@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,12 +1,16 @@
1
- import { createDeviceClient } from "../factors/device.js";
2
- import { browserMutex, getStorageListenerRegistry } from "../runtime/browser.js";
3
- import { createPasskeyClient } from "../factors/passkey.js";
4
- import { createTotpClient } from "../factors/totp.js";
5
- import { createInviteManager } from "../runtime/invite.js";
6
- import { createProxyHelpers, isRetriableProxyRefreshError, isTransientNetworkError } from "../runtime/proxy.js";
7
- import { createStorageHelpers } from "../runtime/storage.js";
8
- import { Fx } from "@robelest/fx";
9
- import { ConvexHttpClient } from "convex/browser";
1
+ import { LOG_LEVELS, logMessage } from "../shared/log.js";
2
+ import { createDeferred } from "./core/types.js";
3
+ import { createHandshakeError } from "./errors.js";
4
+ import { createDeviceClient } from "./factors/device.js";
5
+ import { createTotpClient } from "./factors/totp.js";
6
+ import { createInviteManager } from "./runtime/invite.js";
7
+ import { localMutex } from "./runtime/mutex.js";
8
+ import { isRetriableProxyRefreshError, isTransientNetworkError, parseProxyErrorBody } from "./runtime/proxy.js";
9
+ import { createStorageHelpers } from "./runtime/storage.js";
10
+ import { ClientAdapterFactoriesLive, ClientAdaptersLive } from "./services/adapters.js";
11
+ import { ClientHttpLive } from "./services/http.js";
12
+ import { resolveClientServices } from "./services/resolve.js";
13
+ import { ClientRuntimeLive } from "./services/runtime.js";
10
14
  import { ConvexError } from "convex/values";
11
15
 
12
16
  //#region src/client/index.ts
@@ -18,6 +22,17 @@ const INVITE_EMAIL_KEY = "__convexAuthPendingInviteEmail";
18
22
  const RETRY_BASE_MS = 500;
19
23
  const RETRY_MAX_RETRIES = 2;
20
24
  const AUTH_HANDSHAKE_TIMEOUT_MS = 5e3;
25
+ async function retryWithJitteredBackoff(fn, shouldRetry) {
26
+ let attempt = 0;
27
+ while (true) try {
28
+ return await fn();
29
+ } catch (error) {
30
+ if (attempt >= RETRY_MAX_RETRIES || !shouldRetry(error)) throw error;
31
+ const jitter = RETRY_BASE_MS * Math.pow(2, attempt) * (.5 + Math.random());
32
+ await new Promise((resolve) => setTimeout(resolve, jitter));
33
+ attempt++;
34
+ }
35
+ }
21
36
  /**
22
37
  * Resolve the Convex deployment URL from the client.
23
38
  *
@@ -26,16 +41,30 @@ const AUTH_HANDSHAKE_TIMEOUT_MS = 5e3;
26
41
  */
27
42
  function resolveUrl(convex, explicit) {
28
43
  if (explicit) return explicit;
29
- const c = convex;
30
- const url = c.url ?? c.client?.url;
44
+ const candidate = convex;
45
+ const client = typeof candidate.client === "object" && candidate.client !== null ? candidate.client : void 0;
46
+ const url = candidate.url ?? client?.url;
31
47
  if (typeof url === "string") return url;
32
48
  throw new Error("Could not determine Convex deployment URL. Pass `url` explicitly.");
33
49
  }
50
+ function stableStringify(value) {
51
+ if (value === void 0) return "null";
52
+ if (Array.isArray(value)) return `[${value.map((item) => stableStringify(item)).join(",")}]`;
53
+ if (value !== null && typeof value === "object") return `{${Object.entries(value).filter(([, entryValue]) => entryValue !== void 0).sort(([left], [right]) => left.localeCompare(right)).map(([key, entryValue]) => `${JSON.stringify(key)}:${stableStringify(entryValue)}`).join(",")}}`;
54
+ return JSON.stringify(value);
55
+ }
56
+ function buildSignInRequestKey(provider, params) {
57
+ return stableStringify({
58
+ provider: provider ?? null,
59
+ params
60
+ });
61
+ }
34
62
  /**
35
63
  * Create a framework-agnostic auth client.
36
64
  *
37
- * Returns an object with `signIn`, `signOut`, `onChange`, `state`,
38
- * `passkey`, and `totp` everything needed for client-side auth.
65
+ * Returns an object with `signIn`, `signOut`, `onChange`, `state`, and any
66
+ * factor helpers enabled by your configured providers. Browser-specific
67
+ * passkey support is added by the `@robelest/convex-auth/browser` entrypoint.
39
68
  *
40
69
  * ### SPA mode (default)
41
70
  *
@@ -48,48 +77,64 @@ function resolveUrl(convex, explicit) {
48
77
  * const auth = client({ convex, api: api.auth });
49
78
  * ```
50
79
  *
51
- * ### SSR / proxy mode
80
+ * ### Proxy mode
52
81
  *
53
82
  * ```ts
54
83
  * const auth = client({
55
84
  * convex,
56
85
  * proxyPath: '/api/auth',
57
86
  * tokenSeed: tokenFromServer, // JWT read from httpOnly cookie during SSR
87
+ * runtime: myRuntime,
58
88
  * });
59
89
  * ```
60
90
  *
61
- * In proxy mode all auth operations go through the proxy URL.
91
+ * In proxy mode all auth operations go through the injected proxy runtime.
62
92
  * Tokens are stored in httpOnly cookies server-side — the client
63
93
  * holds the JWT in memory only.
64
94
  *
65
95
  * @param options - Client configuration. See {@link ClientOptions}.
66
96
  * @typeParam Api - An AuthApiRefs type determining which factor helpers are available.
67
- * @returns Auth client with conditional `passkey`, `totp`, and `device` helpers.
97
+ * @returns Auth client with conditional `totp` and `device` helpers.
68
98
  * @throws {Error} When the Convex deployment URL cannot be determined and `url` is not passed explicitly.
69
99
  * @throws {Error} When `proxyPath` is not set and the `api` option is missing.
100
+ * @throws {Error} When `proxyPath` is set and `runtime.proxy` is missing.
70
101
  */
71
102
  function client(options) {
72
103
  const { convex, proxyPath, api: apiRefs } = options;
73
104
  const proxy = proxyPath;
105
+ const services = resolveClientServices({
106
+ runtime: ClientRuntimeLive(options.runtime ?? {}),
107
+ adapters: ClientAdaptersLive(options.adapters ?? {}),
108
+ adapterFactories: ClientAdapterFactoriesLive(options.adapterFactories ?? {}),
109
+ http: ClientHttpLive(proxy ? null : options.httpClient ?? null)
110
+ });
111
+ const runtime = services.runtime;
112
+ const adapters = services.adapters;
113
+ function requireProxyRuntime() {
114
+ if (!runtime.proxy) throw new Error("The `runtime.proxy` option is required when `proxyPath` is set. Use `@robelest/convex-auth/browser` for browser defaults or inject a proxy runtime explicitly.");
115
+ return runtime.proxy;
116
+ }
74
117
  function requireApiRefs() {
75
118
  if (!apiRefs) throw new Error("The `api` option is required when `proxyPath` is not set. Pass { api: api.auth }.");
76
119
  return apiRefs;
77
120
  }
78
- const storage = options.storage !== void 0 ? options.storage : proxy ? null : typeof window === "undefined" ? null : window.localStorage;
79
- const replaceUrl = options.replaceUrl ?? ((url$1) => {
80
- if (typeof window !== "undefined") window.history.replaceState({}, "", url$1);
81
- });
121
+ function requireHttpClient() {
122
+ if (!httpClient) throw new Error("The `httpClient` option is required when `proxyPath` is not set in a non-browser runtime. Use `@robelest/convex-auth/browser` for browser defaults or pass an action-only transport explicitly.");
123
+ return httpClient;
124
+ }
125
+ const storage = options.storage !== void 0 ? options.storage : runtime.storage !== void 0 ? runtime.storage : null;
126
+ const proxyRuntime = proxy ? requireProxyRuntime() : null;
127
+ const replaceUrl = options.replaceUrl ?? (runtime.location ? (url$1) => runtime.location.replace(url$1) : (_url) => {});
82
128
  function getLocation() {
83
129
  if (typeof options.location === "function") return options.location();
84
130
  if (options.location instanceof URL) return options.location;
85
- if (typeof window !== "undefined") return new URL(window.location.href);
131
+ if (runtime.location) return runtime.location.get();
86
132
  return null;
87
133
  }
88
134
  /**
89
135
  * SSR-safe URL parameter reader.
90
136
  *
91
- * Uses the `location` option if provided, otherwise falls back to
92
- * `window.location` (returns `null` during SSR where `window` is unavailable).
137
+ * Uses the injected location source when provided.
93
138
  *
94
139
  * @param name - The query parameter name.
95
140
  * @returns The parameter value, or `null` if not present or in SSR.
@@ -121,10 +166,28 @@ function client(options) {
121
166
  storage,
122
167
  key
123
168
  });
124
- const { isAbsoluteUrl, proxyFetch, resolveProxyUrl } = createProxyHelpers({ proxy });
169
+ const proxyFetch = async (body) => {
170
+ if (!proxy) throw new Error("Proxy fetch requested without proxyPath.");
171
+ const response = await proxyRuntime.fetch(body, proxy);
172
+ if (!response.ok) {
173
+ let errorBody = {};
174
+ try {
175
+ errorBody = parseProxyErrorBody(await response.json());
176
+ } catch {
177
+ errorBody = {};
178
+ }
179
+ if (typeof errorBody === "object" && errorBody !== null && "authError" in errorBody && typeof errorBody.authError === "object") throw new ConvexError(errorBody.authError);
180
+ throw new Error(errorBody.error ?? `Proxy request failed: ${response.status}`);
181
+ }
182
+ try {
183
+ return await response.json();
184
+ } catch {
185
+ throw new Error("Proxy response was not valid JSON");
186
+ }
187
+ };
125
188
  const subscribers = /* @__PURE__ */ new Set();
126
189
  let disposeStorageListener = null;
127
- const httpClient = proxy ? null : new ConvexHttpClient(url);
190
+ const httpClient = services.httpClient;
128
191
  const serverToken = typeof options.tokenSeed === "string" && options.tokenSeed.trim().length > 0 ? options.tokenSeed : null;
129
192
  const hasServerToken = serverToken !== null;
130
193
  let token = serverToken;
@@ -133,6 +196,7 @@ function client(options) {
133
196
  let handshakePending = false;
134
197
  let authEpoch = 0;
135
198
  let destroyed = false;
199
+ let activeSignIn = null;
136
200
  const handshakeWaiters = /* @__PURE__ */ new Set();
137
201
  let snapshot = {
138
202
  phase: hasServerToken ? "authenticated" : isLoading ? "loading" : "unauthenticated",
@@ -141,24 +205,13 @@ function client(options) {
141
205
  token
142
206
  };
143
207
  let handlingCodeFlow = false;
144
- const HANDSHAKE_ERROR_MESSAGES = {
145
- AUTH_HANDSHAKE_TIMEOUT: "Sign-in succeeded but authentication confirmation timed out.",
146
- AUTH_HANDSHAKE_REJECTED: "Authentication was rejected while confirming the session."
147
- };
148
- const createHandshakeError = (code, context) => {
149
- return new ConvexError({
150
- code,
151
- message: HANDSHAKE_ERROR_MESSAGES[code],
152
- ...context
153
- });
154
- };
155
208
  const settleHandshakeWaiters = (epoch, outcome) => {
156
209
  for (const waiter of Array.from(handshakeWaiters)) {
157
210
  if (waiter.epoch !== epoch) continue;
158
211
  clearTimeout(waiter.timeoutId);
159
212
  handshakeWaiters.delete(waiter);
160
- if (outcome.type === "resolve") waiter.resolve();
161
- else waiter.reject(outcome.error);
213
+ if (outcome.type === "resolve") waiter.deferred.resolve(void 0);
214
+ else waiter.deferred.reject(outcome.error);
162
215
  }
163
216
  };
164
217
  const rejectObsoleteHandshakeWaiters = (activeEpoch) => {
@@ -166,7 +219,7 @@ function client(options) {
166
219
  if (waiter.epoch >= activeEpoch) continue;
167
220
  clearTimeout(waiter.timeoutId);
168
221
  handshakeWaiters.delete(waiter);
169
- waiter.reject(createHandshakeError("AUTH_HANDSHAKE_REJECTED", {
222
+ waiter.deferred.reject(createHandshakeError("AUTH_HANDSHAKE_REJECTED", {
170
223
  ...waiter.context,
171
224
  reason: "token_changed"
172
225
  }));
@@ -180,24 +233,26 @@ function client(options) {
180
233
  reason: "auth_rejected"
181
234
  });
182
235
  const epoch = authEpoch;
183
- await new Promise((resolve, reject) => {
184
- const waiterRef = { current: null };
185
- const waiter = {
186
- epoch,
187
- context,
188
- resolve,
189
- reject,
190
- timeoutId: setTimeout(() => {
191
- if (waiterRef.current !== null) handshakeWaiters.delete(waiterRef.current);
192
- reject(createHandshakeError("AUTH_HANDSHAKE_TIMEOUT", {
193
- ...context,
194
- timeoutMs: AUTH_HANDSHAKE_TIMEOUT_MS
195
- }));
196
- }, AUTH_HANDSHAKE_TIMEOUT_MS)
197
- };
198
- waiterRef.current = waiter;
199
- handshakeWaiters.add(waiter);
200
- });
236
+ const deferred = createDeferred();
237
+ const waiter = {
238
+ epoch,
239
+ context,
240
+ deferred,
241
+ timeoutId: setTimeout(() => {
242
+ handshakeWaiters.delete(waiter);
243
+ deferred.reject(createHandshakeError("AUTH_HANDSHAKE_TIMEOUT", {
244
+ ...context,
245
+ timeoutMs: AUTH_HANDSHAKE_TIMEOUT_MS
246
+ }));
247
+ }, AUTH_HANDSHAKE_TIMEOUT_MS)
248
+ };
249
+ handshakeWaiters.add(waiter);
250
+ try {
251
+ await deferred.promise;
252
+ } finally {
253
+ clearTimeout(waiter.timeoutId);
254
+ handshakeWaiters.delete(waiter);
255
+ }
201
256
  };
202
257
  const handleConvexAuthChange = (isAuthenticated) => {
203
258
  if (destroyed) return;
@@ -212,12 +267,7 @@ function client(options) {
212
267
  for (const cb of subscribers) cb();
213
268
  };
214
269
  const updateSnapshot = () => {
215
- const phase = {
216
- handshake: "handshake",
217
- loading: "loading",
218
- authenticated: "authenticated",
219
- unauthenticated: "unauthenticated"
220
- }[{ tag: token !== null && handshakePending ? "handshake" : isLoading ? "loading" : token !== null && authConfirmed ? "authenticated" : "unauthenticated" }.tag];
270
+ const phase = token !== null && handshakePending ? "handshake" : isLoading ? "loading" : token !== null && authConfirmed ? "authenticated" : "unauthenticated";
221
271
  const next = {
222
272
  phase,
223
273
  isLoading: phase === "loading" || phase === "handshake",
@@ -294,18 +344,24 @@ function client(options) {
294
344
  if (waitForHandshake) await waitForAuthHandshake(context);
295
345
  return true;
296
346
  };
347
+ const adapterDeps = {
348
+ proxy,
349
+ convex,
350
+ requireApiRefs,
351
+ proxyFetch,
352
+ setTokenAndMaybeWait
353
+ };
354
+ const passkeyAdapter = adapters.passkey ?? services.adapterFactories.passkey?.(adapterDeps);
297
355
  const verifyCode = async (args) => {
298
- const verifyCodeRetryPolicy = Fx.retry.while(Fx.retry.compose(Fx.retry.jittered(Fx.retry.exponential(RETRY_BASE_MS)), Fx.retry.recurs(RETRY_MAX_RETRIES)), (meta) => isTransientNetworkError(meta.input));
299
- return Fx.run(Fx.from({
300
- ok: () => httpClient.action(requireApiRefs().signIn, "code" in args ? {
301
- params: { code: args.code },
302
- verifier: args.verifier
303
- } : args),
304
- err: (e) => e
305
- }).pipe(Fx.retry(verifyCodeRetryPolicy), Fx.recover((e) => Fx.fatal(e))));
356
+ return retryWithJitteredBackoff(() => requireHttpClient().action(requireApiRefs().signIn, "code" in args ? {
357
+ params: { code: args.code },
358
+ verifier: args.verifier
359
+ } : args), isTransientNetworkError);
306
360
  };
307
361
  const verifyCodeAndSetToken = async (args, opts) => {
308
- const { tokens } = await verifyCode(args);
362
+ const result = await verifyCode(args);
363
+ if (result.kind !== "signedIn") throw new Error("Code exchange did not return tokens.");
364
+ const { tokens } = result;
309
365
  await setToken({
310
366
  shouldStore: true,
311
367
  tokens: tokens ?? null,
@@ -314,15 +370,17 @@ function client(options) {
314
370
  return tokens !== null;
315
371
  };
316
372
  const normalizeDeviceCodeResult = (device_code) => {
373
+ const input = device_code;
317
374
  return {
318
- deviceCode: device_code.deviceCode,
319
- userCode: device_code.userCode,
320
- verificationUri: device_code.verification_uri ?? device_code.verificationUri,
321
- verificationUriComplete: device_code.verification_uri_complete ?? device_code.verificationUriComplete,
322
- expiresIn: device_code.expiresIn,
323
- interval: device_code.interval
375
+ deviceCode: input.deviceCode,
376
+ userCode: input.userCode,
377
+ verificationUri: input.verification_uri ?? input.verificationUri ?? "",
378
+ verificationUriComplete: input.verification_uri_complete ?? input.verificationUriComplete ?? "",
379
+ expiresIn: input.expiresIn,
380
+ interval: input.interval
324
381
  };
325
382
  };
383
+ const isSignedInResult = (result) => result.kind === "signedIn";
326
384
  /**
327
385
  * Sign in with a provider.
328
386
  *
@@ -361,68 +419,80 @@ function client(options) {
361
419
  return formParams;
362
420
  })() : args ?? {};
363
421
  const flow = typeof params.flow === "string" && params.flow.length > 0 ? params.flow : "signIn";
364
- const handleSignInActionResult = async (result, options$1) => Fx.run(Fx.match(result, result.kind, {
365
- redirect: (redirectResult) => Fx.promise(async () => {
366
- const redirectUrl = new URL(redirectResult.redirect);
367
- if (options$1.persistVerifier) await storageSet(VERIFIER_STORAGE_KEY, redirectResult.verifier);
368
- if (typeof window !== "undefined") window.location.href = redirectUrl.toString();
422
+ const signInKey = buildSignInRequestKey(provider, params);
423
+ const handleSignInActionResult = async (result, resultOptions) => {
424
+ if (result.kind === "redirect") {
425
+ const redirectUrl = new URL(result.redirect);
426
+ if (resultOptions.persistVerifier) await storageSet(VERIFIER_STORAGE_KEY, result.verifier);
427
+ if (runtime.location) await runtime.location.redirect(redirectUrl);
369
428
  return {
370
429
  kind: "redirect",
371
430
  redirect: redirectUrl,
372
- verifier: redirectResult.verifier
431
+ verifier: result.verifier
373
432
  };
374
- }),
375
- totpRequired: (totpRequiredResult) => Fx.succeed({
433
+ }
434
+ if (result.kind === "totpRequired") return {
376
435
  kind: "totpRequired",
377
- verifier: totpRequiredResult.verifier
378
- }),
379
- deviceCode: (deviceCodeResult) => Fx.succeed({
436
+ verifier: result.verifier
437
+ };
438
+ if (result.kind === "deviceCode") return {
380
439
  kind: "deviceCode",
381
- deviceCode: normalizeDeviceCodeResult(deviceCodeResult.deviceCode)
382
- }),
383
- signedIn: (signedInResult) => Fx.promise(async () => {
384
- return await setTokenAndMaybeWait(options$1.shouldStore ? {
385
- shouldStore: true,
386
- tokens: signedInResult.tokens,
387
- waitForHandshake: true,
388
- context: {
389
- provider,
390
- flow
391
- }
392
- } : {
393
- shouldStore: false,
394
- tokens: signedInResult.tokens === null ? null : { token: signedInResult.tokens.token },
395
- waitForHandshake: true,
396
- context: {
397
- provider,
398
- flow
399
- }
400
- }) ? { kind: "signedIn" } : { kind: "started" };
401
- }),
402
- started: (_startedResult) => Fx.succeed({ kind: "started" }),
403
- passkeyOptions: (_passkeyOptionsResult) => Fx.succeed({ kind: "started" }),
404
- totpSetup: (_totpSetupResult) => Fx.succeed({ kind: "started" })
405
- }));
406
- if (proxy) return handleSignInActionResult(await proxyFetch({
407
- action: "auth:signIn",
408
- args: {
440
+ deviceCode: normalizeDeviceCodeResult(result.deviceCode)
441
+ };
442
+ if (result.kind === "signedIn") return await setTokenAndMaybeWait(resultOptions.shouldStore ? {
443
+ shouldStore: true,
444
+ tokens: result.tokens,
445
+ waitForHandshake: true,
446
+ context: {
447
+ provider,
448
+ flow
449
+ }
450
+ } : {
451
+ shouldStore: false,
452
+ tokens: result.tokens === null ? null : { token: result.tokens.token },
453
+ waitForHandshake: true,
454
+ context: {
455
+ provider,
456
+ flow
457
+ }
458
+ }) ? { kind: "signedIn" } : { kind: "started" };
459
+ return { kind: "started" };
460
+ };
461
+ if (activeSignIn !== null) {
462
+ if (activeSignIn.key === signInKey) return await activeSignIn.promise;
463
+ throw new Error("Another sign-in flow is already in progress.");
464
+ }
465
+ const signInPromise = (async () => {
466
+ if (proxy) return await handleSignInActionResult(await proxyFetch({
467
+ action: "auth:signIn",
468
+ args: {
469
+ provider,
470
+ params
471
+ }
472
+ }), {
473
+ shouldStore: false,
474
+ persistVerifier: false
475
+ });
476
+ const verifier = await storageGet(VERIFIER_STORAGE_KEY) ?? void 0;
477
+ await storageRemove(VERIFIER_STORAGE_KEY);
478
+ return await handleSignInActionResult(await convex.action(requireApiRefs().signIn, {
409
479
  provider,
410
- params
411
- }
412
- }), {
413
- shouldStore: false,
414
- persistVerifier: false
415
- });
416
- const verifier = await storageGet(VERIFIER_STORAGE_KEY) ?? void 0;
417
- await storageRemove(VERIFIER_STORAGE_KEY);
418
- return handleSignInActionResult(await convex.action(requireApiRefs().signIn, {
419
- provider,
420
- params,
421
- verifier
422
- }), {
423
- shouldStore: true,
424
- persistVerifier: true
425
- });
480
+ params,
481
+ verifier
482
+ }), {
483
+ shouldStore: true,
484
+ persistVerifier: true
485
+ });
486
+ })();
487
+ activeSignIn = {
488
+ key: signInKey,
489
+ promise: signInPromise
490
+ };
491
+ try {
492
+ return await signInPromise;
493
+ } finally {
494
+ if (activeSignIn?.promise === signInPromise) activeSignIn = null;
495
+ }
426
496
  };
427
497
  /**
428
498
  * Sign out the current user.
@@ -433,13 +503,12 @@ function client(options) {
433
503
  */
434
504
  const signOut = async () => {
435
505
  if (proxy) {
436
- await Fx.run(Fx.from({
437
- ok: () => proxyFetch({
506
+ try {
507
+ await proxyFetch({
438
508
  action: "auth:signOut",
439
509
  args: {}
440
- }),
441
- err: () => void 0
442
- }).pipe(Fx.recover(() => Fx.succeed(void 0))));
510
+ });
511
+ } catch {}
443
512
  await setToken({
444
513
  shouldStore: false,
445
514
  tokens: null
@@ -447,10 +516,9 @@ function client(options) {
447
516
  if (convex.clearAuth) convex.clearAuth();
448
517
  return;
449
518
  }
450
- await Fx.run(Fx.from({
451
- ok: () => convex.action(requireApiRefs().signOut, {}),
452
- err: () => void 0
453
- }).pipe(Fx.recover(() => Fx.succeed(void 0))));
519
+ try {
520
+ await convex.action(requireApiRefs().signOut, {});
521
+ } catch {}
454
522
  await setToken({
455
523
  shouldStore: true,
456
524
  tokens: null
@@ -459,45 +527,36 @@ function client(options) {
459
527
  };
460
528
  const fetchAccessToken = async ({ forceRefreshToken }) => {
461
529
  if (!forceRefreshToken) return token;
530
+ const mutex = runtime.mutex;
531
+ const withMutex = mutex ? (key$1, callback) => mutex.withKey(key$1, callback) : localMutex;
462
532
  if (proxy) {
463
- const resolvedProxyUrl = await resolveProxyUrl();
464
- if (typeof window === "undefined" && !await isAbsoluteUrl(resolvedProxyUrl)) {
465
- finalizeLoadingState();
466
- return token;
467
- }
468
533
  const tokenBeforeRefresh = token;
469
- return await browserMutex("__convexAuthProxyRefresh", async () => {
534
+ return await withMutex("__convexAuthProxyRefresh", async () => {
470
535
  if (token !== tokenBeforeRefresh) return token;
471
- const proxyRefreshRetryPolicy = Fx.retry.while(Fx.retry.compose(Fx.retry.jittered(Fx.retry.exponential(RETRY_BASE_MS)), Fx.retry.recurs(RETRY_MAX_RETRIES)), (meta) => isRetriableProxyRefreshError(meta.input));
472
- await Fx.run(Fx.from({
473
- ok: () => proxyFetch({
536
+ try {
537
+ const result = await retryWithJitteredBackoff(() => proxyFetch({
474
538
  action: "auth:signIn",
475
539
  args: { refreshToken: true }
476
- }),
477
- err: (e) => e
478
- }).pipe(Fx.retry(proxyRefreshRetryPolicy), Fx.chain((result) => Fx.from({
479
- ok: async () => {
480
- if (result.tokens) await setToken({
481
- shouldStore: false,
482
- tokens: { token: result.tokens.token },
483
- resyncConvexAuth: false
484
- });
485
- else await setToken({
486
- shouldStore: false,
487
- tokens: null,
488
- resyncConvexAuth: false
489
- });
490
- },
491
- err: (e) => e
492
- })), Fx.inspect((error) => Fx.sync(() => console.error("[convex-auth] Proxy refresh failed:", error))), Fx.recover(() => {
540
+ }), isRetriableProxyRefreshError);
541
+ if (isSignedInResult(result) && result.tokens) await setToken({
542
+ shouldStore: false,
543
+ tokens: { token: result.tokens.token },
544
+ resyncConvexAuth: false
545
+ });
546
+ else await setToken({
547
+ shouldStore: false,
548
+ tokens: null,
549
+ resyncConvexAuth: false
550
+ });
551
+ } catch (error) {
552
+ logMessage("convex-auth/client", LOG_LEVELS.ERROR, ["[convex-auth] Proxy refresh failed:", error]);
493
553
  if (token === null) finalizeLoadingState();
494
- return Fx.succeed(void 0);
495
- })));
554
+ }
496
555
  return token;
497
556
  });
498
557
  }
499
558
  const tokenBeforeLockAcquisition = token;
500
- return await browserMutex(REFRESH_TOKEN_STORAGE_KEY, async () => {
559
+ return await withMutex(REFRESH_TOKEN_STORAGE_KEY, async () => {
501
560
  const tokenAfterLockAcquisition = token;
502
561
  if (tokenAfterLockAcquisition !== tokenBeforeLockAcquisition) return tokenAfterLockAcquisition;
503
562
  const refreshToken = await storageGet(REFRESH_TOKEN_STORAGE_KEY) ?? null;
@@ -510,25 +569,20 @@ function client(options) {
510
569
  });
511
570
  };
512
571
  const handleCodeFlow = async () => {
513
- if (typeof window === "undefined") return;
514
572
  if (handlingCodeFlow) return;
515
- const code = new URLSearchParams(window.location.search).get("code");
573
+ const location = getLocation();
574
+ if (!location) return;
575
+ const code = location.searchParams.get("code");
516
576
  if (!code) return;
517
577
  handlingCodeFlow = true;
518
- await Fx.run(Fx.from({
519
- ok: async () => {
520
- await signIn(void 0, { code });
521
- const codeUrl = new URL(window.location.href);
522
- codeUrl.searchParams.delete("code");
523
- await replaceUrl(codeUrl.pathname + codeUrl.search + codeUrl.hash);
524
- },
525
- err: (e) => e
526
- }).pipe(Fx.recover(() => Fx.succeed(void 0)), Fx.tap(() => Fx.sync(() => {
578
+ try {
579
+ await signIn(void 0, { code });
580
+ const codeUrl = new URL(location.toString());
581
+ codeUrl.searchParams.delete("code");
582
+ await replaceUrl(codeUrl.pathname + codeUrl.search + codeUrl.hash);
583
+ } catch {} finally {
527
584
  handlingCodeFlow = false;
528
- })), Fx.inspect(() => Fx.sync(() => {
529
- handlingCodeFlow = false;
530
- }))));
531
- handlingCodeFlow = false;
585
+ }
532
586
  };
533
587
  const hydrateFromStorage = async () => {
534
588
  const storedToken = await storageGet(JWT_STORAGE_KEY) ?? null;
@@ -556,45 +610,34 @@ function client(options) {
556
610
  subscribers.delete(wrapped);
557
611
  };
558
612
  };
559
- if (!proxy && typeof window !== "undefined") {
560
- const registryKey = key(JWT_STORAGE_KEY);
561
- const registry = getStorageListenerRegistry();
562
- const existingListener = registry[registryKey];
563
- if (existingListener !== void 0) window.removeEventListener("storage", existingListener);
564
- const onStorage = (event) => {
565
- Fx.detach(async () => {
566
- if (event.key !== key(JWT_STORAGE_KEY)) return;
613
+ if (!proxy && runtime.sync) disposeStorageListener = runtime.sync.subscribe(key(JWT_STORAGE_KEY), (value) => {
614
+ setToken({
615
+ shouldStore: false,
616
+ tokens: value === null ? null : { token: value }
617
+ }).catch((error) => {
618
+ logMessage("convex-auth/client", LOG_LEVELS.ERROR, ["[convex-auth] Storage event handler failed:", error]);
619
+ });
620
+ }) ?? null;
621
+ bindConvexAuth();
622
+ if (proxy) {
623
+ if (!hasServerToken && runtime.environment !== "server") fetchAccessToken({ forceRefreshToken: true }).catch((error) => {
624
+ logMessage("convex-auth/client", LOG_LEVELS.ERROR, ["[convex-auth] Proxy token refresh failed:", error]);
625
+ });
626
+ } else (async () => {
627
+ try {
628
+ await hydrateFromStorage();
629
+ await handleCodeFlow();
630
+ } catch {
631
+ try {
567
632
  await setToken({
568
633
  shouldStore: false,
569
- tokens: event.newValue === null ? null : { token: event.newValue }
634
+ tokens: null
570
635
  });
571
- }, "[convex-auth] Storage event handler failed:");
572
- };
573
- window.addEventListener("storage", onStorage);
574
- registry[registryKey] = onStorage;
575
- disposeStorageListener = () => {
576
- if (registry[registryKey] === onStorage) delete registry[registryKey];
577
- window.removeEventListener("storage", onStorage);
578
- };
579
- }
580
- bindConvexAuth();
581
- if (typeof window !== "undefined") if (proxy) {
582
- if (!hasServerToken) Fx.detach(() => fetchAccessToken({ forceRefreshToken: true }), "[convex-auth] Proxy token refresh failed:");
583
- } else Fx.detach(async () => {
584
- await Fx.run(Fx.from({
585
- ok: async () => {
586
- await hydrateFromStorage();
587
- await handleCodeFlow();
588
- },
589
- err: (e) => e
590
- }).pipe(Fx.inspect((error) => Fx.sync(() => console.error("[convex-auth] Client initialization failed:", error))), Fx.recover((_error) => Fx.from({
591
- ok: () => setToken({
592
- shouldStore: false,
593
- tokens: null
594
- }),
595
- err: (e) => e
596
- }).pipe(Fx.recover(() => Fx.succeed(void 0))))));
597
- }, "[convex-auth] SPA initialization failed:");
636
+ } catch {}
637
+ }
638
+ })().catch((error) => {
639
+ logMessage("convex-auth/client", LOG_LEVELS.ERROR, ["[convex-auth] SPA initialization failed:", error]);
640
+ });
598
641
  return {
599
642
  get state() {
600
643
  return snapshot;
@@ -612,21 +655,14 @@ function client(options) {
612
655
  signIn,
613
656
  signOut,
614
657
  onChange,
615
- passkey: createPasskeyClient({
658
+ totp: adapters.totp ?? createTotpClient({
616
659
  proxy,
617
660
  convex,
618
661
  requireApiRefs,
619
662
  proxyFetch,
620
663
  setTokenAndMaybeWait
621
664
  }),
622
- totp: createTotpClient({
623
- proxy,
624
- convex,
625
- requireApiRefs,
626
- proxyFetch,
627
- setTokenAndMaybeWait
628
- }),
629
- device: createDeviceClient({
665
+ device: adapters.device ?? createDeviceClient({
630
666
  proxy,
631
667
  convex,
632
668
  requireApiRefs,
@@ -641,7 +677,8 @@ function client(options) {
641
677
  });
642
678
  disposeStorageListener?.();
643
679
  subscribers.clear();
644
- }
680
+ },
681
+ ...passkeyAdapter ? { passkey: passkeyAdapter } : {}
645
682
  };
646
683
  }
647
684