@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (798) hide show
  1. package/README.md +67 -26
  2. package/dist/authorization/index.d.ts +63 -0
  3. package/dist/authorization/index.d.ts.map +1 -0
  4. package/dist/authorization/index.js +63 -0
  5. package/dist/authorization/index.js.map +1 -0
  6. package/dist/bin.js +6185 -0
  7. package/dist/client/core/types.d.ts +20 -0
  8. package/dist/client/core/types.d.ts.map +1 -0
  9. package/dist/client/index.d.ts +2 -299
  10. package/dist/client/index.d.ts.map +1 -1
  11. package/dist/client/index.js +407 -534
  12. package/dist/client/index.js.map +1 -1
  13. package/dist/component/_generated/api.d.ts +42 -0
  14. package/dist/component/_generated/api.d.ts.map +1 -1
  15. package/dist/component/_generated/api.js.map +1 -1
  16. package/dist/component/_generated/component.d.ts +2546 -90
  17. package/dist/component/_generated/component.d.ts.map +1 -1
  18. package/dist/component/client/core/types.d.ts +2 -0
  19. package/dist/component/client/index.d.ts +2 -0
  20. package/dist/component/convex.config.d.ts +2 -2
  21. package/dist/component/functions.d.ts +11 -9
  22. package/dist/component/functions.d.ts.map +1 -1
  23. package/dist/component/functions.js.map +1 -1
  24. package/dist/component/index.d.ts +7 -11
  25. package/dist/component/index.js +2 -3
  26. package/dist/component/model.d.ts +153 -0
  27. package/dist/component/model.d.ts.map +1 -0
  28. package/dist/component/model.js +349 -0
  29. package/dist/component/model.js.map +1 -0
  30. package/dist/component/providers/anonymous.d.ts +54 -0
  31. package/dist/component/providers/anonymous.d.ts.map +1 -0
  32. package/dist/component/providers/credentials.d.ts +5 -5
  33. package/dist/component/providers/credentials.d.ts.map +1 -1
  34. package/dist/component/providers/device.d.ts +67 -0
  35. package/dist/component/providers/device.d.ts.map +1 -0
  36. package/dist/component/providers/email.d.ts +62 -0
  37. package/dist/component/providers/email.d.ts.map +1 -0
  38. package/dist/component/providers/oauth.d.ts.map +1 -1
  39. package/dist/component/providers/oauth.js.map +1 -1
  40. package/dist/component/providers/passkey.d.ts +57 -0
  41. package/dist/component/providers/passkey.d.ts.map +1 -0
  42. package/dist/component/providers/password.d.ts +88 -0
  43. package/dist/component/providers/password.d.ts.map +1 -0
  44. package/dist/component/providers/phone.d.ts +48 -0
  45. package/dist/component/providers/phone.d.ts.map +1 -0
  46. package/dist/component/providers/sso.d.ts +50 -0
  47. package/dist/component/providers/sso.d.ts.map +1 -0
  48. package/dist/component/providers/totp.d.ts +45 -0
  49. package/dist/component/providers/totp.d.ts.map +1 -0
  50. package/dist/component/public/enterprise/audit.d.ts +73 -0
  51. package/dist/component/public/enterprise/audit.d.ts.map +1 -0
  52. package/dist/component/public/enterprise/audit.js +108 -0
  53. package/dist/component/public/enterprise/audit.js.map +1 -0
  54. package/dist/component/public/enterprise/core.d.ts +176 -0
  55. package/dist/component/public/enterprise/core.d.ts.map +1 -0
  56. package/dist/component/public/enterprise/core.js +292 -0
  57. package/dist/component/public/enterprise/core.js.map +1 -0
  58. package/dist/component/public/enterprise/domains.d.ts +174 -0
  59. package/dist/component/public/enterprise/domains.d.ts.map +1 -0
  60. package/dist/component/public/enterprise/domains.js +271 -0
  61. package/dist/component/public/enterprise/domains.js.map +1 -0
  62. package/dist/component/public/enterprise/scim.d.ts +245 -0
  63. package/dist/component/public/enterprise/scim.d.ts.map +1 -0
  64. package/dist/component/public/enterprise/scim.js +344 -0
  65. package/dist/component/public/enterprise/scim.js.map +1 -0
  66. package/dist/component/public/enterprise/secrets.d.ts +78 -0
  67. package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
  68. package/dist/component/public/enterprise/secrets.js +118 -0
  69. package/dist/component/public/enterprise/secrets.js.map +1 -0
  70. package/dist/component/public/enterprise/webhooks.d.ts +211 -0
  71. package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
  72. package/dist/component/public/enterprise/webhooks.js +300 -0
  73. package/dist/component/public/enterprise/webhooks.js.map +1 -0
  74. package/dist/component/public/factors/devices.d.ts +157 -0
  75. package/dist/component/public/factors/devices.d.ts.map +1 -0
  76. package/dist/component/public/factors/devices.js +216 -0
  77. package/dist/component/public/factors/devices.js.map +1 -0
  78. package/dist/component/public/factors/passkeys.d.ts +175 -0
  79. package/dist/component/public/factors/passkeys.d.ts.map +1 -0
  80. package/dist/component/public/factors/passkeys.js +238 -0
  81. package/dist/component/public/factors/passkeys.js.map +1 -0
  82. package/dist/component/public/factors/totp.d.ts +189 -0
  83. package/dist/component/public/factors/totp.d.ts.map +1 -0
  84. package/dist/component/public/factors/totp.js +254 -0
  85. package/dist/component/public/factors/totp.js.map +1 -0
  86. package/dist/component/public/groups/core.d.ts +137 -0
  87. package/dist/component/public/groups/core.d.ts.map +1 -0
  88. package/dist/component/public/groups/core.js +321 -0
  89. package/dist/component/public/groups/core.js.map +1 -0
  90. package/dist/component/public/groups/invites.d.ts +217 -0
  91. package/dist/component/public/groups/invites.d.ts.map +1 -0
  92. package/dist/component/public/groups/invites.js +457 -0
  93. package/dist/component/public/groups/invites.js.map +1 -0
  94. package/dist/component/public/groups/members.d.ts +204 -0
  95. package/dist/component/public/groups/members.d.ts.map +1 -0
  96. package/dist/component/public/groups/members.js +355 -0
  97. package/dist/component/public/groups/members.js.map +1 -0
  98. package/dist/component/public/identity/accounts.d.ts +147 -0
  99. package/dist/component/public/identity/accounts.d.ts.map +1 -0
  100. package/dist/component/public/identity/accounts.js +200 -0
  101. package/dist/component/public/identity/accounts.js.map +1 -0
  102. package/dist/component/public/identity/codes.d.ts +104 -0
  103. package/dist/component/public/identity/codes.d.ts.map +1 -0
  104. package/dist/component/public/identity/codes.js +140 -0
  105. package/dist/component/public/identity/codes.js.map +1 -0
  106. package/dist/component/public/identity/sessions.d.ts +128 -0
  107. package/dist/component/public/identity/sessions.d.ts.map +1 -0
  108. package/dist/component/public/identity/sessions.js +192 -0
  109. package/dist/component/public/identity/sessions.js.map +1 -0
  110. package/dist/component/public/identity/tokens.d.ts +169 -0
  111. package/dist/component/public/identity/tokens.d.ts.map +1 -0
  112. package/dist/component/public/identity/tokens.js +227 -0
  113. package/dist/component/public/identity/tokens.js.map +1 -0
  114. package/dist/component/public/identity/users.d.ts +212 -0
  115. package/dist/component/public/identity/users.d.ts.map +1 -0
  116. package/dist/component/public/identity/users.js +311 -0
  117. package/dist/component/public/identity/users.js.map +1 -0
  118. package/dist/component/public/identity/verifiers.d.ts +116 -0
  119. package/dist/component/public/identity/verifiers.d.ts.map +1 -0
  120. package/dist/component/public/identity/verifiers.js +154 -0
  121. package/dist/component/public/identity/verifiers.js.map +1 -0
  122. package/dist/component/public/security/keys.d.ts +209 -0
  123. package/dist/component/public/security/keys.d.ts.map +1 -0
  124. package/dist/component/public/security/keys.js +319 -0
  125. package/dist/component/public/security/keys.js.map +1 -0
  126. package/dist/component/public/security/limits.d.ts +114 -0
  127. package/dist/component/public/security/limits.d.ts.map +1 -0
  128. package/dist/component/public/security/limits.js +169 -0
  129. package/dist/component/public/security/limits.js.map +1 -0
  130. package/dist/component/public.d.ts +24 -271
  131. package/dist/component/public.d.ts.map +1 -1
  132. package/dist/component/public.js +21 -1229
  133. package/dist/component/schema.d.ts +473 -110
  134. package/dist/component/schema.js +162 -73
  135. package/dist/component/schema.js.map +1 -1
  136. package/dist/component/server/auth.d.ts +318 -373
  137. package/dist/component/server/auth.d.ts.map +1 -1
  138. package/dist/component/server/auth.js +204 -123
  139. package/dist/component/server/auth.js.map +1 -1
  140. package/dist/component/server/authError.js +34 -0
  141. package/dist/component/server/authError.js.map +1 -0
  142. package/dist/component/server/{providers.js → config.js} +43 -12
  143. package/dist/component/server/config.js.map +1 -0
  144. package/dist/component/server/cookies.js +3 -0
  145. package/dist/component/server/cookies.js.map +1 -1
  146. package/dist/component/server/core.js +713 -0
  147. package/dist/component/server/core.js.map +1 -0
  148. package/dist/component/server/crypto.js +38 -0
  149. package/dist/component/server/crypto.js.map +1 -0
  150. package/dist/component/server/{implementation/db.js → db.js} +2 -1
  151. package/dist/component/server/db.js.map +1 -0
  152. package/dist/component/server/device.js +109 -0
  153. package/dist/component/server/device.js.map +1 -0
  154. package/dist/component/server/enterprise/config.js +46 -0
  155. package/dist/component/server/enterprise/config.js.map +1 -0
  156. package/dist/component/server/enterprise/domain.js +885 -0
  157. package/dist/component/server/enterprise/domain.js.map +1 -0
  158. package/dist/component/server/enterprise/http.js +766 -0
  159. package/dist/component/server/enterprise/http.js.map +1 -0
  160. package/dist/component/server/enterprise/oidc.js +248 -0
  161. package/dist/component/server/enterprise/oidc.js.map +1 -0
  162. package/dist/component/server/enterprise/policy.js +85 -0
  163. package/dist/component/server/enterprise/policy.js.map +1 -0
  164. package/dist/component/server/enterprise/saml.js +338 -0
  165. package/dist/component/server/enterprise/saml.js.map +1 -0
  166. package/dist/component/server/enterprise/scim.js +97 -0
  167. package/dist/component/server/enterprise/scim.js.map +1 -0
  168. package/dist/component/server/enterprise/shared.js +51 -0
  169. package/dist/component/server/enterprise/shared.js.map +1 -0
  170. package/dist/component/server/errors.d.ts +1 -0
  171. package/dist/component/server/errors.js +24 -16
  172. package/dist/component/server/errors.js.map +1 -1
  173. package/dist/component/server/http.js +288 -0
  174. package/dist/component/server/http.js.map +1 -0
  175. package/dist/component/server/identity.js +13 -0
  176. package/dist/component/server/identity.js.map +1 -0
  177. package/dist/{server/implementation → component/server}/keys.js +9 -31
  178. package/dist/component/server/keys.js.map +1 -0
  179. package/dist/component/server/limits.js +61 -0
  180. package/dist/component/server/limits.js.map +1 -0
  181. package/dist/component/server/mutations/account.js +44 -0
  182. package/dist/component/server/mutations/account.js.map +1 -0
  183. package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
  184. package/dist/component/server/mutations/code.js.map +1 -0
  185. package/dist/component/server/mutations/invalidate.js +32 -0
  186. package/dist/component/server/mutations/invalidate.js.map +1 -0
  187. package/dist/component/server/mutations/oauth.js +110 -0
  188. package/dist/component/server/mutations/oauth.js.map +1 -0
  189. package/dist/component/server/mutations/refresh.js +119 -0
  190. package/dist/component/server/mutations/refresh.js.map +1 -0
  191. package/dist/component/server/mutations/register.js +83 -0
  192. package/dist/component/server/mutations/register.js.map +1 -0
  193. package/dist/component/server/mutations/retrieve.js +65 -0
  194. package/dist/component/server/mutations/retrieve.js.map +1 -0
  195. package/dist/component/server/mutations/signature.js +32 -0
  196. package/dist/component/server/mutations/signature.js.map +1 -0
  197. package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
  198. package/dist/component/server/mutations/signin.js.map +1 -0
  199. package/dist/component/server/mutations/signout.js +27 -0
  200. package/dist/component/server/mutations/signout.js.map +1 -0
  201. package/dist/component/server/mutations/store/refs.js +15 -0
  202. package/dist/component/server/mutations/store/refs.js.map +1 -0
  203. package/dist/component/server/mutations/store.js +85 -0
  204. package/dist/component/server/mutations/store.js.map +1 -0
  205. package/dist/component/server/mutations/verifier.js +18 -0
  206. package/dist/component/server/mutations/verifier.js.map +1 -0
  207. package/dist/component/server/mutations/verify.js +98 -0
  208. package/dist/component/server/mutations/verify.js.map +1 -0
  209. package/dist/component/server/oauth.js +106 -60
  210. package/dist/component/server/oauth.js.map +1 -1
  211. package/dist/component/server/passkey.js +328 -0
  212. package/dist/component/server/passkey.js.map +1 -0
  213. package/dist/{server/implementation → component/server}/redirects.js +13 -11
  214. package/dist/component/server/redirects.js.map +1 -0
  215. package/dist/component/server/refresh.js +96 -0
  216. package/dist/component/server/refresh.js.map +1 -0
  217. package/dist/component/server/runtime.d.ts +136 -0
  218. package/dist/component/server/runtime.d.ts.map +1 -0
  219. package/dist/component/server/runtime.js +413 -0
  220. package/dist/component/server/runtime.js.map +1 -0
  221. package/dist/{server/implementation → component/server}/sessions.js +14 -8
  222. package/dist/component/server/sessions.js.map +1 -0
  223. package/dist/component/server/signin.js +201 -0
  224. package/dist/component/server/signin.js.map +1 -0
  225. package/dist/component/server/tokens.js +17 -0
  226. package/dist/component/server/tokens.js.map +1 -0
  227. package/dist/component/server/totp.js +148 -0
  228. package/dist/component/server/totp.js.map +1 -0
  229. package/dist/component/server/types.d.ts +387 -298
  230. package/dist/component/server/types.d.ts.map +1 -1
  231. package/dist/component/server/{implementation/types.js → types.js} +1 -1
  232. package/dist/component/server/types.js.map +1 -0
  233. package/dist/component/server/{implementation/users.js → users.js} +54 -35
  234. package/dist/component/server/users.js.map +1 -0
  235. package/dist/component/server/utils.js +110 -4
  236. package/dist/component/server/utils.js.map +1 -1
  237. package/dist/core/types.d.ts +369 -0
  238. package/dist/core/types.d.ts.map +1 -0
  239. package/dist/factors/device.js +105 -0
  240. package/dist/factors/device.js.map +1 -0
  241. package/dist/factors/passkey.js +181 -0
  242. package/dist/factors/passkey.js.map +1 -0
  243. package/dist/factors/totp.js +122 -0
  244. package/dist/factors/totp.js.map +1 -0
  245. package/dist/providers/anonymous.d.ts +3 -9
  246. package/dist/providers/anonymous.d.ts.map +1 -1
  247. package/dist/providers/anonymous.js +1 -18
  248. package/dist/providers/anonymous.js.map +1 -1
  249. package/dist/providers/credentials.d.ts +8 -10
  250. package/dist/providers/credentials.d.ts.map +1 -1
  251. package/dist/providers/credentials.js +3 -5
  252. package/dist/providers/credentials.js.map +1 -1
  253. package/dist/providers/device.d.ts +18 -10
  254. package/dist/providers/device.d.ts.map +1 -1
  255. package/dist/providers/device.js +4 -8
  256. package/dist/providers/device.js.map +1 -1
  257. package/dist/providers/email.d.ts +50 -23
  258. package/dist/providers/email.d.ts.map +1 -1
  259. package/dist/providers/email.js +58 -34
  260. package/dist/providers/email.js.map +1 -1
  261. package/dist/providers/index.d.ts +7 -3
  262. package/dist/providers/index.js +4 -1
  263. package/dist/providers/oauth.d.ts.map +1 -1
  264. package/dist/providers/oauth.js.map +1 -1
  265. package/dist/providers/passkey.d.ts +12 -9
  266. package/dist/providers/passkey.d.ts.map +1 -1
  267. package/dist/providers/passkey.js +1 -7
  268. package/dist/providers/passkey.js.map +1 -1
  269. package/dist/providers/password.d.ts +6 -12
  270. package/dist/providers/password.d.ts.map +1 -1
  271. package/dist/providers/password.js +189 -89
  272. package/dist/providers/password.js.map +1 -1
  273. package/dist/providers/phone.d.ts +40 -11
  274. package/dist/providers/phone.d.ts.map +1 -1
  275. package/dist/providers/phone.js +52 -21
  276. package/dist/providers/phone.js.map +1 -1
  277. package/dist/providers/sso.d.ts +50 -0
  278. package/dist/providers/sso.d.ts.map +1 -0
  279. package/dist/providers/sso.js +34 -0
  280. package/dist/providers/sso.js.map +1 -0
  281. package/dist/providers/totp.d.ts +12 -9
  282. package/dist/providers/totp.d.ts.map +1 -1
  283. package/dist/providers/totp.js +1 -7
  284. package/dist/providers/totp.js.map +1 -1
  285. package/dist/runtime/browser.js +68 -0
  286. package/dist/runtime/browser.js.map +1 -0
  287. package/dist/runtime/invite.js +51 -0
  288. package/dist/runtime/invite.js.map +1 -0
  289. package/dist/runtime/proxy.js +70 -0
  290. package/dist/runtime/proxy.js.map +1 -0
  291. package/dist/runtime/storage.js +37 -0
  292. package/dist/runtime/storage.js.map +1 -0
  293. package/dist/server/auth.d.ts +335 -370
  294. package/dist/server/auth.d.ts.map +1 -1
  295. package/dist/server/auth.js +204 -123
  296. package/dist/server/auth.js.map +1 -1
  297. package/dist/server/authError.d.ts +46 -0
  298. package/dist/server/authError.d.ts.map +1 -0
  299. package/dist/server/authError.js +34 -0
  300. package/dist/server/authError.js.map +1 -0
  301. package/dist/server/config.d.ts +1 -0
  302. package/dist/server/{providers.js → config.js} +43 -12
  303. package/dist/server/config.js.map +1 -0
  304. package/dist/server/cookies.d.ts +1 -38
  305. package/dist/server/cookies.js +3 -0
  306. package/dist/server/cookies.js.map +1 -1
  307. package/dist/server/core.d.ts +1436 -0
  308. package/dist/server/core.d.ts.map +1 -0
  309. package/dist/server/core.js +713 -0
  310. package/dist/server/core.js.map +1 -0
  311. package/dist/server/crypto.d.ts +8 -0
  312. package/dist/server/crypto.d.ts.map +1 -0
  313. package/dist/server/crypto.js +38 -0
  314. package/dist/server/crypto.js.map +1 -0
  315. package/dist/server/db.d.ts +1 -0
  316. package/dist/server/{implementation/db.js → db.js} +2 -1
  317. package/dist/server/db.js.map +1 -0
  318. package/dist/server/device.d.ts +1 -0
  319. package/dist/server/device.js +109 -0
  320. package/dist/server/device.js.map +1 -0
  321. package/dist/server/enterprise/config.d.ts +1 -0
  322. package/dist/server/enterprise/config.js +46 -0
  323. package/dist/server/enterprise/config.js.map +1 -0
  324. package/dist/server/enterprise/domain.d.ts +409 -0
  325. package/dist/server/enterprise/domain.d.ts.map +1 -0
  326. package/dist/server/enterprise/domain.js +885 -0
  327. package/dist/server/enterprise/domain.js.map +1 -0
  328. package/dist/server/enterprise/http.d.ts +26 -0
  329. package/dist/server/enterprise/http.d.ts.map +1 -0
  330. package/dist/server/enterprise/http.js +766 -0
  331. package/dist/server/enterprise/http.js.map +1 -0
  332. package/dist/server/enterprise/oidc.d.ts +1 -0
  333. package/dist/server/enterprise/oidc.js +248 -0
  334. package/dist/server/enterprise/oidc.js.map +1 -0
  335. package/dist/server/enterprise/policy.d.ts +1 -0
  336. package/dist/server/enterprise/policy.js +85 -0
  337. package/dist/server/enterprise/policy.js.map +1 -0
  338. package/dist/server/enterprise/saml.d.ts +1 -0
  339. package/dist/server/enterprise/saml.js +338 -0
  340. package/dist/server/enterprise/saml.js.map +1 -0
  341. package/dist/server/enterprise/scim.d.ts +1 -0
  342. package/dist/server/enterprise/scim.js +97 -0
  343. package/dist/server/enterprise/scim.js.map +1 -0
  344. package/dist/server/enterprise/shared.d.ts +5 -0
  345. package/dist/server/enterprise/shared.d.ts.map +1 -0
  346. package/dist/server/enterprise/shared.js +51 -0
  347. package/dist/server/enterprise/shared.js.map +1 -0
  348. package/dist/server/enterprise/validators.d.ts +1 -0
  349. package/dist/server/enterprise/validators.js +60 -0
  350. package/dist/server/enterprise/validators.js.map +1 -0
  351. package/dist/server/errors.d.ts +33 -1
  352. package/dist/server/errors.d.ts.map +1 -1
  353. package/dist/server/errors.js +44 -1
  354. package/dist/server/errors.js.map +1 -1
  355. package/dist/server/http.d.ts +59 -0
  356. package/dist/server/http.d.ts.map +1 -0
  357. package/dist/server/http.js +288 -0
  358. package/dist/server/http.js.map +1 -0
  359. package/dist/server/identity.d.ts +1 -0
  360. package/dist/server/identity.js +13 -0
  361. package/dist/server/identity.js.map +1 -0
  362. package/dist/server/index.d.ts +4 -182
  363. package/dist/server/index.js +4 -376
  364. package/dist/server/keys.d.ts +1 -0
  365. package/dist/{component/server/implementation → server}/keys.js +9 -31
  366. package/dist/server/keys.js.map +1 -0
  367. package/dist/server/limits.d.ts +1 -0
  368. package/dist/server/limits.js +61 -0
  369. package/dist/server/limits.js.map +1 -0
  370. package/dist/server/mounts.d.ts +647 -0
  371. package/dist/server/mounts.d.ts.map +1 -0
  372. package/dist/server/mounts.js +643 -0
  373. package/dist/server/mounts.js.map +1 -0
  374. package/dist/server/mutations/account.d.ts +30 -0
  375. package/dist/server/mutations/account.d.ts.map +1 -0
  376. package/dist/server/mutations/account.js +44 -0
  377. package/dist/server/mutations/account.js.map +1 -0
  378. package/dist/server/mutations/code.d.ts +30 -0
  379. package/dist/server/mutations/code.d.ts.map +1 -0
  380. package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
  381. package/dist/server/mutations/code.js.map +1 -0
  382. package/dist/server/mutations/index.d.ts +14 -0
  383. package/dist/server/mutations/index.js +15 -0
  384. package/dist/server/mutations/invalidate.d.ts +20 -0
  385. package/dist/server/mutations/invalidate.d.ts.map +1 -0
  386. package/dist/server/mutations/invalidate.js +32 -0
  387. package/dist/server/mutations/invalidate.js.map +1 -0
  388. package/dist/server/mutations/oauth.d.ts +28 -0
  389. package/dist/server/mutations/oauth.d.ts.map +1 -0
  390. package/dist/server/mutations/oauth.js +110 -0
  391. package/dist/server/mutations/oauth.js.map +1 -0
  392. package/dist/server/mutations/refresh.d.ts +21 -0
  393. package/dist/server/mutations/refresh.d.ts.map +1 -0
  394. package/dist/server/mutations/refresh.js +119 -0
  395. package/dist/server/mutations/refresh.js.map +1 -0
  396. package/dist/server/mutations/register.d.ts +38 -0
  397. package/dist/server/mutations/register.d.ts.map +1 -0
  398. package/dist/server/mutations/register.js +83 -0
  399. package/dist/server/mutations/register.js.map +1 -0
  400. package/dist/server/mutations/retrieve.d.ts +33 -0
  401. package/dist/server/mutations/retrieve.d.ts.map +1 -0
  402. package/dist/server/mutations/retrieve.js +65 -0
  403. package/dist/server/mutations/retrieve.js.map +1 -0
  404. package/dist/server/mutations/signature.d.ts +22 -0
  405. package/dist/server/mutations/signature.d.ts.map +1 -0
  406. package/dist/server/mutations/signature.js +32 -0
  407. package/dist/server/mutations/signature.js.map +1 -0
  408. package/dist/server/mutations/signin.d.ts +22 -0
  409. package/dist/server/mutations/signin.d.ts.map +1 -0
  410. package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
  411. package/dist/server/mutations/signin.js.map +1 -0
  412. package/dist/server/mutations/signout.d.ts +16 -0
  413. package/dist/server/mutations/signout.d.ts.map +1 -0
  414. package/dist/server/mutations/signout.js +27 -0
  415. package/dist/server/mutations/signout.js.map +1 -0
  416. package/dist/server/mutations/store/refs.d.ts +12 -0
  417. package/dist/server/mutations/store/refs.d.ts.map +1 -0
  418. package/dist/server/mutations/store/refs.js +15 -0
  419. package/dist/server/mutations/store/refs.js.map +1 -0
  420. package/dist/server/mutations/store.d.ts +306 -0
  421. package/dist/server/mutations/store.d.ts.map +1 -0
  422. package/dist/server/mutations/store.js +85 -0
  423. package/dist/server/mutations/store.js.map +1 -0
  424. package/dist/server/mutations/verifier.d.ts +13 -0
  425. package/dist/server/mutations/verifier.d.ts.map +1 -0
  426. package/dist/server/mutations/verifier.js +18 -0
  427. package/dist/server/mutations/verifier.js.map +1 -0
  428. package/dist/server/mutations/verify.d.ts +26 -0
  429. package/dist/server/mutations/verify.d.ts.map +1 -0
  430. package/dist/server/mutations/verify.js +98 -0
  431. package/dist/server/mutations/verify.js.map +1 -0
  432. package/dist/server/oauth.d.ts +1 -48
  433. package/dist/server/oauth.js +107 -64
  434. package/dist/server/oauth.js.map +1 -1
  435. package/dist/server/passkey.d.ts +27 -0
  436. package/dist/server/passkey.d.ts.map +1 -0
  437. package/dist/server/passkey.js +328 -0
  438. package/dist/server/passkey.js.map +1 -0
  439. package/dist/server/redirects.d.ts +1 -0
  440. package/dist/{component/server/implementation → server}/redirects.js +13 -11
  441. package/dist/server/redirects.js.map +1 -0
  442. package/dist/server/refresh.d.ts +1 -0
  443. package/dist/server/refresh.js +96 -0
  444. package/dist/server/refresh.js.map +1 -0
  445. package/dist/server/runtime.d.ts +136 -0
  446. package/dist/server/runtime.d.ts.map +1 -0
  447. package/dist/server/runtime.js +413 -0
  448. package/dist/server/runtime.js.map +1 -0
  449. package/dist/server/sessions.d.ts +1 -0
  450. package/dist/{component/server/implementation → server}/sessions.js +14 -8
  451. package/dist/server/sessions.js.map +1 -0
  452. package/dist/server/signin.d.ts +1 -0
  453. package/dist/server/signin.js +201 -0
  454. package/dist/server/signin.js.map +1 -0
  455. package/dist/server/ssr.d.ts +226 -0
  456. package/dist/server/ssr.d.ts.map +1 -0
  457. package/dist/server/ssr.js +786 -0
  458. package/dist/server/ssr.js.map +1 -0
  459. package/dist/server/templates.d.ts +1 -21
  460. package/dist/server/templates.js +2 -1
  461. package/dist/server/templates.js.map +1 -1
  462. package/dist/server/tokens.d.ts +1 -0
  463. package/dist/server/tokens.js +17 -0
  464. package/dist/server/tokens.js.map +1 -0
  465. package/dist/server/totp.d.ts +1 -0
  466. package/dist/server/totp.js +148 -0
  467. package/dist/server/totp.js.map +1 -0
  468. package/dist/server/types.d.ts +498 -306
  469. package/dist/server/types.d.ts.map +1 -1
  470. package/dist/server/types.js +108 -1
  471. package/dist/server/types.js.map +1 -0
  472. package/dist/server/users.d.ts +1 -0
  473. package/dist/server/{implementation/users.js → users.js} +54 -35
  474. package/dist/server/users.js.map +1 -0
  475. package/dist/server/utils.d.ts +1 -6
  476. package/dist/server/utils.js +110 -4
  477. package/dist/server/utils.js.map +1 -1
  478. package/package.json +49 -46
  479. package/src/authorization/index.ts +83 -0
  480. package/src/cli/bin.ts +5 -0
  481. package/src/cli/command.ts +6 -5
  482. package/src/cli/index.ts +456 -248
  483. package/src/cli/keys.ts +3 -0
  484. package/src/client/core/types.ts +437 -0
  485. package/src/client/factors/device.ts +160 -0
  486. package/src/client/factors/passkey.ts +282 -0
  487. package/src/client/factors/totp.ts +150 -0
  488. package/src/client/index.ts +745 -989
  489. package/src/client/runtime/browser.ts +112 -0
  490. package/src/client/runtime/invite.ts +65 -0
  491. package/src/client/runtime/proxy.ts +111 -0
  492. package/src/client/runtime/storage.ts +79 -0
  493. package/src/component/_generated/api.ts +42 -0
  494. package/src/component/_generated/component.ts +3123 -102
  495. package/src/component/functions.ts +38 -22
  496. package/src/component/index.ts +10 -20
  497. package/src/component/model.ts +449 -0
  498. package/src/component/public/enterprise/audit.ts +120 -0
  499. package/src/component/public/enterprise/core.ts +354 -0
  500. package/src/component/public/enterprise/domains.ts +323 -0
  501. package/src/component/public/enterprise/scim.ts +396 -0
  502. package/src/component/public/enterprise/secrets.ts +132 -0
  503. package/src/component/public/enterprise/webhooks.ts +306 -0
  504. package/src/component/public/factors/devices.ts +223 -0
  505. package/src/component/public/factors/passkeys.ts +242 -0
  506. package/src/component/public/factors/totp.ts +258 -0
  507. package/src/component/public/groups/core.ts +481 -0
  508. package/src/component/public/groups/invites.ts +602 -0
  509. package/src/component/public/groups/members.ts +409 -0
  510. package/src/component/public/identity/accounts.ts +206 -0
  511. package/src/component/public/identity/codes.ts +148 -0
  512. package/src/component/public/identity/sessions.ts +209 -0
  513. package/src/component/public/identity/tokens.ts +250 -0
  514. package/src/component/public/identity/users.ts +354 -0
  515. package/src/component/public/identity/verifiers.ts +157 -0
  516. package/src/component/public/security/keys.ts +365 -0
  517. package/src/component/public/security/limits.ts +173 -0
  518. package/src/component/public.ts +26 -1766
  519. package/src/component/schema.ts +273 -100
  520. package/src/providers/anonymous.ts +10 -20
  521. package/src/providers/credentials.ts +14 -22
  522. package/src/providers/device.ts +3 -14
  523. package/src/providers/email.ts +83 -47
  524. package/src/providers/index.ts +7 -0
  525. package/src/providers/oauth.ts +5 -3
  526. package/src/providers/passkey.ts +0 -13
  527. package/src/providers/password.ts +307 -130
  528. package/src/providers/phone.ts +81 -37
  529. package/src/providers/sso.ts +54 -0
  530. package/src/providers/totp.ts +0 -13
  531. package/src/samlify.d.ts +53 -0
  532. package/src/server/auth.ts +701 -247
  533. package/src/server/authError.ts +44 -0
  534. package/src/server/{providers.ts → config.ts} +84 -15
  535. package/src/server/cookies.ts +8 -1
  536. package/src/server/core.ts +2095 -0
  537. package/src/server/crypto.ts +88 -0
  538. package/src/server/{implementation/db.ts → db.ts} +90 -15
  539. package/src/server/device.ts +221 -0
  540. package/src/server/enterprise/config.ts +51 -0
  541. package/src/server/enterprise/domain.ts +1751 -0
  542. package/src/server/enterprise/http.ts +1324 -0
  543. package/src/server/enterprise/oidc.ts +500 -0
  544. package/src/server/enterprise/policy.ts +128 -0
  545. package/src/server/enterprise/saml.ts +578 -0
  546. package/src/server/enterprise/scim.ts +135 -0
  547. package/src/server/enterprise/shared.ts +134 -0
  548. package/src/server/enterprise/validators.ts +93 -0
  549. package/src/server/errors.ts +130 -119
  550. package/src/server/http.ts +531 -0
  551. package/src/server/identity.ts +18 -0
  552. package/src/server/index.ts +32 -650
  553. package/src/server/{implementation/keys.ts → keys.ts} +16 -44
  554. package/src/server/limits.ts +134 -0
  555. package/src/server/mounts.ts +948 -0
  556. package/src/server/mutations/account.ts +76 -0
  557. package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
  558. package/src/server/mutations/index.ts +13 -0
  559. package/src/server/mutations/invalidate.ts +50 -0
  560. package/src/server/mutations/oauth.ts +237 -0
  561. package/src/server/mutations/refresh.ts +298 -0
  562. package/src/server/mutations/register.ts +200 -0
  563. package/src/server/mutations/retrieve.ts +109 -0
  564. package/src/server/mutations/signature.ts +50 -0
  565. package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
  566. package/src/server/mutations/signout.ts +43 -0
  567. package/src/server/mutations/store/refs.ts +10 -0
  568. package/src/server/mutations/store.ts +138 -0
  569. package/src/server/mutations/verifier.ts +34 -0
  570. package/src/server/mutations/verify.ts +202 -0
  571. package/src/server/oauth.ts +243 -131
  572. package/src/server/passkey.ts +784 -0
  573. package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
  574. package/src/server/refresh.ts +222 -0
  575. package/src/server/runtime.ts +880 -0
  576. package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
  577. package/src/server/signin.ts +438 -0
  578. package/src/server/ssr.ts +1764 -0
  579. package/src/server/templates.ts +8 -3
  580. package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
  581. package/src/server/totp.ts +349 -0
  582. package/src/server/types.ts +972 -207
  583. package/src/server/{implementation/users.ts → users.ts} +129 -75
  584. package/src/server/utils.ts +192 -5
  585. package/src/test.ts +28 -4
  586. package/dist/bin.cjs +0 -27757
  587. package/dist/component/providers/email.js +0 -47
  588. package/dist/component/providers/email.js.map +0 -1
  589. package/dist/component/public.js.map +0 -1
  590. package/dist/component/server/implementation/db.js.map +0 -1
  591. package/dist/component/server/implementation/device.js +0 -135
  592. package/dist/component/server/implementation/device.js.map +0 -1
  593. package/dist/component/server/implementation/index.d.ts +0 -870
  594. package/dist/component/server/implementation/index.d.ts.map +0 -1
  595. package/dist/component/server/implementation/index.js +0 -610
  596. package/dist/component/server/implementation/index.js.map +0 -1
  597. package/dist/component/server/implementation/keys.js.map +0 -1
  598. package/dist/component/server/implementation/mutations/account.js +0 -39
  599. package/dist/component/server/implementation/mutations/account.js.map +0 -1
  600. package/dist/component/server/implementation/mutations/code.js.map +0 -1
  601. package/dist/component/server/implementation/mutations/index.js +0 -70
  602. package/dist/component/server/implementation/mutations/index.js.map +0 -1
  603. package/dist/component/server/implementation/mutations/invalidate.js +0 -29
  604. package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
  605. package/dist/component/server/implementation/mutations/oauth.js +0 -51
  606. package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
  607. package/dist/component/server/implementation/mutations/refresh.js +0 -85
  608. package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
  609. package/dist/component/server/implementation/mutations/register.js +0 -65
  610. package/dist/component/server/implementation/mutations/register.js.map +0 -1
  611. package/dist/component/server/implementation/mutations/retrieve.js +0 -50
  612. package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
  613. package/dist/component/server/implementation/mutations/signature.js +0 -27
  614. package/dist/component/server/implementation/mutations/signature.js.map +0 -1
  615. package/dist/component/server/implementation/mutations/signin.js.map +0 -1
  616. package/dist/component/server/implementation/mutations/signout.js +0 -27
  617. package/dist/component/server/implementation/mutations/signout.js.map +0 -1
  618. package/dist/component/server/implementation/mutations/store.js +0 -12
  619. package/dist/component/server/implementation/mutations/store.js.map +0 -1
  620. package/dist/component/server/implementation/mutations/verifier.js +0 -16
  621. package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
  622. package/dist/component/server/implementation/mutations/verify.js +0 -105
  623. package/dist/component/server/implementation/mutations/verify.js.map +0 -1
  624. package/dist/component/server/implementation/passkey.js +0 -307
  625. package/dist/component/server/implementation/passkey.js.map +0 -1
  626. package/dist/component/server/implementation/provider.js +0 -19
  627. package/dist/component/server/implementation/provider.js.map +0 -1
  628. package/dist/component/server/implementation/ratelimit.js +0 -48
  629. package/dist/component/server/implementation/ratelimit.js.map +0 -1
  630. package/dist/component/server/implementation/redirects.js.map +0 -1
  631. package/dist/component/server/implementation/refresh.js +0 -109
  632. package/dist/component/server/implementation/refresh.js.map +0 -1
  633. package/dist/component/server/implementation/sessions.js.map +0 -1
  634. package/dist/component/server/implementation/signin.js +0 -148
  635. package/dist/component/server/implementation/signin.js.map +0 -1
  636. package/dist/component/server/implementation/tokens.js +0 -15
  637. package/dist/component/server/implementation/tokens.js.map +0 -1
  638. package/dist/component/server/implementation/totp.js +0 -142
  639. package/dist/component/server/implementation/totp.js.map +0 -1
  640. package/dist/component/server/implementation/types.d.ts +0 -42
  641. package/dist/component/server/implementation/types.d.ts.map +0 -1
  642. package/dist/component/server/implementation/types.js.map +0 -1
  643. package/dist/component/server/implementation/users.js.map +0 -1
  644. package/dist/component/server/implementation/utils.js +0 -56
  645. package/dist/component/server/implementation/utils.js.map +0 -1
  646. package/dist/component/server/providers.js.map +0 -1
  647. package/dist/component/server/templates.js +0 -84
  648. package/dist/component/server/templates.js.map +0 -1
  649. package/dist/server/cookies.d.ts.map +0 -1
  650. package/dist/server/implementation/db.d.ts +0 -86
  651. package/dist/server/implementation/db.d.ts.map +0 -1
  652. package/dist/server/implementation/db.js.map +0 -1
  653. package/dist/server/implementation/device.d.ts +0 -30
  654. package/dist/server/implementation/device.d.ts.map +0 -1
  655. package/dist/server/implementation/device.js +0 -135
  656. package/dist/server/implementation/device.js.map +0 -1
  657. package/dist/server/implementation/index.d.ts +0 -870
  658. package/dist/server/implementation/index.d.ts.map +0 -1
  659. package/dist/server/implementation/index.js +0 -610
  660. package/dist/server/implementation/index.js.map +0 -1
  661. package/dist/server/implementation/keys.d.ts +0 -66
  662. package/dist/server/implementation/keys.d.ts.map +0 -1
  663. package/dist/server/implementation/keys.js.map +0 -1
  664. package/dist/server/implementation/mutations/account.d.ts +0 -27
  665. package/dist/server/implementation/mutations/account.d.ts.map +0 -1
  666. package/dist/server/implementation/mutations/account.js +0 -39
  667. package/dist/server/implementation/mutations/account.js.map +0 -1
  668. package/dist/server/implementation/mutations/code.d.ts +0 -29
  669. package/dist/server/implementation/mutations/code.d.ts.map +0 -1
  670. package/dist/server/implementation/mutations/code.js.map +0 -1
  671. package/dist/server/implementation/mutations/index.d.ts +0 -310
  672. package/dist/server/implementation/mutations/index.d.ts.map +0 -1
  673. package/dist/server/implementation/mutations/index.js +0 -70
  674. package/dist/server/implementation/mutations/index.js.map +0 -1
  675. package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
  676. package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
  677. package/dist/server/implementation/mutations/invalidate.js +0 -29
  678. package/dist/server/implementation/mutations/invalidate.js.map +0 -1
  679. package/dist/server/implementation/mutations/oauth.d.ts +0 -23
  680. package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
  681. package/dist/server/implementation/mutations/oauth.js +0 -51
  682. package/dist/server/implementation/mutations/oauth.js.map +0 -1
  683. package/dist/server/implementation/mutations/refresh.d.ts +0 -20
  684. package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
  685. package/dist/server/implementation/mutations/refresh.js +0 -85
  686. package/dist/server/implementation/mutations/refresh.js.map +0 -1
  687. package/dist/server/implementation/mutations/register.d.ts +0 -37
  688. package/dist/server/implementation/mutations/register.d.ts.map +0 -1
  689. package/dist/server/implementation/mutations/register.js +0 -65
  690. package/dist/server/implementation/mutations/register.js.map +0 -1
  691. package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
  692. package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
  693. package/dist/server/implementation/mutations/retrieve.js +0 -50
  694. package/dist/server/implementation/mutations/retrieve.js.map +0 -1
  695. package/dist/server/implementation/mutations/signature.d.ts +0 -19
  696. package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
  697. package/dist/server/implementation/mutations/signature.js +0 -27
  698. package/dist/server/implementation/mutations/signature.js.map +0 -1
  699. package/dist/server/implementation/mutations/signin.d.ts +0 -21
  700. package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
  701. package/dist/server/implementation/mutations/signin.js.map +0 -1
  702. package/dist/server/implementation/mutations/signout.d.ts +0 -14
  703. package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
  704. package/dist/server/implementation/mutations/signout.js +0 -27
  705. package/dist/server/implementation/mutations/signout.js.map +0 -1
  706. package/dist/server/implementation/mutations/store.d.ts +0 -11
  707. package/dist/server/implementation/mutations/store.d.ts.map +0 -1
  708. package/dist/server/implementation/mutations/store.js +0 -12
  709. package/dist/server/implementation/mutations/store.js.map +0 -1
  710. package/dist/server/implementation/mutations/verifier.d.ts +0 -11
  711. package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
  712. package/dist/server/implementation/mutations/verifier.js +0 -16
  713. package/dist/server/implementation/mutations/verifier.js.map +0 -1
  714. package/dist/server/implementation/mutations/verify.d.ts +0 -25
  715. package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
  716. package/dist/server/implementation/mutations/verify.js +0 -105
  717. package/dist/server/implementation/mutations/verify.js.map +0 -1
  718. package/dist/server/implementation/passkey.d.ts +0 -24
  719. package/dist/server/implementation/passkey.d.ts.map +0 -1
  720. package/dist/server/implementation/passkey.js +0 -307
  721. package/dist/server/implementation/passkey.js.map +0 -1
  722. package/dist/server/implementation/provider.d.ts +0 -10
  723. package/dist/server/implementation/provider.d.ts.map +0 -1
  724. package/dist/server/implementation/provider.js +0 -19
  725. package/dist/server/implementation/provider.js.map +0 -1
  726. package/dist/server/implementation/ratelimit.d.ts +0 -10
  727. package/dist/server/implementation/ratelimit.d.ts.map +0 -1
  728. package/dist/server/implementation/ratelimit.js +0 -48
  729. package/dist/server/implementation/ratelimit.js.map +0 -1
  730. package/dist/server/implementation/redirects.d.ts +0 -10
  731. package/dist/server/implementation/redirects.d.ts.map +0 -1
  732. package/dist/server/implementation/redirects.js.map +0 -1
  733. package/dist/server/implementation/refresh.d.ts +0 -37
  734. package/dist/server/implementation/refresh.d.ts.map +0 -1
  735. package/dist/server/implementation/refresh.js +0 -109
  736. package/dist/server/implementation/refresh.js.map +0 -1
  737. package/dist/server/implementation/sessions.d.ts +0 -29
  738. package/dist/server/implementation/sessions.d.ts.map +0 -1
  739. package/dist/server/implementation/sessions.js.map +0 -1
  740. package/dist/server/implementation/signin.d.ts +0 -55
  741. package/dist/server/implementation/signin.d.ts.map +0 -1
  742. package/dist/server/implementation/signin.js +0 -148
  743. package/dist/server/implementation/signin.js.map +0 -1
  744. package/dist/server/implementation/tokens.d.ts +0 -11
  745. package/dist/server/implementation/tokens.d.ts.map +0 -1
  746. package/dist/server/implementation/tokens.js +0 -15
  747. package/dist/server/implementation/tokens.js.map +0 -1
  748. package/dist/server/implementation/totp.d.ts +0 -31
  749. package/dist/server/implementation/totp.d.ts.map +0 -1
  750. package/dist/server/implementation/totp.js +0 -142
  751. package/dist/server/implementation/totp.js.map +0 -1
  752. package/dist/server/implementation/types.d.ts +0 -189
  753. package/dist/server/implementation/types.d.ts.map +0 -1
  754. package/dist/server/implementation/types.js +0 -97
  755. package/dist/server/implementation/types.js.map +0 -1
  756. package/dist/server/implementation/users.d.ts +0 -30
  757. package/dist/server/implementation/users.d.ts.map +0 -1
  758. package/dist/server/implementation/users.js.map +0 -1
  759. package/dist/server/implementation/utils.d.ts +0 -19
  760. package/dist/server/implementation/utils.d.ts.map +0 -1
  761. package/dist/server/implementation/utils.js +0 -56
  762. package/dist/server/implementation/utils.js.map +0 -1
  763. package/dist/server/index.d.ts.map +0 -1
  764. package/dist/server/index.js.map +0 -1
  765. package/dist/server/oauth.d.ts.map +0 -1
  766. package/dist/server/providers.d.ts +0 -72
  767. package/dist/server/providers.d.ts.map +0 -1
  768. package/dist/server/providers.js.map +0 -1
  769. package/dist/server/templates.d.ts.map +0 -1
  770. package/dist/server/utils.d.ts.map +0 -1
  771. package/dist/server/version.d.ts +0 -5
  772. package/dist/server/version.d.ts.map +0 -1
  773. package/dist/server/version.js +0 -6
  774. package/dist/server/version.js.map +0 -1
  775. package/src/cli/utils.ts +0 -248
  776. package/src/server/implementation/device.ts +0 -307
  777. package/src/server/implementation/index.ts +0 -1583
  778. package/src/server/implementation/mutations/account.ts +0 -50
  779. package/src/server/implementation/mutations/index.ts +0 -157
  780. package/src/server/implementation/mutations/invalidate.ts +0 -42
  781. package/src/server/implementation/mutations/oauth.ts +0 -73
  782. package/src/server/implementation/mutations/refresh.ts +0 -175
  783. package/src/server/implementation/mutations/register.ts +0 -100
  784. package/src/server/implementation/mutations/retrieve.ts +0 -79
  785. package/src/server/implementation/mutations/signature.ts +0 -39
  786. package/src/server/implementation/mutations/signout.ts +0 -35
  787. package/src/server/implementation/mutations/store.ts +0 -7
  788. package/src/server/implementation/mutations/verifier.ts +0 -24
  789. package/src/server/implementation/mutations/verify.ts +0 -194
  790. package/src/server/implementation/passkey.ts +0 -620
  791. package/src/server/implementation/provider.ts +0 -36
  792. package/src/server/implementation/ratelimit.ts +0 -79
  793. package/src/server/implementation/refresh.ts +0 -172
  794. package/src/server/implementation/signin.ts +0 -296
  795. package/src/server/implementation/totp.ts +0 -342
  796. package/src/server/implementation/types.ts +0 -444
  797. package/src/server/implementation/utils.ts +0 -91
  798. package/src/server/version.ts +0 -2
package/dist/component/server/enterprise/http.js ADDED
@@ -0,0 +1,766 @@
1
+ import { isAuthError } from "../errors.js";
2
+ import { AuthError } from "../authError.js";
3
+ import { SCIM_GROUP_SCHEMA_ID, SCIM_USER_SCHEMA_ID, enterpriseSamlProviderId } from "./shared.js";
4
+ import { createEnterpriseOidcRuntime } from "./oidc.js";
5
+ import { redirectAbsoluteUrl, setURLSearchParam } from "../redirects.js";
6
+ import { redirectToParamCookie, useRedirectToParam } from "../cookies.js";
7
+ import { addSSORoutes, convertErrorsToResponse, getCookies } from "../http.js";
8
+ import { createOAuthAuthorizationURL, handleOAuthCallback } from "../oauth.js";
9
+ import { createEnterpriseSamlMetadataXml, createEnterpriseSamlSignInRequest, createSamlPostBindingResponse, encodeEnterpriseSamlRelayState, parseEnterpriseSamlLoginResponse, parseEnterpriseSamlLogoutMessage, profileFromSamlExtract, validateEnterpriseSamlLoginRelayState } from "./saml.js";
10
+ import { parseScimListRequest, scimError, scimJson, serializeScimGroup, serializeScimUser } from "./scim.js";
11
+ import { serialize } from "cookie";
12
+ import { Fx } from "@robelest/fx";
13
+
14
+ //#region src/server/enterprise/http.ts
15
+ function addEnterpriseHttpRuntime(deps) {
16
+ if (!deps.hasSSO) return;
17
+ const { http, auth, config, requireEnv, loadActiveEnterpriseSamlOrThrow, loadEnterpriseOidcOrThrow, getEnterpriseScimContext, getPolicyFromEnterprise, recordEnterpriseAuditEvent, emitEnterpriseWebhookDeliveries, generateRandomString, inviteTokenAlphabet: INVITE_TOKEN_ALPHABET, callUserOAuth, callVerifierSignature } = deps;
18
+ const ENTERPRISE_CONTROL_ROUTE_BASE = deps.routeBase;
19
+ const SCIM_SCHEMAS = [{
20
+ id: SCIM_USER_SCHEMA_ID,
21
+ name: "User",
22
+ description: "User Account",
23
+ attributes: [
24
+ {
25
+ name: "userName",
26
+ type: "string",
27
+ required: true
28
+ },
29
+ {
30
+ name: "displayName",
31
+ type: "string"
32
+ },
33
+ {
34
+ name: "active",
35
+ type: "boolean"
36
+ },
37
+ {
38
+ name: "emails",
39
+ type: "complex",
40
+ multiValued: true
41
+ }
42
+ ]
43
+ }, {
44
+ id: SCIM_GROUP_SCHEMA_ID,
45
+ name: "Group",
46
+ description: "Group",
47
+ attributes: [{
48
+ name: "displayName",
49
+ type: "string",
50
+ required: true
51
+ }, {
52
+ name: "members",
53
+ type: "complex",
54
+ multiValued: true
55
+ }]
56
+ }];
57
+ const SCIM_RESOURCE_TYPES = [{
58
+ id: "User",
59
+ name: "User",
60
+ endpoint: "/Users",
61
+ schema: SCIM_USER_SCHEMA_ID
62
+ }, {
63
+ id: "Group",
64
+ name: "Group",
65
+ endpoint: "/Groups",
66
+ schema: SCIM_GROUP_SCHEMA_ID
67
+ }];
68
+ const handleStaticScimCollection = (items, resourceId, opts) => {
69
+ if (resourceId !== void 0) {
70
+ const item = items.find((entry) => entry[opts.by] === decodeURIComponent(resourceId));
71
+ return item ? scimJson(item) : scimError(404, "notFound", opts.notFound);
72
+ }
73
+ return scimJson({
74
+ schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
75
+ Resources: items,
76
+ totalResults: items.length,
77
+ startIndex: 1,
78
+ itemsPerPage: items.length
79
+ });
80
+ };
81
+ const filterScimCollection = (items, filter, filters) => {
82
+ if (!filter) return items;
83
+ const predicate = filters[filter.attribute];
84
+ if (!predicate) throw new Error("Unsupported SCIM filter.");
85
+ return items.filter((item) => predicate(item, filter.value));
86
+ };
87
+ const paginateScimCollection = (items, listRequest) => {
88
+ const start = listRequest.startIndex - 1;
89
+ return items.slice(start, start + listRequest.count);
90
+ };
91
+ const requireScimResourceId = (resourceId, label) => {
92
+ if (!resourceId) return scimError(400, "invalidPath", `${label} resource ID is required.`);
93
+ return null;
94
+ };
95
+ const readScimJson = async (request) => await request.json();
96
+ const handleSamlAcs = async (ctx, request, runtimeRoute) => Fx.run(Fx.gen(function* () {
97
+ yield* Fx.guard(runtimeRoute.protocol !== "saml" || runtimeRoute.rest.length !== 1 || runtimeRoute.rest[0] !== "acs", Fx.fail(new AuthError("INVALID_PARAMETERS", "Invalid enterprise runtime path.").toConvexError()));
98
+ const enterpriseId = runtimeRoute.enterpriseId;
99
+ const { loaded, enterprise, saml } = yield* Fx.from({
100
+ ok: () => loadActiveEnterpriseSamlOrThrow(ctx, enterpriseId),
101
+ err: (e) => e
102
+ });
103
+ const parsedResponse = yield* Fx.from({
104
+ ok: () => parseEnterpriseSamlLoginResponse({
105
+ request,
106
+ rootUrl: requireEnv("CONVEX_SITE_URL"),
107
+ source: {
108
+ kind: "enterprise",
109
+ id: enterprise._id
110
+ },
111
+ config: loaded.config
112
+ }),
113
+ err: (e) => new AuthError("OAUTH_PROVIDER_ERROR", `SAML response parse failed: ${e instanceof Error ? e.message : String(e)}`).toConvexError()
114
+ });
115
+ yield* Fx.from({
116
+ ok: () => {
117
+ validateEnterpriseSamlLoginRelayState({
118
+ relayState: parsedResponse.relayState,
119
+ source: {
120
+ kind: "enterprise",
121
+ id: enterprise._id
122
+ },
123
+ inResponseTo: parsedResponse.parsed.extract?.response?.inResponseTo
124
+ });
125
+ return Promise.resolve();
126
+ },
127
+ err: () => new AuthError("OAUTH_INVALID_STATE", "SAML RelayState did not match the pending login request.").toConvexError()
128
+ });
129
+ const { samlAttributes, samlSessionIndex, ...userProfile } = profileFromSamlExtract(parsedResponse.parsed.extract, saml.attributeMapping);
130
+ const profile = userProfile;
131
+ const maybeRedirectTo = useRedirectToParam(enterpriseSamlProviderId(enterprise._id), getCookies(request));
132
+ const verificationCode = yield* Fx.from({
133
+ ok: () => callUserOAuth(ctx, {
134
+ provider: enterpriseSamlProviderId(enterprise._id),
135
+ providerAccountId: profile.id,
136
+ profile,
137
+ signature: parsedResponse.relayState.signature,
138
+ accountExtend: {
139
+ identity: {
140
+ protocol: "saml",
141
+ enterpriseId: enterprise._id,
142
+ subject: profile.id,
143
+ entityId: typeof saml.entityId === "string" ? saml.entityId : void 0
144
+ },
145
+ saml: {
146
+ attributes: samlAttributes,
147
+ sessionIndex: samlSessionIndex
148
+ }
149
+ }
150
+ }),
151
+ err: (e) => e
152
+ });
153
+ const vurl = setURLSearchParam(yield* Fx.from({
154
+ ok: () => redirectAbsoluteUrl(config, { redirectTo: maybeRedirectTo?.redirectTo ?? (typeof parsedResponse.relayState.redirectTo === "string" ? parsedResponse.relayState.redirectTo : void 0) }),
155
+ err: (e) => e
156
+ }), "code", verificationCode);
157
+ const vheaders = new Headers({ Location: vurl });
158
+ vheaders.set("Cache-Control", "must-revalidate");
159
+ for (const { name, value, options } of maybeRedirectTo !== null ? [maybeRedirectTo.updatedCookie] : []) vheaders.append("Set-Cookie", serialize(name, value, options));
160
+ return new Response(null, {
161
+ status: 302,
162
+ headers: vheaders
163
+ });
164
+ }).pipe(Fx.recover((e) => Fx.fatal(e))));
165
+ const handleSamlSlo = async (ctx, request, runtimeRoute) => {
166
+ if (runtimeRoute.protocol !== "saml" || runtimeRoute.rest.length !== 1 || runtimeRoute.rest[0] !== "slo") throw new AuthError("INVALID_PARAMETERS", "Invalid enterprise runtime path.").toConvexError();
167
+ const { loaded, enterprise } = await loadActiveEnterpriseSamlOrThrow(ctx, runtimeRoute.enterpriseId);
168
+ const parsedMessage = await parseEnterpriseSamlLogoutMessage({
169
+ request,
170
+ rootUrl: requireEnv("CONVEX_SITE_URL"),
171
+ source: {
172
+ kind: "enterprise",
173
+ id: enterprise._id
174
+ },
175
+ config: loaded.config
176
+ });
177
+ if (parsedMessage.hasSamlRequest && parsedMessage.parsedRequest) {
178
+ const responseContext = parsedMessage.runtime.sp.createLogoutResponse(parsedMessage.runtime.idp, parsedMessage.parsedRequest.extract, parsedMessage.binding, parsedMessage.relayState ?? "");
179
+ if (parsedMessage.binding === "redirect") return new Response(null, {
180
+ status: 302,
181
+ headers: { Location: responseContext.context }
182
+ });
183
+ return createSamlPostBindingResponse({
184
+ endpoint: responseContext.entityEndpoint,
185
+ parameter: "SAMLResponse",
186
+ value: responseContext.context,
187
+ relayState: parsedMessage.relayState
188
+ });
189
+ }
190
+ if (parsedMessage.hasSamlResponse) return new Response(null, { status: 204 });
191
+ throw new AuthError("INVALID_PARAMETERS", "Missing SAML logout payload.").toConvexError();
192
+ };
193
+ const handleScimRequest = async (ctx, request) => {
194
+ try {
195
+ const { scimConfig, enterprise, parsedPath } = await getEnterpriseScimContext(ctx, request);
196
+ const state = {
197
+ ctx,
198
+ request,
199
+ url: new URL(request.url),
200
+ parsedPath,
201
+ enterprise,
202
+ scimConfig,
203
+ policy: getPolicyFromEnterprise(enterprise),
204
+ recordScimEvent: async (eventType, ok, subjectType, subjectId, metadata) => {
205
+ const auditEventId = await recordEnterpriseAuditEvent(ctx, {
206
+ enterpriseId: enterprise._id,
207
+ groupId: enterprise.groupId,
208
+ eventType,
209
+ actorType: "scim",
210
+ subjectType,
211
+ subjectId,
212
+ ok,
213
+ metadata
214
+ });
215
+ await emitEnterpriseWebhookDeliveries(ctx, {
216
+ enterpriseId: enterprise._id,
217
+ eventType,
218
+ auditEventId,
219
+ payload: {
220
+ enterpriseId: enterprise._id,
221
+ subjectId,
222
+ metadata
223
+ }
224
+ });
225
+ }
226
+ };
227
+ const handleUsersGet = async (state$1) => {
228
+ const members = await auth.member.list(state$1.ctx, {
229
+ where: { groupId: state$1.enterprise.groupId },
230
+ limit: 100
231
+ });
232
+ const identities = await state$1.ctx.runQuery(config.component.public.enterpriseScimIdentityListByEnterprise, { enterpriseId: state$1.enterprise._id });
233
+ const identityByUserId = new Map(identities.filter((identity) => identity.userId !== void 0).map((identity) => [identity.userId, identity]));
234
+ const users = (await Promise.all(members.items.map(async (member) => {
235
+ const user = await auth.user.get(state$1.ctx, member.userId);
236
+ return user ? {
237
+ user,
238
+ member,
239
+ identity: identityByUserId.get(user._id)
240
+ } : null;
241
+ }))).filter(Boolean);
242
+ const listRequest = parseScimListRequest(state$1.url);
243
+ const filtered = filterScimCollection(users, listRequest.filter, {
244
+ id: (item, value) => item.user._id === value,
245
+ externalId: (item, value) => item.identity?.externalId === value,
246
+ userName: (item, value) => item.user.email === value,
247
+ "emails.value": (item, value) => item.user.email === value,
248
+ active: (item, value) => String(item.identity?.active ?? item.member.status === "active") === value
249
+ });
250
+ if (state$1.parsedPath.resourceId) {
251
+ const resource = filtered.find(({ user }) => user._id === state$1.parsedPath.resourceId);
252
+ return resource ? scimJson(serializeScimUser({
253
+ id: resource.user._id,
254
+ user: resource.user,
255
+ externalId: resource.identity?.externalId,
256
+ location: `${state$1.url.origin}${state$1.url.pathname.replace(/\/[^/]+$/, "")}/${resource.user._id}`,
257
+ active: resource.identity?.active ?? resource.member.status === "active"
258
+ }), 200, { Location: `${state$1.url.origin}${state$1.url.pathname.replace(/\/[^/]+$/, "")}/${resource.user._id}` }) : scimError(404, "notFound", "User not found.");
259
+ }
260
+ const paged = paginateScimCollection(filtered, listRequest);
261
+ await state$1.recordScimEvent("enterprise.scim.read", true, "enterprise_scim", state$1.scimConfig._id);
262
+ return scimJson({
263
+ schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
264
+ Resources: paged.map(({ user, identity, member }) => serializeScimUser({
265
+ id: user._id,
266
+ user,
267
+ externalId: identity?.externalId,
268
+ location: `${state$1.url.origin}${state$1.url.pathname}/${user._id}`,
269
+ active: identity?.active ?? member.status === "active"
270
+ })),
271
+ totalResults: filtered.length,
272
+ startIndex: listRequest.startIndex,
273
+ itemsPerPage: paged.length
274
+ });
275
+ };
276
+ const handleUsersPost = async (state$1) => {
277
+ const body = await readScimJson(state$1.request);
278
+ const primaryEmail = Array.isArray(body.emails) ? body.emails.find((entry) => entry.primary === true)?.value ?? body.emails[0]?.value : void 0;
279
+ const phone = Array.isArray(body.phoneNumbers) ? body.phoneNumbers[0]?.value : void 0;
280
+ const userId = await state$1.ctx.runMutation(config.component.public.userInsert, { data: {
281
+ name: body.displayName ?? body.name?.formatted,
282
+ email: primaryEmail ?? body.userName,
283
+ ...typeof (primaryEmail ?? body.userName) === "string" ? { emailVerificationTime: Date.now() } : {},
284
+ phone,
285
+ ...typeof phone === "string" ? { phoneVerificationTime: Date.now() } : {}
286
+ } });
287
+ try {
288
+ await auth.member.create(state$1.ctx, {
289
+ groupId: state$1.enterprise.groupId,
290
+ userId,
291
+ roleIds: state$1.policy.provisioning.jit.defaultRoleIds,
292
+ status: body.active === false ? "inactive" : "active"
293
+ });
294
+ } catch {}
295
+ if (typeof body.externalId === "string") await state$1.ctx.runMutation(config.component.public.enterpriseScimIdentityUpsert, {
296
+ enterpriseId: state$1.enterprise._id,
297
+ groupId: state$1.enterprise.groupId,
298
+ resourceType: "user",
299
+ externalId: body.externalId,
300
+ userId,
301
+ active: body.active !== false,
302
+ raw: body,
303
+ lastProvisionedAt: Date.now()
304
+ });
305
+ await state$1.recordScimEvent("enterprise.scim.user.created", true, "user", userId);
306
+ const createdUser = await auth.user.get(state$1.ctx, userId);
307
+ const location = `${state$1.url.origin}${state$1.url.pathname}/${userId}`;
308
+ return scimJson(serializeScimUser({
309
+ id: userId,
310
+ user: createdUser ?? {},
311
+ externalId: body.externalId,
312
+ location,
313
+ active: body.active !== false
314
+ }), 201, { Location: location });
315
+ };
316
+ const handleUsersUpsert = async (state$1) => {
317
+ const missing = requireScimResourceId(state$1.parsedPath.resourceId, "User");
318
+ if (missing) return missing;
319
+ const userId = state$1.parsedPath.resourceId;
320
+ const existingUser = await auth.user.get(state$1.ctx, userId);
321
+ if (!existingUser) return scimError(404, "notFound", "User not found.");
322
+ const body = await readScimJson(state$1.request);
323
+ const patchData = {};
324
+ let nextActive;
325
+ if (state$1.request.method === "PUT") {
326
+ patchData.name = body.displayName ?? body.name?.formatted;
327
+ patchData.email = body.userName ?? (Array.isArray(body.emails) ? body.emails[0]?.value : void 0);
328
+ patchData.phone = Array.isArray(body.phoneNumbers) ? body.phoneNumbers[0]?.value : void 0;
329
+ if (typeof patchData.email === "string") patchData.emailVerificationTime = Date.now();
330
+ if (typeof patchData.phone === "string") patchData.phoneVerificationTime = Date.now();
331
+ } else for (const operation of Array.isArray(body.Operations) ? body.Operations : []) {
332
+ if (operation.path === "active") nextActive = operation.value;
333
+ if (operation.path === "displayName" || operation.path === "name.formatted") patchData.name = operation.value;
334
+ if (operation.path === "userName" || operation.path === "emails.value") {
335
+ patchData.email = operation.value;
336
+ if (typeof operation.value === "string") patchData.emailVerificationTime = Date.now();
337
+ }
338
+ if (operation.path === "phoneNumbers.value") {
339
+ patchData.phone = operation.value;
340
+ if (typeof operation.value === "string") patchData.phoneVerificationTime = Date.now();
341
+ }
342
+ }
343
+ await state$1.ctx.runMutation(config.component.public.userPatch, {
344
+ userId,
345
+ data: patchData
346
+ });
347
+ const resolution = await auth.member.resolve(state$1.ctx, {
348
+ groupId: state$1.enterprise.groupId,
349
+ userId
350
+ });
351
+ if (resolution.membership) await auth.member.update(state$1.ctx, resolution.membership._id, { status: body.active === false || nextActive === false ? "inactive" : "active" });
352
+ await state$1.ctx.runMutation(config.component.public.enterpriseScimIdentityUpsert, {
353
+ enterpriseId: state$1.enterprise._id,
354
+ groupId: state$1.enterprise.groupId,
355
+ resourceType: "user",
356
+ externalId: typeof body.externalId === "string" ? body.externalId : (await state$1.ctx.runQuery(config.component.public.enterpriseScimIdentityGetByEnterpriseAndUser, {
357
+ enterpriseId: state$1.enterprise._id,
358
+ userId
359
+ }))?.externalId ?? userId,
360
+ userId,
361
+ active: body.active !== false && nextActive !== false,
362
+ raw: body,
363
+ lastProvisionedAt: Date.now()
364
+ });
365
+ await state$1.recordScimEvent("enterprise.scim.user.updated", true, "user", userId);
366
+ const updatedUser = await auth.user.get(state$1.ctx, userId);
367
+ const location = `${state$1.url.origin}${state$1.url.pathname}`;
368
+ return scimJson(serializeScimUser({
369
+ id: userId,
370
+ user: updatedUser ?? existingUser,
371
+ externalId: typeof body.externalId === "string" ? body.externalId : void 0,
372
+ location,
373
+ active: body.active !== false && nextActive !== false
374
+ }), 200, { Location: location });
375
+ };
376
+ const handleUsersDelete = async (state$1) => {
377
+ const missing = requireScimResourceId(state$1.parsedPath.resourceId, "User");
378
+ if (missing) return missing;
379
+ const userId = state$1.parsedPath.resourceId;
380
+ const resolution = await auth.member.resolve(state$1.ctx, {
381
+ groupId: state$1.enterprise.groupId,
382
+ userId
383
+ });
384
+ if (resolution.membership) await auth.member.delete(state$1.ctx, resolution.membership._id);
385
+ const identity = await state$1.ctx.runQuery(config.component.public.enterpriseScimIdentityGetByEnterpriseAndUser, {
386
+ enterpriseId: state$1.enterprise._id,
387
+ userId
388
+ });
389
+ if (identity) if (state$1.policy.provisioning.deprovision.mode === "hard") await state$1.ctx.runMutation(config.component.public.enterpriseScimIdentityDelete, { identityId: identity._id });
390
+ else await state$1.ctx.runMutation(config.component.public.enterpriseScimIdentityUpsert, {
391
+ enterpriseId: identity.enterpriseId,
392
+ groupId: identity.groupId,
393
+ resourceType: identity.resourceType,
394
+ externalId: identity.externalId,
395
+ userId: identity.userId,
396
+ mappedGroupId: identity.mappedGroupId,
397
+ active: false,
398
+ raw: identity.raw,
399
+ lastProvisionedAt: Date.now()
400
+ });
401
+ await state$1.recordScimEvent("enterprise.scim.user.deleted", true, "user", userId);
402
+ return new Response(null, { status: 204 });
403
+ };
404
+ const handleGroupsGet = async (state$1) => {
405
+ const groupsList = await auth.group.list(state$1.ctx, {
406
+ where: { parentGroupId: state$1.enterprise.groupId },
407
+ limit: 100
408
+ });
409
+ const identities = await state$1.ctx.runQuery(config.component.public.enterpriseScimIdentityListByEnterprise, { enterpriseId: state$1.enterprise._id });
410
+ const identityByGroupId = new Map(identities.filter((identity) => identity.mappedGroupId !== void 0).map((identity) => [identity.mappedGroupId, identity]));
411
+ const groups = groupsList.items.map((group) => ({
412
+ group,
413
+ identity: identityByGroupId.get(group._id)
414
+ }));
415
+ const listRequest = parseScimListRequest(state$1.url);
416
+ const filtered = filterScimCollection(groups, listRequest.filter, {
417
+ id: (item, value) => item.group._id === value,
418
+ externalId: (item, value) => item.identity?.externalId === value,
419
+ displayName: (item, value) => item.group.name === value
420
+ });
421
+ if (state$1.parsedPath.resourceId) {
422
+ const resource = filtered.find(({ group }) => group._id === state$1.parsedPath.resourceId);
423
+ if (!resource) return scimError(404, "notFound", "Group not found.");
424
+ const members = (await auth.member.list(state$1.ctx, {
425
+ where: {
426
+ groupId: resource.group._id,
427
+ status: "active"
428
+ },
429
+ limit: 100
430
+ })).items.map((member) => ({ value: member.userId }));
431
+ const location = `${state$1.url.origin}${state$1.url.pathname.replace(/\/[^/]+$/, "")}/${resource.group._id}`;
432
+ return scimJson(serializeScimGroup({
433
+ id: resource.group._id,
434
+ group: resource.group,
435
+ externalId: resource.identity?.externalId,
436
+ location,
437
+ members
438
+ }), 200, { Location: location });
439
+ }
440
+ const paged = paginateScimCollection(filtered, listRequest);
441
+ return scimJson({
442
+ schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
443
+ Resources: paged.map(({ group, identity }) => serializeScimGroup({
444
+ id: group._id,
445
+ group,
446
+ externalId: identity?.externalId,
447
+ location: `${state$1.url.origin}${state$1.url.pathname}/${group._id}`
448
+ })),
449
+ totalResults: filtered.length,
450
+ startIndex: listRequest.startIndex,
451
+ itemsPerPage: paged.length
452
+ });
453
+ };
454
+ const handleGroupsPost = async (state$1) => {
455
+ const body = await readScimJson(state$1.request);
456
+ const { groupId } = await auth.group.create(state$1.ctx, {
457
+ name: String(body.displayName ?? "Group"),
458
+ parentGroupId: state$1.enterprise.groupId,
459
+ type: "organization"
460
+ });
461
+ await state$1.ctx.runMutation(config.component.public.enterpriseScimIdentityUpsert, {
462
+ enterpriseId: state$1.enterprise._id,
463
+ groupId: state$1.enterprise.groupId,
464
+ resourceType: "group",
465
+ externalId: body.externalId ?? groupId,
466
+ mappedGroupId: groupId,
467
+ active: true,
468
+ raw: body,
469
+ lastProvisionedAt: Date.now()
470
+ });
471
+ for (const member of Array.isArray(body.members) ? body.members : []) try {
472
+ await auth.member.create(state$1.ctx, {
473
+ groupId,
474
+ userId: String(member.value),
475
+ roleIds: state$1.policy.provisioning.jit.defaultRoleIds,
476
+ status: "active"
477
+ });
478
+ } catch {}
479
+ await state$1.recordScimEvent("enterprise.scim.group.created", true, "group", groupId);
480
+ const group = await auth.group.get(state$1.ctx, groupId);
481
+ const location = `${state$1.url.origin}${state$1.url.pathname}/${groupId}`;
482
+ return scimJson(serializeScimGroup({
483
+ id: groupId,
484
+ group: group ?? {},
485
+ externalId: body.externalId,
486
+ location,
487
+ members: (await auth.member.list(state$1.ctx, {
488
+ where: {
489
+ groupId,
490
+ status: "active"
491
+ },
492
+ limit: 100
493
+ })).items.map((member) => ({ value: member.userId }))
494
+ }), 201, { Location: location });
495
+ };
496
+ const handleGroupsPatch = async (state$1) => {
497
+ const missing = requireScimResourceId(state$1.parsedPath.resourceId, "Group");
498
+ if (missing) return missing;
499
+ const groupId = state$1.parsedPath.resourceId;
500
+ const body = await readScimJson(state$1.request);
501
+ for (const operation of Array.isArray(body.Operations) ? body.Operations : []) {
502
+ if (operation.path === "displayName") await auth.group.update(state$1.ctx, groupId, { name: operation.value });
503
+ if (operation.path === "members" && operation.op === "add") for (const member of Array.isArray(operation.value) ? operation.value : []) try {
504
+ await auth.member.create(state$1.ctx, {
505
+ groupId,
506
+ userId: String(member.value),
507
+ roleIds: state$1.policy.provisioning.jit.defaultRoleIds,
508
+ status: "active"
509
+ });
510
+ } catch {}
511
+ if (operation.path === "members" && operation.op === "replace") {
512
+ const currentMembers = (await auth.member.list(state$1.ctx, {
513
+ where: {
514
+ groupId,
515
+ status: "active"
516
+ },
517
+ limit: 100
518
+ })).items;
519
+ const currentUserIds = new Set(currentMembers.map((member) => member.userId));
520
+ const nextUserIds = new Set((Array.isArray(operation.value) ? operation.value : []).map((member) => String(member.value)));
521
+ for (const member of currentMembers) if (!nextUserIds.has(member.userId)) await auth.member.delete(state$1.ctx, member._id);
522
+ for (const userId of nextUserIds.values()) if (!currentUserIds.has(userId)) try {
523
+ await auth.member.create(state$1.ctx, {
524
+ groupId,
525
+ userId,
526
+ roleIds: state$1.policy.provisioning.jit.defaultRoleIds,
527
+ status: "active"
528
+ });
529
+ } catch {}
530
+ }
531
+ if (typeof operation.path === "string" && operation.op === "remove" && operation.path.startsWith("members[")) {
532
+ const userId = operation.path.match(/^members\[value eq "([^"]+)"\]$/)?.[1];
533
+ if (userId) {
534
+ const resolution = await auth.member.resolve(state$1.ctx, {
535
+ groupId,
536
+ userId
537
+ });
538
+ if (resolution.membership) await auth.member.delete(state$1.ctx, resolution.membership._id);
539
+ }
540
+ }
541
+ }
542
+ await state$1.recordScimEvent("enterprise.scim.group.updated", true, "group", groupId);
543
+ const group = await auth.group.get(state$1.ctx, groupId);
544
+ const location = `${state$1.url.origin}${state$1.url.pathname}`;
545
+ const members = (await auth.member.list(state$1.ctx, {
546
+ where: {
547
+ groupId,
548
+ status: "active"
549
+ },
550
+ limit: 100
551
+ })).items;
552
+ return scimJson(serializeScimGroup({
553
+ id: groupId,
554
+ group: group ?? {},
555
+ location,
556
+ members: members.map((member) => ({ value: member.userId }))
557
+ }), 200, { Location: location });
558
+ };
559
+ const handleGroupsDelete = async (state$1) => {
560
+ const missing = requireScimResourceId(state$1.parsedPath.resourceId, "Group");
561
+ if (missing) return missing;
562
+ const groupId = state$1.parsedPath.resourceId;
563
+ await auth.group.delete(state$1.ctx, groupId);
564
+ const identity = await state$1.ctx.runQuery(config.component.public.enterpriseScimIdentityGetByMappedGroup, { mappedGroupId: groupId });
565
+ if (identity) await state$1.ctx.runMutation(config.component.public.enterpriseScimIdentityDelete, { identityId: identity._id });
566
+ await state$1.recordScimEvent("enterprise.scim.group.deleted", true, "group", groupId);
567
+ return new Response(null, { status: 204 });
568
+ };
569
+ const handler = {
570
+ ServiceProviderConfig: { GET: async () => scimJson({
571
+ schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
572
+ patch: { supported: true },
573
+ bulk: {
574
+ supported: false,
575
+ maxOperations: 0,
576
+ maxPayloadSize: 0
577
+ },
578
+ filter: {
579
+ supported: true,
580
+ maxResults: 100
581
+ },
582
+ changePassword: { supported: false },
583
+ sort: { supported: false },
584
+ etag: { supported: false },
585
+ authenticationSchemes: [{
586
+ type: "oauthbearertoken",
587
+ name: "Bearer Token",
588
+ description: "Use the SCIM token generated by Convex Auth enterprise."
589
+ }]
590
+ }) },
591
+ Schemas: { GET: async (state$1) => handleStaticScimCollection(SCIM_SCHEMAS, state$1.parsedPath.resourceId, {
592
+ by: "id",
593
+ notFound: "Schema not found."
594
+ }) },
595
+ ResourceTypes: { GET: async (state$1) => handleStaticScimCollection(SCIM_RESOURCE_TYPES, state$1.parsedPath.resourceId, {
596
+ by: "name",
597
+ notFound: "Resource type not found."
598
+ }) },
599
+ Users: {
600
+ GET: handleUsersGet,
601
+ POST: handleUsersPost,
602
+ PATCH: handleUsersUpsert,
603
+ PUT: handleUsersUpsert,
604
+ DELETE: handleUsersDelete
605
+ },
606
+ Groups: {
607
+ GET: handleGroupsGet,
608
+ POST: handleGroupsPost,
609
+ PATCH: handleGroupsPatch,
610
+ DELETE: handleGroupsDelete
611
+ }
612
+ }[state.parsedPath.resource]?.[state.request.method];
613
+ return handler ? await handler(state) : scimError(404, "notFound", "SCIM resource not found.");
614
+ } catch (error) {
615
+ if (error instanceof Error && error.message === "Unsupported SCIM filter.") return scimError(400, "invalidFilter", error.message);
616
+ if (isAuthError(error)) {
617
+ const code = error.data.code;
618
+ return scimError(code === "MISSING_BEARER_TOKEN" || code === "INVALID_API_KEY" ? 401 : 400, code, error.data.message);
619
+ }
620
+ throw error;
621
+ }
622
+ };
623
+ addSSORoutes(http, {
624
+ routeBase: ENTERPRISE_CONTROL_ROUTE_BASE,
625
+ convertErrorsToResponse,
626
+ handleSamlMetadata: async (ctx, _request, runtimeRoute) => {
627
+ const { loaded } = await loadActiveEnterpriseSamlOrThrow(ctx, runtimeRoute.enterpriseId);
628
+ return new Response(createEnterpriseSamlMetadataXml({
629
+ rootUrl: requireEnv("CONVEX_SITE_URL"),
630
+ source: loaded.source,
631
+ config: loaded.config
632
+ }), {
633
+ status: 200,
634
+ headers: { "Content-Type": "application/xml" }
635
+ });
636
+ },
637
+ handleSamlSignIn: async (ctx, request, runtimeRoute) => {
638
+ const url = new URL(request.url);
639
+ const verifier = url.searchParams.get("code");
640
+ if (!verifier) throw new AuthError("OAUTH_MISSING_VERIFIER").toConvexError();
641
+ const { loaded, enterprise } = await loadActiveEnterpriseSamlOrThrow(ctx, runtimeRoute.enterpriseId);
642
+ const state = generateRandomString(24, INVITE_TOKEN_ALPHABET);
643
+ const signInRequest = createEnterpriseSamlSignInRequest({
644
+ rootUrl: requireEnv("CONVEX_SITE_URL"),
645
+ source: {
646
+ kind: "enterprise",
647
+ id: enterprise._id
648
+ },
649
+ config: loaded.config,
650
+ state,
651
+ signature: `saml ${enterprise._id} pending ${state}`,
652
+ redirectTo: url.searchParams.get("redirectTo") ?? void 0
653
+ });
654
+ const signature = `saml ${enterprise._id} ${signInRequest.requestId} ${state}`;
655
+ await callVerifierSignature(ctx, {
656
+ verifier,
657
+ signature
658
+ });
659
+ const redirectTo = url.searchParams.get("redirectTo");
660
+ const redirectCookies = redirectTo !== null ? [redirectToParamCookie(enterpriseSamlProviderId(enterprise._id), redirectTo)] : [];
661
+ const relayState = encodeEnterpriseSamlRelayState({
662
+ source: {
663
+ kind: "enterprise",
664
+ id: enterprise._id
665
+ },
666
+ signature,
667
+ requestId: signInRequest.requestId,
668
+ state,
669
+ redirectTo: url.searchParams.get("redirectTo") ?? void 0
670
+ });
671
+ if (signInRequest.binding === "redirect" && signInRequest.redirectUrl) {
672
+ const redirectUrl = new URL(signInRequest.redirectUrl);
673
+ redirectUrl.searchParams.set("RelayState", relayState);
674
+ const headers = new Headers({ Location: redirectUrl.toString() });
675
+ for (const { name, value, options } of redirectCookies) headers.append("Set-Cookie", serialize(name, value, options));
676
+ return new Response(null, {
677
+ status: 302,
678
+ headers
679
+ });
680
+ }
681
+ const response = createSamlPostBindingResponse({
682
+ endpoint: signInRequest.post.endpoint,
683
+ parameter: "SAMLRequest",
684
+ value: signInRequest.post.value,
685
+ relayState
686
+ });
687
+ for (const { name, value, options } of redirectCookies) response.headers.append("Set-Cookie", serialize(name, value, options));
688
+ return response;
689
+ },
690
+ handleOidcSignIn: async (ctx, request, runtimeRoute) => {
691
+ const url = new URL(request.url);
692
+ const verifier = url.searchParams.get("code");
693
+ if (!verifier) throw new AuthError("OAUTH_MISSING_VERIFIER").toConvexError();
694
+ const { enterprise, oidc } = await loadEnterpriseOidcOrThrow(ctx, runtimeRoute.enterpriseId);
695
+ const { providerId, provider, oauthConfig } = await createEnterpriseOidcRuntime({
696
+ rootUrl: requireEnv("CONVEX_SITE_URL"),
697
+ enterpriseId: enterprise._id,
698
+ oidc
699
+ });
700
+ const { redirect, cookies, signature } = await createOAuthAuthorizationURL(providerId, provider, oauthConfig);
701
+ await callVerifierSignature(ctx, {
702
+ verifier,
703
+ signature
704
+ });
705
+ const redirectTo = url.searchParams.get("redirectTo");
706
+ const headers_ = new Headers({ Location: redirect });
707
+ for (const { name, value, options } of [...cookies, ...redirectTo !== null ? [redirectToParamCookie(providerId, redirectTo)] : []]) headers_.append("Set-Cookie", serialize(name, value, options));
708
+ return new Response(null, {
709
+ status: 302,
710
+ headers: headers_
711
+ });
712
+ },
713
+ handleOidcCallback: async (ctx, request, runtimeRoute) => {
714
+ const url = new URL(request.url);
715
+ const { enterprise, oidc } = await loadEnterpriseOidcOrThrow(ctx, runtimeRoute.enterpriseId);
716
+ const { providerId, provider, oauthConfig } = await createEnterpriseOidcRuntime({
717
+ rootUrl: requireEnv("CONVEX_SITE_URL"),
718
+ enterpriseId: enterprise._id,
719
+ oidc
720
+ });
721
+ const cookies = getCookies(request);
722
+ const maybeRedirectTo = useRedirectToParam(providerId, cookies);
723
+ const destinationUrl = await redirectAbsoluteUrl(config, { redirectTo: maybeRedirectTo?.redirectTo });
724
+ const params = url.searchParams;
725
+ const result = await Fx.run(handleOAuthCallback(providerId, provider, oauthConfig, Object.fromEntries(params.entries()), cookies));
726
+ const extraFields = oidc.extraFields;
727
+ let profile = result.profile;
728
+ if (extraFields && typeof profile === "object" && profile) {
729
+ const extend = {};
730
+ for (const [claimName, fieldName] of Object.entries(extraFields)) if (claimName in profile) extend[fieldName] = profile[claimName];
731
+ if (Object.keys(extend).length > 0) profile = {
732
+ ...profile,
733
+ extend
734
+ };
735
+ }
736
+ const verificationCode = await callUserOAuth(ctx, {
737
+ provider: providerId,
738
+ providerAccountId: result.providerAccountId,
739
+ profile,
740
+ signature: result.signature,
741
+ accountExtend: { identity: {
742
+ protocol: "oidc",
743
+ enterpriseId: enterprise._id,
744
+ subject: result.providerAccountId,
745
+ issuer: typeof oidc.issuer === "string" ? oidc.issuer : void 0,
746
+ discoveryUrl: typeof oidc.discoveryUrl === "string" ? oidc.discoveryUrl : void 0
747
+ } }
748
+ });
749
+ const headers = new Headers({ Location: setURLSearchParam(destinationUrl, "code", verificationCode) });
750
+ for (const { name, value, options } of result.cookies) headers.append("Set-Cookie", serialize(name, value, options));
751
+ if (maybeRedirectTo) headers.append("Set-Cookie", serialize(maybeRedirectTo.updatedCookie.name, maybeRedirectTo.updatedCookie.value, maybeRedirectTo.updatedCookie.options));
752
+ return new Response(null, {
753
+ status: 302,
754
+ headers
755
+ });
756
+ },
757
+ handleSamlAcs,
758
+ handleSamlSlo,
759
+ handleScimRequest,
760
+ scimError
761
+ });
762
+ }
763
+
764
+ //#endregion
765
+ export { addEnterpriseHttpRuntime };
766
+ //# sourceMappingURL=http.js.map