@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
package/dist/server/types.d.ts
CHANGED
|
@@ -1,18 +1,8 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { CredentialsConfig } from "../providers/credentials.js";
|
|
3
|
-
import { Password } from "../providers/password.js";
|
|
4
|
-
import { Passkey } from "../providers/passkey.js";
|
|
5
|
-
import { Totp } from "../providers/totp.js";
|
|
6
|
-
import { Device } from "../providers/device.js";
|
|
7
|
-
import { SSO } from "../providers/sso.js";
|
|
8
|
-
import { Email } from "../providers/email.js";
|
|
9
|
-
import { Phone } from "../providers/phone.js";
|
|
10
|
-
import { vApiKeyDoc, vAuthVerifierDoc, vDeviceCodeDoc, vPasskeyDoc, vTotpFactorDoc } from "../component/model.js";
|
|
1
|
+
import { vApiKeyDoc } from "../component/model.js";
|
|
11
2
|
import { _default } from "../component/schema.js";
|
|
12
|
-
import {
|
|
13
|
-
import { AnyDataModel, DataModelFromSchemaDefinition, DocumentByName, GenericActionCtx, GenericDataModel, GenericMutationCtx, GenericQueryCtx, TableNamesInDataModel } from "convex/server";
|
|
3
|
+
import { CredentialsConfig } from "../providers/credentials.js";
|
|
14
4
|
import { GenericId, Infer, Value } from "convex/values";
|
|
15
|
-
import
|
|
5
|
+
import { AnyDataModel, DataModelFromSchemaDefinition, DocumentByName, FunctionReference, GenericActionCtx, GenericDataModel, GenericMutationCtx, GenericQueryCtx, TableNamesInDataModel } from "convex/server";
|
|
16
6
|
|
|
17
7
|
//#region src/server/types.d.ts
|
|
18
8
|
/**
|
|
@@ -56,7 +46,7 @@ type AuthAuthorizationConfig = {
|
|
|
56
46
|
* @see {@link AuthGrant}
|
|
57
47
|
*/
|
|
58
48
|
type AuthRoleId<TAuthorization extends AuthAuthorizationConfig | undefined> = TAuthorization extends {
|
|
59
|
-
roles: infer TRoles extends Record<string,
|
|
49
|
+
roles: infer TRoles extends Record<string, unknown>;
|
|
60
50
|
} ? keyof TRoles & string : string;
|
|
61
51
|
/**
|
|
62
52
|
* Extracts the union of grant strings from all roles in an authorization config.
|
|
@@ -70,7 +60,7 @@ type AuthRoleId<TAuthorization extends AuthAuthorizationConfig | undefined> = TA
|
|
|
70
60
|
*/
|
|
71
61
|
type AuthGrant<TAuthorization extends AuthAuthorizationConfig | undefined> = TAuthorization extends {
|
|
72
62
|
roles: infer TRoles extends Record<string, {
|
|
73
|
-
grants: readonly
|
|
63
|
+
grants: readonly unknown[];
|
|
74
64
|
}>;
|
|
75
65
|
} ? TRoles[keyof TRoles]["grants"][number] & string : string;
|
|
76
66
|
/**
|
|
@@ -84,6 +74,32 @@ type ConvexAuthConfig = {
|
|
|
84
74
|
* `@robelest/convex-auth/providers/<provider-name>`
|
|
85
75
|
*/
|
|
86
76
|
providers: AuthProviderConfig[];
|
|
77
|
+
sso?: {
|
|
78
|
+
hooks?: {
|
|
79
|
+
profileResolved?: (args: {
|
|
80
|
+
protocol: "oidc" | "saml" | "scim";
|
|
81
|
+
connectionId?: string;
|
|
82
|
+
profile: Record<string, unknown>;
|
|
83
|
+
}) => Awaitable<Record<string, unknown> | void>;
|
|
84
|
+
beforeProvision?: (args: {
|
|
85
|
+
protocol: "oidc" | "saml" | "scim";
|
|
86
|
+
connectionId?: string;
|
|
87
|
+
profile: Record<string, unknown>;
|
|
88
|
+
}) => Awaitable<Record<string, unknown> | void>;
|
|
89
|
+
afterProvision?: (args: {
|
|
90
|
+
protocol: "oidc" | "saml" | "scim";
|
|
91
|
+
connectionId?: string;
|
|
92
|
+
profile: Record<string, unknown>;
|
|
93
|
+
userId: string;
|
|
94
|
+
}) => Awaitable<void>;
|
|
95
|
+
allowLink?: (args: {
|
|
96
|
+
protocol: "oidc" | "saml" | "scim";
|
|
97
|
+
connectionId?: string;
|
|
98
|
+
profile: Record<string, unknown>;
|
|
99
|
+
userId: string;
|
|
100
|
+
}) => Awaitable<boolean | void>;
|
|
101
|
+
};
|
|
102
|
+
};
|
|
87
103
|
/**
|
|
88
104
|
* Auth component reference from `components.auth`.
|
|
89
105
|
*
|
|
@@ -303,102 +319,140 @@ type ConvexAuthConfig = {
|
|
|
303
319
|
/**
|
|
304
320
|
* Union of all supported auth provider config types.
|
|
305
321
|
*
|
|
306
|
-
* Includes
|
|
307
|
-
* plus library-native providers: credentials, email, phone, passkey
|
|
308
|
-
* (WebAuthn), and TOTP (2FA). Each can be passed as a config object
|
|
309
|
-
* or a factory function.
|
|
322
|
+
* Includes materialized provider configs plus optional config factories.
|
|
310
323
|
*/
|
|
311
|
-
type AuthProviderConfig =
|
|
324
|
+
type AuthProviderConfig = OAuthMaterializedConfig | ConvexCredentialsConfig | (() => ConvexCredentialsConfig) | EmailConfig | (() => EmailConfig) | PhoneConfig | (() => PhoneConfig) | PasskeyProviderConfig | (() => PasskeyProviderConfig) | TotpProviderConfig | (() => TotpProviderConfig) | DeviceProviderConfig | (() => DeviceProviderConfig) | SSOProviderConfig;
|
|
312
325
|
/**
|
|
313
326
|
* Minimal config stored for the SSO provider at runtime.
|
|
314
|
-
* No options —
|
|
327
|
+
* No options — connection configuration is entirely per-tenant runtime state.
|
|
315
328
|
*/
|
|
316
329
|
interface SSOProviderConfig {
|
|
317
330
|
id: string;
|
|
318
331
|
type: "sso";
|
|
332
|
+
/**
|
|
333
|
+
* Optional shared callback URI for all OIDC group connections.
|
|
334
|
+
* When omitted, each connection gets its own callback path.
|
|
335
|
+
*/
|
|
336
|
+
redirectURI?: string;
|
|
319
337
|
}
|
|
320
338
|
/**
|
|
321
|
-
* Account linking strategy for
|
|
339
|
+
* Account linking strategy for group SSO sign-in.
|
|
322
340
|
*
|
|
323
341
|
* - `"verifiedEmail"` — link accounts when the IdP-provided email matches a verified email on an existing user.
|
|
324
342
|
* - `"none"` — never auto-link; always create a new account.
|
|
325
343
|
*/
|
|
326
|
-
type
|
|
344
|
+
type GroupConnectionAccountLinkingPolicy = "verifiedEmail" | "none";
|
|
327
345
|
/**
|
|
328
346
|
* Policy for reusing existing users during SCIM provisioning.
|
|
329
347
|
*
|
|
330
348
|
* - `"externalId"` — match by the SCIM `externalId` to reuse a previously provisioned user.
|
|
331
349
|
* - `"none"` — always create a new user for each SCIM provision request.
|
|
332
350
|
*/
|
|
333
|
-
type
|
|
351
|
+
type GroupConnectionScimReuseUserPolicy = "externalId" | "none";
|
|
334
352
|
/**
|
|
335
|
-
* Just-in-time provisioning mode for
|
|
353
|
+
* Just-in-time provisioning mode for group SSO.
|
|
336
354
|
*
|
|
337
355
|
* - `"off"` — no JIT provisioning; users must be pre-provisioned.
|
|
338
356
|
* - `"createUser"` — create a user record on first SSO sign-in.
|
|
339
|
-
* - `"createUserAndMembership"` — create a user and add them to the
|
|
357
|
+
* - `"createUserAndMembership"` — create a user and add them to the group on first SSO sign-in.
|
|
340
358
|
*/
|
|
341
|
-
type
|
|
359
|
+
type GroupConnectionJitProvisioningMode = "off" | "createUser" | "createUserAndMembership";
|
|
342
360
|
/**
|
|
343
361
|
* Deprovisioning strategy when a SCIM user is deleted.
|
|
344
362
|
*
|
|
345
363
|
* - `"soft"` — mark the user as inactive but preserve the record.
|
|
346
364
|
* - `"hard"` — permanently delete the user and associated data.
|
|
347
365
|
*/
|
|
348
|
-
type
|
|
366
|
+
type GroupConnectionDeprovisionMode = "soft" | "hard";
|
|
367
|
+
type GroupConnectionProfileUpdateMode = "never" | "missing" | "always";
|
|
368
|
+
type GroupConnectionProvisioningAuthority = "app" | "sso" | "scim";
|
|
369
|
+
type GroupConnectionGroupSyncMode = "ignore" | "sync";
|
|
370
|
+
type GroupConnectionRoleSyncMode = "ignore" | "map";
|
|
349
371
|
/**
|
|
350
|
-
* Effective
|
|
372
|
+
* Effective group policy document stored for an SSO/SCIM tenant.
|
|
351
373
|
*
|
|
352
374
|
* Controls account linking, JIT provisioning, SCIM reuse behavior,
|
|
353
375
|
* deprovisioning, and any app-defined extension metadata.
|
|
354
376
|
*
|
|
355
|
-
* @see {@link
|
|
377
|
+
* @see {@link GroupConnectionPolicyPatch}
|
|
356
378
|
*/
|
|
357
|
-
interface
|
|
379
|
+
interface GroupConnectionPolicy {
|
|
358
380
|
version: 1;
|
|
359
381
|
identity: {
|
|
360
382
|
accountLinking: {
|
|
361
|
-
oidc:
|
|
362
|
-
saml:
|
|
383
|
+
oidc: GroupConnectionAccountLinkingPolicy;
|
|
384
|
+
saml: GroupConnectionAccountLinkingPolicy;
|
|
363
385
|
};
|
|
364
386
|
};
|
|
365
387
|
provisioning: {
|
|
388
|
+
user: {
|
|
389
|
+
createOnSignIn: boolean;
|
|
390
|
+
updateProfileOnLogin: GroupConnectionProfileUpdateMode;
|
|
391
|
+
updateProfileFromScim: GroupConnectionProfileUpdateMode;
|
|
392
|
+
authority: GroupConnectionProvisioningAuthority;
|
|
393
|
+
};
|
|
366
394
|
scimReuse: {
|
|
367
|
-
user:
|
|
395
|
+
user: GroupConnectionScimReuseUserPolicy;
|
|
368
396
|
};
|
|
369
397
|
jit: {
|
|
370
|
-
mode:
|
|
398
|
+
mode: GroupConnectionJitProvisioningMode;
|
|
371
399
|
defaultRoleIds: string[];
|
|
372
400
|
};
|
|
373
401
|
deprovision: {
|
|
374
|
-
mode:
|
|
402
|
+
mode: GroupConnectionDeprovisionMode;
|
|
403
|
+
};
|
|
404
|
+
groups: {
|
|
405
|
+
mode: GroupConnectionGroupSyncMode;
|
|
406
|
+
source: "protocol";
|
|
407
|
+
mapping?: Record<string, string[]>;
|
|
408
|
+
};
|
|
409
|
+
roles: {
|
|
410
|
+
mode: GroupConnectionRoleSyncMode;
|
|
411
|
+
source: "protocol";
|
|
412
|
+
mapping?: Record<string, string[]>;
|
|
375
413
|
};
|
|
376
414
|
};
|
|
377
415
|
extend?: Record<string, unknown>;
|
|
378
416
|
}
|
|
379
417
|
/**
|
|
380
|
-
* Partial update payload for {@link
|
|
418
|
+
* Partial update payload for {@link GroupConnectionPolicy}.
|
|
381
419
|
*
|
|
382
|
-
* Use this when patching only selected
|
|
420
|
+
* Use this when patching only selected group policy sections without
|
|
383
421
|
* replacing the entire stored policy document.
|
|
384
422
|
*/
|
|
385
|
-
interface
|
|
423
|
+
interface GroupConnectionPolicyPatch {
|
|
386
424
|
identity?: {
|
|
387
425
|
accountLinking?: {
|
|
388
|
-
oidc?:
|
|
389
|
-
saml?:
|
|
426
|
+
oidc?: GroupConnectionAccountLinkingPolicy;
|
|
427
|
+
saml?: GroupConnectionAccountLinkingPolicy;
|
|
390
428
|
};
|
|
391
429
|
};
|
|
392
430
|
provisioning?: {
|
|
431
|
+
user?: {
|
|
432
|
+
createOnSignIn?: boolean;
|
|
433
|
+
updateProfileOnLogin?: GroupConnectionProfileUpdateMode;
|
|
434
|
+
updateProfileFromScim?: GroupConnectionProfileUpdateMode;
|
|
435
|
+
authority?: GroupConnectionProvisioningAuthority;
|
|
436
|
+
};
|
|
393
437
|
scimReuse?: {
|
|
394
|
-
user?:
|
|
438
|
+
user?: GroupConnectionScimReuseUserPolicy;
|
|
395
439
|
};
|
|
396
440
|
jit?: {
|
|
397
|
-
mode?:
|
|
441
|
+
mode?: GroupConnectionJitProvisioningMode;
|
|
398
442
|
defaultRoleIds?: string[];
|
|
399
443
|
};
|
|
400
444
|
deprovision?: {
|
|
401
|
-
mode?:
|
|
445
|
+
mode?: GroupConnectionDeprovisionMode;
|
|
446
|
+
};
|
|
447
|
+
groups?: {
|
|
448
|
+
mode?: GroupConnectionGroupSyncMode;
|
|
449
|
+
source?: "protocol";
|
|
450
|
+
mapping?: Record<string, string[]>;
|
|
451
|
+
};
|
|
452
|
+
roles?: {
|
|
453
|
+
mode?: GroupConnectionRoleSyncMode;
|
|
454
|
+
source?: "protocol";
|
|
455
|
+
mapping?: Record<string, string[]>;
|
|
402
456
|
};
|
|
403
457
|
};
|
|
404
458
|
extend?: Record<string, unknown>;
|
|
@@ -504,7 +558,8 @@ interface PhoneConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
|
504
558
|
* Any tokens shorter than 24 characters are assumed to not
|
|
505
559
|
* be secure enough on their own, and require providing
|
|
506
560
|
* the original `phone` used in the initial `signIn` call.
|
|
507
|
-
*
|
|
561
|
+
*
|
|
562
|
+
* @returns The verification token to send to the user.
|
|
508
563
|
*/
|
|
509
564
|
generateVerificationToken?: () => Promise<string>;
|
|
510
565
|
/**
|
|
@@ -537,8 +592,13 @@ interface PhoneConfig<DataModel extends GenericDataModel = GenericDataModel> {
|
|
|
537
592
|
type PhoneUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<PhoneConfig<DataModel>>, "options" | "type">;
|
|
538
593
|
/**
|
|
539
594
|
* Credentials provider config used by Convex Auth.
|
|
595
|
+
*
|
|
596
|
+
* Extends the user-facing {@link CredentialsConfig} with the stable provider
|
|
597
|
+
* `id` and `type` fields injected by the library.
|
|
598
|
+
*
|
|
599
|
+
* @typeParam DataModel - The Convex data model used by the auth context.
|
|
540
600
|
*/
|
|
541
|
-
type ConvexCredentialsConfig = CredentialsConfig<
|
|
601
|
+
type ConvexCredentialsConfig<DataModel extends GenericDataModel = GenericDataModel> = CredentialsConfig<DataModel> & {
|
|
542
602
|
type: "credentials";
|
|
543
603
|
id: string;
|
|
544
604
|
};
|
|
@@ -620,6 +680,35 @@ interface OAuthProfile {
|
|
|
620
680
|
/** Additional claims from the ID token or userinfo endpoint. */
|
|
621
681
|
[key: string]: unknown;
|
|
622
682
|
}
|
|
683
|
+
/**
|
|
684
|
+
* Stable OAuth token shape exposed to provider callbacks.
|
|
685
|
+
*
|
|
686
|
+
* This contract is owned by convex-auth so users are insulated from changes
|
|
687
|
+
* to the underlying OAuth implementation.
|
|
688
|
+
*/
|
|
689
|
+
interface OAuthTokens {
|
|
690
|
+
accessToken?: string;
|
|
691
|
+
refreshToken?: string;
|
|
692
|
+
idToken?: string;
|
|
693
|
+
accessTokenExpiresAt?: Date;
|
|
694
|
+
refreshTokenExpiresAt?: Date;
|
|
695
|
+
scopes?: string[];
|
|
696
|
+
raw?: unknown;
|
|
697
|
+
}
|
|
698
|
+
interface OAuthRuntimeClient {
|
|
699
|
+
readonly pkce: "required" | "optional" | "never";
|
|
700
|
+
createAuthorizationURL(args: {
|
|
701
|
+
state: string;
|
|
702
|
+
codeVerifier?: string;
|
|
703
|
+
scopes: string[];
|
|
704
|
+
nonce?: string;
|
|
705
|
+
loginHint?: string;
|
|
706
|
+
}): URL;
|
|
707
|
+
validateAuthorizationCode(args: {
|
|
708
|
+
code: string;
|
|
709
|
+
codeVerifier?: string;
|
|
710
|
+
}): Promise<OAuthTokens>;
|
|
711
|
+
}
|
|
623
712
|
/** Credentials identifying a provider account (e.g. email + hashed password). */
|
|
624
713
|
type AuthAccountCredentials = {
|
|
625
714
|
/** Provider-specific account identifier (e.g. email address). */id: string; /** Optional secret (e.g. hashed password). */
|
|
@@ -704,15 +793,15 @@ type AuthMemberRequireArgs = AuthMemberInspectArgs & {
|
|
|
704
793
|
*/
|
|
705
794
|
type AuthServerHelpers = {
|
|
706
795
|
/** Account management: create, retrieve, and update provider-linked accounts. */account: {
|
|
707
|
-
create: (ctx: GenericActionCtx<
|
|
796
|
+
create: (ctx: GenericActionCtx<GenericDataModel>, args: AuthCreateAccountArgs) => Promise<{
|
|
708
797
|
account: GenericDoc<GenericDataModel, "Account">;
|
|
709
798
|
user: GenericDoc<GenericDataModel, "User">;
|
|
710
799
|
}>;
|
|
711
|
-
get: (ctx: GenericActionCtx<
|
|
800
|
+
get: (ctx: GenericActionCtx<GenericDataModel>, args: AuthRetrieveAccountArgs) => Promise<{
|
|
712
801
|
account: GenericDoc<GenericDataModel, "Account">;
|
|
713
802
|
user: GenericDoc<GenericDataModel, "User">;
|
|
714
803
|
}>;
|
|
715
|
-
update: (ctx: GenericActionCtx<
|
|
804
|
+
update: (ctx: GenericActionCtx<GenericDataModel>, args: AuthUpdateAccountArgs) => Promise<{
|
|
716
805
|
accountId: GenericId<"Account">;
|
|
717
806
|
}>;
|
|
718
807
|
};
|
|
@@ -720,17 +809,17 @@ type AuthServerHelpers = {
|
|
|
720
809
|
current: (ctx: {
|
|
721
810
|
auth: GenericActionCtx<GenericDataModel>["auth"];
|
|
722
811
|
}) => Promise<GenericId<"Session"> | null>;
|
|
723
|
-
invalidate: (ctx: GenericActionCtx<
|
|
812
|
+
invalidate: (ctx: GenericActionCtx<GenericDataModel>, args: AuthInvalidateSessionsArgs) => Promise<{
|
|
724
813
|
userId: GenericId<"User">;
|
|
725
814
|
except: GenericId<"Session">[];
|
|
726
815
|
}>;
|
|
727
816
|
};
|
|
728
817
|
member: {
|
|
729
|
-
inspect: (ctx: GenericActionCtx<
|
|
730
|
-
require: (ctx: GenericActionCtx<
|
|
818
|
+
inspect: (ctx: GenericActionCtx<GenericDataModel>, args: AuthMemberInspectArgs) => Promise<AuthMemberInspectResult>;
|
|
819
|
+
require: (ctx: GenericActionCtx<GenericDataModel>, args: AuthMemberRequireArgs) => Promise<AuthMemberInspectResult>;
|
|
731
820
|
};
|
|
732
821
|
provider: {
|
|
733
|
-
signIn: (ctx: GenericActionCtx<
|
|
822
|
+
signIn: (ctx: GenericActionCtx<GenericDataModel>, provider: AuthProviderConfig, args: AuthProviderSignInArgs) => Promise<AuthProviderSignInResult>;
|
|
734
823
|
};
|
|
735
824
|
};
|
|
736
825
|
/**
|
|
@@ -752,30 +841,24 @@ type GenericActionCtxWithAuthConfig<DataModel extends GenericDataModel> = Generi
|
|
|
752
841
|
*/
|
|
753
842
|
type ConvexAuthMaterializedConfig = {
|
|
754
843
|
providers: AuthProviderMaterializedConfig[];
|
|
755
|
-
} & Pick<ConvexAuthConfig, "component" | "session" | "jwt" | "signIn" | "callbacks" | "authorization">;
|
|
756
|
-
|
|
757
|
-
* Maps SAML assertion attribute names to user profile fields.
|
|
758
|
-
*
|
|
759
|
-
* Use this to tell the SSO flow which SAML attributes correspond to
|
|
760
|
-
* the user's subject identifier, email, and display name fields.
|
|
761
|
-
*/
|
|
762
|
-
interface SAMLAttributeMapping {
|
|
763
|
-
/** SAML attribute for the unique subject identifier (NameID). */
|
|
844
|
+
} & Pick<ConvexAuthConfig, "component" | "session" | "jwt" | "signIn" | "callbacks" | "authorization" | "sso">;
|
|
845
|
+
interface SSOProfileMapping {
|
|
764
846
|
subject?: string;
|
|
765
|
-
/** SAML attribute for the user's email address. */
|
|
766
847
|
email?: string;
|
|
767
|
-
|
|
848
|
+
emailVerified?: string;
|
|
768
849
|
name?: string;
|
|
769
|
-
/** SAML attribute for the user's first / given name. */
|
|
770
850
|
firstName?: string;
|
|
771
|
-
/** SAML attribute for the user's last / family name. */
|
|
772
851
|
lastName?: string;
|
|
852
|
+
image?: string;
|
|
853
|
+
phone?: string;
|
|
854
|
+
active?: string;
|
|
855
|
+
externalId?: string;
|
|
856
|
+
groups?: string;
|
|
857
|
+
roles?: string;
|
|
773
858
|
}
|
|
859
|
+
interface OIDCClaimMapping extends Pick<SSOProfileMapping, "subject" | "email" | "emailVerified" | "name" | "image" | "groups" | "roles"> {}
|
|
774
860
|
/**
|
|
775
|
-
* Materialized OAuth provider config
|
|
776
|
-
*
|
|
777
|
-
* Carries the Arctic provider instance along with scopes and profile config.
|
|
778
|
-
* Produced by materializing an `OAuthProviderInstance` during `configDefaults`.
|
|
861
|
+
* Materialized OAuth provider config.
|
|
779
862
|
*/
|
|
780
863
|
interface OAuthMaterializedConfig {
|
|
781
864
|
/**
|
|
@@ -789,10 +872,10 @@ interface OAuthMaterializedConfig {
|
|
|
789
872
|
*/
|
|
790
873
|
readonly type: "oauth";
|
|
791
874
|
/**
|
|
792
|
-
* The
|
|
875
|
+
* The runtime client used for the authorization code flow.
|
|
793
876
|
* @readonly
|
|
794
877
|
*/
|
|
795
|
-
readonly provider:
|
|
878
|
+
readonly provider: OAuthRuntimeClient | null;
|
|
796
879
|
/**
|
|
797
880
|
* OAuth scopes to request.
|
|
798
881
|
* @readonly
|
|
@@ -802,7 +885,13 @@ interface OAuthMaterializedConfig {
|
|
|
802
885
|
* User-provided profile extraction callback.
|
|
803
886
|
* @readonly
|
|
804
887
|
*/
|
|
805
|
-
readonly profile?: (tokens:
|
|
888
|
+
readonly profile?: (tokens: OAuthTokens) => Promise<OAuthProfile>;
|
|
889
|
+
/** Whether to issue and verify a nonce cookie during the callback flow. */
|
|
890
|
+
readonly nonce?: boolean;
|
|
891
|
+
/** Optional token validation hook after code exchange. */
|
|
892
|
+
readonly validateTokens?: (tokens: OAuthTokens, ctx: {
|
|
893
|
+
nonce?: string;
|
|
894
|
+
}) => Promise<void>;
|
|
806
895
|
/**
|
|
807
896
|
* Account-linking policy for OAuth identities. Defaults to verified email linking.
|
|
808
897
|
* @readonly
|
|
@@ -839,15 +928,23 @@ interface DeviceProviderConfig {
|
|
|
839
928
|
*/
|
|
840
929
|
type AuthProviderMaterializedConfig = OAuthMaterializedConfig | EmailConfig | PhoneConfig | ConvexCredentialsConfig | PasskeyProviderConfig | TotpProviderConfig | DeviceProviderConfig | SSOProviderConfig;
|
|
841
930
|
/**
|
|
842
|
-
* Resolves to `true` when the providers list includes `
|
|
931
|
+
* Resolves to `true` when the providers list includes `sso()`, otherwise `false`.
|
|
843
932
|
*
|
|
844
|
-
* Used to make `auth.sso` conditionally present on the `createAuth`
|
|
845
|
-
* return type — it only appears when `
|
|
933
|
+
* Used to make `auth.group.sso` conditionally present on the `createAuth`
|
|
934
|
+
* return type — it only appears when `sso()` is in the providers array.
|
|
846
935
|
*/
|
|
847
|
-
type HasSSO<P extends AuthProviderConfig[]> =
|
|
848
|
-
type
|
|
849
|
-
|
|
850
|
-
type
|
|
936
|
+
type HasSSO<P extends AuthProviderConfig[]> = Extract<P[number], {
|
|
937
|
+
type: "sso";
|
|
938
|
+
}> extends never ? false : true;
|
|
939
|
+
type HasPasskeyProvider<P extends AuthProviderConfig[]> = Extract<P[number], {
|
|
940
|
+
type: "passkey";
|
|
941
|
+
}> extends never ? false : true;
|
|
942
|
+
type HasTotpProvider<P extends AuthProviderConfig[]> = Extract<P[number], {
|
|
943
|
+
type: "totp";
|
|
944
|
+
}> extends never ? false : true;
|
|
945
|
+
type HasDeviceProvider<P extends AuthProviderConfig[]> = Extract<P[number], {
|
|
946
|
+
type: "device";
|
|
947
|
+
}> extends never ? false : true;
|
|
851
948
|
/**
|
|
852
949
|
* A single scope entry stored per API key.
|
|
853
950
|
* Uses a resource:action pattern for structured permissions.
|
|
@@ -877,129 +974,6 @@ interface ScopeChecker {
|
|
|
877
974
|
/** The raw scope entries from the key. */
|
|
878
975
|
scopes: KeyScope[];
|
|
879
976
|
}
|
|
880
|
-
/**
|
|
881
|
-
* An API key record as returned by `auth.key.list()` and `auth.key.get()`.
|
|
882
|
-
* Never includes the raw key material — only the display prefix.
|
|
883
|
-
*/
|
|
884
|
-
interface KeyRecord {
|
|
885
|
-
/** Document ID. */
|
|
886
|
-
_id: string;
|
|
887
|
-
/** Owner user ID. */
|
|
888
|
-
userId: string;
|
|
889
|
-
/** Display prefix (e.g. `"sk_abc1"`). Safe to show in UIs. */
|
|
890
|
-
prefix: string;
|
|
891
|
-
/** Human-readable name (e.g. "CI Pipeline"). */
|
|
892
|
-
name: string;
|
|
893
|
-
/** Resource:action permissions granted to this key. */
|
|
894
|
-
scopes: KeyScope[];
|
|
895
|
-
/** Per-key rate limit, if configured. */
|
|
896
|
-
rateLimit?: {
|
|
897
|
-
maxRequests: number;
|
|
898
|
-
windowMs: number;
|
|
899
|
-
};
|
|
900
|
-
/** Expiration timestamp (ms since epoch), or `undefined` for no expiry. */
|
|
901
|
-
expiresAt?: number;
|
|
902
|
-
/** Timestamp of last successful verification, or `undefined` if never used. */
|
|
903
|
-
lastUsedAt?: number;
|
|
904
|
-
/** Creation timestamp (ms since epoch). */
|
|
905
|
-
createdAt: number;
|
|
906
|
-
/** `true` when the key has been revoked (soft-deleted). */
|
|
907
|
-
revoked: boolean;
|
|
908
|
-
/** Arbitrary app-specific metadata attached to the key. */
|
|
909
|
-
metadata?: Record<string, unknown>;
|
|
910
|
-
}
|
|
911
|
-
/**
|
|
912
|
-
* Options for paginated list queries. Every entity list method uses this
|
|
913
|
-
* same shape with entity-specific `TWhere` and `TOrderBy` type parameters.
|
|
914
|
-
*
|
|
915
|
-
* @typeParam TWhere - The type of the optional filter object.
|
|
916
|
-
* @typeParam TOrderBy - The union of sortable field names.
|
|
917
|
-
*
|
|
918
|
-
* ```ts
|
|
919
|
-
* const result = await auth.group.list(ctx, {
|
|
920
|
-
* where: { type: "team" },
|
|
921
|
-
* limit: 20,
|
|
922
|
-
* orderBy: "name",
|
|
923
|
-
* order: "asc",
|
|
924
|
-
* });
|
|
925
|
-
* ```
|
|
926
|
-
*/
|
|
927
|
-
type ListOptions<TWhere extends Record<string, unknown>, TOrderBy extends string> = {
|
|
928
|
-
/** Serializable filter — only known fields for the entity. */where?: TWhere; /** Maximum number of items to return. Defaults to 50, max 100. */
|
|
929
|
-
limit?: number; /** Opaque cursor from a previous `ListResult.nextCursor`. */
|
|
930
|
-
cursor?: string | null; /** Field to sort by. Defaults to `"_creationTime"`. */
|
|
931
|
-
orderBy?: TOrderBy; /** Sort direction. Defaults to `"desc"`. */
|
|
932
|
-
order?: "asc" | "desc";
|
|
933
|
-
};
|
|
934
|
-
/**
|
|
935
|
-
* Paginated list result returned by every entity list method.
|
|
936
|
-
*
|
|
937
|
-
* @typeParam T - The type of items in the result array.
|
|
938
|
-
*/
|
|
939
|
-
type ListResult<T> = {
|
|
940
|
-
/** The page of items. */items: T[]; /** Opaque cursor for the next page, or `null` when exhausted. */
|
|
941
|
-
nextCursor: string | null;
|
|
942
|
-
};
|
|
943
|
-
/**
|
|
944
|
-
* A single key/value tag for group classification.
|
|
945
|
-
*
|
|
946
|
-
* Tags are normalized at write time: both `key` and `value` are
|
|
947
|
-
* trimmed and lowercased. Filtering is strict exact-match only.
|
|
948
|
-
*/
|
|
949
|
-
type GroupTag = {
|
|
950
|
-
key: string;
|
|
951
|
-
value: string;
|
|
952
|
-
};
|
|
953
|
-
/** Filter fields for `auth.group.list()`. All optional. */
|
|
954
|
-
type GroupWhere = {
|
|
955
|
-
slug?: string;
|
|
956
|
-
type?: string;
|
|
957
|
-
parentGroupId?: string;
|
|
958
|
-
name?: string; /** When `true`, return only root groups (no parent). When `false`, only non-root. */
|
|
959
|
-
isRoot?: boolean;
|
|
960
|
-
/**
|
|
961
|
-
* Return only groups that have **all** of the specified tags.
|
|
962
|
-
* Each tag is matched exactly on normalized `(key, value)`.
|
|
963
|
-
*/
|
|
964
|
-
tagsAll?: GroupTag[];
|
|
965
|
-
/**
|
|
966
|
-
* Return only groups that have **at least one** of the specified tags.
|
|
967
|
-
* Each tag is matched exactly on normalized `(key, value)`.
|
|
968
|
-
*/
|
|
969
|
-
tagsAny?: GroupTag[];
|
|
970
|
-
};
|
|
971
|
-
/** Sortable fields for `auth.group.list()`. */
|
|
972
|
-
type GroupOrderBy = "_creationTime" | "name" | "slug" | "type";
|
|
973
|
-
/** Filter fields for `auth.member.list()`. All optional. */
|
|
974
|
-
type MemberWhere = {
|
|
975
|
-
groupId?: string;
|
|
976
|
-
userId?: string;
|
|
977
|
-
roleId?: string;
|
|
978
|
-
status?: string;
|
|
979
|
-
};
|
|
980
|
-
/** Sortable fields for `auth.member.list()`. */
|
|
981
|
-
type MemberOrderBy = "_creationTime" | "status";
|
|
982
|
-
/** Filter fields for `auth.invite.list()`. All optional. */
|
|
983
|
-
type InviteWhere = {
|
|
984
|
-
tokenHash?: string;
|
|
985
|
-
groupId?: string;
|
|
986
|
-
status?: "pending" | "accepted" | "revoked" | "expired";
|
|
987
|
-
email?: string;
|
|
988
|
-
invitedByUserId?: string;
|
|
989
|
-
roleId?: string;
|
|
990
|
-
acceptedByUserId?: string;
|
|
991
|
-
};
|
|
992
|
-
/** Sortable fields for `auth.invite.list()`. */
|
|
993
|
-
type InviteOrderBy = "_creationTime" | "status" | "email" | "expiresTime" | "acceptedTime";
|
|
994
|
-
/** Filter fields for `auth.key.list()`. All optional. */
|
|
995
|
-
type KeyWhere = {
|
|
996
|
-
userId?: string;
|
|
997
|
-
revoked?: boolean;
|
|
998
|
-
name?: string;
|
|
999
|
-
prefix?: string;
|
|
1000
|
-
};
|
|
1001
|
-
/** Sortable fields for `auth.key.list()`. */
|
|
1002
|
-
type KeyOrderBy = "_creationTime" | "name" | "lastUsedAt" | "expiresAt" | "revoked";
|
|
1003
977
|
/** Filter fields for `auth.user.list()`. All optional. */
|
|
1004
978
|
type UserWhere = {
|
|
1005
979
|
email?: string;
|
|
@@ -1037,13 +1011,139 @@ interface HttpKeyContext {
|
|
|
1037
1011
|
* CORS configuration for Bearer-authenticated HTTP endpoints.
|
|
1038
1012
|
*/
|
|
1039
1013
|
interface CorsConfig {
|
|
1040
|
-
/**
|
|
1041
|
-
|
|
1014
|
+
/**
|
|
1015
|
+
* Allowed origins. Defaults to the site URLs from environment
|
|
1016
|
+
* (`SITE_URL` and `SECONDARY_URL`). Pass `["*"]` to allow any origin.
|
|
1017
|
+
*/
|
|
1018
|
+
origins?: string[];
|
|
1042
1019
|
/** Allowed HTTP methods. Defaults to `"GET,POST,PUT,PATCH,DELETE,OPTIONS"`. */
|
|
1043
1020
|
methods?: string;
|
|
1044
1021
|
/** Allowed request headers. Defaults to `"Content-Type,Authorization"`. */
|
|
1045
1022
|
headers?: string;
|
|
1046
1023
|
}
|
|
1024
|
+
/**
|
|
1025
|
+
* Component function references required by core auth runtime.
|
|
1026
|
+
*/
|
|
1027
|
+
type AuthComponentApi = {
|
|
1028
|
+
public: {
|
|
1029
|
+
userGetById: FunctionReference<"query", "internal">;
|
|
1030
|
+
userList: FunctionReference<"query", "internal">;
|
|
1031
|
+
userFindByVerifiedEmail: FunctionReference<"query", "internal">;
|
|
1032
|
+
userFindByVerifiedPhone: FunctionReference<"query", "internal">;
|
|
1033
|
+
userInsert: FunctionReference<"mutation", "internal">;
|
|
1034
|
+
userUpsert: FunctionReference<"mutation", "internal">;
|
|
1035
|
+
userPatch: FunctionReference<"mutation", "internal">;
|
|
1036
|
+
userDelete: FunctionReference<"mutation", "internal">;
|
|
1037
|
+
accountGet: FunctionReference<"query", "internal">;
|
|
1038
|
+
accountGetById: FunctionReference<"query", "internal">;
|
|
1039
|
+
accountInsert: FunctionReference<"mutation", "internal">;
|
|
1040
|
+
accountListByUser: FunctionReference<"query", "internal">;
|
|
1041
|
+
accountPatch: FunctionReference<"mutation", "internal">;
|
|
1042
|
+
accountDelete: FunctionReference<"mutation", "internal">;
|
|
1043
|
+
sessionCreate: FunctionReference<"mutation", "internal">;
|
|
1044
|
+
sessionGetById: FunctionReference<"query", "internal">;
|
|
1045
|
+
sessionDelete: FunctionReference<"mutation", "internal">;
|
|
1046
|
+
sessionListByUser: FunctionReference<"query", "internal">;
|
|
1047
|
+
verifierCreate: FunctionReference<"mutation", "internal">;
|
|
1048
|
+
verifierGetById: FunctionReference<"query", "internal">;
|
|
1049
|
+
verifierGetBySignature: FunctionReference<"query", "internal">;
|
|
1050
|
+
verifierPatch: FunctionReference<"mutation", "internal">;
|
|
1051
|
+
verifierDelete: FunctionReference<"mutation", "internal">;
|
|
1052
|
+
verificationCodeGetByAccountId: FunctionReference<"query", "internal">;
|
|
1053
|
+
verificationCodeGetByCode: FunctionReference<"query", "internal">;
|
|
1054
|
+
verificationCodeCreate: FunctionReference<"mutation", "internal">;
|
|
1055
|
+
verificationCodeDelete: FunctionReference<"mutation", "internal">;
|
|
1056
|
+
refreshTokenCreate: FunctionReference<"mutation", "internal">;
|
|
1057
|
+
refreshTokenGetById: FunctionReference<"query", "internal">;
|
|
1058
|
+
refreshTokenPatch: FunctionReference<"mutation", "internal">;
|
|
1059
|
+
refreshTokenGetChildren: FunctionReference<"query", "internal">;
|
|
1060
|
+
refreshTokenListBySession: FunctionReference<"query", "internal">;
|
|
1061
|
+
refreshTokenDeleteAll: FunctionReference<"mutation", "internal">;
|
|
1062
|
+
refreshTokenGetActive: FunctionReference<"query", "internal">;
|
|
1063
|
+
rateLimitGet: FunctionReference<"query", "internal">;
|
|
1064
|
+
rateLimitCreate: FunctionReference<"mutation", "internal">;
|
|
1065
|
+
rateLimitPatch: FunctionReference<"mutation", "internal">;
|
|
1066
|
+
rateLimitDelete: FunctionReference<"mutation", "internal">;
|
|
1067
|
+
groupCreate: FunctionReference<"mutation", "internal">;
|
|
1068
|
+
groupGet: FunctionReference<"query", "internal">;
|
|
1069
|
+
groupList: FunctionReference<"query", "internal">;
|
|
1070
|
+
groupUpdate: FunctionReference<"mutation", "internal">;
|
|
1071
|
+
groupDelete: FunctionReference<"mutation", "internal">;
|
|
1072
|
+
memberAdd: FunctionReference<"mutation", "internal">;
|
|
1073
|
+
memberGet: FunctionReference<"query", "internal">;
|
|
1074
|
+
memberList: FunctionReference<"query", "internal">;
|
|
1075
|
+
memberGetByGroupAndUser: FunctionReference<"query", "internal">;
|
|
1076
|
+
memberRemove: FunctionReference<"mutation", "internal">;
|
|
1077
|
+
memberUpdate: FunctionReference<"mutation", "internal">;
|
|
1078
|
+
inviteCreate: FunctionReference<"mutation", "internal">;
|
|
1079
|
+
inviteGet: FunctionReference<"query", "internal">;
|
|
1080
|
+
inviteGetByTokenHash: FunctionReference<"query", "internal">;
|
|
1081
|
+
inviteList: FunctionReference<"query", "internal">;
|
|
1082
|
+
inviteAccept: FunctionReference<"mutation", "internal">;
|
|
1083
|
+
inviteAcceptByToken: FunctionReference<"mutation", "internal">;
|
|
1084
|
+
inviteRevoke: FunctionReference<"mutation", "internal">;
|
|
1085
|
+
keyInsert: FunctionReference<"mutation", "internal">;
|
|
1086
|
+
keyGetByHashedKey: FunctionReference<"query", "internal">;
|
|
1087
|
+
keyGetById: FunctionReference<"query", "internal">;
|
|
1088
|
+
keyList: FunctionReference<"query", "internal">;
|
|
1089
|
+
keyPatch: FunctionReference<"mutation", "internal">;
|
|
1090
|
+
keyDelete: FunctionReference<"mutation", "internal">;
|
|
1091
|
+
passkeyInsert: FunctionReference<"mutation", "internal">;
|
|
1092
|
+
passkeyGetByCredentialId: FunctionReference<"query", "internal">;
|
|
1093
|
+
passkeyListByUserId: FunctionReference<"query", "internal">;
|
|
1094
|
+
passkeyUpdateCounter: FunctionReference<"mutation", "internal">;
|
|
1095
|
+
passkeyUpdateMeta: FunctionReference<"mutation", "internal">;
|
|
1096
|
+
passkeyDelete: FunctionReference<"mutation", "internal">;
|
|
1097
|
+
totpInsert: FunctionReference<"mutation", "internal", any, any>;
|
|
1098
|
+
totpGetVerifiedByUserId: FunctionReference<"query", "internal", any, any>;
|
|
1099
|
+
totpListByUserId: FunctionReference<"query", "internal", any, any>;
|
|
1100
|
+
totpGetById: FunctionReference<"query", "internal", any, any>;
|
|
1101
|
+
totpMarkVerified: FunctionReference<"mutation", "internal", any, any>;
|
|
1102
|
+
totpUpdateLastUsed: FunctionReference<"mutation", "internal", any, any>;
|
|
1103
|
+
totpDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1104
|
+
deviceInsert: FunctionReference<"mutation", "internal", any, any>;
|
|
1105
|
+
deviceGetByCodeHash: FunctionReference<"query", "internal", any, any>;
|
|
1106
|
+
deviceGetByUserCode: FunctionReference<"query", "internal", any, any>;
|
|
1107
|
+
deviceAuthorize: FunctionReference<"mutation", "internal", any, any>;
|
|
1108
|
+
deviceUpdateLastPolled: FunctionReference<"mutation", "internal", any, any>;
|
|
1109
|
+
deviceDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1110
|
+
groupConnectionCreate: FunctionReference<"mutation", "internal", any, any>;
|
|
1111
|
+
groupConnectionGet: FunctionReference<"query", "internal", any, any>;
|
|
1112
|
+
groupConnectionGetByDomain: FunctionReference<"query", "internal", any, any>;
|
|
1113
|
+
groupConnectionList: FunctionReference<"query", "internal", any, any>;
|
|
1114
|
+
groupConnectionUpdate: FunctionReference<"mutation", "internal", any, any>;
|
|
1115
|
+
groupConnectionDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1116
|
+
groupConnectionDomainAdd: FunctionReference<"mutation", "internal", any, any>;
|
|
1117
|
+
groupConnectionDomainList: FunctionReference<"query", "internal", any, any>;
|
|
1118
|
+
groupConnectionDomainDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1119
|
+
groupConnectionDomainVerificationGet: FunctionReference<"query", "internal", any, any>;
|
|
1120
|
+
groupConnectionDomainVerificationUpsert: FunctionReference<"mutation", "internal", any, any>;
|
|
1121
|
+
groupConnectionDomainVerificationDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1122
|
+
groupConnectionDomainVerify: FunctionReference<"mutation", "internal", any, any>;
|
|
1123
|
+
groupConnectionSecretUpsert: FunctionReference<"mutation", "internal", any, any>;
|
|
1124
|
+
groupConnectionSecretGet: FunctionReference<"query", "internal", any, any>;
|
|
1125
|
+
groupConnectionSecretDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1126
|
+
groupConnectionScimConfigUpsert: FunctionReference<"mutation", "internal", any, any>;
|
|
1127
|
+
groupConnectionScimConfigGetByGroupConnection: FunctionReference<"query", "internal", any, any>;
|
|
1128
|
+
groupConnectionScimConfigGetByTokenHash: FunctionReference<"query", "internal", any, any>;
|
|
1129
|
+
groupConnectionScimIdentityGet: FunctionReference<"query", "internal", any, any>;
|
|
1130
|
+
groupConnectionScimIdentityGetByUser: FunctionReference<"query", "internal", any, any>;
|
|
1131
|
+
groupConnectionScimIdentityGetByGroupConnectionAndUser: FunctionReference<"query", "internal", any, any>;
|
|
1132
|
+
groupConnectionScimIdentityGetByMappedGroup: FunctionReference<"query", "internal", any, any>;
|
|
1133
|
+
groupConnectionScimIdentityListByGroupConnection: FunctionReference<"query", "internal", any, any>;
|
|
1134
|
+
groupConnectionScimIdentityUpsert: FunctionReference<"mutation", "internal", any, any>;
|
|
1135
|
+
groupConnectionScimIdentityDelete: FunctionReference<"mutation", "internal", any, any>;
|
|
1136
|
+
groupAuditEventCreate: FunctionReference<"mutation", "internal", any, any>;
|
|
1137
|
+
groupAuditEventList: FunctionReference<"query", "internal", any, any>;
|
|
1138
|
+
groupWebhookEndpointCreate: FunctionReference<"mutation", "internal", any, any>;
|
|
1139
|
+
groupWebhookEndpointList: FunctionReference<"query", "internal", any, any>;
|
|
1140
|
+
groupWebhookEndpointGet: FunctionReference<"query", "internal", any, any>;
|
|
1141
|
+
groupWebhookEndpointUpdate: FunctionReference<"mutation", "internal", any, any>;
|
|
1142
|
+
groupWebhookDeliveryEnqueue: FunctionReference<"mutation", "internal", any, any>;
|
|
1143
|
+
groupWebhookDeliveryListReady: FunctionReference<"query", "internal", any, any>;
|
|
1144
|
+
groupWebhookDeliveryPatch: FunctionReference<"mutation", "internal", any, any>;
|
|
1145
|
+
};
|
|
1146
|
+
};
|
|
1047
1147
|
/**
|
|
1048
1148
|
* Convex document from a given table.
|
|
1049
1149
|
*/
|
|
@@ -1053,99 +1153,9 @@ type GenericDoc<DataModel extends GenericDataModel, TableName extends TableNames
|
|
|
1053
1153
|
};
|
|
1054
1154
|
/** Data model derived from the component schema. */
|
|
1055
1155
|
type AuthDataModel = DataModelFromSchemaDefinition<typeof _default>;
|
|
1056
|
-
/** Action context typed to the auth component's data model. */
|
|
1057
|
-
type ActionCtx = GenericActionCtx<AuthDataModel>;
|
|
1058
|
-
/** Mutation context typed to the auth component's data model. */
|
|
1059
|
-
type MutationCtx = GenericMutationCtx<AuthDataModel>;
|
|
1060
|
-
/** Query context typed to the auth component's data model. */
|
|
1061
|
-
type QueryCtx = GenericQueryCtx<AuthDataModel>;
|
|
1062
1156
|
/** A document from any table in the auth component schema. */
|
|
1063
1157
|
type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<AuthDataModel, T>;
|
|
1064
|
-
/** A pair of JWT access token and refresh token. */
|
|
1065
|
-
type Tokens = {
|
|
1066
|
-
token: string;
|
|
1067
|
-
refreshToken: string;
|
|
1068
|
-
};
|
|
1069
|
-
/** Session information returned after authentication. */
|
|
1070
|
-
type SessionInfo = {
|
|
1071
|
-
userId: GenericId<"User">;
|
|
1072
|
-
sessionId: GenericId<"Session">;
|
|
1073
|
-
tokens: Tokens | null;
|
|
1074
|
-
};
|
|
1075
|
-
/** Session information with guaranteed non-null tokens. */
|
|
1076
|
-
type SessionInfoWithTokens = {
|
|
1077
|
-
userId: GenericId<"User">;
|
|
1078
|
-
sessionId: GenericId<"Session">;
|
|
1079
|
-
tokens: Tokens;
|
|
1080
|
-
};
|
|
1081
|
-
type TotpDoc = Infer<typeof vTotpFactorDoc>;
|
|
1082
|
-
type PasskeyDoc = Infer<typeof vPasskeyDoc>;
|
|
1083
|
-
type VerifierDoc = Infer<typeof vAuthVerifierDoc>;
|
|
1084
1158
|
type KeyDoc = Infer<typeof vApiKeyDoc>;
|
|
1085
|
-
declare function queryUserById(ctx: ComponentCallCtx, userId: string): Promise<CrossComponentUserDoc | null>;
|
|
1086
|
-
declare function queryUserByVerifiedEmail(ctx: ComponentCallCtx, email: string): Promise<CrossComponentUserDoc | null>;
|
|
1087
|
-
declare function queryVerifierById(ctx: ComponentCallCtx, verifierId: string): Promise<VerifierDoc | null>;
|
|
1088
|
-
declare function mutateVerifierDelete(ctx: ComponentCallCtx, verifierId: string): Promise<void>;
|
|
1089
|
-
declare function queryTotpById(ctx: ComponentCallCtx, totpId: string): Promise<TotpDoc | null>;
|
|
1090
|
-
declare function queryTotpVerifiedByUserId(ctx: ComponentCallCtx, userId: string): Promise<TotpDoc | null>;
|
|
1091
|
-
declare function mutateTotpInsert(ctx: ComponentCallCtx, args: {
|
|
1092
|
-
userId: string;
|
|
1093
|
-
secret: ArrayBuffer;
|
|
1094
|
-
digits: number;
|
|
1095
|
-
period: number;
|
|
1096
|
-
verified: boolean;
|
|
1097
|
-
name?: string;
|
|
1098
|
-
createdAt: number;
|
|
1099
|
-
}): Promise<string>;
|
|
1100
|
-
declare function mutateTotpMarkVerified(ctx: ComponentCallCtx, totpId: string, lastUsedAt: number): Promise<void>;
|
|
1101
|
-
declare function mutateTotpUpdateLastUsed(ctx: ComponentCallCtx, totpId: string, lastUsedAt: number): Promise<void>;
|
|
1102
|
-
declare function queryPasskeysByUserId(ctx: ComponentCallCtx, userId: string): Promise<PasskeyDoc[]>;
|
|
1103
|
-
declare function queryPasskeyByCredentialId(ctx: ComponentCallCtx, credentialId: string): Promise<PasskeyDoc | null>;
|
|
1104
|
-
declare function mutatePasskeyInsert(ctx: ComponentCallCtx, args: {
|
|
1105
|
-
userId: string;
|
|
1106
|
-
credentialId: string;
|
|
1107
|
-
publicKey: ArrayBuffer | ArrayBufferLike;
|
|
1108
|
-
algorithm: number;
|
|
1109
|
-
counter: number;
|
|
1110
|
-
transports?: string[];
|
|
1111
|
-
deviceType: string;
|
|
1112
|
-
backedUp: boolean;
|
|
1113
|
-
name?: string;
|
|
1114
|
-
createdAt: number;
|
|
1115
|
-
}): Promise<string>;
|
|
1116
|
-
declare function mutatePasskeyUpdateCounter(ctx: ComponentCallCtx, passkeyId: string, counter: number, lastUsedAt: number): Promise<void>;
|
|
1117
|
-
declare function mutateKeyInsert(ctx: ComponentCallCtx, args: {
|
|
1118
|
-
userId: string;
|
|
1119
|
-
prefix: string;
|
|
1120
|
-
hashedKey: string;
|
|
1121
|
-
name: string;
|
|
1122
|
-
scopes: Array<{
|
|
1123
|
-
resource: string;
|
|
1124
|
-
actions: string[];
|
|
1125
|
-
}>;
|
|
1126
|
-
rateLimit?: {
|
|
1127
|
-
maxRequests: number;
|
|
1128
|
-
windowMs: number;
|
|
1129
|
-
};
|
|
1130
|
-
expiresAt?: number;
|
|
1131
|
-
}): Promise<string>;
|
|
1132
|
-
declare function queryKeysByUserId(ctx: ComponentCallCtx, userId: string): Promise<KeyDoc[]>;
|
|
1133
|
-
declare function queryKeyById(ctx: ComponentCallCtx, keyId: string): Promise<KeyDoc | null>;
|
|
1134
|
-
declare function mutateKeyPatch(ctx: ComponentCallCtx, keyId: string, data: Record<string, unknown>): Promise<void>;
|
|
1135
|
-
declare function mutateKeyDelete(ctx: ComponentCallCtx, keyId: string): Promise<void>;
|
|
1136
|
-
type DeviceDoc = Infer<typeof vDeviceCodeDoc>;
|
|
1137
|
-
declare function mutateDeviceInsert(ctx: ComponentCallCtx, args: {
|
|
1138
|
-
deviceCodeHash: string;
|
|
1139
|
-
userCode: string;
|
|
1140
|
-
expiresAt: number;
|
|
1141
|
-
interval: number;
|
|
1142
|
-
status: "pending" | "authorized" | "denied";
|
|
1143
|
-
}): Promise<string>;
|
|
1144
|
-
declare function queryDeviceByCodeHash(ctx: ComponentCallCtx, deviceCodeHash: string): Promise<DeviceDoc | null>;
|
|
1145
|
-
declare function queryDeviceByUserCode(ctx: ComponentCallCtx, userCode: string): Promise<DeviceDoc | null>;
|
|
1146
|
-
declare function mutateDeviceAuthorize(ctx: ComponentCallCtx, deviceId: string, userId: string, sessionId: string): Promise<void>;
|
|
1147
|
-
declare function mutateDeviceUpdateLastPolled(ctx: ComponentCallCtx, deviceId: string, lastPolledAt: number): Promise<void>;
|
|
1148
|
-
declare function mutateDeviceDelete(ctx: ComponentCallCtx, deviceId: string): Promise<void>;
|
|
1149
1159
|
//#endregion
|
|
1150
|
-
export {
|
|
1160
|
+
export { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, ConvexAuthMaterializedConfig, ConvexCredentialsConfig, CorsConfig, DeviceProviderConfig, Doc, EmailConfig, EmailUserConfig, GenericActionCtxWithAuthConfig, GenericDoc, GroupConnectionDeprovisionMode, GroupConnectionPolicy, GroupConnectionPolicyPatch, HasDeviceProvider, HasPasskeyProvider, HasSSO, HasTotpProvider, HttpKeyContext, KeyDoc, KeyScope, OAuthMaterializedConfig, OAuthProfile, OAuthTokens, OIDCClaimMapping, PasskeyProviderConfig, PhoneConfig, PhoneUserConfig, SSOProviderConfig, ScopeChecker, TotpProviderConfig, UserOrderBy, UserWhere };
|
|
1151
1161
|
//# sourceMappingURL=types.d.ts.map
|