npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.2 → 0.0.4-preview.21 - Mend

@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (798) hide show

package/README.md +67 -26
package/dist/authorization/index.d.ts +63 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +63 -0
package/dist/authorization/index.js.map +1 -0
package/dist/bin.js +6185 -0
package/dist/client/core/types.d.ts +20 -0
package/dist/client/core/types.d.ts.map +1 -0
package/dist/client/index.d.ts +2 -299
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +407 -534
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/api.d.ts +42 -0
package/dist/component/_generated/api.d.ts.map +1 -1
package/dist/component/_generated/api.js.map +1 -1
package/dist/component/_generated/component.d.ts +2546 -90
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/client/core/types.d.ts +2 -0
package/dist/component/client/index.d.ts +2 -0
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/functions.d.ts +11 -9
package/dist/component/functions.d.ts.map +1 -1
package/dist/component/functions.js.map +1 -1
package/dist/component/index.d.ts +7 -11
package/dist/component/index.js +2 -3
package/dist/component/model.d.ts +153 -0
package/dist/component/model.d.ts.map +1 -0
package/dist/component/model.js +349 -0
package/dist/component/model.js.map +1 -0
package/dist/component/providers/anonymous.d.ts +54 -0
package/dist/component/providers/anonymous.d.ts.map +1 -0
package/dist/component/providers/credentials.d.ts +5 -5
package/dist/component/providers/credentials.d.ts.map +1 -1
package/dist/component/providers/device.d.ts +67 -0
package/dist/component/providers/device.d.ts.map +1 -0
package/dist/component/providers/email.d.ts +62 -0
package/dist/component/providers/email.d.ts.map +1 -0
package/dist/component/providers/oauth.d.ts.map +1 -1
package/dist/component/providers/oauth.js.map +1 -1
package/dist/component/providers/passkey.d.ts +57 -0
package/dist/component/providers/passkey.d.ts.map +1 -0
package/dist/component/providers/password.d.ts +88 -0
package/dist/component/providers/password.d.ts.map +1 -0
package/dist/component/providers/phone.d.ts +48 -0
package/dist/component/providers/phone.d.ts.map +1 -0
package/dist/component/providers/sso.d.ts +50 -0
package/dist/component/providers/sso.d.ts.map +1 -0
package/dist/component/providers/totp.d.ts +45 -0
package/dist/component/providers/totp.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.d.ts +73 -0
package/dist/component/public/enterprise/audit.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.js +108 -0
package/dist/component/public/enterprise/audit.js.map +1 -0
package/dist/component/public/enterprise/core.d.ts +176 -0
package/dist/component/public/enterprise/core.d.ts.map +1 -0
package/dist/component/public/enterprise/core.js +292 -0
package/dist/component/public/enterprise/core.js.map +1 -0
package/dist/component/public/enterprise/domains.d.ts +174 -0
package/dist/component/public/enterprise/domains.d.ts.map +1 -0
package/dist/component/public/enterprise/domains.js +271 -0
package/dist/component/public/enterprise/domains.js.map +1 -0
package/dist/component/public/enterprise/scim.d.ts +245 -0
package/dist/component/public/enterprise/scim.d.ts.map +1 -0
package/dist/component/public/enterprise/scim.js +344 -0
package/dist/component/public/enterprise/scim.js.map +1 -0
package/dist/component/public/enterprise/secrets.d.ts +78 -0
package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
package/dist/component/public/enterprise/secrets.js +118 -0
package/dist/component/public/enterprise/secrets.js.map +1 -0
package/dist/component/public/enterprise/webhooks.d.ts +211 -0
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
package/dist/component/public/enterprise/webhooks.js +300 -0
package/dist/component/public/enterprise/webhooks.js.map +1 -0
package/dist/component/public/factors/devices.d.ts +157 -0
package/dist/component/public/factors/devices.d.ts.map +1 -0
package/dist/component/public/factors/devices.js +216 -0
package/dist/component/public/factors/devices.js.map +1 -0
package/dist/component/public/factors/passkeys.d.ts +175 -0
package/dist/component/public/factors/passkeys.d.ts.map +1 -0
package/dist/component/public/factors/passkeys.js +238 -0
package/dist/component/public/factors/passkeys.js.map +1 -0
package/dist/component/public/factors/totp.d.ts +189 -0
package/dist/component/public/factors/totp.d.ts.map +1 -0
package/dist/component/public/factors/totp.js +254 -0
package/dist/component/public/factors/totp.js.map +1 -0
package/dist/component/public/groups/core.d.ts +137 -0
package/dist/component/public/groups/core.d.ts.map +1 -0
package/dist/component/public/groups/core.js +321 -0
package/dist/component/public/groups/core.js.map +1 -0
package/dist/component/public/groups/invites.d.ts +217 -0
package/dist/component/public/groups/invites.d.ts.map +1 -0
package/dist/component/public/groups/invites.js +457 -0
package/dist/component/public/groups/invites.js.map +1 -0
package/dist/component/public/groups/members.d.ts +204 -0
package/dist/component/public/groups/members.d.ts.map +1 -0
package/dist/component/public/groups/members.js +355 -0
package/dist/component/public/groups/members.js.map +1 -0
package/dist/component/public/identity/accounts.d.ts +147 -0
package/dist/component/public/identity/accounts.d.ts.map +1 -0
package/dist/component/public/identity/accounts.js +200 -0
package/dist/component/public/identity/accounts.js.map +1 -0
package/dist/component/public/identity/codes.d.ts +104 -0
package/dist/component/public/identity/codes.d.ts.map +1 -0
package/dist/component/public/identity/codes.js +140 -0
package/dist/component/public/identity/codes.js.map +1 -0
package/dist/component/public/identity/sessions.d.ts +128 -0
package/dist/component/public/identity/sessions.d.ts.map +1 -0
package/dist/component/public/identity/sessions.js +192 -0
package/dist/component/public/identity/sessions.js.map +1 -0
package/dist/component/public/identity/tokens.d.ts +169 -0
package/dist/component/public/identity/tokens.d.ts.map +1 -0
package/dist/component/public/identity/tokens.js +227 -0
package/dist/component/public/identity/tokens.js.map +1 -0
package/dist/component/public/identity/users.d.ts +212 -0
package/dist/component/public/identity/users.d.ts.map +1 -0
package/dist/component/public/identity/users.js +311 -0
package/dist/component/public/identity/users.js.map +1 -0
package/dist/component/public/identity/verifiers.d.ts +116 -0
package/dist/component/public/identity/verifiers.d.ts.map +1 -0
package/dist/component/public/identity/verifiers.js +154 -0
package/dist/component/public/identity/verifiers.js.map +1 -0
package/dist/component/public/security/keys.d.ts +209 -0
package/dist/component/public/security/keys.d.ts.map +1 -0
package/dist/component/public/security/keys.js +319 -0
package/dist/component/public/security/keys.js.map +1 -0
package/dist/component/public/security/limits.d.ts +114 -0
package/dist/component/public/security/limits.d.ts.map +1 -0
package/dist/component/public/security/limits.js +169 -0
package/dist/component/public/security/limits.js.map +1 -0
package/dist/component/public.d.ts +24 -271
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +21 -1229
package/dist/component/schema.d.ts +473 -110
package/dist/component/schema.js +162 -73
package/dist/component/schema.js.map +1 -1
package/dist/component/server/auth.d.ts +318 -373
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +204 -123
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/authError.js +34 -0
package/dist/component/server/authError.js.map +1 -0
package/dist/component/server/{providers.js → config.js} +43 -12
package/dist/component/server/config.js.map +1 -0
package/dist/component/server/cookies.js +3 -0
package/dist/component/server/cookies.js.map +1 -1
package/dist/component/server/core.js +713 -0
package/dist/component/server/core.js.map +1 -0
package/dist/component/server/crypto.js +38 -0
package/dist/component/server/crypto.js.map +1 -0
package/dist/component/server/{implementation/db.js → db.js} +2 -1
package/dist/component/server/db.js.map +1 -0
package/dist/component/server/device.js +109 -0
package/dist/component/server/device.js.map +1 -0
package/dist/component/server/enterprise/config.js +46 -0
package/dist/component/server/enterprise/config.js.map +1 -0
package/dist/component/server/enterprise/domain.js +885 -0
package/dist/component/server/enterprise/domain.js.map +1 -0
package/dist/component/server/enterprise/http.js +766 -0
package/dist/component/server/enterprise/http.js.map +1 -0
package/dist/component/server/enterprise/oidc.js +248 -0
package/dist/component/server/enterprise/oidc.js.map +1 -0
package/dist/component/server/enterprise/policy.js +85 -0
package/dist/component/server/enterprise/policy.js.map +1 -0
package/dist/component/server/enterprise/saml.js +338 -0
package/dist/component/server/enterprise/saml.js.map +1 -0
package/dist/component/server/enterprise/scim.js +97 -0
package/dist/component/server/enterprise/scim.js.map +1 -0
package/dist/component/server/enterprise/shared.js +51 -0
package/dist/component/server/enterprise/shared.js.map +1 -0
package/dist/component/server/errors.d.ts +1 -0
package/dist/component/server/errors.js +24 -16
package/dist/component/server/errors.js.map +1 -1
package/dist/component/server/http.js +288 -0
package/dist/component/server/http.js.map +1 -0
package/dist/component/server/identity.js +13 -0
package/dist/component/server/identity.js.map +1 -0
package/dist/{server/implementation → component/server}/keys.js +9 -31
package/dist/component/server/keys.js.map +1 -0
package/dist/component/server/limits.js +61 -0
package/dist/component/server/limits.js.map +1 -0
package/dist/component/server/mutations/account.js +44 -0
package/dist/component/server/mutations/account.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/component/server/mutations/code.js.map +1 -0
package/dist/component/server/mutations/invalidate.js +32 -0
package/dist/component/server/mutations/invalidate.js.map +1 -0
package/dist/component/server/mutations/oauth.js +110 -0
package/dist/component/server/mutations/oauth.js.map +1 -0
package/dist/component/server/mutations/refresh.js +119 -0
package/dist/component/server/mutations/refresh.js.map +1 -0
package/dist/component/server/mutations/register.js +83 -0
package/dist/component/server/mutations/register.js.map +1 -0
package/dist/component/server/mutations/retrieve.js +65 -0
package/dist/component/server/mutations/retrieve.js.map +1 -0
package/dist/component/server/mutations/signature.js +32 -0
package/dist/component/server/mutations/signature.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/component/server/mutations/signin.js.map +1 -0
package/dist/component/server/mutations/signout.js +27 -0
package/dist/component/server/mutations/signout.js.map +1 -0
package/dist/component/server/mutations/store/refs.js +15 -0
package/dist/component/server/mutations/store/refs.js.map +1 -0
package/dist/component/server/mutations/store.js +85 -0
package/dist/component/server/mutations/store.js.map +1 -0
package/dist/component/server/mutations/verifier.js +18 -0
package/dist/component/server/mutations/verifier.js.map +1 -0
package/dist/component/server/mutations/verify.js +98 -0
package/dist/component/server/mutations/verify.js.map +1 -0
package/dist/component/server/oauth.js +106 -60
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +328 -0
package/dist/component/server/passkey.js.map +1 -0
package/dist/{server/implementation → component/server}/redirects.js +13 -11
package/dist/component/server/redirects.js.map +1 -0
package/dist/component/server/refresh.js +96 -0
package/dist/component/server/refresh.js.map +1 -0
package/dist/component/server/runtime.d.ts +136 -0
package/dist/component/server/runtime.d.ts.map +1 -0
package/dist/component/server/runtime.js +413 -0
package/dist/component/server/runtime.js.map +1 -0
package/dist/{server/implementation → component/server}/sessions.js +14 -8
package/dist/component/server/sessions.js.map +1 -0
package/dist/component/server/signin.js +201 -0
package/dist/component/server/signin.js.map +1 -0
package/dist/component/server/tokens.js +17 -0
package/dist/component/server/tokens.js.map +1 -0
package/dist/component/server/totp.js +148 -0
package/dist/component/server/totp.js.map +1 -0
package/dist/component/server/types.d.ts +387 -298
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/{implementation/types.js → types.js} +1 -1
package/dist/component/server/types.js.map +1 -0
package/dist/component/server/{implementation/users.js → users.js} +54 -35
package/dist/component/server/users.js.map +1 -0
package/dist/component/server/utils.js +110 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +369 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/factors/device.js +105 -0
package/dist/factors/device.js.map +1 -0
package/dist/factors/passkey.js +181 -0
package/dist/factors/passkey.js.map +1 -0
package/dist/factors/totp.js +122 -0
package/dist/factors/totp.js.map +1 -0
package/dist/providers/anonymous.d.ts +3 -9
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +1 -18
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +8 -10
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -5
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/device.d.ts +18 -10
package/dist/providers/device.d.ts.map +1 -1
package/dist/providers/device.js +4 -8
package/dist/providers/device.js.map +1 -1
package/dist/providers/email.d.ts +50 -23
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +58 -34
package/dist/providers/email.js.map +1 -1
package/dist/providers/index.d.ts +7 -3
package/dist/providers/index.js +4 -1
package/dist/providers/oauth.d.ts.map +1 -1
package/dist/providers/oauth.js.map +1 -1
package/dist/providers/passkey.d.ts +12 -9
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +1 -7
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +6 -12
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +189 -89
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +40 -11
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +52 -21
package/dist/providers/phone.js.map +1 -1
package/dist/providers/sso.d.ts +50 -0
package/dist/providers/sso.d.ts.map +1 -0
package/dist/providers/sso.js +34 -0
package/dist/providers/sso.js.map +1 -0
package/dist/providers/totp.d.ts +12 -9
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +1 -7
package/dist/providers/totp.js.map +1 -1
package/dist/runtime/browser.js +68 -0
package/dist/runtime/browser.js.map +1 -0
package/dist/runtime/invite.js +51 -0
package/dist/runtime/invite.js.map +1 -0
package/dist/runtime/proxy.js +70 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/storage.js +37 -0
package/dist/runtime/storage.js.map +1 -0
package/dist/server/auth.d.ts +335 -370
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +204 -123
package/dist/server/auth.js.map +1 -1
package/dist/server/authError.d.ts +46 -0
package/dist/server/authError.d.ts.map +1 -0
package/dist/server/authError.js +34 -0
package/dist/server/authError.js.map +1 -0
package/dist/server/config.d.ts +1 -0
package/dist/server/{providers.js → config.js} +43 -12
package/dist/server/config.js.map +1 -0
package/dist/server/cookies.d.ts +1 -38
package/dist/server/cookies.js +3 -0
package/dist/server/cookies.js.map +1 -1
package/dist/server/core.d.ts +1436 -0
package/dist/server/core.d.ts.map +1 -0
package/dist/server/core.js +713 -0
package/dist/server/core.js.map +1 -0
package/dist/server/crypto.d.ts +8 -0
package/dist/server/crypto.d.ts.map +1 -0
package/dist/server/crypto.js +38 -0
package/dist/server/crypto.js.map +1 -0
package/dist/server/db.d.ts +1 -0
package/dist/server/{implementation/db.js → db.js} +2 -1
package/dist/server/db.js.map +1 -0
package/dist/server/device.d.ts +1 -0
package/dist/server/device.js +109 -0
package/dist/server/device.js.map +1 -0
package/dist/server/enterprise/config.d.ts +1 -0
package/dist/server/enterprise/config.js +46 -0
package/dist/server/enterprise/config.js.map +1 -0
package/dist/server/enterprise/domain.d.ts +409 -0
package/dist/server/enterprise/domain.d.ts.map +1 -0
package/dist/server/enterprise/domain.js +885 -0
package/dist/server/enterprise/domain.js.map +1 -0
package/dist/server/enterprise/http.d.ts +26 -0
package/dist/server/enterprise/http.d.ts.map +1 -0
package/dist/server/enterprise/http.js +766 -0
package/dist/server/enterprise/http.js.map +1 -0
package/dist/server/enterprise/oidc.d.ts +1 -0
package/dist/server/enterprise/oidc.js +248 -0
package/dist/server/enterprise/oidc.js.map +1 -0
package/dist/server/enterprise/policy.d.ts +1 -0
package/dist/server/enterprise/policy.js +85 -0
package/dist/server/enterprise/policy.js.map +1 -0
package/dist/server/enterprise/saml.d.ts +1 -0
package/dist/server/enterprise/saml.js +338 -0
package/dist/server/enterprise/saml.js.map +1 -0
package/dist/server/enterprise/scim.d.ts +1 -0
package/dist/server/enterprise/scim.js +97 -0
package/dist/server/enterprise/scim.js.map +1 -0
package/dist/server/enterprise/shared.d.ts +5 -0
package/dist/server/enterprise/shared.d.ts.map +1 -0
package/dist/server/enterprise/shared.js +51 -0
package/dist/server/enterprise/shared.js.map +1 -0
package/dist/server/enterprise/validators.d.ts +1 -0
package/dist/server/enterprise/validators.js +60 -0
package/dist/server/enterprise/validators.js.map +1 -0
package/dist/server/errors.d.ts +33 -1
package/dist/server/errors.d.ts.map +1 -1
package/dist/server/errors.js +44 -1
package/dist/server/errors.js.map +1 -1
package/dist/server/http.d.ts +59 -0
package/dist/server/http.d.ts.map +1 -0
package/dist/server/http.js +288 -0
package/dist/server/http.js.map +1 -0
package/dist/server/identity.d.ts +1 -0
package/dist/server/identity.js +13 -0
package/dist/server/identity.js.map +1 -0
package/dist/server/index.d.ts +4 -182
package/dist/server/index.js +4 -376
package/dist/server/keys.d.ts +1 -0
package/dist/{component/server/implementation → server}/keys.js +9 -31
package/dist/server/keys.js.map +1 -0
package/dist/server/limits.d.ts +1 -0
package/dist/server/limits.js +61 -0
package/dist/server/limits.js.map +1 -0
package/dist/server/mounts.d.ts +647 -0
package/dist/server/mounts.d.ts.map +1 -0
package/dist/server/mounts.js +643 -0
package/dist/server/mounts.js.map +1 -0
package/dist/server/mutations/account.d.ts +30 -0
package/dist/server/mutations/account.d.ts.map +1 -0
package/dist/server/mutations/account.js +44 -0
package/dist/server/mutations/account.js.map +1 -0
package/dist/server/mutations/code.d.ts +30 -0
package/dist/server/mutations/code.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/server/mutations/code.js.map +1 -0
package/dist/server/mutations/index.d.ts +14 -0
package/dist/server/mutations/index.js +15 -0
package/dist/server/mutations/invalidate.d.ts +20 -0
package/dist/server/mutations/invalidate.d.ts.map +1 -0
package/dist/server/mutations/invalidate.js +32 -0
package/dist/server/mutations/invalidate.js.map +1 -0
package/dist/server/mutations/oauth.d.ts +28 -0
package/dist/server/mutations/oauth.d.ts.map +1 -0
package/dist/server/mutations/oauth.js +110 -0
package/dist/server/mutations/oauth.js.map +1 -0
package/dist/server/mutations/refresh.d.ts +21 -0
package/dist/server/mutations/refresh.d.ts.map +1 -0
package/dist/server/mutations/refresh.js +119 -0
package/dist/server/mutations/refresh.js.map +1 -0
package/dist/server/mutations/register.d.ts +38 -0
package/dist/server/mutations/register.d.ts.map +1 -0
package/dist/server/mutations/register.js +83 -0
package/dist/server/mutations/register.js.map +1 -0
package/dist/server/mutations/retrieve.d.ts +33 -0
package/dist/server/mutations/retrieve.d.ts.map +1 -0
package/dist/server/mutations/retrieve.js +65 -0
package/dist/server/mutations/retrieve.js.map +1 -0
package/dist/server/mutations/signature.d.ts +22 -0
package/dist/server/mutations/signature.d.ts.map +1 -0
package/dist/server/mutations/signature.js +32 -0
package/dist/server/mutations/signature.js.map +1 -0
package/dist/server/mutations/signin.d.ts +22 -0
package/dist/server/mutations/signin.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/server/mutations/signin.js.map +1 -0
package/dist/server/mutations/signout.d.ts +16 -0
package/dist/server/mutations/signout.d.ts.map +1 -0
package/dist/server/mutations/signout.js +27 -0
package/dist/server/mutations/signout.js.map +1 -0
package/dist/server/mutations/store/refs.d.ts +12 -0
package/dist/server/mutations/store/refs.d.ts.map +1 -0
package/dist/server/mutations/store/refs.js +15 -0
package/dist/server/mutations/store/refs.js.map +1 -0
package/dist/server/mutations/store.d.ts +306 -0
package/dist/server/mutations/store.d.ts.map +1 -0
package/dist/server/mutations/store.js +85 -0
package/dist/server/mutations/store.js.map +1 -0
package/dist/server/mutations/verifier.d.ts +13 -0
package/dist/server/mutations/verifier.d.ts.map +1 -0
package/dist/server/mutations/verifier.js +18 -0
package/dist/server/mutations/verifier.js.map +1 -0
package/dist/server/mutations/verify.d.ts +26 -0
package/dist/server/mutations/verify.d.ts.map +1 -0
package/dist/server/mutations/verify.js +98 -0
package/dist/server/mutations/verify.js.map +1 -0
package/dist/server/oauth.d.ts +1 -48
package/dist/server/oauth.js +107 -64
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +27 -0
package/dist/server/passkey.d.ts.map +1 -0
package/dist/server/passkey.js +328 -0
package/dist/server/passkey.js.map +1 -0
package/dist/server/redirects.d.ts +1 -0
package/dist/{component/server/implementation → server}/redirects.js +13 -11
package/dist/server/redirects.js.map +1 -0
package/dist/server/refresh.d.ts +1 -0
package/dist/server/refresh.js +96 -0
package/dist/server/refresh.js.map +1 -0
package/dist/server/runtime.d.ts +136 -0
package/dist/server/runtime.d.ts.map +1 -0
package/dist/server/runtime.js +413 -0
package/dist/server/runtime.js.map +1 -0
package/dist/server/sessions.d.ts +1 -0
package/dist/{component/server/implementation → server}/sessions.js +14 -8
package/dist/server/sessions.js.map +1 -0
package/dist/server/signin.d.ts +1 -0
package/dist/server/signin.js +201 -0
package/dist/server/signin.js.map +1 -0
package/dist/server/ssr.d.ts +226 -0
package/dist/server/ssr.d.ts.map +1 -0
package/dist/server/ssr.js +786 -0
package/dist/server/ssr.js.map +1 -0
package/dist/server/templates.d.ts +1 -21
package/dist/server/templates.js +2 -1
package/dist/server/templates.js.map +1 -1
package/dist/server/tokens.d.ts +1 -0
package/dist/server/tokens.js +17 -0
package/dist/server/tokens.js.map +1 -0
package/dist/server/totp.d.ts +1 -0
package/dist/server/totp.js +148 -0
package/dist/server/totp.js.map +1 -0
package/dist/server/types.d.ts +498 -306
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +108 -1
package/dist/server/types.js.map +1 -0
package/dist/server/users.d.ts +1 -0
package/dist/server/{implementation/users.js → users.js} +54 -35
package/dist/server/users.js.map +1 -0
package/dist/server/utils.d.ts +1 -6
package/dist/server/utils.js +110 -4
package/dist/server/utils.js.map +1 -1
package/package.json +49 -46
package/src/authorization/index.ts +83 -0
package/src/cli/bin.ts +5 -0
package/src/cli/command.ts +6 -5
package/src/cli/index.ts +456 -248
package/src/cli/keys.ts +3 -0
package/src/client/core/types.ts +437 -0
package/src/client/factors/device.ts +160 -0
package/src/client/factors/passkey.ts +282 -0
package/src/client/factors/totp.ts +150 -0
package/src/client/index.ts +745 -989
package/src/client/runtime/browser.ts +112 -0
package/src/client/runtime/invite.ts +65 -0
package/src/client/runtime/proxy.ts +111 -0
package/src/client/runtime/storage.ts +79 -0
package/src/component/_generated/api.ts +42 -0
package/src/component/_generated/component.ts +3123 -102
package/src/component/functions.ts +38 -22
package/src/component/index.ts +10 -20
package/src/component/model.ts +449 -0
package/src/component/public/enterprise/audit.ts +120 -0
package/src/component/public/enterprise/core.ts +354 -0
package/src/component/public/enterprise/domains.ts +323 -0
package/src/component/public/enterprise/scim.ts +396 -0
package/src/component/public/enterprise/secrets.ts +132 -0
package/src/component/public/enterprise/webhooks.ts +306 -0
package/src/component/public/factors/devices.ts +223 -0
package/src/component/public/factors/passkeys.ts +242 -0
package/src/component/public/factors/totp.ts +258 -0
package/src/component/public/groups/core.ts +481 -0
package/src/component/public/groups/invites.ts +602 -0
package/src/component/public/groups/members.ts +409 -0
package/src/component/public/identity/accounts.ts +206 -0
package/src/component/public/identity/codes.ts +148 -0
package/src/component/public/identity/sessions.ts +209 -0
package/src/component/public/identity/tokens.ts +250 -0
package/src/component/public/identity/users.ts +354 -0
package/src/component/public/identity/verifiers.ts +157 -0
package/src/component/public/security/keys.ts +365 -0
package/src/component/public/security/limits.ts +173 -0
package/src/component/public.ts +26 -1766
package/src/component/schema.ts +273 -100
package/src/providers/anonymous.ts +10 -20
package/src/providers/credentials.ts +14 -22
package/src/providers/device.ts +3 -14
package/src/providers/email.ts +83 -47
package/src/providers/index.ts +7 -0
package/src/providers/oauth.ts +5 -3
package/src/providers/passkey.ts +0 -13
package/src/providers/password.ts +307 -130
package/src/providers/phone.ts +81 -37
package/src/providers/sso.ts +54 -0
package/src/providers/totp.ts +0 -13
package/src/samlify.d.ts +53 -0
package/src/server/auth.ts +701 -247
package/src/server/authError.ts +44 -0
package/src/server/{providers.ts → config.ts} +84 -15
package/src/server/cookies.ts +8 -1
package/src/server/core.ts +2095 -0
package/src/server/crypto.ts +88 -0
package/src/server/{implementation/db.ts → db.ts} +90 -15
package/src/server/device.ts +221 -0
package/src/server/enterprise/config.ts +51 -0
package/src/server/enterprise/domain.ts +1751 -0
package/src/server/enterprise/http.ts +1324 -0
package/src/server/enterprise/oidc.ts +500 -0
package/src/server/enterprise/policy.ts +128 -0
package/src/server/enterprise/saml.ts +578 -0
package/src/server/enterprise/scim.ts +135 -0
package/src/server/enterprise/shared.ts +134 -0
package/src/server/enterprise/validators.ts +93 -0
package/src/server/errors.ts +130 -119
package/src/server/http.ts +531 -0
package/src/server/identity.ts +18 -0
package/src/server/index.ts +32 -650
package/src/server/{implementation/keys.ts → keys.ts} +16 -44
package/src/server/limits.ts +134 -0
package/src/server/mounts.ts +948 -0
package/src/server/mutations/account.ts +76 -0
package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
package/src/server/mutations/index.ts +13 -0
package/src/server/mutations/invalidate.ts +50 -0
package/src/server/mutations/oauth.ts +237 -0
package/src/server/mutations/refresh.ts +298 -0
package/src/server/mutations/register.ts +200 -0
package/src/server/mutations/retrieve.ts +109 -0
package/src/server/mutations/signature.ts +50 -0
package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
package/src/server/mutations/signout.ts +43 -0
package/src/server/mutations/store/refs.ts +10 -0
package/src/server/mutations/store.ts +138 -0
package/src/server/mutations/verifier.ts +34 -0
package/src/server/mutations/verify.ts +202 -0
package/src/server/oauth.ts +243 -131
package/src/server/passkey.ts +784 -0
package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
package/src/server/refresh.ts +222 -0
package/src/server/runtime.ts +880 -0
package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
package/src/server/signin.ts +438 -0
package/src/server/ssr.ts +1764 -0
package/src/server/templates.ts +8 -3
package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
package/src/server/totp.ts +349 -0
package/src/server/types.ts +972 -207
package/src/server/{implementation/users.ts → users.ts} +129 -75
package/src/server/utils.ts +192 -5
package/src/test.ts +28 -4
package/dist/bin.cjs +0 -27757
package/dist/component/providers/email.js +0 -47
package/dist/component/providers/email.js.map +0 -1
package/dist/component/public.js.map +0 -1
package/dist/component/server/implementation/db.js.map +0 -1
package/dist/component/server/implementation/device.js +0 -135
package/dist/component/server/implementation/device.js.map +0 -1
package/dist/component/server/implementation/index.d.ts +0 -870
package/dist/component/server/implementation/index.d.ts.map +0 -1
package/dist/component/server/implementation/index.js +0 -610
package/dist/component/server/implementation/index.js.map +0 -1
package/dist/component/server/implementation/keys.js.map +0 -1
package/dist/component/server/implementation/mutations/account.js +0 -39
package/dist/component/server/implementation/mutations/account.js.map +0 -1
package/dist/component/server/implementation/mutations/code.js.map +0 -1
package/dist/component/server/implementation/mutations/index.js +0 -70
package/dist/component/server/implementation/mutations/index.js.map +0 -1
package/dist/component/server/implementation/mutations/invalidate.js +0 -29
package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/component/server/implementation/mutations/oauth.js +0 -51
package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
package/dist/component/server/implementation/mutations/refresh.js +0 -85
package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
package/dist/component/server/implementation/mutations/register.js +0 -65
package/dist/component/server/implementation/mutations/register.js.map +0 -1
package/dist/component/server/implementation/mutations/retrieve.js +0 -50
package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/component/server/implementation/mutations/signature.js +0 -27
package/dist/component/server/implementation/mutations/signature.js.map +0 -1
package/dist/component/server/implementation/mutations/signin.js.map +0 -1
package/dist/component/server/implementation/mutations/signout.js +0 -27
package/dist/component/server/implementation/mutations/signout.js.map +0 -1
package/dist/component/server/implementation/mutations/store.js +0 -12
package/dist/component/server/implementation/mutations/store.js.map +0 -1
package/dist/component/server/implementation/mutations/verifier.js +0 -16
package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
package/dist/component/server/implementation/mutations/verify.js +0 -105
package/dist/component/server/implementation/mutations/verify.js.map +0 -1
package/dist/component/server/implementation/passkey.js +0 -307
package/dist/component/server/implementation/passkey.js.map +0 -1
package/dist/component/server/implementation/provider.js +0 -19
package/dist/component/server/implementation/provider.js.map +0 -1
package/dist/component/server/implementation/ratelimit.js +0 -48
package/dist/component/server/implementation/ratelimit.js.map +0 -1
package/dist/component/server/implementation/redirects.js.map +0 -1
package/dist/component/server/implementation/refresh.js +0 -109
package/dist/component/server/implementation/refresh.js.map +0 -1
package/dist/component/server/implementation/sessions.js.map +0 -1
package/dist/component/server/implementation/signin.js +0 -148
package/dist/component/server/implementation/signin.js.map +0 -1
package/dist/component/server/implementation/tokens.js +0 -15
package/dist/component/server/implementation/tokens.js.map +0 -1
package/dist/component/server/implementation/totp.js +0 -142
package/dist/component/server/implementation/totp.js.map +0 -1
package/dist/component/server/implementation/types.d.ts +0 -42
package/dist/component/server/implementation/types.d.ts.map +0 -1
package/dist/component/server/implementation/types.js.map +0 -1
package/dist/component/server/implementation/users.js.map +0 -1
package/dist/component/server/implementation/utils.js +0 -56
package/dist/component/server/implementation/utils.js.map +0 -1
package/dist/component/server/providers.js.map +0 -1
package/dist/component/server/templates.js +0 -84
package/dist/component/server/templates.js.map +0 -1
package/dist/server/cookies.d.ts.map +0 -1
package/dist/server/implementation/db.d.ts +0 -86
package/dist/server/implementation/db.d.ts.map +0 -1
package/dist/server/implementation/db.js.map +0 -1
package/dist/server/implementation/device.d.ts +0 -30
package/dist/server/implementation/device.d.ts.map +0 -1
package/dist/server/implementation/device.js +0 -135
package/dist/server/implementation/device.js.map +0 -1
package/dist/server/implementation/index.d.ts +0 -870
package/dist/server/implementation/index.d.ts.map +0 -1
package/dist/server/implementation/index.js +0 -610
package/dist/server/implementation/index.js.map +0 -1
package/dist/server/implementation/keys.d.ts +0 -66
package/dist/server/implementation/keys.d.ts.map +0 -1
package/dist/server/implementation/keys.js.map +0 -1
package/dist/server/implementation/mutations/account.d.ts +0 -27
package/dist/server/implementation/mutations/account.d.ts.map +0 -1
package/dist/server/implementation/mutations/account.js +0 -39
package/dist/server/implementation/mutations/account.js.map +0 -1
package/dist/server/implementation/mutations/code.d.ts +0 -29
package/dist/server/implementation/mutations/code.d.ts.map +0 -1
package/dist/server/implementation/mutations/code.js.map +0 -1
package/dist/server/implementation/mutations/index.d.ts +0 -310
package/dist/server/implementation/mutations/index.d.ts.map +0 -1
package/dist/server/implementation/mutations/index.js +0 -70
package/dist/server/implementation/mutations/index.js.map +0 -1
package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
package/dist/server/implementation/mutations/invalidate.js +0 -29
package/dist/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/server/implementation/mutations/oauth.d.ts +0 -23
package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
package/dist/server/implementation/mutations/oauth.js +0 -51
package/dist/server/implementation/mutations/oauth.js.map +0 -1
package/dist/server/implementation/mutations/refresh.d.ts +0 -20
package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
package/dist/server/implementation/mutations/refresh.js +0 -85
package/dist/server/implementation/mutations/refresh.js.map +0 -1
package/dist/server/implementation/mutations/register.d.ts +0 -37
package/dist/server/implementation/mutations/register.d.ts.map +0 -1
package/dist/server/implementation/mutations/register.js +0 -65
package/dist/server/implementation/mutations/register.js.map +0 -1
package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
package/dist/server/implementation/mutations/retrieve.js +0 -50
package/dist/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/server/implementation/mutations/signature.d.ts +0 -19
package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
package/dist/server/implementation/mutations/signature.js +0 -27
package/dist/server/implementation/mutations/signature.js.map +0 -1
package/dist/server/implementation/mutations/signin.d.ts +0 -21
package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
package/dist/server/implementation/mutations/signin.js.map +0 -1
package/dist/server/implementation/mutations/signout.d.ts +0 -14
package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
package/dist/server/implementation/mutations/signout.js +0 -27
package/dist/server/implementation/mutations/signout.js.map +0 -1
package/dist/server/implementation/mutations/store.d.ts +0 -11
package/dist/server/implementation/mutations/store.d.ts.map +0 -1
package/dist/server/implementation/mutations/store.js +0 -12
package/dist/server/implementation/mutations/store.js.map +0 -1
package/dist/server/implementation/mutations/verifier.d.ts +0 -11
package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
package/dist/server/implementation/mutations/verifier.js +0 -16
package/dist/server/implementation/mutations/verifier.js.map +0 -1
package/dist/server/implementation/mutations/verify.d.ts +0 -25
package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
package/dist/server/implementation/mutations/verify.js +0 -105
package/dist/server/implementation/mutations/verify.js.map +0 -1
package/dist/server/implementation/passkey.d.ts +0 -24
package/dist/server/implementation/passkey.d.ts.map +0 -1
package/dist/server/implementation/passkey.js +0 -307
package/dist/server/implementation/passkey.js.map +0 -1
package/dist/server/implementation/provider.d.ts +0 -10
package/dist/server/implementation/provider.d.ts.map +0 -1
package/dist/server/implementation/provider.js +0 -19
package/dist/server/implementation/provider.js.map +0 -1
package/dist/server/implementation/ratelimit.d.ts +0 -10
package/dist/server/implementation/ratelimit.d.ts.map +0 -1
package/dist/server/implementation/ratelimit.js +0 -48
package/dist/server/implementation/ratelimit.js.map +0 -1
package/dist/server/implementation/redirects.d.ts +0 -10
package/dist/server/implementation/redirects.d.ts.map +0 -1
package/dist/server/implementation/redirects.js.map +0 -1
package/dist/server/implementation/refresh.d.ts +0 -37
package/dist/server/implementation/refresh.d.ts.map +0 -1
package/dist/server/implementation/refresh.js +0 -109
package/dist/server/implementation/refresh.js.map +0 -1
package/dist/server/implementation/sessions.d.ts +0 -29
package/dist/server/implementation/sessions.d.ts.map +0 -1
package/dist/server/implementation/sessions.js.map +0 -1
package/dist/server/implementation/signin.d.ts +0 -55
package/dist/server/implementation/signin.d.ts.map +0 -1
package/dist/server/implementation/signin.js +0 -148
package/dist/server/implementation/signin.js.map +0 -1
package/dist/server/implementation/tokens.d.ts +0 -11
package/dist/server/implementation/tokens.d.ts.map +0 -1
package/dist/server/implementation/tokens.js +0 -15
package/dist/server/implementation/tokens.js.map +0 -1
package/dist/server/implementation/totp.d.ts +0 -31
package/dist/server/implementation/totp.d.ts.map +0 -1
package/dist/server/implementation/totp.js +0 -142
package/dist/server/implementation/totp.js.map +0 -1
package/dist/server/implementation/types.d.ts +0 -189
package/dist/server/implementation/types.d.ts.map +0 -1
package/dist/server/implementation/types.js +0 -97
package/dist/server/implementation/types.js.map +0 -1
package/dist/server/implementation/users.d.ts +0 -30
package/dist/server/implementation/users.d.ts.map +0 -1
package/dist/server/implementation/users.js.map +0 -1
package/dist/server/implementation/utils.d.ts +0 -19
package/dist/server/implementation/utils.d.ts.map +0 -1
package/dist/server/implementation/utils.js +0 -56
package/dist/server/implementation/utils.js.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js.map +0 -1
package/dist/server/oauth.d.ts.map +0 -1
package/dist/server/providers.d.ts +0 -72
package/dist/server/providers.d.ts.map +0 -1
package/dist/server/providers.js.map +0 -1
package/dist/server/templates.d.ts.map +0 -1
package/dist/server/utils.d.ts.map +0 -1
package/dist/server/version.d.ts +0 -5
package/dist/server/version.d.ts.map +0 -1
package/dist/server/version.js +0 -6
package/dist/server/version.js.map +0 -1
package/src/cli/utils.ts +0 -248
package/src/server/implementation/device.ts +0 -307
package/src/server/implementation/index.ts +0 -1583
package/src/server/implementation/mutations/account.ts +0 -50
package/src/server/implementation/mutations/index.ts +0 -157
package/src/server/implementation/mutations/invalidate.ts +0 -42
package/src/server/implementation/mutations/oauth.ts +0 -73
package/src/server/implementation/mutations/refresh.ts +0 -175
package/src/server/implementation/mutations/register.ts +0 -100
package/src/server/implementation/mutations/retrieve.ts +0 -79
package/src/server/implementation/mutations/signature.ts +0 -39
package/src/server/implementation/mutations/signout.ts +0 -35
package/src/server/implementation/mutations/store.ts +0 -7
package/src/server/implementation/mutations/verifier.ts +0 -24
package/src/server/implementation/mutations/verify.ts +0 -194
package/src/server/implementation/passkey.ts +0 -620
package/src/server/implementation/provider.ts +0 -36
package/src/server/implementation/ratelimit.ts +0 -79
package/src/server/implementation/refresh.ts +0 -172
package/src/server/implementation/signin.ts +0 -296
package/src/server/implementation/totp.ts +0 -342
package/src/server/implementation/types.ts +0 -444
package/src/server/implementation/utils.ts +0 -91
package/src/server/version.ts +0 -2

package/dist/server/auth.d.ts CHANGED Viewed

@@ -1,406 +1,343 @@
-import { Doc, KeyDoc } from "./implementation/types.js";
-import { Auth as Auth$2 } from "./implementation/index.js";
-import { ComponentApi } from "../component/_generated/component.js";
-import { AuthProviderConfig, ConvexAuthConfig, CorsConfig, HttpKeyContext, KeyScope, ScopeChecker, UserOrderBy, UserWhere } from "./types.js";
-import * as convex_server0 from "convex/server";
+import { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, Doc, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider } from "./types.js";
+import { AuthApiRefs } from "../client/core/types.js";
+import "../client/index.js";
+import { Auth as Auth$1 } from "./runtime.js";
 import { UserIdentity } from "convex/server";
 import { GenericId } from "convex/values";
 //#region src/server/auth.d.ts
 /**
- * Config for the Auth class. Extends the standard auth config
+ * Config for auth setup. Extends the standard auth config
  * minus `component` (which is passed as the first constructor argument).
- *
- * When `email` is configured, the library auto-registers a
- * magic link provider (`id: "email"`) for user-facing sign-in.
  */
-type AuthClassConfig = Omit<ConvexAuthConfig, "component">;
+type AuthConfig = Omit<ConvexAuthConfig, "component">;
+type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth$1>["auth"]["member"], "create" | "list" | "update" | "resolve"> & {
+  create: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["create"]>[0], data: {
+    groupId: string;
+    userId: string;
+    roleIds?: AuthRoleId<TAuthorization>[];
+    status?: string;
+    extend?: Record<string, unknown>;
+  }) => Promise<{
+    ok: true;
+    memberId: string;
+  }>;
+  list: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["list"]>[0], opts?: {
+    where?: {
+      groupId?: string;
+      userId?: string;
+      roleId?: AuthRoleId<TAuthorization>;
+      status?: string;
+    };
+    limit?: number;
+    cursor?: string | null;
+    orderBy?: "_creationTime" | "status";
+    order?: "asc" | "desc";
+  }) => ReturnType<ReturnType<typeof Auth$1>["auth"]["member"]["list"]>;
+  update: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["update"]>[0], memberId: string, data: Record<string, unknown> & {
+    roleIds?: AuthRoleId<TAuthorization>[];
+  }) => Promise<{
+    ok: true;
+    memberId: string;
+  }>;
+  resolve: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["resolve"]>[0], opts: {
+    userId: string;
+    groupId: string;
+    ancestry?: boolean;
+    roleIds?: AuthRoleId<TAuthorization>[];
+    grants?: AuthGrant<TAuthorization>[];
+    maxDepth?: number;
+  }) => ReturnType<ReturnType<typeof Auth$1>["auth"]["member"]["resolve"]>;
+};
 /**
- * Main entry point for Convex Auth. Instantiate with your component
- * reference and config to get all the exports you need.
+ * The base auth API surface returned by {@link createAuth}.
  *
- * ```ts
- * export const auth = new Auth(components.auth, {
- *   providers: [google, password],
- *   email: {
- *     from: "My App <noreply@example.com>",
- *     send: (ctx, params) => resend.sendEmail(ctx, params),
- *   },
- * });
- * export const { signIn, signOut, store } = auth;
- * ```
+ * Provides core namespaces — `signIn`, `signOut`, `user`, `session`,
+ * `member`, `invite`, `group`, `key`, and `http` — that are
+ * always available regardless of which providers are configured.
+ * Enterprise namespaces (`sso`, `scim`) are added conditionally by
+ * {@link AuthApi} when an SSO provider is present.
+ *
+ * Use this type when you want to describe code that only depends on the
+ * standard auth surface and should not assume enterprise features exist.
+ *
+ * @typeParam TAuthorization - The authorization config, used to narrow
+ *   role IDs and grant strings on the `member` API.
  */
-declare class Auth {
-  /** The inner `auth` helper object from AuthFactory() */
-  private readonly _auth;
-  /** The signIn action — export this from your convex/auth.ts */
-  readonly signIn: ReturnType<typeof Auth$2>["signIn"];
-  /** The signOut action — export this from your convex/auth.ts */
-  readonly signOut: ReturnType<typeof Auth$2>["signOut"];
-  /** The store internal mutation — export this from your convex/auth.ts */
-  readonly store: ReturnType<typeof Auth$2>["store"];
-  /** User helpers: `.current(ctx)`, `.require(ctx)`, `.get(ctx, userId)`, `.patch(ctx, userId, data)`, `.viewer(ctx)`, `.group.list(ctx, ...)`, `.group.get(ctx, ...)` */
-  get user(): {
-    current: (ctx: {
-      auth: convex_server0.Auth;
-    }) => Promise<GenericId<"user"> | null>;
-    require: (ctx: {
-      auth: convex_server0.Auth;
-    }) => Promise<GenericId<"user">>;
-    get: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, userId: string) => Promise<any>;
-    list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts?: {
-      where?: UserWhere;
-      limit?: number;
-      cursor?: string | null;
-      orderBy?: UserOrderBy;
-      order?: "asc" | "desc";
-    }) => Promise<any>;
-    viewer: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery"> & {
-      auth: convex_server0.Auth;
-    }) => Promise<any>;
-    patch: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, userId: string, data: Record<string, unknown>) => Promise<void>;
-    group: {
-      list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts: {
-        userId: string;
-        limit?: number;
-        cursor?: string | null;
-        order?: "asc" | "desc";
-      }) => Promise<any>;
-      get: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts: {
-        userId: string;
-        groupId: string;
-      }) => Promise<any>;
-    };
-  };
-  /** Session helpers: `.current(ctx)`, `.invalidate(ctx, { userId, except? })` */
-  get session(): {
-    current: (ctx: {
-      auth: convex_server0.Auth;
-    }) => Promise<GenericId<"session"> | null>;
-    invalidate: <DataModel extends convex_server0.GenericDataModel>(ctx: convex_server0.GenericActionCtx<DataModel>, args: {
-      userId: GenericId<"user">;
-      except?: GenericId<"session">[];
-    }) => Promise<void>;
-  };
-  /** Provider helpers: `.signIn(ctx, provider, args)` */
-  get provider(): {
-    signIn: <DataModel extends convex_server0.GenericDataModel>(ctx: convex_server0.GenericActionCtx<DataModel>, provider: AuthProviderConfig, args: {
-      accountId?: GenericId<"account">;
-      params?: Record<string, unknown>;
-    }) => Promise<{
-      userId: GenericId<"user">;
-      sessionId: GenericId<"session">;
-    } | null>;
-  };
-  /** Account helpers: `.create(ctx, args)`, `.get(ctx, args)`, `.update(ctx, args)` */
-  get account(): {
-    create: <DataModel extends convex_server0.GenericDataModel>(ctx: convex_server0.GenericActionCtx<DataModel>, args: {
-      provider: string;
-      account: {
-        id: string;
-        secret?: string;
-      };
-      profile: Record<string, unknown>;
-      shouldLinkViaEmail?: boolean;
-      shouldLinkViaPhone?: boolean;
-    }) => Promise<{
-      account: Doc<"account">;
-      user: Doc<"user">;
-    }>;
-    get: <DataModel extends convex_server0.GenericDataModel>(ctx: convex_server0.GenericActionCtx<DataModel>, args: {
-      provider: string;
-      account: {
-        id: string;
-        secret?: string;
+type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = {
+  signIn: ReturnType<typeof Auth$1>["signIn"];
+  signOut: ReturnType<typeof Auth$1>["signOut"];
+  store: ReturnType<typeof Auth$1>["store"];
+  user: ReturnType<typeof Auth$1>["auth"]["user"];
+  session: ReturnType<typeof Auth$1>["auth"]["session"];
+  provider: ReturnType<typeof Auth$1>["auth"]["provider"];
+  account: ReturnType<typeof Auth$1>["auth"]["account"];
+  group: ReturnType<typeof Auth$1>["auth"]["group"];
+  member: MemberApiWithAuthorization<TAuthorization>;
+  invite: ReturnType<typeof Auth$1>["auth"]["invite"];
+  key: ReturnType<typeof Auth$1>["auth"]["key"];
+  http: ReturnType<typeof Auth$1>["auth"]["http"];
+  /**
+   * Resolve the current user's auth context. Framework-agnostic — use
+   * this in fluent-convex middleware, custom wrappers, or anywhere you
+   * need the resolved `{ userId, user, groupId, role, grants }` object.
+   *
+   * Returns `null` when unauthenticated. Does not throw.
+   *
+   * @param ctx - Convex query, mutation, or action context.
+   * @returns The resolved auth context, or `null`.
+   *
+   * @example fluent-convex middleware
+   * ```ts
+   * const withAuth = convex.createMiddleware(async (ctx, next) => {
+   *   return next({ ...ctx, auth: await auth.resolve(ctx) });
+   * });
+   * ```
+   *
+   * @example Direct usage in a handler
+   * ```ts
+   * const resolved = await auth.resolve(ctx);
+   * if (!resolved) return { ok: false, code: "NOT_SIGNED_IN" };
+   * const { userId, grants } = resolved;
+   * ```
+   */
+  resolve: (ctx: any) => Promise<AuthResolvedContext | null>;
+  /**
+   * Context enrichment for convex-helpers `customQuery` / `customMutation` /
+   * `customAction`.
+   *
+   * Resolves the current user's identity, active group, membership role,
+   * and grants, then attaches them to `ctx.auth`. Returns a `Customization`
+   * object compatible with convex-helpers' custom function builders.
+   *
+   * `ctx.auth` is `{ userId, user, groupId, role, grants }` when
+   * authenticated, `null` when unauthenticated. No throwing — your
+   * handler decides how to respond.
+   *
+   * @returns A convex-helpers `Customization` object.
+   *
+   * @example One-time setup in `convex/functions.ts`
+   * ```ts
+   * import { query, mutation, action } from "./_generated/server";
+   * import { customQuery, customMutation, customAction } from "convex-helpers/server/customFunctions";
+   * import { auth } from "./auth";
+   *
+   * export const authQuery = customQuery(query, auth.ctx());
+   * export const authMutation = customMutation(mutation, auth.ctx());
+   * export const authAction = customAction(action, auth.ctx());
+   * ```
+   *
+   * @example Per-function usage
+   * ```ts
+   * import { authQuery } from "./functions";
+   *
+   * export const list = authQuery({
+   *   args: { workspaceId: v.string() },
+   *   handler: async (ctx, args) => {
+   *     if (!ctx.auth) return [];
+   *     const { userId, groupId, grants } = ctx.auth;
+   *     // business logic
+   *   },
+   * });
+   * ```
+   */
+  ctx: () => {
+    args: Record<string, never>;
+    input: (ctx: any) => Promise<{
+      ctx: {
+        auth: AuthResolvedContext | null;
       };
-    }) => Promise<{
-      account: Doc<"account">;
-      user: Doc<"user">;
+      args: Record<string, never>;
     }>;
-    update: <DataModel extends convex_server0.GenericDataModel>(ctx: convex_server0.GenericActionCtx<DataModel>, args: {
-      provider: string;
-      account: {
-        id: string;
-        secret: string;
-      };
-    }) => Promise<void>;
   };
-  /** Group helpers: `.create(ctx, ...)`, `.get(ctx, id)`, `.list(ctx, ...)`, `.update(ctx, ...)`, `.delete(ctx, id)`, `.member.*` */
-  get group(): {
-    create: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, data: {
-      name: string;
-      slug?: string;
-      type?: string;
-      parentGroupId?: string;
-      tags?: Array<{
-        key: string;
-        value: string;
+};
+/**
+ * Resolved auth context injected into `ctx.auth` by `auth.ctx()`.
+ *
+ * - `null` when unauthenticated.
+ * - `groupId` is `null` when the user has no active group set.
+ * - `role` / `grants` are `null` / `[]` when no active group or no membership.
+ */
+type AuthResolvedContext = {
+  /** The authenticated user's document ID. */userId: string; /** The authenticated user's full document. */
+  user: any; /** The user's active group ID, or `null` if none set. */
+  groupId: string | null; /** The user's primary role in the active group, or `null`. */
+  role: string | null; /** Resolved grant strings from the user's role definitions. */
+  grants: string[];
+};
+type InternalSsoApi = ReturnType<typeof Auth$1>["auth"]["sso"];
+type PublicSsoAdminApi = {
+  connection: InternalSsoApi["connection"] & {
+    domain: {
+      list: InternalSsoApi["domain"]["list"];
+      validate: InternalSsoApi["domain"]["validate"];
+      set: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], enterpriseId: string, domains: Array<{
+        domain: string;
+        isPrimary?: boolean;
+      }>) => Promise<{
+        ok: true;
+        enterpriseId: string;
+        domains: Array<{
+          domainId: string;
+          domain: string;
+          isPrimary: boolean;
+          verified: boolean;
+          verifiedAt: number | null;
+        }>;
       }>;
-      extend?: Record<string, unknown>;
-    }) => Promise<string>;
-    get: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, groupId: string) => Promise<any>;
-    list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts?: {
-      where?: {
-        slug?: string;
-        type?: string;
-        parentGroupId?: string;
-        name?: string;
-        isRoot?: boolean;
-        tagsAll?: Array<{
-          key: string;
-          value: string;
+      verification: {
+        request: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], args: {
+          enterpriseId: string;
+          domain: string;
+        }) => Promise<{
+          ok: true;
+          enterpriseId: string;
+          domain: string;
+          requestedAt: number;
+          expiresAt: number;
+          challenge: {
+            recordType: "TXT";
+            recordName: string;
+            recordValue: string;
+          };
         }>;
-        tagsAny?: Array<{
-          key: string;
-          value: string;
+        confirm: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], args: {
+          enterpriseId: string;
+          domain: string;
+        }) => Promise<{
+          ok: boolean;
+          enterpriseId: string;
+          domain: string;
+          verifiedAt?: number;
+          checks: Array<{
+            name: string;
+            ok: boolean;
+            message?: string;
+          }>;
         }>;
       };
-      limit?: number;
-      cursor?: string | null;
-      orderBy?: "_creationTime" | "name" | "slug" | "type";
-      order?: "asc" | "desc";
-    }) => Promise<any>;
-    update: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, groupId: string, data: Record<string, unknown>) => Promise<void>;
-    delete: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, groupId: string) => Promise<void>;
-    member: {
-      add: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, data: {
-        groupId: string;
-        userId: string;
-        role?: string;
-        status?: string;
-        extend?: Record<string, unknown>;
-      }) => Promise<string>;
-      get: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, memberId: string) => Promise<any>;
-      list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts?: {
-        where?: {
-          groupId?: string;
-          userId?: string;
-          role?: string;
-          status?: string;
-        };
-        limit?: number;
-        cursor?: string | null;
-        orderBy?: "_creationTime" | "role" | "status";
-        order?: "asc" | "desc";
-      }) => Promise<any>;
-      remove: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, memberId: string) => Promise<void>;
-      update: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, memberId: string, data: Record<string, unknown>) => Promise<void>;
     };
   };
-  /** Invite helpers: `.create(ctx, ...)`, `.get(ctx, id)`, `.list(ctx, ...)`, `.accept(ctx, ...)`, `.revoke(ctx, id)` */
-  get invite(): {
-    create: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, data: {
-      groupId?: string;
-      invitedByUserId?: string;
-      email?: string;
-      tokenHash: string;
-      role?: string;
-      status: "pending" | "accepted" | "revoked" | "expired";
-      expiresTime?: number;
-      extend?: Record<string, unknown>;
-    }) => Promise<string>;
-    get: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, inviteId: string) => Promise<any>;
-    list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts?: {
-      where?: {
-        tokenHash?: string;
-        groupId?: string;
-        status?: "pending" | "accepted" | "revoked" | "expired";
-        email?: string;
-        invitedByUserId?: string;
-        role?: string;
-        acceptedByUserId?: string;
-      };
-      limit?: number;
-      cursor?: string | null;
-      orderBy?: "_creationTime" | "status" | "email" | "expiresTime" | "acceptedTime";
-      order?: "asc" | "desc";
-    }) => Promise<any>;
-    accept: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, inviteId: string, acceptedByUserId?: string) => Promise<void>;
-    revoke: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, inviteId: string) => Promise<void>;
-  };
-  /** Passkey helpers: `.list(ctx, { userId })`, `.rename(ctx, id, name)`, `.remove(ctx, id)` */
-  get passkey(): {
-    list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts: {
-      userId: string;
-    }) => Promise<any>;
-    rename: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, passkeyId: string, name: string) => Promise<void>;
-    remove: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, passkeyId: string) => Promise<void>;
-  };
-  /** TOTP helpers: `.list(ctx, { userId })`, `.remove(ctx, id)` */
-  get totp(): {
-    list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts: {
-      userId: string;
-    }) => Promise<any>;
-    remove: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, totpId: string) => Promise<void>;
-  };
-  /** API key helpers: `.create(ctx, ...)`, `.verify(ctx, rawKey)`, `.list(ctx, ...)`, `.get(ctx, id)`, `.update(ctx, ...)`, `.revoke(ctx, id)`, `.remove(ctx, id)` */
-  get key(): {
-    create: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, opts: {
-      userId: string;
-      name: string;
-      scopes: KeyScope[];
-      rateLimit?: {
-        maxRequests: number;
-        windowMs: number;
-      };
-      expiresAt?: number;
-    }) => Promise<{
-      keyId: string;
-      raw: string;
-    }>;
-    verify: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, rawKey: string) => Promise<{
-      userId: string;
-      keyId: string;
-      scopes: ScopeChecker;
-    }>;
-    list: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, opts?: {
-      where?: {
-        userId?: string;
-        revoked?: boolean;
-        name?: string;
-        prefix?: string;
-      };
-      limit?: number;
-      cursor?: string | null;
-      orderBy?: "_creationTime" | "name" | "lastUsedAt" | "expiresAt" | "revoked";
-      order?: "asc" | "desc";
-    }) => Promise<any>;
-    get: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery">, keyId: string) => Promise<KeyDoc | null>;
-    update: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, keyId: string, data: {
-      name?: string;
-      scopes?: KeyScope[];
-      rateLimit?: {
-        maxRequests: number;
-        windowMs: number;
-      };
-    }) => Promise<void>;
-    revoke: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, keyId: string) => Promise<void>;
-    remove: (ctx: Pick<convex_server0.GenericActionCtx<convex_server0.GenericDataModel>, "runQuery" | "runMutation">, keyId: string) => Promise<void>;
+  oidc: Omit<InternalSsoApi["oidc"], "signIn">;
+  saml: Omit<InternalSsoApi["saml"], "metadata">;
+  policy: InternalSsoApi["policy"];
+  audit: {
+    list: InternalSsoApi["audit"]["list"];
   };
-  /**
-   * @param component - The auth component reference from `components.auth`.
-   * @param config - Auth configuration (providers, email transport, session, JWT, callbacks).
-   */
-  constructor(component: ComponentApi, config: AuthClassConfig);
-  /** HTTP namespace — route registration and Bearer-authenticated endpoints. */
-  get http(): {
-    add: (http: convex_server0.HttpRouter) => void;
-    action: (handler: (ctx: convex_server0.GenericActionCtx<convex_server0.GenericDataModel> & HttpKeyContext, request: Request) => Promise<Response | Record<string, unknown>>, options?: {
-      scope?: {
-        resource: string;
-        action: string;
-      };
-      cors?: CorsConfig;
-    }) => convex_server0.PublicHttpAction;
-    route: (http: convex_server0.HttpRouter, routeConfig: {
-      path: string;
-      method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
-      handler: (ctx: convex_server0.GenericActionCtx<convex_server0.GenericDataModel> & HttpKeyContext, request: Request) => Promise<Response | Record<string, unknown>>;
-      scope?: {
-        resource: string;
-        action: string;
-      };
-      cors?: CorsConfig;
-    }) => void;
+  webhook: {
+    endpoint: InternalSsoApi["webhook"]["endpoint"];
+    delivery: {
+      list: InternalSsoApi["webhook"]["delivery"]["list"];
+    };
   };
-}
+};
+type PublicSsoClientApi = {
+  signIn: InternalSsoApi["oidc"]["signIn"];
+  metadata: InternalSsoApi["saml"]["metadata"];
+};
+type PublicSsoApi = {
+  admin: PublicSsoAdminApi;
+  client: PublicSsoClientApi;
+};
+type PublicScimApi = {
+  admin: Omit<InternalSsoApi["scim"], "getConfigByToken" | "identity">;
+};
 /**
- * The shape of a user document from the auth component's `user` table.
+ * Extended auth API that includes enterprise SSO and SCIM namespaces.
  *
- * Includes system fields (`_id`, `_creationTime`) plus the schema fields
- * (`name`, `email`, `image`, `extend`, etc.).
- */
-type UserDoc = Doc<"user">;
-/**
- * Configuration for auth context enrichment.
+ * This type is the union of {@link AuthApiBase} plus `sso` (SSO connection
+ * management, OIDC/SAML, domain verification, policies, audit, webhooks)
+ * and `scim` (SCIM provisioning configuration). It is returned by
+ * {@link createAuth} only when `new SSO()` is included in the providers
+ * array; otherwise the narrower {@link AuthApiBase} is returned instead.
+ * Attempting to access `auth.sso` or `auth.scim` without an SSO provider
+ * produces a compile-time error because the return type narrows back to
+ * {@link AuthApiBase}.
  *
- * @typeParam TResolve - The shape returned by the `resolve` callback.
- *   Inferred automatically — you usually don't need to supply this manually.
+ * @typeParam TAuthorization - The authorization config, forwarded to
+ *   {@link AuthApiBase} for typed role IDs and grant strings.
  */
-type AuthCtxConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
-  /**
-   * When `true`, unauthenticated requests set `ctx.auth.userId` and
-   * `ctx.auth.user` to `null` instead of throwing.
-   *
-   * @default false
-   */
-  optional?: boolean;
-  /**
-   * Resolve additional context after authentication succeeds (e.g.
-   * group/role for multi-tenant apps). The returned object is spread
-   * into `ctx.auth`.
-   */
-  resolve?: (ctx: any, user: UserDoc) => Promise<TResolve> | TResolve;
+type AuthApi<TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = AuthApiBase<TAuthorization> & {
+  sso: PublicSsoApi;
+  scim: PublicScimApi;
 };
 /**
- * Create a `convex-helpers`–compatible customization object that
- * enriches `ctx.auth` with the authenticated user's data.
- *
- * Standalone function (not a class method) because Convex's bundler
- * can trace `export const x = fn(instance)` but not `instance.method()`.
- *
- * ### Basic usage (with `convex-helpers`)
- *
- * ```ts
- * // convex/functions.ts
- * import { customQuery, customMutation } from "convex-helpers/server/customFunctions";
- * import { query as rawQuery, mutation as rawMutation } from "./_generated/server";
- * import { AuthCtx } from "\@robelest/convex-auth/component";
- * import { auth } from "./auth";
+ * The return type of {@link createAuth}.
  *
- * const authCtx = AuthCtx(auth);
+ * Resolves to {@link AuthApi} (with `sso` and `scim` namespaces) when
+ * `new SSO()` is present in the providers array, or to the narrower
+ * {@link AuthApiBase} otherwise. This conditional type ensures that
+ * enterprise-only APIs are only accessible when the SSO provider is
+ * configured, producing a compile-time error if you try to access
+ * `auth.sso` without it.
+ * This lets application code keep a single `createAuth()` call while still
+ * getting provider-aware typing on the resulting API object.
  *
- * export const query = customQuery(rawQuery, authCtx);
- * export const mutation = customMutation(rawMutation, authCtx);
- * ```
+ * @typeParam P - The tuple of provider configs passed to `createAuth`.
+ * @typeParam TAuthorization - Optional authorization config for typed roles/grants.
+ */
+type ConvexAuthResult<P extends AuthProviderConfig[], TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = HasSSO<P> extends true ? AuthApi<TAuthorization> : AuthApiBase<TAuthorization>;
+/**
+ * Infer the typed `AuthApiRefs` for the client SDK from a `createAuth` call.
  *
- * Then in any function file:
+ * Use this as the generic parameter for `client()` on the frontend:
  *
  * ```ts
- * // convex/messages.ts
- * import { query, mutation } from "./functions";
+ * // convex/auth.ts
+ * export const auth = createAuth(components.auth, { providers: [...] });
  *
- * export const list = query({
- *   args: {},
- *   handler: async (ctx) => {
- *     // ctx.auth.userId and ctx.auth.user are already resolved
- *     return ctx.db.query("messages").collect();
- *   },
- * });
+ * // Frontend
+ * import type { auth } from "../convex/auth";
+ * import type { InferClientApi } from "@robelest/convex-auth/server";
+ * const c = client<InferClientApi<typeof auth>>({ convex, api: api.auth });
  * ```
  *
- * ### Optional auth (public routes)
+ * @typeParam T - A ConvexAuthResult to extract the client API from.
+ */
+type InferClientApi<T> = T extends ConvexAuthResult<infer P> ? AuthApiRefs<HasPasskeyProvider<P>, HasTotpProvider<P>, HasDeviceProvider<P>> : AuthApiRefs;
+declare function createAuth<P extends AuthProviderConfig[], TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(component: ConvexAuthConfig["component"], config: Omit<AuthConfig, "providers" | "authorization"> & {
+  providers: P;
+  authorization?: TAuthorization;
+}): ConvexAuthResult<P, TAuthorization>;
+/** Canonical user document type exposed by Convex Auth. */
+type UserDoc = Doc<"User">;
+/**
+ * Configuration for {@link AuthCtx} context enrichment.
+ *
+ * @typeParam TResolve - Extra fields returned from `resolve()` and merged into
+ *   the resulting `ctx.auth` object.
+ */
+type AuthCtxConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
+  /** Allow unauthenticated callers and return `userId: null` / `user: null`. */optional?: boolean;
+  /**
+   * Attach additional derived fields to the auth context after the user is resolved.
+   */
+  resolve?: (ctx: any, user: UserDoc) => Promise<TResolve> | TResolve;
+};
+/**
+ * Create a context enrichment for `customQuery` / `customMutation` — optional auth.
  *
- * ```ts
- * export const publicQuery = customQuery(rawQuery, AuthCtx(auth, { optional: true }));
- * // ctx.auth.userId is null when unauthenticated
- * ```
+ * When `optional: true` is set, unauthenticated requests are allowed.
+ * The enriched `ctx.auth` will have `userId: null` and `user: null`
+ * for unauthenticated callers.
  *
- * ### Multi-tenant with group resolution
+ * @param auth - The auth API object returned by {@link createAuth}.
+ * @param config - Configuration with `optional: true` and an optional
+ *   `resolve` callback for attaching extra fields to the auth context.
+ * @returns An object with `args` and `input` compatible with Convex
+ *   custom function builders.
  *
+ * @example
  * ```ts
  * const authCtx = AuthCtx(auth, {
- *   resolve: async (ctx, user) => {
- *     const groupId = user?.extend?.lastActiveGroup;
- *     const membership = await auth.user.group.get(ctx, {
- *       userId: user._id,
- *       groupId,
- *     });
- *     return { groupId, role: membership?.role ?? "member" };
- *   },
+ *   optional: true,
+ *   resolve: async (_ctx, user) => ({ plan: user?.extend?.plan ?? null }),
  * });
- * // ctx.auth.groupId and ctx.auth.role available in handlers
  * ```
  *
- * @param auth - The `Auth` class instance from your `convex/auth.ts`.
- * @param config - Optional configuration for optional auth and group resolution.
- * @returns A `{ args, input }` customization object compatible with
- *          `customQuery` / `customMutation` from `convex-helpers`.
+ * @see {@link createAuth}
  */
-/**
- * Overload: optional auth — `userId` and `user` may be `null`.
- */
-declare function AuthCtx<TResolve extends Record<string, unknown> = Record<string, never>>(auth: Auth, config: AuthCtxConfig<TResolve> & {
+declare function AuthCtx<TResolve extends Record<string, unknown> = Record<string, never>>(auth: AuthLike, config: AuthCtxConfig<TResolve> & {
   optional: true;
 }): {
   args: {};
@@ -408,7 +345,7 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
     ctx: {
       auth: {
         getUserIdentity: () => Promise<UserIdentity | null>;
-        userId: GenericId<"user"> | null;
+        userId: GenericId<"User"> | null;
         user: UserDoc | null;
       } & TResolve;
     };
@@ -416,15 +353,35 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
   }>;
 };
 /**
- * Overload: required auth (default) — `userId` and `user` are never `null`.
+ * Create a context enrichment for `customQuery` / `customMutation` — required auth (default).
+ *
+ * When `optional` is omitted or `false`, the inferred type is the authenticated
+ * auth shape. At runtime this helper still resolves instead of throwing, so if
+ * no user is signed in the returned `ctx.auth.userId` and `ctx.auth.user` are
+ * `null`.
+ *
+ * @param auth - The auth API object returned by {@link createAuth}.
+ * @param config - Optional configuration with a `resolve` callback
+ *   for attaching extra fields to the auth context.
+ * @returns An object with `args` and `input` compatible with Convex
+ *   custom function builders.
+ *
+ * @example
+ * ```ts
+ * const authCtx = AuthCtx(auth, {
+ *   resolve: async (_ctx, user) => ({ email: user.email }),
+ * });
+ * ```
+ *
+ * @see {@link createAuth}
  */
-declare function AuthCtx<TResolve extends Record<string, unknown> = Record<string, never>>(auth: Auth, config?: AuthCtxConfig<TResolve>): {
+declare function AuthCtx<TResolve extends Record<string, unknown> = Record<string, never>>(auth: AuthLike, config?: AuthCtxConfig<TResolve>): {
   args: {};
   input: (ctx: any, _args: any, _extra?: any) => Promise<{
     ctx: {
       auth: {
         getUserIdentity: () => Promise<UserIdentity | null>;
-        userId: GenericId<"user">;
+        userId: GenericId<"User">;
         user: UserDoc;
       } & TResolve;
     };
@@ -432,19 +389,27 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
   }>;
 };
 /**
- * Extract the `ctx.auth` shape from an {@link AuthCtx} result.
+ * Extract the resolved `auth` context type from an {@link AuthCtx} instance.
+ *
+ * Use this to type function parameters or variables that receive the
+ * enriched auth context produced by `AuthCtx`. The inferred type includes
+ * `userId`, `user`, `getUserIdentity`, and any additional fields added
+ * by the `resolve` callback. This is the generic utility for reusing the
+ * enriched auth shape without manually duplicating conditional auth types.
  *
- * Follows the same pattern as `Infer<typeof validator>` in Convex
- * and `z.infer<typeof schema>` in Zod.
+ * @typeParam T - An `AuthCtx` return value (must have an `input` method
+ *   that returns `{ ctx: { auth: ... } }`).
  *
  * @example
  * ```ts
  * const authCtx = AuthCtx(auth, {
- *   resolve: async (ctx, user) => ({ groupId: "abc", role: "admin" }),
+ *   resolve: async (ctx, user) => ({ orgId: user.orgId }),
  * });
- * type MyAuth = InferAuth<typeof authCtx>;
- * // { getUserIdentity, userId, user, groupId: string, role: string }
+ * type Auth = InferAuth<typeof authCtx>;
+ * // Auth = { userId: Id<"User">; user: UserDoc; getUserIdentity: ...; orgId: string }
  * ```
+ *
+ * @see {@link createAuth}
  */
 type InferAuth<T extends {
   input: (...args: any[]) => Promise<{
@@ -454,5 +419,5 @@ type InferAuth<T extends {
   }>;
 }> = Awaited<ReturnType<T["input"]>>["ctx"]["auth"];
 //#endregion
-export { Auth, AuthClassConfig, AuthCtx, AuthCtxConfig, InferAuth, UserDoc };
+export { AuthApi, AuthApiBase, AuthConfig, AuthCtx, AuthCtxConfig, AuthResolvedContext, ConvexAuthResult, InferAuth, InferClientApi, UserDoc, createAuth };
 //# sourceMappingURL=auth.d.ts.map