npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.25 → 0.0.4-preview.28 - Mend

@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/README.md +43 -36
package/dist/bin.js +5765 -4880
package/dist/browser/index.d.ts +30 -0
package/dist/browser/index.js +93 -0
package/dist/browser/locks.js +11 -0
package/dist/browser/navigation.js +14 -0
package/dist/{factors → browser}/passkey.js +23 -32
package/dist/browser/runtime.js +92 -0
package/dist/client/core/types.d.ts +452 -5
package/dist/client/core/types.js +17 -0
package/dist/client/errors.js +19 -0
package/dist/client/factors/device.js +94 -0
package/dist/{factors → client/factors}/totp.js +12 -4
package/dist/client/index.d.ts +47 -1
package/dist/client/index.js +269 -232
package/dist/client/runtime/mutex.js +24 -0
package/dist/client/runtime/proxy.js +30 -0
package/dist/client/runtime/storage.js +45 -0
package/dist/client/services/adapters.js +7 -0
package/dist/client/services/http.js +6 -0
package/dist/client/services/resolve.js +13 -0
package/dist/client/services/runtime.js +6 -0
package/dist/component/_generated/component.d.ts +1355 -1399
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/index.d.ts +4 -26
package/dist/component/index.js +1 -1
package/dist/component/model.d.ts +26 -112
package/dist/component/model.js +76 -54
package/dist/component/modules.js +38 -0
package/dist/component/public/factors/devices.js +1 -1
package/dist/component/public/factors/passkeys.js +1 -1
package/dist/component/public/factors/totp.js +1 -1
package/dist/component/public/groups/core.js +2 -2
package/dist/component/public/groups/invites.js +1 -1
package/dist/component/public/groups/members.js +1 -1
package/dist/component/public/identity/accounts.js +1 -1
package/dist/component/public/identity/codes.js +1 -1
package/dist/component/public/identity/sessions.js +39 -2
package/dist/component/public/identity/tokens.js +82 -4
package/dist/component/public/identity/users.js +1 -1
package/dist/component/public/identity/verifiers.js +10 -4
package/dist/component/public/security/keys.js +1 -1
package/dist/component/public/security/limits.js +1 -1
package/dist/component/public/{enterprise → sso}/audit.js +26 -26
package/dist/component/public/sso/core.js +263 -0
package/dist/component/public/sso/domains.js +280 -0
package/dist/component/public/{enterprise → sso}/scim.js +87 -87
package/dist/component/public/sso/secrets.js +125 -0
package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
package/dist/component/public.js +9 -9
package/dist/component/schema.d.ts +472 -393
package/dist/component/schema.js +36 -35
package/dist/core/index.d.ts +380 -0
package/dist/core/index.js +83 -0
package/dist/otel.d.ts +69 -0
package/dist/otel.js +82 -0
package/dist/providers/anonymous.d.ts +15 -34
package/dist/providers/anonymous.js +27 -35
package/dist/providers/apple.d.ts +59 -0
package/dist/providers/apple.js +58 -0
package/dist/providers/credentials.d.ts +18 -34
package/dist/providers/credentials.js +16 -27
package/dist/providers/custom.d.ts +94 -0
package/dist/providers/custom.js +119 -0
package/dist/providers/device.d.ts +15 -49
package/dist/providers/device.js +17 -34
package/dist/providers/email.d.ts +21 -38
package/dist/providers/email.js +36 -55
package/dist/providers/github.d.ts +54 -0
package/dist/providers/github.js +75 -0
package/dist/providers/google.d.ts +54 -0
package/dist/providers/google.js +61 -0
package/dist/providers/index.d.ts +16 -12
package/dist/providers/index.js +15 -11
package/dist/providers/microsoft.d.ts +57 -0
package/dist/providers/microsoft.js +101 -0
package/dist/providers/passkey.d.ts +19 -35
package/dist/providers/passkey.js +20 -30
package/dist/providers/password.d.ts +17 -18
package/dist/providers/password.js +121 -143
package/dist/providers/phone.d.ts +13 -28
package/dist/providers/phone.js +21 -46
package/dist/providers/sso.d.ts +16 -36
package/dist/providers/sso.js +21 -22
package/dist/providers/totp.d.ts +13 -29
package/dist/providers/totp.js +17 -27
package/dist/server/auth-context.d.ts +204 -0
package/dist/server/auth-context.js +76 -0
package/dist/server/auth.d.ts +99 -244
package/dist/server/auth.js +56 -152
package/dist/server/componentContext.d.ts +12 -0
package/dist/server/componentContext.js +1 -0
package/dist/server/config.js +6 -67
package/dist/server/constants.js +6 -0
package/dist/server/contract.d.ts +105 -0
package/dist/server/contract.js +43 -0
package/dist/server/cookies.js +3 -2
package/dist/server/core.js +31 -36
package/dist/server/crypto.js +34 -44
package/dist/server/db.js +6 -1
package/dist/server/device.js +96 -130
package/dist/server/env.js +48 -0
package/dist/server/errors.js +20 -0
package/dist/server/http.d.ts +15 -59
package/dist/server/http.js +136 -120
package/dist/server/identity.js +2 -2
package/dist/server/index.d.ts +5 -4
package/dist/server/index.js +3 -3
package/dist/server/keys.js +10 -1
package/dist/server/limits.js +26 -26
package/dist/server/log.js +28 -0
package/dist/server/mounts.d.ts +1107 -296
package/dist/server/mounts.js +315 -196
package/dist/server/mutations/account.js +11 -14
package/dist/server/mutations/code.js +6 -5
package/dist/server/mutations/invalidate.js +9 -11
package/dist/server/mutations/oauth.js +112 -73
package/dist/server/mutations/refresh.js +47 -97
package/dist/server/mutations/register.js +37 -35
package/dist/server/mutations/retrieve.js +16 -16
package/dist/server/mutations/signature.js +15 -18
package/dist/server/mutations/signin.js +10 -5
package/dist/server/mutations/signout.js +11 -14
package/dist/server/mutations/store.js +25 -18
package/dist/server/mutations/verifier.js +11 -8
package/dist/server/mutations/verify.js +53 -41
package/dist/server/oauth/factory.js +44 -0
package/dist/server/oauth/index.js +12 -0
package/dist/server/oauth/runtime.js +248 -0
package/dist/server/passkey.js +331 -365
package/dist/server/payloads.d.ts +16 -0
package/dist/server/payloads.js +30 -0
package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
package/dist/server/prefetch.js +635 -0
package/dist/server/random.js +19 -0
package/dist/server/redirects.js +10 -5
package/dist/server/refresh.js +14 -86
package/dist/server/runtime.d.ts +531 -31
package/dist/server/runtime.js +106 -267
package/dist/server/secret.js +44 -0
package/dist/server/services/config.js +10 -0
package/dist/server/services/group.js +211 -0
package/dist/server/services/logger.js +8 -0
package/dist/server/services/providers.js +22 -0
package/dist/server/services/refresh.js +8 -0
package/dist/server/services/resolve.js +27 -0
package/dist/server/services/signin.js +8 -0
package/dist/server/sessions.js +35 -34
package/dist/server/signin.js +229 -140
package/dist/server/{enterprise → sso}/config.js +10 -3
package/dist/server/sso/domain.d.ts +614 -0
package/dist/server/sso/domain.js +1175 -0
package/dist/server/sso/http.js +1060 -0
package/dist/server/sso/oidc.js +324 -0
package/dist/server/sso/policies.js +59 -0
package/dist/server/sso/policy.js +139 -0
package/dist/server/sso/profile.js +22 -0
package/dist/server/sso/provision.js +179 -0
package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
package/dist/server/sso/shared.js +74 -0
package/dist/server/sso/validators.js +88 -0
package/dist/server/sso/webhook.js +94 -0
package/dist/server/tokens.js +16 -4
package/dist/server/totp.js +155 -164
package/dist/server/types.d.ts +306 -296
package/dist/server/types.js +1 -30
package/dist/server/url.js +32 -0
package/dist/server/users.js +74 -40
package/dist/server/utils/cache.js +51 -0
package/dist/server/utils/dispatch.js +36 -0
package/dist/server/utils/retry.js +24 -0
package/dist/server/utils/span.js +32 -0
package/dist/shared/errors.js +19 -0
package/dist/shared/log.js +45 -0
package/{src/test.ts → dist/test.d.ts} +21 -22
package/dist/test.js +51 -0
package/package.json +70 -42
package/dist/authorization/index.d.ts.map +0 -1
package/dist/authorization/index.js.map +0 -1
package/dist/client/core/types.d.ts.map +0 -1
package/dist/client/index.d.ts.map +0 -1
package/dist/client/index.js.map +0 -1
package/dist/component/_generated/api.d.ts +0 -75
package/dist/component/_generated/api.d.ts.map +0 -1
package/dist/component/_generated/api.js.map +0 -1
package/dist/component/_generated/component.d.ts.map +0 -1
package/dist/component/_generated/dataModel.d.ts +0 -42
package/dist/component/_generated/dataModel.d.ts.map +0 -1
package/dist/component/_generated/server.d.ts +0 -117
package/dist/component/_generated/server.d.ts.map +0 -1
package/dist/component/_generated/server.js.map +0 -1
package/dist/component/_virtual/rolldown_runtime.js +0 -18
package/dist/component/client/core/types.d.ts +0 -2
package/dist/component/client/index.d.ts +0 -1
package/dist/component/convex.config.d.ts.map +0 -1
package/dist/component/convex.config.js.map +0 -1
package/dist/component/functions.d.ts +0 -25
package/dist/component/functions.d.ts.map +0 -1
package/dist/component/functions.js.map +0 -1
package/dist/component/index.d.ts.map +0 -1
package/dist/component/model.d.ts.map +0 -1
package/dist/component/model.js.map +0 -1
package/dist/component/providers/anonymous.d.ts +0 -54
package/dist/component/providers/anonymous.d.ts.map +0 -1
package/dist/component/providers/credentials.d.ts +0 -38
package/dist/component/providers/credentials.d.ts.map +0 -1
package/dist/component/providers/device.d.ts +0 -67
package/dist/component/providers/device.d.ts.map +0 -1
package/dist/component/providers/email.d.ts +0 -62
package/dist/component/providers/email.d.ts.map +0 -1
package/dist/component/providers/oauth.d.ts +0 -25
package/dist/component/providers/oauth.d.ts.map +0 -1
package/dist/component/providers/oauth.js +0 -13
package/dist/component/providers/oauth.js.map +0 -1
package/dist/component/providers/passkey.d.ts +0 -57
package/dist/component/providers/passkey.d.ts.map +0 -1
package/dist/component/providers/password.d.ts +0 -88
package/dist/component/providers/password.d.ts.map +0 -1
package/dist/component/providers/phone.d.ts +0 -48
package/dist/component/providers/phone.d.ts.map +0 -1
package/dist/component/providers/sso.d.ts +0 -50
package/dist/component/providers/sso.d.ts.map +0 -1
package/dist/component/providers/totp.d.ts +0 -45
package/dist/component/providers/totp.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.d.ts +0 -73
package/dist/component/public/enterprise/audit.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.js.map +0 -1
package/dist/component/public/enterprise/core.d.ts +0 -176
package/dist/component/public/enterprise/core.d.ts.map +0 -1
package/dist/component/public/enterprise/core.js +0 -292
package/dist/component/public/enterprise/core.js.map +0 -1
package/dist/component/public/enterprise/domains.d.ts +0 -174
package/dist/component/public/enterprise/domains.d.ts.map +0 -1
package/dist/component/public/enterprise/domains.js +0 -271
package/dist/component/public/enterprise/domains.js.map +0 -1
package/dist/component/public/enterprise/scim.d.ts +0 -245
package/dist/component/public/enterprise/scim.d.ts.map +0 -1
package/dist/component/public/enterprise/scim.js.map +0 -1
package/dist/component/public/enterprise/secrets.d.ts +0 -78
package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
package/dist/component/public/enterprise/secrets.js +0 -118
package/dist/component/public/enterprise/secrets.js.map +0 -1
package/dist/component/public/enterprise/webhooks.d.ts +0 -211
package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
package/dist/component/public/enterprise/webhooks.js.map +0 -1
package/dist/component/public/factors/devices.d.ts +0 -157
package/dist/component/public/factors/devices.d.ts.map +0 -1
package/dist/component/public/factors/devices.js.map +0 -1
package/dist/component/public/factors/passkeys.d.ts +0 -175
package/dist/component/public/factors/passkeys.d.ts.map +0 -1
package/dist/component/public/factors/passkeys.js.map +0 -1
package/dist/component/public/factors/totp.d.ts +0 -189
package/dist/component/public/factors/totp.d.ts.map +0 -1
package/dist/component/public/factors/totp.js.map +0 -1
package/dist/component/public/groups/core.d.ts +0 -137
package/dist/component/public/groups/core.d.ts.map +0 -1
package/dist/component/public/groups/core.js.map +0 -1
package/dist/component/public/groups/invites.d.ts +0 -217
package/dist/component/public/groups/invites.d.ts.map +0 -1
package/dist/component/public/groups/invites.js.map +0 -1
package/dist/component/public/groups/members.d.ts +0 -204
package/dist/component/public/groups/members.d.ts.map +0 -1
package/dist/component/public/groups/members.js.map +0 -1
package/dist/component/public/identity/accounts.d.ts +0 -147
package/dist/component/public/identity/accounts.d.ts.map +0 -1
package/dist/component/public/identity/accounts.js.map +0 -1
package/dist/component/public/identity/codes.d.ts +0 -104
package/dist/component/public/identity/codes.d.ts.map +0 -1
package/dist/component/public/identity/codes.js.map +0 -1
package/dist/component/public/identity/sessions.d.ts +0 -128
package/dist/component/public/identity/sessions.d.ts.map +0 -1
package/dist/component/public/identity/sessions.js.map +0 -1
package/dist/component/public/identity/tokens.d.ts +0 -169
package/dist/component/public/identity/tokens.d.ts.map +0 -1
package/dist/component/public/identity/tokens.js.map +0 -1
package/dist/component/public/identity/users.d.ts +0 -212
package/dist/component/public/identity/users.d.ts.map +0 -1
package/dist/component/public/identity/users.js.map +0 -1
package/dist/component/public/identity/verifiers.d.ts +0 -116
package/dist/component/public/identity/verifiers.d.ts.map +0 -1
package/dist/component/public/identity/verifiers.js.map +0 -1
package/dist/component/public/security/keys.d.ts +0 -209
package/dist/component/public/security/keys.d.ts.map +0 -1
package/dist/component/public/security/keys.js.map +0 -1
package/dist/component/public/security/limits.d.ts +0 -114
package/dist/component/public/security/limits.d.ts.map +0 -1
package/dist/component/public/security/limits.js.map +0 -1
package/dist/component/public.d.ts +0 -28
package/dist/component/public.d.ts.map +0 -1
package/dist/component/schema.d.ts.map +0 -1
package/dist/component/schema.js.map +0 -1
package/dist/component/server/auth.d.ts +0 -447
package/dist/component/server/auth.d.ts.map +0 -1
package/dist/component/server/auth.js +0 -254
package/dist/component/server/auth.js.map +0 -1
package/dist/component/server/config.js +0 -121
package/dist/component/server/config.js.map +0 -1
package/dist/component/server/context.js +0 -53
package/dist/component/server/context.js.map +0 -1
package/dist/component/server/cookies.js +0 -47
package/dist/component/server/cookies.js.map +0 -1
package/dist/component/server/core.js +0 -576
package/dist/component/server/core.js.map +0 -1
package/dist/component/server/crypto.js +0 -56
package/dist/component/server/crypto.js.map +0 -1
package/dist/component/server/db.js +0 -87
package/dist/component/server/db.js.map +0 -1
package/dist/component/server/device.js +0 -152
package/dist/component/server/device.js.map +0 -1
package/dist/component/server/enterprise/config.js +0 -46
package/dist/component/server/enterprise/config.js.map +0 -1
package/dist/component/server/enterprise/domain.js +0 -974
package/dist/component/server/enterprise/domain.js.map +0 -1
package/dist/component/server/enterprise/http.js +0 -787
package/dist/component/server/enterprise/http.js.map +0 -1
package/dist/component/server/enterprise/oidc.js +0 -248
package/dist/component/server/enterprise/oidc.js.map +0 -1
package/dist/component/server/enterprise/policy.js +0 -85
package/dist/component/server/enterprise/policy.js.map +0 -1
package/dist/component/server/enterprise/saml.js.map +0 -1
package/dist/component/server/enterprise/scim.js.map +0 -1
package/dist/component/server/enterprise/shared.js +0 -51
package/dist/component/server/enterprise/shared.js.map +0 -1
package/dist/component/server/http.d.ts +0 -85
package/dist/component/server/http.d.ts.map +0 -1
package/dist/component/server/http.js +0 -351
package/dist/component/server/http.js.map +0 -1
package/dist/component/server/identity.js +0 -16
package/dist/component/server/identity.js.map +0 -1
package/dist/component/server/keys.js +0 -96
package/dist/component/server/keys.js.map +0 -1
package/dist/component/server/limits.js +0 -52
package/dist/component/server/limits.js.map +0 -1
package/dist/component/server/mutations/account.js +0 -46
package/dist/component/server/mutations/account.js.map +0 -1
package/dist/component/server/mutations/code.js +0 -68
package/dist/component/server/mutations/code.js.map +0 -1
package/dist/component/server/mutations/invalidate.js +0 -32
package/dist/component/server/mutations/invalidate.js.map +0 -1
package/dist/component/server/mutations/oauth.js +0 -116
package/dist/component/server/mutations/oauth.js.map +0 -1
package/dist/component/server/mutations/refresh.js +0 -119
package/dist/component/server/mutations/refresh.js.map +0 -1
package/dist/component/server/mutations/register.js +0 -87
package/dist/component/server/mutations/register.js.map +0 -1
package/dist/component/server/mutations/retrieve.js +0 -61
package/dist/component/server/mutations/retrieve.js.map +0 -1
package/dist/component/server/mutations/signature.js +0 -38
package/dist/component/server/mutations/signature.js.map +0 -1
package/dist/component/server/mutations/signin.js +0 -27
package/dist/component/server/mutations/signin.js.map +0 -1
package/dist/component/server/mutations/signout.js +0 -27
package/dist/component/server/mutations/signout.js.map +0 -1
package/dist/component/server/mutations/store/refs.js +0 -15
package/dist/component/server/mutations/store/refs.js.map +0 -1
package/dist/component/server/mutations/store.js +0 -70
package/dist/component/server/mutations/store.js.map +0 -1
package/dist/component/server/mutations/verifier.js +0 -18
package/dist/component/server/mutations/verifier.js.map +0 -1
package/dist/component/server/mutations/verify.js +0 -98
package/dist/component/server/mutations/verify.js.map +0 -1
package/dist/component/server/oauth.js +0 -242
package/dist/component/server/oauth.js.map +0 -1
package/dist/component/server/passkey.js +0 -415
package/dist/component/server/passkey.js.map +0 -1
package/dist/component/server/redirects.js +0 -40
package/dist/component/server/redirects.js.map +0 -1
package/dist/component/server/refresh.js +0 -99
package/dist/component/server/refresh.js.map +0 -1
package/dist/component/server/runtime.d.ts +0 -136
package/dist/component/server/runtime.d.ts.map +0 -1
package/dist/component/server/runtime.js +0 -456
package/dist/component/server/runtime.js.map +0 -1
package/dist/component/server/sessions.js +0 -71
package/dist/component/server/sessions.js.map +0 -1
package/dist/component/server/signin.js +0 -225
package/dist/component/server/signin.js.map +0 -1
package/dist/component/server/tokens.js +0 -17
package/dist/component/server/tokens.js.map +0 -1
package/dist/component/server/totp.js +0 -208
package/dist/component/server/totp.js.map +0 -1
package/dist/component/server/types.d.ts +0 -949
package/dist/component/server/types.d.ts.map +0 -1
package/dist/component/server/types.js +0 -79
package/dist/component/server/types.js.map +0 -1
package/dist/component/server/users.js +0 -123
package/dist/component/server/users.js.map +0 -1
package/dist/component/server/utils.js +0 -140
package/dist/component/server/utils.js.map +0 -1
package/dist/core/types.d.ts +0 -361
package/dist/core/types.d.ts.map +0 -1
package/dist/factors/device.js +0 -104
package/dist/factors/device.js.map +0 -1
package/dist/factors/passkey.js.map +0 -1
package/dist/factors/totp.js.map +0 -1
package/dist/providers/anonymous.d.ts.map +0 -1
package/dist/providers/anonymous.js.map +0 -1
package/dist/providers/credentials.d.ts.map +0 -1
package/dist/providers/credentials.js.map +0 -1
package/dist/providers/device.d.ts.map +0 -1
package/dist/providers/device.js.map +0 -1
package/dist/providers/email.d.ts.map +0 -1
package/dist/providers/email.js.map +0 -1
package/dist/providers/oauth.d.ts +0 -69
package/dist/providers/oauth.d.ts.map +0 -1
package/dist/providers/oauth.js +0 -43
package/dist/providers/oauth.js.map +0 -1
package/dist/providers/passkey.d.ts.map +0 -1
package/dist/providers/passkey.js.map +0 -1
package/dist/providers/password.d.ts.map +0 -1
package/dist/providers/password.js.map +0 -1
package/dist/providers/phone.d.ts.map +0 -1
package/dist/providers/phone.js.map +0 -1
package/dist/providers/sso.d.ts.map +0 -1
package/dist/providers/sso.js.map +0 -1
package/dist/providers/totp.d.ts.map +0 -1
package/dist/providers/totp.js.map +0 -1
package/dist/runtime/browser.js +0 -68
package/dist/runtime/browser.js.map +0 -1
package/dist/runtime/invite.js.map +0 -1
package/dist/runtime/proxy.js +0 -70
package/dist/runtime/proxy.js.map +0 -1
package/dist/runtime/storage.js +0 -37
package/dist/runtime/storage.js.map +0 -1
package/dist/server/auth.d.ts.map +0 -1
package/dist/server/auth.js.map +0 -1
package/dist/server/config.d.ts +0 -1
package/dist/server/config.js.map +0 -1
package/dist/server/context.d.ts +0 -1
package/dist/server/context.js.map +0 -1
package/dist/server/cookies.d.ts +0 -1
package/dist/server/cookies.js.map +0 -1
package/dist/server/core.d.ts +0 -1315
package/dist/server/core.d.ts.map +0 -1
package/dist/server/core.js.map +0 -1
package/dist/server/crypto.d.ts +0 -8
package/dist/server/crypto.d.ts.map +0 -1
package/dist/server/crypto.js.map +0 -1
package/dist/server/db.d.ts +0 -1
package/dist/server/db.js.map +0 -1
package/dist/server/device.d.ts +0 -1
package/dist/server/device.js.map +0 -1
package/dist/server/enterprise/config.d.ts +0 -1
package/dist/server/enterprise/config.js.map +0 -1
package/dist/server/enterprise/domain.d.ts +0 -401
package/dist/server/enterprise/domain.d.ts.map +0 -1
package/dist/server/enterprise/domain.js +0 -974
package/dist/server/enterprise/domain.js.map +0 -1
package/dist/server/enterprise/http.d.ts +0 -26
package/dist/server/enterprise/http.d.ts.map +0 -1
package/dist/server/enterprise/http.js +0 -787
package/dist/server/enterprise/http.js.map +0 -1
package/dist/server/enterprise/oidc.d.ts +0 -1
package/dist/server/enterprise/oidc.js +0 -248
package/dist/server/enterprise/oidc.js.map +0 -1
package/dist/server/enterprise/policy.d.ts +0 -1
package/dist/server/enterprise/policy.js +0 -85
package/dist/server/enterprise/policy.js.map +0 -1
package/dist/server/enterprise/saml.d.ts +0 -1
package/dist/server/enterprise/saml.js +0 -338
package/dist/server/enterprise/saml.js.map +0 -1
package/dist/server/enterprise/scim.d.ts +0 -1
package/dist/server/enterprise/scim.js +0 -97
package/dist/server/enterprise/scim.js.map +0 -1
package/dist/server/enterprise/shared.d.ts +0 -5
package/dist/server/enterprise/shared.d.ts.map +0 -1
package/dist/server/enterprise/shared.js +0 -51
package/dist/server/enterprise/shared.js.map +0 -1
package/dist/server/enterprise/validators.d.ts +0 -1
package/dist/server/enterprise/validators.js +0 -60
package/dist/server/enterprise/validators.js.map +0 -1
package/dist/server/http.d.ts.map +0 -1
package/dist/server/http.js.map +0 -1
package/dist/server/identity.d.ts +0 -1
package/dist/server/identity.js.map +0 -1
package/dist/server/keys.d.ts +0 -1
package/dist/server/keys.js.map +0 -1
package/dist/server/limits.d.ts +0 -1
package/dist/server/limits.js.map +0 -1
package/dist/server/mounts.d.ts.map +0 -1
package/dist/server/mounts.js.map +0 -1
package/dist/server/mutations/account.d.ts +0 -29
package/dist/server/mutations/account.d.ts.map +0 -1
package/dist/server/mutations/account.js.map +0 -1
package/dist/server/mutations/code.d.ts +0 -30
package/dist/server/mutations/code.d.ts.map +0 -1
package/dist/server/mutations/code.js.map +0 -1
package/dist/server/mutations/index.d.ts +0 -14
package/dist/server/mutations/invalidate.d.ts +0 -20
package/dist/server/mutations/invalidate.d.ts.map +0 -1
package/dist/server/mutations/invalidate.js.map +0 -1
package/dist/server/mutations/oauth.d.ts +0 -30
package/dist/server/mutations/oauth.d.ts.map +0 -1
package/dist/server/mutations/oauth.js.map +0 -1
package/dist/server/mutations/refresh.d.ts +0 -21
package/dist/server/mutations/refresh.d.ts.map +0 -1
package/dist/server/mutations/refresh.js.map +0 -1
package/dist/server/mutations/register.d.ts +0 -38
package/dist/server/mutations/register.d.ts.map +0 -1
package/dist/server/mutations/register.js.map +0 -1
package/dist/server/mutations/retrieve.d.ts +0 -33
package/dist/server/mutations/retrieve.d.ts.map +0 -1
package/dist/server/mutations/retrieve.js.map +0 -1
package/dist/server/mutations/signature.d.ts +0 -21
package/dist/server/mutations/signature.d.ts.map +0 -1
package/dist/server/mutations/signature.js.map +0 -1
package/dist/server/mutations/signin.d.ts +0 -22
package/dist/server/mutations/signin.d.ts.map +0 -1
package/dist/server/mutations/signin.js.map +0 -1
package/dist/server/mutations/signout.d.ts +0 -16
package/dist/server/mutations/signout.d.ts.map +0 -1
package/dist/server/mutations/signout.js.map +0 -1
package/dist/server/mutations/store/refs.d.ts +0 -12
package/dist/server/mutations/store/refs.d.ts.map +0 -1
package/dist/server/mutations/store/refs.js.map +0 -1
package/dist/server/mutations/store.d.ts +0 -306
package/dist/server/mutations/store.d.ts.map +0 -1
package/dist/server/mutations/store.js.map +0 -1
package/dist/server/mutations/verifier.d.ts +0 -13
package/dist/server/mutations/verifier.d.ts.map +0 -1
package/dist/server/mutations/verifier.js.map +0 -1
package/dist/server/mutations/verify.d.ts +0 -26
package/dist/server/mutations/verify.d.ts.map +0 -1
package/dist/server/mutations/verify.js.map +0 -1
package/dist/server/oauth.d.ts +0 -1
package/dist/server/oauth.js +0 -242
package/dist/server/oauth.js.map +0 -1
package/dist/server/passkey.d.ts +0 -27
package/dist/server/passkey.d.ts.map +0 -1
package/dist/server/passkey.js.map +0 -1
package/dist/server/redirects.d.ts +0 -1
package/dist/server/redirects.js.map +0 -1
package/dist/server/refresh.d.ts +0 -1
package/dist/server/refresh.js.map +0 -1
package/dist/server/runtime.d.ts.map +0 -1
package/dist/server/runtime.js.map +0 -1
package/dist/server/sessions.d.ts +0 -1
package/dist/server/sessions.js.map +0 -1
package/dist/server/signin.d.ts +0 -1
package/dist/server/signin.js.map +0 -1
package/dist/server/ssr.d.ts.map +0 -1
package/dist/server/ssr.js +0 -777
package/dist/server/ssr.js.map +0 -1
package/dist/server/templates.d.ts +0 -1
package/dist/server/templates.js.map +0 -1
package/dist/server/tokens.d.ts +0 -1
package/dist/server/tokens.js.map +0 -1
package/dist/server/totp.d.ts +0 -1
package/dist/server/totp.js.map +0 -1
package/dist/server/types.d.ts.map +0 -1
package/dist/server/types.js.map +0 -1
package/dist/server/users.d.ts +0 -1
package/dist/server/users.js.map +0 -1
package/dist/server/utils.d.ts +0 -1
package/dist/server/utils.js +0 -140
package/dist/server/utils.js.map +0 -1
package/src/authorization/index.ts +0 -83
package/src/cli/bin.ts +0 -5
package/src/cli/command.ts +0 -70
package/src/cli/index.ts +0 -1112
package/src/cli/keys.ts +0 -23
package/src/client/core/types.ts +0 -437
package/src/client/factors/device.ts +0 -158
package/src/client/factors/passkey.ts +0 -279
package/src/client/factors/totp.ts +0 -150
package/src/client/index.ts +0 -1124
package/src/client/runtime/browser.ts +0 -112
package/src/client/runtime/invite.ts +0 -63
package/src/client/runtime/proxy.ts +0 -111
package/src/client/runtime/storage.ts +0 -79
package/src/component/_generated/api.ts +0 -96
package/src/component/_generated/component.ts +0 -3774
package/src/component/_generated/dataModel.ts +0 -60
package/src/component/_generated/server.ts +0 -156
package/src/component/convex.config.ts +0 -5
package/src/component/functions.ts +0 -104
package/src/component/index.ts +0 -42
package/src/component/model.ts +0 -449
package/src/component/public/enterprise/audit.ts +0 -125
package/src/component/public/enterprise/core.ts +0 -355
package/src/component/public/enterprise/domains.ts +0 -327
package/src/component/public/enterprise/scim.ts +0 -397
package/src/component/public/enterprise/secrets.ts +0 -133
package/src/component/public/enterprise/webhooks.ts +0 -307
package/src/component/public/factors/devices.ts +0 -224
package/src/component/public/factors/passkeys.ts +0 -243
package/src/component/public/factors/totp.ts +0 -259
package/src/component/public/groups/core.ts +0 -481
package/src/component/public/groups/invites.ts +0 -608
package/src/component/public/groups/members.ts +0 -410
package/src/component/public/identity/accounts.ts +0 -207
package/src/component/public/identity/codes.ts +0 -149
package/src/component/public/identity/sessions.ts +0 -210
package/src/component/public/identity/tokens.ts +0 -251
package/src/component/public/identity/users.ts +0 -355
package/src/component/public/identity/verifiers.ts +0 -158
package/src/component/public/security/keys.ts +0 -366
package/src/component/public/security/limits.ts +0 -174
package/src/component/public.ts +0 -27
package/src/component/schema.ts +0 -505
package/src/providers/anonymous.ts +0 -99
package/src/providers/credentials.ts +0 -102
package/src/providers/device.ts +0 -87
package/src/providers/email.ts +0 -99
package/src/providers/index.ts +0 -31
package/src/providers/oauth.ts +0 -117
package/src/providers/passkey.ts +0 -77
package/src/providers/password.ts +0 -441
package/src/providers/phone.ts +0 -93
package/src/providers/sso.ts +0 -54
package/src/providers/totp.ts +0 -62
package/src/samlify.d.ts +0 -53
package/src/server/auth.ts +0 -949
package/src/server/config.ts +0 -200
package/src/server/context.ts +0 -90
package/src/server/cookies.ts +0 -49
package/src/server/core.ts +0 -2004
package/src/server/crypto.ts +0 -90
package/src/server/db.ts +0 -203
package/src/server/device.ts +0 -254
package/src/server/enterprise/config.ts +0 -51
package/src/server/enterprise/domain.ts +0 -1739
package/src/server/enterprise/http.ts +0 -1331
package/src/server/enterprise/oidc.ts +0 -500
package/src/server/enterprise/policy.ts +0 -128
package/src/server/enterprise/saml.ts +0 -578
package/src/server/enterprise/scim.ts +0 -135
package/src/server/enterprise/shared.ts +0 -134
package/src/server/enterprise/validators.ts +0 -93
package/src/server/http.ts +0 -790
package/src/server/identity.ts +0 -18
package/src/server/index.ts +0 -40
package/src/server/keys.ts +0 -158
package/src/server/limits.ts +0 -107
package/src/server/mounts.ts +0 -924
package/src/server/mutations/account.ts +0 -62
package/src/server/mutations/code.ts +0 -119
package/src/server/mutations/index.ts +0 -13
package/src/server/mutations/invalidate.ts +0 -50
package/src/server/mutations/oauth.ts +0 -243
package/src/server/mutations/refresh.ts +0 -299
package/src/server/mutations/register.ts +0 -155
package/src/server/mutations/retrieve.ts +0 -109
package/src/server/mutations/signature.ts +0 -57
package/src/server/mutations/signin.ts +0 -54
package/src/server/mutations/signout.ts +0 -43
package/src/server/mutations/store/refs.ts +0 -10
package/src/server/mutations/store.ts +0 -123
package/src/server/mutations/verifier.ts +0 -34
package/src/server/mutations/verify.ts +0 -200
package/src/server/oauth.ts +0 -418
package/src/server/passkey.ts +0 -838
package/src/server/redirects.ts +0 -59
package/src/server/refresh.ts +0 -218
package/src/server/runtime.ts +0 -918
package/src/server/sessions.ts +0 -132
package/src/server/signin.ts +0 -445
package/src/server/ssr.ts +0 -1747
package/src/server/templates.ts +0 -82
package/src/server/tokens.ts +0 -35
package/src/server/totp.ts +0 -399
package/src/server/types.ts +0 -1942
package/src/server/users.ts +0 -291
package/src/server/utils.ts +0 -220
/package/dist/{runtime → client/runtime}/invite.js +0 -0

package/dist/component/server/types.d.ts DELETED Viewed

@@ -1,949 +0,0 @@
-import _default from "../schema.js";
-import { OAuthProviderInstance } from "../providers/oauth.js";
-import { CredentialsConfig } from "../providers/credentials.js";
-import { Password } from "../providers/password.js";
-import { Passkey } from "../providers/passkey.js";
-import { Totp } from "../providers/totp.js";
-import { Anonymous } from "../providers/anonymous.js";
-import { Device } from "../providers/device.js";
-import { SSO } from "../providers/sso.js";
-import { Email } from "../providers/email.js";
-import { Phone } from "../providers/phone.js";
-import "../model.js";
-import { AnyDataModel, DataModelFromSchemaDefinition, DocumentByName, GenericActionCtx, GenericDataModel, GenericMutationCtx, GenericQueryCtx, TableNamesInDataModel } from "convex/server";
-import { GenericId, Infer, Value } from "convex/values";
-import * as arctic0 from "arctic";
-//#region src/server/types.d.ts
-/**
- * A value that is either `T` or a `PromiseLike<T>`.
- *
- * @typeParam T - The underlying value type.
- */
-type Awaitable<T> = T | PromiseLike<T>;
-/**
- * A single role definition within the authorization config.
- *
- * Each role has an optional human-readable label and a list of grant strings
- * that members with this role receive.
- *
- * @see {@link AuthAuthorizationConfig}
- */
-type AuthRoleDefinition = {
-  /** Optional stable identifier (defaults to the record key). */id?: string; /** Human-readable label for admin UIs. */
-  label?: string; /** Permission grant strings conferred by this role. */
-  grants: string[];
-};
-/**
- * Authorization configuration mapping role IDs to {@link AuthRoleDefinition}s.
- *
- * Passed as `authorization.roles` in {@link ConvexAuthConfig}.
- *
- * @see {@link AuthRoleDefinition}
- * @see {@link ConvexAuthConfig}
- */
-type AuthAuthorizationConfig = {
-  roles: Record<string, AuthRoleDefinition>;
-};
-/**
- * Extracts the union of role ID strings from an authorization config.
- *
- * When `TAuthorization` is defined, this resolves to the literal key union
- * of the `roles` record. Otherwise falls back to `string`.
- *
- * @typeParam TAuthorization - The authorization config type, or `undefined`.
- *
- * @see {@link AuthGrant}
- */
-type AuthRoleId<TAuthorization extends AuthAuthorizationConfig | undefined> = TAuthorization extends {
-  roles: infer TRoles extends Record<string, any>;
-} ? keyof TRoles & string : string;
-/**
- * Extracts the union of grant strings from all roles in an authorization config.
- *
- * When `TAuthorization` is defined, this resolves to the literal union
- * of all `grants` array elements across every role. Otherwise falls back to `string`.
- *
- * @typeParam TAuthorization - The authorization config type, or `undefined`.
- *
- * @see {@link AuthRoleId}
- */
-type AuthGrant<TAuthorization extends AuthAuthorizationConfig | undefined> = TAuthorization extends {
-  roles: infer TRoles extends Record<string, {
-    grants: readonly any[];
-  }>;
-} ? TRoles[keyof TRoles]["grants"][number] & string : string;
-/**
- * The config for the Convex Auth library, passed to `createAuth`.
- */
-type ConvexAuthConfig = {
-  /**
-   * A list of authentication provider configs.
-   *
-   * You can import existing configs from
-   * `@robelest/convex-auth/providers/<provider-name>`
-   */
-  providers: AuthProviderConfig[];
-  /**
-   * Auth component reference from `components.auth`.
-   *
-   * Core auth storage operations are executed through
-   * the component API boundary.
-   */
-  component: AuthComponentApi;
-  /**
-   * Session configuration.
-   */
-  session?: {
-    /**
-     * How long can a user session last without the user reauthenticating.
-     *
-     * Defaults to 30 days.
-     *
-     * @defaultValue 2_592_000_000
-     */
-    totalDurationMs?: number;
-    /**
-     * How long can a user session last without the user being active.
-     *
-     * Defaults to 30 days.
-     *
-     * @defaultValue 2_592_000_000
-     */
-    inactiveDurationMs?: number;
-  };
-  /**
-   * JWT configuration.
-   */
-  jwt?: {
-    /**
-     * How long is the JWT valid for after it is signed initially.
-     *
-     * Defaults to 1 hour.
-     *
-     * @defaultValue 3_600_000
-     */
-    durationMs?: number;
-  };
-  /**
-   * Sign-in configuration.
-   */
-  signIn?: {
-    /**
-     * How many times can the user fail to provide the correct credentials
-     * (password, OTP) per hour.
-     *
-     * Defaults to 10 times per hour (that is 10 failed attempts, and then
-     * allow another one every 6 minutes).
-     *
-     * @defaultValue 10
-     */
-    maxFailedAttemptsPerHour?: number;
-  };
-  /**
-   * Lifecycle callbacks for customizing sign-in behavior.
-   *
-   * Use `redirect` to control post-OAuth redirect URLs, and
-   * `createOrUpdateUser` or `afterUserCreatedOrUpdated` to
-   * customize account linking and user document creation.
-   */
-  callbacks?: {
-    /**
-     * Control which URLs are allowed as a destination after OAuth sign-in
-     * and for magic links:
-     *
-     * ```ts
-     * import { createAuth } from "@robelest/convex-auth/component";
-     * import { components } from "./_generated/api";
-     *
-     * const auth = createAuth(components.auth, {
-     *   providers: [google],
-     *   callbacks: {
-     *     async redirect({ redirectTo }) {
-     *       // Check that redirectTo is valid
-     *       // and return the relative or absolute URL
-     *       // to redirect to.
-     *     },
-     *   },
-     * });
-     * ```
-     *
-     * Convex Auth performs redirect only during OAuth sign-in. By default,
-     * it redirects back to the URL specified via the `SITE_URL` environment
-     * variable. Similarly magic links link to `SITE_URL`. Additional frontend
-     * origins can be listed in `SECONDARY_URL` for flows like passkeys.
-     *
-     * You can customize that behavior by providing a `redirectTo` param
-     * to the `signIn` function:
-     *
-     * ```ts
-     * signIn("google", { redirectTo: "/dashboard" })
-     * ```
-     *
-     * You can even redirect to a different site.
-     *
-     * This callback, if specified, is then called with the provided
-     * `redirectTo` param. Otherwise, only query params, relative paths
-     * and URLs starting with `SITE_URL` are allowed.
-     */
-    redirect?: (params: {
-      /**
-       * The param value passed to the `signIn` function.
-       */
-      redirectTo: string;
-    }) => Promise<string>;
-    /**
-     * Completely control account linking via this callback.
-     *
-     * This callback is called during the sign-in process,
-     * before account creation and token generation.
-     * If specified, this callback is responsible for creating
-     * or updating the user document.
-     *
-     * For "credentials" providers, the callback is only called
-     * when `createAccount` is called.
-     */
-    createOrUpdateUser?: (ctx: GenericMutationCtx<AnyDataModel>, args: {
-      /**
-       * If this is a sign-in to an existing account,
-       * this is the existing user ID linked to that account.
-       */
-      existingUserId: GenericId<"User"> | null;
-      /**
-       * The provider type or "verification" if this callback is called
-       * after an email or phone token verification.
-       */
-      type: "oauth" | "credentials" | "email" | "phone" | "verification";
-      /**
-       * The provider used for the sign-in, or the provider
-       * tied to the account which is having the email or phone verified.
-       */
-      provider: AuthProviderMaterializedConfig;
-      /**
-       * - The profile returned by the OAuth provider's `profile` method.
-       * - The profile passed to `createAccount` from a ConvexCredentials
-       * config.
-       * - The email address to which an email will be sent.
-       * - The phone number to which a text will be sent.
-       */
-      profile: Record<string, unknown> & {
-        email?: string;
-        phone?: string;
-        emailVerified?: boolean;
-        phoneVerified?: boolean;
-      };
-      /**
-       * The `shouldLink` argument passed to `createAccount`.
-       */
-      shouldLink?: boolean;
-    }) => Promise<GenericId<"User">>;
-    /**
-     * Perform additional writes after a user is created.
-     *
-     * This callback is called during the sign-in process,
-     * after the user is created or updated,
-     * before account creation and token generation.
-     *
-     * **This callback is only called if `createOrUpdateUser`
-     * is not specified.** If `createOrUpdateUser` is specified,
-     * you can perform any additional writes in that callback.
-     *
-     * For "credentials" providers, the callback is only called
-     * when `createAccount` is called.
-     */
-    afterUserCreatedOrUpdated?: (ctx: GenericMutationCtx<AnyDataModel>, args: {
-      /**
-       * The ID of the user that is being signed in.
-       */
-      userId: GenericId<"User">;
-      /**
-       * If this is a sign-in to an existing account,
-       * this is the existing user ID linked to that account.
-       */
-      existingUserId: GenericId<"User"> | null;
-      /**
-       * The provider type or "verification" if this callback is called
-       * after an email or phone token verification.
-       */
-      type: "oauth" | "credentials" | "email" | "phone" | "verification";
-      /**
-       * The provider used for the sign-in, or the provider
-       * tied to the account which is having the email or phone verified.
-       */
-      provider: AuthProviderMaterializedConfig;
-      /**
-       * - The profile returned by the OAuth provider's `profile` method.
-       * - The profile passed to `createAccount` from a ConvexCredentials
-       * config.
-       * - The email address to which an email will be sent.
-       * - The phone number to which a text will be sent.
-       */
-      profile: Record<string, unknown> & {
-        email?: string;
-        phone?: string;
-        emailVerified?: boolean;
-        phoneVerified?: boolean;
-      };
-      /**
-       * The `shouldLink` argument passed to `createAccount`.
-       */
-      shouldLink?: boolean;
-    }) => Promise<void>;
-  };
-  /**
-   * Application-defined role and grant model used by membership access checks.
-   */
-  authorization?: {
-    roles: Record<string, {
-      label?: string;
-      grants: string[];
-    }>;
-  };
-};
-/**
- * Union of all supported auth provider config types.
- *
- * Includes Arctic-based OAuth providers (via the `OAuth()` factory),
- * plus library-native providers: credentials, email, phone, passkey
- * (WebAuthn), and TOTP (2FA). Each can be passed as a config object
- * or a factory function.
- */
-type AuthProviderConfig = OAuthProviderInstance | Password | Passkey | Totp | Anonymous | Device | SSO | Email | Phone | OAuthMaterializedConfig | ConvexCredentialsConfig | ((...args: any) => ConvexCredentialsConfig) | EmailConfig | ((...args: any) => EmailConfig) | PhoneConfig | ((...args: any) => PhoneConfig) | PasskeyProviderConfig | ((...args: any) => PasskeyProviderConfig) | TotpProviderConfig | ((...args: any) => TotpProviderConfig) | DeviceProviderConfig | ((...args: any) => DeviceProviderConfig) | SSOProviderConfig;
-/**
- * Minimal config stored for the SSO provider at runtime.
- * No options — enterprise configuration is entirely per-tenant runtime state.
- */
-interface SSOProviderConfig {
-  id: string;
-  type: "sso";
-}
-/**
- * Account linking strategy for enterprise SSO sign-in.
- *
- * - `"verifiedEmail"` — link accounts when the IdP-provided email matches a verified email on an existing user.
- * - `"none"` — never auto-link; always create a new account.
- */
-type EnterpriseAccountLinkingPolicy = "verifiedEmail" | "none";
-/**
- * Policy for reusing existing users during SCIM provisioning.
- *
- * - `"externalId"` — match by the SCIM `externalId` to reuse a previously provisioned user.
- * - `"none"` — always create a new user for each SCIM provision request.
- */
-type EnterpriseScimReuseUserPolicy = "externalId" | "none";
-/**
- * Just-in-time provisioning mode for enterprise SSO.
- *
- * - `"off"` — no JIT provisioning; users must be pre-provisioned.
- * - `"createUser"` — create a user record on first SSO sign-in.
- * - `"createUserAndMembership"` — create a user and add them to the enterprise group on first SSO sign-in.
- */
-type EnterpriseJitProvisioningMode = "off" | "createUser" | "createUserAndMembership";
-/**
- * Deprovisioning strategy when a SCIM user is deleted.
- *
- * - `"soft"` — mark the user as inactive but preserve the record.
- * - `"hard"` — permanently delete the user and associated data.
- */
-type EnterpriseDeprovisionMode = "soft" | "hard";
-/**
- * Effective enterprise policy document stored for an SSO/SCIM tenant.
- *
- * Controls account linking, JIT provisioning, SCIM reuse behavior,
- * deprovisioning, and any app-defined extension metadata.
- *
- * @see {@link EnterprisePolicyPatch}
- */
-interface EnterprisePolicy {
-  version: 1;
-  identity: {
-    accountLinking: {
-      oidc: EnterpriseAccountLinkingPolicy;
-      saml: EnterpriseAccountLinkingPolicy;
-    };
-  };
-  provisioning: {
-    scimReuse: {
-      user: EnterpriseScimReuseUserPolicy;
-    };
-    jit: {
-      mode: EnterpriseJitProvisioningMode;
-      defaultRoleIds: string[];
-    };
-    deprovision: {
-      mode: EnterpriseDeprovisionMode;
-    };
-  };
-  extend?: Record<string, unknown>;
-}
-/**
- * Partial update payload for {@link EnterprisePolicy}.
- *
- * Use this when patching only selected enterprise policy sections without
- * replacing the entire stored policy document.
- */
-interface EnterprisePolicyPatch {
-  identity?: {
-    accountLinking?: {
-      oidc?: EnterpriseAccountLinkingPolicy;
-      saml?: EnterpriseAccountLinkingPolicy;
-    };
-  };
-  provisioning?: {
-    scimReuse?: {
-      user?: EnterpriseScimReuseUserPolicy;
-    };
-    jit?: {
-      mode?: EnterpriseJitProvisioningMode;
-      defaultRoleIds?: string[];
-    };
-    deprovision?: {
-      mode?: EnterpriseDeprovisionMode;
-    };
-  };
-  extend?: Record<string, unknown>;
-}
-/**
- * Email provider config for magic link / OTP sign-in.
- *
- * @typeParam DataModel - The Convex data model for typed action contexts.
- */
-interface EmailConfig<DataModel extends GenericDataModel = GenericDataModel> {
-  /** Provider identifier (e.g. `"email"`, `"resend"`). */
-  id: string;
-  /** Discriminant for provider type routing. */
-  type: "email";
-  /** Display name for this provider. */
-  name?: string;
-  /** Sender address (e.g. `"My App <noreply@example.com>"`). */
-  from?: string;
-  /**
-   * Token expiration in seconds. Defaults to 86 400 (24 hours).
-   *
-   * @defaultValue 86400
-   */
-  maxAge?: number;
-  /**
-   * Send the verification token to the user.
-   *
-   * Accepts an optional Convex action context as the second argument,
-   * enabling use with Convex components like `@convex-dev/resend`.
-   */
-  sendVerificationRequest: (params: {
-    identifier: string;
-    url: string;
-    expires: Date;
-    provider: EmailConfig;
-    token: string;
-    request: Request;
-  }, ctx?: GenericActionCtx<AnyDataModel>) => Awaitable<void>;
-  /**
-   * Override to generate a custom verification token.
-   * Tokens shorter than 24 characters are treated as OTPs and
-   * require the original email to be re-submitted for verification.
-   */
-  generateVerificationToken?: () => Awaitable<string>;
-  /**
-   * Normalize the email address before storage / lookup.
-   * Defaults to lowercasing and trimming whitespace.
-   */
-  normalizeIdentifier?: (identifier: string) => string;
-  /**
-   * Before the token is verified, check other
-   * provided parameters.
-   *
-   * Used to make sure that OTPs are accompanied
-   * with the correct email address.
-   */
-  authorize?: (
-  /**
-   * The values passed to the `signIn` function.
-   */
-  params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "Account">) => Promise<void>;
-  /** Raw user options before merging with defaults. */
-  options: EmailUserConfig<DataModel>;
-}
-/**
- * User-facing configuration shape accepted by the email provider.
- *
- * Equivalent to `Partial<EmailConfig>` without internal runtime-only fields.
- *
- * @typeParam DataModel - The Convex data model.
- */
-type EmailUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<EmailConfig<DataModel>>, "options" | "type">;
-/**
- * Same as email provider config, but verifies
- * phone number instead of the email address.
- *
- * @typeParam DataModel - The Convex data model for typed action contexts.
- */
-interface PhoneConfig<DataModel extends GenericDataModel = GenericDataModel> {
-  id: string;
-  type: "phone";
-  /**
-   * Token expiration in seconds.
-   */
-  maxAge: number;
-  /**
-   * Send the phone number verification request.
-   */
-  sendVerificationRequest: (params: {
-    identifier: string;
-    url: string;
-    expires: Date;
-    provider: PhoneConfig;
-    token: string;
-  }, ctx: GenericActionCtxWithAuthConfig<DataModel>) => Promise<void>;
-  /**
-   * Defaults to `process.env.AUTH_<PROVIDER_ID>_KEY`.
-   */
-  apiKey?: string;
-  /**
-   * Override this to generate a custom token.
-   * Note that the tokens are assumed to be cryptographically secure.
-   * Any tokens shorter than 24 characters are assumed to not
-   * be secure enough on their own, and require providing
-   * the original `phone` used in the initial `signIn` call.
-   * @returns
-   */
-  generateVerificationToken?: () => Promise<string>;
-  /**
-   * Normalize the phone number.
-   * @param identifier Passed as `phone` in params of `signIn`.
-   * @returns The phone number used in `sendVerificationRequest`.
-   */
-  normalizeIdentifier?: (identifier: string) => string;
-  /**
-   * Before the token is verified, check other
-   * provided parameters.
-   *
-   * Used to make sure tha OTPs are accompanied
-   * with the correct phone number.
-   */
-  authorize?: (
-  /**
-   * The values passed to the `signIn` function.
-   */
-  params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "Account">) => Promise<void>;
-  options: PhoneUserConfig<DataModel>;
-}
-/**
- * User-facing configuration shape accepted by the phone provider.
- *
- * Equivalent to `Partial<PhoneConfig>` without internal runtime-only fields.
- *
- * @typeParam DataModel - The Convex data model.
- */
-type PhoneUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<PhoneConfig<DataModel>>, "options" | "type">;
-/**
- * Credentials provider config used by Convex Auth.
- */
-type ConvexCredentialsConfig = CredentialsConfig<any> & {
-  type: "credentials";
-  id: string;
-};
-/**
- * Configuration for the passkey (WebAuthn) provider.
- */
-interface PasskeyProviderConfig {
-  id: string;
-  type: "passkey";
-  options: {
-    /** Relying Party display name. Defaults to SITE_URL hostname. */rpName?: string; /** Relying Party ID (hostname). Defaults to SITE_URL hostname. */
-    rpId?: string; /** Allowed origins for credential verification. Defaults to SITE_URL plus SECONDARY_URL. */
-    origin?: string | string[];
-    /**
-     * Attestation conveyance preference. Defaults to "none".
-     *
-     * @defaultValue "none"
-     */
-    attestation?: "none" | "direct";
-    /**
-     * User verification requirement. Defaults to "required".
-     *
-     * @defaultValue "required"
-     */
-    userVerification?: "required" | "preferred" | "discouraged";
-    /**
-     * Resident key (discoverable credential) preference. Defaults to "preferred".
-     *
-     * @defaultValue "preferred"
-     */
-    residentKey?: "required" | "preferred" | "discouraged"; /** Restrict to platform or cross-platform authenticators. */
-    authenticatorAttachment?: "platform" | "cross-platform";
-    /**
-     * Supported COSE algorithms. Defaults to [-7 (ES256), -257 (RS256)].
-     *
-     * @defaultValue [-7, -257]
-     */
-    algorithms?: number[];
-    /**
-     * Challenge expiration in ms. Defaults to 300_000 (5 minutes).
-     *
-     * @defaultValue 300_000
-     */
-    challengeExpirationMs?: number;
-  };
-}
-/**
- * Configuration for the TOTP two-factor authentication provider.
- */
-interface TotpProviderConfig {
-  id: string;
-  type: "totp";
-  options: {
-    /** Issuer name shown in authenticator apps (e.g. "My App"). */issuer: string;
-    /**
-     * Number of digits in each code (default: 6).
-     *
-     * @defaultValue 6
-     */
-    digits: number;
-    /**
-     * Time period in seconds for code rotation (default: 30).
-     *
-     * @defaultValue 30
-     */
-    period: number;
-  };
-}
-/**
- * Normalized user profile returned by an OAuth provider.
- *
- * `id` is the provider-specific account identifier (e.g. GitHub user ID).
- */
-interface OAuthProfile {
-  id: string;
-  name?: string;
-  email?: string;
-  image?: string;
-  /** Additional claims from the ID token or userinfo endpoint. */
-  [key: string]: unknown;
-}
-/** Credentials identifying a provider account (e.g. email + hashed password). */
-type AuthAccountCredentials = {
-  /** Provider-specific account identifier (e.g. email address). */id: string; /** Optional secret (e.g. hashed password). */
-  secret?: string;
-};
-/** Arguments for `auth.account.create()`. */
-type AuthCreateAccountArgs = {
-  provider: string;
-  account: AuthAccountCredentials;
-  profile: Record<string, unknown> & {
-    email?: string;
-    phone?: string;
-    emailVerified?: boolean;
-    phoneVerified?: boolean;
-  };
-  shouldLinkViaEmail?: boolean;
-  shouldLinkViaPhone?: boolean;
-};
-/** Arguments for `auth.account.get()`. */
-type AuthRetrieveAccountArgs = {
-  provider: string;
-  account: AuthAccountCredentials;
-};
-/** Arguments for `auth.account.update()`. */
-type AuthUpdateAccountArgs = {
-  provider: string;
-  account: {
-    id: string;
-    secret: string;
-  };
-};
-/** Arguments for `auth.session.invalidate()`. */
-type AuthInvalidateSessionsArgs = {
-  userId: GenericId<"User">;
-  except?: GenericId<"Session">[];
-};
-/** Arguments for `auth.provider.signIn()`. */
-type AuthProviderSignInArgs = {
-  accountId?: GenericId<"Account">;
-  params?: Record<string, Value | undefined>;
-};
-/** Return type of `auth.provider.signIn()` — user and session IDs, or `null` on failure. */
-type AuthProviderSignInResult = {
-  userId: GenericId<"User">;
-  sessionId: GenericId<"Session">;
-} | null;
-/** Arguments for `auth.member.inspect()`. */
-type AuthMemberInspectArgs = {
-  userId: GenericId<"User">;
-  groupId: GenericId<"Group">;
-  ancestry?: boolean;
-  maxDepth?: number;
-};
-/** Result of `auth.member.inspect()` — membership state and derived access details. */
-type AuthMemberInspectResult = {
-  membership: GenericDoc<GenericDataModel, "GroupMember"> | null;
-  roleIds: string[];
-  grants: string[];
-};
-/** Arguments for `auth.member.require()`. */
-type AuthMemberRequireArgs = AuthMemberInspectArgs & {
-  roleIds?: string[];
-  grants?: string[];
-};
-/**
- * Server-side auth helper methods injected into `ctx.auth` within provider actions.
- *
- * Provides programmatic access to account management, session lifecycle,
- * membership resolution, and provider sign-in from within Convex actions
- * that use {@link GenericActionCtxWithAuthConfig}.
- *
- * @see {@link GenericActionCtxWithAuthConfig}
- *
- * @example
- * ```ts
- * // Inside a credentials provider's authorize callback:
- * const { account, user } = await ctx.auth.account.get(ctx, {
- *   provider: "password",
- *   account: { id: email },
- * });
- * ```
- */
-type AuthServerHelpers = {
-  /** Account management: create, retrieve, and update provider-linked accounts. */account: {
-    create: (ctx: GenericActionCtx<any>, args: AuthCreateAccountArgs) => Promise<{
-      account: GenericDoc<GenericDataModel, "Account">;
-      user: GenericDoc<GenericDataModel, "User">;
-    }>;
-    get: (ctx: GenericActionCtx<any>, args: AuthRetrieveAccountArgs) => Promise<{
-      account: GenericDoc<GenericDataModel, "Account">;
-      user: GenericDoc<GenericDataModel, "User">;
-    }>;
-    update: (ctx: GenericActionCtx<any>, args: AuthUpdateAccountArgs) => Promise<{
-      accountId: GenericId<"Account">;
-    }>;
-  };
-  session: {
-    current: (ctx: {
-      auth: GenericActionCtx<GenericDataModel>["auth"];
-    }) => Promise<GenericId<"Session"> | null>;
-    invalidate: (ctx: GenericActionCtx<any>, args: AuthInvalidateSessionsArgs) => Promise<{
-      userId: GenericId<"User">;
-      except: GenericId<"Session">[];
-    }>;
-  };
-  member: {
-    inspect: (ctx: GenericActionCtx<any>, args: AuthMemberInspectArgs) => Promise<AuthMemberInspectResult>;
-    require: (ctx: GenericActionCtx<any>, args: AuthMemberRequireArgs) => Promise<AuthMemberInspectResult>;
-  };
-  provider: {
-    signIn: (ctx: GenericActionCtx<any>, provider: AuthProviderConfig, args: AuthProviderSignInArgs) => Promise<AuthProviderSignInResult>;
-  };
-};
-/**
- * Your `ActionCtx` enriched with `ctx.auth.config` field with
- * the config passed to `createAuth`.
- *
- * @typeParam DataModel - The Convex data model.
- */
-type GenericActionCtxWithAuthConfig<DataModel extends GenericDataModel> = GenericActionCtx<DataModel> & {
-  auth: GenericActionCtx<DataModel>["auth"] & {
-    config: ConvexAuthMaterializedConfig;
-  } & AuthServerHelpers;
-};
-/**
- * The config for the Convex Auth library, passed to `createAuth`,
- * with defaults and initialized providers.
- *
- * See {@link ConvexAuthConfig}
- */
-type ConvexAuthMaterializedConfig = {
-  providers: AuthProviderMaterializedConfig[];
-} & Pick<ConvexAuthConfig, "component" | "session" | "jwt" | "signIn" | "callbacks" | "authorization">;
-/**
- * Materialized OAuth provider config (Arctic-based).
- *
- * Carries the Arctic provider instance along with scopes and profile config.
- * Produced by materializing an `OAuthProviderInstance` during `configDefaults`.
- */
-interface OAuthMaterializedConfig {
-  /**
-   * Provider identifier (e.g. `"google"`, `"github"`).
-   * @readonly
-   */
-  readonly id: string;
-  /**
-   * Discriminant for provider type routing.
-   * @readonly
-   */
-  readonly type: "oauth";
-  /**
-   * The Arctic provider instance.
-   * @readonly
-   */
-  readonly provider: any;
-  /**
-   * OAuth scopes to request.
-   * @readonly
-   */
-  readonly scopes: string[];
-  /**
-   * User-provided profile extraction callback.
-   * @readonly
-   */
-  readonly profile?: (tokens: arctic0.OAuth2Tokens) => Promise<OAuthProfile>;
-  /**
-   * Account-linking policy for OAuth identities. Defaults to verified email linking.
-   * @readonly
-   */
-  readonly accountLinking?: "verifiedEmail" | "none";
-}
-/**
- * Device authorization provider config (RFC 8628).
- *
- * Enables input-constrained devices (CLIs, TVs, IoT) to authenticate
- * by displaying a short code that the user enters on a secondary device.
- */
-interface DeviceProviderConfig {
-  id: string;
-  type: "device";
-  /** User code character set. Default: `"BCDFGHJKLMNPQRSTVWXZ"` (base-20, no vowels). */
-  charset: string;
-  /** User code length. Default: 8. */
-  userCodeLength: number;
-  /** Device code + user code lifetime in seconds. Default: 900 (15 min). */
-  expiresIn: number;
-  /** Minimum polling interval in seconds. Default: 5. */
-  interval: number;
-  /**
-   * Base URL for the verification page (e.g. `"http://localhost:3000/device"`).
-   *
-   * This is where users go to enter the device code. If not provided,
-   * falls back to `SITE_URL + "/device"`.
-   */
-  verificationUri?: string;
-}
-/**
- * Materialized auth provider config — the fully resolved form stored at runtime.
- */
-type AuthProviderMaterializedConfig = OAuthMaterializedConfig | EmailConfig | PhoneConfig | ConvexCredentialsConfig | PasskeyProviderConfig | TotpProviderConfig | DeviceProviderConfig | SSOProviderConfig;
-/**
- * Resolves to `true` when the providers list includes `SSO`, otherwise `false`.
- *
- * Used to make `auth.sso` conditionally present on the `createAuth`
- * return type — it only appears when `new SSO()` is in the providers array.
- */
-type HasSSO<P extends AuthProviderConfig[]> = SSO extends P[number] ? true : false;
-/**
- * A single scope entry stored per API key.
- * Uses a resource:action pattern for structured permissions.
- *
- * ```ts
- * { resource: "users", actions: ["read", "list"] }
- * ```
- */
-interface KeyScope {
-  resource: string;
-  actions: string[];
-}
-/**
- * Result of scope verification. Provides a `.can()` helper
- * for checking if a key has a specific permission.
- *
- * ```ts
- * const result = await auth.key.verify(ctx, rawKey);
- * if (result.scopes.can("users", "read")) {
- *   // authorized
- * }
- * ```
- */
-interface ScopeChecker {
-  /** Check if the key has permission for a given resource:action. */
-  can(resource: string, action: string): boolean;
-  /** The raw scope entries from the key. */
-  scopes: KeyScope[];
-}
-/**
- * An API key record as returned by `auth.key.list()` and `auth.key.get()`.
- * Never includes the raw key material — only the display prefix.
- */
-interface KeyRecord {
-  /** Document ID. */
-  _id: string;
-  /** Owner user ID. */
-  userId: string;
-  /** Display prefix (e.g. `"sk_abc1"`). Safe to show in UIs. */
-  prefix: string;
-  /** Human-readable name (e.g. "CI Pipeline"). */
-  name: string;
-  /** Resource:action permissions granted to this key. */
-  scopes: KeyScope[];
-  /** Per-key rate limit, if configured. */
-  rateLimit?: {
-    maxRequests: number;
-    windowMs: number;
-  };
-  /** Expiration timestamp (ms since epoch), or `undefined` for no expiry. */
-  expiresAt?: number;
-  /** Timestamp of last successful verification, or `undefined` if never used. */
-  lastUsedAt?: number;
-  /** Creation timestamp (ms since epoch). */
-  createdAt: number;
-  /** `true` when the key has been revoked (soft-deleted). */
-  revoked: boolean;
-  /** Arbitrary app-specific metadata attached to the key. */
-  metadata?: Record<string, unknown>;
-}
-/**
- * Context injected into `auth.http.action()` and `auth.http.route()` handlers.
- *
- * The handler's `ctx` receives these fields after Bearer token verification:
- *
- * ```ts
- * auth.http.route(http, {
- *   path: "/api/data",
- *   method: "GET",
- *   handler: async (ctx, request) => {
- *     ctx.key.userId;               // owner of the API key
- *     ctx.key.keyId;                // the key document ID
- *     ctx.key.scopes.can("data", "read"); // scope check
- *   },
- * });
- * ```
- */
-interface HttpKeyContext {
-  key: {
-    /** The user ID that owns the verified API key. */userId: string; /** The API key document ID. */
-    keyId: string; /** Scope checker for the verified key's permissions. */
-    scopes: ScopeChecker;
-  };
-}
-/**
- * CORS configuration for Bearer-authenticated HTTP endpoints.
- */
-interface CorsConfig {
-  /** Allowed origin(s). Defaults to `"*"`. */
-  origin?: string;
-  /** Allowed HTTP methods. Defaults to `"GET,POST,PUT,PATCH,DELETE,OPTIONS"`. */
-  methods?: string;
-  /** Allowed request headers. Defaults to `"Content-Type,Authorization"`. */
-  headers?: string;
-}
-/**
- * Convex document from a given table.
- */
-type GenericDoc<DataModel extends GenericDataModel, TableName extends TableNamesInDataModel<DataModel>> = DocumentByName<DataModel, TableName> & {
-  _id: GenericId<TableName>;
-  _creationTime: number;
-};
-/** Data model derived from the component schema. */
-type AuthDataModel = DataModelFromSchemaDefinition<typeof _default>;
-/** A document from any table in the auth component schema. */
-type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<AuthDataModel, T>;
-/** A pair of JWT access token and refresh token. */
-type Tokens = {
-  token: string;
-  refreshToken: string;
-};
-/** Session information returned after authentication. */
-type SessionInfo = {
-  userId: GenericId<"User">;
-  sessionId: GenericId<"Session">;
-  tokens: Tokens | null;
-};
-//#endregion
-export { AuthAuthorizationConfig, AuthGrant, AuthProviderConfig, AuthRoleId, ConvexAuthConfig, ConvexCredentialsConfig, CorsConfig, DeviceProviderConfig, Doc, EmailConfig, EmailUserConfig, EnterprisePolicy, EnterprisePolicyPatch, GenericActionCtxWithAuthConfig, GenericDoc, HasSSO, HttpKeyContext, KeyRecord, KeyScope, OAuthProfile, PhoneConfig, PhoneUserConfig, ScopeChecker, SessionInfo };
-//# sourceMappingURL=types.d.ts.map