@robelest/convex-auth 0.0.4-preview.18 → 0.0.4-preview.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (541) hide show
  1. package/README.md +6 -3
  2. package/dist/authorization/index.d.ts +46 -0
  3. package/dist/authorization/index.d.ts.map +1 -1
  4. package/dist/authorization/index.js +46 -0
  5. package/dist/authorization/index.js.map +1 -1
  6. package/dist/bin.cjs +21 -13
  7. package/dist/client/core/types.d.ts +20 -0
  8. package/dist/client/core/types.d.ts.map +1 -0
  9. package/dist/client/index.d.ts +2 -16
  10. package/dist/client/index.d.ts.map +1 -1
  11. package/dist/client/index.js +67 -565
  12. package/dist/client/index.js.map +1 -1
  13. package/dist/component/_generated/api.d.ts +40 -12
  14. package/dist/component/_generated/api.d.ts.map +1 -1
  15. package/dist/component/_generated/api.js.map +1 -1
  16. package/dist/component/_generated/component.d.ts +1306 -1344
  17. package/dist/component/_generated/component.d.ts.map +1 -1
  18. package/dist/component/client/core/types.d.ts +2 -0
  19. package/dist/component/client/index.d.ts +2 -2
  20. package/dist/component/model.d.ts +80 -80
  21. package/dist/component/model.d.ts.map +1 -1
  22. package/dist/component/model.js +5 -1
  23. package/dist/component/model.js.map +1 -1
  24. package/dist/component/providers/credentials.d.ts +3 -2
  25. package/dist/component/providers/credentials.d.ts.map +1 -1
  26. package/dist/component/providers/email.d.ts +30 -0
  27. package/dist/component/providers/email.d.ts.map +1 -1
  28. package/dist/component/providers/phone.d.ts +28 -0
  29. package/dist/component/providers/phone.d.ts.map +1 -1
  30. package/dist/component/public/enterprise/audit.d.ts +73 -0
  31. package/dist/component/public/enterprise/audit.d.ts.map +1 -0
  32. package/dist/component/public/enterprise/audit.js +108 -0
  33. package/dist/component/public/enterprise/audit.js.map +1 -0
  34. package/dist/component/public/enterprise/core.d.ts +176 -0
  35. package/dist/component/public/enterprise/core.d.ts.map +1 -0
  36. package/dist/component/public/enterprise/core.js +292 -0
  37. package/dist/component/public/enterprise/core.js.map +1 -0
  38. package/dist/component/public/enterprise/domains.d.ts +174 -0
  39. package/dist/component/public/enterprise/domains.d.ts.map +1 -0
  40. package/dist/component/public/enterprise/domains.js +271 -0
  41. package/dist/component/public/enterprise/domains.js.map +1 -0
  42. package/dist/component/public/enterprise/scim.d.ts +245 -0
  43. package/dist/component/public/enterprise/scim.d.ts.map +1 -0
  44. package/dist/component/public/enterprise/scim.js +344 -0
  45. package/dist/component/public/enterprise/scim.js.map +1 -0
  46. package/dist/component/public/enterprise/secrets.d.ts +78 -0
  47. package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
  48. package/dist/component/public/enterprise/secrets.js +118 -0
  49. package/dist/component/public/enterprise/secrets.js.map +1 -0
  50. package/dist/component/public/enterprise/webhooks.d.ts +211 -0
  51. package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
  52. package/dist/component/public/enterprise/webhooks.js +300 -0
  53. package/dist/component/public/enterprise/webhooks.js.map +1 -0
  54. package/dist/component/public/factors/devices.d.ts +157 -0
  55. package/dist/component/public/factors/devices.d.ts.map +1 -0
  56. package/dist/component/public/factors/devices.js +216 -0
  57. package/dist/component/public/factors/devices.js.map +1 -0
  58. package/dist/component/public/factors/passkeys.d.ts +175 -0
  59. package/dist/component/public/factors/passkeys.d.ts.map +1 -0
  60. package/dist/component/public/factors/passkeys.js +238 -0
  61. package/dist/component/public/factors/passkeys.js.map +1 -0
  62. package/dist/component/public/factors/totp.d.ts +189 -0
  63. package/dist/component/public/factors/totp.d.ts.map +1 -0
  64. package/dist/component/public/factors/totp.js +254 -0
  65. package/dist/component/public/factors/totp.js.map +1 -0
  66. package/dist/component/public/groups/core.d.ts +137 -0
  67. package/dist/component/public/groups/core.d.ts.map +1 -0
  68. package/dist/component/public/groups/core.js +321 -0
  69. package/dist/component/public/groups/core.js.map +1 -0
  70. package/dist/component/public/groups/invites.d.ts +217 -0
  71. package/dist/component/public/groups/invites.d.ts.map +1 -0
  72. package/dist/component/public/groups/invites.js +457 -0
  73. package/dist/component/public/groups/invites.js.map +1 -0
  74. package/dist/component/public/groups/members.d.ts +204 -0
  75. package/dist/component/public/groups/members.d.ts.map +1 -0
  76. package/dist/component/public/groups/members.js +355 -0
  77. package/dist/component/public/groups/members.js.map +1 -0
  78. package/dist/component/public/identity/accounts.d.ts +147 -0
  79. package/dist/component/public/identity/accounts.d.ts.map +1 -0
  80. package/dist/component/public/identity/accounts.js +200 -0
  81. package/dist/component/public/identity/accounts.js.map +1 -0
  82. package/dist/component/public/identity/codes.d.ts +104 -0
  83. package/dist/component/public/identity/codes.d.ts.map +1 -0
  84. package/dist/component/public/identity/codes.js +140 -0
  85. package/dist/component/public/identity/codes.js.map +1 -0
  86. package/dist/component/public/identity/sessions.d.ts +128 -0
  87. package/dist/component/public/identity/sessions.d.ts.map +1 -0
  88. package/dist/component/public/identity/sessions.js +192 -0
  89. package/dist/component/public/identity/sessions.js.map +1 -0
  90. package/dist/component/public/identity/tokens.d.ts +169 -0
  91. package/dist/component/public/identity/tokens.d.ts.map +1 -0
  92. package/dist/component/public/identity/tokens.js +227 -0
  93. package/dist/component/public/identity/tokens.js.map +1 -0
  94. package/dist/component/public/identity/users.d.ts +212 -0
  95. package/dist/component/public/identity/users.d.ts.map +1 -0
  96. package/dist/component/public/identity/users.js +311 -0
  97. package/dist/component/public/identity/users.js.map +1 -0
  98. package/dist/component/public/identity/verifiers.d.ts +116 -0
  99. package/dist/component/public/identity/verifiers.d.ts.map +1 -0
  100. package/dist/component/public/identity/verifiers.js +154 -0
  101. package/dist/component/public/identity/verifiers.js.map +1 -0
  102. package/dist/component/public/security/keys.d.ts +209 -0
  103. package/dist/component/public/security/keys.d.ts.map +1 -0
  104. package/dist/component/public/security/keys.js +319 -0
  105. package/dist/component/public/security/keys.js.map +1 -0
  106. package/dist/component/public/security/limits.d.ts +114 -0
  107. package/dist/component/public/security/limits.d.ts.map +1 -0
  108. package/dist/component/public/security/limits.js +169 -0
  109. package/dist/component/public/security/limits.js.map +1 -0
  110. package/dist/component/public.d.ts +22 -7
  111. package/dist/component/public.js +21 -6
  112. package/dist/component/schema.d.ts +288 -288
  113. package/dist/component/server/auth.d.ts +212 -25
  114. package/dist/component/server/auth.d.ts.map +1 -1
  115. package/dist/component/server/auth.js +68 -4
  116. package/dist/component/server/auth.js.map +1 -1
  117. package/dist/component/server/authError.js +34 -0
  118. package/dist/component/server/authError.js.map +1 -0
  119. package/dist/component/server/{providers.js → config.js} +2 -2
  120. package/dist/component/server/config.js.map +1 -0
  121. package/dist/component/server/{domains/core.js → core.js} +107 -88
  122. package/dist/component/server/core.js.map +1 -0
  123. package/dist/component/server/{provider.js → crypto.js} +3 -3
  124. package/dist/component/server/crypto.js.map +1 -0
  125. package/dist/component/server/device.js +1 -1
  126. package/dist/component/server/device.js.map +1 -1
  127. package/dist/component/server/enterprise/config.js +46 -0
  128. package/dist/component/server/enterprise/config.js.map +1 -0
  129. package/dist/component/server/{domains/sso.js → enterprise/domain.js} +6 -5
  130. package/dist/component/server/enterprise/domain.js.map +1 -0
  131. package/dist/component/server/enterprise/http.js +766 -0
  132. package/dist/component/server/enterprise/http.js.map +1 -0
  133. package/dist/component/server/enterprise/oidc.js +248 -0
  134. package/dist/component/server/enterprise/oidc.js.map +1 -0
  135. package/dist/component/server/enterprise/policy.js +85 -0
  136. package/dist/component/server/enterprise/policy.js.map +1 -0
  137. package/dist/component/server/enterprise/saml.js +338 -0
  138. package/dist/component/server/enterprise/saml.js.map +1 -0
  139. package/dist/component/server/enterprise/scim.js +97 -0
  140. package/dist/component/server/enterprise/scim.js.map +1 -0
  141. package/dist/component/server/enterprise/shared.js +51 -0
  142. package/dist/component/server/enterprise/shared.js.map +1 -0
  143. package/dist/component/server/errors.js.map +1 -1
  144. package/dist/component/server/http.js +2 -1
  145. package/dist/component/server/http.js.map +1 -1
  146. package/dist/component/server/identity.js +1 -1
  147. package/dist/component/server/identity.js.map +1 -1
  148. package/dist/component/server/{ratelimit.js → limits.js} +3 -3
  149. package/dist/component/server/limits.js.map +1 -0
  150. package/dist/component/server/mutations/account.js +3 -3
  151. package/dist/component/server/mutations/account.js.map +1 -1
  152. package/dist/component/server/mutations/code.js +2 -2
  153. package/dist/component/server/mutations/code.js.map +1 -1
  154. package/dist/component/server/mutations/invalidate.js +1 -1
  155. package/dist/component/server/mutations/invalidate.js.map +1 -1
  156. package/dist/component/server/mutations/oauth.js +5 -3
  157. package/dist/component/server/mutations/oauth.js.map +1 -1
  158. package/dist/component/server/mutations/refresh.js +1 -1
  159. package/dist/component/server/mutations/refresh.js.map +1 -1
  160. package/dist/component/server/mutations/register.js +3 -3
  161. package/dist/component/server/mutations/register.js.map +1 -1
  162. package/dist/component/server/mutations/retrieve.js +4 -4
  163. package/dist/component/server/mutations/retrieve.js.map +1 -1
  164. package/dist/component/server/mutations/signature.js +2 -2
  165. package/dist/component/server/mutations/signature.js.map +1 -1
  166. package/dist/component/server/mutations/signin.js +1 -1
  167. package/dist/component/server/mutations/signin.js.map +1 -1
  168. package/dist/component/server/mutations/signout.js +1 -1
  169. package/dist/component/server/mutations/signout.js.map +1 -1
  170. package/dist/component/server/mutations/store/refs.js +15 -0
  171. package/dist/component/server/mutations/store/refs.js.map +1 -0
  172. package/dist/component/server/mutations/store.js +80 -10
  173. package/dist/component/server/mutations/store.js.map +1 -1
  174. package/dist/component/server/mutations/verifier.js +1 -1
  175. package/dist/component/server/mutations/verifier.js.map +1 -1
  176. package/dist/component/server/mutations/verify.js +4 -3
  177. package/dist/component/server/mutations/verify.js.map +1 -1
  178. package/dist/component/server/oauth.js +1 -1
  179. package/dist/component/server/oauth.js.map +1 -1
  180. package/dist/component/server/passkey.js +2 -1
  181. package/dist/component/server/passkey.js.map +1 -1
  182. package/dist/component/server/redirects.js +1 -1
  183. package/dist/component/server/redirects.js.map +1 -1
  184. package/dist/component/server/refresh.js +1 -1
  185. package/dist/component/server/refresh.js.map +1 -1
  186. package/dist/component/server/{factory.d.ts → runtime.d.ts} +2 -2
  187. package/dist/component/server/runtime.d.ts.map +1 -0
  188. package/dist/component/server/runtime.js +413 -0
  189. package/dist/component/server/runtime.js.map +1 -0
  190. package/dist/component/server/signin.js +2 -1
  191. package/dist/component/server/signin.js.map +1 -1
  192. package/dist/component/server/totp.js +2 -1
  193. package/dist/component/server/totp.js.map +1 -1
  194. package/dist/component/server/types.d.ts +225 -41
  195. package/dist/component/server/types.d.ts.map +1 -1
  196. package/dist/component/server/types.js.map +1 -1
  197. package/dist/component/server/users.js +1 -1
  198. package/dist/component/server/users.js.map +1 -1
  199. package/dist/component/server/utils.js +1 -1
  200. package/dist/component/server/utils.js.map +1 -1
  201. package/dist/core/types.d.ts +369 -0
  202. package/dist/core/types.d.ts.map +1 -0
  203. package/dist/factors/device.js +105 -0
  204. package/dist/factors/device.js.map +1 -0
  205. package/dist/factors/passkey.js +181 -0
  206. package/dist/factors/passkey.js.map +1 -0
  207. package/dist/factors/totp.js +122 -0
  208. package/dist/factors/totp.js.map +1 -0
  209. package/dist/providers/credentials.d.ts +5 -2
  210. package/dist/providers/credentials.d.ts.map +1 -1
  211. package/dist/providers/credentials.js +2 -0
  212. package/dist/providers/credentials.js.map +1 -1
  213. package/dist/providers/email.d.ts +30 -0
  214. package/dist/providers/email.d.ts.map +1 -1
  215. package/dist/providers/email.js +24 -0
  216. package/dist/providers/email.js.map +1 -1
  217. package/dist/providers/phone.d.ts +28 -0
  218. package/dist/providers/phone.d.ts.map +1 -1
  219. package/dist/providers/phone.js +22 -0
  220. package/dist/providers/phone.js.map +1 -1
  221. package/dist/runtime/browser.js +68 -0
  222. package/dist/runtime/browser.js.map +1 -0
  223. package/dist/runtime/invite.js +51 -0
  224. package/dist/runtime/invite.js.map +1 -0
  225. package/dist/runtime/proxy.js +70 -0
  226. package/dist/runtime/proxy.js.map +1 -0
  227. package/dist/runtime/storage.js +37 -0
  228. package/dist/runtime/storage.js.map +1 -0
  229. package/dist/server/auth.d.ts +218 -28
  230. package/dist/server/auth.d.ts.map +1 -1
  231. package/dist/server/auth.js +68 -4
  232. package/dist/server/auth.js.map +1 -1
  233. package/dist/server/{fx.d.ts → authError.d.ts} +25 -15
  234. package/dist/server/authError.d.ts.map +1 -0
  235. package/dist/server/authError.js +34 -0
  236. package/dist/server/authError.js.map +1 -0
  237. package/dist/server/{providers.js → config.js} +2 -2
  238. package/dist/server/config.js.map +1 -0
  239. package/dist/server/core.d.ts +1436 -0
  240. package/dist/server/core.d.ts.map +1 -0
  241. package/dist/server/{domains/core.js → core.js} +107 -88
  242. package/dist/server/core.js.map +1 -0
  243. package/dist/server/{provider.d.ts → crypto.d.ts} +2 -2
  244. package/dist/server/crypto.d.ts.map +1 -0
  245. package/dist/server/{provider.js → crypto.js} +3 -3
  246. package/dist/{component/server/provider.js.map → server/crypto.js.map} +1 -1
  247. package/dist/server/device.js +1 -1
  248. package/dist/server/device.js.map +1 -1
  249. package/dist/server/enterprise/config.js +46 -0
  250. package/dist/server/enterprise/config.js.map +1 -0
  251. package/dist/server/{domains/sso.d.ts → enterprise/domain.d.ts} +4 -4
  252. package/dist/server/enterprise/domain.d.ts.map +1 -0
  253. package/dist/server/{domains/sso.js → enterprise/domain.js} +6 -5
  254. package/dist/server/enterprise/domain.js.map +1 -0
  255. package/dist/server/enterprise/http.d.ts +26 -0
  256. package/dist/server/enterprise/http.d.ts.map +1 -0
  257. package/dist/server/enterprise/http.js +766 -0
  258. package/dist/server/enterprise/http.js.map +1 -0
  259. package/dist/server/enterprise/oidc.js +248 -0
  260. package/dist/server/enterprise/oidc.js.map +1 -0
  261. package/dist/server/enterprise/policy.js +85 -0
  262. package/dist/server/enterprise/policy.js.map +1 -0
  263. package/dist/server/enterprise/saml.d.ts +1 -0
  264. package/dist/server/enterprise/saml.js +338 -0
  265. package/dist/server/enterprise/saml.js.map +1 -0
  266. package/dist/server/enterprise/scim.d.ts +1 -0
  267. package/dist/server/enterprise/scim.js +97 -0
  268. package/dist/server/enterprise/scim.js.map +1 -0
  269. package/dist/server/enterprise/shared.d.ts +5 -0
  270. package/dist/server/enterprise/shared.d.ts.map +1 -0
  271. package/dist/server/enterprise/shared.js +51 -0
  272. package/dist/server/enterprise/shared.js.map +1 -0
  273. package/dist/server/enterprise/validators.d.ts +1 -0
  274. package/dist/server/{enterpriseValidators.js → enterprise/validators.js} +2 -2
  275. package/dist/server/enterprise/validators.js.map +1 -0
  276. package/dist/server/errors.d.ts +2 -0
  277. package/dist/server/errors.d.ts.map +1 -1
  278. package/dist/server/errors.js +2 -0
  279. package/dist/server/errors.js.map +1 -1
  280. package/dist/server/http.d.ts +2 -2
  281. package/dist/server/http.d.ts.map +1 -1
  282. package/dist/server/http.js +2 -1
  283. package/dist/server/http.js.map +1 -1
  284. package/dist/server/identity.js +1 -1
  285. package/dist/server/identity.js.map +1 -1
  286. package/dist/server/index.d.ts +4 -705
  287. package/dist/server/index.js +4 -1367
  288. package/dist/server/limits.d.ts +1 -0
  289. package/dist/server/{ratelimit.js → limits.js} +3 -3
  290. package/dist/server/limits.js.map +1 -0
  291. package/dist/server/mounts.d.ts +647 -0
  292. package/dist/server/mounts.d.ts.map +1 -0
  293. package/dist/server/mounts.js +643 -0
  294. package/dist/server/mounts.js.map +1 -0
  295. package/dist/server/mutations/account.d.ts +8 -8
  296. package/dist/server/mutations/account.js +3 -3
  297. package/dist/server/mutations/account.js.map +1 -1
  298. package/dist/server/mutations/code.d.ts +13 -13
  299. package/dist/server/mutations/code.js +2 -2
  300. package/dist/server/mutations/code.js.map +1 -1
  301. package/dist/server/mutations/index.d.ts +8 -312
  302. package/dist/server/mutations/index.js +14 -84
  303. package/dist/server/mutations/invalidate.d.ts +5 -5
  304. package/dist/server/mutations/invalidate.d.ts.map +1 -1
  305. package/dist/server/mutations/invalidate.js +1 -1
  306. package/dist/server/mutations/invalidate.js.map +1 -1
  307. package/dist/server/mutations/oauth.d.ts +9 -9
  308. package/dist/server/mutations/oauth.d.ts.map +1 -1
  309. package/dist/server/mutations/oauth.js +5 -3
  310. package/dist/server/mutations/oauth.js.map +1 -1
  311. package/dist/server/mutations/refresh.d.ts +4 -4
  312. package/dist/server/mutations/refresh.js +1 -1
  313. package/dist/server/mutations/refresh.js.map +1 -1
  314. package/dist/server/mutations/register.d.ts +10 -10
  315. package/dist/server/mutations/register.d.ts.map +1 -1
  316. package/dist/server/mutations/register.js +3 -3
  317. package/dist/server/mutations/register.js.map +1 -1
  318. package/dist/server/mutations/retrieve.d.ts +8 -10
  319. package/dist/server/mutations/retrieve.d.ts.map +1 -1
  320. package/dist/server/mutations/retrieve.js +5 -7
  321. package/dist/server/mutations/retrieve.js.map +1 -1
  322. package/dist/server/mutations/signature.d.ts +6 -6
  323. package/dist/server/mutations/signature.d.ts.map +1 -1
  324. package/dist/server/mutations/signature.js +2 -2
  325. package/dist/server/mutations/signature.js.map +1 -1
  326. package/dist/server/mutations/signin.d.ts +1 -1
  327. package/dist/server/mutations/signin.js +1 -1
  328. package/dist/server/mutations/signin.js.map +1 -1
  329. package/dist/server/mutations/signout.d.ts +1 -1
  330. package/dist/server/mutations/signout.js +1 -1
  331. package/dist/server/mutations/signout.js.map +1 -1
  332. package/dist/server/mutations/store/refs.d.ts +12 -0
  333. package/dist/server/mutations/store/refs.d.ts.map +1 -0
  334. package/dist/server/mutations/store/refs.js +15 -0
  335. package/dist/server/mutations/store/refs.js.map +1 -0
  336. package/dist/server/mutations/store.d.ts +303 -9
  337. package/dist/server/mutations/store.d.ts.map +1 -1
  338. package/dist/server/mutations/store.js +80 -10
  339. package/dist/server/mutations/store.js.map +1 -1
  340. package/dist/server/mutations/verifier.d.ts +1 -1
  341. package/dist/server/mutations/verifier.js +1 -1
  342. package/dist/server/mutations/verifier.js.map +1 -1
  343. package/dist/server/mutations/verify.d.ts +8 -8
  344. package/dist/server/mutations/verify.d.ts.map +1 -1
  345. package/dist/server/mutations/verify.js +4 -3
  346. package/dist/server/mutations/verify.js.map +1 -1
  347. package/dist/server/oauth.js +1 -1
  348. package/dist/server/oauth.js.map +1 -1
  349. package/dist/server/passkey.d.ts +2 -2
  350. package/dist/server/passkey.d.ts.map +1 -1
  351. package/dist/server/passkey.js +3 -2
  352. package/dist/server/passkey.js.map +1 -1
  353. package/dist/server/redirects.js +1 -1
  354. package/dist/server/redirects.js.map +1 -1
  355. package/dist/server/refresh.js +1 -1
  356. package/dist/server/refresh.js.map +1 -1
  357. package/dist/server/{factory.d.ts → runtime.d.ts} +16 -16
  358. package/dist/server/runtime.d.ts.map +1 -0
  359. package/dist/server/runtime.js +413 -0
  360. package/dist/server/runtime.js.map +1 -0
  361. package/dist/server/signin.js +3 -2
  362. package/dist/server/signin.js.map +1 -1
  363. package/dist/server/ssr.d.ts +226 -0
  364. package/dist/server/ssr.d.ts.map +1 -0
  365. package/dist/server/ssr.js +786 -0
  366. package/dist/server/ssr.js.map +1 -0
  367. package/dist/server/totp.js +2 -1
  368. package/dist/server/totp.js.map +1 -1
  369. package/dist/server/types.d.ts +242 -42
  370. package/dist/server/types.d.ts.map +1 -1
  371. package/dist/server/types.js +12 -1
  372. package/dist/server/types.js.map +1 -1
  373. package/dist/server/users.js +1 -1
  374. package/dist/server/users.js.map +1 -1
  375. package/dist/server/utils.js +1 -1
  376. package/dist/server/utils.js.map +1 -1
  377. package/package.json +3 -4
  378. package/src/authorization/index.ts +46 -0
  379. package/src/cli/index.ts +38 -20
  380. package/src/client/core/types.ts +437 -0
  381. package/src/client/factors/device.ts +160 -0
  382. package/src/client/factors/passkey.ts +282 -0
  383. package/src/client/factors/totp.ts +150 -0
  384. package/src/client/index.ts +133 -1267
  385. package/src/client/runtime/browser.ts +112 -0
  386. package/src/client/runtime/invite.ts +65 -0
  387. package/src/client/runtime/proxy.ts +111 -0
  388. package/src/client/runtime/storage.ts +79 -0
  389. package/src/component/_generated/api.ts +40 -12
  390. package/src/component/_generated/component.ts +1772 -1798
  391. package/src/component/model.ts +6 -0
  392. package/src/component/public/enterprise/audit.ts +120 -0
  393. package/src/component/public/enterprise/core.ts +354 -0
  394. package/src/component/public/enterprise/domains.ts +323 -0
  395. package/src/component/public/enterprise/scim.ts +396 -0
  396. package/src/component/public/enterprise/secrets.ts +132 -0
  397. package/src/component/public/enterprise/webhooks.ts +306 -0
  398. package/src/component/public/factors/devices.ts +223 -0
  399. package/src/component/public/factors/passkeys.ts +242 -0
  400. package/src/component/public/factors/totp.ts +258 -0
  401. package/src/component/public/groups/core.ts +481 -0
  402. package/src/component/public/groups/invites.ts +602 -0
  403. package/src/component/public/groups/members.ts +409 -0
  404. package/src/component/public/identity/accounts.ts +206 -0
  405. package/src/component/public/identity/codes.ts +148 -0
  406. package/src/component/public/identity/sessions.ts +209 -0
  407. package/src/component/public/identity/tokens.ts +250 -0
  408. package/src/component/public/identity/users.ts +354 -0
  409. package/src/component/public/identity/verifiers.ts +157 -0
  410. package/src/component/public/security/keys.ts +365 -0
  411. package/src/component/public/security/limits.ts +173 -0
  412. package/src/component/public.ts +27 -5
  413. package/src/providers/credentials.ts +4 -5
  414. package/src/providers/email.ts +30 -0
  415. package/src/providers/phone.ts +28 -0
  416. package/src/server/auth.ts +282 -28
  417. package/src/server/authError.ts +44 -0
  418. package/src/server/core.ts +2095 -0
  419. package/src/server/{provider.ts → crypto.ts} +1 -1
  420. package/src/server/device.ts +1 -1
  421. package/src/server/enterprise/config.ts +51 -0
  422. package/src/server/{domains/sso.ts → enterprise/domain.ts} +4 -2
  423. package/src/server/enterprise/http.ts +1324 -0
  424. package/src/server/enterprise/oidc.ts +500 -0
  425. package/src/server/enterprise/policy.ts +128 -0
  426. package/src/server/enterprise/saml.ts +578 -0
  427. package/src/server/enterprise/scim.ts +135 -0
  428. package/src/server/enterprise/shared.ts +134 -0
  429. package/src/server/errors.ts +2 -0
  430. package/src/server/http.ts +3 -1
  431. package/src/server/identity.ts +1 -1
  432. package/src/server/index.ts +32 -2605
  433. package/src/server/{ratelimit.ts → limits.ts} +1 -1
  434. package/src/server/mounts.ts +948 -0
  435. package/src/server/mutations/account.ts +4 -4
  436. package/src/server/mutations/code.ts +3 -3
  437. package/src/server/mutations/index.ts +8 -148
  438. package/src/server/mutations/invalidate.ts +2 -2
  439. package/src/server/mutations/oauth.ts +8 -6
  440. package/src/server/mutations/refresh.ts +3 -3
  441. package/src/server/mutations/register.ts +3 -3
  442. package/src/server/mutations/retrieve.ts +4 -8
  443. package/src/server/mutations/signature.ts +3 -3
  444. package/src/server/mutations/signin.ts +2 -2
  445. package/src/server/mutations/signout.ts +2 -2
  446. package/src/server/mutations/store/refs.ts +10 -0
  447. package/src/server/mutations/store.ts +137 -9
  448. package/src/server/mutations/verifier.ts +2 -2
  449. package/src/server/mutations/verify.ts +5 -5
  450. package/src/server/oauth.ts +1 -1
  451. package/src/server/passkey.ts +3 -4
  452. package/src/server/redirects.ts +1 -1
  453. package/src/server/refresh.ts +1 -1
  454. package/src/server/runtime.ts +880 -0
  455. package/src/server/signin.ts +3 -1
  456. package/src/server/ssr.ts +1764 -0
  457. package/src/server/totp.ts +3 -1
  458. package/src/server/types.ts +254 -43
  459. package/src/server/users.ts +1 -1
  460. package/src/server/utils.ts +1 -1
  461. package/src/test.ts +25 -0
  462. package/dist/component/public/enterprise.d.ts +0 -54
  463. package/dist/component/public/enterprise.d.ts.map +0 -1
  464. package/dist/component/public/enterprise.js +0 -515
  465. package/dist/component/public/enterprise.js.map +0 -1
  466. package/dist/component/public/factors.d.ts +0 -52
  467. package/dist/component/public/factors.d.ts.map +0 -1
  468. package/dist/component/public/factors.js +0 -285
  469. package/dist/component/public/factors.js.map +0 -1
  470. package/dist/component/public/groups.d.ts +0 -124
  471. package/dist/component/public/groups.d.ts.map +0 -1
  472. package/dist/component/public/groups.js +0 -680
  473. package/dist/component/public/groups.js.map +0 -1
  474. package/dist/component/public/identity.d.ts +0 -93
  475. package/dist/component/public/identity.d.ts.map +0 -1
  476. package/dist/component/public/identity.js +0 -426
  477. package/dist/component/public/identity.js.map +0 -1
  478. package/dist/component/public/keys.d.ts +0 -41
  479. package/dist/component/public/keys.d.ts.map +0 -1
  480. package/dist/component/public/keys.js +0 -157
  481. package/dist/component/public/keys.js.map +0 -1
  482. package/dist/component/public/shared.d.ts +0 -26
  483. package/dist/component/public/shared.d.ts.map +0 -1
  484. package/dist/component/public/shared.js +0 -32
  485. package/dist/component/public/shared.js.map +0 -1
  486. package/dist/component/server/domains/core.js.map +0 -1
  487. package/dist/component/server/domains/sso.js.map +0 -1
  488. package/dist/component/server/factory.d.ts.map +0 -1
  489. package/dist/component/server/factory.js +0 -1134
  490. package/dist/component/server/factory.js.map +0 -1
  491. package/dist/component/server/fx.js +0 -66
  492. package/dist/component/server/fx.js.map +0 -1
  493. package/dist/component/server/mutations/index.js +0 -85
  494. package/dist/component/server/mutations/index.js.map +0 -1
  495. package/dist/component/server/providers.js.map +0 -1
  496. package/dist/component/server/ratelimit.js.map +0 -1
  497. package/dist/component/server/sso.js +0 -830
  498. package/dist/component/server/sso.js.map +0 -1
  499. package/dist/server/domains/core.d.ts +0 -449
  500. package/dist/server/domains/core.d.ts.map +0 -1
  501. package/dist/server/domains/core.js.map +0 -1
  502. package/dist/server/domains/sso.d.ts.map +0 -1
  503. package/dist/server/domains/sso.js.map +0 -1
  504. package/dist/server/enterpriseValidators.js.map +0 -1
  505. package/dist/server/factory.d.ts.map +0 -1
  506. package/dist/server/factory.js +0 -1134
  507. package/dist/server/factory.js.map +0 -1
  508. package/dist/server/fx.d.ts.map +0 -1
  509. package/dist/server/fx.js +0 -66
  510. package/dist/server/fx.js.map +0 -1
  511. package/dist/server/index.d.ts.map +0 -1
  512. package/dist/server/index.js.map +0 -1
  513. package/dist/server/mutations/index.d.ts.map +0 -1
  514. package/dist/server/mutations/index.js.map +0 -1
  515. package/dist/server/provider.d.ts.map +0 -1
  516. package/dist/server/provider.js.map +0 -1
  517. package/dist/server/providers.js.map +0 -1
  518. package/dist/server/ratelimit.js.map +0 -1
  519. package/dist/server/sso.js +0 -830
  520. package/dist/server/sso.js.map +0 -1
  521. package/dist/server/version.d.ts +0 -5
  522. package/dist/server/version.d.ts.map +0 -1
  523. package/dist/server/version.js +0 -6
  524. package/dist/server/version.js.map +0 -1
  525. package/src/component/public/enterprise.ts +0 -753
  526. package/src/component/public/factors.ts +0 -333
  527. package/src/component/public/groups.ts +0 -1066
  528. package/src/component/public/identity.ts +0 -569
  529. package/src/component/public/keys.ts +0 -209
  530. package/src/component/public/shared.ts +0 -119
  531. package/src/server/domains/core.ts +0 -1096
  532. package/src/server/factory.ts +0 -2181
  533. package/src/server/fx.ts +0 -152
  534. package/src/server/sso.ts +0 -1516
  535. package/src/server/version.ts +0 -2
  536. /package/dist/server/{enterpriseValidators.d.ts → config.d.ts} +0 -0
  537. /package/dist/server/{providers.d.ts → enterprise/config.d.ts} +0 -0
  538. /package/dist/server/{ratelimit.d.ts → enterprise/oidc.d.ts} +0 -0
  539. /package/dist/server/{sso.d.ts → enterprise/policy.d.ts} +0 -0
  540. /package/src/server/{providers.ts → config.ts} +0 -0
  541. /package/src/server/{enterpriseValidators.ts → enterprise/validators.ts} +0 -0
@@ -1,4 +1,11 @@
1
1
  import { AUTH_ERRORS, isAuthError, parseAuthError } from "../server/errors.js";
2
+ import { browserMutex, getStorageListenerRegistry } from "../runtime/browser.js";
3
+ import { createDeviceClient } from "../factors/device.js";
4
+ import { createInviteManager } from "../runtime/invite.js";
5
+ import { createPasskeyClient } from "../factors/passkey.js";
6
+ import { createProxyHelpers, isRetriableProxyRefreshError, isTransientNetworkError } from "../runtime/proxy.js";
7
+ import { createStorageHelpers } from "../runtime/storage.js";
8
+ import { createTotpClient } from "../factors/totp.js";
2
9
  import { Fx } from "@robelest/fx";
3
10
  import { ConvexHttpClient } from "convex/browser";
4
11
  import { ConvexError } from "convex/values";
@@ -12,7 +19,6 @@ const INVITE_EMAIL_KEY = "__convexAuthPendingInviteEmail";
12
19
  const RETRY_BASE_MS = 500;
13
20
  const RETRY_MAX_RETRIES = 2;
14
21
  const AUTH_HANDSHAKE_TIMEOUT_MS = 5e3;
15
- const NETWORK_ERROR_PATTERN = /(network|fetch|load failed|failed to fetch)/i;
16
22
  /**
17
23
  * Resolve the Convex deployment URL from the client.
18
24
  *
@@ -26,17 +32,6 @@ function resolveUrl(convex, explicit) {
26
32
  if (typeof url === "string") return url;
27
33
  throw new Error("Could not determine Convex deployment URL. Pass `url` explicitly.");
28
34
  }
29
- function isTransientNetworkError(error) {
30
- return error instanceof TypeError || error instanceof Error && NETWORK_ERROR_PATTERN.test(error.message || "");
31
- }
32
- function isRetriableProxyRefreshError(error) {
33
- if (isTransientNetworkError(error)) return true;
34
- if (!(error instanceof Error)) return false;
35
- const statusMatch = error.message.match(/Proxy request failed:\s*(\d{3})/);
36
- if (statusMatch === null) return false;
37
- const statusCode = Number(statusMatch[1]);
38
- return statusCode >= 500 && statusCode < 600;
39
- }
40
35
  /**
41
36
  * Create a framework-agnostic auth client.
42
37
  *
@@ -69,7 +64,10 @@ function isRetriableProxyRefreshError(error) {
69
64
  * holds the JWT in memory only.
70
65
  *
71
66
  * @param options - Client configuration. See {@link ClientOptions}.
67
+ * @typeParam Api - An AuthApiRefs type determining which factor helpers are available.
72
68
  * @returns Auth client with conditional `passkey`, `totp`, and `device` helpers.
69
+ * @throws {Error} When the Convex deployment URL cannot be determined and `url` is not passed explicitly.
70
+ * @throws {Error} When `proxyPath` is not set and the `api` option is missing.
73
71
  */
74
72
  function client(options) {
75
73
  const { convex, proxyPath, api: apiRefs } = options;
@@ -88,6 +86,21 @@ function client(options) {
88
86
  if (typeof window !== "undefined") return new URL(window.location.href);
89
87
  return null;
90
88
  }
89
+ /**
90
+ * SSR-safe URL parameter reader.
91
+ *
92
+ * Uses the `location` option if provided, otherwise falls back to
93
+ * `window.location` (returns `null` during SSR where `window` is unavailable).
94
+ *
95
+ * @param name - The query parameter name.
96
+ * @returns The parameter value, or `null` if not present or in SSR.
97
+ *
98
+ * @example
99
+ * ```ts
100
+ * const workspaceId = auth.param("workspace");
101
+ * const tab = auth.param("tab") ?? "issues";
102
+ * ```
103
+ */
91
104
  function param(name) {
92
105
  return getLocation()?.searchParams.get(name) ?? null;
93
106
  }
@@ -105,6 +118,11 @@ function client(options) {
105
118
  const url = proxy ? void 0 : resolveUrl(convex, options.url);
106
119
  const escapedNamespace = proxy ? proxy.replace(/[^a-zA-Z0-9]/g, "") : url.replace(/[^a-zA-Z0-9]/g, "");
107
120
  const key = (name) => `${name}_${escapedNamespace}`;
121
+ const { get: storageGet, set: storageSet, remove: storageRemove } = createStorageHelpers({
122
+ storage,
123
+ key
124
+ });
125
+ const { isAbsoluteUrl, proxyFetch, resolveProxyUrl } = createProxyHelpers({ proxy });
108
126
  const subscribers = /* @__PURE__ */ new Set();
109
127
  let disposeStorageListener = null;
110
128
  const httpClient = proxy ? null : new ConvexHttpClient(url);
@@ -212,68 +230,18 @@ function client(options) {
212
230
  isLoading = false;
213
231
  if (updateSnapshot()) notify();
214
232
  };
215
- const storageGet = async (name) => {
216
- if (!storage) return null;
217
- return Fx.run(Fx.from({
218
- ok: async () => await storage.getItem(key(name)) ?? null,
219
- err: (e) => e
220
- }).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to read ${name} from storage:`, error))), Fx.recover(() => Fx.succeed(null))));
221
- };
222
- const storageSet = async (name, value) => {
223
- if (!storage) return;
224
- await Fx.run(Fx.from({
225
- ok: () => storage.setItem(key(name), value),
226
- err: (e) => e
227
- }).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to write ${name} to storage:`, error))), Fx.recover(() => Fx.succeed(void 0))));
228
- };
229
- const storageRemove = async (name) => {
230
- if (!storage) return;
231
- await Fx.run(Fx.from({
232
- ok: () => storage.removeItem(key(name)),
233
- err: (e) => e
234
- }).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to remove ${name} from storage:`, error))), Fx.recover(() => Fx.succeed(void 0))));
235
- };
236
- let pendingInvite = null;
237
- const urlInviteToken = param("invite");
238
- if (urlInviteToken) pendingInvite = {
239
- token: urlInviteToken,
240
- email: param("email")
241
- };
242
- else (async () => {
243
- const storedToken = await storageGet(INVITE_TOKEN_KEY);
244
- if (storedToken && !pendingInvite) {
245
- pendingInvite = {
246
- token: storedToken,
247
- email: await storageGet(INVITE_EMAIL_KEY) ?? null
248
- };
249
- storageRemove(INVITE_TOKEN_KEY);
250
- storageRemove(INVITE_EMAIL_KEY);
251
- }
252
- })();
253
- async function persistInvite() {
254
- if (!pendingInvite) return;
255
- await storageSet(INVITE_TOKEN_KEY, pendingInvite.token);
256
- if (pendingInvite.email) await storageSet(INVITE_EMAIL_KEY, pendingInvite.email);
257
- }
258
- /**
259
- * Consume the pending invite: clears storage/URL and returns the token.
260
- * The app uses the returned token to call its own accept mutation.
261
- */
262
- async function acceptInvite() {
263
- if (!pendingInvite) return {
264
- ok: false,
265
- message: "No pending invite"
266
- };
267
- const { token: token$1 } = pendingInvite;
268
- pendingInvite = null;
269
- storageRemove(INVITE_TOKEN_KEY);
270
- storageRemove(INVITE_EMAIL_KEY);
271
- cleanUrlParams(["invite", "email"]);
272
- return {
273
- ok: true,
274
- token: token$1
275
- };
276
- }
233
+ const inviteManager = createInviteManager({
234
+ param,
235
+ storageGet,
236
+ storageSet,
237
+ storageRemove,
238
+ cleanUrlParams,
239
+ tokenKey: INVITE_TOKEN_KEY,
240
+ emailKey: INVITE_EMAIL_KEY
241
+ });
242
+ const getPendingInvite = () => inviteManager.getPendingInvite();
243
+ const persistInvite = () => inviteManager.persistInvite();
244
+ const acceptInvite = () => inviteManager.acceptInvite();
277
245
  const bindConvexAuth = () => {
278
246
  convex.setAuth(fetchAccessToken, handleConvexAuthChange);
279
247
  };
@@ -323,45 +291,6 @@ function client(options) {
323
291
  if (waitForHandshake) await waitForAuthHandshake(context);
324
292
  return true;
325
293
  };
326
- const resolveProxyUrl = () => {
327
- const origin = typeof window !== "undefined" && typeof window.location?.origin === "string" ? window.location.origin : typeof location !== "undefined" && typeof location.origin === "string" ? location.origin : null;
328
- if (origin !== null) return new URL(proxy, origin).toString();
329
- return Fx.run(Fx.from({
330
- ok: () => new URL(proxy).toString(),
331
- err: () => proxy
332
- }).pipe(Fx.recover((fallback) => Fx.succeed(fallback))));
333
- };
334
- const isAbsoluteUrl = (value) => {
335
- return Fx.run(Fx.from({
336
- ok: () => {
337
- new URL(value);
338
- return true;
339
- },
340
- err: () => false
341
- }).pipe(Fx.recover((v) => Fx.succeed(v))));
342
- };
343
- const proxyFetch = async (body) => {
344
- const proxyUrl = await resolveProxyUrl();
345
- if (typeof window === "undefined" && !await isAbsoluteUrl(proxyUrl)) throw new Error(`Cannot call relative proxy URL \`${proxy}\` without a browser origin. Pass an absolute proxy URL for server runtimes.`);
346
- const response = await fetch(proxyUrl, {
347
- method: "POST",
348
- headers: { "Content-Type": "application/json" },
349
- credentials: "include",
350
- body: JSON.stringify(body)
351
- });
352
- if (!response.ok) {
353
- const errorBody = await Fx.run(Fx.from({
354
- ok: () => response.json(),
355
- err: () => ({})
356
- }).pipe(Fx.recover((fallback) => Fx.succeed(fallback))));
357
- if (typeof errorBody === "object" && errorBody !== null && "authError" in errorBody && typeof errorBody.authError === "object") throw new ConvexError(errorBody.authError);
358
- throw new Error(errorBody.error ?? `Proxy request failed: ${response.status}`);
359
- }
360
- return Fx.run(Fx.from({
361
- ok: () => response.json(),
362
- err: () => /* @__PURE__ */ new Error("Proxy response was not valid JSON")
363
- }).pipe(Fx.recover((e) => Fx.fatal(e))));
364
- };
365
294
  const verifyCode = async (args) => {
366
295
  const verifyCodeRetryPolicy = Fx.retry.while(Fx.retry.compose(Fx.retry.jittered(Fx.retry.exponential(RETRY_BASE_MS)), Fx.retry.recurs(RETRY_MAX_RETRIES)), (meta) => isTransientNetworkError(meta.input));
367
296
  return Fx.run(Fx.from({
@@ -385,8 +314,8 @@ function client(options) {
385
314
  return {
386
315
  deviceCode: device_code.deviceCode,
387
316
  userCode: device_code.userCode,
388
- verification_uri: device_code.verification_uri ?? device_code.verificationUri,
389
- verification_uri_complete: device_code.verification_uri_complete ?? device_code.verificationUriComplete,
317
+ verificationUri: device_code.verification_uri ?? device_code.verificationUri,
318
+ verificationUriComplete: device_code.verification_uri_complete ?? device_code.verificationUriComplete,
390
319
  expiresIn: device_code.expiresIn,
391
320
  interval: device_code.interval
392
321
  };
@@ -399,6 +328,7 @@ function client(options) {
399
328
  * @param args - Provider-specific arguments. Pass a `Record<string, Value>`
400
329
  * or `FormData`. Common fields: `email`, `password`, `code`, `redirectTo`.
401
330
  * @returns A {@link SignInResult} indicating the outcome.
331
+ * @throws {ConvexError} When the server action rejects the sign-in attempt (e.g. invalid credentials, provider error, or rate limiting).
402
332
  *
403
333
  * @example Email magic link
404
334
  * ```ts
@@ -668,29 +598,13 @@ function client(options) {
668
598
  err: (e) => e
669
599
  }).pipe(Fx.recover(() => Fx.succeed(void 0))))));
670
600
  }, "[convex-auth] SPA initialization failed:");
671
- /**
672
- * Base64url encode/decode helpers for the WebAuthn credential API.
673
- * These run client-side only (browser context).
674
- */
675
- const base64urlEncode = (buffer) => {
676
- const bytes = new Uint8Array(buffer);
677
- let binary = "";
678
- for (let i = 0; i < bytes.byteLength; i++) binary += String.fromCharCode(bytes[i]);
679
- return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
680
- };
681
- const base64urlDecode = (str) => {
682
- const padded = str.replace(/-/g, "+").replace(/_/g, "/");
683
- const binary = atob(padded);
684
- const bytes = new Uint8Array(binary.length);
685
- for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
686
- return bytes;
687
- };
688
601
  return {
689
602
  get state() {
690
603
  return snapshot;
691
604
  },
692
605
  param,
693
606
  get invite() {
607
+ const pendingInvite = getPendingInvite();
694
608
  if (!pendingInvite) return null;
695
609
  return {
696
610
  token: pendingInvite.token,
@@ -701,395 +615,27 @@ function client(options) {
701
615
  signIn,
702
616
  signOut,
703
617
  onChange,
704
- passkey: {
705
- isSupported: () => {
706
- return typeof window !== "undefined" && typeof window.PublicKeyCredential !== "undefined";
707
- },
708
- isAutofillSupported: async () => {
709
- if (typeof window === "undefined") return false;
710
- if (typeof window.PublicKeyCredential === "undefined") return false;
711
- if (typeof window.PublicKeyCredential.isConditionalMediationAvailable !== "function") return false;
712
- return window.PublicKeyCredential.isConditionalMediationAvailable();
713
- },
714
- register: async (opts) => {
715
- const phase1Params = {
716
- flow: "registerOptions",
717
- email: opts?.email,
718
- userName: opts?.userName,
719
- userDisplayName: opts?.userDisplayName
720
- };
721
- let phase1Result;
722
- if (proxy) phase1Result = await proxyFetch({
723
- action: "auth:signIn",
724
- args: {
725
- provider: "passkey",
726
- params: phase1Params
727
- }
728
- });
729
- else phase1Result = await convex.action(requireApiRefs().signIn, {
730
- provider: "passkey",
731
- params: phase1Params
732
- });
733
- if (phase1Result.kind !== "passkeyOptions") throw new Error("Server did not return passkey registration options");
734
- const options$1 = phase1Result.options;
735
- const createOptions = { publicKey: {
736
- rp: options$1.rp,
737
- user: {
738
- id: base64urlDecode(options$1.user.id).buffer,
739
- name: options$1.user.name,
740
- displayName: options$1.user.displayName
741
- },
742
- challenge: base64urlDecode(options$1.challenge).buffer,
743
- pubKeyCredParams: options$1.pubKeyCredParams,
744
- timeout: options$1.timeout,
745
- attestation: options$1.attestation,
746
- authenticatorSelection: options$1.authenticatorSelection,
747
- excludeCredentials: (options$1.excludeCredentials ?? []).map((cred) => ({
748
- type: cred.type ?? "public-key",
749
- id: base64urlDecode(cred.id).buffer,
750
- transports: cred.transports
751
- }))
752
- } };
753
- const credential = await navigator.credentials.create(createOptions);
754
- if (!credential) throw new Error("Passkey registration was cancelled");
755
- const response = credential.response;
756
- const transports = typeof response.getTransports === "function" ? response.getTransports() : void 0;
757
- const phase2Params = {
758
- flow: "registerVerify",
759
- clientDataJSON: base64urlEncode(response.clientDataJSON),
760
- attestationObject: base64urlEncode(response.attestationObject),
761
- transports,
762
- passkeyName: opts?.name,
763
- email: opts?.email
764
- };
765
- let phase2Result;
766
- if (proxy) phase2Result = await proxyFetch({
767
- action: "auth:signIn",
768
- args: {
769
- provider: "passkey",
770
- params: phase2Params,
771
- verifier: phase1Result.verifier
772
- }
773
- });
774
- else phase2Result = await convex.action(requireApiRefs().signIn, {
775
- provider: "passkey",
776
- params: phase2Params,
777
- verifier: phase1Result.verifier
778
- });
779
- return Fx.run(Fx.match(phase2Result, phase2Result.kind, {
780
- signedIn: (signedInResult) => Fx.from({
781
- ok: async () => {
782
- return await setTokenAndMaybeWait(proxy ? {
783
- shouldStore: false,
784
- tokens: signedInResult.tokens === null ? null : { token: signedInResult.tokens.token },
785
- waitForHandshake: true,
786
- context: {
787
- provider: "passkey",
788
- flow: "registerVerify"
789
- }
790
- } : {
791
- shouldStore: true,
792
- tokens: signedInResult.tokens,
793
- waitForHandshake: true,
794
- context: {
795
- provider: "passkey",
796
- flow: "registerVerify"
797
- }
798
- }) ? { kind: "signedIn" } : { kind: "started" };
799
- },
800
- err: (e) => e
801
- }),
802
- redirect: (_redirectResult) => Fx.succeed({ kind: "started" }),
803
- started: (_startedResult) => Fx.succeed({ kind: "started" }),
804
- passkeyOptions: (_passkeyOptionsResult) => Fx.succeed({ kind: "started" }),
805
- totpRequired: (_totpRequiredResult) => Fx.succeed({ kind: "started" }),
806
- totpSetup: (_totpSetupResult) => Fx.succeed({ kind: "started" }),
807
- deviceCode: (_deviceCodeResult) => Fx.succeed({ kind: "started" })
808
- }));
809
- },
810
- authenticate: async (opts) => {
811
- const phase1Params = {
812
- flow: "authOptions",
813
- email: opts?.email
814
- };
815
- let phase1Result;
816
- if (proxy) phase1Result = await proxyFetch({
817
- action: "auth:signIn",
818
- args: {
819
- provider: "passkey",
820
- params: phase1Params
821
- }
822
- });
823
- else phase1Result = await convex.action(requireApiRefs().signIn, {
824
- provider: "passkey",
825
- params: phase1Params
826
- });
827
- if (phase1Result.kind !== "passkeyOptions") throw new Error("Server did not return passkey authentication options");
828
- const options$1 = phase1Result.options;
829
- const getOptions = {
830
- publicKey: {
831
- challenge: base64urlDecode(options$1.challenge).buffer,
832
- timeout: options$1.timeout,
833
- rpId: options$1.rpId,
834
- userVerification: options$1.userVerification,
835
- allowCredentials: (options$1.allowCredentials ?? []).map((cred) => ({
836
- type: cred.type ?? "public-key",
837
- id: base64urlDecode(cred.id).buffer,
838
- transports: cred.transports
839
- }))
840
- },
841
- ...opts?.autofill ? { mediation: "conditional" } : {}
842
- };
843
- const credential = await navigator.credentials.get(getOptions);
844
- if (!credential) throw new Error("Passkey authentication was cancelled");
845
- const response = credential.response;
846
- const phase2Params = {
847
- flow: "authVerify",
848
- credentialId: base64urlEncode(credential.rawId),
849
- clientDataJSON: base64urlEncode(response.clientDataJSON),
850
- authenticatorData: base64urlEncode(response.authenticatorData),
851
- signature: base64urlEncode(response.signature)
852
- };
853
- let phase2Result;
854
- if (proxy) phase2Result = await proxyFetch({
855
- action: "auth:signIn",
856
- args: {
857
- provider: "passkey",
858
- params: phase2Params,
859
- verifier: phase1Result.verifier
860
- }
861
- });
862
- else phase2Result = await convex.action(requireApiRefs().signIn, {
863
- provider: "passkey",
864
- params: phase2Params,
865
- verifier: phase1Result.verifier
866
- });
867
- return Fx.run(Fx.match(phase2Result, phase2Result.kind, {
868
- signedIn: (signedInResult) => Fx.from({
869
- ok: async () => {
870
- return await setTokenAndMaybeWait(proxy ? {
871
- shouldStore: false,
872
- tokens: signedInResult.tokens === null ? null : { token: signedInResult.tokens.token },
873
- waitForHandshake: true,
874
- context: {
875
- provider: "passkey",
876
- flow: "authVerify"
877
- }
878
- } : {
879
- shouldStore: true,
880
- tokens: signedInResult.tokens,
881
- waitForHandshake: true,
882
- context: {
883
- provider: "passkey",
884
- flow: "authVerify"
885
- }
886
- }) ? { kind: "signedIn" } : { kind: "started" };
887
- },
888
- err: (e) => e
889
- }),
890
- redirect: (_redirectResult) => Fx.succeed({ kind: "started" }),
891
- started: (_startedResult) => Fx.succeed({ kind: "started" }),
892
- passkeyOptions: (_passkeyOptionsResult) => Fx.succeed({ kind: "started" }),
893
- totpRequired: (_totpRequiredResult) => Fx.succeed({ kind: "started" }),
894
- totpSetup: (_totpSetupResult) => Fx.succeed({ kind: "started" }),
895
- deviceCode: (_deviceCodeResult) => Fx.succeed({ kind: "started" })
896
- }));
897
- }
898
- },
899
- totp: {
900
- setup: async (opts) => {
901
- const params = { flow: "setup" };
902
- if (opts?.name) params.name = opts.name;
903
- if (opts?.accountName) params.accountName = opts.accountName;
904
- if (proxy) {
905
- const result$1 = await proxyFetch({
906
- action: "auth:signIn",
907
- args: {
908
- provider: "totp",
909
- params
910
- }
911
- });
912
- return {
913
- uri: result$1.totpSetup.uri,
914
- secret: result$1.totpSetup.secret,
915
- verifier: result$1.verifier,
916
- totpId: result$1.totpSetup.totpId
917
- };
918
- }
919
- const result = await convex.action(requireApiRefs().signIn, {
920
- provider: "totp",
921
- params
922
- });
923
- return {
924
- uri: result.totpSetup.uri,
925
- secret: result.totpSetup.secret,
926
- verifier: result.verifier,
927
- totpId: result.totpSetup.totpId
928
- };
929
- },
930
- confirm: async (opts) => {
931
- const params = {
932
- flow: "confirm",
933
- code: opts.code,
934
- totpId: opts.totpId
935
- };
936
- if (proxy) {
937
- const result$1 = await proxyFetch({
938
- action: "auth:signIn",
939
- args: {
940
- provider: "totp",
941
- params,
942
- verifier: opts.verifier
943
- }
944
- });
945
- if (result$1.tokens) await setTokenAndMaybeWait({
946
- shouldStore: false,
947
- tokens: result$1.tokens === null ? null : { token: result$1.tokens.token },
948
- waitForHandshake: true,
949
- context: {
950
- provider: "totp",
951
- flow: "confirm"
952
- }
953
- });
954
- return;
955
- }
956
- const result = await convex.action(requireApiRefs().signIn, {
957
- provider: "totp",
958
- params,
959
- verifier: opts.verifier
960
- });
961
- if (result.tokens) await setTokenAndMaybeWait({
962
- shouldStore: true,
963
- tokens: result.tokens ?? null,
964
- waitForHandshake: true,
965
- context: {
966
- provider: "totp",
967
- flow: "confirm"
968
- }
969
- });
970
- },
971
- verify: async (opts) => {
972
- const params = {
973
- flow: "verify",
974
- code: opts.code
975
- };
976
- if (proxy) {
977
- const result$1 = await proxyFetch({
978
- action: "auth:signIn",
979
- args: {
980
- provider: "totp",
981
- params,
982
- verifier: opts.verifier
983
- }
984
- });
985
- if (result$1.tokens) await setTokenAndMaybeWait({
986
- shouldStore: false,
987
- tokens: result$1.tokens === null ? null : { token: result$1.tokens.token },
988
- waitForHandshake: true,
989
- context: {
990
- provider: "totp",
991
- flow: "verify"
992
- }
993
- });
994
- return;
995
- }
996
- const result = await convex.action(requireApiRefs().signIn, {
997
- provider: "totp",
998
- params,
999
- verifier: opts.verifier
1000
- });
1001
- if (result.tokens) await setTokenAndMaybeWait({
1002
- shouldStore: true,
1003
- tokens: result.tokens ?? null,
1004
- waitForHandshake: true,
1005
- context: {
1006
- provider: "totp",
1007
- flow: "verify"
1008
- }
1009
- });
1010
- }
1011
- },
1012
- device: {
1013
- poll: async (code) => {
1014
- const intervalMs = code.interval * 1e3;
1015
- const expiresAt = Date.now() + code.expiresIn * 1e3;
1016
- while (Date.now() < expiresAt) {
1017
- await new Promise((resolve) => setTimeout(resolve, intervalMs));
1018
- const pollResult = await Fx.run(Fx.from({
1019
- ok: async () => {
1020
- let result;
1021
- const params = {
1022
- flow: "poll",
1023
- deviceCode: code.deviceCode
1024
- };
1025
- if (proxy) result = await proxyFetch({
1026
- action: "auth:signIn",
1027
- args: {
1028
- provider: "device",
1029
- params
1030
- }
1031
- });
1032
- else result = await convex.action(requireApiRefs().signIn, {
1033
- provider: "device",
1034
- params
1035
- });
1036
- return result;
1037
- },
1038
- err: (e) => e
1039
- }).pipe(Fx.recover((e) => {
1040
- const dispatch = e instanceof ConvexError ? { tag: e.data?.code === "DEVICE_AUTHORIZATION_PENDING" ? "continue" : e.data?.code === "DEVICE_SLOW_DOWN" ? "slowDown" : "fatal" } : { tag: "fatal" };
1041
- return Fx.match(dispatch, dispatch.tag, {
1042
- continue: () => Fx.succeed({ _poll: "continue" }),
1043
- slowDown: () => Fx.succeed({ _poll: "slow_down" }),
1044
- fatal: () => Fx.fatal(e)
1045
- });
1046
- })));
1047
- if ("_poll" in pollResult) {
1048
- if (pollResult._poll === "slow_down") await new Promise((resolve) => setTimeout(resolve, intervalMs));
1049
- continue;
1050
- }
1051
- if (pollResult.tokens) {
1052
- if (proxy) await setTokenAndMaybeWait({
1053
- shouldStore: false,
1054
- tokens: pollResult.tokens === null ? null : { token: pollResult.tokens.token },
1055
- waitForHandshake: true,
1056
- context: {
1057
- provider: "device",
1058
- flow: "poll"
1059
- }
1060
- });
1061
- else await setTokenAndMaybeWait({
1062
- shouldStore: true,
1063
- tokens: pollResult.tokens ?? null,
1064
- waitForHandshake: true,
1065
- context: {
1066
- provider: "device",
1067
- flow: "poll"
1068
- }
1069
- });
1070
- return;
1071
- }
1072
- }
1073
- throw new Error("Device authorization timed out.");
1074
- },
1075
- verify: async (userCode) => {
1076
- const params = {
1077
- flow: "verify",
1078
- userCode
1079
- };
1080
- if (proxy) await proxyFetch({
1081
- action: "auth:signIn",
1082
- args: {
1083
- provider: "device",
1084
- params
1085
- }
1086
- });
1087
- else await convex.action(requireApiRefs().signIn, {
1088
- provider: "device",
1089
- params
1090
- });
1091
- }
1092
- },
618
+ passkey: createPasskeyClient({
619
+ proxy,
620
+ convex,
621
+ requireApiRefs,
622
+ proxyFetch,
623
+ setTokenAndMaybeWait
624
+ }),
625
+ totp: createTotpClient({
626
+ proxy,
627
+ convex,
628
+ requireApiRefs,
629
+ proxyFetch,
630
+ setTokenAndMaybeWait
631
+ }),
632
+ device: createDeviceClient({
633
+ proxy,
634
+ convex,
635
+ requireApiRefs,
636
+ proxyFetch,
637
+ setTokenAndMaybeWait
638
+ }),
1093
639
  destroy: () => {
1094
640
  destroyed = true;
1095
641
  settleHandshakeWaiters(authEpoch, {
@@ -1101,50 +647,6 @@ function client(options) {
1101
647
  }
1102
648
  };
1103
649
  }
1104
- async function browserMutex(key, callback) {
1105
- const lockManager = globalThis?.navigator?.locks;
1106
- return lockManager !== void 0 ? await lockManager.request(key, callback) : await manualMutex(key, callback);
1107
- }
1108
- function getStorageListenerRegistry() {
1109
- const globalAny = globalThis;
1110
- if (globalAny.__convexAuthStorageListeners === void 0) globalAny.__convexAuthStorageListeners = {};
1111
- return globalAny.__convexAuthStorageListeners;
1112
- }
1113
- function getManualMutexTails() {
1114
- const globalAny = globalThis;
1115
- if (globalAny.__convexAuthMutexTails === void 0) globalAny.__convexAuthMutexTails = {};
1116
- return globalAny.__convexAuthMutexTails;
1117
- }
1118
- async function manualMutex(key, callback) {
1119
- const mutexTails = getManualMutexTails();
1120
- const previousTail = mutexTails[key] ?? Promise.resolve();
1121
- let releaseCurrent;
1122
- const currentTail = new Promise((resolve) => {
1123
- releaseCurrent = resolve;
1124
- });
1125
- mutexTails[key] = previousTail.then(() => currentTail, () => currentTail);
1126
- await Fx.run(Fx.from({
1127
- ok: () => previousTail,
1128
- err: () => void 0
1129
- }).pipe(Fx.recover(() => Fx.succeed(void 0))));
1130
- let result;
1131
- let threw = false;
1132
- let thrownError;
1133
- await Fx.run(Fx.from({
1134
- ok: async () => {
1135
- result = await callback();
1136
- },
1137
- err: (e) => e
1138
- }).pipe(Fx.recover((e) => {
1139
- threw = true;
1140
- thrownError = e;
1141
- return Fx.succeed(void 0);
1142
- })));
1143
- releaseCurrent?.();
1144
- if (mutexTails[key] === currentTail) delete mutexTails[key];
1145
- if (threw) throw thrownError;
1146
- return result;
1147
- }
1148
650
 
1149
651
  //#endregion
1150
652
  export { AUTH_ERRORS, client, isAuthError, parseAuthError };