@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,20 +1,14 @@
1
- import { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, Doc, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider } from "./types.js";
2
1
  import { AuthApiRefs } from "../client/core/types.js";
3
2
  import "../client/index.js";
4
- import { Auth as Auth$1 } from "./runtime.js";
5
- import { UserIdentity } from "convex/server";
6
- import { GenericId } from "convex/values";
3
+ import { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider } from "./types.js";
4
+ import { AuthConfig, AuthContext, AuthContextConfig, AuthContextFactory as AuthContextFactory$1, AuthContextResolver as AuthContextResolver$1, InferAuth, OptionalAuthContext, UserDoc } from "./auth-context.js";
5
+ import { Auth } from "./runtime.js";
7
6
 
8
7
  //#region src/server/auth.d.ts
9
- /**
10
- * Config for auth setup. Extends the standard auth config
11
- * minus `component` (which is passed as the first constructor argument).
12
- */
13
- type AuthConfig = Omit<ConvexAuthConfig, "component">;
14
- /** Canonical user document type exposed by Convex Auth. */
15
- type UserDoc = Doc<"User">;
16
- type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth$1>["auth"]["member"], "create" | "list" | "update" | "inspect" | "require"> & {
17
- create: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["create"]>[0], data: {
8
+ type AuthContextResolver = AuthContextResolver$1;
9
+ type AuthContextFactory = AuthContextFactory$1;
10
+ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth>["auth"]["member"], "create" | "list" | "update" | "inspect" | "require"> & {
11
+ create: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["create"]>[0], data: {
18
12
  groupId: string;
19
13
  userId: string;
20
14
  roleIds?: AuthRoleId<TAuthorization>[];
@@ -23,7 +17,7 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
23
17
  }) => Promise<{
24
18
  memberId: string;
25
19
  }>;
26
- list: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["list"]>[0], opts?: {
20
+ list: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["list"]>[0], opts?: {
27
21
  where?: {
28
22
  groupId?: string;
29
23
  userId?: string;
@@ -34,26 +28,26 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
34
28
  cursor?: string | null;
35
29
  orderBy?: "_creationTime" | "status";
36
30
  order?: "asc" | "desc";
37
- }) => ReturnType<ReturnType<typeof Auth$1>["auth"]["member"]["list"]>;
38
- update: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["update"]>[0], memberId: string, data: Record<string, unknown> & {
31
+ }) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["list"]>;
32
+ update: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["update"]>[0], memberId: string, data: Record<string, unknown> & {
39
33
  roleIds?: AuthRoleId<TAuthorization>[];
40
34
  }) => Promise<{
41
35
  memberId: string;
42
36
  }>;
43
- inspect: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["inspect"]>[0], opts: {
37
+ inspect: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["inspect"]>[0], opts: {
44
38
  userId: string;
45
39
  groupId: string;
46
40
  ancestry?: boolean;
47
41
  maxDepth?: number;
48
- }) => ReturnType<ReturnType<typeof Auth$1>["auth"]["member"]["inspect"]>;
49
- require: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["require"]>[0], opts: {
42
+ }) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["inspect"]>;
43
+ require: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["require"]>[0], opts: {
50
44
  userId: string;
51
45
  groupId: string;
52
46
  ancestry?: boolean;
53
47
  roleIds?: AuthRoleId<TAuthorization>[];
54
48
  grants?: AuthGrant<TAuthorization>[];
55
49
  maxDepth?: number;
56
- }) => ReturnType<ReturnType<typeof Auth$1>["auth"]["member"]["require"]>;
50
+ }) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["require"]>;
57
51
  };
58
52
  /**
59
53
  * The base auth API surface returned by {@link createAuth}.
@@ -61,28 +55,28 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
61
55
  * Provides core namespaces — `signIn`, `signOut`, `user`, `session`,
62
56
  * `member`, `invite`, `group`, `key`, and `http` — that are
63
57
  * always available regardless of which providers are configured.
64
- * Enterprise namespaces (`sso`, `scim`) are added conditionally by
58
+ * Group SSO helpers under `group.sso` are added conditionally by
65
59
  * {@link AuthApi} when an SSO provider is present.
66
60
  *
67
61
  * Use this type when you want to describe code that only depends on the
68
- * standard auth surface and should not assume enterprise features exist.
62
+ * standard auth surface and should not assume group connection features exist.
69
63
  *
70
64
  * @typeParam TAuthorization - The authorization config, used to narrow
71
65
  * role IDs and grant strings on the `member` API.
72
66
  */
73
67
  type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = {
74
- signIn: ReturnType<typeof Auth$1>["signIn"];
75
- signOut: ReturnType<typeof Auth$1>["signOut"];
76
- store: ReturnType<typeof Auth$1>["store"];
77
- user: ReturnType<typeof Auth$1>["auth"]["user"];
78
- session: ReturnType<typeof Auth$1>["auth"]["session"];
79
- provider: ReturnType<typeof Auth$1>["auth"]["provider"];
80
- account: ReturnType<typeof Auth$1>["auth"]["account"];
81
- group: ReturnType<typeof Auth$1>["auth"]["group"];
68
+ signIn: ReturnType<typeof Auth>["signIn"];
69
+ signOut: ReturnType<typeof Auth>["signOut"];
70
+ store: ReturnType<typeof Auth>["store"];
71
+ user: ReturnType<typeof Auth>["auth"]["user"];
72
+ session: ReturnType<typeof Auth>["auth"]["session"];
73
+ provider: ReturnType<typeof Auth>["auth"]["provider"];
74
+ account: ReturnType<typeof Auth>["auth"]["account"];
75
+ group: ReturnType<typeof Auth>["auth"]["group"];
82
76
  member: MemberApiWithAuthorization<TAuthorization>;
83
- invite: ReturnType<typeof Auth$1>["auth"]["invite"];
84
- key: ReturnType<typeof Auth$1>["auth"]["key"];
85
- http: ReturnType<typeof Auth$1>["auth"]["http"];
77
+ invite: ReturnType<typeof Auth>["auth"]["invite"];
78
+ key: ReturnType<typeof Auth>["auth"]["key"];
79
+ http: ReturnType<typeof Auth>["auth"]["http"];
86
80
  /**
87
81
  * Resolve the current request's auth context. Framework-agnostic — use
88
82
  * this in fluent-convex middleware, custom wrappers, or anywhere you
@@ -104,19 +98,19 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
104
98
  * ```
105
99
  *
106
100
  * @example Direct usage in a handler
107
- * ```ts
108
- * const authContext = await auth.context(ctx);
109
- * const { userId, grants } = authContext;
110
- * ```
111
- *
112
- * @example Optional usage
113
- * ```ts
114
- * const authContext = await auth.context(ctx, { optional: true });
115
- * if (authContext.userId === null) {
116
- * return null;
117
- * }
118
- * ```
119
- */
101
+ * ```ts
102
+ * const authContext = await auth.context(ctx);
103
+ * const { userId, grants } = authContext;
104
+ * ```
105
+ *
106
+ * @example Optional usage
107
+ * ```ts
108
+ * const authContext = await auth.context(ctx, { optional: true });
109
+ * if (authContext.userId === null) {
110
+ * return null;
111
+ * }
112
+ * ```
113
+ */
120
114
  context: AuthContextResolver;
121
115
  /**
122
116
  * Context enrichment for convex-helpers `customQuery` / `customMutation` /
@@ -158,101 +152,33 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
158
152
  */
159
153
  ctx: AuthContextFactory;
160
154
  };
161
- /**
162
- * Current request auth context injected into `ctx.auth` by `auth.ctx()`. This
163
- * is the authenticated auth shape returned by {@link createAuth().context}.
164
- * Optional context builders may still surface nullable fields when
165
- * `optional: true` is used.
166
- *
167
- * - `groupId` is `null` when the user has no active group set.
168
- * - `role` is `null` when no active group or no membership is resolved.
169
- * - `grants` is `[]` when no active group or no membership is resolved.
170
- *
171
- * @example
172
- * ```ts
173
- * import type { AuthContext } from "@robelest/convex-auth/server";
174
- *
175
- * const mockAuth: AuthContext = {
176
- * userId: "user123" as Id<"User">,
177
- * user: { _id: "user123", email: "test@example.com" },
178
- * groupId: "group456",
179
- * role: "admin",
180
- * grants: ["read", "write"],
181
- * };
182
- * ```
183
- */
184
- type AuthContext = {
185
- /** The authenticated user's document ID. */userId: GenericId<"User">; /** The authenticated user's full document. */
186
- user: UserDoc; /** The user's active group ID, or `null` if none set. */
187
- groupId: string | null; /** The user's primary role in the active group, or `null`. */
188
- role: string | null; /** Resolved grant strings from the user's role definitions. */
189
- grants: string[];
190
- };
191
- /**
192
- * Nullable auth context returned by `auth.context(ctx, { optional: true })`
193
- * and injected by `auth.ctx({ optional: true })`.
194
- *
195
- * Use this when callers may be unauthenticated but you still want a stable
196
- * auth-shaped object.
197
- *
198
- * - `userId` and `user` are `null` when unauthenticated.
199
- * - `groupId` and `role` are `null` when no active group is resolved.
200
- * - `grants` is `[]` when no membership is resolved.
201
- *
202
- * @example
203
- * ```ts
204
- * const authContext = await auth.context(ctx, { optional: true });
205
- * if (authContext.userId === null) {
206
- * return null;
207
- * }
208
- * ```
209
- */
210
- type OptionalAuthContext = {
211
- /** The authenticated user's document ID, or `null` when unauthenticated. */userId: GenericId<"User"> | null; /** The authenticated user's full document, or `null` when unauthenticated. */
212
- user: UserDoc | null; /** The user's active group ID, or `null` if none is set. */
213
- groupId: string | null; /** The user's primary role in the active group, or `null`. */
214
- role: string | null; /** Resolved grant strings for the active membership, or `[]`. */
215
- grants: string[];
216
- };
217
- type AuthContextBase = {
218
- getUserIdentity: () => Promise<UserIdentity | null>;
219
- };
220
- type RequiredAuthContextState = AuthContextBase & AuthContext;
221
- type OptionalAuthContextState = AuthContextBase & OptionalAuthContext;
222
- type ResolvedAuthContext<TResolve> = AuthContext & TResolve;
223
- type ResolvedOptionalAuthContext<TResolve> = OptionalAuthContext & TResolve;
224
- type AuthContextResolver = {
225
- <TResolve extends Record<string, unknown> = Record<string, never>>(ctx: any, config: AuthContextConfig<TResolve> & {
226
- optional: true;
227
- }): Promise<ResolvedOptionalAuthContext<TResolve>>;
228
- <TResolve extends Record<string, unknown> = Record<string, never>>(ctx: any, config?: AuthContextConfig<TResolve>): Promise<ResolvedAuthContext<TResolve>>;
229
- };
230
- type AuthContextCustomization<TAuth> = {
231
- args: {};
232
- input: (ctx: any, _args: any, _extra?: any) => Promise<{
233
- ctx: {
234
- auth: TAuth;
235
- };
236
- args: {};
155
+ type InternalSsoApi = ReturnType<typeof Auth>["auth"]["sso"];
156
+ type PublicGroupSsoApi = {
157
+ signIn: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], data: {
158
+ connectionId?: string;
159
+ email?: string;
160
+ domain?: string;
161
+ redirectTo?: string;
162
+ loginHint?: string;
163
+ }) => Promise<{
164
+ connectionId: string;
165
+ protocol: "oidc" | "saml";
166
+ providerId: string;
167
+ signInPath: string;
168
+ callbackPath: string;
169
+ redirectTo?: string;
237
170
  }>;
238
- };
239
- type AuthContextFactory = {
240
- <TResolve extends Record<string, unknown> = Record<string, never>>(config: AuthContextConfig<TResolve> & {
241
- optional: true;
242
- }): AuthContextCustomization<OptionalAuthContextState & TResolve>;
243
- <TResolve extends Record<string, unknown> = Record<string, never>>(config?: AuthContextConfig<TResolve>): AuthContextCustomization<RequiredAuthContextState & TResolve>;
244
- };
245
- type InternalSsoApi = ReturnType<typeof Auth$1>["auth"]["sso"];
246
- type PublicSsoAdminApi = {
171
+ metadata: InternalSsoApi["saml"]["metadata"];
247
172
  connection: InternalSsoApi["connection"] & {
248
173
  domain: {
249
174
  list: InternalSsoApi["domain"]["list"];
250
175
  validate: InternalSsoApi["domain"]["validate"];
251
- set: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], enterpriseId: string, domains: Array<{
176
+ status: InternalSsoApi["domain"]["status"];
177
+ set: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], connectionId: string, domains: Array<{
252
178
  domain: string;
253
179
  isPrimary?: boolean;
254
180
  }>) => Promise<{
255
- enterpriseId: string;
181
+ connectionId: string;
256
182
  domains: Array<{
257
183
  domainId: string;
258
184
  domain: string;
@@ -263,10 +189,10 @@ type PublicSsoAdminApi = {
263
189
  }>;
264
190
  verification: {
265
191
  request: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], args: {
266
- enterpriseId: string;
192
+ connectionId: string;
267
193
  domain: string;
268
194
  }) => Promise<{
269
- enterpriseId: string;
195
+ connectionId: string;
270
196
  domain: string;
271
197
  requestedAt: number;
272
198
  expiresAt: number;
@@ -277,10 +203,10 @@ type PublicSsoAdminApi = {
277
203
  };
278
204
  }>;
279
205
  confirm: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], args: {
280
- enterpriseId: string;
206
+ connectionId: string;
281
207
  domain: string;
282
208
  }) => Promise<{
283
- enterpriseId: string;
209
+ connectionId: string;
284
210
  domain: string;
285
211
  verifiedAt?: number;
286
212
  checks: Array<{
@@ -293,7 +219,7 @@ type PublicSsoAdminApi = {
293
219
  };
294
220
  };
295
221
  oidc: Omit<InternalSsoApi["oidc"], "signIn">;
296
- saml: Omit<InternalSsoApi["saml"], "metadata">;
222
+ saml: InternalSsoApi["saml"];
297
223
  policy: InternalSsoApi["policy"];
298
224
  audit: {
299
225
  list: InternalSsoApi["audit"]["list"];
@@ -304,27 +230,17 @@ type PublicSsoAdminApi = {
304
230
  list: InternalSsoApi["webhook"]["delivery"]["list"];
305
231
  };
306
232
  };
307
- };
308
- type PublicSsoClientApi = {
309
- signIn: InternalSsoApi["oidc"]["signIn"];
310
- metadata: InternalSsoApi["saml"]["metadata"];
311
- };
312
- type PublicSsoApi = {
313
- admin: PublicSsoAdminApi;
314
- client: PublicSsoClientApi;
315
- };
316
- type PublicScimApi = {
317
- admin: Omit<InternalSsoApi["scim"], "getConfigByToken" | "identity">;
233
+ scim: Omit<InternalSsoApi["scim"], "getConfigByToken" | "identity">;
318
234
  };
319
235
  /**
320
- * Extended auth API that includes enterprise SSO and SCIM namespaces.
236
+ * Extended auth API that includes group SSO and SCIM namespaces.
321
237
  *
322
- * This type is the union of {@link AuthApiBase} plus `sso` (SSO connection
323
- * management, OIDC/SAML, domain verification, policies, audit, webhooks)
324
- * and `scim` (SCIM provisioning configuration). It is returned by
325
- * {@link createAuth} only when `new SSO()` is included in the providers
238
+ * This type is the union of {@link AuthApiBase} plus `group.sso`
239
+ * (SSO connection management, OIDC/SAML, SCIM, domain verification,
240
+ * policies, audit, and webhooks). It is returned by
241
+ * {@link createAuth} only when `sso()` is included in the providers
326
242
  * array; otherwise the narrower {@link AuthApiBase} is returned instead.
327
- * Attempting to access `auth.sso` or `auth.scim` without an SSO provider
243
+ * Attempting to access `auth.group.sso` without an SSO provider
328
244
  * produces a compile-time error because the return type narrows back to
329
245
  * {@link AuthApiBase}.
330
246
  *
@@ -332,18 +248,19 @@ type PublicScimApi = {
332
248
  * {@link AuthApiBase} for typed role IDs and grant strings.
333
249
  */
334
250
  type AuthApi<TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = AuthApiBase<TAuthorization> & {
335
- sso: PublicSsoApi;
336
- scim: PublicScimApi;
251
+ group: AuthApiBase<TAuthorization>["group"] & {
252
+ sso: PublicGroupSsoApi;
253
+ };
337
254
  };
338
255
  /**
339
256
  * The return type of {@link createAuth}.
340
257
  *
341
- * Resolves to {@link AuthApi} (with `sso` and `scim` namespaces) when
342
- * `new SSO()` is present in the providers array, or to the narrower
258
+ * Resolves to {@link AuthApi} (with `group.sso` helpers) when
259
+ * `sso()` is present in the providers array, or to the narrower
343
260
  * {@link AuthApiBase} otherwise. This conditional type ensures that
344
- * enterprise-only APIs are only accessible when the SSO provider is
261
+ * group connection-only APIs are only accessible when the SSO provider is
345
262
  * configured, producing a compile-time error if you try to access
346
- * `auth.sso` without it.
263
+ * `auth.group.sso` without it.
347
264
  * This lets application code keep a single `createAuth()` call while still
348
265
  * getting provider-aware typing on the resulting API object.
349
266
  *
@@ -369,98 +286,36 @@ type ConvexAuthResult<P extends AuthProviderConfig[], TAuthorization extends Aut
369
286
  * @typeParam T - A ConvexAuthResult to extract the client API from.
370
287
  */
371
288
  type InferClientApi<T> = T extends ConvexAuthResult<infer P> ? AuthApiRefs<HasPasskeyProvider<P>, HasTotpProvider<P>, HasDeviceProvider<P>> : AuthApiRefs;
372
- declare function createAuth<P extends AuthProviderConfig[], TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(component: ConvexAuthConfig["component"], config: Omit<AuthConfig, "providers" | "authorization"> & {
373
- providers: P;
374
- authorization?: TAuthorization;
375
- }): ConvexAuthResult<P, TAuthorization>;
376
- /**
377
- * Configuration for {@link createAuth().ctx} context enrichment.
378
- *
379
- * The same config shape is also used by {@link createAuth().context}.
380
- *
381
- * @typeParam TResolve - Extra fields returned from `resolve()` and merged into
382
- * the resulting `ctx.auth` object.
383
- *
384
- * @example
385
- * ```ts
386
- * const authContext = await auth.context(ctx, {
387
- * resolve: async (_ctx, user, authState) => ({
388
- * email: user.email,
389
- * canWrite: authState.grants.includes("posts.write"),
390
- * }),
391
- * });
392
- * ```
393
- */
394
- type AuthContextConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
395
- /**
396
- * Allow unauthenticated callers and return a null-shaped auth object instead
397
- * of throwing `NOT_SIGNED_IN`.
398
- */
399
- optional?: boolean;
400
- /**
401
- * Attach additional derived fields to the auth context after the base auth
402
- * context is resolved.
403
- *
404
- * This callback runs only when a user is authenticated.
405
- */
406
- resolve?: (ctx: any, user: UserDoc, auth: AuthContext) => Promise<TResolve> | TResolve;
407
- /**
408
- * Override or wrap the base auth resolution used by {@link createAuth().ctx}.
409
- *
410
- * Return `undefined` to fall back to the built-in resolver,
411
- * `null` for an explicit unauthenticated state, or an
412
- * {@link AuthContext} object to provide a pre-resolved auth state.
413
- * This is useful for tests, proxy auth, impersonation flows, or any
414
- * environment that needs to inject auth without depending on the standard
415
- * Convex auth tables.
416
- *
417
- * @param ctx - The Convex function context.
418
- * @param fallback - The built-in auth resolver used by {@link createAuth().ctx}.
419
- * @returns Resolved auth state, `null`, or `undefined` to use the fallback.
420
- *
421
- * @example
422
- * ```ts
423
- * const authCtx = auth.ctx({
424
- * authResolve: async (ctx, fallback) => {
425
- * const injected = getInjectedAuth(ctx);
426
- * return injected ?? (await fallback());
427
- * },
428
- * });
429
- * ```
430
- */
431
- authResolve?: (ctx: any, fallback: () => Promise<AuthContext | null>) => Promise<AuthContext | null | undefined> | AuthContext | null | undefined;
432
- };
433
289
  /**
434
- * Extract the resolved `auth` context type from an `auth.ctx()` customization.
290
+ * Create an auth API object.
435
291
  *
436
- * Use this to type function parameters or variables that receive the
437
- * enriched auth context produced by `auth.ctx()`. The inferred type includes
438
- * `userId`, `user`, `groupId`, `role`, `grants`, `getUserIdentity`, and any
439
- * additional fields added by the `resolve` callback. This is the generic
440
- * utility for reusing the enriched auth shape without manually duplicating
441
- * conditional auth types.
292
+ * When `sso()` is included in providers, `auth.group.sso` is available
293
+ * on the returned object. Without it, that namespace is absent and
294
+ * accessing it is a TypeScript compile error.
442
295
  *
443
- * @typeParam T - An `auth.ctx()` return value (must have an `input` method
444
- * that returns `{ ctx: { auth: ... } }`).
296
+ * @param component - The installed auth component reference from
297
+ * `components.auth` in your Convex app definition.
298
+ * @param config - Auth configuration including `providers` and optional
299
+ * `authorization`. All fields from {@link AuthConfig} are accepted
300
+ * except `component` (passed as the first argument).
301
+ * @returns A {@link ConvexAuthResult} object — either {@link AuthApi}
302
+ * (with `group.sso`) or {@link AuthApiBase}, depending on whether
303
+ * an SSO provider is present.
445
304
  *
446
305
  * @example
447
306
  * ```ts
448
- * const authCtx = auth.ctx({
449
- * resolve: async (ctx, user) => ({ orgId: user.orgId }),
307
+ * export const auth = createAuth(components.auth, {
308
+ * providers: [password(), google()],
309
+ * authorization: { roles },
450
310
  * });
451
- * type Auth = InferAuth<typeof authCtx>;
452
- * // Auth = { userId: Id<"User">; user: UserDoc; getUserIdentity: ...; orgId: string }
453
311
  * ```
454
312
  *
455
- * @see {@link createAuth}
313
+ * @see {@link AuthContextConfig}
456
314
  */
457
- type InferAuth<T extends {
458
- input: (...args: any[]) => Promise<{
459
- ctx: {
460
- auth: any;
461
- };
462
- }>;
463
- }> = Awaited<ReturnType<T["input"]>>["ctx"]["auth"];
315
+ declare function createAuth<P extends AuthProviderConfig[], TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(component: ConvexAuthConfig["component"], config: Omit<AuthConfig, "providers" | "authorization"> & {
316
+ providers: P;
317
+ authorization?: TAuthorization;
318
+ }): ConvexAuthResult<P, TAuthorization>;
464
319
  //#endregion
465
- export { AuthApi, AuthApiBase, AuthConfig, AuthContext, AuthContextConfig, ConvexAuthResult, InferAuth, InferClientApi, OptionalAuthContext, UserDoc, createAuth };
320
+ export { AuthApi, AuthApiBase, ConvexAuthResult, InferClientApi, createAuth };
466
321
  //# sourceMappingURL=auth.d.ts.map