@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
import { envOptionalString, readConfigSync } from "../server/env.js";
|
|
2
|
+
import { createOAuthProvider } from "../server/oauth/factory.js";
|
|
3
|
+
import { sha256 } from "@oslojs/crypto/sha2";
|
|
4
|
+
import { encodeBase64urlNoPadding } from "@oslojs/encoding";
|
|
5
|
+
|
|
6
|
+
//#region src/providers/custom.ts
|
|
7
|
+
/**
|
|
8
|
+
* Custom OAuth provider.
|
|
9
|
+
*
|
|
10
|
+
* Use this as an escape hatch for OAuth providers that do not have a first-
|
|
11
|
+
* party wrapper yet.
|
|
12
|
+
*
|
|
13
|
+
* @module
|
|
14
|
+
*/
|
|
15
|
+
function defaultRedirectUri(providerId) {
|
|
16
|
+
const rootUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? readConfigSync(envOptionalString("CONVEX_SITE_URL"));
|
|
17
|
+
if (!rootUrl) throw new Error(`Missing CONVEX_SITE_URL while configuring ${providerId} OAuth provider. Set CONVEX_SITE_URL or pass redirectUri explicitly.`);
|
|
18
|
+
return `${rootUrl}/api/auth/callback/${providerId}`;
|
|
19
|
+
}
|
|
20
|
+
function joinScopes(scopes, separator = " ") {
|
|
21
|
+
return scopes.join(separator);
|
|
22
|
+
}
|
|
23
|
+
function createCodeChallenge(codeVerifier) {
|
|
24
|
+
return encodeBase64urlNoPadding(sha256(new TextEncoder().encode(codeVerifier)));
|
|
25
|
+
}
|
|
26
|
+
function createRuntimeClient(config) {
|
|
27
|
+
const redirectUri = config.redirectUri ?? defaultRedirectUri(config.id);
|
|
28
|
+
const authorization = config.authorization;
|
|
29
|
+
const token = config.token;
|
|
30
|
+
const pkce = authorization.pkce ?? "required";
|
|
31
|
+
const scopes = [...config.scopes ?? []];
|
|
32
|
+
return {
|
|
33
|
+
pkce,
|
|
34
|
+
createAuthorizationURL({ state, codeVerifier, scopes: requestedScopes, nonce }) {
|
|
35
|
+
const url = new URL(authorization.url);
|
|
36
|
+
const nextScopes = requestedScopes.length > 0 ? requestedScopes : scopes;
|
|
37
|
+
url.searchParams.set("response_type", "code");
|
|
38
|
+
url.searchParams.set(authorization.clientIdParam ?? "client_id", config.clientId);
|
|
39
|
+
url.searchParams.set("redirect_uri", redirectUri);
|
|
40
|
+
url.searchParams.set("state", state);
|
|
41
|
+
if (nextScopes.length > 0) url.searchParams.set(authorization.scopeParam ?? "scope", joinScopes(nextScopes, authorization.scopeSeparator));
|
|
42
|
+
if (codeVerifier !== void 0 && pkce !== "never") {
|
|
43
|
+
url.searchParams.set("code_challenge_method", "S256");
|
|
44
|
+
url.searchParams.set("code_challenge", createCodeChallenge(codeVerifier));
|
|
45
|
+
}
|
|
46
|
+
if (nonce !== void 0) url.searchParams.set("nonce", nonce);
|
|
47
|
+
for (const [key, value] of Object.entries(authorization.extraParams ?? {})) url.searchParams.set(key, value);
|
|
48
|
+
return url;
|
|
49
|
+
},
|
|
50
|
+
async validateAuthorizationCode({ code, codeVerifier }) {
|
|
51
|
+
const body = new URLSearchParams();
|
|
52
|
+
body.set("grant_type", "authorization_code");
|
|
53
|
+
body.set("code", code);
|
|
54
|
+
if (token.includeRedirectUri ?? true) body.set("redirect_uri", redirectUri);
|
|
55
|
+
if (pkce !== "never" && codeVerifier !== void 0) body.set(token.codeVerifierParam ?? "code_verifier", codeVerifier);
|
|
56
|
+
if (token.includeScopes === true && scopes.length > 0) body.set(token.scopeParam ?? "scope", joinScopes(scopes, token.scopeSeparator ?? authorization.scopeSeparator));
|
|
57
|
+
if (token.authMethod !== "basic") body.set(token.clientIdParam ?? "client_id", config.clientId);
|
|
58
|
+
if (token.authMethod !== "basic" && token.authMethod !== "none" && config.clientSecret) body.set(token.clientSecretParam ?? "client_secret", config.clientSecret);
|
|
59
|
+
for (const [key, value] of Object.entries(token.extraParams ?? {})) body.set(key, value);
|
|
60
|
+
const headers = new Headers({ "Content-Type": "application/x-www-form-urlencoded" });
|
|
61
|
+
if (token.authMethod === "basic") {
|
|
62
|
+
if (!config.clientSecret) throw new Error(`OAuth provider "${config.id}" requires clientSecret for token.authMethod="basic".`);
|
|
63
|
+
const credentials = btoa(`${config.clientId}:${config.clientSecret}`);
|
|
64
|
+
headers.set("Authorization", `Basic ${credentials}`);
|
|
65
|
+
}
|
|
66
|
+
const response = await fetch(token.url, {
|
|
67
|
+
method: "POST",
|
|
68
|
+
headers,
|
|
69
|
+
body
|
|
70
|
+
});
|
|
71
|
+
if (!response.ok) throw new Error(`OAuth token exchange failed: ${response.status}`);
|
|
72
|
+
const raw = await response.json();
|
|
73
|
+
const rawScopes = typeof raw.scope === "string" ? raw.scope : void 0;
|
|
74
|
+
const expiresIn = typeof raw.expires_in === "number" ? raw.expires_in : void 0;
|
|
75
|
+
return {
|
|
76
|
+
accessToken: typeof raw.access_token === "string" ? raw.access_token : void 0,
|
|
77
|
+
refreshToken: typeof raw.refresh_token === "string" ? raw.refresh_token : void 0,
|
|
78
|
+
idToken: typeof raw.id_token === "string" ? raw.id_token : void 0,
|
|
79
|
+
accessTokenExpiresAt: expiresIn !== void 0 ? new Date(Date.now() + expiresIn * 1e3) : void 0,
|
|
80
|
+
scopes: rawScopes ? rawScopes.split(/[\s,]+/).map((scope) => scope.trim()).filter((scope) => scope.length > 0) : void 0,
|
|
81
|
+
raw
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Create a custom OAuth provider.
|
|
88
|
+
*
|
|
89
|
+
* @param config - OAuth endpoints, credentials, and profile callbacks.
|
|
90
|
+
* @returns A configured OAuth provider for `createAuth`.
|
|
91
|
+
*
|
|
92
|
+
* @example
|
|
93
|
+
* ```ts
|
|
94
|
+
* import { custom } from "@robelest/convex-auth/providers";
|
|
95
|
+
*
|
|
96
|
+
* custom({
|
|
97
|
+
* id: "workos",
|
|
98
|
+
* clientId: process.env.WORKOS_CLIENT_ID!,
|
|
99
|
+
* clientSecret: process.env.WORKOS_CLIENT_SECRET!,
|
|
100
|
+
* authorization: { url: "https://api.workos.com/sso/authorize" },
|
|
101
|
+
* token: { url: "https://api.workos.com/sso/token", authMethod: "basic" },
|
|
102
|
+
* })
|
|
103
|
+
* ```
|
|
104
|
+
*/
|
|
105
|
+
function custom(config) {
|
|
106
|
+
return createOAuthProvider({
|
|
107
|
+
id: config.id,
|
|
108
|
+
provider: createRuntimeClient(config),
|
|
109
|
+
scopes: config.scopes ?? [],
|
|
110
|
+
profile: config.profile,
|
|
111
|
+
nonce: config.nonce,
|
|
112
|
+
validateTokens: config.validateTokens,
|
|
113
|
+
accountLinking: config.accountLinking
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
//#endregion
|
|
118
|
+
export { custom };
|
|
119
|
+
//# sourceMappingURL=custom.js.map
|
|
@@ -1,67 +1,33 @@
|
|
|
1
|
+
import { DeviceProviderConfig } from "../server/types.js";
|
|
2
|
+
|
|
1
3
|
//#region src/providers/device.d.ts
|
|
2
|
-
/**
|
|
3
|
-
* Device authorization provider (RFC 8628).
|
|
4
|
-
*
|
|
5
|
-
* Enables input-constrained devices (CLIs, TVs, IoT) to authenticate
|
|
6
|
-
* by displaying a short code that the user enters on a secondary device.
|
|
7
|
-
*
|
|
8
|
-
* ```ts
|
|
9
|
-
* import { Device } from "@robelest/convex-auth/providers";
|
|
10
|
-
*
|
|
11
|
-
* new Device()
|
|
12
|
-
* ```
|
|
13
|
-
*
|
|
14
|
-
* @module
|
|
15
|
-
*/
|
|
16
|
-
/**
|
|
17
|
-
* Configuration for the Device authorization provider.
|
|
18
|
-
*/
|
|
4
|
+
/** Configuration for the {@link device} provider. */
|
|
19
5
|
interface DeviceConfig {
|
|
20
|
-
/**
|
|
21
|
-
* User code character set.
|
|
22
|
-
* Default: `"BCDFGHJKLMNPQRSTVWXZ"` (base-20, no vowels per RFC 8628 §6.1).
|
|
23
|
-
*/
|
|
6
|
+
/** Character set used to generate the short user code. */
|
|
24
7
|
charset?: string;
|
|
25
|
-
/**
|
|
8
|
+
/** Number of characters in the generated user code. */
|
|
26
9
|
userCodeLength?: number;
|
|
27
|
-
/** Device code
|
|
10
|
+
/** Device code lifetime in seconds. */
|
|
28
11
|
expiresIn?: number;
|
|
29
|
-
/**
|
|
12
|
+
/** Polling interval in seconds suggested to the device client. */
|
|
30
13
|
interval?: number;
|
|
31
|
-
/**
|
|
32
|
-
* Base URL for the verification page where users enter the device code.
|
|
33
|
-
*
|
|
34
|
-
* Example: `"http://localhost:3000/device"` or `"https://myapp.com/device"`.
|
|
35
|
-
*
|
|
36
|
-
* If not provided, falls back to `SITE_URL + "/device"`.
|
|
37
|
-
*/
|
|
14
|
+
/** Verification page URL shown to the user on the device. */
|
|
38
15
|
verificationUri?: string;
|
|
39
16
|
}
|
|
40
17
|
/**
|
|
41
|
-
*
|
|
18
|
+
* Create a device authorization provider.
|
|
42
19
|
*
|
|
43
|
-
*
|
|
44
|
-
*
|
|
45
|
-
* on a secondary device, signs in with any existing provider, and
|
|
46
|
-
* enters the code to authorize the device.
|
|
20
|
+
* @param config - Optional device flow code and polling settings.
|
|
21
|
+
* @returns A configured device flow provider for `createAuth`.
|
|
47
22
|
*
|
|
48
23
|
* @example
|
|
49
24
|
* ```ts
|
|
50
|
-
* import {
|
|
51
|
-
* import { Device } from "@robelest/convex-auth/providers";
|
|
52
|
-
* import { components } from "./_generated/api";
|
|
25
|
+
* import { device } from "@robelest/convex-auth/providers";
|
|
53
26
|
*
|
|
54
|
-
*
|
|
55
|
-
* providers: [new Device()],
|
|
56
|
-
* });
|
|
27
|
+
* device({ verificationUri: "https://example.com/device" })
|
|
57
28
|
* ```
|
|
58
29
|
*/
|
|
59
|
-
declare
|
|
60
|
-
readonly id: string;
|
|
61
|
-
readonly type: "device";
|
|
62
|
-
readonly config: DeviceConfig;
|
|
63
|
-
constructor(config?: DeviceConfig);
|
|
64
|
-
}
|
|
30
|
+
declare function device(config?: DeviceConfig): DeviceProviderConfig;
|
|
65
31
|
//#endregion
|
|
66
|
-
export {
|
|
32
|
+
export { DeviceConfig, device };
|
|
67
33
|
//# sourceMappingURL=device.d.ts.map
|
package/dist/providers/device.js
CHANGED
|
@@ -1,47 +1,30 @@
|
|
|
1
1
|
//#region src/providers/device.ts
|
|
2
|
-
/** No-vowel base-20 charset per RFC 8628 §6.1 recommendation. */
|
|
3
2
|
const DEFAULT_CHARSET = "BCDFGHJKLMNPQRSTVWXZ";
|
|
4
3
|
/**
|
|
5
|
-
*
|
|
4
|
+
* Create a device authorization provider.
|
|
6
5
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
* on a secondary device, signs in with any existing provider, and
|
|
10
|
-
* enters the code to authorize the device.
|
|
6
|
+
* @param config - Optional device flow code and polling settings.
|
|
7
|
+
* @returns A configured device flow provider for `createAuth`.
|
|
11
8
|
*
|
|
12
9
|
* @example
|
|
13
10
|
* ```ts
|
|
14
|
-
* import {
|
|
15
|
-
* import { Device } from "@robelest/convex-auth/providers";
|
|
16
|
-
* import { components } from "./_generated/api";
|
|
11
|
+
* import { device } from "@robelest/convex-auth/providers";
|
|
17
12
|
*
|
|
18
|
-
*
|
|
19
|
-
* providers: [new Device()],
|
|
20
|
-
* });
|
|
13
|
+
* device({ verificationUri: "https://example.com/device" })
|
|
21
14
|
* ```
|
|
22
15
|
*/
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
id: this.id,
|
|
35
|
-
type: "device",
|
|
36
|
-
charset: this.config.charset ?? DEFAULT_CHARSET,
|
|
37
|
-
userCodeLength: this.config.userCodeLength ?? 8,
|
|
38
|
-
expiresIn: this.config.expiresIn ?? 900,
|
|
39
|
-
interval: this.config.interval ?? 5,
|
|
40
|
-
verificationUri: this.config.verificationUri
|
|
41
|
-
};
|
|
42
|
-
}
|
|
43
|
-
};
|
|
16
|
+
function device(config = {}) {
|
|
17
|
+
return {
|
|
18
|
+
id: "device",
|
|
19
|
+
type: "device",
|
|
20
|
+
charset: config.charset ?? DEFAULT_CHARSET,
|
|
21
|
+
userCodeLength: config.userCodeLength ?? 8,
|
|
22
|
+
expiresIn: config.expiresIn ?? 900,
|
|
23
|
+
interval: config.interval ?? 5,
|
|
24
|
+
verificationUri: config.verificationUri
|
|
25
|
+
};
|
|
26
|
+
}
|
|
44
27
|
|
|
45
28
|
//#endregion
|
|
46
|
-
export {
|
|
29
|
+
export { device };
|
|
47
30
|
//# sourceMappingURL=device.js.map
|
|
@@ -1,62 +1,45 @@
|
|
|
1
|
+
import { EmailConfig } from "../server/types.js";
|
|
2
|
+
import { AnyDataModel, GenericActionCtx } from "convex/server";
|
|
3
|
+
|
|
1
4
|
//#region src/providers/email.d.ts
|
|
2
|
-
/**
|
|
3
|
-
* Email (magic link / OTP) authentication provider.
|
|
4
|
-
*
|
|
5
|
-
* @module
|
|
6
|
-
*/
|
|
7
|
-
/**
|
|
8
|
-
* User-facing configuration for the {@link Email} provider.
|
|
9
|
-
*
|
|
10
|
-
* Use this to wire your email delivery service into Convex Auth's magic-link
|
|
11
|
-
* or OTP flow.
|
|
12
|
-
*/
|
|
5
|
+
/** Configuration for the {@link email} provider. */
|
|
13
6
|
interface EmailProviderConfig {
|
|
14
|
-
/** Sender address
|
|
7
|
+
/** Sender address used for outgoing verification emails. */
|
|
15
8
|
from: string;
|
|
16
|
-
/**
|
|
17
|
-
send: (ctx:
|
|
9
|
+
/** Delivery callback that actually sends the rendered verification email. */
|
|
10
|
+
send: (ctx: GenericActionCtx<AnyDataModel>, opts: {
|
|
18
11
|
from: string;
|
|
19
12
|
to: string;
|
|
20
13
|
subject: string;
|
|
21
14
|
html: string;
|
|
22
15
|
}) => Promise<void>;
|
|
23
|
-
/**
|
|
16
|
+
/** Optional custom token generator for OTP or magic-link flows. */
|
|
24
17
|
generateVerificationToken?: () => Promise<string>;
|
|
25
|
-
/**
|
|
18
|
+
/** Stable provider identifier used in `signIn("<id>")`. */
|
|
26
19
|
id?: string;
|
|
27
|
-
/**
|
|
20
|
+
/** Verification token lifetime in seconds. */
|
|
28
21
|
maxAge?: number;
|
|
29
22
|
}
|
|
30
23
|
/**
|
|
31
|
-
*
|
|
24
|
+
* Create an email magic link or OTP provider.
|
|
32
25
|
*
|
|
33
|
-
*
|
|
34
|
-
*
|
|
26
|
+
* @param config - Sender identity and delivery hooks for verification emails.
|
|
27
|
+
* @returns A configured email provider for `createAuth`.
|
|
28
|
+
* @throws {Error} When `from` is empty.
|
|
35
29
|
*
|
|
36
30
|
* @example
|
|
37
31
|
* ```ts
|
|
38
|
-
* import {
|
|
32
|
+
* import { email } from "@robelest/convex-auth/providers";
|
|
39
33
|
*
|
|
40
|
-
*
|
|
34
|
+
* email({
|
|
41
35
|
* from: "My App <noreply@example.com>",
|
|
42
|
-
* send: async (_ctx,
|
|
43
|
-
* await resend.emails.send(
|
|
36
|
+
* send: async (_ctx, message) => {
|
|
37
|
+
* await resend.emails.send(message);
|
|
44
38
|
* },
|
|
45
|
-
* })
|
|
39
|
+
* })
|
|
46
40
|
* ```
|
|
47
41
|
*/
|
|
48
|
-
declare
|
|
49
|
-
readonly config: EmailProviderConfig;
|
|
50
|
-
readonly id: string;
|
|
51
|
-
readonly type: "email";
|
|
52
|
-
/**
|
|
53
|
-
* Create an email provider instance.
|
|
54
|
-
*
|
|
55
|
-
* @param config - Email transport and provider settings.
|
|
56
|
-
* @throws {Error} When `config.from` is empty or whitespace-only.
|
|
57
|
-
*/
|
|
58
|
-
constructor(config: EmailProviderConfig);
|
|
59
|
-
}
|
|
42
|
+
declare function email(config: EmailProviderConfig): EmailConfig;
|
|
60
43
|
//#endregion
|
|
61
|
-
export {
|
|
44
|
+
export { EmailProviderConfig, email };
|
|
62
45
|
//# sourceMappingURL=email.d.ts.map
|
package/dist/providers/email.js
CHANGED
|
@@ -2,70 +2,51 @@ import { defaultMagicLinkEmail } from "../server/templates.js";
|
|
|
2
2
|
|
|
3
3
|
//#region src/providers/email.ts
|
|
4
4
|
/**
|
|
5
|
-
*
|
|
5
|
+
* Create an email magic link or OTP provider.
|
|
6
6
|
*
|
|
7
|
-
* @
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
* Email provider for magic-link or one-time-code sign-in.
|
|
11
|
-
*
|
|
12
|
-
* Sends verification emails through your `send()` implementation and converts
|
|
13
|
-
* the result into Convex Auth's internal email-provider runtime shape.
|
|
7
|
+
* @param config - Sender identity and delivery hooks for verification emails.
|
|
8
|
+
* @returns A configured email provider for `createAuth`.
|
|
9
|
+
* @throws {Error} When `from` is empty.
|
|
14
10
|
*
|
|
15
11
|
* @example
|
|
16
12
|
* ```ts
|
|
17
|
-
* import {
|
|
13
|
+
* import { email } from "@robelest/convex-auth/providers";
|
|
18
14
|
*
|
|
19
|
-
*
|
|
15
|
+
* email({
|
|
20
16
|
* from: "My App <noreply@example.com>",
|
|
21
|
-
* send: async (_ctx,
|
|
22
|
-
* await resend.emails.send(
|
|
17
|
+
* send: async (_ctx, message) => {
|
|
18
|
+
* await resend.emails.send(message);
|
|
23
19
|
* },
|
|
24
|
-
* })
|
|
20
|
+
* })
|
|
25
21
|
* ```
|
|
26
22
|
*/
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
sendVerificationRequest: async ({ identifier, url }, ctx) => {
|
|
54
|
-
if (!ctx) throw new Error("Email provider requires a Convex action context.");
|
|
55
|
-
const { host } = new URL(url);
|
|
56
|
-
await send(ctx, {
|
|
57
|
-
from,
|
|
58
|
-
to: identifier,
|
|
59
|
-
subject: `Sign in to ${host}`,
|
|
60
|
-
html: defaultMagicLinkEmail(url, host)
|
|
61
|
-
});
|
|
62
|
-
},
|
|
63
|
-
generateVerificationToken,
|
|
64
|
-
options: { from }
|
|
65
|
-
};
|
|
66
|
-
}
|
|
67
|
-
};
|
|
23
|
+
function email(config) {
|
|
24
|
+
const from = config.from.trim();
|
|
25
|
+
if (from.length === 0) throw new Error("Email provider requires a non-empty `from` address (for example, `\"My App <noreply@example.com>\"`).");
|
|
26
|
+
const { send } = config;
|
|
27
|
+
const { generateVerificationToken } = config;
|
|
28
|
+
return {
|
|
29
|
+
id: config.id ?? "email",
|
|
30
|
+
type: "email",
|
|
31
|
+
name: "Email",
|
|
32
|
+
from,
|
|
33
|
+
maxAge: config.maxAge ?? 3600 * 24,
|
|
34
|
+
authorize: void 0,
|
|
35
|
+
sendVerificationRequest: async ({ identifier, url }, ctx) => {
|
|
36
|
+
if (!ctx) throw new Error("Email provider requires a Convex action context.");
|
|
37
|
+
const { host } = new URL(url);
|
|
38
|
+
await send(ctx, {
|
|
39
|
+
from,
|
|
40
|
+
to: identifier,
|
|
41
|
+
subject: `Sign in to ${host}`,
|
|
42
|
+
html: defaultMagicLinkEmail(url, host)
|
|
43
|
+
});
|
|
44
|
+
},
|
|
45
|
+
generateVerificationToken,
|
|
46
|
+
options: { from }
|
|
47
|
+
};
|
|
48
|
+
}
|
|
68
49
|
|
|
69
50
|
//#endregion
|
|
70
|
-
export {
|
|
51
|
+
export { email };
|
|
71
52
|
//# sourceMappingURL=email.js.map
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { OAuthMaterializedConfig } from "../server/types.js";
|
|
2
|
+
|
|
3
|
+
//#region src/providers/github.d.ts
|
|
4
|
+
/**
|
|
5
|
+
* GitHub OAuth provider.
|
|
6
|
+
*
|
|
7
|
+
* ```ts
|
|
8
|
+
* import { github } from "@robelest/convex-auth/providers/github";
|
|
9
|
+
*
|
|
10
|
+
* github({
|
|
11
|
+
* clientId: process.env.AUTH_GITHUB_ID!,
|
|
12
|
+
* clientSecret: process.env.AUTH_GITHUB_SECRET!,
|
|
13
|
+
* })
|
|
14
|
+
* ```
|
|
15
|
+
*
|
|
16
|
+
* @module
|
|
17
|
+
*/
|
|
18
|
+
/** Configuration for the {@link github} provider. */
|
|
19
|
+
interface GitHubConfig {
|
|
20
|
+
/** OAuth app client ID from GitHub. */
|
|
21
|
+
clientId: string;
|
|
22
|
+
/** OAuth app client secret from GitHub. */
|
|
23
|
+
clientSecret: string;
|
|
24
|
+
/** Optional callback URL override. Defaults to `CUSTOM_AUTH_SITE_URL` or `CONVEX_SITE_URL` plus `/api/auth/callback/github`. */
|
|
25
|
+
redirectUri?: string;
|
|
26
|
+
/** Optional OAuth scopes. Defaults to `user:email`. */
|
|
27
|
+
scopes?: string[];
|
|
28
|
+
/** Account-linking strategy for existing users with matching email addresses. */
|
|
29
|
+
accountLinking?: "verifiedEmail" | "none";
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Create a GitHub OAuth provider.
|
|
33
|
+
*
|
|
34
|
+
* GitHub is not OIDC by default, so this wrapper fetches the profile and email
|
|
35
|
+
* data for you after the OAuth code exchange.
|
|
36
|
+
*
|
|
37
|
+
* @param config - GitHub OAuth client settings.
|
|
38
|
+
* @returns A configured GitHub OAuth provider for `createAuth`.
|
|
39
|
+
* @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
|
|
40
|
+
*
|
|
41
|
+
* @example
|
|
42
|
+
* ```ts
|
|
43
|
+
* import { github } from "@robelest/convex-auth/providers/github";
|
|
44
|
+
*
|
|
45
|
+
* github({
|
|
46
|
+
* clientId: process.env.AUTH_GITHUB_ID!,
|
|
47
|
+
* clientSecret: process.env.AUTH_GITHUB_SECRET!,
|
|
48
|
+
* })
|
|
49
|
+
* ```
|
|
50
|
+
*/
|
|
51
|
+
declare function github(config: GitHubConfig): OAuthMaterializedConfig;
|
|
52
|
+
//#endregion
|
|
53
|
+
export { GitHubConfig, github };
|
|
54
|
+
//# sourceMappingURL=github.d.ts.map
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
import { envOptionalString, readConfigSync } from "../server/env.js";
|
|
2
|
+
import { createArcticOAuthClient, createOAuthProvider } from "../server/oauth/factory.js";
|
|
3
|
+
import { GitHub } from "arctic";
|
|
4
|
+
|
|
5
|
+
//#region src/providers/github.ts
|
|
6
|
+
/**
|
|
7
|
+
* GitHub OAuth provider.
|
|
8
|
+
*
|
|
9
|
+
* ```ts
|
|
10
|
+
* import { github } from "@robelest/convex-auth/providers/github";
|
|
11
|
+
*
|
|
12
|
+
* github({
|
|
13
|
+
* clientId: process.env.AUTH_GITHUB_ID!,
|
|
14
|
+
* clientSecret: process.env.AUTH_GITHUB_SECRET!,
|
|
15
|
+
* })
|
|
16
|
+
* ```
|
|
17
|
+
*
|
|
18
|
+
* @module
|
|
19
|
+
*/
|
|
20
|
+
const DEFAULT_SCOPES = ["user:email"];
|
|
21
|
+
/**
|
|
22
|
+
* Create a GitHub OAuth provider.
|
|
23
|
+
*
|
|
24
|
+
* GitHub is not OIDC by default, so this wrapper fetches the profile and email
|
|
25
|
+
* data for you after the OAuth code exchange.
|
|
26
|
+
*
|
|
27
|
+
* @param config - GitHub OAuth client settings.
|
|
28
|
+
* @returns A configured GitHub OAuth provider for `createAuth`.
|
|
29
|
+
* @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```ts
|
|
33
|
+
* import { github } from "@robelest/convex-auth/providers/github";
|
|
34
|
+
*
|
|
35
|
+
* github({
|
|
36
|
+
* clientId: process.env.AUTH_GITHUB_ID!,
|
|
37
|
+
* clientSecret: process.env.AUTH_GITHUB_SECRET!,
|
|
38
|
+
* })
|
|
39
|
+
* ```
|
|
40
|
+
*/
|
|
41
|
+
function github(config) {
|
|
42
|
+
return createOAuthProvider({
|
|
43
|
+
id: "github",
|
|
44
|
+
provider: createArcticOAuthClient(new GitHub(config.clientId, config.clientSecret, config.redirectUri ?? defaultRedirectUri("github")), { pkce: "never" }),
|
|
45
|
+
scopes: config.scopes ?? DEFAULT_SCOPES,
|
|
46
|
+
accountLinking: config.accountLinking,
|
|
47
|
+
profile: async (tokens) => {
|
|
48
|
+
if (!tokens.accessToken) throw new Error("GitHub OAuth response is missing access_token.");
|
|
49
|
+
const accessToken = tokens.accessToken;
|
|
50
|
+
const [userResponse, emailResponse] = await Promise.all([fetch("https://api.github.com/user", { headers: { Authorization: `Bearer ${accessToken}` } }), fetch("https://api.github.com/user/emails", { headers: { Authorization: `Bearer ${accessToken}` } })]);
|
|
51
|
+
if (!userResponse.ok) throw new Error(`GitHub profile request failed: ${userResponse.status}`);
|
|
52
|
+
if (!emailResponse.ok) throw new Error(`GitHub email request failed: ${emailResponse.status}`);
|
|
53
|
+
const user = await userResponse.json();
|
|
54
|
+
const emails = await emailResponse.json();
|
|
55
|
+
const primaryEmail = emails.find((email) => email.primary)?.email ?? emails.find((email) => email.verified)?.email ?? user.email ?? void 0;
|
|
56
|
+
const verifiedEmail = emails.find((email) => email.primary)?.verified ?? emails.find((email) => email.verified)?.verified ?? false;
|
|
57
|
+
return {
|
|
58
|
+
id: String(user.id),
|
|
59
|
+
email: typeof primaryEmail === "string" ? primaryEmail : void 0,
|
|
60
|
+
emailVerified: verifiedEmail,
|
|
61
|
+
name: typeof user.name === "string" ? user.name : void 0,
|
|
62
|
+
image: typeof user.avatar_url === "string" ? user.avatar_url : void 0
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
function defaultRedirectUri(providerId) {
|
|
68
|
+
const rootUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? readConfigSync(envOptionalString("CONVEX_SITE_URL"));
|
|
69
|
+
if (!rootUrl) throw new Error(`Missing CONVEX_SITE_URL while configuring ${providerId} OAuth provider. Set CONVEX_SITE_URL or pass redirectUri explicitly.`);
|
|
70
|
+
return `${rootUrl}/api/auth/callback/${providerId}`;
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
//#endregion
|
|
74
|
+
export { github };
|
|
75
|
+
//# sourceMappingURL=github.js.map
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { OAuthMaterializedConfig } from "../server/types.js";
|
|
2
|
+
|
|
3
|
+
//#region src/providers/google.d.ts
|
|
4
|
+
/**
|
|
5
|
+
* Google OAuth provider.
|
|
6
|
+
*
|
|
7
|
+
* ```ts
|
|
8
|
+
* import { google } from "@robelest/convex-auth/providers/google";
|
|
9
|
+
*
|
|
10
|
+
* google({
|
|
11
|
+
* clientId: process.env.AUTH_GOOGLE_ID!,
|
|
12
|
+
* clientSecret: process.env.AUTH_GOOGLE_SECRET!,
|
|
13
|
+
* })
|
|
14
|
+
* ```
|
|
15
|
+
*
|
|
16
|
+
* @module
|
|
17
|
+
*/
|
|
18
|
+
/** Configuration for the {@link google} provider. */
|
|
19
|
+
interface GoogleConfig {
|
|
20
|
+
/** OAuth client ID from the Google Cloud console. */
|
|
21
|
+
clientId: string;
|
|
22
|
+
/** OAuth client secret from the Google Cloud console. */
|
|
23
|
+
clientSecret: string;
|
|
24
|
+
/** Optional callback URL override. Defaults to `CUSTOM_AUTH_SITE_URL` or `CONVEX_SITE_URL` plus `/api/auth/callback/google`. */
|
|
25
|
+
redirectUri?: string;
|
|
26
|
+
/** Optional OAuth scopes. Defaults to `openid profile email`. */
|
|
27
|
+
scopes?: string[];
|
|
28
|
+
/** Account-linking strategy for existing users with matching email addresses. */
|
|
29
|
+
accountLinking?: "verifiedEmail" | "none";
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Create a Google OAuth provider.
|
|
33
|
+
*
|
|
34
|
+
* Uses the Google OpenID Connect flow and requests `openid profile email` by
|
|
35
|
+
* default.
|
|
36
|
+
*
|
|
37
|
+
* @param config - Google OAuth client settings.
|
|
38
|
+
* @returns A configured Google OAuth provider for `createAuth`.
|
|
39
|
+
* @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
|
|
40
|
+
*
|
|
41
|
+
* @example
|
|
42
|
+
* ```ts
|
|
43
|
+
* import { google } from "@robelest/convex-auth/providers/google";
|
|
44
|
+
*
|
|
45
|
+
* google({
|
|
46
|
+
* clientId: process.env.AUTH_GOOGLE_ID!,
|
|
47
|
+
* clientSecret: process.env.AUTH_GOOGLE_SECRET!,
|
|
48
|
+
* })
|
|
49
|
+
* ```
|
|
50
|
+
*/
|
|
51
|
+
declare function google(config: GoogleConfig): OAuthMaterializedConfig;
|
|
52
|
+
//#endregion
|
|
53
|
+
export { GoogleConfig, google };
|
|
54
|
+
//# sourceMappingURL=google.d.ts.map
|