@stackframe/stack-shared 2.5.3 → 2.5.4

package/dist/known-errors.js

@@ -1,4 +1,4 @@
-import { StatusError, throwErr } from "./utils/errors";
+import { StackAssertionError, StatusError, throwErr } from "./utils/errors";
 import { identityArgs } from "./utils/functions";
 import { deindent } from "./utils/strings";
 export class KnownError extends StatusError {
@@ -10,11 +10,7 @@ export class KnownError extends StatusError {
         this.name = "KnownError";
     }
     getBody() {
-        return new TextEncoder().encode(JSON.stringify({
-            code: this.errorCode,
-            details: this.details,
-            error: this.humanReadableMessage,
-        }, undefined, 2));
+        return new TextEncoder().encode(JSON.stringify(this.toDescriptiveJson(), undefined, 2));
     }
     getHeaders() {
         return {
@@ -22,6 +18,13 @@ export class KnownError extends StatusError {
             "X-Stack-Known-Error": [this.errorCode],
         };
     }
+    toDescriptiveJson() {
+        return {
+            code: this.errorCode,
+            ...this.details ? { details: this.details } : {},
+            error: this.humanReadableMessage,
+        };
+    }
     get errorCode() {
         return this.constructor.errorCode ?? throwErr(`Can't find error code for this KnownError. Is its constructor a KnownErrorConstructor? ${this}`);
     }
@@ -29,18 +32,19 @@ export class KnownError extends StatusError {
         return [
             400,
             json.message,
-            json.details,
+            json,
         ];
     }
     static fromJson(json) {
         for (const [_, KnownErrorType] of Object.entries(KnownErrors)) {
             if (json.code === KnownErrorType.prototype.errorCode) {
+                const constructorArgs = KnownErrorType.constructorArgsFromJson(json);
                 return new KnownErrorType(
                 // @ts-expect-error
-                ...KnownErrorType.constructorArgsFromJson(json));
+                ...constructorArgs);
             }
         }
-        throw new Error(`Unknown KnownError code: ${json.code}`);
+        throw new Error(`Unknown KnownError code. You may need to update your version of Stack to see more detailed information. ${json.code}: ${json.message}`);
     }
 }
 const knownErrorConstructorErrorCodeSentinel = Symbol("knownErrorConstructorErrorCodeSentinel");
@@ -56,7 +60,7 @@ function createKnownErrorConstructor(SuperClass, errorCode, create, constructorA
             this.constructorArgs = args;
         }
         static constructorArgsFromJson(json) {
-            return constructorArgsFromJsonFn(json);
+            return constructorArgsFromJsonFn(json.details);
         }
     }
     KnownErrorImpl.errorCode = errorCode;
@@ -66,12 +70,12 @@ function createKnownErrorConstructor(SuperClass, errorCode, create, constructorA
 }
 const UnsupportedError = createKnownErrorConstructor(KnownError, "UNSUPPORTED_ERROR", (originalErrorCode) => [
     500,
-    `An error occured that is not currently supported (possibly because it was added in a version of Stack that is newer than this client). The original unsupported error code was: ${originalErrorCode}`,
+    `An error occurred that is not currently supported (possibly because it was added in a version of Stack that is newer than this client). The original unsupported error code was: ${originalErrorCode}`,
     {
         originalErrorCode,
     },
 ], (json) => [
-    json.details?.originalErrorCode ?? throwErr("originalErrorCode not found in UnsupportedError details"),
+    json?.originalErrorCode ?? throwErr("originalErrorCode not found in UnsupportedError details"),
 ]);
 const BodyParsingError = createKnownErrorConstructor(KnownError, "BODY_PARSING_ERROR", (message) => [
     400,
@@ -79,7 +83,10 @@ const BodyParsingError = createKnownErrorConstructor(KnownError, "BODY_PARSING_E
 ], (json) => [json.message]);
 const SchemaError = createKnownErrorConstructor(KnownError, "SCHEMA_ERROR", (message) => [
     400,
-    message,
+    message || throwErr("SchemaError requires a message"),
+    {
+        message,
+    },
 ], (json) => [json.message]);
 const AllOverloadsFailed = createKnownErrorConstructor(KnownError, "ALL_OVERLOADS_FAILED", (overloadErrors) => [
     400,
@@ -94,58 +101,61 @@ const AllOverloadsFailed = createKnownErrorConstructor(KnownError, "ALL_OVERLOAD
         overload_errors: overloadErrors,
     },
 ], (json) => [
-    json.details?.overload_errors ?? throwErr("overload_errors not found in AllOverloadsFailed details"),
+    json?.overload_errors ?? throwErr("overload_errors not found in AllOverloadsFailed details"),
 ]);
 const ProjectAuthenticationError = createKnownErrorConstructor(KnownError, "PROJECT_AUTHENTICATION_ERROR", "inherit", "inherit");
-const InvalidProjectAccess = createKnownErrorConstructor(ProjectAuthenticationError, "INVALID_PROJECT_AUTHENTICATION", "inherit", "inherit");
+const InvalidProjectAuthentication = createKnownErrorConstructor(ProjectAuthenticationError, "INVALID_PROJECT_AUTHENTICATION", "inherit", "inherit");
+// TODO next-release: delete deprecated error type
 /**
  * @deprecated Use ProjectKeyWithoutAccessType instead
  */
-const ProjectKeyWithoutRequestType = createKnownErrorConstructor(InvalidProjectAccess, "PROJECT_KEY_WITHOUT_REQUEST_TYPE", () => [
+const ProjectKeyWithoutRequestType = createKnownErrorConstructor(InvalidProjectAuthentication, "PROJECT_KEY_WITHOUT_REQUEST_TYPE", () => [
     400,
-    "Either an API key or an admin access token was provided, but the x-stack-request-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.",
+    "Either an API key or an admin access token was provided, but the x-stack-access-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.",
 ], () => []);
+// TODO next-release: delete deprecated error type
 /**
  * @deprecated Use InvalidAccessType instead
  */
-const InvalidRequestType = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_REQUEST_TYPE", (requestType) => [
+const InvalidRequestType = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_REQUEST_TYPE", (requestType) => [
     400,
-    `The x-stack-request-type header must be 'client', 'server', or 'admin', but was '${requestType}'.`,
+    `The x-stack-access-type header must be 'client', 'server', or 'admin', but was '${requestType}'.`,
 ], (json) => [
-    json.details?.requestType ?? throwErr("requestType not found in InvalidRequestType details"),
+    json?.requestType ?? throwErr("requestType not found in InvalidRequestType details"),
 ]);
+// TODO next-release: delete deprecated error type
 /**
  * @deprecated Use AccessTypeWithoutProjectId instead
  */
-const RequestTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAccess, "REQUEST_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
+const RequestTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAuthentication, "REQUEST_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
     400,
-    `The x-stack-request-type header was '${requestType}', but the x-stack-project-id header was not provided.`,
+    `The x-stack-access-type header was '${requestType}', but the x-stack-project-id header was not provided.`,
     {
         request_type: requestType,
     },
 ], (json) => [json.request_type]);
-const ProjectKeyWithoutAccessType = createKnownErrorConstructor(InvalidProjectAccess, "PROJECT_KEY_WITHOUT_ACCESS_TYPE", () => [
+const ProjectKeyWithoutAccessType = createKnownErrorConstructor(InvalidProjectAuthentication, "PROJECT_KEY_WITHOUT_ACCESS_TYPE", () => [
     400,
     "Either an API key or an admin access token was provided, but the x-stack-access-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.",
 ], () => []);
-const InvalidAccessType = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_ACCESS_TYPE", (requestType) => [
+const InvalidAccessType = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_ACCESS_TYPE", (accessType) => [
     400,
-    `The x-stack-access-type header must be 'client', 'server', or 'admin', but was '${requestType}'.`,
+    `The x-stack-access-type header must be 'client', 'server', or 'admin', but was '${accessType}'.`,
 ], (json) => [
-    json.details?.requestType ?? throwErr("requestType not found in InvalidRequestType details"),
+    json?.accessType ?? throwErr("accessType not found in InvalidAccessType details"),
 ]);
-const AccessTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAccess, "ACCESS_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
+const AccessTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAuthentication, "ACCESS_TYPE_WITHOUT_PROJECT_ID", (accessType) => [
     400,
-    `The x-stack-access-type header was '${requestType}', but the x-stack-project-id header was not provided.`,
+    `The x-stack-access-type header was '${accessType}', but the x-stack-project-id header was not provided.`,
     {
-        request_type: requestType,
+        request_type: accessType,
     },
 ], (json) => [json.request_type]);
-const AccessTypeRequired = createKnownErrorConstructor(InvalidProjectAccess, "ACCESS_TYPE_REQUIRED", () => [
+const AccessTypeRequired = createKnownErrorConstructor(InvalidProjectAuthentication, "ACCESS_TYPE_REQUIRED", () => [
     400,
     `You must specify an access level for this Stack project. Make sure project API keys are provided (eg. x-stack-publishable-client-key) and you set the x-stack-access-type header to 'client', 'server', or 'admin'.`,
 ], () => []);
-const InsufficientAccessType = createKnownErrorConstructor(InvalidProjectAccess, "INSUFFICIENT_ACCESS_TYPE", (actualAccessType, allowedAccessTypes) => [
+const InsufficientAccessType = createKnownErrorConstructor(InvalidProjectAuthentication, "INSUFFICIENT_ACCESS_TYPE", (actualAccessType, allowedAccessTypes) => [
     401,
     `The x-stack-access-type header must be ${allowedAccessTypes.map(s => `'${s}'`).join(" or ")}, but was '${actualAccessType}'.`,
     {
@@ -153,31 +163,31 @@ const InsufficientAccessType = createKnownErrorConstructor(InvalidProjectAccess,
         allowed_access_types: allowedAccessTypes,
     },
 ], (json) => [
-    json.details.actual_access_type,
-    json.details.allowed_access_types,
+    json.actual_access_type,
+    json.allowed_access_types,
 ]);
-const InvalidPublishableClientKey = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_PUBLISHABLE_CLIENT_KEY", (projectId) => [
+const InvalidPublishableClientKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_PUBLISHABLE_CLIENT_KEY", (projectId) => [
     401,
     `The publishable key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,
     {
         project_id: projectId,
     },
 ], (json) => [json.project_id]);
-const InvalidSecretServerKey = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_SECRET_SERVER_KEY", (projectId) => [
+const InvalidSecretServerKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_SECRET_SERVER_KEY", (projectId) => [
     401,
     `The secret server key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,
     {
         project_id: projectId,
     },
 ], (json) => [json.project_id]);
-const InvalidSuperSecretAdminKey = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_SUPER_SECRET_ADMIN_KEY", (projectId) => [
+const InvalidSuperSecretAdminKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_SUPER_SECRET_ADMIN_KEY", (projectId) => [
     401,
     `The super secret admin key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,
     {
         project_id: projectId,
     },
 ], (json) => [json.project_id]);
-const InvalidAdminAccessToken = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_ADMIN_ACCESS_TOKEN", "inherit", "inherit");
+const InvalidAdminAccessToken = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_ADMIN_ACCESS_TOKEN", "inherit", "inherit");
 const UnparsableAdminAccessToken = createKnownErrorConstructor(InvalidAdminAccessToken, "UNPARSABLE_ADMIN_ACCESS_TOKEN", () => [
     401,
     "Admin access token is not parsable.",
@@ -259,22 +269,14 @@ const InvalidProjectForAccessToken = createKnownErrorConstructor(InvalidAccessTo
     401,
     "Access token not valid for this project.",
 ], () => []);
-const SessionUserEmailNotVerified = createKnownErrorConstructor(InvalidSessionAuthentication, "SESSION_USER_EMAIL_NOT_VERIFIED", () => [
-    401,
-    "User e-mail not verified, but is required by the project.",
-], () => []);
-const SessionAuthenticationRequired = createKnownErrorConstructor(SessionAuthenticationError, "SESSION_AUTHENTICATION_REQUIRED", () => [
+const RefreshTokenError = createKnownErrorConstructor(KnownError, "REFRESH_TOKEN_ERROR", "inherit", "inherit");
+const RefreshTokenNotFoundOrExpired = createKnownErrorConstructor(RefreshTokenError, "REFRESH_TOKEN_NOT_FOUND_OR_EXPIRED", () => [
     401,
-    "Session required for this request.",
+    "Refresh token not found for this project, or the session has expired/been revoked.",
 ], () => []);
-const RefreshTokenError = createKnownErrorConstructor(KnownError, "INVALID_REFRESH_TOKEN", "inherit", "inherit");
 const ProviderRejected = createKnownErrorConstructor(RefreshTokenError, "PROVIDER_REJECTED", () => [
     401,
-    "The provider refused to refresh their token.",
-], () => []);
-const InvalidRefreshToken = createKnownErrorConstructor(RefreshTokenError, "REFRESH_TOKEN_EXPIRED", () => [
-    401,
-    "Refresh token has expired. A new refresh token requires reauthentication.",
+    "The provider refused to refresh their token. This usually means that the provider used to authenticate the user no longer regards this session as valid, and the user must re-authenticate.",
 ], () => []);
 const UserEmailAlreadyExists = createKnownErrorConstructor(KnownError, "USER_EMAIL_ALREADY_EXISTS", () => [
     400,
@@ -292,9 +294,20 @@ const ApiKeyNotFound = createKnownErrorConstructor(KnownError, "API_KEY_NOT_FOUN
     404,
     "API key not found.",
 ], () => []);
-const ProjectNotFound = createKnownErrorConstructor(KnownError, "PROJECT_NOT_FOUND", () => [
-    404,
-    "Project not found or is not accessible with the current user.",
+const ProjectNotFound = createKnownErrorConstructor(KnownError, "PROJECT_NOT_FOUND", (projectId) => {
+    if (typeof projectId !== "string")
+        throw new StackAssertionError("projectId of KnownErrors.ProjectNotFound must be a string");
+    return [
+        404,
+        `Project ${projectId} not found or is not accessible with the current user.`,
+        {
+            project_id: projectId,
+        },
+    ];
+}, (json) => [json.project_id]);
+const PasswordAuthenticationNotEnabled = createKnownErrorConstructor(KnownError, "PASSWORD_AUTHENTICATION_NOT_ENABLED", () => [
+    400,
+    "Password authentication is not enabled for this project.",
 ], () => []);
 const EmailPasswordMismatch = createKnownErrorConstructor(KnownError, "EMAIL_PASSWORD_MISMATCH", () => [
     400,
@@ -309,10 +322,10 @@ const PasswordTooShort = createKnownErrorConstructor(PasswordRequirementsNotMet,
     400,
     `Password too short. Minimum length is ${minLength}.`,
     {
-        minLength,
+        min_length: minLength,
     },
 ], (json) => [
-    json.details?.minLength ?? throwErr("minLength not found in PasswordTooShort details"),
+    json?.min_length ?? throwErr("min_length not found in PasswordTooShort details"),
 ]);
 const PasswordTooLong = createKnownErrorConstructor(PasswordRequirementsNotMet, "PASSWORD_TOO_LONG", (maxLength) => [
     400,
@@ -321,8 +334,12 @@ const PasswordTooLong = createKnownErrorConstructor(PasswordRequirementsNotMet,
         maxLength,
     },
 ], (json) => [
-    json.details?.maxLength ?? throwErr("maxLength not found in PasswordTooLong details"),
+    json?.maxLength ?? throwErr("maxLength not found in PasswordTooLong details"),
 ]);
+const UserDoesNotHavePassword = createKnownErrorConstructor(KnownError, "USER_DOES_NOT_HAVE_PASSWORD", () => [
+    400,
+    "This user does not have password authentication enabled.",
+], () => []);
 const VerificationCodeError = createKnownErrorConstructor(KnownError, "VERIFICATION_ERROR", "inherit", "inherit");
 const VerificationCodeNotFound = createKnownErrorConstructor(VerificationCodeError, "VERIFICATION_CODE_NOT_FOUND", () => [
     404,
@@ -336,7 +353,7 @@ const VerificationCodeAlreadyUsed = createKnownErrorConstructor(VerificationCode
     400,
     "The verification link has already been used.",
 ], () => []);
-const PasswordMismatch = createKnownErrorConstructor(KnownError, "PASSWORD_MISMATCH", () => [
+const PasswordConfirmationMismatch = createKnownErrorConstructor(KnownError, "PASSWORD_CONFIRMATION_MISMATCH", () => [
     400,
     "Passwords do not match.",
 ], () => []);
@@ -344,43 +361,47 @@ const EmailAlreadyVerified = createKnownErrorConstructor(KnownError, "EMAIL_ALRE
     400,
     "The e-mail is already verified.",
 ], () => []);
+const EmailNotAssociatedWithUser = createKnownErrorConstructor(KnownError, "EMAIL_NOT_ASSOCIATED_WITH_USER", () => [
+    400,
+    "The e-mail is not associated with a user that could log in with that e-mail.",
+], () => []);
+const EmailIsNotPrimaryEmail = createKnownErrorConstructor(KnownError, "EMAIL_IS_NOT_PRIMARY_EMAIL", (email, primaryEmail) => [
+    400,
+    `The given e-mail (${email}) must equal the user's primary e-mail (${primaryEmail}).`,
+    {
+        email,
+        primary_email: primaryEmail,
+    },
+], (json) => [json.email, json.primary_email]);
 const PermissionNotFound = createKnownErrorConstructor(KnownError, "PERMISSION_NOT_FOUND", (permissionId) => [
     404,
-    `Permission ${permissionId} not found. Make sure you created it on the dashboard.`,
+    `Permission "${permissionId}" not found. Make sure you created it on the dashboard.`,
     {
         permission_id: permissionId,
     },
-], (json) => [json.details.permission_id]);
-const PermissionScopeMismatch = createKnownErrorConstructor(KnownError, "PERMISSION_SCOPE_MISMATCH", (permissionId, permissionScope, testScope) => {
-    return [
-        400,
-        `The scope of the permission with ID ${permissionId} is \`${permissionScope.type}\` but you tested against permissions of scope \`${testScope.type}\`. ${{
-            "global": `Please don't specify any teams when using global permissions. For example: \`user.hasPermission(${JSON.stringify(permissionId)})\`.`,
-            "any-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
-            "specific-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
-        }[permissionScope.type]}`,
-        {
-            permission_id: permissionId,
-            permission_scope: permissionScope,
-            test_scope: testScope,
-        },
-    ];
-}, (json) => [json.details.permission_id, json.details.permission_scope, json.details.test_scope]);
-const UserNotInTeam = createKnownErrorConstructor(KnownError, "USER_NOT_IN_TEAM", (userId, teamId) => [
+], (json) => [json.permission_id]);
+const ContainedPermissionNotFound = createKnownErrorConstructor(KnownError, "CONTAINED_PERMISSION_NOT_FOUND", (permissionId) => [
     400,
-    `User ${userId} is not in team ${teamId}.`,
+    `Contained permission with ID "${permissionId}" not found. Make sure you created it on the dashboard.`,
     {
-        user_id: userId,
-        team_id: teamId,
+        permission_id: permissionId,
     },
-], (json) => [json.details.user_id, json.details.team_id]);
+], (json) => [json.permission_id]);
 const TeamNotFound = createKnownErrorConstructor(KnownError, "TEAM_NOT_FOUND", (teamId) => [
     404,
     `Team ${teamId} not found.`,
     {
         team_id: teamId,
     },
-], (json) => [json.details.team_id]);
+], (json) => [json.team_id]);
+const TeamMembershipNotFound = createKnownErrorConstructor(KnownError, "TEAM_MEMBERSHIP_NOT_FOUND", (teamId, userId) => [
+    404,
+    `User ${userId} is not found in team ${teamId}.`,
+    {
+        team_id: teamId,
+        user_id: userId,
+    },
+], (json) => [json.team_id, json.user_id]);
 const EmailTemplateAlreadyExists = createKnownErrorConstructor(KnownError, "EMAIL_TEMPLATE_ALREADY_EXISTS", () => [
     400,
     "Email template already exists.",
@@ -405,6 +426,17 @@ const OAuthAccessTokenNotAvailableWithSharedOAuthKeys = createKnownErrorConstruc
     400,
     "Access tokens are not available with shared OAuth keys. Please add your own OAuth keys on the Stack dashboard to use access tokens.",
 ], () => []);
+const InvalidOAuthClientIdOrSecret = createKnownErrorConstructor(KnownError, "INVALID_OAUTH_CLIENT_ID_OR_SECRET", (clientId) => [
+    400,
+    "The OAuth client ID or secret is invalid. The client ID must be equal to the project ID, and the client secret must be a publishable client key.",
+    {
+        client_id: clientId ?? null,
+    },
+], (json) => [json.client_id ?? undefined]);
+const InvalidScope = createKnownErrorConstructor(KnownError, "INVALID_SCOPE", (scope) => [
+    400,
+    `The scope "${scope}" is not a valid OAuth scope for Stack.`,
+], (json) => [json.scope]);
 const UserAlreadyConnectedToAnotherOAuthConnection = createKnownErrorConstructor(KnownError, "USER_ALREADY_CONNECTED_TO_ANOTHER_OAUTH_CONNECTION", () => [
     400,
     "The user is already connected to another OAuth account. Did you maybe selected the wrong account?",
@@ -413,13 +445,21 @@ const OuterOAuthTimeout = createKnownErrorConstructor(KnownError, "OUTER_OAUTH_T
     408,
     "The OAuth flow has timed out. Please sign in again.",
 ], () => []);
+const OAuthProviderNotFoundOrNotEnabled = createKnownErrorConstructor(KnownError, "OAUTH_PROVIDER_NOT_FOUND_OR_NOT_ENABLED", () => [
+    400,
+    "The OAuth provider is not found or not enabled.",
+], () => []);
+const UserAuthenticationRequired = createKnownErrorConstructor(KnownError, "USER_AUTHENTICATION_REQUIRED", () => [
+    401,
+    "User authentication required for this endpoint.",
+], () => []);
 export const KnownErrors = {
     UnsupportedError,
     BodyParsingError,
     SchemaError,
     AllOverloadsFailed,
     ProjectAuthenticationError,
-    InvalidProjectAuthentication: InvalidProjectAccess,
+    InvalidProjectAuthentication,
     ProjectKeyWithoutRequestType,
     InvalidRequestType,
     RequestTypeWithoutProjectId,
@@ -451,37 +491,44 @@ export const KnownErrors = {
     UnparsableAccessToken,
     AccessTokenExpired,
     InvalidProjectForAccessToken,
-    SessionUserEmailNotVerified,
-    SessionAuthenticationRequired,
     RefreshTokenError,
     ProviderRejected,
-    InvalidRefreshToken,
+    RefreshTokenNotFoundOrExpired,
     UserEmailAlreadyExists,
     UserNotFound,
     ApiKeyNotFound,
     ProjectNotFound,
+    PasswordAuthenticationNotEnabled,
     EmailPasswordMismatch,
     RedirectUrlNotWhitelisted,
     PasswordRequirementsNotMet,
     PasswordTooShort,
     PasswordTooLong,
+    UserDoesNotHavePassword,
     VerificationCodeError,
     VerificationCodeNotFound,
     VerificationCodeExpired,
     VerificationCodeAlreadyUsed,
-    PasswordMismatch,
+    PasswordConfirmationMismatch,
     EmailAlreadyVerified,
+    EmailNotAssociatedWithUser,
+    EmailIsNotPrimaryEmail,
     PermissionNotFound,
-    PermissionScopeMismatch,
+    ContainedPermissionNotFound,
     TeamNotFound,
+    TeamMembershipNotFound,
     EmailTemplateAlreadyExists,
     OAuthConnectionNotConnectedToUser,
     OAuthConnectionAlreadyConnectedToAnotherUser,
     OAuthConnectionDoesNotHaveRequiredScope,
     OAuthExtraScopeNotAvailableWithSharedOAuthKeys,
     OAuthAccessTokenNotAvailableWithSharedOAuthKeys,
+    InvalidOAuthClientIdOrSecret,
+    InvalidScope,
     UserAlreadyConnectedToAnotherOAuthConnection,
     OuterOAuthTimeout,
+    OAuthProviderNotFoundOrNotEnabled,
+    UserAuthenticationRequired,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/schema-fields.d.ts

@@ -1,22 +1,59 @@
 import * as yup from "yup";
 declare const StackAdaptSentinel: unique symbol;
 export type StackAdaptSentinel = typeof StackAdaptSentinel;
+export declare function yupString<A extends string, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.string<A, B>>): yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare function yupNumber<A extends number, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.number<A, B>>): yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare function yupBoolean<A extends boolean, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.boolean<A, B>>): yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+/**
+ * @deprecated, use number of milliseconds since epoch instead
+ */
+export declare function yupDate<A extends Date, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.date<A, B>>): yup.DateSchema<Date | undefined, yup.AnyObject, undefined, "">;
+export declare function yupMixed<A extends {}>(...args: Parameters<typeof yup.mixed<A>>): yup.MixedSchema<A | undefined, yup.AnyObject, undefined, "">;
+export declare function yupArray<A extends yup.Maybe<yup.AnyObject> = yup.AnyObject, B = any>(...args: Parameters<typeof yup.array<A, B>>): yup.ArraySchema<B[] | undefined, A, undefined, "">;
+export declare function yupTuple<T extends [unknown, ...unknown[]]>(...args: Parameters<typeof yup.tuple<T>>): yup.TupleSchema<T | undefined, yup.AnyObject, undefined, "">;
+export declare function yupObject<A extends yup.Maybe<yup.AnyObject>, B extends yup.ObjectShape>(...args: Parameters<typeof yup.object<A, B>>): yup.ObjectSchema<yup.TypeFromShape<B, yup.AnyObject> extends infer T ? T extends yup.TypeFromShape<B, yup.AnyObject> ? T extends {} ? { [k in keyof T]: T[k]; } : T : never : never, yup.AnyObject, yup.DefaultFromShape<B> extends infer T_1 ? T_1 extends yup.DefaultFromShape<B> ? T_1 extends {} ? { [k_1 in keyof T_1]: T_1[k_1]; } : T_1 : never : never, "">;
 export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | undefined, yup.AnyObject, undefined, "">;
 /**
  * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.
  */
 export declare const urlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const jsonSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
+export declare const jsonStringSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const adminAuthTypeSchema: yup.StringSchema<"admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const projectIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
-export declare const userIdRequestSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const projectDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const projectDescriptionSchema: yup.StringSchema<string | null | undefined, yup.AnyObject, undefined, "">;
+export declare const projectCreatedAtMillisSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare const projectUserCountSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare const projectIsProductionModeSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectConfigIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const projectAllowLocalhostSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectCreateTeamOnSignUpSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectMagicLinkEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectCredentialEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthIdSchema: yup.StringSchema<"google" | "github" | "facebook" | "microsoft" | "spotify" | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthTypeSchema: yup.StringSchema<"shared" | "standard" | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthClientIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthClientSecretSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailTypeSchema: yup.StringSchema<"shared" | "standard" | undefined, yup.AnyObject, undefined, "">;
+export declare const emailSenderNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailHostSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailPortSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare const emailUsernameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailSenderEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailPasswordSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const domainSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const handlerPathSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare class ReplaceFieldWithOwnUserId extends Error {
     readonly path: string;
     constructor(path: string);
 }
-export declare const userIdOrMeRequestSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
-export declare const userIdResponseSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const userIdOrMeSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const userIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const primaryEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const primaryEmailVerifiedSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const userDisplayNameSchema: yup.StringSchema<string | null | undefined, yup.AnyObject, undefined, "">;
@@ -26,7 +63,8 @@ export declare const signedUpAtMillisSchema: yup.NumberSchema<number | undefined
 export declare const userClientMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const userServerMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const signInEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
-export declare const verificationLinkRedirectUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailOtpSignInCallbackUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailVerificationCallbackUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const accessTokenResponseSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const refreshTokenResponseSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const signInResponseSchema: yup.ObjectSchema<{
@@ -40,4 +78,15 @@ export declare const signInResponseSchema: yup.ObjectSchema<{
     is_new_user: undefined;
     user_id: undefined;
 }, "">;
+export declare const teamSystemPermissions: readonly ["$update_team", "$delete_team", "$read_members", "$remove_members", "$invite_members"];
+export declare const teamPermissionIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const customTeamPermissionIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const teamPermissionDescriptionSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const containedPermissionIdsSchema: yup.ArraySchema<string[] | undefined, yup.AnyObject, undefined, "">;
+export declare const teamIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const teamDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const teamClientMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
+export declare const teamServerMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
+export declare const teamCreatedAtMillisSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare function yupRequiredWhen<S extends yup.AnyObject>(schema: S, triggerName: string, isValue: any): S;
 export {};