npm - @spfn/auth - Versions diffs - 0.2.0-beta.61 → 0.2.0-beta.64 - Mend

@spfn/auth 0.2.0-beta.61 → 0.2.0-beta.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +59 -1
package/dist/{authenticate-B_HkYBzq.d.ts → authenticate-mfVRzeIK.d.ts} +126 -7
package/dist/index.d.ts +36 -6
package/dist/index.js +4 -1
package/dist/index.js.map +1 -1
package/dist/nextjs/server.d.ts +2 -2
package/dist/server.d.ts +194 -181
package/dist/server.js +200 -70
package/dist/server.js.map +1 -1
package/dist/{session-Dbvz9Sdp.d.ts → session-2CyIVxMY.d.ts} +1 -1
package/dist/{types-B1CzVZkU.d.ts → types-B4auHIax.d.ts} +1 -1
package/package.json +3 -3

package/dist/server.d.ts CHANGED Viewed

@@ -1,14 +1,14 @@
-import { i as AuthInitOptions, d as VerificationPurpose, h as PermissionCategory, j as AuthContext } from './authenticate-B_HkYBzq.js';
-export { u as ChangePasswordParams, p as CheckAccountExistsParams, C as CheckAccountExistsResult, a1 as EmailSchema, I as IssueOneTimeTokenResult, s as LoginParams, L as LoginResult, t as LogoutParams, Z as OAuthCallbackParams, _ as OAuthCallbackResult, Y as OAuthStartParams, O as OAuthStartResult, a3 as PasswordSchema, a2 as PhoneSchema, q as RegisterParams, F as RegisterPublicKeyParams, a as RegisterResult, H as RevokeKeyParams, G as RotateKeyParams, b as RotateKeyResult, x as SendVerificationCodeParams, S as SendVerificationCodeResult, a4 as TargetTypeSchema, f as VERIFICATION_PURPOSES, e as VERIFICATION_TARGET_TYPES, a5 as VerificationPurposeSchema, V as VerificationTargetType, y as VerifyCodeParams, z as VerifyCodeResult, m as authRouter, $ as authenticate, Q as buildOAuthErrorUrl, o as changePasswordService, k as checkAccountExistsService, W as getEnabledOAuthProviders, X as getGoogleAccessToken, T as isOAuthProviderEnabled, J as issueOneTimeTokenService, l as loginService, n as logoutService, N as oauthCallbackService, M as oauthStartService, a0 as optionalAuth, B as registerPublicKeyService, r as registerService, E as revokeKeyService, D as rotateKeyService, v as sendVerificationCodeService, w as verifyCodeService, K as verifyOneTimeTokenService } from './authenticate-B_HkYBzq.js';
+import { i as AuthInitOptions, j as OAuthProvider, d as VerificationPurpose, h as PermissionCategory, k as AuthContext } from './authenticate-mfVRzeIK.js';
+export { v as ChangePasswordParams, q as CheckAccountExistsParams, C as CheckAccountExistsResult, a3 as EmailSchema, I as IssueOneTimeTokenResult, t as LoginParams, L as LoginResult, u as LogoutParams, a8 as NormalizedIdentity, $ as OAuthCallbackParams, a0 as OAuthCallbackResult, _ as OAuthStartParams, O as OAuthStartResult, a9 as OAuthTokens, a5 as PasswordSchema, a4 as PhoneSchema, s as RegisterParams, G as RegisterPublicKeyParams, a as RegisterResult, J as RevokeKeyParams, H as RotateKeyParams, b as RotateKeyResult, y as SendVerificationCodeParams, S as SendVerificationCodeResult, a6 as TargetTypeSchema, f as VERIFICATION_PURPOSES, e as VERIFICATION_TARGET_TYPES, a7 as VerificationPurposeSchema, V as VerificationTargetType, z as VerifyCodeParams, B as VerifyCodeResult, m as authRouter, a1 as authenticate, T as buildOAuthErrorUrl, p as changePasswordService, l as checkAccountExistsService, Y as getEnabledOAuthProviders, Z as getGoogleAccessToken, ab as getOAuthProvider, ac as getRegisteredProviders, W as isOAuthProviderEnabled, K as issueOneTimeTokenService, n as loginService, o as logoutService, Q as oauthCallbackService, N as oauthStartService, a2 as optionalAuth, aa as registerOAuthProvider, D as registerPublicKeyService, r as registerService, X as requireEnabledProvider, F as revokeKeyService, E as rotateKeyService, w as sendVerificationCodeService, x as verifyCodeService, M as verifyOneTimeTokenService } from './authenticate-mfVRzeIK.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
-import { K as KeyAlgorithmType, b as InvitationStatus, d as SocialProvider } from './types-B1CzVZkU.js';
-export { I as INVITATION_STATUSES, a as KEY_ALGORITHM, S as SOCIAL_PROVIDERS, U as USER_STATUSES, c as UserStatus } from './types-B1CzVZkU.js';
+import { K as KeyAlgorithmType, b as InvitationStatus, d as SocialProvider } from './types-B4auHIax.js';
+export { I as INVITATION_STATUSES, a as KEY_ALGORITHM, S as SOCIAL_PROVIDERS, U as USER_STATUSES, c as UserStatus } from './types-B4auHIax.js';
 import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
 import { Context } from 'hono';
 import * as _spfn_core_route from '@spfn/core/route';
 import { Algorithm } from 'jsonwebtoken';
-export { S as SessionData, g as getSessionInfo, s as sealSession, a as shouldRefreshSession, u as unsealSession } from './session-Dbvz9Sdp.js';
+export { S as SessionData, g as getSessionInfo, s as sealSession, a as shouldRefreshSession, u as unsealSession } from './session-2CyIVxMY.js';
 import { SSETokenStore, SSETokenManager } from '@spfn/core/event/sse';
 import * as _spfn_core_logger from '@spfn/core/logger';
 import * as _spfn_core_event from '@spfn/core/event';
@@ -1333,7 +1333,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
         id: number;
         name: string;
         displayName: string;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
     }[];
     userId: number;
     publicId: string;
@@ -1416,6 +1416,127 @@ declare function updateLocaleService(userId: string | number | bigint, locale: s
  */
 declare function updateUserProfileService(userId: string | number | bigint, params: UpdateProfileParams): Promise<ProfileInfo>;
+/**
+ * Google OAuth 2.0 Client
+ *
+ * Authorization Code Flow 구현
+ * - getGoogleAuthUrl: Google 로그인 URL 생성
+ * - exchangeCodeForTokens: Code를 Token으로 교환
+ * - getGoogleUserInfo: 사용자 정보 조회
+ */
+interface GoogleTokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_token?: string;
+    scope: string;
+    token_type: string;
+    id_token?: string;
+}
+interface GoogleUserInfo {
+    id: string;
+    email: string;
+    verified_email: boolean;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    locale?: string;
+}
+/**
+ * Google OAuth가 활성화되어 있는지 확인
+ */
+declare function isGoogleOAuthEnabled(): boolean;
+/**
+ * Google OAuth 설정 가져오기
+ */
+declare function getGoogleOAuthConfig(): {
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+};
+/**
+ * Google 로그인 URL 생성
+ *
+ * @param state - CSRF 방지용 state 파라미터 (암호화된 returnUrl + nonce 포함)
+ * @param scopes - 요청할 OAuth scopes (기본: env 또는 email, profile)
+ */
+declare function getGoogleAuthUrl(state: string, scopes?: string[]): string;
+/**
+ * Authorization Code를 Token으로 교환
+ *
+ * @param code - Google에서 받은 authorization code
+ */
+declare function exchangeCodeForTokens(code: string): Promise<GoogleTokenResponse>;
+/**
+ * Access Token으로 Google 사용자 정보 조회
+ *
+ * @param accessToken - Google access token
+ */
+declare function getGoogleUserInfo(accessToken: string): Promise<GoogleUserInfo>;
+/**
+ * Refresh Token으로 새 Access Token 획득
+ *
+ * @param refreshToken - Google refresh token
+ */
+declare function refreshAccessToken(refreshToken: string): Promise<GoogleTokenResponse>;
+/**
+ * OAuth State Management
+ *
+ * CSRF 방지를 위한 state 파라미터 암호화/복호화
+ * - returnUrl: OAuth 성공 후 리다이렉트할 URL
+ * - nonce: CSRF 방지용 일회용 토큰
+ * - provider: OAuth provider (google, github 등)
+ * - publicKey, keyId, fingerprint, algorithm: 클라이언트 키 정보
+ * - expiresAt: state 만료 시간
+ */
+interface OAuthState {
+    returnUrl: string;
+    nonce: string;
+    provider: string;
+    publicKey: string;
+    keyId: string;
+    fingerprint: string;
+    algorithm: KeyAlgorithmType;
+    metadata?: Record<string, unknown>;
+}
+interface CreateOAuthStateParams {
+    provider: string;
+    returnUrl: string;
+    publicKey: string;
+    keyId: string;
+    fingerprint: string;
+    algorithm: KeyAlgorithmType;
+    metadata?: Record<string, unknown>;
+}
+/**
+ * OAuth state 생성 및 암호화
+ *
+ * @param params - state 생성에 필요한 파라미터
+ * @returns 암호화된 state 문자열
+ */
+declare function createOAuthState(params: CreateOAuthStateParams): Promise<string>;
+/**
+ * OAuth state 복호화 및 검증
+ *
+ * @param encryptedState - 암호화된 state 문자열
+ * @returns 복호화된 state 객체
+ * @throws Error if state is invalid or expired (JWE exp claim으로 자동 검증)
+ */
+declare function verifyOAuthState(encryptedState: string): Promise<OAuthState>;
+/**
+ * Google OAuthProvider 구현
+ *
+ * 기존 google.ts의 함수를 OAuthProvider 인터페이스로 래핑한다.
+ * google.ts 자체는 그대로 유지(테스트·google 전용 route가 직접 의존).
+ *
+ * 이 모듈을 import 하는 것만으로 google provider가 registry에 자기 등록된다.
+ */
+declare const googleProvider: OAuthProvider;
 /**
  * @spfn/auth - Database Schema Definition
  *
@@ -2063,14 +2184,14 @@ declare const userSocialAccounts: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "user_social_accounts";
             dataType: "string";
             columnType: "PgText";
-            data: "google" | "github" | "kakao" | "naver";
+            data: "google" | "github" | "kakao" | "naver" | "superself";
             driverParam: string;
             notNull: true;
             hasDefault: false;
             isPrimaryKey: false;
             isAutoincrement: false;
             hasRuntimeDefault: false;
-            enumValues: ["google", "github", "kakao", "naver"] & [string, ...string[]];
+            enumValues: ["google", "github", "kakao", "naver", "superself"] & [string, ...string[]];
             baseColumn: never;
             identity: undefined;
             generated: undefined;
@@ -2474,7 +2595,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "permissions";
             dataType: "string";
             columnType: "PgText";
-            data: "auth" | "custom" | "user" | "rbac" | "system";
+            data: "custom" | "user" | "auth" | "rbac" | "system";
             driverParam: string;
             notNull: false;
             hasDefault: false;
@@ -3067,15 +3188,15 @@ declare class UsersRepository extends BaseRepository {
     create(data: NewUser): Promise<{
         email: string | null;
         phone: string | null;
+        status: "active" | "inactive" | "suspended";
+        username: string | null;
         id: number;
+        createdAt: Date;
+        updatedAt: Date;
         publicId: string;
-        username: string | null;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
-        createdAt: Date;
-        updatedAt: Date;
-        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3147,15 +3268,15 @@ declare class UsersRepository extends BaseRepository {
     deleteById(id: number): Promise<{
         email: string | null;
         phone: string | null;
+        status: "active" | "inactive" | "suspended";
+        username: string | null;
         id: number;
+        createdAt: Date;
+        updatedAt: Date;
         publicId: string;
-        username: string | null;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
-        createdAt: Date;
-        updatedAt: Date;
-        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3178,7 +3299,7 @@ declare class UsersRepository extends BaseRepository {
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
     }>;
     /**
@@ -3293,16 +3414,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUserPublicKey): Promise<{
-        publicKey: string;
-        keyId: string;
-        fingerprint: string;
-        algorithm: "ES256" | "RS256";
         userId: number;
+        keyId: string;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        expiresAt: Date | null;
+        publicKey: string;
+        algorithm: "ES256" | "RS256";
+        fingerprint: string;
         lastUsedAt: Date | null;
+        expiresAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3329,16 +3450,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
-        publicKey: string;
-        keyId: string;
-        fingerprint: string;
-        algorithm: "ES256" | "RS256";
         userId: number;
+        keyId: string;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        expiresAt: Date | null;
+        publicKey: string;
+        algorithm: "ES256" | "RS256";
+        fingerprint: string;
         lastUsedAt: Date | null;
+        expiresAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3453,14 +3574,14 @@ declare class VerificationCodesRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewVerificationCode): Promise<{
-        target: string;
-        targetType: "email" | "phone";
-        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
-        code: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
         expiresAt: Date;
+        target: string;
+        targetType: "email" | "phone";
+        code: string;
+        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
         usedAt: Date | null;
         attempts: number;
     }>;
@@ -3649,7 +3770,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3665,7 +3786,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3705,7 +3826,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3716,7 +3837,6 @@ declare class PermissionsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         description: string | null;
-        metadata: Record<string, any> | null;
         id: number;
         name: string;
         displayName: string;
@@ -3725,7 +3845,8 @@ declare class PermissionsRepository extends BaseRepository {
         isActive: boolean;
         createdAt: Date;
         updatedAt: Date;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        metadata: Record<string, any> | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3770,9 +3891,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     createMany(data: NewRolePermission[]): Promise<{
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
+        roleId: number;
         permissionId: number;
     }[]>;
     /**
@@ -3788,9 +3909,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
+        roleId: number;
         permissionId: number;
     }[]>;
 }
@@ -3855,10 +3976,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        permissionId: number;
         expiresAt: Date | null;
-        reason: string | null;
+        permissionId: number;
         granted: boolean;
+        reason: string | null;
     }>;
     /**
      * 사용자 권한 오버라이드 업데이트
@@ -3881,10 +4002,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        permissionId: number;
         expiresAt: Date | null;
-        reason: string | null;
+        permissionId: number;
         granted: boolean;
+        reason: string | null;
     }>;
     /**
      * 사용자의 모든 권한 오버라이드 삭제
@@ -3962,7 +4083,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 생성
      */
     create(data: NewUserProfile): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -3980,6 +4100,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 업데이트 (by ID)
@@ -4031,7 +4152,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 삭제 (by ID)
      */
     deleteById(id: number): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -4049,12 +4169,12 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 삭제 (by User ID)
      */
     deleteByUserId(userId: number): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -4072,6 +4192,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 Upsert (by User ID)
@@ -4080,7 +4201,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
      */
     upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -4098,6 +4218,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * User ID로 프로필 데이터 조회 (formatted)
@@ -4225,15 +4346,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     create(data: NewInvitation): Promise<{
         email: string;
-        metadata: Record<string, any> | null;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        roleId: number;
+        metadata: Record<string, any> | null;
+        expiresAt: Date;
         token: string;
         invitedBy: number;
-        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4259,15 +4380,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         email: string;
-        metadata: Record<string, any> | null;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        roleId: number;
+        metadata: Record<string, any> | null;
+        expiresAt: Date;
         token: string;
         invitedBy: number;
-        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4412,7 +4533,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4428,7 +4549,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4444,7 +4565,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4460,7 +4581,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4480,7 +4601,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4496,7 +4617,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4512,7 +4633,7 @@ declare class SocialAccountsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        provider: "google" | "github" | "kakao" | "naver";
+        provider: "google" | "github" | "kakao" | "naver" | "superself";
         providerUserId: string;
         providerEmail: string | null;
         accessToken: string | null;
@@ -4976,15 +5097,15 @@ declare function getUser(c: Context | {
 }): {
     email: string | null;
     phone: string | null;
+    status: "active" | "inactive" | "suspended";
+    username: string | null;
     id: number;
+    createdAt: Date;
+    updatedAt: Date;
     publicId: string;
-    username: string | null;
     passwordHash: string | null;
     passwordChangeRequired: boolean;
     roleId: number;
-    createdAt: Date;
-    updatedAt: Date;
-    status: "active" | "inactive" | "suspended";
     emailVerifiedAt: Date | null;
     phoneVerifiedAt: Date | null;
     lastLoginAt: Date | null;
@@ -5181,116 +5302,6 @@ declare function getAuthConfig(): AuthConfig;
  */
 declare function getSessionTtl(override?: string | number): number;
-/**
- * Google OAuth 2.0 Client
- *
- * Authorization Code Flow 구현
- * - getGoogleAuthUrl: Google 로그인 URL 생성
- * - exchangeCodeForTokens: Code를 Token으로 교환
- * - getGoogleUserInfo: 사용자 정보 조회
- */
-interface GoogleTokenResponse {
-    access_token: string;
-    expires_in: number;
-    refresh_token?: string;
-    scope: string;
-    token_type: string;
-    id_token?: string;
-}
-interface GoogleUserInfo {
-    id: string;
-    email: string;
-    verified_email: boolean;
-    name?: string;
-    given_name?: string;
-    family_name?: string;
-    picture?: string;
-    locale?: string;
-}
-/**
- * Google OAuth가 활성화되어 있는지 확인
- */
-declare function isGoogleOAuthEnabled(): boolean;
-/**
- * Google OAuth 설정 가져오기
- */
-declare function getGoogleOAuthConfig(): {
-    clientId: string;
-    clientSecret: string;
-    redirectUri: string;
-};
-/**
- * Google 로그인 URL 생성
- *
- * @param state - CSRF 방지용 state 파라미터 (암호화된 returnUrl + nonce 포함)
- * @param scopes - 요청할 OAuth scopes (기본: env 또는 email, profile)
- */
-declare function getGoogleAuthUrl(state: string, scopes?: string[]): string;
-/**
- * Authorization Code를 Token으로 교환
- *
- * @param code - Google에서 받은 authorization code
- */
-declare function exchangeCodeForTokens(code: string): Promise<GoogleTokenResponse>;
-/**
- * Access Token으로 Google 사용자 정보 조회
- *
- * @param accessToken - Google access token
- */
-declare function getGoogleUserInfo(accessToken: string): Promise<GoogleUserInfo>;
-/**
- * Refresh Token으로 새 Access Token 획득
- *
- * @param refreshToken - Google refresh token
- */
-declare function refreshAccessToken(refreshToken: string): Promise<GoogleTokenResponse>;
-/**
- * OAuth State Management
- *
- * CSRF 방지를 위한 state 파라미터 암호화/복호화
- * - returnUrl: OAuth 성공 후 리다이렉트할 URL
- * - nonce: CSRF 방지용 일회용 토큰
- * - provider: OAuth provider (google, github 등)
- * - publicKey, keyId, fingerprint, algorithm: 클라이언트 키 정보
- * - expiresAt: state 만료 시간
- */
-interface OAuthState {
-    returnUrl: string;
-    nonce: string;
-    provider: string;
-    publicKey: string;
-    keyId: string;
-    fingerprint: string;
-    algorithm: KeyAlgorithmType;
-    metadata?: Record<string, unknown>;
-}
-interface CreateOAuthStateParams {
-    provider: string;
-    returnUrl: string;
-    publicKey: string;
-    keyId: string;
-    fingerprint: string;
-    algorithm: KeyAlgorithmType;
-    metadata?: Record<string, unknown>;
-}
-/**
- * OAuth state 생성 및 암호화
- *
- * @param params - state 생성에 필요한 파라미터
- * @returns 암호화된 state 문자열
- */
-declare function createOAuthState(params: CreateOAuthStateParams): Promise<string>;
-/**
- * OAuth state 복호화 및 검증
- *
- * @param encryptedState - 암호화된 state 문자열
- * @returns 복호화된 state 객체
- * @throws Error if state is invalid or expired (JWE exp claim으로 자동 검증)
- */
-declare function verifyOAuthState(encryptedState: string): Promise<OAuthState>;
 /**
  * One-Time Token Manager
  *
@@ -5483,8 +5494,10 @@ declare function createAuthLifecycle(options?: AuthLifecycleOptions): AuthLifecy
  */
 /**
  * Auth provider type
+ *
+ * 직접 인증(email/phone) + 등록 가능한 모든 소셜 provider(SOCIAL_PROVIDERS).
  */
-declare const AuthProviderSchema: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">, _sinclair_typebox.TLiteral<"google">]>;
+declare const AuthProviderSchema: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">, ..._sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]]>;
 /**
  * auth.login - 로그인 성공 이벤트
  *
@@ -5503,7 +5516,7 @@ declare const authLoginEvent: _spfn_core_event.EventDef<{
     email?: string | undefined;
     phone?: string | undefined;
     userId: string;
-    provider: "email" | "phone" | "google";
+    provider: "email" | "phone" | "google" | "github" | "kakao" | "naver" | "superself";
 }>;
 /**
  * auth.register - 회원가입 성공 이벤트
@@ -5526,7 +5539,7 @@ declare const authRegisterEvent: _spfn_core_event.EventDef<{
         [x: string]: unknown;
     } | undefined;
     userId: string;
-    provider: "email" | "phone" | "google";
+    provider: "email" | "phone" | "google" | "github" | "kakao" | "naver" | "superself";
 }>;
 /**
  * auth.invitation.created - 초대 생성 이벤트
@@ -5554,9 +5567,9 @@ declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
     } | undefined;
     email: string;
     roleId: number;
+    expiresAt: string;
     token: string;
     invitedBy: string;
-    expiresAt: string;
     invitationId: string;
     isResend: boolean;
 }>;
@@ -5591,4 +5604,4 @@ type AuthRegisterPayload = typeof authRegisterEvent._payload;
 type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
 type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
-export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
+export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };