@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -0,0 +1,61 @@
1
+ import { envOptionalString, readConfigSync } from "../server/env.js";
2
+ import { createArcticOAuthClient, createOAuthProvider } from "../server/oauth/factory.js";
3
+ import { Google } from "arctic";
4
+
5
+ //#region src/providers/google.ts
6
+ /**
7
+ * Google OAuth provider.
8
+ *
9
+ * ```ts
10
+ * import { google } from "@robelest/convex-auth/providers/google";
11
+ *
12
+ * google({
13
+ * clientId: process.env.AUTH_GOOGLE_ID!,
14
+ * clientSecret: process.env.AUTH_GOOGLE_SECRET!,
15
+ * })
16
+ * ```
17
+ *
18
+ * @module
19
+ */
20
+ const DEFAULT_SCOPES = [
21
+ "openid",
22
+ "profile",
23
+ "email"
24
+ ];
25
+ /**
26
+ * Create a Google OAuth provider.
27
+ *
28
+ * Uses the Google OpenID Connect flow and requests `openid profile email` by
29
+ * default.
30
+ *
31
+ * @param config - Google OAuth client settings.
32
+ * @returns A configured Google OAuth provider for `createAuth`.
33
+ * @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
34
+ *
35
+ * @example
36
+ * ```ts
37
+ * import { google } from "@robelest/convex-auth/providers/google";
38
+ *
39
+ * google({
40
+ * clientId: process.env.AUTH_GOOGLE_ID!,
41
+ * clientSecret: process.env.AUTH_GOOGLE_SECRET!,
42
+ * })
43
+ * ```
44
+ */
45
+ function google(config) {
46
+ return createOAuthProvider({
47
+ id: "google",
48
+ provider: createArcticOAuthClient(new Google(config.clientId, config.clientSecret, config.redirectUri ?? defaultRedirectUri("google")), { pkce: "required" }),
49
+ scopes: config.scopes ?? DEFAULT_SCOPES,
50
+ accountLinking: config.accountLinking
51
+ });
52
+ }
53
+ function defaultRedirectUri(providerId) {
54
+ const rootUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? readConfigSync(envOptionalString("CONVEX_SITE_URL"));
55
+ if (!rootUrl) throw new Error(`Missing CONVEX_SITE_URL while configuring ${providerId} OAuth provider. Set CONVEX_SITE_URL or pass redirectUri explicitly.`);
56
+ return `${rootUrl}/api/auth/callback/${providerId}`;
57
+ }
58
+
59
+ //#endregion
60
+ export { google };
61
+ //# sourceMappingURL=google.js.map
@@ -1,12 +1,16 @@
1
- import { OAuth, OAuthConfig } from "./oauth.js";
2
- import { Credentials, CredentialsConfig } from "./credentials.js";
3
- import { Password, PasswordConfig } from "./password.js";
4
- import { Passkey, PasskeyConfig } from "./passkey.js";
5
- import { Totp, TotpConfig } from "./totp.js";
6
- import { Device, DeviceConfig } from "./device.js";
7
- import { SSO } from "./sso.js";
8
- import { Email, EmailProviderConfig } from "./email.js";
9
- import { Phone, PhoneProviderConfig } from "./phone.js";
10
- import { EmailConfig, PhoneConfig } from "../server/types.js";
11
- import { Anonymous, AnonymousConfig } from "./anonymous.js";
12
- export { Anonymous, type AnonymousConfig, Credentials, type CredentialsConfig, Device, type DeviceConfig, Email, type EmailConfig, type EmailProviderConfig, OAuth, type OAuthConfig, Passkey, type PasskeyConfig, Password, type PasswordConfig, Phone, type PhoneConfig, type PhoneProviderConfig, SSO, Totp, type TotpConfig };
1
+ import { CredentialsConfig, credentials } from "./credentials.js";
2
+ import { EmailConfig, OAuthProfile, OAuthTokens, PhoneConfig } from "../server/types.js";
3
+ import { AnonymousConfig, anonymous } from "./anonymous.js";
4
+ import { AppleConfig, apple } from "./apple.js";
5
+ import { CustomOAuthAuthorizationConfig, CustomOAuthConfig, CustomOAuthTokenConfig, custom } from "./custom.js";
6
+ import { DeviceConfig, device } from "./device.js";
7
+ import { EmailProviderConfig, email } from "./email.js";
8
+ import { GitHubConfig, github } from "./github.js";
9
+ import { GoogleConfig, google } from "./google.js";
10
+ import { PasswordConfig, password } from "./password.js";
11
+ import { PasskeyConfig, passkey } from "./passkey.js";
12
+ import { TotpConfig, totp } from "./totp.js";
13
+ import { MicrosoftConfig, microsoft } from "./microsoft.js";
14
+ import { sso } from "./sso.js";
15
+ import { PhoneProviderConfig, phone } from "./phone.js";
16
+ export { type AnonymousConfig, type AppleConfig, type CredentialsConfig, type CustomOAuthAuthorizationConfig, type CustomOAuthConfig, type CustomOAuthTokenConfig, type DeviceConfig, type EmailConfig, type EmailProviderConfig, type GitHubConfig, type GoogleConfig, type MicrosoftConfig, type OAuthProfile, type OAuthTokens, type PasskeyConfig, type PasswordConfig, type PhoneConfig, type PhoneProviderConfig, type TotpConfig, anonymous, apple, credentials, custom, device, email, github, google, microsoft, passkey, password, phone, sso, totp };
@@ -1,12 +1,16 @@
1
- import { Credentials } from "./credentials.js";
2
- import { Anonymous } from "./anonymous.js";
3
- import { Device } from "./device.js";
4
- import { Email } from "./email.js";
5
- import { OAuth } from "./oauth.js";
6
- import { Password } from "./password.js";
7
- import { Passkey } from "./passkey.js";
8
- import { Totp } from "./totp.js";
9
- import { SSO } from "./sso.js";
10
- import { Phone } from "./phone.js";
1
+ import { credentials } from "./credentials.js";
2
+ import { anonymous } from "./anonymous.js";
3
+ import { apple } from "./apple.js";
4
+ import { custom } from "./custom.js";
5
+ import { device } from "./device.js";
6
+ import { email } from "./email.js";
7
+ import { github } from "./github.js";
8
+ import { google } from "./google.js";
9
+ import { password } from "./password.js";
10
+ import { passkey } from "./passkey.js";
11
+ import { totp } from "./totp.js";
12
+ import { microsoft } from "./microsoft.js";
13
+ import { sso } from "./sso.js";
14
+ import { phone } from "./phone.js";
11
15
 
12
- export { Anonymous, Credentials, Device, Email, OAuth, Passkey, Password, Phone, SSO, Totp };
16
+ export { anonymous, apple, credentials, custom, device, email, github, google, microsoft, passkey, password, phone, sso, totp };
@@ -0,0 +1,57 @@
1
+ import { OAuthMaterializedConfig } from "../server/types.js";
2
+
3
+ //#region src/providers/microsoft.d.ts
4
+ /**
5
+ * Microsoft OAuth provider.
6
+ *
7
+ * ```ts
8
+ * import { microsoft } from "@robelest/convex-auth/providers/microsoft";
9
+ *
10
+ * microsoft({
11
+ * tenant: process.env.AUTH_MICROSOFT_TENANT_ID!,
12
+ * clientId: process.env.AUTH_MICROSOFT_ID!,
13
+ * clientSecret: process.env.AUTH_MICROSOFT_SECRET!,
14
+ * })
15
+ * ```
16
+ *
17
+ * @module
18
+ */
19
+ /** Configuration for the {@link microsoft} provider. */
20
+ interface MicrosoftConfig {
21
+ /** Microsoft Entra tenant ID or domain used to scope the OAuth issuer. */
22
+ tenant: string;
23
+ /** OAuth client ID from Microsoft Entra ID. */
24
+ clientId: string;
25
+ /** OAuth client secret for confidential clients, when required. */
26
+ clientSecret?: string | null;
27
+ /** Optional callback URL override. Defaults to `CUSTOM_AUTH_SITE_URL` or `CONVEX_SITE_URL` plus `/api/auth/callback/microsoft`. */
28
+ redirectUri?: string;
29
+ /** Optional OAuth scopes. Defaults to `openid profile email`. */
30
+ scopes?: string[];
31
+ /** Account-linking strategy for existing users with matching email addresses. */
32
+ accountLinking?: "verifiedEmail" | "none";
33
+ }
34
+ /**
35
+ * Create a Microsoft OAuth provider.
36
+ *
37
+ * This wrapper enables nonce handling and validates the returned ID token.
38
+ *
39
+ * @param config - Microsoft Entra ID client settings.
40
+ * @returns A configured Microsoft OAuth provider for `createAuth`.
41
+ * @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
42
+ *
43
+ * @example
44
+ * ```ts
45
+ * import { microsoft } from "@robelest/convex-auth/providers/microsoft";
46
+ *
47
+ * microsoft({
48
+ * tenant: process.env.AUTH_MICROSOFT_TENANT_ID!,
49
+ * clientId: process.env.AUTH_MICROSOFT_ID!,
50
+ * clientSecret: process.env.AUTH_MICROSOFT_SECRET!,
51
+ * })
52
+ * ```
53
+ */
54
+ declare function microsoft(config: MicrosoftConfig): OAuthMaterializedConfig;
55
+ //#endregion
56
+ export { MicrosoftConfig, microsoft };
57
+ //# sourceMappingURL=microsoft.d.ts.map
@@ -0,0 +1,101 @@
1
+ import { envOptionalString, readConfigSync } from "../server/env.js";
2
+ import { createArcticOAuthClient, createOAuthProvider } from "../server/oauth/factory.js";
3
+ import { createRemoteJWKSet, decodeProtectedHeader, jwtVerify } from "jose";
4
+ import { MicrosoftEntraId } from "arctic";
5
+
6
+ //#region src/providers/microsoft.ts
7
+ /**
8
+ * Microsoft OAuth provider.
9
+ *
10
+ * ```ts
11
+ * import { microsoft } from "@robelest/convex-auth/providers/microsoft";
12
+ *
13
+ * microsoft({
14
+ * tenant: process.env.AUTH_MICROSOFT_TENANT_ID!,
15
+ * clientId: process.env.AUTH_MICROSOFT_ID!,
16
+ * clientSecret: process.env.AUTH_MICROSOFT_SECRET!,
17
+ * })
18
+ * ```
19
+ *
20
+ * @module
21
+ */
22
+ const DEFAULT_SCOPES = [
23
+ "openid",
24
+ "profile",
25
+ "email"
26
+ ];
27
+ /**
28
+ * Create a Microsoft OAuth provider.
29
+ *
30
+ * This wrapper enables nonce handling and validates the returned ID token.
31
+ *
32
+ * @param config - Microsoft Entra ID client settings.
33
+ * @returns A configured Microsoft OAuth provider for `createAuth`.
34
+ * @throws {Error} When no callback URL can be derived and `redirectUri` is omitted.
35
+ *
36
+ * @example
37
+ * ```ts
38
+ * import { microsoft } from "@robelest/convex-auth/providers/microsoft";
39
+ *
40
+ * microsoft({
41
+ * tenant: process.env.AUTH_MICROSOFT_TENANT_ID!,
42
+ * clientId: process.env.AUTH_MICROSOFT_ID!,
43
+ * clientSecret: process.env.AUTH_MICROSOFT_SECRET!,
44
+ * })
45
+ * ```
46
+ */
47
+ function microsoft(config) {
48
+ const provider = new MicrosoftEntraId(config.tenant, config.clientId, config.clientSecret ?? null, config.redirectUri ?? defaultRedirectUri("microsoft"));
49
+ const issuer = `https://login.microsoftonline.com/${config.tenant}/v2.0`;
50
+ const jwks = createRemoteJWKSet(new URL(`${issuer}/discovery/v2.0/keys`));
51
+ return createOAuthProvider({
52
+ id: "microsoft",
53
+ provider: createArcticOAuthClient(provider, { pkce: "required" }),
54
+ scopes: config.scopes ?? DEFAULT_SCOPES,
55
+ nonce: true,
56
+ accountLinking: config.accountLinking,
57
+ validateTokens: async (tokens, ctx) => {
58
+ if (!ctx.nonce) throw new Error("Microsoft OAuth requires a nonce.");
59
+ if (!tokens.idToken) throw new Error("Microsoft OAuth response is missing id_token.");
60
+ const idToken = tokens.idToken;
61
+ const tokenAlg = decodeProtectedHeader(idToken).alg;
62
+ const verification = await (tokenAlg === "HS256" || tokenAlg === "HS384" || tokenAlg === "HS512" ? jwtVerify(idToken, (() => {
63
+ if (!config.clientSecret) throw new Error("Microsoft token uses symmetric signatures but clientSecret is missing.");
64
+ return new TextEncoder().encode(config.clientSecret);
65
+ })(), {
66
+ issuer,
67
+ audience: config.clientId,
68
+ requiredClaims: [
69
+ "iss",
70
+ "sub",
71
+ "aud",
72
+ "exp",
73
+ "iat"
74
+ ],
75
+ clockTolerance: 10
76
+ }) : jwtVerify(idToken, jwks, {
77
+ issuer,
78
+ audience: config.clientId,
79
+ requiredClaims: [
80
+ "iss",
81
+ "sub",
82
+ "aud",
83
+ "exp",
84
+ "iat"
85
+ ],
86
+ clockTolerance: 10
87
+ }));
88
+ if (verification.payload.nonce !== ctx.nonce) throw new Error("Microsoft OAuth nonce mismatch.");
89
+ if (Array.isArray(verification.payload.aud) && verification.payload.aud.length > 1 && verification.payload.azp !== config.clientId) throw new Error("Microsoft OAuth authorized party does not match client ID.");
90
+ }
91
+ });
92
+ }
93
+ function defaultRedirectUri(providerId) {
94
+ const rootUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? readConfigSync(envOptionalString("CONVEX_SITE_URL"));
95
+ if (!rootUrl) throw new Error(`Missing CONVEX_SITE_URL while configuring ${providerId} OAuth provider. Set CONVEX_SITE_URL or pass redirectUri explicitly.`);
96
+ return `${rootUrl}/api/auth/callback/${providerId}`;
97
+ }
98
+
99
+ //#endregion
100
+ export { microsoft };
101
+ //# sourceMappingURL=microsoft.js.map
@@ -1,57 +1,41 @@
1
+ import { PasskeyProviderConfig } from "../server/types.js";
2
+
1
3
  //#region src/providers/passkey.d.ts
2
- /**
3
- * Passkey (WebAuthn) authentication provider.
4
- *
5
- * ```ts
6
- * import { Passkey } from "@robelest/convex-auth/providers";
7
- *
8
- * new Passkey({ rpName: "My App" })
9
- * ```
10
- *
11
- * @module
12
- */
13
- /**
14
- * Configuration for the Passkey provider.
15
- */
4
+ /** Configuration for the {@link passkey} provider. */
16
5
  interface PasskeyConfig {
17
- /** Relying Party display name. Defaults to SITE_URL hostname. */
6
+ /** Human-readable relying party name shown in authenticator prompts. */
18
7
  rpName?: string;
19
- /** Relying Party ID (hostname). Defaults to SITE_URL hostname. */
8
+ /** Relying party ID, typically your app's hostname. */
20
9
  rpId?: string;
21
- /** Allowed origins for credential verification. Defaults to SITE_URL plus SECONDARY_URL. */
10
+ /** Allowed origins for registration and authentication ceremonies. */
22
11
  origin?: string | string[];
23
- /** Attestation conveyance preference. Defaults to "none". */
12
+ /** Attestation conveyance preference sent to authenticators. */
24
13
  attestation?: "none" | "direct";
25
- /** User verification requirement. Defaults to "required". */
14
+ /** User verification requirement for authentication ceremonies. */
26
15
  userVerification?: "required" | "preferred" | "discouraged";
27
- /** Resident key (discoverable credential) preference. Defaults to "preferred". */
16
+ /** Discoverable credential preference for resident keys. */
28
17
  residentKey?: "required" | "preferred" | "discouraged";
29
- /** Restrict to platform or cross-platform authenticators. */
18
+ /** Restrict credentials to platform or roaming authenticators. */
30
19
  authenticatorAttachment?: "platform" | "cross-platform";
31
- /** Supported COSE algorithms. Defaults to [-7 (ES256), -257 (RS256)]. */
20
+ /** Supported COSE algorithms in authenticator preference order. */
32
21
  algorithms?: number[];
33
- /** Challenge expiration in ms. Defaults to 300_000 (5 minutes). */
22
+ /** Challenge lifetime in milliseconds before registration/login expires. */
34
23
  challengeExpirationMs?: number;
35
24
  }
36
25
  /**
37
- * Passkey (WebAuthn) authentication provider.
26
+ * Create a passkey provider.
38
27
  *
39
- * Enables passwordless authentication via biometrics, security keys,
40
- * and synced passkeys using the Web Authentication API.
28
+ * @param config - Optional WebAuthn relying party and challenge settings.
29
+ * @returns A configured passkey provider for `createAuth`.
41
30
  *
42
31
  * @example
43
32
  * ```ts
44
- * import { Passkey } from "@robelest/convex-auth/providers";
33
+ * import { passkey } from "@robelest/convex-auth/providers";
45
34
  *
46
- * new Passkey({ rpName: "My App" })
35
+ * passkey({ rpName: "My App" })
47
36
  * ```
48
37
  */
49
- declare class Passkey {
50
- readonly id: string;
51
- readonly type: "passkey";
52
- readonly config: PasskeyConfig;
53
- constructor(config?: PasskeyConfig);
54
- }
38
+ declare function passkey(config?: PasskeyConfig): PasskeyProviderConfig;
55
39
  //#endregion
56
- export { Passkey, PasskeyConfig };
40
+ export { PasskeyConfig, passkey };
57
41
  //# sourceMappingURL=passkey.d.ts.map
@@ -1,42 +1,32 @@
1
1
  //#region src/providers/passkey.ts
2
2
  /**
3
- * Passkey (WebAuthn) authentication provider.
3
+ * Create a passkey provider.
4
4
  *
5
- * Enables passwordless authentication via biometrics, security keys,
6
- * and synced passkeys using the Web Authentication API.
5
+ * @param config - Optional WebAuthn relying party and challenge settings.
6
+ * @returns A configured passkey provider for `createAuth`.
7
7
  *
8
8
  * @example
9
9
  * ```ts
10
- * import { Passkey } from "@robelest/convex-auth/providers";
10
+ * import { passkey } from "@robelest/convex-auth/providers";
11
11
  *
12
- * new Passkey({ rpName: "My App" })
12
+ * passkey({ rpName: "My App" })
13
13
  * ```
14
14
  */
15
- var Passkey = class {
16
- id;
17
- type = "passkey";
18
- config;
19
- constructor(config = {}) {
20
- this.id = "passkey";
21
- this.config = config;
22
- }
23
- /** @internal Convert to the internal materialized config shape. */
24
- _toMaterialized() {
25
- return {
26
- id: this.id,
27
- type: "passkey",
28
- options: {
29
- attestation: "none",
30
- userVerification: "required",
31
- residentKey: "preferred",
32
- algorithms: [-7, -257],
33
- challengeExpirationMs: 3e5,
34
- ...this.config
35
- }
36
- };
37
- }
38
- };
15
+ function passkey(config = {}) {
16
+ return {
17
+ id: "passkey",
18
+ type: "passkey",
19
+ options: {
20
+ attestation: "none",
21
+ userVerification: "required",
22
+ residentKey: "preferred",
23
+ algorithms: [-7, -257],
24
+ challengeExpirationMs: 3e5,
25
+ ...config
26
+ }
27
+ };
28
+ }
39
29
 
40
30
  //#endregion
41
- export { Passkey };
31
+ export { passkey };
42
32
  //# sourceMappingURL=passkey.js.map
@@ -1,16 +1,14 @@
1
1
  import { CredentialsConfig } from "./credentials.js";
2
- import { EmailConfig, GenericActionCtxWithAuthConfig } from "../server/types.js";
3
- import { DocumentByName, GenericDataModel, WithoutSystemFields } from "convex/server";
2
+ import { ConvexCredentialsConfig, EmailConfig, GenericActionCtxWithAuthConfig } from "../server/types.js";
4
3
  import { Value } from "convex/values";
4
+ import { DocumentByName, GenericDataModel, WithoutSystemFields } from "convex/server";
5
5
 
6
6
  //#region src/providers/password.d.ts
7
- /**
8
- * The available options to a {@link Password} provider for Convex Auth.
9
- */
7
+ /** Configuration for the {@link password} provider. */
10
8
  interface PasswordConfig<DataModel extends GenericDataModel> {
11
9
  /**
12
10
  * Uniquely identifies the provider, allowing to use
13
- * multiple different {@link Password} providers.
11
+ * multiple different password providers.
14
12
  */
15
13
  id?: string;
16
14
  /**
@@ -53,13 +51,14 @@ interface PasswordConfig<DataModel extends GenericDataModel> {
53
51
  * An email provider used to require verification
54
52
  * before password reset.
55
53
  */
56
- reset?: EmailConfig | ((...args: any) => EmailConfig);
54
+ reset?: EmailConfig | PasswordEmailProviderFactory;
57
55
  /**
58
56
  * An email provider used to require verification
59
57
  * before sign up / sign in.
60
58
  */
61
- verify?: EmailConfig | ((...args: any) => EmailConfig);
59
+ verify?: EmailConfig | PasswordEmailProviderFactory;
62
60
  }
61
+ type PasswordEmailProviderFactory = () => EmailConfig;
63
62
  /**
64
63
  * Email and password authentication provider.
65
64
  *
@@ -71,18 +70,18 @@ interface PasswordConfig<DataModel extends GenericDataModel> {
71
70
  *
72
71
  * @example
73
72
  * ```ts
74
- * import { Password } from "@robelest/convex-auth/providers";
73
+ * import { password } from "@robelest/convex-auth/providers";
75
74
  *
76
- * new Password()
77
- * new Password({ verify: myEmailProvider })
75
+ * password()
76
+ * password({ verify: myEmailProvider })
78
77
  * ```
78
+ *
79
+ * @typeParam DataModel - The Convex data model used by the auth context.
80
+ * @param config - Password flow hooks and optional verification providers.
81
+ * @returns A configured password provider for `createAuth`.
82
+ * @throws {Error} During sign-in flows when required password params are missing or reset is not enabled.
79
83
  */
80
- declare class Password<DataModel extends GenericDataModel = GenericDataModel> {
81
- readonly id: string;
82
- readonly type: "credentials";
83
- readonly config: PasswordConfig<DataModel>;
84
- constructor(config?: PasswordConfig<DataModel>);
85
- }
84
+ declare function password<DataModel extends GenericDataModel = GenericDataModel>(config?: PasswordConfig<DataModel>): ConvexCredentialsConfig;
86
85
  //#endregion
87
- export { Password, PasswordConfig };
86
+ export { PasswordConfig, password };
88
87
  //# sourceMappingURL=password.d.ts.map