@robelest/convex-auth 0.0.4-preview.20 → 0.0.4-preview.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/{bin.cjs → bin.js} +331 -330
  2. package/dist/component/model.d.ts +9 -9
  3. package/dist/component/model.d.ts.map +1 -1
  4. package/dist/component/schema.d.ts +37 -37
  5. package/dist/component/server/auth.d.ts +71 -25
  6. package/dist/component/server/auth.d.ts.map +1 -1
  7. package/dist/component/server/auth.js +13 -27
  8. package/dist/component/server/auth.js.map +1 -1
  9. package/dist/component/server/runtime.d.ts +1 -1
  10. package/dist/server/auth.d.ts +70 -24
  11. package/dist/server/auth.d.ts.map +1 -1
  12. package/dist/server/auth.js +13 -27
  13. package/dist/server/auth.js.map +1 -1
  14. package/dist/server/http.d.ts +2 -2
  15. package/dist/server/http.d.ts.map +1 -1
  16. package/dist/server/index.d.ts +2 -2
  17. package/dist/server/mounts.d.ts +18 -18
  18. package/dist/server/mutations/account.d.ts +6 -6
  19. package/dist/server/mutations/account.d.ts.map +1 -1
  20. package/dist/server/mutations/code.d.ts +11 -11
  21. package/dist/server/mutations/invalidate.d.ts +4 -4
  22. package/dist/server/mutations/oauth.d.ts +9 -9
  23. package/dist/server/mutations/oauth.d.ts.map +1 -1
  24. package/dist/server/mutations/refresh.d.ts +3 -3
  25. package/dist/server/mutations/refresh.d.ts.map +1 -1
  26. package/dist/server/mutations/register.d.ts +2 -2
  27. package/dist/server/mutations/retrieve.d.ts +6 -6
  28. package/dist/server/mutations/signature.d.ts +4 -4
  29. package/dist/server/mutations/signature.d.ts.map +1 -1
  30. package/dist/server/mutations/signin.d.ts +5 -5
  31. package/dist/server/mutations/store.d.ts +83 -83
  32. package/dist/server/mutations/verify.d.ts +7 -7
  33. package/dist/server/mutations/verify.d.ts.map +1 -1
  34. package/dist/server/runtime.d.ts +7 -7
  35. package/package.json +4 -4
  36. package/src/cli/index.ts +1 -1
  37. package/src/component/index.ts +1 -0
  38. package/src/server/auth.ts +103 -59
  39. package/src/server/index.ts +2 -0
package/dist/component/model.d.ts CHANGED
@@ -11,13 +11,13 @@ declare const vAuthVerifierDoc: convex_values474.VObject<{
11
11
  signature: convex_values474.VString<string | undefined, "optional">;
12
12
  _id: convex_values474.VId<convex_values474.GenericId<"AuthVerifier">, "required">;
13
13
  _creationTime: convex_values474.VFloat64<number, "required">;
14
- }, "required", "sessionId" | "signature" | "_creationTime" | "_id">;
14
+ }, "required", "_creationTime" | "sessionId" | "signature" | "_id">;
15
15
  declare const vPasskeyDoc: convex_values474.VObject<{
16
16
  name?: string | undefined;
17
17
  transports?: string[] | undefined;
18
18
  lastUsedAt?: number | undefined;
19
- userId: convex_values474.GenericId<"User">;
20
19
  _creationTime: number;
20
+ userId: convex_values474.GenericId<"User">;
21
21
  credentialId: string;
22
22
  publicKey: ArrayBuffer;
23
23
  algorithm: number;
@@ -40,13 +40,13 @@ declare const vPasskeyDoc: convex_values474.VObject<{
40
40
  lastUsedAt: convex_values474.VFloat64<number | undefined, "optional">;
41
41
  _id: convex_values474.VId<convex_values474.GenericId<"Passkey">, "required">;
42
42
  _creationTime: convex_values474.VFloat64<number, "required">;
43
- }, "required", "name" | "userId" | "_creationTime" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp" | "createdAt" | "lastUsedAt" | "_id">;
43
+ }, "required", "_creationTime" | "name" | "userId" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp" | "createdAt" | "lastUsedAt" | "_id">;
44
44
  declare const vTotpFactorDoc: convex_values474.VObject<{
45
45
  name?: string | undefined;
46
46
  lastUsedAt?: number | undefined;
47
+ _creationTime: number;
47
48
  userId: convex_values474.GenericId<"User">;
48
49
  secret: ArrayBuffer;
49
- _creationTime: number;
50
50
  createdAt: number;
51
51
  digits: number;
52
52
  period: number;
@@ -63,7 +63,7 @@ declare const vTotpFactorDoc: convex_values474.VObject<{
63
63
  lastUsedAt: convex_values474.VFloat64<number | undefined, "optional">;
64
64
  _id: convex_values474.VId<convex_values474.GenericId<"TotpFactor">, "required">;
65
65
  _creationTime: convex_values474.VFloat64<number, "required">;
66
- }, "required", "name" | "userId" | "secret" | "_creationTime" | "createdAt" | "lastUsedAt" | "digits" | "period" | "verified" | "_id">;
66
+ }, "required", "_creationTime" | "name" | "userId" | "secret" | "createdAt" | "lastUsedAt" | "digits" | "period" | "verified" | "_id">;
67
67
  declare const vApiKeyDoc: convex_values474.VObject<{
68
68
  lastUsedAt?: number | undefined;
69
69
  expiresAt?: number | undefined;
@@ -76,9 +76,9 @@ declare const vApiKeyDoc: convex_values474.VObject<{
76
76
  attemptsLeft: number;
77
77
  lastAttemptTime: number;
78
78
  } | undefined;
79
+ _creationTime: number;
79
80
  name: string;
80
81
  userId: convex_values474.GenericId<"User">;
81
- _creationTime: number;
82
82
  createdAt: number;
83
83
  revoked: boolean;
84
84
  prefix: string;
@@ -124,13 +124,13 @@ declare const vApiKeyDoc: convex_values474.VObject<{
124
124
  metadata: convex_values474.VAny<any, "optional", string>;
125
125
  _id: convex_values474.VId<convex_values474.GenericId<"ApiKey">, "required">;
126
126
  _creationTime: convex_values474.VFloat64<number, "required">;
127
- }, "required", "name" | "userId" | "_creationTime" | "createdAt" | "lastUsedAt" | "expiresAt" | "revoked" | "metadata" | `metadata.${string}` | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | "_id">;
127
+ }, "required", "_creationTime" | "name" | "userId" | "createdAt" | "lastUsedAt" | "expiresAt" | "revoked" | "metadata" | `metadata.${string}` | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | "_id">;
128
128
  declare const vDeviceCodeDoc: convex_values474.VObject<{
129
129
  userId?: convex_values474.GenericId<"User"> | undefined;
130
130
  sessionId?: convex_values474.GenericId<"Session"> | undefined;
131
131
  lastPolledAt?: number | undefined;
132
- status: "pending" | "authorized" | "denied";
133
132
  _creationTime: number;
133
+ status: "pending" | "authorized" | "denied";
134
134
  deviceCodeHash: string;
135
135
  userCode: string;
136
136
  expiresAt: number;
@@ -147,7 +147,7 @@ declare const vDeviceCodeDoc: convex_values474.VObject<{
147
147
  lastPolledAt: convex_values474.VFloat64<number | undefined, "optional">;
148
148
  _id: convex_values474.VId<convex_values474.GenericId<"DeviceCode">, "required">;
149
149
  _creationTime: convex_values474.VFloat64<number, "required">;
150
- }, "required", "status" | "userId" | "sessionId" | "_creationTime" | "deviceCodeHash" | "userCode" | "expiresAt" | "interval" | "lastPolledAt" | "_id">;
150
+ }, "required", "_creationTime" | "status" | "userId" | "sessionId" | "deviceCodeHash" | "userCode" | "expiresAt" | "interval" | "lastPolledAt" | "_id">;
151
151
  //#endregion
152
152
  export { vApiKeyDoc, vAuthVerifierDoc, vDeviceCodeDoc, vPasskeyDoc, vTotpFactorDoc };
153
153
  //# sourceMappingURL=model.d.ts.map
package/dist/component/model.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"model.d.ts","names":[],"sources":["../../src/component/model.ts"],"mappings":";;;;;;cAEa,MAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;cA2BA,IAAA,iBAAI,OAAA;;;;OAAmD,cAAA,CAAA,OAAA;;;cAEvD,UAAA,GAAc,IAAA,yBAAS,OAAA;;;;SAIhC,cAAA,CAAA,MAAA;;;cAES,aAAA,EAAa,cAAA,CAAA,MAAA,kDAKzB,cAAA,CALyB,QAAA,yBAAA,cAAA,CAAA,QAAA,0BAAA,cAAA,CAAA,QAAA,yBAAA,cAAA,CAAA,QAAA;AAAA,cAOb,aAAA,EAAa,cAAA,CAAA,MAAA,uCAIzB,cAAA,CAJyB,QAAA,yBAAA,cAAA,CAAA,QAAA,4BAAA,cAAA,CAAA,QAAA;AAAA,cAMb,+BAAA,EAA+B,cAAA,CAAA,MAAA,4BAG3C,cAAA,CAH2C,QAAA,+BAAA,cAAA,CAAA,QAAA;AAAA,cAK/B,8BAAA,EAA8B,cAAA,CAAA,MAAA,yBAG1C,cAAA,CAH0C,QAAA,4BAAA,cAAA,CAAA,QAAA;AAAA,cAK9B,8BAAA,EAA8B,cAAA,CAAA,MAAA,oDAI1C,cAAA,CAJ0C,QAAA,qBAAA,cAAA,CAAA,QAAA,4BAAA,cAAA,CAAA,QAAA;AAAA,cAM9B,0BAAA,EAA0B,cAAA,CAAA,MAAA,mBAGtC,cAAA,CAHsC,QAAA,sBAAA,cAAA,CAAA,QAAA;AAAA,cAK1B,iBAAA,EAAiB,cAAA,CAAA,MAAA,mCAI7B,cAAA,CAJ6B,QAAA,uBAAA,cAAA,CAAA,QAAA,wBAAA,cAAA,CAAA,QAAA;AAAA,cAMjB,iBAAA,iBAAiB,OAAA;;;;;;;;;;;;;;;;;;;;;;;WAsB5B,cAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,WAAA,EAAW,cAAA,CAAA,MAAA,mCAIvB,cAAA,CAJuB,QAAA,uBAAA,cAAA,CAAA,QAAA,wBAAA,cAAA,CAAA,QAAA;AAAA,cAMX,iBAAA,EAAiB,cAAA,CAAA,MAAA,oBAAiD,cAAA,CAAjD,QAAA,sBAAA,cAAA,CAAA,QAAA;AAAA,cAEjB,eAAA,EAAe,cAAA,CAAA,MAAA,sDAM3B,cAAA,CAN2B,QAAA,sBAAA,cAAA,CAAA,QAAA,wBAAA,cAAA,CAAA,QAAA,sBAAA,cAAA,CAAA,QAAA,yBAAA,cAAA,CAAA,QAAA;AAAA,cAQf,YAAA,EAAY,cAAA,CAAA,MAAA,yBAAsD,cAAA,CAAtD,QAAA,yBAAA,cAAA,CAAA,QAAA;AAAA,cAEZ,sBAAA,EAAsB,cAAA,CAAA,MAAA,yBAGlC,cAAA,CAHkC,QAAA,wBAAA,cAAA,CAAA,QAAA;AAAA,cAKtB,sBAAA,EAAsB,cAAA,CAAA,MAAA,qDAKlC,cAAA,CALkC,QAAA,yBAAA,cAAA,CAAA,QAAA,4BAAA,cAAA,CAAA,QAAA,2BAAA,cAAA,CAAA,QAAA;AAAA,cAOtB,wBAAA,EAAwB,cAAA,CAAA,MAAA,mCAGpC,cAAA,CAHoC,QAAA,0BAAA,cAAA,CAAA,QAAA;AAAA,cAKxB,iBAAA,EAAiB,cAAA,CAAA,MAAA,kDAI7B,cAAA,CAJ6B,QAAA,wBAAA,cAAA,CAAA,QAAA,gCAAA,cAAA,CAAA,QAAA;AAAA,cAMjB,YAAA,iBAAY,OAAA;;;;YAGvB,cAAA,CAAA,OAAA;;;cAEW,gBAAA,iBAAgB,OAAA;;;;eAG3B,cAAA,CAAA,QAAA;;;cAEW,qBAAA,iBAAqB,OAAA;;;;gBAGhC,cAAA,CAAA,QAAA;;;cAEW,qBAAA,EAAqB,cAAA,CAAA,MAAA,wBAA2C,cAAA,CAA3C,QAAA;AAAA,cAWrB,QAAA,iBAAQ,OAAA;;;;;;;;;OAUnB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;cAEW,WAAA,iBAAW,OAAA;OAItB,cAAA,CAAA,SAAA;;;;;;;;;;cAEW,WAAA,iBAAW,OAAA;;;;;OAStB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;cAEW,gBAAA,iBAAgB,OAAA;cAI3B,cAAA,CAAA,SAAA;;;;;;;;;;cAEW,oBAAA,iBAAoB,OAAA;;;;OAS/B,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;cAEW,gBAAA,iBAAgB,OAAA;;yBAM3B,cAAA,CAAA,SAAA;;;;;;;;;;;;;cAEW,WAAA,iBAAW,OAAA;;;;OAatB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,cAAA,iBAAc,OAAA;;;OAUzB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;cAEW,aAAA,iBAAa,OAAA;OAKxB,cAAA,CAAA,SAAA;;;;;;;;;;;;cAEW,SAAA,iBAAS,OAAA;;;;kBAUpB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,eAAA,iBAAe,OAAA;;;;;OAQ1B,cAAA,CAAA,SAAA;;;;;;;;;;;;;;cAEW,eAAA,iBAAe,OAAA;;;YAa1B,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,UAAA,iBAAU,OAAA;;;;;;;;;;;;;;OAcrB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,cAAA,iBAAc,OAAA;WAUzB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;cAEW,cAAA,iBAAc,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;OASzB,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,oBAAA,iBAAoB,OAAA;;OAO/B,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;cAEW,gCAAA,iBAAgC,OAAA;OAW3C,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;cAEW,oBAAA,iBAAoB,OAAA;OAO/B,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;cAEW,wBAAA,iBAAwB,OAAA;;;OASnC,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;cAEW,0BAAA,iBAA0B,OAAA;;WAWrC,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;cAEW,wBAAA,iBAAwB,OAAA;;;;;;OAcnC,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,6BAAA,iBAA6B,OAAA;;oBAaxC,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,6BAAA,iBAA6B,OAAA;iBAaxC,cAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,gBAAA,iBAAgB,OAAA;;;OAO3B,cAAA,CAAA,SAAA;;;;;;;;;;;;;;cAEW,0BAAA,iBAA0B,OAAA;aAMrC,cAAA,CAAA,SAAA"}
1
+ {"version":3,"file":"model.d.ts","names":[],"sources":["../../src/component/model.ts"],"mappings":";;;cAqMa,gBAAA,mBAAgB,OAAA;cAI3B,gBAAA,CAAA,SAAA;;;;;;;;;;cAqBW,WAAA,mBAAW,OAAA;;;;;UAatB,gBAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;cAEW,cAAA,mBAAc,OAAA;;;;UAUzB,gBAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;cA8CW,UAAA,mBAAU,OAAA;;;;;;;;;;;;;;UAcrB,gBAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,cAAA,mBAAc,OAAA;WAUzB,gBAAA,CAAA,SAAA"}
package/dist/component/schema.d.ts CHANGED
@@ -15,10 +15,10 @@ declare const _default: convex_server66.SchemaDefinition<{
15
15
  * and multiple concurrent sessions.
16
16
  */
17
17
  User: convex_server66.TableDefinition<convex_values121.VObject<{
18
- email?: string | undefined;
19
18
  phone?: string | undefined;
20
- extend?: any;
19
+ email?: string | undefined;
21
20
  name?: string | undefined;
21
+ extend?: any;
22
22
  image?: string | undefined;
23
23
  emailVerificationTime?: number | undefined;
24
24
  phoneVerificationTime?: number | undefined;
@@ -32,7 +32,7 @@ declare const _default: convex_server66.SchemaDefinition<{
32
32
  phoneVerificationTime: convex_values121.VFloat64<number | undefined, "optional">;
33
33
  isAnonymous: convex_values121.VBoolean<boolean | undefined, "optional">;
34
34
  extend: convex_values121.VAny<any, "optional", string>;
35
- }, "required", "email" | "phone" | "extend" | "name" | "image" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | `extend.${string}`>, {
35
+ }, "required", "phone" | "email" | "name" | "extend" | "image" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | `extend.${string}`>, {
36
36
  email: ["email", "_creationTime"];
37
37
  email_verified: ["email", "emailVerificationTime", "_creationTime"];
38
38
  phone: ["phone", "_creationTime"];
@@ -247,9 +247,9 @@ declare const _default: convex_server66.SchemaDefinition<{
247
247
  * organizations, teams, departments, or any tree structure.
248
248
  */
249
249
  Group: convex_server66.TableDefinition<convex_values121.VObject<{
250
+ slug?: string | undefined;
250
251
  type?: string | undefined;
251
252
  extend?: any;
252
- slug?: string | undefined;
253
253
  parentGroupId?: convex_values121.GenericId<"Group"> | undefined;
254
254
  rootGroupId?: convex_values121.GenericId<"Group"> | undefined;
255
255
  isRoot?: boolean | undefined;
@@ -276,7 +276,7 @@ declare const _default: convex_server66.SchemaDefinition<{
276
276
  value: convex_values121.VString<string, "required">;
277
277
  }, "required", "value" | "key">, "optional">;
278
278
  extend: convex_values121.VAny<any, "optional", string>;
279
- }, "required", "type" | "extend" | "name" | "slug" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags">, {
279
+ }, "required", "name" | "slug" | "type" | "extend" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags">, {
280
280
  slug: ["slug", "_creationTime"];
281
281
  parent_group_id: ["parentGroupId", "_creationTime"];
282
282
  root_group_id: ["rootGroupId", "_creationTime"];
@@ -308,8 +308,8 @@ declare const _default: convex_server66.SchemaDefinition<{
308
308
  * member of multiple groups with different roles in each.
309
309
  */
310
310
  GroupMember: convex_server66.TableDefinition<convex_values121.VObject<{
311
- extend?: any;
312
311
  status?: string | undefined;
312
+ extend?: any;
313
313
  role?: string | undefined;
314
314
  roleIds?: string[] | undefined;
315
315
  groupId: convex_values121.GenericId<"Group">;
@@ -321,7 +321,7 @@ declare const _default: convex_server66.SchemaDefinition<{
321
321
  roleIds: convex_values121.VArray<string[] | undefined, convex_values121.VString<string, "required">, "optional">;
322
322
  status: convex_values121.VString<string | undefined, "optional">;
323
323
  extend: convex_values121.VAny<any, "optional", string>;
324
- }, "required", "groupId" | "extend" | "status" | "userId" | `extend.${string}` | "role" | "roleIds">, {
324
+ }, "required", "status" | "groupId" | "extend" | "userId" | `extend.${string}` | "role" | "roleIds">, {
325
325
  group_id: ["groupId", "_creationTime"];
326
326
  group_id_user_id: ["groupId", "userId", "_creationTime"];
327
327
  group_id_status: ["groupId", "status", "_creationTime"];
@@ -359,7 +359,7 @@ declare const _default: convex_server66.SchemaDefinition<{
359
359
  acceptedByUserId: convex_values121.VId<convex_values121.GenericId<"User"> | undefined, "optional">;
360
360
  acceptedTime: convex_values121.VFloat64<number | undefined, "optional">;
361
361
  extend: convex_values121.VAny<any, "optional", string>;
362
- }, "required", "email" | "groupId" | "extend" | "status" | `extend.${string}` | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "expiresTime" | "acceptedByUserId" | "acceptedTime">, {
362
+ }, "required", "email" | "status" | "groupId" | "tokenHash" | "extend" | `extend.${string}` | "role" | "roleIds" | "invitedByUserId" | "expiresTime" | "acceptedByUserId" | "acceptedTime">, {
363
363
  token_hash: ["tokenHash", "_creationTime"];
364
364
  status: ["status", "_creationTime"];
365
365
  email_status: ["email", "status", "_creationTime"];
@@ -375,7 +375,6 @@ declare const _default: convex_server66.SchemaDefinition<{
375
375
  * field addition.
376
376
  */
377
377
  Enterprise: convex_server66.TableDefinition<convex_values121.VObject<{
378
- extend?: any;
379
378
  name?: string | undefined;
380
379
  slug?: string | undefined;
381
380
  policy?: {
@@ -383,8 +382,8 @@ declare const _default: convex_server66.SchemaDefinition<{
383
382
  version: 1;
384
383
  identity: {
385
384
  accountLinking: {
386
- oidc: "verifiedEmail" | "none";
387
385
  saml: "verifiedEmail" | "none";
386
+ oidc: "verifiedEmail" | "none";
388
387
  };
389
388
  };
390
389
  provisioning: {
@@ -401,9 +400,10 @@ declare const _default: convex_server66.SchemaDefinition<{
401
400
  };
402
401
  };
403
402
  } | undefined;
403
+ extend?: any;
404
404
  config?: any;
405
- groupId: convex_values121.GenericId<"Group">;
406
405
  status: "draft" | "active" | "disabled";
406
+ groupId: convex_values121.GenericId<"Group">;
407
407
  }, {
408
408
  groupId: convex_values121.VId<convex_values121.GenericId<"Group">, "required">;
409
409
  slug: convex_values121.VString<string | undefined, "optional">;
@@ -414,8 +414,8 @@ declare const _default: convex_server66.SchemaDefinition<{
414
414
  version: 1;
415
415
  identity: {
416
416
  accountLinking: {
417
- oidc: "verifiedEmail" | "none";
418
417
  saml: "verifiedEmail" | "none";
418
+ oidc: "verifiedEmail" | "none";
419
419
  };
420
420
  };
421
421
  provisioning: {
@@ -435,18 +435,18 @@ declare const _default: convex_server66.SchemaDefinition<{
435
435
  version: convex_values121.VLiteral<1, "required">;
436
436
  identity: convex_values121.VObject<{
437
437
  accountLinking: {
438
- oidc: "verifiedEmail" | "none";
439
438
  saml: "verifiedEmail" | "none";
439
+ oidc: "verifiedEmail" | "none";
440
440
  };
441
441
  }, {
442
442
  accountLinking: convex_values121.VObject<{
443
- oidc: "verifiedEmail" | "none";
444
443
  saml: "verifiedEmail" | "none";
444
+ oidc: "verifiedEmail" | "none";
445
445
  }, {
446
446
  oidc: convex_values121.VUnion<"verifiedEmail" | "none", [convex_values121.VLiteral<"verifiedEmail", "required">, convex_values121.VLiteral<"none", "required">], "required", never>;
447
447
  saml: convex_values121.VUnion<"verifiedEmail" | "none", [convex_values121.VLiteral<"verifiedEmail", "required">, convex_values121.VLiteral<"none", "required">], "required", never>;
448
- }, "required", "oidc" | "saml">;
449
- }, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
448
+ }, "required", "saml" | "oidc">;
449
+ }, "required", "accountLinking" | "accountLinking.saml" | "accountLinking.oidc">;
450
450
  provisioning: convex_values121.VObject<{
451
451
  scimReuse: {
452
452
  user: "none" | "externalId";
@@ -481,10 +481,10 @@ declare const _default: convex_server66.SchemaDefinition<{
481
481
  }, "required", "mode">;
482
482
  }, "required", "scimReuse" | "jit" | "deprovision" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode">;
483
483
  extend: convex_values121.VAny<any, "optional", string>;
484
- }, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode">;
484
+ }, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.saml" | "identity.accountLinking.oidc" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode">;
485
485
  config: convex_values121.VAny<any, "optional", string>;
486
486
  extend: convex_values121.VAny<any, "optional", string>;
487
- }, "required", "groupId" | "extend" | "name" | "slug" | "status" | `extend.${string}` | "policy" | "config" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | `config.${string}`>, {
487
+ }, "required", "name" | "slug" | "status" | "groupId" | "policy" | "extend" | `extend.${string}` | "config" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.saml" | "policy.identity.accountLinking.oidc" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | `config.${string}`>, {
488
488
  group_id: ["groupId", "_creationTime"];
489
489
  slug: ["slug", "_creationTime"];
490
490
  status: ["status", "_creationTime"];
@@ -494,9 +494,9 @@ declare const _default: convex_server66.SchemaDefinition<{
494
494
  */
495
495
  EnterpriseDomain: convex_server66.TableDefinition<convex_values121.VObject<{
496
496
  verifiedAt?: number | undefined;
497
+ enterpriseId: convex_values121.GenericId<"Enterprise">;
497
498
  groupId: convex_values121.GenericId<"Group">;
498
499
  domain: string;
499
- enterpriseId: convex_values121.GenericId<"Enterprise">;
500
500
  isPrimary: boolean;
501
501
  }, {
502
502
  enterpriseId: convex_values121.VId<convex_values121.GenericId<"Enterprise">, "required">;
@@ -504,7 +504,7 @@ declare const _default: convex_server66.SchemaDefinition<{
504
504
  domain: convex_values121.VString<string, "required">;
505
505
  isPrimary: convex_values121.VBoolean<boolean, "required">;
506
506
  verifiedAt: convex_values121.VFloat64<number | undefined, "optional">;
507
- }, "required", "groupId" | "domain" | "enterpriseId" | "isPrimary" | "verifiedAt">, {
507
+ }, "required", "enterpriseId" | "groupId" | "domain" | "verifiedAt" | "isPrimary">, {
508
508
  enterprise_id: ["enterpriseId", "_creationTime"];
509
509
  group_id: ["groupId", "_creationTime"];
510
510
  domain: ["domain", "_creationTime"];
@@ -513,11 +513,11 @@ declare const _default: convex_server66.SchemaDefinition<{
513
513
  * Pending DNS TXT verification challenges for enterprise domains.
514
514
  */
515
515
  EnterpriseDomainVerification: convex_server66.TableDefinition<convex_values121.VObject<{
516
+ enterpriseId: convex_values121.GenericId<"Enterprise">;
516
517
  groupId: convex_values121.GenericId<"Group">;
517
518
  domain: string;
518
- expiresAt: number;
519
519
  tokenHash: string;
520
- enterpriseId: convex_values121.GenericId<"Enterprise">;
520
+ expiresAt: number;
521
521
  domainId: convex_values121.GenericId<"EnterpriseDomain">;
522
522
  recordName: string;
523
523
  token: string;
@@ -532,7 +532,7 @@ declare const _default: convex_server66.SchemaDefinition<{
532
532
  tokenHash: convex_values121.VString<string, "required">;
533
533
  requestedAt: convex_values121.VFloat64<number, "required">;
534
534
  expiresAt: convex_values121.VFloat64<number, "required">;
535
- }, "required", "groupId" | "domain" | "expiresAt" | "tokenHash" | "enterpriseId" | "domainId" | "recordName" | "token" | "requestedAt">, {
535
+ }, "required", "enterpriseId" | "groupId" | "domain" | "tokenHash" | "expiresAt" | "domainId" | "recordName" | "token" | "requestedAt">, {
536
536
  enterprise_id: ["enterpriseId", "_creationTime"];
537
537
  domain_id: ["domainId", "_creationTime"];
538
538
  token_hash: ["tokenHash", "_creationTime"];
@@ -541,9 +541,9 @@ declare const _default: convex_server66.SchemaDefinition<{
541
541
  * Encrypted enterprise secrets stored separately from protocol config.
542
542
  */
543
543
  EnterpriseSecret: convex_server66.TableDefinition<convex_values121.VObject<{
544
+ enterpriseId: convex_values121.GenericId<"Enterprise">;
544
545
  groupId: convex_values121.GenericId<"Group">;
545
546
  kind: "oidc_client_secret";
546
- enterpriseId: convex_values121.GenericId<"Enterprise">;
547
547
  ciphertext: string;
548
548
  updatedAt: number;
549
549
  }, {
@@ -552,7 +552,7 @@ declare const _default: convex_server66.SchemaDefinition<{
552
552
  kind: convex_values121.VUnion<"oidc_client_secret", [convex_values121.VLiteral<"oidc_client_secret", "required">], "required", never>;
553
553
  ciphertext: convex_values121.VString<string, "required">;
554
554
  updatedAt: convex_values121.VFloat64<number, "required">;
555
- }, "required", "groupId" | "kind" | "enterpriseId" | "ciphertext" | "updatedAt">, {
555
+ }, "required", "enterpriseId" | "groupId" | "kind" | "ciphertext" | "updatedAt">, {
556
556
  enterprise_id: ["enterpriseId", "_creationTime"];
557
557
  enterprise_id_kind: ["enterpriseId", "kind", "_creationTime"];
558
558
  group_id: ["groupId", "_creationTime"];
@@ -563,10 +563,10 @@ declare const _default: convex_server66.SchemaDefinition<{
563
563
  EnterpriseScimConfig: convex_server66.TableDefinition<convex_values121.VObject<{
564
564
  extend?: any;
565
565
  lastRotatedAt?: number | undefined;
566
- groupId: convex_values121.GenericId<"Group">;
567
566
  status: "draft" | "active" | "disabled";
568
- tokenHash: string;
569
567
  enterpriseId: convex_values121.GenericId<"Enterprise">;
568
+ groupId: convex_values121.GenericId<"Group">;
569
+ tokenHash: string;
570
570
  basePath: string;
571
571
  }, {
572
572
  enterpriseId: convex_values121.VId<convex_values121.GenericId<"Enterprise">, "required">;
@@ -576,7 +576,7 @@ declare const _default: convex_server66.SchemaDefinition<{
576
576
  tokenHash: convex_values121.VString<string, "required">;
577
577
  lastRotatedAt: convex_values121.VFloat64<number | undefined, "optional">;
578
578
  extend: convex_values121.VAny<any, "optional", string>;
579
- }, "required", "groupId" | "extend" | "status" | `extend.${string}` | "tokenHash" | "enterpriseId" | "basePath" | "lastRotatedAt">, {
579
+ }, "required", "status" | "enterpriseId" | "groupId" | "tokenHash" | "basePath" | "extend" | `extend.${string}` | "lastRotatedAt">, {
580
580
  enterprise_id: ["enterpriseId", "_creationTime"];
581
581
  group_id: ["groupId", "_creationTime"];
582
582
  token_hash: ["tokenHash", "_creationTime"];
@@ -587,13 +587,13 @@ declare const _default: convex_server66.SchemaDefinition<{
587
587
  */
588
588
  EnterpriseScimIdentity: convex_server66.TableDefinition<convex_values121.VObject<{
589
589
  active?: boolean | undefined;
590
+ lastProvisionedAt?: number | undefined;
590
591
  userId?: convex_values121.GenericId<"User"> | undefined;
591
592
  mappedGroupId?: convex_values121.GenericId<"Group"> | undefined;
592
- lastProvisionedAt?: number | undefined;
593
593
  raw?: any;
594
+ enterpriseId: convex_values121.GenericId<"Enterprise">;
594
595
  groupId: convex_values121.GenericId<"Group">;
595
596
  externalId: string;
596
- enterpriseId: convex_values121.GenericId<"Enterprise">;
597
597
  resourceType: "user" | "group";
598
598
  }, {
599
599
  enterpriseId: convex_values121.VId<convex_values121.GenericId<"Enterprise">, "required">;
@@ -605,7 +605,7 @@ declare const _default: convex_server66.SchemaDefinition<{
605
605
  lastProvisionedAt: convex_values121.VFloat64<number | undefined, "optional">;
606
606
  active: convex_values121.VBoolean<boolean | undefined, "optional">;
607
607
  raw: convex_values121.VAny<any, "optional", string>;
608
- }, "required", "groupId" | "active" | "userId" | "externalId" | "enterpriseId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
608
+ }, "required", "active" | "enterpriseId" | "groupId" | "lastProvisionedAt" | "userId" | "externalId" | "resourceType" | "mappedGroupId" | "raw" | `raw.${string}`>, {
609
609
  enterprise_id: ["enterpriseId", "_creationTime"];
610
610
  group_id: ["groupId", "_creationTime"];
611
611
  enterprise_id_resource_type_external_id: ["enterpriseId", "resourceType", "externalId", "_creationTime"];
@@ -622,9 +622,9 @@ declare const _default: convex_server66.SchemaDefinition<{
622
622
  requestId?: string | undefined;
623
623
  ip?: string | undefined;
624
624
  metadata?: any;
625
- groupId: convex_values121.GenericId<"Group">;
626
625
  status: "success" | "failure";
627
626
  enterpriseId: convex_values121.GenericId<"Enterprise">;
627
+ groupId: convex_values121.GenericId<"Group">;
628
628
  actorType: "user" | "system" | "scim" | "api_key" | "webhook";
629
629
  eventType: string;
630
630
  subjectType: string;
@@ -642,7 +642,7 @@ declare const _default: convex_server66.SchemaDefinition<{
642
642
  requestId: convex_values121.VString<string | undefined, "optional">;
643
643
  ip: convex_values121.VString<string | undefined, "optional">;
644
644
  metadata: convex_values121.VAny<any, "optional", string>;
645
- }, "required", "groupId" | "status" | "enterpriseId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip" | "metadata" | `metadata.${string}`>, {
645
+ }, "required", "status" | "enterpriseId" | "groupId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip" | "metadata" | `metadata.${string}`>, {
646
646
  enterprise_id_occurred_at: ["enterpriseId", "occurredAt", "_creationTime"];
647
647
  group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
648
648
  event_type_occurred_at: ["eventType", "occurredAt", "_creationTime"];
@@ -655,9 +655,9 @@ declare const _default: convex_server66.SchemaDefinition<{
655
655
  createdByUserId?: convex_values121.GenericId<"User"> | undefined;
656
656
  lastSuccessAt?: number | undefined;
657
657
  lastFailureAt?: number | undefined;
658
- groupId: convex_values121.GenericId<"Group">;
659
658
  status: "active" | "disabled";
660
659
  enterpriseId: convex_values121.GenericId<"Enterprise">;
660
+ groupId: convex_values121.GenericId<"Group">;
661
661
  url: string;
662
662
  secretHash: string;
663
663
  subscriptions: string[];
@@ -674,7 +674,7 @@ declare const _default: convex_server66.SchemaDefinition<{
674
674
  lastFailureAt: convex_values121.VFloat64<number | undefined, "optional">;
675
675
  failureCount: convex_values121.VFloat64<number, "required">;
676
676
  extend: convex_values121.VAny<any, "optional", string>;
677
- }, "required", "groupId" | "extend" | "status" | `extend.${string}` | "enterpriseId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
677
+ }, "required", "status" | "enterpriseId" | "groupId" | "extend" | `extend.${string}` | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
678
678
  enterprise_id: ["enterpriseId", "_creationTime"];
679
679
  group_id: ["groupId", "_creationTime"];
680
680
  status: ["status", "_creationTime"];
@@ -689,8 +689,8 @@ declare const _default: convex_server66.SchemaDefinition<{
689
689
  lastError?: string | undefined;
690
690
  status: "pending" | "processing" | "delivered" | "failed";
691
691
  enterpriseId: convex_values121.GenericId<"Enterprise">;
692
- eventType: string;
693
692
  endpointId: convex_values121.GenericId<"EnterpriseWebhookEndpoint">;
693
+ eventType: string;
694
694
  attemptCount: number;
695
695
  nextAttemptAt: number;
696
696
  payload: any;
@@ -706,7 +706,7 @@ declare const _default: convex_server66.SchemaDefinition<{
706
706
  lastResponseStatus: convex_values121.VFloat64<number | undefined, "optional">;
707
707
  lastError: convex_values121.VString<string | undefined, "optional">;
708
708
  payload: convex_values121.VAny<any, "required", string>;
709
- }, "required", "status" | "enterpriseId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
709
+ }, "required", "status" | "enterpriseId" | "endpointId" | "eventType" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
710
710
  enterprise_id: ["enterpriseId", "_creationTime"];
711
711
  status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
712
712
  endpoint_id_status: ["endpointId", "status", "_creationTime"];
package/dist/component/server/auth.d.ts CHANGED
@@ -10,6 +10,8 @@ import { GenericId } from "convex/values";
10
10
  * minus `component` (which is passed as the first constructor argument).
11
11
  */
12
12
  type AuthConfig = Omit<ConvexAuthConfig, "component">;
13
+ /** Canonical user document type exposed by Convex Auth. */
14
+ type UserDoc = Doc<"User">;
13
15
  type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth>["auth"]["member"], "create" | "list" | "update" | "resolve"> & {
14
16
  create: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["create"]>[0], data: {
15
17
  groupId: string;
@@ -151,19 +153,45 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
151
153
  };
152
154
  };
153
155
  /**
154
- * Resolved auth context injected into `ctx.auth` by `auth.ctx()`.
156
+ * Resolved auth context injected into `ctx.auth` by `auth.ctx()` and
157
+ * {@link AuthCtx}. Also the expected return shape for custom
158
+ * {@link AuthCtxConfig.authResolve | authResolve} hooks.
155
159
  *
156
160
  * - `null` when unauthenticated.
157
161
  * - `groupId` is `null` when the user has no active group set.
158
162
  * - `role` / `grants` are `null` / `[]` when no active group or no membership.
163
+ *
164
+ * @example
165
+ * ```ts
166
+ * import type { AuthResolvedContext } from "@robelest/convex-auth/server";
167
+ *
168
+ * const mockAuth: AuthResolvedContext = {
169
+ * userId: "user123" as Id<"User">,
170
+ * user: { _id: "user123", email: "test@example.com" },
171
+ * groupId: "group456",
172
+ * role: "admin",
173
+ * grants: ["read", "write"],
174
+ * };
175
+ * ```
159
176
  */
160
177
  type AuthResolvedContext = {
161
- /** The authenticated user's document ID. */userId: string; /** The authenticated user's full document. */
162
- user: any; /** The user's active group ID, or `null` if none set. */
178
+ /** The authenticated user's document ID. */userId: GenericId<"User">; /** The authenticated user's full document. */
179
+ user: UserDoc; /** The user's active group ID, or `null` if none set. */
163
180
  groupId: string | null; /** The user's primary role in the active group, or `null`. */
164
181
  role: string | null; /** Resolved grant strings from the user's role definitions. */
165
182
  grants: string[];
166
183
  };
184
+ type AuthCtxBase = {
185
+ getUserIdentity: () => Promise<UserIdentity | null>;
186
+ };
187
+ type RequiredAuthCtxState = AuthCtxBase & AuthResolvedContext;
188
+ type OptionalAuthCtxState = AuthCtxBase & {
189
+ userId: GenericId<"User"> | null;
190
+ user: UserDoc | null;
191
+ groupId: string | null;
192
+ role: string | null;
193
+ grants: string[];
194
+ };
167
195
  type InternalSsoApi = ReturnType<typeof Auth>["auth"]["sso"];
168
196
  type PublicSsoAdminApi = {
169
197
  connection: InternalSsoApi["connection"] & {
@@ -280,8 +308,6 @@ declare function createAuth<P extends AuthProviderConfig[], TAuthorization exten
280
308
  providers: P;
281
309
  authorization?: TAuthorization;
282
310
  }): ConvexAuthResult<P, TAuthorization>;
283
- /** Canonical user document type exposed by Convex Auth. */
284
- type UserDoc = Doc<"User">;
285
311
  /**
286
312
  * Configuration for {@link AuthCtx} context enrichment.
287
313
  *
@@ -291,16 +317,42 @@ type UserDoc = Doc<"User">;
291
317
  type AuthCtxConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
292
318
  /** Allow unauthenticated callers and return `userId: null` / `user: null`. */optional?: boolean;
293
319
  /**
294
- * Attach additional derived fields to the auth context after the user is resolved.
320
+ * Attach additional derived fields to the auth context after the base auth
321
+ * context is resolved.
322
+ */
323
+ resolve?: (ctx: any, user: UserDoc, auth: AuthResolvedContext) => Promise<TResolve> | TResolve;
324
+ /**
325
+ * Override or wrap the base auth resolution used by {@link AuthCtx}.
326
+ *
327
+ * Return `undefined` to fall back to the built-in resolver,
328
+ * `null` for an explicit unauthenticated state, or an
329
+ * {@link AuthResolvedContext} object to provide a pre-resolved auth state.
330
+ * This is useful for tests, proxy auth, impersonation flows, or any
331
+ * environment that needs to inject auth without depending on the standard
332
+ * Convex auth tables.
333
+ *
334
+ * @param ctx - The Convex function context.
335
+ * @param fallback - The built-in auth resolver used by {@link AuthCtx}.
336
+ * @returns Resolved auth state, `null`, or `undefined` to use the fallback.
337
+ *
338
+ * @example
339
+ * ```ts
340
+ * const authCtx = AuthCtx(auth, {
341
+ * authResolve: async (ctx, fallback) => {
342
+ * const injected = getInjectedAuth(ctx);
343
+ * return injected ?? (await fallback());
344
+ * },
345
+ * });
346
+ * ```
295
347
  */
296
- resolve?: (ctx: any, user: UserDoc) => Promise<TResolve> | TResolve;
348
+ authResolve?: (ctx: any, fallback: () => Promise<AuthResolvedContext | null>) => Promise<AuthResolvedContext | null | undefined> | AuthResolvedContext | null | undefined;
297
349
  };
298
350
  /**
299
351
  * Create a context enrichment for `customQuery` / `customMutation` — optional auth.
300
352
  *
301
353
  * When `optional: true` is set, unauthenticated requests are allowed.
302
- * The enriched `ctx.auth` will have `userId: null` and `user: null`
303
- * for unauthenticated callers.
354
+ * The enriched `ctx.auth` will have `userId: null`, `user: null`,
355
+ * `groupId: null`, `role: null`, and `grants: []` for unauthenticated callers.
304
356
  *
305
357
  * @param auth - The auth API object returned by {@link createAuth}.
306
358
  * @param config - Configuration with `optional: true` and an optional
@@ -324,11 +376,7 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
324
376
  args: {};
325
377
  input: (ctx: any, _args: any, _extra?: any) => Promise<{
326
378
  ctx: {
327
- auth: {
328
- getUserIdentity: () => Promise<UserIdentity | null>;
329
- userId: GenericId<"User"> | null;
330
- user: UserDoc | null;
331
- } & TResolve;
379
+ auth: OptionalAuthCtxState & TResolve;
332
380
  };
333
381
  args: {};
334
382
  }>;
@@ -338,8 +386,9 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
338
386
  *
339
387
  * When `optional` is omitted or `false`, the inferred type is the authenticated
340
388
  * auth shape. At runtime this helper still resolves instead of throwing, so if
341
- * no user is signed in the returned `ctx.auth.userId` and `ctx.auth.user` are
342
- * `null`.
389
+ * no user is signed in the returned `ctx.auth.userId` / `ctx.auth.user` are
390
+ * `null`, `ctx.auth.groupId` / `ctx.auth.role` are `null`, and
391
+ * `ctx.auth.grants` is `[]`.
343
392
  *
344
393
  * @param auth - The auth API object returned by {@link createAuth}.
345
394
  * @param config - Optional configuration with a `resolve` callback
@@ -360,11 +409,7 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
360
409
  args: {};
361
410
  input: (ctx: any, _args: any, _extra?: any) => Promise<{
362
411
  ctx: {
363
- auth: {
364
- getUserIdentity: () => Promise<UserIdentity | null>;
365
- userId: GenericId<"User">;
366
- user: UserDoc;
367
- } & TResolve;
412
+ auth: RequiredAuthCtxState & TResolve;
368
413
  };
369
414
  args: {};
370
415
  }>;
@@ -374,9 +419,10 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
374
419
  *
375
420
  * Use this to type function parameters or variables that receive the
376
421
  * enriched auth context produced by `AuthCtx`. The inferred type includes
377
- * `userId`, `user`, `getUserIdentity`, and any additional fields added
378
- * by the `resolve` callback. This is the generic utility for reusing the
379
- * enriched auth shape without manually duplicating conditional auth types.
422
+ * `userId`, `user`, `groupId`, `role`, `grants`, `getUserIdentity`, and any
423
+ * additional fields added by the `resolve` callback. This is the generic
424
+ * utility for reusing the enriched auth shape without manually duplicating
425
+ * conditional auth types.
380
426
  *
381
427
  * @typeParam T - An `AuthCtx` return value (must have an `input` method
382
428
  * that returns `{ ctx: { auth: ... } }`).
@@ -400,5 +446,5 @@ type InferAuth<T extends {
400
446
  }>;
401
447
  }> = Awaited<ReturnType<T["input"]>>["ctx"]["auth"];
402
448
  //#endregion
403
- export { AuthApi, AuthConfig, AuthCtx, AuthCtxConfig, InferAuth, UserDoc, createAuth };
449
+ export { AuthApi, AuthConfig, AuthCtx, AuthCtxConfig, AuthResolvedContext, InferAuth, UserDoc, createAuth };
404
450
  //# sourceMappingURL=auth.d.ts.map
package/dist/component/server/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","names":[],"sources":["../../../src/server/auth.ts"],"mappings":";;;;;;;;AAmC6D;;;KAAjD,UAAA,GAAa,IAAA,CAAK,gBAAA;AAAA,KAEzB,0BAAA,wBACoB,uBAAA,gBACrB,IAAA,CACF,UAAA,QAAkB,IAAA;EAGlB,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,IAAA;IACE,OAAA;IACA,MAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA;IACA,MAAA,GAAS,MAAA;EAAA,MAER,OAAA;IAAU,EAAA;IAAU,QAAA;EAAA;EACzB,IAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,iCAEpB,IAAA;IACE,KAAA;MACE,OAAA;MACA,MAAA;MACA,MAAA,GAAS,UAAA,CAAW,cAAA;MACpB,MAAA;IAAA;IAEF,KAAA;IACA,MAAA;IACA,OAAA;IACA,KAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;EAClC,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,QAAA,UACA,IAAA,EAAM,MAAA;IAA4B,OAAA,GAAU,UAAA,CAAW,cAAA;EAAA,MACpD,OAAA;IAAU,EAAA;IAAU,QAAA;EAAA;EACzB,OAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,oCAEpB,IAAA;IACE,MAAA;IACA,OAAA;IACA,QAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA,GAAS,SAAA,CAAU,cAAA;IACnB,QAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;AAAA;;;;;;;;;;;;;;;;KAmBxB,WAAA,wBACa,uBAAA;EAEvB,MAAA,EAAQ,UAAA,QAAkB,IAAA;EAC1B,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,IAAA;EACzB,IAAA,EAAM,UAAA,QAAkB,IAAA;EACxB,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,QAAA,EAAU,UAAA,QAAkB,IAAA;EAC5B,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,IAAA;EACzB,MAAA,EAAQ,0BAAA,CAA2B,cAAA;EACnC,MAAA,EAAQ,UAAA,QAAkB,IAAA;EAC1B,GAAA,EAAK,UAAA,QAAkB,IAAA;EACvB,IAAA,EAAM,UAAA,QAAkB,IAAA;EA9DlB;;;;;;;;;;;;;;;;;;;;;;;;EAuFN,OAAA,GAAU,GAAA,UAAa,OAAA,CAAQ,mBAAA;EAvEhB;;;;;;;;;;;;;;;;;;;;;;;AAgCjB;;;;;;;;;;;;;;;;EA+EE,GAAA;IACE,IAAA,EAAM,MAAA;IACN,KAAA,GAAQ,GAAA,UAAa,OAAA;MACnB,GAAA;QAAO,IAAA,EAAM,mBAAA;MAAA;MACb,IAAA,EAAM,MAAA;IAAA;EAAA;AAAA;;;;;;;;KAYA,mBAAA;EAdoB,4CAgB9B,MAAA,UAhGA;EAkGA,IAAA,OAhGA;EAkGA,OAAA,iBAlG0B;EAoG1B,IAAA,iBAnGS;EAqGT,MAAA;AAAA;AAAA,KAGG,cAAA,GAAiB,UAAA,QAAkB,IAAA;AAAA,KAEnC,iBAAA;EACH,UAAA,EAAY,cAAA;IACV,MAAA;MACE,IAAA,EAAM,cAAA;MACN,QAAA,EAAU,cAAA;MACV,GAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,YAAA,UACA,OAAA,EAAS,KAAA;QACP,MAAA;QACA,SAAA;MAAA,OAEC,OAAA;QACH,EAAA;QACA,YAAA;QACA,OAAA,EAAS,KAAA;UACP,QAAA;UACA,MAAA;UACA,SAAA;UACA,QAAA;UACA,UAAA;QAAA;MAAA;MAGJ,YAAA;QACE,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,EAAA;UACA,YAAA;UACA,MAAA;UACA,WAAA;UACA,SAAA;UACA,SAAA;YACE,UAAA;YACA,UAAA;YACA,WAAA;UAAA;QAAA;QAGJ,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,EAAA;UACA,YAAA;UACA,MAAA;UACA,UAAA;UACA,MAAA,EAAQ,KAAA;YAAQ,IAAA;YAAc,EAAA;YAAa,OAAA;UAAA;QAAA;MAAA;IAAA;EAAA;EAKnD,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,MAAA,EAAQ,cAAA;EACR,KAAA;IACE,IAAA,EAAM,cAAA;EAAA;EAER,OAAA;IACE,QAAA,EAAU,cAAA;IACV,QAAA;MACE,IAAA,EAAM,cAAA;IAAA;EAAA;AAAA;AAAA,KAKP,kBAAA;EACH,MAAA,EAAQ,cAAA;EACR,QAAA,EAAU,cAAA;AAAA;AAAA,KAGP,YAAA;EACH,KAAA,EAAO,iBAAA;EACP,MAAA,EAAQ,kBAAA;AAAA;AAAA,KAGL,aAAA;EACH,KAAA,EAAO,IAAA,CAAK,cAAA;AAAA;;;;;;;;;;;;;;;;KAkBF,OAAA,wBACa,uBAAA,4BACrB,WAAA,CAAY,cAAA;EACd,GAAA,EAAK,YAAA;EACL,IAAA,EAAM,aAAA;AAAA;;;;;;;;;;;;;;;;KAkBI,gBAAA,WACA,kBAAA,2BACa,uBAAA,4BAEvB,MAAA,CAAO,CAAA,iBACH,OAAA,CAAQ,cAAA,IACR,WAAA,CAAY,cAAA;AAAA,iBA6FF,UAAA,WACJ,kBAAA,2BACa,uBAAA,yBAAA,CAEvB,SAAA,EAAW,gBAAA,eACX,MAAA,EAAQ,IAAA,CAAK,UAAA;EACX,SAAA,EAAW,CAAA;EACX,aAAA,GAAgB,cAAA;AAAA,IAEjB,gBAAA,CAAiB,CAAA,EAAG,cAAA;;KA2MX,OAAA,GAAU,GAAA;;;;;;;KAQV,aAAA,kBACO,MAAA,oBAA0B,MAAA;EAzYnC,8EA4YR,QAAA;EA1YQ;;;EA8YR,OAAA,IAAW,GAAA,OAAU,IAAA,EAAM,OAAA,KAAY,OAAA,CAAQ,QAAA,IAAY,QAAA;AAAA;;;;;;;;;;;;;;;;;;;;;AA/XnC;;;iBAyZV,OAAA,kBACG,MAAA,oBAA0B,MAAA,gBAAA,CAE3C,IAAA,EAAM,QAAA,EACN,MAAA,EAAQ,aAAA,CAAc,QAAA;EAAc,QAAA;AAAA;EAEpC,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA;QACE,eAAA,QAAuB,OAAA,CAAQ,YAAA;QAC/B,MAAA,EAAQ,SAAA;QACR,IAAA,EAAM,OAAA;MAAA,IACJ,QAAA;IAAA;IAEN,IAAA;EAAA;AAAA;;;AAhawB;;;;;;;;;AAsB5B;;;;;;;;;;;;iBAoagB,OAAA,kBACG,MAAA,oBAA0B,MAAA,gBAAA,CAE3C,IAAA,EAAM,QAAA,EACN,MAAA,GAAS,aAAA,CAAc,QAAA;EAEvB,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA;QACE,eAAA,QAAuB,OAAA,CAAQ,YAAA;QAC/B,MAAA,EAAQ,SAAA;QACR,IAAA,EAAM,OAAA;MAAA,IACJ,QAAA;IAAA;IAEN,IAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;;AA9TJ;;;KAwZY,SAAA;EACE,KAAA,MAAW,IAAA,YAAgB,OAAA;IAAU,GAAA;MAAO,IAAA;IAAA;EAAA;AAAA,KACtD,OAAA,CAAQ,UAAA,CAAW,CAAA"}
1
+ {"version":3,"file":"auth.d.ts","names":[],"sources":["../../../src/server/auth.ts"],"mappings":";;;;;;;;AAqCA;;;KAHY,UAAA,GAAa,IAAA,CAAK,gBAAA;;KAGlB,OAAA,GAAU,GAAA;AAAA,KAEjB,0BAAA,wBACoB,uBAAA,gBACrB,IAAA,CACF,UAAA,QAAkB,IAAA;EAGlB,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,IAAA;IACE,OAAA;IACA,MAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA;IACA,MAAA,GAAS,MAAA;EAAA,MAER,OAAA;IAAU,EAAA;IAAU,QAAA;EAAA;EACzB,IAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,iCAEpB,IAAA;IACE,KAAA;MACE,OAAA;MACA,MAAA;MACA,MAAA,GAAS,UAAA,CAAW,cAAA;MACpB,MAAA;IAAA;IAEF,KAAA;IACA,MAAA;IACA,OAAA;IACA,KAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;EAClC,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,QAAA,UACA,IAAA,EAAM,MAAA;IAA4B,OAAA,GAAU,UAAA,CAAW,cAAA;EAAA,MACpD,OAAA;IAAU,EAAA;IAAU,QAAA;EAAA;EACzB,OAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,oCAEpB,IAAA;IACE,MAAA;IACA,OAAA;IACA,QAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA,GAAS,SAAA,CAAU,cAAA;IACnB,QAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;AAAA;;;;;;;;;;;;;;;;KAmBxB,WAAA,wBACa,uBAAA;EAEvB,MAAA,EAAQ,UAAA,QAAkB,IAAA;EAC1B,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,IAAA;EACzB,IAAA,EAAM,UAAA,QAAkB,IAAA;EACxB,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,QAAA,EAAU,UAAA,QAAkB,IAAA;EAC5B,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,IAAA;EACzB,MAAA,EAAQ,0BAAA,CAA2B,cAAA;EACnC,MAAA,EAAQ,UAAA,QAAkB,IAAA;EAC1B,GAAA,EAAK,UAAA,QAAkB,IAAA;EACvB,IAAA,EAAM,UAAA,QAAkB,IAAA;EApEtB;;;;;;;;;;;;;;;;;;;;;;;;EA6FF,OAAA,GAAU,GAAA,UAAa,OAAA,CAAQ,mBAAA;EAxE0B;;;;;;;;;;;;;;;;;;;;;;;;;;AAiC3D;;;;;;;;;;;;;EA+EE,GAAA;IACE,IAAA,EAAM,MAAA;IACN,KAAA,GAAQ,GAAA,UAAa,OAAA;MACnB,GAAA;QAAO,IAAA,EAAM,mBAAA;MAAA;MACb,IAAA,EAAM,MAAA;IAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;KA2BA,mBAAA;EAzGe,4CA2GzB,MAAA,EAAQ,SAAA,UA1GF;EA4GN,IAAA,EAAM,OAAA,EA3GN;EA6GA,OAAA,iBA7G2B;EA+G3B,IAAA,iBA9GU;EAgHV,MAAA;AAAA;AAAA,KAGG,WAAA;EACH,eAAA,QAAuB,OAAA,CAAQ,YAAA;AAAA;AAAA,KAG5B,oBAAA,GAAuB,WAAA,GAAc,mBAAA;AAAA,KAErC,oBAAA,GAAuB,WAAA;EAC1B,MAAA,EAAQ,SAAA;EACR,IAAA,EAAM,OAAA;EACN,OAAA;EACA,IAAA;EACA,MAAA;AAAA;AAAA,KAGG,cAAA,GAAiB,UAAA,QAAkB,IAAA;AAAA,KAEnC,iBAAA;EACH,UAAA,EAAY,cAAA;IACV,MAAA;MACE,IAAA,EAAM,cAAA;MACN,QAAA,EAAU,cAAA;MACV,GAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,YAAA,UACA,OAAA,EAAS,KAAA;QACP,MAAA;QACA,SAAA;MAAA,OAEC,OAAA;QACH,EAAA;QACA,YAAA;QACA,OAAA,EAAS,KAAA;UACP,QAAA;UACA,MAAA;UACA,SAAA;UACA,QAAA;UACA,UAAA;QAAA;MAAA;MAGJ,YAAA;QACE,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,EAAA;UACA,YAAA;UACA,MAAA;UACA,WAAA;UACA,SAAA;UACA,SAAA;YACE,UAAA;YACA,UAAA;YACA,WAAA;UAAA;QAAA;QAGJ,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,EAAA;UACA,YAAA;UACA,MAAA;UACA,UAAA;UACA,MAAA,EAAQ,KAAA;YAAQ,IAAA;YAAc,EAAA;YAAa,OAAA;UAAA;QAAA;MAAA;IAAA;EAAA;EAKnD,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,MAAA,EAAQ,cAAA;EACR,KAAA;IACE,IAAA,EAAM,cAAA;EAAA;EAER,OAAA;IACE,QAAA,EAAU,cAAA;IACV,QAAA;MACE,IAAA,EAAM,cAAA;IAAA;EAAA;AAAA;AAAA,KAKP,kBAAA;EACH,MAAA,EAAQ,cAAA;EACR,QAAA,EAAU,cAAA;AAAA;AAAA,KAGP,YAAA;EACH,KAAA,EAAO,iBAAA;EACP,MAAA,EAAQ,kBAAA;AAAA;AAAA,KAGL,aAAA;EACH,KAAA,EAAO,IAAA,CAAK,cAAA;AAAA;;;;;;;;;;;;;;;;KAkBF,OAAA,wBACa,uBAAA,4BACrB,WAAA,CAAY,cAAA;EACd,GAAA,EAAK,YAAA;EACL,IAAA,EAAM,aAAA;AAAA;;;;;;;;;;;;;;;;KAkBI,gBAAA,WACA,kBAAA,2BACa,uBAAA,4BAEvB,MAAA,CAAO,CAAA,iBACH,OAAA,CAAQ,cAAA,IACR,WAAA,CAAY,cAAA;AAAA,iBA6FF,UAAA,WACJ,kBAAA,2BACa,uBAAA,yBAAA,CAEvB,SAAA,EAAW,gBAAA,eACX,MAAA,EAAQ,IAAA,CAAK,UAAA;EACX,SAAA,EAAW,CAAA;EACX,aAAA,GAAgB,cAAA;AAAA,IAEjB,gBAAA,CAAiB,CAAA,EAAG,cAAA;;;;;;;KAgNX,aAAA,kBACO,MAAA,oBAA0B,MAAA;EAjZnC,8EAoZR,QAAA;EAlZU;;;;EAuZV,OAAA,IACE,GAAA,OACA,IAAA,EAAM,OAAA,EACN,IAAA,EAAM,mBAAA,KACH,OAAA,CAAQ,QAAA,IAAY,QAAA;EAtZjB;;;;;;;;;;;;;;;;;;;;;;;;EA+aR,WAAA,IACE,GAAA,OACA,QAAA,QAAgB,OAAA,CAAQ,mBAAA,aAEtB,OAAA,CAAQ,mBAAA,uBACR,mBAAA;AAAA;;;;;;;;AA/ZoB;;;;;;;;;;AAOA;;;;;;iBAobV,OAAA,kBACG,MAAA,oBAA0B,MAAA,gBAAA,CAE3C,IAAA,EAAM,QAAA,EACN,MAAA,EAAQ,aAAA,CAAc,QAAA;EAAc,QAAA;AAAA;EAEpC,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA,EAAM,oBAAA,GAAuB,QAAA;IAAA;IAE/B,IAAA;EAAA;AAAA;;;AAxaJ;;;;;;;;;;;;;;;;;;;;AAsBA;;iBA6agB,OAAA,kBACG,MAAA,oBAA0B,MAAA,gBAAA,CAE3C,IAAA,EAAM,QAAA,EACN,MAAA,GAAS,aAAA,CAAc,QAAA;EAEvB,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA,EAAM,oBAAA,GAAuB,QAAA;IAAA;IAE/B,IAAA;EAAA;AAAA;;;;;;;;;;;;;;;AAzVJ;;;;;;;;;;KAqaY,SAAA;EACE,KAAA,MAAW,IAAA,YAAgB,OAAA;IAAU,GAAA;MAAO,IAAA;IAAA;EAAA;AAAA,KACtD,OAAA,CAAQ,UAAA,CAAW,CAAA"}