return result.kind === "signedIn"
+          ? result.signedIn !== null
+            ? { userId: result.signedIn.userId, sessionId: result.signedIn.sessionId }
+            : null
+          : null;
       },
     },
-    organization: {
+    /**
+     * Hierarchical group management. Groups can nest arbitrarily deep
+     * via `parentGroupId`. A root group has no parent.
+     *
+     * ```ts
+     * const groupId = await auth.group.create(ctx, { name: "Acme Corp" });
+     * const subGroupId = await auth.group.create(ctx, {
+     *   name: "Engineering",
+     *   parentGroupId: groupId,
+     * });
+     * ```
+     */
+    group: {
+      /**
+       * Create a new group. Omit `parentGroupId` for a root-level group,
+       * or provide it to create a nested group.
+       *
+       * @returns The ID of the newly created group.
+       */
       create: async (
         ctx: ComponentCtx,
-        data: Record<string, unknown>,
+        data: {
+          name: string;
+          slug?: string;
+          parentGroupId?: string;
+          extend?: Record<string, unknown>;
+        },
       ): Promise<string> => {
-        const component = requireComponent();
-        return (await ctx.runMutation(component.public.organizationCreate!, {
+        return (await ctx.runMutation(
+          config.component.public.groupCreate,
           data,
-        })) as string;
+        )) as string;
       },
-      get: async (ctx: ComponentCtx, organizationId: string) => {
-        const component = requireComponent();
-        return await ctx.runQuery(component.public.organizationGet!, {
-          organizationId,
-        });
+      /**
+       * Retrieve a group by its ID. Returns `null` if not found.
+       */
+      get: async (ctx: ComponentReadCtx, groupId: string) => {
+        return await ctx.runQuery(config.component.public.groupGet, { groupId });
       },
-      list: async (
-        ctx: ComponentCtx,
-        ownerUserId?: string,
-      ) => {
-        const component = requireComponent();
-        return await ctx.runQuery(component.public.organizationList!, {
-          ownerUserId,
+      /**
+       * List groups. When `parentGroupId` is provided, returns children of
+       * that group. When omitted, returns root-level groups (no parent).
+       */
+      list: async (ctx: ComponentReadCtx, opts?: { parentGroupId?: string }) => {
+        return await ctx.runQuery(config.component.public.groupList, {
+          parentGroupId: opts?.parentGroupId,
         });
       },
+      /**
+       * Update a group's fields (name, slug, extend, parentGroupId).
+       */
       update: async (
         ctx: ComponentCtx,
-        organizationId: string,
+        groupId: string,
         data: Record<string, unknown>,
       ) => {
-        const component = requireComponent();
-        await ctx.runMutation(component.public.organizationUpdate!, {
-          organizationId,
-          data,
-        });
+        await ctx.runMutation(config.component.public.groupUpdate, { groupId, data });
       },
-      delete: async (ctx: ComponentCtx, organizationId: string) => {
-        const component = requireComponent();
-        await ctx.runMutation(component.public.organizationDelete!, {
-          organizationId,
-        });
+      /**
+       * Delete a group and cascade to all descendants. Deletes child groups
+       * (recursively), all members, and all invites for this group and its
+       * descendants.
+       */
+      delete: async (ctx: ComponentCtx, groupId: string) => {
+        await ctx.runMutation(config.component.public.groupDelete, { groupId });
       },
+
+      /**
+       * Manage group membership. A member links a user to a group with an
+       * application-defined role string (e.g. "owner", "admin", "member").
+       *
+       * The auth component stores roles but does not enforce access control.
+       * Your application defines what each role means.
+       */
       member: {
+        /**
+         * Add a user as a member of a group.
+         *
+         * @param data.groupId - The group to add the member to.
+         * @param data.userId - The user to add.
+         * @param data.role - Application-defined role (e.g. "owner", "admin", "member").
+         * @param data.status - Optional membership status (e.g. "active", "suspended").
+         * @param data.extend - Optional arbitrary JSON extension data.
+         * @throws ConvexError with code `DUPLICATE_MEMBERSHIP` if the user is
+         * already a member of the target group.
+         * @returns The ID of the new member record.
+         */
         add: async (
           ctx: ComponentCtx,
-          data: Record<string, unknown>,
+          data: {
+            groupId: string;
+            userId: string;
+            role?: string;
+            status?: string;
+            extend?: Record<string, unknown>;
+          },
         ): Promise<string> => {
-          const component = requireComponent();
-          return (await ctx.runMutation(component.public.memberAdd!, {
+          return (await ctx.runMutation(
+            config.component.public.memberAdd,
             data,
-          })) as string;
+          )) as string;
+        },
+        /**
+         * Retrieve a member record by its ID. Returns `null` if not found.
+         */
+        get: async (ctx: ComponentReadCtx, memberId: string) => {
+          return await ctx.runQuery(config.component.public.memberGet, { memberId });
         },
+        /**
+         * List all members of a group.
+         */
+        list: async (ctx: ComponentReadCtx, opts: { groupId: string }) => {
+          return await ctx.runQuery(config.component.public.memberList, opts);
+        },
+        /**
+         * Remove a member from a group by deleting the member record.
+         */
         remove: async (ctx: ComponentCtx, memberId: string) => {
-          const component = requireComponent();
-          await ctx.runMutation(component.public.memberRemove!, { memberId });
+          await ctx.runMutation(config.component.public.memberRemove, { memberId });
         },
-        list: async (
+        /**
+         * Update a member's fields (role, status, extend).
+         *
+         * ```ts
+         * await auth.group.member.update(ctx, memberId, { role: "admin" });
+         * ```
+         */
+        update: async (
           ctx: ComponentCtx,
-          args: { organizationId: string; teamId?: string },
+          memberId: string,
+          data: Record<string, unknown>,
         ) => {
-          const component = requireComponent();
-          return await ctx.runQuery(component.public.memberList!, args);
-        },
-        role: {
-          set: async (ctx: ComponentCtx, memberId: string, role: string) => {
-            const component = requireComponent();
-            await ctx.runMutation(component.public.memberRoleSet!, {
-              memberId,
-              role,
-            });
-          },
-          get: async (ctx: ComponentCtx, memberId: string) => {
-            const component = requireComponent();
-            return await ctx.runQuery(component.public.memberRoleGet!, {
-              memberId,
-            });
-          },
+          await ctx.runMutation(config.component.public.memberUpdate, {
+            memberId,
+            data,
+          });
         },
       },
+
     },
+    /**
+     * Manage platform-level invitations.
+     *
+     * Invites can optionally target a group by setting `groupId`, but they do
+     * not require groups and can be used in apps with user-only collaboration.
+     */
     invite: {
+      /**
+       * Create a new invitation.
+       *
+       * @param data.groupId - Optional group to invite the user into.
+       * @param data.invitedByUserId - The user sending the invitation.
+       * @param data.email - The email address of the invitee.
+       * @param data.tokenHash - Hashed token for secure acceptance.
+       * @param data.role - Optional role to assign on acceptance.
+       * @param data.status - Initial status (typically "pending").
+       * @param data.expiresTime - Timestamp when the invite expires.
+       * @param data.extend - Optional arbitrary JSON extension data.
+       * @throws ConvexError with code `DUPLICATE_INVITE` if a pending invite
+       * already exists for this email and scope.
+       * @returns The ID of the new invite record.
+       */
       create: async (
         ctx: ComponentCtx,
-        data: Record<string, unknown>,
+        data: {
+          groupId?: string;
+          invitedByUserId: string;
+          email: string;
+          tokenHash: string;
+          role?: string;
+          status: "pending" | "accepted" | "revoked" | "expired";
+          expiresTime: number;
+          extend?: Record<string, unknown>;
+        },
       ): Promise<string> => {
-        const component = requireComponent();
-        return (await ctx.runMutation(component.public.inviteCreate!, {
-          data,
-        })) as string;
+        return (await ctx.runMutation(config.component.public.inviteCreate, data)) as string;
       },
-      get: async (ctx: ComponentCtx, inviteId: string) => {
-        const component = requireComponent();
-        return await ctx.runQuery(component.public.inviteGet!, { inviteId });
+      /**
+       * Retrieve an invite by its ID. Returns `null` if not found.
+       */
+      get: async (ctx: ComponentReadCtx, inviteId: string) => {
+        return await ctx.runQuery(config.component.public.inviteGet, { inviteId });
       },
+      /**
+       * List invites, optionally filtered by group and/or status.
+       */
       list: async (
-        ctx: ComponentCtx,
-        args: { organizationId?: string; status?: string },
+        ctx: ComponentReadCtx,
+        opts?: {
+          groupId?: string;
+          status?: "pending" | "accepted" | "revoked" | "expired";
+        },
       ) => {
-        const component = requireComponent();
-        return await ctx.runQuery(component.public.inviteList!, args);
+        return await ctx.runQuery(config.component.public.inviteList, {
+          groupId: opts?.groupId,
+          status: opts?.status,
+        });
       },
+      /**
+       * Accept an invitation. Marks the invite as "accepted" and records
+       * the timestamp. If the invite has a group, the caller is responsible
+       * for creating the member record via `auth.group.member.add` in the
+       * same Convex mutation for transactional safety.
+        *
+        * @throws ConvexError with code `INVITE_NOT_FOUND` when the invite does
+        * not exist.
+        * @throws ConvexError with code `INVITE_NOT_PENDING` when the invite is
+        * not in `pending` status.
+       *
+       * ```ts
+        * export const acceptInvite = mutation({
+        *   args: { inviteId: v.string() },
+       *   handler: async (ctx, { inviteId }) => {
+       *     const userId = await auth.user.require(ctx);
+       *     const invite = await auth.invite.get(ctx, inviteId);
+       *     if (!invite) throw new Error("Invite not found");
+       *
+       *     await auth.invite.accept(ctx, inviteId);
+       *     if (invite.groupId) {
+       *       await auth.group.member.add(ctx, {
+       *         groupId: invite.groupId,
+       *         userId,
+       *         role: invite.role,
+       *       });
+       *     }
+       *   },
+       * });
+       * ```
+       */
       accept: async (ctx: ComponentCtx, inviteId: string) => {
-        const component = requireComponent();
-        await ctx.runMutation(component.public.inviteAccept!, { inviteId });
+        await ctx.runMutation(config.component.public.inviteAccept, { inviteId });
       },
+       /**
+        * Revoke a pending invitation.
+        *
+        * @throws ConvexError with code `INVITE_NOT_FOUND` when the invite does
+        * not exist.
+        * @throws ConvexError with code `INVITE_NOT_PENDING` when the invite is
+        * not in `pending` status.
+        */
       revoke: async (ctx: ComponentCtx, inviteId: string) => {
-        const component = requireComponent();
-        await ctx.runMutation(component.public.inviteRevoke!, { inviteId });
+        await ctx.runMutation(config.component.public.inviteRevoke, { inviteId });
       },
     },
     /**
@@ -488,6 +752,19 @@ export function Auth(config_: ConvexAuthConfig) {
       }
     },
   };
+  const enrichCtx = <DataModel extends GenericDataModel>(
+    ctx: GenericActionCtx<DataModel>,
+  ) => ({
+    ...ctx,
+    auth: {
+      ...ctx.auth,
+      config,
+      account: auth.account,
+      session: auth.session,
+      provider: auth.provider,
+    },
+  });
+
   return {
     /**
      * Helper for configuring HTTP actions.
@@ -565,228 +842,6 @@ export function Auth(config_: ConvexAuthConfig) {
   };
 }
 
-/**
- * Return the currently signed-in user's ID.
- *
- * ```ts filename="convex/myFunctions.tsx"
- * import { mutation } from "./_generated/server";
- * import { getAuthUserId } from "@robelest/convex-auth/component";
- *
- * export const doSomething = mutation({
- *   args: {/* ... *\/},
- *   handler: async (ctx, args) => {
- *     const userId = await getAuthUserId(ctx);
- *     if (userId === null) {
- *       throw new Error("Client is not authenticated!")
- *     }
- *     const user = await ctx.db.get(userId);
- *     // ...
- *   },
- * });
- * ```
- *
- * @param ctx query, mutation or action `ctx`
- * @returns the user ID or `null` if the client isn't authenticated
- */
-export async function getAuthUserId(ctx: { auth: Auth }) {
-  const identity = await ctx.auth.getUserIdentity();
-  if (identity === null) {
-    return null;
-  }
-  const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
-  return userId as GenericId<"user">;
-}
-
-/**
- * Use this function from a
- * [`ConvexCredentials`](https://labs.convex.dev/auth/api_reference/providers/ConvexCredentials)
- * provider to create an account and a user with a unique account "id" (OAuth
- * provider ID, email address, phone number, username etc.).
- *
- * @returns user ID if it successfully creates the account
- * or throws an error.
- */
-export async function createAccount<
-  DataModel extends GenericDataModel = GenericDataModel,
->(
-  ctx: GenericActionCtx<DataModel>,
-  args: {
-    /**
-     * The provider ID (like "password"), used to disambiguate accounts.
-     *
-     * It is also used to configure account secret hashing via the provider's
-     * `crypto` option.
-     */
-    provider: string;
-    account: {
-      /**
-       * The unique external ID for the account, for example email address.
-       */
-      id: string;
-      /**
-       * The secret credential to store for this account, if given.
-       */
-      secret?: string;
-    };
-    /**
-     * The profile data to store for the user.
-     * These must fit the `users` table schema.
-     */
-    profile: WithoutSystemFields<DocumentByName<DataModel, "user">>;
-    /**
-     * If `true`, the account will be linked to an existing user
-     * with the same verified email address.
-     * This is only safe if the returned account's email is verified
-     * before the user is allowed to sign in with it.
-     */
-    shouldLinkViaEmail?: boolean;
-    /**
-     * If `true`, the account will be linked to an existing user
-     * with the same verified phone number.
-     * This is only safe if the returned account's phone is verified
-     * before the user is allowed to sign in with it.
-     */
-    shouldLinkViaPhone?: boolean;
-  },
-): Promise<{
-  account: GenericDoc<DataModel, "account">;
-  user: GenericDoc<DataModel, "user">;
-}> {
-  const actionCtx = ctx as unknown as ActionCtx;
-  return (await callCreateAccountFromCredentials(
-    actionCtx,
-    args as any,
-  )) as any;
-}
-
-/**
- * Use this function from a
- * [`ConvexCredentials`](https://labs.convex.dev/auth/api_reference/providers/ConvexCredentials)
- * provider to retrieve a user given the account provider ID and
- * the provider-specific account ID.
- *
- * @returns the retrieved user document, or `null` if there is no account
- * for given account ID or throws if the provided
- * secret does not match.
- */
-export async function retrieveAccount<
-  DataModel extends GenericDataModel = GenericDataModel,
->(
-  ctx: GenericActionCtx<DataModel>,
-  args: {
-    /**
-     * The provider ID (like "password"), used to disambiguate accounts.
-     *
-     * It is also used to configure account secret hashing via the provider's
-     * `crypto` option.
-     */
-    provider: string;
-    account: {
-      /**
-       * The unique external ID for the account, for example email address.
-       */
-      id: string;
-      /**
-       * The secret that should match the stored credential, if given.
-       */
-      secret?: string;
-    };
-  },
-): Promise<{
-  account: GenericDoc<DataModel, "account">;
-  user: GenericDoc<DataModel, "user">;
-}> {
-  const actionCtx = ctx as unknown as ActionCtx;
-  const result = await callRetreiveAccountWithCredentials(actionCtx, args);
-  if (typeof result === "string") {
-    throw new Error(result);
-  }
-  return result as any;
-}
-
-/**
- * Use this function to modify the account credentials
- * from a [`ConvexCredentials`](https://labs.convex.dev/auth/api_reference/providers/ConvexCredentials)
- * provider.
- */
-export async function modifyAccountCredentials<
-  DataModel extends GenericDataModel = GenericDataModel,
->(
-  ctx: GenericActionCtx<DataModel>,
-  args: {
-    /**
-     * The provider ID (like "password"), used to disambiguate accounts.
-     *
-     * It is also used to configure account secret hashing via the `crypto` option.
-     */
-    provider: string;
-    account: {
-      /**
-       * The unique external ID for the account, for example email address.
-       */
-      id: string;
-      /**
-       * The new secret credential to store for this account.
-       */
-      secret: string;
-    };
-  },
-): Promise<void> {
-  const actionCtx = ctx as unknown as ActionCtx;
-  return await callModifyAccount(actionCtx, args);
-}
-
-/**
- * Use this function to invalidate existing sessions.
- */
-export async function invalidateSessions<
-  DataModel extends GenericDataModel = GenericDataModel,
->(
-  ctx: GenericActionCtx<DataModel>,
-  args: {
-    userId: GenericId<"user">;
-    except?: GenericId<"session">[];
-  },
-): Promise<void> {
-  const actionCtx = ctx as unknown as ActionCtx;
-  return await callInvalidateSessions(actionCtx, args);
-}
-
-/**
- * Use this function from a
- * [`ConvexCredentials`](https://labs.convex.dev/auth/api_reference/providers/ConvexCredentials)
- * provider to sign in the user via another provider (usually
- * for email verification on sign up or password reset).
- *
- * Returns the user ID if the sign can proceed,
- * or `null`.
- */
-export async function signInViaProvider<
-  DataModel extends GenericDataModel = GenericDataModel,
->(
-  ctx: GenericActionCtxWithAuthConfig<DataModel>,
-  provider: AuthProviderConfig,
-  args: {
-    accountId?: GenericId<"account">;
-    params?: Record<string, Value | undefined>;
-  },
-) {
-  const result = await signInImpl(
-    ctx,
-    materializeProvider(provider),
-    args as any,
-    {
-    generateTokens: false,
-    allowExtraProviders: true,
-    },
-  );
-  return result.kind === "signedIn"
-    ? result.signedIn !== null
-      ? { userId: result.signedIn.userId, sessionId: result.signedIn.sessionId }
-      : null
-    : null;
-}
-
 function convertErrorsToResponse(
   errorStatusCode: number,
   action: (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>,