@robelest/convex-auth 0.0.4-preview.29 → 0.0.4-preview.30

package/dist/bin.js

@@ -6266,7 +6266,7 @@ async function generateKeys() {
 			...publicKey
 		}] });
 		return {
-			JWT_PRIVATE_KEY: `${privateKey.trimEnd().replace(/\n/g, " ")}`,
+			JWT_PRIVATE_KEY: privateKey.trimEnd(),
 			JWKS: jwks,
 			AUTH_SECRET_ENCRYPTION_KEY: randomBytes(32).toString("base64url")
 		};
@@ -6506,6 +6506,7 @@ async function runSetup(options) {
 	await configureConvexConfig(config);
 	await initializeAuth(config);
 	await initializeAuthCore(config);
+	await initializeAuthConfig(config);
 	await configureHttp(config);
 	if (options.variables !== void 0) await configureOtherVariables(config, options.variables);
 	else printFinalSuccessMessage(config);
@@ -6819,6 +6820,38 @@ export const auth = createAuthContext(components.auth);
 		O.success(`Created ${newPath}`);
 	}
 }
+async function initializeAuthConfig(config) {
+	logStep(config, "Initialize auth.config file");
+	const sourceTemplate = `\
+export default {$$
+  providers: [$$
+    {$$
+      domain: process.env.CONVEX_SITE_URL,$$
+      applicationID: "convex",$$
+    },$$
+  ],$$
+};
+`;
+	const source = templateToSource(sourceTemplate);
+	const authConfigPath = path.join(config.convexFolderPath, "auth.config");
+	const existingPath = existingNonEmptySourcePath(authConfigPath);
+	if (existingPath !== null) if (doesAlreadyMatchTemplate(readFileSync(existingPath, "utf8"), sourceTemplate)) O.success(`${existingPath} is already set up.`);
+	else {
+		O.info(`You already have ${existingPath}. Make sure it trusts CONVEX_SITE_URL as the Convex auth issuer:`);
+		O.message(indent(`\n${source}\n`));
+		const ready = await ot({ message: "Ready to continue?" });
+		handleCancel(ready);
+		if (!ready) {
+			pt("Setup cancelled.");
+			process$1.exit(1);
+		}
+	}
+	else {
+		const newPath = config.usesTypeScript ? `${authConfigPath}.ts` : `${authConfigPath}.js`;
+		writeFileSync(newPath, source);
+		O.success(`Created ${newPath}`);
+	}
+}
 async function configureHttp(config) {
 	logStep(config, "Configure http file");
 	const sourceTemplate = `\

package/dist/browser/passkey.js

@@ -8,7 +8,7 @@ function createPasskeyClient(deps) {
 		if (result.kind !== "signedIn") return { kind: "started" };
 		return await setTokenAndMaybeWait(proxy ? {
 			shouldStore: false,
-			tokens: result.tokens === null ? null : { token: result.tokens.token },
+			tokens: result.session === null ? null : { token: result.session.token },
 			waitForHandshake: true,
 			context: {
 				provider: "passkey",
@@ -16,7 +16,7 @@ function createPasskeyClient(deps) {
 			}
 		} : {
 			shouldStore: true,
-			tokens: result.tokens,
+			tokens: result.session,
 			waitForHandshake: true,
 			context: {
 				provider: "passkey",

package/dist/client/core/types.d.ts

@@ -1,3 +1,4 @@
+import { AuthTokens, DeviceCodePayload } from "../../shared/authResults.js";
 import { ConvexError, Value } from "convex/values";
 import { FunctionReference } from "convex/server";
 
@@ -76,7 +77,7 @@ interface ClientAdapterDeps {
   proxyFetch: (body: Record<string, unknown>) => Promise<unknown>;
   setTokenAndMaybeWait: (args: {
     shouldStore: true;
-    tokens: AuthSession | null;
+    tokens: AuthTokens | null;
     waitForHandshake: boolean;
     context: {
       provider?: string;
@@ -97,28 +98,17 @@ interface ClientAdapterDeps {
 interface ClientAdapterFactories {
   passkey?: (deps: ClientAdapterDeps) => PasskeyClient;
 }
-type AuthSession = {
-  token: string;
-  refreshToken: string;
-};
+type DeviceCodeResult = DeviceCodePayload;
 /**
  * Device code response returned when signing in with the `"device"` provider.
  *
  * The device displays the `userCode` (or `verificationUriComplete`) and
  * polls via `auth.device.poll()` until the user authorizes.
  */
-type DeviceCodeResult = {
-  /** High-entropy device code used for polling (keep secret). */deviceCode: string; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
-  userCode: string; /** Base verification URL (e.g. "https://myapp.com/device"). */
-  verificationUri: string; /** Verification URL with user code pre-filled as `?code=XXXX-XXXX`. */
-  verificationUriComplete: string; /** Lifetime of the codes in seconds. */
-  expiresIn: number; /** Minimum polling interval in seconds. */
-  interval: number;
-};
 /**
  * Result of a `signIn` call.
  *
- * - `kind: "signedIn"` — credentials were accepted and the user is authenticated.
+ * - `kind: "signedIn"` — credentials were accepted and a client session is now available.
  * - `kind: "redirect"` — OAuth flow initiated; redirect the user to `redirect.toString()`.
  * - `kind: "totpRequired"` — credentials valid but 2FA is needed; call `auth.totp.verify()`.
  * - `kind: "deviceCode"` — device flow initiated; display the code and poll via `auth.device.poll()`.
@@ -163,7 +153,6 @@ type AuthState = {
 type AuthApiRefs<HasPasskey extends boolean = boolean, HasTotp extends boolean = boolean, HasDevice extends boolean = boolean> = {
   signIn: FunctionReference<"action", "public", Record<string, Value>, unknown>;
   signOut: FunctionReference<"action", "public", Record<string, Value>, unknown>;
-  store: FunctionReference<"mutation", "public", Record<string, Value>, unknown>;
 };
 /**
  * Passkey (WebAuthn) client-side helpers.

package/dist/client/factors/device.js

@@ -45,10 +45,10 @@ function createDeviceClient(deps) {
 					throw error;
 				}
 				if (pollResult === null) continue;
-				if (isSignedInResult(pollResult) && pollResult.tokens) {
+				if (isSignedInResult(pollResult) && pollResult.session) {
 					if (proxy) await setTokenAndMaybeWait({
 						shouldStore: false,
-						tokens: pollResult.tokens === null ? null : { token: pollResult.tokens.token },
+						tokens: pollResult.session === null ? null : { token: pollResult.session.token },
 						waitForHandshake: true,
 						context: {
 							provider: "device",
@@ -57,7 +57,7 @@ function createDeviceClient(deps) {
 					});
 					else await setTokenAndMaybeWait({
 						shouldStore: true,
-						tokens: pollResult.tokens ?? null,
+						tokens: pollResult.session ?? null,
 						waitForHandshake: true,
 						context: {
 							provider: "device",

package/dist/client/factors/totp.js

@@ -56,9 +56,9 @@ function createTotpClient(deps) {
 						verifier: opts.verifier
 					}
 				});
-				if (isSignedInResult(result$1) && result$1.tokens) await setTokenAndMaybeWait({
+				if (isSignedInResult(result$1) && result$1.session) await setTokenAndMaybeWait({
 					shouldStore: false,
-					tokens: result$1.tokens === null ? null : { token: result$1.tokens.token },
+					tokens: result$1.session === null ? null : { token: result$1.session.token },
 					waitForHandshake: true,
 					context: {
 						provider: "totp",
@@ -72,9 +72,9 @@ function createTotpClient(deps) {
 				params,
 				verifier: opts.verifier
 			});
-			if (isSignedInResult(result) && result.tokens) await setTokenAndMaybeWait({
+			if (isSignedInResult(result) && result.session) await setTokenAndMaybeWait({
 				shouldStore: true,
-				tokens: result.tokens ?? null,
+				tokens: result.session ?? null,
 				waitForHandshake: true,
 				context: {
 					provider: "totp",
@@ -96,9 +96,9 @@ function createTotpClient(deps) {
 						verifier: opts.verifier
 					}
 				});
-				if (isSignedInResult(result$1) && result$1.tokens) await setTokenAndMaybeWait({
+				if (isSignedInResult(result$1) && result$1.session) await setTokenAndMaybeWait({
 					shouldStore: false,
-					tokens: result$1.tokens === null ? null : { token: result$1.tokens.token },
+					tokens: result$1.session === null ? null : { token: result$1.session.token },
 					waitForHandshake: true,
 					context: {
 						provider: "totp",
@@ -112,9 +112,9 @@ function createTotpClient(deps) {
 				params,
 				verifier: opts.verifier
 			});
-			if (isSignedInResult(result) && result.tokens) await setTokenAndMaybeWait({
+			if (isSignedInResult(result) && result.session) await setTokenAndMaybeWait({
 				shouldStore: true,
-				tokens: result.tokens ?? null,
+				tokens: result.session ?? null,
 				waitForHandshake: true,
 				context: {
 					provider: "totp",

package/dist/client/index.js

@@ -361,13 +361,13 @@ function client(options) {
 	const verifyCodeAndSetToken = async (args, opts) => {
 		const result = await verifyCode(args);
 		if (result.kind !== "signedIn") throw new Error("Code exchange did not return tokens.");
-		const { tokens } = result;
+		const { session } = result;
 		await setToken({
 			shouldStore: true,
-			tokens: tokens ?? null,
+			tokens: session ?? null,
 			resyncConvexAuth: opts?.resyncConvexAuth
 		});
-		return tokens !== null;
+		return session !== null;
 	};
 	const normalizeDeviceCodeResult = (device_code) => {
 		const input = device_code;
@@ -441,7 +441,7 @@ function client(options) {
 			};
 			if (result.kind === "signedIn") return await setTokenAndMaybeWait(resultOptions.shouldStore ? {
 				shouldStore: true,
-				tokens: result.tokens,
+				tokens: result.session,
 				waitForHandshake: true,
 				context: {
 					provider,
@@ -449,7 +449,7 @@ function client(options) {
 				}
 			} : {
 				shouldStore: false,
-				tokens: result.tokens === null ? null : { token: result.tokens.token },
+				tokens: result.session === null ? null : { token: result.session.token },
 				waitForHandshake: true,
 				context: {
 					provider,
@@ -538,9 +538,9 @@ function client(options) {
 						action: "auth:signIn",
 						args: { refreshToken: true }
 					}), isRetriableProxyRefreshError);
-					if (isSignedInResult(result) && result.tokens) await setToken({
+					if (isSignedInResult(result) && result.session) await setToken({
 						shouldStore: false,
-						tokens: { token: result.tokens.token },
+						tokens: { token: result.session.token },
 						resyncConvexAuth: false
 					});
 					else await setToken({

package/dist/component/convex.config.d.ts

@@ -1,7 +1,7 @@
-import * as convex_server7 from "convex/server";
+import * as convex_server0 from "convex/server";
 
 //#region src/component/convex.config.d.ts
-declare const component: convex_server7.ComponentDefinition<any>;
+declare const component: convex_server0.ComponentDefinition<any>;
 //#endregion
 export { component as default };
 //# sourceMappingURL=convex.config.d.ts.map

package/dist/component/model.d.ts

@@ -1,7 +1,7 @@
-import * as convex_values478 from "convex/values";
+import * as convex_values480 from "convex/values";
 
 //#region src/component/model.d.ts
-declare const vApiKeyDoc: convex_values478.VObject<{
+declare const vApiKeyDoc: convex_values480.VObject<{
   lastUsedAt?: number | undefined;
   expiresAt?: number | undefined;
   rateLimit?: {
@@ -16,7 +16,7 @@ declare const vApiKeyDoc: convex_values478.VObject<{
   _creationTime: number;
   name: string;
   revoked: boolean;
-  userId: convex_values478.GenericId<"User">;
+  userId: convex_values480.GenericId<"User">;
   prefix: string;
   hashedKey: string;
   scopes: {
@@ -24,43 +24,43 @@ declare const vApiKeyDoc: convex_values478.VObject<{
     actions: string[];
   }[];
   createdAt: number;
-  _id: convex_values478.GenericId<"ApiKey">;
+  _id: convex_values480.GenericId<"ApiKey">;
 }, {
-  userId: convex_values478.VId<convex_values478.GenericId<"User">, "required">;
-  prefix: convex_values478.VString<string, "required">;
-  hashedKey: convex_values478.VString<string, "required">;
-  name: convex_values478.VString<string, "required">;
-  scopes: convex_values478.VArray<{
+  userId: convex_values480.VId<convex_values480.GenericId<"User">, "required">;
+  prefix: convex_values480.VString<string, "required">;
+  hashedKey: convex_values480.VString<string, "required">;
+  name: convex_values480.VString<string, "required">;
+  scopes: convex_values480.VArray<{
     resource: string;
     actions: string[];
-  }[], convex_values478.VObject<{
+  }[], convex_values480.VObject<{
     resource: string;
     actions: string[];
   }, {
-    resource: convex_values478.VString<string, "required">;
-    actions: convex_values478.VArray<string[], convex_values478.VString<string, "required">, "required">;
+    resource: convex_values480.VString<string, "required">;
+    actions: convex_values480.VArray<string[], convex_values480.VString<string, "required">, "required">;
   }, "required", "resource" | "actions">, "required">;
-  rateLimit: convex_values478.VObject<{
+  rateLimit: convex_values480.VObject<{
     maxRequests: number;
     windowMs: number;
   } | undefined, {
-    maxRequests: convex_values478.VFloat64<number, "required">;
-    windowMs: convex_values478.VFloat64<number, "required">;
+    maxRequests: convex_values480.VFloat64<number, "required">;
+    windowMs: convex_values480.VFloat64<number, "required">;
   }, "optional", "maxRequests" | "windowMs">;
-  rateLimitState: convex_values478.VObject<{
+  rateLimitState: convex_values480.VObject<{
     attemptsLeft: number;
     lastAttemptTime: number;
   } | undefined, {
-    attemptsLeft: convex_values478.VFloat64<number, "required">;
-    lastAttemptTime: convex_values478.VFloat64<number, "required">;
+    attemptsLeft: convex_values480.VFloat64<number, "required">;
+    lastAttemptTime: convex_values480.VFloat64<number, "required">;
   }, "optional", "attemptsLeft" | "lastAttemptTime">;
-  expiresAt: convex_values478.VFloat64<number | undefined, "optional">;
-  lastUsedAt: convex_values478.VFloat64<number | undefined, "optional">;
-  createdAt: convex_values478.VFloat64<number, "required">;
-  revoked: convex_values478.VBoolean<boolean, "required">;
-  metadata: convex_values478.VAny<any, "optional", string>;
-  _id: convex_values478.VId<convex_values478.GenericId<"ApiKey">, "required">;
-  _creationTime: convex_values478.VFloat64<number, "required">;
+  expiresAt: convex_values480.VFloat64<number | undefined, "optional">;
+  lastUsedAt: convex_values480.VFloat64<number | undefined, "optional">;
+  createdAt: convex_values480.VFloat64<number, "required">;
+  revoked: convex_values480.VBoolean<boolean, "required">;
+  metadata: convex_values480.VAny<any, "optional", string>;
+  _id: convex_values480.VId<convex_values480.GenericId<"ApiKey">, "required">;
+  _creationTime: convex_values480.VFloat64<number, "required">;
 }, "required", "_creationTime" | "name" | "revoked" | "lastUsedAt" | "expiresAt" | "userId" | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "createdAt" | "metadata" | "_id" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | `metadata.${string}`>;
 //#endregion
 export { vApiKeyDoc };