@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,397 +0,0 @@
1
- import { v } from "convex/values";
2
-
3
- import { mutation, query } from "../../functions";
4
- import {
5
- vEnterpriseScimConfigDoc,
6
- vEnterpriseScimIdentityDoc,
7
- vScimResourceType,
8
- vScimStatus,
9
- } from "../../model";
10
-
11
- /**
12
- * Create or update the SCIM provisioning configuration for an enterprise.
13
- *
14
- * If a SCIM config already exists for the given enterprise, all fields are
15
- * patched in place (useful for rotating the bearer token). Otherwise a new
16
- * config document is created. Only one SCIM config is allowed per enterprise.
17
- *
18
- * @param args.enterpriseId - The ID of the enterprise to configure SCIM for.
19
- * @param args.groupId - The ID of the root group that owns the enterprise.
20
- * @param args.status - The SCIM config lifecycle status: `"draft"`, `"active"`, or `"disabled"`.
21
- * @param args.basePath - The base URL path for the SCIM endpoint (e.g. `"/scim/v2"`).
22
- * @param args.tokenHash - A hash of the bearer token used to authenticate SCIM requests.
23
- * @param args.lastRotatedAt - An optional epoch timestamp (ms) recording when the token was last rotated.
24
- * @param args.extend - An optional arbitrary extension object for custom SCIM settings.
25
- * @returns The ID of the created or updated `EnterpriseScimConfig` document.
26
- *
27
- * @example
28
- * ```ts
29
- * const configId = await ctx.runMutation(
30
- * components.auth.enterprise.enterpriseScimConfigUpsert,
31
- * {
32
- * enterpriseId,
33
- * groupId: orgGroupId,
34
- * status: "active",
35
- * basePath: "/scim/v2",
36
- * tokenHash: "sha256:abc123...",
37
- * lastRotatedAt: Date.now(),
38
- * },
39
- * );
40
- * ```
41
- */
42
- export const enterpriseScimConfigUpsert = mutation({
43
- args: {
44
- enterpriseId: v.id("Enterprise"),
45
- groupId: v.id("Group"),
46
- status: vScimStatus,
47
- basePath: v.string(),
48
- tokenHash: v.string(),
49
- lastRotatedAt: v.optional(v.number()),
50
- extend: v.optional(v.any()),
51
- },
52
- returns: v.id("EnterpriseScimConfig"),
53
- handler: async (ctx, args) => {
54
- const existing = await ctx.db
55
- .query("EnterpriseScimConfig")
56
- .withIndex("enterprise_id", (idx) =>
57
- idx.eq("enterpriseId", args.enterpriseId),
58
- )
59
- .first();
60
- if (existing) {
61
- await ctx.db.patch(existing._id, args);
62
- return existing._id;
63
- }
64
- return await ctx.db.insert("EnterpriseScimConfig", args);
65
- },
66
- });
67
-
68
- /**
69
- * Retrieve the SCIM configuration for a specific enterprise.
70
- *
71
- * Looks up the SCIM config document by enterprise ID using the
72
- * `enterprise_id` index. Returns `null` if SCIM has not been configured.
73
- *
74
- * @param args.enterpriseId - The ID of the enterprise whose SCIM config to retrieve.
75
- * @returns The SCIM configuration document, or `null` if not configured.
76
- *
77
- * @example
78
- * ```ts
79
- * const config = await ctx.runQuery(
80
- * components.auth.enterprise.enterpriseScimConfigGetByEnterprise,
81
- * { enterpriseId },
82
- * );
83
- * if (config) {
84
- * console.log(config.status, config.basePath);
85
- * }
86
- * ```
87
- */
88
- export const enterpriseScimConfigGetByEnterprise = query({
89
- args: { enterpriseId: v.id("Enterprise") },
90
- returns: v.union(vEnterpriseScimConfigDoc, v.null()),
91
- handler: async (ctx, { enterpriseId }) => {
92
- return await ctx.db
93
- .query("EnterpriseScimConfig")
94
- .withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId))
95
- .first();
96
- },
97
- });
98
-
99
- /**
100
- * Look up a SCIM configuration by its bearer token hash.
101
- *
102
- * Used during SCIM request authentication to resolve which enterprise a
103
- * given bearer token belongs to. Returns `null` if no config matches.
104
- *
105
- * @param args.tokenHash - The hash of the bearer token from the incoming SCIM request.
106
- * @returns The matching SCIM configuration document, or `null` if not found.
107
- *
108
- * @example
109
- * ```ts
110
- * const config = await ctx.runQuery(
111
- * components.auth.enterprise.enterpriseScimConfigGetByTokenHash,
112
- * { tokenHash: "sha256:abc123..." },
113
- * );
114
- * if (config) {
115
- * console.log("Authenticated enterprise:", config.enterpriseId);
116
- * }
117
- * ```
118
- */
119
- export const enterpriseScimConfigGetByTokenHash = query({
120
- args: { tokenHash: v.string() },
121
- returns: v.union(vEnterpriseScimConfigDoc, v.null()),
122
- handler: async (ctx, { tokenHash }) => {
123
- return await ctx.db
124
- .query("EnterpriseScimConfig")
125
- .withIndex("token_hash", (idx) => idx.eq("tokenHash", tokenHash))
126
- .first();
127
- },
128
- });
129
-
130
- /**
131
- * Retrieve a SCIM identity by enterprise, resource type, and external ID.
132
- *
133
- * Looks up a SCIM-provisioned identity using the composite index on
134
- * `(enterpriseId, resourceType, externalId)`. This is the primary lookup
135
- * used when processing incoming SCIM user or group operations.
136
- *
137
- * @param args.enterpriseId - The ID of the enterprise that owns the SCIM identity.
138
- * @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
139
- * @param args.externalId - The external identifier assigned by the identity provider.
140
- * @returns The SCIM identity document, or `null` if not found.
141
- *
142
- * @example
143
- * ```ts
144
- * const identity = await ctx.runQuery(
145
- * components.auth.enterprise.enterpriseScimIdentityGet,
146
- * {
147
- * enterpriseId,
148
- * resourceType: "user",
149
- * externalId: "okta-user-abc123",
150
- * },
151
- * );
152
- * ```
153
- */
154
- export const enterpriseScimIdentityGet = query({
155
- args: {
156
- enterpriseId: v.id("Enterprise"),
157
- resourceType: vScimResourceType,
158
- externalId: v.string(),
159
- },
160
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
161
- handler: async (ctx, args) => {
162
- return await ctx.db
163
- .query("EnterpriseScimIdentity")
164
- .withIndex("enterprise_id_resource_type_external_id", (idx) =>
165
- idx
166
- .eq("enterpriseId", args.enterpriseId)
167
- .eq("resourceType", args.resourceType)
168
- .eq("externalId", args.externalId),
169
- )
170
- .first();
171
- },
172
- });
173
-
174
- /**
175
- * Retrieve the SCIM identity linked to a specific user.
176
- *
177
- * Looks up the first SCIM identity document associated with the given user ID
178
- * via the `user_id` index. Useful for checking whether a user was provisioned
179
- * through SCIM.
180
- *
181
- * @param args.userId - The document ID of the user whose SCIM identity to retrieve.
182
- * @returns The SCIM identity document, or `null` if the user has no SCIM identity.
183
- *
184
- * @example
185
- * ```ts
186
- * const scimIdentity = await ctx.runQuery(
187
- * components.auth.enterprise.enterpriseScimIdentityGetByUser,
188
- * { userId },
189
- * );
190
- * if (scimIdentity) {
191
- * console.log("User provisioned via SCIM:", scimIdentity.externalId);
192
- * }
193
- * ```
194
- */
195
- export const enterpriseScimIdentityGetByUser = query({
196
- args: { userId: v.id("User") },
197
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
198
- handler: async (ctx, { userId }) => {
199
- return await ctx.db
200
- .query("EnterpriseScimIdentity")
201
- .withIndex("user_id", (idx) => idx.eq("userId", userId))
202
- .first();
203
- },
204
- });
205
-
206
- /**
207
- * Retrieve the SCIM identity for a specific user within a specific enterprise.
208
- *
209
- * Uses the composite `(enterpriseId, userId)` index to find the SCIM identity
210
- * that links a user to a particular enterprise. This is useful when a user may
211
- * belong to multiple enterprises.
212
- *
213
- * @param args.enterpriseId - The ID of the enterprise to scope the lookup to.
214
- * @param args.userId - The document ID of the user.
215
- * @returns The SCIM identity document, or `null` if not found.
216
- *
217
- * @example
218
- * ```ts
219
- * const identity = await ctx.runQuery(
220
- * components.auth.enterprise.enterpriseScimIdentityGetByEnterpriseAndUser,
221
- * { enterpriseId, userId },
222
- * );
223
- * ```
224
- */
225
- export const enterpriseScimIdentityGetByEnterpriseAndUser = query({
226
- args: {
227
- enterpriseId: v.id("Enterprise"),
228
- userId: v.id("User"),
229
- },
230
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
231
- handler: async (ctx, { enterpriseId, userId }) => {
232
- return await ctx.db
233
- .query("EnterpriseScimIdentity")
234
- .withIndex("enterprise_id_user_id", (idx) =>
235
- idx.eq("enterpriseId", enterpriseId).eq("userId", userId),
236
- )
237
- .first();
238
- },
239
- });
240
-
241
- /**
242
- * Retrieve the SCIM identity that is mapped to a specific group.
243
- *
244
- * Looks up a SCIM identity by its `mappedGroupId` field. This is used when
245
- * a SCIM group resource has been mapped to an internal group, and you need
246
- * to find the corresponding SCIM identity record.
247
- *
248
- * @param args.mappedGroupId - The document ID of the internal group that a SCIM group is mapped to.
249
- * @returns The SCIM identity document, or `null` if no mapping exists.
250
- *
251
- * @example
252
- * ```ts
253
- * const scimGroup = await ctx.runQuery(
254
- * components.auth.enterprise.enterpriseScimIdentityGetByMappedGroup,
255
- * { mappedGroupId: teamGroupId },
256
- * );
257
- * if (scimGroup) {
258
- * console.log("SCIM external group ID:", scimGroup.externalId);
259
- * }
260
- * ```
261
- */
262
- export const enterpriseScimIdentityGetByMappedGroup = query({
263
- args: { mappedGroupId: v.id("Group") },
264
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
265
- handler: async (ctx, { mappedGroupId }) => {
266
- return await ctx.db
267
- .query("EnterpriseScimIdentity")
268
- .withIndex("mapped_group_id", (idx) =>
269
- idx.eq("mappedGroupId", mappedGroupId),
270
- )
271
- .first();
272
- },
273
- });
274
-
275
- /**
276
- * List all SCIM identities belonging to a specific enterprise.
277
- *
278
- * Returns all `EnterpriseScimIdentity` documents for the given enterprise,
279
- * including both user and group resource types. Useful for displaying all
280
- * SCIM-provisioned resources or for bulk operations.
281
- *
282
- * @param args.enterpriseId - The ID of the enterprise whose SCIM identities to list.
283
- * @returns An array of SCIM identity documents.
284
- *
285
- * @example
286
- * ```ts
287
- * const identities = await ctx.runQuery(
288
- * components.auth.enterprise.enterpriseScimIdentityListByEnterprise,
289
- * { enterpriseId },
290
- * );
291
- * const users = identities.filter((i) => i.resourceType === "user");
292
- * const groups = identities.filter((i) => i.resourceType === "group");
293
- * ```
294
- */
295
- export const enterpriseScimIdentityListByEnterprise = query({
296
- args: { enterpriseId: v.id("Enterprise") },
297
- returns: v.array(vEnterpriseScimIdentityDoc),
298
- handler: async (ctx, { enterpriseId }) => {
299
- return await ctx.db
300
- .query("EnterpriseScimIdentity")
301
- .withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId))
302
- .collect();
303
- },
304
- });
305
-
306
- /**
307
- * Create or update a SCIM-provisioned identity record.
308
- *
309
- * If a SCIM identity with the same `(enterpriseId, resourceType, externalId)`
310
- * already exists, its fields are patched in place. Otherwise a new record is
311
- * created. This is the core upsert used by the SCIM provisioning handler to
312
- * sync users and groups from external identity providers.
313
- *
314
- * @param args.enterpriseId - The ID of the enterprise the identity belongs to.
315
- * @param args.groupId - The ID of the root group that owns the enterprise.
316
- * @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
317
- * @param args.externalId - The external identifier assigned by the identity provider.
318
- * @param args.userId - An optional link to the internal user document (for user resources).
319
- * @param args.mappedGroupId - An optional link to an internal group document (for group resources).
320
- * @param args.lastProvisionedAt - An optional epoch timestamp (ms) of the last sync.
321
- * @param args.active - An optional flag indicating whether the identity is active.
322
- * @param args.raw - An optional raw SCIM payload stored for debugging or re-processing.
323
- * @returns The ID of the created or updated `EnterpriseScimIdentity` document.
324
- *
325
- * @example
326
- * ```ts
327
- * const identityId = await ctx.runMutation(
328
- * components.auth.enterprise.enterpriseScimIdentityUpsert,
329
- * {
330
- * enterpriseId,
331
- * groupId: orgGroupId,
332
- * resourceType: "user",
333
- * externalId: "okta-user-abc123",
334
- * userId,
335
- * active: true,
336
- * lastProvisionedAt: Date.now(),
337
- * raw: { schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"], userName: "jane@acme.com" },
338
- * },
339
- * );
340
- * ```
341
- */
342
- export const enterpriseScimIdentityUpsert = mutation({
343
- args: {
344
- enterpriseId: v.id("Enterprise"),
345
- groupId: v.id("Group"),
346
- resourceType: vScimResourceType,
347
- externalId: v.string(),
348
- userId: v.optional(v.id("User")),
349
- mappedGroupId: v.optional(v.id("Group")),
350
- lastProvisionedAt: v.optional(v.number()),
351
- active: v.optional(v.boolean()),
352
- raw: v.optional(v.any()),
353
- },
354
- returns: v.id("EnterpriseScimIdentity"),
355
- handler: async (ctx, args) => {
356
- const existing = await ctx.db
357
- .query("EnterpriseScimIdentity")
358
- .withIndex("enterprise_id_resource_type_external_id", (idx) =>
359
- idx
360
- .eq("enterpriseId", args.enterpriseId)
361
- .eq("resourceType", args.resourceType)
362
- .eq("externalId", args.externalId),
363
- )
364
- .first();
365
- if (existing) {
366
- await ctx.db.patch(existing._id, args);
367
- return existing._id;
368
- }
369
- return await ctx.db.insert("EnterpriseScimIdentity", args);
370
- },
371
- });
372
-
373
- /**
374
- * Permanently delete a SCIM identity record.
375
- *
376
- * Removes the `EnterpriseScimIdentity` document. This is typically called
377
- * when a SCIM DELETE request is received for a user or group resource.
378
- *
379
- * @param args.identityId - The document ID of the SCIM identity to delete.
380
- * @returns `null` on success.
381
- *
382
- * @example
383
- * ```ts
384
- * await ctx.runMutation(
385
- * components.auth.enterprise.enterpriseScimIdentityDelete,
386
- * { identityId: scimIdentity._id },
387
- * );
388
- * ```
389
- */
390
- export const enterpriseScimIdentityDelete = mutation({
391
- args: { identityId: v.id("EnterpriseScimIdentity") },
392
- returns: v.null(),
393
- handler: async (ctx, { identityId }) => {
394
- await ctx.db.delete(identityId);
395
- return null;
396
- },
397
- });
@@ -1,133 +0,0 @@
1
- import { v } from "convex/values";
2
-
3
- import { mutation, query } from "../../functions";
4
- import { vEnterpriseSecretDoc, vEnterpriseSecretKind } from "../../model";
5
-
6
- /**
7
- * Create or update an encrypted secret for an enterprise.
8
- *
9
- * Stores a secret identified by the combination of `(enterpriseId, kind)`.
10
- * If a secret of the same kind already exists for the enterprise, it is
11
- * updated with the new ciphertext and timestamp. Otherwise a new secret
12
- * document is created. Only one secret per kind is allowed per enterprise.
13
- *
14
- * @param args.enterpriseId - The ID of the enterprise the secret belongs to.
15
- * @param args.groupId - The ID of the root group that owns the enterprise.
16
- * @param args.kind - The type of secret being stored (e.g. `"oidc_client_secret"`).
17
- * @param args.ciphertext - The encrypted secret value.
18
- * @param args.updatedAt - Epoch timestamp (ms) when the secret was last updated.
19
- * @returns The ID of the created or updated `EnterpriseSecret` document.
20
- *
21
- * @example
22
- * ```ts
23
- * const secretId = await ctx.runMutation(
24
- * components.auth.enterprise.enterpriseSecretUpsert,
25
- * {
26
- * enterpriseId,
27
- * groupId: orgGroupId,
28
- * kind: "oidc_client_secret",
29
- * ciphertext: "encrypted:aes256:...",
30
- * updatedAt: Date.now(),
31
- * },
32
- * );
33
- * ```
34
- */
35
- export const enterpriseSecretUpsert = mutation({
36
- args: {
37
- enterpriseId: v.id("Enterprise"),
38
- groupId: v.id("Group"),
39
- kind: vEnterpriseSecretKind,
40
- ciphertext: v.string(),
41
- updatedAt: v.number(),
42
- },
43
- returns: v.id("EnterpriseSecret"),
44
- handler: async (ctx, args) => {
45
- const existing = await ctx.db
46
- .query("EnterpriseSecret")
47
- .withIndex("enterprise_id_kind", (idx) =>
48
- idx.eq("enterpriseId", args.enterpriseId).eq("kind", args.kind),
49
- )
50
- .first();
51
- if (existing) {
52
- await ctx.db.patch(existing._id, args);
53
- return existing._id;
54
- }
55
- return await ctx.db.insert("EnterpriseSecret", args);
56
- },
57
- });
58
-
59
- /**
60
- * Retrieve an encrypted secret for an enterprise by kind.
61
- *
62
- * Looks up the secret using the composite `(enterpriseId, kind)` index.
63
- * Returns the full document including the ciphertext, or `null` if no secret
64
- * of that kind has been stored for the enterprise.
65
- *
66
- * @param args.enterpriseId - The ID of the enterprise whose secret to retrieve.
67
- * @param args.kind - The type of secret to look up (e.g. `"oidc_client_secret"`).
68
- * @returns The enterprise secret document, or `null` if not found.
69
- *
70
- * @example
71
- * ```ts
72
- * const secret = await ctx.runQuery(
73
- * components.auth.enterprise.enterpriseSecretGet,
74
- * { enterpriseId, kind: "oidc_client_secret" },
75
- * );
76
- * if (secret) {
77
- * const plaintext = decrypt(secret.ciphertext);
78
- * }
79
- * ```
80
- */
81
- export const enterpriseSecretGet = query({
82
- args: {
83
- enterpriseId: v.id("Enterprise"),
84
- kind: vEnterpriseSecretKind,
85
- },
86
- returns: v.union(vEnterpriseSecretDoc, v.null()),
87
- handler: async (ctx, { enterpriseId, kind }) => {
88
- return await ctx.db
89
- .query("EnterpriseSecret")
90
- .withIndex("enterprise_id_kind", (idx) =>
91
- idx.eq("enterpriseId", enterpriseId).eq("kind", kind),
92
- )
93
- .first();
94
- },
95
- });
96
-
97
- /**
98
- * Delete an encrypted secret for an enterprise by kind.
99
- *
100
- * Removes the secret document matching the `(enterpriseId, kind)` pair.
101
- * If no such secret exists, this is a no-op.
102
- *
103
- * @param args.enterpriseId - The ID of the enterprise whose secret to delete.
104
- * @param args.kind - The type of secret to remove (e.g. `"oidc_client_secret"`).
105
- * @returns `null` on success.
106
- *
107
- * @example
108
- * ```ts
109
- * await ctx.runMutation(
110
- * components.auth.enterprise.enterpriseSecretDelete,
111
- * { enterpriseId, kind: "oidc_client_secret" },
112
- * );
113
- * ```
114
- */
115
- export const enterpriseSecretDelete = mutation({
116
- args: {
117
- enterpriseId: v.id("Enterprise"),
118
- kind: vEnterpriseSecretKind,
119
- },
120
- returns: v.null(),
121
- handler: async (ctx, { enterpriseId, kind }) => {
122
- const existing = await ctx.db
123
- .query("EnterpriseSecret")
124
- .withIndex("enterprise_id_kind", (idx) =>
125
- idx.eq("enterpriseId", enterpriseId).eq("kind", kind),
126
- )
127
- .first();
128
- if (existing) {
129
- await ctx.db.delete(existing._id);
130
- }
131
- return null;
132
- },
133
- });