@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,35 +1,60 @@
1
- import { generateRandomString, requireEnv } from "./utils.js";
1
+ import { generateRandomString } from "./random.js";
2
+ import { envOptionalString, readConfigSync, requireEnv } from "./env.js";
3
+ import { log } from "./log.js";
2
4
  import { callCreateVerificationCode } from "./mutations/code.js";
5
+ import { withSpan } from "./utils/span.js";
3
6
  import { callRefreshSession } from "./mutations/refresh.js";
4
- import { callVerifierSignature } from "./mutations/signature.js";
5
7
  import { callSignIn } from "./mutations/signin.js";
6
8
  import { callVerifier } from "./mutations/verifier.js";
7
9
  import { callVerifyCodeAndSignIn } from "./mutations/verify.js";
10
+ import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
11
+ import { authFlowError } from "../shared/errors.js";
12
+ import { toConvexError } from "./errors.js";
8
13
  import { queryTotpVerifiedByUserId } from "./types.js";
9
14
  import { handleDevice } from "./device.js";
10
15
  import { handlePasskeyFx } from "./passkey.js";
11
- import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
12
16
  import { handleTotp } from "./totp.js";
13
- import { Fx } from "@robelest/fx";
14
- import { Cv } from "@robelest/fx/convex";
17
+ import { ConvexError } from "convex/values";
15
18
 
16
19
  //#region src/server/signin.ts
17
20
  const DEFAULT_EMAIL_VERIFICATION_CODE_DURATION_S = 3600 * 24;
18
- /** @internal */
21
+ const normalizeVerificationParams = (params) => {
22
+ const value = params ?? {};
23
+ return {
24
+ email: typeof value.email === "string" ? value.email : void 0,
25
+ phone: typeof value.phone === "string" ? value.phone : void 0,
26
+ redirectTo: value.redirectTo,
27
+ connectionId: value.connectionId,
28
+ loginHint: value.loginHint,
29
+ protocol: value.protocol,
30
+ code: value.code
31
+ };
32
+ };
33
+ const describeUnknown = (value) => {
34
+ if (typeof value === "string") return JSON.stringify(value);
35
+ if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint" || value === null) return String(value);
36
+ return JSON.stringify(value) ?? Object.prototype.toString.call(value);
37
+ };
38
+ const asConvexError = (error, code, message) => error instanceof ConvexError ? error : toConvexError(authFlowError(code, message));
39
+ const asCredentialsError = (error) => {
40
+ if (error instanceof ConvexError) return error;
41
+ if (error instanceof Error) return new ConvexError({
42
+ code: error.message.startsWith("Missing `") ? "INVALID_PARAMETERS" : "INVALID_CREDENTIALS",
43
+ message: error.message
44
+ });
45
+ return toConvexError(authFlowError("INTERNAL_ERROR", "Failed to authorize credentials."));
46
+ };
19
47
  async function signInImpl(ctx, provider, args, options) {
20
- const fx = signInFx(ctx, provider, args, options);
21
- return Fx.run(fx.pipe(Fx.recover((e) => Fx.fatal(e))));
48
+ return signInFx(ctx, provider, args, options);
22
49
  }
23
- /**
24
- * Core sign-in pipeline as an Fx generator.
25
- *
26
- * Handles: refresh tokens, verification codes, then dispatches by
27
- * provider type using a dispatch map (no if-chain).
28
- */
29
- function signInFx(ctx, provider, args, options) {
30
- return Fx.gen(function* () {
31
- if (provider === null && args.refreshToken) {
32
- const tokens = yield* Fx.promise(() => callRefreshSession(ctx, { refreshToken: args.refreshToken }));
50
+ async function signInFx(ctx, provider, args, options) {
51
+ return withSpan("convex-auth.signin", {
52
+ hasProvider: provider !== null,
53
+ hasCode: args.params?.code !== void 0,
54
+ hasRefreshToken: args.refreshToken !== void 0
55
+ }, async () => {
56
+ if (provider === null && args.refreshToken) try {
57
+ const tokens = await callRefreshSession(ctx, { refreshToken: args.refreshToken });
33
58
  if (tokens === null) return {
34
59
  kind: "signedIn",
35
60
  signedIn: null
@@ -38,154 +63,201 @@ function signInFx(ctx, provider, args, options) {
38
63
  kind: "refreshTokens",
39
64
  signedIn: { tokens }
40
65
  };
66
+ } catch (error) {
67
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to refresh session.");
41
68
  }
42
- if (provider === null && args.params?.code !== void 0) return {
43
- kind: "signedIn",
44
- signedIn: yield* Fx.promise(() => callVerifyCodeAndSignIn(ctx, {
45
- params: args.params,
46
- verifier: args.verifier,
47
- generateTokens: true,
48
- allowExtraProviders: options.allowExtraProviders
49
- }))
50
- };
51
- const resolvedProvider = yield* provider != null ? Fx.succeed(provider) : Cv.fail({
52
- code: "SIGN_IN_MISSING_PARAMS",
53
- message: "Cannot sign in: missing provider, code, or refresh token."
54
- });
55
- return yield* Fx.match(resolvedProvider).on("type", {
56
- email: (p) => handleEmailAndPhoneProviderFx(ctx, p, args, options),
57
- phone: (p) => handleEmailAndPhoneProviderFx(ctx, p, args, options),
58
- credentials: (p) => handleCredentialsFx(ctx, p, args, options),
59
- oauth: (p) => handleOAuthProviderFx(ctx, p, args, options),
60
- passkey: (p) => handlePasskeyFx(ctx, p, args),
61
- totp: (p) => handleTotp(ctx, p, args),
62
- device: (p) => handleDevice(ctx, p, args),
63
- sso: (_p) => handleSsoProviderFx(ctx, args)
64
- });
69
+ if (provider === null && args.params?.code !== void 0) try {
70
+ return {
71
+ kind: "signedIn",
72
+ signedIn: await callVerifyCodeAndSignIn(ctx, {
73
+ params: args.params,
74
+ verifier: args.verifier,
75
+ generateTokens: true,
76
+ allowExtraProviders: options.allowExtraProviders
77
+ })
78
+ };
79
+ } catch (error) {
80
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to verify sign-in code.");
81
+ }
82
+ const resolvedProvider = provider;
83
+ if (resolvedProvider === null) throw toConvexError(authFlowError("SIGN_IN_MISSING_PARAMS", "Cannot sign in: missing provider, code, or refresh token."));
84
+ const handler = {
85
+ email: () => handleEmailAndPhoneProviderFx(ctx, resolvedProvider, args, options),
86
+ phone: () => handleEmailAndPhoneProviderFx(ctx, resolvedProvider, args, options),
87
+ credentials: () => handleCredentialsFx(ctx, resolvedProvider, args, options),
88
+ oauth: () => handleOAuthProviderFx(ctx, resolvedProvider, args, options),
89
+ passkey: () => handlePasskeyFx(ctx, resolvedProvider, args),
90
+ totp: () => handleTotp(ctx, resolvedProvider, args),
91
+ device: () => handleDevice(ctx, resolvedProvider, args),
92
+ sso: () => handleSsoProviderFx(ctx, args, options)
93
+ }[resolvedProvider.type];
94
+ if (!handler) throw toConvexError(authFlowError("SIGN_IN_MISSING_PARAMS", `Unknown provider type: ${resolvedProvider.type}`));
95
+ return handler();
65
96
  });
66
97
  }
67
- function handleEmailAndPhoneProviderFx(ctx, provider, args, options) {
68
- return Fx.gen(function* () {
98
+ async function handleEmailAndPhoneProviderFx(ctx, provider, args, options) {
99
+ return withSpan(`convex-auth.signin.${provider.type}`, {}, async () => {
100
+ const normalizedParams = normalizeVerificationParams(args.params);
69
101
  if (args.params?.code !== void 0) {
70
- const result = yield* Fx.promise(() => callVerifyCodeAndSignIn(ctx, {
71
- params: args.params,
72
- provider: provider.id,
73
- generateTokens: options.generateTokens,
74
- allowExtraProviders: options.allowExtraProviders
75
- }));
102
+ let result;
103
+ try {
104
+ result = await callVerifyCodeAndSignIn(ctx, {
105
+ params: args.params,
106
+ provider: provider.id,
107
+ generateTokens: options.generateTokens,
108
+ allowExtraProviders: options.allowExtraProviders
109
+ });
110
+ } catch (error) {
111
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to verify email or phone code.");
112
+ }
113
+ if (result === null) throw toConvexError(authFlowError("INVALID_VERIFICATION_CODE", "Invalid or expired verification code."));
76
114
  return {
77
115
  kind: "signedIn",
78
- signedIn: yield* result != null ? Fx.succeed(result) : Cv.fail({
79
- code: "INVALID_VERIFICATION_CODE",
80
- message: "Invalid or expired verification code."
81
- })
116
+ signedIn: result
82
117
  };
83
118
  }
84
- const code = provider.generateVerificationToken ? yield* Fx.from({
85
- ok: async () => provider.generateVerificationToken(),
86
- err: () => Cv.error({
87
- code: "INTERNAL_ERROR",
88
- message: "Failed to generate verification token"
89
- })
90
- }) : generateRandomString(32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
119
+ const alphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
120
+ let code;
121
+ if (provider.generateVerificationToken) try {
122
+ code = await provider.generateVerificationToken();
123
+ } catch {
124
+ throw toConvexError(authFlowError("INTERNAL_ERROR", "Failed to generate verification token"));
125
+ }
126
+ else code = generateRandomString(32, alphabet);
91
127
  const expirationTime = Date.now() + (provider.maxAge ?? DEFAULT_EMAIL_VERIFICATION_CODE_DURATION_S) * 1e3;
92
- const verificationArgs = {
93
- identifier: yield* Fx.promise(() => callCreateVerificationCode(ctx, {
128
+ let identifier;
129
+ try {
130
+ identifier = await callCreateVerificationCode(ctx, {
94
131
  provider: provider.id,
95
132
  accountId: args.accountId,
96
- email: args.params?.email,
97
- phone: args.params?.phone,
133
+ email: normalizedParams.email,
134
+ phone: normalizedParams.phone,
98
135
  code,
99
136
  expirationTime,
100
137
  allowExtraProviders: options.allowExtraProviders
101
- })),
102
- url: setURLSearchParam(yield* Fx.promise(() => redirectAbsoluteUrl(ctx.auth.config, args.params ?? {})), "code", code),
138
+ });
139
+ } catch (error) {
140
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to create verification code.");
141
+ }
142
+ let destination;
143
+ try {
144
+ destination = await redirectAbsoluteUrl(ctx.auth.config, args.params ?? {});
145
+ } catch (error) {
146
+ throw asConvexError(error, "INVALID_REDIRECT", "Failed to resolve redirect URL.");
147
+ }
148
+ const verificationArgs = {
149
+ identifier,
150
+ url: setURLSearchParam(destination, "code", code),
103
151
  token: code,
104
152
  expires: new Date(expirationTime)
105
153
  };
106
- yield* Fx.match(provider).on("type", {
107
- email: (p) => Fx.from({
108
- ok: async () => p.sendVerificationRequest({
109
- ...verificationArgs,
110
- provider: p,
111
- request: new Request("http://localhost")
112
- }, ctx),
113
- err: () => Cv.error({
114
- code: "INTERNAL_ERROR",
115
- message: "Failed to send email code"
116
- })
117
- }),
118
- phone: (p) => Fx.from({
119
- ok: async () => p.sendVerificationRequest({
120
- ...verificationArgs,
121
- provider: p
122
- }, ctx),
123
- err: () => Cv.error({
124
- code: "INTERNAL_ERROR",
125
- message: "Failed to send phone code"
126
- })
127
- })
128
- });
154
+ if (provider.type === "email") try {
155
+ await provider.sendVerificationRequest({
156
+ ...verificationArgs,
157
+ provider,
158
+ request: new Request("http://localhost")
159
+ }, ctx);
160
+ } catch {
161
+ throw toConvexError(authFlowError("INTERNAL_ERROR", "Failed to send email code"));
162
+ }
163
+ else try {
164
+ await provider.sendVerificationRequest({
165
+ ...verificationArgs,
166
+ provider
167
+ }, ctx);
168
+ } catch {
169
+ throw toConvexError(authFlowError("INTERNAL_ERROR", "Failed to send phone code"));
170
+ }
129
171
  return {
130
172
  kind: "started",
131
173
  started: true
132
174
  };
133
175
  });
134
176
  }
135
- function handleCredentialsFx(ctx, provider, args, options) {
136
- return Fx.gen(function* () {
137
- const result = yield* Fx.promise(() => provider.authorize(args.params ?? {}, ctx));
177
+ async function handleCredentialsFx(ctx, provider, args, options) {
178
+ return withSpan("convex-auth.signin.credentials", {}, async () => {
179
+ let result;
180
+ try {
181
+ result = await provider.authorize(args.params ?? {}, ctx);
182
+ } catch (error) {
183
+ throw asCredentialsError(error);
184
+ }
138
185
  if (result === null) return {
139
186
  kind: "signedIn",
140
187
  signedIn: null
141
188
  };
142
- if (yield* Fx.promise(async () => {
143
- return await queryTotpVerifiedByUserId(ctx, result.userId) !== null;
144
- })) {
145
- yield* Fx.promise(() => callSignIn(ctx, {
146
- userId: result.userId,
147
- sessionId: result.sessionId,
148
- generateTokens: false
149
- }));
150
- const verifier = yield* Fx.promise(() => callVerifier(ctx));
151
- yield* Fx.promise(() => callVerifierSignature(ctx, {
152
- verifier,
153
- signature: JSON.stringify({ userId: result.userId })
154
- }));
189
+ let hasTotpEnrolled;
190
+ try {
191
+ hasTotpEnrolled = await queryTotpVerifiedByUserId(ctx, result.userId) !== null;
192
+ } catch (error) {
193
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to load TOTP enrollment.");
194
+ }
195
+ if (hasTotpEnrolled) {
196
+ try {
197
+ await callSignIn(ctx, {
198
+ userId: result.userId,
199
+ sessionId: result.sessionId,
200
+ generateTokens: false
201
+ });
202
+ } catch (error) {
203
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to start TOTP sign-in.");
204
+ }
205
+ let verifier;
206
+ try {
207
+ verifier = await callVerifier(ctx, JSON.stringify({ userId: result.userId }));
208
+ } catch (error) {
209
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to create verifier.");
210
+ }
155
211
  return {
156
212
  kind: "totpRequired",
157
213
  verifier
158
214
  };
159
215
  }
160
- return {
161
- kind: "signedIn",
162
- signedIn: yield* Fx.promise(() => callSignIn(ctx, {
216
+ let idsAndTokens;
217
+ try {
218
+ idsAndTokens = await callSignIn(ctx, {
163
219
  userId: result.userId,
164
220
  sessionId: result.sessionId,
165
221
  generateTokens: options.generateTokens
166
- }))
222
+ });
223
+ } catch (error) {
224
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to complete sign-in.");
225
+ }
226
+ return {
227
+ kind: "signedIn",
228
+ signedIn: idsAndTokens
167
229
  };
168
230
  });
169
231
  }
170
- function handleOAuthProviderFx(ctx, provider, args, options) {
171
- return Fx.gen(function* () {
172
- if (args.params?.code !== void 0) return {
173
- kind: "signedIn",
174
- signedIn: yield* Fx.promise(() => callVerifyCodeAndSignIn(ctx, {
175
- params: args.params,
176
- verifier: args.verifier,
177
- generateTokens: true,
178
- allowExtraProviders: options.allowExtraProviders
179
- }))
180
- };
181
- const redirect = new URL((process.env.CUSTOM_AUTH_SITE_URL ?? requireEnv("CONVEX_SITE_URL")) + `/api/auth/signin/${provider.id}`);
182
- const verifier = yield* Fx.promise(() => callVerifier(ctx));
232
+ async function handleOAuthProviderFx(ctx, provider, args, options) {
233
+ return withSpan(`convex-auth.signin.oauth`, { provider: provider.id }, async () => {
234
+ if (args.params?.code !== void 0) {
235
+ let result;
236
+ try {
237
+ result = await callVerifyCodeAndSignIn(ctx, {
238
+ params: args.params,
239
+ verifier: args.verifier,
240
+ generateTokens: true,
241
+ allowExtraProviders: options.allowExtraProviders
242
+ });
243
+ } catch (error) {
244
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to verify OAuth sign-in.");
245
+ }
246
+ return {
247
+ kind: "signedIn",
248
+ signedIn: result
249
+ };
250
+ }
251
+ const redirect = new URL((readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? requireEnv("CONVEX_SITE_URL")) + `/api/auth/signin/${provider.id}`);
252
+ let verifier;
253
+ try {
254
+ verifier = await callVerifier(ctx);
255
+ } catch (error) {
256
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to create verifier.");
257
+ }
183
258
  redirect.searchParams.set("code", verifier);
184
259
  if (args.params?.redirectTo !== void 0) {
185
- yield* Fx.guard(typeof args.params.redirectTo !== "string", Cv.fail({
186
- code: "INVALID_REDIRECT",
187
- message: `Expected \`redirectTo\` to be a string, got ${args.params.redirectTo}`
188
- }));
260
+ if (typeof args.params.redirectTo !== "string") throw toConvexError(authFlowError("INVALID_REDIRECT", `Expected \`redirectTo\` to be a string, got ${describeUnknown(args.params.redirectTo)}`));
189
261
  redirect.searchParams.set("redirectTo", args.params.redirectTo);
190
262
  }
191
263
  return {
@@ -195,23 +267,40 @@ function handleOAuthProviderFx(ctx, provider, args, options) {
195
267
  };
196
268
  });
197
269
  }
198
- function handleSsoProviderFx(ctx, args) {
199
- return Fx.gen(function* () {
200
- const enterpriseId = args.params?.enterpriseId;
201
- if (!enterpriseId || typeof enterpriseId !== "string") return yield* Cv.fail({
202
- code: "SIGN_IN_MISSING_PARAMS",
203
- message: "enterpriseId is required for SSO sign-in."
204
- });
205
- const protocol = args.params?.protocol ?? "oidc";
206
- if (protocol !== "oidc" && protocol !== "saml") return yield* Cv.fail({
207
- code: "SIGN_IN_MISSING_PARAMS",
208
- message: `Invalid SSO protocol: ${protocol}. Expected "oidc" or "saml".`
270
+ async function handleSsoProviderFx(ctx, args, options) {
271
+ return withSpan("convex-auth.signin.sso", {}, async () => {
272
+ const normalizedParams = normalizeVerificationParams(args.params);
273
+ const connectionId = normalizedParams.connectionId;
274
+ if (!connectionId || typeof connectionId !== "string") throw toConvexError(authFlowError("SIGN_IN_MISSING_PARAMS", "connectionId is required for SSO sign-in."));
275
+ let protocol = (normalizedParams.protocol === "oidc" || normalizedParams.protocol === "saml" ? normalizedParams.protocol : void 0) ?? (options.resolveSsoProtocol ? await (async () => {
276
+ try {
277
+ return await options.resolveSsoProtocol(ctx, connectionId);
278
+ } catch (error) {
279
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to resolve SSO protocol.");
280
+ }
281
+ })() : "oidc");
282
+ log("DEBUG", "[group-sso] signin:resolved", {
283
+ connectionId,
284
+ protocol,
285
+ redirectTo: typeof args.params?.redirectTo === "string" ? args.params.redirectTo : void 0
209
286
  });
210
- const verifier = yield* Fx.promise(() => callVerifier(ctx));
211
- const siteUrl = process.env.CUSTOM_AUTH_SITE_URL ?? requireEnv("CONVEX_SITE_URL");
212
- const redirect = new URL(`${siteUrl}/api/auth/sso/${enterpriseId}/${protocol}/signin`);
287
+ if (protocol !== "oidc" && protocol !== "saml") throw toConvexError(authFlowError("SIGN_IN_MISSING_PARAMS", `Invalid SSO protocol: ${protocol}. Expected "oidc" or "saml".`));
288
+ let verifier;
289
+ try {
290
+ verifier = await callVerifier(ctx);
291
+ } catch (error) {
292
+ throw asConvexError(error, "INTERNAL_ERROR", "Failed to create verifier.");
293
+ }
294
+ const siteUrl = readConfigSync(envOptionalString("CUSTOM_AUTH_SITE_URL")) ?? requireEnv("CONVEX_SITE_URL");
295
+ const redirect = new URL(`${siteUrl}/api/auth/connections/${connectionId}/${protocol}/signin`);
213
296
  redirect.searchParams.set("code", verifier);
214
297
  if (typeof args.params?.redirectTo === "string") redirect.searchParams.set("redirectTo", args.params.redirectTo);
298
+ if (typeof normalizedParams.loginHint === "string") redirect.searchParams.set("loginHint", normalizedParams.loginHint);
299
+ log("DEBUG", "[group-sso] signin:redirect", {
300
+ connectionId,
301
+ protocol,
302
+ redirect: redirect.toString()
303
+ });
215
304
  return {
216
305
  kind: "redirect",
217
306
  redirect: redirect.toString(),
@@ -1,6 +1,6 @@
1
1
  import { asRecord } from "./shared.js";
2
2
 
3
- //#region src/server/enterprise/config.ts
3
+ //#region src/server/sso/config.ts
4
4
  const getProtocolConfig = (config, protocol) => {
5
5
  const base = asRecord(config);
6
6
  const direct = base?.[protocol];
@@ -13,8 +13,15 @@ function getOidcConfig(config) {
13
13
  }
14
14
  /** @internal */
15
15
  function getPublicOidcConfig(config) {
16
- const { clientSecret: _clientSecret, ...publicOidc } = getOidcConfig(config);
17
- return publicOidc;
16
+ const oidc = getOidcConfig(config);
17
+ const client = typeof oidc.client === "object" && oidc.client !== null ? oidc.client : void 0;
18
+ return {
19
+ ...oidc,
20
+ ...client ? { client: {
21
+ ...client,
22
+ secret: void 0
23
+ } } : {}
24
+ };
18
25
  }
19
26
  /** @internal */
20
27
  function withOidcSecretState(config, hasClientSecret) {