@spfn/auth 0.2.0-beta.70 → 0.2.0-beta.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/server.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { j as AuthInitOptions, k as OAuthProvider, e as VerificationPurpose, i as PermissionCategory, l as AuthContext } from './authenticate-tmmbh1ux.js';
2
- export { C as ChangePasswordParams, a3 as EmailSchema, I as IssueOneTimeTokenResult, s as LoginParams, L as LoginResult, t as LogoutParams, aa as NativeVerifyOptions, a8 as NormalizedIdentity, Z as OAuthCallbackParams, _ as OAuthCallbackResult, a0 as OAuthNativeParams, c as OAuthNativeResult, Y as OAuthStartParams, O as OAuthStartResult, a9 as OAuthTokens, a5 as PasswordSchema, a4 as PhoneSchema, q as RegisterParams, E as RegisterPublicKeyParams, a as RegisterResult, G as RevokeKeyParams, F as RotateKeyParams, b as RotateKeyResult, w as SendVerificationCodeParams, S as SendVerificationCodeResult, a6 as TargetTypeSchema, g as VERIFICATION_PURPOSES, f as VERIFICATION_TARGET_TYPES, a7 as VerificationPurposeSchema, V as VerificationTargetType, x as VerifyCodeParams, y as VerifyCodeResult, m as authRouter, a1 as authenticate, N as buildOAuthErrorUrl, p as changePasswordService, W as getEnabledOAuthProviders, X as getGoogleAccessToken, ac as getOAuthProvider, ad as getRegisteredProviders, Q as isOAuthProviderEnabled, H as issueOneTimeTokenService, n as loginService, o as logoutService, M as oauthCallbackService, $ as oauthNativeService, K as oauthStartService, a2 as optionalAuth, ab as registerOAuthProvider, z as registerPublicKeyService, r as registerService, T as requireEnabledProvider, D as revokeKeyService, B as rotateKeyService, u as sendVerificationCodeService, v as verifyCodeService, J as verifyOneTimeTokenService } from './authenticate-tmmbh1ux.js';
1
+ import { j as AuthInitOptions, k as OAuthProvider, e as VerificationPurpose, i as PermissionCategory, l as AuthContext } from './authenticate-DXVtYh8X.js';
2
+ export { C as ChangePasswordParams, a3 as EmailSchema, I as IssueOneTimeTokenResult, s as LoginParams, L as LoginResult, t as LogoutParams, aa as NativeVerifyOptions, a8 as NormalizedIdentity, Z as OAuthCallbackParams, _ as OAuthCallbackResult, a0 as OAuthNativeParams, c as OAuthNativeResult, Y as OAuthStartParams, O as OAuthStartResult, a9 as OAuthTokens, a5 as PasswordSchema, a4 as PhoneSchema, q as RegisterParams, E as RegisterPublicKeyParams, a as RegisterResult, G as RevokeKeyParams, F as RotateKeyParams, b as RotateKeyResult, w as SendVerificationCodeParams, S as SendVerificationCodeResult, a6 as TargetTypeSchema, g as VERIFICATION_PURPOSES, f as VERIFICATION_TARGET_TYPES, a7 as VerificationPurposeSchema, V as VerificationTargetType, x as VerifyCodeParams, y as VerifyCodeResult, m as authRouter, a1 as authenticate, N as buildOAuthErrorUrl, p as changePasswordService, W as getEnabledOAuthProviders, X as getGoogleAccessToken, ac as getOAuthProvider, ad as getRegisteredProviders, Q as isOAuthProviderEnabled, H as issueOneTimeTokenService, n as loginService, o as logoutService, M as oauthCallbackService, $ as oauthNativeService, K as oauthStartService, a2 as optionalAuth, ab as registerOAuthProvider, z as registerPublicKeyService, r as registerService, T as requireEnabledProvider, D as revokeKeyService, B as rotateKeyService, u as sendVerificationCodeService, v as verifyCodeService, J as verifyOneTimeTokenService } from './authenticate-DXVtYh8X.js';
3
3
  import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
4
4
  import { K as KeyAlgorithmType, b as InvitationStatus, d as SocialProvider } from './types-BtksCI9X.js';
5
5
  export { I as INVITATION_STATUSES, a as KEY_ALGORITHM, S as SOCIAL_PROVIDERS, U as USER_STATUSES, c as UserStatus } from './types-BtksCI9X.js';
@@ -1352,7 +1352,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
1352
1352
  id: number;
1353
1353
  name: string;
1354
1354
  displayName: string;
1355
- category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
1355
+ category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
1356
1356
  }[];
1357
1357
  userId: number;
1358
1358
  publicId: string;
@@ -1520,6 +1520,12 @@ interface OAuthState {
1520
1520
  algorithm: KeyAlgorithmType;
1521
1521
  metadata?: Record<string, unknown>;
1522
1522
  }
1523
+ /**
1524
+ * Generate a CSRF nonce for the OAuth flow. The caller passes it to
1525
+ * createOAuthState AND sets it as the oauth_csrf cookie, so the callback can
1526
+ * double-submit-verify the flow was initiated by this same browser.
1527
+ */
1528
+ declare function generateOAuthNonce(): string;
1523
1529
  interface CreateOAuthStateParams {
1524
1530
  provider: string;
1525
1531
  returnUrl: string;
@@ -1528,6 +1534,11 @@ interface CreateOAuthStateParams {
1528
1534
  fingerprint: string;
1529
1535
  algorithm: KeyAlgorithmType;
1530
1536
  metadata?: Record<string, unknown>;
1537
+ /**
1538
+ * CSRF nonce bound into the state. Pass the same value as the oauth_csrf
1539
+ * cookie. Defaults to a fresh nonce (unbound — legacy/no-CSRF callers).
1540
+ */
1541
+ nonce?: string;
1531
1542
  }
1532
1543
  /**
1533
1544
  * OAuth state 생성 및 암호화
@@ -2653,7 +2664,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
2653
2664
  tableName: "permissions";
2654
2665
  dataType: "string";
2655
2666
  columnType: "PgText";
2656
- data: "custom" | "user" | "auth" | "rbac" | "system";
2667
+ data: "auth" | "custom" | "user" | "rbac" | "system";
2657
2668
  driverParam: string;
2658
2669
  notNull: false;
2659
2670
  hasDefault: false;
@@ -3246,15 +3257,15 @@ declare class UsersRepository extends BaseRepository {
3246
3257
  create(data: NewUser): Promise<{
3247
3258
  email: string | null;
3248
3259
  phone: string | null;
3249
- status: "active" | "inactive" | "suspended";
3250
- username: string | null;
3251
3260
  id: number;
3252
- createdAt: Date;
3253
- updatedAt: Date;
3254
3261
  publicId: string;
3262
+ username: string | null;
3255
3263
  passwordHash: string | null;
3256
3264
  passwordChangeRequired: boolean;
3257
3265
  roleId: number;
3266
+ createdAt: Date;
3267
+ updatedAt: Date;
3268
+ status: "active" | "inactive" | "suspended";
3258
3269
  emailVerifiedAt: Date | null;
3259
3270
  phoneVerifiedAt: Date | null;
3260
3271
  lastLoginAt: Date | null;
@@ -3326,15 +3337,15 @@ declare class UsersRepository extends BaseRepository {
3326
3337
  deleteById(id: number): Promise<{
3327
3338
  email: string | null;
3328
3339
  phone: string | null;
3329
- status: "active" | "inactive" | "suspended";
3330
- username: string | null;
3331
3340
  id: number;
3332
- createdAt: Date;
3333
- updatedAt: Date;
3334
3341
  publicId: string;
3342
+ username: string | null;
3335
3343
  passwordHash: string | null;
3336
3344
  passwordChangeRequired: boolean;
3337
3345
  roleId: number;
3346
+ createdAt: Date;
3347
+ updatedAt: Date;
3348
+ status: "active" | "inactive" | "suspended";
3338
3349
  emailVerifiedAt: Date | null;
3339
3350
  phoneVerifiedAt: Date | null;
3340
3351
  lastLoginAt: Date | null;
@@ -3357,7 +3368,7 @@ declare class UsersRepository extends BaseRepository {
3357
3368
  id: number;
3358
3369
  name: string;
3359
3370
  displayName: string;
3360
- category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
3371
+ category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
3361
3372
  }[];
3362
3373
  }>;
3363
3374
  /**
@@ -3472,24 +3483,45 @@ declare class KeysRepository extends BaseRepository {
3472
3483
  * Write primary 사용
3473
3484
  */
3474
3485
  create(data: NewUserPublicKey): Promise<{
3475
- userId: number;
3486
+ publicKey: string;
3476
3487
  keyId: string;
3488
+ fingerprint: string;
3489
+ algorithm: "ES256" | "RS256";
3490
+ userId: number;
3477
3491
  id: number;
3478
3492
  isActive: boolean;
3479
3493
  createdAt: Date;
3494
+ expiresAt: Date | null;
3495
+ lastUsedAt: Date | null;
3496
+ revokedAt: Date | null;
3497
+ revokedReason: string | null;
3498
+ }>;
3499
+ /**
3500
+ * 공개키 revoke (비활성화)
3501
+ * Write primary 사용
3502
+ */
3503
+ revokeByKeyIdAndUserId(keyId: string, userId: number, reason: string): Promise<{
3504
+ id: number;
3505
+ userId: number;
3506
+ keyId: string;
3480
3507
  publicKey: string;
3481
3508
  algorithm: "ES256" | "RS256";
3482
3509
  fingerprint: string;
3510
+ isActive: boolean;
3511
+ createdAt: Date;
3483
3512
  lastUsedAt: Date | null;
3484
3513
  expiresAt: Date | null;
3485
3514
  revokedAt: Date | null;
3486
3515
  revokedReason: string | null;
3487
3516
  }>;
3488
3517
  /**
3489
- * 공개키 revoke (비활성화)
3518
+ * 사용자의 모든 활성 공개키 revoke (비활성화)
3519
+ *
3520
+ * 비번 변경 시 전체 세션 로그아웃에 사용. authenticate는 활성 키만 검증하므로,
3521
+ * revoke된 키로 서명한 기존 세션의 요청은 즉시 401이 된다.
3490
3522
  * Write primary 사용
3491
3523
  */
3492
- revokeByKeyIdAndUserId(keyId: string, userId: number, reason: string): Promise<{
3524
+ revokeAllActiveByUserId(userId: number, reason: string): Promise<{
3493
3525
  id: number;
3494
3526
  userId: number;
3495
3527
  keyId: string;
@@ -3502,22 +3534,22 @@ declare class KeysRepository extends BaseRepository {
3502
3534
  expiresAt: Date | null;
3503
3535
  revokedAt: Date | null;
3504
3536
  revokedReason: string | null;
3505
- }>;
3537
+ }[]>;
3506
3538
  /**
3507
3539
  * 공개키 삭제
3508
3540
  * Write primary 사용
3509
3541
  */
3510
3542
  deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
3511
- userId: number;
3543
+ publicKey: string;
3512
3544
  keyId: string;
3545
+ fingerprint: string;
3546
+ algorithm: "ES256" | "RS256";
3547
+ userId: number;
3513
3548
  id: number;
3514
3549
  isActive: boolean;
3515
3550
  createdAt: Date;
3516
- publicKey: string;
3517
- algorithm: "ES256" | "RS256";
3518
- fingerprint: string;
3519
- lastUsedAt: Date | null;
3520
3551
  expiresAt: Date | null;
3552
+ lastUsedAt: Date | null;
3521
3553
  revokedAt: Date | null;
3522
3554
  revokedReason: string | null;
3523
3555
  }>;
@@ -3624,14 +3656,14 @@ declare class VerificationCodesRepository extends BaseRepository {
3624
3656
  * Write primary 사용
3625
3657
  */
3626
3658
  create(data: NewVerificationCode): Promise<{
3659
+ target: string;
3660
+ targetType: "email" | "phone";
3661
+ purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
3662
+ code: string;
3627
3663
  id: number;
3628
3664
  createdAt: Date;
3629
3665
  updatedAt: Date;
3630
3666
  expiresAt: Date;
3631
- target: string;
3632
- targetType: "email" | "phone";
3633
- code: string;
3634
- purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
3635
3667
  usedAt: Date | null;
3636
3668
  attempts: number;
3637
3669
  }>;
@@ -3820,7 +3852,7 @@ declare class PermissionsRepository extends BaseRepository {
3820
3852
  name: string;
3821
3853
  displayName: string;
3822
3854
  description: string | null;
3823
- category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3855
+ category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3824
3856
  isBuiltin: boolean;
3825
3857
  isSystem: boolean;
3826
3858
  isActive: boolean;
@@ -3836,7 +3868,7 @@ declare class PermissionsRepository extends BaseRepository {
3836
3868
  name: string;
3837
3869
  displayName: string;
3838
3870
  description: string | null;
3839
- category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3871
+ category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3840
3872
  isBuiltin: boolean;
3841
3873
  isSystem: boolean;
3842
3874
  isActive: boolean;
@@ -3876,7 +3908,7 @@ declare class PermissionsRepository extends BaseRepository {
3876
3908
  name: string;
3877
3909
  displayName: string;
3878
3910
  description: string | null;
3879
- category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3911
+ category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3880
3912
  isBuiltin: boolean;
3881
3913
  isSystem: boolean;
3882
3914
  isActive: boolean;
@@ -3887,6 +3919,7 @@ declare class PermissionsRepository extends BaseRepository {
3887
3919
  */
3888
3920
  deleteById(id: number): Promise<{
3889
3921
  description: string | null;
3922
+ metadata: Record<string, any> | null;
3890
3923
  id: number;
3891
3924
  name: string;
3892
3925
  displayName: string;
@@ -3895,8 +3928,7 @@ declare class PermissionsRepository extends BaseRepository {
3895
3928
  isActive: boolean;
3896
3929
  createdAt: Date;
3897
3930
  updatedAt: Date;
3898
- metadata: Record<string, any> | null;
3899
- category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3931
+ category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3900
3932
  }>;
3901
3933
  }
3902
3934
  declare const permissionsRepository: PermissionsRepository;
@@ -3941,9 +3973,9 @@ declare class RolePermissionsRepository extends BaseRepository {
3941
3973
  */
3942
3974
  createMany(data: NewRolePermission[]): Promise<{
3943
3975
  id: number;
3976
+ roleId: number;
3944
3977
  createdAt: Date;
3945
3978
  updatedAt: Date;
3946
- roleId: number;
3947
3979
  permissionId: number;
3948
3980
  }[]>;
3949
3981
  /**
@@ -3959,9 +3991,9 @@ declare class RolePermissionsRepository extends BaseRepository {
3959
3991
  */
3960
3992
  setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
3961
3993
  id: number;
3994
+ roleId: number;
3962
3995
  createdAt: Date;
3963
3996
  updatedAt: Date;
3964
- roleId: number;
3965
3997
  permissionId: number;
3966
3998
  }[]>;
3967
3999
  }
@@ -4026,10 +4058,10 @@ declare class UserPermissionsRepository extends BaseRepository {
4026
4058
  id: number;
4027
4059
  createdAt: Date;
4028
4060
  updatedAt: Date;
4029
- expiresAt: Date | null;
4030
4061
  permissionId: number;
4031
- granted: boolean;
4062
+ expiresAt: Date | null;
4032
4063
  reason: string | null;
4064
+ granted: boolean;
4033
4065
  }>;
4034
4066
  /**
4035
4067
  * 사용자 권한 오버라이드 업데이트
@@ -4052,10 +4084,10 @@ declare class UserPermissionsRepository extends BaseRepository {
4052
4084
  id: number;
4053
4085
  createdAt: Date;
4054
4086
  updatedAt: Date;
4055
- expiresAt: Date | null;
4056
4087
  permissionId: number;
4057
- granted: boolean;
4088
+ expiresAt: Date | null;
4058
4089
  reason: string | null;
4090
+ granted: boolean;
4059
4091
  }>;
4060
4092
  /**
4061
4093
  * 사용자의 모든 권한 오버라이드 삭제
@@ -4133,6 +4165,7 @@ declare class UserProfilesRepository extends BaseRepository {
4133
4165
  * 프로필 생성
4134
4166
  */
4135
4167
  create(data: NewUserProfile): Promise<{
4168
+ metadata: Record<string, any> | null;
4136
4169
  userId: number;
4137
4170
  id: number;
4138
4171
  displayName: string | null;
@@ -4150,7 +4183,6 @@ declare class UserProfilesRepository extends BaseRepository {
4150
4183
  location: string | null;
4151
4184
  company: string | null;
4152
4185
  jobTitle: string | null;
4153
- metadata: Record<string, any> | null;
4154
4186
  }>;
4155
4187
  /**
4156
4188
  * 프로필 업데이트 (by ID)
@@ -4202,6 +4234,7 @@ declare class UserProfilesRepository extends BaseRepository {
4202
4234
  * 프로필 삭제 (by ID)
4203
4235
  */
4204
4236
  deleteById(id: number): Promise<{
4237
+ metadata: Record<string, any> | null;
4205
4238
  userId: number;
4206
4239
  id: number;
4207
4240
  displayName: string | null;
@@ -4219,12 +4252,12 @@ declare class UserProfilesRepository extends BaseRepository {
4219
4252
  location: string | null;
4220
4253
  company: string | null;
4221
4254
  jobTitle: string | null;
4222
- metadata: Record<string, any> | null;
4223
4255
  }>;
4224
4256
  /**
4225
4257
  * 프로필 삭제 (by User ID)
4226
4258
  */
4227
4259
  deleteByUserId(userId: number): Promise<{
4260
+ metadata: Record<string, any> | null;
4228
4261
  userId: number;
4229
4262
  id: number;
4230
4263
  displayName: string | null;
@@ -4242,7 +4275,6 @@ declare class UserProfilesRepository extends BaseRepository {
4242
4275
  location: string | null;
4243
4276
  company: string | null;
4244
4277
  jobTitle: string | null;
4245
- metadata: Record<string, any> | null;
4246
4278
  }>;
4247
4279
  /**
4248
4280
  * 프로필 Upsert (by User ID)
@@ -4251,6 +4283,7 @@ declare class UserProfilesRepository extends BaseRepository {
4251
4283
  * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
4252
4284
  */
4253
4285
  upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
4286
+ metadata: Record<string, any> | null;
4254
4287
  userId: number;
4255
4288
  id: number;
4256
4289
  displayName: string | null;
@@ -4268,7 +4301,6 @@ declare class UserProfilesRepository extends BaseRepository {
4268
4301
  location: string | null;
4269
4302
  company: string | null;
4270
4303
  jobTitle: string | null;
4271
- metadata: Record<string, any> | null;
4272
4304
  }>;
4273
4305
  /**
4274
4306
  * User ID로 프로필 데이터 조회 (formatted)
@@ -4396,15 +4428,15 @@ declare class InvitationsRepository extends BaseRepository {
4396
4428
  */
4397
4429
  create(data: NewInvitation): Promise<{
4398
4430
  email: string;
4399
- status: "pending" | "accepted" | "expired" | "cancelled";
4431
+ metadata: Record<string, any> | null;
4400
4432
  id: number;
4433
+ roleId: number;
4401
4434
  createdAt: Date;
4402
4435
  updatedAt: Date;
4403
- roleId: number;
4404
- metadata: Record<string, any> | null;
4405
- expiresAt: Date;
4436
+ status: "pending" | "accepted" | "expired" | "cancelled";
4406
4437
  token: string;
4407
4438
  invitedBy: number;
4439
+ expiresAt: Date;
4408
4440
  acceptedAt: Date | null;
4409
4441
  cancelledAt: Date | null;
4410
4442
  }>;
@@ -4430,15 +4462,15 @@ declare class InvitationsRepository extends BaseRepository {
4430
4462
  */
4431
4463
  deleteById(id: number): Promise<{
4432
4464
  email: string;
4433
- status: "pending" | "accepted" | "expired" | "cancelled";
4465
+ metadata: Record<string, any> | null;
4434
4466
  id: number;
4467
+ roleId: number;
4435
4468
  createdAt: Date;
4436
4469
  updatedAt: Date;
4437
- roleId: number;
4438
- metadata: Record<string, any> | null;
4439
- expiresAt: Date;
4470
+ status: "pending" | "accepted" | "expired" | "cancelled";
4440
4471
  token: string;
4441
4472
  invitedBy: number;
4473
+ expiresAt: Date;
4442
4474
  acceptedAt: Date | null;
4443
4475
  cancelledAt: Date | null;
4444
4476
  }>;
@@ -5162,15 +5194,15 @@ declare function getUser(c: Context | {
5162
5194
  }): {
5163
5195
  email: string | null;
5164
5196
  phone: string | null;
5165
- status: "active" | "inactive" | "suspended";
5166
- username: string | null;
5167
5197
  id: number;
5168
- createdAt: Date;
5169
- updatedAt: Date;
5170
5198
  publicId: string;
5199
+ username: string | null;
5171
5200
  passwordHash: string | null;
5172
5201
  passwordChangeRequired: boolean;
5173
5202
  roleId: number;
5203
+ createdAt: Date;
5204
+ updatedAt: Date;
5205
+ status: "active" | "inactive" | "suspended";
5174
5206
  emailVerifiedAt: Date | null;
5175
5207
  phoneVerifiedAt: Date | null;
5176
5208
  lastLoginAt: Date | null;
@@ -5311,6 +5343,8 @@ declare const COOKIE_NAMES: {
5311
5343
  readonly SESSION_KEY_ID: string;
5312
5344
  /** Pending OAuth session (privateKey, keyId, algorithm) - temporary during OAuth flow */
5313
5345
  readonly OAUTH_PENDING: string;
5346
+ /** OAuth CSRF nonce — double-submit against the (encrypted) state.nonce at callback */
5347
+ readonly OAUTH_CSRF: string;
5314
5348
  };
5315
5349
  /**
5316
5350
  * Parse duration string to seconds
@@ -5632,9 +5666,9 @@ declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
5632
5666
  } | undefined;
5633
5667
  email: string;
5634
5668
  roleId: number;
5635
- expiresAt: string;
5636
5669
  token: string;
5637
5670
  invitedBy: string;
5671
+ expiresAt: string;
5638
5672
  invitationId: string;
5639
5673
  isResend: boolean;
5640
5674
  }>;
@@ -5669,4 +5703,4 @@ type AuthRegisterPayload = typeof authRegisterEvent._payload;
5669
5703
  type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
5670
5704
  type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
5671
5705
 
5672
- export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, type VerifyIdTokenParams, acceptInvitation, addPermissionToRole, appleProvider, assertCanAssignRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyIdToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
5706
+ export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, type VerifyIdTokenParams, acceptInvitation, addPermissionToRole, appleProvider, assertCanAssignRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateOAuthNonce, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyIdToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };