@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,19 +1,14 @@
1
- import { createUnauthenticatedAuthContext, getAuthContext } from "./context.js";
1
+ import { assertAuthResolverContext, createAuthContextCustomization, createPublicAuthContext } from "./auth-context.js";
2
2
  import { Auth } from "./runtime.js";
3
- import { Cv } from "@robelest/fx/convex";
3
+ import { ConvexError } from "convex/values";
4
4
 
5
5
  //#region src/server/auth.ts
6
6
  /**
7
- * Auth configuration helpers for Convex Auth.
8
- *
9
- * @module
10
- */
11
- /**
12
7
  * Create an auth API object.
13
8
  *
14
- * When `new SSO()` is included in providers, `auth.sso` and `auth.scim`
15
- * are available on the returned object. Without it, those namespaces are
16
- * absent and accessing them is a TypeScript compile error.
9
+ * When `sso()` is included in providers, `auth.group.sso` is available
10
+ * on the returned object. Without it, that namespace is absent and
11
+ * accessing it is a TypeScript compile error.
17
12
  *
18
13
  * @param component - The installed auth component reference from
19
14
  * `components.auth` in your Convex app definition.
@@ -21,7 +16,7 @@ import { Cv } from "@robelest/fx/convex";
21
16
  * `authorization`. All fields from {@link AuthConfig} are accepted
22
17
  * except `component` (passed as the first argument).
23
18
  * @returns A {@link ConvexAuthResult} object — either {@link AuthApi}
24
- * (with `sso`/`scim`) or {@link AuthApiBase}, depending on whether
19
+ * (with `group.sso`) or {@link AuthApiBase}, depending on whether
25
20
  * an SSO provider is present.
26
21
  *
27
22
  * @example
@@ -34,29 +29,6 @@ import { Cv } from "@robelest/fx/convex";
34
29
  *
35
30
  * @see {@link AuthContextConfig}
36
31
  */
37
- async function resolveConfiguredAuthContext(auth, ctx, config) {
38
- const fallback = () => getAuthContext(auth, ctx);
39
- const authOverride = config?.authResolve ? await config.authResolve(ctx, fallback) : void 0;
40
- return authOverride === void 0 ? await fallback() : authOverride;
41
- }
42
- function createNotSignedInError() {
43
- return Cv.error({
44
- code: "NOT_SIGNED_IN",
45
- message: "Authentication required."
46
- });
47
- }
48
- async function createPublicAuthContext(auth, ctx, config) {
49
- const resolved = await resolveConfiguredAuthContext(auth, ctx, config);
50
- if (resolved === null) {
51
- if (config?.optional !== true) throw createNotSignedInError();
52
- return createUnauthenticatedAuthContext();
53
- }
54
- const extra = config?.resolve ? await config.resolve(ctx, resolved.user, resolved) : {};
55
- return {
56
- ...resolved,
57
- ...extra
58
- };
59
- }
60
32
  function createAuth(component, config) {
61
33
  const authResult = Auth({
62
34
  ...config,
@@ -64,11 +36,11 @@ function createAuth(component, config) {
64
36
  providers: [...config.providers]
65
37
  });
66
38
  const { domain: domainApi, scim: scimApi, connection: connectionApi, audit: auditApi, webhook: webhookApi, oidc: oidcApi, saml: samlApi, ...restSso } = authResult.auth.sso;
67
- const setEnterpriseDomains = async (ctx, enterpriseId, domains) => {
68
- const enterprise = await connectionApi.get(ctx, enterpriseId);
69
- if (enterprise === null) throw Cv.error({
39
+ const setGroupConnectionDomains = async (ctx, connectionId, domains) => {
40
+ const connection = await connectionApi.get(ctx, connectionId);
41
+ if (connection === null) throw new ConvexError({
70
42
  code: "INVALID_PARAMETERS",
71
- message: "Enterprise not found."
43
+ message: "Connection not found."
72
44
  });
73
45
  const normalized = domains.map((entry) => ({
74
46
  ...entry,
@@ -76,11 +48,11 @@ function createAuth(component, config) {
76
48
  }));
77
49
  const deduped = /* @__PURE__ */ new Map();
78
50
  for (const entry of normalized) {
79
- if (entry.domain.length === 0) throw Cv.error({
51
+ if (entry.domain.length === 0) throw new ConvexError({
80
52
  code: "INVALID_PARAMETERS",
81
53
  message: "Domain must not be empty."
82
54
  });
83
- if (deduped.has(entry.domain)) throw Cv.error({
55
+ if (deduped.has(entry.domain)) throw new ConvexError({
84
56
  code: "INVALID_PARAMETERS",
85
57
  message: `Duplicate domain: ${entry.domain}`
86
58
  });
@@ -88,7 +60,7 @@ function createAuth(component, config) {
88
60
  }
89
61
  const nextDomains = [...deduped.values()];
90
62
  const primaryCount = nextDomains.filter((entry) => entry.isPrimary).length;
91
- if (primaryCount > 1) throw Cv.error({
63
+ if (primaryCount > 1) throw new ConvexError({
92
64
  code: "INVALID_PARAMETERS",
93
65
  message: "Only one primary domain may be set."
94
66
  });
@@ -96,7 +68,7 @@ function createAuth(component, config) {
96
68
  ...nextDomains[0],
97
69
  isPrimary: true
98
70
  };
99
- const currentDomains = await domainApi.list(ctx, enterpriseId);
71
+ const currentDomains = await domainApi.list(ctx, connectionId);
100
72
  const currentByDomain = new Map(currentDomains.map((entry) => [entry.domain.toLowerCase(), entry]));
101
73
  for (const existing of currentDomains) if (!deduped.has(existing.domain.toLowerCase())) await domainApi.remove(ctx, existing._id);
102
74
  for (const nextDomain of nextDomains) {
@@ -104,54 +76,57 @@ function createAuth(component, config) {
104
76
  if (current && current.isPrimary === Boolean(nextDomain.isPrimary)) continue;
105
77
  if (current) await domainApi.remove(ctx, current._id);
106
78
  const domainId = await domainApi.add(ctx, {
107
- enterpriseId: enterprise._id,
108
- groupId: enterprise.groupId,
79
+ connectionId: connection._id,
80
+ groupId: connection.groupId,
109
81
  domain: nextDomain.domain,
110
- isPrimary: nextDomain.isPrimary
82
+ isPrimary: Boolean(nextDomain.isPrimary)
111
83
  });
112
- if (current?.verifiedAt !== void 0) await ctx.runMutation(component.public.enterpriseDomainVerify, {
84
+ if (current?.verifiedAt !== void 0) await ctx.runMutation(component.public.groupConnectionDomainVerify, {
113
85
  domainId,
114
86
  verifiedAt: current.verifiedAt
115
87
  });
116
88
  }
117
89
  return {
118
- enterpriseId,
119
- domains: (await domainApi.list(ctx, enterpriseId)).map((domain) => ({
90
+ connectionId,
91
+ domains: (await domainApi.list(ctx, connectionId)).map((domain) => ({
120
92
  domainId: domain._id,
121
93
  domain: domain.domain,
122
- isPrimary: domain.isPrimary,
94
+ isPrimary: Boolean(domain.isPrimary),
123
95
  verified: domain.verifiedAt !== void 0,
124
96
  verifiedAt: domain.verifiedAt ?? null
125
97
  }))
126
98
  };
127
99
  };
128
- const publicSso = {
129
- admin: {
130
- ...restSso,
131
- oidc: { ...oidcApi },
132
- saml: { ...samlApi },
133
- connection: {
134
- ...connectionApi,
135
- domain: {
136
- list: domainApi.list,
137
- validate: domainApi.validate,
138
- set: setEnterpriseDomains,
139
- verification: {
140
- request: domainApi.verification.request,
141
- confirm: domainApi.verification.confirm
142
- }
100
+ const publicGroupSso = {
101
+ ...restSso,
102
+ signIn: oidcApi.signIn,
103
+ metadata: samlApi.metadata,
104
+ oidc: { ...oidcApi },
105
+ saml: { ...samlApi },
106
+ connection: {
107
+ ...connectionApi,
108
+ domain: {
109
+ list: domainApi.list,
110
+ validate: domainApi.validate,
111
+ status: domainApi.status,
112
+ set: setGroupConnectionDomains,
113
+ verification: {
114
+ request: domainApi.verification.request,
115
+ confirm: domainApi.verification.confirm
143
116
  }
144
- },
145
- policy: restSso.policy,
146
- audit: { list: auditApi.list },
147
- webhook: {
148
- endpoint: webhookApi.endpoint,
149
- delivery: { list: webhookApi.delivery.list }
150
117
  }
151
118
  },
152
- client: {
153
- signIn: oidcApi.signIn,
154
- metadata: samlApi.metadata
119
+ policy: restSso.policy,
120
+ audit: { list: auditApi.list },
121
+ webhook: {
122
+ endpoint: webhookApi.endpoint,
123
+ delivery: { list: webhookApi.delivery.list }
124
+ },
125
+ scim: {
126
+ configure: scimApi.configure,
127
+ get: scimApi.get,
128
+ status: scimApi.status,
129
+ validate: scimApi.validate
155
130
  }
156
131
  };
157
132
  return {
@@ -162,92 +137,21 @@ function createAuth(component, config) {
162
137
  session: authResult.auth.session,
163
138
  provider: authResult.auth.provider,
164
139
  account: authResult.auth.account,
165
- group: authResult.auth.group,
140
+ group: {
141
+ ...authResult.auth.group,
142
+ sso: publicGroupSso
143
+ },
166
144
  member: authResult.auth.member,
167
145
  invite: authResult.auth.invite,
168
146
  key: authResult.auth.key,
169
- sso: publicSso,
170
- scim: { admin: {
171
- configure: scimApi.configure,
172
- get: scimApi.get,
173
- validate: scimApi.validate
174
- } },
175
147
  http: authResult.auth.http,
176
- context: ((ctx, config$1) => createPublicAuthContext(authResult.auth, ctx, config$1)),
148
+ context: ((ctx, config$1) => {
149
+ assertAuthResolverContext(ctx);
150
+ return createPublicAuthContext(authResult.auth, ctx, config$1);
151
+ }),
177
152
  ctx: ((config$1) => createAuthContextCustomization(authResult.auth, config$1))
178
153
  };
179
154
  }
180
- /**
181
- * Create a context enrichment for `customQuery` / `customMutation` — optional auth.
182
- *
183
- * When `optional: true` is set, unauthenticated requests are allowed.
184
- * The enriched `ctx.auth` will have `userId: null`, `user: null`,
185
- * `groupId: null`, `role: null`, and `grants: []` for unauthenticated callers.
186
- *
187
- * @param config - Configuration with `optional: true` and an optional
188
- * `resolve` callback for attaching extra fields to the auth context.
189
- * @returns An object with `args` and `input` compatible with Convex
190
- * custom function builders.
191
- *
192
- * @example
193
- * ```ts
194
- * const authCtx = auth.ctx({
195
- * optional: true,
196
- * resolve: async (_ctx, user) => ({ plan: user.extend?.plan ?? null }),
197
- * });
198
- * ```
199
- *
200
- * @see {@link createAuth}
201
- */
202
- /**
203
- * Create a context enrichment for `customQuery` / `customMutation` — required auth (default).
204
- *
205
- * When `optional` is omitted or `false`, unauthenticated requests throw a
206
- * structured `ConvexError` before your handler runs.
207
- *
208
- * @param config - Optional configuration with a `resolve` callback
209
- * for attaching extra fields to the auth context.
210
- * @returns An object with `args` and `input` compatible with Convex
211
- * custom function builders.
212
- *
213
- * @example
214
- * ```ts
215
- * const authCtx = auth.ctx({
216
- * resolve: async (_ctx, user) => ({ email: user.email }),
217
- * });
218
- * ```
219
- *
220
- * @see {@link createAuth}
221
- */
222
- function createAuthContextCustomization(auth, config) {
223
- return {
224
- args: {},
225
- input: async (ctx, _args, _extra) => {
226
- const nativeAuth = ctx.auth;
227
- const getUserIdentity = nativeAuth.getUserIdentity.bind(nativeAuth);
228
- const resolved = await resolveConfiguredAuthContext(auth, ctx, config);
229
- if (resolved === null) {
230
- if (config?.optional !== true) throw createNotSignedInError();
231
- return {
232
- ctx: { auth: {
233
- getUserIdentity,
234
- ...createUnauthenticatedAuthContext()
235
- } },
236
- args: {}
237
- };
238
- }
239
- const extra = config?.resolve ? await config.resolve(ctx, resolved.user, resolved) : {};
240
- return {
241
- ctx: { auth: {
242
- getUserIdentity,
243
- ...resolved,
244
- ...extra
245
- } },
246
- args: {}
247
- };
248
- }
249
- };
250
- }
251
155
 
252
156
  //#endregion
253
157
  export { createAuth };
@@ -0,0 +1,12 @@
1
+ import { GenericDataModel, GenericMutationCtx, GenericQueryCtx } from "convex/server";
2
+
3
+ //#region src/server/componentContext.d.ts
4
+ type ComponentReadCtx = {
5
+ runQuery: GenericQueryCtx<GenericDataModel>["runQuery"];
6
+ };
7
+ type ComponentCtx = ComponentReadCtx & {
8
+ runMutation: GenericMutationCtx<GenericDataModel>["runMutation"];
9
+ };
10
+ //#endregion
11
+ export { ComponentCtx, ComponentReadCtx };
12
+ //# sourceMappingURL=componentContext.d.ts.map
@@ -0,0 +1 @@
1
+ export { };
@@ -1,16 +1,7 @@
1
- import { isOAuthProvider } from "../providers/oauth.js";
2
-
3
1
  //#region src/server/config.ts
4
- /** Check if something is a new-style class provider with `_toMaterialized()`. */
5
- function isClassProvider(provider) {
6
- return typeof provider === "object" && provider !== null && typeof provider._toMaterialized === "function";
7
- }
8
2
  /**
9
3
  * Resolve raw provider configs into materialized form and apply defaults.
10
- *
11
- * @internal
12
4
  */
13
- /** @internal */
14
5
  function configDefaults(config_) {
15
6
  const config = materializeAndDefaultProviders(config_);
16
7
  const extraProviders = config.providers.filter((p) => p.type === "credentials").map((p) => p.extraProviders).flat().filter((p) => p !== void 0);
@@ -21,25 +12,8 @@ function configDefaults(config_) {
21
12
  };
22
13
  }
23
14
  /**
24
- * Materialize a single provider config into its runtime form.
25
- *
26
- * @internal
27
- */
28
- /** @internal */
29
- function materializeProvider(provider) {
30
- const config = {
31
- providers: [provider],
32
- component: {}
33
- };
34
- materializeAndDefaultProviders(config);
35
- return config.providers[0];
36
- }
37
- /**
38
15
  * List available provider IDs for error messages.
39
- *
40
- * @internal
41
16
  */
42
- /** @internal */
43
17
  function listAvailableProviders(config, allowExtraProviders) {
44
18
  const availableProviders = config.providers.concat(allowExtraProviders ? config.extraProviders : []).map((provider) => `\`${provider.id}\``);
45
19
  return availableProviders.length > 0 ? availableProviders.join(", ") : "no providers have been configured";
@@ -52,35 +26,12 @@ function materializeProviders(providers) {
52
26
  materializeAndDefaultProviders(config);
53
27
  return config.providers;
54
28
  }
55
- function decodeProviderMaterializationDispatch(raw) {
56
- if (isOAuthProvider(raw)) return {
57
- tag: "oauth",
58
- raw
59
- };
60
- if (isClassProvider(raw)) return {
61
- tag: "class",
62
- raw
63
- };
64
- return {
65
- tag: "factoryOrObject",
66
- raw
67
- };
68
- }
69
- function matchProviderMaterializationDispatch(dispatch, handlers) {
70
- return handlers[dispatch.tag](dispatch);
71
- }
72
29
  function materializeProviderConfig(raw) {
73
- return matchProviderMaterializationDispatch(decodeProviderMaterializationDispatch(raw), {
74
- oauth: (d) => materializeOAuthProvider(d.raw),
75
- class: (d) => d.raw._toMaterialized(),
76
- factoryOrObject: (d) => {
77
- const resolved = typeof d.raw === "function" ? d.raw() : d.raw;
78
- return resolved.options ? {
79
- ...resolved,
80
- ...resolved.options
81
- } : resolved;
82
- }
83
- });
30
+ const resolved = typeof raw === "function" ? raw() : raw;
31
+ return "options" in resolved && typeof resolved.options === "object" && resolved.options !== null ? {
32
+ ...resolved,
33
+ ...resolved.options
34
+ } : resolved;
84
35
  }
85
36
  function materializeAndDefaultProviders(config_) {
86
37
  const allProviders = [];
@@ -103,19 +54,7 @@ function normalizeAuthorizationConfig(authorization) {
103
54
  grants: Array.from(new Set(role.grants)).sort()
104
55
  }])) };
105
56
  }
106
- /**
107
- * Materialize an Arctic-based `OAuthProviderInstance` into the runtime config.
108
- */
109
- function materializeOAuthProvider(instance) {
110
- return {
111
- id: instance.id,
112
- type: "oauth",
113
- provider: instance.provider,
114
- scopes: instance.scopes,
115
- profile: instance.profile
116
- };
117
- }
118
57
 
119
58
  //#endregion
120
- export { configDefaults, listAvailableProviders, materializeProvider };
59
+ export { configDefaults, listAvailableProviders };
121
60
  //# sourceMappingURL=config.js.map
@@ -0,0 +1,6 @@
1
+ //#region src/server/constants.ts
2
+ const TOKEN_SUB_CLAIM_DIVIDER = "|";
3
+
4
+ //#endregion
5
+ export { TOKEN_SUB_CLAIM_DIVIDER };
6
+ //# sourceMappingURL=constants.js.map
@@ -0,0 +1,105 @@
1
+ import "./componentContext.js";
2
+ import "./types.js";
3
+
4
+ //#region src/server/contract.d.ts
5
+ type GroupConnectionRecord = {
6
+ _id: string;
7
+ _creationTime: number;
8
+ groupId: string;
9
+ slug?: string;
10
+ name?: string;
11
+ protocol: "oidc" | "saml";
12
+ status: "draft" | "active" | "disabled";
13
+ config?: unknown;
14
+ extend?: unknown;
15
+ };
16
+ type GroupConnectionDomainLookupRecord = {
17
+ connection: GroupConnectionRecord | null;
18
+ domain: ConnectionDomainRecord | null;
19
+ };
20
+ type GroupConnectionListResult = {
21
+ items: GroupConnectionRecord[];
22
+ nextCursor: string | null;
23
+ };
24
+ type ConnectionDomainRecord = {
25
+ _id: string;
26
+ _creationTime: number;
27
+ connectionId: string;
28
+ groupId: string;
29
+ domain: string;
30
+ isPrimary: boolean;
31
+ verifiedAt?: number;
32
+ };
33
+ type ScimConfigRecord = {
34
+ _id: string;
35
+ _creationTime: number;
36
+ connectionId: string;
37
+ groupId: string;
38
+ status: string;
39
+ basePath: string;
40
+ tokenHash: string;
41
+ lastRotatedAt?: number;
42
+ extend?: unknown;
43
+ };
44
+ type WebhookEndpointRecord = {
45
+ _id: string;
46
+ _creationTime: number;
47
+ connectionId: string;
48
+ groupId: string;
49
+ url: string;
50
+ status: string;
51
+ secretHash: string;
52
+ subscriptions: string[];
53
+ createdByUserId?: string;
54
+ lastSuccessAt?: number;
55
+ lastFailureAt?: number;
56
+ failureCount: number;
57
+ extend?: unknown;
58
+ };
59
+ type WebhookDeliveryRecord = {
60
+ _id: string;
61
+ _creationTime: number;
62
+ connectionId: string;
63
+ endpointId: string;
64
+ auditEventId?: string;
65
+ eventType: string;
66
+ status: string;
67
+ attemptCount: number;
68
+ nextAttemptAt: number;
69
+ lastAttemptAt?: number;
70
+ lastResponseStatus?: number;
71
+ lastError?: string;
72
+ payload: unknown;
73
+ };
74
+ type ScimIdentityRecord = {
75
+ _id: string;
76
+ _creationTime: number;
77
+ connectionId: string;
78
+ groupId: string;
79
+ resourceType: string;
80
+ externalId: string;
81
+ userId?: string;
82
+ mappedGroupId?: string;
83
+ active?: boolean;
84
+ raw?: Record<string, unknown>;
85
+ lastProvisionedAt?: number;
86
+ };
87
+ type AuditEventRecord = {
88
+ _id: string;
89
+ _creationTime: number;
90
+ connectionId?: string;
91
+ groupId: string;
92
+ eventType: string;
93
+ actorType: string;
94
+ actorId?: string;
95
+ subjectType: string;
96
+ subjectId?: string;
97
+ status: string;
98
+ occurredAt: number;
99
+ requestId?: string;
100
+ ip?: string;
101
+ metadata?: Record<string, unknown>;
102
+ };
103
+ //#endregion
104
+ export { AuditEventRecord, ConnectionDomainRecord, GroupConnectionDomainLookupRecord, GroupConnectionListResult, GroupConnectionRecord, ScimConfigRecord, ScimIdentityRecord, WebhookDeliveryRecord, WebhookEndpointRecord };
105
+ //# sourceMappingURL=contract.d.ts.map
@@ -0,0 +1,43 @@
1
+ //#region src/server/contract.ts
2
+ const query = (ctx, ref, args) => ctx.runQuery(ref, args);
3
+ const mutate = (ctx, ref, args) => ctx.runMutation(ref, args);
4
+ const getGroupConnection = (ctx, componentPublic, connectionId) => query(ctx, componentPublic.groupConnectionGet, { connectionId });
5
+ const getGroupConnectionByDomain = (ctx, componentPublic, domain) => query(ctx, componentPublic.groupConnectionGetByDomain, { domain });
6
+ const listGroupConnections = (ctx, componentPublic, args) => query(ctx, componentPublic.groupConnectionList, args);
7
+ const createGroupConnection = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionCreate, args);
8
+ const updateGroupConnection = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionUpdate, args);
9
+ const deleteGroupConnection = (ctx, componentPublic, connectionId) => mutate(ctx, componentPublic.groupConnectionDelete, { connectionId });
10
+ const getGroup = (ctx, componentPublic, groupId) => query(ctx, componentPublic.groupGet, { groupId });
11
+ const listConnectionDomains = (ctx, componentPublic, connectionId) => query(ctx, componentPublic.groupConnectionDomainList, { connectionId });
12
+ const addConnectionDomain = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionDomainAdd, args);
13
+ const deleteConnectionDomain = (ctx, componentPublic, domainId) => mutate(ctx, componentPublic.groupConnectionDomainDelete, { domainId });
14
+ const getScimConfigByConnection = (ctx, componentPublic, connectionId) => query(ctx, componentPublic.groupConnectionScimConfigGetByGroupConnection, { connectionId });
15
+ const getScimConfigByTokenHash = (ctx, componentPublic, tokenHash) => query(ctx, componentPublic.groupConnectionScimConfigGetByTokenHash, { tokenHash });
16
+ const upsertScimConfig = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionScimConfigUpsert, args);
17
+ const getConnectionDomainVerification = (ctx, componentPublic, domainId) => query(ctx, componentPublic.groupConnectionDomainVerificationGet, { domainId });
18
+ const upsertConnectionDomainVerification = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionDomainVerificationUpsert, args);
19
+ const deleteConnectionDomainVerification = (ctx, componentPublic, domainId) => mutate(ctx, componentPublic.groupConnectionDomainVerificationDelete, { domainId });
20
+ const verifyConnectionDomain = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionDomainVerify, args);
21
+ const getGroupConnectionSecret = (ctx, componentPublic, args) => query(ctx, componentPublic.groupConnectionSecretGet, args);
22
+ const upsertGroupConnectionSecret = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionSecretUpsert, args);
23
+ const listWebhookEndpoints = (ctx, componentPublic, connectionId) => query(ctx, componentPublic.groupWebhookEndpointList, { connectionId });
24
+ const listWebhookDeliveries = (ctx, componentPublic, args) => query(ctx, componentPublic["groupWebhookDeliveryList"], args);
25
+ const listScimIdentitiesByConnection = (ctx, componentPublic, connectionId) => query(ctx, componentPublic.groupConnectionScimIdentityListByGroupConnection, { connectionId });
26
+ const getScimIdentityByConnectionAndUser = (ctx, componentPublic, args) => query(ctx, componentPublic.groupConnectionScimIdentityGetByGroupConnectionAndUser, args);
27
+ const getScimIdentityByMappedGroup = (ctx, componentPublic, mappedGroupId) => query(ctx, componentPublic.groupConnectionScimIdentityGetByMappedGroup, { mappedGroupId });
28
+ const upsertScimIdentity = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupConnectionScimIdentityUpsert, args);
29
+ const deleteScimIdentity = (ctx, componentPublic, identityId) => mutate(ctx, componentPublic.groupConnectionScimIdentityDelete, { identityId });
30
+ const insertAccount = (ctx, componentPublic, args) => mutate(ctx, componentPublic.accountInsert, args);
31
+ const insertUser = (ctx, componentPublic, data) => mutate(ctx, componentPublic.userInsert, { data });
32
+ const patchUser = (ctx, componentPublic, args) => mutate(ctx, componentPublic.userPatch, args);
33
+ const getScimIdentity = (ctx, componentPublic, args) => query(ctx, componentPublic.groupConnectionScimIdentityGet, args);
34
+ const listAuditEvents = (ctx, componentPublic, args) => query(ctx, componentPublic.groupAuditEventList, args);
35
+ const getWebhookEndpoint = (ctx, componentPublic, endpointId) => query(ctx, componentPublic.groupWebhookEndpointGet, { endpointId });
36
+ const createWebhookEndpoint = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupWebhookEndpointCreate, args);
37
+ const updateWebhookEndpoint = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupWebhookEndpointUpdate, args);
38
+ const listReadyWebhookDeliveries = (ctx, componentPublic, args) => query(ctx, componentPublic.groupWebhookDeliveryListReady, args);
39
+ const patchWebhookDelivery = (ctx, componentPublic, args) => mutate(ctx, componentPublic.groupWebhookDeliveryPatch, args);
40
+
41
+ //#endregion
42
+ export { addConnectionDomain, createGroupConnection, createWebhookEndpoint, deleteConnectionDomain, deleteConnectionDomainVerification, deleteGroupConnection, deleteScimIdentity, getConnectionDomainVerification, getGroup, getGroupConnection, getGroupConnectionByDomain, getGroupConnectionSecret, getScimConfigByConnection, getScimConfigByTokenHash, getScimIdentity, getScimIdentityByConnectionAndUser, getScimIdentityByMappedGroup, getWebhookEndpoint, insertAccount, insertUser, listAuditEvents, listConnectionDomains, listGroupConnections, listReadyWebhookDeliveries, listScimIdentitiesByConnection, listWebhookDeliveries, listWebhookEndpoints, patchUser, patchWebhookDelivery, updateGroupConnection, updateWebhookEndpoint, upsertConnectionDomainVerification, upsertGroupConnectionSecret, upsertScimConfig, upsertScimIdentity, verifyConnectionDomain };
43
+ //# sourceMappingURL=contract.js.map
@@ -1,4 +1,5 @@
1
- import { isLocalHost } from "./utils.js";
1
+ import { envOptionalString, readConfigSync } from "./env.js";
2
+ import { isLocalHost } from "./url.js";
2
3
 
3
4
  //#region src/server/cookies.ts
4
5
  /** @internal */
@@ -39,7 +40,7 @@ function useRedirectToParam(providerId, cookies) {
39
40
  };
40
41
  }
41
42
  function redirectToParamCookieName(providerId) {
42
- return (!isLocalHost(process.env.CONVEX_SITE_URL) ? "__Host-" : "") + providerId + "RedirectTo";
43
+ return (!isLocalHost(readConfigSync(envOptionalString("CONVEX_SITE_URL")) ?? void 0) ? "__Host-" : "") + providerId + "RedirectTo";
43
44
  }
44
45
 
45
46
  //#endregion