@stackframe/stack-shared 2.5.8 → 2.5.9

package/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @stackframe/stack-shared
 
+## 2.5.9
+
+### Patch Changes
+
+- Impersonation
+  - @stackframe/stack-sc@2.5.9
+
 ## 2.5.8
 
 ### Patch Changes

package/dist/interface/clientInterface.d.ts

@@ -3,6 +3,7 @@ import { AccessToken, InternalSession, RefreshToken } from '../sessions';
 import { ReadonlyJson } from '../utils/json';
 import { Result } from "../utils/results";
 import { CurrentUserCrud } from './crud/current-user';
+import { ProviderAccessTokenCrud } from './crud/oauth';
 import { InternalProjectsCrud, ProjectsCrud } from './crud/projects';
 import { TeamPermissionsCrud } from './crud/team-permissions';
 import { TeamsCrud } from './crud/teams';
@@ -15,12 +16,6 @@ export type ClientInterfaceOptions = {
 } | {
     projectOwnerSession: InternalSession;
 });
-export type SharedProvider = "shared-github" | "shared-google" | "shared-facebook" | "shared-microsoft" | "shared-spotify";
-export declare const sharedProviders: readonly ["shared-github", "shared-google", "shared-facebook", "shared-microsoft", "shared-spotify"];
-export type StandardProvider = "github" | "facebook" | "google" | "microsoft" | "spotify";
-export declare const standardProviders: readonly ["github", "facebook", "google", "microsoft", "spotify"];
-export declare function toStandardProvider(provider: SharedProvider | StandardProvider): StandardProvider;
-export declare function toSharedProvider(provider: SharedProvider | StandardProvider): SharedProvider;
 export declare class StackClientInterface {
     readonly options: ClientInterfaceOptions;
     constructor(options: ClientInterfaceOptions);
@@ -46,7 +41,7 @@ export declare class StackClientInterface {
         featureName?: string;
     } & ReadonlyJson): Promise<never>;
     sendForgotPasswordEmail(email: string, callbackUrl: string): Promise<KnownErrors["UserNotFound"] | undefined>;
-    sendVerificationEmail(emailVerificationRedirectUrl: string, session: InternalSession): Promise<KnownErrors["EmailAlreadyVerified"] | undefined>;
+    sendVerificationEmail(email: string, callbackUrl: string, session: InternalSession): Promise<KnownErrors["EmailAlreadyVerified"] | undefined>;
     sendMagicLinkEmail(email: string, callbackUrl: string): Promise<KnownErrors["RedirectUrlNotWhitelisted"] | undefined>;
     resetPassword(options: {
         code: string;
@@ -111,8 +106,6 @@ export declare class StackClientInterface {
     updateClientUser(update: CurrentUserCrud["Client"]["Update"], session: InternalSession): Promise<void>;
     listProjects(session: InternalSession): Promise<InternalProjectsCrud['Client']['Read'][]>;
     createProject(project: InternalProjectsCrud['Client']['Create'], session: InternalSession): Promise<InternalProjectsCrud['Client']['Read']>;
-    getAccessToken(provider: string, scope: string, session: InternalSession): Promise<{
-        accessToken: string;
-    }>;
+    createProviderAccessToken(provider: string, scope: string, session: InternalSession): Promise<ProviderAccessTokenCrud['Client']['Read']>;
     createTeamForCurrentUser(data: TeamsCrud['Client']['Create'], session: InternalSession): Promise<TeamsCrud['Client']['Read']>;
 }

package/dist/interface/clientInterface.js

@@ -6,26 +6,6 @@ import { generateSecureRandomString } from '../utils/crypto';
 import { StackAssertionError, throwErr } from '../utils/errors';
 import { globalVar } from '../utils/globals';
 import { Result } from "../utils/results";
-export const sharedProviders = [
-    "shared-github",
-    "shared-google",
-    "shared-facebook",
-    "shared-microsoft",
-    "shared-spotify",
-];
-export const standardProviders = [
-    "github",
-    "facebook",
-    "google",
-    "microsoft",
-    "spotify",
-];
-export function toStandardProvider(provider) {
-    return provider.replace("shared-", "");
-}
-export function toSharedProvider(provider) {
-    return "shared-" + provider;
-}
 export class StackClientInterface {
     constructor(options) {
         this.options = options;
@@ -254,14 +234,15 @@ export class StackClientInterface {
             return res.error;
         }
     }
-    async sendVerificationEmail(emailVerificationRedirectUrl, session) {
+    async sendVerificationEmail(email, callbackUrl, session) {
         const res = await this.sendClientRequestAndCatchKnownError("/contact-channels/send-verification-code", {
             method: "POST",
             headers: {
                 "Content-Type": "application/json"
             },
             body: JSON.stringify({
-                emailVerificationRedirectUrl,
+                email,
+                callback_url: callbackUrl,
             }),
         }, session, [KnownErrors.EmailAlreadyVerified]);
         if (res.status === "error") {
@@ -417,7 +398,7 @@ export class StackClientInterface {
         url.searchParams.set("type", options.type);
         url.searchParams.set("error_redirect_url", options.errorRedirectUrl);
         if (options.afterCallbackRedirectUrl) {
-            url.searchParams.set("after_callback_redirect_rrl", options.afterCallbackRedirectUrl);
+            url.searchParams.set("after_callback_redirect_url", options.afterCallbackRedirectUrl);
         }
         if (options.type === "link") {
             const tokens = await options.session.getPotentiallyExpiredTokens();
@@ -551,18 +532,15 @@ export class StackClientInterface {
         const json = await fetchResponse.json();
         return json;
     }
-    async getAccessToken(provider, scope, session) {
-        const response = await this.sendClientRequest(`/auth/oauth/connected-account/${provider}/access-token`, {
+    async createProviderAccessToken(provider, scope, session) {
+        const response = await this.sendClientRequest(`/auth/oauth/connected-accounts/${provider}/access-token`, {
             method: "POST",
             headers: {
                 "content-type": "application/json",
             },
             body: JSON.stringify({ scope }),
         }, session);
-        const json = await response.json();
-        return {
-            accessToken: json.accessToken,
-        };
+        return await response.json();
     }
     async createTeamForCurrentUser(data, session) {
         const response = await this.sendClientRequest("/teams?add_current_user=true", {

package/dist/interface/crud/oauth.d.ts

@@ -1,15 +1,15 @@
 import { CrudTypeOf } from "../../crud";
-export declare const accessTokenReadSchema: import("yup").ObjectSchema<{
+export declare const providerAccessTokenReadSchema: import("yup").ObjectSchema<{
     access_token: string;
 }, import("yup").AnyObject, {
     access_token: undefined;
 }, "">;
-export declare const accessTokenCreateSchema: import("yup").ObjectSchema<{
+export declare const providerAccessTokenCreateSchema: import("yup").ObjectSchema<{
     scope: string | undefined;
 }, import("yup").AnyObject, {
     scope: undefined;
 }, "">;
-export declare const accessTokenCrud: import("../../crud").CrudSchemaFromOptions<{
+export declare const providerAccessTokenCrud: import("../../crud").CrudSchemaFromOptions<{
     clientReadSchema: import("yup").ObjectSchema<{
         access_token: string;
     }, import("yup").AnyObject, {
@@ -21,4 +21,4 @@ export declare const accessTokenCrud: import("../../crud").CrudSchemaFromOptions
         scope: undefined;
     }, "">;
 }>;
-export type AccessTokenCrud = CrudTypeOf<typeof accessTokenCrud>;
+export type ProviderAccessTokenCrud = CrudTypeOf<typeof providerAccessTokenCrud>;

package/dist/interface/crud/oauth.js

@@ -1,12 +1,12 @@
 import { createCrud } from "../../crud";
 import { yupObject, yupString } from "../../schema-fields";
-export const accessTokenReadSchema = yupObject({
+export const providerAccessTokenReadSchema = yupObject({
     access_token: yupString().required(),
 }).required();
-export const accessTokenCreateSchema = yupObject({
+export const providerAccessTokenCreateSchema = yupObject({
     scope: yupString().optional(),
 }).required();
-export const accessTokenCrud = createCrud({
-    clientReadSchema: accessTokenReadSchema,
-    clientCreateSchema: accessTokenCreateSchema,
+export const providerAccessTokenCrud = createCrud({
+    clientReadSchema: providerAccessTokenReadSchema,
+    clientCreateSchema: providerAccessTokenCreateSchema,
 });

package/dist/interface/crud/team-member-profiles.d.ts

@@ -0,0 +1,72 @@
+import { CrudTypeOf } from "../../crud";
+export declare const teamMemberProfilesCrudClientReadSchema: import("yup").ObjectSchema<{
+    team_id: string;
+    user_id: string;
+    display_name: string | null;
+    profile_image_url: string | null;
+}, import("yup").AnyObject, {
+    team_id: undefined;
+    user_id: undefined;
+    display_name: undefined;
+    profile_image_url: undefined;
+}, "">;
+export declare const teamMemberProfilesCrudClientUpdateSchema: import("yup").ObjectSchema<{
+    display_name: string | undefined;
+    profile_image_url: string | null | undefined;
+}, import("yup").AnyObject, {
+    display_name: undefined;
+    profile_image_url: undefined;
+}, "">;
+export declare const teamMemberProfilesCrud: import("../../crud").CrudSchemaFromOptions<{
+    clientReadSchema: import("yup").ObjectSchema<{
+        team_id: string;
+        user_id: string;
+        display_name: string | null;
+        profile_image_url: string | null;
+    }, import("yup").AnyObject, {
+        team_id: undefined;
+        user_id: undefined;
+        display_name: undefined;
+        profile_image_url: undefined;
+    }, "">;
+    clientUpdateSchema: import("yup").ObjectSchema<{
+        display_name: string | undefined;
+        profile_image_url: string | null | undefined;
+    }, import("yup").AnyObject, {
+        display_name: undefined;
+        profile_image_url: undefined;
+    }, "">;
+    docs: {
+        clientList: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        serverList: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        clientRead: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        serverRead: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        clientUpdate: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        serverUpdate: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+    };
+}>;
+export type TeamMemberProfilesCrud = CrudTypeOf<typeof teamMemberProfilesCrud>;

package/dist/interface/crud/team-member-profiles.js

@@ -0,0 +1,49 @@
+import { createCrud } from "../../crud";
+import * as schemaFields from "../../schema-fields";
+import { yupObject } from "../../schema-fields";
+export const teamMemberProfilesCrudClientReadSchema = yupObject({
+    team_id: schemaFields.teamIdSchema.required(),
+    user_id: schemaFields.userIdSchema.required(),
+    display_name: schemaFields.teamMemberDisplayNameSchema.nullable().defined(),
+    profile_image_url: schemaFields.teamMemberProfileImageUrlSchema.nullable().defined(),
+}).required();
+export const teamMemberProfilesCrudClientUpdateSchema = yupObject({
+    display_name: schemaFields.teamMemberDisplayNameSchema.optional(),
+    profile_image_url: schemaFields.teamMemberProfileImageUrlSchema.nullable().optional(),
+}).required();
+export const teamMemberProfilesCrud = createCrud({
+    clientReadSchema: teamMemberProfilesCrudClientReadSchema,
+    clientUpdateSchema: teamMemberProfilesCrudClientUpdateSchema,
+    docs: {
+        clientList: {
+            summary: "List team members profiles",
+            description: "List team members profiles. You always need to specify a `team_id` that your are a member of on the client. You can always filter for your own profile by setting `me` as the `user_id` in the path parameters. If you want list all the profiles in a team, you need to have the `$read_members` permission in that team.",
+            tags: ["Teams"],
+        },
+        serverList: {
+            summary: "List team members profiles",
+            description: "List team members profiles and filter by team ID and user ID",
+            tags: ["Teams"],
+        },
+        clientRead: {
+            summary: "Get a team member profile",
+            description: "Get a team member profile. you can always get your own profile by setting `me` as the `user_id` in the path parameters on the client. If you want to get someone else's profile in a team, you need to have the `$read_members` permission in that team.",
+            tags: ["Teams"],
+        },
+        serverRead: {
+            summary: "Get a team member profile",
+            description: "Get a team member profile by user ID",
+            tags: ["Teams"],
+        },
+        clientUpdate: {
+            summary: "Update your team member profile",
+            description: "Update your own team member profile. `user_id` must be `me` in the path parameters on the client.",
+            tags: ["Teams"],
+        },
+        serverUpdate: {
+            summary: "Update a team member profile",
+            description: "Update a team member profile by user ID",
+            tags: ["Teams"],
+        },
+    },
+});

package/dist/interface/crud/team-memberships.d.ts

@@ -1,11 +1,11 @@
 import { CrudTypeOf } from "../../crud";
-export declare const teamMembershipsCrudServerReadSchema: import("yup").ObjectSchema<{}, import("yup").AnyObject, {}, "">;
+export declare const teamMembershipsCrudClientReadSchema: import("yup").ObjectSchema<{}, import("yup").AnyObject, {}, "">;
 export declare const teamMembershipsCrudServerCreateSchema: import("yup").ObjectSchema<{}, import("yup").AnyObject, {}, "">;
-export declare const teamMembershipsCrudServerDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
+export declare const teamMembershipsCrudClientDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
 export declare const teamMembershipsCrud: import("../../crud").CrudSchemaFromOptions<{
-    serverReadSchema: import("yup").ObjectSchema<{}, import("yup").AnyObject, {}, "">;
+    clientReadSchema: import("yup").ObjectSchema<{}, import("yup").AnyObject, {}, "">;
+    clientDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
     serverCreateSchema: import("yup").ObjectSchema<{}, import("yup").AnyObject, {}, "">;
-    serverDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
     docs: {
         serverCreate: {
             summary: string;

package/dist/interface/crud/team-memberships.js

@@ -1,12 +1,14 @@
 import { createCrud } from "../../crud";
 import { yupMixed, yupObject } from "../../schema-fields";
-export const teamMembershipsCrudServerReadSchema = yupObject({}).required();
+export const teamMembershipsCrudClientReadSchema = yupObject({}).required();
 export const teamMembershipsCrudServerCreateSchema = yupObject({}).required();
-export const teamMembershipsCrudServerDeleteSchema = yupMixed();
+export const teamMembershipsCrudClientDeleteSchema = yupMixed();
 export const teamMembershipsCrud = createCrud({
-    serverReadSchema: teamMembershipsCrudServerReadSchema,
+    // Client
+    clientReadSchema: teamMembershipsCrudClientReadSchema,
+    clientDeleteSchema: teamMembershipsCrudClientDeleteSchema,
+    // Server
     serverCreateSchema: teamMembershipsCrudServerCreateSchema,
-    serverDeleteSchema: teamMembershipsCrudServerDeleteSchema,
     docs: {
         serverCreate: {
             summary: "Add a user to a team",

package/dist/interface/crud/teams.d.ts

@@ -64,6 +64,13 @@ export declare const teamsCrud: import("../../crud").CrudSchemaFromOptions<{
         display_name: undefined;
         profile_image_url: undefined;
     }, "">;
+    clientUpdateSchema: import("yup").ObjectSchema<{
+        display_name: string | undefined;
+        profile_image_url: string | null | undefined;
+    }, import("yup").AnyObject, {
+        display_name: undefined;
+        profile_image_url: undefined;
+    }, "">;
     clientCreateSchema: import("yup").ObjectSchema<{
         display_name: string;
         profile_image_url: string | null | undefined;
@@ -73,6 +80,7 @@ export declare const teamsCrud: import("../../crud").CrudSchemaFromOptions<{
         display_name: undefined;
         profile_image_url: undefined;
     }, "">;
+    clientDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
     serverReadSchema: import("yup").ObjectSchema<{
         id: string;
         display_name: string;

package/dist/interface/crud/teams.js

@@ -5,7 +5,7 @@ import { yupMixed, yupObject } from "../../schema-fields";
 export const teamsCrudClientReadSchema = yupObject({
     id: fieldSchema.teamIdSchema.required(),
     display_name: fieldSchema.teamDisplayNameSchema.required(),
-    profile_image_url: fieldSchema.profileImageUrlSchema.nullable().defined(),
+    profile_image_url: fieldSchema.teamProfileImageUrlSchema.nullable().defined(),
 }).required();
 export const teamsCrudServerReadSchema = teamsCrudClientReadSchema.concat(yupObject({
     created_at_millis: fieldSchema.teamCreatedAtMillisSchema.required(),
@@ -13,7 +13,7 @@ export const teamsCrudServerReadSchema = teamsCrudClientReadSchema.concat(yupObj
 // Update
 export const teamsCrudClientUpdateSchema = yupObject({
     display_name: fieldSchema.teamDisplayNameSchema.optional(),
-    profile_image_url: fieldSchema.profileImageUrlSchema.nullable().optional(),
+    profile_image_url: fieldSchema.teamProfileImageUrlSchema.nullable().optional(),
 }).required();
 export const teamsCrudServerUpdateSchema = teamsCrudClientUpdateSchema.concat(yupObject({}).required());
 // Create
@@ -27,10 +27,12 @@ export const teamsCrudServerCreateSchema = teamsCrudServerUpdateSchema.concat(yu
 export const teamsCrudClientDeleteSchema = yupMixed();
 export const teamsCrudServerDeleteSchema = teamsCrudClientDeleteSchema;
 export const teamsCrud = createCrud({
+    // Client
     clientReadSchema: teamsCrudClientReadSchema,
-    // clientUpdateSchema: teamsCrudClientUpdateSchema,
+    clientUpdateSchema: teamsCrudClientUpdateSchema,
     clientCreateSchema: teamsCrudClientCreateSchema,
-    // clientDeleteSchema: teamsCrudClientDeleteSchema,
+    clientDeleteSchema: teamsCrudClientDeleteSchema,
+    // Server
     serverReadSchema: teamsCrudServerReadSchema,
     serverUpdateSchema: teamsCrudServerUpdateSchema,
     serverCreateSchema: teamsCrudServerCreateSchema,

package/dist/interface/crud-deprecated/current-user.d.ts

@@ -5,8 +5,8 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         display_name: string | null;
         oauth_providers: {
             email?: string | null | undefined;
-            account_id: string;
             provider_id: string;
+            account_id: string;
         }[];
         project_id: string;
         primary_email: string | null;
@@ -48,8 +48,8 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         auth_with_email: NonNullable<boolean | undefined>;
         oauth_providers: {
             email?: string | null | undefined;
-            account_id: string;
             provider_id: string;
+            account_id: string;
         }[];
         client_metadata: {} | null;
         server_metadata: {} | null;

package/dist/interface/crud-deprecated/users.d.ts

@@ -34,8 +34,8 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
     auth_with_email: NonNullable<boolean | undefined>;
     oauth_providers: {
         email?: string | null | undefined;
-        account_id: string;
         provider_id: string;
+        account_id: string;
     }[];
     client_metadata: {} | null;
     server_metadata: {} | null;
@@ -68,8 +68,8 @@ export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
 } & {
     oauth_providers: {
         email: string | null;
-        account_id: string;
         provider_id: string;
+        account_id: string;
     }[] | undefined;
 }, import("yup").AnyObject, {
     display_name: undefined;
@@ -99,8 +99,8 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         auth_with_email: NonNullable<boolean | undefined>;
         oauth_providers: {
             email?: string | null | undefined;
-            account_id: string;
             provider_id: string;
+            account_id: string;
         }[];
         client_metadata: {} | null;
         server_metadata: {} | null;
@@ -154,8 +154,8 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
     } & {
         oauth_providers: {
             email: string | null;
-            account_id: string;
             provider_id: string;
+            account_id: string;
         }[] | undefined;
     }, import("yup").AnyObject, {
         display_name: undefined;

package/dist/interface/serverInterface.d.ts

@@ -49,6 +49,10 @@ export declare class StackServerInterface extends StackClientInterface {
         teamId: string;
     }): Promise<void>;
     updateServerUser(userId: string, update: UsersCrud['Server']['Update']): Promise<UsersCrud['Server']['Read']>;
+    createServerUserSession(userId: string, expiresInMillis: number): Promise<{
+        accessToken: string;
+        refreshToken: string;
+    }>;
     listServerTeamMemberPermissions(options: {
         teamId: string;
         userId: string;

package/dist/interface/serverInterface.js

@@ -130,6 +130,23 @@ export class StackServerInterface extends StackClientInterface {
         }, null);
         return await response.json();
     }
+    async createServerUserSession(userId, expiresInMillis) {
+        const response = await this.sendServerRequest("/auth/sessions", {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                user_id: userId,
+                expires_in_millis: expiresInMillis,
+            }),
+        }, null);
+        const result = await response.json();
+        return {
+            accessToken: result.access_token,
+            refreshToken: result.refresh_token,
+        };
+    }
     async listServerTeamMemberPermissions(options) {
         const response = await this.sendServerRequest(`/team-permissions?team_id=${options.teamId}&user_id=${options.userId}&recursive=${options.recursive}`, {}, null);
         const result = await response.json();

package/dist/known-errors.d.ts

@@ -233,6 +233,9 @@ export declare const KnownErrors: {
     UserEmailAlreadyExists: KnownErrorConstructor<KnownError & KnownErrorBrand<"USER_EMAIL_ALREADY_EXISTS">, []> & {
         errorCode: "USER_EMAIL_ALREADY_EXISTS";
     };
+    UserIdDoesNotExist: KnownErrorConstructor<KnownError & KnownErrorBrand<"USER_ID_DOES_NOT_EXIST">, [userId: string]> & {
+        errorCode: "USER_ID_DOES_NOT_EXIST";
+    };
     UserNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"USER_NOT_FOUND">, []> & {
         errorCode: "USER_NOT_FOUND";
     };
@@ -348,5 +351,14 @@ export declare const KnownErrors: {
     TeamMembershipAlreadyExists: KnownErrorConstructor<KnownError & KnownErrorBrand<"TEAM_MEMBERSHIP_ALREADY_EXISTS">, []> & {
         errorCode: "TEAM_MEMBERSHIP_ALREADY_EXISTS";
     };
+    TeamPermissionRequired: KnownErrorConstructor<KnownError & KnownErrorBrand<"TEAM_PERMISSION_REQUIRED">, [any, any, any]> & {
+        errorCode: "TEAM_PERMISSION_REQUIRED";
+    };
+    InvalidSharedOAuthProviderId: KnownErrorConstructor<KnownError & KnownErrorBrand<"INVALID_SHARED_OAUTH_PROVIDER_ID">, [any]> & {
+        errorCode: "INVALID_SHARED_OAUTH_PROVIDER_ID";
+    };
+    InvalidStandardOAuthProviderId: KnownErrorConstructor<KnownError & KnownErrorBrand<"INVALID_STANDARD_OAUTH_PROVIDER_ID">, [any]> & {
+        errorCode: "INVALID_STANDARD_OAUTH_PROVIDER_ID";
+    };
 };
 export {};

package/dist/known-errors.js

@@ -146,14 +146,22 @@ const InvalidAccessType = createKnownErrorConstructor(InvalidProjectAuthenticati
 ]);
 const AccessTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAuthentication, "ACCESS_TYPE_WITHOUT_PROJECT_ID", (accessType) => [
     400,
-    `The x-stack-access-type header was '${accessType}', but the x-stack-project-id header was not provided.`,
+    deindent `
+      The x-stack-access-type header was '${accessType}', but the x-stack-project-id header was not provided.
+      
+      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/auth#authentication
+    `,
     {
         request_type: accessType,
     },
 ], (json) => [json.request_type]);
 const AccessTypeRequired = createKnownErrorConstructor(InvalidProjectAuthentication, "ACCESS_TYPE_REQUIRED", () => [
     400,
-    `You must specify an access level for this Stack project. Make sure project API keys are provided (eg. x-stack-publishable-client-key) and you set the x-stack-access-type header to 'client', 'server', or 'admin'.`,
+    deindent `
+      You must specify an access level for this Stack project. Make sure project API keys are provided (eg. x-stack-publishable-client-key) and you set the x-stack-access-type header to 'client', 'server', or 'admin'.
+      
+      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/auth#authentication
+    `,
 ], () => []);
 const InsufficientAccessType = createKnownErrorConstructor(InvalidProjectAuthentication, "INSUFFICIENT_ACCESS_TYPE", (actualAccessType, allowedAccessTypes) => [
     401,
@@ -286,6 +294,13 @@ const CannotGetOwnUserWithoutUser = createKnownErrorConstructor(KnownError, "CAN
     400,
     "You have specified 'me' as a userId, but did not provide authentication for a user.",
 ], () => []);
+const UserIdDoesNotExist = createKnownErrorConstructor(KnownError, "USER_ID_DOES_NOT_EXIST", (userId) => [
+    400,
+    `The given user with the ID ${userId} does not exist.`,
+    {
+        user_id: userId,
+    },
+], (json) => [json.user_id]);
 const UserNotFound = createKnownErrorConstructor(KnownError, "USER_NOT_FOUND", () => [
     404,
     "User not found.",
@@ -464,6 +479,29 @@ const TeamMembershipAlreadyExists = createKnownErrorConstructor(KnownError, "TEA
     400,
     "Team membership already exists.",
 ], () => []);
+const TeamPermissionRequired = createKnownErrorConstructor(KnownError, "TEAM_PERMISSION_REQUIRED", (teamId, userId, permissionId) => [
+    401,
+    `User ${userId} does not have permission ${permissionId} in team ${teamId}.`,
+    {
+        team_id: teamId,
+        user_id: userId,
+        permission_id: permissionId,
+    },
+], (json) => [json.team_id, json.user_id, json.permission_id]);
+const InvalidSharedOAuthProviderId = createKnownErrorConstructor(KnownError, "INVALID_SHARED_OAUTH_PROVIDER_ID", (providerId) => [
+    400,
+    `The shared OAuth provider with ID ${providerId} is not valid.`,
+    {
+        provider_id: providerId,
+    },
+], (json) => [json.provider_id]);
+const InvalidStandardOAuthProviderId = createKnownErrorConstructor(KnownError, "INVALID_STANDARD_OAUTH_PROVIDER_ID", (providerId) => [
+    400,
+    `The standard OAuth provider with ID ${providerId} is not valid.`,
+    {
+        provider_id: providerId,
+    },
+], (json) => [json.provider_id]);
 export const KnownErrors = {
     UnsupportedError,
     BodyParsingError,
@@ -506,6 +544,7 @@ export const KnownErrors = {
     ProviderRejected,
     RefreshTokenNotFoundOrExpired,
     UserEmailAlreadyExists,
+    UserIdDoesNotExist,
     UserNotFound,
     ApiKeyNotFound,
     ProjectNotFound,
@@ -541,6 +580,9 @@ export const KnownErrors = {
     OAuthProviderNotFoundOrNotEnabled,
     UserAuthenticationRequired,
     TeamMembershipAlreadyExists,
+    TeamPermissionRequired,
+    InvalidSharedOAuthProviderId,
+    InvalidStandardOAuthProviderId,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/schema-fields.d.ts

@@ -19,6 +19,7 @@ export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | un
 export declare const urlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const jsonSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const jsonStringSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const jsonStringOrEmptySchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin" | undefined, yup.AnyObject, undefined, "">;
@@ -85,8 +86,11 @@ export declare const teamPermissionDescriptionSchema: yup.StringSchema<string |
 export declare const containedPermissionIdsSchema: yup.ArraySchema<string[] | undefined, yup.AnyObject, undefined, "">;
 export declare const teamIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const teamDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const teamProfileImageUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const teamClientMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const teamServerMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const teamCreatedAtMillisSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare const teamMemberDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const teamMemberProfileImageUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare function yupRequiredWhen<S extends yup.AnyObject>(schema: S, triggerName: string, isValue: any): S;
 export {};

package/dist/schema-fields.js

@@ -1,12 +1,13 @@
 import * as yup from "yup";
+import { allProviders } from "./utils/oauth";
 import { isUuid } from "./utils/uuids";
 const _idDescription = (identify) => `The unique identifier of this ${identify}`;
 const _displayNameDescription = (identify) => `Human-readable ${identify} display name. This is not a unique identifier.`;
 const _clientMetaDataDescription = (identify) => `Client metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client.`;
+const _profileImageUrlDescription = (identify) => `URL of the profile image for ${identify}. Can be a Base64 encoded image. Please compress and crop to a square before passing in.`;
 const _serverMetaDataDescription = (identify) => `Server metadata. Used as a data store, only accessible from the server side. You can store secret information related to the ${identify} here.`;
 const _atMillisDescription = (identify) => `(the number of milliseconds since epoch, January 1, 1970, UTC)`;
 const _createdAtMillisDescription = (identify) => `The time the ${identify} was created ${_atMillisDescription(identify)}`;
-const _updatedAtMillisDescription = (identify) => `The time the ${identify} was last updated ${_atMillisDescription(identify)}`;
 const _signedUpAtMillisDescription = `The time the user signed up ${_atMillisDescription}`;
 // Built-in replacements
 /* eslint-disable no-restricted-syntax */
@@ -86,6 +87,17 @@ export const jsonStringSchema = yupString().test("json", "Invalid JSON format",
         return false;
     }
 });
+export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON format", (value) => {
+    if (!value)
+        return true;
+    try {
+        JSON.parse(value);
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+});
 export const emailSchema = yupString().email();
 // Request auth
 export const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']);
@@ -105,7 +117,7 @@ export const projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField:
 export const projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether magic link authentication is enabled for this project', exampleValue: true } });
 export const projectCredentialEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether email password authentication is enabled for this project', exampleValue: true } });
 // Project OAuth config
-export const oauthIdSchema = yupString().oneOf(['google', 'github', 'facebook', 'microsoft', 'spotify']).meta({ openapiField: { description: 'OAuth provider ID, one of google, github, facebook, microsoft, spotify', exampleValue: 'google' } });
+export const oauthIdSchema = yupString().oneOf(allProviders).meta({ openapiField: { description: `OAuth provider ID, one of ${allProviders.map(x => `\`${x}\``).join(', ')}`, exampleValue: 'google' } });
 export const oauthEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether the OAuth provider is enabled. If an provider is first enabled, then disabled, it will be shown in the list but with enabled=false', exampleValue: true } });
 export const oauthTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'OAuth provider type, one of shared, standard. "shared" uses Stack shared OAuth keys and it is only meant for development. "standard" uses your own OAuth keys and will show your logo and company name when signing in with the provider.', exampleValue: 'standard' } });
 export const oauthClientIdSchema = yupString().meta({ openapiField: { description: 'OAuth client ID. Needs to be specified when using type="standard"', exampleValue: 'google-oauth-client-id' } });
@@ -144,7 +156,7 @@ export const primaryEmailSchema = emailSchema.meta({ openapiField: { description
 export const primaryEmailVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });
 export const userDisplayNameSchema = yupString().nullable().meta({ openapiField: { description: _displayNameDescription('user'), exampleValue: 'John Doe' } });
 export const selectedTeamIdSchema = yupString().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
-export const profileImageUrlSchema = yupString().meta({ openapiField: { description: 'Profile image URL. Can be a Base64 encoded image. Please compress and crop to a square before passing in.', exampleValue: 'https://example.com/image.jpg' } });
+export const profileImageUrlSchema = yupString().meta({ openapiField: { description: _profileImageUrlDescription('user'), exampleValue: 'https://example.com/image.jpg' } });
 export const signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: _signedUpAtMillisDescription, exampleValue: 1630000000000 } });
 export const userClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('user'), exampleValue: { key: 'value' } } });
 export const userServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('user'), exampleValue: { key: 'value' } } });
@@ -187,9 +199,13 @@ export const containedPermissionIdsSchema = yupArray(teamPermissionDefinitionIdS
 // Teams
 export const teamIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription('team'), exampleValue: 'ad962777-8244-496a-b6a2-e0c6a449c79e' } });
 export const teamDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team'), exampleValue: 'My Team' } });
+export const teamProfileImageUrlSchema = yupString().meta({ openapiField: { description: _profileImageUrlDescription('team'), exampleValue: 'https://example.com/image.jpg' } });
 export const teamClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('team'), exampleValue: { key: 'value' } } });
 export const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('team'), exampleValue: { key: 'value' } } });
 export const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });
+// Team member profiles
+export const teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team member') + ' Note that this is separate from the display_name of the user.', exampleValue: 'John Doe' } });
+export const teamMemberProfileImageUrlSchema = yupString().meta({ openapiField: { description: _profileImageUrlDescription('team member'), exampleValue: 'https://example.com/image.jpg' } });
 // Utils
 export function yupRequiredWhen(schema, triggerName, isValue) {
     return schema.when(triggerName, {

package/dist/utils/errors.js

@@ -13,7 +13,7 @@ export function throwErr(...args) {
 }
 export class StackAssertionError extends Error {
     constructor(message, extraData, options) {
-        const disclaimer = `\n\nThis is likely an error in Stack. Please report it.`;
+        const disclaimer = `\n\nThis is likely an error in Stack. Please make sure you are running the newest version and report it.`;
         super(`${message}${message.endsWith(disclaimer) ? "" : disclaimer}`, options);
         this.extraData = extraData;
     }

package/dist/utils/oauth.d.ts

@@ -0,0 +1,6 @@
+export declare const standardProviders: readonly ["google", "github", "facebook", "microsoft", "spotify"];
+export declare const sharedProviders: readonly ["google", "github", "facebook", "microsoft", "spotify"];
+export declare const allProviders: readonly ["google", "github", "facebook", "microsoft", "spotify"];
+export type ProviderType = typeof allProviders[number];
+export type StandardProviderType = typeof standardProviders[number];
+export type SharedProviderType = typeof sharedProviders[number];

package/dist/utils/oauth.js

@@ -0,0 +1,3 @@
+export const standardProviders = ["google", "github", "facebook", "microsoft", "spotify"];
+export const sharedProviders = ["google", "github", "facebook", "microsoft", "spotify"];
+export const allProviders = ["google", "github", "facebook", "microsoft", "spotify"];

package/dist/utils/urls.d.ts

@@ -1 +1,3 @@
 export declare function isLocalhost(urlOrString: string | URL): boolean;
+export declare function isRelative(url: string): boolean;
+export declare function getRelativePart(url: URL): string;

package/dist/utils/urls.js

@@ -1,3 +1,4 @@
+import { generateSecureRandomString } from "./crypto";
 export function isLocalhost(urlOrString) {
     const url = new URL(urlOrString);
     if (url.hostname === "localhost" || url.hostname.endsWith(".localhost"))
@@ -6,3 +7,15 @@ export function isLocalhost(urlOrString) {
         return true;
     return false;
 }
+export function isRelative(url) {
+    const randomDomain = `${generateSecureRandomString()}.stack-auth.example.com`;
+    const u = new URL(url, `https://${randomDomain}`);
+    if (u.host !== randomDomain)
+        return false;
+    if (u.protocol !== "https:")
+        return false;
+    return true;
+}
+export function getRelativePart(url) {
+    return url.pathname + url.search + url.hash;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.5.8",
+  "version": "2.5.9",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -36,7 +36,7 @@
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.5.8"
+    "@stackframe/stack-sc": "2.5.9"
   },
   "devDependencies": {
     "rimraf": "^5.0.5",