@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -26
- package/dist/authorization/index.d.ts +63 -0
- package/dist/authorization/index.d.ts.map +1 -0
- package/dist/authorization/index.js +63 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/bin.js +6185 -0
- package/dist/client/core/types.d.ts +20 -0
- package/dist/client/core/types.d.ts.map +1 -0
- package/dist/client/index.d.ts +2 -299
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +407 -534
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +42 -0
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/api.js.map +1 -1
- package/dist/component/_generated/component.d.ts +2546 -90
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/client/core/types.d.ts +2 -0
- package/dist/component/client/index.d.ts +2 -0
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/functions.d.ts +11 -9
- package/dist/component/functions.d.ts.map +1 -1
- package/dist/component/functions.js.map +1 -1
- package/dist/component/index.d.ts +7 -11
- package/dist/component/index.js +2 -3
- package/dist/component/model.d.ts +153 -0
- package/dist/component/model.d.ts.map +1 -0
- package/dist/component/model.js +349 -0
- package/dist/component/model.js.map +1 -0
- package/dist/component/providers/anonymous.d.ts +54 -0
- package/dist/component/providers/anonymous.d.ts.map +1 -0
- package/dist/component/providers/credentials.d.ts +5 -5
- package/dist/component/providers/credentials.d.ts.map +1 -1
- package/dist/component/providers/device.d.ts +67 -0
- package/dist/component/providers/device.d.ts.map +1 -0
- package/dist/component/providers/email.d.ts +62 -0
- package/dist/component/providers/email.d.ts.map +1 -0
- package/dist/component/providers/oauth.d.ts.map +1 -1
- package/dist/component/providers/oauth.js.map +1 -1
- package/dist/component/providers/passkey.d.ts +57 -0
- package/dist/component/providers/passkey.d.ts.map +1 -0
- package/dist/component/providers/password.d.ts +88 -0
- package/dist/component/providers/password.d.ts.map +1 -0
- package/dist/component/providers/phone.d.ts +48 -0
- package/dist/component/providers/phone.d.ts.map +1 -0
- package/dist/component/providers/sso.d.ts +50 -0
- package/dist/component/providers/sso.d.ts.map +1 -0
- package/dist/component/providers/totp.d.ts +45 -0
- package/dist/component/providers/totp.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.d.ts +73 -0
- package/dist/component/public/enterprise/audit.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.js +108 -0
- package/dist/component/public/enterprise/audit.js.map +1 -0
- package/dist/component/public/enterprise/core.d.ts +176 -0
- package/dist/component/public/enterprise/core.d.ts.map +1 -0
- package/dist/component/public/enterprise/core.js +292 -0
- package/dist/component/public/enterprise/core.js.map +1 -0
- package/dist/component/public/enterprise/domains.d.ts +174 -0
- package/dist/component/public/enterprise/domains.d.ts.map +1 -0
- package/dist/component/public/enterprise/domains.js +271 -0
- package/dist/component/public/enterprise/domains.js.map +1 -0
- package/dist/component/public/enterprise/scim.d.ts +245 -0
- package/dist/component/public/enterprise/scim.d.ts.map +1 -0
- package/dist/component/public/enterprise/scim.js +344 -0
- package/dist/component/public/enterprise/scim.js.map +1 -0
- package/dist/component/public/enterprise/secrets.d.ts +78 -0
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
- package/dist/component/public/enterprise/secrets.js +118 -0
- package/dist/component/public/enterprise/secrets.js.map +1 -0
- package/dist/component/public/enterprise/webhooks.d.ts +211 -0
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
- package/dist/component/public/enterprise/webhooks.js +300 -0
- package/dist/component/public/enterprise/webhooks.js.map +1 -0
- package/dist/component/public/factors/devices.d.ts +157 -0
- package/dist/component/public/factors/devices.d.ts.map +1 -0
- package/dist/component/public/factors/devices.js +216 -0
- package/dist/component/public/factors/devices.js.map +1 -0
- package/dist/component/public/factors/passkeys.d.ts +175 -0
- package/dist/component/public/factors/passkeys.d.ts.map +1 -0
- package/dist/component/public/factors/passkeys.js +238 -0
- package/dist/component/public/factors/passkeys.js.map +1 -0
- package/dist/component/public/factors/totp.d.ts +189 -0
- package/dist/component/public/factors/totp.d.ts.map +1 -0
- package/dist/component/public/factors/totp.js +254 -0
- package/dist/component/public/factors/totp.js.map +1 -0
- package/dist/component/public/groups/core.d.ts +137 -0
- package/dist/component/public/groups/core.d.ts.map +1 -0
- package/dist/component/public/groups/core.js +321 -0
- package/dist/component/public/groups/core.js.map +1 -0
- package/dist/component/public/groups/invites.d.ts +217 -0
- package/dist/component/public/groups/invites.d.ts.map +1 -0
- package/dist/component/public/groups/invites.js +457 -0
- package/dist/component/public/groups/invites.js.map +1 -0
- package/dist/component/public/groups/members.d.ts +204 -0
- package/dist/component/public/groups/members.d.ts.map +1 -0
- package/dist/component/public/groups/members.js +355 -0
- package/dist/component/public/groups/members.js.map +1 -0
- package/dist/component/public/identity/accounts.d.ts +147 -0
- package/dist/component/public/identity/accounts.d.ts.map +1 -0
- package/dist/component/public/identity/accounts.js +200 -0
- package/dist/component/public/identity/accounts.js.map +1 -0
- package/dist/component/public/identity/codes.d.ts +104 -0
- package/dist/component/public/identity/codes.d.ts.map +1 -0
- package/dist/component/public/identity/codes.js +140 -0
- package/dist/component/public/identity/codes.js.map +1 -0
- package/dist/component/public/identity/sessions.d.ts +128 -0
- package/dist/component/public/identity/sessions.d.ts.map +1 -0
- package/dist/component/public/identity/sessions.js +192 -0
- package/dist/component/public/identity/sessions.js.map +1 -0
- package/dist/component/public/identity/tokens.d.ts +169 -0
- package/dist/component/public/identity/tokens.d.ts.map +1 -0
- package/dist/component/public/identity/tokens.js +227 -0
- package/dist/component/public/identity/tokens.js.map +1 -0
- package/dist/component/public/identity/users.d.ts +212 -0
- package/dist/component/public/identity/users.d.ts.map +1 -0
- package/dist/component/public/identity/users.js +311 -0
- package/dist/component/public/identity/users.js.map +1 -0
- package/dist/component/public/identity/verifiers.d.ts +116 -0
- package/dist/component/public/identity/verifiers.d.ts.map +1 -0
- package/dist/component/public/identity/verifiers.js +154 -0
- package/dist/component/public/identity/verifiers.js.map +1 -0
- package/dist/component/public/security/keys.d.ts +209 -0
- package/dist/component/public/security/keys.d.ts.map +1 -0
- package/dist/component/public/security/keys.js +319 -0
- package/dist/component/public/security/keys.js.map +1 -0
- package/dist/component/public/security/limits.d.ts +114 -0
- package/dist/component/public/security/limits.d.ts.map +1 -0
- package/dist/component/public/security/limits.js +169 -0
- package/dist/component/public/security/limits.js.map +1 -0
- package/dist/component/public.d.ts +24 -271
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +21 -1229
- package/dist/component/schema.d.ts +473 -110
- package/dist/component/schema.js +162 -73
- package/dist/component/schema.js.map +1 -1
- package/dist/component/server/auth.d.ts +318 -373
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +204 -123
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/authError.js +34 -0
- package/dist/component/server/authError.js.map +1 -0
- package/dist/component/server/{providers.js → config.js} +43 -12
- package/dist/component/server/config.js.map +1 -0
- package/dist/component/server/cookies.js +3 -0
- package/dist/component/server/cookies.js.map +1 -1
- package/dist/component/server/core.js +713 -0
- package/dist/component/server/core.js.map +1 -0
- package/dist/component/server/crypto.js +38 -0
- package/dist/component/server/crypto.js.map +1 -0
- package/dist/component/server/{implementation/db.js → db.js} +2 -1
- package/dist/component/server/db.js.map +1 -0
- package/dist/component/server/device.js +109 -0
- package/dist/component/server/device.js.map +1 -0
- package/dist/component/server/enterprise/config.js +46 -0
- package/dist/component/server/enterprise/config.js.map +1 -0
- package/dist/component/server/enterprise/domain.js +885 -0
- package/dist/component/server/enterprise/domain.js.map +1 -0
- package/dist/component/server/enterprise/http.js +766 -0
- package/dist/component/server/enterprise/http.js.map +1 -0
- package/dist/component/server/enterprise/oidc.js +248 -0
- package/dist/component/server/enterprise/oidc.js.map +1 -0
- package/dist/component/server/enterprise/policy.js +85 -0
- package/dist/component/server/enterprise/policy.js.map +1 -0
- package/dist/component/server/enterprise/saml.js +338 -0
- package/dist/component/server/enterprise/saml.js.map +1 -0
- package/dist/component/server/enterprise/scim.js +97 -0
- package/dist/component/server/enterprise/scim.js.map +1 -0
- package/dist/component/server/enterprise/shared.js +51 -0
- package/dist/component/server/enterprise/shared.js.map +1 -0
- package/dist/component/server/errors.d.ts +1 -0
- package/dist/component/server/errors.js +24 -16
- package/dist/component/server/errors.js.map +1 -1
- package/dist/component/server/http.js +288 -0
- package/dist/component/server/http.js.map +1 -0
- package/dist/component/server/identity.js +13 -0
- package/dist/component/server/identity.js.map +1 -0
- package/dist/{server/implementation → component/server}/keys.js +9 -31
- package/dist/component/server/keys.js.map +1 -0
- package/dist/component/server/limits.js +61 -0
- package/dist/component/server/limits.js.map +1 -0
- package/dist/component/server/mutations/account.js +44 -0
- package/dist/component/server/mutations/account.js.map +1 -0
- package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
- package/dist/component/server/mutations/code.js.map +1 -0
- package/dist/component/server/mutations/invalidate.js +32 -0
- package/dist/component/server/mutations/invalidate.js.map +1 -0
- package/dist/component/server/mutations/oauth.js +110 -0
- package/dist/component/server/mutations/oauth.js.map +1 -0
- package/dist/component/server/mutations/refresh.js +119 -0
- package/dist/component/server/mutations/refresh.js.map +1 -0
- package/dist/component/server/mutations/register.js +83 -0
- package/dist/component/server/mutations/register.js.map +1 -0
- package/dist/component/server/mutations/retrieve.js +65 -0
- package/dist/component/server/mutations/retrieve.js.map +1 -0
- package/dist/component/server/mutations/signature.js +32 -0
- package/dist/component/server/mutations/signature.js.map +1 -0
- package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
- package/dist/component/server/mutations/signin.js.map +1 -0
- package/dist/component/server/mutations/signout.js +27 -0
- package/dist/component/server/mutations/signout.js.map +1 -0
- package/dist/component/server/mutations/store/refs.js +15 -0
- package/dist/component/server/mutations/store/refs.js.map +1 -0
- package/dist/component/server/mutations/store.js +85 -0
- package/dist/component/server/mutations/store.js.map +1 -0
- package/dist/component/server/mutations/verifier.js +18 -0
- package/dist/component/server/mutations/verifier.js.map +1 -0
- package/dist/component/server/mutations/verify.js +98 -0
- package/dist/component/server/mutations/verify.js.map +1 -0
- package/dist/component/server/oauth.js +106 -60
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +328 -0
- package/dist/component/server/passkey.js.map +1 -0
- package/dist/{server/implementation → component/server}/redirects.js +13 -11
- package/dist/component/server/redirects.js.map +1 -0
- package/dist/component/server/refresh.js +96 -0
- package/dist/component/server/refresh.js.map +1 -0
- package/dist/component/server/runtime.d.ts +136 -0
- package/dist/component/server/runtime.d.ts.map +1 -0
- package/dist/component/server/runtime.js +413 -0
- package/dist/component/server/runtime.js.map +1 -0
- package/dist/{server/implementation → component/server}/sessions.js +14 -8
- package/dist/component/server/sessions.js.map +1 -0
- package/dist/component/server/signin.js +201 -0
- package/dist/component/server/signin.js.map +1 -0
- package/dist/component/server/tokens.js +17 -0
- package/dist/component/server/tokens.js.map +1 -0
- package/dist/component/server/totp.js +148 -0
- package/dist/component/server/totp.js.map +1 -0
- package/dist/component/server/types.d.ts +387 -298
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/{implementation/types.js → types.js} +1 -1
- package/dist/component/server/types.js.map +1 -0
- package/dist/component/server/{implementation/users.js → users.js} +54 -35
- package/dist/component/server/users.js.map +1 -0
- package/dist/component/server/utils.js +110 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +369 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/factors/device.js +105 -0
- package/dist/factors/device.js.map +1 -0
- package/dist/factors/passkey.js +181 -0
- package/dist/factors/passkey.js.map +1 -0
- package/dist/factors/totp.js +122 -0
- package/dist/factors/totp.js.map +1 -0
- package/dist/providers/anonymous.d.ts +3 -9
- package/dist/providers/anonymous.d.ts.map +1 -1
- package/dist/providers/anonymous.js +1 -18
- package/dist/providers/anonymous.js.map +1 -1
- package/dist/providers/credentials.d.ts +8 -10
- package/dist/providers/credentials.d.ts.map +1 -1
- package/dist/providers/credentials.js +3 -5
- package/dist/providers/credentials.js.map +1 -1
- package/dist/providers/device.d.ts +18 -10
- package/dist/providers/device.d.ts.map +1 -1
- package/dist/providers/device.js +4 -8
- package/dist/providers/device.js.map +1 -1
- package/dist/providers/email.d.ts +50 -23
- package/dist/providers/email.d.ts.map +1 -1
- package/dist/providers/email.js +58 -34
- package/dist/providers/email.js.map +1 -1
- package/dist/providers/index.d.ts +7 -3
- package/dist/providers/index.js +4 -1
- package/dist/providers/oauth.d.ts.map +1 -1
- package/dist/providers/oauth.js.map +1 -1
- package/dist/providers/passkey.d.ts +12 -9
- package/dist/providers/passkey.d.ts.map +1 -1
- package/dist/providers/passkey.js +1 -7
- package/dist/providers/passkey.js.map +1 -1
- package/dist/providers/password.d.ts +6 -12
- package/dist/providers/password.d.ts.map +1 -1
- package/dist/providers/password.js +189 -89
- package/dist/providers/password.js.map +1 -1
- package/dist/providers/phone.d.ts +40 -11
- package/dist/providers/phone.d.ts.map +1 -1
- package/dist/providers/phone.js +52 -21
- package/dist/providers/phone.js.map +1 -1
- package/dist/providers/sso.d.ts +50 -0
- package/dist/providers/sso.d.ts.map +1 -0
- package/dist/providers/sso.js +34 -0
- package/dist/providers/sso.js.map +1 -0
- package/dist/providers/totp.d.ts +12 -9
- package/dist/providers/totp.d.ts.map +1 -1
- package/dist/providers/totp.js +1 -7
- package/dist/providers/totp.js.map +1 -1
- package/dist/runtime/browser.js +68 -0
- package/dist/runtime/browser.js.map +1 -0
- package/dist/runtime/invite.js +51 -0
- package/dist/runtime/invite.js.map +1 -0
- package/dist/runtime/proxy.js +70 -0
- package/dist/runtime/proxy.js.map +1 -0
- package/dist/runtime/storage.js +37 -0
- package/dist/runtime/storage.js.map +1 -0
- package/dist/server/auth.d.ts +335 -370
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +204 -123
- package/dist/server/auth.js.map +1 -1
- package/dist/server/authError.d.ts +46 -0
- package/dist/server/authError.d.ts.map +1 -0
- package/dist/server/authError.js +34 -0
- package/dist/server/authError.js.map +1 -0
- package/dist/server/config.d.ts +1 -0
- package/dist/server/{providers.js → config.js} +43 -12
- package/dist/server/config.js.map +1 -0
- package/dist/server/cookies.d.ts +1 -38
- package/dist/server/cookies.js +3 -0
- package/dist/server/cookies.js.map +1 -1
- package/dist/server/core.d.ts +1436 -0
- package/dist/server/core.d.ts.map +1 -0
- package/dist/server/core.js +713 -0
- package/dist/server/core.js.map +1 -0
- package/dist/server/crypto.d.ts +8 -0
- package/dist/server/crypto.d.ts.map +1 -0
- package/dist/server/crypto.js +38 -0
- package/dist/server/crypto.js.map +1 -0
- package/dist/server/db.d.ts +1 -0
- package/dist/server/{implementation/db.js → db.js} +2 -1
- package/dist/server/db.js.map +1 -0
- package/dist/server/device.d.ts +1 -0
- package/dist/server/device.js +109 -0
- package/dist/server/device.js.map +1 -0
- package/dist/server/enterprise/config.d.ts +1 -0
- package/dist/server/enterprise/config.js +46 -0
- package/dist/server/enterprise/config.js.map +1 -0
- package/dist/server/enterprise/domain.d.ts +409 -0
- package/dist/server/enterprise/domain.d.ts.map +1 -0
- package/dist/server/enterprise/domain.js +885 -0
- package/dist/server/enterprise/domain.js.map +1 -0
- package/dist/server/enterprise/http.d.ts +26 -0
- package/dist/server/enterprise/http.d.ts.map +1 -0
- package/dist/server/enterprise/http.js +766 -0
- package/dist/server/enterprise/http.js.map +1 -0
- package/dist/server/enterprise/oidc.d.ts +1 -0
- package/dist/server/enterprise/oidc.js +248 -0
- package/dist/server/enterprise/oidc.js.map +1 -0
- package/dist/server/enterprise/policy.d.ts +1 -0
- package/dist/server/enterprise/policy.js +85 -0
- package/dist/server/enterprise/policy.js.map +1 -0
- package/dist/server/enterprise/saml.d.ts +1 -0
- package/dist/server/enterprise/saml.js +338 -0
- package/dist/server/enterprise/saml.js.map +1 -0
- package/dist/server/enterprise/scim.d.ts +1 -0
- package/dist/server/enterprise/scim.js +97 -0
- package/dist/server/enterprise/scim.js.map +1 -0
- package/dist/server/enterprise/shared.d.ts +5 -0
- package/dist/server/enterprise/shared.d.ts.map +1 -0
- package/dist/server/enterprise/shared.js +51 -0
- package/dist/server/enterprise/shared.js.map +1 -0
- package/dist/server/enterprise/validators.d.ts +1 -0
- package/dist/server/enterprise/validators.js +60 -0
- package/dist/server/enterprise/validators.js.map +1 -0
- package/dist/server/errors.d.ts +33 -1
- package/dist/server/errors.d.ts.map +1 -1
- package/dist/server/errors.js +44 -1
- package/dist/server/errors.js.map +1 -1
- package/dist/server/http.d.ts +59 -0
- package/dist/server/http.d.ts.map +1 -0
- package/dist/server/http.js +288 -0
- package/dist/server/http.js.map +1 -0
- package/dist/server/identity.d.ts +1 -0
- package/dist/server/identity.js +13 -0
- package/dist/server/identity.js.map +1 -0
- package/dist/server/index.d.ts +4 -182
- package/dist/server/index.js +4 -376
- package/dist/server/keys.d.ts +1 -0
- package/dist/{component/server/implementation → server}/keys.js +9 -31
- package/dist/server/keys.js.map +1 -0
- package/dist/server/limits.d.ts +1 -0
- package/dist/server/limits.js +61 -0
- package/dist/server/limits.js.map +1 -0
- package/dist/server/mounts.d.ts +647 -0
- package/dist/server/mounts.d.ts.map +1 -0
- package/dist/server/mounts.js +643 -0
- package/dist/server/mounts.js.map +1 -0
- package/dist/server/mutations/account.d.ts +30 -0
- package/dist/server/mutations/account.d.ts.map +1 -0
- package/dist/server/mutations/account.js +44 -0
- package/dist/server/mutations/account.js.map +1 -0
- package/dist/server/mutations/code.d.ts +30 -0
- package/dist/server/mutations/code.d.ts.map +1 -0
- package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
- package/dist/server/mutations/code.js.map +1 -0
- package/dist/server/mutations/index.d.ts +14 -0
- package/dist/server/mutations/index.js +15 -0
- package/dist/server/mutations/invalidate.d.ts +20 -0
- package/dist/server/mutations/invalidate.d.ts.map +1 -0
- package/dist/server/mutations/invalidate.js +32 -0
- package/dist/server/mutations/invalidate.js.map +1 -0
- package/dist/server/mutations/oauth.d.ts +28 -0
- package/dist/server/mutations/oauth.d.ts.map +1 -0
- package/dist/server/mutations/oauth.js +110 -0
- package/dist/server/mutations/oauth.js.map +1 -0
- package/dist/server/mutations/refresh.d.ts +21 -0
- package/dist/server/mutations/refresh.d.ts.map +1 -0
- package/dist/server/mutations/refresh.js +119 -0
- package/dist/server/mutations/refresh.js.map +1 -0
- package/dist/server/mutations/register.d.ts +38 -0
- package/dist/server/mutations/register.d.ts.map +1 -0
- package/dist/server/mutations/register.js +83 -0
- package/dist/server/mutations/register.js.map +1 -0
- package/dist/server/mutations/retrieve.d.ts +33 -0
- package/dist/server/mutations/retrieve.d.ts.map +1 -0
- package/dist/server/mutations/retrieve.js +65 -0
- package/dist/server/mutations/retrieve.js.map +1 -0
- package/dist/server/mutations/signature.d.ts +22 -0
- package/dist/server/mutations/signature.d.ts.map +1 -0
- package/dist/server/mutations/signature.js +32 -0
- package/dist/server/mutations/signature.js.map +1 -0
- package/dist/server/mutations/signin.d.ts +22 -0
- package/dist/server/mutations/signin.d.ts.map +1 -0
- package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
- package/dist/server/mutations/signin.js.map +1 -0
- package/dist/server/mutations/signout.d.ts +16 -0
- package/dist/server/mutations/signout.d.ts.map +1 -0
- package/dist/server/mutations/signout.js +27 -0
- package/dist/server/mutations/signout.js.map +1 -0
- package/dist/server/mutations/store/refs.d.ts +12 -0
- package/dist/server/mutations/store/refs.d.ts.map +1 -0
- package/dist/server/mutations/store/refs.js +15 -0
- package/dist/server/mutations/store/refs.js.map +1 -0
- package/dist/server/mutations/store.d.ts +306 -0
- package/dist/server/mutations/store.d.ts.map +1 -0
- package/dist/server/mutations/store.js +85 -0
- package/dist/server/mutations/store.js.map +1 -0
- package/dist/server/mutations/verifier.d.ts +13 -0
- package/dist/server/mutations/verifier.d.ts.map +1 -0
- package/dist/server/mutations/verifier.js +18 -0
- package/dist/server/mutations/verifier.js.map +1 -0
- package/dist/server/mutations/verify.d.ts +26 -0
- package/dist/server/mutations/verify.d.ts.map +1 -0
- package/dist/server/mutations/verify.js +98 -0
- package/dist/server/mutations/verify.js.map +1 -0
- package/dist/server/oauth.d.ts +1 -48
- package/dist/server/oauth.js +107 -64
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +27 -0
- package/dist/server/passkey.d.ts.map +1 -0
- package/dist/server/passkey.js +328 -0
- package/dist/server/passkey.js.map +1 -0
- package/dist/server/redirects.d.ts +1 -0
- package/dist/{component/server/implementation → server}/redirects.js +13 -11
- package/dist/server/redirects.js.map +1 -0
- package/dist/server/refresh.d.ts +1 -0
- package/dist/server/refresh.js +96 -0
- package/dist/server/refresh.js.map +1 -0
- package/dist/server/runtime.d.ts +136 -0
- package/dist/server/runtime.d.ts.map +1 -0
- package/dist/server/runtime.js +413 -0
- package/dist/server/runtime.js.map +1 -0
- package/dist/server/sessions.d.ts +1 -0
- package/dist/{component/server/implementation → server}/sessions.js +14 -8
- package/dist/server/sessions.js.map +1 -0
- package/dist/server/signin.d.ts +1 -0
- package/dist/server/signin.js +201 -0
- package/dist/server/signin.js.map +1 -0
- package/dist/server/ssr.d.ts +226 -0
- package/dist/server/ssr.d.ts.map +1 -0
- package/dist/server/ssr.js +786 -0
- package/dist/server/ssr.js.map +1 -0
- package/dist/server/templates.d.ts +1 -21
- package/dist/server/templates.js +2 -1
- package/dist/server/templates.js.map +1 -1
- package/dist/server/tokens.d.ts +1 -0
- package/dist/server/tokens.js +17 -0
- package/dist/server/tokens.js.map +1 -0
- package/dist/server/totp.d.ts +1 -0
- package/dist/server/totp.js +148 -0
- package/dist/server/totp.js.map +1 -0
- package/dist/server/types.d.ts +498 -306
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js +108 -1
- package/dist/server/types.js.map +1 -0
- package/dist/server/users.d.ts +1 -0
- package/dist/server/{implementation/users.js → users.js} +54 -35
- package/dist/server/users.js.map +1 -0
- package/dist/server/utils.d.ts +1 -6
- package/dist/server/utils.js +110 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +49 -46
- package/src/authorization/index.ts +83 -0
- package/src/cli/bin.ts +5 -0
- package/src/cli/command.ts +6 -5
- package/src/cli/index.ts +456 -248
- package/src/cli/keys.ts +3 -0
- package/src/client/core/types.ts +437 -0
- package/src/client/factors/device.ts +160 -0
- package/src/client/factors/passkey.ts +282 -0
- package/src/client/factors/totp.ts +150 -0
- package/src/client/index.ts +745 -989
- package/src/client/runtime/browser.ts +112 -0
- package/src/client/runtime/invite.ts +65 -0
- package/src/client/runtime/proxy.ts +111 -0
- package/src/client/runtime/storage.ts +79 -0
- package/src/component/_generated/api.ts +42 -0
- package/src/component/_generated/component.ts +3123 -102
- package/src/component/functions.ts +38 -22
- package/src/component/index.ts +10 -20
- package/src/component/model.ts +449 -0
- package/src/component/public/enterprise/audit.ts +120 -0
- package/src/component/public/enterprise/core.ts +354 -0
- package/src/component/public/enterprise/domains.ts +323 -0
- package/src/component/public/enterprise/scim.ts +396 -0
- package/src/component/public/enterprise/secrets.ts +132 -0
- package/src/component/public/enterprise/webhooks.ts +306 -0
- package/src/component/public/factors/devices.ts +223 -0
- package/src/component/public/factors/passkeys.ts +242 -0
- package/src/component/public/factors/totp.ts +258 -0
- package/src/component/public/groups/core.ts +481 -0
- package/src/component/public/groups/invites.ts +602 -0
- package/src/component/public/groups/members.ts +409 -0
- package/src/component/public/identity/accounts.ts +206 -0
- package/src/component/public/identity/codes.ts +148 -0
- package/src/component/public/identity/sessions.ts +209 -0
- package/src/component/public/identity/tokens.ts +250 -0
- package/src/component/public/identity/users.ts +354 -0
- package/src/component/public/identity/verifiers.ts +157 -0
- package/src/component/public/security/keys.ts +365 -0
- package/src/component/public/security/limits.ts +173 -0
- package/src/component/public.ts +26 -1766
- package/src/component/schema.ts +273 -100
- package/src/providers/anonymous.ts +10 -20
- package/src/providers/credentials.ts +14 -22
- package/src/providers/device.ts +3 -14
- package/src/providers/email.ts +83 -47
- package/src/providers/index.ts +7 -0
- package/src/providers/oauth.ts +5 -3
- package/src/providers/passkey.ts +0 -13
- package/src/providers/password.ts +307 -130
- package/src/providers/phone.ts +81 -37
- package/src/providers/sso.ts +54 -0
- package/src/providers/totp.ts +0 -13
- package/src/samlify.d.ts +53 -0
- package/src/server/auth.ts +701 -247
- package/src/server/authError.ts +44 -0
- package/src/server/{providers.ts → config.ts} +84 -15
- package/src/server/cookies.ts +8 -1
- package/src/server/core.ts +2095 -0
- package/src/server/crypto.ts +88 -0
- package/src/server/{implementation/db.ts → db.ts} +90 -15
- package/src/server/device.ts +221 -0
- package/src/server/enterprise/config.ts +51 -0
- package/src/server/enterprise/domain.ts +1751 -0
- package/src/server/enterprise/http.ts +1324 -0
- package/src/server/enterprise/oidc.ts +500 -0
- package/src/server/enterprise/policy.ts +128 -0
- package/src/server/enterprise/saml.ts +578 -0
- package/src/server/enterprise/scim.ts +135 -0
- package/src/server/enterprise/shared.ts +134 -0
- package/src/server/enterprise/validators.ts +93 -0
- package/src/server/errors.ts +130 -119
- package/src/server/http.ts +531 -0
- package/src/server/identity.ts +18 -0
- package/src/server/index.ts +32 -650
- package/src/server/{implementation/keys.ts → keys.ts} +16 -44
- package/src/server/limits.ts +134 -0
- package/src/server/mounts.ts +948 -0
- package/src/server/mutations/account.ts +76 -0
- package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
- package/src/server/mutations/index.ts +13 -0
- package/src/server/mutations/invalidate.ts +50 -0
- package/src/server/mutations/oauth.ts +237 -0
- package/src/server/mutations/refresh.ts +298 -0
- package/src/server/mutations/register.ts +200 -0
- package/src/server/mutations/retrieve.ts +109 -0
- package/src/server/mutations/signature.ts +50 -0
- package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
- package/src/server/mutations/signout.ts +43 -0
- package/src/server/mutations/store/refs.ts +10 -0
- package/src/server/mutations/store.ts +138 -0
- package/src/server/mutations/verifier.ts +34 -0
- package/src/server/mutations/verify.ts +202 -0
- package/src/server/oauth.ts +243 -131
- package/src/server/passkey.ts +784 -0
- package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
- package/src/server/refresh.ts +222 -0
- package/src/server/runtime.ts +880 -0
- package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
- package/src/server/signin.ts +438 -0
- package/src/server/ssr.ts +1764 -0
- package/src/server/templates.ts +8 -3
- package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
- package/src/server/totp.ts +349 -0
- package/src/server/types.ts +972 -207
- package/src/server/{implementation/users.ts → users.ts} +129 -75
- package/src/server/utils.ts +192 -5
- package/src/test.ts +28 -4
- package/dist/bin.cjs +0 -27757
- package/dist/component/providers/email.js +0 -47
- package/dist/component/providers/email.js.map +0 -1
- package/dist/component/public.js.map +0 -1
- package/dist/component/server/implementation/db.js.map +0 -1
- package/dist/component/server/implementation/device.js +0 -135
- package/dist/component/server/implementation/device.js.map +0 -1
- package/dist/component/server/implementation/index.d.ts +0 -870
- package/dist/component/server/implementation/index.d.ts.map +0 -1
- package/dist/component/server/implementation/index.js +0 -610
- package/dist/component/server/implementation/index.js.map +0 -1
- package/dist/component/server/implementation/keys.js.map +0 -1
- package/dist/component/server/implementation/mutations/account.js +0 -39
- package/dist/component/server/implementation/mutations/account.js.map +0 -1
- package/dist/component/server/implementation/mutations/code.js.map +0 -1
- package/dist/component/server/implementation/mutations/index.js +0 -70
- package/dist/component/server/implementation/mutations/index.js.map +0 -1
- package/dist/component/server/implementation/mutations/invalidate.js +0 -29
- package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
- package/dist/component/server/implementation/mutations/oauth.js +0 -51
- package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
- package/dist/component/server/implementation/mutations/refresh.js +0 -85
- package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
- package/dist/component/server/implementation/mutations/register.js +0 -65
- package/dist/component/server/implementation/mutations/register.js.map +0 -1
- package/dist/component/server/implementation/mutations/retrieve.js +0 -50
- package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
- package/dist/component/server/implementation/mutations/signature.js +0 -27
- package/dist/component/server/implementation/mutations/signature.js.map +0 -1
- package/dist/component/server/implementation/mutations/signin.js.map +0 -1
- package/dist/component/server/implementation/mutations/signout.js +0 -27
- package/dist/component/server/implementation/mutations/signout.js.map +0 -1
- package/dist/component/server/implementation/mutations/store.js +0 -12
- package/dist/component/server/implementation/mutations/store.js.map +0 -1
- package/dist/component/server/implementation/mutations/verifier.js +0 -16
- package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
- package/dist/component/server/implementation/mutations/verify.js +0 -105
- package/dist/component/server/implementation/mutations/verify.js.map +0 -1
- package/dist/component/server/implementation/passkey.js +0 -307
- package/dist/component/server/implementation/passkey.js.map +0 -1
- package/dist/component/server/implementation/provider.js +0 -19
- package/dist/component/server/implementation/provider.js.map +0 -1
- package/dist/component/server/implementation/ratelimit.js +0 -48
- package/dist/component/server/implementation/ratelimit.js.map +0 -1
- package/dist/component/server/implementation/redirects.js.map +0 -1
- package/dist/component/server/implementation/refresh.js +0 -109
- package/dist/component/server/implementation/refresh.js.map +0 -1
- package/dist/component/server/implementation/sessions.js.map +0 -1
- package/dist/component/server/implementation/signin.js +0 -148
- package/dist/component/server/implementation/signin.js.map +0 -1
- package/dist/component/server/implementation/tokens.js +0 -15
- package/dist/component/server/implementation/tokens.js.map +0 -1
- package/dist/component/server/implementation/totp.js +0 -142
- package/dist/component/server/implementation/totp.js.map +0 -1
- package/dist/component/server/implementation/types.d.ts +0 -42
- package/dist/component/server/implementation/types.d.ts.map +0 -1
- package/dist/component/server/implementation/types.js.map +0 -1
- package/dist/component/server/implementation/users.js.map +0 -1
- package/dist/component/server/implementation/utils.js +0 -56
- package/dist/component/server/implementation/utils.js.map +0 -1
- package/dist/component/server/providers.js.map +0 -1
- package/dist/component/server/templates.js +0 -84
- package/dist/component/server/templates.js.map +0 -1
- package/dist/server/cookies.d.ts.map +0 -1
- package/dist/server/implementation/db.d.ts +0 -86
- package/dist/server/implementation/db.d.ts.map +0 -1
- package/dist/server/implementation/db.js.map +0 -1
- package/dist/server/implementation/device.d.ts +0 -30
- package/dist/server/implementation/device.d.ts.map +0 -1
- package/dist/server/implementation/device.js +0 -135
- package/dist/server/implementation/device.js.map +0 -1
- package/dist/server/implementation/index.d.ts +0 -870
- package/dist/server/implementation/index.d.ts.map +0 -1
- package/dist/server/implementation/index.js +0 -610
- package/dist/server/implementation/index.js.map +0 -1
- package/dist/server/implementation/keys.d.ts +0 -66
- package/dist/server/implementation/keys.d.ts.map +0 -1
- package/dist/server/implementation/keys.js.map +0 -1
- package/dist/server/implementation/mutations/account.d.ts +0 -27
- package/dist/server/implementation/mutations/account.d.ts.map +0 -1
- package/dist/server/implementation/mutations/account.js +0 -39
- package/dist/server/implementation/mutations/account.js.map +0 -1
- package/dist/server/implementation/mutations/code.d.ts +0 -29
- package/dist/server/implementation/mutations/code.d.ts.map +0 -1
- package/dist/server/implementation/mutations/code.js.map +0 -1
- package/dist/server/implementation/mutations/index.d.ts +0 -310
- package/dist/server/implementation/mutations/index.d.ts.map +0 -1
- package/dist/server/implementation/mutations/index.js +0 -70
- package/dist/server/implementation/mutations/index.js.map +0 -1
- package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
- package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/implementation/mutations/invalidate.js +0 -29
- package/dist/server/implementation/mutations/invalidate.js.map +0 -1
- package/dist/server/implementation/mutations/oauth.d.ts +0 -23
- package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
- package/dist/server/implementation/mutations/oauth.js +0 -51
- package/dist/server/implementation/mutations/oauth.js.map +0 -1
- package/dist/server/implementation/mutations/refresh.d.ts +0 -20
- package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
- package/dist/server/implementation/mutations/refresh.js +0 -85
- package/dist/server/implementation/mutations/refresh.js.map +0 -1
- package/dist/server/implementation/mutations/register.d.ts +0 -37
- package/dist/server/implementation/mutations/register.d.ts.map +0 -1
- package/dist/server/implementation/mutations/register.js +0 -65
- package/dist/server/implementation/mutations/register.js.map +0 -1
- package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
- package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/implementation/mutations/retrieve.js +0 -50
- package/dist/server/implementation/mutations/retrieve.js.map +0 -1
- package/dist/server/implementation/mutations/signature.d.ts +0 -19
- package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signature.js +0 -27
- package/dist/server/implementation/mutations/signature.js.map +0 -1
- package/dist/server/implementation/mutations/signin.d.ts +0 -21
- package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signin.js.map +0 -1
- package/dist/server/implementation/mutations/signout.d.ts +0 -14
- package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signout.js +0 -27
- package/dist/server/implementation/mutations/signout.js.map +0 -1
- package/dist/server/implementation/mutations/store.d.ts +0 -11
- package/dist/server/implementation/mutations/store.d.ts.map +0 -1
- package/dist/server/implementation/mutations/store.js +0 -12
- package/dist/server/implementation/mutations/store.js.map +0 -1
- package/dist/server/implementation/mutations/verifier.d.ts +0 -11
- package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verifier.js +0 -16
- package/dist/server/implementation/mutations/verifier.js.map +0 -1
- package/dist/server/implementation/mutations/verify.d.ts +0 -25
- package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verify.js +0 -105
- package/dist/server/implementation/mutations/verify.js.map +0 -1
- package/dist/server/implementation/passkey.d.ts +0 -24
- package/dist/server/implementation/passkey.d.ts.map +0 -1
- package/dist/server/implementation/passkey.js +0 -307
- package/dist/server/implementation/passkey.js.map +0 -1
- package/dist/server/implementation/provider.d.ts +0 -10
- package/dist/server/implementation/provider.d.ts.map +0 -1
- package/dist/server/implementation/provider.js +0 -19
- package/dist/server/implementation/provider.js.map +0 -1
- package/dist/server/implementation/ratelimit.d.ts +0 -10
- package/dist/server/implementation/ratelimit.d.ts.map +0 -1
- package/dist/server/implementation/ratelimit.js +0 -48
- package/dist/server/implementation/ratelimit.js.map +0 -1
- package/dist/server/implementation/redirects.d.ts +0 -10
- package/dist/server/implementation/redirects.d.ts.map +0 -1
- package/dist/server/implementation/redirects.js.map +0 -1
- package/dist/server/implementation/refresh.d.ts +0 -37
- package/dist/server/implementation/refresh.d.ts.map +0 -1
- package/dist/server/implementation/refresh.js +0 -109
- package/dist/server/implementation/refresh.js.map +0 -1
- package/dist/server/implementation/sessions.d.ts +0 -29
- package/dist/server/implementation/sessions.d.ts.map +0 -1
- package/dist/server/implementation/sessions.js.map +0 -1
- package/dist/server/implementation/signin.d.ts +0 -55
- package/dist/server/implementation/signin.d.ts.map +0 -1
- package/dist/server/implementation/signin.js +0 -148
- package/dist/server/implementation/signin.js.map +0 -1
- package/dist/server/implementation/tokens.d.ts +0 -11
- package/dist/server/implementation/tokens.d.ts.map +0 -1
- package/dist/server/implementation/tokens.js +0 -15
- package/dist/server/implementation/tokens.js.map +0 -1
- package/dist/server/implementation/totp.d.ts +0 -31
- package/dist/server/implementation/totp.d.ts.map +0 -1
- package/dist/server/implementation/totp.js +0 -142
- package/dist/server/implementation/totp.js.map +0 -1
- package/dist/server/implementation/types.d.ts +0 -189
- package/dist/server/implementation/types.d.ts.map +0 -1
- package/dist/server/implementation/types.js +0 -97
- package/dist/server/implementation/types.js.map +0 -1
- package/dist/server/implementation/users.d.ts +0 -30
- package/dist/server/implementation/users.d.ts.map +0 -1
- package/dist/server/implementation/users.js.map +0 -1
- package/dist/server/implementation/utils.d.ts +0 -19
- package/dist/server/implementation/utils.d.ts.map +0 -1
- package/dist/server/implementation/utils.js +0 -56
- package/dist/server/implementation/utils.js.map +0 -1
- package/dist/server/index.d.ts.map +0 -1
- package/dist/server/index.js.map +0 -1
- package/dist/server/oauth.d.ts.map +0 -1
- package/dist/server/providers.d.ts +0 -72
- package/dist/server/providers.d.ts.map +0 -1
- package/dist/server/providers.js.map +0 -1
- package/dist/server/templates.d.ts.map +0 -1
- package/dist/server/utils.d.ts.map +0 -1
- package/dist/server/version.d.ts +0 -5
- package/dist/server/version.d.ts.map +0 -1
- package/dist/server/version.js +0 -6
- package/dist/server/version.js.map +0 -1
- package/src/cli/utils.ts +0 -248
- package/src/server/implementation/device.ts +0 -307
- package/src/server/implementation/index.ts +0 -1583
- package/src/server/implementation/mutations/account.ts +0 -50
- package/src/server/implementation/mutations/index.ts +0 -157
- package/src/server/implementation/mutations/invalidate.ts +0 -42
- package/src/server/implementation/mutations/oauth.ts +0 -73
- package/src/server/implementation/mutations/refresh.ts +0 -175
- package/src/server/implementation/mutations/register.ts +0 -100
- package/src/server/implementation/mutations/retrieve.ts +0 -79
- package/src/server/implementation/mutations/signature.ts +0 -39
- package/src/server/implementation/mutations/signout.ts +0 -35
- package/src/server/implementation/mutations/store.ts +0 -7
- package/src/server/implementation/mutations/verifier.ts +0 -24
- package/src/server/implementation/mutations/verify.ts +0 -194
- package/src/server/implementation/passkey.ts +0 -620
- package/src/server/implementation/provider.ts +0 -36
- package/src/server/implementation/ratelimit.ts +0 -79
- package/src/server/implementation/refresh.ts +0 -172
- package/src/server/implementation/signin.ts +0 -296
- package/src/server/implementation/totp.ts +0 -342
- package/src/server/implementation/types.ts +0 -444
- package/src/server/implementation/utils.ts +0 -91
- package/src/server/version.ts +0 -2
package/src/cli/keys.ts
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { randomBytes } from "node:crypto";
|
|
2
|
+
|
|
1
3
|
import { exportJWK, exportPKCS8, generateKeyPair } from "jose";
|
|
2
4
|
|
|
3
5
|
export async function generateKeys() {
|
|
@@ -9,6 +11,7 @@ export async function generateKeys() {
|
|
|
9
11
|
return {
|
|
10
12
|
JWT_PRIVATE_KEY: `${privateKey.trimEnd().replace(/\n/g, " ")}`,
|
|
11
13
|
JWKS: jwks,
|
|
14
|
+
AUTH_SECRET_ENCRYPTION_KEY: randomBytes(32).toString("base64url"),
|
|
12
15
|
};
|
|
13
16
|
} catch (error) {
|
|
14
17
|
console.error(
|
|
@@ -0,0 +1,437 @@
|
|
|
1
|
+
import type { FunctionReference } from "convex/server";
|
|
2
|
+
import type { ConvexError, Value } from "convex/values";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Structural interface for any Convex client.
|
|
6
|
+
* Satisfied by `ConvexClient` (`convex/browser`),
|
|
7
|
+
* `ConvexReactClient` (`convex/react`), and similar transports.
|
|
8
|
+
*
|
|
9
|
+
* `clearAuth` is present on `ConvexReactClient` and `BaseConvexClient`
|
|
10
|
+
* but not on the simplified `ConvexClient`. When available we call it
|
|
11
|
+
* during sign-out for a clean deauthentication.
|
|
12
|
+
*/
|
|
13
|
+
export interface ConvexTransport {
|
|
14
|
+
action(action: any, args: any): Promise<any>;
|
|
15
|
+
setAuth(
|
|
16
|
+
fetchToken: (args: {
|
|
17
|
+
forceRefreshToken: boolean;
|
|
18
|
+
}) => Promise<string | null | undefined>,
|
|
19
|
+
onChange?: (isAuthenticated: boolean) => void,
|
|
20
|
+
): void;
|
|
21
|
+
clearAuth?(): void;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
/** Pluggable key-value storage (defaults to `localStorage`). */
|
|
25
|
+
export interface Storage {
|
|
26
|
+
getItem(
|
|
27
|
+
key: string,
|
|
28
|
+
): string | null | undefined | Promise<string | null | undefined>;
|
|
29
|
+
setItem(key: string, value: string): void | Promise<void>;
|
|
30
|
+
removeItem(key: string): void | Promise<void>;
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
export type AuthSession = {
|
|
34
|
+
token: string;
|
|
35
|
+
refreshToken: string;
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
export type SignInActionResult =
|
|
39
|
+
| { kind: "signedIn"; tokens: AuthSession | null }
|
|
40
|
+
| { kind: "redirect"; redirect: string; verifier: string }
|
|
41
|
+
| { kind: "started" }
|
|
42
|
+
| { kind: "passkeyOptions"; options: Record<string, any>; verifier: string }
|
|
43
|
+
| { kind: "totpRequired"; verifier: string }
|
|
44
|
+
| {
|
|
45
|
+
kind: "totpSetup";
|
|
46
|
+
totpSetup: { uri: string; secret: string; totpId: string };
|
|
47
|
+
verifier: string;
|
|
48
|
+
}
|
|
49
|
+
| {
|
|
50
|
+
kind: "deviceCode";
|
|
51
|
+
deviceCode: {
|
|
52
|
+
deviceCode: string;
|
|
53
|
+
userCode: string;
|
|
54
|
+
verificationUri: string;
|
|
55
|
+
verificationUriComplete: string;
|
|
56
|
+
expiresIn: number;
|
|
57
|
+
interval: number;
|
|
58
|
+
};
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
/**
|
|
62
|
+
* Device code response returned when signing in with the `"device"` provider.
|
|
63
|
+
*
|
|
64
|
+
* The device displays the `userCode` (or `verificationUriComplete`) and
|
|
65
|
+
* polls via `auth.device.poll()` until the user authorizes.
|
|
66
|
+
*/
|
|
67
|
+
export type DeviceCodeResult = {
|
|
68
|
+
/** High-entropy device code used for polling (keep secret). */
|
|
69
|
+
deviceCode: string;
|
|
70
|
+
/** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
|
|
71
|
+
userCode: string;
|
|
72
|
+
/** Base verification URL (e.g. "https://myapp.com/device"). */
|
|
73
|
+
verificationUri: string;
|
|
74
|
+
/** Verification URL with user code pre-filled as `?code=XXXX-XXXX`. */
|
|
75
|
+
verificationUriComplete: string;
|
|
76
|
+
/** Lifetime of the codes in seconds. */
|
|
77
|
+
expiresIn: number;
|
|
78
|
+
/** Minimum polling interval in seconds. */
|
|
79
|
+
interval: number;
|
|
80
|
+
};
|
|
81
|
+
|
|
82
|
+
/**
|
|
83
|
+
* Result of a `signIn` call.
|
|
84
|
+
*
|
|
85
|
+
* - `kind: "signedIn"` — credentials were accepted and the user is authenticated.
|
|
86
|
+
* - `kind: "redirect"` — OAuth flow initiated; redirect the user to `redirect.toString()`.
|
|
87
|
+
* - `kind: "totpRequired"` — credentials valid but 2FA is needed; call `auth.totp.verify()`.
|
|
88
|
+
* - `kind: "deviceCode"` — device flow initiated; display the code and poll via `auth.device.poll()`.
|
|
89
|
+
* - `kind: "started"` — a non-immediate flow started (for example email/phone verification).
|
|
90
|
+
*
|
|
91
|
+
* @see {@link AuthState}
|
|
92
|
+
*/
|
|
93
|
+
export type SignInResult =
|
|
94
|
+
| { kind: "signedIn" }
|
|
95
|
+
| { kind: "redirect"; redirect: URL; verifier: string }
|
|
96
|
+
| { kind: "totpRequired"; verifier: string }
|
|
97
|
+
| { kind: "deviceCode"; deviceCode: DeviceCodeResult }
|
|
98
|
+
| { kind: "started" };
|
|
99
|
+
|
|
100
|
+
/**
|
|
101
|
+
* Reactive auth state snapshot returned by `auth.state` and `auth.onChange`.
|
|
102
|
+
*
|
|
103
|
+
* @see {@link SignInResult}
|
|
104
|
+
*/
|
|
105
|
+
export type AuthState = {
|
|
106
|
+
/** High-level auth phase for deterministic UI state handling. */
|
|
107
|
+
phase: "loading" | "handshake" | "authenticated" | "unauthenticated";
|
|
108
|
+
/** `true` during initial hydration before the first token is resolved. */
|
|
109
|
+
isLoading: boolean;
|
|
110
|
+
/** `true` only after Convex confirms authentication with the backend. */
|
|
111
|
+
isAuthenticated: boolean;
|
|
112
|
+
/** The raw JWT string, or `null` when not authenticated. */
|
|
113
|
+
token: string | null;
|
|
114
|
+
};
|
|
115
|
+
|
|
116
|
+
/**
|
|
117
|
+
* Typed Convex API references for the auth functions.
|
|
118
|
+
* Pass these from your generated `api` object.
|
|
119
|
+
*
|
|
120
|
+
* @typeParam HasPasskey - Whether the passkey provider is configured.
|
|
121
|
+
* @typeParam HasTotp - Whether the TOTP provider is configured.
|
|
122
|
+
* @typeParam HasDevice - Whether the device provider is configured.
|
|
123
|
+
*/
|
|
124
|
+
export type AuthApiRefs<
|
|
125
|
+
HasPasskey extends boolean = boolean,
|
|
126
|
+
HasTotp extends boolean = boolean,
|
|
127
|
+
HasDevice extends boolean = boolean,
|
|
128
|
+
> = {
|
|
129
|
+
signIn: FunctionReference<"action", "public", any, any>;
|
|
130
|
+
signOut: FunctionReference<"action", "public", any, any>;
|
|
131
|
+
store: FunctionReference<"mutation", "public", any, any>;
|
|
132
|
+
/** @internal Set automatically by `createAuth` — do not set manually. */
|
|
133
|
+
_capabilities?: {
|
|
134
|
+
passkey: HasPasskey;
|
|
135
|
+
totp: HasTotp;
|
|
136
|
+
device: HasDevice;
|
|
137
|
+
};
|
|
138
|
+
};
|
|
139
|
+
|
|
140
|
+
/**
|
|
141
|
+
* Passkey (WebAuthn) client-side helpers.
|
|
142
|
+
*
|
|
143
|
+
* @see {@link TotpClient}
|
|
144
|
+
* @see {@link DeviceClient}
|
|
145
|
+
*/
|
|
146
|
+
export interface PasskeyClient {
|
|
147
|
+
/**
|
|
148
|
+
* Check whether the current runtime exposes WebAuthn passkey APIs.
|
|
149
|
+
*
|
|
150
|
+
* @returns `true` when `navigator.credentials` is available.
|
|
151
|
+
*
|
|
152
|
+
* @example
|
|
153
|
+
* ```ts
|
|
154
|
+
* if (auth.passkey.isSupported()) {
|
|
155
|
+
* // Show passkey registration button
|
|
156
|
+
* }
|
|
157
|
+
* ```
|
|
158
|
+
*/
|
|
159
|
+
isSupported(): boolean;
|
|
160
|
+
|
|
161
|
+
/**
|
|
162
|
+
* Check whether conditional mediation (autofill-style passkeys) is available.
|
|
163
|
+
*
|
|
164
|
+
* @returns `true` when the browser supports `PublicKeyCredential.isConditionalMediationAvailable`.
|
|
165
|
+
*
|
|
166
|
+
* @example
|
|
167
|
+
* ```ts
|
|
168
|
+
* if (await auth.passkey.isAutofillSupported()) {
|
|
169
|
+
* await auth.passkey.authenticate({ autofill: true });
|
|
170
|
+
* }
|
|
171
|
+
* ```
|
|
172
|
+
*/
|
|
173
|
+
isAutofillSupported(): Promise<boolean>;
|
|
174
|
+
|
|
175
|
+
/**
|
|
176
|
+
* Start a passkey registration flow and complete the WebAuthn ceremony.
|
|
177
|
+
*
|
|
178
|
+
* Creates a new credential bound to the current user's account.
|
|
179
|
+
*
|
|
180
|
+
* @param opts - Optional registration hints.
|
|
181
|
+
* @param opts.name - Human-readable name for the passkey (e.g. `"MacBook Pro"`).
|
|
182
|
+
* @param opts.email - Email hint for discoverable credentials.
|
|
183
|
+
* @param opts.userName - WebAuthn `user.name` override.
|
|
184
|
+
* @param opts.userDisplayName - WebAuthn `user.displayName` override.
|
|
185
|
+
* @returns A {@link SignInResult} — typically `{ kind: "signedIn" }` on success.
|
|
186
|
+
*
|
|
187
|
+
* @example
|
|
188
|
+
* ```ts
|
|
189
|
+
* const result = await auth.passkey.register({ name: "My laptop" });
|
|
190
|
+
* ```
|
|
191
|
+
*/
|
|
192
|
+
register(opts?: Record<string, any>): Promise<SignInResult>;
|
|
193
|
+
|
|
194
|
+
/**
|
|
195
|
+
* Authenticate with an existing passkey and complete the WebAuthn ceremony.
|
|
196
|
+
*
|
|
197
|
+
* @param opts - Optional authentication hints.
|
|
198
|
+
* @param opts.email - Email hint to filter discoverable credentials.
|
|
199
|
+
* @param opts.autofill - Set to `true` for conditional UI (autofill) mode.
|
|
200
|
+
* @returns A {@link SignInResult} — typically `{ kind: "signedIn" }` on success.
|
|
201
|
+
*
|
|
202
|
+
* @example
|
|
203
|
+
* ```ts
|
|
204
|
+
* const result = await auth.passkey.authenticate();
|
|
205
|
+
* ```
|
|
206
|
+
*/
|
|
207
|
+
authenticate(opts?: Record<string, any>): Promise<SignInResult>;
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
/**
|
|
211
|
+
* TOTP two-factor authentication client-side helpers.
|
|
212
|
+
*
|
|
213
|
+
* @see {@link PasskeyClient}
|
|
214
|
+
* @see {@link DeviceClient}
|
|
215
|
+
*/
|
|
216
|
+
export interface TotpClient {
|
|
217
|
+
/**
|
|
218
|
+
* Start TOTP enrollment and return the setup URI, secret, verifier, and factor ID.
|
|
219
|
+
*
|
|
220
|
+
* The returned `uri` is an `otpauth://` URL that can be rendered as a QR code
|
|
221
|
+
* for the user to scan with their authenticator app.
|
|
222
|
+
*
|
|
223
|
+
* @param opts - Optional setup hints.
|
|
224
|
+
* @param opts.name - Issuer name shown in the authenticator app.
|
|
225
|
+
* @param opts.accountName - Account label in the authenticator app.
|
|
226
|
+
* @returns An object with `{ uri, secret, verifier, totpId }`.
|
|
227
|
+
*
|
|
228
|
+
* @example
|
|
229
|
+
* ```ts
|
|
230
|
+
* const { uri, secret, verifier, totpId } = await auth.totp.setup();
|
|
231
|
+
* // Render `uri` as a QR code, then confirm:
|
|
232
|
+
* await auth.totp.confirm({ code: userCode, verifier, totpId });
|
|
233
|
+
* ```
|
|
234
|
+
*/
|
|
235
|
+
setup(opts?: Record<string, any>): Promise<Record<string, any>>;
|
|
236
|
+
|
|
237
|
+
/**
|
|
238
|
+
* Confirm a newly created TOTP factor with the first authenticator code.
|
|
239
|
+
*
|
|
240
|
+
* Call this after the user scans the QR code and enters the first OTP.
|
|
241
|
+
*
|
|
242
|
+
* @param opts - Confirmation parameters.
|
|
243
|
+
* @param opts.code - The 6-digit TOTP code from the authenticator app.
|
|
244
|
+
* @param opts.verifier - The verifier string returned by {@link TotpClient.setup}.
|
|
245
|
+
* @param opts.totpId - The factor ID returned by {@link TotpClient.setup}.
|
|
246
|
+
*
|
|
247
|
+
* @example
|
|
248
|
+
* ```ts
|
|
249
|
+
* await auth.totp.confirm({ code: "123456", verifier, totpId });
|
|
250
|
+
* ```
|
|
251
|
+
*/
|
|
252
|
+
confirm(opts: Record<string, any>): Promise<void>;
|
|
253
|
+
|
|
254
|
+
/**
|
|
255
|
+
* Complete a sign-in that is waiting on TOTP verification.
|
|
256
|
+
*
|
|
257
|
+
* Called when `signIn()` returns `{ kind: "totpRequired" }`.
|
|
258
|
+
*
|
|
259
|
+
* @param opts - Verification parameters.
|
|
260
|
+
* @param opts.code - The 6-digit TOTP code from the authenticator app.
|
|
261
|
+
* @param opts.verifier - The verifier string from the `totpRequired` result.
|
|
262
|
+
*
|
|
263
|
+
* @example
|
|
264
|
+
* ```ts
|
|
265
|
+
* const result = await auth.signIn("password", { email, password });
|
|
266
|
+
* if (result.kind === "totpRequired") {
|
|
267
|
+
* await auth.totp.verify({ code: totpCode, verifier: result.verifier });
|
|
268
|
+
* }
|
|
269
|
+
* ```
|
|
270
|
+
*/
|
|
271
|
+
verify(opts: Record<string, any>): Promise<void>;
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
/**
|
|
275
|
+
* Device authorization (RFC 8628) client-side helpers.
|
|
276
|
+
*
|
|
277
|
+
* @see {@link PasskeyClient}
|
|
278
|
+
* @see {@link TotpClient}
|
|
279
|
+
*/
|
|
280
|
+
export interface DeviceClient {
|
|
281
|
+
/**
|
|
282
|
+
* Poll until a device flow is approved or expires.
|
|
283
|
+
*
|
|
284
|
+
* Polls the server at the interval specified in the {@link DeviceCodeResult}
|
|
285
|
+
* until the user authorizes the device or the code expires.
|
|
286
|
+
*
|
|
287
|
+
* @param opts - Poll options.
|
|
288
|
+
* @param opts.code - The {@link DeviceCodeResult} returned from `signIn("device")`.
|
|
289
|
+
* @returns `{ ok: true }` when authorized, or `{ ok: false, expired }` on failure.
|
|
290
|
+
*
|
|
291
|
+
* @example
|
|
292
|
+
* ```ts
|
|
293
|
+
* const result = await auth.signIn("device");
|
|
294
|
+
* if (result.kind === "deviceCode") {
|
|
295
|
+
* // Display result.deviceCode.userCode to the user
|
|
296
|
+
* const poll = await auth.device.poll({ code: result.deviceCode });
|
|
297
|
+
* if (poll.ok) console.log("Device authorized!");
|
|
298
|
+
* }
|
|
299
|
+
* ```
|
|
300
|
+
*/
|
|
301
|
+
poll(opts: {
|
|
302
|
+
code: DeviceCodeResult;
|
|
303
|
+
}): Promise<{ ok: true } | { ok: false; expired: boolean }>;
|
|
304
|
+
|
|
305
|
+
/**
|
|
306
|
+
* Approve a device flow from the verification page using the displayed user code.
|
|
307
|
+
*
|
|
308
|
+
* Call this on the authorization page where the user enters the short code
|
|
309
|
+
* shown on the device screen.
|
|
310
|
+
*
|
|
311
|
+
* @param opts - Verification options.
|
|
312
|
+
* @param opts.code - The user code string (e.g. `"WDJB-MJHT"`).
|
|
313
|
+
* @returns `{ ok: true }` on success, or `{ ok: false, message }` on failure.
|
|
314
|
+
*
|
|
315
|
+
* @example
|
|
316
|
+
* ```ts
|
|
317
|
+
* const result = await auth.device.verify({ code: "WDJB-MJHT" });
|
|
318
|
+
* if (!result.ok) console.error(result.message);
|
|
319
|
+
* ```
|
|
320
|
+
*/
|
|
321
|
+
verify(opts: {
|
|
322
|
+
code: string;
|
|
323
|
+
}): Promise<{ ok: true } | { ok: false; message: string }>;
|
|
324
|
+
}
|
|
325
|
+
|
|
326
|
+
/**
|
|
327
|
+
* Extract capability flags from an AuthApiRefs type.
|
|
328
|
+
*
|
|
329
|
+
* @typeParam Api - An AuthApiRefs type to extract capability flags from.
|
|
330
|
+
*/
|
|
331
|
+
export type InferCaps<Api extends AuthApiRefs<boolean, boolean, boolean>> =
|
|
332
|
+
Api extends AuthApiRefs<infer P, infer T, infer D>
|
|
333
|
+
? { passkey: P; totp: T; device: D }
|
|
334
|
+
: { passkey: boolean; totp: boolean; device: boolean };
|
|
335
|
+
|
|
336
|
+
/** Pending invite detected from URL or recovered from storage after redirect. */
|
|
337
|
+
export interface PendingInvite {
|
|
338
|
+
/**
|
|
339
|
+
* Raw one-time invite token. Pass to your invite acceptance mutation.
|
|
340
|
+
* @readonly
|
|
341
|
+
*/
|
|
342
|
+
readonly token: string;
|
|
343
|
+
/**
|
|
344
|
+
* Invite email from the URL or stored redirect state, if available.
|
|
345
|
+
* @readonly
|
|
346
|
+
*/
|
|
347
|
+
readonly email: string | null;
|
|
348
|
+
/** Consume the invite: clears storage/URL params and returns the token. */
|
|
349
|
+
accept(): Promise<{ ok: boolean; token?: string; message?: string }>;
|
|
350
|
+
}
|
|
351
|
+
|
|
352
|
+
/** Base auth client — always present. */
|
|
353
|
+
export interface AuthClientBase {
|
|
354
|
+
/**
|
|
355
|
+
* Reactive auth state snapshot.
|
|
356
|
+
* @readonly
|
|
357
|
+
*/
|
|
358
|
+
readonly state: AuthState;
|
|
359
|
+
/** SSR-safe query-param reader. */
|
|
360
|
+
param: (name: string) => string | null;
|
|
361
|
+
/**
|
|
362
|
+
* Pending invite recovered from the URL or storage, if present.
|
|
363
|
+
* @readonly
|
|
364
|
+
*/
|
|
365
|
+
readonly invite: PendingInvite | null;
|
|
366
|
+
/** Start a sign-in flow for a provider. */
|
|
367
|
+
signIn: (
|
|
368
|
+
provider: string,
|
|
369
|
+
params?: Record<string, any>,
|
|
370
|
+
) => Promise<SignInResult>;
|
|
371
|
+
/** Sign out and clear local auth state. */
|
|
372
|
+
signOut: () => Promise<void>;
|
|
373
|
+
/** Subscribe to auth state changes. Returns an unsubscribe function. */
|
|
374
|
+
onChange: (callback: (state: AuthState) => void) => () => void;
|
|
375
|
+
/** Tear down listeners and reject in-flight handshakes. */
|
|
376
|
+
destroy: () => void;
|
|
377
|
+
}
|
|
378
|
+
|
|
379
|
+
/**
|
|
380
|
+
* Auth client return type — conditionally includes `passkey`, `totp`, and
|
|
381
|
+
* `device` helpers based on the capabilities in the `AuthApiRefs` type.
|
|
382
|
+
*
|
|
383
|
+
* @typeParam Api - An AuthApiRefs type that determines which factor helpers are included.
|
|
384
|
+
*/
|
|
385
|
+
export type AuthClient<
|
|
386
|
+
Api extends AuthApiRefs<boolean, boolean, boolean> = AuthApiRefs,
|
|
387
|
+
> = AuthClientBase &
|
|
388
|
+
(InferCaps<Api>["passkey"] extends true ? { passkey: PasskeyClient } : {}) &
|
|
389
|
+
(InferCaps<Api>["totp"] extends true ? { totp: TotpClient } : {}) &
|
|
390
|
+
(InferCaps<Api>["device"] extends true ? { device: DeviceClient } : {});
|
|
391
|
+
|
|
392
|
+
/**
|
|
393
|
+
* Options for {@link client}.
|
|
394
|
+
*
|
|
395
|
+
* @typeParam Api - An AuthApiRefs type.
|
|
396
|
+
*/
|
|
397
|
+
export type ClientOptions<
|
|
398
|
+
Api extends AuthApiRefs<boolean, boolean, boolean> = AuthApiRefs,
|
|
399
|
+
> = {
|
|
400
|
+
/** Any Convex client implementation used to run auth actions. */
|
|
401
|
+
convex: ConvexTransport;
|
|
402
|
+
/** Typed auth function refs from your generated `api` object. */
|
|
403
|
+
api?: Api;
|
|
404
|
+
/** Explicit Convex deployment URL when it cannot be inferred from the client. */
|
|
405
|
+
url?: string;
|
|
406
|
+
/**
|
|
407
|
+
* Storage backend for persisted tokens; defaults to `localStorage` in SPA mode.
|
|
408
|
+
*
|
|
409
|
+
* @defaultValue localStorage
|
|
410
|
+
*/
|
|
411
|
+
storage?: Storage | null;
|
|
412
|
+
/** Override how OAuth code cleanup updates the current URL. */
|
|
413
|
+
replaceUrl?: (relativeUrl: string) => void | Promise<void>;
|
|
414
|
+
/** SSR proxy endpoint used instead of direct Convex auth calls. */
|
|
415
|
+
proxyPath?: string;
|
|
416
|
+
/** Server-provided JWT seed used for flash-free SSR hydration. */
|
|
417
|
+
tokenSeed?: string | null;
|
|
418
|
+
/** SSR-safe URL source for reading query parameters. */
|
|
419
|
+
location?: URL | (() => URL | null);
|
|
420
|
+
};
|
|
421
|
+
|
|
422
|
+
export type AuthHandshakeErrorCode =
|
|
423
|
+
| "AUTH_HANDSHAKE_TIMEOUT"
|
|
424
|
+
| "AUTH_HANDSHAKE_REJECTED";
|
|
425
|
+
|
|
426
|
+
export type AuthFlowContext = {
|
|
427
|
+
provider?: string;
|
|
428
|
+
flow: string;
|
|
429
|
+
};
|
|
430
|
+
|
|
431
|
+
export type HandshakeWaiter = {
|
|
432
|
+
epoch: number;
|
|
433
|
+
context: AuthFlowContext;
|
|
434
|
+
resolve: () => void;
|
|
435
|
+
reject: (error: ConvexError<Value>) => void;
|
|
436
|
+
timeoutId: ReturnType<typeof setTimeout>;
|
|
437
|
+
};
|
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
import { Fx } from "@robelest/fx";
|
|
2
|
+
import { ConvexError } from "convex/values";
|
|
3
|
+
|
|
4
|
+
import type {
|
|
5
|
+
AuthSession,
|
|
6
|
+
ConvexTransport,
|
|
7
|
+
DeviceClient,
|
|
8
|
+
DeviceCodeResult,
|
|
9
|
+
} from "../core/types";
|
|
10
|
+
|
|
11
|
+
type DeviceDeps = {
|
|
12
|
+
proxy: string | undefined;
|
|
13
|
+
convex: ConvexTransport;
|
|
14
|
+
requireApiRefs: () => { signIn: any };
|
|
15
|
+
proxyFetch: (body: Record<string, unknown>) => Promise<any>;
|
|
16
|
+
setTokenAndMaybeWait: (
|
|
17
|
+
args:
|
|
18
|
+
| {
|
|
19
|
+
shouldStore: true;
|
|
20
|
+
tokens: AuthSession | null;
|
|
21
|
+
waitForHandshake: boolean;
|
|
22
|
+
context: { provider?: string; flow: string };
|
|
23
|
+
}
|
|
24
|
+
| {
|
|
25
|
+
shouldStore: false;
|
|
26
|
+
tokens: { token: string } | null;
|
|
27
|
+
waitForHandshake: boolean;
|
|
28
|
+
context: { provider?: string; flow: string };
|
|
29
|
+
},
|
|
30
|
+
) => Promise<boolean>;
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
/** @internal */
|
|
34
|
+
export function createDeviceClient(deps: DeviceDeps): DeviceClient {
|
|
35
|
+
const { proxy, convex, requireApiRefs, proxyFetch, setTokenAndMaybeWait } =
|
|
36
|
+
deps;
|
|
37
|
+
|
|
38
|
+
return {
|
|
39
|
+
poll: async (opts: {
|
|
40
|
+
code: DeviceCodeResult;
|
|
41
|
+
}): Promise<{ ok: true } | { ok: false; expired: boolean }> => {
|
|
42
|
+
const { code } = opts;
|
|
43
|
+
const intervalMs = code.interval * 1000;
|
|
44
|
+
const expiresAt = Date.now() + code.expiresIn * 1000;
|
|
45
|
+
|
|
46
|
+
while (Date.now() < expiresAt) {
|
|
47
|
+
await new Promise((resolve) => setTimeout(resolve, intervalMs));
|
|
48
|
+
|
|
49
|
+
const pollResult = await Fx.run(
|
|
50
|
+
Fx.from({
|
|
51
|
+
ok: async () => {
|
|
52
|
+
let result: any;
|
|
53
|
+
const params: Record<string, any> = {
|
|
54
|
+
flow: "poll",
|
|
55
|
+
deviceCode: code.deviceCode,
|
|
56
|
+
};
|
|
57
|
+
|
|
58
|
+
if (proxy) {
|
|
59
|
+
result = await proxyFetch({
|
|
60
|
+
action: "auth:signIn",
|
|
61
|
+
args: { provider: "device", params },
|
|
62
|
+
});
|
|
63
|
+
} else {
|
|
64
|
+
result = await convex.action(requireApiRefs().signIn, {
|
|
65
|
+
provider: "device",
|
|
66
|
+
params,
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
return result;
|
|
71
|
+
},
|
|
72
|
+
err: (e) => e,
|
|
73
|
+
}).pipe(
|
|
74
|
+
Fx.recover((e: unknown) => {
|
|
75
|
+
const dispatch =
|
|
76
|
+
e instanceof ConvexError
|
|
77
|
+
? {
|
|
78
|
+
tag:
|
|
79
|
+
(e.data as Record<string, unknown> | undefined)
|
|
80
|
+
?.code === "DEVICE_AUTHORIZATION_PENDING"
|
|
81
|
+
? "continue"
|
|
82
|
+
: (e.data as Record<string, unknown> | undefined)
|
|
83
|
+
?.code === "DEVICE_SLOW_DOWN"
|
|
84
|
+
? "slowDown"
|
|
85
|
+
: "fatal",
|
|
86
|
+
}
|
|
87
|
+
: ({ tag: "fatal" } as const);
|
|
88
|
+
|
|
89
|
+
return Fx.match(dispatch, dispatch.tag, {
|
|
90
|
+
continue: () => Fx.succeed({ _poll: "continue" as const }),
|
|
91
|
+
slowDown: () => Fx.succeed({ _poll: "slow_down" as const }),
|
|
92
|
+
fatal: () => Fx.fatal(e),
|
|
93
|
+
});
|
|
94
|
+
}),
|
|
95
|
+
),
|
|
96
|
+
);
|
|
97
|
+
|
|
98
|
+
if ("_poll" in pollResult) {
|
|
99
|
+
if (pollResult._poll === "slow_down") {
|
|
100
|
+
await new Promise((resolve) => setTimeout(resolve, intervalMs));
|
|
101
|
+
}
|
|
102
|
+
continue;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
if (pollResult.tokens) {
|
|
106
|
+
if (proxy) {
|
|
107
|
+
await setTokenAndMaybeWait({
|
|
108
|
+
shouldStore: false,
|
|
109
|
+
tokens:
|
|
110
|
+
pollResult.tokens === null
|
|
111
|
+
? null
|
|
112
|
+
: { token: pollResult.tokens.token },
|
|
113
|
+
waitForHandshake: true,
|
|
114
|
+
context: { provider: "device", flow: "poll" },
|
|
115
|
+
});
|
|
116
|
+
} else {
|
|
117
|
+
await setTokenAndMaybeWait({
|
|
118
|
+
shouldStore: true,
|
|
119
|
+
tokens: (pollResult.tokens as AuthSession | null) ?? null,
|
|
120
|
+
waitForHandshake: true,
|
|
121
|
+
context: { provider: "device", flow: "poll" },
|
|
122
|
+
});
|
|
123
|
+
}
|
|
124
|
+
return { ok: true as const };
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
return { ok: false as const, expired: true };
|
|
129
|
+
},
|
|
130
|
+
|
|
131
|
+
verify: async (opts: {
|
|
132
|
+
code: string;
|
|
133
|
+
}): Promise<{ ok: true } | { ok: false; message: string }> => {
|
|
134
|
+
const params: Record<string, any> = {
|
|
135
|
+
flow: "verify",
|
|
136
|
+
userCode: opts.code,
|
|
137
|
+
};
|
|
138
|
+
|
|
139
|
+
try {
|
|
140
|
+
if (proxy) {
|
|
141
|
+
await proxyFetch({
|
|
142
|
+
action: "auth:signIn",
|
|
143
|
+
args: { provider: "device", params },
|
|
144
|
+
});
|
|
145
|
+
} else {
|
|
146
|
+
await convex.action(requireApiRefs().signIn, {
|
|
147
|
+
provider: "device",
|
|
148
|
+
params,
|
|
149
|
+
});
|
|
150
|
+
}
|
|
151
|
+
return { ok: true as const };
|
|
152
|
+
} catch (e: unknown) {
|
|
153
|
+
return {
|
|
154
|
+
ok: false as const,
|
|
155
|
+
message: e instanceof Error ? e.message : "Invalid or expired code.",
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
},
|
|
159
|
+
};
|
|
160
|
+
}
|