@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -26
- package/dist/authorization/index.d.ts +63 -0
- package/dist/authorization/index.d.ts.map +1 -0
- package/dist/authorization/index.js +63 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/bin.js +6185 -0
- package/dist/client/core/types.d.ts +20 -0
- package/dist/client/core/types.d.ts.map +1 -0
- package/dist/client/index.d.ts +2 -299
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +407 -534
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +42 -0
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/api.js.map +1 -1
- package/dist/component/_generated/component.d.ts +2546 -90
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/client/core/types.d.ts +2 -0
- package/dist/component/client/index.d.ts +2 -0
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/functions.d.ts +11 -9
- package/dist/component/functions.d.ts.map +1 -1
- package/dist/component/functions.js.map +1 -1
- package/dist/component/index.d.ts +7 -11
- package/dist/component/index.js +2 -3
- package/dist/component/model.d.ts +153 -0
- package/dist/component/model.d.ts.map +1 -0
- package/dist/component/model.js +349 -0
- package/dist/component/model.js.map +1 -0
- package/dist/component/providers/anonymous.d.ts +54 -0
- package/dist/component/providers/anonymous.d.ts.map +1 -0
- package/dist/component/providers/credentials.d.ts +5 -5
- package/dist/component/providers/credentials.d.ts.map +1 -1
- package/dist/component/providers/device.d.ts +67 -0
- package/dist/component/providers/device.d.ts.map +1 -0
- package/dist/component/providers/email.d.ts +62 -0
- package/dist/component/providers/email.d.ts.map +1 -0
- package/dist/component/providers/oauth.d.ts.map +1 -1
- package/dist/component/providers/oauth.js.map +1 -1
- package/dist/component/providers/passkey.d.ts +57 -0
- package/dist/component/providers/passkey.d.ts.map +1 -0
- package/dist/component/providers/password.d.ts +88 -0
- package/dist/component/providers/password.d.ts.map +1 -0
- package/dist/component/providers/phone.d.ts +48 -0
- package/dist/component/providers/phone.d.ts.map +1 -0
- package/dist/component/providers/sso.d.ts +50 -0
- package/dist/component/providers/sso.d.ts.map +1 -0
- package/dist/component/providers/totp.d.ts +45 -0
- package/dist/component/providers/totp.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.d.ts +73 -0
- package/dist/component/public/enterprise/audit.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.js +108 -0
- package/dist/component/public/enterprise/audit.js.map +1 -0
- package/dist/component/public/enterprise/core.d.ts +176 -0
- package/dist/component/public/enterprise/core.d.ts.map +1 -0
- package/dist/component/public/enterprise/core.js +292 -0
- package/dist/component/public/enterprise/core.js.map +1 -0
- package/dist/component/public/enterprise/domains.d.ts +174 -0
- package/dist/component/public/enterprise/domains.d.ts.map +1 -0
- package/dist/component/public/enterprise/domains.js +271 -0
- package/dist/component/public/enterprise/domains.js.map +1 -0
- package/dist/component/public/enterprise/scim.d.ts +245 -0
- package/dist/component/public/enterprise/scim.d.ts.map +1 -0
- package/dist/component/public/enterprise/scim.js +344 -0
- package/dist/component/public/enterprise/scim.js.map +1 -0
- package/dist/component/public/enterprise/secrets.d.ts +78 -0
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
- package/dist/component/public/enterprise/secrets.js +118 -0
- package/dist/component/public/enterprise/secrets.js.map +1 -0
- package/dist/component/public/enterprise/webhooks.d.ts +211 -0
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
- package/dist/component/public/enterprise/webhooks.js +300 -0
- package/dist/component/public/enterprise/webhooks.js.map +1 -0
- package/dist/component/public/factors/devices.d.ts +157 -0
- package/dist/component/public/factors/devices.d.ts.map +1 -0
- package/dist/component/public/factors/devices.js +216 -0
- package/dist/component/public/factors/devices.js.map +1 -0
- package/dist/component/public/factors/passkeys.d.ts +175 -0
- package/dist/component/public/factors/passkeys.d.ts.map +1 -0
- package/dist/component/public/factors/passkeys.js +238 -0
- package/dist/component/public/factors/passkeys.js.map +1 -0
- package/dist/component/public/factors/totp.d.ts +189 -0
- package/dist/component/public/factors/totp.d.ts.map +1 -0
- package/dist/component/public/factors/totp.js +254 -0
- package/dist/component/public/factors/totp.js.map +1 -0
- package/dist/component/public/groups/core.d.ts +137 -0
- package/dist/component/public/groups/core.d.ts.map +1 -0
- package/dist/component/public/groups/core.js +321 -0
- package/dist/component/public/groups/core.js.map +1 -0
- package/dist/component/public/groups/invites.d.ts +217 -0
- package/dist/component/public/groups/invites.d.ts.map +1 -0
- package/dist/component/public/groups/invites.js +457 -0
- package/dist/component/public/groups/invites.js.map +1 -0
- package/dist/component/public/groups/members.d.ts +204 -0
- package/dist/component/public/groups/members.d.ts.map +1 -0
- package/dist/component/public/groups/members.js +355 -0
- package/dist/component/public/groups/members.js.map +1 -0
- package/dist/component/public/identity/accounts.d.ts +147 -0
- package/dist/component/public/identity/accounts.d.ts.map +1 -0
- package/dist/component/public/identity/accounts.js +200 -0
- package/dist/component/public/identity/accounts.js.map +1 -0
- package/dist/component/public/identity/codes.d.ts +104 -0
- package/dist/component/public/identity/codes.d.ts.map +1 -0
- package/dist/component/public/identity/codes.js +140 -0
- package/dist/component/public/identity/codes.js.map +1 -0
- package/dist/component/public/identity/sessions.d.ts +128 -0
- package/dist/component/public/identity/sessions.d.ts.map +1 -0
- package/dist/component/public/identity/sessions.js +192 -0
- package/dist/component/public/identity/sessions.js.map +1 -0
- package/dist/component/public/identity/tokens.d.ts +169 -0
- package/dist/component/public/identity/tokens.d.ts.map +1 -0
- package/dist/component/public/identity/tokens.js +227 -0
- package/dist/component/public/identity/tokens.js.map +1 -0
- package/dist/component/public/identity/users.d.ts +212 -0
- package/dist/component/public/identity/users.d.ts.map +1 -0
- package/dist/component/public/identity/users.js +311 -0
- package/dist/component/public/identity/users.js.map +1 -0
- package/dist/component/public/identity/verifiers.d.ts +116 -0
- package/dist/component/public/identity/verifiers.d.ts.map +1 -0
- package/dist/component/public/identity/verifiers.js +154 -0
- package/dist/component/public/identity/verifiers.js.map +1 -0
- package/dist/component/public/security/keys.d.ts +209 -0
- package/dist/component/public/security/keys.d.ts.map +1 -0
- package/dist/component/public/security/keys.js +319 -0
- package/dist/component/public/security/keys.js.map +1 -0
- package/dist/component/public/security/limits.d.ts +114 -0
- package/dist/component/public/security/limits.d.ts.map +1 -0
- package/dist/component/public/security/limits.js +169 -0
- package/dist/component/public/security/limits.js.map +1 -0
- package/dist/component/public.d.ts +24 -271
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +21 -1229
- package/dist/component/schema.d.ts +473 -110
- package/dist/component/schema.js +162 -73
- package/dist/component/schema.js.map +1 -1
- package/dist/component/server/auth.d.ts +318 -373
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +204 -123
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/authError.js +34 -0
- package/dist/component/server/authError.js.map +1 -0
- package/dist/component/server/{providers.js → config.js} +43 -12
- package/dist/component/server/config.js.map +1 -0
- package/dist/component/server/cookies.js +3 -0
- package/dist/component/server/cookies.js.map +1 -1
- package/dist/component/server/core.js +713 -0
- package/dist/component/server/core.js.map +1 -0
- package/dist/component/server/crypto.js +38 -0
- package/dist/component/server/crypto.js.map +1 -0
- package/dist/component/server/{implementation/db.js → db.js} +2 -1
- package/dist/component/server/db.js.map +1 -0
- package/dist/component/server/device.js +109 -0
- package/dist/component/server/device.js.map +1 -0
- package/dist/component/server/enterprise/config.js +46 -0
- package/dist/component/server/enterprise/config.js.map +1 -0
- package/dist/component/server/enterprise/domain.js +885 -0
- package/dist/component/server/enterprise/domain.js.map +1 -0
- package/dist/component/server/enterprise/http.js +766 -0
- package/dist/component/server/enterprise/http.js.map +1 -0
- package/dist/component/server/enterprise/oidc.js +248 -0
- package/dist/component/server/enterprise/oidc.js.map +1 -0
- package/dist/component/server/enterprise/policy.js +85 -0
- package/dist/component/server/enterprise/policy.js.map +1 -0
- package/dist/component/server/enterprise/saml.js +338 -0
- package/dist/component/server/enterprise/saml.js.map +1 -0
- package/dist/component/server/enterprise/scim.js +97 -0
- package/dist/component/server/enterprise/scim.js.map +1 -0
- package/dist/component/server/enterprise/shared.js +51 -0
- package/dist/component/server/enterprise/shared.js.map +1 -0
- package/dist/component/server/errors.d.ts +1 -0
- package/dist/component/server/errors.js +24 -16
- package/dist/component/server/errors.js.map +1 -1
- package/dist/component/server/http.js +288 -0
- package/dist/component/server/http.js.map +1 -0
- package/dist/component/server/identity.js +13 -0
- package/dist/component/server/identity.js.map +1 -0
- package/dist/{server/implementation → component/server}/keys.js +9 -31
- package/dist/component/server/keys.js.map +1 -0
- package/dist/component/server/limits.js +61 -0
- package/dist/component/server/limits.js.map +1 -0
- package/dist/component/server/mutations/account.js +44 -0
- package/dist/component/server/mutations/account.js.map +1 -0
- package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
- package/dist/component/server/mutations/code.js.map +1 -0
- package/dist/component/server/mutations/invalidate.js +32 -0
- package/dist/component/server/mutations/invalidate.js.map +1 -0
- package/dist/component/server/mutations/oauth.js +110 -0
- package/dist/component/server/mutations/oauth.js.map +1 -0
- package/dist/component/server/mutations/refresh.js +119 -0
- package/dist/component/server/mutations/refresh.js.map +1 -0
- package/dist/component/server/mutations/register.js +83 -0
- package/dist/component/server/mutations/register.js.map +1 -0
- package/dist/component/server/mutations/retrieve.js +65 -0
- package/dist/component/server/mutations/retrieve.js.map +1 -0
- package/dist/component/server/mutations/signature.js +32 -0
- package/dist/component/server/mutations/signature.js.map +1 -0
- package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
- package/dist/component/server/mutations/signin.js.map +1 -0
- package/dist/component/server/mutations/signout.js +27 -0
- package/dist/component/server/mutations/signout.js.map +1 -0
- package/dist/component/server/mutations/store/refs.js +15 -0
- package/dist/component/server/mutations/store/refs.js.map +1 -0
- package/dist/component/server/mutations/store.js +85 -0
- package/dist/component/server/mutations/store.js.map +1 -0
- package/dist/component/server/mutations/verifier.js +18 -0
- package/dist/component/server/mutations/verifier.js.map +1 -0
- package/dist/component/server/mutations/verify.js +98 -0
- package/dist/component/server/mutations/verify.js.map +1 -0
- package/dist/component/server/oauth.js +106 -60
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +328 -0
- package/dist/component/server/passkey.js.map +1 -0
- package/dist/{server/implementation → component/server}/redirects.js +13 -11
- package/dist/component/server/redirects.js.map +1 -0
- package/dist/component/server/refresh.js +96 -0
- package/dist/component/server/refresh.js.map +1 -0
- package/dist/component/server/runtime.d.ts +136 -0
- package/dist/component/server/runtime.d.ts.map +1 -0
- package/dist/component/server/runtime.js +413 -0
- package/dist/component/server/runtime.js.map +1 -0
- package/dist/{server/implementation → component/server}/sessions.js +14 -8
- package/dist/component/server/sessions.js.map +1 -0
- package/dist/component/server/signin.js +201 -0
- package/dist/component/server/signin.js.map +1 -0
- package/dist/component/server/tokens.js +17 -0
- package/dist/component/server/tokens.js.map +1 -0
- package/dist/component/server/totp.js +148 -0
- package/dist/component/server/totp.js.map +1 -0
- package/dist/component/server/types.d.ts +387 -298
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/{implementation/types.js → types.js} +1 -1
- package/dist/component/server/types.js.map +1 -0
- package/dist/component/server/{implementation/users.js → users.js} +54 -35
- package/dist/component/server/users.js.map +1 -0
- package/dist/component/server/utils.js +110 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +369 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/factors/device.js +105 -0
- package/dist/factors/device.js.map +1 -0
- package/dist/factors/passkey.js +181 -0
- package/dist/factors/passkey.js.map +1 -0
- package/dist/factors/totp.js +122 -0
- package/dist/factors/totp.js.map +1 -0
- package/dist/providers/anonymous.d.ts +3 -9
- package/dist/providers/anonymous.d.ts.map +1 -1
- package/dist/providers/anonymous.js +1 -18
- package/dist/providers/anonymous.js.map +1 -1
- package/dist/providers/credentials.d.ts +8 -10
- package/dist/providers/credentials.d.ts.map +1 -1
- package/dist/providers/credentials.js +3 -5
- package/dist/providers/credentials.js.map +1 -1
- package/dist/providers/device.d.ts +18 -10
- package/dist/providers/device.d.ts.map +1 -1
- package/dist/providers/device.js +4 -8
- package/dist/providers/device.js.map +1 -1
- package/dist/providers/email.d.ts +50 -23
- package/dist/providers/email.d.ts.map +1 -1
- package/dist/providers/email.js +58 -34
- package/dist/providers/email.js.map +1 -1
- package/dist/providers/index.d.ts +7 -3
- package/dist/providers/index.js +4 -1
- package/dist/providers/oauth.d.ts.map +1 -1
- package/dist/providers/oauth.js.map +1 -1
- package/dist/providers/passkey.d.ts +12 -9
- package/dist/providers/passkey.d.ts.map +1 -1
- package/dist/providers/passkey.js +1 -7
- package/dist/providers/passkey.js.map +1 -1
- package/dist/providers/password.d.ts +6 -12
- package/dist/providers/password.d.ts.map +1 -1
- package/dist/providers/password.js +189 -89
- package/dist/providers/password.js.map +1 -1
- package/dist/providers/phone.d.ts +40 -11
- package/dist/providers/phone.d.ts.map +1 -1
- package/dist/providers/phone.js +52 -21
- package/dist/providers/phone.js.map +1 -1
- package/dist/providers/sso.d.ts +50 -0
- package/dist/providers/sso.d.ts.map +1 -0
- package/dist/providers/sso.js +34 -0
- package/dist/providers/sso.js.map +1 -0
- package/dist/providers/totp.d.ts +12 -9
- package/dist/providers/totp.d.ts.map +1 -1
- package/dist/providers/totp.js +1 -7
- package/dist/providers/totp.js.map +1 -1
- package/dist/runtime/browser.js +68 -0
- package/dist/runtime/browser.js.map +1 -0
- package/dist/runtime/invite.js +51 -0
- package/dist/runtime/invite.js.map +1 -0
- package/dist/runtime/proxy.js +70 -0
- package/dist/runtime/proxy.js.map +1 -0
- package/dist/runtime/storage.js +37 -0
- package/dist/runtime/storage.js.map +1 -0
- package/dist/server/auth.d.ts +335 -370
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +204 -123
- package/dist/server/auth.js.map +1 -1
- package/dist/server/authError.d.ts +46 -0
- package/dist/server/authError.d.ts.map +1 -0
- package/dist/server/authError.js +34 -0
- package/dist/server/authError.js.map +1 -0
- package/dist/server/config.d.ts +1 -0
- package/dist/server/{providers.js → config.js} +43 -12
- package/dist/server/config.js.map +1 -0
- package/dist/server/cookies.d.ts +1 -38
- package/dist/server/cookies.js +3 -0
- package/dist/server/cookies.js.map +1 -1
- package/dist/server/core.d.ts +1436 -0
- package/dist/server/core.d.ts.map +1 -0
- package/dist/server/core.js +713 -0
- package/dist/server/core.js.map +1 -0
- package/dist/server/crypto.d.ts +8 -0
- package/dist/server/crypto.d.ts.map +1 -0
- package/dist/server/crypto.js +38 -0
- package/dist/server/crypto.js.map +1 -0
- package/dist/server/db.d.ts +1 -0
- package/dist/server/{implementation/db.js → db.js} +2 -1
- package/dist/server/db.js.map +1 -0
- package/dist/server/device.d.ts +1 -0
- package/dist/server/device.js +109 -0
- package/dist/server/device.js.map +1 -0
- package/dist/server/enterprise/config.d.ts +1 -0
- package/dist/server/enterprise/config.js +46 -0
- package/dist/server/enterprise/config.js.map +1 -0
- package/dist/server/enterprise/domain.d.ts +409 -0
- package/dist/server/enterprise/domain.d.ts.map +1 -0
- package/dist/server/enterprise/domain.js +885 -0
- package/dist/server/enterprise/domain.js.map +1 -0
- package/dist/server/enterprise/http.d.ts +26 -0
- package/dist/server/enterprise/http.d.ts.map +1 -0
- package/dist/server/enterprise/http.js +766 -0
- package/dist/server/enterprise/http.js.map +1 -0
- package/dist/server/enterprise/oidc.d.ts +1 -0
- package/dist/server/enterprise/oidc.js +248 -0
- package/dist/server/enterprise/oidc.js.map +1 -0
- package/dist/server/enterprise/policy.d.ts +1 -0
- package/dist/server/enterprise/policy.js +85 -0
- package/dist/server/enterprise/policy.js.map +1 -0
- package/dist/server/enterprise/saml.d.ts +1 -0
- package/dist/server/enterprise/saml.js +338 -0
- package/dist/server/enterprise/saml.js.map +1 -0
- package/dist/server/enterprise/scim.d.ts +1 -0
- package/dist/server/enterprise/scim.js +97 -0
- package/dist/server/enterprise/scim.js.map +1 -0
- package/dist/server/enterprise/shared.d.ts +5 -0
- package/dist/server/enterprise/shared.d.ts.map +1 -0
- package/dist/server/enterprise/shared.js +51 -0
- package/dist/server/enterprise/shared.js.map +1 -0
- package/dist/server/enterprise/validators.d.ts +1 -0
- package/dist/server/enterprise/validators.js +60 -0
- package/dist/server/enterprise/validators.js.map +1 -0
- package/dist/server/errors.d.ts +33 -1
- package/dist/server/errors.d.ts.map +1 -1
- package/dist/server/errors.js +44 -1
- package/dist/server/errors.js.map +1 -1
- package/dist/server/http.d.ts +59 -0
- package/dist/server/http.d.ts.map +1 -0
- package/dist/server/http.js +288 -0
- package/dist/server/http.js.map +1 -0
- package/dist/server/identity.d.ts +1 -0
- package/dist/server/identity.js +13 -0
- package/dist/server/identity.js.map +1 -0
- package/dist/server/index.d.ts +4 -182
- package/dist/server/index.js +4 -376
- package/dist/server/keys.d.ts +1 -0
- package/dist/{component/server/implementation → server}/keys.js +9 -31
- package/dist/server/keys.js.map +1 -0
- package/dist/server/limits.d.ts +1 -0
- package/dist/server/limits.js +61 -0
- package/dist/server/limits.js.map +1 -0
- package/dist/server/mounts.d.ts +647 -0
- package/dist/server/mounts.d.ts.map +1 -0
- package/dist/server/mounts.js +643 -0
- package/dist/server/mounts.js.map +1 -0
- package/dist/server/mutations/account.d.ts +30 -0
- package/dist/server/mutations/account.d.ts.map +1 -0
- package/dist/server/mutations/account.js +44 -0
- package/dist/server/mutations/account.js.map +1 -0
- package/dist/server/mutations/code.d.ts +30 -0
- package/dist/server/mutations/code.d.ts.map +1 -0
- package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
- package/dist/server/mutations/code.js.map +1 -0
- package/dist/server/mutations/index.d.ts +14 -0
- package/dist/server/mutations/index.js +15 -0
- package/dist/server/mutations/invalidate.d.ts +20 -0
- package/dist/server/mutations/invalidate.d.ts.map +1 -0
- package/dist/server/mutations/invalidate.js +32 -0
- package/dist/server/mutations/invalidate.js.map +1 -0
- package/dist/server/mutations/oauth.d.ts +28 -0
- package/dist/server/mutations/oauth.d.ts.map +1 -0
- package/dist/server/mutations/oauth.js +110 -0
- package/dist/server/mutations/oauth.js.map +1 -0
- package/dist/server/mutations/refresh.d.ts +21 -0
- package/dist/server/mutations/refresh.d.ts.map +1 -0
- package/dist/server/mutations/refresh.js +119 -0
- package/dist/server/mutations/refresh.js.map +1 -0
- package/dist/server/mutations/register.d.ts +38 -0
- package/dist/server/mutations/register.d.ts.map +1 -0
- package/dist/server/mutations/register.js +83 -0
- package/dist/server/mutations/register.js.map +1 -0
- package/dist/server/mutations/retrieve.d.ts +33 -0
- package/dist/server/mutations/retrieve.d.ts.map +1 -0
- package/dist/server/mutations/retrieve.js +65 -0
- package/dist/server/mutations/retrieve.js.map +1 -0
- package/dist/server/mutations/signature.d.ts +22 -0
- package/dist/server/mutations/signature.d.ts.map +1 -0
- package/dist/server/mutations/signature.js +32 -0
- package/dist/server/mutations/signature.js.map +1 -0
- package/dist/server/mutations/signin.d.ts +22 -0
- package/dist/server/mutations/signin.d.ts.map +1 -0
- package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
- package/dist/server/mutations/signin.js.map +1 -0
- package/dist/server/mutations/signout.d.ts +16 -0
- package/dist/server/mutations/signout.d.ts.map +1 -0
- package/dist/server/mutations/signout.js +27 -0
- package/dist/server/mutations/signout.js.map +1 -0
- package/dist/server/mutations/store/refs.d.ts +12 -0
- package/dist/server/mutations/store/refs.d.ts.map +1 -0
- package/dist/server/mutations/store/refs.js +15 -0
- package/dist/server/mutations/store/refs.js.map +1 -0
- package/dist/server/mutations/store.d.ts +306 -0
- package/dist/server/mutations/store.d.ts.map +1 -0
- package/dist/server/mutations/store.js +85 -0
- package/dist/server/mutations/store.js.map +1 -0
- package/dist/server/mutations/verifier.d.ts +13 -0
- package/dist/server/mutations/verifier.d.ts.map +1 -0
- package/dist/server/mutations/verifier.js +18 -0
- package/dist/server/mutations/verifier.js.map +1 -0
- package/dist/server/mutations/verify.d.ts +26 -0
- package/dist/server/mutations/verify.d.ts.map +1 -0
- package/dist/server/mutations/verify.js +98 -0
- package/dist/server/mutations/verify.js.map +1 -0
- package/dist/server/oauth.d.ts +1 -48
- package/dist/server/oauth.js +107 -64
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +27 -0
- package/dist/server/passkey.d.ts.map +1 -0
- package/dist/server/passkey.js +328 -0
- package/dist/server/passkey.js.map +1 -0
- package/dist/server/redirects.d.ts +1 -0
- package/dist/{component/server/implementation → server}/redirects.js +13 -11
- package/dist/server/redirects.js.map +1 -0
- package/dist/server/refresh.d.ts +1 -0
- package/dist/server/refresh.js +96 -0
- package/dist/server/refresh.js.map +1 -0
- package/dist/server/runtime.d.ts +136 -0
- package/dist/server/runtime.d.ts.map +1 -0
- package/dist/server/runtime.js +413 -0
- package/dist/server/runtime.js.map +1 -0
- package/dist/server/sessions.d.ts +1 -0
- package/dist/{component/server/implementation → server}/sessions.js +14 -8
- package/dist/server/sessions.js.map +1 -0
- package/dist/server/signin.d.ts +1 -0
- package/dist/server/signin.js +201 -0
- package/dist/server/signin.js.map +1 -0
- package/dist/server/ssr.d.ts +226 -0
- package/dist/server/ssr.d.ts.map +1 -0
- package/dist/server/ssr.js +786 -0
- package/dist/server/ssr.js.map +1 -0
- package/dist/server/templates.d.ts +1 -21
- package/dist/server/templates.js +2 -1
- package/dist/server/templates.js.map +1 -1
- package/dist/server/tokens.d.ts +1 -0
- package/dist/server/tokens.js +17 -0
- package/dist/server/tokens.js.map +1 -0
- package/dist/server/totp.d.ts +1 -0
- package/dist/server/totp.js +148 -0
- package/dist/server/totp.js.map +1 -0
- package/dist/server/types.d.ts +498 -306
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js +108 -1
- package/dist/server/types.js.map +1 -0
- package/dist/server/users.d.ts +1 -0
- package/dist/server/{implementation/users.js → users.js} +54 -35
- package/dist/server/users.js.map +1 -0
- package/dist/server/utils.d.ts +1 -6
- package/dist/server/utils.js +110 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +49 -46
- package/src/authorization/index.ts +83 -0
- package/src/cli/bin.ts +5 -0
- package/src/cli/command.ts +6 -5
- package/src/cli/index.ts +456 -248
- package/src/cli/keys.ts +3 -0
- package/src/client/core/types.ts +437 -0
- package/src/client/factors/device.ts +160 -0
- package/src/client/factors/passkey.ts +282 -0
- package/src/client/factors/totp.ts +150 -0
- package/src/client/index.ts +745 -989
- package/src/client/runtime/browser.ts +112 -0
- package/src/client/runtime/invite.ts +65 -0
- package/src/client/runtime/proxy.ts +111 -0
- package/src/client/runtime/storage.ts +79 -0
- package/src/component/_generated/api.ts +42 -0
- package/src/component/_generated/component.ts +3123 -102
- package/src/component/functions.ts +38 -22
- package/src/component/index.ts +10 -20
- package/src/component/model.ts +449 -0
- package/src/component/public/enterprise/audit.ts +120 -0
- package/src/component/public/enterprise/core.ts +354 -0
- package/src/component/public/enterprise/domains.ts +323 -0
- package/src/component/public/enterprise/scim.ts +396 -0
- package/src/component/public/enterprise/secrets.ts +132 -0
- package/src/component/public/enterprise/webhooks.ts +306 -0
- package/src/component/public/factors/devices.ts +223 -0
- package/src/component/public/factors/passkeys.ts +242 -0
- package/src/component/public/factors/totp.ts +258 -0
- package/src/component/public/groups/core.ts +481 -0
- package/src/component/public/groups/invites.ts +602 -0
- package/src/component/public/groups/members.ts +409 -0
- package/src/component/public/identity/accounts.ts +206 -0
- package/src/component/public/identity/codes.ts +148 -0
- package/src/component/public/identity/sessions.ts +209 -0
- package/src/component/public/identity/tokens.ts +250 -0
- package/src/component/public/identity/users.ts +354 -0
- package/src/component/public/identity/verifiers.ts +157 -0
- package/src/component/public/security/keys.ts +365 -0
- package/src/component/public/security/limits.ts +173 -0
- package/src/component/public.ts +26 -1766
- package/src/component/schema.ts +273 -100
- package/src/providers/anonymous.ts +10 -20
- package/src/providers/credentials.ts +14 -22
- package/src/providers/device.ts +3 -14
- package/src/providers/email.ts +83 -47
- package/src/providers/index.ts +7 -0
- package/src/providers/oauth.ts +5 -3
- package/src/providers/passkey.ts +0 -13
- package/src/providers/password.ts +307 -130
- package/src/providers/phone.ts +81 -37
- package/src/providers/sso.ts +54 -0
- package/src/providers/totp.ts +0 -13
- package/src/samlify.d.ts +53 -0
- package/src/server/auth.ts +701 -247
- package/src/server/authError.ts +44 -0
- package/src/server/{providers.ts → config.ts} +84 -15
- package/src/server/cookies.ts +8 -1
- package/src/server/core.ts +2095 -0
- package/src/server/crypto.ts +88 -0
- package/src/server/{implementation/db.ts → db.ts} +90 -15
- package/src/server/device.ts +221 -0
- package/src/server/enterprise/config.ts +51 -0
- package/src/server/enterprise/domain.ts +1751 -0
- package/src/server/enterprise/http.ts +1324 -0
- package/src/server/enterprise/oidc.ts +500 -0
- package/src/server/enterprise/policy.ts +128 -0
- package/src/server/enterprise/saml.ts +578 -0
- package/src/server/enterprise/scim.ts +135 -0
- package/src/server/enterprise/shared.ts +134 -0
- package/src/server/enterprise/validators.ts +93 -0
- package/src/server/errors.ts +130 -119
- package/src/server/http.ts +531 -0
- package/src/server/identity.ts +18 -0
- package/src/server/index.ts +32 -650
- package/src/server/{implementation/keys.ts → keys.ts} +16 -44
- package/src/server/limits.ts +134 -0
- package/src/server/mounts.ts +948 -0
- package/src/server/mutations/account.ts +76 -0
- package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
- package/src/server/mutations/index.ts +13 -0
- package/src/server/mutations/invalidate.ts +50 -0
- package/src/server/mutations/oauth.ts +237 -0
- package/src/server/mutations/refresh.ts +298 -0
- package/src/server/mutations/register.ts +200 -0
- package/src/server/mutations/retrieve.ts +109 -0
- package/src/server/mutations/signature.ts +50 -0
- package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
- package/src/server/mutations/signout.ts +43 -0
- package/src/server/mutations/store/refs.ts +10 -0
- package/src/server/mutations/store.ts +138 -0
- package/src/server/mutations/verifier.ts +34 -0
- package/src/server/mutations/verify.ts +202 -0
- package/src/server/oauth.ts +243 -131
- package/src/server/passkey.ts +784 -0
- package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
- package/src/server/refresh.ts +222 -0
- package/src/server/runtime.ts +880 -0
- package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
- package/src/server/signin.ts +438 -0
- package/src/server/ssr.ts +1764 -0
- package/src/server/templates.ts +8 -3
- package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
- package/src/server/totp.ts +349 -0
- package/src/server/types.ts +972 -207
- package/src/server/{implementation/users.ts → users.ts} +129 -75
- package/src/server/utils.ts +192 -5
- package/src/test.ts +28 -4
- package/dist/bin.cjs +0 -27757
- package/dist/component/providers/email.js +0 -47
- package/dist/component/providers/email.js.map +0 -1
- package/dist/component/public.js.map +0 -1
- package/dist/component/server/implementation/db.js.map +0 -1
- package/dist/component/server/implementation/device.js +0 -135
- package/dist/component/server/implementation/device.js.map +0 -1
- package/dist/component/server/implementation/index.d.ts +0 -870
- package/dist/component/server/implementation/index.d.ts.map +0 -1
- package/dist/component/server/implementation/index.js +0 -610
- package/dist/component/server/implementation/index.js.map +0 -1
- package/dist/component/server/implementation/keys.js.map +0 -1
- package/dist/component/server/implementation/mutations/account.js +0 -39
- package/dist/component/server/implementation/mutations/account.js.map +0 -1
- package/dist/component/server/implementation/mutations/code.js.map +0 -1
- package/dist/component/server/implementation/mutations/index.js +0 -70
- package/dist/component/server/implementation/mutations/index.js.map +0 -1
- package/dist/component/server/implementation/mutations/invalidate.js +0 -29
- package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
- package/dist/component/server/implementation/mutations/oauth.js +0 -51
- package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
- package/dist/component/server/implementation/mutations/refresh.js +0 -85
- package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
- package/dist/component/server/implementation/mutations/register.js +0 -65
- package/dist/component/server/implementation/mutations/register.js.map +0 -1
- package/dist/component/server/implementation/mutations/retrieve.js +0 -50
- package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
- package/dist/component/server/implementation/mutations/signature.js +0 -27
- package/dist/component/server/implementation/mutations/signature.js.map +0 -1
- package/dist/component/server/implementation/mutations/signin.js.map +0 -1
- package/dist/component/server/implementation/mutations/signout.js +0 -27
- package/dist/component/server/implementation/mutations/signout.js.map +0 -1
- package/dist/component/server/implementation/mutations/store.js +0 -12
- package/dist/component/server/implementation/mutations/store.js.map +0 -1
- package/dist/component/server/implementation/mutations/verifier.js +0 -16
- package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
- package/dist/component/server/implementation/mutations/verify.js +0 -105
- package/dist/component/server/implementation/mutations/verify.js.map +0 -1
- package/dist/component/server/implementation/passkey.js +0 -307
- package/dist/component/server/implementation/passkey.js.map +0 -1
- package/dist/component/server/implementation/provider.js +0 -19
- package/dist/component/server/implementation/provider.js.map +0 -1
- package/dist/component/server/implementation/ratelimit.js +0 -48
- package/dist/component/server/implementation/ratelimit.js.map +0 -1
- package/dist/component/server/implementation/redirects.js.map +0 -1
- package/dist/component/server/implementation/refresh.js +0 -109
- package/dist/component/server/implementation/refresh.js.map +0 -1
- package/dist/component/server/implementation/sessions.js.map +0 -1
- package/dist/component/server/implementation/signin.js +0 -148
- package/dist/component/server/implementation/signin.js.map +0 -1
- package/dist/component/server/implementation/tokens.js +0 -15
- package/dist/component/server/implementation/tokens.js.map +0 -1
- package/dist/component/server/implementation/totp.js +0 -142
- package/dist/component/server/implementation/totp.js.map +0 -1
- package/dist/component/server/implementation/types.d.ts +0 -42
- package/dist/component/server/implementation/types.d.ts.map +0 -1
- package/dist/component/server/implementation/types.js.map +0 -1
- package/dist/component/server/implementation/users.js.map +0 -1
- package/dist/component/server/implementation/utils.js +0 -56
- package/dist/component/server/implementation/utils.js.map +0 -1
- package/dist/component/server/providers.js.map +0 -1
- package/dist/component/server/templates.js +0 -84
- package/dist/component/server/templates.js.map +0 -1
- package/dist/server/cookies.d.ts.map +0 -1
- package/dist/server/implementation/db.d.ts +0 -86
- package/dist/server/implementation/db.d.ts.map +0 -1
- package/dist/server/implementation/db.js.map +0 -1
- package/dist/server/implementation/device.d.ts +0 -30
- package/dist/server/implementation/device.d.ts.map +0 -1
- package/dist/server/implementation/device.js +0 -135
- package/dist/server/implementation/device.js.map +0 -1
- package/dist/server/implementation/index.d.ts +0 -870
- package/dist/server/implementation/index.d.ts.map +0 -1
- package/dist/server/implementation/index.js +0 -610
- package/dist/server/implementation/index.js.map +0 -1
- package/dist/server/implementation/keys.d.ts +0 -66
- package/dist/server/implementation/keys.d.ts.map +0 -1
- package/dist/server/implementation/keys.js.map +0 -1
- package/dist/server/implementation/mutations/account.d.ts +0 -27
- package/dist/server/implementation/mutations/account.d.ts.map +0 -1
- package/dist/server/implementation/mutations/account.js +0 -39
- package/dist/server/implementation/mutations/account.js.map +0 -1
- package/dist/server/implementation/mutations/code.d.ts +0 -29
- package/dist/server/implementation/mutations/code.d.ts.map +0 -1
- package/dist/server/implementation/mutations/code.js.map +0 -1
- package/dist/server/implementation/mutations/index.d.ts +0 -310
- package/dist/server/implementation/mutations/index.d.ts.map +0 -1
- package/dist/server/implementation/mutations/index.js +0 -70
- package/dist/server/implementation/mutations/index.js.map +0 -1
- package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
- package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/implementation/mutations/invalidate.js +0 -29
- package/dist/server/implementation/mutations/invalidate.js.map +0 -1
- package/dist/server/implementation/mutations/oauth.d.ts +0 -23
- package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
- package/dist/server/implementation/mutations/oauth.js +0 -51
- package/dist/server/implementation/mutations/oauth.js.map +0 -1
- package/dist/server/implementation/mutations/refresh.d.ts +0 -20
- package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
- package/dist/server/implementation/mutations/refresh.js +0 -85
- package/dist/server/implementation/mutations/refresh.js.map +0 -1
- package/dist/server/implementation/mutations/register.d.ts +0 -37
- package/dist/server/implementation/mutations/register.d.ts.map +0 -1
- package/dist/server/implementation/mutations/register.js +0 -65
- package/dist/server/implementation/mutations/register.js.map +0 -1
- package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
- package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/implementation/mutations/retrieve.js +0 -50
- package/dist/server/implementation/mutations/retrieve.js.map +0 -1
- package/dist/server/implementation/mutations/signature.d.ts +0 -19
- package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signature.js +0 -27
- package/dist/server/implementation/mutations/signature.js.map +0 -1
- package/dist/server/implementation/mutations/signin.d.ts +0 -21
- package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signin.js.map +0 -1
- package/dist/server/implementation/mutations/signout.d.ts +0 -14
- package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signout.js +0 -27
- package/dist/server/implementation/mutations/signout.js.map +0 -1
- package/dist/server/implementation/mutations/store.d.ts +0 -11
- package/dist/server/implementation/mutations/store.d.ts.map +0 -1
- package/dist/server/implementation/mutations/store.js +0 -12
- package/dist/server/implementation/mutations/store.js.map +0 -1
- package/dist/server/implementation/mutations/verifier.d.ts +0 -11
- package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verifier.js +0 -16
- package/dist/server/implementation/mutations/verifier.js.map +0 -1
- package/dist/server/implementation/mutations/verify.d.ts +0 -25
- package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verify.js +0 -105
- package/dist/server/implementation/mutations/verify.js.map +0 -1
- package/dist/server/implementation/passkey.d.ts +0 -24
- package/dist/server/implementation/passkey.d.ts.map +0 -1
- package/dist/server/implementation/passkey.js +0 -307
- package/dist/server/implementation/passkey.js.map +0 -1
- package/dist/server/implementation/provider.d.ts +0 -10
- package/dist/server/implementation/provider.d.ts.map +0 -1
- package/dist/server/implementation/provider.js +0 -19
- package/dist/server/implementation/provider.js.map +0 -1
- package/dist/server/implementation/ratelimit.d.ts +0 -10
- package/dist/server/implementation/ratelimit.d.ts.map +0 -1
- package/dist/server/implementation/ratelimit.js +0 -48
- package/dist/server/implementation/ratelimit.js.map +0 -1
- package/dist/server/implementation/redirects.d.ts +0 -10
- package/dist/server/implementation/redirects.d.ts.map +0 -1
- package/dist/server/implementation/redirects.js.map +0 -1
- package/dist/server/implementation/refresh.d.ts +0 -37
- package/dist/server/implementation/refresh.d.ts.map +0 -1
- package/dist/server/implementation/refresh.js +0 -109
- package/dist/server/implementation/refresh.js.map +0 -1
- package/dist/server/implementation/sessions.d.ts +0 -29
- package/dist/server/implementation/sessions.d.ts.map +0 -1
- package/dist/server/implementation/sessions.js.map +0 -1
- package/dist/server/implementation/signin.d.ts +0 -55
- package/dist/server/implementation/signin.d.ts.map +0 -1
- package/dist/server/implementation/signin.js +0 -148
- package/dist/server/implementation/signin.js.map +0 -1
- package/dist/server/implementation/tokens.d.ts +0 -11
- package/dist/server/implementation/tokens.d.ts.map +0 -1
- package/dist/server/implementation/tokens.js +0 -15
- package/dist/server/implementation/tokens.js.map +0 -1
- package/dist/server/implementation/totp.d.ts +0 -31
- package/dist/server/implementation/totp.d.ts.map +0 -1
- package/dist/server/implementation/totp.js +0 -142
- package/dist/server/implementation/totp.js.map +0 -1
- package/dist/server/implementation/types.d.ts +0 -189
- package/dist/server/implementation/types.d.ts.map +0 -1
- package/dist/server/implementation/types.js +0 -97
- package/dist/server/implementation/types.js.map +0 -1
- package/dist/server/implementation/users.d.ts +0 -30
- package/dist/server/implementation/users.d.ts.map +0 -1
- package/dist/server/implementation/users.js.map +0 -1
- package/dist/server/implementation/utils.d.ts +0 -19
- package/dist/server/implementation/utils.d.ts.map +0 -1
- package/dist/server/implementation/utils.js +0 -56
- package/dist/server/implementation/utils.js.map +0 -1
- package/dist/server/index.d.ts.map +0 -1
- package/dist/server/index.js.map +0 -1
- package/dist/server/oauth.d.ts.map +0 -1
- package/dist/server/providers.d.ts +0 -72
- package/dist/server/providers.d.ts.map +0 -1
- package/dist/server/providers.js.map +0 -1
- package/dist/server/templates.d.ts.map +0 -1
- package/dist/server/utils.d.ts.map +0 -1
- package/dist/server/version.d.ts +0 -5
- package/dist/server/version.d.ts.map +0 -1
- package/dist/server/version.js +0 -6
- package/dist/server/version.js.map +0 -1
- package/src/cli/utils.ts +0 -248
- package/src/server/implementation/device.ts +0 -307
- package/src/server/implementation/index.ts +0 -1583
- package/src/server/implementation/mutations/account.ts +0 -50
- package/src/server/implementation/mutations/index.ts +0 -157
- package/src/server/implementation/mutations/invalidate.ts +0 -42
- package/src/server/implementation/mutations/oauth.ts +0 -73
- package/src/server/implementation/mutations/refresh.ts +0 -175
- package/src/server/implementation/mutations/register.ts +0 -100
- package/src/server/implementation/mutations/retrieve.ts +0 -79
- package/src/server/implementation/mutations/signature.ts +0 -39
- package/src/server/implementation/mutations/signout.ts +0 -35
- package/src/server/implementation/mutations/store.ts +0 -7
- package/src/server/implementation/mutations/verifier.ts +0 -24
- package/src/server/implementation/mutations/verify.ts +0 -194
- package/src/server/implementation/passkey.ts +0 -620
- package/src/server/implementation/provider.ts +0 -36
- package/src/server/implementation/ratelimit.ts +0 -79
- package/src/server/implementation/refresh.ts +0 -172
- package/src/server/implementation/signin.ts +0 -296
- package/src/server/implementation/totp.ts +0 -342
- package/src/server/implementation/types.ts +0 -444
- package/src/server/implementation/utils.ts +0 -91
- package/src/server/version.ts +0 -2
package/dist/server/types.d.ts
CHANGED
|
@@ -1,14 +1,80 @@
|
|
|
1
1
|
import { OAuthProviderInstance } from "../providers/oauth.js";
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
2
|
+
import { CredentialsConfig } from "../providers/credentials.js";
|
|
3
|
+
import { Password } from "../providers/password.js";
|
|
4
|
+
import { Passkey } from "../providers/passkey.js";
|
|
5
|
+
import { Totp } from "../providers/totp.js";
|
|
6
|
+
import { Device } from "../providers/device.js";
|
|
7
|
+
import { SSO } from "../providers/sso.js";
|
|
8
|
+
import { Email } from "../providers/email.js";
|
|
9
|
+
import { Phone } from "../providers/phone.js";
|
|
10
|
+
import { vApiKeyDoc, vAuthVerifierDoc, vDeviceCodeDoc, vPasskeyDoc, vTotpFactorDoc } from "../component/model.js";
|
|
11
|
+
import { _default } from "../component/schema.js";
|
|
12
|
+
import { Anonymous } from "../providers/anonymous.js";
|
|
13
|
+
import { AnyDataModel, DataModelFromSchemaDefinition, DocumentByName, GenericActionCtx, GenericDataModel, GenericMutationCtx, GenericQueryCtx, TableNamesInDataModel } from "convex/server";
|
|
14
|
+
import { GenericId, Infer, Value } from "convex/values";
|
|
5
15
|
import * as arctic0 from "arctic";
|
|
6
16
|
|
|
7
17
|
//#region src/server/types.d.ts
|
|
8
|
-
/**
|
|
18
|
+
/**
|
|
19
|
+
* A value that is either `T` or a `PromiseLike<T>`.
|
|
20
|
+
*
|
|
21
|
+
* @typeParam T - The underlying value type.
|
|
22
|
+
*/
|
|
9
23
|
type Awaitable<T> = T | PromiseLike<T>;
|
|
10
24
|
/**
|
|
11
|
-
*
|
|
25
|
+
* A single role definition within the authorization config.
|
|
26
|
+
*
|
|
27
|
+
* Each role has an optional human-readable label and a list of grant strings
|
|
28
|
+
* that members with this role receive.
|
|
29
|
+
*
|
|
30
|
+
* @see {@link AuthAuthorizationConfig}
|
|
31
|
+
*/
|
|
32
|
+
type AuthRoleDefinition = {
|
|
33
|
+
/** Optional stable identifier (defaults to the record key). */id?: string; /** Human-readable label for admin UIs. */
|
|
34
|
+
label?: string; /** Permission grant strings conferred by this role. */
|
|
35
|
+
grants: string[];
|
|
36
|
+
};
|
|
37
|
+
/**
|
|
38
|
+
* Authorization configuration mapping role IDs to {@link AuthRoleDefinition}s.
|
|
39
|
+
*
|
|
40
|
+
* Passed as `authorization.roles` in {@link ConvexAuthConfig}.
|
|
41
|
+
*
|
|
42
|
+
* @see {@link AuthRoleDefinition}
|
|
43
|
+
* @see {@link ConvexAuthConfig}
|
|
44
|
+
*/
|
|
45
|
+
type AuthAuthorizationConfig = {
|
|
46
|
+
roles: Record<string, AuthRoleDefinition>;
|
|
47
|
+
};
|
|
48
|
+
/**
|
|
49
|
+
* Extracts the union of role ID strings from an authorization config.
|
|
50
|
+
*
|
|
51
|
+
* When `TAuthorization` is defined, this resolves to the literal key union
|
|
52
|
+
* of the `roles` record. Otherwise falls back to `string`.
|
|
53
|
+
*
|
|
54
|
+
* @typeParam TAuthorization - The authorization config type, or `undefined`.
|
|
55
|
+
*
|
|
56
|
+
* @see {@link AuthGrant}
|
|
57
|
+
*/
|
|
58
|
+
type AuthRoleId<TAuthorization extends AuthAuthorizationConfig | undefined> = TAuthorization extends {
|
|
59
|
+
roles: infer TRoles extends Record<string, any>;
|
|
60
|
+
} ? keyof TRoles & string : string;
|
|
61
|
+
/**
|
|
62
|
+
* Extracts the union of grant strings from all roles in an authorization config.
|
|
63
|
+
*
|
|
64
|
+
* When `TAuthorization` is defined, this resolves to the literal union
|
|
65
|
+
* of all `grants` array elements across every role. Otherwise falls back to `string`.
|
|
66
|
+
*
|
|
67
|
+
* @typeParam TAuthorization - The authorization config type, or `undefined`.
|
|
68
|
+
*
|
|
69
|
+
* @see {@link AuthRoleId}
|
|
70
|
+
*/
|
|
71
|
+
type AuthGrant<TAuthorization extends AuthAuthorizationConfig | undefined> = TAuthorization extends {
|
|
72
|
+
roles: infer TRoles extends Record<string, {
|
|
73
|
+
grants: readonly any[];
|
|
74
|
+
}>;
|
|
75
|
+
} ? TRoles[keyof TRoles]["grants"][number] & string : string;
|
|
76
|
+
/**
|
|
77
|
+
* The config for the Convex Auth library, passed to `createAuth`.
|
|
12
78
|
*/
|
|
13
79
|
type ConvexAuthConfig = {
|
|
14
80
|
/**
|
|
@@ -33,12 +99,16 @@ type ConvexAuthConfig = {
|
|
|
33
99
|
* How long can a user session last without the user reauthenticating.
|
|
34
100
|
*
|
|
35
101
|
* Defaults to 30 days.
|
|
102
|
+
*
|
|
103
|
+
* @defaultValue 2_592_000_000
|
|
36
104
|
*/
|
|
37
105
|
totalDurationMs?: number;
|
|
38
106
|
/**
|
|
39
107
|
* How long can a user session last without the user being active.
|
|
40
108
|
*
|
|
41
109
|
* Defaults to 30 days.
|
|
110
|
+
*
|
|
111
|
+
* @defaultValue 2_592_000_000
|
|
42
112
|
*/
|
|
43
113
|
inactiveDurationMs?: number;
|
|
44
114
|
};
|
|
@@ -50,6 +120,8 @@ type ConvexAuthConfig = {
|
|
|
50
120
|
* How long is the JWT valid for after it is signed initially.
|
|
51
121
|
*
|
|
52
122
|
* Defaults to 1 hour.
|
|
123
|
+
*
|
|
124
|
+
* @defaultValue 3_600_000
|
|
53
125
|
*/
|
|
54
126
|
durationMs?: number;
|
|
55
127
|
};
|
|
@@ -63,63 +135,11 @@ type ConvexAuthConfig = {
|
|
|
63
135
|
*
|
|
64
136
|
* Defaults to 10 times per hour (that is 10 failed attempts, and then
|
|
65
137
|
* allow another one every 6 minutes).
|
|
138
|
+
*
|
|
139
|
+
* @defaultValue 10
|
|
66
140
|
*/
|
|
67
|
-
|
|
141
|
+
maxFailedAttemptsPerHour?: number;
|
|
68
142
|
};
|
|
69
|
-
/**
|
|
70
|
-
* API key configuration for programmatic access.
|
|
71
|
-
*
|
|
72
|
-
* Enables `auth.key.*` helpers for creating, verifying, and managing
|
|
73
|
-
* API keys with scoped permissions and optional per-key rate limiting.
|
|
74
|
-
*/
|
|
75
|
-
apiKeys?: ApiKeyConfig;
|
|
76
|
-
/**
|
|
77
|
-
* Email transport configuration.
|
|
78
|
-
*
|
|
79
|
-
* Required for magic link authentication.
|
|
80
|
-
* The library generates email content (subject, styled HTML); you
|
|
81
|
-
* provide the delivery mechanism — Resend, SendGrid, SES, Postmark,
|
|
82
|
-
* or any other provider.
|
|
83
|
-
*
|
|
84
|
-
* When configured, a magic link email provider (`id: "email"`) is
|
|
85
|
-
* auto-registered — no need to add a separate Auth.js email provider
|
|
86
|
-
* to `providers`.
|
|
87
|
-
*
|
|
88
|
-
* Works seamlessly with the `@convex-dev/resend` Convex component:
|
|
89
|
-
*
|
|
90
|
-
* ```ts
|
|
91
|
-
* import { Resend } from "@convex-dev/resend";
|
|
92
|
-
*
|
|
93
|
-
* const resend = new Resend(components.resend, { testMode: false });
|
|
94
|
-
*
|
|
95
|
-
* const auth = new Auth(components.auth, {
|
|
96
|
-
* providers: [google],
|
|
97
|
-
* email: {
|
|
98
|
-
* from: "My App <noreply@example.com>",
|
|
99
|
-
* send: (ctx, params) => resend.sendEmail(ctx, params),
|
|
100
|
-
* },
|
|
101
|
-
* });
|
|
102
|
-
* ```
|
|
103
|
-
*
|
|
104
|
-
* Or with any email API directly:
|
|
105
|
-
*
|
|
106
|
-
* ```ts
|
|
107
|
-
* email: {
|
|
108
|
-
* from: "My App <noreply@example.com>",
|
|
109
|
-
* send: async (_ctx, { from, to, subject, html }) => {
|
|
110
|
-
* await fetch("https://api.resend.com/emails", {
|
|
111
|
-
* method: "POST",
|
|
112
|
-
* headers: {
|
|
113
|
-
* Authorization: `Bearer ${process.env.AUTH_RESEND_KEY}`,
|
|
114
|
-
* "Content-Type": "application/json",
|
|
115
|
-
* },
|
|
116
|
-
* body: JSON.stringify({ from, to, subject, html }),
|
|
117
|
-
* });
|
|
118
|
-
* },
|
|
119
|
-
* },
|
|
120
|
-
* ```
|
|
121
|
-
*/
|
|
122
|
-
email?: EmailTransport;
|
|
123
143
|
/**
|
|
124
144
|
* Lifecycle callbacks for customizing sign-in behavior.
|
|
125
145
|
*
|
|
@@ -132,20 +152,21 @@ type ConvexAuthConfig = {
|
|
|
132
152
|
* Control which URLs are allowed as a destination after OAuth sign-in
|
|
133
153
|
* and for magic links:
|
|
134
154
|
*
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
155
|
+
* ```ts
|
|
156
|
+
* import { createAuth } from "@robelest/convex-auth/component";
|
|
157
|
+
* import { components } from "./_generated/api";
|
|
158
|
+
*
|
|
159
|
+
* const auth = createAuth(components.auth, {
|
|
160
|
+
* providers: [google],
|
|
161
|
+
* callbacks: {
|
|
162
|
+
* async redirect({ redirectTo }) {
|
|
163
|
+
* // Check that redirectTo is valid
|
|
164
|
+
* // and return the relative or absolute URL
|
|
165
|
+
* // to redirect to.
|
|
166
|
+
* },
|
|
167
|
+
* },
|
|
168
|
+
* });
|
|
169
|
+
* ```
|
|
149
170
|
*
|
|
150
171
|
* Convex Auth performs redirect only during OAuth sign-in. By default,
|
|
151
172
|
* it redirects back to the URL specified via the `SITE_URL` environment
|
|
@@ -186,7 +207,7 @@ type ConvexAuthConfig = {
|
|
|
186
207
|
* If this is a sign-in to an existing account,
|
|
187
208
|
* this is the existing user ID linked to that account.
|
|
188
209
|
*/
|
|
189
|
-
existingUserId: GenericId<"
|
|
210
|
+
existingUserId: GenericId<"User"> | null;
|
|
190
211
|
/**
|
|
191
212
|
* The provider type or "verification" if this callback is called
|
|
192
213
|
* after an email or phone token verification.
|
|
@@ -214,7 +235,7 @@ type ConvexAuthConfig = {
|
|
|
214
235
|
* The `shouldLink` argument passed to `createAccount`.
|
|
215
236
|
*/
|
|
216
237
|
shouldLink?: boolean;
|
|
217
|
-
}) => Promise<GenericId<"
|
|
238
|
+
}) => Promise<GenericId<"User">>;
|
|
218
239
|
/**
|
|
219
240
|
* Perform additional writes after a user is created.
|
|
220
241
|
*
|
|
@@ -233,12 +254,12 @@ type ConvexAuthConfig = {
|
|
|
233
254
|
/**
|
|
234
255
|
* The ID of the user that is being signed in.
|
|
235
256
|
*/
|
|
236
|
-
userId: GenericId<"
|
|
257
|
+
userId: GenericId<"User">;
|
|
237
258
|
/**
|
|
238
259
|
* If this is a sign-in to an existing account,
|
|
239
260
|
* this is the existing user ID linked to that account.
|
|
240
261
|
*/
|
|
241
|
-
existingUserId: GenericId<"
|
|
262
|
+
existingUserId: GenericId<"User"> | null;
|
|
242
263
|
/**
|
|
243
264
|
* The provider type or "verification" if this callback is called
|
|
244
265
|
* after an email or phone token verification.
|
|
@@ -268,6 +289,15 @@ type ConvexAuthConfig = {
|
|
|
268
289
|
shouldLink?: boolean;
|
|
269
290
|
}) => Promise<void>;
|
|
270
291
|
};
|
|
292
|
+
/**
|
|
293
|
+
* Application-defined role and grant model used by membership access checks.
|
|
294
|
+
*/
|
|
295
|
+
authorization?: {
|
|
296
|
+
roles: Record<string, {
|
|
297
|
+
label?: string;
|
|
298
|
+
grants: string[];
|
|
299
|
+
}>;
|
|
300
|
+
};
|
|
271
301
|
};
|
|
272
302
|
/**
|
|
273
303
|
* Union of all supported auth provider config types.
|
|
@@ -277,9 +307,105 @@ type ConvexAuthConfig = {
|
|
|
277
307
|
* (WebAuthn), and TOTP (2FA). Each can be passed as a config object
|
|
278
308
|
* or a factory function.
|
|
279
309
|
*/
|
|
280
|
-
type AuthProviderConfig = OAuthProviderInstance | OAuthMaterializedConfig | ConvexCredentialsConfig | ((...args: any) => ConvexCredentialsConfig) | EmailConfig | ((...args: any) => EmailConfig) | PhoneConfig | ((...args: any) => PhoneConfig) | PasskeyProviderConfig | ((...args: any) => PasskeyProviderConfig) | TotpProviderConfig | ((...args: any) => TotpProviderConfig) | DeviceProviderConfig | ((...args: any) => DeviceProviderConfig);
|
|
310
|
+
type AuthProviderConfig = OAuthProviderInstance | Password | Passkey | Totp | Anonymous | Device | SSO | Email | Phone | OAuthMaterializedConfig | ConvexCredentialsConfig | ((...args: any) => ConvexCredentialsConfig) | EmailConfig | ((...args: any) => EmailConfig) | PhoneConfig | ((...args: any) => PhoneConfig) | PasskeyProviderConfig | ((...args: any) => PasskeyProviderConfig) | TotpProviderConfig | ((...args: any) => TotpProviderConfig) | DeviceProviderConfig | ((...args: any) => DeviceProviderConfig) | SSOProviderConfig;
|
|
311
|
+
/**
|
|
312
|
+
* Minimal config stored for the SSO provider at runtime.
|
|
313
|
+
* No options — enterprise configuration is entirely per-tenant runtime state.
|
|
314
|
+
*/
|
|
315
|
+
interface SSOProviderConfig {
|
|
316
|
+
id: string;
|
|
317
|
+
type: "sso";
|
|
318
|
+
}
|
|
319
|
+
/**
|
|
320
|
+
* Account linking strategy for enterprise SSO sign-in.
|
|
321
|
+
*
|
|
322
|
+
* - `"verifiedEmail"` — link accounts when the IdP-provided email matches a verified email on an existing user.
|
|
323
|
+
* - `"none"` — never auto-link; always create a new account.
|
|
324
|
+
*/
|
|
325
|
+
type EnterpriseAccountLinkingPolicy = "verifiedEmail" | "none";
|
|
326
|
+
/**
|
|
327
|
+
* Policy for reusing existing users during SCIM provisioning.
|
|
328
|
+
*
|
|
329
|
+
* - `"externalId"` — match by the SCIM `externalId` to reuse a previously provisioned user.
|
|
330
|
+
* - `"none"` — always create a new user for each SCIM provision request.
|
|
331
|
+
*/
|
|
332
|
+
type EnterpriseScimReuseUserPolicy = "externalId" | "none";
|
|
333
|
+
/**
|
|
334
|
+
* Just-in-time provisioning mode for enterprise SSO.
|
|
335
|
+
*
|
|
336
|
+
* - `"off"` — no JIT provisioning; users must be pre-provisioned.
|
|
337
|
+
* - `"createUser"` — create a user record on first SSO sign-in.
|
|
338
|
+
* - `"createUserAndMembership"` — create a user and add them to the enterprise group on first SSO sign-in.
|
|
339
|
+
*/
|
|
340
|
+
type EnterpriseJitProvisioningMode = "off" | "createUser" | "createUserAndMembership";
|
|
341
|
+
/**
|
|
342
|
+
* Deprovisioning strategy when a SCIM user is deleted.
|
|
343
|
+
*
|
|
344
|
+
* - `"soft"` — mark the user as inactive but preserve the record.
|
|
345
|
+
* - `"hard"` — permanently delete the user and associated data.
|
|
346
|
+
*/
|
|
347
|
+
type EnterpriseDeprovisionMode = "soft" | "hard";
|
|
348
|
+
/**
|
|
349
|
+
* Effective enterprise policy document stored for an SSO/SCIM tenant.
|
|
350
|
+
*
|
|
351
|
+
* Controls account linking, JIT provisioning, SCIM reuse behavior,
|
|
352
|
+
* deprovisioning, and any app-defined extension metadata.
|
|
353
|
+
*
|
|
354
|
+
* @see {@link EnterprisePolicyPatch}
|
|
355
|
+
*/
|
|
356
|
+
interface EnterprisePolicy {
|
|
357
|
+
version: 1;
|
|
358
|
+
identity: {
|
|
359
|
+
accountLinking: {
|
|
360
|
+
oidc: EnterpriseAccountLinkingPolicy;
|
|
361
|
+
saml: EnterpriseAccountLinkingPolicy;
|
|
362
|
+
};
|
|
363
|
+
};
|
|
364
|
+
provisioning: {
|
|
365
|
+
scimReuse: {
|
|
366
|
+
user: EnterpriseScimReuseUserPolicy;
|
|
367
|
+
};
|
|
368
|
+
jit: {
|
|
369
|
+
mode: EnterpriseJitProvisioningMode;
|
|
370
|
+
defaultRoleIds: string[];
|
|
371
|
+
};
|
|
372
|
+
deprovision: {
|
|
373
|
+
mode: EnterpriseDeprovisionMode;
|
|
374
|
+
};
|
|
375
|
+
};
|
|
376
|
+
extend?: Record<string, unknown>;
|
|
377
|
+
}
|
|
378
|
+
/**
|
|
379
|
+
* Partial update payload for {@link EnterprisePolicy}.
|
|
380
|
+
*
|
|
381
|
+
* Use this when patching only selected enterprise policy sections without
|
|
382
|
+
* replacing the entire stored policy document.
|
|
383
|
+
*/
|
|
384
|
+
interface EnterprisePolicyPatch {
|
|
385
|
+
identity?: {
|
|
386
|
+
accountLinking?: {
|
|
387
|
+
oidc?: EnterpriseAccountLinkingPolicy;
|
|
388
|
+
saml?: EnterpriseAccountLinkingPolicy;
|
|
389
|
+
};
|
|
390
|
+
};
|
|
391
|
+
provisioning?: {
|
|
392
|
+
scimReuse?: {
|
|
393
|
+
user?: EnterpriseScimReuseUserPolicy;
|
|
394
|
+
};
|
|
395
|
+
jit?: {
|
|
396
|
+
mode?: EnterpriseJitProvisioningMode;
|
|
397
|
+
defaultRoleIds?: string[];
|
|
398
|
+
};
|
|
399
|
+
deprovision?: {
|
|
400
|
+
mode?: EnterpriseDeprovisionMode;
|
|
401
|
+
};
|
|
402
|
+
};
|
|
403
|
+
extend?: Record<string, unknown>;
|
|
404
|
+
}
|
|
281
405
|
/**
|
|
282
406
|
* Email provider config for magic link / OTP sign-in.
|
|
407
|
+
*
|
|
408
|
+
* @typeParam DataModel - The Convex data model for typed action contexts.
|
|
283
409
|
*/
|
|
284
410
|
interface EmailConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
285
411
|
/** Provider identifier (e.g. `"email"`, `"resend"`). */
|
|
@@ -290,7 +416,11 @@ interface EmailConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
|
290
416
|
name?: string;
|
|
291
417
|
/** Sender address (e.g. `"My App <noreply@example.com>"`). */
|
|
292
418
|
from?: string;
|
|
293
|
-
/**
|
|
419
|
+
/**
|
|
420
|
+
* Token expiration in seconds. Defaults to 86 400 (24 hours).
|
|
421
|
+
*
|
|
422
|
+
* @defaultValue 86400
|
|
423
|
+
*/
|
|
294
424
|
maxAge?: number;
|
|
295
425
|
/**
|
|
296
426
|
* Send the verification token to the user.
|
|
@@ -328,17 +458,23 @@ interface EmailConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
|
328
458
|
/**
|
|
329
459
|
* The values passed to the `signIn` function.
|
|
330
460
|
*/
|
|
331
|
-
params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "
|
|
461
|
+
params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "Account">) => Promise<void>;
|
|
332
462
|
/** Raw user options before merging with defaults. */
|
|
333
463
|
options: EmailUserConfig<DataModel>;
|
|
334
464
|
}
|
|
335
465
|
/**
|
|
336
|
-
*
|
|
466
|
+
* User-facing configuration shape accepted by the email provider.
|
|
467
|
+
*
|
|
468
|
+
* Equivalent to `Partial<EmailConfig>` without internal runtime-only fields.
|
|
469
|
+
*
|
|
470
|
+
* @typeParam DataModel - The Convex data model.
|
|
337
471
|
*/
|
|
338
472
|
type EmailUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<EmailConfig<DataModel>>, "options" | "type">;
|
|
339
473
|
/**
|
|
340
474
|
* Same as email provider config, but verifies
|
|
341
475
|
* phone number instead of the email address.
|
|
476
|
+
*
|
|
477
|
+
* @typeParam DataModel - The Convex data model for typed action contexts.
|
|
342
478
|
*/
|
|
343
479
|
interface PhoneConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
344
480
|
id: string;
|
|
@@ -387,17 +523,21 @@ interface PhoneConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
|
387
523
|
/**
|
|
388
524
|
* The values passed to the `signIn` function.
|
|
389
525
|
*/
|
|
390
|
-
params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "
|
|
526
|
+
params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "Account">) => Promise<void>;
|
|
391
527
|
options: PhoneUserConfig<DataModel>;
|
|
392
528
|
}
|
|
393
529
|
/**
|
|
394
|
-
*
|
|
530
|
+
* User-facing configuration shape accepted by the phone provider.
|
|
531
|
+
*
|
|
532
|
+
* Equivalent to `Partial<PhoneConfig>` without internal runtime-only fields.
|
|
533
|
+
*
|
|
534
|
+
* @typeParam DataModel - The Convex data model.
|
|
395
535
|
*/
|
|
396
536
|
type PhoneUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<PhoneConfig<DataModel>>, "options" | "type">;
|
|
397
537
|
/**
|
|
398
|
-
*
|
|
538
|
+
* Credentials provider config used by Convex Auth.
|
|
399
539
|
*/
|
|
400
|
-
type ConvexCredentialsConfig =
|
|
540
|
+
type ConvexCredentialsConfig = CredentialsConfig<any> & {
|
|
401
541
|
type: "credentials";
|
|
402
542
|
id: string;
|
|
403
543
|
};
|
|
@@ -410,12 +550,37 @@ interface PasskeyProviderConfig {
|
|
|
410
550
|
options: {
|
|
411
551
|
/** Relying Party display name. Defaults to SITE_URL hostname. */rpName?: string; /** Relying Party ID (hostname). Defaults to SITE_URL hostname. */
|
|
412
552
|
rpId?: string; /** Allowed origins for credential verification. Defaults to SITE_URL. */
|
|
413
|
-
origin?: string | string[];
|
|
414
|
-
|
|
415
|
-
|
|
553
|
+
origin?: string | string[];
|
|
554
|
+
/**
|
|
555
|
+
* Attestation conveyance preference. Defaults to "none".
|
|
556
|
+
*
|
|
557
|
+
* @defaultValue "none"
|
|
558
|
+
*/
|
|
559
|
+
attestation?: "none" | "direct";
|
|
560
|
+
/**
|
|
561
|
+
* User verification requirement. Defaults to "required".
|
|
562
|
+
*
|
|
563
|
+
* @defaultValue "required"
|
|
564
|
+
*/
|
|
565
|
+
userVerification?: "required" | "preferred" | "discouraged";
|
|
566
|
+
/**
|
|
567
|
+
* Resident key (discoverable credential) preference. Defaults to "preferred".
|
|
568
|
+
*
|
|
569
|
+
* @defaultValue "preferred"
|
|
570
|
+
*/
|
|
416
571
|
residentKey?: "required" | "preferred" | "discouraged"; /** Restrict to platform or cross-platform authenticators. */
|
|
417
|
-
authenticatorAttachment?: "platform" | "cross-platform";
|
|
418
|
-
|
|
572
|
+
authenticatorAttachment?: "platform" | "cross-platform";
|
|
573
|
+
/**
|
|
574
|
+
* Supported COSE algorithms. Defaults to [-7 (ES256), -257 (RS256)].
|
|
575
|
+
*
|
|
576
|
+
* @defaultValue [-7, -257]
|
|
577
|
+
*/
|
|
578
|
+
algorithms?: number[];
|
|
579
|
+
/**
|
|
580
|
+
* Challenge expiration in ms. Defaults to 300_000 (5 minutes).
|
|
581
|
+
*
|
|
582
|
+
* @defaultValue 300_000
|
|
583
|
+
*/
|
|
419
584
|
challengeExpirationMs?: number;
|
|
420
585
|
};
|
|
421
586
|
}
|
|
@@ -426,8 +591,18 @@ interface TotpProviderConfig {
|
|
|
426
591
|
id: string;
|
|
427
592
|
type: "totp";
|
|
428
593
|
options: {
|
|
429
|
-
/** Issuer name shown in authenticator apps (e.g. "My App"). */issuer: string;
|
|
430
|
-
|
|
594
|
+
/** Issuer name shown in authenticator apps (e.g. "My App"). */issuer: string;
|
|
595
|
+
/**
|
|
596
|
+
* Number of digits in each code (default: 6).
|
|
597
|
+
*
|
|
598
|
+
* @defaultValue 6
|
|
599
|
+
*/
|
|
600
|
+
digits: number;
|
|
601
|
+
/**
|
|
602
|
+
* Time period in seconds for code rotation (default: 30).
|
|
603
|
+
*
|
|
604
|
+
* @defaultValue 30
|
|
605
|
+
*/
|
|
431
606
|
period: number;
|
|
432
607
|
};
|
|
433
608
|
}
|
|
@@ -444,18 +619,6 @@ interface OAuthProfile {
|
|
|
444
619
|
/** Additional claims from the ID token or userinfo endpoint. */
|
|
445
620
|
[key: string]: unknown;
|
|
446
621
|
}
|
|
447
|
-
/**
|
|
448
|
-
* Internal config shape for an OAuth provider after normalization.
|
|
449
|
-
*
|
|
450
|
-
* This is what the OAuth flow code receives — it maps to the user-facing
|
|
451
|
-
* `OAuthConfig` from `@robelest/convex-auth/providers`.
|
|
452
|
-
*/
|
|
453
|
-
interface OAuthProviderConfig {
|
|
454
|
-
/** OAuth scopes to request. */
|
|
455
|
-
scopes?: string[];
|
|
456
|
-
/** User-provided profile extraction callback. */
|
|
457
|
-
profile?: (tokens: arctic0.OAuth2Tokens) => Promise<OAuthProfile>;
|
|
458
|
-
}
|
|
459
622
|
/** Credentials identifying a provider account (e.g. email + hashed password). */
|
|
460
623
|
type AuthAccountCredentials = {
|
|
461
624
|
/** Provider-specific account identifier (e.g. email address). */id: string; /** Optional secret (e.g. hashed password). */
|
|
@@ -489,37 +652,89 @@ type AuthUpdateAccountArgs = {
|
|
|
489
652
|
};
|
|
490
653
|
/** Arguments for `auth.session.invalidate()`. */
|
|
491
654
|
type AuthInvalidateSessionsArgs = {
|
|
492
|
-
userId: GenericId<"
|
|
493
|
-
except?: GenericId<"
|
|
655
|
+
userId: GenericId<"User">;
|
|
656
|
+
except?: GenericId<"Session">[];
|
|
494
657
|
};
|
|
495
658
|
/** Arguments for `auth.provider.signIn()`. */
|
|
496
659
|
type AuthProviderSignInArgs = {
|
|
497
|
-
accountId?: GenericId<"
|
|
660
|
+
accountId?: GenericId<"Account">;
|
|
498
661
|
params?: Record<string, Value | undefined>;
|
|
499
662
|
};
|
|
500
663
|
/** Return type of `auth.provider.signIn()` — user and session IDs, or `null` on failure. */
|
|
501
664
|
type AuthProviderSignInResult = {
|
|
502
|
-
userId: GenericId<"
|
|
503
|
-
sessionId: GenericId<"
|
|
665
|
+
userId: GenericId<"User">;
|
|
666
|
+
sessionId: GenericId<"Session">;
|
|
504
667
|
} | null;
|
|
505
|
-
/**
|
|
668
|
+
/** Arguments for `auth.member.resolve()`. */
|
|
669
|
+
type AuthMemberResolveArgs = {
|
|
670
|
+
userId: GenericId<"User">;
|
|
671
|
+
groupId: GenericId<"Group">;
|
|
672
|
+
ancestry?: boolean;
|
|
673
|
+
roleIds?: string[];
|
|
674
|
+
grants?: string[];
|
|
675
|
+
maxDepth?: number;
|
|
676
|
+
};
|
|
677
|
+
/** Result of `auth.member.resolve()` — membership check with role and grant details. */
|
|
678
|
+
type AuthMemberResolveResult = {
|
|
679
|
+
ok: boolean;
|
|
680
|
+
membership: GenericDoc<GenericDataModel, "GroupMember"> | null;
|
|
681
|
+
matchedGroupId: GenericId<"Group"> | null;
|
|
682
|
+
roleIds: string[];
|
|
683
|
+
grants: string[];
|
|
684
|
+
missingGrants: string[];
|
|
685
|
+
depth: number | null;
|
|
686
|
+
isDirect: boolean;
|
|
687
|
+
isInherited: boolean;
|
|
688
|
+
traversedGroupIds: GenericId<"Group">[];
|
|
689
|
+
code?: "INVALID_ROLE_IDS";
|
|
690
|
+
invalidRoleIds?: string[];
|
|
691
|
+
};
|
|
692
|
+
/**
|
|
693
|
+
* Server-side auth helper methods injected into `ctx.auth` within provider actions.
|
|
694
|
+
*
|
|
695
|
+
* Provides programmatic access to account management, session lifecycle,
|
|
696
|
+
* membership resolution, and provider sign-in from within Convex actions
|
|
697
|
+
* that use {@link GenericActionCtxWithAuthConfig}.
|
|
698
|
+
*
|
|
699
|
+
* @see {@link GenericActionCtxWithAuthConfig}
|
|
700
|
+
*
|
|
701
|
+
* @example
|
|
702
|
+
* ```ts
|
|
703
|
+
* // Inside a credentials provider's authorize callback:
|
|
704
|
+
* const { account, user } = await ctx.auth.account.get(ctx, {
|
|
705
|
+
* provider: "password",
|
|
706
|
+
* account: { id: email },
|
|
707
|
+
* });
|
|
708
|
+
* ```
|
|
709
|
+
*/
|
|
506
710
|
type AuthServerHelpers = {
|
|
507
|
-
account: {
|
|
711
|
+
/** Account management: create, retrieve, and update provider-linked accounts. */account: {
|
|
508
712
|
create: (ctx: GenericActionCtx<any>, args: AuthCreateAccountArgs) => Promise<{
|
|
509
|
-
|
|
510
|
-
|
|
713
|
+
ok: true;
|
|
714
|
+
account: GenericDoc<GenericDataModel, "Account">;
|
|
715
|
+
user: GenericDoc<GenericDataModel, "User">;
|
|
511
716
|
}>;
|
|
512
717
|
get: (ctx: GenericActionCtx<any>, args: AuthRetrieveAccountArgs) => Promise<{
|
|
513
|
-
account: GenericDoc<GenericDataModel, "
|
|
514
|
-
user: GenericDoc<GenericDataModel, "
|
|
718
|
+
account: GenericDoc<GenericDataModel, "Account">;
|
|
719
|
+
user: GenericDoc<GenericDataModel, "User">;
|
|
720
|
+
}>;
|
|
721
|
+
update: (ctx: GenericActionCtx<any>, args: AuthUpdateAccountArgs) => Promise<{
|
|
722
|
+
ok: true;
|
|
723
|
+
accountId: GenericId<"Account">;
|
|
515
724
|
}>;
|
|
516
|
-
update: (ctx: GenericActionCtx<any>, args: AuthUpdateAccountArgs) => Promise<void>;
|
|
517
725
|
};
|
|
518
726
|
session: {
|
|
519
727
|
current: (ctx: {
|
|
520
728
|
auth: GenericActionCtx<GenericDataModel>["auth"];
|
|
521
|
-
}) => Promise<GenericId<"
|
|
522
|
-
invalidate: (ctx: GenericActionCtx<any>, args: AuthInvalidateSessionsArgs) => Promise<
|
|
729
|
+
}) => Promise<GenericId<"Session"> | null>;
|
|
730
|
+
invalidate: (ctx: GenericActionCtx<any>, args: AuthInvalidateSessionsArgs) => Promise<{
|
|
731
|
+
ok: true;
|
|
732
|
+
userId: GenericId<"User">;
|
|
733
|
+
except: GenericId<"Session">[];
|
|
734
|
+
}>;
|
|
735
|
+
};
|
|
736
|
+
member: {
|
|
737
|
+
resolve: (ctx: GenericActionCtx<any>, args: AuthMemberResolveArgs) => Promise<AuthMemberResolveResult>;
|
|
523
738
|
};
|
|
524
739
|
provider: {
|
|
525
740
|
signIn: (ctx: GenericActionCtx<any>, provider: AuthProviderConfig, args: AuthProviderSignInArgs) => Promise<AuthProviderSignInResult>;
|
|
@@ -527,7 +742,9 @@ type AuthServerHelpers = {
|
|
|
527
742
|
};
|
|
528
743
|
/**
|
|
529
744
|
* Your `ActionCtx` enriched with `ctx.auth.config` field with
|
|
530
|
-
* the config passed to `
|
|
745
|
+
* the config passed to `createAuth`.
|
|
746
|
+
*
|
|
747
|
+
* @typeParam DataModel - The Convex data model.
|
|
531
748
|
*/
|
|
532
749
|
type GenericActionCtxWithAuthConfig<DataModel extends GenericDataModel> = GenericActionCtx<DataModel> & {
|
|
533
750
|
auth: GenericActionCtx<DataModel>["auth"] & {
|
|
@@ -535,34 +752,69 @@ type GenericActionCtxWithAuthConfig<DataModel extends GenericDataModel> = Generi
|
|
|
535
752
|
} & AuthServerHelpers;
|
|
536
753
|
};
|
|
537
754
|
/**
|
|
538
|
-
* The config for the Convex Auth library, passed to `
|
|
755
|
+
* The config for the Convex Auth library, passed to `createAuth`,
|
|
539
756
|
* with defaults and initialized providers.
|
|
540
757
|
*
|
|
541
758
|
* See {@link ConvexAuthConfig}
|
|
542
759
|
*/
|
|
543
760
|
type ConvexAuthMaterializedConfig = {
|
|
544
761
|
providers: AuthProviderMaterializedConfig[];
|
|
545
|
-
} & Pick<ConvexAuthConfig, "component" | "session" | "jwt" | "signIn" | "callbacks">;
|
|
762
|
+
} & Pick<ConvexAuthConfig, "component" | "session" | "jwt" | "signIn" | "callbacks" | "authorization">;
|
|
763
|
+
/**
|
|
764
|
+
* Maps SAML assertion attribute names to user profile fields.
|
|
765
|
+
*
|
|
766
|
+
* Use this to tell the SSO flow which SAML attributes correspond to
|
|
767
|
+
* the user's subject identifier, email, and display name fields.
|
|
768
|
+
*/
|
|
769
|
+
interface SAMLAttributeMapping {
|
|
770
|
+
/** SAML attribute for the unique subject identifier (NameID). */
|
|
771
|
+
subject?: string;
|
|
772
|
+
/** SAML attribute for the user's email address. */
|
|
773
|
+
email?: string;
|
|
774
|
+
/** SAML attribute for the user's full display name. */
|
|
775
|
+
name?: string;
|
|
776
|
+
/** SAML attribute for the user's first / given name. */
|
|
777
|
+
firstName?: string;
|
|
778
|
+
/** SAML attribute for the user's last / family name. */
|
|
779
|
+
lastName?: string;
|
|
780
|
+
}
|
|
546
781
|
/**
|
|
547
782
|
* Materialized OAuth provider config (Arctic-based).
|
|
548
783
|
*
|
|
549
784
|
* Carries the Arctic provider instance along with scopes and profile config.
|
|
550
|
-
|
|
785
|
+
* Produced by materializing an `OAuthProviderInstance` during `configDefaults`.
|
|
551
786
|
*/
|
|
552
787
|
interface OAuthMaterializedConfig {
|
|
788
|
+
/**
|
|
789
|
+
* Provider identifier (e.g. `"google"`, `"github"`).
|
|
790
|
+
* @readonly
|
|
791
|
+
*/
|
|
553
792
|
readonly id: string;
|
|
793
|
+
/**
|
|
794
|
+
* Discriminant for provider type routing.
|
|
795
|
+
* @readonly
|
|
796
|
+
*/
|
|
554
797
|
readonly type: "oauth";
|
|
555
|
-
/**
|
|
798
|
+
/**
|
|
799
|
+
* The Arctic provider instance.
|
|
800
|
+
* @readonly
|
|
801
|
+
*/
|
|
556
802
|
readonly provider: any;
|
|
557
|
-
/**
|
|
803
|
+
/**
|
|
804
|
+
* OAuth scopes to request.
|
|
805
|
+
* @readonly
|
|
806
|
+
*/
|
|
558
807
|
readonly scopes: string[];
|
|
559
|
-
/**
|
|
808
|
+
/**
|
|
809
|
+
* User-provided profile extraction callback.
|
|
810
|
+
* @readonly
|
|
811
|
+
*/
|
|
560
812
|
readonly profile?: (tokens: arctic0.OAuth2Tokens) => Promise<OAuthProfile>;
|
|
561
813
|
/**
|
|
562
|
-
*
|
|
563
|
-
*
|
|
814
|
+
* Account-linking policy for OAuth identities. Defaults to verified email linking.
|
|
815
|
+
* @readonly
|
|
564
816
|
*/
|
|
565
|
-
readonly
|
|
817
|
+
readonly accountLinking?: "verifiedEmail" | "none";
|
|
566
818
|
}
|
|
567
819
|
/**
|
|
568
820
|
* Device authorization provider config (RFC 8628).
|
|
@@ -592,49 +844,17 @@ interface DeviceProviderConfig {
|
|
|
592
844
|
/**
|
|
593
845
|
* Materialized auth provider config — the fully resolved form stored at runtime.
|
|
594
846
|
*/
|
|
595
|
-
type AuthProviderMaterializedConfig = OAuthMaterializedConfig | EmailConfig | PhoneConfig | ConvexCredentialsConfig | PasskeyProviderConfig | TotpProviderConfig | DeviceProviderConfig;
|
|
596
|
-
/**
|
|
597
|
-
* Email delivery parameters passed to `EmailTransport.send`.
|
|
598
|
-
*/
|
|
599
|
-
interface EmailMessage {
|
|
600
|
-
/** Sender address (from `email.from` in your Auth config). */
|
|
601
|
-
from: string;
|
|
602
|
-
/** Recipient email address. */
|
|
603
|
-
to: string;
|
|
604
|
-
/** Email subject line. */
|
|
605
|
-
subject: string;
|
|
606
|
-
/** HTML body content. */
|
|
607
|
-
html: string;
|
|
608
|
-
}
|
|
847
|
+
type AuthProviderMaterializedConfig = OAuthMaterializedConfig | EmailConfig | PhoneConfig | ConvexCredentialsConfig | PasskeyProviderConfig | TotpProviderConfig | DeviceProviderConfig | SSOProviderConfig;
|
|
609
848
|
/**
|
|
610
|
-
*
|
|
849
|
+
* Resolves to `true` when the providers list includes `SSO`, otherwise `false`.
|
|
611
850
|
*
|
|
612
|
-
*
|
|
613
|
-
*
|
|
851
|
+
* Used to make `auth.sso` conditionally present on the `createAuth`
|
|
852
|
+
* return type — it only appears when `new SSO()` is in the providers array.
|
|
614
853
|
*/
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
* Deliver an email. Called by the library for magic links.
|
|
620
|
-
*
|
|
621
|
-
* Receives the Convex action context as the first argument, enabling
|
|
622
|
-
* use with Convex components like `@convex-dev/resend`:
|
|
623
|
-
*
|
|
624
|
-
* ```ts
|
|
625
|
-
* send: (ctx, params) => resend.sendEmail(ctx, params)
|
|
626
|
-
* ```
|
|
627
|
-
*
|
|
628
|
-
* For plain HTTP email APIs, ignore the `ctx` parameter:
|
|
629
|
-
*
|
|
630
|
-
* ```ts
|
|
631
|
-
* send: async (_ctx, { from, to, subject, html }) => {
|
|
632
|
-
* await fetch("https://api.resend.com/emails", { ... });
|
|
633
|
-
* }
|
|
634
|
-
* ```
|
|
635
|
-
*/
|
|
636
|
-
send: (ctx: GenericActionCtx<any>, params: EmailMessage) => Promise<void>;
|
|
637
|
-
}
|
|
854
|
+
type HasSSO<P extends AuthProviderConfig[]> = SSO extends P[number] ? true : false;
|
|
855
|
+
type HasPasskeyProvider<P extends AuthProviderConfig[]> = Passkey extends P[number] ? true : false;
|
|
856
|
+
type HasTotpProvider<P extends AuthProviderConfig[]> = Totp extends P[number] ? true : false;
|
|
857
|
+
type HasDeviceProvider<P extends AuthProviderConfig[]> = Device extends P[number] ? true : false;
|
|
638
858
|
/**
|
|
639
859
|
* A single scope entry stored per API key.
|
|
640
860
|
* Uses a resource:action pattern for structured permissions.
|
|
@@ -664,41 +884,6 @@ interface ScopeChecker {
|
|
|
664
884
|
/** The raw scope entries from the key. */
|
|
665
885
|
scopes: KeyScope[];
|
|
666
886
|
}
|
|
667
|
-
/**
|
|
668
|
-
* Configuration for API key support on the Auth class.
|
|
669
|
-
*
|
|
670
|
-
* ```ts
|
|
671
|
-
* const auth = new Auth(components.auth, {
|
|
672
|
-
* providers: [github],
|
|
673
|
-
* apiKeys: {
|
|
674
|
-
* scopes: {
|
|
675
|
-
* users: ["read", "list", "create", "delete"],
|
|
676
|
-
* messages: ["read", "write"],
|
|
677
|
-
* },
|
|
678
|
-
* defaultRateLimit: { maxRequests: 1000, windowMs: 3600000 },
|
|
679
|
-
* },
|
|
680
|
-
* });
|
|
681
|
-
* ```
|
|
682
|
-
*/
|
|
683
|
-
interface ApiKeyConfig {
|
|
684
|
-
/**
|
|
685
|
-
* Define the available resource:action scopes for your API keys.
|
|
686
|
-
* Keys can only be created with scopes that are a subset of these.
|
|
687
|
-
*/
|
|
688
|
-
scopes?: Record<string, string[]>;
|
|
689
|
-
/**
|
|
690
|
-
* Default rate limit applied to new keys when not specified per-key.
|
|
691
|
-
* Uses a token-bucket algorithm.
|
|
692
|
-
*/
|
|
693
|
-
defaultRateLimit?: {
|
|
694
|
-
maxRequests: number;
|
|
695
|
-
windowMs: number;
|
|
696
|
-
};
|
|
697
|
-
/**
|
|
698
|
-
* Key prefix. Defaults to `"sk_live_"`.
|
|
699
|
-
*/
|
|
700
|
-
prefix?: string;
|
|
701
|
-
}
|
|
702
887
|
/**
|
|
703
888
|
* An API key record as returned by `auth.key.list()` and `auth.key.get()`.
|
|
704
889
|
* Never includes the raw key material — only the display prefix.
|
|
@@ -708,7 +893,7 @@ interface KeyRecord {
|
|
|
708
893
|
_id: string;
|
|
709
894
|
/** Owner user ID. */
|
|
710
895
|
userId: string;
|
|
711
|
-
/** Display prefix (e.g. `"
|
|
896
|
+
/** Display prefix (e.g. `"sk_abc1"`). Safe to show in UIs. */
|
|
712
897
|
prefix: string;
|
|
713
898
|
/** Human-readable name (e.g. "CI Pipeline"). */
|
|
714
899
|
name: string;
|
|
@@ -727,11 +912,16 @@ interface KeyRecord {
|
|
|
727
912
|
createdAt: number;
|
|
728
913
|
/** `true` when the key has been revoked (soft-deleted). */
|
|
729
914
|
revoked: boolean;
|
|
915
|
+
/** Arbitrary app-specific metadata attached to the key. */
|
|
916
|
+
metadata?: Record<string, unknown>;
|
|
730
917
|
}
|
|
731
918
|
/**
|
|
732
919
|
* Options for paginated list queries. Every entity list method uses this
|
|
733
920
|
* same shape with entity-specific `TWhere` and `TOrderBy` type parameters.
|
|
734
921
|
*
|
|
922
|
+
* @typeParam TWhere - The type of the optional filter object.
|
|
923
|
+
* @typeParam TOrderBy - The union of sortable field names.
|
|
924
|
+
*
|
|
735
925
|
* ```ts
|
|
736
926
|
* const result = await auth.group.list(ctx, {
|
|
737
927
|
* where: { type: "team" },
|
|
@@ -750,6 +940,8 @@ type ListOptions<TWhere extends Record<string, unknown>, TOrderBy extends string
|
|
|
750
940
|
};
|
|
751
941
|
/**
|
|
752
942
|
* Paginated list result returned by every entity list method.
|
|
943
|
+
*
|
|
944
|
+
* @typeParam T - The type of items in the result array.
|
|
753
945
|
*/
|
|
754
946
|
type ListResult<T> = {
|
|
755
947
|
/** The page of items. */items: T[]; /** Opaque cursor for the next page, or `null` when exhausted. */
|
|
@@ -785,15 +977,15 @@ type GroupWhere = {
|
|
|
785
977
|
};
|
|
786
978
|
/** Sortable fields for `auth.group.list()`. */
|
|
787
979
|
type GroupOrderBy = "_creationTime" | "name" | "slug" | "type";
|
|
788
|
-
/** Filter fields for `auth.
|
|
980
|
+
/** Filter fields for `auth.member.list()`. All optional. */
|
|
789
981
|
type MemberWhere = {
|
|
790
982
|
groupId?: string;
|
|
791
983
|
userId?: string;
|
|
792
|
-
|
|
984
|
+
roleId?: string;
|
|
793
985
|
status?: string;
|
|
794
986
|
};
|
|
795
|
-
/** Sortable fields for `auth.
|
|
796
|
-
type MemberOrderBy = "_creationTime" | "
|
|
987
|
+
/** Sortable fields for `auth.member.list()`. */
|
|
988
|
+
type MemberOrderBy = "_creationTime" | "status";
|
|
797
989
|
/** Filter fields for `auth.invite.list()`. All optional. */
|
|
798
990
|
type InviteWhere = {
|
|
799
991
|
tokenHash?: string;
|
|
@@ -801,7 +993,7 @@ type InviteWhere = {
|
|
|
801
993
|
status?: "pending" | "accepted" | "revoked" | "expired";
|
|
802
994
|
email?: string;
|
|
803
995
|
invitedByUserId?: string;
|
|
804
|
-
|
|
996
|
+
roleId?: string;
|
|
805
997
|
acceptedByUserId?: string;
|
|
806
998
|
};
|
|
807
999
|
/** Sortable fields for `auth.invite.list()`. */
|
|
@@ -859,95 +1051,6 @@ interface CorsConfig {
|
|
|
859
1051
|
/** Allowed request headers. Defaults to `"Content-Type,Authorization"`. */
|
|
860
1052
|
headers?: string;
|
|
861
1053
|
}
|
|
862
|
-
/**
|
|
863
|
-
* Component function references required by core auth runtime.
|
|
864
|
-
*
|
|
865
|
-
* @internal Consumers should not depend on this shape — it may change
|
|
866
|
-
* between minor versions. Pass `components.auth` directly to the `Auth` constructor.
|
|
867
|
-
*/
|
|
868
|
-
type AuthComponentApi = {
|
|
869
|
-
public: {
|
|
870
|
-
userGetById: FunctionReference<"query", "internal">;
|
|
871
|
-
userList: FunctionReference<"query", "internal">;
|
|
872
|
-
userFindByVerifiedEmail: FunctionReference<"query", "internal">;
|
|
873
|
-
userFindByVerifiedPhone: FunctionReference<"query", "internal">;
|
|
874
|
-
userInsert: FunctionReference<"mutation", "internal">;
|
|
875
|
-
userUpsert: FunctionReference<"mutation", "internal">;
|
|
876
|
-
userPatch: FunctionReference<"mutation", "internal">;
|
|
877
|
-
accountGet: FunctionReference<"query", "internal">;
|
|
878
|
-
accountGetById: FunctionReference<"query", "internal">;
|
|
879
|
-
accountInsert: FunctionReference<"mutation", "internal">;
|
|
880
|
-
accountPatch: FunctionReference<"mutation", "internal">;
|
|
881
|
-
accountDelete: FunctionReference<"mutation", "internal">;
|
|
882
|
-
sessionCreate: FunctionReference<"mutation", "internal">;
|
|
883
|
-
sessionGetById: FunctionReference<"query", "internal">;
|
|
884
|
-
sessionDelete: FunctionReference<"mutation", "internal">;
|
|
885
|
-
sessionListByUser: FunctionReference<"query", "internal">;
|
|
886
|
-
verifierCreate: FunctionReference<"mutation", "internal">;
|
|
887
|
-
verifierGetById: FunctionReference<"query", "internal">;
|
|
888
|
-
verifierGetBySignature: FunctionReference<"query", "internal">;
|
|
889
|
-
verifierPatch: FunctionReference<"mutation", "internal">;
|
|
890
|
-
verifierDelete: FunctionReference<"mutation", "internal">;
|
|
891
|
-
verificationCodeGetByAccountId: FunctionReference<"query", "internal">;
|
|
892
|
-
verificationCodeGetByCode: FunctionReference<"query", "internal">;
|
|
893
|
-
verificationCodeCreate: FunctionReference<"mutation", "internal">;
|
|
894
|
-
verificationCodeDelete: FunctionReference<"mutation", "internal">;
|
|
895
|
-
refreshTokenCreate: FunctionReference<"mutation", "internal">;
|
|
896
|
-
refreshTokenGetById: FunctionReference<"query", "internal">;
|
|
897
|
-
refreshTokenPatch: FunctionReference<"mutation", "internal">;
|
|
898
|
-
refreshTokenGetChildren: FunctionReference<"query", "internal">;
|
|
899
|
-
refreshTokenListBySession: FunctionReference<"query", "internal">;
|
|
900
|
-
refreshTokenDeleteAll: FunctionReference<"mutation", "internal">;
|
|
901
|
-
refreshTokenGetActive: FunctionReference<"query", "internal">;
|
|
902
|
-
rateLimitGet: FunctionReference<"query", "internal">;
|
|
903
|
-
rateLimitCreate: FunctionReference<"mutation", "internal">;
|
|
904
|
-
rateLimitPatch: FunctionReference<"mutation", "internal">;
|
|
905
|
-
rateLimitDelete: FunctionReference<"mutation", "internal">;
|
|
906
|
-
groupCreate: FunctionReference<"mutation", "internal">;
|
|
907
|
-
groupGet: FunctionReference<"query", "internal">;
|
|
908
|
-
groupList: FunctionReference<"query", "internal">;
|
|
909
|
-
groupUpdate: FunctionReference<"mutation", "internal">;
|
|
910
|
-
groupDelete: FunctionReference<"mutation", "internal">;
|
|
911
|
-
memberAdd: FunctionReference<"mutation", "internal">;
|
|
912
|
-
memberGet: FunctionReference<"query", "internal">;
|
|
913
|
-
memberList: FunctionReference<"query", "internal">;
|
|
914
|
-
memberListByUser: FunctionReference<"query", "internal">;
|
|
915
|
-
memberGetByGroupAndUser: FunctionReference<"query", "internal">;
|
|
916
|
-
memberRemove: FunctionReference<"mutation", "internal">;
|
|
917
|
-
memberUpdate: FunctionReference<"mutation", "internal">;
|
|
918
|
-
inviteCreate: FunctionReference<"mutation", "internal">;
|
|
919
|
-
inviteGet: FunctionReference<"query", "internal">;
|
|
920
|
-
inviteList: FunctionReference<"query", "internal">;
|
|
921
|
-
inviteAccept: FunctionReference<"mutation", "internal">;
|
|
922
|
-
inviteRevoke: FunctionReference<"mutation", "internal">;
|
|
923
|
-
keyInsert: FunctionReference<"mutation", "internal">;
|
|
924
|
-
keyGetByHashedKey: FunctionReference<"query", "internal">;
|
|
925
|
-
keyGetById: FunctionReference<"query", "internal">;
|
|
926
|
-
keyList: FunctionReference<"query", "internal">;
|
|
927
|
-
keyListByUserId: FunctionReference<"query", "internal">;
|
|
928
|
-
keyPatch: FunctionReference<"mutation", "internal">;
|
|
929
|
-
keyDelete: FunctionReference<"mutation", "internal">;
|
|
930
|
-
passkeyInsert: FunctionReference<"mutation", "internal">;
|
|
931
|
-
passkeyGetByCredentialId: FunctionReference<"query", "internal">;
|
|
932
|
-
passkeyListByUserId: FunctionReference<"query", "internal">;
|
|
933
|
-
passkeyUpdateCounter: FunctionReference<"mutation", "internal">;
|
|
934
|
-
passkeyUpdateMeta: FunctionReference<"mutation", "internal">;
|
|
935
|
-
passkeyDelete: FunctionReference<"mutation", "internal">;
|
|
936
|
-
totpInsert: FunctionReference<"mutation", "internal", any, any>;
|
|
937
|
-
totpGetVerifiedByUserId: FunctionReference<"query", "internal", any, any>;
|
|
938
|
-
totpListByUserId: FunctionReference<"query", "internal", any, any>;
|
|
939
|
-
totpGetById: FunctionReference<"query", "internal", any, any>;
|
|
940
|
-
totpMarkVerified: FunctionReference<"mutation", "internal", any, any>;
|
|
941
|
-
totpUpdateLastUsed: FunctionReference<"mutation", "internal", any, any>;
|
|
942
|
-
totpDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
943
|
-
deviceInsert: FunctionReference<"mutation", "internal", any, any>;
|
|
944
|
-
deviceGetByCodeHash: FunctionReference<"query", "internal", any, any>;
|
|
945
|
-
deviceGetByUserCode: FunctionReference<"query", "internal", any, any>;
|
|
946
|
-
deviceAuthorize: FunctionReference<"mutation", "internal", any, any>;
|
|
947
|
-
deviceUpdateLastPolled: FunctionReference<"mutation", "internal", any, any>;
|
|
948
|
-
deviceDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
949
|
-
};
|
|
950
|
-
};
|
|
951
1054
|
/**
|
|
952
1055
|
* Convex document from a given table.
|
|
953
1056
|
*/
|
|
@@ -955,12 +1058,101 @@ type GenericDoc<DataModel extends GenericDataModel, TableName extends TableNames
|
|
|
955
1058
|
_id: GenericId<TableName>;
|
|
956
1059
|
_creationTime: number;
|
|
957
1060
|
};
|
|
958
|
-
/**
|
|
959
|
-
|
|
960
|
-
*/
|
|
961
|
-
type
|
|
962
|
-
|
|
963
|
-
type
|
|
1061
|
+
/** Data model derived from the component schema. */
|
|
1062
|
+
type AuthDataModel = DataModelFromSchemaDefinition<typeof _default>;
|
|
1063
|
+
/** Action context typed to the auth component's data model. */
|
|
1064
|
+
type ActionCtx = GenericActionCtx<AuthDataModel>;
|
|
1065
|
+
/** Mutation context typed to the auth component's data model. */
|
|
1066
|
+
type MutationCtx = GenericMutationCtx<AuthDataModel>;
|
|
1067
|
+
/** Query context typed to the auth component's data model. */
|
|
1068
|
+
type QueryCtx = GenericQueryCtx<AuthDataModel>;
|
|
1069
|
+
/** A document from any table in the auth component schema. */
|
|
1070
|
+
type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<AuthDataModel, T>;
|
|
1071
|
+
/** A pair of JWT access token and refresh token. */
|
|
1072
|
+
type Tokens = {
|
|
1073
|
+
token: string;
|
|
1074
|
+
refreshToken: string;
|
|
1075
|
+
};
|
|
1076
|
+
/** Session information returned after authentication. */
|
|
1077
|
+
type SessionInfo = {
|
|
1078
|
+
userId: GenericId<"User">;
|
|
1079
|
+
sessionId: GenericId<"Session">;
|
|
1080
|
+
tokens: Tokens | null;
|
|
1081
|
+
};
|
|
1082
|
+
/** Session information with guaranteed non-null tokens. */
|
|
1083
|
+
type SessionInfoWithTokens = {
|
|
1084
|
+
userId: GenericId<"User">;
|
|
1085
|
+
sessionId: GenericId<"Session">;
|
|
1086
|
+
tokens: Tokens;
|
|
1087
|
+
};
|
|
1088
|
+
type TotpDoc = Infer<typeof vTotpFactorDoc>;
|
|
1089
|
+
type PasskeyDoc = Infer<typeof vPasskeyDoc>;
|
|
1090
|
+
type VerifierDoc = Infer<typeof vAuthVerifierDoc>;
|
|
1091
|
+
type KeyDoc = Infer<typeof vApiKeyDoc>;
|
|
1092
|
+
declare function queryUserById(ctx: ComponentCallCtx, userId: string): Promise<CrossComponentUserDoc | null>;
|
|
1093
|
+
declare function queryUserByVerifiedEmail(ctx: ComponentCallCtx, email: string): Promise<CrossComponentUserDoc | null>;
|
|
1094
|
+
declare function queryVerifierById(ctx: ComponentCallCtx, verifierId: string): Promise<VerifierDoc | null>;
|
|
1095
|
+
declare function mutateVerifierDelete(ctx: ComponentCallCtx, verifierId: string): Promise<void>;
|
|
1096
|
+
declare function queryTotpById(ctx: ComponentCallCtx, totpId: string): Promise<TotpDoc | null>;
|
|
1097
|
+
declare function queryTotpVerifiedByUserId(ctx: ComponentCallCtx, userId: string): Promise<TotpDoc | null>;
|
|
1098
|
+
declare function mutateTotpInsert(ctx: ComponentCallCtx, args: {
|
|
1099
|
+
userId: string;
|
|
1100
|
+
secret: ArrayBuffer;
|
|
1101
|
+
digits: number;
|
|
1102
|
+
period: number;
|
|
1103
|
+
verified: boolean;
|
|
1104
|
+
name?: string;
|
|
1105
|
+
createdAt: number;
|
|
1106
|
+
}): Promise<string>;
|
|
1107
|
+
declare function mutateTotpMarkVerified(ctx: ComponentCallCtx, totpId: string, lastUsedAt: number): Promise<void>;
|
|
1108
|
+
declare function mutateTotpUpdateLastUsed(ctx: ComponentCallCtx, totpId: string, lastUsedAt: number): Promise<void>;
|
|
1109
|
+
declare function queryPasskeysByUserId(ctx: ComponentCallCtx, userId: string): Promise<PasskeyDoc[]>;
|
|
1110
|
+
declare function queryPasskeyByCredentialId(ctx: ComponentCallCtx, credentialId: string): Promise<PasskeyDoc | null>;
|
|
1111
|
+
declare function mutatePasskeyInsert(ctx: ComponentCallCtx, args: {
|
|
1112
|
+
userId: string;
|
|
1113
|
+
credentialId: string;
|
|
1114
|
+
publicKey: ArrayBuffer | ArrayBufferLike;
|
|
1115
|
+
algorithm: number;
|
|
1116
|
+
counter: number;
|
|
1117
|
+
transports?: string[];
|
|
1118
|
+
deviceType: string;
|
|
1119
|
+
backedUp: boolean;
|
|
1120
|
+
name?: string;
|
|
1121
|
+
createdAt: number;
|
|
1122
|
+
}): Promise<string>;
|
|
1123
|
+
declare function mutatePasskeyUpdateCounter(ctx: ComponentCallCtx, passkeyId: string, counter: number, lastUsedAt: number): Promise<void>;
|
|
1124
|
+
declare function mutateKeyInsert(ctx: ComponentCallCtx, args: {
|
|
1125
|
+
userId: string;
|
|
1126
|
+
prefix: string;
|
|
1127
|
+
hashedKey: string;
|
|
1128
|
+
name: string;
|
|
1129
|
+
scopes: Array<{
|
|
1130
|
+
resource: string;
|
|
1131
|
+
actions: string[];
|
|
1132
|
+
}>;
|
|
1133
|
+
rateLimit?: {
|
|
1134
|
+
maxRequests: number;
|
|
1135
|
+
windowMs: number;
|
|
1136
|
+
};
|
|
1137
|
+
expiresAt?: number;
|
|
1138
|
+
}): Promise<string>;
|
|
1139
|
+
declare function queryKeysByUserId(ctx: ComponentCallCtx, userId: string): Promise<KeyDoc[]>;
|
|
1140
|
+
declare function queryKeyById(ctx: ComponentCallCtx, keyId: string): Promise<KeyDoc | null>;
|
|
1141
|
+
declare function mutateKeyPatch(ctx: ComponentCallCtx, keyId: string, data: Record<string, unknown>): Promise<void>;
|
|
1142
|
+
declare function mutateKeyDelete(ctx: ComponentCallCtx, keyId: string): Promise<void>;
|
|
1143
|
+
type DeviceDoc = Infer<typeof vDeviceCodeDoc>;
|
|
1144
|
+
declare function mutateDeviceInsert(ctx: ComponentCallCtx, args: {
|
|
1145
|
+
deviceCodeHash: string;
|
|
1146
|
+
userCode: string;
|
|
1147
|
+
expiresAt: number;
|
|
1148
|
+
interval: number;
|
|
1149
|
+
status: "pending" | "authorized" | "denied";
|
|
1150
|
+
}): Promise<string>;
|
|
1151
|
+
declare function queryDeviceByCodeHash(ctx: ComponentCallCtx, deviceCodeHash: string): Promise<DeviceDoc | null>;
|
|
1152
|
+
declare function queryDeviceByUserCode(ctx: ComponentCallCtx, userCode: string): Promise<DeviceDoc | null>;
|
|
1153
|
+
declare function mutateDeviceAuthorize(ctx: ComponentCallCtx, deviceId: string, userId: string, sessionId: string): Promise<void>;
|
|
1154
|
+
declare function mutateDeviceUpdateLastPolled(ctx: ComponentCallCtx, deviceId: string, lastPolledAt: number): Promise<void>;
|
|
1155
|
+
declare function mutateDeviceDelete(ctx: ComponentCallCtx, deviceId: string): Promise<void>;
|
|
964
1156
|
//#endregion
|
|
965
|
-
export {
|
|
1157
|
+
export { ActionCtx, AuthAccountCredentials, AuthAuthorizationConfig, AuthCreateAccountArgs, AuthDataModel, AuthGrant, AuthInvalidateSessionsArgs, AuthMemberResolveArgs, AuthMemberResolveResult, AuthProviderConfig, AuthProviderMaterializedConfig, AuthProviderSignInArgs, AuthProviderSignInResult, AuthRetrieveAccountArgs, AuthRoleDefinition, AuthRoleId, AuthServerHelpers, AuthUpdateAccountArgs, Awaitable, ConvexAuthConfig, ConvexAuthMaterializedConfig, ConvexCredentialsConfig, CorsConfig, DeviceDoc, DeviceProviderConfig, Doc, EmailConfig, EmailUserConfig, EnterpriseAccountLinkingPolicy, EnterpriseDeprovisionMode, EnterpriseJitProvisioningMode, EnterprisePolicy, EnterprisePolicyPatch, EnterpriseScimReuseUserPolicy, GenericActionCtxWithAuthConfig, GenericDoc, GroupOrderBy, GroupTag, GroupWhere, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider, HttpKeyContext, InviteOrderBy, InviteWhere, KeyDoc, KeyOrderBy, KeyRecord, KeyScope, KeyWhere, ListOptions, ListResult, MemberOrderBy, MemberWhere, MutationCtx, OAuthMaterializedConfig, OAuthProfile, PasskeyDoc, PasskeyProviderConfig, PhoneConfig, PhoneUserConfig, QueryCtx, SAMLAttributeMapping, SSOProviderConfig, ScopeChecker, SessionInfo, SessionInfoWithTokens, Tokens, TotpDoc, TotpProviderConfig, UserOrderBy, UserWhere, VerifierDoc, mutateDeviceAuthorize, mutateDeviceDelete, mutateDeviceInsert, mutateDeviceUpdateLastPolled, mutateKeyDelete, mutateKeyInsert, mutateKeyPatch, mutatePasskeyInsert, mutatePasskeyUpdateCounter, mutateTotpInsert, mutateTotpMarkVerified, mutateTotpUpdateLastUsed, mutateVerifierDelete, queryDeviceByCodeHash, queryDeviceByUserCode, queryKeyById, queryKeysByUserId, queryPasskeyByCredentialId, queryPasskeysByUserId, queryTotpById, queryTotpVerifiedByUserId, queryUserById, queryUserByVerifiedEmail, queryVerifierById };
|
|
966
1158
|
//# sourceMappingURL=types.d.ts.map
|