@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,361 +0,0 @@
1
- import { ConvexError } from "convex/values";
2
- import { FunctionReference } from "convex/server";
3
-
4
- //#region src/client/core/types.d.ts
5
- /**
6
- * Structural interface for any Convex client.
7
- * Satisfied by `ConvexClient` (`convex/browser`),
8
- * `ConvexReactClient` (`convex/react`), and similar transports.
9
- *
10
- * `clearAuth` is present on `ConvexReactClient` and `BaseConvexClient`
11
- * but not on the simplified `ConvexClient`. When available we call it
12
- * during sign-out for a clean deauthentication.
13
- */
14
- interface ConvexTransport {
15
- action(action: any, args: any): Promise<any>;
16
- setAuth(fetchToken: (args: {
17
- forceRefreshToken: boolean;
18
- }) => Promise<string | null | undefined>, onChange?: (isAuthenticated: boolean) => void): void;
19
- clearAuth?(): void;
20
- }
21
- /** Pluggable key-value storage (defaults to `localStorage`). */
22
- interface Storage {
23
- getItem(key: string): string | null | undefined | Promise<string | null | undefined>;
24
- setItem(key: string, value: string): void | Promise<void>;
25
- removeItem(key: string): void | Promise<void>;
26
- }
27
- /**
28
- * Device code response returned when signing in with the `"device"` provider.
29
- *
30
- * The device displays the `userCode` (or `verificationUriComplete`) and
31
- * polls via `auth.device.poll()` until the user authorizes.
32
- */
33
- type DeviceCodeResult = {
34
- /** High-entropy device code used for polling (keep secret). */deviceCode: string; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
35
- userCode: string; /** Base verification URL (e.g. "https://myapp.com/device"). */
36
- verificationUri: string; /** Verification URL with user code pre-filled as `?code=XXXX-XXXX`. */
37
- verificationUriComplete: string; /** Lifetime of the codes in seconds. */
38
- expiresIn: number; /** Minimum polling interval in seconds. */
39
- interval: number;
40
- };
41
- /**
42
- * Result of a `signIn` call.
43
- *
44
- * - `kind: "signedIn"` — credentials were accepted and the user is authenticated.
45
- * - `kind: "redirect"` — OAuth flow initiated; redirect the user to `redirect.toString()`.
46
- * - `kind: "totpRequired"` — credentials valid but 2FA is needed; call `auth.totp.verify()`.
47
- * - `kind: "deviceCode"` — device flow initiated; display the code and poll via `auth.device.poll()`.
48
- * - `kind: "started"` — a non-immediate flow started (for example email/phone verification).
49
- *
50
- * @see {@link AuthState}
51
- */
52
- type SignInResult = {
53
- kind: "signedIn";
54
- } | {
55
- kind: "redirect";
56
- redirect: URL;
57
- verifier: string;
58
- } | {
59
- kind: "totpRequired";
60
- verifier: string;
61
- } | {
62
- kind: "deviceCode";
63
- deviceCode: DeviceCodeResult;
64
- } | {
65
- kind: "started";
66
- };
67
- /**
68
- * Reactive auth state snapshot returned by `auth.state` and `auth.onChange`.
69
- *
70
- * @see {@link SignInResult}
71
- */
72
- type AuthState = {
73
- /** High-level auth phase for deterministic UI state handling. */phase: "loading" | "handshake" | "authenticated" | "unauthenticated"; /** `true` during initial hydration before the first token is resolved. */
74
- isLoading: boolean; /** `true` only after Convex confirms authentication with the backend. */
75
- isAuthenticated: boolean; /** The raw JWT string, or `null` when not authenticated. */
76
- token: string | null;
77
- };
78
- /**
79
- * Typed Convex API references for the auth functions.
80
- * Pass these from your generated `api` object.
81
- *
82
- * @typeParam HasPasskey - Whether the passkey provider is configured.
83
- * @typeParam HasTotp - Whether the TOTP provider is configured.
84
- * @typeParam HasDevice - Whether the device provider is configured.
85
- */
86
- type AuthApiRefs<HasPasskey extends boolean = boolean, HasTotp extends boolean = boolean, HasDevice extends boolean = boolean> = {
87
- signIn: FunctionReference<"action", "public", any, any>;
88
- signOut: FunctionReference<"action", "public", any, any>;
89
- store: FunctionReference<"mutation", "public", any, any>;
90
- };
91
- /**
92
- * Passkey (WebAuthn) client-side helpers.
93
- *
94
- * @see {@link TotpClient}
95
- * @see {@link DeviceClient}
96
- */
97
- interface PasskeyClient {
98
- /**
99
- * Check whether the current runtime exposes WebAuthn passkey APIs.
100
- *
101
- * @returns `true` when `navigator.credentials` is available.
102
- *
103
- * @example
104
- * ```ts
105
- * if (auth.passkey.isSupported()) {
106
- * // Show passkey registration button
107
- * }
108
- * ```
109
- */
110
- isSupported(): boolean;
111
- /**
112
- * Check whether conditional mediation (autofill-style passkeys) is available.
113
- *
114
- * @returns `true` when the browser supports `PublicKeyCredential.isConditionalMediationAvailable`.
115
- *
116
- * @example
117
- * ```ts
118
- * if (await auth.passkey.isAutofillSupported()) {
119
- * await auth.passkey.authenticate({ autofill: true });
120
- * }
121
- * ```
122
- */
123
- isAutofillSupported(): Promise<boolean>;
124
- /**
125
- * Start a passkey registration flow and complete the WebAuthn ceremony.
126
- *
127
- * Creates a new credential bound to the current user's account.
128
- *
129
- * @param opts - Optional registration hints.
130
- * @param opts.name - Human-readable name for the passkey (e.g. `"MacBook Pro"`).
131
- * @param opts.email - Email hint for discoverable credentials.
132
- * @param opts.userName - WebAuthn `user.name` override.
133
- * @param opts.userDisplayName - WebAuthn `user.displayName` override.
134
- * @returns A {@link SignInResult} — typically `{ kind: "signedIn" }` on success.
135
- *
136
- * @example
137
- * ```ts
138
- * const result = await auth.passkey.register({ name: "My laptop" });
139
- * ```
140
- */
141
- register(opts?: Record<string, any>): Promise<SignInResult>;
142
- /**
143
- * Authenticate with an existing passkey and complete the WebAuthn ceremony.
144
- *
145
- * @param opts - Optional authentication hints.
146
- * @param opts.email - Email hint to filter discoverable credentials.
147
- * @param opts.autofill - Set to `true` for conditional UI (autofill) mode.
148
- * @returns A {@link SignInResult} — typically `{ kind: "signedIn" }` on success.
149
- *
150
- * @example
151
- * ```ts
152
- * const result = await auth.passkey.authenticate();
153
- * ```
154
- */
155
- authenticate(opts?: Record<string, any>): Promise<SignInResult>;
156
- }
157
- /**
158
- * TOTP two-factor authentication client-side helpers.
159
- *
160
- * @see {@link PasskeyClient}
161
- * @see {@link DeviceClient}
162
- */
163
- interface TotpClient {
164
- /**
165
- * Start TOTP enrollment and return the setup URI, secret, verifier, and factor ID.
166
- *
167
- * The returned `uri` is an `otpauth://` URL that can be rendered as a QR code
168
- * for the user to scan with their authenticator app.
169
- *
170
- * @param opts - Optional setup hints.
171
- * @param opts.name - Issuer name shown in the authenticator app.
172
- * @param opts.accountName - Account label in the authenticator app.
173
- * @returns An object with `{ uri, secret, verifier, totpId }`.
174
- *
175
- * @example
176
- * ```ts
177
- * const { uri, secret, verifier, totpId } = await auth.totp.setup();
178
- * // Render `uri` as a QR code, then confirm:
179
- * await auth.totp.confirm({ code: userCode, verifier, totpId });
180
- * ```
181
- */
182
- setup(opts?: Record<string, any>): Promise<Record<string, any>>;
183
- /**
184
- * Confirm a newly created TOTP factor with the first authenticator code.
185
- *
186
- * Call this after the user scans the QR code and enters the first OTP.
187
- *
188
- * @param opts - Confirmation parameters.
189
- * @param opts.code - The 6-digit TOTP code from the authenticator app.
190
- * @param opts.verifier - The verifier string returned by {@link TotpClient.setup}.
191
- * @param opts.totpId - The factor ID returned by {@link TotpClient.setup}.
192
- *
193
- * @example
194
- * ```ts
195
- * await auth.totp.confirm({ code: "123456", verifier, totpId });
196
- * ```
197
- */
198
- confirm(opts: Record<string, any>): Promise<void>;
199
- /**
200
- * Complete a sign-in that is waiting on TOTP verification.
201
- *
202
- * Called when `signIn()` returns `{ kind: "totpRequired" }`.
203
- *
204
- * @param opts - Verification parameters.
205
- * @param opts.code - The 6-digit TOTP code from the authenticator app.
206
- * @param opts.verifier - The verifier string from the `totpRequired` result.
207
- *
208
- * @example
209
- * ```ts
210
- * const result = await auth.signIn("password", { email, password });
211
- * if (result.kind === "totpRequired") {
212
- * await auth.totp.verify({ code: totpCode, verifier: result.verifier });
213
- * }
214
- * ```
215
- */
216
- verify(opts: Record<string, any>): Promise<void>;
217
- }
218
- /**
219
- * Device authorization (RFC 8628) client-side helpers.
220
- *
221
- * @see {@link PasskeyClient}
222
- * @see {@link TotpClient}
223
- */
224
- interface DeviceClient {
225
- /**
226
- * Poll until a device flow is approved or expires.
227
- *
228
- * Polls the server at the interval specified in the {@link DeviceCodeResult}
229
- * until the user authorizes the device or the code expires.
230
- *
231
- * @param opts - Poll options.
232
- * @param opts.code - The {@link DeviceCodeResult} returned from `signIn("device")`.
233
- * @throws `ConvexError({ code: "DEVICE_CODE_EXPIRED" })` when the code expires before authorization.
234
- *
235
- * @example
236
- * ```ts
237
- * const result = await auth.signIn("device");
238
- * if (result.kind === "deviceCode") {
239
- * // Display result.deviceCode.userCode to the user
240
- * await auth.device.poll({ code: result.deviceCode });
241
- * console.log("Device authorized!");
242
- * }
243
- * ```
244
- */
245
- poll(opts: {
246
- code: DeviceCodeResult;
247
- }): Promise<void>;
248
- /**
249
- * Approve a device flow from the verification page using the displayed user code.
250
- *
251
- * Call this on the authorization page where the user enters the short code
252
- * shown on the device screen.
253
- *
254
- * @param opts - Verification options.
255
- * @param opts.code - The user code string (e.g. `"WDJB-MJHT"`).
256
- * @throws `ConvexError({ code: "DEVICE_AUTHORIZATION_FAILED" })` when verification fails.
257
- *
258
- * @example
259
- * ```ts
260
- * await auth.device.verify({ code: "WDJB-MJHT" });
261
- * ```
262
- */
263
- verify(opts: {
264
- code: string;
265
- }): Promise<void>;
266
- }
267
- /**
268
- * Extract capability flags from an AuthApiRefs type.
269
- *
270
- * @typeParam Api - An AuthApiRefs type to extract capability flags from.
271
- */
272
- type InferCaps<Api extends AuthApiRefs<boolean, boolean, boolean>> = Api extends AuthApiRefs<infer P, infer T, infer D> ? {
273
- passkey: P;
274
- totp: T;
275
- device: D;
276
- } : {
277
- passkey: boolean;
278
- totp: boolean;
279
- device: boolean;
280
- };
281
- /** Pending invite detected from URL or recovered from storage after redirect. */
282
- interface PendingInvite {
283
- /**
284
- * Raw one-time invite token. Pass to your invite acceptance mutation.
285
- * @readonly
286
- */
287
- readonly token: string;
288
- /**
289
- * Invite email from the URL or stored redirect state, if available.
290
- * @readonly
291
- */
292
- readonly email: string | null;
293
- /**
294
- * Consume the invite: clears storage/URL params and returns the token.
295
- *
296
- * @returns The invite token.
297
- * @throws When there is no pending invite to accept.
298
- */
299
- accept(): Promise<{
300
- token: string;
301
- }>;
302
- }
303
- /** Base auth client — always present. */
304
- interface AuthClientBase {
305
- /**
306
- * Reactive auth state snapshot.
307
- * @readonly
308
- */
309
- readonly state: AuthState;
310
- /** SSR-safe query-param reader. */
311
- param: (name: string) => string | null;
312
- /**
313
- * Pending invite recovered from the URL or storage, if present.
314
- * @readonly
315
- */
316
- readonly invite: PendingInvite | null;
317
- /** Start a sign-in flow for a provider. */
318
- signIn: (provider: string, params?: Record<string, any>) => Promise<SignInResult>;
319
- /** Sign out and clear local auth state. */
320
- signOut: () => Promise<void>;
321
- /** Subscribe to auth state changes. Returns an unsubscribe function. */
322
- onChange: (callback: (state: AuthState) => void) => () => void;
323
- /** Tear down listeners and reject in-flight handshakes. */
324
- destroy: () => void;
325
- }
326
- /**
327
- * Auth client return type — conditionally includes `passkey`, `totp`, and
328
- * `device` helpers based on the capabilities in the `AuthApiRefs` type.
329
- *
330
- * @typeParam Api - An AuthApiRefs type that determines which factor helpers are included.
331
- */
332
- type AuthClient<Api extends AuthApiRefs<boolean, boolean, boolean> = AuthApiRefs> = AuthClientBase & (InferCaps<Api>["passkey"] extends true ? {
333
- passkey: PasskeyClient;
334
- } : {}) & (InferCaps<Api>["totp"] extends true ? {
335
- totp: TotpClient;
336
- } : {}) & (InferCaps<Api>["device"] extends true ? {
337
- device: DeviceClient;
338
- } : {});
339
- /**
340
- * Options for {@link client}.
341
- *
342
- * @typeParam Api - An AuthApiRefs type.
343
- */
344
- type ClientOptions<Api extends AuthApiRefs<boolean, boolean, boolean> = AuthApiRefs> = {
345
- /** Any Convex client implementation used to run auth actions. */convex: ConvexTransport; /** Typed auth function refs from your generated `api` object. */
346
- api?: Api; /** Explicit Convex deployment URL when it cannot be inferred from the client. */
347
- url?: string;
348
- /**
349
- * Storage backend for persisted tokens; defaults to `localStorage` in SPA mode.
350
- *
351
- * @defaultValue localStorage
352
- */
353
- storage?: Storage | null; /** Override how OAuth code cleanup updates the current URL. */
354
- replaceUrl?: (relativeUrl: string) => void | Promise<void>; /** SSR proxy endpoint used instead of direct Convex auth calls. */
355
- proxyPath?: string; /** Server-provided JWT seed used for flash-free SSR hydration. */
356
- tokenSeed?: string | null; /** SSR-safe URL source for reading query parameters. */
357
- location?: URL | (() => URL | null);
358
- };
359
- //#endregion
360
- export { AuthApiRefs, AuthClient, AuthState, ClientOptions, DeviceClient, DeviceCodeResult, PasskeyClient, PendingInvite, SignInResult, Storage, TotpClient };
361
- //# sourceMappingURL=types.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"types.d.ts","names":[],"sources":["../../src/client/core/types.ts"],"mappings":";;;;;;AAYA;;;;;;;UAAiB,eAAA;EACf,MAAA,CAAO,MAAA,OAAa,IAAA,QAAY,OAAA;EAChC,OAAA,CACE,UAAA,GAAa,IAAA;IACX,iBAAA;EAAA,MACI,OAAA,6BACN,QAAA,IAAY,eAAA;EAEd,SAAA;AAAA;;UAIe,OAAA;EACf,OAAA,CACE,GAAA,uCAC6B,OAAA;EAC/B,OAAA,CAAQ,GAAA,UAAa,KAAA,kBAAuB,OAAA;EAC5C,UAAA,CAAW,GAAA,kBAAqB,OAAA;AAAA;;;;;;;KAqCtB,gBAAA;EA+BF,+DA7BR,UAAA,UAoCmB;EAlCnB,QAAA,UAkCmB;EAhCnB,eAAA,UAoCA;EAlCA,uBAAA,UAsCA;EApCA,SAAA,UAoCK;EAlCL,QAAA;AAAA;;;;;;;;;;;;KAcU,YAAA;EACN,IAAA;AAAA;EACA,IAAA;EAAkB,QAAA,EAAU,GAAA;EAAK,QAAA;AAAA;EACjC,IAAA;EAAsB,QAAA;AAAA;EACtB,IAAA;EAAoB,UAAA,EAAY,gBAAA;AAAA;EAChC,IAAA;AAAA;;;;;;KAOM,SAAA;EAuFV,iEArFA,KAAA,iEAqFS;EAnFT,SAAA,WAmF8C;EAjF9C,eAAA,WAgGoB;EA9FpB,KAAA;AAAA;;;;AAuGF;;;;;KA5FY,WAAA;EAKV,MAAA,EAAQ,iBAAA;EACR,OAAA,EAAS,iBAAA;EACT,KAAA,EAAO,iBAAA;AAAA;;;;;;;UAeQ,aAAA;EA0Gf;;;;;;;;;;AA4BF;;EAzHE,WAAA;EA8ImB;;;;;;;;;;;;EAhInB,mBAAA,IAAuB,OAAA;EAiJS;;;AAQlC;;;;;;;;;;;;;;EAtIE,QAAA,CAAS,IAAA,GAAO,MAAA,gBAAsB,OAAA,CAAQ,YAAA;EAuIhB;;;;;;;;;;;;;EAxH9B,YAAA,CAAa,IAAA,GAAO,MAAA,gBAAsB,OAAA,CAAQ,YAAA;AAAA;;;;;;;UASnC,UAAA;EAqIK;;;AAItB;;;;;;;;;;;;;;;EAtHE,KAAA,CAAM,IAAA,GAAO,MAAA,gBAAsB,OAAA,CAAQ,MAAA;EAkIlC;;;;;;;;;;;;;;;EAjHT,OAAA,CAAQ,IAAA,EAAM,MAAA,gBAAsB,OAAA;EA4H7B;AAST;;;;;;;;;;;;;;;;EAlHE,MAAA,CAAO,IAAA,EAAM,MAAA,gBAAsB,OAAA;AAAA;;;;;;;UASpB,YAAA;EA6Gd;;;;;;;;;;AAQH;;;;;;;;;;EAhGE,IAAA,CAAK,IAAA;IAAQ,IAAA,EAAM,gBAAA;EAAA,IAAqB,OAAA;EAiGxC;;;;;;;;;;;;;;;EAhFA,MAAA,CAAO,IAAA;IAAQ,IAAA;EAAA,IAAiB,OAAA;AAAA;;;;;;KAQtB,SAAA,aAAsB,WAAA,+BAChC,GAAA,SAAY,WAAA;EACN,OAAA,EAAS,CAAA;EAAG,IAAA,EAAM,CAAA;EAAG,MAAA,EAAQ,CAAA;AAAA;EAC7B,OAAA;EAAkB,IAAA;EAAe,MAAA;AAAA;;UAGxB,aAAA;;;;;WAKN,KAAA;;;;;WAKA,KAAA;;;;;;;EAOT,MAAA,IAAU,OAAA;IAAU,KAAA;EAAA;AAAA;;UAIL,cAAA;;;;;WAKN,KAAA,EAAO,SAAA;;EAEhB,KAAA,GAAQ,IAAA;;;;;WAKC,MAAA,EAAQ,aAAA;;EAEjB,MAAA,GACE,QAAA,UACA,MAAA,GAAS,MAAA,kBACN,OAAA,CAAQ,YAAA;;EAEb,OAAA,QAAe,OAAA;;EAEf,QAAA,GAAW,QAAA,GAAW,KAAA,EAAO,SAAA;;EAE7B,OAAA;AAAA;;;;;;;KASU,UAAA,aACE,WAAA,8BAAyC,WAAA,IACnD,cAAA,IACD,SAAA,CAAU,GAAA;EAAiC,OAAA,EAAS,aAAA;AAAA,WACpD,SAAA,CAAU,GAAA;EAA8B,IAAA,EAAM,UAAA;AAAA,WAC9C,SAAA,CAAU,GAAA;EAAgC,MAAA,EAAQ,YAAA;AAAA;;;;;;KAOzC,aAAA,aACE,WAAA,8BAAyC,WAAA;mEAGrD,MAAA,EAAQ,eAAA;EAER,GAAA,GAAM,GAAA;EAEN,GAAA;;;;;;EAMA,OAAA,GAAU,OAAA;EAEV,UAAA,IAAc,WAAA,oBAA+B,OAAA;EAE7C,SAAA;EAEA,SAAA;EAEA,QAAA,GAAW,GAAA,UAAa,GAAA;AAAA"}
@@ -1,104 +0,0 @@
1
- import { Fx } from "@robelest/fx";
2
- import { ConvexError } from "convex/values";
3
-
4
- //#region src/client/factors/device.ts
5
- /** @internal */
6
- function createDeviceClient(deps) {
7
- const { proxy, convex, requireApiRefs, proxyFetch, setTokenAndMaybeWait } = deps;
8
- return {
9
- poll: async (opts) => {
10
- const { code } = opts;
11
- const intervalMs = code.interval * 1e3;
12
- const expiresAt = Date.now() + code.expiresIn * 1e3;
13
- while (Date.now() < expiresAt) {
14
- await new Promise((resolve) => setTimeout(resolve, intervalMs));
15
- const pollResult = await Fx.run(Fx.from({
16
- ok: async () => {
17
- let result;
18
- const params = {
19
- flow: "poll",
20
- deviceCode: code.deviceCode
21
- };
22
- if (proxy) result = await proxyFetch({
23
- action: "auth:signIn",
24
- args: {
25
- provider: "device",
26
- params
27
- }
28
- });
29
- else result = await convex.action(requireApiRefs().signIn, {
30
- provider: "device",
31
- params
32
- });
33
- return result;
34
- },
35
- err: (e) => e
36
- }).pipe(Fx.recover((e) => {
37
- const dispatch = e instanceof ConvexError ? { tag: e.data?.code === "DEVICE_AUTHORIZATION_PENDING" ? "continue" : e.data?.code === "DEVICE_SLOW_DOWN" ? "slowDown" : "fatal" } : { tag: "fatal" };
38
- return Fx.match(dispatch, dispatch.tag, {
39
- continue: () => Fx.succeed({ _poll: "continue" }),
40
- slowDown: () => Fx.succeed({ _poll: "slow_down" }),
41
- fatal: () => Fx.fatal(e)
42
- });
43
- })));
44
- if ("_poll" in pollResult) {
45
- if (pollResult._poll === "slow_down") await new Promise((resolve) => setTimeout(resolve, intervalMs));
46
- continue;
47
- }
48
- if (pollResult.tokens) {
49
- if (proxy) await setTokenAndMaybeWait({
50
- shouldStore: false,
51
- tokens: pollResult.tokens === null ? null : { token: pollResult.tokens.token },
52
- waitForHandshake: true,
53
- context: {
54
- provider: "device",
55
- flow: "poll"
56
- }
57
- });
58
- else await setTokenAndMaybeWait({
59
- shouldStore: true,
60
- tokens: pollResult.tokens ?? null,
61
- waitForHandshake: true,
62
- context: {
63
- provider: "device",
64
- flow: "poll"
65
- }
66
- });
67
- return;
68
- }
69
- }
70
- throw new ConvexError({
71
- code: "DEVICE_CODE_EXPIRED",
72
- message: "Device code expired before authorization was completed."
73
- });
74
- },
75
- verify: async (opts) => {
76
- const params = {
77
- flow: "verify",
78
- userCode: opts.code
79
- };
80
- try {
81
- if (proxy) await proxyFetch({
82
- action: "auth:signIn",
83
- args: {
84
- provider: "device",
85
- params
86
- }
87
- });
88
- else await convex.action(requireApiRefs().signIn, {
89
- provider: "device",
90
- params
91
- });
92
- } catch (e) {
93
- throw new ConvexError({
94
- code: "DEVICE_AUTHORIZATION_FAILED",
95
- message: e instanceof Error ? e.message : "Invalid or expired code."
96
- });
97
- }
98
- }
99
- };
100
- }
101
-
102
- //#endregion
103
- export { createDeviceClient };
104
- //# sourceMappingURL=device.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"device.js","names":[],"sources":["../../src/client/factors/device.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { ConvexError } from \"convex/values\";\n\nimport type {\n AuthSession,\n ConvexTransport,\n DeviceClient,\n DeviceCodeResult,\n} from \"../core/types\";\n\ntype DeviceDeps = {\n proxy: string | undefined;\n convex: ConvexTransport;\n requireApiRefs: () => { signIn: any };\n proxyFetch: (body: Record<string, unknown>) => Promise<any>;\n setTokenAndMaybeWait: (\n args:\n | {\n shouldStore: true;\n tokens: AuthSession | null;\n waitForHandshake: boolean;\n context: { provider?: string; flow: string };\n }\n | {\n shouldStore: false;\n tokens: { token: string } | null;\n waitForHandshake: boolean;\n context: { provider?: string; flow: string };\n },\n ) => Promise<boolean>;\n};\n\n/** @internal */\nexport function createDeviceClient(deps: DeviceDeps): DeviceClient {\n const { proxy, convex, requireApiRefs, proxyFetch, setTokenAndMaybeWait } =\n deps;\n\n return {\n poll: async (opts: { code: DeviceCodeResult }): Promise<void> => {\n const { code } = opts;\n const intervalMs = code.interval * 1000;\n const expiresAt = Date.now() + code.expiresIn * 1000;\n\n while (Date.now() < expiresAt) {\n await new Promise((resolve) => setTimeout(resolve, intervalMs));\n\n const pollResult = await Fx.run(\n Fx.from({\n ok: async () => {\n let result: any;\n const params: Record<string, any> = {\n flow: \"poll\",\n deviceCode: code.deviceCode,\n };\n\n if (proxy) {\n result = await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"device\", params },\n });\n } else {\n result = await convex.action(requireApiRefs().signIn, {\n provider: \"device\",\n params,\n });\n }\n\n return result;\n },\n err: (e) => e,\n }).pipe(\n Fx.recover((e: unknown) => {\n const dispatch =\n e instanceof ConvexError\n ? {\n tag:\n (e.data as Record<string, unknown> | undefined)\n ?.code === \"DEVICE_AUTHORIZATION_PENDING\"\n ? \"continue\"\n : (e.data as Record<string, unknown> | undefined)\n ?.code === \"DEVICE_SLOW_DOWN\"\n ? \"slowDown\"\n : \"fatal\",\n }\n : ({ tag: \"fatal\" } as const);\n\n return Fx.match(dispatch, dispatch.tag, {\n continue: () => Fx.succeed({ _poll: \"continue\" as const }),\n slowDown: () => Fx.succeed({ _poll: \"slow_down\" as const }),\n fatal: () => Fx.fatal(e),\n });\n }),\n ),\n );\n\n if (\"_poll\" in pollResult) {\n if (pollResult._poll === \"slow_down\") {\n await new Promise((resolve) => setTimeout(resolve, intervalMs));\n }\n continue;\n }\n\n if (pollResult.tokens) {\n if (proxy) {\n await setTokenAndMaybeWait({\n shouldStore: false,\n tokens:\n pollResult.tokens === null\n ? null\n : { token: pollResult.tokens.token },\n waitForHandshake: true,\n context: { provider: \"device\", flow: \"poll\" },\n });\n } else {\n await setTokenAndMaybeWait({\n shouldStore: true,\n tokens: (pollResult.tokens as AuthSession | null) ?? null,\n waitForHandshake: true,\n context: { provider: \"device\", flow: \"poll\" },\n });\n }\n return;\n }\n }\n\n throw new ConvexError({\n code: \"DEVICE_CODE_EXPIRED\",\n message: \"Device code expired before authorization was completed.\",\n });\n },\n\n verify: async (opts: { code: string }): Promise<void> => {\n const params: Record<string, any> = {\n flow: \"verify\",\n userCode: opts.code,\n };\n\n try {\n if (proxy) {\n await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"device\", params },\n });\n } else {\n await convex.action(requireApiRefs().signIn, {\n provider: \"device\",\n params,\n });\n }\n } catch (e: unknown) {\n throw new ConvexError({\n code: \"DEVICE_AUTHORIZATION_FAILED\",\n message: e instanceof Error ? e.message : \"Invalid or expired code.\",\n });\n }\n },\n };\n}\n"],"mappings":";;;;;AAiCA,SAAgB,mBAAmB,MAAgC;CACjE,MAAM,EAAE,OAAO,QAAQ,gBAAgB,YAAY,yBACjD;AAEF,QAAO;EACL,MAAM,OAAO,SAAoD;GAC/D,MAAM,EAAE,SAAS;GACjB,MAAM,aAAa,KAAK,WAAW;GACnC,MAAM,YAAY,KAAK,KAAK,GAAG,KAAK,YAAY;AAEhD,UAAO,KAAK,KAAK,GAAG,WAAW;AAC7B,UAAM,IAAI,SAAS,YAAY,WAAW,SAAS,WAAW,CAAC;IAE/D,MAAM,aAAa,MAAM,GAAG,IAC1B,GAAG,KAAK;KACN,IAAI,YAAY;MACd,IAAI;MACJ,MAAM,SAA8B;OAClC,MAAM;OACN,YAAY,KAAK;OAClB;AAED,UAAI,MACF,UAAS,MAAM,WAAW;OACxB,QAAQ;OACR,MAAM;QAAE,UAAU;QAAU;QAAQ;OACrC,CAAC;UAEF,UAAS,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;OACpD,UAAU;OACV;OACD,CAAC;AAGJ,aAAO;;KAET,MAAM,MAAM;KACb,CAAC,CAAC,KACD,GAAG,SAAS,MAAe;KACzB,MAAM,WACJ,aAAa,cACT,EACE,KACG,EAAE,MACC,SAAS,iCACT,aACC,EAAE,MACG,SAAS,qBACb,aACA,SACT,GACA,EAAE,KAAK,SAAS;AAEvB,YAAO,GAAG,MAAM,UAAU,SAAS,KAAK;MACtC,gBAAgB,GAAG,QAAQ,EAAE,OAAO,YAAqB,CAAC;MAC1D,gBAAgB,GAAG,QAAQ,EAAE,OAAO,aAAsB,CAAC;MAC3D,aAAa,GAAG,MAAM,EAAE;MACzB,CAAC;MACF,CACH,CACF;AAED,QAAI,WAAW,YAAY;AACzB,SAAI,WAAW,UAAU,YACvB,OAAM,IAAI,SAAS,YAAY,WAAW,SAAS,WAAW,CAAC;AAEjE;;AAGF,QAAI,WAAW,QAAQ;AACrB,SAAI,MACF,OAAM,qBAAqB;MACzB,aAAa;MACb,QACE,WAAW,WAAW,OAClB,OACA,EAAE,OAAO,WAAW,OAAO,OAAO;MACxC,kBAAkB;MAClB,SAAS;OAAE,UAAU;OAAU,MAAM;OAAQ;MAC9C,CAAC;SAEF,OAAM,qBAAqB;MACzB,aAAa;MACb,QAAS,WAAW,UAAiC;MACrD,kBAAkB;MAClB,SAAS;OAAE,UAAU;OAAU,MAAM;OAAQ;MAC9C,CAAC;AAEJ;;;AAIJ,SAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACV,CAAC;;EAGJ,QAAQ,OAAO,SAA0C;GACvD,MAAM,SAA8B;IAClC,MAAM;IACN,UAAU,KAAK;IAChB;AAED,OAAI;AACF,QAAI,MACF,OAAM,WAAW;KACf,QAAQ;KACR,MAAM;MAAE,UAAU;MAAU;MAAQ;KACrC,CAAC;QAEF,OAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;KAC3C,UAAU;KACV;KACD,CAAC;YAEG,GAAY;AACnB,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SAAS,aAAa,QAAQ,EAAE,UAAU;KAC3C,CAAC;;;EAGP"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"passkey.js","names":[],"sources":["../../src/client/factors/passkey.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\n\nimport type {\n AuthSession,\n ConvexTransport,\n PasskeyClient,\n SignInActionResult,\n SignInResult,\n} from \"../core/types\";\nimport { base64urlDecode, base64urlEncode } from \"../runtime/browser\";\n\ntype PasskeyDeps = {\n proxy: string | undefined;\n convex: ConvexTransport;\n requireApiRefs: () => { signIn: any };\n proxyFetch: (body: Record<string, unknown>) => Promise<any>;\n setTokenAndMaybeWait: (\n args:\n | {\n shouldStore: true;\n tokens: AuthSession | null;\n waitForHandshake: boolean;\n context: { provider?: string; flow: string };\n }\n | {\n shouldStore: false;\n tokens: { token: string } | null;\n waitForHandshake: boolean;\n context: { provider?: string; flow: string };\n },\n ) => Promise<boolean>;\n};\n\n/** @internal */\nexport function createPasskeyClient(deps: PasskeyDeps): PasskeyClient {\n const { proxy, convex, requireApiRefs, proxyFetch, setTokenAndMaybeWait } =\n deps;\n\n const handleSignedInResult = async (\n result: SignInActionResult,\n flow: string,\n ): Promise<SignInResult> => {\n return Fx.run(\n Fx.match(result, result.kind, {\n signedIn: (signedInResult) =>\n Fx.promise(async () => {\n const signingIn = await setTokenAndMaybeWait(\n proxy\n ? {\n shouldStore: false as const,\n tokens:\n signedInResult.tokens === null\n ? null\n : { token: signedInResult.tokens.token },\n waitForHandshake: true,\n context: { provider: \"passkey\", flow },\n }\n : {\n shouldStore: true as const,\n tokens: signedInResult.tokens,\n waitForHandshake: true,\n context: { provider: \"passkey\", flow },\n },\n );\n return signingIn\n ? ({ kind: \"signedIn\" as const } as SignInResult)\n : ({ kind: \"started\" as const } as SignInResult);\n }),\n redirect: () => Fx.succeed({ kind: \"started\" as const }),\n started: () => Fx.succeed({ kind: \"started\" as const }),\n passkeyOptions: () => Fx.succeed({ kind: \"started\" as const }),\n totpRequired: () => Fx.succeed({ kind: \"started\" as const }),\n totpSetup: () => Fx.succeed({ kind: \"started\" as const }),\n deviceCode: () => Fx.succeed({ kind: \"started\" as const }),\n }),\n );\n };\n\n return {\n isSupported: (): boolean => {\n return (\n typeof window !== \"undefined\" &&\n typeof window.PublicKeyCredential !== \"undefined\"\n );\n },\n\n isAutofillSupported: async (): Promise<boolean> => {\n if (typeof window === \"undefined\") return false;\n if (typeof window.PublicKeyCredential === \"undefined\") return false;\n if (\n typeof (window.PublicKeyCredential as any)\n .isConditionalMediationAvailable !== \"function\"\n ) {\n return false;\n }\n return (\n window.PublicKeyCredential as any\n ).isConditionalMediationAvailable();\n },\n\n register: async (opts?: {\n name?: string;\n email?: string;\n userName?: string;\n userDisplayName?: string;\n }): Promise<SignInResult> => {\n const phase1Params = {\n flow: \"registerOptions\",\n email: opts?.email,\n userName: opts?.userName,\n userDisplayName: opts?.userDisplayName,\n };\n\n let phase1Result: SignInActionResult;\n if (proxy) {\n phase1Result = (await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"passkey\", params: phase1Params },\n })) as SignInActionResult;\n } else {\n phase1Result = (await convex.action(requireApiRefs().signIn, {\n provider: \"passkey\",\n params: phase1Params,\n })) as SignInActionResult;\n }\n\n if (phase1Result.kind !== \"passkeyOptions\") {\n throw new Error(\"Server did not return passkey registration options\");\n }\n\n const options = phase1Result.options;\n const createOptions: CredentialCreationOptions = {\n publicKey: {\n rp: options.rp,\n user: {\n id: base64urlDecode(options.user.id).buffer as ArrayBuffer,\n name: options.user.name,\n displayName: options.user.displayName,\n },\n challenge: base64urlDecode(options.challenge).buffer as ArrayBuffer,\n pubKeyCredParams: options.pubKeyCredParams,\n timeout: options.timeout,\n attestation: options.attestation,\n authenticatorSelection: options.authenticatorSelection,\n excludeCredentials: (options.excludeCredentials ?? []).map(\n (cred: any) => ({\n type: cred.type ?? \"public-key\",\n id: base64urlDecode(cred.id).buffer as ArrayBuffer,\n transports: cred.transports,\n }),\n ),\n },\n };\n\n const credential = (await navigator.credentials.create(\n createOptions,\n )) as PublicKeyCredential | null;\n if (!credential) {\n throw new Error(\"Passkey registration was cancelled\");\n }\n\n const response = credential.response as AuthenticatorAttestationResponse;\n const transports =\n typeof response.getTransports === \"function\"\n ? response.getTransports()\n : undefined;\n\n const phase2Params = {\n flow: \"registerVerify\",\n clientDataJSON: base64urlEncode(response.clientDataJSON),\n attestationObject: base64urlEncode(response.attestationObject),\n transports,\n passkeyName: opts?.name,\n email: opts?.email,\n };\n\n let phase2Result: SignInActionResult;\n if (proxy) {\n phase2Result = (await proxyFetch({\n action: \"auth:signIn\",\n args: {\n provider: \"passkey\",\n params: phase2Params,\n verifier: phase1Result.verifier,\n },\n })) as SignInActionResult;\n } else {\n phase2Result = (await convex.action(requireApiRefs().signIn, {\n provider: \"passkey\",\n params: phase2Params,\n verifier: phase1Result.verifier,\n })) as SignInActionResult;\n }\n\n return handleSignedInResult(phase2Result, \"registerVerify\");\n },\n\n authenticate: async (opts?: {\n email?: string;\n autofill?: boolean;\n }): Promise<SignInResult> => {\n const phase1Params = {\n flow: \"authOptions\",\n email: opts?.email,\n };\n\n let phase1Result: SignInActionResult;\n if (proxy) {\n phase1Result = (await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"passkey\", params: phase1Params },\n })) as SignInActionResult;\n } else {\n phase1Result = (await convex.action(requireApiRefs().signIn, {\n provider: \"passkey\",\n params: phase1Params,\n })) as SignInActionResult;\n }\n\n if (phase1Result.kind !== \"passkeyOptions\") {\n throw new Error(\"Server did not return passkey authentication options\");\n }\n\n const options = phase1Result.options;\n const getOptions: CredentialRequestOptions = {\n publicKey: {\n challenge: base64urlDecode(options.challenge).buffer as ArrayBuffer,\n timeout: options.timeout,\n rpId: options.rpId,\n userVerification: options.userVerification,\n allowCredentials: (options.allowCredentials ?? []).map(\n (cred: any) => ({\n type: cred.type ?? \"public-key\",\n id: base64urlDecode(cred.id).buffer as ArrayBuffer,\n transports: cred.transports,\n }),\n ),\n },\n ...(opts?.autofill ? { mediation: \"conditional\" as any } : {}),\n };\n\n const credential = (await navigator.credentials.get(\n getOptions,\n )) as PublicKeyCredential | null;\n if (!credential) {\n throw new Error(\"Passkey authentication was cancelled\");\n }\n\n const response = credential.response as AuthenticatorAssertionResponse;\n const phase2Params = {\n flow: \"authVerify\",\n credentialId: base64urlEncode(credential.rawId),\n clientDataJSON: base64urlEncode(response.clientDataJSON),\n authenticatorData: base64urlEncode(response.authenticatorData),\n signature: base64urlEncode(response.signature),\n };\n\n let phase2Result: SignInActionResult;\n if (proxy) {\n phase2Result = (await proxyFetch({\n action: \"auth:signIn\",\n args: {\n provider: \"passkey\",\n params: phase2Params,\n verifier: phase1Result.verifier,\n },\n })) as SignInActionResult;\n } else {\n phase2Result = (await convex.action(requireApiRefs().signIn, {\n provider: \"passkey\",\n params: phase2Params,\n verifier: phase1Result.verifier,\n })) as SignInActionResult;\n }\n\n return handleSignedInResult(phase2Result, \"authVerify\");\n },\n };\n}\n"],"mappings":";;;;;AAkCA,SAAgB,oBAAoB,MAAkC;CACpE,MAAM,EAAE,OAAO,QAAQ,gBAAgB,YAAY,yBACjD;CAEF,MAAM,uBAAuB,OAC3B,QACA,SAC0B;AAC1B,SAAO,GAAG,IACR,GAAG,MAAM,QAAQ,OAAO,MAAM;GAC5B,WAAW,mBACT,GAAG,QAAQ,YAAY;AAmBrB,WAlBkB,MAAM,qBACtB,QACI;KACE,aAAa;KACb,QACE,eAAe,WAAW,OACtB,OACA,EAAE,OAAO,eAAe,OAAO,OAAO;KAC5C,kBAAkB;KAClB,SAAS;MAAE,UAAU;MAAW;MAAM;KACvC,GACD;KACE,aAAa;KACb,QAAQ,eAAe;KACvB,kBAAkB;KAClB,SAAS;MAAE,UAAU;MAAW;MAAM;KACvC,CACN,GAEI,EAAE,MAAM,YAAqB,GAC7B,EAAE,MAAM,WAAoB;KACjC;GACJ,gBAAgB,GAAG,QAAQ,EAAE,MAAM,WAAoB,CAAC;GACxD,eAAe,GAAG,QAAQ,EAAE,MAAM,WAAoB,CAAC;GACvD,sBAAsB,GAAG,QAAQ,EAAE,MAAM,WAAoB,CAAC;GAC9D,oBAAoB,GAAG,QAAQ,EAAE,MAAM,WAAoB,CAAC;GAC5D,iBAAiB,GAAG,QAAQ,EAAE,MAAM,WAAoB,CAAC;GACzD,kBAAkB,GAAG,QAAQ,EAAE,MAAM,WAAoB,CAAC;GAC3D,CAAC,CACH;;AAGH,QAAO;EACL,mBAA4B;AAC1B,UACE,OAAO,WAAW,eAClB,OAAO,OAAO,wBAAwB;;EAI1C,qBAAqB,YAA8B;AACjD,OAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,OAAI,OAAO,OAAO,wBAAwB,YAAa,QAAO;AAC9D,OACE,OAAQ,OAAO,oBACZ,oCAAoC,WAEvC,QAAO;AAET,UACE,OAAO,oBACP,iCAAiC;;EAGrC,UAAU,OAAO,SAKY;GAC3B,MAAM,eAAe;IACnB,MAAM;IACN,OAAO,MAAM;IACb,UAAU,MAAM;IAChB,iBAAiB,MAAM;IACxB;GAED,IAAI;AACJ,OAAI,MACF,gBAAgB,MAAM,WAAW;IAC/B,QAAQ;IACR,MAAM;KAAE,UAAU;KAAW,QAAQ;KAAc;IACpD,CAAC;OAEF,gBAAgB,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC3D,UAAU;IACV,QAAQ;IACT,CAAC;AAGJ,OAAI,aAAa,SAAS,iBACxB,OAAM,IAAI,MAAM,qDAAqD;GAGvE,MAAM,UAAU,aAAa;GAC7B,MAAM,gBAA2C,EAC/C,WAAW;IACT,IAAI,QAAQ;IACZ,MAAM;KACJ,IAAI,gBAAgB,QAAQ,KAAK,GAAG,CAAC;KACrC,MAAM,QAAQ,KAAK;KACnB,aAAa,QAAQ,KAAK;KAC3B;IACD,WAAW,gBAAgB,QAAQ,UAAU,CAAC;IAC9C,kBAAkB,QAAQ;IAC1B,SAAS,QAAQ;IACjB,aAAa,QAAQ;IACrB,wBAAwB,QAAQ;IAChC,qBAAqB,QAAQ,sBAAsB,EAAE,EAAE,KACpD,UAAe;KACd,MAAM,KAAK,QAAQ;KACnB,IAAI,gBAAgB,KAAK,GAAG,CAAC;KAC7B,YAAY,KAAK;KAClB,EACF;IACF,EACF;GAED,MAAM,aAAc,MAAM,UAAU,YAAY,OAC9C,cACD;AACD,OAAI,CAAC,WACH,OAAM,IAAI,MAAM,qCAAqC;GAGvD,MAAM,WAAW,WAAW;GAC5B,MAAM,aACJ,OAAO,SAAS,kBAAkB,aAC9B,SAAS,eAAe,GACxB;GAEN,MAAM,eAAe;IACnB,MAAM;IACN,gBAAgB,gBAAgB,SAAS,eAAe;IACxD,mBAAmB,gBAAgB,SAAS,kBAAkB;IAC9D;IACA,aAAa,MAAM;IACnB,OAAO,MAAM;IACd;GAED,IAAI;AACJ,OAAI,MACF,gBAAgB,MAAM,WAAW;IAC/B,QAAQ;IACR,MAAM;KACJ,UAAU;KACV,QAAQ;KACR,UAAU,aAAa;KACxB;IACF,CAAC;OAEF,gBAAgB,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC3D,UAAU;IACV,QAAQ;IACR,UAAU,aAAa;IACxB,CAAC;AAGJ,UAAO,qBAAqB,cAAc,iBAAiB;;EAG7D,cAAc,OAAO,SAGQ;GAC3B,MAAM,eAAe;IACnB,MAAM;IACN,OAAO,MAAM;IACd;GAED,IAAI;AACJ,OAAI,MACF,gBAAgB,MAAM,WAAW;IAC/B,QAAQ;IACR,MAAM;KAAE,UAAU;KAAW,QAAQ;KAAc;IACpD,CAAC;OAEF,gBAAgB,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC3D,UAAU;IACV,QAAQ;IACT,CAAC;AAGJ,OAAI,aAAa,SAAS,iBACxB,OAAM,IAAI,MAAM,uDAAuD;GAGzE,MAAM,UAAU,aAAa;GAC7B,MAAM,aAAuC;IAC3C,WAAW;KACT,WAAW,gBAAgB,QAAQ,UAAU,CAAC;KAC9C,SAAS,QAAQ;KACjB,MAAM,QAAQ;KACd,kBAAkB,QAAQ;KAC1B,mBAAmB,QAAQ,oBAAoB,EAAE,EAAE,KAChD,UAAe;MACd,MAAM,KAAK,QAAQ;MACnB,IAAI,gBAAgB,KAAK,GAAG,CAAC;MAC7B,YAAY,KAAK;MAClB,EACF;KACF;IACD,GAAI,MAAM,WAAW,EAAE,WAAW,eAAsB,GAAG,EAAE;IAC9D;GAED,MAAM,aAAc,MAAM,UAAU,YAAY,IAC9C,WACD;AACD,OAAI,CAAC,WACH,OAAM,IAAI,MAAM,uCAAuC;GAGzD,MAAM,WAAW,WAAW;GAC5B,MAAM,eAAe;IACnB,MAAM;IACN,cAAc,gBAAgB,WAAW,MAAM;IAC/C,gBAAgB,gBAAgB,SAAS,eAAe;IACxD,mBAAmB,gBAAgB,SAAS,kBAAkB;IAC9D,WAAW,gBAAgB,SAAS,UAAU;IAC/C;GAED,IAAI;AACJ,OAAI,MACF,gBAAgB,MAAM,WAAW;IAC/B,QAAQ;IACR,MAAM;KACJ,UAAU;KACV,QAAQ;KACR,UAAU,aAAa;KACxB;IACF,CAAC;OAEF,gBAAgB,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC3D,UAAU;IACV,QAAQ;IACR,UAAU,aAAa;IACxB,CAAC;AAGJ,UAAO,qBAAqB,cAAc,aAAa;;EAE1D"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"totp.js","names":["result"],"sources":["../../src/client/factors/totp.ts"],"sourcesContent":["import type { AuthSession, ConvexTransport, TotpClient } from \"../core/types\";\n\ntype TotpDeps = {\n proxy: string | undefined;\n convex: ConvexTransport;\n requireApiRefs: () => { signIn: any };\n proxyFetch: (body: Record<string, unknown>) => Promise<any>;\n setTokenAndMaybeWait: (\n args:\n | {\n shouldStore: true;\n tokens: AuthSession | null;\n waitForHandshake: boolean;\n context: { provider?: string; flow: string };\n }\n | {\n shouldStore: false;\n tokens: { token: string } | null;\n waitForHandshake: boolean;\n context: { provider?: string; flow: string };\n },\n ) => Promise<boolean>;\n};\n\n/** @internal */\nexport function createTotpClient(deps: TotpDeps): TotpClient {\n const { proxy, convex, requireApiRefs, proxyFetch, setTokenAndMaybeWait } =\n deps;\n\n return {\n setup: async (opts?: {\n name?: string;\n accountName?: string;\n }): Promise<{\n uri: string;\n secret: string;\n verifier: string;\n totpId: string;\n }> => {\n const params: Record<string, any> = { flow: \"setup\" };\n if (opts?.name) params.name = opts.name;\n if (opts?.accountName) params.accountName = opts.accountName;\n\n if (proxy) {\n const result = await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"totp\", params },\n });\n return {\n uri: result.totpSetup.uri,\n secret: result.totpSetup.secret,\n verifier: result.verifier,\n totpId: result.totpSetup.totpId,\n };\n }\n\n const result = await convex.action(requireApiRefs().signIn, {\n provider: \"totp\",\n params,\n });\n return {\n uri: result.totpSetup.uri,\n secret: result.totpSetup.secret,\n verifier: result.verifier,\n totpId: result.totpSetup.totpId,\n };\n },\n\n confirm: async (opts: {\n code: string;\n verifier: string;\n totpId: string;\n }): Promise<void> => {\n const params: Record<string, any> = {\n flow: \"confirm\",\n code: opts.code,\n totpId: opts.totpId,\n };\n\n if (proxy) {\n const result = await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"totp\", params, verifier: opts.verifier },\n });\n if (result.tokens) {\n await setTokenAndMaybeWait({\n shouldStore: false,\n tokens:\n result.tokens === null ? null : { token: result.tokens.token },\n waitForHandshake: true,\n context: { provider: \"totp\", flow: \"confirm\" },\n });\n }\n return;\n }\n\n const result = await convex.action(requireApiRefs().signIn, {\n provider: \"totp\",\n params,\n verifier: opts.verifier,\n });\n if (result.tokens) {\n await setTokenAndMaybeWait({\n shouldStore: true,\n tokens: (result.tokens as AuthSession | null) ?? null,\n waitForHandshake: true,\n context: { provider: \"totp\", flow: \"confirm\" },\n });\n }\n },\n\n verify: async (opts: { code: string; verifier: string }): Promise<void> => {\n const params: Record<string, any> = {\n flow: \"verify\",\n code: opts.code,\n };\n\n if (proxy) {\n const result = await proxyFetch({\n action: \"auth:signIn\",\n args: { provider: \"totp\", params, verifier: opts.verifier },\n });\n if (result.tokens) {\n await setTokenAndMaybeWait({\n shouldStore: false,\n tokens:\n result.tokens === null ? null : { token: result.tokens.token },\n waitForHandshake: true,\n context: { provider: \"totp\", flow: \"verify\" },\n });\n }\n return;\n }\n\n const result = await convex.action(requireApiRefs().signIn, {\n provider: \"totp\",\n params,\n verifier: opts.verifier,\n });\n if (result.tokens) {\n await setTokenAndMaybeWait({\n shouldStore: true,\n tokens: (result.tokens as AuthSession | null) ?? null,\n waitForHandshake: true,\n context: { provider: \"totp\", flow: \"verify\" },\n });\n }\n },\n };\n}\n"],"mappings":";;AAyBA,SAAgB,iBAAiB,MAA4B;CAC3D,MAAM,EAAE,OAAO,QAAQ,gBAAgB,YAAY,yBACjD;AAEF,QAAO;EACL,OAAO,OAAO,SAQR;GACJ,MAAM,SAA8B,EAAE,MAAM,SAAS;AACrD,OAAI,MAAM,KAAM,QAAO,OAAO,KAAK;AACnC,OAAI,MAAM,YAAa,QAAO,cAAc,KAAK;AAEjD,OAAI,OAAO;IACT,MAAMA,WAAS,MAAM,WAAW;KAC9B,QAAQ;KACR,MAAM;MAAE,UAAU;MAAQ;MAAQ;KACnC,CAAC;AACF,WAAO;KACL,KAAKA,SAAO,UAAU;KACtB,QAAQA,SAAO,UAAU;KACzB,UAAUA,SAAO;KACjB,QAAQA,SAAO,UAAU;KAC1B;;GAGH,MAAM,SAAS,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC1D,UAAU;IACV;IACD,CAAC;AACF,UAAO;IACL,KAAK,OAAO,UAAU;IACtB,QAAQ,OAAO,UAAU;IACzB,UAAU,OAAO;IACjB,QAAQ,OAAO,UAAU;IAC1B;;EAGH,SAAS,OAAO,SAIK;GACnB,MAAM,SAA8B;IAClC,MAAM;IACN,MAAM,KAAK;IACX,QAAQ,KAAK;IACd;AAED,OAAI,OAAO;IACT,MAAMA,WAAS,MAAM,WAAW;KAC9B,QAAQ;KACR,MAAM;MAAE,UAAU;MAAQ;MAAQ,UAAU,KAAK;MAAU;KAC5D,CAAC;AACF,QAAIA,SAAO,OACT,OAAM,qBAAqB;KACzB,aAAa;KACb,QACEA,SAAO,WAAW,OAAO,OAAO,EAAE,OAAOA,SAAO,OAAO,OAAO;KAChE,kBAAkB;KAClB,SAAS;MAAE,UAAU;MAAQ,MAAM;MAAW;KAC/C,CAAC;AAEJ;;GAGF,MAAM,SAAS,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC1D,UAAU;IACV;IACA,UAAU,KAAK;IAChB,CAAC;AACF,OAAI,OAAO,OACT,OAAM,qBAAqB;IACzB,aAAa;IACb,QAAS,OAAO,UAAiC;IACjD,kBAAkB;IAClB,SAAS;KAAE,UAAU;KAAQ,MAAM;KAAW;IAC/C,CAAC;;EAIN,QAAQ,OAAO,SAA4D;GACzE,MAAM,SAA8B;IAClC,MAAM;IACN,MAAM,KAAK;IACZ;AAED,OAAI,OAAO;IACT,MAAMA,WAAS,MAAM,WAAW;KAC9B,QAAQ;KACR,MAAM;MAAE,UAAU;MAAQ;MAAQ,UAAU,KAAK;MAAU;KAC5D,CAAC;AACF,QAAIA,SAAO,OACT,OAAM,qBAAqB;KACzB,aAAa;KACb,QACEA,SAAO,WAAW,OAAO,OAAO,EAAE,OAAOA,SAAO,OAAO,OAAO;KAChE,kBAAkB;KAClB,SAAS;MAAE,UAAU;MAAQ,MAAM;MAAU;KAC9C,CAAC;AAEJ;;GAGF,MAAM,SAAS,MAAM,OAAO,OAAO,gBAAgB,CAAC,QAAQ;IAC1D,UAAU;IACV;IACA,UAAU,KAAK;IAChB,CAAC;AACF,OAAI,OAAO,OACT,OAAM,qBAAqB;IACzB,aAAa;IACb,QAAS,OAAO,UAAiC;IACjD,kBAAkB;IAClB,SAAS;KAAE,UAAU;KAAQ,MAAM;KAAU;IAC9C,CAAC;;EAGP"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"anonymous.d.ts","names":[],"sources":["../../src/providers/anonymous.ts"],"mappings":";;;;;;;;UA4BiB,eAAA,mBAAkC,gBAAA;EAAlB;;;;EAK/B,EAAA;EASyB;;;;EAJzB,OAAA;EAUK;;;EANH,MAAA,EAAQ,MAAA,SAAe,KAAA;EAOZ;;AAkBf;;EApBI,GAAA,EAAK,8BAAA,CAA+B,SAAA,MACjC,mBAAA,CAAoB,cAAA,CAAe,SAAA;IACtC,WAAA;EAAA;AAAA;;;;;;;;;;;;;;;cAkBS,SAAA,mBAA4B,gBAAA,GAAmB,gBAAA;EAAA,SACjD,EAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA,EAAQ,eAAA,CAAgB,SAAA;cAG/B,MAAA,GAAQ,eAAA,CAAgB,SAAA;AAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"anonymous.js","names":[],"sources":["../../src/providers/anonymous.ts"],"sourcesContent":["/**\n * Anonymous authentication provider.\n *\n * ```ts\n * import { Anonymous } from \"@robelest/convex-auth/providers\";\n *\n * new Anonymous()\n * ```\n *\n * @module\n */\n\nimport {\n DocumentByName,\n GenericDataModel,\n WithoutSystemFields,\n} from \"convex/server\";\nimport { Value } from \"convex/values\";\n\nimport type {\n GenericActionCtxWithAuthConfig,\n ConvexCredentialsConfig,\n} from \"../server/types\";\nimport { Credentials } from \"./credentials\";\n\n/**\n * The available options to an {@link Anonymous} provider for Convex Auth.\n */\nexport interface AnonymousConfig<DataModel extends GenericDataModel> {\n /**\n * Uniquely identifies the provider, allowing to use\n * multiple different {@link Anonymous} providers.\n */\n id?: string;\n /**\n * Perform checks on provided params and customize the user\n * information stored after sign in.\n */\n profile?: (\n /**\n * The values passed to the `signIn` function.\n */\n params: Record<string, Value | undefined>,\n /**\n * Convex ActionCtx in case you want to read from or write to\n * the database.\n */\n ctx: GenericActionCtxWithAuthConfig<DataModel>,\n ) => WithoutSystemFields<DocumentByName<DataModel, \"User\">> & {\n isAnonymous: true;\n };\n}\n\n/**\n * Anonymous authentication provider.\n *\n * Creates a new anonymous user account without requiring any\n * user-provided information. Useful for guest access or\n * progressive profiling.\n *\n * @example\n * ```ts\n * import { Anonymous } from \"@robelest/convex-auth/providers\";\n *\n * new Anonymous()\n * ```\n */\nexport class Anonymous<DataModel extends GenericDataModel = GenericDataModel> {\n readonly id: string;\n readonly type = \"credentials\" as const;\n readonly config: AnonymousConfig<DataModel>;\n\n constructor(\n config: AnonymousConfig<DataModel> = {} as AnonymousConfig<DataModel>,\n ) {\n this.id = config.id ?? \"anonymous\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): ConvexCredentialsConfig {\n const config = this.config;\n const provider = this.id;\n\n return new Credentials<DataModel>({\n id: \"anonymous\",\n authorize: async (params, ctx) => {\n const profile = config.profile?.(params, ctx) ?? { isAnonymous: true };\n const { user } = await ctx.auth.account.create(ctx, {\n provider,\n account: { id: crypto.randomUUID() },\n profile: profile as any,\n });\n return { userId: user._id };\n },\n ...config,\n })._toMaterialized();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAmEA,IAAa,YAAb,MAA8E;CAC5E,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YACE,SAAqC,EAAE,EACvC;AACA,OAAK,KAAK,OAAO,MAAM;AACvB,OAAK,SAAS;;;CAIhB,kBAA2C;EACzC,MAAM,SAAS,KAAK;EACpB,MAAM,WAAW,KAAK;AAEtB,SAAO,IAAI,YAAuB;GAChC,IAAI;GACJ,WAAW,OAAO,QAAQ,QAAQ;IAChC,MAAM,UAAU,OAAO,UAAU,QAAQ,IAAI,IAAI,EAAE,aAAa,MAAM;IACtE,MAAM,EAAE,SAAS,MAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;KAClD;KACA,SAAS,EAAE,IAAI,OAAO,YAAY,EAAE;KAC3B;KACV,CAAC;AACF,WAAO,EAAE,QAAQ,KAAK,KAAK;;GAE7B,GAAG;GACJ,CAAC,CAAC,iBAAiB"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"credentials.d.ts","names":[],"sources":["../../src/providers/credentials.ts"],"mappings":";;;;;;;;;;UA8BiB,iBAAA,mBACG,gBAAA,GAAmB,gBAAA;EAAnB;EAGlB,EAAA;EAAA;;;;;EAMA,SAAA,GACE,WAAA,EAAa,OAAA,CAAQ,MAAA,SAAe,KAAA,gBACpC,GAAA,EAAK,8BAAA,CAA+B,SAAA,MACjC,OAAA;IACH,MAAA,EAAQ,SAAA;IACR,SAAA,GAAY,SAAA;EAAA;EAFT;;;EAOL,MAAA;IACE,UAAA,GAAa,MAAA,aAAmB,OAAA;IAChC,YAAA,GAAe,MAAA,UAAgB,IAAA,aAAiB,OAAA;EAAA;EADnC;;;;EAOf,cAAA,IAAkB,kBAAA;AAAA;;;;;AAuBpB;;;;;;;;;;;;;;;;cAAa,WAAA,mBACO,gBAAA,GAAmB,gBAAA;EAAA,SAE5B,EAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA,EAAQ,iBAAA,CAAkB,SAAA;cAEvB,MAAA,EAAQ,iBAAA,CAAkB,SAAA;AAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"credentials.js","names":[],"sources":["../../src/providers/credentials.ts"],"sourcesContent":["/**\n * Credentials provider for custom authentication flows.\n *\n * ```ts\n * import { Credentials } from \"@robelest/convex-auth/providers\";\n *\n * new Credentials({\n * authorize: async (credentials, ctx) => {\n * // Your custom logic here...\n * },\n * })\n * ```\n *\n * @module\n */\n\nimport { GenericDataModel } from \"convex/server\";\nimport { GenericId, Value } from \"convex/values\";\n\nimport type {\n AuthProviderConfig,\n ConvexCredentialsConfig,\n GenericActionCtxWithAuthConfig,\n} from \"../server/types\";\n\n/**\n * Configuration for the Credentials provider.\n *\n * @typeParam DataModel - The Convex data model.\n */\nexport interface CredentialsConfig<\n DataModel extends GenericDataModel = GenericDataModel,\n> {\n /** Uniquely identifies the provider. Defaults to `\"credentials\"`. */\n id?: string;\n /**\n * Handle credentials received from the client-side `signIn` call.\n *\n * @returns A user ID for successful login, or `null` to reject.\n */\n authorize: (\n credentials: Partial<Record<string, Value | undefined>>,\n ctx: GenericActionCtxWithAuthConfig<DataModel>,\n ) => Promise<{\n userId: GenericId<\"User\">;\n sessionId?: GenericId<\"Session\">;\n } | null>;\n /**\n * Provide hashing and verification functions for account secrets.\n */\n crypto?: {\n hashSecret: (secret: string) => Promise<string>;\n verifySecret: (secret: string, hash: string) => Promise<boolean>;\n };\n /**\n * Extra providers used internally (e.g. email verification in password flow).\n * Not exposed to clients.\n */\n extraProviders?: (AuthProviderConfig | undefined)[];\n}\n\n/**\n * Credentials provider for custom authentication flows.\n *\n * This is the escape hatch for fully custom auth logic. For email/password\n * flows, use the `Password` class instead.\n *\n * @typeParam DataModel - The Convex data model.\n *\n * @example\n * ```ts\n * import { Credentials } from \"@robelest/convex-auth/providers\";\n *\n * new Credentials({\n * authorize: async (credentials, ctx) => {\n * const user = await validateUser(credentials);\n * return user ? { userId: user._id } : null;\n * },\n * })\n * ```\n */\nexport class Credentials<\n DataModel extends GenericDataModel = GenericDataModel,\n> {\n readonly id: string;\n readonly type = \"credentials\" as const;\n readonly config: CredentialsConfig<DataModel>;\n\n constructor(config: CredentialsConfig<DataModel>) {\n this.id = config.id ?? \"credentials\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): ConvexCredentialsConfig {\n return {\n ...this.config,\n id: this.id,\n type: \"credentials\",\n } as ConvexCredentialsConfig;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAiFA,IAAa,cAAb,MAEE;CACA,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,QAAsC;AAChD,OAAK,KAAK,OAAO,MAAM;AACvB,OAAK,SAAS;;;CAIhB,kBAA2C;AACzC,SAAO;GACL,GAAG,KAAK;GACR,IAAI,KAAK;GACT,MAAM;GACP"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"device.d.ts","names":[],"sources":["../../src/providers/device.ts"],"mappings":";;AAoBA;;;;;;;;;;;AA4CA;;;;;UA5CiB,YAAA;EA+CN;;;;EA1CT,OAAA;EA4CqC;EA1CrC,cAAA;;EAEA,SAAA;;EAEA,QAAA;;;;;;;;EAQA,eAAA;AAAA;;;;;;;;;;;;;;;;;;;;cAyBW,MAAA;EAAA,SACF,EAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA,EAAQ,YAAA;cAEL,MAAA,GAAQ,YAAA;AAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"device.js","names":[],"sources":["../../src/providers/device.ts"],"sourcesContent":["/**\n * Device authorization provider (RFC 8628).\n *\n * Enables input-constrained devices (CLIs, TVs, IoT) to authenticate\n * by displaying a short code that the user enters on a secondary device.\n *\n * ```ts\n * import { Device } from \"@robelest/convex-auth/providers\";\n *\n * new Device()\n * ```\n *\n * @module\n */\n\nimport type { DeviceProviderConfig } from \"../server/types\";\n\n/**\n * Configuration for the Device authorization provider.\n */\nexport interface DeviceConfig {\n /**\n * User code character set.\n * Default: `\"BCDFGHJKLMNPQRSTVWXZ\"` (base-20, no vowels per RFC 8628 §6.1).\n */\n charset?: string;\n /** User code length (before formatting). Default: 8. */\n userCodeLength?: number;\n /** Device code + user code lifetime in seconds. Default: 900 (15 min). */\n expiresIn?: number;\n /** Minimum polling interval in seconds. Default: 5. */\n interval?: number;\n /**\n * Base URL for the verification page where users enter the device code.\n *\n * Example: `\"http://localhost:3000/device\"` or `\"https://myapp.com/device\"`.\n *\n * If not provided, falls back to `SITE_URL + \"/device\"`.\n */\n verificationUri?: string;\n}\n\n/** No-vowel base-20 charset per RFC 8628 §6.1 recommendation. */\nconst DEFAULT_CHARSET = \"BCDFGHJKLMNPQRSTVWXZ\";\n\n/**\n * Device authorization provider (RFC 8628).\n *\n * Enables input-constrained devices (CLIs, TVs, IoT) to authenticate\n * by displaying a short user code. The user visits a verification page\n * on a secondary device, signs in with any existing provider, and\n * enters the code to authorize the device.\n *\n * @example\n * ```ts\n * import { createAuth } from \"@robelest/convex-auth/component\";\n * import { Device } from \"@robelest/convex-auth/providers\";\n * import { components } from \"./_generated/api\";\n *\n * const auth = createAuth(components.auth, {\n * providers: [new Device()],\n * });\n * ```\n */\nexport class Device {\n readonly id: string;\n readonly type = \"device\" as const;\n readonly config: DeviceConfig;\n\n constructor(config: DeviceConfig = {}) {\n this.id = \"device\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): DeviceProviderConfig {\n return {\n id: this.id,\n type: \"device\",\n charset: this.config.charset ?? DEFAULT_CHARSET,\n userCodeLength: this.config.userCodeLength ?? 8,\n expiresIn: this.config.expiresIn ?? 900,\n interval: this.config.interval ?? 5,\n verificationUri: this.config.verificationUri,\n };\n }\n}\n"],"mappings":";;AA2CA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;AAqBxB,IAAa,SAAb,MAAoB;CAClB,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,SAAuB,EAAE,EAAE;AACrC,OAAK,KAAK;AACV,OAAK,SAAS;;;CAIhB,kBAAwC;AACtC,SAAO;GACL,IAAI,KAAK;GACT,MAAM;GACN,SAAS,KAAK,OAAO,WAAW;GAChC,gBAAgB,KAAK,OAAO,kBAAkB;GAC9C,WAAW,KAAK,OAAO,aAAa;GACpC,UAAU,KAAK,OAAO,YAAY;GAClC,iBAAiB,KAAK,OAAO;GAC9B"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"email.d.ts","names":[],"sources":["../../src/providers/email.ts"],"mappings":";;AAeA;;;;;;;;;;UAAiB,mBAAA;EAMb;EAJF,IAAA;EAOA;EALA,IAAA,GACE,GAAA,OACA,IAAA;IAAQ,IAAA;IAAc,EAAA;IAAY,OAAA;IAAiB,IAAA;EAAA,MAChD,OAAA;EA2BW;EAzBhB,yBAAA,SAAkC,OAAA;EAmCqB;EAjCvD,EAAA;EAiCoC;EA/BpC,MAAA;AAAA;;;;;;;;;;;;;;;;;;;cAqBW,KAAA;EAAA,SAUiB,MAAA,EAAQ,mBAAA;EAAA,SAT3B,EAAA;EAAA,SACA,IAAA;;;;;;;cAQmB,MAAA,EAAQ,mBAAA;AAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"email.js","names":[],"sources":["../../src/providers/email.ts"],"sourcesContent":["/**\n * Email (magic link / OTP) authentication provider.\n *\n * @module\n */\n\nimport { defaultMagicLinkEmail } from \"../server/templates\";\nimport type { EmailConfig } from \"../server/types\";\n\n/**\n * User-facing configuration for the {@link Email} provider.\n *\n * Use this to wire your email delivery service into Convex Auth's magic-link\n * or OTP flow.\n */\nexport interface EmailProviderConfig {\n /** Sender address (e.g. \"My App <noreply@example.com>\"). */\n from: string;\n /** Send the verification email. Receives the Convex action context. */\n send: (\n ctx: any,\n opts: { from: string; to: string; subject: string; html: string },\n ) => Promise<void>;\n /** Override to generate a custom verification token. */\n generateVerificationToken?: () => Promise<string>;\n /** Provider ID override. Defaults to \"email\". */\n id?: string;\n /** Token expiration in seconds. Defaults to 86400 (24 hours). */\n maxAge?: number;\n}\n\n/**\n * Email provider for magic-link or one-time-code sign-in.\n *\n * Sends verification emails through your `send()` implementation and converts\n * the result into Convex Auth's internal email-provider runtime shape.\n *\n * @example\n * ```ts\n * import { Email } from \"@robelest/convex-auth/providers\";\n *\n * const email = new Email({\n * from: \"My App <noreply@example.com>\",\n * send: async (_ctx, { to, subject, html }) => {\n * await resend.emails.send({ from: \"noreply@example.com\", to, subject, html });\n * },\n * });\n * ```\n */\nexport class Email {\n readonly id: string;\n readonly type = \"email\" as const;\n\n /**\n * Create an email provider instance.\n *\n * @param config - Email transport and provider settings.\n * @throws {Error} When `config.from` is empty or whitespace-only.\n */\n constructor(public readonly config: EmailProviderConfig) {\n const from = config.from.trim();\n if (from.length === 0) {\n throw new Error(\n \"Email provider requires a non-empty `from` address \" +\n '(for example, `\"My App <noreply@example.com>\"`).',\n );\n }\n this.id = config.id ?? \"email\";\n }\n\n /** @internal */\n _toMaterialized(): EmailConfig {\n const from = this.config.from.trim();\n const { send } = this.config;\n const { generateVerificationToken } = this.config;\n return {\n id: this.id,\n type: \"email\",\n name: \"Email\",\n from,\n maxAge: this.config.maxAge ?? 60 * 60 * 24,\n authorize: undefined,\n sendVerificationRequest: async ({ identifier, url }, ctx) => {\n if (!ctx) {\n throw new Error(\"Email provider requires a Convex action context.\");\n }\n const { host } = new URL(url);\n await send(ctx, {\n from,\n to: identifier,\n subject: `Sign in to ${host}`,\n html: defaultMagicLinkEmail(url, host),\n });\n },\n generateVerificationToken,\n options: { from } as any,\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAiDA,IAAa,QAAb,MAAmB;CACjB,AAAS;CACT,AAAS,OAAO;;;;;;;CAQhB,YAAY,AAAgB,QAA6B;EAA7B;AAE1B,MADa,OAAO,KAAK,MAAM,CACtB,WAAW,EAClB,OAAM,IAAI,MACR,wGAED;AAEH,OAAK,KAAK,OAAO,MAAM;;;CAIzB,kBAA+B;EAC7B,MAAM,OAAO,KAAK,OAAO,KAAK,MAAM;EACpC,MAAM,EAAE,SAAS,KAAK;EACtB,MAAM,EAAE,8BAA8B,KAAK;AAC3C,SAAO;GACL,IAAI,KAAK;GACT,MAAM;GACN,MAAM;GACN;GACA,QAAQ,KAAK,OAAO,UAAU,OAAU;GACxC,WAAW;GACX,yBAAyB,OAAO,EAAE,YAAY,OAAO,QAAQ;AAC3D,QAAI,CAAC,IACH,OAAM,IAAI,MAAM,mDAAmD;IAErE,MAAM,EAAE,SAAS,IAAI,IAAI,IAAI;AAC7B,UAAM,KAAK,KAAK;KACd;KACA,IAAI;KACJ,SAAS,cAAc;KACvB,MAAM,sBAAsB,KAAK,KAAK;KACvC,CAAC;;GAEJ;GACA,SAAS,EAAE,MAAM;GAClB"}