@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -1,30 +1,30 @@
|
|
|
1
|
+
import { vGroupConnectionScimConfigDoc, vGroupConnectionScimIdentityDoc, vScimResourceType, vScimStatus } from "../../model.js";
|
|
1
2
|
import { mutation, query } from "../../functions.js";
|
|
2
|
-
import { vEnterpriseScimConfigDoc, vEnterpriseScimIdentityDoc, vScimResourceType, vScimStatus } from "../../model.js";
|
|
3
3
|
import { v } from "convex/values";
|
|
4
4
|
|
|
5
|
-
//#region src/component/public/
|
|
5
|
+
//#region src/component/public/sso/scim.ts
|
|
6
6
|
/**
|
|
7
|
-
* Create or update the SCIM provisioning configuration for an
|
|
7
|
+
* Create or update the SCIM provisioning configuration for an group.sso.
|
|
8
8
|
*
|
|
9
|
-
* If a SCIM config already exists for the given
|
|
9
|
+
* If a SCIM config already exists for the given group connection, all fields are
|
|
10
10
|
* patched in place (useful for rotating the bearer token). Otherwise a new
|
|
11
|
-
* config document is created. Only one SCIM config is allowed per
|
|
11
|
+
* config document is created. Only one SCIM config is allowed per group.sso.
|
|
12
12
|
*
|
|
13
|
-
* @param args.
|
|
14
|
-
* @param args.groupId - The ID of the root group that owns the
|
|
13
|
+
* @param args.connectionId - The ID of the group connection to configure SCIM for.
|
|
14
|
+
* @param args.groupId - The ID of the root group that owns the group.sso.
|
|
15
15
|
* @param args.status - The SCIM config lifecycle status: `"draft"`, `"active"`, or `"disabled"`.
|
|
16
16
|
* @param args.basePath - The base URL path for the SCIM endpoint (e.g. `"/scim/v2"`).
|
|
17
17
|
* @param args.tokenHash - A hash of the bearer token used to authenticate SCIM requests.
|
|
18
18
|
* @param args.lastRotatedAt - An optional epoch timestamp (ms) recording when the token was last rotated.
|
|
19
19
|
* @param args.extend - An optional arbitrary extension object for custom SCIM settings.
|
|
20
|
-
* @returns The ID of the created or updated `
|
|
20
|
+
* @returns The ID of the created or updated `GroupConnectionScimConfig` document.
|
|
21
21
|
*
|
|
22
22
|
* @example
|
|
23
23
|
* ```ts
|
|
24
24
|
* const configId = await ctx.runMutation(
|
|
25
|
-
* components.auth.
|
|
25
|
+
* components.auth.group.sso.groupConnectionScimConfigUpsert,
|
|
26
26
|
* {
|
|
27
|
-
*
|
|
27
|
+
* connectionId,
|
|
28
28
|
* groupId: orgGroupId,
|
|
29
29
|
* status: "active",
|
|
30
30
|
* basePath: "/scim/v2",
|
|
@@ -34,9 +34,9 @@ import { v } from "convex/values";
|
|
|
34
34
|
* );
|
|
35
35
|
* ```
|
|
36
36
|
*/
|
|
37
|
-
const
|
|
37
|
+
const groupConnectionScimConfigUpsert = mutation({
|
|
38
38
|
args: {
|
|
39
|
-
|
|
39
|
+
connectionId: v.id("GroupConnection"),
|
|
40
40
|
groupId: v.id("Group"),
|
|
41
41
|
status: vScimStatus,
|
|
42
42
|
basePath: v.string(),
|
|
@@ -44,47 +44,47 @@ const enterpriseScimConfigUpsert = mutation({
|
|
|
44
44
|
lastRotatedAt: v.optional(v.number()),
|
|
45
45
|
extend: v.optional(v.any())
|
|
46
46
|
},
|
|
47
|
-
returns: v.id("
|
|
47
|
+
returns: v.id("GroupConnectionScimConfig"),
|
|
48
48
|
handler: async (ctx, args) => {
|
|
49
|
-
const existing = await ctx.db.query("
|
|
49
|
+
const existing = await ctx.db.query("GroupConnectionScimConfig").withIndex("group_connection_id", (idx) => idx.eq("connectionId", args.connectionId)).first();
|
|
50
50
|
if (existing) {
|
|
51
51
|
await ctx.db.patch(existing._id, args);
|
|
52
52
|
return existing._id;
|
|
53
53
|
}
|
|
54
|
-
return await ctx.db.insert("
|
|
54
|
+
return await ctx.db.insert("GroupConnectionScimConfig", args);
|
|
55
55
|
}
|
|
56
56
|
});
|
|
57
57
|
/**
|
|
58
|
-
* Retrieve the SCIM configuration for a specific
|
|
58
|
+
* Retrieve the SCIM configuration for a specific group.sso.
|
|
59
59
|
*
|
|
60
|
-
* Looks up the SCIM config document by
|
|
61
|
-
* `
|
|
60
|
+
* Looks up the SCIM config document by group connection ID using the
|
|
61
|
+
* `group_connection_id` index. Returns `null` if SCIM has not been configured.
|
|
62
62
|
*
|
|
63
|
-
* @param args.
|
|
63
|
+
* @param args.connectionId - The ID of the group connection whose SCIM config to retrieve.
|
|
64
64
|
* @returns The SCIM configuration document, or `null` if not configured.
|
|
65
65
|
*
|
|
66
66
|
* @example
|
|
67
67
|
* ```ts
|
|
68
68
|
* const config = await ctx.runQuery(
|
|
69
|
-
* components.auth.
|
|
70
|
-
* {
|
|
69
|
+
* components.auth.public.groupConnectionScimConfigGetByGroupConnection,
|
|
70
|
+
* { connectionId },
|
|
71
71
|
* );
|
|
72
72
|
* if (config) {
|
|
73
73
|
* console.log(config.status, config.basePath);
|
|
74
74
|
* }
|
|
75
75
|
* ```
|
|
76
76
|
*/
|
|
77
|
-
const
|
|
78
|
-
args: {
|
|
79
|
-
returns: v.union(
|
|
80
|
-
handler: async (ctx, {
|
|
81
|
-
return await ctx.db.query("
|
|
77
|
+
const groupConnectionScimConfigGetByGroupConnection = query({
|
|
78
|
+
args: { connectionId: v.id("GroupConnection") },
|
|
79
|
+
returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
|
|
80
|
+
handler: async (ctx, { connectionId }) => {
|
|
81
|
+
return await ctx.db.query("GroupConnectionScimConfig").withIndex("group_connection_id", (idx) => idx.eq("connectionId", connectionId)).first();
|
|
82
82
|
}
|
|
83
83
|
});
|
|
84
84
|
/**
|
|
85
85
|
* Look up a SCIM configuration by its bearer token hash.
|
|
86
86
|
*
|
|
87
|
-
* Used during SCIM request authentication to resolve which
|
|
87
|
+
* Used during SCIM request authentication to resolve which group connection a
|
|
88
88
|
* given bearer token belongs to. Returns `null` if no config matches.
|
|
89
89
|
*
|
|
90
90
|
* @param args.tokenHash - The hash of the bearer token from the incoming SCIM request.
|
|
@@ -93,29 +93,29 @@ const enterpriseScimConfigGetByEnterprise = query({
|
|
|
93
93
|
* @example
|
|
94
94
|
* ```ts
|
|
95
95
|
* const config = await ctx.runQuery(
|
|
96
|
-
* components.auth.
|
|
96
|
+
* components.auth.group.sso.groupConnectionScimConfigGetByTokenHash,
|
|
97
97
|
* { tokenHash: "sha256:abc123..." },
|
|
98
98
|
* );
|
|
99
99
|
* if (config) {
|
|
100
|
-
* console.log("Authenticated
|
|
100
|
+
* console.log("Authenticated group:", config.connectionId);
|
|
101
101
|
* }
|
|
102
102
|
* ```
|
|
103
103
|
*/
|
|
104
|
-
const
|
|
104
|
+
const groupConnectionScimConfigGetByTokenHash = query({
|
|
105
105
|
args: { tokenHash: v.string() },
|
|
106
|
-
returns: v.union(
|
|
106
|
+
returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
|
|
107
107
|
handler: async (ctx, { tokenHash }) => {
|
|
108
|
-
return await ctx.db.query("
|
|
108
|
+
return await ctx.db.query("GroupConnectionScimConfig").withIndex("token_hash", (idx) => idx.eq("tokenHash", tokenHash)).first();
|
|
109
109
|
}
|
|
110
110
|
});
|
|
111
111
|
/**
|
|
112
|
-
* Retrieve a SCIM identity by
|
|
112
|
+
* Retrieve a SCIM identity by group connection, resource type, and external ID.
|
|
113
113
|
*
|
|
114
114
|
* Looks up a SCIM-provisioned identity using the composite index on
|
|
115
|
-
* `(
|
|
115
|
+
* `(connectionId, resourceType, externalId)`. This is the primary lookup
|
|
116
116
|
* used when processing incoming SCIM user or group operations.
|
|
117
117
|
*
|
|
118
|
-
* @param args.
|
|
118
|
+
* @param args.connectionId - The ID of the group connection that owns the SCIM identity.
|
|
119
119
|
* @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
|
|
120
120
|
* @param args.externalId - The external identifier assigned by the identity provider.
|
|
121
121
|
* @returns The SCIM identity document, or `null` if not found.
|
|
@@ -123,24 +123,24 @@ const enterpriseScimConfigGetByTokenHash = query({
|
|
|
123
123
|
* @example
|
|
124
124
|
* ```ts
|
|
125
125
|
* const identity = await ctx.runQuery(
|
|
126
|
-
* components.auth.
|
|
126
|
+
* components.auth.group.sso.groupConnectionScimIdentityGet,
|
|
127
127
|
* {
|
|
128
|
-
*
|
|
128
|
+
* connectionId,
|
|
129
129
|
* resourceType: "user",
|
|
130
130
|
* externalId: "okta-user-abc123",
|
|
131
131
|
* },
|
|
132
132
|
* );
|
|
133
133
|
* ```
|
|
134
134
|
*/
|
|
135
|
-
const
|
|
135
|
+
const groupConnectionScimIdentityGet = query({
|
|
136
136
|
args: {
|
|
137
|
-
|
|
137
|
+
connectionId: v.id("GroupConnection"),
|
|
138
138
|
resourceType: vScimResourceType,
|
|
139
139
|
externalId: v.string()
|
|
140
140
|
},
|
|
141
|
-
returns: v.union(
|
|
141
|
+
returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
|
|
142
142
|
handler: async (ctx, args) => {
|
|
143
|
-
return await ctx.db.query("
|
|
143
|
+
return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_resource_type_external_id", (idx) => idx.eq("connectionId", args.connectionId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
|
|
144
144
|
}
|
|
145
145
|
});
|
|
146
146
|
/**
|
|
@@ -156,7 +156,7 @@ const enterpriseScimIdentityGet = query({
|
|
|
156
156
|
* @example
|
|
157
157
|
* ```ts
|
|
158
158
|
* const scimIdentity = await ctx.runQuery(
|
|
159
|
-
* components.auth.
|
|
159
|
+
* components.auth.group.sso.groupConnectionScimIdentityGetByUser,
|
|
160
160
|
* { userId },
|
|
161
161
|
* );
|
|
162
162
|
* if (scimIdentity) {
|
|
@@ -164,40 +164,40 @@ const enterpriseScimIdentityGet = query({
|
|
|
164
164
|
* }
|
|
165
165
|
* ```
|
|
166
166
|
*/
|
|
167
|
-
const
|
|
167
|
+
const groupConnectionScimIdentityGetByUser = query({
|
|
168
168
|
args: { userId: v.id("User") },
|
|
169
|
-
returns: v.union(
|
|
169
|
+
returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
|
|
170
170
|
handler: async (ctx, { userId }) => {
|
|
171
|
-
return await ctx.db.query("
|
|
171
|
+
return await ctx.db.query("GroupConnectionScimIdentity").withIndex("user_id", (idx) => idx.eq("userId", userId)).first();
|
|
172
172
|
}
|
|
173
173
|
});
|
|
174
174
|
/**
|
|
175
|
-
* Retrieve the SCIM identity for a specific user within a specific
|
|
175
|
+
* Retrieve the SCIM identity for a specific user within a specific group.sso.
|
|
176
176
|
*
|
|
177
|
-
* Uses the composite `(
|
|
178
|
-
* that links a user to a particular
|
|
179
|
-
* belong to multiple
|
|
177
|
+
* Uses the composite `(connectionId, userId)` index to find the SCIM identity
|
|
178
|
+
* that links a user to a particular group.sso. This is useful when a user may
|
|
179
|
+
* belong to multiple group connections.
|
|
180
180
|
*
|
|
181
|
-
* @param args.
|
|
181
|
+
* @param args.connectionId - The ID of the group connection to scope the lookup to.
|
|
182
182
|
* @param args.userId - The document ID of the user.
|
|
183
183
|
* @returns The SCIM identity document, or `null` if not found.
|
|
184
184
|
*
|
|
185
185
|
* @example
|
|
186
186
|
* ```ts
|
|
187
187
|
* const identity = await ctx.runQuery(
|
|
188
|
-
* components.auth.
|
|
189
|
-
* {
|
|
188
|
+
* components.auth.public.groupConnectionScimIdentityGetByGroupConnectionAndUser,
|
|
189
|
+
* { connectionId, userId },
|
|
190
190
|
* );
|
|
191
191
|
* ```
|
|
192
192
|
*/
|
|
193
|
-
const
|
|
193
|
+
const groupConnectionScimIdentityGetByGroupConnectionAndUser = query({
|
|
194
194
|
args: {
|
|
195
|
-
|
|
195
|
+
connectionId: v.id("GroupConnection"),
|
|
196
196
|
userId: v.id("User")
|
|
197
197
|
},
|
|
198
|
-
returns: v.union(
|
|
199
|
-
handler: async (ctx, {
|
|
200
|
-
return await ctx.db.query("
|
|
198
|
+
returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
|
|
199
|
+
handler: async (ctx, { connectionId, userId }) => {
|
|
200
|
+
return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_user_id", (idx) => idx.eq("connectionId", connectionId).eq("userId", userId)).first();
|
|
201
201
|
}
|
|
202
202
|
});
|
|
203
203
|
/**
|
|
@@ -213,7 +213,7 @@ const enterpriseScimIdentityGetByEnterpriseAndUser = query({
|
|
|
213
213
|
* @example
|
|
214
214
|
* ```ts
|
|
215
215
|
* const scimGroup = await ctx.runQuery(
|
|
216
|
-
* components.auth.
|
|
216
|
+
* components.auth.public.groupConnectionScimIdentityGetByMappedGroup,
|
|
217
217
|
* { mappedGroupId: teamGroupId },
|
|
218
218
|
* );
|
|
219
219
|
* if (scimGroup) {
|
|
@@ -221,50 +221,50 @@ const enterpriseScimIdentityGetByEnterpriseAndUser = query({
|
|
|
221
221
|
* }
|
|
222
222
|
* ```
|
|
223
223
|
*/
|
|
224
|
-
const
|
|
224
|
+
const groupConnectionScimIdentityGetByMappedGroup = query({
|
|
225
225
|
args: { mappedGroupId: v.id("Group") },
|
|
226
|
-
returns: v.union(
|
|
226
|
+
returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
|
|
227
227
|
handler: async (ctx, { mappedGroupId }) => {
|
|
228
|
-
return await ctx.db.query("
|
|
228
|
+
return await ctx.db.query("GroupConnectionScimIdentity").withIndex("mapped_group_id", (idx) => idx.eq("mappedGroupId", mappedGroupId)).first();
|
|
229
229
|
}
|
|
230
230
|
});
|
|
231
231
|
/**
|
|
232
|
-
* List all SCIM identities belonging to a specific
|
|
232
|
+
* List all SCIM identities belonging to a specific group.sso.
|
|
233
233
|
*
|
|
234
|
-
* Returns all `
|
|
234
|
+
* Returns all `GroupConnectionScimIdentity` documents for the given group connection,
|
|
235
235
|
* including both user and group resource types. Useful for displaying all
|
|
236
236
|
* SCIM-provisioned resources or for bulk operations.
|
|
237
237
|
*
|
|
238
|
-
* @param args.
|
|
238
|
+
* @param args.connectionId - The ID of the group connection whose SCIM identities to list.
|
|
239
239
|
* @returns An array of SCIM identity documents.
|
|
240
240
|
*
|
|
241
241
|
* @example
|
|
242
242
|
* ```ts
|
|
243
243
|
* const identities = await ctx.runQuery(
|
|
244
|
-
* components.auth.
|
|
245
|
-
* {
|
|
244
|
+
* components.auth.public.groupConnectionScimIdentityListByGroupConnection,
|
|
245
|
+
* { connectionId },
|
|
246
246
|
* );
|
|
247
247
|
* const users = identities.filter((i) => i.resourceType === "user");
|
|
248
248
|
* const groups = identities.filter((i) => i.resourceType === "group");
|
|
249
249
|
* ```
|
|
250
250
|
*/
|
|
251
|
-
const
|
|
252
|
-
args: {
|
|
253
|
-
returns: v.array(
|
|
254
|
-
handler: async (ctx, {
|
|
255
|
-
return await ctx.db.query("
|
|
251
|
+
const groupConnectionScimIdentityListByGroupConnection = query({
|
|
252
|
+
args: { connectionId: v.id("GroupConnection") },
|
|
253
|
+
returns: v.array(vGroupConnectionScimIdentityDoc),
|
|
254
|
+
handler: async (ctx, { connectionId }) => {
|
|
255
|
+
return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id", (idx) => idx.eq("connectionId", connectionId)).collect();
|
|
256
256
|
}
|
|
257
257
|
});
|
|
258
258
|
/**
|
|
259
259
|
* Create or update a SCIM-provisioned identity record.
|
|
260
260
|
*
|
|
261
|
-
* If a SCIM identity with the same `(
|
|
261
|
+
* If a SCIM identity with the same `(connectionId, resourceType, externalId)`
|
|
262
262
|
* already exists, its fields are patched in place. Otherwise a new record is
|
|
263
263
|
* created. This is the core upsert used by the SCIM provisioning handler to
|
|
264
264
|
* sync users and groups from external identity providers.
|
|
265
265
|
*
|
|
266
|
-
* @param args.
|
|
267
|
-
* @param args.groupId - The ID of the root group that owns the
|
|
266
|
+
* @param args.connectionId - The ID of the group connection the identity belongs to.
|
|
267
|
+
* @param args.groupId - The ID of the root group that owns the group.sso.
|
|
268
268
|
* @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
|
|
269
269
|
* @param args.externalId - The external identifier assigned by the identity provider.
|
|
270
270
|
* @param args.userId - An optional link to the internal user document (for user resources).
|
|
@@ -272,14 +272,14 @@ const enterpriseScimIdentityListByEnterprise = query({
|
|
|
272
272
|
* @param args.lastProvisionedAt - An optional epoch timestamp (ms) of the last sync.
|
|
273
273
|
* @param args.active - An optional flag indicating whether the identity is active.
|
|
274
274
|
* @param args.raw - An optional raw SCIM payload stored for debugging or re-processing.
|
|
275
|
-
* @returns The ID of the created or updated `
|
|
275
|
+
* @returns The ID of the created or updated `GroupConnectionScimIdentity` document.
|
|
276
276
|
*
|
|
277
277
|
* @example
|
|
278
278
|
* ```ts
|
|
279
279
|
* const identityId = await ctx.runMutation(
|
|
280
|
-
* components.auth.
|
|
280
|
+
* components.auth.group.sso.groupConnectionScimIdentityUpsert,
|
|
281
281
|
* {
|
|
282
|
-
*
|
|
282
|
+
* connectionId,
|
|
283
283
|
* groupId: orgGroupId,
|
|
284
284
|
* resourceType: "user",
|
|
285
285
|
* externalId: "okta-user-abc123",
|
|
@@ -291,9 +291,9 @@ const enterpriseScimIdentityListByEnterprise = query({
|
|
|
291
291
|
* );
|
|
292
292
|
* ```
|
|
293
293
|
*/
|
|
294
|
-
const
|
|
294
|
+
const groupConnectionScimIdentityUpsert = mutation({
|
|
295
295
|
args: {
|
|
296
|
-
|
|
296
|
+
connectionId: v.id("GroupConnection"),
|
|
297
297
|
groupId: v.id("Group"),
|
|
298
298
|
resourceType: vScimResourceType,
|
|
299
299
|
externalId: v.string(),
|
|
@@ -303,20 +303,20 @@ const enterpriseScimIdentityUpsert = mutation({
|
|
|
303
303
|
active: v.optional(v.boolean()),
|
|
304
304
|
raw: v.optional(v.any())
|
|
305
305
|
},
|
|
306
|
-
returns: v.id("
|
|
306
|
+
returns: v.id("GroupConnectionScimIdentity"),
|
|
307
307
|
handler: async (ctx, args) => {
|
|
308
|
-
const existing = await ctx.db.query("
|
|
308
|
+
const existing = await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_resource_type_external_id", (idx) => idx.eq("connectionId", args.connectionId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
|
|
309
309
|
if (existing) {
|
|
310
310
|
await ctx.db.patch(existing._id, args);
|
|
311
311
|
return existing._id;
|
|
312
312
|
}
|
|
313
|
-
return await ctx.db.insert("
|
|
313
|
+
return await ctx.db.insert("GroupConnectionScimIdentity", args);
|
|
314
314
|
}
|
|
315
315
|
});
|
|
316
316
|
/**
|
|
317
317
|
* Permanently delete a SCIM identity record.
|
|
318
318
|
*
|
|
319
|
-
* Removes the `
|
|
319
|
+
* Removes the `GroupConnectionScimIdentity` document. This is typically called
|
|
320
320
|
* when a SCIM DELETE request is received for a user or group resource.
|
|
321
321
|
*
|
|
322
322
|
* @param args.identityId - The document ID of the SCIM identity to delete.
|
|
@@ -325,13 +325,13 @@ const enterpriseScimIdentityUpsert = mutation({
|
|
|
325
325
|
* @example
|
|
326
326
|
* ```ts
|
|
327
327
|
* await ctx.runMutation(
|
|
328
|
-
* components.auth.
|
|
328
|
+
* components.auth.group.sso.groupConnectionScimIdentityDelete,
|
|
329
329
|
* { identityId: scimIdentity._id },
|
|
330
330
|
* );
|
|
331
331
|
* ```
|
|
332
332
|
*/
|
|
333
|
-
const
|
|
334
|
-
args: { identityId: v.id("
|
|
333
|
+
const groupConnectionScimIdentityDelete = mutation({
|
|
334
|
+
args: { identityId: v.id("GroupConnectionScimIdentity") },
|
|
335
335
|
returns: v.null(),
|
|
336
336
|
handler: async (ctx, { identityId }) => {
|
|
337
337
|
await ctx.db.delete(identityId);
|
|
@@ -340,5 +340,5 @@ const enterpriseScimIdentityDelete = mutation({
|
|
|
340
340
|
});
|
|
341
341
|
|
|
342
342
|
//#endregion
|
|
343
|
-
export {
|
|
343
|
+
export { groupConnectionScimConfigGetByGroupConnection, groupConnectionScimConfigGetByTokenHash, groupConnectionScimConfigUpsert, groupConnectionScimIdentityDelete, groupConnectionScimIdentityGet, groupConnectionScimIdentityGetByGroupConnectionAndUser, groupConnectionScimIdentityGetByMappedGroup, groupConnectionScimIdentityGetByUser, groupConnectionScimIdentityListByGroupConnection, groupConnectionScimIdentityUpsert };
|
|
344
344
|
//# sourceMappingURL=scim.js.map
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
import { vGroupConnectionSecretDoc, vGroupConnectionSecretKind } from "../../model.js";
|
|
2
|
+
import { mutation, query } from "../../functions.js";
|
|
3
|
+
import { v } from "convex/values";
|
|
4
|
+
|
|
5
|
+
//#region src/component/public/sso/secrets.ts
|
|
6
|
+
/**
|
|
7
|
+
* Create or update an encrypted secret for an connection.
|
|
8
|
+
*
|
|
9
|
+
* Stores a secret identified by the combination of `(connectionId, kind)`.
|
|
10
|
+
* If a secret of the same kind already exists for the connection, it is
|
|
11
|
+
* updated with the new ciphertext and timestamp. Otherwise a new secret
|
|
12
|
+
* document is created. Only one secret per kind is allowed per connection.
|
|
13
|
+
*
|
|
14
|
+
* @param args.connectionId - The ID of the connection the secret belongs to.
|
|
15
|
+
* @param args.groupId - The ID of the root group that owns the connection.
|
|
16
|
+
* @param args.kind - The type of secret being stored (e.g. `"oidc_client_secret"`).
|
|
17
|
+
* @param args.ciphertext - The encrypted secret value.
|
|
18
|
+
* @param args.updatedAt - Epoch timestamp (ms) when the secret was last updated.
|
|
19
|
+
* @returns The ID of the created or updated `GroupConnectionSecret` document.
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```ts
|
|
23
|
+
* const secretId = await ctx.runMutation(
|
|
24
|
+
* components.auth.connection.groupConnectionSecretUpsert,
|
|
25
|
+
* {
|
|
26
|
+
* connectionId,
|
|
27
|
+
* groupId: orgGroupId,
|
|
28
|
+
* kind: "oidc_client_secret",
|
|
29
|
+
* ciphertext: "encrypted:aes256:...",
|
|
30
|
+
* updatedAt: Date.now(),
|
|
31
|
+
* },
|
|
32
|
+
* );
|
|
33
|
+
* ```
|
|
34
|
+
*/
|
|
35
|
+
const groupConnectionSecretUpsert = mutation({
|
|
36
|
+
args: {
|
|
37
|
+
connectionId: v.id("GroupConnection"),
|
|
38
|
+
groupId: v.id("Group"),
|
|
39
|
+
kind: vGroupConnectionSecretKind,
|
|
40
|
+
ciphertext: v.string(),
|
|
41
|
+
updatedAt: v.number()
|
|
42
|
+
},
|
|
43
|
+
returns: v.id("GroupConnectionSecret"),
|
|
44
|
+
handler: async (ctx, args) => {
|
|
45
|
+
const { connectionId, ...rest } = args;
|
|
46
|
+
const existing = await ctx.db.query("GroupConnectionSecret").withIndex("connection_id_kind", (idx) => idx.eq("connectionId", connectionId).eq("kind", args.kind)).first();
|
|
47
|
+
if (existing) {
|
|
48
|
+
await ctx.db.patch(existing._id, {
|
|
49
|
+
connectionId,
|
|
50
|
+
...rest
|
|
51
|
+
});
|
|
52
|
+
return existing._id;
|
|
53
|
+
}
|
|
54
|
+
return await ctx.db.insert("GroupConnectionSecret", {
|
|
55
|
+
connectionId,
|
|
56
|
+
...rest
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
/**
|
|
61
|
+
* Retrieve an encrypted secret for an connection by kind.
|
|
62
|
+
*
|
|
63
|
+
* Looks up the secret using the composite `(connectionId, kind)` index.
|
|
64
|
+
* Returns the full document including the ciphertext, or `null` if no secret
|
|
65
|
+
* of that kind has been stored for the connection.
|
|
66
|
+
*
|
|
67
|
+
* @param args.connectionId - The ID of the connection whose secret to retrieve.
|
|
68
|
+
* @param args.kind - The type of secret to look up (e.g. `"oidc_client_secret"`).
|
|
69
|
+
* @returns The connection secret document, or `null` if not found.
|
|
70
|
+
*
|
|
71
|
+
* @example
|
|
72
|
+
* ```ts
|
|
73
|
+
* const secret = await ctx.runQuery(
|
|
74
|
+
* components.auth.connection.groupConnectionSecretGet,
|
|
75
|
+
* { connectionId, kind: "oidc_client_secret" },
|
|
76
|
+
* );
|
|
77
|
+
* if (secret) {
|
|
78
|
+
* const plaintext = decrypt(secret.ciphertext);
|
|
79
|
+
* }
|
|
80
|
+
* ```
|
|
81
|
+
*/
|
|
82
|
+
const groupConnectionSecretGet = query({
|
|
83
|
+
args: {
|
|
84
|
+
connectionId: v.id("GroupConnection"),
|
|
85
|
+
kind: vGroupConnectionSecretKind
|
|
86
|
+
},
|
|
87
|
+
returns: v.union(vGroupConnectionSecretDoc, v.null()),
|
|
88
|
+
handler: async (ctx, { connectionId, kind }) => {
|
|
89
|
+
return await ctx.db.query("GroupConnectionSecret").withIndex("connection_id_kind", (idx) => idx.eq("connectionId", connectionId).eq("kind", kind)).first();
|
|
90
|
+
}
|
|
91
|
+
});
|
|
92
|
+
/**
|
|
93
|
+
* Delete an encrypted secret for an connection by kind.
|
|
94
|
+
*
|
|
95
|
+
* Removes the secret document matching the `(connectionId, kind)` pair.
|
|
96
|
+
* If no such secret exists, this is a no-op.
|
|
97
|
+
*
|
|
98
|
+
* @param args.connectionId - The ID of the connection whose secret to delete.
|
|
99
|
+
* @param args.kind - The type of secret to remove (e.g. `"oidc_client_secret"`).
|
|
100
|
+
* @returns `null` on success.
|
|
101
|
+
*
|
|
102
|
+
* @example
|
|
103
|
+
* ```ts
|
|
104
|
+
* await ctx.runMutation(
|
|
105
|
+
* components.auth.connection.groupConnectionSecretDelete,
|
|
106
|
+
* { connectionId, kind: "oidc_client_secret" },
|
|
107
|
+
* );
|
|
108
|
+
* ```
|
|
109
|
+
*/
|
|
110
|
+
const groupConnectionSecretDelete = mutation({
|
|
111
|
+
args: {
|
|
112
|
+
connectionId: v.id("GroupConnection"),
|
|
113
|
+
kind: vGroupConnectionSecretKind
|
|
114
|
+
},
|
|
115
|
+
returns: v.null(),
|
|
116
|
+
handler: async (ctx, { connectionId, kind }) => {
|
|
117
|
+
const existing = await ctx.db.query("GroupConnectionSecret").withIndex("connection_id_kind", (idx) => idx.eq("connectionId", connectionId).eq("kind", kind)).first();
|
|
118
|
+
if (existing) await ctx.db.delete(existing._id);
|
|
119
|
+
return null;
|
|
120
|
+
}
|
|
121
|
+
});
|
|
122
|
+
|
|
123
|
+
//#endregion
|
|
124
|
+
export { groupConnectionSecretDelete, groupConnectionSecretGet, groupConnectionSecretUpsert };
|
|
125
|
+
//# sourceMappingURL=secrets.js.map
|