@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
package/dist/server/auth.d.ts
CHANGED
|
@@ -1,20 +1,14 @@
|
|
|
1
|
-
import { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, Doc, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider } from "./types.js";
|
|
2
1
|
import { AuthApiRefs } from "../client/core/types.js";
|
|
3
2
|
import "../client/index.js";
|
|
4
|
-
import {
|
|
5
|
-
import {
|
|
6
|
-
import {
|
|
3
|
+
import { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider } from "./types.js";
|
|
4
|
+
import { AuthConfig, AuthContext, AuthContextConfig, AuthContextFactory as AuthContextFactory$1, AuthContextResolver as AuthContextResolver$1, InferAuth, OptionalAuthContext, UserDoc } from "./auth-context.js";
|
|
5
|
+
import { Auth } from "./runtime.js";
|
|
7
6
|
|
|
8
7
|
//#region src/server/auth.d.ts
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
type AuthConfig = Omit<ConvexAuthConfig, "component">;
|
|
14
|
-
/** Canonical user document type exposed by Convex Auth. */
|
|
15
|
-
type UserDoc = Doc<"User">;
|
|
16
|
-
type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth$1>["auth"]["member"], "create" | "list" | "update" | "inspect" | "require"> & {
|
|
17
|
-
create: (ctx: Parameters<ReturnType<typeof Auth$1>["auth"]["member"]["create"]>[0], data: {
|
|
8
|
+
type AuthContextResolver = AuthContextResolver$1;
|
|
9
|
+
type AuthContextFactory = AuthContextFactory$1;
|
|
10
|
+
type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth>["auth"]["member"], "create" | "list" | "update" | "inspect" | "require"> & {
|
|
11
|
+
create: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["create"]>[0], data: {
|
|
18
12
|
groupId: string;
|
|
19
13
|
userId: string;
|
|
20
14
|
roleIds?: AuthRoleId<TAuthorization>[];
|
|
@@ -23,7 +17,7 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
|
|
|
23
17
|
}) => Promise<{
|
|
24
18
|
memberId: string;
|
|
25
19
|
}>;
|
|
26
|
-
list: (ctx: Parameters<ReturnType<typeof Auth
|
|
20
|
+
list: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["list"]>[0], opts?: {
|
|
27
21
|
where?: {
|
|
28
22
|
groupId?: string;
|
|
29
23
|
userId?: string;
|
|
@@ -34,26 +28,26 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
|
|
|
34
28
|
cursor?: string | null;
|
|
35
29
|
orderBy?: "_creationTime" | "status";
|
|
36
30
|
order?: "asc" | "desc";
|
|
37
|
-
}) => ReturnType<ReturnType<typeof Auth
|
|
38
|
-
update: (ctx: Parameters<ReturnType<typeof Auth
|
|
31
|
+
}) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["list"]>;
|
|
32
|
+
update: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["update"]>[0], memberId: string, data: Record<string, unknown> & {
|
|
39
33
|
roleIds?: AuthRoleId<TAuthorization>[];
|
|
40
34
|
}) => Promise<{
|
|
41
35
|
memberId: string;
|
|
42
36
|
}>;
|
|
43
|
-
inspect: (ctx: Parameters<ReturnType<typeof Auth
|
|
37
|
+
inspect: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["inspect"]>[0], opts: {
|
|
44
38
|
userId: string;
|
|
45
39
|
groupId: string;
|
|
46
40
|
ancestry?: boolean;
|
|
47
41
|
maxDepth?: number;
|
|
48
|
-
}) => ReturnType<ReturnType<typeof Auth
|
|
49
|
-
require: (ctx: Parameters<ReturnType<typeof Auth
|
|
42
|
+
}) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["inspect"]>;
|
|
43
|
+
require: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["require"]>[0], opts: {
|
|
50
44
|
userId: string;
|
|
51
45
|
groupId: string;
|
|
52
46
|
ancestry?: boolean;
|
|
53
47
|
roleIds?: AuthRoleId<TAuthorization>[];
|
|
54
48
|
grants?: AuthGrant<TAuthorization>[];
|
|
55
49
|
maxDepth?: number;
|
|
56
|
-
}) => ReturnType<ReturnType<typeof Auth
|
|
50
|
+
}) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["require"]>;
|
|
57
51
|
};
|
|
58
52
|
/**
|
|
59
53
|
* The base auth API surface returned by {@link createAuth}.
|
|
@@ -61,28 +55,28 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
|
|
|
61
55
|
* Provides core namespaces — `signIn`, `signOut`, `user`, `session`,
|
|
62
56
|
* `member`, `invite`, `group`, `key`, and `http` — that are
|
|
63
57
|
* always available regardless of which providers are configured.
|
|
64
|
-
*
|
|
58
|
+
* Group SSO helpers under `group.sso` are added conditionally by
|
|
65
59
|
* {@link AuthApi} when an SSO provider is present.
|
|
66
60
|
*
|
|
67
61
|
* Use this type when you want to describe code that only depends on the
|
|
68
|
-
* standard auth surface and should not assume
|
|
62
|
+
* standard auth surface and should not assume group connection features exist.
|
|
69
63
|
*
|
|
70
64
|
* @typeParam TAuthorization - The authorization config, used to narrow
|
|
71
65
|
* role IDs and grant strings on the `member` API.
|
|
72
66
|
*/
|
|
73
67
|
type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = {
|
|
74
|
-
signIn: ReturnType<typeof Auth
|
|
75
|
-
signOut: ReturnType<typeof Auth
|
|
76
|
-
store: ReturnType<typeof Auth
|
|
77
|
-
user: ReturnType<typeof Auth
|
|
78
|
-
session: ReturnType<typeof Auth
|
|
79
|
-
provider: ReturnType<typeof Auth
|
|
80
|
-
account: ReturnType<typeof Auth
|
|
81
|
-
group: ReturnType<typeof Auth
|
|
68
|
+
signIn: ReturnType<typeof Auth>["signIn"];
|
|
69
|
+
signOut: ReturnType<typeof Auth>["signOut"];
|
|
70
|
+
store: ReturnType<typeof Auth>["store"];
|
|
71
|
+
user: ReturnType<typeof Auth>["auth"]["user"];
|
|
72
|
+
session: ReturnType<typeof Auth>["auth"]["session"];
|
|
73
|
+
provider: ReturnType<typeof Auth>["auth"]["provider"];
|
|
74
|
+
account: ReturnType<typeof Auth>["auth"]["account"];
|
|
75
|
+
group: ReturnType<typeof Auth>["auth"]["group"];
|
|
82
76
|
member: MemberApiWithAuthorization<TAuthorization>;
|
|
83
|
-
invite: ReturnType<typeof Auth
|
|
84
|
-
key: ReturnType<typeof Auth
|
|
85
|
-
http: ReturnType<typeof Auth
|
|
77
|
+
invite: ReturnType<typeof Auth>["auth"]["invite"];
|
|
78
|
+
key: ReturnType<typeof Auth>["auth"]["key"];
|
|
79
|
+
http: ReturnType<typeof Auth>["auth"]["http"];
|
|
86
80
|
/**
|
|
87
81
|
* Resolve the current request's auth context. Framework-agnostic — use
|
|
88
82
|
* this in fluent-convex middleware, custom wrappers, or anywhere you
|
|
@@ -104,19 +98,19 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
104
98
|
* ```
|
|
105
99
|
*
|
|
106
100
|
* @example Direct usage in a handler
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
101
|
+
* ```ts
|
|
102
|
+
* const authContext = await auth.context(ctx);
|
|
103
|
+
* const { userId, grants } = authContext;
|
|
104
|
+
* ```
|
|
105
|
+
*
|
|
106
|
+
* @example Optional usage
|
|
107
|
+
* ```ts
|
|
108
|
+
* const authContext = await auth.context(ctx, { optional: true });
|
|
109
|
+
* if (authContext.userId === null) {
|
|
110
|
+
* return null;
|
|
111
|
+
* }
|
|
112
|
+
* ```
|
|
113
|
+
*/
|
|
120
114
|
context: AuthContextResolver;
|
|
121
115
|
/**
|
|
122
116
|
* Context enrichment for convex-helpers `customQuery` / `customMutation` /
|
|
@@ -158,101 +152,33 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
158
152
|
*/
|
|
159
153
|
ctx: AuthContextFactory;
|
|
160
154
|
};
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
* userId: "user123" as Id<"User">,
|
|
177
|
-
* user: { _id: "user123", email: "test@example.com" },
|
|
178
|
-
* groupId: "group456",
|
|
179
|
-
* role: "admin",
|
|
180
|
-
* grants: ["read", "write"],
|
|
181
|
-
* };
|
|
182
|
-
* ```
|
|
183
|
-
*/
|
|
184
|
-
type AuthContext = {
|
|
185
|
-
/** The authenticated user's document ID. */userId: GenericId<"User">; /** The authenticated user's full document. */
|
|
186
|
-
user: UserDoc; /** The user's active group ID, or `null` if none set. */
|
|
187
|
-
groupId: string | null; /** The user's primary role in the active group, or `null`. */
|
|
188
|
-
role: string | null; /** Resolved grant strings from the user's role definitions. */
|
|
189
|
-
grants: string[];
|
|
190
|
-
};
|
|
191
|
-
/**
|
|
192
|
-
* Nullable auth context returned by `auth.context(ctx, { optional: true })`
|
|
193
|
-
* and injected by `auth.ctx({ optional: true })`.
|
|
194
|
-
*
|
|
195
|
-
* Use this when callers may be unauthenticated but you still want a stable
|
|
196
|
-
* auth-shaped object.
|
|
197
|
-
*
|
|
198
|
-
* - `userId` and `user` are `null` when unauthenticated.
|
|
199
|
-
* - `groupId` and `role` are `null` when no active group is resolved.
|
|
200
|
-
* - `grants` is `[]` when no membership is resolved.
|
|
201
|
-
*
|
|
202
|
-
* @example
|
|
203
|
-
* ```ts
|
|
204
|
-
* const authContext = await auth.context(ctx, { optional: true });
|
|
205
|
-
* if (authContext.userId === null) {
|
|
206
|
-
* return null;
|
|
207
|
-
* }
|
|
208
|
-
* ```
|
|
209
|
-
*/
|
|
210
|
-
type OptionalAuthContext = {
|
|
211
|
-
/** The authenticated user's document ID, or `null` when unauthenticated. */userId: GenericId<"User"> | null; /** The authenticated user's full document, or `null` when unauthenticated. */
|
|
212
|
-
user: UserDoc | null; /** The user's active group ID, or `null` if none is set. */
|
|
213
|
-
groupId: string | null; /** The user's primary role in the active group, or `null`. */
|
|
214
|
-
role: string | null; /** Resolved grant strings for the active membership, or `[]`. */
|
|
215
|
-
grants: string[];
|
|
216
|
-
};
|
|
217
|
-
type AuthContextBase = {
|
|
218
|
-
getUserIdentity: () => Promise<UserIdentity | null>;
|
|
219
|
-
};
|
|
220
|
-
type RequiredAuthContextState = AuthContextBase & AuthContext;
|
|
221
|
-
type OptionalAuthContextState = AuthContextBase & OptionalAuthContext;
|
|
222
|
-
type ResolvedAuthContext<TResolve> = AuthContext & TResolve;
|
|
223
|
-
type ResolvedOptionalAuthContext<TResolve> = OptionalAuthContext & TResolve;
|
|
224
|
-
type AuthContextResolver = {
|
|
225
|
-
<TResolve extends Record<string, unknown> = Record<string, never>>(ctx: any, config: AuthContextConfig<TResolve> & {
|
|
226
|
-
optional: true;
|
|
227
|
-
}): Promise<ResolvedOptionalAuthContext<TResolve>>;
|
|
228
|
-
<TResolve extends Record<string, unknown> = Record<string, never>>(ctx: any, config?: AuthContextConfig<TResolve>): Promise<ResolvedAuthContext<TResolve>>;
|
|
229
|
-
};
|
|
230
|
-
type AuthContextCustomization<TAuth> = {
|
|
231
|
-
args: {};
|
|
232
|
-
input: (ctx: any, _args: any, _extra?: any) => Promise<{
|
|
233
|
-
ctx: {
|
|
234
|
-
auth: TAuth;
|
|
235
|
-
};
|
|
236
|
-
args: {};
|
|
155
|
+
type InternalSsoApi = ReturnType<typeof Auth>["auth"]["sso"];
|
|
156
|
+
type PublicGroupSsoApi = {
|
|
157
|
+
signIn: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], data: {
|
|
158
|
+
connectionId?: string;
|
|
159
|
+
email?: string;
|
|
160
|
+
domain?: string;
|
|
161
|
+
redirectTo?: string;
|
|
162
|
+
loginHint?: string;
|
|
163
|
+
}) => Promise<{
|
|
164
|
+
connectionId: string;
|
|
165
|
+
protocol: "oidc" | "saml";
|
|
166
|
+
providerId: string;
|
|
167
|
+
signInPath: string;
|
|
168
|
+
callbackPath: string;
|
|
169
|
+
redirectTo?: string;
|
|
237
170
|
}>;
|
|
238
|
-
|
|
239
|
-
type AuthContextFactory = {
|
|
240
|
-
<TResolve extends Record<string, unknown> = Record<string, never>>(config: AuthContextConfig<TResolve> & {
|
|
241
|
-
optional: true;
|
|
242
|
-
}): AuthContextCustomization<OptionalAuthContextState & TResolve>;
|
|
243
|
-
<TResolve extends Record<string, unknown> = Record<string, never>>(config?: AuthContextConfig<TResolve>): AuthContextCustomization<RequiredAuthContextState & TResolve>;
|
|
244
|
-
};
|
|
245
|
-
type InternalSsoApi = ReturnType<typeof Auth$1>["auth"]["sso"];
|
|
246
|
-
type PublicSsoAdminApi = {
|
|
171
|
+
metadata: InternalSsoApi["saml"]["metadata"];
|
|
247
172
|
connection: InternalSsoApi["connection"] & {
|
|
248
173
|
domain: {
|
|
249
174
|
list: InternalSsoApi["domain"]["list"];
|
|
250
175
|
validate: InternalSsoApi["domain"]["validate"];
|
|
251
|
-
|
|
176
|
+
status: InternalSsoApi["domain"]["status"];
|
|
177
|
+
set: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], connectionId: string, domains: Array<{
|
|
252
178
|
domain: string;
|
|
253
179
|
isPrimary?: boolean;
|
|
254
180
|
}>) => Promise<{
|
|
255
|
-
|
|
181
|
+
connectionId: string;
|
|
256
182
|
domains: Array<{
|
|
257
183
|
domainId: string;
|
|
258
184
|
domain: string;
|
|
@@ -263,10 +189,10 @@ type PublicSsoAdminApi = {
|
|
|
263
189
|
}>;
|
|
264
190
|
verification: {
|
|
265
191
|
request: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], args: {
|
|
266
|
-
|
|
192
|
+
connectionId: string;
|
|
267
193
|
domain: string;
|
|
268
194
|
}) => Promise<{
|
|
269
|
-
|
|
195
|
+
connectionId: string;
|
|
270
196
|
domain: string;
|
|
271
197
|
requestedAt: number;
|
|
272
198
|
expiresAt: number;
|
|
@@ -277,10 +203,10 @@ type PublicSsoAdminApi = {
|
|
|
277
203
|
};
|
|
278
204
|
}>;
|
|
279
205
|
confirm: (ctx: Parameters<InternalSsoApi["connection"]["create"]>[0], args: {
|
|
280
|
-
|
|
206
|
+
connectionId: string;
|
|
281
207
|
domain: string;
|
|
282
208
|
}) => Promise<{
|
|
283
|
-
|
|
209
|
+
connectionId: string;
|
|
284
210
|
domain: string;
|
|
285
211
|
verifiedAt?: number;
|
|
286
212
|
checks: Array<{
|
|
@@ -293,7 +219,7 @@ type PublicSsoAdminApi = {
|
|
|
293
219
|
};
|
|
294
220
|
};
|
|
295
221
|
oidc: Omit<InternalSsoApi["oidc"], "signIn">;
|
|
296
|
-
saml:
|
|
222
|
+
saml: InternalSsoApi["saml"];
|
|
297
223
|
policy: InternalSsoApi["policy"];
|
|
298
224
|
audit: {
|
|
299
225
|
list: InternalSsoApi["audit"]["list"];
|
|
@@ -304,27 +230,17 @@ type PublicSsoAdminApi = {
|
|
|
304
230
|
list: InternalSsoApi["webhook"]["delivery"]["list"];
|
|
305
231
|
};
|
|
306
232
|
};
|
|
307
|
-
|
|
308
|
-
type PublicSsoClientApi = {
|
|
309
|
-
signIn: InternalSsoApi["oidc"]["signIn"];
|
|
310
|
-
metadata: InternalSsoApi["saml"]["metadata"];
|
|
311
|
-
};
|
|
312
|
-
type PublicSsoApi = {
|
|
313
|
-
admin: PublicSsoAdminApi;
|
|
314
|
-
client: PublicSsoClientApi;
|
|
315
|
-
};
|
|
316
|
-
type PublicScimApi = {
|
|
317
|
-
admin: Omit<InternalSsoApi["scim"], "getConfigByToken" | "identity">;
|
|
233
|
+
scim: Omit<InternalSsoApi["scim"], "getConfigByToken" | "identity">;
|
|
318
234
|
};
|
|
319
235
|
/**
|
|
320
|
-
* Extended auth API that includes
|
|
236
|
+
* Extended auth API that includes group SSO and SCIM namespaces.
|
|
321
237
|
*
|
|
322
|
-
* This type is the union of {@link AuthApiBase} plus `sso`
|
|
323
|
-
* management, OIDC/SAML, domain verification,
|
|
324
|
-
*
|
|
325
|
-
* {@link createAuth} only when `
|
|
238
|
+
* This type is the union of {@link AuthApiBase} plus `group.sso`
|
|
239
|
+
* (SSO connection management, OIDC/SAML, SCIM, domain verification,
|
|
240
|
+
* policies, audit, and webhooks). It is returned by
|
|
241
|
+
* {@link createAuth} only when `sso()` is included in the providers
|
|
326
242
|
* array; otherwise the narrower {@link AuthApiBase} is returned instead.
|
|
327
|
-
* Attempting to access `auth.sso`
|
|
243
|
+
* Attempting to access `auth.group.sso` without an SSO provider
|
|
328
244
|
* produces a compile-time error because the return type narrows back to
|
|
329
245
|
* {@link AuthApiBase}.
|
|
330
246
|
*
|
|
@@ -332,18 +248,19 @@ type PublicScimApi = {
|
|
|
332
248
|
* {@link AuthApiBase} for typed role IDs and grant strings.
|
|
333
249
|
*/
|
|
334
250
|
type AuthApi<TAuthorization extends AuthAuthorizationConfig | undefined = undefined> = AuthApiBase<TAuthorization> & {
|
|
335
|
-
|
|
336
|
-
|
|
251
|
+
group: AuthApiBase<TAuthorization>["group"] & {
|
|
252
|
+
sso: PublicGroupSsoApi;
|
|
253
|
+
};
|
|
337
254
|
};
|
|
338
255
|
/**
|
|
339
256
|
* The return type of {@link createAuth}.
|
|
340
257
|
*
|
|
341
|
-
* Resolves to {@link AuthApi} (with `sso`
|
|
342
|
-
* `
|
|
258
|
+
* Resolves to {@link AuthApi} (with `group.sso` helpers) when
|
|
259
|
+
* `sso()` is present in the providers array, or to the narrower
|
|
343
260
|
* {@link AuthApiBase} otherwise. This conditional type ensures that
|
|
344
|
-
*
|
|
261
|
+
* group connection-only APIs are only accessible when the SSO provider is
|
|
345
262
|
* configured, producing a compile-time error if you try to access
|
|
346
|
-
* `auth.sso` without it.
|
|
263
|
+
* `auth.group.sso` without it.
|
|
347
264
|
* This lets application code keep a single `createAuth()` call while still
|
|
348
265
|
* getting provider-aware typing on the resulting API object.
|
|
349
266
|
*
|
|
@@ -369,98 +286,36 @@ type ConvexAuthResult<P extends AuthProviderConfig[], TAuthorization extends Aut
|
|
|
369
286
|
* @typeParam T - A ConvexAuthResult to extract the client API from.
|
|
370
287
|
*/
|
|
371
288
|
type InferClientApi<T> = T extends ConvexAuthResult<infer P> ? AuthApiRefs<HasPasskeyProvider<P>, HasTotpProvider<P>, HasDeviceProvider<P>> : AuthApiRefs;
|
|
372
|
-
declare function createAuth<P extends AuthProviderConfig[], TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(component: ConvexAuthConfig["component"], config: Omit<AuthConfig, "providers" | "authorization"> & {
|
|
373
|
-
providers: P;
|
|
374
|
-
authorization?: TAuthorization;
|
|
375
|
-
}): ConvexAuthResult<P, TAuthorization>;
|
|
376
|
-
/**
|
|
377
|
-
* Configuration for {@link createAuth().ctx} context enrichment.
|
|
378
|
-
*
|
|
379
|
-
* The same config shape is also used by {@link createAuth().context}.
|
|
380
|
-
*
|
|
381
|
-
* @typeParam TResolve - Extra fields returned from `resolve()` and merged into
|
|
382
|
-
* the resulting `ctx.auth` object.
|
|
383
|
-
*
|
|
384
|
-
* @example
|
|
385
|
-
* ```ts
|
|
386
|
-
* const authContext = await auth.context(ctx, {
|
|
387
|
-
* resolve: async (_ctx, user, authState) => ({
|
|
388
|
-
* email: user.email,
|
|
389
|
-
* canWrite: authState.grants.includes("posts.write"),
|
|
390
|
-
* }),
|
|
391
|
-
* });
|
|
392
|
-
* ```
|
|
393
|
-
*/
|
|
394
|
-
type AuthContextConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
|
|
395
|
-
/**
|
|
396
|
-
* Allow unauthenticated callers and return a null-shaped auth object instead
|
|
397
|
-
* of throwing `NOT_SIGNED_IN`.
|
|
398
|
-
*/
|
|
399
|
-
optional?: boolean;
|
|
400
|
-
/**
|
|
401
|
-
* Attach additional derived fields to the auth context after the base auth
|
|
402
|
-
* context is resolved.
|
|
403
|
-
*
|
|
404
|
-
* This callback runs only when a user is authenticated.
|
|
405
|
-
*/
|
|
406
|
-
resolve?: (ctx: any, user: UserDoc, auth: AuthContext) => Promise<TResolve> | TResolve;
|
|
407
|
-
/**
|
|
408
|
-
* Override or wrap the base auth resolution used by {@link createAuth().ctx}.
|
|
409
|
-
*
|
|
410
|
-
* Return `undefined` to fall back to the built-in resolver,
|
|
411
|
-
* `null` for an explicit unauthenticated state, or an
|
|
412
|
-
* {@link AuthContext} object to provide a pre-resolved auth state.
|
|
413
|
-
* This is useful for tests, proxy auth, impersonation flows, or any
|
|
414
|
-
* environment that needs to inject auth without depending on the standard
|
|
415
|
-
* Convex auth tables.
|
|
416
|
-
*
|
|
417
|
-
* @param ctx - The Convex function context.
|
|
418
|
-
* @param fallback - The built-in auth resolver used by {@link createAuth().ctx}.
|
|
419
|
-
* @returns Resolved auth state, `null`, or `undefined` to use the fallback.
|
|
420
|
-
*
|
|
421
|
-
* @example
|
|
422
|
-
* ```ts
|
|
423
|
-
* const authCtx = auth.ctx({
|
|
424
|
-
* authResolve: async (ctx, fallback) => {
|
|
425
|
-
* const injected = getInjectedAuth(ctx);
|
|
426
|
-
* return injected ?? (await fallback());
|
|
427
|
-
* },
|
|
428
|
-
* });
|
|
429
|
-
* ```
|
|
430
|
-
*/
|
|
431
|
-
authResolve?: (ctx: any, fallback: () => Promise<AuthContext | null>) => Promise<AuthContext | null | undefined> | AuthContext | null | undefined;
|
|
432
|
-
};
|
|
433
289
|
/**
|
|
434
|
-
*
|
|
290
|
+
* Create an auth API object.
|
|
435
291
|
*
|
|
436
|
-
*
|
|
437
|
-
*
|
|
438
|
-
*
|
|
439
|
-
* additional fields added by the `resolve` callback. This is the generic
|
|
440
|
-
* utility for reusing the enriched auth shape without manually duplicating
|
|
441
|
-
* conditional auth types.
|
|
292
|
+
* When `sso()` is included in providers, `auth.group.sso` is available
|
|
293
|
+
* on the returned object. Without it, that namespace is absent and
|
|
294
|
+
* accessing it is a TypeScript compile error.
|
|
442
295
|
*
|
|
443
|
-
* @
|
|
444
|
-
*
|
|
296
|
+
* @param component - The installed auth component reference from
|
|
297
|
+
* `components.auth` in your Convex app definition.
|
|
298
|
+
* @param config - Auth configuration including `providers` and optional
|
|
299
|
+
* `authorization`. All fields from {@link AuthConfig} are accepted
|
|
300
|
+
* except `component` (passed as the first argument).
|
|
301
|
+
* @returns A {@link ConvexAuthResult} object — either {@link AuthApi}
|
|
302
|
+
* (with `group.sso`) or {@link AuthApiBase}, depending on whether
|
|
303
|
+
* an SSO provider is present.
|
|
445
304
|
*
|
|
446
305
|
* @example
|
|
447
306
|
* ```ts
|
|
448
|
-
* const
|
|
449
|
-
*
|
|
307
|
+
* export const auth = createAuth(components.auth, {
|
|
308
|
+
* providers: [password(), google()],
|
|
309
|
+
* authorization: { roles },
|
|
450
310
|
* });
|
|
451
|
-
* type Auth = InferAuth<typeof authCtx>;
|
|
452
|
-
* // Auth = { userId: Id<"User">; user: UserDoc; getUserIdentity: ...; orgId: string }
|
|
453
311
|
* ```
|
|
454
312
|
*
|
|
455
|
-
* @see {@link
|
|
313
|
+
* @see {@link AuthContextConfig}
|
|
456
314
|
*/
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
};
|
|
462
|
-
}>;
|
|
463
|
-
}> = Awaited<ReturnType<T["input"]>>["ctx"]["auth"];
|
|
315
|
+
declare function createAuth<P extends AuthProviderConfig[], TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(component: ConvexAuthConfig["component"], config: Omit<AuthConfig, "providers" | "authorization"> & {
|
|
316
|
+
providers: P;
|
|
317
|
+
authorization?: TAuthorization;
|
|
318
|
+
}): ConvexAuthResult<P, TAuthorization>;
|
|
464
319
|
//#endregion
|
|
465
|
-
export { AuthApi, AuthApiBase,
|
|
320
|
+
export { AuthApi, AuthApiBase, ConvexAuthResult, InferClientApi, createAuth };
|
|
466
321
|
//# sourceMappingURL=auth.d.ts.map
|