@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -0,0 +1,614 @@
1
+ import { ComponentCtx, ComponentReadCtx } from "../componentContext.js";
2
+ import { ConvexAuthMaterializedConfig, GroupConnectionDeprovisionMode, GroupConnectionPolicy, GroupConnectionPolicyPatch, OIDCClaimMapping } from "../types.js";
3
+ import { AuditEventRecord, ConnectionDomainRecord, GroupConnectionDomainLookupRecord, GroupConnectionListResult, GroupConnectionRecord, ScimConfigRecord, ScimIdentityRecord, WebhookDeliveryRecord, WebhookEndpointRecord } from "../contract.js";
4
+ import { GenericActionCtx, GenericDataModel } from "convex/server";
5
+
6
+ //#region src/server/sso/domain.d.ts
7
+ type DomainDeps = {
8
+ config: ConvexAuthMaterializedConfig & {
9
+ extraProviders?: unknown[];
10
+ };
11
+ connectionNotFoundError: string;
12
+ GROUP_CONNECTION_OIDC_CLIENT_SECRET_KIND: "oidc_client_secret";
13
+ requireEnv: (name: string) => string;
14
+ generateRandomString: (length: number, alphabet: string) => string;
15
+ INVITE_TOKEN_ALPHABET: string;
16
+ sha256: (input: string) => Promise<string>;
17
+ encryptSecret: (value: string) => Promise<string>;
18
+ sharedOidcRedirectURI?: string;
19
+ getGroupConnectionSecret: (ctx: ComponentReadCtx, connectionId: string, kind: "oidc_client_secret") => Promise<Record<string, unknown> | null>;
20
+ loadConnectionOrThrow: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
21
+ _id: string;
22
+ groupId: string;
23
+ protocol: "oidc" | "saml";
24
+ status: "draft" | "active" | "disabled";
25
+ config?: unknown;
26
+ }>;
27
+ validateGroupConnectionPolicy: (policy: GroupConnectionPolicy) => Array<{
28
+ name: string;
29
+ ok: boolean;
30
+ message?: string;
31
+ }>;
32
+ recordGroupAuditEvent: (ctx: ComponentCtx, data: {
33
+ connectionId?: string;
34
+ groupId: string;
35
+ eventType: string;
36
+ actorType: "user" | "system" | "scim" | "api_key" | "webhook";
37
+ actorId?: string;
38
+ subjectType: string;
39
+ subjectId?: string;
40
+ ok: boolean;
41
+ requestId?: string;
42
+ ip?: string;
43
+ metadata?: Record<string, unknown>;
44
+ }) => Promise<string>;
45
+ emitGroupWebhookDeliveries: (ctx: ComponentCtx, data: {
46
+ connectionId: string;
47
+ eventType: string;
48
+ payload: Record<string, unknown>;
49
+ auditEventId?: string;
50
+ }) => Promise<void>;
51
+ loadGroupPolicyOrThrow: (ctx: ComponentReadCtx, groupId: string) => Promise<GroupConnectionPolicy>;
52
+ };
53
+ /**
54
+ * Build the connection and SSO management domain.
55
+ */
56
+ declare function createGroupConnectionDomain<TDeps extends DomainDeps>(deps: TDeps): {
57
+ connection: {
58
+ create: (ctx: ComponentCtx, data: {
59
+ groupId: string;
60
+ protocol: "oidc" | "saml";
61
+ slug?: string;
62
+ name?: string;
63
+ status?: "draft" | "active" | "disabled";
64
+ config?: Record<string, unknown>;
65
+ extend?: Record<string, unknown>;
66
+ }) => Promise<{
67
+ connectionId: string;
68
+ groupId: string;
69
+ }>;
70
+ get: (ctx: ComponentReadCtx, connectionId: string) => Promise<GroupConnectionRecord | null>;
71
+ getByDomain: (ctx: ComponentReadCtx, domain: string) => Promise<GroupConnectionDomainLookupRecord | null>;
72
+ list: (ctx: ComponentReadCtx, opts?: {
73
+ where?: {
74
+ groupId?: string;
75
+ slug?: string;
76
+ status?: "draft" | "active" | "disabled";
77
+ };
78
+ limit?: number;
79
+ cursor?: string | null;
80
+ orderBy?: "_creationTime" | "name" | "slug" | "status";
81
+ order?: "asc" | "desc";
82
+ }) => Promise<GroupConnectionListResult>;
83
+ update: (ctx: ComponentCtx, connectionId: string, data: Record<string, unknown>) => Promise<{
84
+ connectionId: string;
85
+ }>;
86
+ delete: (ctx: ComponentCtx, connectionId: string) => Promise<{
87
+ connectionId: string;
88
+ }>;
89
+ /**
90
+ * Aggregate readiness status across all configured protocols for an
91
+ * group connection.
92
+ *
93
+ * Returns a structured result indicating whether the connection is
94
+ * ready, with per-protocol checks so callers can surface actionable
95
+ * diagnostics without running full network validation.
96
+ */
97
+ status: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
98
+ connectionId: string;
99
+ status: "draft" | "active" | "disabled";
100
+ ready: boolean;
101
+ domainCount: number;
102
+ protocols: {
103
+ oidc: {
104
+ configured: boolean;
105
+ ready: boolean;
106
+ clientId: string | null;
107
+ issuer: string | null;
108
+ };
109
+ saml: {
110
+ configured: boolean;
111
+ ready: boolean;
112
+ entityId: string | null;
113
+ };
114
+ scim: {
115
+ configured: boolean;
116
+ ready: boolean;
117
+ basePath: string | null;
118
+ deprovisionMode: GroupConnectionDeprovisionMode;
119
+ };
120
+ };
121
+ }>;
122
+ };
123
+ domain: {
124
+ add: (ctx: ComponentCtx, data: {
125
+ connectionId: string;
126
+ groupId: string;
127
+ domain: string;
128
+ isPrimary?: boolean;
129
+ }) => Promise<string>;
130
+ list: (ctx: ComponentReadCtx, connectionId: string) => Promise<ConnectionDomainRecord[]>;
131
+ validate: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
132
+ connectionId: string;
133
+ ready: boolean;
134
+ summary: {
135
+ domainCount: number;
136
+ primaryCount: number;
137
+ verifiedCount: number;
138
+ };
139
+ domains: {
140
+ domainId: string;
141
+ domain: string;
142
+ isPrimary: boolean;
143
+ verified: boolean;
144
+ verifiedAt: number | null;
145
+ }[];
146
+ warnings: string[];
147
+ }>;
148
+ status: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
149
+ connectionId: string;
150
+ ready: boolean;
151
+ primaryDomain: {
152
+ domainId: string;
153
+ domain: string;
154
+ isPrimary: boolean;
155
+ verified: boolean;
156
+ verifiedAt: number | null;
157
+ } | null;
158
+ trustedDomains: {
159
+ domainId: string;
160
+ domain: string;
161
+ isPrimary: boolean;
162
+ verified: boolean;
163
+ verifiedAt: number | null;
164
+ }[];
165
+ pendingChallenges: {
166
+ domain: string;
167
+ recordName: string;
168
+ expiresAt: number;
169
+ }[];
170
+ trust: {
171
+ domainDiscoveryReady: boolean;
172
+ primaryDomainVerified: boolean;
173
+ automaticLinkingEligible: boolean;
174
+ };
175
+ warnings: string[];
176
+ nextSteps: string[];
177
+ }>;
178
+ remove: (ctx: ComponentCtx, domainId: string) => Promise<void>;
179
+ verification: {
180
+ request: (ctx: ComponentCtx, args: {
181
+ connectionId: string;
182
+ domain: string;
183
+ }) => Promise<{
184
+ connectionId: string;
185
+ domain: string;
186
+ requestedAt: number;
187
+ expiresAt: number;
188
+ challenge: {
189
+ recordType: "TXT";
190
+ recordName: string;
191
+ recordValue: string;
192
+ };
193
+ }>;
194
+ confirm: (ctx: ComponentCtx, args: {
195
+ connectionId: string;
196
+ domain: string;
197
+ }) => Promise<{
198
+ connectionId: string;
199
+ domain: string;
200
+ checks: {
201
+ name: string;
202
+ ok: boolean;
203
+ message?: string;
204
+ }[];
205
+ verifiedAt?: undefined;
206
+ } | {
207
+ connectionId: string;
208
+ domain: string;
209
+ verifiedAt: number;
210
+ checks: {
211
+ name: string;
212
+ ok: boolean;
213
+ message?: string;
214
+ }[];
215
+ }>;
216
+ };
217
+ };
218
+ saml: {
219
+ configure: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, data: {
220
+ connectionId: string;
221
+ metadata: {
222
+ xml?: string;
223
+ url?: string;
224
+ };
225
+ domains?: string[];
226
+ request?: {
227
+ signAuthnRequests?: boolean;
228
+ nameIdFormat?: string;
229
+ forceAuthn?: boolean;
230
+ authnContextClassRefs?: string[];
231
+ };
232
+ security?: {
233
+ requireSignedAssertions?: boolean;
234
+ requireTimestamps?: boolean;
235
+ clockSkewSeconds?: number;
236
+ weakAlgorithmHandling?: "warn" | "reject";
237
+ maxMetadataSize?: number;
238
+ maxResponseSize?: number;
239
+ };
240
+ serviceProvider?: {
241
+ entityId?: string;
242
+ acsUrl?: string;
243
+ sloUrl?: string;
244
+ signingCert?: string | string[];
245
+ encryptCert?: string | string[];
246
+ privateKey?: string;
247
+ privateKeyPass?: string;
248
+ encPrivateKey?: string;
249
+ encPrivateKeyPass?: string;
250
+ };
251
+ profile?: {
252
+ mapping?: {
253
+ subject?: string;
254
+ email?: string;
255
+ name?: string;
256
+ firstName?: string;
257
+ lastName?: string;
258
+ image?: string;
259
+ groups?: string;
260
+ roles?: string;
261
+ };
262
+ extraFields?: Record<string, string>;
263
+ };
264
+ }) => Promise<{
265
+ connectionId: string;
266
+ groupId: string;
267
+ }>;
268
+ refresh: (ctx: ComponentCtx, data: {
269
+ connectionId: string;
270
+ }) => Promise<{
271
+ connectionId: string;
272
+ groupId: string;
273
+ }>;
274
+ get: (ctx: ComponentReadCtx, connectionId: string) => Promise<Record<string, unknown>>;
275
+ status: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
276
+ connectionId: string;
277
+ configured: boolean;
278
+ ready: boolean;
279
+ config: Record<string, unknown>;
280
+ checks: {
281
+ name: string;
282
+ ok: boolean;
283
+ message: string | undefined;
284
+ }[];
285
+ }>;
286
+ metadata: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, opts: {
287
+ connectionId: string;
288
+ entityId?: string;
289
+ acsUrl?: string;
290
+ sloUrl?: string;
291
+ }) => Promise<string>;
292
+ /**
293
+ * Validate the stored SAML config for an group connection.
294
+ *
295
+ * Re-parses IdP metadata, checks signing cert presence, and verifies
296
+ * SP metadata can be generated. Returns a structured result with
297
+ * per-check details rather than throwing on first failure.
298
+ */
299
+ validate: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, connectionId: string) => Promise<{
300
+ ok: boolean;
301
+ connectionId: string;
302
+ checks: {
303
+ name: string;
304
+ ok: boolean;
305
+ message?: string;
306
+ }[];
307
+ }>;
308
+ };
309
+ policy: {
310
+ get: (ctx: ComponentReadCtx, groupId: string) => Promise<GroupConnectionPolicy>;
311
+ update: (ctx: ComponentCtx, groupId: string, patch: GroupConnectionPolicyPatch) => Promise<GroupConnectionPolicy>;
312
+ validate: (ctx: ComponentReadCtx, groupId: string) => Promise<{
313
+ ok: boolean;
314
+ groupId: string;
315
+ checks: {
316
+ name: string;
317
+ ok: boolean;
318
+ message: string;
319
+ }[];
320
+ policy?: undefined;
321
+ } | {
322
+ ok: boolean;
323
+ groupId: string;
324
+ policy: GroupConnectionPolicy;
325
+ checks: {
326
+ name: string;
327
+ ok: boolean;
328
+ message?: string;
329
+ }[];
330
+ }>;
331
+ };
332
+ oidc: {
333
+ /**
334
+ * Register or update connection OIDC connection settings.
335
+ *
336
+ * Persists protocol config under `connection.config.protocols.oidc` and
337
+ * records a `group.sso.oidc.registered` audit event.
338
+ */
339
+ configure: (ctx: ComponentCtx, data: {
340
+ connectionId: string;
341
+ discovery: {
342
+ issuer?: string;
343
+ discoveryUrl?: string;
344
+ jwksUri?: string;
345
+ audience?: string | string[];
346
+ };
347
+ client: {
348
+ id: string;
349
+ secret?: string;
350
+ authMethod?: "client_secret_post" | "client_secret_basic";
351
+ };
352
+ request?: {
353
+ scopes?: string[];
354
+ loginHint?: string;
355
+ authorizationParams?: Record<string, string>;
356
+ };
357
+ security?: {
358
+ clockToleranceSeconds?: number;
359
+ strictIssuer?: boolean;
360
+ };
361
+ profile?: {
362
+ mapping?: OIDCClaimMapping;
363
+ extraFields?: Record<string, string>;
364
+ };
365
+ }) => Promise<{
366
+ hasClientSecret: boolean;
367
+ }>;
368
+ /**
369
+ * Fetch the stored OIDC config for an connection.
370
+ */
371
+ get: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
372
+ hasClientSecret: boolean;
373
+ }>;
374
+ status: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
375
+ connectionId: string;
376
+ configured: boolean;
377
+ ready: boolean;
378
+ config: {
379
+ hasClientSecret: boolean;
380
+ };
381
+ checks: {
382
+ name: string;
383
+ ok: boolean;
384
+ message: string | undefined;
385
+ }[];
386
+ }>;
387
+ /**
388
+ * Resolve group SSO sign-in route from connection id, domain, or
389
+ * user email domain.
390
+ */
391
+ signIn: (ctx: ComponentReadCtx, data: {
392
+ connectionId?: string;
393
+ email?: string;
394
+ domain?: string;
395
+ redirectTo?: string;
396
+ loginHint?: string;
397
+ }) => Promise<{
398
+ connectionId: string;
399
+ protocol: "oidc" | "saml";
400
+ providerId: string;
401
+ signInPath: string;
402
+ callbackPath: string;
403
+ redirectTo: string | undefined;
404
+ }>;
405
+ /**
406
+ * Validate the stored OIDC config for an group connection.
407
+ *
408
+ * Fetches the OIDC discovery document from the configured issuer or
409
+ * discoveryUrl, verifies required fields are present, and checks that
410
+ * clientId is set. Returns a structured result with per-check details.
411
+ */
412
+ validate: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
413
+ ok: boolean;
414
+ connectionId: string;
415
+ checks: {
416
+ name: string;
417
+ ok: boolean;
418
+ message?: string;
419
+ }[];
420
+ }>;
421
+ };
422
+ scim: {
423
+ configure: (ctx: ComponentCtx, data: {
424
+ connectionId: string;
425
+ status?: "draft" | "active" | "disabled";
426
+ security?: {
427
+ maxRequestSize?: number;
428
+ };
429
+ profile?: {
430
+ mapping?: {
431
+ subject?: string;
432
+ externalId?: string;
433
+ email?: string;
434
+ firstName?: string;
435
+ lastName?: string;
436
+ name?: string;
437
+ phone?: string;
438
+ active?: string;
439
+ groups?: string;
440
+ roles?: string;
441
+ };
442
+ extraFields?: Record<string, string>;
443
+ };
444
+ }) => Promise<{
445
+ connectionId: string;
446
+ configId: string;
447
+ basePath: string;
448
+ token: string;
449
+ }>;
450
+ get: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
451
+ security: {
452
+ maxRequestSize?: number;
453
+ } | undefined;
454
+ profile: {
455
+ mapping?: {
456
+ subject?: string;
457
+ externalId?: string;
458
+ email?: string;
459
+ firstName?: string;
460
+ lastName?: string;
461
+ name?: string;
462
+ phone?: string;
463
+ active?: string;
464
+ groups?: string;
465
+ roles?: string;
466
+ };
467
+ extraFields?: Record<string, string>;
468
+ } | undefined;
469
+ _id: string;
470
+ _creationTime: number;
471
+ connectionId: string;
472
+ groupId: string;
473
+ status: string;
474
+ basePath: string;
475
+ tokenHash: string;
476
+ lastRotatedAt?: number;
477
+ extend?: unknown;
478
+ } | null>;
479
+ status: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
480
+ connectionId: string;
481
+ configured: boolean;
482
+ ready: boolean;
483
+ config: ScimConfigRecord | null;
484
+ checks: {
485
+ name: string;
486
+ ok: boolean;
487
+ message?: string;
488
+ }[] | {
489
+ name: string;
490
+ ok: boolean;
491
+ message: string;
492
+ }[];
493
+ capabilities: {
494
+ users: boolean;
495
+ groups: boolean;
496
+ patch: boolean;
497
+ put: boolean;
498
+ filters: string[];
499
+ bulk: boolean;
500
+ etag: boolean;
501
+ } | undefined;
502
+ }>;
503
+ getConfigByToken: (ctx: ComponentReadCtx, token: string) => Promise<ScimConfigRecord | null>;
504
+ validate: (ctx: ComponentReadCtx, connectionId: string) => Promise<{
505
+ ok: boolean;
506
+ connectionId: string;
507
+ checks: {
508
+ name: string;
509
+ ok: boolean;
510
+ message: string;
511
+ }[];
512
+ basePath?: undefined;
513
+ deprovisionMode?: undefined;
514
+ capabilities?: undefined;
515
+ } | {
516
+ ok: boolean;
517
+ connectionId: string;
518
+ basePath: string;
519
+ deprovisionMode: GroupConnectionDeprovisionMode;
520
+ capabilities: {
521
+ users: boolean;
522
+ groups: boolean;
523
+ patch: boolean;
524
+ put: boolean;
525
+ filters: string[];
526
+ bulk: boolean;
527
+ etag: boolean;
528
+ };
529
+ checks: {
530
+ name: string;
531
+ ok: boolean;
532
+ message?: string;
533
+ }[];
534
+ }>;
535
+ identity: {
536
+ get: (ctx: ComponentReadCtx, data: {
537
+ connectionId: string;
538
+ resourceType: "user" | "group";
539
+ externalId: string;
540
+ }) => Promise<ScimIdentityRecord | null>;
541
+ upsert: (ctx: ComponentCtx, data: {
542
+ connectionId: string;
543
+ groupId: string;
544
+ resourceType: "user" | "group";
545
+ externalId: string;
546
+ userId?: string;
547
+ mappedGroupId?: string;
548
+ active?: boolean;
549
+ raw?: Record<string, unknown>;
550
+ }) => Promise<string>;
551
+ };
552
+ };
553
+ audit: {
554
+ record: (ctx: ComponentCtx, data: {
555
+ connectionId: string;
556
+ groupId: string;
557
+ eventType: string;
558
+ actorType: "user" | "system" | "scim" | "api_key" | "webhook";
559
+ actorId?: string;
560
+ subjectType: string;
561
+ subjectId?: string;
562
+ ok: boolean;
563
+ requestId?: string;
564
+ ip?: string;
565
+ metadata?: Record<string, unknown>;
566
+ }) => Promise<string>;
567
+ list: (ctx: ComponentReadCtx, data: {
568
+ connectionId?: string;
569
+ groupId?: string;
570
+ limit?: number;
571
+ }) => Promise<AuditEventRecord[]>;
572
+ };
573
+ webhook: {
574
+ endpoint: {
575
+ get: (ctx: ComponentReadCtx, endpointId: string) => Promise<WebhookEndpointRecord | null>;
576
+ create: (ctx: ComponentCtx, data: {
577
+ connectionId: string;
578
+ url: string;
579
+ secret: string;
580
+ subscriptions: string[];
581
+ createdByUserId?: string;
582
+ }) => Promise<{
583
+ endpointId: string;
584
+ }>;
585
+ list: (ctx: ComponentReadCtx, connectionId: string) => Promise<WebhookEndpointRecord[]>;
586
+ disable: (ctx: ComponentCtx, endpointId: string) => Promise<{
587
+ endpointId: string;
588
+ }>;
589
+ };
590
+ emit: (ctx: ComponentCtx, data: {
591
+ connectionId: string;
592
+ eventType: string;
593
+ payload: Record<string, unknown>;
594
+ auditEventId?: string;
595
+ }) => Promise<void>;
596
+ delivery: {
597
+ list: (ctx: ComponentReadCtx, data: {
598
+ connectionId: string;
599
+ limit?: number;
600
+ }) => Promise<WebhookDeliveryRecord[]>;
601
+ listReady: (ctx: ComponentReadCtx, limit?: number) => Promise<WebhookDeliveryRecord[]>;
602
+ markDelivered: (ctx: ComponentCtx, deliveryId: string, responseStatus?: number) => Promise<void>;
603
+ markFailed: (ctx: ComponentCtx, deliveryId: string, data: {
604
+ attemptCount: number;
605
+ responseStatus?: number;
606
+ error?: string;
607
+ retryAt?: number;
608
+ }) => Promise<void>;
609
+ };
610
+ };
611
+ };
612
+ //#endregion
613
+ export { createGroupConnectionDomain };
614
+ //# sourceMappingURL=domain.d.ts.map