@robelest/convex-auth 0.0.2-preview.2 → 0.0.3-preview

package/dist/component/schema.d.ts

@@ -127,6 +127,82 @@ declare const _default: import("convex/server").SchemaDefinition<{
     }, "required", "sessionId" | "signature">, {
         signature: ["signature", "_creationTime"];
     }, {}, {}>;
+    /**
+     * WebAuthn passkey credentials. Each credential links a user to a
+     * registered authenticator (Touch ID, Face ID, security key, etc.).
+     * A user can have multiple passkeys across different devices.
+     */
+    passkey: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        name?: string | undefined;
+        transports?: string[] | undefined;
+        lastUsedAt?: number | undefined;
+        userId: import("convex/values").GenericId<"user">;
+        credentialId: string;
+        publicKey: ArrayBuffer;
+        algorithm: number;
+        counter: number;
+        deviceType: string;
+        backedUp: boolean;
+        createdAt: number;
+    }, {
+        userId: import("convex/values").VId<import("convex/values").GenericId<"user">, "required">;
+        /** Base64url-encoded credential ID from the authenticator. */
+        credentialId: import("convex/values").VString<string, "required">;
+        /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
+        publicKey: import("convex/values").VBytes<ArrayBuffer, "required">;
+        /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
+        algorithm: import("convex/values").VFloat64<number, "required">;
+        /** Signature counter for clone detection. Many authenticators return 0. */
+        counter: import("convex/values").VFloat64<number, "required">;
+        /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
+        transports: import("convex/values").VArray<string[] | undefined, import("convex/values").VString<string, "required">, "optional">;
+        /** Whether this is a single-device or multi-device (synced) credential. */
+        deviceType: import("convex/values").VString<string, "required">;
+        /** Whether the credential is backed up (synced passkey). */
+        backedUp: import("convex/values").VBoolean<boolean, "required">;
+        /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
+        name: import("convex/values").VString<string | undefined, "optional">;
+        createdAt: import("convex/values").VFloat64<number, "required">;
+        lastUsedAt: import("convex/values").VFloat64<number | undefined, "optional">;
+    }, "required", "name" | "userId" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp" | "createdAt" | "lastUsedAt">, {
+        userId: ["userId", "_creationTime"];
+        credentialId: ["credentialId", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * TOTP two-factor authentication secrets. Each record links a user to
+     * an authenticator app. A user can have multiple TOTP enrollments
+     * (e.g. different authenticator apps) but typically has one.
+     *
+     * The `verified` flag indicates whether the user has completed setup
+     * by successfully entering a code from their authenticator app.
+     * Unverified enrollments are in-progress setup that can be discarded.
+     */
+    totp: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        name?: string | undefined;
+        lastUsedAt?: number | undefined;
+        secret: ArrayBuffer;
+        userId: import("convex/values").GenericId<"user">;
+        createdAt: number;
+        digits: number;
+        period: number;
+        verified: boolean;
+    }, {
+        userId: import("convex/values").VId<import("convex/values").GenericId<"user">, "required">;
+        /** Raw TOTP secret key bytes. */
+        secret: import("convex/values").VBytes<ArrayBuffer, "required">;
+        /** Number of digits in each code (typically 6). */
+        digits: import("convex/values").VFloat64<number, "required">;
+        /** Time period in seconds for code rotation (typically 30). */
+        period: import("convex/values").VFloat64<number, "required">;
+        /** Whether setup has been confirmed with a valid code. */
+        verified: import("convex/values").VBoolean<boolean, "required">;
+        /** User-assigned friendly name (e.g. "Google Authenticator"). */
+        name: import("convex/values").VString<string | undefined, "optional">;
+        createdAt: import("convex/values").VFloat64<number, "required">;
+        lastUsedAt: import("convex/values").VFloat64<number | undefined, "optional">;
+    }, "required", "name" | "secret" | "userId" | "createdAt" | "lastUsedAt" | "digits" | "period" | "verified">, {
+        userId: ["userId", "_creationTime"];
+    }, {}, {}>;
     /**
      * Rate limit tracking for OTP and password sign-in attempts.
      */
@@ -183,29 +259,32 @@ declare const _default: import("convex/server").SchemaDefinition<{
         userId: ["userId", "_creationTime"];
     }, {}, {}>;
     /**
-     * Group invitations. Tracks pending, accepted, revoked, and expired
-     * invitations to join a group. Uses a hashed token for secure
-     * invitation links.
+     * Invitations. Tracks pending, accepted, revoked, and expired
+     * invitations. Optionally scoped to a group via `groupId`, or
+     * platform-level when `groupId` is omitted.
+     *
+     * `email` and `invitedByUserId` are optional to support CLI-generated
+     * invite links where neither is known upfront (e.g. portal admin invites).
      */
     invite: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        email?: string | undefined;
         extend?: any;
         groupId?: import("convex/values").GenericId<"group"> | undefined;
         role?: string | undefined;
+        invitedByUserId?: import("convex/values").GenericId<"user"> | undefined;
+        expiresTime?: number | undefined;
         acceptedByUserId?: import("convex/values").GenericId<"user"> | undefined;
         acceptedTime?: number | undefined;
-        email: string;
         status: "pending" | "accepted" | "revoked" | "expired";
-        invitedByUserId: import("convex/values").GenericId<"user">;
         tokenHash: string;
-        expiresTime: number;
     }, {
         groupId: import("convex/values").VId<import("convex/values").GenericId<"group"> | undefined, "optional">;
-        invitedByUserId: import("convex/values").VId<import("convex/values").GenericId<"user">, "required">;
-        email: import("convex/values").VString<string, "required">;
+        invitedByUserId: import("convex/values").VId<import("convex/values").GenericId<"user"> | undefined, "optional">;
+        email: import("convex/values").VString<string | undefined, "optional">;
         tokenHash: import("convex/values").VString<string, "required">;
         role: import("convex/values").VString<string | undefined, "optional">;
         status: import("convex/values").VUnion<"pending" | "accepted" | "revoked" | "expired", [import("convex/values").VLiteral<"pending", "required">, import("convex/values").VLiteral<"accepted", "required">, import("convex/values").VLiteral<"revoked", "required">, import("convex/values").VLiteral<"expired", "required">], "required", never>;
-        expiresTime: import("convex/values").VFloat64<number, "required">;
+        expiresTime: import("convex/values").VFloat64<number | undefined, "optional">;
         acceptedByUserId: import("convex/values").VId<import("convex/values").GenericId<"user"> | undefined, "optional">;
         acceptedTime: import("convex/values").VFloat64<number | undefined, "optional">;
         extend: import("convex/values").VAny<any, "optional", string>;
@@ -216,6 +295,86 @@ declare const _default: import("convex/server").SchemaDefinition<{
         invitedByUserIdAndStatus: ["invitedByUserId", "status", "_creationTime"];
         groupId: ["groupId", "_creationTime"];
         groupIdAndStatus: ["groupId", "status", "_creationTime"];
+        roleAndStatusAndAcceptedByUserId: ["role", "status", "acceptedByUserId", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * API keys for programmatic access. Each key links a user to a set of
+     * scoped permissions and optional per-key rate limiting.
+     *
+     * The raw key is never stored — only a SHA-256 hash. A short prefix
+     * (e.g. "sk_live_abc1...") is kept for display in the portal.
+     *
+     * Keys support:
+     * - **Scoped permissions**: resource:action pairs (e.g. users:read)
+     * - **Per-key rate limiting**: token-bucket with configurable window
+     * - **Expiration**: optional TTL
+     * - **Soft revocation**: `revoked` flag preserves audit trail
+     */
+    key: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        lastUsedAt?: number | undefined;
+        rateLimit?: {
+            maxRequests: number;
+            windowMs: number;
+        } | undefined;
+        rateLimitState?: {
+            lastAttemptTime: number;
+            attemptsLeft: number;
+        } | undefined;
+        expiresAt?: number | undefined;
+        name: string;
+        userId: import("convex/values").GenericId<"user">;
+        createdAt: number;
+        revoked: boolean;
+        prefix: string;
+        hashedKey: string;
+        scopes: {
+            resource: string;
+            actions: string[];
+        }[];
+    }, {
+        userId: import("convex/values").VId<import("convex/values").GenericId<"user">, "required">;
+        /** First chars of the key for display (e.g. "sk_live_abc1..."). */
+        prefix: import("convex/values").VString<string, "required">;
+        /** SHA-256 hex hash of the full raw key. */
+        hashedKey: import("convex/values").VString<string, "required">;
+        /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
+        name: import("convex/values").VString<string, "required">;
+        /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
+        scopes: import("convex/values").VArray<{
+            resource: string;
+            actions: string[];
+        }[], import("convex/values").VObject<{
+            resource: string;
+            actions: string[];
+        }, {
+            resource: import("convex/values").VString<string, "required">;
+            actions: import("convex/values").VArray<string[], import("convex/values").VString<string, "required">, "required">;
+        }, "required", "resource" | "actions">, "required">;
+        /** Optional per-key rate limit configuration. */
+        rateLimit: import("convex/values").VObject<{
+            maxRequests: number;
+            windowMs: number;
+        } | undefined, {
+            maxRequests: import("convex/values").VFloat64<number, "required">;
+            windowMs: import("convex/values").VFloat64<number, "required">;
+        }, "optional", "maxRequests" | "windowMs">;
+        /** Rate limit state tracking (token-bucket). */
+        rateLimitState: import("convex/values").VObject<{
+            lastAttemptTime: number;
+            attemptsLeft: number;
+        } | undefined, {
+            attemptsLeft: import("convex/values").VFloat64<number, "required">;
+            lastAttemptTime: import("convex/values").VFloat64<number, "required">;
+        }, "optional", "lastAttemptTime" | "attemptsLeft">;
+        /** Expiration timestamp. Null/undefined = never expires. */
+        expiresAt: import("convex/values").VFloat64<number | undefined, "optional">;
+        lastUsedAt: import("convex/values").VFloat64<number | undefined, "optional">;
+        createdAt: import("convex/values").VFloat64<number, "required">;
+        /** Soft-revoke flag. Revoked keys are kept for audit trail. */
+        revoked: import("convex/values").VBoolean<boolean, "required">;
+    }, "required", "name" | "userId" | "createdAt" | "lastUsedAt" | "revoked" | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "expiresAt" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.lastAttemptTime" | "rateLimitState.attemptsLeft">, {
+        userId: ["userId", "_creationTime"];
+        hashedKey: ["hashedKey", "_creationTime"];
     }, {}, {}>;
 }, true>;
 export default _default;

package/dist/component/schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/component/schema.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;;IAED;;;OAGG;;;;;;;;;;;;;;;;;;;;;;;IAcH;;;;OAIG;;;;;;;;;;IAMH;;;;OAIG;;;;;;;;;;;;;;;;;;;IAYH;;;;;;;OAOG;;;;;;;;;;;;;;;IAaH;;OAEG;;;;;;;;;;;;;;;;;;;;;IAaH;;;OAGG;;;;;;;;;;IAMH;;OAEG;;;;;;;;;;;;IAOH;;;;OAIG;;;;;;;;;;;;;;;IAUH;;;;OAIG;;;;;;;;;;;;;;;;;;IAYH;;;;OAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAnIL,wBA2JG"}
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/component/schema.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;;IAED;;;OAGG;;;;;;;;;;;;;;;;;;;;;;;IAcH;;;;OAIG;;;;;;;;;;IAMH;;;;OAIG;;;;;;;;;;;;;;;;;;;IAYH;;;;;;;OAOG;;;;;;;;;;;;;;;IAaH;;OAEG;;;;;;;;;;;;;;;;;;;;;IAaH;;;OAGG;;;;;;;;;;IAMH;;;;OAIG;;;;;;;;;;;;;;;QAGD,8DAA8D;;QAE9D,iEAAiE;;QAEjE,8EAA8E;;QAE9E,2EAA2E;;QAE3E,sFAAsF;;QAEtF,2EAA2E;;QAE3E,4DAA4D;;QAE5D,6DAA6D;;;;;;;;IAQ/D;;;;;;;;OAQG;;;;;;;;;;;;QAGD,iCAAiC;;QAEjC,mDAAmD;;QAEnD,+DAA+D;;QAE/D,0DAA0D;;QAE1D,iEAAiE;;;;;;;IAOnE;;OAEG;;;;;;;;;;;;IAOH;;;;OAIG;;;;;;;;;;;;;;;IAUH;;;;OAIG;;;;;;;;;;;;;;;;;;IAYH;;;;;;;OAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA8BH;;;;;;;;;;;;OAYG;;;;;;;;;;;;;;;;;;;;;;;;QAGD,mEAAmE;;QAEnE,4CAA4C;;QAE5C,iEAAiE;;QAEjE,8EAA8E;;;;;;;;;;;QAO9E,iDAAiD;;;;;;;;QAOjD,gDAAgD;;;;;;;;QAOhD,4DAA4D;;;;QAI5D,+DAA+D;;;;;;;AAzQnE,wBA8QG"}

package/dist/component/schema.js

@@ -89,6 +89,59 @@ export default defineSchema({
         sessionId: v.optional(v.id("session")),
         signature: v.optional(v.string()),
     }).index("signature", ["signature"]),
+    /**
+     * WebAuthn passkey credentials. Each credential links a user to a
+     * registered authenticator (Touch ID, Face ID, security key, etc.).
+     * A user can have multiple passkeys across different devices.
+     */
+    passkey: defineTable({
+        userId: v.id("user"),
+        /** Base64url-encoded credential ID from the authenticator. */
+        credentialId: v.string(),
+        /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
+        publicKey: v.bytes(),
+        /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
+        algorithm: v.number(),
+        /** Signature counter for clone detection. Many authenticators return 0. */
+        counter: v.number(),
+        /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
+        transports: v.optional(v.array(v.string())),
+        /** Whether this is a single-device or multi-device (synced) credential. */
+        deviceType: v.string(),
+        /** Whether the credential is backed up (synced passkey). */
+        backedUp: v.boolean(),
+        /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
+        name: v.optional(v.string()),
+        createdAt: v.number(),
+        lastUsedAt: v.optional(v.number()),
+    })
+        .index("userId", ["userId"])
+        .index("credentialId", ["credentialId"]),
+    /**
+     * TOTP two-factor authentication secrets. Each record links a user to
+     * an authenticator app. A user can have multiple TOTP enrollments
+     * (e.g. different authenticator apps) but typically has one.
+     *
+     * The `verified` flag indicates whether the user has completed setup
+     * by successfully entering a code from their authenticator app.
+     * Unverified enrollments are in-progress setup that can be discarded.
+     */
+    totp: defineTable({
+        userId: v.id("user"),
+        /** Raw TOTP secret key bytes. */
+        secret: v.bytes(),
+        /** Number of digits in each code (typically 6). */
+        digits: v.number(),
+        /** Time period in seconds for code rotation (typically 30). */
+        period: v.number(),
+        /** Whether setup has been confirmed with a valid code. */
+        verified: v.boolean(),
+        /** User-assigned friendly name (e.g. "Google Authenticator"). */
+        name: v.optional(v.string()),
+        createdAt: v.number(),
+        lastUsedAt: v.optional(v.number()),
+    })
+        .index("userId", ["userId"]),
     /**
      * Rate limit tracking for OTP and password sign-in attempts.
      */
@@ -126,18 +179,21 @@ export default defineSchema({
         .index("groupIdAndUserId", ["groupId", "userId"])
         .index("userId", ["userId"]),
     /**
-     * Group invitations. Tracks pending, accepted, revoked, and expired
-     * invitations to join a group. Uses a hashed token for secure
-     * invitation links.
+     * Invitations. Tracks pending, accepted, revoked, and expired
+     * invitations. Optionally scoped to a group via `groupId`, or
+     * platform-level when `groupId` is omitted.
+     *
+     * `email` and `invitedByUserId` are optional to support CLI-generated
+     * invite links where neither is known upfront (e.g. portal admin invites).
      */
     invite: defineTable({
         groupId: v.optional(v.id("group")),
-        invitedByUserId: v.id("user"),
-        email: v.string(),
+        invitedByUserId: v.optional(v.id("user")),
+        email: v.optional(v.string()),
         tokenHash: v.string(),
         role: v.optional(v.string()),
         status: v.union(v.literal("pending"), v.literal("accepted"), v.literal("revoked"), v.literal("expired")),
-        expiresTime: v.number(),
+        expiresTime: v.optional(v.number()),
         acceptedByUserId: v.optional(v.id("user")),
         acceptedTime: v.optional(v.number()),
         extend: v.optional(v.any()),
@@ -147,6 +203,56 @@ export default defineSchema({
         .index("emailAndStatus", ["email", "status"])
         .index("invitedByUserIdAndStatus", ["invitedByUserId", "status"])
         .index("groupId", ["groupId"])
-        .index("groupIdAndStatus", ["groupId", "status"]),
+        .index("groupIdAndStatus", ["groupId", "status"])
+        .index("roleAndStatusAndAcceptedByUserId", [
+        "role",
+        "status",
+        "acceptedByUserId",
+    ]),
+    /**
+     * API keys for programmatic access. Each key links a user to a set of
+     * scoped permissions and optional per-key rate limiting.
+     *
+     * The raw key is never stored — only a SHA-256 hash. A short prefix
+     * (e.g. "sk_live_abc1...") is kept for display in the portal.
+     *
+     * Keys support:
+     * - **Scoped permissions**: resource:action pairs (e.g. users:read)
+     * - **Per-key rate limiting**: token-bucket with configurable window
+     * - **Expiration**: optional TTL
+     * - **Soft revocation**: `revoked` flag preserves audit trail
+     */
+    key: defineTable({
+        userId: v.id("user"),
+        /** First chars of the key for display (e.g. "sk_live_abc1..."). */
+        prefix: v.string(),
+        /** SHA-256 hex hash of the full raw key. */
+        hashedKey: v.string(),
+        /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
+        name: v.string(),
+        /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
+        scopes: v.array(v.object({
+            resource: v.string(),
+            actions: v.array(v.string()),
+        })),
+        /** Optional per-key rate limit configuration. */
+        rateLimit: v.optional(v.object({
+            maxRequests: v.number(),
+            windowMs: v.number(),
+        })),
+        /** Rate limit state tracking (token-bucket). */
+        rateLimitState: v.optional(v.object({
+            attemptsLeft: v.number(),
+            lastAttemptTime: v.number(),
+        })),
+        /** Expiration timestamp. Null/undefined = never expires. */
+        expiresAt: v.optional(v.number()),
+        lastUsedAt: v.optional(v.number()),
+        createdAt: v.number(),
+        /** Soft-revoke flag. Revoked keys are kept for audit trail. */
+        revoked: v.boolean(),
+    })
+        .index("userId", ["userId"])
+        .index("hashedKey", ["hashedKey"]),
 });
 //# sourceMappingURL=schema.js.map

package/dist/component/schema.js.map

@@ -1 +1 @@
-{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/component/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAElC;;;;;;GAMG;AACH,eAAe,YAAY,CAAC;IAC1B;;;OAGG;IACH,IAAI,EAAE,WAAW,CAAC;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACpC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;SACzB,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;IAE5B;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAE9B;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,mBAAmB,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;SAClD,KAAK,CAAC,sBAAsB,EAAE,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IAEnE;;;;;;;OAOG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC;QAC1B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;KAChD,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,kCAAkC,EAAE;QACzC,WAAW;QACX,sBAAsB;KACvB,CAAC;IAEJ;;OAEG;IACH,YAAY,EAAE,WAAW,CAAC;QACxB,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC;QAC1B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAChC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;IAE1B;;;OAGG;IACH,QAAQ,EAAE,WAAW,CAAC;QACpB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;QACtC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAClC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;IAEpC;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;QAC3B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KACzB,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,YAAY,CAAC,CAAC;IAEtC;;;;OAIG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;SACvB,KAAK,CAAC,eAAe,EAAE,CAAC,eAAe,CAAC,CAAC;IAE5C;;;;OAIG;IACH,MAAM,EAAE,WAAW,CAAC;QAClB,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QACtB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC;SAC7B,KAAK,CAAC,kBAAkB,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;SAChD,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAE9B;;;;OAIG;IACH,MAAM,EAAE,WAAW,CAAC;QAClB,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAClC,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EACpB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EACrB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EACpB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CACrB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAC1C,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;SAC3B,KAAK,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;SAC5C,KAAK,CAAC,0BAA0B,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;SAChE,KAAK,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC;SAC7B,KAAK,CAAC,kBAAkB,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;CACpD,CAAC,CAAC"}
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/component/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAElC;;;;;;GAMG;AACH,eAAe,YAAY,CAAC;IAC1B;;;OAGG;IACH,IAAI,EAAE,WAAW,CAAC;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACpC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;SACzB,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;IAE5B;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAE9B;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,mBAAmB,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;SAClD,KAAK,CAAC,sBAAsB,EAAE,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IAEnE;;;;;;;OAOG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC;QAC1B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;KAChD,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,kCAAkC,EAAE;QACzC,WAAW;QACX,sBAAsB;KACvB,CAAC;IAEJ;;OAEG;IACH,YAAY,EAAE,WAAW,CAAC;QACxB,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC;QAC1B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAChC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;IAE1B;;;OAGG;IACH,QAAQ,EAAE,WAAW,CAAC;QACpB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;QACtC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAClC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;IAEpC;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,8DAA8D;QAC9D,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,iEAAiE;QACjE,SAAS,EAAE,CAAC,CAAC,KAAK,EAAE;QACpB,8EAA8E;QAC9E,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,2EAA2E;QAC3E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,sFAAsF;QACtF,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3C,2EAA2E;QAC3E,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,4DAA4D;QAC5D,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;QACrB,6DAA6D;QAC7D,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACnC,CAAC;SACC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;SAC3B,KAAK,CAAC,cAAc,EAAE,CAAC,cAAc,CAAC,CAAC;IAE1C;;;;;;;;OAQG;IACH,IAAI,EAAE,WAAW,CAAC;QAChB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,iCAAiC;QACjC,MAAM,EAAE,CAAC,CAAC,KAAK,EAAE;QACjB,mDAAmD;QACnD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,+DAA+D;QAC/D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,0DAA0D;QAC1D,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;QACrB,iEAAiE;QACjE,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACnC,CAAC;SACC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAE9B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;QAC3B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KACzB,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,YAAY,CAAC,CAAC;IAEtC;;;;OAIG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;SACvB,KAAK,CAAC,eAAe,EAAE,CAAC,eAAe,CAAC,CAAC;IAE5C;;;;OAIG;IACH,MAAM,EAAE,WAAW,CAAC;QAClB,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QACtB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC;SAC7B,KAAK,CAAC,kBAAkB,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;SAChD,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAE9B;;;;;;;OAOG;IACH,MAAM,EAAE,WAAW,CAAC;QAClB,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QAClC,eAAe,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QACzC,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EACpB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EACrB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EACpB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CACrB;QACD,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACnC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAC1C,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC5B,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;SAC3B,KAAK,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;SAC5C,KAAK,CAAC,0BAA0B,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;SAChE,KAAK,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC;SAC7B,KAAK,CAAC,kBAAkB,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;SAChD,KAAK,CAAC,kCAAkC,EAAE;QACzC,MAAM;QACN,QAAQ;QACR,kBAAkB;KACnB,CAAC;IAEJ;;;;;;;;;;;;OAYG;IACH,GAAG,EAAE,WAAW,CAAC;QACf,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,mEAAmE;QACnE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,4CAA4C;QAC5C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,iEAAiE;QACjE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,8EAA8E;QAC9E,MAAM,EAAE,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,MAAM,CAAC;YACP,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;YACpB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SAC7B,CAAC,CACH;QACD,iDAAiD;QACjD,SAAS,EAAE,CAAC,CAAC,QAAQ,CACnB,CAAC,CAAC,MAAM,CAAC;YACP,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;YACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;SACrB,CAAC,CACH;QACD,gDAAgD;QAChD,cAAc,EAAE,CAAC,CAAC,QAAQ,CACxB,CAAC,CAAC,MAAM,CAAC;YACP,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;YACxB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;SAC5B,CAAC,CACH;QACD,4DAA4D;QAC5D,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACjC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAClC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,+DAA+D;QAC/D,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;KACrB,CAAC;SACC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;SAC3B,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;CACrC,CAAC,CAAC"}

package/dist/providers/passkey.d.ts

@@ -0,0 +1,20 @@
+import { PasskeyProviderConfig } from "../server/types.js";
+/**
+ * Passkey (WebAuthn) authentication provider.
+ *
+ * Enables passwordless authentication via biometrics, security keys,
+ * and synced passkeys using the Web Authentication API.
+ *
+ * ```ts
+ * import passkey from "@robelest/convex-auth/providers/passkey";
+ *
+ * export const { auth, signIn, signOut, store } = Auth({
+ *   component: components.auth,
+ *   providers: [passkey()],
+ * });
+ * ```
+ *
+ * @param config Optional configuration for the relying party and credential options.
+ */
+export default function passkey(config?: Partial<PasskeyProviderConfig["options"]>): PasskeyProviderConfig;
+//# sourceMappingURL=passkey.d.ts.map

package/dist/providers/passkey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/providers/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAE3D;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,OAAO,UAAU,OAAO,CAC7B,MAAM,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC,GACjD,qBAAqB,CAavB"}

package/dist/providers/passkey.js

@@ -0,0 +1,32 @@
+/**
+ * Passkey (WebAuthn) authentication provider.
+ *
+ * Enables passwordless authentication via biometrics, security keys,
+ * and synced passkeys using the Web Authentication API.
+ *
+ * ```ts
+ * import passkey from "@robelest/convex-auth/providers/passkey";
+ *
+ * export const { auth, signIn, signOut, store } = Auth({
+ *   component: components.auth,
+ *   providers: [passkey()],
+ * });
+ * ```
+ *
+ * @param config Optional configuration for the relying party and credential options.
+ */
+export default function passkey(config) {
+    return {
+        id: "passkey",
+        type: "passkey",
+        options: {
+            attestation: "none",
+            userVerification: "required",
+            residentKey: "preferred",
+            algorithms: [-7, -257], // ES256, RS256
+            challengeExpirationMs: 300_000, // 5 minutes
+            ...config,
+        },
+    };
+}
+//# sourceMappingURL=passkey.js.map

package/dist/providers/passkey.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.js","sourceRoot":"","sources":["../../src/providers/passkey.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,OAAO,UAAU,OAAO,CAC7B,MAAkD;IAElD,OAAO;QACL,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,SAAS;QACf,OAAO,EAAE;YACP,WAAW,EAAE,MAAM;YACnB,gBAAgB,EAAE,UAAU;YAC5B,WAAW,EAAE,WAAW;YACxB,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,eAAe;YACvC,qBAAqB,EAAE,OAAO,EAAE,YAAY;YAC5C,GAAG,MAAM;SACV;KACF,CAAC;AACJ,CAAC"}

package/dist/providers/totp.d.ts

@@ -0,0 +1,14 @@
+import { TotpProviderConfig } from "../server/types.js";
+/**
+ * Add TOTP (Time-based One-Time Password) authentication.
+ *
+ * ```ts
+ * import TOTP from "@robelest/convex-auth/providers/totp";
+ *
+ * export const { auth, signIn, signOut, store } = Auth({
+ *   providers: [TOTP({ issuer: "My App" })],
+ * });
+ * ```
+ */
+export default function totp(config?: Partial<TotpProviderConfig["options"]>): TotpProviderConfig;
+//# sourceMappingURL=totp.d.ts.map

package/dist/providers/totp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../../src/providers/totp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC,GAC9C,kBAAkB,CAUpB"}

package/dist/providers/totp.js

@@ -0,0 +1,23 @@
+/**
+ * Add TOTP (Time-based One-Time Password) authentication.
+ *
+ * ```ts
+ * import TOTP from "@robelest/convex-auth/providers/totp";
+ *
+ * export const { auth, signIn, signOut, store } = Auth({
+ *   providers: [TOTP({ issuer: "My App" })],
+ * });
+ * ```
+ */
+export default function totp(config) {
+    return {
+        id: "totp",
+        type: "totp",
+        options: {
+            issuer: config?.issuer ?? "ConvexAuth",
+            digits: config?.digits ?? 6,
+            period: config?.period ?? 30,
+        },
+    };
+}
+//# sourceMappingURL=totp.js.map

package/dist/providers/totp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.js","sourceRoot":"","sources":["../../src/providers/totp.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,MAA+C;IAE/C,OAAO;QACL,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE;YACP,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,YAAY;YACtC,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;YAC3B,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,EAAE;SAC7B;KACF,CAAC;AACJ,CAAC"}