@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,30 +1,30 @@
1
+ import { vGroupConnectionScimConfigDoc, vGroupConnectionScimIdentityDoc, vScimResourceType, vScimStatus } from "../../model.js";
1
2
  import { mutation, query } from "../../functions.js";
2
- import { vEnterpriseScimConfigDoc, vEnterpriseScimIdentityDoc, vScimResourceType, vScimStatus } from "../../model.js";
3
3
  import { v } from "convex/values";
4
4
 
5
- //#region src/component/public/enterprise/scim.ts
5
+ //#region src/component/public/sso/scim.ts
6
6
  /**
7
- * Create or update the SCIM provisioning configuration for an enterprise.
7
+ * Create or update the SCIM provisioning configuration for an group.sso.
8
8
  *
9
- * If a SCIM config already exists for the given enterprise, all fields are
9
+ * If a SCIM config already exists for the given group connection, all fields are
10
10
  * patched in place (useful for rotating the bearer token). Otherwise a new
11
- * config document is created. Only one SCIM config is allowed per enterprise.
11
+ * config document is created. Only one SCIM config is allowed per group.sso.
12
12
  *
13
- * @param args.enterpriseId - The ID of the enterprise to configure SCIM for.
14
- * @param args.groupId - The ID of the root group that owns the enterprise.
13
+ * @param args.connectionId - The ID of the group connection to configure SCIM for.
14
+ * @param args.groupId - The ID of the root group that owns the group.sso.
15
15
  * @param args.status - The SCIM config lifecycle status: `"draft"`, `"active"`, or `"disabled"`.
16
16
  * @param args.basePath - The base URL path for the SCIM endpoint (e.g. `"/scim/v2"`).
17
17
  * @param args.tokenHash - A hash of the bearer token used to authenticate SCIM requests.
18
18
  * @param args.lastRotatedAt - An optional epoch timestamp (ms) recording when the token was last rotated.
19
19
  * @param args.extend - An optional arbitrary extension object for custom SCIM settings.
20
- * @returns The ID of the created or updated `EnterpriseScimConfig` document.
20
+ * @returns The ID of the created or updated `GroupConnectionScimConfig` document.
21
21
  *
22
22
  * @example
23
23
  * ```ts
24
24
  * const configId = await ctx.runMutation(
25
- * components.auth.enterprise.enterpriseScimConfigUpsert,
25
+ * components.auth.group.sso.groupConnectionScimConfigUpsert,
26
26
  * {
27
- * enterpriseId,
27
+ * connectionId,
28
28
  * groupId: orgGroupId,
29
29
  * status: "active",
30
30
  * basePath: "/scim/v2",
@@ -34,9 +34,9 @@ import { v } from "convex/values";
34
34
  * );
35
35
  * ```
36
36
  */
37
- const enterpriseScimConfigUpsert = mutation({
37
+ const groupConnectionScimConfigUpsert = mutation({
38
38
  args: {
39
- enterpriseId: v.id("Enterprise"),
39
+ connectionId: v.id("GroupConnection"),
40
40
  groupId: v.id("Group"),
41
41
  status: vScimStatus,
42
42
  basePath: v.string(),
@@ -44,47 +44,47 @@ const enterpriseScimConfigUpsert = mutation({
44
44
  lastRotatedAt: v.optional(v.number()),
45
45
  extend: v.optional(v.any())
46
46
  },
47
- returns: v.id("EnterpriseScimConfig"),
47
+ returns: v.id("GroupConnectionScimConfig"),
48
48
  handler: async (ctx, args) => {
49
- const existing = await ctx.db.query("EnterpriseScimConfig").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", args.enterpriseId)).first();
49
+ const existing = await ctx.db.query("GroupConnectionScimConfig").withIndex("group_connection_id", (idx) => idx.eq("connectionId", args.connectionId)).first();
50
50
  if (existing) {
51
51
  await ctx.db.patch(existing._id, args);
52
52
  return existing._id;
53
53
  }
54
- return await ctx.db.insert("EnterpriseScimConfig", args);
54
+ return await ctx.db.insert("GroupConnectionScimConfig", args);
55
55
  }
56
56
  });
57
57
  /**
58
- * Retrieve the SCIM configuration for a specific enterprise.
58
+ * Retrieve the SCIM configuration for a specific group.sso.
59
59
  *
60
- * Looks up the SCIM config document by enterprise ID using the
61
- * `enterprise_id` index. Returns `null` if SCIM has not been configured.
60
+ * Looks up the SCIM config document by group connection ID using the
61
+ * `group_connection_id` index. Returns `null` if SCIM has not been configured.
62
62
  *
63
- * @param args.enterpriseId - The ID of the enterprise whose SCIM config to retrieve.
63
+ * @param args.connectionId - The ID of the group connection whose SCIM config to retrieve.
64
64
  * @returns The SCIM configuration document, or `null` if not configured.
65
65
  *
66
66
  * @example
67
67
  * ```ts
68
68
  * const config = await ctx.runQuery(
69
- * components.auth.enterprise.enterpriseScimConfigGetByEnterprise,
70
- * { enterpriseId },
69
+ * components.auth.public.groupConnectionScimConfigGetByGroupConnection,
70
+ * { connectionId },
71
71
  * );
72
72
  * if (config) {
73
73
  * console.log(config.status, config.basePath);
74
74
  * }
75
75
  * ```
76
76
  */
77
- const enterpriseScimConfigGetByEnterprise = query({
78
- args: { enterpriseId: v.id("Enterprise") },
79
- returns: v.union(vEnterpriseScimConfigDoc, v.null()),
80
- handler: async (ctx, { enterpriseId }) => {
81
- return await ctx.db.query("EnterpriseScimConfig").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).first();
77
+ const groupConnectionScimConfigGetByGroupConnection = query({
78
+ args: { connectionId: v.id("GroupConnection") },
79
+ returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
80
+ handler: async (ctx, { connectionId }) => {
81
+ return await ctx.db.query("GroupConnectionScimConfig").withIndex("group_connection_id", (idx) => idx.eq("connectionId", connectionId)).first();
82
82
  }
83
83
  });
84
84
  /**
85
85
  * Look up a SCIM configuration by its bearer token hash.
86
86
  *
87
- * Used during SCIM request authentication to resolve which enterprise a
87
+ * Used during SCIM request authentication to resolve which group connection a
88
88
  * given bearer token belongs to. Returns `null` if no config matches.
89
89
  *
90
90
  * @param args.tokenHash - The hash of the bearer token from the incoming SCIM request.
@@ -93,29 +93,29 @@ const enterpriseScimConfigGetByEnterprise = query({
93
93
  * @example
94
94
  * ```ts
95
95
  * const config = await ctx.runQuery(
96
- * components.auth.enterprise.enterpriseScimConfigGetByTokenHash,
96
+ * components.auth.group.sso.groupConnectionScimConfigGetByTokenHash,
97
97
  * { tokenHash: "sha256:abc123..." },
98
98
  * );
99
99
  * if (config) {
100
- * console.log("Authenticated enterprise:", config.enterpriseId);
100
+ * console.log("Authenticated group:", config.connectionId);
101
101
  * }
102
102
  * ```
103
103
  */
104
- const enterpriseScimConfigGetByTokenHash = query({
104
+ const groupConnectionScimConfigGetByTokenHash = query({
105
105
  args: { tokenHash: v.string() },
106
- returns: v.union(vEnterpriseScimConfigDoc, v.null()),
106
+ returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
107
107
  handler: async (ctx, { tokenHash }) => {
108
- return await ctx.db.query("EnterpriseScimConfig").withIndex("token_hash", (idx) => idx.eq("tokenHash", tokenHash)).first();
108
+ return await ctx.db.query("GroupConnectionScimConfig").withIndex("token_hash", (idx) => idx.eq("tokenHash", tokenHash)).first();
109
109
  }
110
110
  });
111
111
  /**
112
- * Retrieve a SCIM identity by enterprise, resource type, and external ID.
112
+ * Retrieve a SCIM identity by group connection, resource type, and external ID.
113
113
  *
114
114
  * Looks up a SCIM-provisioned identity using the composite index on
115
- * `(enterpriseId, resourceType, externalId)`. This is the primary lookup
115
+ * `(connectionId, resourceType, externalId)`. This is the primary lookup
116
116
  * used when processing incoming SCIM user or group operations.
117
117
  *
118
- * @param args.enterpriseId - The ID of the enterprise that owns the SCIM identity.
118
+ * @param args.connectionId - The ID of the group connection that owns the SCIM identity.
119
119
  * @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
120
120
  * @param args.externalId - The external identifier assigned by the identity provider.
121
121
  * @returns The SCIM identity document, or `null` if not found.
@@ -123,24 +123,24 @@ const enterpriseScimConfigGetByTokenHash = query({
123
123
  * @example
124
124
  * ```ts
125
125
  * const identity = await ctx.runQuery(
126
- * components.auth.enterprise.enterpriseScimIdentityGet,
126
+ * components.auth.group.sso.groupConnectionScimIdentityGet,
127
127
  * {
128
- * enterpriseId,
128
+ * connectionId,
129
129
  * resourceType: "user",
130
130
  * externalId: "okta-user-abc123",
131
131
  * },
132
132
  * );
133
133
  * ```
134
134
  */
135
- const enterpriseScimIdentityGet = query({
135
+ const groupConnectionScimIdentityGet = query({
136
136
  args: {
137
- enterpriseId: v.id("Enterprise"),
137
+ connectionId: v.id("GroupConnection"),
138
138
  resourceType: vScimResourceType,
139
139
  externalId: v.string()
140
140
  },
141
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
141
+ returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
142
142
  handler: async (ctx, args) => {
143
- return await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id_resource_type_external_id", (idx) => idx.eq("enterpriseId", args.enterpriseId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
143
+ return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_resource_type_external_id", (idx) => idx.eq("connectionId", args.connectionId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
144
144
  }
145
145
  });
146
146
  /**
@@ -156,7 +156,7 @@ const enterpriseScimIdentityGet = query({
156
156
  * @example
157
157
  * ```ts
158
158
  * const scimIdentity = await ctx.runQuery(
159
- * components.auth.enterprise.enterpriseScimIdentityGetByUser,
159
+ * components.auth.group.sso.groupConnectionScimIdentityGetByUser,
160
160
  * { userId },
161
161
  * );
162
162
  * if (scimIdentity) {
@@ -164,40 +164,40 @@ const enterpriseScimIdentityGet = query({
164
164
  * }
165
165
  * ```
166
166
  */
167
- const enterpriseScimIdentityGetByUser = query({
167
+ const groupConnectionScimIdentityGetByUser = query({
168
168
  args: { userId: v.id("User") },
169
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
169
+ returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
170
170
  handler: async (ctx, { userId }) => {
171
- return await ctx.db.query("EnterpriseScimIdentity").withIndex("user_id", (idx) => idx.eq("userId", userId)).first();
171
+ return await ctx.db.query("GroupConnectionScimIdentity").withIndex("user_id", (idx) => idx.eq("userId", userId)).first();
172
172
  }
173
173
  });
174
174
  /**
175
- * Retrieve the SCIM identity for a specific user within a specific enterprise.
175
+ * Retrieve the SCIM identity for a specific user within a specific group.sso.
176
176
  *
177
- * Uses the composite `(enterpriseId, userId)` index to find the SCIM identity
178
- * that links a user to a particular enterprise. This is useful when a user may
179
- * belong to multiple enterprises.
177
+ * Uses the composite `(connectionId, userId)` index to find the SCIM identity
178
+ * that links a user to a particular group.sso. This is useful when a user may
179
+ * belong to multiple group connections.
180
180
  *
181
- * @param args.enterpriseId - The ID of the enterprise to scope the lookup to.
181
+ * @param args.connectionId - The ID of the group connection to scope the lookup to.
182
182
  * @param args.userId - The document ID of the user.
183
183
  * @returns The SCIM identity document, or `null` if not found.
184
184
  *
185
185
  * @example
186
186
  * ```ts
187
187
  * const identity = await ctx.runQuery(
188
- * components.auth.enterprise.enterpriseScimIdentityGetByEnterpriseAndUser,
189
- * { enterpriseId, userId },
188
+ * components.auth.public.groupConnectionScimIdentityGetByGroupConnectionAndUser,
189
+ * { connectionId, userId },
190
190
  * );
191
191
  * ```
192
192
  */
193
- const enterpriseScimIdentityGetByEnterpriseAndUser = query({
193
+ const groupConnectionScimIdentityGetByGroupConnectionAndUser = query({
194
194
  args: {
195
- enterpriseId: v.id("Enterprise"),
195
+ connectionId: v.id("GroupConnection"),
196
196
  userId: v.id("User")
197
197
  },
198
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
199
- handler: async (ctx, { enterpriseId, userId }) => {
200
- return await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id_user_id", (idx) => idx.eq("enterpriseId", enterpriseId).eq("userId", userId)).first();
198
+ returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
199
+ handler: async (ctx, { connectionId, userId }) => {
200
+ return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_user_id", (idx) => idx.eq("connectionId", connectionId).eq("userId", userId)).first();
201
201
  }
202
202
  });
203
203
  /**
@@ -213,7 +213,7 @@ const enterpriseScimIdentityGetByEnterpriseAndUser = query({
213
213
  * @example
214
214
  * ```ts
215
215
  * const scimGroup = await ctx.runQuery(
216
- * components.auth.enterprise.enterpriseScimIdentityGetByMappedGroup,
216
+ * components.auth.public.groupConnectionScimIdentityGetByMappedGroup,
217
217
  * { mappedGroupId: teamGroupId },
218
218
  * );
219
219
  * if (scimGroup) {
@@ -221,50 +221,50 @@ const enterpriseScimIdentityGetByEnterpriseAndUser = query({
221
221
  * }
222
222
  * ```
223
223
  */
224
- const enterpriseScimIdentityGetByMappedGroup = query({
224
+ const groupConnectionScimIdentityGetByMappedGroup = query({
225
225
  args: { mappedGroupId: v.id("Group") },
226
- returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
226
+ returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
227
227
  handler: async (ctx, { mappedGroupId }) => {
228
- return await ctx.db.query("EnterpriseScimIdentity").withIndex("mapped_group_id", (idx) => idx.eq("mappedGroupId", mappedGroupId)).first();
228
+ return await ctx.db.query("GroupConnectionScimIdentity").withIndex("mapped_group_id", (idx) => idx.eq("mappedGroupId", mappedGroupId)).first();
229
229
  }
230
230
  });
231
231
  /**
232
- * List all SCIM identities belonging to a specific enterprise.
232
+ * List all SCIM identities belonging to a specific group.sso.
233
233
  *
234
- * Returns all `EnterpriseScimIdentity` documents for the given enterprise,
234
+ * Returns all `GroupConnectionScimIdentity` documents for the given group connection,
235
235
  * including both user and group resource types. Useful for displaying all
236
236
  * SCIM-provisioned resources or for bulk operations.
237
237
  *
238
- * @param args.enterpriseId - The ID of the enterprise whose SCIM identities to list.
238
+ * @param args.connectionId - The ID of the group connection whose SCIM identities to list.
239
239
  * @returns An array of SCIM identity documents.
240
240
  *
241
241
  * @example
242
242
  * ```ts
243
243
  * const identities = await ctx.runQuery(
244
- * components.auth.enterprise.enterpriseScimIdentityListByEnterprise,
245
- * { enterpriseId },
244
+ * components.auth.public.groupConnectionScimIdentityListByGroupConnection,
245
+ * { connectionId },
246
246
  * );
247
247
  * const users = identities.filter((i) => i.resourceType === "user");
248
248
  * const groups = identities.filter((i) => i.resourceType === "group");
249
249
  * ```
250
250
  */
251
- const enterpriseScimIdentityListByEnterprise = query({
252
- args: { enterpriseId: v.id("Enterprise") },
253
- returns: v.array(vEnterpriseScimIdentityDoc),
254
- handler: async (ctx, { enterpriseId }) => {
255
- return await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).collect();
251
+ const groupConnectionScimIdentityListByGroupConnection = query({
252
+ args: { connectionId: v.id("GroupConnection") },
253
+ returns: v.array(vGroupConnectionScimIdentityDoc),
254
+ handler: async (ctx, { connectionId }) => {
255
+ return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id", (idx) => idx.eq("connectionId", connectionId)).collect();
256
256
  }
257
257
  });
258
258
  /**
259
259
  * Create or update a SCIM-provisioned identity record.
260
260
  *
261
- * If a SCIM identity with the same `(enterpriseId, resourceType, externalId)`
261
+ * If a SCIM identity with the same `(connectionId, resourceType, externalId)`
262
262
  * already exists, its fields are patched in place. Otherwise a new record is
263
263
  * created. This is the core upsert used by the SCIM provisioning handler to
264
264
  * sync users and groups from external identity providers.
265
265
  *
266
- * @param args.enterpriseId - The ID of the enterprise the identity belongs to.
267
- * @param args.groupId - The ID of the root group that owns the enterprise.
266
+ * @param args.connectionId - The ID of the group connection the identity belongs to.
267
+ * @param args.groupId - The ID of the root group that owns the group.sso.
268
268
  * @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
269
269
  * @param args.externalId - The external identifier assigned by the identity provider.
270
270
  * @param args.userId - An optional link to the internal user document (for user resources).
@@ -272,14 +272,14 @@ const enterpriseScimIdentityListByEnterprise = query({
272
272
  * @param args.lastProvisionedAt - An optional epoch timestamp (ms) of the last sync.
273
273
  * @param args.active - An optional flag indicating whether the identity is active.
274
274
  * @param args.raw - An optional raw SCIM payload stored for debugging or re-processing.
275
- * @returns The ID of the created or updated `EnterpriseScimIdentity` document.
275
+ * @returns The ID of the created or updated `GroupConnectionScimIdentity` document.
276
276
  *
277
277
  * @example
278
278
  * ```ts
279
279
  * const identityId = await ctx.runMutation(
280
- * components.auth.enterprise.enterpriseScimIdentityUpsert,
280
+ * components.auth.group.sso.groupConnectionScimIdentityUpsert,
281
281
  * {
282
- * enterpriseId,
282
+ * connectionId,
283
283
  * groupId: orgGroupId,
284
284
  * resourceType: "user",
285
285
  * externalId: "okta-user-abc123",
@@ -291,9 +291,9 @@ const enterpriseScimIdentityListByEnterprise = query({
291
291
  * );
292
292
  * ```
293
293
  */
294
- const enterpriseScimIdentityUpsert = mutation({
294
+ const groupConnectionScimIdentityUpsert = mutation({
295
295
  args: {
296
- enterpriseId: v.id("Enterprise"),
296
+ connectionId: v.id("GroupConnection"),
297
297
  groupId: v.id("Group"),
298
298
  resourceType: vScimResourceType,
299
299
  externalId: v.string(),
@@ -303,20 +303,20 @@ const enterpriseScimIdentityUpsert = mutation({
303
303
  active: v.optional(v.boolean()),
304
304
  raw: v.optional(v.any())
305
305
  },
306
- returns: v.id("EnterpriseScimIdentity"),
306
+ returns: v.id("GroupConnectionScimIdentity"),
307
307
  handler: async (ctx, args) => {
308
- const existing = await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id_resource_type_external_id", (idx) => idx.eq("enterpriseId", args.enterpriseId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
308
+ const existing = await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_resource_type_external_id", (idx) => idx.eq("connectionId", args.connectionId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
309
309
  if (existing) {
310
310
  await ctx.db.patch(existing._id, args);
311
311
  return existing._id;
312
312
  }
313
- return await ctx.db.insert("EnterpriseScimIdentity", args);
313
+ return await ctx.db.insert("GroupConnectionScimIdentity", args);
314
314
  }
315
315
  });
316
316
  /**
317
317
  * Permanently delete a SCIM identity record.
318
318
  *
319
- * Removes the `EnterpriseScimIdentity` document. This is typically called
319
+ * Removes the `GroupConnectionScimIdentity` document. This is typically called
320
320
  * when a SCIM DELETE request is received for a user or group resource.
321
321
  *
322
322
  * @param args.identityId - The document ID of the SCIM identity to delete.
@@ -325,13 +325,13 @@ const enterpriseScimIdentityUpsert = mutation({
325
325
  * @example
326
326
  * ```ts
327
327
  * await ctx.runMutation(
328
- * components.auth.enterprise.enterpriseScimIdentityDelete,
328
+ * components.auth.group.sso.groupConnectionScimIdentityDelete,
329
329
  * { identityId: scimIdentity._id },
330
330
  * );
331
331
  * ```
332
332
  */
333
- const enterpriseScimIdentityDelete = mutation({
334
- args: { identityId: v.id("EnterpriseScimIdentity") },
333
+ const groupConnectionScimIdentityDelete = mutation({
334
+ args: { identityId: v.id("GroupConnectionScimIdentity") },
335
335
  returns: v.null(),
336
336
  handler: async (ctx, { identityId }) => {
337
337
  await ctx.db.delete(identityId);
@@ -340,5 +340,5 @@ const enterpriseScimIdentityDelete = mutation({
340
340
  });
341
341
 
342
342
  //#endregion
343
- export { enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert };
343
+ export { groupConnectionScimConfigGetByGroupConnection, groupConnectionScimConfigGetByTokenHash, groupConnectionScimConfigUpsert, groupConnectionScimIdentityDelete, groupConnectionScimIdentityGet, groupConnectionScimIdentityGetByGroupConnectionAndUser, groupConnectionScimIdentityGetByMappedGroup, groupConnectionScimIdentityGetByUser, groupConnectionScimIdentityListByGroupConnection, groupConnectionScimIdentityUpsert };
344
344
  //# sourceMappingURL=scim.js.map
@@ -0,0 +1,125 @@
1
+ import { vGroupConnectionSecretDoc, vGroupConnectionSecretKind } from "../../model.js";
2
+ import { mutation, query } from "../../functions.js";
3
+ import { v } from "convex/values";
4
+
5
+ //#region src/component/public/sso/secrets.ts
6
+ /**
7
+ * Create or update an encrypted secret for an connection.
8
+ *
9
+ * Stores a secret identified by the combination of `(connectionId, kind)`.
10
+ * If a secret of the same kind already exists for the connection, it is
11
+ * updated with the new ciphertext and timestamp. Otherwise a new secret
12
+ * document is created. Only one secret per kind is allowed per connection.
13
+ *
14
+ * @param args.connectionId - The ID of the connection the secret belongs to.
15
+ * @param args.groupId - The ID of the root group that owns the connection.
16
+ * @param args.kind - The type of secret being stored (e.g. `"oidc_client_secret"`).
17
+ * @param args.ciphertext - The encrypted secret value.
18
+ * @param args.updatedAt - Epoch timestamp (ms) when the secret was last updated.
19
+ * @returns The ID of the created or updated `GroupConnectionSecret` document.
20
+ *
21
+ * @example
22
+ * ```ts
23
+ * const secretId = await ctx.runMutation(
24
+ * components.auth.connection.groupConnectionSecretUpsert,
25
+ * {
26
+ * connectionId,
27
+ * groupId: orgGroupId,
28
+ * kind: "oidc_client_secret",
29
+ * ciphertext: "encrypted:aes256:...",
30
+ * updatedAt: Date.now(),
31
+ * },
32
+ * );
33
+ * ```
34
+ */
35
+ const groupConnectionSecretUpsert = mutation({
36
+ args: {
37
+ connectionId: v.id("GroupConnection"),
38
+ groupId: v.id("Group"),
39
+ kind: vGroupConnectionSecretKind,
40
+ ciphertext: v.string(),
41
+ updatedAt: v.number()
42
+ },
43
+ returns: v.id("GroupConnectionSecret"),
44
+ handler: async (ctx, args) => {
45
+ const { connectionId, ...rest } = args;
46
+ const existing = await ctx.db.query("GroupConnectionSecret").withIndex("connection_id_kind", (idx) => idx.eq("connectionId", connectionId).eq("kind", args.kind)).first();
47
+ if (existing) {
48
+ await ctx.db.patch(existing._id, {
49
+ connectionId,
50
+ ...rest
51
+ });
52
+ return existing._id;
53
+ }
54
+ return await ctx.db.insert("GroupConnectionSecret", {
55
+ connectionId,
56
+ ...rest
57
+ });
58
+ }
59
+ });
60
+ /**
61
+ * Retrieve an encrypted secret for an connection by kind.
62
+ *
63
+ * Looks up the secret using the composite `(connectionId, kind)` index.
64
+ * Returns the full document including the ciphertext, or `null` if no secret
65
+ * of that kind has been stored for the connection.
66
+ *
67
+ * @param args.connectionId - The ID of the connection whose secret to retrieve.
68
+ * @param args.kind - The type of secret to look up (e.g. `"oidc_client_secret"`).
69
+ * @returns The connection secret document, or `null` if not found.
70
+ *
71
+ * @example
72
+ * ```ts
73
+ * const secret = await ctx.runQuery(
74
+ * components.auth.connection.groupConnectionSecretGet,
75
+ * { connectionId, kind: "oidc_client_secret" },
76
+ * );
77
+ * if (secret) {
78
+ * const plaintext = decrypt(secret.ciphertext);
79
+ * }
80
+ * ```
81
+ */
82
+ const groupConnectionSecretGet = query({
83
+ args: {
84
+ connectionId: v.id("GroupConnection"),
85
+ kind: vGroupConnectionSecretKind
86
+ },
87
+ returns: v.union(vGroupConnectionSecretDoc, v.null()),
88
+ handler: async (ctx, { connectionId, kind }) => {
89
+ return await ctx.db.query("GroupConnectionSecret").withIndex("connection_id_kind", (idx) => idx.eq("connectionId", connectionId).eq("kind", kind)).first();
90
+ }
91
+ });
92
+ /**
93
+ * Delete an encrypted secret for an connection by kind.
94
+ *
95
+ * Removes the secret document matching the `(connectionId, kind)` pair.
96
+ * If no such secret exists, this is a no-op.
97
+ *
98
+ * @param args.connectionId - The ID of the connection whose secret to delete.
99
+ * @param args.kind - The type of secret to remove (e.g. `"oidc_client_secret"`).
100
+ * @returns `null` on success.
101
+ *
102
+ * @example
103
+ * ```ts
104
+ * await ctx.runMutation(
105
+ * components.auth.connection.groupConnectionSecretDelete,
106
+ * { connectionId, kind: "oidc_client_secret" },
107
+ * );
108
+ * ```
109
+ */
110
+ const groupConnectionSecretDelete = mutation({
111
+ args: {
112
+ connectionId: v.id("GroupConnection"),
113
+ kind: vGroupConnectionSecretKind
114
+ },
115
+ returns: v.null(),
116
+ handler: async (ctx, { connectionId, kind }) => {
117
+ const existing = await ctx.db.query("GroupConnectionSecret").withIndex("connection_id_kind", (idx) => idx.eq("connectionId", connectionId).eq("kind", kind)).first();
118
+ if (existing) await ctx.db.delete(existing._id);
119
+ return null;
120
+ }
121
+ });
122
+
123
+ //#endregion
124
+ export { groupConnectionSecretDelete, groupConnectionSecretGet, groupConnectionSecretUpsert };
125
+ //# sourceMappingURL=secrets.js.map