npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.2 → 0.0.4-preview.21 - Mend

@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (798) hide show

package/README.md +67 -26
package/dist/authorization/index.d.ts +63 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +63 -0
package/dist/authorization/index.js.map +1 -0
package/dist/bin.js +6185 -0
package/dist/client/core/types.d.ts +20 -0
package/dist/client/core/types.d.ts.map +1 -0
package/dist/client/index.d.ts +2 -299
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +407 -534
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/api.d.ts +42 -0
package/dist/component/_generated/api.d.ts.map +1 -1
package/dist/component/_generated/api.js.map +1 -1
package/dist/component/_generated/component.d.ts +2546 -90
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/client/core/types.d.ts +2 -0
package/dist/component/client/index.d.ts +2 -0
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/functions.d.ts +11 -9
package/dist/component/functions.d.ts.map +1 -1
package/dist/component/functions.js.map +1 -1
package/dist/component/index.d.ts +7 -11
package/dist/component/index.js +2 -3
package/dist/component/model.d.ts +153 -0
package/dist/component/model.d.ts.map +1 -0
package/dist/component/model.js +349 -0
package/dist/component/model.js.map +1 -0
package/dist/component/providers/anonymous.d.ts +54 -0
package/dist/component/providers/anonymous.d.ts.map +1 -0
package/dist/component/providers/credentials.d.ts +5 -5
package/dist/component/providers/credentials.d.ts.map +1 -1
package/dist/component/providers/device.d.ts +67 -0
package/dist/component/providers/device.d.ts.map +1 -0
package/dist/component/providers/email.d.ts +62 -0
package/dist/component/providers/email.d.ts.map +1 -0
package/dist/component/providers/oauth.d.ts.map +1 -1
package/dist/component/providers/oauth.js.map +1 -1
package/dist/component/providers/passkey.d.ts +57 -0
package/dist/component/providers/passkey.d.ts.map +1 -0
package/dist/component/providers/password.d.ts +88 -0
package/dist/component/providers/password.d.ts.map +1 -0
package/dist/component/providers/phone.d.ts +48 -0
package/dist/component/providers/phone.d.ts.map +1 -0
package/dist/component/providers/sso.d.ts +50 -0
package/dist/component/providers/sso.d.ts.map +1 -0
package/dist/component/providers/totp.d.ts +45 -0
package/dist/component/providers/totp.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.d.ts +73 -0
package/dist/component/public/enterprise/audit.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.js +108 -0
package/dist/component/public/enterprise/audit.js.map +1 -0
package/dist/component/public/enterprise/core.d.ts +176 -0
package/dist/component/public/enterprise/core.d.ts.map +1 -0
package/dist/component/public/enterprise/core.js +292 -0
package/dist/component/public/enterprise/core.js.map +1 -0
package/dist/component/public/enterprise/domains.d.ts +174 -0
package/dist/component/public/enterprise/domains.d.ts.map +1 -0
package/dist/component/public/enterprise/domains.js +271 -0
package/dist/component/public/enterprise/domains.js.map +1 -0
package/dist/component/public/enterprise/scim.d.ts +245 -0
package/dist/component/public/enterprise/scim.d.ts.map +1 -0
package/dist/component/public/enterprise/scim.js +344 -0
package/dist/component/public/enterprise/scim.js.map +1 -0
package/dist/component/public/enterprise/secrets.d.ts +78 -0
package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
package/dist/component/public/enterprise/secrets.js +118 -0
package/dist/component/public/enterprise/secrets.js.map +1 -0
package/dist/component/public/enterprise/webhooks.d.ts +211 -0
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
package/dist/component/public/enterprise/webhooks.js +300 -0
package/dist/component/public/enterprise/webhooks.js.map +1 -0
package/dist/component/public/factors/devices.d.ts +157 -0
package/dist/component/public/factors/devices.d.ts.map +1 -0
package/dist/component/public/factors/devices.js +216 -0
package/dist/component/public/factors/devices.js.map +1 -0
package/dist/component/public/factors/passkeys.d.ts +175 -0
package/dist/component/public/factors/passkeys.d.ts.map +1 -0
package/dist/component/public/factors/passkeys.js +238 -0
package/dist/component/public/factors/passkeys.js.map +1 -0
package/dist/component/public/factors/totp.d.ts +189 -0
package/dist/component/public/factors/totp.d.ts.map +1 -0
package/dist/component/public/factors/totp.js +254 -0
package/dist/component/public/factors/totp.js.map +1 -0
package/dist/component/public/groups/core.d.ts +137 -0
package/dist/component/public/groups/core.d.ts.map +1 -0
package/dist/component/public/groups/core.js +321 -0
package/dist/component/public/groups/core.js.map +1 -0
package/dist/component/public/groups/invites.d.ts +217 -0
package/dist/component/public/groups/invites.d.ts.map +1 -0
package/dist/component/public/groups/invites.js +457 -0
package/dist/component/public/groups/invites.js.map +1 -0
package/dist/component/public/groups/members.d.ts +204 -0
package/dist/component/public/groups/members.d.ts.map +1 -0
package/dist/component/public/groups/members.js +355 -0
package/dist/component/public/groups/members.js.map +1 -0
package/dist/component/public/identity/accounts.d.ts +147 -0
package/dist/component/public/identity/accounts.d.ts.map +1 -0
package/dist/component/public/identity/accounts.js +200 -0
package/dist/component/public/identity/accounts.js.map +1 -0
package/dist/component/public/identity/codes.d.ts +104 -0
package/dist/component/public/identity/codes.d.ts.map +1 -0
package/dist/component/public/identity/codes.js +140 -0
package/dist/component/public/identity/codes.js.map +1 -0
package/dist/component/public/identity/sessions.d.ts +128 -0
package/dist/component/public/identity/sessions.d.ts.map +1 -0
package/dist/component/public/identity/sessions.js +192 -0
package/dist/component/public/identity/sessions.js.map +1 -0
package/dist/component/public/identity/tokens.d.ts +169 -0
package/dist/component/public/identity/tokens.d.ts.map +1 -0
package/dist/component/public/identity/tokens.js +227 -0
package/dist/component/public/identity/tokens.js.map +1 -0
package/dist/component/public/identity/users.d.ts +212 -0
package/dist/component/public/identity/users.d.ts.map +1 -0
package/dist/component/public/identity/users.js +311 -0
package/dist/component/public/identity/users.js.map +1 -0
package/dist/component/public/identity/verifiers.d.ts +116 -0
package/dist/component/public/identity/verifiers.d.ts.map +1 -0
package/dist/component/public/identity/verifiers.js +154 -0
package/dist/component/public/identity/verifiers.js.map +1 -0
package/dist/component/public/security/keys.d.ts +209 -0
package/dist/component/public/security/keys.d.ts.map +1 -0
package/dist/component/public/security/keys.js +319 -0
package/dist/component/public/security/keys.js.map +1 -0
package/dist/component/public/security/limits.d.ts +114 -0
package/dist/component/public/security/limits.d.ts.map +1 -0
package/dist/component/public/security/limits.js +169 -0
package/dist/component/public/security/limits.js.map +1 -0
package/dist/component/public.d.ts +24 -271
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +21 -1229
package/dist/component/schema.d.ts +473 -110
package/dist/component/schema.js +162 -73
package/dist/component/schema.js.map +1 -1
package/dist/component/server/auth.d.ts +318 -373
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +204 -123
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/authError.js +34 -0
package/dist/component/server/authError.js.map +1 -0
package/dist/component/server/{providers.js → config.js} +43 -12
package/dist/component/server/config.js.map +1 -0
package/dist/component/server/cookies.js +3 -0
package/dist/component/server/cookies.js.map +1 -1
package/dist/component/server/core.js +713 -0
package/dist/component/server/core.js.map +1 -0
package/dist/component/server/crypto.js +38 -0
package/dist/component/server/crypto.js.map +1 -0
package/dist/component/server/{implementation/db.js → db.js} +2 -1
package/dist/component/server/db.js.map +1 -0
package/dist/component/server/device.js +109 -0
package/dist/component/server/device.js.map +1 -0
package/dist/component/server/enterprise/config.js +46 -0
package/dist/component/server/enterprise/config.js.map +1 -0
package/dist/component/server/enterprise/domain.js +885 -0
package/dist/component/server/enterprise/domain.js.map +1 -0
package/dist/component/server/enterprise/http.js +766 -0
package/dist/component/server/enterprise/http.js.map +1 -0
package/dist/component/server/enterprise/oidc.js +248 -0
package/dist/component/server/enterprise/oidc.js.map +1 -0
package/dist/component/server/enterprise/policy.js +85 -0
package/dist/component/server/enterprise/policy.js.map +1 -0
package/dist/component/server/enterprise/saml.js +338 -0
package/dist/component/server/enterprise/saml.js.map +1 -0
package/dist/component/server/enterprise/scim.js +97 -0
package/dist/component/server/enterprise/scim.js.map +1 -0
package/dist/component/server/enterprise/shared.js +51 -0
package/dist/component/server/enterprise/shared.js.map +1 -0
package/dist/component/server/errors.d.ts +1 -0
package/dist/component/server/errors.js +24 -16
package/dist/component/server/errors.js.map +1 -1
package/dist/component/server/http.js +288 -0
package/dist/component/server/http.js.map +1 -0
package/dist/component/server/identity.js +13 -0
package/dist/component/server/identity.js.map +1 -0
package/dist/{server/implementation → component/server}/keys.js +9 -31
package/dist/component/server/keys.js.map +1 -0
package/dist/component/server/limits.js +61 -0
package/dist/component/server/limits.js.map +1 -0
package/dist/component/server/mutations/account.js +44 -0
package/dist/component/server/mutations/account.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/component/server/mutations/code.js.map +1 -0
package/dist/component/server/mutations/invalidate.js +32 -0
package/dist/component/server/mutations/invalidate.js.map +1 -0
package/dist/component/server/mutations/oauth.js +110 -0
package/dist/component/server/mutations/oauth.js.map +1 -0
package/dist/component/server/mutations/refresh.js +119 -0
package/dist/component/server/mutations/refresh.js.map +1 -0
package/dist/component/server/mutations/register.js +83 -0
package/dist/component/server/mutations/register.js.map +1 -0
package/dist/component/server/mutations/retrieve.js +65 -0
package/dist/component/server/mutations/retrieve.js.map +1 -0
package/dist/component/server/mutations/signature.js +32 -0
package/dist/component/server/mutations/signature.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/component/server/mutations/signin.js.map +1 -0
package/dist/component/server/mutations/signout.js +27 -0
package/dist/component/server/mutations/signout.js.map +1 -0
package/dist/component/server/mutations/store/refs.js +15 -0
package/dist/component/server/mutations/store/refs.js.map +1 -0
package/dist/component/server/mutations/store.js +85 -0
package/dist/component/server/mutations/store.js.map +1 -0
package/dist/component/server/mutations/verifier.js +18 -0
package/dist/component/server/mutations/verifier.js.map +1 -0
package/dist/component/server/mutations/verify.js +98 -0
package/dist/component/server/mutations/verify.js.map +1 -0
package/dist/component/server/oauth.js +106 -60
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +328 -0
package/dist/component/server/passkey.js.map +1 -0
package/dist/{server/implementation → component/server}/redirects.js +13 -11
package/dist/component/server/redirects.js.map +1 -0
package/dist/component/server/refresh.js +96 -0
package/dist/component/server/refresh.js.map +1 -0
package/dist/component/server/runtime.d.ts +136 -0
package/dist/component/server/runtime.d.ts.map +1 -0
package/dist/component/server/runtime.js +413 -0
package/dist/component/server/runtime.js.map +1 -0
package/dist/{server/implementation → component/server}/sessions.js +14 -8
package/dist/component/server/sessions.js.map +1 -0
package/dist/component/server/signin.js +201 -0
package/dist/component/server/signin.js.map +1 -0
package/dist/component/server/tokens.js +17 -0
package/dist/component/server/tokens.js.map +1 -0
package/dist/component/server/totp.js +148 -0
package/dist/component/server/totp.js.map +1 -0
package/dist/component/server/types.d.ts +387 -298
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/{implementation/types.js → types.js} +1 -1
package/dist/component/server/types.js.map +1 -0
package/dist/component/server/{implementation/users.js → users.js} +54 -35
package/dist/component/server/users.js.map +1 -0
package/dist/component/server/utils.js +110 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +369 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/factors/device.js +105 -0
package/dist/factors/device.js.map +1 -0
package/dist/factors/passkey.js +181 -0
package/dist/factors/passkey.js.map +1 -0
package/dist/factors/totp.js +122 -0
package/dist/factors/totp.js.map +1 -0
package/dist/providers/anonymous.d.ts +3 -9
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +1 -18
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +8 -10
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -5
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/device.d.ts +18 -10
package/dist/providers/device.d.ts.map +1 -1
package/dist/providers/device.js +4 -8
package/dist/providers/device.js.map +1 -1
package/dist/providers/email.d.ts +50 -23
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +58 -34
package/dist/providers/email.js.map +1 -1
package/dist/providers/index.d.ts +7 -3
package/dist/providers/index.js +4 -1
package/dist/providers/oauth.d.ts.map +1 -1
package/dist/providers/oauth.js.map +1 -1
package/dist/providers/passkey.d.ts +12 -9
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +1 -7
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +6 -12
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +189 -89
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +40 -11
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +52 -21
package/dist/providers/phone.js.map +1 -1
package/dist/providers/sso.d.ts +50 -0
package/dist/providers/sso.d.ts.map +1 -0
package/dist/providers/sso.js +34 -0
package/dist/providers/sso.js.map +1 -0
package/dist/providers/totp.d.ts +12 -9
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +1 -7
package/dist/providers/totp.js.map +1 -1
package/dist/runtime/browser.js +68 -0
package/dist/runtime/browser.js.map +1 -0
package/dist/runtime/invite.js +51 -0
package/dist/runtime/invite.js.map +1 -0
package/dist/runtime/proxy.js +70 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/storage.js +37 -0
package/dist/runtime/storage.js.map +1 -0
package/dist/server/auth.d.ts +335 -370
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +204 -123
package/dist/server/auth.js.map +1 -1
package/dist/server/authError.d.ts +46 -0
package/dist/server/authError.d.ts.map +1 -0
package/dist/server/authError.js +34 -0
package/dist/server/authError.js.map +1 -0
package/dist/server/config.d.ts +1 -0
package/dist/server/{providers.js → config.js} +43 -12
package/dist/server/config.js.map +1 -0
package/dist/server/cookies.d.ts +1 -38
package/dist/server/cookies.js +3 -0
package/dist/server/cookies.js.map +1 -1
package/dist/server/core.d.ts +1436 -0
package/dist/server/core.d.ts.map +1 -0
package/dist/server/core.js +713 -0
package/dist/server/core.js.map +1 -0
package/dist/server/crypto.d.ts +8 -0
package/dist/server/crypto.d.ts.map +1 -0
package/dist/server/crypto.js +38 -0
package/dist/server/crypto.js.map +1 -0
package/dist/server/db.d.ts +1 -0
package/dist/server/{implementation/db.js → db.js} +2 -1
package/dist/server/db.js.map +1 -0
package/dist/server/device.d.ts +1 -0
package/dist/server/device.js +109 -0
package/dist/server/device.js.map +1 -0
package/dist/server/enterprise/config.d.ts +1 -0
package/dist/server/enterprise/config.js +46 -0
package/dist/server/enterprise/config.js.map +1 -0
package/dist/server/enterprise/domain.d.ts +409 -0
package/dist/server/enterprise/domain.d.ts.map +1 -0
package/dist/server/enterprise/domain.js +885 -0
package/dist/server/enterprise/domain.js.map +1 -0
package/dist/server/enterprise/http.d.ts +26 -0
package/dist/server/enterprise/http.d.ts.map +1 -0
package/dist/server/enterprise/http.js +766 -0
package/dist/server/enterprise/http.js.map +1 -0
package/dist/server/enterprise/oidc.d.ts +1 -0
package/dist/server/enterprise/oidc.js +248 -0
package/dist/server/enterprise/oidc.js.map +1 -0
package/dist/server/enterprise/policy.d.ts +1 -0
package/dist/server/enterprise/policy.js +85 -0
package/dist/server/enterprise/policy.js.map +1 -0
package/dist/server/enterprise/saml.d.ts +1 -0
package/dist/server/enterprise/saml.js +338 -0
package/dist/server/enterprise/saml.js.map +1 -0
package/dist/server/enterprise/scim.d.ts +1 -0
package/dist/server/enterprise/scim.js +97 -0
package/dist/server/enterprise/scim.js.map +1 -0
package/dist/server/enterprise/shared.d.ts +5 -0
package/dist/server/enterprise/shared.d.ts.map +1 -0
package/dist/server/enterprise/shared.js +51 -0
package/dist/server/enterprise/shared.js.map +1 -0
package/dist/server/enterprise/validators.d.ts +1 -0
package/dist/server/enterprise/validators.js +60 -0
package/dist/server/enterprise/validators.js.map +1 -0
package/dist/server/errors.d.ts +33 -1
package/dist/server/errors.d.ts.map +1 -1
package/dist/server/errors.js +44 -1
package/dist/server/errors.js.map +1 -1
package/dist/server/http.d.ts +59 -0
package/dist/server/http.d.ts.map +1 -0
package/dist/server/http.js +288 -0
package/dist/server/http.js.map +1 -0
package/dist/server/identity.d.ts +1 -0
package/dist/server/identity.js +13 -0
package/dist/server/identity.js.map +1 -0
package/dist/server/index.d.ts +4 -182
package/dist/server/index.js +4 -376
package/dist/server/keys.d.ts +1 -0
package/dist/{component/server/implementation → server}/keys.js +9 -31
package/dist/server/keys.js.map +1 -0
package/dist/server/limits.d.ts +1 -0
package/dist/server/limits.js +61 -0
package/dist/server/limits.js.map +1 -0
package/dist/server/mounts.d.ts +647 -0
package/dist/server/mounts.d.ts.map +1 -0
package/dist/server/mounts.js +643 -0
package/dist/server/mounts.js.map +1 -0
package/dist/server/mutations/account.d.ts +30 -0
package/dist/server/mutations/account.d.ts.map +1 -0
package/dist/server/mutations/account.js +44 -0
package/dist/server/mutations/account.js.map +1 -0
package/dist/server/mutations/code.d.ts +30 -0
package/dist/server/mutations/code.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/server/mutations/code.js.map +1 -0
package/dist/server/mutations/index.d.ts +14 -0
package/dist/server/mutations/index.js +15 -0
package/dist/server/mutations/invalidate.d.ts +20 -0
package/dist/server/mutations/invalidate.d.ts.map +1 -0
package/dist/server/mutations/invalidate.js +32 -0
package/dist/server/mutations/invalidate.js.map +1 -0
package/dist/server/mutations/oauth.d.ts +28 -0
package/dist/server/mutations/oauth.d.ts.map +1 -0
package/dist/server/mutations/oauth.js +110 -0
package/dist/server/mutations/oauth.js.map +1 -0
package/dist/server/mutations/refresh.d.ts +21 -0
package/dist/server/mutations/refresh.d.ts.map +1 -0
package/dist/server/mutations/refresh.js +119 -0
package/dist/server/mutations/refresh.js.map +1 -0
package/dist/server/mutations/register.d.ts +38 -0
package/dist/server/mutations/register.d.ts.map +1 -0
package/dist/server/mutations/register.js +83 -0
package/dist/server/mutations/register.js.map +1 -0
package/dist/server/mutations/retrieve.d.ts +33 -0
package/dist/server/mutations/retrieve.d.ts.map +1 -0
package/dist/server/mutations/retrieve.js +65 -0
package/dist/server/mutations/retrieve.js.map +1 -0
package/dist/server/mutations/signature.d.ts +22 -0
package/dist/server/mutations/signature.d.ts.map +1 -0
package/dist/server/mutations/signature.js +32 -0
package/dist/server/mutations/signature.js.map +1 -0
package/dist/server/mutations/signin.d.ts +22 -0
package/dist/server/mutations/signin.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/server/mutations/signin.js.map +1 -0
package/dist/server/mutations/signout.d.ts +16 -0
package/dist/server/mutations/signout.d.ts.map +1 -0
package/dist/server/mutations/signout.js +27 -0
package/dist/server/mutations/signout.js.map +1 -0
package/dist/server/mutations/store/refs.d.ts +12 -0
package/dist/server/mutations/store/refs.d.ts.map +1 -0
package/dist/server/mutations/store/refs.js +15 -0
package/dist/server/mutations/store/refs.js.map +1 -0
package/dist/server/mutations/store.d.ts +306 -0
package/dist/server/mutations/store.d.ts.map +1 -0
package/dist/server/mutations/store.js +85 -0
package/dist/server/mutations/store.js.map +1 -0
package/dist/server/mutations/verifier.d.ts +13 -0
package/dist/server/mutations/verifier.d.ts.map +1 -0
package/dist/server/mutations/verifier.js +18 -0
package/dist/server/mutations/verifier.js.map +1 -0
package/dist/server/mutations/verify.d.ts +26 -0
package/dist/server/mutations/verify.d.ts.map +1 -0
package/dist/server/mutations/verify.js +98 -0
package/dist/server/mutations/verify.js.map +1 -0
package/dist/server/oauth.d.ts +1 -48
package/dist/server/oauth.js +107 -64
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +27 -0
package/dist/server/passkey.d.ts.map +1 -0
package/dist/server/passkey.js +328 -0
package/dist/server/passkey.js.map +1 -0
package/dist/server/redirects.d.ts +1 -0
package/dist/{component/server/implementation → server}/redirects.js +13 -11
package/dist/server/redirects.js.map +1 -0
package/dist/server/refresh.d.ts +1 -0
package/dist/server/refresh.js +96 -0
package/dist/server/refresh.js.map +1 -0
package/dist/server/runtime.d.ts +136 -0
package/dist/server/runtime.d.ts.map +1 -0
package/dist/server/runtime.js +413 -0
package/dist/server/runtime.js.map +1 -0
package/dist/server/sessions.d.ts +1 -0
package/dist/{component/server/implementation → server}/sessions.js +14 -8
package/dist/server/sessions.js.map +1 -0
package/dist/server/signin.d.ts +1 -0
package/dist/server/signin.js +201 -0
package/dist/server/signin.js.map +1 -0
package/dist/server/ssr.d.ts +226 -0
package/dist/server/ssr.d.ts.map +1 -0
package/dist/server/ssr.js +786 -0
package/dist/server/ssr.js.map +1 -0
package/dist/server/templates.d.ts +1 -21
package/dist/server/templates.js +2 -1
package/dist/server/templates.js.map +1 -1
package/dist/server/tokens.d.ts +1 -0
package/dist/server/tokens.js +17 -0
package/dist/server/tokens.js.map +1 -0
package/dist/server/totp.d.ts +1 -0
package/dist/server/totp.js +148 -0
package/dist/server/totp.js.map +1 -0
package/dist/server/types.d.ts +498 -306
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +108 -1
package/dist/server/types.js.map +1 -0
package/dist/server/users.d.ts +1 -0
package/dist/server/{implementation/users.js → users.js} +54 -35
package/dist/server/users.js.map +1 -0
package/dist/server/utils.d.ts +1 -6
package/dist/server/utils.js +110 -4
package/dist/server/utils.js.map +1 -1
package/package.json +49 -46
package/src/authorization/index.ts +83 -0
package/src/cli/bin.ts +5 -0
package/src/cli/command.ts +6 -5
package/src/cli/index.ts +456 -248
package/src/cli/keys.ts +3 -0
package/src/client/core/types.ts +437 -0
package/src/client/factors/device.ts +160 -0
package/src/client/factors/passkey.ts +282 -0
package/src/client/factors/totp.ts +150 -0
package/src/client/index.ts +745 -989
package/src/client/runtime/browser.ts +112 -0
package/src/client/runtime/invite.ts +65 -0
package/src/client/runtime/proxy.ts +111 -0
package/src/client/runtime/storage.ts +79 -0
package/src/component/_generated/api.ts +42 -0
package/src/component/_generated/component.ts +3123 -102
package/src/component/functions.ts +38 -22
package/src/component/index.ts +10 -20
package/src/component/model.ts +449 -0
package/src/component/public/enterprise/audit.ts +120 -0
package/src/component/public/enterprise/core.ts +354 -0
package/src/component/public/enterprise/domains.ts +323 -0
package/src/component/public/enterprise/scim.ts +396 -0
package/src/component/public/enterprise/secrets.ts +132 -0
package/src/component/public/enterprise/webhooks.ts +306 -0
package/src/component/public/factors/devices.ts +223 -0
package/src/component/public/factors/passkeys.ts +242 -0
package/src/component/public/factors/totp.ts +258 -0
package/src/component/public/groups/core.ts +481 -0
package/src/component/public/groups/invites.ts +602 -0
package/src/component/public/groups/members.ts +409 -0
package/src/component/public/identity/accounts.ts +206 -0
package/src/component/public/identity/codes.ts +148 -0
package/src/component/public/identity/sessions.ts +209 -0
package/src/component/public/identity/tokens.ts +250 -0
package/src/component/public/identity/users.ts +354 -0
package/src/component/public/identity/verifiers.ts +157 -0
package/src/component/public/security/keys.ts +365 -0
package/src/component/public/security/limits.ts +173 -0
package/src/component/public.ts +26 -1766
package/src/component/schema.ts +273 -100
package/src/providers/anonymous.ts +10 -20
package/src/providers/credentials.ts +14 -22
package/src/providers/device.ts +3 -14
package/src/providers/email.ts +83 -47
package/src/providers/index.ts +7 -0
package/src/providers/oauth.ts +5 -3
package/src/providers/passkey.ts +0 -13
package/src/providers/password.ts +307 -130
package/src/providers/phone.ts +81 -37
package/src/providers/sso.ts +54 -0
package/src/providers/totp.ts +0 -13
package/src/samlify.d.ts +53 -0
package/src/server/auth.ts +701 -247
package/src/server/authError.ts +44 -0
package/src/server/{providers.ts → config.ts} +84 -15
package/src/server/cookies.ts +8 -1
package/src/server/core.ts +2095 -0
package/src/server/crypto.ts +88 -0
package/src/server/{implementation/db.ts → db.ts} +90 -15
package/src/server/device.ts +221 -0
package/src/server/enterprise/config.ts +51 -0
package/src/server/enterprise/domain.ts +1751 -0
package/src/server/enterprise/http.ts +1324 -0
package/src/server/enterprise/oidc.ts +500 -0
package/src/server/enterprise/policy.ts +128 -0
package/src/server/enterprise/saml.ts +578 -0
package/src/server/enterprise/scim.ts +135 -0
package/src/server/enterprise/shared.ts +134 -0
package/src/server/enterprise/validators.ts +93 -0
package/src/server/errors.ts +130 -119
package/src/server/http.ts +531 -0
package/src/server/identity.ts +18 -0
package/src/server/index.ts +32 -650
package/src/server/{implementation/keys.ts → keys.ts} +16 -44
package/src/server/limits.ts +134 -0
package/src/server/mounts.ts +948 -0
package/src/server/mutations/account.ts +76 -0
package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
package/src/server/mutations/index.ts +13 -0
package/src/server/mutations/invalidate.ts +50 -0
package/src/server/mutations/oauth.ts +237 -0
package/src/server/mutations/refresh.ts +298 -0
package/src/server/mutations/register.ts +200 -0
package/src/server/mutations/retrieve.ts +109 -0
package/src/server/mutations/signature.ts +50 -0
package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
package/src/server/mutations/signout.ts +43 -0
package/src/server/mutations/store/refs.ts +10 -0
package/src/server/mutations/store.ts +138 -0
package/src/server/mutations/verifier.ts +34 -0
package/src/server/mutations/verify.ts +202 -0
package/src/server/oauth.ts +243 -131
package/src/server/passkey.ts +784 -0
package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
package/src/server/refresh.ts +222 -0
package/src/server/runtime.ts +880 -0
package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
package/src/server/signin.ts +438 -0
package/src/server/ssr.ts +1764 -0
package/src/server/templates.ts +8 -3
package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
package/src/server/totp.ts +349 -0
package/src/server/types.ts +972 -207
package/src/server/{implementation/users.ts → users.ts} +129 -75
package/src/server/utils.ts +192 -5
package/src/test.ts +28 -4
package/dist/bin.cjs +0 -27757
package/dist/component/providers/email.js +0 -47
package/dist/component/providers/email.js.map +0 -1
package/dist/component/public.js.map +0 -1
package/dist/component/server/implementation/db.js.map +0 -1
package/dist/component/server/implementation/device.js +0 -135
package/dist/component/server/implementation/device.js.map +0 -1
package/dist/component/server/implementation/index.d.ts +0 -870
package/dist/component/server/implementation/index.d.ts.map +0 -1
package/dist/component/server/implementation/index.js +0 -610
package/dist/component/server/implementation/index.js.map +0 -1
package/dist/component/server/implementation/keys.js.map +0 -1
package/dist/component/server/implementation/mutations/account.js +0 -39
package/dist/component/server/implementation/mutations/account.js.map +0 -1
package/dist/component/server/implementation/mutations/code.js.map +0 -1
package/dist/component/server/implementation/mutations/index.js +0 -70
package/dist/component/server/implementation/mutations/index.js.map +0 -1
package/dist/component/server/implementation/mutations/invalidate.js +0 -29
package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/component/server/implementation/mutations/oauth.js +0 -51
package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
package/dist/component/server/implementation/mutations/refresh.js +0 -85
package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
package/dist/component/server/implementation/mutations/register.js +0 -65
package/dist/component/server/implementation/mutations/register.js.map +0 -1
package/dist/component/server/implementation/mutations/retrieve.js +0 -50
package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/component/server/implementation/mutations/signature.js +0 -27
package/dist/component/server/implementation/mutations/signature.js.map +0 -1
package/dist/component/server/implementation/mutations/signin.js.map +0 -1
package/dist/component/server/implementation/mutations/signout.js +0 -27
package/dist/component/server/implementation/mutations/signout.js.map +0 -1
package/dist/component/server/implementation/mutations/store.js +0 -12
package/dist/component/server/implementation/mutations/store.js.map +0 -1
package/dist/component/server/implementation/mutations/verifier.js +0 -16
package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
package/dist/component/server/implementation/mutations/verify.js +0 -105
package/dist/component/server/implementation/mutations/verify.js.map +0 -1
package/dist/component/server/implementation/passkey.js +0 -307
package/dist/component/server/implementation/passkey.js.map +0 -1
package/dist/component/server/implementation/provider.js +0 -19
package/dist/component/server/implementation/provider.js.map +0 -1
package/dist/component/server/implementation/ratelimit.js +0 -48
package/dist/component/server/implementation/ratelimit.js.map +0 -1
package/dist/component/server/implementation/redirects.js.map +0 -1
package/dist/component/server/implementation/refresh.js +0 -109
package/dist/component/server/implementation/refresh.js.map +0 -1
package/dist/component/server/implementation/sessions.js.map +0 -1
package/dist/component/server/implementation/signin.js +0 -148
package/dist/component/server/implementation/signin.js.map +0 -1
package/dist/component/server/implementation/tokens.js +0 -15
package/dist/component/server/implementation/tokens.js.map +0 -1
package/dist/component/server/implementation/totp.js +0 -142
package/dist/component/server/implementation/totp.js.map +0 -1
package/dist/component/server/implementation/types.d.ts +0 -42
package/dist/component/server/implementation/types.d.ts.map +0 -1
package/dist/component/server/implementation/types.js.map +0 -1
package/dist/component/server/implementation/users.js.map +0 -1
package/dist/component/server/implementation/utils.js +0 -56
package/dist/component/server/implementation/utils.js.map +0 -1
package/dist/component/server/providers.js.map +0 -1
package/dist/component/server/templates.js +0 -84
package/dist/component/server/templates.js.map +0 -1
package/dist/server/cookies.d.ts.map +0 -1
package/dist/server/implementation/db.d.ts +0 -86
package/dist/server/implementation/db.d.ts.map +0 -1
package/dist/server/implementation/db.js.map +0 -1
package/dist/server/implementation/device.d.ts +0 -30
package/dist/server/implementation/device.d.ts.map +0 -1
package/dist/server/implementation/device.js +0 -135
package/dist/server/implementation/device.js.map +0 -1
package/dist/server/implementation/index.d.ts +0 -870
package/dist/server/implementation/index.d.ts.map +0 -1
package/dist/server/implementation/index.js +0 -610
package/dist/server/implementation/index.js.map +0 -1
package/dist/server/implementation/keys.d.ts +0 -66
package/dist/server/implementation/keys.d.ts.map +0 -1
package/dist/server/implementation/keys.js.map +0 -1
package/dist/server/implementation/mutations/account.d.ts +0 -27
package/dist/server/implementation/mutations/account.d.ts.map +0 -1
package/dist/server/implementation/mutations/account.js +0 -39
package/dist/server/implementation/mutations/account.js.map +0 -1
package/dist/server/implementation/mutations/code.d.ts +0 -29
package/dist/server/implementation/mutations/code.d.ts.map +0 -1
package/dist/server/implementation/mutations/code.js.map +0 -1
package/dist/server/implementation/mutations/index.d.ts +0 -310
package/dist/server/implementation/mutations/index.d.ts.map +0 -1
package/dist/server/implementation/mutations/index.js +0 -70
package/dist/server/implementation/mutations/index.js.map +0 -1
package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
package/dist/server/implementation/mutations/invalidate.js +0 -29
package/dist/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/server/implementation/mutations/oauth.d.ts +0 -23
package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
package/dist/server/implementation/mutations/oauth.js +0 -51
package/dist/server/implementation/mutations/oauth.js.map +0 -1
package/dist/server/implementation/mutations/refresh.d.ts +0 -20
package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
package/dist/server/implementation/mutations/refresh.js +0 -85
package/dist/server/implementation/mutations/refresh.js.map +0 -1
package/dist/server/implementation/mutations/register.d.ts +0 -37
package/dist/server/implementation/mutations/register.d.ts.map +0 -1
package/dist/server/implementation/mutations/register.js +0 -65
package/dist/server/implementation/mutations/register.js.map +0 -1
package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
package/dist/server/implementation/mutations/retrieve.js +0 -50
package/dist/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/server/implementation/mutations/signature.d.ts +0 -19
package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
package/dist/server/implementation/mutations/signature.js +0 -27
package/dist/server/implementation/mutations/signature.js.map +0 -1
package/dist/server/implementation/mutations/signin.d.ts +0 -21
package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
package/dist/server/implementation/mutations/signin.js.map +0 -1
package/dist/server/implementation/mutations/signout.d.ts +0 -14
package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
package/dist/server/implementation/mutations/signout.js +0 -27
package/dist/server/implementation/mutations/signout.js.map +0 -1
package/dist/server/implementation/mutations/store.d.ts +0 -11
package/dist/server/implementation/mutations/store.d.ts.map +0 -1
package/dist/server/implementation/mutations/store.js +0 -12
package/dist/server/implementation/mutations/store.js.map +0 -1
package/dist/server/implementation/mutations/verifier.d.ts +0 -11
package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
package/dist/server/implementation/mutations/verifier.js +0 -16
package/dist/server/implementation/mutations/verifier.js.map +0 -1
package/dist/server/implementation/mutations/verify.d.ts +0 -25
package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
package/dist/server/implementation/mutations/verify.js +0 -105
package/dist/server/implementation/mutations/verify.js.map +0 -1
package/dist/server/implementation/passkey.d.ts +0 -24
package/dist/server/implementation/passkey.d.ts.map +0 -1
package/dist/server/implementation/passkey.js +0 -307
package/dist/server/implementation/passkey.js.map +0 -1
package/dist/server/implementation/provider.d.ts +0 -10
package/dist/server/implementation/provider.d.ts.map +0 -1
package/dist/server/implementation/provider.js +0 -19
package/dist/server/implementation/provider.js.map +0 -1
package/dist/server/implementation/ratelimit.d.ts +0 -10
package/dist/server/implementation/ratelimit.d.ts.map +0 -1
package/dist/server/implementation/ratelimit.js +0 -48
package/dist/server/implementation/ratelimit.js.map +0 -1
package/dist/server/implementation/redirects.d.ts +0 -10
package/dist/server/implementation/redirects.d.ts.map +0 -1
package/dist/server/implementation/redirects.js.map +0 -1
package/dist/server/implementation/refresh.d.ts +0 -37
package/dist/server/implementation/refresh.d.ts.map +0 -1
package/dist/server/implementation/refresh.js +0 -109
package/dist/server/implementation/refresh.js.map +0 -1
package/dist/server/implementation/sessions.d.ts +0 -29
package/dist/server/implementation/sessions.d.ts.map +0 -1
package/dist/server/implementation/sessions.js.map +0 -1
package/dist/server/implementation/signin.d.ts +0 -55
package/dist/server/implementation/signin.d.ts.map +0 -1
package/dist/server/implementation/signin.js +0 -148
package/dist/server/implementation/signin.js.map +0 -1
package/dist/server/implementation/tokens.d.ts +0 -11
package/dist/server/implementation/tokens.d.ts.map +0 -1
package/dist/server/implementation/tokens.js +0 -15
package/dist/server/implementation/tokens.js.map +0 -1
package/dist/server/implementation/totp.d.ts +0 -31
package/dist/server/implementation/totp.d.ts.map +0 -1
package/dist/server/implementation/totp.js +0 -142
package/dist/server/implementation/totp.js.map +0 -1
package/dist/server/implementation/types.d.ts +0 -189
package/dist/server/implementation/types.d.ts.map +0 -1
package/dist/server/implementation/types.js +0 -97
package/dist/server/implementation/types.js.map +0 -1
package/dist/server/implementation/users.d.ts +0 -30
package/dist/server/implementation/users.d.ts.map +0 -1
package/dist/server/implementation/users.js.map +0 -1
package/dist/server/implementation/utils.d.ts +0 -19
package/dist/server/implementation/utils.d.ts.map +0 -1
package/dist/server/implementation/utils.js +0 -56
package/dist/server/implementation/utils.js.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js.map +0 -1
package/dist/server/oauth.d.ts.map +0 -1
package/dist/server/providers.d.ts +0 -72
package/dist/server/providers.d.ts.map +0 -1
package/dist/server/providers.js.map +0 -1
package/dist/server/templates.d.ts.map +0 -1
package/dist/server/utils.d.ts.map +0 -1
package/dist/server/version.d.ts +0 -5
package/dist/server/version.d.ts.map +0 -1
package/dist/server/version.js +0 -6
package/dist/server/version.js.map +0 -1
package/src/cli/utils.ts +0 -248
package/src/server/implementation/device.ts +0 -307
package/src/server/implementation/index.ts +0 -1583
package/src/server/implementation/mutations/account.ts +0 -50
package/src/server/implementation/mutations/index.ts +0 -157
package/src/server/implementation/mutations/invalidate.ts +0 -42
package/src/server/implementation/mutations/oauth.ts +0 -73
package/src/server/implementation/mutations/refresh.ts +0 -175
package/src/server/implementation/mutations/register.ts +0 -100
package/src/server/implementation/mutations/retrieve.ts +0 -79
package/src/server/implementation/mutations/signature.ts +0 -39
package/src/server/implementation/mutations/signout.ts +0 -35
package/src/server/implementation/mutations/store.ts +0 -7
package/src/server/implementation/mutations/verifier.ts +0 -24
package/src/server/implementation/mutations/verify.ts +0 -194
package/src/server/implementation/passkey.ts +0 -620
package/src/server/implementation/provider.ts +0 -36
package/src/server/implementation/ratelimit.ts +0 -79
package/src/server/implementation/refresh.ts +0 -172
package/src/server/implementation/signin.ts +0 -296
package/src/server/implementation/totp.ts +0 -342
package/src/server/implementation/types.ts +0 -444
package/src/server/implementation/utils.ts +0 -91
package/src/server/version.ts +0 -2

package/src/server/index.ts CHANGED Viewed

@@ -1,650 +1,32 @@
-import { ConvexHttpClient } from "convex/browser";
-import { ConvexError } from "convex/values";
-import { jwtDecode } from "jwt-decode";
-import { parse, serialize } from "cookie";
-import type {
-  SignInAction,
-  SignOutAction,
-} from "./implementation/index";
-import { isLocalHost } from "./utils";
-/** Cookie lifetime configuration for auth tokens. */
-export type AuthCookieConfig = {
-  /** Maximum age in seconds, or `null` for session cookies. */
-  maxAge: number | null;
-};
-/** Raw cookie values extracted from a request. */
-export type AuthCookies = {
-  /** The JWT access token, or `null` when absent. */
-  token: string | null;
-  /** The refresh token, or `null` when absent. */
-  refreshToken: string | null;
-  /** The OAuth PKCE verifier, or `null` when absent. */
-  verifier: string | null;
-};
-/** A structured cookie ready to be set via any framework's cookie API. */
-export type AuthCookie = {
-  name: string;
-  value: string;
-  options: {
-    path: string;
-    httpOnly: boolean;
-    secure: boolean;
-    sameSite: "lax" | "strict" | "none";
-    maxAge?: number;
-    expires?: Date;
-  };
-};
-/**
- * Options for the SSR auth helper returned by {@link server}.
- */
-export type ServerOptions = {
-  /** Convex deployment URL (e.g. `https://your-app.convex.cloud`). */
-  url: string;
-  /**
-   * Path the client POSTs auth actions to. Defaults to `"/api/auth"`.
-   * Must match the `proxy` option on the client.
-   */
-  apiRoute?: string;
-  /** Cookie `maxAge` in seconds, or `null` for session cookies. */
-  cookieMaxAge?: number | null;
-  /** Enable verbose debug logging for token refresh and cookie operations. */
-  verbose?: boolean;
-  /**
-   * Control whether `refresh()` handles OAuth `?code=` query parameters.
-   *
-   * - `true` (default): always exchange the code on GET requests with `text/html` accept.
-   * - `false`: never exchange — useful when only the client handles codes.
-   * - A function: called with the `Request` for per-request decisions.
-   */
-  shouldHandleCode?: ((request: Request) => boolean | Promise<boolean>) | boolean;
-};
-export type RefreshResult = {
-  /** Structured cookies to set on the response. */
-  cookies: AuthCookie[];
-  /** URL to redirect to (set after OAuth code exchange). */
-  redirect?: string;
-  /** JWT for SSR hydration, or `null` if not authenticated. */
-  token: string | null;
-};
-/**
- * Derive the cookie names used for auth tokens.
- *
- * On localhost the names are unprefixed; on production hosts they
- * use the `__Host-` prefix for tighter security.
- *
- * @param host - The `Host` header value. Omit to use unprefixed names.
- * @returns An object with `token`, `refreshToken`, and `verifier` cookie names.
- */
-export function authCookieNames(host?: string) {
-  const prefix = isLocalHost(host) ? "" : "__Host-";
-  return {
-    token: `${prefix}__convexAuthJWT`,
-    refreshToken: `${prefix}__convexAuthRefreshToken`,
-    verifier: `${prefix}__convexAuthOAuthVerifier`,
-  };
-}
-/**
- * Parse auth cookie values from a raw `Cookie` header string.
- *
- * @param cookieHeader - The raw `Cookie` header, or `null`/`undefined`.
- * @param host - The `Host` header, used to determine cookie name prefixes.
- * @returns Parsed {@link AuthCookies} with `token`, `refreshToken`, and `verifier`.
- */
-export function parseAuthCookies(
-  cookieHeader: string | null | undefined,
-  host?: string,
-): AuthCookies {
-  const names = authCookieNames(host);
-  const parsed = parse(cookieHeader ?? "");
-  return {
-    token: parsed[names.token] ?? null,
-    refreshToken: parsed[names.refreshToken] ?? null,
-    verifier: parsed[names.verifier] ?? null,
-  };
-}
-/**
- * Serialize auth cookies into `Set-Cookie` header strings.
- *
- * Nulled-out values produce deletion cookies (maxAge 0, expired date).
- *
- * @param cookies - The auth cookie values to serialize.
- * @param host - The `Host` header, used for cookie name prefixes and `Secure` flag.
- * @param config - Cookie lifetime config. Defaults to session cookies.
- * @returns An array of three `Set-Cookie` header strings.
- */
-export function serializeAuthCookies(
-  cookies: AuthCookies,
-  host?: string,
-  config: AuthCookieConfig = { maxAge: null },
-) {
-  const names = authCookieNames(host);
-  const secure = !isLocalHost(host);
-  const base = {
-    path: "/",
-    httpOnly: true,
-    sameSite: "lax" as const,
-    secure,
-  };
-  const maxAge = config.maxAge ?? undefined;
-  return [
-    serialize(names.token, cookies.token ?? "", {
-      ...base,
-      maxAge: cookies.token === null ? 0 : maxAge,
-      expires: cookies.token === null ? new Date(0) : undefined,
-    }),
-    serialize(names.refreshToken, cookies.refreshToken ?? "", {
-      ...base,
-      maxAge: cookies.refreshToken === null ? 0 : maxAge,
-      expires: cookies.refreshToken === null ? new Date(0) : undefined,
-    }),
-    serialize(names.verifier, cookies.verifier ?? "", {
-      ...base,
-      maxAge: cookies.verifier === null ? 0 : maxAge,
-      expires: cookies.verifier === null ? new Date(0) : undefined,
-    }),
-  ];
-}
-/**
- * Build structured cookie objects for any SSR framework.
- *
- * Use with SvelteKit's `event.cookies.set()`, TanStack Start's `setCookie()`,
- * Next.js's `cookies().set()`, or any other framework cookie API.
- */
-export function structuredAuthCookies(
-  cookies: AuthCookies,
-  host?: string,
-  config: AuthCookieConfig = { maxAge: null },
-): AuthCookie[] {
-  const names = authCookieNames(host);
-  const secure = !isLocalHost(host);
-  const base = {
-    path: "/" as const,
-    httpOnly: true as const,
-    secure,
-    sameSite: "lax" as const,
-  };
-  const maxAge = config.maxAge ?? undefined;
-  return [
-    {
-      name: names.token,
-      value: cookies.token ?? "",
-      options: {
-        ...base,
-        maxAge: cookies.token === null ? 0 : maxAge,
-        expires: cookies.token === null ? new Date(0) : undefined,
-      },
-    },
-    {
-      name: names.refreshToken,
-      value: cookies.refreshToken ?? "",
-      options: {
-        ...base,
-        maxAge: cookies.refreshToken === null ? 0 : maxAge,
-        expires: cookies.refreshToken === null ? new Date(0) : undefined,
-      },
-    },
-    {
-      name: names.verifier,
-      value: cookies.verifier ?? "",
-      options: {
-        ...base,
-        maxAge: cookies.verifier === null ? 0 : maxAge,
-        expires: cookies.verifier === null ? new Date(0) : undefined,
-      },
-    },
-  ];
-}
-/**
- * Check whether a request pathname matches the auth proxy route.
- *
- * Handles trailing-slash ambiguity: both `/api/auth` and `/api/auth/`
- * match regardless of how `apiRoute` is configured.
- *
- * @param pathname - The request URL pathname.
- * @param apiRoute - The configured proxy route (e.g. `"/api/auth"`).
- * @returns `true` when the pathname matches the proxy route.
- */
-export function shouldProxyAuthAction(pathname: string, apiRoute: string) {
-  if (apiRoute.endsWith("/")) {
-    return pathname === apiRoute || pathname === apiRoute.slice(0, -1);
-  }
-  return pathname === apiRoute || pathname === `${apiRoute}/`;
-}
-const REQUIRED_TOKEN_LIFETIME_MS = 60_000;
-const MINIMUM_REQUIRED_TOKEN_LIFETIME_MS = 10_000;
-type DecodedToken = { exp?: number; iat?: number };
-/**
- * Create an SSR auth helper for server-side frameworks.
- *
- * Handles cookie-based token management, OAuth code exchange,
- * and automatic JWT refresh on page loads. Works with any
- * framework that gives you a `Request` object — SvelteKit,
- * TanStack Start, Remix, Next.js, etc.
- *
- * @param options - SSR configuration (Convex URL, proxy route, cookie lifetime).
- * @returns An object with `token`, `verify`, `proxy`, and `refresh` methods.
- *
- * @example SvelteKit hooks
- * ```ts
- * // src/hooks.server.ts
- * import { server } from '@robelest/convex-auth/server';
- *
- * const auth = server({ url: CONVEX_URL });
- *
- * export const handle = async ({ event, resolve }) => {
- *   const { cookies, token } = await auth.refresh(event.request);
- *   for (const c of cookies) event.cookies.set(c.name, c.value, c.options);
- *   event.locals.token = token;
- *   return resolve(event);
- * };
- * ```
- *
- * @example Generic proxy endpoint
- * ```ts
- * if (shouldProxyAuthAction(url.pathname, '/api/auth')) {
- *   return auth.proxy(request);
- * }
- * ```
- */
-export function server(options: ServerOptions) {
-  const convexUrl = options.url;
-  const apiRoute = options.apiRoute ?? "/api/auth";
-  const cookieConfig = { maxAge: options.cookieMaxAge ?? null };
-  const verbose = options.verbose ?? false;
-  const logVerbose = (message: string) => {
-    if (!verbose) {
-      return;
-    }
-    console.debug(
-      `${new Date().toISOString()} [convex-auth/server] ${message}`,
-    );
-  };
-  const cookieHost = (request: Request) => {
-    return request.headers.get("host") ?? new URL(request.url).host;
-  };
-  const parseRequestCookies = (request: Request) => {
-    return parseAuthCookies(request.headers.get("cookie"), cookieHost(request));
-  };
-  const attachCookies = (response: Response, cookies: string[]) => {
-    for (const value of cookies) {
-      response.headers.append("Set-Cookie", value);
-    }
-    return response;
-  };
-  const jsonResponse = (body: unknown, status = 200) => {
-    return new Response(JSON.stringify(body), {
-      status,
-      headers: {
-        "Content-Type": "application/json",
-      },
-    });
-  };
-  const isCorsRequest = (request: Request) => {
-    const originHeader = request.headers.get("origin");
-    if (originHeader === null) {
-      return false;
-    }
-    const requestUrl = new URL(request.url);
-    const originUrl = new URL(originHeader);
-    return (
-      originUrl.host !== requestUrl.host ||
-      originUrl.protocol !== requestUrl.protocol
-    );
-  };
-  const decodeToken = (token: string): DecodedToken | null => {
-    try {
-      return jwtDecode<DecodedToken>(token);
-    } catch {
-      return null;
-    }
-  };
-  const convexClient = (token?: string | null) => {
-    const client = new ConvexHttpClient(convexUrl);
-    if (token !== undefined && token !== null) {
-      client.setAuth(token);
-    }
-    return client;
-  };
-  const refreshTokens = async (
-    request: Request,
-  ): Promise<{ token: string; refreshToken: string } | null | undefined> => {
-    const cookies = parseRequestCookies(request);
-    const { token, refreshToken } = cookies;
-    if (refreshToken === null && token === null) {
-      logVerbose("No auth cookies found, skipping refresh");
-      return undefined;
-    }
-    if (refreshToken === null || token === null) {
-      logVerbose("Only one auth cookie present, clearing auth cookies");
-      return null;
-    }
-    const decodedToken = decodeToken(token);
-    if (decodedToken?.exp === undefined || decodedToken.iat === undefined) {
-      logVerbose("Failed to decode token, clearing auth cookies");
-      return null;
-    }
-    const totalTokenLifetimeMs = decodedToken.exp * 1000 - decodedToken.iat * 1000;
-    const minimumExpiration =
-      Date.now() +
-      Math.min(
-        REQUIRED_TOKEN_LIFETIME_MS,
-        Math.max(MINIMUM_REQUIRED_TOKEN_LIFETIME_MS, totalTokenLifetimeMs / 10),
-      );
-    if (decodedToken.exp * 1000 > minimumExpiration) {
-      logVerbose("Token valid long enough, skipping refresh");
-      return undefined;
-    }
-    try {
-      const result = await convexClient().action(
-        "auth:signIn" as unknown as SignInAction,
-        {
-          refreshToken,
-        },
-      );
-      if (result.tokens === undefined) {
-        throw new Error("Invalid `auth:signIn` result for token refresh");
-      }
-      logVerbose(`Refreshed tokens, null=${result.tokens === null}`);
-      return result.tokens;
-    } catch (error) {
-      console.error(error);
-      logVerbose("Token refresh failed, clearing auth cookies");
-      return null;
-    }
-  };
-  return {
-    /**
-     * Read the JWT from the request cookies without any validation.
-     *
-     * @param request - The incoming HTTP request.
-     * @returns The raw JWT string, or `null` when no token cookie exists.
-     */
-    token(request: Request): string | null {
-      return parseRequestCookies(request).token;
-    },
-    /**
-     * Check whether the request carries a non-expired JWT.
-     *
-     * Performs local expiration checking only (no network call).
-     * Use for lightweight auth guards in middleware.
-     *
-     * @param request - The incoming HTTP request.
-     * @returns `true` when a valid, non-expired JWT exists in the cookies.
-     */
-    async verify(request: Request): Promise<boolean> {
-      const token = parseRequestCookies(request).token;
-      if (token === null) {
-        return false;
-      }
-      const decodedToken = decodeToken(token);
-      if (decodedToken?.exp === undefined) {
-        return false;
-      }
-      return decodedToken.exp * 1000 > Date.now();
-    },
-    /**
-     * Handle a proxied `signIn` or `signOut` POST from the client.
-     *
-     * Validates the route, method, and origin, then forwards the
-     * action to Convex and returns a `Response` with updated
-     * `Set-Cookie` headers. The client never sees the real
-     * refresh token — it stays in httpOnly cookies.
-     *
-     * @param request - The incoming POST request from the client.
-     * @returns A JSON `Response` with auth result and cookie headers.
-     */
-    async proxy(request: Request): Promise<Response> {
-      const requestUrl = new URL(request.url);
-      if (!shouldProxyAuthAction(requestUrl.pathname, apiRoute)) {
-        return new Response("Invalid route", { status: 404 });
-      }
-      if (request.method !== "POST") {
-        return new Response("Invalid method", { status: 405 });
-      }
-      if (isCorsRequest(request)) {
-        return new Response("Invalid origin", { status: 403 });
-      }
-      const body = await request.json();
-      const action = body.action as string;
-      const args = (body.args ?? {}) as Record<string, any>;
-      if (action !== "auth:signIn" && action !== "auth:signOut") {
-        return new Response("Invalid action", { status: 400 });
-      }
-      const currentCookies = parseRequestCookies(request);
-      const host = cookieHost(request);
-      if (action === "auth:signIn") {
-        if (args.refreshToken !== undefined) {
-          if (currentCookies.refreshToken === null) {
-            return jsonResponse({ tokens: null });
-          }
-          args.refreshToken = currentCookies.refreshToken;
-        }
-        const client = convexClient(
-          args.refreshToken !== undefined || args.params?.code !== undefined
-            ? null
-            : currentCookies.token,
-        );
-        try {
-          const result = await client.action(
-            "auth:signIn" as unknown as SignInAction,
-            args,
-          );
-          if (result.redirect !== undefined) {
-            const response = jsonResponse({ redirect: result.redirect });
-            return attachCookies(
-              response,
-              serializeAuthCookies(
-                {
-                  ...currentCookies,
-                  verifier: result.verifier ?? null,
-                },
-                host,
-                cookieConfig,
-              ),
-            );
-          }
-          if (result.tokens !== undefined) {
-            const response = jsonResponse({
-              tokens:
-                result.tokens === null
-                  ? null
-                  : { token: result.tokens.token, refreshToken: "dummy" },
-            });
-            return attachCookies(
-              response,
-              serializeAuthCookies(
-                {
-                  token: result.tokens?.token ?? null,
-                  refreshToken: result.tokens?.refreshToken ?? null,
-                  verifier: null,
-                },
-                host,
-                cookieConfig,
-              ),
-            );
-          }
-          return jsonResponse(result);
-        } catch (error: unknown) {
-          // Forward structured error data when available (ConvexError with { code, message }).
-          const errorBody =
-            error instanceof ConvexError &&
-            typeof error.data === "object" &&
-            error.data !== null &&
-            "code" in error.data
-              ? { error: (error.data as { message?: string }).message ?? String(error), authError: error.data }
-              : { error: error instanceof Error ? error.message : String(error) };
-          const response = jsonResponse(errorBody, 400);
-          return attachCookies(
-            response,
-            serializeAuthCookies(
-              {
-                token: null,
-                refreshToken: null,
-                verifier: null,
-              },
-              host,
-              cookieConfig,
-            ),
-          );
-        }
-      }
-      try {
-        await convexClient(currentCookies.token).action(
-          "auth:signOut" as unknown as SignOutAction,
-        );
-      } catch (error) {
-        console.error(error);
-      }
-      return attachCookies(
-        jsonResponse(null),
-        serializeAuthCookies(
-          {
-            token: null,
-            refreshToken: null,
-            verifier: null,
-          },
-          host,
-          cookieConfig,
-        ),
-      );
-    },
-    /**
-     * Refresh auth tokens on page load.
-     *
-     * Call this in your server hooks/middleware on every request.
-     * It handles three scenarios:
-     *
-     * 1. **OAuth code exchange** — exchanges a `?code=` query param for tokens and returns a redirect URL.
-     * 2. **Token refresh** — refreshes the JWT if it's close to expiry.
-     * 3. **No-op** — returns the existing token when no refresh is needed.
-     *
-     * @param request - The incoming HTTP request.
-     * @returns Structured cookies to set on the response, an optional redirect URL, and the current JWT.
-     */
-    async refresh(request: Request): Promise<RefreshResult> {
-      const host = cookieHost(request);
-      const currentToken = parseRequestCookies(request).token;
-      // CORS request — clear all auth cookies.
-      if (isCorsRequest(request)) {
-        return {
-          cookies: structuredAuthCookies(
-            { token: null, refreshToken: null, verifier: null },
-            host,
-            cookieConfig,
-          ),
-          token: null,
-        };
-      }
-      // OAuth code exchange — exchange code for tokens and redirect.
-      const requestUrl = new URL(request.url);
-      const code = requestUrl.searchParams.get("code");
-      const shouldHandleCode =
-        options.shouldHandleCode === undefined
-          ? true
-          : typeof options.shouldHandleCode === "function"
-            ? await options.shouldHandleCode(request)
-            : options.shouldHandleCode;
-      if (
-        code !== null &&
-        request.method === "GET" &&
-        request.headers.get("accept")?.includes("text/html") &&
-        shouldHandleCode
-      ) {
-        const requestCookies = parseRequestCookies(request);
-        const redirectUrl = new URL(requestUrl);
-        redirectUrl.searchParams.delete("code");
-        try {
-          const result = await convexClient().action(
-            "auth:signIn" as unknown as SignInAction,
-            {
-              params: { code },
-              verifier: requestCookies.verifier ?? undefined,
-            },
-          );
-          if (result.tokens === undefined) {
-            throw new Error("Invalid `auth:signIn` result for code exchange");
-          }
-          return {
-            cookies: structuredAuthCookies(
-              {
-                token: result.tokens?.token ?? null,
-                refreshToken: result.tokens?.refreshToken ?? null,
-                verifier: null,
-              },
-              host,
-              cookieConfig,
-            ),
-            redirect: redirectUrl.toString(),
-            token: result.tokens?.token ?? null,
-          };
-        } catch (error) {
-          console.error(error);
-          return {
-            cookies: structuredAuthCookies(
-              { token: null, refreshToken: null, verifier: null },
-              host,
-              cookieConfig,
-            ),
-            redirect: redirectUrl.toString(),
-            token: null,
-          };
-        }
-      }
-      // Normal page load — refresh tokens if needed.
-      const tokens = await refreshTokens(request);
-      if (tokens === undefined) {
-        // No refresh needed — return current token for hydration.
-        return { cookies: [], token: currentToken };
-      }
-      return {
-        cookies: structuredAuthCookies(
-          {
-            token: tokens?.token ?? null,
-            refreshToken: tokens?.refreshToken ?? null,
-            verifier: null,
-          },
-          host,
-          cookieConfig,
-        ),
-        token: tokens?.token ?? null,
-      };
-    },
-  };
-}
+export { AuthCtx, createAuth } from "./auth";
+export type {
+  AuthApi,
+  AuthApiBase,
+  AuthConfig,
+  ConvexAuthResult,
+  InferAuth,
+  InferClientApi,
+  UserDoc,
+} from "./auth";
+export type {
+  EnterpriseAdminAuthorizationInput,
+  EnterpriseAdminPermission,
+  EnterpriseAuthorizer,
+  EnterpriseMountOptions,
+} from "./mounts";
+export { enterprise, scim, sso } from "./mounts";
+export type {
+  AuthCookie,
+  AuthCookieConfig,
+  AuthCookies,
+  RefreshResult,
+  ServerOptions,
+} from "./ssr";
+export {
+  authCookieNames,
+  parseAuthCookies,
+  serializeAuthCookies,
+  server,
+  shouldProxyAuthAction,
+  structuredAuthCookies,
+} from "./ssr";