@robelest/convex-auth 0.0.4-preview.18 → 0.0.4-preview.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -3
- package/dist/authorization/index.d.ts +46 -0
- package/dist/authorization/index.d.ts.map +1 -1
- package/dist/authorization/index.js +46 -0
- package/dist/authorization/index.js.map +1 -1
- package/dist/bin.cjs +21 -13
- package/dist/client/core/types.d.ts +20 -0
- package/dist/client/core/types.d.ts.map +1 -0
- package/dist/client/index.d.ts +2 -16
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +67 -565
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +40 -12
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/api.js.map +1 -1
- package/dist/component/_generated/component.d.ts +1306 -1344
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/client/core/types.d.ts +2 -0
- package/dist/component/client/index.d.ts +2 -2
- package/dist/component/model.d.ts +80 -80
- package/dist/component/model.d.ts.map +1 -1
- package/dist/component/model.js +5 -1
- package/dist/component/model.js.map +1 -1
- package/dist/component/providers/credentials.d.ts +3 -2
- package/dist/component/providers/credentials.d.ts.map +1 -1
- package/dist/component/providers/email.d.ts +30 -0
- package/dist/component/providers/email.d.ts.map +1 -1
- package/dist/component/providers/phone.d.ts +28 -0
- package/dist/component/providers/phone.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.d.ts +73 -0
- package/dist/component/public/enterprise/audit.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.js +108 -0
- package/dist/component/public/enterprise/audit.js.map +1 -0
- package/dist/component/public/enterprise/core.d.ts +176 -0
- package/dist/component/public/enterprise/core.d.ts.map +1 -0
- package/dist/component/public/enterprise/core.js +292 -0
- package/dist/component/public/enterprise/core.js.map +1 -0
- package/dist/component/public/enterprise/domains.d.ts +174 -0
- package/dist/component/public/enterprise/domains.d.ts.map +1 -0
- package/dist/component/public/enterprise/domains.js +271 -0
- package/dist/component/public/enterprise/domains.js.map +1 -0
- package/dist/component/public/enterprise/scim.d.ts +245 -0
- package/dist/component/public/enterprise/scim.d.ts.map +1 -0
- package/dist/component/public/enterprise/scim.js +344 -0
- package/dist/component/public/enterprise/scim.js.map +1 -0
- package/dist/component/public/enterprise/secrets.d.ts +78 -0
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
- package/dist/component/public/enterprise/secrets.js +118 -0
- package/dist/component/public/enterprise/secrets.js.map +1 -0
- package/dist/component/public/enterprise/webhooks.d.ts +211 -0
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
- package/dist/component/public/enterprise/webhooks.js +300 -0
- package/dist/component/public/enterprise/webhooks.js.map +1 -0
- package/dist/component/public/factors/devices.d.ts +157 -0
- package/dist/component/public/factors/devices.d.ts.map +1 -0
- package/dist/component/public/factors/devices.js +216 -0
- package/dist/component/public/factors/devices.js.map +1 -0
- package/dist/component/public/factors/passkeys.d.ts +175 -0
- package/dist/component/public/factors/passkeys.d.ts.map +1 -0
- package/dist/component/public/factors/passkeys.js +238 -0
- package/dist/component/public/factors/passkeys.js.map +1 -0
- package/dist/component/public/factors/totp.d.ts +189 -0
- package/dist/component/public/factors/totp.d.ts.map +1 -0
- package/dist/component/public/factors/totp.js +254 -0
- package/dist/component/public/factors/totp.js.map +1 -0
- package/dist/component/public/groups/core.d.ts +137 -0
- package/dist/component/public/groups/core.d.ts.map +1 -0
- package/dist/component/public/groups/core.js +321 -0
- package/dist/component/public/groups/core.js.map +1 -0
- package/dist/component/public/groups/invites.d.ts +217 -0
- package/dist/component/public/groups/invites.d.ts.map +1 -0
- package/dist/component/public/groups/invites.js +457 -0
- package/dist/component/public/groups/invites.js.map +1 -0
- package/dist/component/public/groups/members.d.ts +204 -0
- package/dist/component/public/groups/members.d.ts.map +1 -0
- package/dist/component/public/groups/members.js +355 -0
- package/dist/component/public/groups/members.js.map +1 -0
- package/dist/component/public/identity/accounts.d.ts +147 -0
- package/dist/component/public/identity/accounts.d.ts.map +1 -0
- package/dist/component/public/identity/accounts.js +200 -0
- package/dist/component/public/identity/accounts.js.map +1 -0
- package/dist/component/public/identity/codes.d.ts +104 -0
- package/dist/component/public/identity/codes.d.ts.map +1 -0
- package/dist/component/public/identity/codes.js +140 -0
- package/dist/component/public/identity/codes.js.map +1 -0
- package/dist/component/public/identity/sessions.d.ts +128 -0
- package/dist/component/public/identity/sessions.d.ts.map +1 -0
- package/dist/component/public/identity/sessions.js +192 -0
- package/dist/component/public/identity/sessions.js.map +1 -0
- package/dist/component/public/identity/tokens.d.ts +169 -0
- package/dist/component/public/identity/tokens.d.ts.map +1 -0
- package/dist/component/public/identity/tokens.js +227 -0
- package/dist/component/public/identity/tokens.js.map +1 -0
- package/dist/component/public/identity/users.d.ts +212 -0
- package/dist/component/public/identity/users.d.ts.map +1 -0
- package/dist/component/public/identity/users.js +311 -0
- package/dist/component/public/identity/users.js.map +1 -0
- package/dist/component/public/identity/verifiers.d.ts +116 -0
- package/dist/component/public/identity/verifiers.d.ts.map +1 -0
- package/dist/component/public/identity/verifiers.js +154 -0
- package/dist/component/public/identity/verifiers.js.map +1 -0
- package/dist/component/public/security/keys.d.ts +209 -0
- package/dist/component/public/security/keys.d.ts.map +1 -0
- package/dist/component/public/security/keys.js +319 -0
- package/dist/component/public/security/keys.js.map +1 -0
- package/dist/component/public/security/limits.d.ts +114 -0
- package/dist/component/public/security/limits.d.ts.map +1 -0
- package/dist/component/public/security/limits.js +169 -0
- package/dist/component/public/security/limits.js.map +1 -0
- package/dist/component/public.d.ts +22 -7
- package/dist/component/public.js +21 -6
- package/dist/component/schema.d.ts +288 -288
- package/dist/component/server/auth.d.ts +212 -25
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +68 -4
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/authError.js +34 -0
- package/dist/component/server/authError.js.map +1 -0
- package/dist/component/server/{providers.js → config.js} +2 -2
- package/dist/component/server/config.js.map +1 -0
- package/dist/component/server/{domains/core.js → core.js} +107 -88
- package/dist/component/server/core.js.map +1 -0
- package/dist/component/server/{provider.js → crypto.js} +3 -3
- package/dist/component/server/crypto.js.map +1 -0
- package/dist/component/server/device.js +1 -1
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/enterprise/config.js +46 -0
- package/dist/component/server/enterprise/config.js.map +1 -0
- package/dist/component/server/{domains/sso.js → enterprise/domain.js} +6 -5
- package/dist/component/server/enterprise/domain.js.map +1 -0
- package/dist/component/server/enterprise/http.js +766 -0
- package/dist/component/server/enterprise/http.js.map +1 -0
- package/dist/component/server/enterprise/oidc.js +248 -0
- package/dist/component/server/enterprise/oidc.js.map +1 -0
- package/dist/component/server/enterprise/policy.js +85 -0
- package/dist/component/server/enterprise/policy.js.map +1 -0
- package/dist/component/server/enterprise/saml.js +338 -0
- package/dist/component/server/enterprise/saml.js.map +1 -0
- package/dist/component/server/enterprise/scim.js +97 -0
- package/dist/component/server/enterprise/scim.js.map +1 -0
- package/dist/component/server/enterprise/shared.js +51 -0
- package/dist/component/server/enterprise/shared.js.map +1 -0
- package/dist/component/server/errors.js.map +1 -1
- package/dist/component/server/http.js +2 -1
- package/dist/component/server/http.js.map +1 -1
- package/dist/component/server/identity.js +1 -1
- package/dist/component/server/identity.js.map +1 -1
- package/dist/component/server/{ratelimit.js → limits.js} +3 -3
- package/dist/component/server/limits.js.map +1 -0
- package/dist/component/server/mutations/account.js +3 -3
- package/dist/component/server/mutations/account.js.map +1 -1
- package/dist/component/server/mutations/code.js +2 -2
- package/dist/component/server/mutations/code.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/invalidate.js.map +1 -1
- package/dist/component/server/mutations/oauth.js +5 -3
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +1 -1
- package/dist/component/server/mutations/refresh.js.map +1 -1
- package/dist/component/server/mutations/register.js +3 -3
- package/dist/component/server/mutations/register.js.map +1 -1
- package/dist/component/server/mutations/retrieve.js +4 -4
- package/dist/component/server/mutations/retrieve.js.map +1 -1
- package/dist/component/server/mutations/signature.js +2 -2
- package/dist/component/server/mutations/signature.js.map +1 -1
- package/dist/component/server/mutations/signin.js +1 -1
- package/dist/component/server/mutations/signin.js.map +1 -1
- package/dist/component/server/mutations/signout.js +1 -1
- package/dist/component/server/mutations/signout.js.map +1 -1
- package/dist/component/server/mutations/store/refs.js +15 -0
- package/dist/component/server/mutations/store/refs.js.map +1 -0
- package/dist/component/server/mutations/store.js +80 -10
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verifier.js +1 -1
- package/dist/component/server/mutations/verifier.js.map +1 -1
- package/dist/component/server/mutations/verify.js +4 -3
- package/dist/component/server/mutations/verify.js.map +1 -1
- package/dist/component/server/oauth.js +1 -1
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +2 -1
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/redirects.js +1 -1
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +1 -1
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/{factory.d.ts → runtime.d.ts} +2 -2
- package/dist/component/server/runtime.d.ts.map +1 -0
- package/dist/component/server/runtime.js +413 -0
- package/dist/component/server/runtime.js.map +1 -0
- package/dist/component/server/signin.js +2 -1
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/totp.js +2 -1
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +225 -41
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +1 -1
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +1 -1
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +369 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/factors/device.js +105 -0
- package/dist/factors/device.js.map +1 -0
- package/dist/factors/passkey.js +181 -0
- package/dist/factors/passkey.js.map +1 -0
- package/dist/factors/totp.js +122 -0
- package/dist/factors/totp.js.map +1 -0
- package/dist/providers/credentials.d.ts +5 -2
- package/dist/providers/credentials.d.ts.map +1 -1
- package/dist/providers/credentials.js +2 -0
- package/dist/providers/credentials.js.map +1 -1
- package/dist/providers/email.d.ts +30 -0
- package/dist/providers/email.d.ts.map +1 -1
- package/dist/providers/email.js +24 -0
- package/dist/providers/email.js.map +1 -1
- package/dist/providers/phone.d.ts +28 -0
- package/dist/providers/phone.d.ts.map +1 -1
- package/dist/providers/phone.js +22 -0
- package/dist/providers/phone.js.map +1 -1
- package/dist/runtime/browser.js +68 -0
- package/dist/runtime/browser.js.map +1 -0
- package/dist/runtime/invite.js +51 -0
- package/dist/runtime/invite.js.map +1 -0
- package/dist/runtime/proxy.js +70 -0
- package/dist/runtime/proxy.js.map +1 -0
- package/dist/runtime/storage.js +37 -0
- package/dist/runtime/storage.js.map +1 -0
- package/dist/server/auth.d.ts +218 -28
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +68 -4
- package/dist/server/auth.js.map +1 -1
- package/dist/server/{fx.d.ts → authError.d.ts} +25 -15
- package/dist/server/authError.d.ts.map +1 -0
- package/dist/server/authError.js +34 -0
- package/dist/server/authError.js.map +1 -0
- package/dist/server/{providers.js → config.js} +2 -2
- package/dist/server/config.js.map +1 -0
- package/dist/server/core.d.ts +1436 -0
- package/dist/server/core.d.ts.map +1 -0
- package/dist/server/{domains/core.js → core.js} +107 -88
- package/dist/server/core.js.map +1 -0
- package/dist/server/{provider.d.ts → crypto.d.ts} +2 -2
- package/dist/server/crypto.d.ts.map +1 -0
- package/dist/server/{provider.js → crypto.js} +3 -3
- package/dist/{component/server/provider.js.map → server/crypto.js.map} +1 -1
- package/dist/server/device.js +1 -1
- package/dist/server/device.js.map +1 -1
- package/dist/server/enterprise/config.js +46 -0
- package/dist/server/enterprise/config.js.map +1 -0
- package/dist/server/{domains/sso.d.ts → enterprise/domain.d.ts} +4 -4
- package/dist/server/enterprise/domain.d.ts.map +1 -0
- package/dist/server/{domains/sso.js → enterprise/domain.js} +6 -5
- package/dist/server/enterprise/domain.js.map +1 -0
- package/dist/server/enterprise/http.d.ts +26 -0
- package/dist/server/enterprise/http.d.ts.map +1 -0
- package/dist/server/enterprise/http.js +766 -0
- package/dist/server/enterprise/http.js.map +1 -0
- package/dist/server/enterprise/oidc.js +248 -0
- package/dist/server/enterprise/oidc.js.map +1 -0
- package/dist/server/enterprise/policy.js +85 -0
- package/dist/server/enterprise/policy.js.map +1 -0
- package/dist/server/enterprise/saml.d.ts +1 -0
- package/dist/server/enterprise/saml.js +338 -0
- package/dist/server/enterprise/saml.js.map +1 -0
- package/dist/server/enterprise/scim.d.ts +1 -0
- package/dist/server/enterprise/scim.js +97 -0
- package/dist/server/enterprise/scim.js.map +1 -0
- package/dist/server/enterprise/shared.d.ts +5 -0
- package/dist/server/enterprise/shared.d.ts.map +1 -0
- package/dist/server/enterprise/shared.js +51 -0
- package/dist/server/enterprise/shared.js.map +1 -0
- package/dist/server/enterprise/validators.d.ts +1 -0
- package/dist/server/{enterpriseValidators.js → enterprise/validators.js} +2 -2
- package/dist/server/enterprise/validators.js.map +1 -0
- package/dist/server/errors.d.ts +2 -0
- package/dist/server/errors.d.ts.map +1 -1
- package/dist/server/errors.js +2 -0
- package/dist/server/errors.js.map +1 -1
- package/dist/server/http.d.ts +2 -2
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/http.js +2 -1
- package/dist/server/http.js.map +1 -1
- package/dist/server/identity.js +1 -1
- package/dist/server/identity.js.map +1 -1
- package/dist/server/index.d.ts +4 -705
- package/dist/server/index.js +4 -1367
- package/dist/server/limits.d.ts +1 -0
- package/dist/server/{ratelimit.js → limits.js} +3 -3
- package/dist/server/limits.js.map +1 -0
- package/dist/server/mounts.d.ts +647 -0
- package/dist/server/mounts.d.ts.map +1 -0
- package/dist/server/mounts.js +643 -0
- package/dist/server/mounts.js.map +1 -0
- package/dist/server/mutations/account.d.ts +8 -8
- package/dist/server/mutations/account.js +3 -3
- package/dist/server/mutations/account.js.map +1 -1
- package/dist/server/mutations/code.d.ts +13 -13
- package/dist/server/mutations/code.js +2 -2
- package/dist/server/mutations/code.js.map +1 -1
- package/dist/server/mutations/index.d.ts +8 -312
- package/dist/server/mutations/index.js +14 -84
- package/dist/server/mutations/invalidate.d.ts +5 -5
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/invalidate.js +1 -1
- package/dist/server/mutations/invalidate.js.map +1 -1
- package/dist/server/mutations/oauth.d.ts +9 -9
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +5 -3
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +4 -4
- package/dist/server/mutations/refresh.js +1 -1
- package/dist/server/mutations/refresh.js.map +1 -1
- package/dist/server/mutations/register.d.ts +10 -10
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/register.js +3 -3
- package/dist/server/mutations/register.js.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +8 -10
- package/dist/server/mutations/retrieve.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.js +5 -7
- package/dist/server/mutations/retrieve.js.map +1 -1
- package/dist/server/mutations/signature.d.ts +6 -6
- package/dist/server/mutations/signature.d.ts.map +1 -1
- package/dist/server/mutations/signature.js +2 -2
- package/dist/server/mutations/signature.js.map +1 -1
- package/dist/server/mutations/signin.d.ts +1 -1
- package/dist/server/mutations/signin.js +1 -1
- package/dist/server/mutations/signin.js.map +1 -1
- package/dist/server/mutations/signout.d.ts +1 -1
- package/dist/server/mutations/signout.js +1 -1
- package/dist/server/mutations/signout.js.map +1 -1
- package/dist/server/mutations/store/refs.d.ts +12 -0
- package/dist/server/mutations/store/refs.d.ts.map +1 -0
- package/dist/server/mutations/store/refs.js +15 -0
- package/dist/server/mutations/store/refs.js.map +1 -0
- package/dist/server/mutations/store.d.ts +303 -9
- package/dist/server/mutations/store.d.ts.map +1 -1
- package/dist/server/mutations/store.js +80 -10
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.d.ts +1 -1
- package/dist/server/mutations/verifier.js +1 -1
- package/dist/server/mutations/verifier.js.map +1 -1
- package/dist/server/mutations/verify.d.ts +8 -8
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/mutations/verify.js +4 -3
- package/dist/server/mutations/verify.js.map +1 -1
- package/dist/server/oauth.js +1 -1
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +2 -2
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +3 -2
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/redirects.js +1 -1
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.js +1 -1
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/{factory.d.ts → runtime.d.ts} +16 -16
- package/dist/server/runtime.d.ts.map +1 -0
- package/dist/server/runtime.js +413 -0
- package/dist/server/runtime.js.map +1 -0
- package/dist/server/signin.js +3 -2
- package/dist/server/signin.js.map +1 -1
- package/dist/server/ssr.d.ts +226 -0
- package/dist/server/ssr.d.ts.map +1 -0
- package/dist/server/ssr.js +786 -0
- package/dist/server/ssr.js.map +1 -0
- package/dist/server/totp.js +2 -1
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +242 -42
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js +12 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.js +1 -1
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.js +1 -1
- package/dist/server/utils.js.map +1 -1
- package/package.json +3 -4
- package/src/authorization/index.ts +46 -0
- package/src/cli/index.ts +38 -20
- package/src/client/core/types.ts +437 -0
- package/src/client/factors/device.ts +160 -0
- package/src/client/factors/passkey.ts +282 -0
- package/src/client/factors/totp.ts +150 -0
- package/src/client/index.ts +133 -1267
- package/src/client/runtime/browser.ts +112 -0
- package/src/client/runtime/invite.ts +65 -0
- package/src/client/runtime/proxy.ts +111 -0
- package/src/client/runtime/storage.ts +79 -0
- package/src/component/_generated/api.ts +40 -12
- package/src/component/_generated/component.ts +1772 -1798
- package/src/component/model.ts +6 -0
- package/src/component/public/enterprise/audit.ts +120 -0
- package/src/component/public/enterprise/core.ts +354 -0
- package/src/component/public/enterprise/domains.ts +323 -0
- package/src/component/public/enterprise/scim.ts +396 -0
- package/src/component/public/enterprise/secrets.ts +132 -0
- package/src/component/public/enterprise/webhooks.ts +306 -0
- package/src/component/public/factors/devices.ts +223 -0
- package/src/component/public/factors/passkeys.ts +242 -0
- package/src/component/public/factors/totp.ts +258 -0
- package/src/component/public/groups/core.ts +481 -0
- package/src/component/public/groups/invites.ts +602 -0
- package/src/component/public/groups/members.ts +409 -0
- package/src/component/public/identity/accounts.ts +206 -0
- package/src/component/public/identity/codes.ts +148 -0
- package/src/component/public/identity/sessions.ts +209 -0
- package/src/component/public/identity/tokens.ts +250 -0
- package/src/component/public/identity/users.ts +354 -0
- package/src/component/public/identity/verifiers.ts +157 -0
- package/src/component/public/security/keys.ts +365 -0
- package/src/component/public/security/limits.ts +173 -0
- package/src/component/public.ts +27 -5
- package/src/providers/credentials.ts +4 -5
- package/src/providers/email.ts +30 -0
- package/src/providers/phone.ts +28 -0
- package/src/server/auth.ts +282 -28
- package/src/server/authError.ts +44 -0
- package/src/server/core.ts +2095 -0
- package/src/server/{provider.ts → crypto.ts} +1 -1
- package/src/server/device.ts +1 -1
- package/src/server/enterprise/config.ts +51 -0
- package/src/server/{domains/sso.ts → enterprise/domain.ts} +4 -2
- package/src/server/enterprise/http.ts +1324 -0
- package/src/server/enterprise/oidc.ts +500 -0
- package/src/server/enterprise/policy.ts +128 -0
- package/src/server/enterprise/saml.ts +578 -0
- package/src/server/enterprise/scim.ts +135 -0
- package/src/server/enterprise/shared.ts +134 -0
- package/src/server/errors.ts +2 -0
- package/src/server/http.ts +3 -1
- package/src/server/identity.ts +1 -1
- package/src/server/index.ts +32 -2605
- package/src/server/{ratelimit.ts → limits.ts} +1 -1
- package/src/server/mounts.ts +948 -0
- package/src/server/mutations/account.ts +4 -4
- package/src/server/mutations/code.ts +3 -3
- package/src/server/mutations/index.ts +8 -148
- package/src/server/mutations/invalidate.ts +2 -2
- package/src/server/mutations/oauth.ts +8 -6
- package/src/server/mutations/refresh.ts +3 -3
- package/src/server/mutations/register.ts +3 -3
- package/src/server/mutations/retrieve.ts +4 -8
- package/src/server/mutations/signature.ts +3 -3
- package/src/server/mutations/signin.ts +2 -2
- package/src/server/mutations/signout.ts +2 -2
- package/src/server/mutations/store/refs.ts +10 -0
- package/src/server/mutations/store.ts +137 -9
- package/src/server/mutations/verifier.ts +2 -2
- package/src/server/mutations/verify.ts +5 -5
- package/src/server/oauth.ts +1 -1
- package/src/server/passkey.ts +3 -4
- package/src/server/redirects.ts +1 -1
- package/src/server/refresh.ts +1 -1
- package/src/server/runtime.ts +880 -0
- package/src/server/signin.ts +3 -1
- package/src/server/ssr.ts +1764 -0
- package/src/server/totp.ts +3 -1
- package/src/server/types.ts +254 -43
- package/src/server/users.ts +1 -1
- package/src/server/utils.ts +1 -1
- package/src/test.ts +25 -0
- package/dist/component/public/enterprise.d.ts +0 -54
- package/dist/component/public/enterprise.d.ts.map +0 -1
- package/dist/component/public/enterprise.js +0 -515
- package/dist/component/public/enterprise.js.map +0 -1
- package/dist/component/public/factors.d.ts +0 -52
- package/dist/component/public/factors.d.ts.map +0 -1
- package/dist/component/public/factors.js +0 -285
- package/dist/component/public/factors.js.map +0 -1
- package/dist/component/public/groups.d.ts +0 -124
- package/dist/component/public/groups.d.ts.map +0 -1
- package/dist/component/public/groups.js +0 -680
- package/dist/component/public/groups.js.map +0 -1
- package/dist/component/public/identity.d.ts +0 -93
- package/dist/component/public/identity.d.ts.map +0 -1
- package/dist/component/public/identity.js +0 -426
- package/dist/component/public/identity.js.map +0 -1
- package/dist/component/public/keys.d.ts +0 -41
- package/dist/component/public/keys.d.ts.map +0 -1
- package/dist/component/public/keys.js +0 -157
- package/dist/component/public/keys.js.map +0 -1
- package/dist/component/public/shared.d.ts +0 -26
- package/dist/component/public/shared.d.ts.map +0 -1
- package/dist/component/public/shared.js +0 -32
- package/dist/component/public/shared.js.map +0 -1
- package/dist/component/server/domains/core.js.map +0 -1
- package/dist/component/server/domains/sso.js.map +0 -1
- package/dist/component/server/factory.d.ts.map +0 -1
- package/dist/component/server/factory.js +0 -1134
- package/dist/component/server/factory.js.map +0 -1
- package/dist/component/server/fx.js +0 -66
- package/dist/component/server/fx.js.map +0 -1
- package/dist/component/server/mutations/index.js +0 -85
- package/dist/component/server/mutations/index.js.map +0 -1
- package/dist/component/server/providers.js.map +0 -1
- package/dist/component/server/ratelimit.js.map +0 -1
- package/dist/component/server/sso.js +0 -830
- package/dist/component/server/sso.js.map +0 -1
- package/dist/server/domains/core.d.ts +0 -449
- package/dist/server/domains/core.d.ts.map +0 -1
- package/dist/server/domains/core.js.map +0 -1
- package/dist/server/domains/sso.d.ts.map +0 -1
- package/dist/server/domains/sso.js.map +0 -1
- package/dist/server/enterpriseValidators.js.map +0 -1
- package/dist/server/factory.d.ts.map +0 -1
- package/dist/server/factory.js +0 -1134
- package/dist/server/factory.js.map +0 -1
- package/dist/server/fx.d.ts.map +0 -1
- package/dist/server/fx.js +0 -66
- package/dist/server/fx.js.map +0 -1
- package/dist/server/index.d.ts.map +0 -1
- package/dist/server/index.js.map +0 -1
- package/dist/server/mutations/index.d.ts.map +0 -1
- package/dist/server/mutations/index.js.map +0 -1
- package/dist/server/provider.d.ts.map +0 -1
- package/dist/server/provider.js.map +0 -1
- package/dist/server/providers.js.map +0 -1
- package/dist/server/ratelimit.js.map +0 -1
- package/dist/server/sso.js +0 -830
- package/dist/server/sso.js.map +0 -1
- package/dist/server/version.d.ts +0 -5
- package/dist/server/version.d.ts.map +0 -1
- package/dist/server/version.js +0 -6
- package/dist/server/version.js.map +0 -1
- package/src/component/public/enterprise.ts +0 -753
- package/src/component/public/factors.ts +0 -333
- package/src/component/public/groups.ts +0 -1066
- package/src/component/public/identity.ts +0 -569
- package/src/component/public/keys.ts +0 -209
- package/src/component/public/shared.ts +0 -119
- package/src/server/domains/core.ts +0 -1096
- package/src/server/factory.ts +0 -2181
- package/src/server/fx.ts +0 -152
- package/src/server/sso.ts +0 -1516
- package/src/server/version.ts +0 -2
- /package/dist/server/{enterpriseValidators.d.ts → config.d.ts} +0 -0
- /package/dist/server/{providers.d.ts → enterprise/config.d.ts} +0 -0
- /package/dist/server/{ratelimit.d.ts → enterprise/oidc.d.ts} +0 -0
- /package/dist/server/{sso.d.ts → enterprise/policy.d.ts} +0 -0
- /package/src/server/{providers.ts → config.ts} +0 -0
- /package/src/server/{enterpriseValidators.ts → enterprise/validators.ts} +0 -0
package/dist/client/index.js
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
1
|
import { AUTH_ERRORS, isAuthError, parseAuthError } from "../server/errors.js";
|
|
2
|
+
import { browserMutex, getStorageListenerRegistry } from "../runtime/browser.js";
|
|
3
|
+
import { createDeviceClient } from "../factors/device.js";
|
|
4
|
+
import { createInviteManager } from "../runtime/invite.js";
|
|
5
|
+
import { createPasskeyClient } from "../factors/passkey.js";
|
|
6
|
+
import { createProxyHelpers, isRetriableProxyRefreshError, isTransientNetworkError } from "../runtime/proxy.js";
|
|
7
|
+
import { createStorageHelpers } from "../runtime/storage.js";
|
|
8
|
+
import { createTotpClient } from "../factors/totp.js";
|
|
2
9
|
import { Fx } from "@robelest/fx";
|
|
3
10
|
import { ConvexHttpClient } from "convex/browser";
|
|
4
11
|
import { ConvexError } from "convex/values";
|
|
@@ -12,7 +19,6 @@ const INVITE_EMAIL_KEY = "__convexAuthPendingInviteEmail";
|
|
|
12
19
|
const RETRY_BASE_MS = 500;
|
|
13
20
|
const RETRY_MAX_RETRIES = 2;
|
|
14
21
|
const AUTH_HANDSHAKE_TIMEOUT_MS = 5e3;
|
|
15
|
-
const NETWORK_ERROR_PATTERN = /(network|fetch|load failed|failed to fetch)/i;
|
|
16
22
|
/**
|
|
17
23
|
* Resolve the Convex deployment URL from the client.
|
|
18
24
|
*
|
|
@@ -26,17 +32,6 @@ function resolveUrl(convex, explicit) {
|
|
|
26
32
|
if (typeof url === "string") return url;
|
|
27
33
|
throw new Error("Could not determine Convex deployment URL. Pass `url` explicitly.");
|
|
28
34
|
}
|
|
29
|
-
function isTransientNetworkError(error) {
|
|
30
|
-
return error instanceof TypeError || error instanceof Error && NETWORK_ERROR_PATTERN.test(error.message || "");
|
|
31
|
-
}
|
|
32
|
-
function isRetriableProxyRefreshError(error) {
|
|
33
|
-
if (isTransientNetworkError(error)) return true;
|
|
34
|
-
if (!(error instanceof Error)) return false;
|
|
35
|
-
const statusMatch = error.message.match(/Proxy request failed:\s*(\d{3})/);
|
|
36
|
-
if (statusMatch === null) return false;
|
|
37
|
-
const statusCode = Number(statusMatch[1]);
|
|
38
|
-
return statusCode >= 500 && statusCode < 600;
|
|
39
|
-
}
|
|
40
35
|
/**
|
|
41
36
|
* Create a framework-agnostic auth client.
|
|
42
37
|
*
|
|
@@ -69,7 +64,10 @@ function isRetriableProxyRefreshError(error) {
|
|
|
69
64
|
* holds the JWT in memory only.
|
|
70
65
|
*
|
|
71
66
|
* @param options - Client configuration. See {@link ClientOptions}.
|
|
67
|
+
* @typeParam Api - An AuthApiRefs type determining which factor helpers are available.
|
|
72
68
|
* @returns Auth client with conditional `passkey`, `totp`, and `device` helpers.
|
|
69
|
+
* @throws {Error} When the Convex deployment URL cannot be determined and `url` is not passed explicitly.
|
|
70
|
+
* @throws {Error} When `proxyPath` is not set and the `api` option is missing.
|
|
73
71
|
*/
|
|
74
72
|
function client(options) {
|
|
75
73
|
const { convex, proxyPath, api: apiRefs } = options;
|
|
@@ -88,6 +86,21 @@ function client(options) {
|
|
|
88
86
|
if (typeof window !== "undefined") return new URL(window.location.href);
|
|
89
87
|
return null;
|
|
90
88
|
}
|
|
89
|
+
/**
|
|
90
|
+
* SSR-safe URL parameter reader.
|
|
91
|
+
*
|
|
92
|
+
* Uses the `location` option if provided, otherwise falls back to
|
|
93
|
+
* `window.location` (returns `null` during SSR where `window` is unavailable).
|
|
94
|
+
*
|
|
95
|
+
* @param name - The query parameter name.
|
|
96
|
+
* @returns The parameter value, or `null` if not present or in SSR.
|
|
97
|
+
*
|
|
98
|
+
* @example
|
|
99
|
+
* ```ts
|
|
100
|
+
* const workspaceId = auth.param("workspace");
|
|
101
|
+
* const tab = auth.param("tab") ?? "issues";
|
|
102
|
+
* ```
|
|
103
|
+
*/
|
|
91
104
|
function param(name) {
|
|
92
105
|
return getLocation()?.searchParams.get(name) ?? null;
|
|
93
106
|
}
|
|
@@ -105,6 +118,11 @@ function client(options) {
|
|
|
105
118
|
const url = proxy ? void 0 : resolveUrl(convex, options.url);
|
|
106
119
|
const escapedNamespace = proxy ? proxy.replace(/[^a-zA-Z0-9]/g, "") : url.replace(/[^a-zA-Z0-9]/g, "");
|
|
107
120
|
const key = (name) => `${name}_${escapedNamespace}`;
|
|
121
|
+
const { get: storageGet, set: storageSet, remove: storageRemove } = createStorageHelpers({
|
|
122
|
+
storage,
|
|
123
|
+
key
|
|
124
|
+
});
|
|
125
|
+
const { isAbsoluteUrl, proxyFetch, resolveProxyUrl } = createProxyHelpers({ proxy });
|
|
108
126
|
const subscribers = /* @__PURE__ */ new Set();
|
|
109
127
|
let disposeStorageListener = null;
|
|
110
128
|
const httpClient = proxy ? null : new ConvexHttpClient(url);
|
|
@@ -212,68 +230,18 @@ function client(options) {
|
|
|
212
230
|
isLoading = false;
|
|
213
231
|
if (updateSnapshot()) notify();
|
|
214
232
|
};
|
|
215
|
-
const
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
}).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to write ${name} to storage:`, error))), Fx.recover(() => Fx.succeed(void 0))));
|
|
228
|
-
};
|
|
229
|
-
const storageRemove = async (name) => {
|
|
230
|
-
if (!storage) return;
|
|
231
|
-
await Fx.run(Fx.from({
|
|
232
|
-
ok: () => storage.removeItem(key(name)),
|
|
233
|
-
err: (e) => e
|
|
234
|
-
}).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to remove ${name} from storage:`, error))), Fx.recover(() => Fx.succeed(void 0))));
|
|
235
|
-
};
|
|
236
|
-
let pendingInvite = null;
|
|
237
|
-
const urlInviteToken = param("invite");
|
|
238
|
-
if (urlInviteToken) pendingInvite = {
|
|
239
|
-
token: urlInviteToken,
|
|
240
|
-
email: param("email")
|
|
241
|
-
};
|
|
242
|
-
else (async () => {
|
|
243
|
-
const storedToken = await storageGet(INVITE_TOKEN_KEY);
|
|
244
|
-
if (storedToken && !pendingInvite) {
|
|
245
|
-
pendingInvite = {
|
|
246
|
-
token: storedToken,
|
|
247
|
-
email: await storageGet(INVITE_EMAIL_KEY) ?? null
|
|
248
|
-
};
|
|
249
|
-
storageRemove(INVITE_TOKEN_KEY);
|
|
250
|
-
storageRemove(INVITE_EMAIL_KEY);
|
|
251
|
-
}
|
|
252
|
-
})();
|
|
253
|
-
async function persistInvite() {
|
|
254
|
-
if (!pendingInvite) return;
|
|
255
|
-
await storageSet(INVITE_TOKEN_KEY, pendingInvite.token);
|
|
256
|
-
if (pendingInvite.email) await storageSet(INVITE_EMAIL_KEY, pendingInvite.email);
|
|
257
|
-
}
|
|
258
|
-
/**
|
|
259
|
-
* Consume the pending invite: clears storage/URL and returns the token.
|
|
260
|
-
* The app uses the returned token to call its own accept mutation.
|
|
261
|
-
*/
|
|
262
|
-
async function acceptInvite() {
|
|
263
|
-
if (!pendingInvite) return {
|
|
264
|
-
ok: false,
|
|
265
|
-
message: "No pending invite"
|
|
266
|
-
};
|
|
267
|
-
const { token: token$1 } = pendingInvite;
|
|
268
|
-
pendingInvite = null;
|
|
269
|
-
storageRemove(INVITE_TOKEN_KEY);
|
|
270
|
-
storageRemove(INVITE_EMAIL_KEY);
|
|
271
|
-
cleanUrlParams(["invite", "email"]);
|
|
272
|
-
return {
|
|
273
|
-
ok: true,
|
|
274
|
-
token: token$1
|
|
275
|
-
};
|
|
276
|
-
}
|
|
233
|
+
const inviteManager = createInviteManager({
|
|
234
|
+
param,
|
|
235
|
+
storageGet,
|
|
236
|
+
storageSet,
|
|
237
|
+
storageRemove,
|
|
238
|
+
cleanUrlParams,
|
|
239
|
+
tokenKey: INVITE_TOKEN_KEY,
|
|
240
|
+
emailKey: INVITE_EMAIL_KEY
|
|
241
|
+
});
|
|
242
|
+
const getPendingInvite = () => inviteManager.getPendingInvite();
|
|
243
|
+
const persistInvite = () => inviteManager.persistInvite();
|
|
244
|
+
const acceptInvite = () => inviteManager.acceptInvite();
|
|
277
245
|
const bindConvexAuth = () => {
|
|
278
246
|
convex.setAuth(fetchAccessToken, handleConvexAuthChange);
|
|
279
247
|
};
|
|
@@ -323,45 +291,6 @@ function client(options) {
|
|
|
323
291
|
if (waitForHandshake) await waitForAuthHandshake(context);
|
|
324
292
|
return true;
|
|
325
293
|
};
|
|
326
|
-
const resolveProxyUrl = () => {
|
|
327
|
-
const origin = typeof window !== "undefined" && typeof window.location?.origin === "string" ? window.location.origin : typeof location !== "undefined" && typeof location.origin === "string" ? location.origin : null;
|
|
328
|
-
if (origin !== null) return new URL(proxy, origin).toString();
|
|
329
|
-
return Fx.run(Fx.from({
|
|
330
|
-
ok: () => new URL(proxy).toString(),
|
|
331
|
-
err: () => proxy
|
|
332
|
-
}).pipe(Fx.recover((fallback) => Fx.succeed(fallback))));
|
|
333
|
-
};
|
|
334
|
-
const isAbsoluteUrl = (value) => {
|
|
335
|
-
return Fx.run(Fx.from({
|
|
336
|
-
ok: () => {
|
|
337
|
-
new URL(value);
|
|
338
|
-
return true;
|
|
339
|
-
},
|
|
340
|
-
err: () => false
|
|
341
|
-
}).pipe(Fx.recover((v) => Fx.succeed(v))));
|
|
342
|
-
};
|
|
343
|
-
const proxyFetch = async (body) => {
|
|
344
|
-
const proxyUrl = await resolveProxyUrl();
|
|
345
|
-
if (typeof window === "undefined" && !await isAbsoluteUrl(proxyUrl)) throw new Error(`Cannot call relative proxy URL \`${proxy}\` without a browser origin. Pass an absolute proxy URL for server runtimes.`);
|
|
346
|
-
const response = await fetch(proxyUrl, {
|
|
347
|
-
method: "POST",
|
|
348
|
-
headers: { "Content-Type": "application/json" },
|
|
349
|
-
credentials: "include",
|
|
350
|
-
body: JSON.stringify(body)
|
|
351
|
-
});
|
|
352
|
-
if (!response.ok) {
|
|
353
|
-
const errorBody = await Fx.run(Fx.from({
|
|
354
|
-
ok: () => response.json(),
|
|
355
|
-
err: () => ({})
|
|
356
|
-
}).pipe(Fx.recover((fallback) => Fx.succeed(fallback))));
|
|
357
|
-
if (typeof errorBody === "object" && errorBody !== null && "authError" in errorBody && typeof errorBody.authError === "object") throw new ConvexError(errorBody.authError);
|
|
358
|
-
throw new Error(errorBody.error ?? `Proxy request failed: ${response.status}`);
|
|
359
|
-
}
|
|
360
|
-
return Fx.run(Fx.from({
|
|
361
|
-
ok: () => response.json(),
|
|
362
|
-
err: () => /* @__PURE__ */ new Error("Proxy response was not valid JSON")
|
|
363
|
-
}).pipe(Fx.recover((e) => Fx.fatal(e))));
|
|
364
|
-
};
|
|
365
294
|
const verifyCode = async (args) => {
|
|
366
295
|
const verifyCodeRetryPolicy = Fx.retry.while(Fx.retry.compose(Fx.retry.jittered(Fx.retry.exponential(RETRY_BASE_MS)), Fx.retry.recurs(RETRY_MAX_RETRIES)), (meta) => isTransientNetworkError(meta.input));
|
|
367
296
|
return Fx.run(Fx.from({
|
|
@@ -385,8 +314,8 @@ function client(options) {
|
|
|
385
314
|
return {
|
|
386
315
|
deviceCode: device_code.deviceCode,
|
|
387
316
|
userCode: device_code.userCode,
|
|
388
|
-
|
|
389
|
-
|
|
317
|
+
verificationUri: device_code.verification_uri ?? device_code.verificationUri,
|
|
318
|
+
verificationUriComplete: device_code.verification_uri_complete ?? device_code.verificationUriComplete,
|
|
390
319
|
expiresIn: device_code.expiresIn,
|
|
391
320
|
interval: device_code.interval
|
|
392
321
|
};
|
|
@@ -399,6 +328,7 @@ function client(options) {
|
|
|
399
328
|
* @param args - Provider-specific arguments. Pass a `Record<string, Value>`
|
|
400
329
|
* or `FormData`. Common fields: `email`, `password`, `code`, `redirectTo`.
|
|
401
330
|
* @returns A {@link SignInResult} indicating the outcome.
|
|
331
|
+
* @throws {ConvexError} When the server action rejects the sign-in attempt (e.g. invalid credentials, provider error, or rate limiting).
|
|
402
332
|
*
|
|
403
333
|
* @example Email magic link
|
|
404
334
|
* ```ts
|
|
@@ -668,29 +598,13 @@ function client(options) {
|
|
|
668
598
|
err: (e) => e
|
|
669
599
|
}).pipe(Fx.recover(() => Fx.succeed(void 0))))));
|
|
670
600
|
}, "[convex-auth] SPA initialization failed:");
|
|
671
|
-
/**
|
|
672
|
-
* Base64url encode/decode helpers for the WebAuthn credential API.
|
|
673
|
-
* These run client-side only (browser context).
|
|
674
|
-
*/
|
|
675
|
-
const base64urlEncode = (buffer) => {
|
|
676
|
-
const bytes = new Uint8Array(buffer);
|
|
677
|
-
let binary = "";
|
|
678
|
-
for (let i = 0; i < bytes.byteLength; i++) binary += String.fromCharCode(bytes[i]);
|
|
679
|
-
return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
680
|
-
};
|
|
681
|
-
const base64urlDecode = (str) => {
|
|
682
|
-
const padded = str.replace(/-/g, "+").replace(/_/g, "/");
|
|
683
|
-
const binary = atob(padded);
|
|
684
|
-
const bytes = new Uint8Array(binary.length);
|
|
685
|
-
for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
|
|
686
|
-
return bytes;
|
|
687
|
-
};
|
|
688
601
|
return {
|
|
689
602
|
get state() {
|
|
690
603
|
return snapshot;
|
|
691
604
|
},
|
|
692
605
|
param,
|
|
693
606
|
get invite() {
|
|
607
|
+
const pendingInvite = getPendingInvite();
|
|
694
608
|
if (!pendingInvite) return null;
|
|
695
609
|
return {
|
|
696
610
|
token: pendingInvite.token,
|
|
@@ -701,395 +615,27 @@ function client(options) {
|
|
|
701
615
|
signIn,
|
|
702
616
|
signOut,
|
|
703
617
|
onChange,
|
|
704
|
-
passkey: {
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
provider: "passkey",
|
|
726
|
-
params: phase1Params
|
|
727
|
-
}
|
|
728
|
-
});
|
|
729
|
-
else phase1Result = await convex.action(requireApiRefs().signIn, {
|
|
730
|
-
provider: "passkey",
|
|
731
|
-
params: phase1Params
|
|
732
|
-
});
|
|
733
|
-
if (phase1Result.kind !== "passkeyOptions") throw new Error("Server did not return passkey registration options");
|
|
734
|
-
const options$1 = phase1Result.options;
|
|
735
|
-
const createOptions = { publicKey: {
|
|
736
|
-
rp: options$1.rp,
|
|
737
|
-
user: {
|
|
738
|
-
id: base64urlDecode(options$1.user.id).buffer,
|
|
739
|
-
name: options$1.user.name,
|
|
740
|
-
displayName: options$1.user.displayName
|
|
741
|
-
},
|
|
742
|
-
challenge: base64urlDecode(options$1.challenge).buffer,
|
|
743
|
-
pubKeyCredParams: options$1.pubKeyCredParams,
|
|
744
|
-
timeout: options$1.timeout,
|
|
745
|
-
attestation: options$1.attestation,
|
|
746
|
-
authenticatorSelection: options$1.authenticatorSelection,
|
|
747
|
-
excludeCredentials: (options$1.excludeCredentials ?? []).map((cred) => ({
|
|
748
|
-
type: cred.type ?? "public-key",
|
|
749
|
-
id: base64urlDecode(cred.id).buffer,
|
|
750
|
-
transports: cred.transports
|
|
751
|
-
}))
|
|
752
|
-
} };
|
|
753
|
-
const credential = await navigator.credentials.create(createOptions);
|
|
754
|
-
if (!credential) throw new Error("Passkey registration was cancelled");
|
|
755
|
-
const response = credential.response;
|
|
756
|
-
const transports = typeof response.getTransports === "function" ? response.getTransports() : void 0;
|
|
757
|
-
const phase2Params = {
|
|
758
|
-
flow: "registerVerify",
|
|
759
|
-
clientDataJSON: base64urlEncode(response.clientDataJSON),
|
|
760
|
-
attestationObject: base64urlEncode(response.attestationObject),
|
|
761
|
-
transports,
|
|
762
|
-
passkeyName: opts?.name,
|
|
763
|
-
email: opts?.email
|
|
764
|
-
};
|
|
765
|
-
let phase2Result;
|
|
766
|
-
if (proxy) phase2Result = await proxyFetch({
|
|
767
|
-
action: "auth:signIn",
|
|
768
|
-
args: {
|
|
769
|
-
provider: "passkey",
|
|
770
|
-
params: phase2Params,
|
|
771
|
-
verifier: phase1Result.verifier
|
|
772
|
-
}
|
|
773
|
-
});
|
|
774
|
-
else phase2Result = await convex.action(requireApiRefs().signIn, {
|
|
775
|
-
provider: "passkey",
|
|
776
|
-
params: phase2Params,
|
|
777
|
-
verifier: phase1Result.verifier
|
|
778
|
-
});
|
|
779
|
-
return Fx.run(Fx.match(phase2Result, phase2Result.kind, {
|
|
780
|
-
signedIn: (signedInResult) => Fx.from({
|
|
781
|
-
ok: async () => {
|
|
782
|
-
return await setTokenAndMaybeWait(proxy ? {
|
|
783
|
-
shouldStore: false,
|
|
784
|
-
tokens: signedInResult.tokens === null ? null : { token: signedInResult.tokens.token },
|
|
785
|
-
waitForHandshake: true,
|
|
786
|
-
context: {
|
|
787
|
-
provider: "passkey",
|
|
788
|
-
flow: "registerVerify"
|
|
789
|
-
}
|
|
790
|
-
} : {
|
|
791
|
-
shouldStore: true,
|
|
792
|
-
tokens: signedInResult.tokens,
|
|
793
|
-
waitForHandshake: true,
|
|
794
|
-
context: {
|
|
795
|
-
provider: "passkey",
|
|
796
|
-
flow: "registerVerify"
|
|
797
|
-
}
|
|
798
|
-
}) ? { kind: "signedIn" } : { kind: "started" };
|
|
799
|
-
},
|
|
800
|
-
err: (e) => e
|
|
801
|
-
}),
|
|
802
|
-
redirect: (_redirectResult) => Fx.succeed({ kind: "started" }),
|
|
803
|
-
started: (_startedResult) => Fx.succeed({ kind: "started" }),
|
|
804
|
-
passkeyOptions: (_passkeyOptionsResult) => Fx.succeed({ kind: "started" }),
|
|
805
|
-
totpRequired: (_totpRequiredResult) => Fx.succeed({ kind: "started" }),
|
|
806
|
-
totpSetup: (_totpSetupResult) => Fx.succeed({ kind: "started" }),
|
|
807
|
-
deviceCode: (_deviceCodeResult) => Fx.succeed({ kind: "started" })
|
|
808
|
-
}));
|
|
809
|
-
},
|
|
810
|
-
authenticate: async (opts) => {
|
|
811
|
-
const phase1Params = {
|
|
812
|
-
flow: "authOptions",
|
|
813
|
-
email: opts?.email
|
|
814
|
-
};
|
|
815
|
-
let phase1Result;
|
|
816
|
-
if (proxy) phase1Result = await proxyFetch({
|
|
817
|
-
action: "auth:signIn",
|
|
818
|
-
args: {
|
|
819
|
-
provider: "passkey",
|
|
820
|
-
params: phase1Params
|
|
821
|
-
}
|
|
822
|
-
});
|
|
823
|
-
else phase1Result = await convex.action(requireApiRefs().signIn, {
|
|
824
|
-
provider: "passkey",
|
|
825
|
-
params: phase1Params
|
|
826
|
-
});
|
|
827
|
-
if (phase1Result.kind !== "passkeyOptions") throw new Error("Server did not return passkey authentication options");
|
|
828
|
-
const options$1 = phase1Result.options;
|
|
829
|
-
const getOptions = {
|
|
830
|
-
publicKey: {
|
|
831
|
-
challenge: base64urlDecode(options$1.challenge).buffer,
|
|
832
|
-
timeout: options$1.timeout,
|
|
833
|
-
rpId: options$1.rpId,
|
|
834
|
-
userVerification: options$1.userVerification,
|
|
835
|
-
allowCredentials: (options$1.allowCredentials ?? []).map((cred) => ({
|
|
836
|
-
type: cred.type ?? "public-key",
|
|
837
|
-
id: base64urlDecode(cred.id).buffer,
|
|
838
|
-
transports: cred.transports
|
|
839
|
-
}))
|
|
840
|
-
},
|
|
841
|
-
...opts?.autofill ? { mediation: "conditional" } : {}
|
|
842
|
-
};
|
|
843
|
-
const credential = await navigator.credentials.get(getOptions);
|
|
844
|
-
if (!credential) throw new Error("Passkey authentication was cancelled");
|
|
845
|
-
const response = credential.response;
|
|
846
|
-
const phase2Params = {
|
|
847
|
-
flow: "authVerify",
|
|
848
|
-
credentialId: base64urlEncode(credential.rawId),
|
|
849
|
-
clientDataJSON: base64urlEncode(response.clientDataJSON),
|
|
850
|
-
authenticatorData: base64urlEncode(response.authenticatorData),
|
|
851
|
-
signature: base64urlEncode(response.signature)
|
|
852
|
-
};
|
|
853
|
-
let phase2Result;
|
|
854
|
-
if (proxy) phase2Result = await proxyFetch({
|
|
855
|
-
action: "auth:signIn",
|
|
856
|
-
args: {
|
|
857
|
-
provider: "passkey",
|
|
858
|
-
params: phase2Params,
|
|
859
|
-
verifier: phase1Result.verifier
|
|
860
|
-
}
|
|
861
|
-
});
|
|
862
|
-
else phase2Result = await convex.action(requireApiRefs().signIn, {
|
|
863
|
-
provider: "passkey",
|
|
864
|
-
params: phase2Params,
|
|
865
|
-
verifier: phase1Result.verifier
|
|
866
|
-
});
|
|
867
|
-
return Fx.run(Fx.match(phase2Result, phase2Result.kind, {
|
|
868
|
-
signedIn: (signedInResult) => Fx.from({
|
|
869
|
-
ok: async () => {
|
|
870
|
-
return await setTokenAndMaybeWait(proxy ? {
|
|
871
|
-
shouldStore: false,
|
|
872
|
-
tokens: signedInResult.tokens === null ? null : { token: signedInResult.tokens.token },
|
|
873
|
-
waitForHandshake: true,
|
|
874
|
-
context: {
|
|
875
|
-
provider: "passkey",
|
|
876
|
-
flow: "authVerify"
|
|
877
|
-
}
|
|
878
|
-
} : {
|
|
879
|
-
shouldStore: true,
|
|
880
|
-
tokens: signedInResult.tokens,
|
|
881
|
-
waitForHandshake: true,
|
|
882
|
-
context: {
|
|
883
|
-
provider: "passkey",
|
|
884
|
-
flow: "authVerify"
|
|
885
|
-
}
|
|
886
|
-
}) ? { kind: "signedIn" } : { kind: "started" };
|
|
887
|
-
},
|
|
888
|
-
err: (e) => e
|
|
889
|
-
}),
|
|
890
|
-
redirect: (_redirectResult) => Fx.succeed({ kind: "started" }),
|
|
891
|
-
started: (_startedResult) => Fx.succeed({ kind: "started" }),
|
|
892
|
-
passkeyOptions: (_passkeyOptionsResult) => Fx.succeed({ kind: "started" }),
|
|
893
|
-
totpRequired: (_totpRequiredResult) => Fx.succeed({ kind: "started" }),
|
|
894
|
-
totpSetup: (_totpSetupResult) => Fx.succeed({ kind: "started" }),
|
|
895
|
-
deviceCode: (_deviceCodeResult) => Fx.succeed({ kind: "started" })
|
|
896
|
-
}));
|
|
897
|
-
}
|
|
898
|
-
},
|
|
899
|
-
totp: {
|
|
900
|
-
setup: async (opts) => {
|
|
901
|
-
const params = { flow: "setup" };
|
|
902
|
-
if (opts?.name) params.name = opts.name;
|
|
903
|
-
if (opts?.accountName) params.accountName = opts.accountName;
|
|
904
|
-
if (proxy) {
|
|
905
|
-
const result$1 = await proxyFetch({
|
|
906
|
-
action: "auth:signIn",
|
|
907
|
-
args: {
|
|
908
|
-
provider: "totp",
|
|
909
|
-
params
|
|
910
|
-
}
|
|
911
|
-
});
|
|
912
|
-
return {
|
|
913
|
-
uri: result$1.totpSetup.uri,
|
|
914
|
-
secret: result$1.totpSetup.secret,
|
|
915
|
-
verifier: result$1.verifier,
|
|
916
|
-
totpId: result$1.totpSetup.totpId
|
|
917
|
-
};
|
|
918
|
-
}
|
|
919
|
-
const result = await convex.action(requireApiRefs().signIn, {
|
|
920
|
-
provider: "totp",
|
|
921
|
-
params
|
|
922
|
-
});
|
|
923
|
-
return {
|
|
924
|
-
uri: result.totpSetup.uri,
|
|
925
|
-
secret: result.totpSetup.secret,
|
|
926
|
-
verifier: result.verifier,
|
|
927
|
-
totpId: result.totpSetup.totpId
|
|
928
|
-
};
|
|
929
|
-
},
|
|
930
|
-
confirm: async (opts) => {
|
|
931
|
-
const params = {
|
|
932
|
-
flow: "confirm",
|
|
933
|
-
code: opts.code,
|
|
934
|
-
totpId: opts.totpId
|
|
935
|
-
};
|
|
936
|
-
if (proxy) {
|
|
937
|
-
const result$1 = await proxyFetch({
|
|
938
|
-
action: "auth:signIn",
|
|
939
|
-
args: {
|
|
940
|
-
provider: "totp",
|
|
941
|
-
params,
|
|
942
|
-
verifier: opts.verifier
|
|
943
|
-
}
|
|
944
|
-
});
|
|
945
|
-
if (result$1.tokens) await setTokenAndMaybeWait({
|
|
946
|
-
shouldStore: false,
|
|
947
|
-
tokens: result$1.tokens === null ? null : { token: result$1.tokens.token },
|
|
948
|
-
waitForHandshake: true,
|
|
949
|
-
context: {
|
|
950
|
-
provider: "totp",
|
|
951
|
-
flow: "confirm"
|
|
952
|
-
}
|
|
953
|
-
});
|
|
954
|
-
return;
|
|
955
|
-
}
|
|
956
|
-
const result = await convex.action(requireApiRefs().signIn, {
|
|
957
|
-
provider: "totp",
|
|
958
|
-
params,
|
|
959
|
-
verifier: opts.verifier
|
|
960
|
-
});
|
|
961
|
-
if (result.tokens) await setTokenAndMaybeWait({
|
|
962
|
-
shouldStore: true,
|
|
963
|
-
tokens: result.tokens ?? null,
|
|
964
|
-
waitForHandshake: true,
|
|
965
|
-
context: {
|
|
966
|
-
provider: "totp",
|
|
967
|
-
flow: "confirm"
|
|
968
|
-
}
|
|
969
|
-
});
|
|
970
|
-
},
|
|
971
|
-
verify: async (opts) => {
|
|
972
|
-
const params = {
|
|
973
|
-
flow: "verify",
|
|
974
|
-
code: opts.code
|
|
975
|
-
};
|
|
976
|
-
if (proxy) {
|
|
977
|
-
const result$1 = await proxyFetch({
|
|
978
|
-
action: "auth:signIn",
|
|
979
|
-
args: {
|
|
980
|
-
provider: "totp",
|
|
981
|
-
params,
|
|
982
|
-
verifier: opts.verifier
|
|
983
|
-
}
|
|
984
|
-
});
|
|
985
|
-
if (result$1.tokens) await setTokenAndMaybeWait({
|
|
986
|
-
shouldStore: false,
|
|
987
|
-
tokens: result$1.tokens === null ? null : { token: result$1.tokens.token },
|
|
988
|
-
waitForHandshake: true,
|
|
989
|
-
context: {
|
|
990
|
-
provider: "totp",
|
|
991
|
-
flow: "verify"
|
|
992
|
-
}
|
|
993
|
-
});
|
|
994
|
-
return;
|
|
995
|
-
}
|
|
996
|
-
const result = await convex.action(requireApiRefs().signIn, {
|
|
997
|
-
provider: "totp",
|
|
998
|
-
params,
|
|
999
|
-
verifier: opts.verifier
|
|
1000
|
-
});
|
|
1001
|
-
if (result.tokens) await setTokenAndMaybeWait({
|
|
1002
|
-
shouldStore: true,
|
|
1003
|
-
tokens: result.tokens ?? null,
|
|
1004
|
-
waitForHandshake: true,
|
|
1005
|
-
context: {
|
|
1006
|
-
provider: "totp",
|
|
1007
|
-
flow: "verify"
|
|
1008
|
-
}
|
|
1009
|
-
});
|
|
1010
|
-
}
|
|
1011
|
-
},
|
|
1012
|
-
device: {
|
|
1013
|
-
poll: async (code) => {
|
|
1014
|
-
const intervalMs = code.interval * 1e3;
|
|
1015
|
-
const expiresAt = Date.now() + code.expiresIn * 1e3;
|
|
1016
|
-
while (Date.now() < expiresAt) {
|
|
1017
|
-
await new Promise((resolve) => setTimeout(resolve, intervalMs));
|
|
1018
|
-
const pollResult = await Fx.run(Fx.from({
|
|
1019
|
-
ok: async () => {
|
|
1020
|
-
let result;
|
|
1021
|
-
const params = {
|
|
1022
|
-
flow: "poll",
|
|
1023
|
-
deviceCode: code.deviceCode
|
|
1024
|
-
};
|
|
1025
|
-
if (proxy) result = await proxyFetch({
|
|
1026
|
-
action: "auth:signIn",
|
|
1027
|
-
args: {
|
|
1028
|
-
provider: "device",
|
|
1029
|
-
params
|
|
1030
|
-
}
|
|
1031
|
-
});
|
|
1032
|
-
else result = await convex.action(requireApiRefs().signIn, {
|
|
1033
|
-
provider: "device",
|
|
1034
|
-
params
|
|
1035
|
-
});
|
|
1036
|
-
return result;
|
|
1037
|
-
},
|
|
1038
|
-
err: (e) => e
|
|
1039
|
-
}).pipe(Fx.recover((e) => {
|
|
1040
|
-
const dispatch = e instanceof ConvexError ? { tag: e.data?.code === "DEVICE_AUTHORIZATION_PENDING" ? "continue" : e.data?.code === "DEVICE_SLOW_DOWN" ? "slowDown" : "fatal" } : { tag: "fatal" };
|
|
1041
|
-
return Fx.match(dispatch, dispatch.tag, {
|
|
1042
|
-
continue: () => Fx.succeed({ _poll: "continue" }),
|
|
1043
|
-
slowDown: () => Fx.succeed({ _poll: "slow_down" }),
|
|
1044
|
-
fatal: () => Fx.fatal(e)
|
|
1045
|
-
});
|
|
1046
|
-
})));
|
|
1047
|
-
if ("_poll" in pollResult) {
|
|
1048
|
-
if (pollResult._poll === "slow_down") await new Promise((resolve) => setTimeout(resolve, intervalMs));
|
|
1049
|
-
continue;
|
|
1050
|
-
}
|
|
1051
|
-
if (pollResult.tokens) {
|
|
1052
|
-
if (proxy) await setTokenAndMaybeWait({
|
|
1053
|
-
shouldStore: false,
|
|
1054
|
-
tokens: pollResult.tokens === null ? null : { token: pollResult.tokens.token },
|
|
1055
|
-
waitForHandshake: true,
|
|
1056
|
-
context: {
|
|
1057
|
-
provider: "device",
|
|
1058
|
-
flow: "poll"
|
|
1059
|
-
}
|
|
1060
|
-
});
|
|
1061
|
-
else await setTokenAndMaybeWait({
|
|
1062
|
-
shouldStore: true,
|
|
1063
|
-
tokens: pollResult.tokens ?? null,
|
|
1064
|
-
waitForHandshake: true,
|
|
1065
|
-
context: {
|
|
1066
|
-
provider: "device",
|
|
1067
|
-
flow: "poll"
|
|
1068
|
-
}
|
|
1069
|
-
});
|
|
1070
|
-
return;
|
|
1071
|
-
}
|
|
1072
|
-
}
|
|
1073
|
-
throw new Error("Device authorization timed out.");
|
|
1074
|
-
},
|
|
1075
|
-
verify: async (userCode) => {
|
|
1076
|
-
const params = {
|
|
1077
|
-
flow: "verify",
|
|
1078
|
-
userCode
|
|
1079
|
-
};
|
|
1080
|
-
if (proxy) await proxyFetch({
|
|
1081
|
-
action: "auth:signIn",
|
|
1082
|
-
args: {
|
|
1083
|
-
provider: "device",
|
|
1084
|
-
params
|
|
1085
|
-
}
|
|
1086
|
-
});
|
|
1087
|
-
else await convex.action(requireApiRefs().signIn, {
|
|
1088
|
-
provider: "device",
|
|
1089
|
-
params
|
|
1090
|
-
});
|
|
1091
|
-
}
|
|
1092
|
-
},
|
|
618
|
+
passkey: createPasskeyClient({
|
|
619
|
+
proxy,
|
|
620
|
+
convex,
|
|
621
|
+
requireApiRefs,
|
|
622
|
+
proxyFetch,
|
|
623
|
+
setTokenAndMaybeWait
|
|
624
|
+
}),
|
|
625
|
+
totp: createTotpClient({
|
|
626
|
+
proxy,
|
|
627
|
+
convex,
|
|
628
|
+
requireApiRefs,
|
|
629
|
+
proxyFetch,
|
|
630
|
+
setTokenAndMaybeWait
|
|
631
|
+
}),
|
|
632
|
+
device: createDeviceClient({
|
|
633
|
+
proxy,
|
|
634
|
+
convex,
|
|
635
|
+
requireApiRefs,
|
|
636
|
+
proxyFetch,
|
|
637
|
+
setTokenAndMaybeWait
|
|
638
|
+
}),
|
|
1093
639
|
destroy: () => {
|
|
1094
640
|
destroyed = true;
|
|
1095
641
|
settleHandshakeWaiters(authEpoch, {
|
|
@@ -1101,50 +647,6 @@ function client(options) {
|
|
|
1101
647
|
}
|
|
1102
648
|
};
|
|
1103
649
|
}
|
|
1104
|
-
async function browserMutex(key, callback) {
|
|
1105
|
-
const lockManager = globalThis?.navigator?.locks;
|
|
1106
|
-
return lockManager !== void 0 ? await lockManager.request(key, callback) : await manualMutex(key, callback);
|
|
1107
|
-
}
|
|
1108
|
-
function getStorageListenerRegistry() {
|
|
1109
|
-
const globalAny = globalThis;
|
|
1110
|
-
if (globalAny.__convexAuthStorageListeners === void 0) globalAny.__convexAuthStorageListeners = {};
|
|
1111
|
-
return globalAny.__convexAuthStorageListeners;
|
|
1112
|
-
}
|
|
1113
|
-
function getManualMutexTails() {
|
|
1114
|
-
const globalAny = globalThis;
|
|
1115
|
-
if (globalAny.__convexAuthMutexTails === void 0) globalAny.__convexAuthMutexTails = {};
|
|
1116
|
-
return globalAny.__convexAuthMutexTails;
|
|
1117
|
-
}
|
|
1118
|
-
async function manualMutex(key, callback) {
|
|
1119
|
-
const mutexTails = getManualMutexTails();
|
|
1120
|
-
const previousTail = mutexTails[key] ?? Promise.resolve();
|
|
1121
|
-
let releaseCurrent;
|
|
1122
|
-
const currentTail = new Promise((resolve) => {
|
|
1123
|
-
releaseCurrent = resolve;
|
|
1124
|
-
});
|
|
1125
|
-
mutexTails[key] = previousTail.then(() => currentTail, () => currentTail);
|
|
1126
|
-
await Fx.run(Fx.from({
|
|
1127
|
-
ok: () => previousTail,
|
|
1128
|
-
err: () => void 0
|
|
1129
|
-
}).pipe(Fx.recover(() => Fx.succeed(void 0))));
|
|
1130
|
-
let result;
|
|
1131
|
-
let threw = false;
|
|
1132
|
-
let thrownError;
|
|
1133
|
-
await Fx.run(Fx.from({
|
|
1134
|
-
ok: async () => {
|
|
1135
|
-
result = await callback();
|
|
1136
|
-
},
|
|
1137
|
-
err: (e) => e
|
|
1138
|
-
}).pipe(Fx.recover((e) => {
|
|
1139
|
-
threw = true;
|
|
1140
|
-
thrownError = e;
|
|
1141
|
-
return Fx.succeed(void 0);
|
|
1142
|
-
})));
|
|
1143
|
-
releaseCurrent?.();
|
|
1144
|
-
if (mutexTails[key] === currentTail) delete mutexTails[key];
|
|
1145
|
-
if (threw) throw thrownError;
|
|
1146
|
-
return result;
|
|
1147
|
-
}
|
|
1148
650
|
|
|
1149
651
|
//#endregion
|
|
1150
652
|
export { AUTH_ERRORS, client, isAuthError, parseAuthError };
|