npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.2 → 0.0.4-preview.21 - Mend

@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (798) hide show

package/README.md +67 -26
package/dist/authorization/index.d.ts +63 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +63 -0
package/dist/authorization/index.js.map +1 -0
package/dist/bin.js +6185 -0
package/dist/client/core/types.d.ts +20 -0
package/dist/client/core/types.d.ts.map +1 -0
package/dist/client/index.d.ts +2 -299
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +407 -534
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/api.d.ts +42 -0
package/dist/component/_generated/api.d.ts.map +1 -1
package/dist/component/_generated/api.js.map +1 -1
package/dist/component/_generated/component.d.ts +2546 -90
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/client/core/types.d.ts +2 -0
package/dist/component/client/index.d.ts +2 -0
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/functions.d.ts +11 -9
package/dist/component/functions.d.ts.map +1 -1
package/dist/component/functions.js.map +1 -1
package/dist/component/index.d.ts +7 -11
package/dist/component/index.js +2 -3
package/dist/component/model.d.ts +153 -0
package/dist/component/model.d.ts.map +1 -0
package/dist/component/model.js +349 -0
package/dist/component/model.js.map +1 -0
package/dist/component/providers/anonymous.d.ts +54 -0
package/dist/component/providers/anonymous.d.ts.map +1 -0
package/dist/component/providers/credentials.d.ts +5 -5
package/dist/component/providers/credentials.d.ts.map +1 -1
package/dist/component/providers/device.d.ts +67 -0
package/dist/component/providers/device.d.ts.map +1 -0
package/dist/component/providers/email.d.ts +62 -0
package/dist/component/providers/email.d.ts.map +1 -0
package/dist/component/providers/oauth.d.ts.map +1 -1
package/dist/component/providers/oauth.js.map +1 -1
package/dist/component/providers/passkey.d.ts +57 -0
package/dist/component/providers/passkey.d.ts.map +1 -0
package/dist/component/providers/password.d.ts +88 -0
package/dist/component/providers/password.d.ts.map +1 -0
package/dist/component/providers/phone.d.ts +48 -0
package/dist/component/providers/phone.d.ts.map +1 -0
package/dist/component/providers/sso.d.ts +50 -0
package/dist/component/providers/sso.d.ts.map +1 -0
package/dist/component/providers/totp.d.ts +45 -0
package/dist/component/providers/totp.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.d.ts +73 -0
package/dist/component/public/enterprise/audit.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.js +108 -0
package/dist/component/public/enterprise/audit.js.map +1 -0
package/dist/component/public/enterprise/core.d.ts +176 -0
package/dist/component/public/enterprise/core.d.ts.map +1 -0
package/dist/component/public/enterprise/core.js +292 -0
package/dist/component/public/enterprise/core.js.map +1 -0
package/dist/component/public/enterprise/domains.d.ts +174 -0
package/dist/component/public/enterprise/domains.d.ts.map +1 -0
package/dist/component/public/enterprise/domains.js +271 -0
package/dist/component/public/enterprise/domains.js.map +1 -0
package/dist/component/public/enterprise/scim.d.ts +245 -0
package/dist/component/public/enterprise/scim.d.ts.map +1 -0
package/dist/component/public/enterprise/scim.js +344 -0
package/dist/component/public/enterprise/scim.js.map +1 -0
package/dist/component/public/enterprise/secrets.d.ts +78 -0
package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
package/dist/component/public/enterprise/secrets.js +118 -0
package/dist/component/public/enterprise/secrets.js.map +1 -0
package/dist/component/public/enterprise/webhooks.d.ts +211 -0
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
package/dist/component/public/enterprise/webhooks.js +300 -0
package/dist/component/public/enterprise/webhooks.js.map +1 -0
package/dist/component/public/factors/devices.d.ts +157 -0
package/dist/component/public/factors/devices.d.ts.map +1 -0
package/dist/component/public/factors/devices.js +216 -0
package/dist/component/public/factors/devices.js.map +1 -0
package/dist/component/public/factors/passkeys.d.ts +175 -0
package/dist/component/public/factors/passkeys.d.ts.map +1 -0
package/dist/component/public/factors/passkeys.js +238 -0
package/dist/component/public/factors/passkeys.js.map +1 -0
package/dist/component/public/factors/totp.d.ts +189 -0
package/dist/component/public/factors/totp.d.ts.map +1 -0
package/dist/component/public/factors/totp.js +254 -0
package/dist/component/public/factors/totp.js.map +1 -0
package/dist/component/public/groups/core.d.ts +137 -0
package/dist/component/public/groups/core.d.ts.map +1 -0
package/dist/component/public/groups/core.js +321 -0
package/dist/component/public/groups/core.js.map +1 -0
package/dist/component/public/groups/invites.d.ts +217 -0
package/dist/component/public/groups/invites.d.ts.map +1 -0
package/dist/component/public/groups/invites.js +457 -0
package/dist/component/public/groups/invites.js.map +1 -0
package/dist/component/public/groups/members.d.ts +204 -0
package/dist/component/public/groups/members.d.ts.map +1 -0
package/dist/component/public/groups/members.js +355 -0
package/dist/component/public/groups/members.js.map +1 -0
package/dist/component/public/identity/accounts.d.ts +147 -0
package/dist/component/public/identity/accounts.d.ts.map +1 -0
package/dist/component/public/identity/accounts.js +200 -0
package/dist/component/public/identity/accounts.js.map +1 -0
package/dist/component/public/identity/codes.d.ts +104 -0
package/dist/component/public/identity/codes.d.ts.map +1 -0
package/dist/component/public/identity/codes.js +140 -0
package/dist/component/public/identity/codes.js.map +1 -0
package/dist/component/public/identity/sessions.d.ts +128 -0
package/dist/component/public/identity/sessions.d.ts.map +1 -0
package/dist/component/public/identity/sessions.js +192 -0
package/dist/component/public/identity/sessions.js.map +1 -0
package/dist/component/public/identity/tokens.d.ts +169 -0
package/dist/component/public/identity/tokens.d.ts.map +1 -0
package/dist/component/public/identity/tokens.js +227 -0
package/dist/component/public/identity/tokens.js.map +1 -0
package/dist/component/public/identity/users.d.ts +212 -0
package/dist/component/public/identity/users.d.ts.map +1 -0
package/dist/component/public/identity/users.js +311 -0
package/dist/component/public/identity/users.js.map +1 -0
package/dist/component/public/identity/verifiers.d.ts +116 -0
package/dist/component/public/identity/verifiers.d.ts.map +1 -0
package/dist/component/public/identity/verifiers.js +154 -0
package/dist/component/public/identity/verifiers.js.map +1 -0
package/dist/component/public/security/keys.d.ts +209 -0
package/dist/component/public/security/keys.d.ts.map +1 -0
package/dist/component/public/security/keys.js +319 -0
package/dist/component/public/security/keys.js.map +1 -0
package/dist/component/public/security/limits.d.ts +114 -0
package/dist/component/public/security/limits.d.ts.map +1 -0
package/dist/component/public/security/limits.js +169 -0
package/dist/component/public/security/limits.js.map +1 -0
package/dist/component/public.d.ts +24 -271
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +21 -1229
package/dist/component/schema.d.ts +473 -110
package/dist/component/schema.js +162 -73
package/dist/component/schema.js.map +1 -1
package/dist/component/server/auth.d.ts +318 -373
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +204 -123
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/authError.js +34 -0
package/dist/component/server/authError.js.map +1 -0
package/dist/component/server/{providers.js → config.js} +43 -12
package/dist/component/server/config.js.map +1 -0
package/dist/component/server/cookies.js +3 -0
package/dist/component/server/cookies.js.map +1 -1
package/dist/component/server/core.js +713 -0
package/dist/component/server/core.js.map +1 -0
package/dist/component/server/crypto.js +38 -0
package/dist/component/server/crypto.js.map +1 -0
package/dist/component/server/{implementation/db.js → db.js} +2 -1
package/dist/component/server/db.js.map +1 -0
package/dist/component/server/device.js +109 -0
package/dist/component/server/device.js.map +1 -0
package/dist/component/server/enterprise/config.js +46 -0
package/dist/component/server/enterprise/config.js.map +1 -0
package/dist/component/server/enterprise/domain.js +885 -0
package/dist/component/server/enterprise/domain.js.map +1 -0
package/dist/component/server/enterprise/http.js +766 -0
package/dist/component/server/enterprise/http.js.map +1 -0
package/dist/component/server/enterprise/oidc.js +248 -0
package/dist/component/server/enterprise/oidc.js.map +1 -0
package/dist/component/server/enterprise/policy.js +85 -0
package/dist/component/server/enterprise/policy.js.map +1 -0
package/dist/component/server/enterprise/saml.js +338 -0
package/dist/component/server/enterprise/saml.js.map +1 -0
package/dist/component/server/enterprise/scim.js +97 -0
package/dist/component/server/enterprise/scim.js.map +1 -0
package/dist/component/server/enterprise/shared.js +51 -0
package/dist/component/server/enterprise/shared.js.map +1 -0
package/dist/component/server/errors.d.ts +1 -0
package/dist/component/server/errors.js +24 -16
package/dist/component/server/errors.js.map +1 -1
package/dist/component/server/http.js +288 -0
package/dist/component/server/http.js.map +1 -0
package/dist/component/server/identity.js +13 -0
package/dist/component/server/identity.js.map +1 -0
package/dist/{server/implementation → component/server}/keys.js +9 -31
package/dist/component/server/keys.js.map +1 -0
package/dist/component/server/limits.js +61 -0
package/dist/component/server/limits.js.map +1 -0
package/dist/component/server/mutations/account.js +44 -0
package/dist/component/server/mutations/account.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/component/server/mutations/code.js.map +1 -0
package/dist/component/server/mutations/invalidate.js +32 -0
package/dist/component/server/mutations/invalidate.js.map +1 -0
package/dist/component/server/mutations/oauth.js +110 -0
package/dist/component/server/mutations/oauth.js.map +1 -0
package/dist/component/server/mutations/refresh.js +119 -0
package/dist/component/server/mutations/refresh.js.map +1 -0
package/dist/component/server/mutations/register.js +83 -0
package/dist/component/server/mutations/register.js.map +1 -0
package/dist/component/server/mutations/retrieve.js +65 -0
package/dist/component/server/mutations/retrieve.js.map +1 -0
package/dist/component/server/mutations/signature.js +32 -0
package/dist/component/server/mutations/signature.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/component/server/mutations/signin.js.map +1 -0
package/dist/component/server/mutations/signout.js +27 -0
package/dist/component/server/mutations/signout.js.map +1 -0
package/dist/component/server/mutations/store/refs.js +15 -0
package/dist/component/server/mutations/store/refs.js.map +1 -0
package/dist/component/server/mutations/store.js +85 -0
package/dist/component/server/mutations/store.js.map +1 -0
package/dist/component/server/mutations/verifier.js +18 -0
package/dist/component/server/mutations/verifier.js.map +1 -0
package/dist/component/server/mutations/verify.js +98 -0
package/dist/component/server/mutations/verify.js.map +1 -0
package/dist/component/server/oauth.js +106 -60
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +328 -0
package/dist/component/server/passkey.js.map +1 -0
package/dist/{server/implementation → component/server}/redirects.js +13 -11
package/dist/component/server/redirects.js.map +1 -0
package/dist/component/server/refresh.js +96 -0
package/dist/component/server/refresh.js.map +1 -0
package/dist/component/server/runtime.d.ts +136 -0
package/dist/component/server/runtime.d.ts.map +1 -0
package/dist/component/server/runtime.js +413 -0
package/dist/component/server/runtime.js.map +1 -0
package/dist/{server/implementation → component/server}/sessions.js +14 -8
package/dist/component/server/sessions.js.map +1 -0
package/dist/component/server/signin.js +201 -0
package/dist/component/server/signin.js.map +1 -0
package/dist/component/server/tokens.js +17 -0
package/dist/component/server/tokens.js.map +1 -0
package/dist/component/server/totp.js +148 -0
package/dist/component/server/totp.js.map +1 -0
package/dist/component/server/types.d.ts +387 -298
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/{implementation/types.js → types.js} +1 -1
package/dist/component/server/types.js.map +1 -0
package/dist/component/server/{implementation/users.js → users.js} +54 -35
package/dist/component/server/users.js.map +1 -0
package/dist/component/server/utils.js +110 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +369 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/factors/device.js +105 -0
package/dist/factors/device.js.map +1 -0
package/dist/factors/passkey.js +181 -0
package/dist/factors/passkey.js.map +1 -0
package/dist/factors/totp.js +122 -0
package/dist/factors/totp.js.map +1 -0
package/dist/providers/anonymous.d.ts +3 -9
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +1 -18
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +8 -10
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -5
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/device.d.ts +18 -10
package/dist/providers/device.d.ts.map +1 -1
package/dist/providers/device.js +4 -8
package/dist/providers/device.js.map +1 -1
package/dist/providers/email.d.ts +50 -23
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +58 -34
package/dist/providers/email.js.map +1 -1
package/dist/providers/index.d.ts +7 -3
package/dist/providers/index.js +4 -1
package/dist/providers/oauth.d.ts.map +1 -1
package/dist/providers/oauth.js.map +1 -1
package/dist/providers/passkey.d.ts +12 -9
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +1 -7
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +6 -12
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +189 -89
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +40 -11
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +52 -21
package/dist/providers/phone.js.map +1 -1
package/dist/providers/sso.d.ts +50 -0
package/dist/providers/sso.d.ts.map +1 -0
package/dist/providers/sso.js +34 -0
package/dist/providers/sso.js.map +1 -0
package/dist/providers/totp.d.ts +12 -9
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +1 -7
package/dist/providers/totp.js.map +1 -1
package/dist/runtime/browser.js +68 -0
package/dist/runtime/browser.js.map +1 -0
package/dist/runtime/invite.js +51 -0
package/dist/runtime/invite.js.map +1 -0
package/dist/runtime/proxy.js +70 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/storage.js +37 -0
package/dist/runtime/storage.js.map +1 -0
package/dist/server/auth.d.ts +335 -370
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +204 -123
package/dist/server/auth.js.map +1 -1
package/dist/server/authError.d.ts +46 -0
package/dist/server/authError.d.ts.map +1 -0
package/dist/server/authError.js +34 -0
package/dist/server/authError.js.map +1 -0
package/dist/server/config.d.ts +1 -0
package/dist/server/{providers.js → config.js} +43 -12
package/dist/server/config.js.map +1 -0
package/dist/server/cookies.d.ts +1 -38
package/dist/server/cookies.js +3 -0
package/dist/server/cookies.js.map +1 -1
package/dist/server/core.d.ts +1436 -0
package/dist/server/core.d.ts.map +1 -0
package/dist/server/core.js +713 -0
package/dist/server/core.js.map +1 -0
package/dist/server/crypto.d.ts +8 -0
package/dist/server/crypto.d.ts.map +1 -0
package/dist/server/crypto.js +38 -0
package/dist/server/crypto.js.map +1 -0
package/dist/server/db.d.ts +1 -0
package/dist/server/{implementation/db.js → db.js} +2 -1
package/dist/server/db.js.map +1 -0
package/dist/server/device.d.ts +1 -0
package/dist/server/device.js +109 -0
package/dist/server/device.js.map +1 -0
package/dist/server/enterprise/config.d.ts +1 -0
package/dist/server/enterprise/config.js +46 -0
package/dist/server/enterprise/config.js.map +1 -0
package/dist/server/enterprise/domain.d.ts +409 -0
package/dist/server/enterprise/domain.d.ts.map +1 -0
package/dist/server/enterprise/domain.js +885 -0
package/dist/server/enterprise/domain.js.map +1 -0
package/dist/server/enterprise/http.d.ts +26 -0
package/dist/server/enterprise/http.d.ts.map +1 -0
package/dist/server/enterprise/http.js +766 -0
package/dist/server/enterprise/http.js.map +1 -0
package/dist/server/enterprise/oidc.d.ts +1 -0
package/dist/server/enterprise/oidc.js +248 -0
package/dist/server/enterprise/oidc.js.map +1 -0
package/dist/server/enterprise/policy.d.ts +1 -0
package/dist/server/enterprise/policy.js +85 -0
package/dist/server/enterprise/policy.js.map +1 -0
package/dist/server/enterprise/saml.d.ts +1 -0
package/dist/server/enterprise/saml.js +338 -0
package/dist/server/enterprise/saml.js.map +1 -0
package/dist/server/enterprise/scim.d.ts +1 -0
package/dist/server/enterprise/scim.js +97 -0
package/dist/server/enterprise/scim.js.map +1 -0
package/dist/server/enterprise/shared.d.ts +5 -0
package/dist/server/enterprise/shared.d.ts.map +1 -0
package/dist/server/enterprise/shared.js +51 -0
package/dist/server/enterprise/shared.js.map +1 -0
package/dist/server/enterprise/validators.d.ts +1 -0
package/dist/server/enterprise/validators.js +60 -0
package/dist/server/enterprise/validators.js.map +1 -0
package/dist/server/errors.d.ts +33 -1
package/dist/server/errors.d.ts.map +1 -1
package/dist/server/errors.js +44 -1
package/dist/server/errors.js.map +1 -1
package/dist/server/http.d.ts +59 -0
package/dist/server/http.d.ts.map +1 -0
package/dist/server/http.js +288 -0
package/dist/server/http.js.map +1 -0
package/dist/server/identity.d.ts +1 -0
package/dist/server/identity.js +13 -0
package/dist/server/identity.js.map +1 -0
package/dist/server/index.d.ts +4 -182
package/dist/server/index.js +4 -376
package/dist/server/keys.d.ts +1 -0
package/dist/{component/server/implementation → server}/keys.js +9 -31
package/dist/server/keys.js.map +1 -0
package/dist/server/limits.d.ts +1 -0
package/dist/server/limits.js +61 -0
package/dist/server/limits.js.map +1 -0
package/dist/server/mounts.d.ts +647 -0
package/dist/server/mounts.d.ts.map +1 -0
package/dist/server/mounts.js +643 -0
package/dist/server/mounts.js.map +1 -0
package/dist/server/mutations/account.d.ts +30 -0
package/dist/server/mutations/account.d.ts.map +1 -0
package/dist/server/mutations/account.js +44 -0
package/dist/server/mutations/account.js.map +1 -0
package/dist/server/mutations/code.d.ts +30 -0
package/dist/server/mutations/code.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/server/mutations/code.js.map +1 -0
package/dist/server/mutations/index.d.ts +14 -0
package/dist/server/mutations/index.js +15 -0
package/dist/server/mutations/invalidate.d.ts +20 -0
package/dist/server/mutations/invalidate.d.ts.map +1 -0
package/dist/server/mutations/invalidate.js +32 -0
package/dist/server/mutations/invalidate.js.map +1 -0
package/dist/server/mutations/oauth.d.ts +28 -0
package/dist/server/mutations/oauth.d.ts.map +1 -0
package/dist/server/mutations/oauth.js +110 -0
package/dist/server/mutations/oauth.js.map +1 -0
package/dist/server/mutations/refresh.d.ts +21 -0
package/dist/server/mutations/refresh.d.ts.map +1 -0
package/dist/server/mutations/refresh.js +119 -0
package/dist/server/mutations/refresh.js.map +1 -0
package/dist/server/mutations/register.d.ts +38 -0
package/dist/server/mutations/register.d.ts.map +1 -0
package/dist/server/mutations/register.js +83 -0
package/dist/server/mutations/register.js.map +1 -0
package/dist/server/mutations/retrieve.d.ts +33 -0
package/dist/server/mutations/retrieve.d.ts.map +1 -0
package/dist/server/mutations/retrieve.js +65 -0
package/dist/server/mutations/retrieve.js.map +1 -0
package/dist/server/mutations/signature.d.ts +22 -0
package/dist/server/mutations/signature.d.ts.map +1 -0
package/dist/server/mutations/signature.js +32 -0
package/dist/server/mutations/signature.js.map +1 -0
package/dist/server/mutations/signin.d.ts +22 -0
package/dist/server/mutations/signin.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/server/mutations/signin.js.map +1 -0
package/dist/server/mutations/signout.d.ts +16 -0
package/dist/server/mutations/signout.d.ts.map +1 -0
package/dist/server/mutations/signout.js +27 -0
package/dist/server/mutations/signout.js.map +1 -0
package/dist/server/mutations/store/refs.d.ts +12 -0
package/dist/server/mutations/store/refs.d.ts.map +1 -0
package/dist/server/mutations/store/refs.js +15 -0
package/dist/server/mutations/store/refs.js.map +1 -0
package/dist/server/mutations/store.d.ts +306 -0
package/dist/server/mutations/store.d.ts.map +1 -0
package/dist/server/mutations/store.js +85 -0
package/dist/server/mutations/store.js.map +1 -0
package/dist/server/mutations/verifier.d.ts +13 -0
package/dist/server/mutations/verifier.d.ts.map +1 -0
package/dist/server/mutations/verifier.js +18 -0
package/dist/server/mutations/verifier.js.map +1 -0
package/dist/server/mutations/verify.d.ts +26 -0
package/dist/server/mutations/verify.d.ts.map +1 -0
package/dist/server/mutations/verify.js +98 -0
package/dist/server/mutations/verify.js.map +1 -0
package/dist/server/oauth.d.ts +1 -48
package/dist/server/oauth.js +107 -64
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +27 -0
package/dist/server/passkey.d.ts.map +1 -0
package/dist/server/passkey.js +328 -0
package/dist/server/passkey.js.map +1 -0
package/dist/server/redirects.d.ts +1 -0
package/dist/{component/server/implementation → server}/redirects.js +13 -11
package/dist/server/redirects.js.map +1 -0
package/dist/server/refresh.d.ts +1 -0
package/dist/server/refresh.js +96 -0
package/dist/server/refresh.js.map +1 -0
package/dist/server/runtime.d.ts +136 -0
package/dist/server/runtime.d.ts.map +1 -0
package/dist/server/runtime.js +413 -0
package/dist/server/runtime.js.map +1 -0
package/dist/server/sessions.d.ts +1 -0
package/dist/{component/server/implementation → server}/sessions.js +14 -8
package/dist/server/sessions.js.map +1 -0
package/dist/server/signin.d.ts +1 -0
package/dist/server/signin.js +201 -0
package/dist/server/signin.js.map +1 -0
package/dist/server/ssr.d.ts +226 -0
package/dist/server/ssr.d.ts.map +1 -0
package/dist/server/ssr.js +786 -0
package/dist/server/ssr.js.map +1 -0
package/dist/server/templates.d.ts +1 -21
package/dist/server/templates.js +2 -1
package/dist/server/templates.js.map +1 -1
package/dist/server/tokens.d.ts +1 -0
package/dist/server/tokens.js +17 -0
package/dist/server/tokens.js.map +1 -0
package/dist/server/totp.d.ts +1 -0
package/dist/server/totp.js +148 -0
package/dist/server/totp.js.map +1 -0
package/dist/server/types.d.ts +498 -306
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +108 -1
package/dist/server/types.js.map +1 -0
package/dist/server/users.d.ts +1 -0
package/dist/server/{implementation/users.js → users.js} +54 -35
package/dist/server/users.js.map +1 -0
package/dist/server/utils.d.ts +1 -6
package/dist/server/utils.js +110 -4
package/dist/server/utils.js.map +1 -1
package/package.json +49 -46
package/src/authorization/index.ts +83 -0
package/src/cli/bin.ts +5 -0
package/src/cli/command.ts +6 -5
package/src/cli/index.ts +456 -248
package/src/cli/keys.ts +3 -0
package/src/client/core/types.ts +437 -0
package/src/client/factors/device.ts +160 -0
package/src/client/factors/passkey.ts +282 -0
package/src/client/factors/totp.ts +150 -0
package/src/client/index.ts +745 -989
package/src/client/runtime/browser.ts +112 -0
package/src/client/runtime/invite.ts +65 -0
package/src/client/runtime/proxy.ts +111 -0
package/src/client/runtime/storage.ts +79 -0
package/src/component/_generated/api.ts +42 -0
package/src/component/_generated/component.ts +3123 -102
package/src/component/functions.ts +38 -22
package/src/component/index.ts +10 -20
package/src/component/model.ts +449 -0
package/src/component/public/enterprise/audit.ts +120 -0
package/src/component/public/enterprise/core.ts +354 -0
package/src/component/public/enterprise/domains.ts +323 -0
package/src/component/public/enterprise/scim.ts +396 -0
package/src/component/public/enterprise/secrets.ts +132 -0
package/src/component/public/enterprise/webhooks.ts +306 -0
package/src/component/public/factors/devices.ts +223 -0
package/src/component/public/factors/passkeys.ts +242 -0
package/src/component/public/factors/totp.ts +258 -0
package/src/component/public/groups/core.ts +481 -0
package/src/component/public/groups/invites.ts +602 -0
package/src/component/public/groups/members.ts +409 -0
package/src/component/public/identity/accounts.ts +206 -0
package/src/component/public/identity/codes.ts +148 -0
package/src/component/public/identity/sessions.ts +209 -0
package/src/component/public/identity/tokens.ts +250 -0
package/src/component/public/identity/users.ts +354 -0
package/src/component/public/identity/verifiers.ts +157 -0
package/src/component/public/security/keys.ts +365 -0
package/src/component/public/security/limits.ts +173 -0
package/src/component/public.ts +26 -1766
package/src/component/schema.ts +273 -100
package/src/providers/anonymous.ts +10 -20
package/src/providers/credentials.ts +14 -22
package/src/providers/device.ts +3 -14
package/src/providers/email.ts +83 -47
package/src/providers/index.ts +7 -0
package/src/providers/oauth.ts +5 -3
package/src/providers/passkey.ts +0 -13
package/src/providers/password.ts +307 -130
package/src/providers/phone.ts +81 -37
package/src/providers/sso.ts +54 -0
package/src/providers/totp.ts +0 -13
package/src/samlify.d.ts +53 -0
package/src/server/auth.ts +701 -247
package/src/server/authError.ts +44 -0
package/src/server/{providers.ts → config.ts} +84 -15
package/src/server/cookies.ts +8 -1
package/src/server/core.ts +2095 -0
package/src/server/crypto.ts +88 -0
package/src/server/{implementation/db.ts → db.ts} +90 -15
package/src/server/device.ts +221 -0
package/src/server/enterprise/config.ts +51 -0
package/src/server/enterprise/domain.ts +1751 -0
package/src/server/enterprise/http.ts +1324 -0
package/src/server/enterprise/oidc.ts +500 -0
package/src/server/enterprise/policy.ts +128 -0
package/src/server/enterprise/saml.ts +578 -0
package/src/server/enterprise/scim.ts +135 -0
package/src/server/enterprise/shared.ts +134 -0
package/src/server/enterprise/validators.ts +93 -0
package/src/server/errors.ts +130 -119
package/src/server/http.ts +531 -0
package/src/server/identity.ts +18 -0
package/src/server/index.ts +32 -650
package/src/server/{implementation/keys.ts → keys.ts} +16 -44
package/src/server/limits.ts +134 -0
package/src/server/mounts.ts +948 -0
package/src/server/mutations/account.ts +76 -0
package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
package/src/server/mutations/index.ts +13 -0
package/src/server/mutations/invalidate.ts +50 -0
package/src/server/mutations/oauth.ts +237 -0
package/src/server/mutations/refresh.ts +298 -0
package/src/server/mutations/register.ts +200 -0
package/src/server/mutations/retrieve.ts +109 -0
package/src/server/mutations/signature.ts +50 -0
package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
package/src/server/mutations/signout.ts +43 -0
package/src/server/mutations/store/refs.ts +10 -0
package/src/server/mutations/store.ts +138 -0
package/src/server/mutations/verifier.ts +34 -0
package/src/server/mutations/verify.ts +202 -0
package/src/server/oauth.ts +243 -131
package/src/server/passkey.ts +784 -0
package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
package/src/server/refresh.ts +222 -0
package/src/server/runtime.ts +880 -0
package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
package/src/server/signin.ts +438 -0
package/src/server/ssr.ts +1764 -0
package/src/server/templates.ts +8 -3
package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
package/src/server/totp.ts +349 -0
package/src/server/types.ts +972 -207
package/src/server/{implementation/users.ts → users.ts} +129 -75
package/src/server/utils.ts +192 -5
package/src/test.ts +28 -4
package/dist/bin.cjs +0 -27757
package/dist/component/providers/email.js +0 -47
package/dist/component/providers/email.js.map +0 -1
package/dist/component/public.js.map +0 -1
package/dist/component/server/implementation/db.js.map +0 -1
package/dist/component/server/implementation/device.js +0 -135
package/dist/component/server/implementation/device.js.map +0 -1
package/dist/component/server/implementation/index.d.ts +0 -870
package/dist/component/server/implementation/index.d.ts.map +0 -1
package/dist/component/server/implementation/index.js +0 -610
package/dist/component/server/implementation/index.js.map +0 -1
package/dist/component/server/implementation/keys.js.map +0 -1
package/dist/component/server/implementation/mutations/account.js +0 -39
package/dist/component/server/implementation/mutations/account.js.map +0 -1
package/dist/component/server/implementation/mutations/code.js.map +0 -1
package/dist/component/server/implementation/mutations/index.js +0 -70
package/dist/component/server/implementation/mutations/index.js.map +0 -1
package/dist/component/server/implementation/mutations/invalidate.js +0 -29
package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/component/server/implementation/mutations/oauth.js +0 -51
package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
package/dist/component/server/implementation/mutations/refresh.js +0 -85
package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
package/dist/component/server/implementation/mutations/register.js +0 -65
package/dist/component/server/implementation/mutations/register.js.map +0 -1
package/dist/component/server/implementation/mutations/retrieve.js +0 -50
package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/component/server/implementation/mutations/signature.js +0 -27
package/dist/component/server/implementation/mutations/signature.js.map +0 -1
package/dist/component/server/implementation/mutations/signin.js.map +0 -1
package/dist/component/server/implementation/mutations/signout.js +0 -27
package/dist/component/server/implementation/mutations/signout.js.map +0 -1
package/dist/component/server/implementation/mutations/store.js +0 -12
package/dist/component/server/implementation/mutations/store.js.map +0 -1
package/dist/component/server/implementation/mutations/verifier.js +0 -16
package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
package/dist/component/server/implementation/mutations/verify.js +0 -105
package/dist/component/server/implementation/mutations/verify.js.map +0 -1
package/dist/component/server/implementation/passkey.js +0 -307
package/dist/component/server/implementation/passkey.js.map +0 -1
package/dist/component/server/implementation/provider.js +0 -19
package/dist/component/server/implementation/provider.js.map +0 -1
package/dist/component/server/implementation/ratelimit.js +0 -48
package/dist/component/server/implementation/ratelimit.js.map +0 -1
package/dist/component/server/implementation/redirects.js.map +0 -1
package/dist/component/server/implementation/refresh.js +0 -109
package/dist/component/server/implementation/refresh.js.map +0 -1
package/dist/component/server/implementation/sessions.js.map +0 -1
package/dist/component/server/implementation/signin.js +0 -148
package/dist/component/server/implementation/signin.js.map +0 -1
package/dist/component/server/implementation/tokens.js +0 -15
package/dist/component/server/implementation/tokens.js.map +0 -1
package/dist/component/server/implementation/totp.js +0 -142
package/dist/component/server/implementation/totp.js.map +0 -1
package/dist/component/server/implementation/types.d.ts +0 -42
package/dist/component/server/implementation/types.d.ts.map +0 -1
package/dist/component/server/implementation/types.js.map +0 -1
package/dist/component/server/implementation/users.js.map +0 -1
package/dist/component/server/implementation/utils.js +0 -56
package/dist/component/server/implementation/utils.js.map +0 -1
package/dist/component/server/providers.js.map +0 -1
package/dist/component/server/templates.js +0 -84
package/dist/component/server/templates.js.map +0 -1
package/dist/server/cookies.d.ts.map +0 -1
package/dist/server/implementation/db.d.ts +0 -86
package/dist/server/implementation/db.d.ts.map +0 -1
package/dist/server/implementation/db.js.map +0 -1
package/dist/server/implementation/device.d.ts +0 -30
package/dist/server/implementation/device.d.ts.map +0 -1
package/dist/server/implementation/device.js +0 -135
package/dist/server/implementation/device.js.map +0 -1
package/dist/server/implementation/index.d.ts +0 -870
package/dist/server/implementation/index.d.ts.map +0 -1
package/dist/server/implementation/index.js +0 -610
package/dist/server/implementation/index.js.map +0 -1
package/dist/server/implementation/keys.d.ts +0 -66
package/dist/server/implementation/keys.d.ts.map +0 -1
package/dist/server/implementation/keys.js.map +0 -1
package/dist/server/implementation/mutations/account.d.ts +0 -27
package/dist/server/implementation/mutations/account.d.ts.map +0 -1
package/dist/server/implementation/mutations/account.js +0 -39
package/dist/server/implementation/mutations/account.js.map +0 -1
package/dist/server/implementation/mutations/code.d.ts +0 -29
package/dist/server/implementation/mutations/code.d.ts.map +0 -1
package/dist/server/implementation/mutations/code.js.map +0 -1
package/dist/server/implementation/mutations/index.d.ts +0 -310
package/dist/server/implementation/mutations/index.d.ts.map +0 -1
package/dist/server/implementation/mutations/index.js +0 -70
package/dist/server/implementation/mutations/index.js.map +0 -1
package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
package/dist/server/implementation/mutations/invalidate.js +0 -29
package/dist/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/server/implementation/mutations/oauth.d.ts +0 -23
package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
package/dist/server/implementation/mutations/oauth.js +0 -51
package/dist/server/implementation/mutations/oauth.js.map +0 -1
package/dist/server/implementation/mutations/refresh.d.ts +0 -20
package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
package/dist/server/implementation/mutations/refresh.js +0 -85
package/dist/server/implementation/mutations/refresh.js.map +0 -1
package/dist/server/implementation/mutations/register.d.ts +0 -37
package/dist/server/implementation/mutations/register.d.ts.map +0 -1
package/dist/server/implementation/mutations/register.js +0 -65
package/dist/server/implementation/mutations/register.js.map +0 -1
package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
package/dist/server/implementation/mutations/retrieve.js +0 -50
package/dist/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/server/implementation/mutations/signature.d.ts +0 -19
package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
package/dist/server/implementation/mutations/signature.js +0 -27
package/dist/server/implementation/mutations/signature.js.map +0 -1
package/dist/server/implementation/mutations/signin.d.ts +0 -21
package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
package/dist/server/implementation/mutations/signin.js.map +0 -1
package/dist/server/implementation/mutations/signout.d.ts +0 -14
package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
package/dist/server/implementation/mutations/signout.js +0 -27
package/dist/server/implementation/mutations/signout.js.map +0 -1
package/dist/server/implementation/mutations/store.d.ts +0 -11
package/dist/server/implementation/mutations/store.d.ts.map +0 -1
package/dist/server/implementation/mutations/store.js +0 -12
package/dist/server/implementation/mutations/store.js.map +0 -1
package/dist/server/implementation/mutations/verifier.d.ts +0 -11
package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
package/dist/server/implementation/mutations/verifier.js +0 -16
package/dist/server/implementation/mutations/verifier.js.map +0 -1
package/dist/server/implementation/mutations/verify.d.ts +0 -25
package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
package/dist/server/implementation/mutations/verify.js +0 -105
package/dist/server/implementation/mutations/verify.js.map +0 -1
package/dist/server/implementation/passkey.d.ts +0 -24
package/dist/server/implementation/passkey.d.ts.map +0 -1
package/dist/server/implementation/passkey.js +0 -307
package/dist/server/implementation/passkey.js.map +0 -1
package/dist/server/implementation/provider.d.ts +0 -10
package/dist/server/implementation/provider.d.ts.map +0 -1
package/dist/server/implementation/provider.js +0 -19
package/dist/server/implementation/provider.js.map +0 -1
package/dist/server/implementation/ratelimit.d.ts +0 -10
package/dist/server/implementation/ratelimit.d.ts.map +0 -1
package/dist/server/implementation/ratelimit.js +0 -48
package/dist/server/implementation/ratelimit.js.map +0 -1
package/dist/server/implementation/redirects.d.ts +0 -10
package/dist/server/implementation/redirects.d.ts.map +0 -1
package/dist/server/implementation/redirects.js.map +0 -1
package/dist/server/implementation/refresh.d.ts +0 -37
package/dist/server/implementation/refresh.d.ts.map +0 -1
package/dist/server/implementation/refresh.js +0 -109
package/dist/server/implementation/refresh.js.map +0 -1
package/dist/server/implementation/sessions.d.ts +0 -29
package/dist/server/implementation/sessions.d.ts.map +0 -1
package/dist/server/implementation/sessions.js.map +0 -1
package/dist/server/implementation/signin.d.ts +0 -55
package/dist/server/implementation/signin.d.ts.map +0 -1
package/dist/server/implementation/signin.js +0 -148
package/dist/server/implementation/signin.js.map +0 -1
package/dist/server/implementation/tokens.d.ts +0 -11
package/dist/server/implementation/tokens.d.ts.map +0 -1
package/dist/server/implementation/tokens.js +0 -15
package/dist/server/implementation/tokens.js.map +0 -1
package/dist/server/implementation/totp.d.ts +0 -31
package/dist/server/implementation/totp.d.ts.map +0 -1
package/dist/server/implementation/totp.js +0 -142
package/dist/server/implementation/totp.js.map +0 -1
package/dist/server/implementation/types.d.ts +0 -189
package/dist/server/implementation/types.d.ts.map +0 -1
package/dist/server/implementation/types.js +0 -97
package/dist/server/implementation/types.js.map +0 -1
package/dist/server/implementation/users.d.ts +0 -30
package/dist/server/implementation/users.d.ts.map +0 -1
package/dist/server/implementation/users.js.map +0 -1
package/dist/server/implementation/utils.d.ts +0 -19
package/dist/server/implementation/utils.d.ts.map +0 -1
package/dist/server/implementation/utils.js +0 -56
package/dist/server/implementation/utils.js.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js.map +0 -1
package/dist/server/oauth.d.ts.map +0 -1
package/dist/server/providers.d.ts +0 -72
package/dist/server/providers.d.ts.map +0 -1
package/dist/server/providers.js.map +0 -1
package/dist/server/templates.d.ts.map +0 -1
package/dist/server/utils.d.ts.map +0 -1
package/dist/server/version.d.ts +0 -5
package/dist/server/version.d.ts.map +0 -1
package/dist/server/version.js +0 -6
package/dist/server/version.js.map +0 -1
package/src/cli/utils.ts +0 -248
package/src/server/implementation/device.ts +0 -307
package/src/server/implementation/index.ts +0 -1583
package/src/server/implementation/mutations/account.ts +0 -50
package/src/server/implementation/mutations/index.ts +0 -157
package/src/server/implementation/mutations/invalidate.ts +0 -42
package/src/server/implementation/mutations/oauth.ts +0 -73
package/src/server/implementation/mutations/refresh.ts +0 -175
package/src/server/implementation/mutations/register.ts +0 -100
package/src/server/implementation/mutations/retrieve.ts +0 -79
package/src/server/implementation/mutations/signature.ts +0 -39
package/src/server/implementation/mutations/signout.ts +0 -35
package/src/server/implementation/mutations/store.ts +0 -7
package/src/server/implementation/mutations/verifier.ts +0 -24
package/src/server/implementation/mutations/verify.ts +0 -194
package/src/server/implementation/passkey.ts +0 -620
package/src/server/implementation/provider.ts +0 -36
package/src/server/implementation/ratelimit.ts +0 -79
package/src/server/implementation/refresh.ts +0 -172
package/src/server/implementation/signin.ts +0 -296
package/src/server/implementation/totp.ts +0 -342
package/src/server/implementation/types.ts +0 -444
package/src/server/implementation/utils.ts +0 -91
package/src/server/version.ts +0 -2

package/dist/server/identity.js ADDED Viewed

@@ -0,0 +1,13 @@
+import { AuthError } from "./authError.js";
+//#region src/server/identity.ts
+/** @internal */
+function userIdFromIdentitySubject(subject) {
+	const [userId, ...rest] = subject.split("|");
+	if (typeof userId !== "string" || userId.length === 0 || rest.length === 0 || rest.some((segment) => segment.length === 0)) throw new AuthError("INTERNAL_ERROR", "Authenticated identity subject is malformed.");
+	return userId;
+}
+//#endregion
+export { userIdFromIdentitySubject };
+//# sourceMappingURL=identity.js.map

package/dist/server/identity.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"identity.js","names":[],"sources":["../../src/server/identity.ts"],"sourcesContent":["import { AuthError } from \"./authError\";\n\n/** @internal */\nexport function userIdFromIdentitySubject(subject: string): string {\n const [userId, ...rest] = subject.split(\"|\");\n if (\n typeof userId !== \"string\" ||\n userId.length === 0 ||\n rest.length === 0 ||\n rest.some((segment) => segment.length === 0)\n ) {\n throw new AuthError(\n \"INTERNAL_ERROR\",\n \"Authenticated identity subject is malformed.\",\n );\n }\n return userId;\n}\n"],"mappings":";;;;AAGA,SAAgB,0BAA0B,SAAyB;CACjE,MAAM,CAAC,QAAQ,GAAG,QAAQ,QAAQ,MAAM,IAAI;AAC5C,KACE,OAAO,WAAW,YAClB,OAAO,WAAW,KAClB,KAAK,WAAW,KAChB,KAAK,MAAM,YAAY,QAAQ,WAAW,EAAE,CAE5C,OAAM,IAAI,UACR,kBACA,+CACD;AAEH,QAAO"}

package/dist/server/index.d.ts CHANGED Viewed

@@ -1,182 +1,4 @@
-//#region src/server/index.d.ts
-/** Cookie lifetime configuration for auth tokens. */
-type AuthCookieConfig = {
-  /** Maximum age in seconds, or `null` for session cookies. */maxAge: number | null;
-};
-/** Raw cookie values extracted from a request. */
-type AuthCookies = {
-  /** The JWT access token, or `null` when absent. */token: string | null; /** The refresh token, or `null` when absent. */
-  refreshToken: string | null; /** The OAuth PKCE verifier, or `null` when absent. */
-  verifier: string | null;
-};
-/** A structured cookie ready to be set via any framework's cookie API. */
-type AuthCookie = {
-  name: string;
-  value: string;
-  options: {
-    path: string;
-    httpOnly: boolean;
-    secure: boolean;
-    sameSite: "lax" | "strict" | "none";
-    maxAge?: number;
-    expires?: Date;
-  };
-};
-/**
- * Options for the SSR auth helper returned by {@link server}.
- */
-type ServerOptions = {
-  /** Convex deployment URL (e.g. `https://your-app.convex.cloud`). */url: string;
-  /**
-   * Path the client POSTs auth actions to. Defaults to `"/api/auth"`.
-   * Must match the `proxy` option on the client.
-   */
-  apiRoute?: string; /** Cookie `maxAge` in seconds, or `null` for session cookies. */
-  cookieMaxAge?: number | null; /** Enable verbose debug logging for token refresh and cookie operations. */
-  verbose?: boolean;
-  /**
-   * Control whether `refresh()` handles OAuth `?code=` query parameters.
-   *
-   * - `true` (default): always exchange the code on GET requests with `text/html` accept.
-   * - `false`: never exchange — useful when only the client handles codes.
-   * - A function: called with the `Request` for per-request decisions.
-   */
-  shouldHandleCode?: ((request: Request) => boolean | Promise<boolean>) | boolean;
-};
-type RefreshResult = {
-  /** Structured cookies to set on the response. */cookies: AuthCookie[]; /** URL to redirect to (set after OAuth code exchange). */
-  redirect?: string; /** JWT for SSR hydration, or `null` if not authenticated. */
-  token: string | null;
-};
-/**
- * Derive the cookie names used for auth tokens.
- *
- * On localhost the names are unprefixed; on production hosts they
- * use the `__Host-` prefix for tighter security.
- *
- * @param host - The `Host` header value. Omit to use unprefixed names.
- * @returns An object with `token`, `refreshToken`, and `verifier` cookie names.
- */
-declare function authCookieNames(host?: string): {
-  token: string;
-  refreshToken: string;
-  verifier: string;
-};
-/**
- * Parse auth cookie values from a raw `Cookie` header string.
- *
- * @param cookieHeader - The raw `Cookie` header, or `null`/`undefined`.
- * @param host - The `Host` header, used to determine cookie name prefixes.
- * @returns Parsed {@link AuthCookies} with `token`, `refreshToken`, and `verifier`.
- */
-declare function parseAuthCookies(cookieHeader: string | null | undefined, host?: string): AuthCookies;
-/**
- * Serialize auth cookies into `Set-Cookie` header strings.
- *
- * Nulled-out values produce deletion cookies (maxAge 0, expired date).
- *
- * @param cookies - The auth cookie values to serialize.
- * @param host - The `Host` header, used for cookie name prefixes and `Secure` flag.
- * @param config - Cookie lifetime config. Defaults to session cookies.
- * @returns An array of three `Set-Cookie` header strings.
- */
-declare function serializeAuthCookies(cookies: AuthCookies, host?: string, config?: AuthCookieConfig): string[];
-/**
- * Build structured cookie objects for any SSR framework.
- *
- * Use with SvelteKit's `event.cookies.set()`, TanStack Start's `setCookie()`,
- * Next.js's `cookies().set()`, or any other framework cookie API.
- */
-declare function structuredAuthCookies(cookies: AuthCookies, host?: string, config?: AuthCookieConfig): AuthCookie[];
-/**
- * Check whether a request pathname matches the auth proxy route.
- *
- * Handles trailing-slash ambiguity: both `/api/auth` and `/api/auth/`
- * match regardless of how `apiRoute` is configured.
- *
- * @param pathname - The request URL pathname.
- * @param apiRoute - The configured proxy route (e.g. `"/api/auth"`).
- * @returns `true` when the pathname matches the proxy route.
- */
-declare function shouldProxyAuthAction(pathname: string, apiRoute: string): boolean;
-/**
- * Create an SSR auth helper for server-side frameworks.
- *
- * Handles cookie-based token management, OAuth code exchange,
- * and automatic JWT refresh on page loads. Works with any
- * framework that gives you a `Request` object — SvelteKit,
- * TanStack Start, Remix, Next.js, etc.
- *
- * @param options - SSR configuration (Convex URL, proxy route, cookie lifetime).
- * @returns An object with `token`, `verify`, `proxy`, and `refresh` methods.
- *
- * @example SvelteKit hooks
- * ```ts
- * // src/hooks.server.ts
- * import { server } from '@robelest/convex-auth/server';
- *
- * const auth = server({ url: CONVEX_URL });
- *
- * export const handle = async ({ event, resolve }) => {
- *   const { cookies, token } = await auth.refresh(event.request);
- *   for (const c of cookies) event.cookies.set(c.name, c.value, c.options);
- *   event.locals.token = token;
- *   return resolve(event);
- * };
- * ```
- *
- * @example Generic proxy endpoint
- * ```ts
- * if (shouldProxyAuthAction(url.pathname, '/api/auth')) {
- *   return auth.proxy(request);
- * }
- * ```
- */
-declare function server(options: ServerOptions): {
-  /**
-   * Read the JWT from the request cookies without any validation.
-   *
-   * @param request - The incoming HTTP request.
-   * @returns The raw JWT string, or `null` when no token cookie exists.
-   */
-  token(request: Request): string | null;
-  /**
-   * Check whether the request carries a non-expired JWT.
-   *
-   * Performs local expiration checking only (no network call).
-   * Use for lightweight auth guards in middleware.
-   *
-   * @param request - The incoming HTTP request.
-   * @returns `true` when a valid, non-expired JWT exists in the cookies.
-   */
-  verify(request: Request): Promise<boolean>;
-  /**
-   * Handle a proxied `signIn` or `signOut` POST from the client.
-   *
-   * Validates the route, method, and origin, then forwards the
-   * action to Convex and returns a `Response` with updated
-   * `Set-Cookie` headers. The client never sees the real
-   * refresh token — it stays in httpOnly cookies.
-   *
-   * @param request - The incoming POST request from the client.
-   * @returns A JSON `Response` with auth result and cookie headers.
-   */
-  proxy(request: Request): Promise<Response>;
-  /**
-   * Refresh auth tokens on page load.
-   *
-   * Call this in your server hooks/middleware on every request.
-   * It handles three scenarios:
-   *
-   * 1. **OAuth code exchange** — exchanges a `?code=` query param for tokens and returns a redirect URL.
-   * 2. **Token refresh** — refreshes the JWT if it's close to expiry.
-   * 3. **No-op** — returns the existing token when no refresh is needed.
-   *
-   * @param request - The incoming HTTP request.
-   * @returns Structured cookies to set on the response, an optional redirect URL, and the current JWT.
-   */
-  refresh(request: Request): Promise<RefreshResult>;
-};
-//#endregion
-export { AuthCookie, AuthCookieConfig, AuthCookies, RefreshResult, ServerOptions, authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies };
-//# sourceMappingURL=index.d.ts.map
+import { AuthApi, AuthApiBase, AuthConfig, AuthCtx, ConvexAuthResult, InferAuth, InferClientApi, UserDoc, createAuth } from "./auth.js";
+import { EnterpriseAdminAuthorizationInput, EnterpriseAdminPermission, EnterpriseAuthorizer, EnterpriseMountOptions, enterprise, scim, sso } from "./mounts.js";
+import { AuthCookie, AuthCookieConfig, AuthCookies, RefreshResult, ServerOptions, authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./ssr.js";
+export { type AuthApi, type AuthApiBase, type AuthConfig, type AuthCookie, type AuthCookieConfig, type AuthCookies, AuthCtx, type ConvexAuthResult, type EnterpriseAdminAuthorizationInput, type EnterpriseAdminPermission, type EnterpriseAuthorizer, type EnterpriseMountOptions, type InferAuth, type InferClientApi, type RefreshResult, type ServerOptions, type UserDoc, authCookieNames, createAuth, enterprise, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };

package/dist/server/index.js CHANGED Viewed

@@ -1,377 +1,5 @@
-import { isLocalHost } from "./utils.js";
-import { ConvexError } from "convex/values";
-import { parse, serialize } from "cookie";
-import { ConvexHttpClient } from "convex/browser";
-import { jwtDecode } from "jwt-decode";
+import { AuthCtx, createAuth } from "./auth.js";
+import { enterprise, scim, sso } from "./mounts.js";
+import { authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./ssr.js";
-//#region src/server/index.ts
-/**
-* Derive the cookie names used for auth tokens.
-*
-* On localhost the names are unprefixed; on production hosts they
-* use the `__Host-` prefix for tighter security.
-*
-* @param host - The `Host` header value. Omit to use unprefixed names.
-* @returns An object with `token`, `refreshToken`, and `verifier` cookie names.
-*/
-function authCookieNames(host) {
-	const prefix = isLocalHost(host) ? "" : "__Host-";
-	return {
-		token: `${prefix}__convexAuthJWT`,
-		refreshToken: `${prefix}__convexAuthRefreshToken`,
-		verifier: `${prefix}__convexAuthOAuthVerifier`
-	};
-}
-/**
-* Parse auth cookie values from a raw `Cookie` header string.
-*
-* @param cookieHeader - The raw `Cookie` header, or `null`/`undefined`.
-* @param host - The `Host` header, used to determine cookie name prefixes.
-* @returns Parsed {@link AuthCookies} with `token`, `refreshToken`, and `verifier`.
-*/
-function parseAuthCookies(cookieHeader, host) {
-	const names = authCookieNames(host);
-	const parsed = parse(cookieHeader ?? "");
-	return {
-		token: parsed[names.token] ?? null,
-		refreshToken: parsed[names.refreshToken] ?? null,
-		verifier: parsed[names.verifier] ?? null
-	};
-}
-/**
-* Serialize auth cookies into `Set-Cookie` header strings.
-*
-* Nulled-out values produce deletion cookies (maxAge 0, expired date).
-*
-* @param cookies - The auth cookie values to serialize.
-* @param host - The `Host` header, used for cookie name prefixes and `Secure` flag.
-* @param config - Cookie lifetime config. Defaults to session cookies.
-* @returns An array of three `Set-Cookie` header strings.
-*/
-function serializeAuthCookies(cookies, host, config = { maxAge: null }) {
-	const names = authCookieNames(host);
-	const base = {
-		path: "/",
-		httpOnly: true,
-		sameSite: "lax",
-		secure: !isLocalHost(host)
-	};
-	const maxAge = config.maxAge ?? void 0;
-	return [
-		serialize(names.token, cookies.token ?? "", {
-			...base,
-			maxAge: cookies.token === null ? 0 : maxAge,
-			expires: cookies.token === null ? /* @__PURE__ */ new Date(0) : void 0
-		}),
-		serialize(names.refreshToken, cookies.refreshToken ?? "", {
-			...base,
-			maxAge: cookies.refreshToken === null ? 0 : maxAge,
-			expires: cookies.refreshToken === null ? /* @__PURE__ */ new Date(0) : void 0
-		}),
-		serialize(names.verifier, cookies.verifier ?? "", {
-			...base,
-			maxAge: cookies.verifier === null ? 0 : maxAge,
-			expires: cookies.verifier === null ? /* @__PURE__ */ new Date(0) : void 0
-		})
-	];
-}
-/**
-* Build structured cookie objects for any SSR framework.
-*
-* Use with SvelteKit's `event.cookies.set()`, TanStack Start's `setCookie()`,
-* Next.js's `cookies().set()`, or any other framework cookie API.
-*/
-function structuredAuthCookies(cookies, host, config = { maxAge: null }) {
-	const names = authCookieNames(host);
-	const base = {
-		path: "/",
-		httpOnly: true,
-		secure: !isLocalHost(host),
-		sameSite: "lax"
-	};
-	const maxAge = config.maxAge ?? void 0;
-	return [
-		{
-			name: names.token,
-			value: cookies.token ?? "",
-			options: {
-				...base,
-				maxAge: cookies.token === null ? 0 : maxAge,
-				expires: cookies.token === null ? /* @__PURE__ */ new Date(0) : void 0
-			}
-		},
-		{
-			name: names.refreshToken,
-			value: cookies.refreshToken ?? "",
-			options: {
-				...base,
-				maxAge: cookies.refreshToken === null ? 0 : maxAge,
-				expires: cookies.refreshToken === null ? /* @__PURE__ */ new Date(0) : void 0
-			}
-		},
-		{
-			name: names.verifier,
-			value: cookies.verifier ?? "",
-			options: {
-				...base,
-				maxAge: cookies.verifier === null ? 0 : maxAge,
-				expires: cookies.verifier === null ? /* @__PURE__ */ new Date(0) : void 0
-			}
-		}
-	];
-}
-/**
-* Check whether a request pathname matches the auth proxy route.
-*
-* Handles trailing-slash ambiguity: both `/api/auth` and `/api/auth/`
-* match regardless of how `apiRoute` is configured.
-*
-* @param pathname - The request URL pathname.
-* @param apiRoute - The configured proxy route (e.g. `"/api/auth"`).
-* @returns `true` when the pathname matches the proxy route.
-*/
-function shouldProxyAuthAction(pathname, apiRoute) {
-	if (apiRoute.endsWith("/")) return pathname === apiRoute || pathname === apiRoute.slice(0, -1);
-	return pathname === apiRoute || pathname === `${apiRoute}/`;
-}
-const REQUIRED_TOKEN_LIFETIME_MS = 6e4;
-const MINIMUM_REQUIRED_TOKEN_LIFETIME_MS = 1e4;
-/**
-* Create an SSR auth helper for server-side frameworks.
-*
-* Handles cookie-based token management, OAuth code exchange,
-* and automatic JWT refresh on page loads. Works with any
-* framework that gives you a `Request` object — SvelteKit,
-* TanStack Start, Remix, Next.js, etc.
-*
-* @param options - SSR configuration (Convex URL, proxy route, cookie lifetime).
-* @returns An object with `token`, `verify`, `proxy`, and `refresh` methods.
-*
-* @example SvelteKit hooks
-* ```ts
-* // src/hooks.server.ts
-* import { server } from '@robelest/convex-auth/server';
-*
-* const auth = server({ url: CONVEX_URL });
-*
-* export const handle = async ({ event, resolve }) => {
-*   const { cookies, token } = await auth.refresh(event.request);
-*   for (const c of cookies) event.cookies.set(c.name, c.value, c.options);
-*   event.locals.token = token;
-*   return resolve(event);
-* };
-* ```
-*
-* @example Generic proxy endpoint
-* ```ts
-* if (shouldProxyAuthAction(url.pathname, '/api/auth')) {
-*   return auth.proxy(request);
-* }
-* ```
-*/
-function server(options) {
-	const convexUrl = options.url;
-	const apiRoute = options.apiRoute ?? "/api/auth";
-	const cookieConfig = { maxAge: options.cookieMaxAge ?? null };
-	const verbose = options.verbose ?? false;
-	const logVerbose = (message) => {
-		if (!verbose) return;
-		console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] ${message}`);
-	};
-	const cookieHost = (request) => {
-		return request.headers.get("host") ?? new URL(request.url).host;
-	};
-	const parseRequestCookies = (request) => {
-		return parseAuthCookies(request.headers.get("cookie"), cookieHost(request));
-	};
-	const attachCookies = (response, cookies) => {
-		for (const value of cookies) response.headers.append("Set-Cookie", value);
-		return response;
-	};
-	const jsonResponse = (body, status = 200) => {
-		return new Response(JSON.stringify(body), {
-			status,
-			headers: { "Content-Type": "application/json" }
-		});
-	};
-	const isCorsRequest = (request) => {
-		const originHeader = request.headers.get("origin");
-		if (originHeader === null) return false;
-		const requestUrl = new URL(request.url);
-		const originUrl = new URL(originHeader);
-		return originUrl.host !== requestUrl.host || originUrl.protocol !== requestUrl.protocol;
-	};
-	const decodeToken = (token) => {
-		try {
-			return jwtDecode(token);
-		} catch {
-			return null;
-		}
-	};
-	const convexClient = (token) => {
-		const client = new ConvexHttpClient(convexUrl);
-		if (token !== void 0 && token !== null) client.setAuth(token);
-		return client;
-	};
-	const refreshTokens = async (request) => {
-		const { token, refreshToken } = parseRequestCookies(request);
-		if (refreshToken === null && token === null) {
-			logVerbose("No auth cookies found, skipping refresh");
-			return;
-		}
-		if (refreshToken === null || token === null) {
-			logVerbose("Only one auth cookie present, clearing auth cookies");
-			return null;
-		}
-		const decodedToken = decodeToken(token);
-		if (decodedToken?.exp === void 0 || decodedToken.iat === void 0) {
-			logVerbose("Failed to decode token, clearing auth cookies");
-			return null;
-		}
-		const totalTokenLifetimeMs = decodedToken.exp * 1e3 - decodedToken.iat * 1e3;
-		const minimumExpiration = Date.now() + Math.min(REQUIRED_TOKEN_LIFETIME_MS, Math.max(MINIMUM_REQUIRED_TOKEN_LIFETIME_MS, totalTokenLifetimeMs / 10));
-		if (decodedToken.exp * 1e3 > minimumExpiration) {
-			logVerbose("Token valid long enough, skipping refresh");
-			return;
-		}
-		try {
-			const result = await convexClient().action("auth:signIn", { refreshToken });
-			if (result.tokens === void 0) throw new Error("Invalid `auth:signIn` result for token refresh");
-			logVerbose(`Refreshed tokens, null=${result.tokens === null}`);
-			return result.tokens;
-		} catch (error) {
-			console.error(error);
-			logVerbose("Token refresh failed, clearing auth cookies");
-			return null;
-		}
-	};
-	return {
-		token(request) {
-			return parseRequestCookies(request).token;
-		},
-		async verify(request) {
-			const token = parseRequestCookies(request).token;
-			if (token === null) return false;
-			const decodedToken = decodeToken(token);
-			if (decodedToken?.exp === void 0) return false;
-			return decodedToken.exp * 1e3 > Date.now();
-		},
-		async proxy(request) {
-			if (!shouldProxyAuthAction(new URL(request.url).pathname, apiRoute)) return new Response("Invalid route", { status: 404 });
-			if (request.method !== "POST") return new Response("Invalid method", { status: 405 });
-			if (isCorsRequest(request)) return new Response("Invalid origin", { status: 403 });
-			const body = await request.json();
-			const action = body.action;
-			const args = body.args ?? {};
-			if (action !== "auth:signIn" && action !== "auth:signOut") return new Response("Invalid action", { status: 400 });
-			const currentCookies = parseRequestCookies(request);
-			const host = cookieHost(request);
-			if (action === "auth:signIn") {
-				if (args.refreshToken !== void 0) {
-					if (currentCookies.refreshToken === null) return jsonResponse({ tokens: null });
-					args.refreshToken = currentCookies.refreshToken;
-				}
-				const client = convexClient(args.refreshToken !== void 0 || args.params?.code !== void 0 ? null : currentCookies.token);
-				try {
-					const result = await client.action("auth:signIn", args);
-					if (result.redirect !== void 0) return attachCookies(jsonResponse({ redirect: result.redirect }), serializeAuthCookies({
-						...currentCookies,
-						verifier: result.verifier ?? null
-					}, host, cookieConfig));
-					if (result.tokens !== void 0) return attachCookies(jsonResponse({ tokens: result.tokens === null ? null : {
-						token: result.tokens.token,
-						refreshToken: "dummy"
-					} }), serializeAuthCookies({
-						token: result.tokens?.token ?? null,
-						refreshToken: result.tokens?.refreshToken ?? null,
-						verifier: null
-					}, host, cookieConfig));
-					return jsonResponse(result);
-				} catch (error) {
-					return attachCookies(jsonResponse(error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data ? {
-						error: error.data.message ?? String(error),
-						authError: error.data
-					} : { error: error instanceof Error ? error.message : String(error) }, 400), serializeAuthCookies({
-						token: null,
-						refreshToken: null,
-						verifier: null
-					}, host, cookieConfig));
-				}
-			}
-			try {
-				await convexClient(currentCookies.token).action("auth:signOut");
-			} catch (error) {
-				console.error(error);
-			}
-			return attachCookies(jsonResponse(null), serializeAuthCookies({
-				token: null,
-				refreshToken: null,
-				verifier: null
-			}, host, cookieConfig));
-		},
-		async refresh(request) {
-			const host = cookieHost(request);
-			const currentToken = parseRequestCookies(request).token;
-			if (isCorsRequest(request)) return {
-				cookies: structuredAuthCookies({
-					token: null,
-					refreshToken: null,
-					verifier: null
-				}, host, cookieConfig),
-				token: null
-			};
-			const requestUrl = new URL(request.url);
-			const code = requestUrl.searchParams.get("code");
-			const shouldHandleCode = options.shouldHandleCode === void 0 ? true : typeof options.shouldHandleCode === "function" ? await options.shouldHandleCode(request) : options.shouldHandleCode;
-			if (code !== null && request.method === "GET" && request.headers.get("accept")?.includes("text/html") && shouldHandleCode) {
-				const requestCookies = parseRequestCookies(request);
-				const redirectUrl = new URL(requestUrl);
-				redirectUrl.searchParams.delete("code");
-				try {
-					const result = await convexClient().action("auth:signIn", {
-						params: { code },
-						verifier: requestCookies.verifier ?? void 0
-					});
-					if (result.tokens === void 0) throw new Error("Invalid `auth:signIn` result for code exchange");
-					return {
-						cookies: structuredAuthCookies({
-							token: result.tokens?.token ?? null,
-							refreshToken: result.tokens?.refreshToken ?? null,
-							verifier: null
-						}, host, cookieConfig),
-						redirect: redirectUrl.toString(),
-						token: result.tokens?.token ?? null
-					};
-				} catch (error) {
-					console.error(error);
-					return {
-						cookies: structuredAuthCookies({
-							token: null,
-							refreshToken: null,
-							verifier: null
-						}, host, cookieConfig),
-						redirect: redirectUrl.toString(),
-						token: null
-					};
-				}
-			}
-			const tokens = await refreshTokens(request);
-			if (tokens === void 0) return {
-				cookies: [],
-				token: currentToken
-			};
-			return {
-				cookies: structuredAuthCookies({
-					token: tokens?.token ?? null,
-					refreshToken: tokens?.refreshToken ?? null,
-					verifier: null
-				}, host, cookieConfig),
-				token: tokens?.token ?? null
-			};
-		}
-	};
-}
-//#endregion
-export { authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies };
-//# sourceMappingURL=index.js.map
+export { AuthCtx, authCookieNames, createAuth, enterprise, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };

package/dist/server/keys.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { };

package/dist/{component/server/implementation → server}/keys.js RENAMED Viewed

@@ -1,22 +1,12 @@
-import { throwAuthError } from "../errors.js";
 import { generateRandomString, sha256 } from "./utils.js";
-//#region src/server/implementation/keys.ts
-/**
-* API Key crypto utilities.
-*
-* Uses `@oslojs/crypto` primitives for key generation and hashing:
-* - SHA-256 for hashing keys (API keys have high entropy, no need for bcrypt)
-* - Cryptographically secure random generation for key material
-*
-* @module
-*/
-const DEFAULT_KEY_PREFIX = "sk_live_";
+//#region src/server/keys.ts
+const DEFAULT_KEY_PREFIX = "sk_";
 const KEY_RANDOM_LENGTH = 32;
 const KEY_RANDOM_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 /**
 * How many characters of the full key to store as the visible prefix.
-* Includes the prefix string (e.g. "sk_live_") plus a few random chars.
+* Includes the prefix string (e.g. "sk_") plus a few random chars.
 */
 const VISIBLE_PREFIX_EXTRA_CHARS = 4;
 /**
@@ -25,9 +15,10 @@ const VISIBLE_PREFIX_EXTRA_CHARS = 4;
 * Returns the raw key (to be shown once to the user) and metadata for storage.
 * The raw key is `{prefix}{32 random alphanumeric chars}`.
 *
-* @param prefix - Key prefix, defaults to "sk_live_"
+* @param prefix - Key prefix, defaults to "sk_"
 * @returns `{ raw, hashedKey, displayPrefix }`
 */
+/** @internal */
 async function generateApiKey(prefix = DEFAULT_KEY_PREFIX) {
 	const raw = `${prefix}${generateRandomString(KEY_RANDOM_LENGTH, KEY_RANDOM_ALPHABET)}`;
 	return {
@@ -41,6 +32,7 @@ async function generateApiKey(prefix = DEFAULT_KEY_PREFIX) {
 *
 * Used during Bearer token verification to find the stored key record.
 */
+/** @internal */
 async function hashApiKey(rawKey) {
 	return sha256(rawKey);
 }
@@ -53,6 +45,7 @@ async function hashApiKey(rawKey) {
 * A wildcard action `"*"` grants all actions on that resource.
 * A wildcard resource `"*"` grants the action on all resources.
 */
+/** @internal */
 function buildScopeChecker(scopes) {
 	return {
 		scopes,
@@ -62,22 +55,6 @@ function buildScopeChecker(scopes) {
 	};
 }
 /**
-* Validate that requested scopes are a subset of the allowed scopes
-* defined in the API key config.
-*
-* @param requested - Scopes the user wants on the new key.
-* @param allowed - The scope definition from `apiKeys.scopes` config.
-* @throws Error if any requested scope is not in the allowed set.
-*/
-function validateScopes(requested, allowed) {
-	if (!allowed) return;
-	for (const scope of requested) {
-		const allowedActions = allowed[scope.resource];
-		if (!allowedActions) throwAuthError("API_KEY_INVALID_SCOPE", `Unknown resource "${scope.resource}" in API key scopes. Allowed resources: ${Object.keys(allowed).join(", ")}`);
-		for (const action of scope.actions) if (action !== "*" && !allowedActions.includes(action)) throwAuthError("API_KEY_INVALID_SCOPE", `Unknown action "${action}" for resource "${scope.resource}". Allowed actions: ${allowedActions.join(", ")}`);
-	}
-}
-/**
 * Check whether a key is rate-limited based on its stored state.
 *
 * Uses the same token-bucket algorithm as sign-in rate limiting:
@@ -85,6 +62,7 @@ function validateScopes(requested, allowed) {
 *
 * @returns `{ limited: boolean; newState: { attemptsLeft, lastAttemptTime } }`
 */
+/** @internal */
 function checkKeyRateLimit(rateLimit, state) {
 	const now = Date.now();
 	if (!state) return {
@@ -114,5 +92,5 @@ function checkKeyRateLimit(rateLimit, state) {
 }
 //#endregion
-export { buildScopeChecker, checkKeyRateLimit, generateApiKey, hashApiKey, validateScopes };
+export { buildScopeChecker, checkKeyRateLimit, generateApiKey, hashApiKey };
 //# sourceMappingURL=keys.js.map