npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.2 → 0.0.4-preview.21 - Mend

@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (798) hide show

package/README.md +67 -26
package/dist/authorization/index.d.ts +63 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +63 -0
package/dist/authorization/index.js.map +1 -0
package/dist/bin.js +6185 -0
package/dist/client/core/types.d.ts +20 -0
package/dist/client/core/types.d.ts.map +1 -0
package/dist/client/index.d.ts +2 -299
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +407 -534
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/api.d.ts +42 -0
package/dist/component/_generated/api.d.ts.map +1 -1
package/dist/component/_generated/api.js.map +1 -1
package/dist/component/_generated/component.d.ts +2546 -90
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/client/core/types.d.ts +2 -0
package/dist/component/client/index.d.ts +2 -0
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/functions.d.ts +11 -9
package/dist/component/functions.d.ts.map +1 -1
package/dist/component/functions.js.map +1 -1
package/dist/component/index.d.ts +7 -11
package/dist/component/index.js +2 -3
package/dist/component/model.d.ts +153 -0
package/dist/component/model.d.ts.map +1 -0
package/dist/component/model.js +349 -0
package/dist/component/model.js.map +1 -0
package/dist/component/providers/anonymous.d.ts +54 -0
package/dist/component/providers/anonymous.d.ts.map +1 -0
package/dist/component/providers/credentials.d.ts +5 -5
package/dist/component/providers/credentials.d.ts.map +1 -1
package/dist/component/providers/device.d.ts +67 -0
package/dist/component/providers/device.d.ts.map +1 -0
package/dist/component/providers/email.d.ts +62 -0
package/dist/component/providers/email.d.ts.map +1 -0
package/dist/component/providers/oauth.d.ts.map +1 -1
package/dist/component/providers/oauth.js.map +1 -1
package/dist/component/providers/passkey.d.ts +57 -0
package/dist/component/providers/passkey.d.ts.map +1 -0
package/dist/component/providers/password.d.ts +88 -0
package/dist/component/providers/password.d.ts.map +1 -0
package/dist/component/providers/phone.d.ts +48 -0
package/dist/component/providers/phone.d.ts.map +1 -0
package/dist/component/providers/sso.d.ts +50 -0
package/dist/component/providers/sso.d.ts.map +1 -0
package/dist/component/providers/totp.d.ts +45 -0
package/dist/component/providers/totp.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.d.ts +73 -0
package/dist/component/public/enterprise/audit.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.js +108 -0
package/dist/component/public/enterprise/audit.js.map +1 -0
package/dist/component/public/enterprise/core.d.ts +176 -0
package/dist/component/public/enterprise/core.d.ts.map +1 -0
package/dist/component/public/enterprise/core.js +292 -0
package/dist/component/public/enterprise/core.js.map +1 -0
package/dist/component/public/enterprise/domains.d.ts +174 -0
package/dist/component/public/enterprise/domains.d.ts.map +1 -0
package/dist/component/public/enterprise/domains.js +271 -0
package/dist/component/public/enterprise/domains.js.map +1 -0
package/dist/component/public/enterprise/scim.d.ts +245 -0
package/dist/component/public/enterprise/scim.d.ts.map +1 -0
package/dist/component/public/enterprise/scim.js +344 -0
package/dist/component/public/enterprise/scim.js.map +1 -0
package/dist/component/public/enterprise/secrets.d.ts +78 -0
package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
package/dist/component/public/enterprise/secrets.js +118 -0
package/dist/component/public/enterprise/secrets.js.map +1 -0
package/dist/component/public/enterprise/webhooks.d.ts +211 -0
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
package/dist/component/public/enterprise/webhooks.js +300 -0
package/dist/component/public/enterprise/webhooks.js.map +1 -0
package/dist/component/public/factors/devices.d.ts +157 -0
package/dist/component/public/factors/devices.d.ts.map +1 -0
package/dist/component/public/factors/devices.js +216 -0
package/dist/component/public/factors/devices.js.map +1 -0
package/dist/component/public/factors/passkeys.d.ts +175 -0
package/dist/component/public/factors/passkeys.d.ts.map +1 -0
package/dist/component/public/factors/passkeys.js +238 -0
package/dist/component/public/factors/passkeys.js.map +1 -0
package/dist/component/public/factors/totp.d.ts +189 -0
package/dist/component/public/factors/totp.d.ts.map +1 -0
package/dist/component/public/factors/totp.js +254 -0
package/dist/component/public/factors/totp.js.map +1 -0
package/dist/component/public/groups/core.d.ts +137 -0
package/dist/component/public/groups/core.d.ts.map +1 -0
package/dist/component/public/groups/core.js +321 -0
package/dist/component/public/groups/core.js.map +1 -0
package/dist/component/public/groups/invites.d.ts +217 -0
package/dist/component/public/groups/invites.d.ts.map +1 -0
package/dist/component/public/groups/invites.js +457 -0
package/dist/component/public/groups/invites.js.map +1 -0
package/dist/component/public/groups/members.d.ts +204 -0
package/dist/component/public/groups/members.d.ts.map +1 -0
package/dist/component/public/groups/members.js +355 -0
package/dist/component/public/groups/members.js.map +1 -0
package/dist/component/public/identity/accounts.d.ts +147 -0
package/dist/component/public/identity/accounts.d.ts.map +1 -0
package/dist/component/public/identity/accounts.js +200 -0
package/dist/component/public/identity/accounts.js.map +1 -0
package/dist/component/public/identity/codes.d.ts +104 -0
package/dist/component/public/identity/codes.d.ts.map +1 -0
package/dist/component/public/identity/codes.js +140 -0
package/dist/component/public/identity/codes.js.map +1 -0
package/dist/component/public/identity/sessions.d.ts +128 -0
package/dist/component/public/identity/sessions.d.ts.map +1 -0
package/dist/component/public/identity/sessions.js +192 -0
package/dist/component/public/identity/sessions.js.map +1 -0
package/dist/component/public/identity/tokens.d.ts +169 -0
package/dist/component/public/identity/tokens.d.ts.map +1 -0
package/dist/component/public/identity/tokens.js +227 -0
package/dist/component/public/identity/tokens.js.map +1 -0
package/dist/component/public/identity/users.d.ts +212 -0
package/dist/component/public/identity/users.d.ts.map +1 -0
package/dist/component/public/identity/users.js +311 -0
package/dist/component/public/identity/users.js.map +1 -0
package/dist/component/public/identity/verifiers.d.ts +116 -0
package/dist/component/public/identity/verifiers.d.ts.map +1 -0
package/dist/component/public/identity/verifiers.js +154 -0
package/dist/component/public/identity/verifiers.js.map +1 -0
package/dist/component/public/security/keys.d.ts +209 -0
package/dist/component/public/security/keys.d.ts.map +1 -0
package/dist/component/public/security/keys.js +319 -0
package/dist/component/public/security/keys.js.map +1 -0
package/dist/component/public/security/limits.d.ts +114 -0
package/dist/component/public/security/limits.d.ts.map +1 -0
package/dist/component/public/security/limits.js +169 -0
package/dist/component/public/security/limits.js.map +1 -0
package/dist/component/public.d.ts +24 -271
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +21 -1229
package/dist/component/schema.d.ts +473 -110
package/dist/component/schema.js +162 -73
package/dist/component/schema.js.map +1 -1
package/dist/component/server/auth.d.ts +318 -373
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +204 -123
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/authError.js +34 -0
package/dist/component/server/authError.js.map +1 -0
package/dist/component/server/{providers.js → config.js} +43 -12
package/dist/component/server/config.js.map +1 -0
package/dist/component/server/cookies.js +3 -0
package/dist/component/server/cookies.js.map +1 -1
package/dist/component/server/core.js +713 -0
package/dist/component/server/core.js.map +1 -0
package/dist/component/server/crypto.js +38 -0
package/dist/component/server/crypto.js.map +1 -0
package/dist/component/server/{implementation/db.js → db.js} +2 -1
package/dist/component/server/db.js.map +1 -0
package/dist/component/server/device.js +109 -0
package/dist/component/server/device.js.map +1 -0
package/dist/component/server/enterprise/config.js +46 -0
package/dist/component/server/enterprise/config.js.map +1 -0
package/dist/component/server/enterprise/domain.js +885 -0
package/dist/component/server/enterprise/domain.js.map +1 -0
package/dist/component/server/enterprise/http.js +766 -0
package/dist/component/server/enterprise/http.js.map +1 -0
package/dist/component/server/enterprise/oidc.js +248 -0
package/dist/component/server/enterprise/oidc.js.map +1 -0
package/dist/component/server/enterprise/policy.js +85 -0
package/dist/component/server/enterprise/policy.js.map +1 -0
package/dist/component/server/enterprise/saml.js +338 -0
package/dist/component/server/enterprise/saml.js.map +1 -0
package/dist/component/server/enterprise/scim.js +97 -0
package/dist/component/server/enterprise/scim.js.map +1 -0
package/dist/component/server/enterprise/shared.js +51 -0
package/dist/component/server/enterprise/shared.js.map +1 -0
package/dist/component/server/errors.d.ts +1 -0
package/dist/component/server/errors.js +24 -16
package/dist/component/server/errors.js.map +1 -1
package/dist/component/server/http.js +288 -0
package/dist/component/server/http.js.map +1 -0
package/dist/component/server/identity.js +13 -0
package/dist/component/server/identity.js.map +1 -0
package/dist/{server/implementation → component/server}/keys.js +9 -31
package/dist/component/server/keys.js.map +1 -0
package/dist/component/server/limits.js +61 -0
package/dist/component/server/limits.js.map +1 -0
package/dist/component/server/mutations/account.js +44 -0
package/dist/component/server/mutations/account.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/component/server/mutations/code.js.map +1 -0
package/dist/component/server/mutations/invalidate.js +32 -0
package/dist/component/server/mutations/invalidate.js.map +1 -0
package/dist/component/server/mutations/oauth.js +110 -0
package/dist/component/server/mutations/oauth.js.map +1 -0
package/dist/component/server/mutations/refresh.js +119 -0
package/dist/component/server/mutations/refresh.js.map +1 -0
package/dist/component/server/mutations/register.js +83 -0
package/dist/component/server/mutations/register.js.map +1 -0
package/dist/component/server/mutations/retrieve.js +65 -0
package/dist/component/server/mutations/retrieve.js.map +1 -0
package/dist/component/server/mutations/signature.js +32 -0
package/dist/component/server/mutations/signature.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/component/server/mutations/signin.js.map +1 -0
package/dist/component/server/mutations/signout.js +27 -0
package/dist/component/server/mutations/signout.js.map +1 -0
package/dist/component/server/mutations/store/refs.js +15 -0
package/dist/component/server/mutations/store/refs.js.map +1 -0
package/dist/component/server/mutations/store.js +85 -0
package/dist/component/server/mutations/store.js.map +1 -0
package/dist/component/server/mutations/verifier.js +18 -0
package/dist/component/server/mutations/verifier.js.map +1 -0
package/dist/component/server/mutations/verify.js +98 -0
package/dist/component/server/mutations/verify.js.map +1 -0
package/dist/component/server/oauth.js +106 -60
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +328 -0
package/dist/component/server/passkey.js.map +1 -0
package/dist/{server/implementation → component/server}/redirects.js +13 -11
package/dist/component/server/redirects.js.map +1 -0
package/dist/component/server/refresh.js +96 -0
package/dist/component/server/refresh.js.map +1 -0
package/dist/component/server/runtime.d.ts +136 -0
package/dist/component/server/runtime.d.ts.map +1 -0
package/dist/component/server/runtime.js +413 -0
package/dist/component/server/runtime.js.map +1 -0
package/dist/{server/implementation → component/server}/sessions.js +14 -8
package/dist/component/server/sessions.js.map +1 -0
package/dist/component/server/signin.js +201 -0
package/dist/component/server/signin.js.map +1 -0
package/dist/component/server/tokens.js +17 -0
package/dist/component/server/tokens.js.map +1 -0
package/dist/component/server/totp.js +148 -0
package/dist/component/server/totp.js.map +1 -0
package/dist/component/server/types.d.ts +387 -298
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/{implementation/types.js → types.js} +1 -1
package/dist/component/server/types.js.map +1 -0
package/dist/component/server/{implementation/users.js → users.js} +54 -35
package/dist/component/server/users.js.map +1 -0
package/dist/component/server/utils.js +110 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +369 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/factors/device.js +105 -0
package/dist/factors/device.js.map +1 -0
package/dist/factors/passkey.js +181 -0
package/dist/factors/passkey.js.map +1 -0
package/dist/factors/totp.js +122 -0
package/dist/factors/totp.js.map +1 -0
package/dist/providers/anonymous.d.ts +3 -9
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +1 -18
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +8 -10
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -5
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/device.d.ts +18 -10
package/dist/providers/device.d.ts.map +1 -1
package/dist/providers/device.js +4 -8
package/dist/providers/device.js.map +1 -1
package/dist/providers/email.d.ts +50 -23
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +58 -34
package/dist/providers/email.js.map +1 -1
package/dist/providers/index.d.ts +7 -3
package/dist/providers/index.js +4 -1
package/dist/providers/oauth.d.ts.map +1 -1
package/dist/providers/oauth.js.map +1 -1
package/dist/providers/passkey.d.ts +12 -9
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +1 -7
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +6 -12
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +189 -89
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +40 -11
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +52 -21
package/dist/providers/phone.js.map +1 -1
package/dist/providers/sso.d.ts +50 -0
package/dist/providers/sso.d.ts.map +1 -0
package/dist/providers/sso.js +34 -0
package/dist/providers/sso.js.map +1 -0
package/dist/providers/totp.d.ts +12 -9
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +1 -7
package/dist/providers/totp.js.map +1 -1
package/dist/runtime/browser.js +68 -0
package/dist/runtime/browser.js.map +1 -0
package/dist/runtime/invite.js +51 -0
package/dist/runtime/invite.js.map +1 -0
package/dist/runtime/proxy.js +70 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/storage.js +37 -0
package/dist/runtime/storage.js.map +1 -0
package/dist/server/auth.d.ts +335 -370
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +204 -123
package/dist/server/auth.js.map +1 -1
package/dist/server/authError.d.ts +46 -0
package/dist/server/authError.d.ts.map +1 -0
package/dist/server/authError.js +34 -0
package/dist/server/authError.js.map +1 -0
package/dist/server/config.d.ts +1 -0
package/dist/server/{providers.js → config.js} +43 -12
package/dist/server/config.js.map +1 -0
package/dist/server/cookies.d.ts +1 -38
package/dist/server/cookies.js +3 -0
package/dist/server/cookies.js.map +1 -1
package/dist/server/core.d.ts +1436 -0
package/dist/server/core.d.ts.map +1 -0
package/dist/server/core.js +713 -0
package/dist/server/core.js.map +1 -0
package/dist/server/crypto.d.ts +8 -0
package/dist/server/crypto.d.ts.map +1 -0
package/dist/server/crypto.js +38 -0
package/dist/server/crypto.js.map +1 -0
package/dist/server/db.d.ts +1 -0
package/dist/server/{implementation/db.js → db.js} +2 -1
package/dist/server/db.js.map +1 -0
package/dist/server/device.d.ts +1 -0
package/dist/server/device.js +109 -0
package/dist/server/device.js.map +1 -0
package/dist/server/enterprise/config.d.ts +1 -0
package/dist/server/enterprise/config.js +46 -0
package/dist/server/enterprise/config.js.map +1 -0
package/dist/server/enterprise/domain.d.ts +409 -0
package/dist/server/enterprise/domain.d.ts.map +1 -0
package/dist/server/enterprise/domain.js +885 -0
package/dist/server/enterprise/domain.js.map +1 -0
package/dist/server/enterprise/http.d.ts +26 -0
package/dist/server/enterprise/http.d.ts.map +1 -0
package/dist/server/enterprise/http.js +766 -0
package/dist/server/enterprise/http.js.map +1 -0
package/dist/server/enterprise/oidc.d.ts +1 -0
package/dist/server/enterprise/oidc.js +248 -0
package/dist/server/enterprise/oidc.js.map +1 -0
package/dist/server/enterprise/policy.d.ts +1 -0
package/dist/server/enterprise/policy.js +85 -0
package/dist/server/enterprise/policy.js.map +1 -0
package/dist/server/enterprise/saml.d.ts +1 -0
package/dist/server/enterprise/saml.js +338 -0
package/dist/server/enterprise/saml.js.map +1 -0
package/dist/server/enterprise/scim.d.ts +1 -0
package/dist/server/enterprise/scim.js +97 -0
package/dist/server/enterprise/scim.js.map +1 -0
package/dist/server/enterprise/shared.d.ts +5 -0
package/dist/server/enterprise/shared.d.ts.map +1 -0
package/dist/server/enterprise/shared.js +51 -0
package/dist/server/enterprise/shared.js.map +1 -0
package/dist/server/enterprise/validators.d.ts +1 -0
package/dist/server/enterprise/validators.js +60 -0
package/dist/server/enterprise/validators.js.map +1 -0
package/dist/server/errors.d.ts +33 -1
package/dist/server/errors.d.ts.map +1 -1
package/dist/server/errors.js +44 -1
package/dist/server/errors.js.map +1 -1
package/dist/server/http.d.ts +59 -0
package/dist/server/http.d.ts.map +1 -0
package/dist/server/http.js +288 -0
package/dist/server/http.js.map +1 -0
package/dist/server/identity.d.ts +1 -0
package/dist/server/identity.js +13 -0
package/dist/server/identity.js.map +1 -0
package/dist/server/index.d.ts +4 -182
package/dist/server/index.js +4 -376
package/dist/server/keys.d.ts +1 -0
package/dist/{component/server/implementation → server}/keys.js +9 -31
package/dist/server/keys.js.map +1 -0
package/dist/server/limits.d.ts +1 -0
package/dist/server/limits.js +61 -0
package/dist/server/limits.js.map +1 -0
package/dist/server/mounts.d.ts +647 -0
package/dist/server/mounts.d.ts.map +1 -0
package/dist/server/mounts.js +643 -0
package/dist/server/mounts.js.map +1 -0
package/dist/server/mutations/account.d.ts +30 -0
package/dist/server/mutations/account.d.ts.map +1 -0
package/dist/server/mutations/account.js +44 -0
package/dist/server/mutations/account.js.map +1 -0
package/dist/server/mutations/code.d.ts +30 -0
package/dist/server/mutations/code.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/server/mutations/code.js.map +1 -0
package/dist/server/mutations/index.d.ts +14 -0
package/dist/server/mutations/index.js +15 -0
package/dist/server/mutations/invalidate.d.ts +20 -0
package/dist/server/mutations/invalidate.d.ts.map +1 -0
package/dist/server/mutations/invalidate.js +32 -0
package/dist/server/mutations/invalidate.js.map +1 -0
package/dist/server/mutations/oauth.d.ts +28 -0
package/dist/server/mutations/oauth.d.ts.map +1 -0
package/dist/server/mutations/oauth.js +110 -0
package/dist/server/mutations/oauth.js.map +1 -0
package/dist/server/mutations/refresh.d.ts +21 -0
package/dist/server/mutations/refresh.d.ts.map +1 -0
package/dist/server/mutations/refresh.js +119 -0
package/dist/server/mutations/refresh.js.map +1 -0
package/dist/server/mutations/register.d.ts +38 -0
package/dist/server/mutations/register.d.ts.map +1 -0
package/dist/server/mutations/register.js +83 -0
package/dist/server/mutations/register.js.map +1 -0
package/dist/server/mutations/retrieve.d.ts +33 -0
package/dist/server/mutations/retrieve.d.ts.map +1 -0
package/dist/server/mutations/retrieve.js +65 -0
package/dist/server/mutations/retrieve.js.map +1 -0
package/dist/server/mutations/signature.d.ts +22 -0
package/dist/server/mutations/signature.d.ts.map +1 -0
package/dist/server/mutations/signature.js +32 -0
package/dist/server/mutations/signature.js.map +1 -0
package/dist/server/mutations/signin.d.ts +22 -0
package/dist/server/mutations/signin.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/server/mutations/signin.js.map +1 -0
package/dist/server/mutations/signout.d.ts +16 -0
package/dist/server/mutations/signout.d.ts.map +1 -0
package/dist/server/mutations/signout.js +27 -0
package/dist/server/mutations/signout.js.map +1 -0
package/dist/server/mutations/store/refs.d.ts +12 -0
package/dist/server/mutations/store/refs.d.ts.map +1 -0
package/dist/server/mutations/store/refs.js +15 -0
package/dist/server/mutations/store/refs.js.map +1 -0
package/dist/server/mutations/store.d.ts +306 -0
package/dist/server/mutations/store.d.ts.map +1 -0
package/dist/server/mutations/store.js +85 -0
package/dist/server/mutations/store.js.map +1 -0
package/dist/server/mutations/verifier.d.ts +13 -0
package/dist/server/mutations/verifier.d.ts.map +1 -0
package/dist/server/mutations/verifier.js +18 -0
package/dist/server/mutations/verifier.js.map +1 -0
package/dist/server/mutations/verify.d.ts +26 -0
package/dist/server/mutations/verify.d.ts.map +1 -0
package/dist/server/mutations/verify.js +98 -0
package/dist/server/mutations/verify.js.map +1 -0
package/dist/server/oauth.d.ts +1 -48
package/dist/server/oauth.js +107 -64
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +27 -0
package/dist/server/passkey.d.ts.map +1 -0
package/dist/server/passkey.js +328 -0
package/dist/server/passkey.js.map +1 -0
package/dist/server/redirects.d.ts +1 -0
package/dist/{component/server/implementation → server}/redirects.js +13 -11
package/dist/server/redirects.js.map +1 -0
package/dist/server/refresh.d.ts +1 -0
package/dist/server/refresh.js +96 -0
package/dist/server/refresh.js.map +1 -0
package/dist/server/runtime.d.ts +136 -0
package/dist/server/runtime.d.ts.map +1 -0
package/dist/server/runtime.js +413 -0
package/dist/server/runtime.js.map +1 -0
package/dist/server/sessions.d.ts +1 -0
package/dist/{component/server/implementation → server}/sessions.js +14 -8
package/dist/server/sessions.js.map +1 -0
package/dist/server/signin.d.ts +1 -0
package/dist/server/signin.js +201 -0
package/dist/server/signin.js.map +1 -0
package/dist/server/ssr.d.ts +226 -0
package/dist/server/ssr.d.ts.map +1 -0
package/dist/server/ssr.js +786 -0
package/dist/server/ssr.js.map +1 -0
package/dist/server/templates.d.ts +1 -21
package/dist/server/templates.js +2 -1
package/dist/server/templates.js.map +1 -1
package/dist/server/tokens.d.ts +1 -0
package/dist/server/tokens.js +17 -0
package/dist/server/tokens.js.map +1 -0
package/dist/server/totp.d.ts +1 -0
package/dist/server/totp.js +148 -0
package/dist/server/totp.js.map +1 -0
package/dist/server/types.d.ts +498 -306
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +108 -1
package/dist/server/types.js.map +1 -0
package/dist/server/users.d.ts +1 -0
package/dist/server/{implementation/users.js → users.js} +54 -35
package/dist/server/users.js.map +1 -0
package/dist/server/utils.d.ts +1 -6
package/dist/server/utils.js +110 -4
package/dist/server/utils.js.map +1 -1
package/package.json +49 -46
package/src/authorization/index.ts +83 -0
package/src/cli/bin.ts +5 -0
package/src/cli/command.ts +6 -5
package/src/cli/index.ts +456 -248
package/src/cli/keys.ts +3 -0
package/src/client/core/types.ts +437 -0
package/src/client/factors/device.ts +160 -0
package/src/client/factors/passkey.ts +282 -0
package/src/client/factors/totp.ts +150 -0
package/src/client/index.ts +745 -989
package/src/client/runtime/browser.ts +112 -0
package/src/client/runtime/invite.ts +65 -0
package/src/client/runtime/proxy.ts +111 -0
package/src/client/runtime/storage.ts +79 -0
package/src/component/_generated/api.ts +42 -0
package/src/component/_generated/component.ts +3123 -102
package/src/component/functions.ts +38 -22
package/src/component/index.ts +10 -20
package/src/component/model.ts +449 -0
package/src/component/public/enterprise/audit.ts +120 -0
package/src/component/public/enterprise/core.ts +354 -0
package/src/component/public/enterprise/domains.ts +323 -0
package/src/component/public/enterprise/scim.ts +396 -0
package/src/component/public/enterprise/secrets.ts +132 -0
package/src/component/public/enterprise/webhooks.ts +306 -0
package/src/component/public/factors/devices.ts +223 -0
package/src/component/public/factors/passkeys.ts +242 -0
package/src/component/public/factors/totp.ts +258 -0
package/src/component/public/groups/core.ts +481 -0
package/src/component/public/groups/invites.ts +602 -0
package/src/component/public/groups/members.ts +409 -0
package/src/component/public/identity/accounts.ts +206 -0
package/src/component/public/identity/codes.ts +148 -0
package/src/component/public/identity/sessions.ts +209 -0
package/src/component/public/identity/tokens.ts +250 -0
package/src/component/public/identity/users.ts +354 -0
package/src/component/public/identity/verifiers.ts +157 -0
package/src/component/public/security/keys.ts +365 -0
package/src/component/public/security/limits.ts +173 -0
package/src/component/public.ts +26 -1766
package/src/component/schema.ts +273 -100
package/src/providers/anonymous.ts +10 -20
package/src/providers/credentials.ts +14 -22
package/src/providers/device.ts +3 -14
package/src/providers/email.ts +83 -47
package/src/providers/index.ts +7 -0
package/src/providers/oauth.ts +5 -3
package/src/providers/passkey.ts +0 -13
package/src/providers/password.ts +307 -130
package/src/providers/phone.ts +81 -37
package/src/providers/sso.ts +54 -0
package/src/providers/totp.ts +0 -13
package/src/samlify.d.ts +53 -0
package/src/server/auth.ts +701 -247
package/src/server/authError.ts +44 -0
package/src/server/{providers.ts → config.ts} +84 -15
package/src/server/cookies.ts +8 -1
package/src/server/core.ts +2095 -0
package/src/server/crypto.ts +88 -0
package/src/server/{implementation/db.ts → db.ts} +90 -15
package/src/server/device.ts +221 -0
package/src/server/enterprise/config.ts +51 -0
package/src/server/enterprise/domain.ts +1751 -0
package/src/server/enterprise/http.ts +1324 -0
package/src/server/enterprise/oidc.ts +500 -0
package/src/server/enterprise/policy.ts +128 -0
package/src/server/enterprise/saml.ts +578 -0
package/src/server/enterprise/scim.ts +135 -0
package/src/server/enterprise/shared.ts +134 -0
package/src/server/enterprise/validators.ts +93 -0
package/src/server/errors.ts +130 -119
package/src/server/http.ts +531 -0
package/src/server/identity.ts +18 -0
package/src/server/index.ts +32 -650
package/src/server/{implementation/keys.ts → keys.ts} +16 -44
package/src/server/limits.ts +134 -0
package/src/server/mounts.ts +948 -0
package/src/server/mutations/account.ts +76 -0
package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
package/src/server/mutations/index.ts +13 -0
package/src/server/mutations/invalidate.ts +50 -0
package/src/server/mutations/oauth.ts +237 -0
package/src/server/mutations/refresh.ts +298 -0
package/src/server/mutations/register.ts +200 -0
package/src/server/mutations/retrieve.ts +109 -0
package/src/server/mutations/signature.ts +50 -0
package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
package/src/server/mutations/signout.ts +43 -0
package/src/server/mutations/store/refs.ts +10 -0
package/src/server/mutations/store.ts +138 -0
package/src/server/mutations/verifier.ts +34 -0
package/src/server/mutations/verify.ts +202 -0
package/src/server/oauth.ts +243 -131
package/src/server/passkey.ts +784 -0
package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
package/src/server/refresh.ts +222 -0
package/src/server/runtime.ts +880 -0
package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
package/src/server/signin.ts +438 -0
package/src/server/ssr.ts +1764 -0
package/src/server/templates.ts +8 -3
package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
package/src/server/totp.ts +349 -0
package/src/server/types.ts +972 -207
package/src/server/{implementation/users.ts → users.ts} +129 -75
package/src/server/utils.ts +192 -5
package/src/test.ts +28 -4
package/dist/bin.cjs +0 -27757
package/dist/component/providers/email.js +0 -47
package/dist/component/providers/email.js.map +0 -1
package/dist/component/public.js.map +0 -1
package/dist/component/server/implementation/db.js.map +0 -1
package/dist/component/server/implementation/device.js +0 -135
package/dist/component/server/implementation/device.js.map +0 -1
package/dist/component/server/implementation/index.d.ts +0 -870
package/dist/component/server/implementation/index.d.ts.map +0 -1
package/dist/component/server/implementation/index.js +0 -610
package/dist/component/server/implementation/index.js.map +0 -1
package/dist/component/server/implementation/keys.js.map +0 -1
package/dist/component/server/implementation/mutations/account.js +0 -39
package/dist/component/server/implementation/mutations/account.js.map +0 -1
package/dist/component/server/implementation/mutations/code.js.map +0 -1
package/dist/component/server/implementation/mutations/index.js +0 -70
package/dist/component/server/implementation/mutations/index.js.map +0 -1
package/dist/component/server/implementation/mutations/invalidate.js +0 -29
package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/component/server/implementation/mutations/oauth.js +0 -51
package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
package/dist/component/server/implementation/mutations/refresh.js +0 -85
package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
package/dist/component/server/implementation/mutations/register.js +0 -65
package/dist/component/server/implementation/mutations/register.js.map +0 -1
package/dist/component/server/implementation/mutations/retrieve.js +0 -50
package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/component/server/implementation/mutations/signature.js +0 -27
package/dist/component/server/implementation/mutations/signature.js.map +0 -1
package/dist/component/server/implementation/mutations/signin.js.map +0 -1
package/dist/component/server/implementation/mutations/signout.js +0 -27
package/dist/component/server/implementation/mutations/signout.js.map +0 -1
package/dist/component/server/implementation/mutations/store.js +0 -12
package/dist/component/server/implementation/mutations/store.js.map +0 -1
package/dist/component/server/implementation/mutations/verifier.js +0 -16
package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
package/dist/component/server/implementation/mutations/verify.js +0 -105
package/dist/component/server/implementation/mutations/verify.js.map +0 -1
package/dist/component/server/implementation/passkey.js +0 -307
package/dist/component/server/implementation/passkey.js.map +0 -1
package/dist/component/server/implementation/provider.js +0 -19
package/dist/component/server/implementation/provider.js.map +0 -1
package/dist/component/server/implementation/ratelimit.js +0 -48
package/dist/component/server/implementation/ratelimit.js.map +0 -1
package/dist/component/server/implementation/redirects.js.map +0 -1
package/dist/component/server/implementation/refresh.js +0 -109
package/dist/component/server/implementation/refresh.js.map +0 -1
package/dist/component/server/implementation/sessions.js.map +0 -1
package/dist/component/server/implementation/signin.js +0 -148
package/dist/component/server/implementation/signin.js.map +0 -1
package/dist/component/server/implementation/tokens.js +0 -15
package/dist/component/server/implementation/tokens.js.map +0 -1
package/dist/component/server/implementation/totp.js +0 -142
package/dist/component/server/implementation/totp.js.map +0 -1
package/dist/component/server/implementation/types.d.ts +0 -42
package/dist/component/server/implementation/types.d.ts.map +0 -1
package/dist/component/server/implementation/types.js.map +0 -1
package/dist/component/server/implementation/users.js.map +0 -1
package/dist/component/server/implementation/utils.js +0 -56
package/dist/component/server/implementation/utils.js.map +0 -1
package/dist/component/server/providers.js.map +0 -1
package/dist/component/server/templates.js +0 -84
package/dist/component/server/templates.js.map +0 -1
package/dist/server/cookies.d.ts.map +0 -1
package/dist/server/implementation/db.d.ts +0 -86
package/dist/server/implementation/db.d.ts.map +0 -1
package/dist/server/implementation/db.js.map +0 -1
package/dist/server/implementation/device.d.ts +0 -30
package/dist/server/implementation/device.d.ts.map +0 -1
package/dist/server/implementation/device.js +0 -135
package/dist/server/implementation/device.js.map +0 -1
package/dist/server/implementation/index.d.ts +0 -870
package/dist/server/implementation/index.d.ts.map +0 -1
package/dist/server/implementation/index.js +0 -610
package/dist/server/implementation/index.js.map +0 -1
package/dist/server/implementation/keys.d.ts +0 -66
package/dist/server/implementation/keys.d.ts.map +0 -1
package/dist/server/implementation/keys.js.map +0 -1
package/dist/server/implementation/mutations/account.d.ts +0 -27
package/dist/server/implementation/mutations/account.d.ts.map +0 -1
package/dist/server/implementation/mutations/account.js +0 -39
package/dist/server/implementation/mutations/account.js.map +0 -1
package/dist/server/implementation/mutations/code.d.ts +0 -29
package/dist/server/implementation/mutations/code.d.ts.map +0 -1
package/dist/server/implementation/mutations/code.js.map +0 -1
package/dist/server/implementation/mutations/index.d.ts +0 -310
package/dist/server/implementation/mutations/index.d.ts.map +0 -1
package/dist/server/implementation/mutations/index.js +0 -70
package/dist/server/implementation/mutations/index.js.map +0 -1
package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
package/dist/server/implementation/mutations/invalidate.js +0 -29
package/dist/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/server/implementation/mutations/oauth.d.ts +0 -23
package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
package/dist/server/implementation/mutations/oauth.js +0 -51
package/dist/server/implementation/mutations/oauth.js.map +0 -1
package/dist/server/implementation/mutations/refresh.d.ts +0 -20
package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
package/dist/server/implementation/mutations/refresh.js +0 -85
package/dist/server/implementation/mutations/refresh.js.map +0 -1
package/dist/server/implementation/mutations/register.d.ts +0 -37
package/dist/server/implementation/mutations/register.d.ts.map +0 -1
package/dist/server/implementation/mutations/register.js +0 -65
package/dist/server/implementation/mutations/register.js.map +0 -1
package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
package/dist/server/implementation/mutations/retrieve.js +0 -50
package/dist/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/server/implementation/mutations/signature.d.ts +0 -19
package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
package/dist/server/implementation/mutations/signature.js +0 -27
package/dist/server/implementation/mutations/signature.js.map +0 -1
package/dist/server/implementation/mutations/signin.d.ts +0 -21
package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
package/dist/server/implementation/mutations/signin.js.map +0 -1
package/dist/server/implementation/mutations/signout.d.ts +0 -14
package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
package/dist/server/implementation/mutations/signout.js +0 -27
package/dist/server/implementation/mutations/signout.js.map +0 -1
package/dist/server/implementation/mutations/store.d.ts +0 -11
package/dist/server/implementation/mutations/store.d.ts.map +0 -1
package/dist/server/implementation/mutations/store.js +0 -12
package/dist/server/implementation/mutations/store.js.map +0 -1
package/dist/server/implementation/mutations/verifier.d.ts +0 -11
package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
package/dist/server/implementation/mutations/verifier.js +0 -16
package/dist/server/implementation/mutations/verifier.js.map +0 -1
package/dist/server/implementation/mutations/verify.d.ts +0 -25
package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
package/dist/server/implementation/mutations/verify.js +0 -105
package/dist/server/implementation/mutations/verify.js.map +0 -1
package/dist/server/implementation/passkey.d.ts +0 -24
package/dist/server/implementation/passkey.d.ts.map +0 -1
package/dist/server/implementation/passkey.js +0 -307
package/dist/server/implementation/passkey.js.map +0 -1
package/dist/server/implementation/provider.d.ts +0 -10
package/dist/server/implementation/provider.d.ts.map +0 -1
package/dist/server/implementation/provider.js +0 -19
package/dist/server/implementation/provider.js.map +0 -1
package/dist/server/implementation/ratelimit.d.ts +0 -10
package/dist/server/implementation/ratelimit.d.ts.map +0 -1
package/dist/server/implementation/ratelimit.js +0 -48
package/dist/server/implementation/ratelimit.js.map +0 -1
package/dist/server/implementation/redirects.d.ts +0 -10
package/dist/server/implementation/redirects.d.ts.map +0 -1
package/dist/server/implementation/redirects.js.map +0 -1
package/dist/server/implementation/refresh.d.ts +0 -37
package/dist/server/implementation/refresh.d.ts.map +0 -1
package/dist/server/implementation/refresh.js +0 -109
package/dist/server/implementation/refresh.js.map +0 -1
package/dist/server/implementation/sessions.d.ts +0 -29
package/dist/server/implementation/sessions.d.ts.map +0 -1
package/dist/server/implementation/sessions.js.map +0 -1
package/dist/server/implementation/signin.d.ts +0 -55
package/dist/server/implementation/signin.d.ts.map +0 -1
package/dist/server/implementation/signin.js +0 -148
package/dist/server/implementation/signin.js.map +0 -1
package/dist/server/implementation/tokens.d.ts +0 -11
package/dist/server/implementation/tokens.d.ts.map +0 -1
package/dist/server/implementation/tokens.js +0 -15
package/dist/server/implementation/tokens.js.map +0 -1
package/dist/server/implementation/totp.d.ts +0 -31
package/dist/server/implementation/totp.d.ts.map +0 -1
package/dist/server/implementation/totp.js +0 -142
package/dist/server/implementation/totp.js.map +0 -1
package/dist/server/implementation/types.d.ts +0 -189
package/dist/server/implementation/types.d.ts.map +0 -1
package/dist/server/implementation/types.js +0 -97
package/dist/server/implementation/types.js.map +0 -1
package/dist/server/implementation/users.d.ts +0 -30
package/dist/server/implementation/users.d.ts.map +0 -1
package/dist/server/implementation/users.js.map +0 -1
package/dist/server/implementation/utils.d.ts +0 -19
package/dist/server/implementation/utils.d.ts.map +0 -1
package/dist/server/implementation/utils.js +0 -56
package/dist/server/implementation/utils.js.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js.map +0 -1
package/dist/server/oauth.d.ts.map +0 -1
package/dist/server/providers.d.ts +0 -72
package/dist/server/providers.d.ts.map +0 -1
package/dist/server/providers.js.map +0 -1
package/dist/server/templates.d.ts.map +0 -1
package/dist/server/utils.d.ts.map +0 -1
package/dist/server/version.d.ts +0 -5
package/dist/server/version.d.ts.map +0 -1
package/dist/server/version.js +0 -6
package/dist/server/version.js.map +0 -1
package/src/cli/utils.ts +0 -248
package/src/server/implementation/device.ts +0 -307
package/src/server/implementation/index.ts +0 -1583
package/src/server/implementation/mutations/account.ts +0 -50
package/src/server/implementation/mutations/index.ts +0 -157
package/src/server/implementation/mutations/invalidate.ts +0 -42
package/src/server/implementation/mutations/oauth.ts +0 -73
package/src/server/implementation/mutations/refresh.ts +0 -175
package/src/server/implementation/mutations/register.ts +0 -100
package/src/server/implementation/mutations/retrieve.ts +0 -79
package/src/server/implementation/mutations/signature.ts +0 -39
package/src/server/implementation/mutations/signout.ts +0 -35
package/src/server/implementation/mutations/store.ts +0 -7
package/src/server/implementation/mutations/verifier.ts +0 -24
package/src/server/implementation/mutations/verify.ts +0 -194
package/src/server/implementation/passkey.ts +0 -620
package/src/server/implementation/provider.ts +0 -36
package/src/server/implementation/ratelimit.ts +0 -79
package/src/server/implementation/refresh.ts +0 -172
package/src/server/implementation/signin.ts +0 -296
package/src/server/implementation/totp.ts +0 -342
package/src/server/implementation/types.ts +0 -444
package/src/server/implementation/utils.ts +0 -91
package/src/server/version.ts +0 -2

package/src/component/public/identity/codes.ts ADDED Viewed

@@ -0,0 +1,148 @@
+import { v } from "convex/values";
+import { mutation, query } from "../../functions";
+import { vVerificationCodeDoc } from "../../model";
+/**
+ * Find a verification code by its associated account ID.
+ *
+ * Queries the `VerificationCode` table using the `account_id` index to locate
+ * the unique verification code linked to the given account. Each account has at
+ * most one active verification code at a time.
+ *
+ * @param args.accountId - The document ID of the account whose verification code should be retrieved.
+ * @returns The verification code document if one exists for the account, or `null` otherwise.
+ *
+ * @example
+ * ```ts
+ * const code = await ctx.runQuery(
+ *   component.identity.codes.verificationCodeGetByAccountId,
+ *   { accountId: account._id },
+ * );
+ * if (code !== null && code.expirationTime > Date.now()) {
+ *   console.log("Active verification code exists");
+ * }
+ * ```
+ */
+export const verificationCodeGetByAccountId = query({
+  args: { accountId: v.id("Account") },
+  returns: v.union(vVerificationCodeDoc, v.null()),
+  handler: async (ctx, { accountId }) => {
+    return await ctx.db
+      .query("VerificationCode")
+      .withIndex("account_id", (q) => q.eq("accountId", accountId as any))
+      .unique();
+  },
+});
+/**
+ * Find a verification code by its code string value.
+ *
+ * Queries the `VerificationCode` table using the `code` index to locate the
+ * unique verification code document matching the given code string. This is
+ * the primary lookup used when a user submits an OTP or clicks a magic link.
+ *
+ * @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).
+ * @returns The verification code document if a match is found, or `null` otherwise.
+ *
+ * @example
+ * ```ts
+ * const codeDoc = await ctx.runQuery(
+ *   component.identity.codes.verificationCodeGetByCode,
+ *   { code: "482910" },
+ * );
+ * if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {
+ *   console.log(`Code is valid for account: ${codeDoc.accountId}`);
+ * }
+ * ```
+ */
+export const verificationCodeGetByCode = query({
+  args: { code: v.string() },
+  returns: v.union(vVerificationCodeDoc, v.null()),
+  handler: async (ctx, { code }) => {
+    return await ctx.db
+      .query("VerificationCode")
+      .withIndex("code", (q) => q.eq("code", code))
+      .unique();
+  },
+});
+/**
+ * Create a new verification code for OTP, magic link, or OAuth flows.
+ *
+ * Inserts a document into the `VerificationCode` table that ties a short-lived
+ * code to a specific account and provider. The code can be used for email OTP,
+ * phone OTP, magic link, or OAuth state verification depending on the flow.
+ *
+ * @param args.accountId - The document ID of the account this verification code is associated with.
+ * @param args.provider - The name of the authentication provider initiating the verification
+ *   (e.g. `"resend-otp"`, `"twilio-otp"`, `"google"`).
+ * @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).
+ * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.
+ * @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.
+ * @param args.emailVerified - An optional email address that will be marked as verified upon successful
+ *   code redemption.
+ * @param args.phoneVerified - An optional phone number that will be marked as verified upon successful
+ *   code redemption.
+ * @returns The document ID of the newly created verification code.
+ *
+ * @example
+ * ```ts
+ * const codeId = await ctx.runMutation(
+ *   component.identity.codes.verificationCodeCreate,
+ *   {
+ *     accountId: account._id,
+ *     provider: "resend-otp",
+ *     code: "482910",
+ *     expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes
+ *     emailVerified: "alice@example.com",
+ *   },
+ * );
+ * ```
+ */
+export const verificationCodeCreate = mutation({
+  args: {
+    accountId: v.id("Account"),
+    provider: v.string(),
+    code: v.string(),
+    expirationTime: v.number(),
+    verifier: v.optional(v.string()),
+    emailVerified: v.optional(v.string()),
+    phoneVerified: v.optional(v.string()),
+  },
+  returns: v.id("VerificationCode"),
+  handler: async (ctx, args) => {
+    return await ctx.db.insert("VerificationCode", args as any);
+  },
+});
+/**
+ * Delete a verification code document permanently.
+ *
+ * Removes the verification code from the `VerificationCode` table. This is
+ * typically called after the code has been successfully redeemed or when it
+ * needs to be invalidated (e.g. replaced by a new code).
+ *
+ * @param args.verificationCodeId - The document ID of the verification code to delete.
+ * @returns `null` on success.
+ *
+ * @example
+ * ```ts
+ * // Delete the code after successful verification
+ * await ctx.runMutation(
+ *   component.identity.codes.verificationCodeDelete,
+ *   { verificationCodeId: codeDoc._id },
+ * );
+ * ```
+ */
+export const verificationCodeDelete = mutation({
+  args: { verificationCodeId: v.id("VerificationCode") },
+  returns: v.null(),
+  handler: async (ctx, { verificationCodeId }) => {
+    await ctx.db.delete("VerificationCode", verificationCodeId);
+    return null;
+  },
+});
+// ============================================================================
+// Refresh Tokens
+// ============================================================================

package/src/component/public/identity/sessions.ts ADDED Viewed

@@ -0,0 +1,209 @@
+import { v } from "convex/values";
+import { mutation, query } from "../../functions";
+import { vPaginated, vSessionDoc } from "../../model";
+/**
+ * List sessions with optional filtering and cursor-based pagination.
+ *
+ * Supports filtering by `userId` to retrieve only sessions belonging to a
+ * specific user. When a `userId` filter is provided, the `user_id` index is
+ * used for efficient lookup. Results are returned as a paginated response
+ * `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the
+ * next page, or receive `null` when all results have been exhausted.
+ *
+ * @param args.where - Optional filter object. Currently supports `userId` to
+ *   restrict results to sessions for a specific user.
+ * @param args.limit - Maximum number of sessions to return per page (1--100, default 50).
+ * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`
+ *   to continue pagination, or `null` / omitted to start from the beginning.
+ * @param args.order - Sort direction: `"asc"` or `"desc"` (default `"desc"`).
+ * @returns An object with `items` (array of session documents) and `nextCursor`
+ *   (`string | null`) for fetching subsequent pages.
+ *
+ * @example
+ * ```ts
+ * // List the 10 most recent sessions for a user
+ * const page = await ctx.runQuery(
+ *   component.identity.sessions.sessionList,
+ *   { where: { userId: user._id }, limit: 10, order: "desc" },
+ * );
+ * for (const session of page.items) {
+ *   console.log(`Session ${session._id} expires at ${session.expirationTime}`);
+ * }
+ * ```
+ */
+export const sessionList = query({
+  args: {
+    where: v.optional(
+      v.object({
+        userId: v.optional(v.id("User")),
+      }),
+    ),
+    limit: v.optional(v.number()),
+    cursor: v.optional(v.union(v.string(), v.null())),
+    order: v.optional(v.union(v.literal("asc"), v.literal("desc"))),
+  },
+  returns: vPaginated(vSessionDoc),
+  handler: async (ctx, args) => {
+    const where = args.where ?? {};
+    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
+    const order = args.order ?? "desc";
+    let q;
+    if (where.userId !== undefined) {
+      q = ctx.db
+        .query("Session")
+        .withIndex("user_id", (idx) => idx.eq("userId", where.userId!));
+    } else {
+      q = ctx.db.query("Session");
+    }
+    q = q.order(order);
+    const all = await q.collect();
+    let startIdx = 0;
+    if (args.cursor) {
+      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
+      if (cursorIdx !== -1) {
+        startIdx = cursorIdx + 1;
+      }
+    }
+    const page = all.slice(startIdx, startIdx + limit + 1);
+    const hasMore = page.length > limit;
+    const items = hasMore ? page.slice(0, limit) : page;
+    const nextCursor = hasMore ? items[items.length - 1]._id : null;
+    return { items, nextCursor };
+  },
+});
+/**
+ * Create a new session for a user with a specified expiration time.
+ *
+ * Inserts a new document into the `Session` table, linking it to the given user.
+ * The session represents an active authenticated context and is typically created
+ * after a successful sign-in or token refresh.
+ *
+ * @param args.userId - The document ID of the user this session belongs to.
+ * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.
+ * @returns The document ID of the newly created session.
+ *
+ * @example
+ * ```ts
+ * const sessionId = await ctx.runMutation(
+ *   component.identity.sessions.sessionCreate,
+ *   {
+ *     userId: user._id,
+ *     expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days
+ *   },
+ * );
+ * ```
+ */
+export const sessionCreate = mutation({
+  args: { userId: v.id("User"), expirationTime: v.number() },
+  returns: v.id("Session"),
+  handler: async (ctx, { userId, expirationTime }) => {
+    return await ctx.db.insert("Session", {
+      userId: userId as any,
+      expirationTime,
+    });
+  },
+});
+/**
+ * Retrieve a single session by its Convex document ID.
+ *
+ * Performs a direct point lookup on the `Session` table. Returns `null` if the
+ * session has been deleted or never existed. This does not check whether the
+ * session has expired -- callers should compare `expirationTime` to the current
+ * time if needed.
+ *
+ * @param args.sessionId - The Convex document ID (`Id<"Session">`) of the session to retrieve.
+ * @returns The session document if it exists, or `null` otherwise.
+ *
+ * @example
+ * ```ts
+ * const session = await ctx.runQuery(
+ *   component.identity.sessions.sessionGetById,
+ *   { sessionId: refreshToken.sessionId },
+ * );
+ * if (session !== null && session.expirationTime > Date.now()) {
+ *   console.log("Session is still active");
+ * }
+ * ```
+ */
+export const sessionGetById = query({
+  args: { sessionId: v.id("Session") },
+  returns: v.union(vSessionDoc, v.null()),
+  handler: async (ctx, { sessionId }) => {
+    return await ctx.db.get("Session", sessionId);
+  },
+});
+/**
+ * Delete a session document.
+ *
+ * Removes the session from the `Session` table. This is a no-op if the session
+ * does not exist (i.e. was already deleted). Callers should also clean up
+ * related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the
+ * session.
+ *
+ * @param args.sessionId - The document ID of the session to delete.
+ * @returns `null` on success (including when the session was already absent).
+ *
+ * @example
+ * ```ts
+ * // Revoke a session and its tokens
+ * await ctx.runMutation(
+ *   component.identity.sessions.sessionDelete,
+ *   { sessionId: session._id },
+ * );
+ * await ctx.runMutation(
+ *   component.identity.tokens.refreshTokenDeleteAll,
+ *   { sessionId: session._id },
+ * );
+ * ```
+ */
+export const sessionDelete = mutation({
+  args: { sessionId: v.id("Session") },
+  returns: v.null(),
+  handler: async (ctx, { sessionId }) => {
+    if ((await ctx.db.get("Session", sessionId)) !== null) {
+      await ctx.db.delete("Session", sessionId);
+    }
+    return null;
+  },
+});
+/**
+ * List all sessions belonging to a specific user.
+ *
+ * Queries the `Session` table using the `user_id` index to efficiently retrieve
+ * every session document for the given user. Unlike `sessionList`, this returns
+ * all matching sessions without pagination.
+ *
+ * @param args.userId - The document ID of the user whose sessions should be retrieved.
+ * @returns An array of session documents for the specified user.
+ *
+ * @example
+ * ```ts
+ * const sessions = await ctx.runQuery(
+ *   component.identity.sessions.sessionListByUser,
+ *   { userId: user._id },
+ * );
+ * console.log(`User has ${sessions.length} active session(s)`);
+ * ```
+ */
+export const sessionListByUser = query({
+  args: { userId: v.id("User") },
+  returns: v.array(vSessionDoc),
+  handler: async (ctx, { userId }) => {
+    return await ctx.db
+      .query("Session")
+      .withIndex("user_id", (q) => q.eq("userId", userId as any))
+      .collect();
+  },
+});
+// ============================================================================
+// Verifiers
+// ============================================================================

package/src/component/public/identity/tokens.ts ADDED Viewed

@@ -0,0 +1,250 @@
+import { v } from "convex/values";
+import { mutation, query } from "../../functions";
+import { vRefreshTokenDoc } from "../../model";
+/**
+ * Create a new refresh token for a session.
+ *
+ * Inserts a document into the `RefreshToken` table. Refresh tokens are used to
+ * obtain new access tokens without requiring the user to re-authenticate. When
+ * a refresh token is rotated, the new token references the old one via
+ * `parentRefreshTokenId` to form a token chain for replay detection.
+ *
+ * @param args.sessionId - The document ID of the session this refresh token belongs to.
+ * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.
+ * @param args.parentRefreshTokenId - The document ID of the parent refresh token that was
+ *   exchanged to create this one. Omitted for the initial token in a session.
+ * @returns The document ID of the newly created refresh token.
+ *
+ * @example
+ * ```ts
+ * const tokenId = await ctx.runMutation(
+ *   component.identity.tokens.refreshTokenCreate,
+ *   {
+ *     sessionId: session._id,
+ *     expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days
+ *   },
+ * );
+ * ```
+ */
+export const refreshTokenCreate = mutation({
+  args: {
+    sessionId: v.id("Session"),
+    expirationTime: v.number(),
+    parentRefreshTokenId: v.optional(v.id("RefreshToken")),
+  },
+  returns: v.id("RefreshToken"),
+  handler: async (ctx, args) => {
+    return await ctx.db.insert("RefreshToken", args as any);
+  },
+});
+/**
+ * Retrieve a single refresh token by its Convex document ID.
+ *
+ * Performs a direct point lookup on the `RefreshToken` table. Returns `null` if
+ * the token has been deleted or never existed.
+ *
+ * @param args.refreshTokenId - The Convex document ID (`Id<"RefreshToken">`) of the token to retrieve.
+ * @returns The refresh token document if it exists, or `null` otherwise.
+ *
+ * @example
+ * ```ts
+ * const token = await ctx.runQuery(
+ *   component.identity.tokens.refreshTokenGetById,
+ *   { refreshTokenId: storedTokenId },
+ * );
+ * if (token !== null && token.expirationTime > Date.now()) {
+ *   console.log("Refresh token is still valid");
+ * }
+ * ```
+ */
+export const refreshTokenGetById = query({
+  args: { refreshTokenId: v.id("RefreshToken") },
+  returns: v.union(vRefreshTokenDoc, v.null()),
+  handler: async (ctx, { refreshTokenId }) => {
+    return await ctx.db.get("RefreshToken", refreshTokenId);
+  },
+});
+/**
+ * Patch a refresh token document with partial data.
+ *
+ * Merges the provided fields into the existing refresh token document. This is
+ * primarily used to record `firstUsedTime` when a refresh token is first
+ * exchanged, marking it as consumed for replay detection.
+ *
+ * @param args.refreshTokenId - The document ID of the refresh token to update.
+ * @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).
+ * @returns `null` on success.
+ *
+ * @example
+ * ```ts
+ * // Mark the refresh token as used
+ * await ctx.runMutation(
+ *   component.identity.tokens.refreshTokenPatch,
+ *   {
+ *     refreshTokenId: token._id,
+ *     data: { firstUsedTime: Date.now() },
+ *   },
+ * );
+ * ```
+ */
+export const refreshTokenPatch = mutation({
+  args: { refreshTokenId: v.id("RefreshToken"), data: v.any() },
+  returns: v.null(),
+  handler: async (ctx, { refreshTokenId, data }) => {
+    await ctx.db.patch("RefreshToken", refreshTokenId, data);
+    return null;
+  },
+});
+/**
+ * Get child tokens that were created by exchanging a specific parent token.
+ *
+ * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`
+ * index to find all tokens whose `parentRefreshTokenId` matches the provided
+ * parent. This is used for replay detection: if a parent token has more than
+ * one child, it indicates a potential token reuse attack.
+ *
+ * @param args.sessionId - The document ID of the session the tokens belong to.
+ * @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.
+ * @returns An array of refresh token documents that were derived from the specified parent token.
+ *
+ * @example
+ * ```ts
+ * const children = await ctx.runQuery(
+ *   component.identity.tokens.refreshTokenGetChildren,
+ *   {
+ *     sessionId: session._id,
+ *     parentRefreshTokenId: parentToken._id,
+ *   },
+ * );
+ * if (children.length > 1) {
+ *   console.warn("Possible token reuse detected!");
+ * }
+ * ```
+ */
+export const refreshTokenGetChildren = query({
+  args: {
+    sessionId: v.id("Session"),
+    parentRefreshTokenId: v.id("RefreshToken"),
+  },
+  returns: v.array(vRefreshTokenDoc),
+  handler: async (ctx, { sessionId, parentRefreshTokenId }) => {
+    return await ctx.db
+      .query("RefreshToken")
+      .withIndex("session_id_parent_refresh_token_id", (q) =>
+        q
+          .eq("sessionId", sessionId as any)
+          .eq("parentRefreshTokenId", parentRefreshTokenId as any),
+      )
+      .collect();
+  },
+});
+/**
+ * List all refresh tokens belonging to a specific session.
+ *
+ * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`
+ * index to efficiently retrieve every refresh token associated with the given
+ * session, including both active and consumed tokens.
+ *
+ * @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.
+ * @returns An array of all refresh token documents for the specified session.
+ *
+ * @example
+ * ```ts
+ * const tokens = await ctx.runQuery(
+ *   component.identity.tokens.refreshTokenListBySession,
+ *   { sessionId: session._id },
+ * );
+ * console.log(`Session has ${tokens.length} refresh token(s)`);
+ * ```
+ */
+export const refreshTokenListBySession = query({
+  args: { sessionId: v.id("Session") },
+  returns: v.array(vRefreshTokenDoc),
+  handler: async (ctx, { sessionId }) => {
+    return await ctx.db
+      .query("RefreshToken")
+      .withIndex("session_id_parent_refresh_token_id", (q) =>
+        q.eq("sessionId", sessionId as any),
+      )
+      .collect();
+  },
+});
+/**
+ * Delete all refresh tokens for a session.
+ *
+ * Queries the `RefreshToken` table for all tokens belonging to the given session
+ * and deletes them in parallel. This is typically called when a session is
+ * revoked or when token reuse is detected, effectively invalidating the entire
+ * token chain for that session.
+ *
+ * @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.
+ * @returns `null` on success.
+ *
+ * @example
+ * ```ts
+ * // Invalidate all tokens for a compromised session
+ * await ctx.runMutation(
+ *   component.identity.tokens.refreshTokenDeleteAll,
+ *   { sessionId: session._id },
+ * );
+ * ```
+ */
+export const refreshTokenDeleteAll = mutation({
+  args: { sessionId: v.id("Session") },
+  returns: v.null(),
+  handler: async (ctx, { sessionId }) => {
+    const tokens = await ctx.db
+      .query("RefreshToken")
+      .withIndex("session_id_parent_refresh_token_id", (q) =>
+        q.eq("sessionId", sessionId as any),
+      )
+      .collect();
+    await Promise.all(
+      tokens.map((token) => ctx.db.delete("RefreshToken", token._id)),
+    );
+    return null;
+  },
+});
+/**
+ * Get the active (unused) refresh token for a session.
+ *
+ * Queries the `RefreshToken` table using the `session_id_first_used` index to
+ * find the most recently created token for the session that has not yet been
+ * exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current
+ * valid refresh token the client should be holding.
+ *
+ * @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.
+ * @returns The most recent unused refresh token document, or `null` if no active token exists
+ *   (e.g. all tokens have been consumed or the session has no tokens).
+ *
+ * @example
+ * ```ts
+ * const activeToken = await ctx.runQuery(
+ *   component.identity.tokens.refreshTokenGetActive,
+ *   { sessionId: session._id },
+ * );
+ * if (activeToken !== null) {
+ *   console.log(`Active token expires at: ${activeToken.expirationTime}`);
+ * }
+ * ```
+ */
+export const refreshTokenGetActive = query({
+  args: { sessionId: v.id("Session") },
+  returns: v.union(vRefreshTokenDoc, v.null()),
+  handler: async (ctx, { sessionId }) => {
+    return await ctx.db
+      .query("RefreshToken")
+      .withIndex("session_id_first_used", (q) =>
+        q.eq("sessionId", sessionId as any).eq("firstUsedTime", undefined),
+      )
+      .order("desc")
+      .first();
+  },
+});