@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -0,0 +1,119 @@
1
+ import { envOptionalString, readConfigSync } from "../server/env.js";
2
+ import { createOAuthProvider } from "../server/oauth/factory.js";
3
+ import { sha256 } from "@oslojs/crypto/sha2";
4
+ import { encodeBase64urlNoPadding } from "@oslojs/encoding";
5
+
6
+ //#region src/providers/custom.ts
7
+ /**
8
+ * Custom OAuth provider.
9
+ *
10
+ * Use this as an escape hatch for OAuth providers that do not have a first-
11
+ * party wrapper yet.
12
+ *
13
+ * @module
14
+ */
15
+ function defaultRedirectUri(providerId) {
16
+ const rootUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? readConfigSync(envOptionalString("CONVEX_SITE_URL"));
17
+ if (!rootUrl) throw new Error(`Missing CONVEX_SITE_URL while configuring ${providerId} OAuth provider. Set CONVEX_SITE_URL or pass redirectUri explicitly.`);
18
+ return `${rootUrl}/api/auth/callback/${providerId}`;
19
+ }
20
+ function joinScopes(scopes, separator = " ") {
21
+ return scopes.join(separator);
22
+ }
23
+ function createCodeChallenge(codeVerifier) {
24
+ return encodeBase64urlNoPadding(sha256(new TextEncoder().encode(codeVerifier)));
25
+ }
26
+ function createRuntimeClient(config) {
27
+ const redirectUri = config.redirectUri ?? defaultRedirectUri(config.id);
28
+ const authorization = config.authorization;
29
+ const token = config.token;
30
+ const pkce = authorization.pkce ?? "required";
31
+ const scopes = [...config.scopes ?? []];
32
+ return {
33
+ pkce,
34
+ createAuthorizationURL({ state, codeVerifier, scopes: requestedScopes, nonce }) {
35
+ const url = new URL(authorization.url);
36
+ const nextScopes = requestedScopes.length > 0 ? requestedScopes : scopes;
37
+ url.searchParams.set("response_type", "code");
38
+ url.searchParams.set(authorization.clientIdParam ?? "client_id", config.clientId);
39
+ url.searchParams.set("redirect_uri", redirectUri);
40
+ url.searchParams.set("state", state);
41
+ if (nextScopes.length > 0) url.searchParams.set(authorization.scopeParam ?? "scope", joinScopes(nextScopes, authorization.scopeSeparator));
42
+ if (codeVerifier !== void 0 && pkce !== "never") {
43
+ url.searchParams.set("code_challenge_method", "S256");
44
+ url.searchParams.set("code_challenge", createCodeChallenge(codeVerifier));
45
+ }
46
+ if (nonce !== void 0) url.searchParams.set("nonce", nonce);
47
+ for (const [key, value] of Object.entries(authorization.extraParams ?? {})) url.searchParams.set(key, value);
48
+ return url;
49
+ },
50
+ async validateAuthorizationCode({ code, codeVerifier }) {
51
+ const body = new URLSearchParams();
52
+ body.set("grant_type", "authorization_code");
53
+ body.set("code", code);
54
+ if (token.includeRedirectUri ?? true) body.set("redirect_uri", redirectUri);
55
+ if (pkce !== "never" && codeVerifier !== void 0) body.set(token.codeVerifierParam ?? "code_verifier", codeVerifier);
56
+ if (token.includeScopes === true && scopes.length > 0) body.set(token.scopeParam ?? "scope", joinScopes(scopes, token.scopeSeparator ?? authorization.scopeSeparator));
57
+ if (token.authMethod !== "basic") body.set(token.clientIdParam ?? "client_id", config.clientId);
58
+ if (token.authMethod !== "basic" && token.authMethod !== "none" && config.clientSecret) body.set(token.clientSecretParam ?? "client_secret", config.clientSecret);
59
+ for (const [key, value] of Object.entries(token.extraParams ?? {})) body.set(key, value);
60
+ const headers = new Headers({ "Content-Type": "application/x-www-form-urlencoded" });
61
+ if (token.authMethod === "basic") {
62
+ if (!config.clientSecret) throw new Error(`OAuth provider "${config.id}" requires clientSecret for token.authMethod="basic".`);
63
+ const credentials = btoa(`${config.clientId}:${config.clientSecret}`);
64
+ headers.set("Authorization", `Basic ${credentials}`);
65
+ }
66
+ const response = await fetch(token.url, {
67
+ method: "POST",
68
+ headers,
69
+ body
70
+ });
71
+ if (!response.ok) throw new Error(`OAuth token exchange failed: ${response.status}`);
72
+ const raw = await response.json();
73
+ const rawScopes = typeof raw.scope === "string" ? raw.scope : void 0;
74
+ const expiresIn = typeof raw.expires_in === "number" ? raw.expires_in : void 0;
75
+ return {
76
+ accessToken: typeof raw.access_token === "string" ? raw.access_token : void 0,
77
+ refreshToken: typeof raw.refresh_token === "string" ? raw.refresh_token : void 0,
78
+ idToken: typeof raw.id_token === "string" ? raw.id_token : void 0,
79
+ accessTokenExpiresAt: expiresIn !== void 0 ? new Date(Date.now() + expiresIn * 1e3) : void 0,
80
+ scopes: rawScopes ? rawScopes.split(/[\s,]+/).map((scope) => scope.trim()).filter((scope) => scope.length > 0) : void 0,
81
+ raw
82
+ };
83
+ }
84
+ };
85
+ }
86
+ /**
87
+ * Create a custom OAuth provider.
88
+ *
89
+ * @param config - OAuth endpoints, credentials, and profile callbacks.
90
+ * @returns A configured OAuth provider for `createAuth`.
91
+ *
92
+ * @example
93
+ * ```ts
94
+ * import { custom } from "@robelest/convex-auth/providers";
95
+ *
96
+ * custom({
97
+ * id: "workos",
98
+ * clientId: process.env.WORKOS_CLIENT_ID!,
99
+ * clientSecret: process.env.WORKOS_CLIENT_SECRET!,
100
+ * authorization: { url: "https://api.workos.com/sso/authorize" },
101
+ * token: { url: "https://api.workos.com/sso/token", authMethod: "basic" },
102
+ * })
103
+ * ```
104
+ */
105
+ function custom(config) {
106
+ return createOAuthProvider({
107
+ id: config.id,
108
+ provider: createRuntimeClient(config),
109
+ scopes: config.scopes ?? [],
110
+ profile: config.profile,
111
+ nonce: config.nonce,
112
+ validateTokens: config.validateTokens,
113
+ accountLinking: config.accountLinking
114
+ });
115
+ }
116
+
117
+ //#endregion
118
+ export { custom };
119
+ //# sourceMappingURL=custom.js.map
@@ -1,67 +1,33 @@
1
+ import { DeviceProviderConfig } from "../server/types.js";
2
+
1
3
  //#region src/providers/device.d.ts
2
- /**
3
- * Device authorization provider (RFC 8628).
4
- *
5
- * Enables input-constrained devices (CLIs, TVs, IoT) to authenticate
6
- * by displaying a short code that the user enters on a secondary device.
7
- *
8
- * ```ts
9
- * import { Device } from "@robelest/convex-auth/providers";
10
- *
11
- * new Device()
12
- * ```
13
- *
14
- * @module
15
- */
16
- /**
17
- * Configuration for the Device authorization provider.
18
- */
4
+ /** Configuration for the {@link device} provider. */
19
5
  interface DeviceConfig {
20
- /**
21
- * User code character set.
22
- * Default: `"BCDFGHJKLMNPQRSTVWXZ"` (base-20, no vowels per RFC 8628 §6.1).
23
- */
6
+ /** Character set used to generate the short user code. */
24
7
  charset?: string;
25
- /** User code length (before formatting). Default: 8. */
8
+ /** Number of characters in the generated user code. */
26
9
  userCodeLength?: number;
27
- /** Device code + user code lifetime in seconds. Default: 900 (15 min). */
10
+ /** Device code lifetime in seconds. */
28
11
  expiresIn?: number;
29
- /** Minimum polling interval in seconds. Default: 5. */
12
+ /** Polling interval in seconds suggested to the device client. */
30
13
  interval?: number;
31
- /**
32
- * Base URL for the verification page where users enter the device code.
33
- *
34
- * Example: `"http://localhost:3000/device"` or `"https://myapp.com/device"`.
35
- *
36
- * If not provided, falls back to `SITE_URL + "/device"`.
37
- */
14
+ /** Verification page URL shown to the user on the device. */
38
15
  verificationUri?: string;
39
16
  }
40
17
  /**
41
- * Device authorization provider (RFC 8628).
18
+ * Create a device authorization provider.
42
19
  *
43
- * Enables input-constrained devices (CLIs, TVs, IoT) to authenticate
44
- * by displaying a short user code. The user visits a verification page
45
- * on a secondary device, signs in with any existing provider, and
46
- * enters the code to authorize the device.
20
+ * @param config - Optional device flow code and polling settings.
21
+ * @returns A configured device flow provider for `createAuth`.
47
22
  *
48
23
  * @example
49
24
  * ```ts
50
- * import { createAuth } from "@robelest/convex-auth/component";
51
- * import { Device } from "@robelest/convex-auth/providers";
52
- * import { components } from "./_generated/api";
25
+ * import { device } from "@robelest/convex-auth/providers";
53
26
  *
54
- * const auth = createAuth(components.auth, {
55
- * providers: [new Device()],
56
- * });
27
+ * device({ verificationUri: "https://example.com/device" })
57
28
  * ```
58
29
  */
59
- declare class Device {
60
- readonly id: string;
61
- readonly type: "device";
62
- readonly config: DeviceConfig;
63
- constructor(config?: DeviceConfig);
64
- }
30
+ declare function device(config?: DeviceConfig): DeviceProviderConfig;
65
31
  //#endregion
66
- export { Device, DeviceConfig };
32
+ export { DeviceConfig, device };
67
33
  //# sourceMappingURL=device.d.ts.map
@@ -1,47 +1,30 @@
1
1
  //#region src/providers/device.ts
2
- /** No-vowel base-20 charset per RFC 8628 §6.1 recommendation. */
3
2
  const DEFAULT_CHARSET = "BCDFGHJKLMNPQRSTVWXZ";
4
3
  /**
5
- * Device authorization provider (RFC 8628).
4
+ * Create a device authorization provider.
6
5
  *
7
- * Enables input-constrained devices (CLIs, TVs, IoT) to authenticate
8
- * by displaying a short user code. The user visits a verification page
9
- * on a secondary device, signs in with any existing provider, and
10
- * enters the code to authorize the device.
6
+ * @param config - Optional device flow code and polling settings.
7
+ * @returns A configured device flow provider for `createAuth`.
11
8
  *
12
9
  * @example
13
10
  * ```ts
14
- * import { createAuth } from "@robelest/convex-auth/component";
15
- * import { Device } from "@robelest/convex-auth/providers";
16
- * import { components } from "./_generated/api";
11
+ * import { device } from "@robelest/convex-auth/providers";
17
12
  *
18
- * const auth = createAuth(components.auth, {
19
- * providers: [new Device()],
20
- * });
13
+ * device({ verificationUri: "https://example.com/device" })
21
14
  * ```
22
15
  */
23
- var Device = class {
24
- id;
25
- type = "device";
26
- config;
27
- constructor(config = {}) {
28
- this.id = "device";
29
- this.config = config;
30
- }
31
- /** @internal Convert to the internal materialized config shape. */
32
- _toMaterialized() {
33
- return {
34
- id: this.id,
35
- type: "device",
36
- charset: this.config.charset ?? DEFAULT_CHARSET,
37
- userCodeLength: this.config.userCodeLength ?? 8,
38
- expiresIn: this.config.expiresIn ?? 900,
39
- interval: this.config.interval ?? 5,
40
- verificationUri: this.config.verificationUri
41
- };
42
- }
43
- };
16
+ function device(config = {}) {
17
+ return {
18
+ id: "device",
19
+ type: "device",
20
+ charset: config.charset ?? DEFAULT_CHARSET,
21
+ userCodeLength: config.userCodeLength ?? 8,
22
+ expiresIn: config.expiresIn ?? 900,
23
+ interval: config.interval ?? 5,
24
+ verificationUri: config.verificationUri
25
+ };
26
+ }
44
27
 
45
28
  //#endregion
46
- export { Device };
29
+ export { device };
47
30
  //# sourceMappingURL=device.js.map
@@ -1,62 +1,45 @@
1
+ import { EmailConfig } from "../server/types.js";
2
+ import { AnyDataModel, GenericActionCtx } from "convex/server";
3
+
1
4
  //#region src/providers/email.d.ts
2
- /**
3
- * Email (magic link / OTP) authentication provider.
4
- *
5
- * @module
6
- */
7
- /**
8
- * User-facing configuration for the {@link Email} provider.
9
- *
10
- * Use this to wire your email delivery service into Convex Auth's magic-link
11
- * or OTP flow.
12
- */
5
+ /** Configuration for the {@link email} provider. */
13
6
  interface EmailProviderConfig {
14
- /** Sender address (e.g. "My App <noreply@example.com>"). */
7
+ /** Sender address used for outgoing verification emails. */
15
8
  from: string;
16
- /** Send the verification email. Receives the Convex action context. */
17
- send: (ctx: any, opts: {
9
+ /** Delivery callback that actually sends the rendered verification email. */
10
+ send: (ctx: GenericActionCtx<AnyDataModel>, opts: {
18
11
  from: string;
19
12
  to: string;
20
13
  subject: string;
21
14
  html: string;
22
15
  }) => Promise<void>;
23
- /** Override to generate a custom verification token. */
16
+ /** Optional custom token generator for OTP or magic-link flows. */
24
17
  generateVerificationToken?: () => Promise<string>;
25
- /** Provider ID override. Defaults to "email". */
18
+ /** Stable provider identifier used in `signIn("<id>")`. */
26
19
  id?: string;
27
- /** Token expiration in seconds. Defaults to 86400 (24 hours). */
20
+ /** Verification token lifetime in seconds. */
28
21
  maxAge?: number;
29
22
  }
30
23
  /**
31
- * Email provider for magic-link or one-time-code sign-in.
24
+ * Create an email magic link or OTP provider.
32
25
  *
33
- * Sends verification emails through your `send()` implementation and converts
34
- * the result into Convex Auth's internal email-provider runtime shape.
26
+ * @param config - Sender identity and delivery hooks for verification emails.
27
+ * @returns A configured email provider for `createAuth`.
28
+ * @throws {Error} When `from` is empty.
35
29
  *
36
30
  * @example
37
31
  * ```ts
38
- * import { Email } from "@robelest/convex-auth/providers";
32
+ * import { email } from "@robelest/convex-auth/providers";
39
33
  *
40
- * const email = new Email({
34
+ * email({
41
35
  * from: "My App <noreply@example.com>",
42
- * send: async (_ctx, { to, subject, html }) => {
43
- * await resend.emails.send({ from: "noreply@example.com", to, subject, html });
36
+ * send: async (_ctx, message) => {
37
+ * await resend.emails.send(message);
44
38
  * },
45
- * });
39
+ * })
46
40
  * ```
47
41
  */
48
- declare class Email {
49
- readonly config: EmailProviderConfig;
50
- readonly id: string;
51
- readonly type: "email";
52
- /**
53
- * Create an email provider instance.
54
- *
55
- * @param config - Email transport and provider settings.
56
- * @throws {Error} When `config.from` is empty or whitespace-only.
57
- */
58
- constructor(config: EmailProviderConfig);
59
- }
42
+ declare function email(config: EmailProviderConfig): EmailConfig;
60
43
  //#endregion
61
- export { Email, EmailProviderConfig };
44
+ export { EmailProviderConfig, email };
62
45
  //# sourceMappingURL=email.d.ts.map
@@ -2,70 +2,51 @@ import { defaultMagicLinkEmail } from "../server/templates.js";
2
2
 
3
3
  //#region src/providers/email.ts
4
4
  /**
5
- * Email (magic link / OTP) authentication provider.
5
+ * Create an email magic link or OTP provider.
6
6
  *
7
- * @module
8
- */
9
- /**
10
- * Email provider for magic-link or one-time-code sign-in.
11
- *
12
- * Sends verification emails through your `send()` implementation and converts
13
- * the result into Convex Auth's internal email-provider runtime shape.
7
+ * @param config - Sender identity and delivery hooks for verification emails.
8
+ * @returns A configured email provider for `createAuth`.
9
+ * @throws {Error} When `from` is empty.
14
10
  *
15
11
  * @example
16
12
  * ```ts
17
- * import { Email } from "@robelest/convex-auth/providers";
13
+ * import { email } from "@robelest/convex-auth/providers";
18
14
  *
19
- * const email = new Email({
15
+ * email({
20
16
  * from: "My App <noreply@example.com>",
21
- * send: async (_ctx, { to, subject, html }) => {
22
- * await resend.emails.send({ from: "noreply@example.com", to, subject, html });
17
+ * send: async (_ctx, message) => {
18
+ * await resend.emails.send(message);
23
19
  * },
24
- * });
20
+ * })
25
21
  * ```
26
22
  */
27
- var Email = class {
28
- id;
29
- type = "email";
30
- /**
31
- * Create an email provider instance.
32
- *
33
- * @param config - Email transport and provider settings.
34
- * @throws {Error} When `config.from` is empty or whitespace-only.
35
- */
36
- constructor(config) {
37
- this.config = config;
38
- if (config.from.trim().length === 0) throw new Error("Email provider requires a non-empty `from` address (for example, `\"My App <noreply@example.com>\"`).");
39
- this.id = config.id ?? "email";
40
- }
41
- /** @internal */
42
- _toMaterialized() {
43
- const from = this.config.from.trim();
44
- const { send } = this.config;
45
- const { generateVerificationToken } = this.config;
46
- return {
47
- id: this.id,
48
- type: "email",
49
- name: "Email",
50
- from,
51
- maxAge: this.config.maxAge ?? 3600 * 24,
52
- authorize: void 0,
53
- sendVerificationRequest: async ({ identifier, url }, ctx) => {
54
- if (!ctx) throw new Error("Email provider requires a Convex action context.");
55
- const { host } = new URL(url);
56
- await send(ctx, {
57
- from,
58
- to: identifier,
59
- subject: `Sign in to ${host}`,
60
- html: defaultMagicLinkEmail(url, host)
61
- });
62
- },
63
- generateVerificationToken,
64
- options: { from }
65
- };
66
- }
67
- };
23
+ function email(config) {
24
+ const from = config.from.trim();
25
+ if (from.length === 0) throw new Error("Email provider requires a non-empty `from` address (for example, `\"My App <noreply@example.com>\"`).");
26
+ const { send } = config;
27
+ const { generateVerificationToken } = config;
28
+ return {
29
+ id: config.id ?? "email",
30
+ type: "email",
31
+ name: "Email",
32
+ from,
33
+ maxAge: config.maxAge ?? 3600 * 24,
34
+ authorize: void 0,
35
+ sendVerificationRequest: async ({ identifier, url }, ctx) => {
36
+ if (!ctx) throw new Error("Email provider requires a Convex action context.");
37
+ const { host } = new URL(url);
38
+ await send(ctx, {
39
+ from,
40
+ to: identifier,
41
+ subject: `Sign in to ${host}`,
42
+ html: defaultMagicLinkEmail(url, host)
43
+ });
44
+ },
45
+ generateVerificationToken,
46
+ options: { from }
47
+ };
48
+ }
68
49
 
69
50
  //#endregion
70
- export { Email };
51
+ export { email };
71
52
  //# sourceMappingURL=email.js.map
@@ -0,0 +1,54 @@
1
+ import { OAuthMaterializedConfig } from "../server/types.js";
2
+
3
+ //#region src/providers/github.d.ts
4
+ /**
5
+ * GitHub OAuth provider.
6
+ *
7
+ * ```ts
8
+ * import { github } from "@robelest/convex-auth/providers/github";
9
+ *
10
+ * github({
11
+ * clientId: process.env.AUTH_GITHUB_ID!,
12
+ * clientSecret: process.env.AUTH_GITHUB_SECRET!,
13
+ * })
14
+ * ```
15
+ *
16
+ * @module
17
+ */
18
+ /** Configuration for the {@link github} provider. */
19
+ interface GitHubConfig {
20
+ /** OAuth app client ID from GitHub. */
21
+ clientId: string;
22
+ /** OAuth app client secret from GitHub. */
23
+ clientSecret: string;
24
+ /** Optional callback URL override. Defaults to `CUSTOM_AUTH_SITE_URL` or `CONVEX_SITE_URL` plus `/api/auth/callback/github`. */
25
+ redirectUri?: string;
26
+ /** Optional OAuth scopes. Defaults to `user:email`. */
27
+ scopes?: string[];
28
+ /** Account-linking strategy for existing users with matching email addresses. */
29
+ accountLinking?: "verifiedEmail" | "none";
30
+ }
31
+ /**
32
+ * Create a GitHub OAuth provider.
33
+ *
34
+ * GitHub is not OIDC by default, so this wrapper fetches the profile and email
35
+ * data for you after the OAuth code exchange.
36
+ *
37
+ * @param config - GitHub OAuth client settings.
38
+ * @returns A configured GitHub OAuth provider for `createAuth`.
39
+ * @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
40
+ *
41
+ * @example
42
+ * ```ts
43
+ * import { github } from "@robelest/convex-auth/providers/github";
44
+ *
45
+ * github({
46
+ * clientId: process.env.AUTH_GITHUB_ID!,
47
+ * clientSecret: process.env.AUTH_GITHUB_SECRET!,
48
+ * })
49
+ * ```
50
+ */
51
+ declare function github(config: GitHubConfig): OAuthMaterializedConfig;
52
+ //#endregion
53
+ export { GitHubConfig, github };
54
+ //# sourceMappingURL=github.d.ts.map
@@ -0,0 +1,75 @@
1
+ import { envOptionalString, readConfigSync } from "../server/env.js";
2
+ import { createArcticOAuthClient, createOAuthProvider } from "../server/oauth/factory.js";
3
+ import { GitHub } from "arctic";
4
+
5
+ //#region src/providers/github.ts
6
+ /**
7
+ * GitHub OAuth provider.
8
+ *
9
+ * ```ts
10
+ * import { github } from "@robelest/convex-auth/providers/github";
11
+ *
12
+ * github({
13
+ * clientId: process.env.AUTH_GITHUB_ID!,
14
+ * clientSecret: process.env.AUTH_GITHUB_SECRET!,
15
+ * })
16
+ * ```
17
+ *
18
+ * @module
19
+ */
20
+ const DEFAULT_SCOPES = ["user:email"];
21
+ /**
22
+ * Create a GitHub OAuth provider.
23
+ *
24
+ * GitHub is not OIDC by default, so this wrapper fetches the profile and email
25
+ * data for you after the OAuth code exchange.
26
+ *
27
+ * @param config - GitHub OAuth client settings.
28
+ * @returns A configured GitHub OAuth provider for `createAuth`.
29
+ * @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
30
+ *
31
+ * @example
32
+ * ```ts
33
+ * import { github } from "@robelest/convex-auth/providers/github";
34
+ *
35
+ * github({
36
+ * clientId: process.env.AUTH_GITHUB_ID!,
37
+ * clientSecret: process.env.AUTH_GITHUB_SECRET!,
38
+ * })
39
+ * ```
40
+ */
41
+ function github(config) {
42
+ return createOAuthProvider({
43
+ id: "github",
44
+ provider: createArcticOAuthClient(new GitHub(config.clientId, config.clientSecret, config.redirectUri ?? defaultRedirectUri("github")), { pkce: "never" }),
45
+ scopes: config.scopes ?? DEFAULT_SCOPES,
46
+ accountLinking: config.accountLinking,
47
+ profile: async (tokens) => {
48
+ if (!tokens.accessToken) throw new Error("GitHub OAuth response is missing access_token.");
49
+ const accessToken = tokens.accessToken;
50
+ const [userResponse, emailResponse] = await Promise.all([fetch("https://api.github.com/user", { headers: { Authorization: `Bearer ${accessToken}` } }), fetch("https://api.github.com/user/emails", { headers: { Authorization: `Bearer ${accessToken}` } })]);
51
+ if (!userResponse.ok) throw new Error(`GitHub profile request failed: ${userResponse.status}`);
52
+ if (!emailResponse.ok) throw new Error(`GitHub email request failed: ${emailResponse.status}`);
53
+ const user = await userResponse.json();
54
+ const emails = await emailResponse.json();
55
+ const primaryEmail = emails.find((email) => email.primary)?.email ?? emails.find((email) => email.verified)?.email ?? user.email ?? void 0;
56
+ const verifiedEmail = emails.find((email) => email.primary)?.verified ?? emails.find((email) => email.verified)?.verified ?? false;
57
+ return {
58
+ id: String(user.id),
59
+ email: typeof primaryEmail === "string" ? primaryEmail : void 0,
60
+ emailVerified: verifiedEmail,
61
+ name: typeof user.name === "string" ? user.name : void 0,
62
+ image: typeof user.avatar_url === "string" ? user.avatar_url : void 0
63
+ };
64
+ }
65
+ });
66
+ }
67
+ function defaultRedirectUri(providerId) {
68
+ const rootUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? readConfigSync(envOptionalString("CONVEX_SITE_URL"));
69
+ if (!rootUrl) throw new Error(`Missing CONVEX_SITE_URL while configuring ${providerId} OAuth provider. Set CONVEX_SITE_URL or pass redirectUri explicitly.`);
70
+ return `${rootUrl}/api/auth/callback/${providerId}`;
71
+ }
72
+
73
+ //#endregion
74
+ export { github };
75
+ //# sourceMappingURL=github.js.map
@@ -0,0 +1,54 @@
1
+ import { OAuthMaterializedConfig } from "../server/types.js";
2
+
3
+ //#region src/providers/google.d.ts
4
+ /**
5
+ * Google OAuth provider.
6
+ *
7
+ * ```ts
8
+ * import { google } from "@robelest/convex-auth/providers/google";
9
+ *
10
+ * google({
11
+ * clientId: process.env.AUTH_GOOGLE_ID!,
12
+ * clientSecret: process.env.AUTH_GOOGLE_SECRET!,
13
+ * })
14
+ * ```
15
+ *
16
+ * @module
17
+ */
18
+ /** Configuration for the {@link google} provider. */
19
+ interface GoogleConfig {
20
+ /** OAuth client ID from the Google Cloud console. */
21
+ clientId: string;
22
+ /** OAuth client secret from the Google Cloud console. */
23
+ clientSecret: string;
24
+ /** Optional callback URL override. Defaults to `CUSTOM_AUTH_SITE_URL` or `CONVEX_SITE_URL` plus `/api/auth/callback/google`. */
25
+ redirectUri?: string;
26
+ /** Optional OAuth scopes. Defaults to `openid profile email`. */
27
+ scopes?: string[];
28
+ /** Account-linking strategy for existing users with matching email addresses. */
29
+ accountLinking?: "verifiedEmail" | "none";
30
+ }
31
+ /**
32
+ * Create a Google OAuth provider.
33
+ *
34
+ * Uses the Google OpenID Connect flow and requests `openid profile email` by
35
+ * default.
36
+ *
37
+ * @param config - Google OAuth client settings.
38
+ * @returns A configured Google OAuth provider for `createAuth`.
39
+ * @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
40
+ *
41
+ * @example
42
+ * ```ts
43
+ * import { google } from "@robelest/convex-auth/providers/google";
44
+ *
45
+ * google({
46
+ * clientId: process.env.AUTH_GOOGLE_ID!,
47
+ * clientSecret: process.env.AUTH_GOOGLE_SECRET!,
48
+ * })
49
+ * ```
50
+ */
51
+ declare function google(config: GoogleConfig): OAuthMaterializedConfig;
52
+ //#endregion
53
+ export { GoogleConfig, google };
54
+ //# sourceMappingURL=google.d.ts.map