npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.21 → 0.0.4-preview.23 - Mend

@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/dist/authorization/index.d.ts +1 -1
package/dist/authorization/index.js +1 -1
package/dist/authorization/index.js.map +1 -1
package/dist/client/index.d.ts +1 -2
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +36 -39
package/dist/client/index.js.map +1 -1
package/dist/component/client/index.d.ts +1 -2
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/convex.config.d.ts.map +1 -1
package/dist/component/model.d.ts +5 -5
package/dist/component/model.d.ts.map +1 -1
package/dist/component/public/enterprise/audit.d.ts.map +1 -1
package/dist/component/public/enterprise/audit.js.map +1 -1
package/dist/component/public/enterprise/core.d.ts.map +1 -1
package/dist/component/public/enterprise/core.js.map +1 -1
package/dist/component/public/enterprise/domains.d.ts.map +1 -1
package/dist/component/public/enterprise/domains.js.map +1 -1
package/dist/component/public/enterprise/scim.d.ts.map +1 -1
package/dist/component/public/enterprise/scim.js.map +1 -1
package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
package/dist/component/public/enterprise/secrets.js.map +1 -1
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
package/dist/component/public/enterprise/webhooks.js.map +1 -1
package/dist/component/public/factors/devices.d.ts.map +1 -1
package/dist/component/public/factors/devices.js.map +1 -1
package/dist/component/public/factors/passkeys.d.ts.map +1 -1
package/dist/component/public/factors/passkeys.js.map +1 -1
package/dist/component/public/factors/totp.d.ts.map +1 -1
package/dist/component/public/factors/totp.js.map +1 -1
package/dist/component/public/groups/core.js.map +1 -1
package/dist/component/public/groups/invites.d.ts.map +1 -1
package/dist/component/public/groups/invites.js.map +1 -1
package/dist/component/public/groups/members.d.ts.map +1 -1
package/dist/component/public/groups/members.js.map +1 -1
package/dist/component/public/identity/accounts.d.ts.map +1 -1
package/dist/component/public/identity/accounts.js.map +1 -1
package/dist/component/public/identity/codes.d.ts.map +1 -1
package/dist/component/public/identity/codes.js.map +1 -1
package/dist/component/public/identity/sessions.d.ts.map +1 -1
package/dist/component/public/identity/sessions.js.map +1 -1
package/dist/component/public/identity/tokens.d.ts.map +1 -1
package/dist/component/public/identity/tokens.js.map +1 -1
package/dist/component/public/identity/users.d.ts.map +1 -1
package/dist/component/public/identity/users.js.map +1 -1
package/dist/component/public/identity/verifiers.d.ts.map +1 -1
package/dist/component/public/identity/verifiers.js.map +1 -1
package/dist/component/public/security/keys.d.ts.map +1 -1
package/dist/component/public/security/keys.js.map +1 -1
package/dist/component/public/security/limits.d.ts.map +1 -1
package/dist/component/public/security/limits.js.map +1 -1
package/dist/component/schema.d.ts +39 -39
package/dist/component/server/auth.d.ts +95 -52
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +63 -43
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/core.js +116 -235
package/dist/component/server/core.js.map +1 -1
package/dist/component/server/crypto.js +25 -7
package/dist/component/server/crypto.js.map +1 -1
package/dist/component/server/device.js +58 -15
package/dist/component/server/device.js.map +1 -1
package/dist/component/server/enterprise/domain.js +148 -59
package/dist/component/server/enterprise/domain.js.map +1 -1
package/dist/component/server/enterprise/http.js +36 -15
package/dist/component/server/enterprise/http.js.map +1 -1
package/dist/component/server/enterprise/oidc.js +1 -1
package/dist/component/server/http.js +26 -21
package/dist/component/server/http.js.map +1 -1
package/dist/component/server/identity.js +5 -2
package/dist/component/server/identity.js.map +1 -1
package/dist/component/server/limits.js +21 -30
package/dist/component/server/limits.js.map +1 -1
package/dist/component/server/mutations/account.js +12 -10
package/dist/component/server/mutations/account.js.map +1 -1
package/dist/component/server/mutations/code.js +5 -2
package/dist/component/server/mutations/code.js.map +1 -1
package/dist/component/server/mutations/invalidate.js +1 -1
package/dist/component/server/mutations/invalidate.js.map +1 -1
package/dist/component/server/mutations/oauth.js +10 -4
package/dist/component/server/mutations/oauth.js.map +1 -1
package/dist/component/server/mutations/refresh.js +2 -2
package/dist/component/server/mutations/refresh.js.map +1 -1
package/dist/component/server/mutations/register.js +46 -42
package/dist/component/server/mutations/register.js.map +1 -1
package/dist/component/server/mutations/retrieve.js +21 -25
package/dist/component/server/mutations/retrieve.js.map +1 -1
package/dist/component/server/mutations/signature.js +10 -4
package/dist/component/server/mutations/signature.js.map +1 -1
package/dist/component/server/mutations/signout.js.map +1 -1
package/dist/component/server/mutations/store.js +9 -24
package/dist/component/server/mutations/store.js.map +1 -1
package/dist/component/server/mutations/verifier.js.map +1 -1
package/dist/component/server/mutations/verify.js +1 -1
package/dist/component/server/mutations/verify.js.map +1 -1
package/dist/component/server/oauth.js +53 -16
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +115 -31
package/dist/component/server/passkey.js.map +1 -1
package/dist/component/server/redirects.js +9 -3
package/dist/component/server/redirects.js.map +1 -1
package/dist/component/server/refresh.js +10 -7
package/dist/component/server/refresh.js.map +1 -1
package/dist/component/server/runtime.d.ts +3 -3
package/dist/component/server/runtime.d.ts.map +1 -1
package/dist/component/server/runtime.js +62 -20
package/dist/component/server/runtime.js.map +1 -1
package/dist/component/server/signin.js +34 -10
package/dist/component/server/signin.js.map +1 -1
package/dist/component/server/totp.js +79 -19
package/dist/component/server/totp.js.map +1 -1
package/dist/component/server/types.d.ts +12 -20
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/types.js.map +1 -1
package/dist/component/server/users.js +6 -3
package/dist/component/server/users.js.map +1 -1
package/dist/component/server/utils.js +10 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +14 -22
package/dist/core/types.d.ts.map +1 -1
package/dist/factors/device.js +8 -9
package/dist/factors/device.js.map +1 -1
package/dist/factors/passkey.js +18 -21
package/dist/factors/passkey.js.map +1 -1
package/dist/providers/password.js +66 -81
package/dist/providers/password.js.map +1 -1
package/dist/runtime/invite.js +2 -8
package/dist/runtime/invite.js.map +1 -1
package/dist/server/auth.d.ts +95 -52
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +63 -43
package/dist/server/auth.js.map +1 -1
package/dist/server/core.d.ts +71 -159
package/dist/server/core.d.ts.map +1 -1
package/dist/server/core.js +116 -235
package/dist/server/core.js.map +1 -1
package/dist/server/crypto.d.ts.map +1 -1
package/dist/server/crypto.js +25 -7
package/dist/server/crypto.js.map +1 -1
package/dist/server/device.js +58 -15
package/dist/server/device.js.map +1 -1
package/dist/server/enterprise/domain.d.ts +0 -8
package/dist/server/enterprise/domain.d.ts.map +1 -1
package/dist/server/enterprise/domain.js +148 -59
package/dist/server/enterprise/domain.js.map +1 -1
package/dist/server/enterprise/http.d.ts.map +1 -1
package/dist/server/enterprise/http.js +35 -14
package/dist/server/enterprise/http.js.map +1 -1
package/dist/server/http.d.ts +2 -2
package/dist/server/http.d.ts.map +1 -1
package/dist/server/http.js +25 -20
package/dist/server/http.js.map +1 -1
package/dist/server/identity.js +5 -2
package/dist/server/identity.js.map +1 -1
package/dist/server/index.d.ts +2 -2
package/dist/server/limits.js +21 -30
package/dist/server/limits.js.map +1 -1
package/dist/server/mounts.d.ts +26 -64
package/dist/server/mounts.d.ts.map +1 -1
package/dist/server/mounts.js +45 -106
package/dist/server/mounts.js.map +1 -1
package/dist/server/mutations/account.d.ts +8 -9
package/dist/server/mutations/account.d.ts.map +1 -1
package/dist/server/mutations/account.js +11 -9
package/dist/server/mutations/account.js.map +1 -1
package/dist/server/mutations/code.d.ts +13 -13
package/dist/server/mutations/code.d.ts.map +1 -1
package/dist/server/mutations/code.js +5 -2
package/dist/server/mutations/code.js.map +1 -1
package/dist/server/mutations/invalidate.d.ts +4 -4
package/dist/server/mutations/invalidate.d.ts.map +1 -1
package/dist/server/mutations/invalidate.js.map +1 -1
package/dist/server/mutations/oauth.d.ts +12 -10
package/dist/server/mutations/oauth.d.ts.map +1 -1
package/dist/server/mutations/oauth.js +9 -3
package/dist/server/mutations/oauth.js.map +1 -1
package/dist/server/mutations/refresh.d.ts +3 -3
package/dist/server/mutations/refresh.d.ts.map +1 -1
package/dist/server/mutations/refresh.js +1 -1
package/dist/server/mutations/refresh.js.map +1 -1
package/dist/server/mutations/register.d.ts +11 -11
package/dist/server/mutations/register.d.ts.map +1 -1
package/dist/server/mutations/register.js +45 -41
package/dist/server/mutations/register.js.map +1 -1
package/dist/server/mutations/retrieve.d.ts +6 -6
package/dist/server/mutations/retrieve.d.ts.map +1 -1
package/dist/server/mutations/retrieve.js +20 -24
package/dist/server/mutations/retrieve.js.map +1 -1
package/dist/server/mutations/signature.d.ts +6 -7
package/dist/server/mutations/signature.d.ts.map +1 -1
package/dist/server/mutations/signature.js +9 -3
package/dist/server/mutations/signature.js.map +1 -1
package/dist/server/mutations/signin.d.ts +5 -5
package/dist/server/mutations/signin.d.ts.map +1 -1
package/dist/server/mutations/signout.js.map +1 -1
package/dist/server/mutations/store.d.ts +97 -97
package/dist/server/mutations/store.d.ts.map +1 -1
package/dist/server/mutations/store.js +8 -23
package/dist/server/mutations/store.js.map +1 -1
package/dist/server/mutations/verifier.js.map +1 -1
package/dist/server/mutations/verify.d.ts +10 -10
package/dist/server/mutations/verify.d.ts.map +1 -1
package/dist/server/mutations/verify.js.map +1 -1
package/dist/server/oauth.js +53 -16
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +2 -2
package/dist/server/passkey.d.ts.map +1 -1
package/dist/server/passkey.js +114 -30
package/dist/server/passkey.js.map +1 -1
package/dist/server/redirects.js +9 -3
package/dist/server/redirects.js.map +1 -1
package/dist/server/refresh.js +10 -7
package/dist/server/refresh.js.map +1 -1
package/dist/server/runtime.d.ts +14 -14
package/dist/server/runtime.d.ts.map +1 -1
package/dist/server/runtime.js +61 -19
package/dist/server/runtime.js.map +1 -1
package/dist/server/signin.js +34 -10
package/dist/server/signin.js.map +1 -1
package/dist/server/ssr.d.ts.map +1 -1
package/dist/server/ssr.js +175 -184
package/dist/server/ssr.js.map +1 -1
package/dist/server/totp.js +78 -18
package/dist/server/totp.js.map +1 -1
package/dist/server/types.d.ts +13 -21
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js.map +1 -1
package/dist/server/users.js +6 -3
package/dist/server/users.js.map +1 -1
package/dist/server/utils.js +10 -4
package/dist/server/utils.js.map +1 -1
package/package.json +2 -6
package/src/authorization/index.ts +1 -1
package/src/cli/index.ts +1 -1
package/src/client/core/types.ts +14 -14
package/src/client/factors/device.ts +10 -12
package/src/client/factors/passkey.ts +23 -26
package/src/client/index.ts +54 -64
package/src/client/runtime/invite.ts +5 -7
package/src/component/index.ts +1 -0
package/src/component/public/enterprise/audit.ts +6 -1
package/src/component/public/enterprise/core.ts +1 -0
package/src/component/public/enterprise/domains.ts +5 -1
package/src/component/public/enterprise/scim.ts +1 -0
package/src/component/public/enterprise/secrets.ts +1 -0
package/src/component/public/enterprise/webhooks.ts +1 -0
package/src/component/public/factors/devices.ts +1 -0
package/src/component/public/factors/passkeys.ts +1 -0
package/src/component/public/factors/totp.ts +1 -0
package/src/component/public/groups/core.ts +1 -1
package/src/component/public/groups/invites.ts +7 -1
package/src/component/public/groups/members.ts +1 -0
package/src/component/public/identity/accounts.ts +1 -0
package/src/component/public/identity/codes.ts +1 -0
package/src/component/public/identity/sessions.ts +1 -0
package/src/component/public/identity/tokens.ts +1 -0
package/src/component/public/identity/users.ts +1 -0
package/src/component/public/identity/verifiers.ts +1 -0
package/src/component/public/security/keys.ts +1 -0
package/src/component/public/security/limits.ts +1 -0
package/src/providers/password.ts +89 -110
package/src/server/auth.ts +177 -111
package/src/server/core.ts +197 -233
package/src/server/crypto.ts +31 -29
package/src/server/device.ts +65 -32
package/src/server/enterprise/domain.ts +158 -170
package/src/server/enterprise/http.ts +46 -39
package/src/server/http.ts +36 -30
package/src/server/identity.ts +5 -5
package/src/server/index.ts +2 -0
package/src/server/limits.ts +53 -80
package/src/server/mounts.ts +47 -74
package/src/server/mutations/account.ts +22 -36
package/src/server/mutations/code.ts +6 -6
package/src/server/mutations/invalidate.ts +1 -1
package/src/server/mutations/oauth.ts +14 -8
package/src/server/mutations/refresh.ts +5 -4
package/src/server/mutations/register.ts +87 -132
package/src/server/mutations/retrieve.ts +44 -44
package/src/server/mutations/signature.ts +13 -6
package/src/server/mutations/signout.ts +1 -1
package/src/server/mutations/store.ts +16 -31
package/src/server/mutations/verifier.ts +1 -1
package/src/server/mutations/verify.ts +3 -5
package/src/server/oauth.ts +60 -69
package/src/server/passkey.ts +567 -517
package/src/server/redirects.ts +10 -6
package/src/server/refresh.ts +14 -18
package/src/server/runtime.ts +70 -55
package/src/server/signin.ts +44 -37
package/src/server/ssr.ts +390 -407
package/src/server/totp.ts +85 -35
package/src/server/types.ts +19 -22
package/src/server/users.ts +7 -6
package/src/server/utils.ts +10 -12
package/dist/component/server/authError.js +0 -34
package/dist/component/server/authError.js.map +0 -1
package/dist/component/server/errors.d.ts +0 -1
package/dist/component/server/errors.js +0 -137
package/dist/component/server/errors.js.map +0 -1
package/dist/server/authError.d.ts +0 -46
package/dist/server/authError.d.ts.map +0 -1
package/dist/server/authError.js +0 -34
package/dist/server/authError.js.map +0 -1
package/dist/server/errors.d.ts +0 -177
package/dist/server/errors.d.ts.map +0 -1
package/dist/server/errors.js +0 -212
package/dist/server/errors.js.map +0 -1
package/src/server/authError.ts +0 -44
package/src/server/errors.ts +0 -290

package/dist/server/ssr.js CHANGED Viewed

@@ -310,204 +310,195 @@ function server(options) {
 			const host = request.headers.get("host") ?? new URL(request.url).host;
 			const currentCookies = parseAuthCookies(request.headers.get("cookie"), host, cookieNamespace);
 			return Fx.run(Fx.match(actionDispatch, actionDispatch.action, {
-				sessionStart: (_) => Fx.from({
-					ok: async () => {
-						const refreshDispatch = args.refreshToken === void 0 ? { kind: "passthrough" } : currentCookies.refreshToken === null ? { kind: "refreshRequestedWithoutCookie" } : {
-							kind: "hydrateRefreshFromCookie",
-							refreshToken: currentCookies.refreshToken
-						};
-						const refreshResponse = await Fx.run(Fx.match(refreshDispatch, refreshDispatch.kind, {
-							passthrough: async () => null,
-							hydrateRefreshFromCookie: async ({ refreshToken }) => {
-								args.refreshToken = refreshToken;
-								return null;
-							},
-							refreshRequestedWithoutCookie: async () => {
-								const currentToken = currentCookies.token;
-								const decodedToken = currentToken === null ? null : await Fx.run(Fx.attempt(async () => jwtDecode(currentToken), (decoded) => decoded, () => null));
-								const tokenDispatch = currentToken !== null && decodedToken?.exp !== void 0 && decodedToken.iss !== void 0 && acceptedIssuers.has(normalizeIssuer(decodedToken.iss)) && decodedToken.exp * 1e3 > Date.now() ? {
-									kind: "validToken",
-									token: currentToken
-								} : { kind: "missingToken" };
-								return await Fx.run(Fx.match(tokenDispatch, tokenDispatch.kind, {
-									validToken: ({ token }) => new Response(JSON.stringify({ tokens: {
-										token,
-										refreshToken: "dummy"
-									} }), {
-										status: 200,
-										headers: { "Content-Type": "application/json" }
-									}),
-									missingToken: () => new Response(JSON.stringify({ tokens: null }), {
-										status: 200,
-										headers: { "Content-Type": "application/json" }
-									})
-								}));
-							}
-						}));
-						const refreshDecision = refreshResponse !== null ? {
-							kind: "shortCircuit",
-							response: refreshResponse
-						} : { kind: "continue" };
-						const maybeShortCircuitResponse = await Fx.run(Fx.match(refreshDecision, refreshDecision.kind, {
-							shortCircuit: ({ response }) => response,
-							continue: () => null
-						}));
-						if (maybeShortCircuitResponse !== null) return maybeShortCircuitResponse;
-						const client = new ConvexHttpClient(convexUrl);
-						const authDispatch = args.refreshToken === void 0 && args.params?.code === void 0 && currentCookies.token !== null ? {
-							kind: "attachAuth",
-							token: currentCookies.token
-						} : { kind: "skipAuth" };
-						await Fx.run(Fx.match(authDispatch, authDispatch.kind, {
-							attachAuth: ({ token }) => {
-								client.setAuth(token);
-							},
-							skipAuth: () => void 0
-						}));
-						return Fx.run(Fx.from({
-							ok: () => client.action(signInActionRef, args),
-							err: (error) => error
-						}).pipe(Fx.fold({
-							ok: (result) => Fx.run(Fx.match(result, result.kind, {
-								redirect: (redirectResult) => {
-									const response = new Response(JSON.stringify({
-										kind: "redirect",
-										redirect: redirectResult.redirect,
-										verifier: redirectResult.verifier
-									}), {
-										status: 200,
-										headers: { "Content-Type": "application/json" }
-									});
-									for (const value of serializeAuthCookies({
-										...currentCookies,
-										verifier: redirectResult.verifier
-									}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-									return Fx.succeed(response);
-								},
-								signedIn: (signedInResult) => {
-									const response = new Response(JSON.stringify({
-										kind: "signedIn",
-										tokens: signedInResult.tokens === null ? null : {
-											token: signedInResult.tokens.token,
-											refreshToken: "dummy"
-										}
-									}), {
-										status: 200,
-										headers: { "Content-Type": "application/json" }
-									});
-									for (const value of serializeAuthCookies({
-										token: signedInResult.tokens?.token ?? null,
-										refreshToken: signedInResult.tokens?.refreshToken ?? null,
-										verifier: null
-									}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-									return Fx.succeed(response);
-								},
-								started: (startedResult) => Fx.succeed(new Response(JSON.stringify(startedResult), {
-									status: 200,
-									headers: { "Content-Type": "application/json" }
-								})),
-								passkeyOptions: (passkeyOptionsResult) => Fx.succeed(new Response(JSON.stringify(passkeyOptionsResult), {
+				sessionStart: (_) => Fx.promise(async () => {
+					const refreshDispatch = args.refreshToken === void 0 ? { kind: "passthrough" } : currentCookies.refreshToken === null ? { kind: "refreshRequestedWithoutCookie" } : {
+						kind: "hydrateRefreshFromCookie",
+						refreshToken: currentCookies.refreshToken
+					};
+					const refreshResponse = await Fx.run(Fx.match(refreshDispatch, refreshDispatch.kind, {
+						passthrough: async () => null,
+						hydrateRefreshFromCookie: async ({ refreshToken }) => {
+							args.refreshToken = refreshToken;
+							return null;
+						},
+						refreshRequestedWithoutCookie: async () => {
+							const currentToken = currentCookies.token;
+							const decodedToken = currentToken === null ? null : await Fx.run(Fx.attempt(async () => jwtDecode(currentToken), (decoded) => decoded, () => null));
+							const tokenDispatch = currentToken !== null && decodedToken?.exp !== void 0 && decodedToken.iss !== void 0 && acceptedIssuers.has(normalizeIssuer(decodedToken.iss)) && decodedToken.exp * 1e3 > Date.now() ? {
+								kind: "validToken",
+								token: currentToken
+							} : { kind: "missingToken" };
+							return await Fx.run(Fx.match(tokenDispatch, tokenDispatch.kind, {
+								validToken: ({ token }) => new Response(JSON.stringify({ tokens: {
+									token,
+									refreshToken: "dummy"
+								} }), {
 									status: 200,
 									headers: { "Content-Type": "application/json" }
-								})),
-								totpRequired: (totpRequiredResult) => Fx.succeed(new Response(JSON.stringify(totpRequiredResult), {
+								}),
+								missingToken: () => new Response(JSON.stringify({ tokens: null }), {
 									status: 200,
 									headers: { "Content-Type": "application/json" }
-								})),
-								totpSetup: (totpSetupResult) => Fx.succeed(new Response(JSON.stringify(totpSetupResult), {
+								})
+							}));
+						}
+					}));
+					const refreshDecision = refreshResponse !== null ? {
+						kind: "shortCircuit",
+						response: refreshResponse
+					} : { kind: "continue" };
+					const maybeShortCircuitResponse = await Fx.run(Fx.match(refreshDecision, refreshDecision.kind, {
+						shortCircuit: ({ response }) => response,
+						continue: () => null
+					}));
+					if (maybeShortCircuitResponse !== null) return maybeShortCircuitResponse;
+					const client = new ConvexHttpClient(convexUrl);
+					const authDispatch = args.refreshToken === void 0 && args.params?.code === void 0 && currentCookies.token !== null ? {
+						kind: "attachAuth",
+						token: currentCookies.token
+					} : { kind: "skipAuth" };
+					await Fx.run(Fx.match(authDispatch, authDispatch.kind, {
+						attachAuth: ({ token }) => {
+							client.setAuth(token);
+						},
+						skipAuth: () => void 0
+					}));
+					return Fx.run(Fx.from({
+						ok: () => client.action(signInActionRef, args),
+						err: (error) => error
+					}).pipe(Fx.fold({
+						ok: (result) => Fx.run(Fx.match(result, result.kind, {
+							redirect: (redirectResult) => {
+								const response = new Response(JSON.stringify({
+									kind: "redirect",
+									redirect: redirectResult.redirect,
+									verifier: redirectResult.verifier
+								}), {
 									status: 200,
 									headers: { "Content-Type": "application/json" }
-								})),
-								deviceCode: (deviceCodeResult) => Fx.succeed(new Response(JSON.stringify(deviceCodeResult), {
+								});
+								for (const value of serializeAuthCookies({
+									...currentCookies,
+									verifier: redirectResult.verifier
+								}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
+								return Fx.succeed(response);
+							},
+							signedIn: (signedInResult) => {
+								const response = new Response(JSON.stringify({
+									kind: "signedIn",
+									tokens: signedInResult.tokens === null ? null : {
+										token: signedInResult.tokens.token,
+										refreshToken: "dummy"
+									}
+								}), {
 									status: 200,
 									headers: { "Content-Type": "application/json" }
-								}))
-							})),
-							err: (error) => {
-								const errorBody = error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data ? {
-									error: error.data.message ?? String(error),
-									authError: error.data
-								} : { error: error instanceof Error ? error.message : String(error) };
-								const response = new Response(JSON.stringify(errorBody), {
-									status: 400,
-									headers: { "Content-Type": "application/json" }
 								});
-								const clearSession = args.refreshToken !== void 0 && error instanceof ConvexError && typeof error.data === "object" && error.data !== null && error.data.code === "INVALID_REFRESH_TOKEN";
 								for (const value of serializeAuthCookies({
-									token: clearSession ? null : currentCookies.token,
-									refreshToken: clearSession ? null : currentCookies.refreshToken,
+									token: signedInResult.tokens?.token ?? null,
+									refreshToken: signedInResult.tokens?.refreshToken ?? null,
 									verifier: null
 								}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-								return response;
-							}
-						})));
-					},
-					err: (e) => e
-				}),
-				sessionStop: (_) => Fx.from({
-					ok: async () => {
-						await Fx.run(Fx.from({
-							ok: () => (() => {
-								const client = new ConvexHttpClient(convexUrl);
-								if (currentCookies.token !== null) client.setAuth(currentCookies.token);
-								return client.action(signOutActionRef);
-							})(),
-							err: (error) => error
-						}).pipe(Fx.recover((error) => {
-							console.error("[convex-auth/server] proxy sign-out failed", error);
-							const fallbackDispatch = currentCookies.refreshToken !== null ? {
-								kind: "attemptFallback",
-								refreshToken: currentCookies.refreshToken
-							} : { kind: "skipFallback" };
-							return Fx.match(fallbackDispatch, fallbackDispatch.kind, {
-								attemptFallback: ({ refreshToken }) => Fx.from({
-									ok: async () => {
-										const refreshed = await new ConvexHttpClient(convexUrl).action(signInActionRef, { refreshToken });
-										const refreshedTokens = await Fx.run(Fx.match(refreshed, refreshed.kind, {
-											signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
-											redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-											started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-											passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-											totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-											totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-											deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh"))
-										}));
-										const fallbackSignOutDispatch = refreshedTokens !== null ? {
-											kind: "signOutWithRefreshed",
-											token: refreshedTokens.token
-										} : { kind: "skipRefreshedSignOut" };
-										await Fx.run(Fx.match(fallbackSignOutDispatch, fallbackSignOutDispatch.kind, {
-											signOutWithRefreshed: ({ token }) => Fx.from({
-												ok: async () => {
-													const client = new ConvexHttpClient(convexUrl);
-													client.setAuth(token);
-													await client.action(signOutActionRef);
-												},
-												err: (error$1) => error$1
-											}),
-											skipRefreshedSignOut: () => Fx.succeed(void 0)
-										}));
-									},
-									err: (fallbackError) => fallbackError
-								}).pipe(Fx.recover((fallbackError) => {
-									console.error("[convex-auth/server] proxy sign-out fallback failed", fallbackError);
-									return Fx.succeed(void 0);
-								})),
-								skipFallback: () => Fx.succeed(void 0)
+								return Fx.succeed(response);
+							},
+							started: (startedResult) => Fx.succeed(new Response(JSON.stringify(startedResult), {
+								status: 200,
+								headers: { "Content-Type": "application/json" }
+							})),
+							passkeyOptions: (passkeyOptionsResult) => Fx.succeed(new Response(JSON.stringify(passkeyOptionsResult), {
+								status: 200,
+								headers: { "Content-Type": "application/json" }
+							})),
+							totpRequired: (totpRequiredResult) => Fx.succeed(new Response(JSON.stringify(totpRequiredResult), {
+								status: 200,
+								headers: { "Content-Type": "application/json" }
+							})),
+							totpSetup: (totpSetupResult) => Fx.succeed(new Response(JSON.stringify(totpSetupResult), {
+								status: 200,
+								headers: { "Content-Type": "application/json" }
+							})),
+							deviceCode: (deviceCodeResult) => Fx.succeed(new Response(JSON.stringify(deviceCodeResult), {
+								status: 200,
+								headers: { "Content-Type": "application/json" }
+							}))
+						})),
+						err: (error) => {
+							const errorBody = error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data ? {
+								error: error.data.message ?? String(error),
+								authError: error.data
+							} : { error: error instanceof Error ? error.message : String(error) };
+							const response = new Response(JSON.stringify(errorBody), {
+								status: 400,
+								headers: { "Content-Type": "application/json" }
 							});
-						}), Fx.map(() => void 0)));
-						const response = new Response(JSON.stringify(null), {
-							status: 200,
-							headers: { "Content-Type": "application/json" }
+							const clearSession = args.refreshToken !== void 0 && error instanceof ConvexError && typeof error.data === "object" && error.data !== null && error.data.code === "INVALID_REFRESH_TOKEN";
+							for (const value of serializeAuthCookies({
+								token: clearSession ? null : currentCookies.token,
+								refreshToken: clearSession ? null : currentCookies.refreshToken,
+								verifier: null
+							}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
+							return response;
+						}
+					})));
+				}),
+				sessionStop: (_) => Fx.promise(async () => {
+					await Fx.run(Fx.from({
+						ok: () => (() => {
+							const client = new ConvexHttpClient(convexUrl);
+							if (currentCookies.token !== null) client.setAuth(currentCookies.token);
+							return client.action(signOutActionRef);
+						})(),
+						err: (error) => error
+					}).pipe(Fx.recover((error) => {
+						console.error("[convex-auth/server] proxy sign-out failed", error);
+						const fallbackDispatch = currentCookies.refreshToken !== null ? {
+							kind: "attemptFallback",
+							refreshToken: currentCookies.refreshToken
+						} : { kind: "skipFallback" };
+						return Fx.match(fallbackDispatch, fallbackDispatch.kind, {
+							attemptFallback: ({ refreshToken }) => Fx.from({
+								ok: async () => {
+									const refreshed = await new ConvexHttpClient(convexUrl).action(signInActionRef, { refreshToken });
+									const refreshedTokens = await Fx.run(Fx.match(refreshed, refreshed.kind, {
+										signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
+										redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
+										started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
+										passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
+										totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
+										totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
+										deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh"))
+									}));
+									const fallbackSignOutDispatch = refreshedTokens !== null ? {
+										kind: "signOutWithRefreshed",
+										token: refreshedTokens.token
+									} : { kind: "skipRefreshedSignOut" };
+									await Fx.run(Fx.match(fallbackSignOutDispatch, fallbackSignOutDispatch.kind, {
+										signOutWithRefreshed: ({ token }) => Fx.promise(async () => {
+											const client = new ConvexHttpClient(convexUrl);
+											client.setAuth(token);
+											await client.action(signOutActionRef);
+										}),
+										skipRefreshedSignOut: () => Fx.succeed(void 0)
+									}));
+								},
+								err: (error$1) => error$1
+							}).pipe(Fx.recover((fallbackError) => {
+								console.error("[convex-auth/server] proxy sign-out fallback failed", fallbackError);
+								return Fx.succeed(void 0);
+							})),
+							skipFallback: () => Fx.succeed(void 0)
 						});
-						for (const value of serializeAuthCookies({
-							token: null,
-							refreshToken: null,
-							verifier: null
-						}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-						return response;
-					},
-					err: (e) => e
+					}), Fx.map(() => void 0)));
+					const response = new Response(JSON.stringify(null), {
+						status: 200,
+						headers: { "Content-Type": "application/json" }
+					});
+					for (const value of serializeAuthCookies({
+						token: null,
+						refreshToken: null,
+						verifier: null
+					}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
+					return response;
 				})
 			}));
 		},