@stackframe/stack-shared 2.6.1 → 2.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/dist/interface/clientInterface.d.ts +1 -1
  3. package/dist/interface/clientInterface.js +2 -2
  4. package/dist/interface/crud/current-user.d.ts +12 -66
  5. package/dist/interface/crud/current-user.js +0 -2
  6. package/dist/interface/crud/projects.d.ts +10 -0
  7. package/dist/interface/crud/projects.js +3 -0
  8. package/dist/interface/crud/team-member-profiles.d.ts +8 -62
  9. package/dist/interface/crud/teams.d.ts +8 -0
  10. package/dist/interface/crud/teams.js +2 -0
  11. package/dist/interface/crud/users.d.ts +36 -144
  12. package/dist/interface/crud/users.js +9 -29
  13. package/dist/interface/serverInterface.d.ts +1 -1
  14. package/dist/interface/serverInterface.js +2 -2
  15. package/dist/interface/webhooks.d.ts +18 -72
  16. package/dist/schema-fields.d.ts +1 -0
  17. package/dist/schema-fields.js +1 -0
  18. package/dist/utils/jwt.d.ts +25 -10
  19. package/dist/utils/jwt.js +54 -25
  20. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # @stackframe/stack-shared
2
2
 
3
+ ## 2.6.3
4
+
5
+ ### Patch Changes
6
+
7
+ - Bugfixes
8
+ - @stackframe/stack-sc@2.6.3
9
+
10
+ ## 2.6.2
11
+
12
+ ### Patch Changes
13
+
14
+ - Several bugfixes & typos
15
+ - @stackframe/stack-sc@2.6.2
16
+
3
17
  ## 2.6.1
4
18
 
5
19
  ### Patch Changes
package/dist/interface/clientInterface.d.ts CHANGED
@@ -156,6 +156,6 @@ export declare class StackClientInterface {
156
156
  listProjects(session: InternalSession): Promise<InternalProjectsCrud['Client']['Read'][]>;
157
157
  createProject(project: InternalProjectsCrud['Client']['Create'], session: InternalSession): Promise<InternalProjectsCrud['Client']['Read']>;
158
158
  createProviderAccessToken(provider: string, scope: string, session: InternalSession): Promise<ConnectedAccountAccessTokenCrud['Client']['Read']>;
159
- createTeamForCurrentUser(data: TeamsCrud['Client']['Create'], session: InternalSession): Promise<TeamsCrud['Client']['Read']>;
159
+ createClientTeam(data: TeamsCrud['Client']['Create'], session: InternalSession): Promise<TeamsCrud['Client']['Read']>;
160
160
  deleteCurrentUser(session: InternalSession): Promise<void>;
161
161
  }
package/dist/interface/clientInterface.js CHANGED
@@ -732,8 +732,8 @@ export class StackClientInterface {
732
732
  }, session);
733
733
  return await response.json();
734
734
  }
735
- async createTeamForCurrentUser(data, session) {
736
- const response = await this.sendClientRequest("/teams?add_current_user=true", {
735
+ async createClientTeam(data, session) {
736
+ const response = await this.sendClientRequest("/teams", {
737
737
  method: "POST",
738
738
  headers: {
739
739
  "content-type": "application/json",
package/dist/interface/crud/current-user.d.ts CHANGED
@@ -18,31 +18,6 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
18
18
  has_password: NonNullable<boolean | undefined>;
19
19
  auth_with_email: NonNullable<boolean | undefined>;
20
20
  requires_totp_mfa: NonNullable<boolean | undefined>;
21
- auth_methods: ({
22
- type: "password";
23
- identifier: string;
24
- } | {
25
- type: "otp";
26
- contact_channel: {
27
- type: "email";
28
- email: string;
29
- };
30
- } | {
31
- type: "oauth";
32
- provider: {
33
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
34
- id: string;
35
- provider_user_id: string;
36
- };
37
- })[];
38
- connected_accounts: {
39
- type: "oauth";
40
- provider: {
41
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
42
- id: string;
43
- provider_user_id: string;
44
- };
45
- }[];
46
21
  } & {
47
22
  selected_team: {
48
23
  client_metadata?: {} | null | undefined;
@@ -67,15 +42,13 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
67
42
  profile_image_url: undefined;
68
43
  signed_up_at_millis: undefined;
69
44
  has_password: undefined;
70
- auth_with_email: undefined;
71
- requires_totp_mfa: undefined;
72
- oauth_providers: undefined;
73
- auth_methods: undefined;
74
- connected_accounts: undefined;
75
45
  client_metadata: undefined;
76
46
  client_read_only_metadata: undefined;
77
47
  server_metadata: undefined;
78
48
  last_active_at_millis: undefined;
49
+ oauth_providers: undefined;
50
+ auth_with_email: undefined;
51
+ requires_totp_mfa: undefined;
79
52
  }, "">;
80
53
  serverReadSchema: import("yup").ObjectSchema<{
81
54
  id: string;
@@ -95,42 +68,17 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
95
68
  profile_image_url: string | null;
96
69
  signed_up_at_millis: number;
97
70
  has_password: NonNullable<boolean | undefined>;
98
- auth_with_email: NonNullable<boolean | undefined>;
99
- requires_totp_mfa: NonNullable<boolean | undefined>;
71
+ client_metadata: {} | null;
72
+ client_read_only_metadata: {} | null;
73
+ server_metadata: {} | null;
74
+ last_active_at_millis: number;
100
75
  oauth_providers: {
101
76
  email?: string | null | undefined;
102
77
  id: string;
103
78
  account_id: string;
104
79
  }[];
105
- auth_methods: ({
106
- type: "password";
107
- identifier: string;
108
- } | {
109
- type: "otp";
110
- contact_channel: {
111
- type: "email";
112
- email: string;
113
- };
114
- } | {
115
- type: "oauth";
116
- provider: {
117
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
118
- id: string;
119
- provider_user_id: string;
120
- };
121
- })[];
122
- connected_accounts: {
123
- type: "oauth";
124
- provider: {
125
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
126
- id: string;
127
- provider_user_id: string;
128
- };
129
- }[];
130
- client_metadata: {} | null;
131
- client_read_only_metadata: {} | null;
132
- server_metadata: {} | null;
133
- last_active_at_millis: number;
80
+ auth_with_email: NonNullable<boolean | undefined>;
81
+ requires_totp_mfa: NonNullable<boolean | undefined>;
134
82
  } | null, import("yup").AnyObject, {
135
83
  id: undefined;
136
84
  primary_email: undefined;
@@ -149,15 +97,13 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
149
97
  profile_image_url: undefined;
150
98
  signed_up_at_millis: undefined;
151
99
  has_password: undefined;
152
- auth_with_email: undefined;
153
- requires_totp_mfa: undefined;
154
- oauth_providers: undefined;
155
- auth_methods: undefined;
156
- connected_accounts: undefined;
157
100
  client_metadata: undefined;
158
101
  client_read_only_metadata: undefined;
159
102
  server_metadata: undefined;
160
103
  last_active_at_millis: undefined;
104
+ oauth_providers: undefined;
105
+ auth_with_email: undefined;
106
+ requires_totp_mfa: undefined;
161
107
  }, "">;
162
108
  clientUpdateSchema: import("yup").ObjectSchema<{
163
109
  display_name: string | null | undefined;
package/dist/interface/crud/current-user.js CHANGED
@@ -23,8 +23,6 @@ const clientReadSchema = usersCrudServerReadSchema.pick([
23
23
  "auth_with_email",
24
24
  "oauth_providers",
25
25
  "selected_team_id",
26
- "auth_methods",
27
- "connected_accounts",
28
26
  "requires_totp_mfa",
29
27
  ]).concat(yupObject({
30
28
  selected_team: teamsCrudClientReadSchema.nullable().defined(),
package/dist/interface/crud/projects.d.ts CHANGED
@@ -12,6 +12,7 @@ export declare const projectsCrudAdminReadSchema: import("yup").ObjectSchema<{
12
12
  sign_up_enabled: NonNullable<boolean | undefined>;
13
13
  credential_enabled: NonNullable<boolean | undefined>;
14
14
  magic_link_enabled: NonNullable<boolean | undefined>;
15
+ legacy_global_jwt_signing: NonNullable<boolean | undefined>;
15
16
  client_team_creation_enabled: NonNullable<boolean | undefined>;
16
17
  client_user_deletion_enabled: NonNullable<boolean | undefined>;
17
18
  oauth_providers: {
@@ -60,6 +61,7 @@ export declare const projectsCrudAdminReadSchema: import("yup").ObjectSchema<{
60
61
  sign_up_enabled: undefined;
61
62
  credential_enabled: undefined;
62
63
  magic_link_enabled: undefined;
64
+ legacy_global_jwt_signing: undefined;
63
65
  client_team_creation_enabled: undefined;
64
66
  client_user_deletion_enabled: undefined;
65
67
  oauth_providers: undefined;
@@ -113,6 +115,7 @@ export declare const projectsCrudAdminUpdateSchema: import("yup").ObjectSchema<{
113
115
  sign_up_enabled?: boolean | undefined;
114
116
  credential_enabled?: boolean | undefined;
115
117
  magic_link_enabled?: boolean | undefined;
118
+ legacy_global_jwt_signing?: false | undefined;
116
119
  client_team_creation_enabled?: boolean | undefined;
117
120
  client_user_deletion_enabled?: boolean | undefined;
118
121
  oauth_providers?: {
@@ -160,6 +163,7 @@ export declare const projectsCrudAdminCreateSchema: import("yup").ObjectSchema<{
160
163
  sign_up_enabled?: boolean | undefined;
161
164
  credential_enabled?: boolean | undefined;
162
165
  magic_link_enabled?: boolean | undefined;
166
+ legacy_global_jwt_signing?: false | undefined;
163
167
  client_team_creation_enabled?: boolean | undefined;
164
168
  client_user_deletion_enabled?: boolean | undefined;
165
169
  oauth_providers?: {
@@ -240,6 +244,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
240
244
  sign_up_enabled: NonNullable<boolean | undefined>;
241
245
  credential_enabled: NonNullable<boolean | undefined>;
242
246
  magic_link_enabled: NonNullable<boolean | undefined>;
247
+ legacy_global_jwt_signing: NonNullable<boolean | undefined>;
243
248
  client_team_creation_enabled: NonNullable<boolean | undefined>;
244
249
  client_user_deletion_enabled: NonNullable<boolean | undefined>;
245
250
  oauth_providers: {
@@ -288,6 +293,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
288
293
  sign_up_enabled: undefined;
289
294
  credential_enabled: undefined;
290
295
  magic_link_enabled: undefined;
296
+ legacy_global_jwt_signing: undefined;
291
297
  client_team_creation_enabled: undefined;
292
298
  client_user_deletion_enabled: undefined;
293
299
  oauth_providers: undefined;
@@ -316,6 +322,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
316
322
  sign_up_enabled?: boolean | undefined;
317
323
  credential_enabled?: boolean | undefined;
318
324
  magic_link_enabled?: boolean | undefined;
325
+ legacy_global_jwt_signing?: false | undefined;
319
326
  client_team_creation_enabled?: boolean | undefined;
320
327
  client_user_deletion_enabled?: boolean | undefined;
321
328
  oauth_providers?: {
@@ -393,6 +400,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
393
400
  sign_up_enabled: NonNullable<boolean | undefined>;
394
401
  credential_enabled: NonNullable<boolean | undefined>;
395
402
  magic_link_enabled: NonNullable<boolean | undefined>;
403
+ legacy_global_jwt_signing: NonNullable<boolean | undefined>;
396
404
  client_team_creation_enabled: NonNullable<boolean | undefined>;
397
405
  client_user_deletion_enabled: NonNullable<boolean | undefined>;
398
406
  oauth_providers: {
@@ -441,6 +449,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
441
449
  sign_up_enabled: undefined;
442
450
  credential_enabled: undefined;
443
451
  magic_link_enabled: undefined;
452
+ legacy_global_jwt_signing: undefined;
444
453
  client_team_creation_enabled: undefined;
445
454
  client_user_deletion_enabled: undefined;
446
455
  oauth_providers: undefined;
@@ -469,6 +478,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
469
478
  sign_up_enabled?: boolean | undefined;
470
479
  credential_enabled?: boolean | undefined;
471
480
  magic_link_enabled?: boolean | undefined;
481
+ legacy_global_jwt_signing?: false | undefined;
472
482
  client_team_creation_enabled?: boolean | undefined;
473
483
  client_user_deletion_enabled?: boolean | undefined;
474
484
  oauth_providers?: {
package/dist/interface/crud/projects.js CHANGED
@@ -43,6 +43,8 @@ export const projectsCrudAdminReadSchema = yupObject({
43
43
  sign_up_enabled: schemaFields.projectSignUpEnabledSchema.required(),
44
44
  credential_enabled: schemaFields.projectCredentialEnabledSchema.required(),
45
45
  magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.required(),
46
+ // TODO: remove this
47
+ legacy_global_jwt_signing: schemaFields.yupBoolean().required(),
46
48
  client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.required(),
47
49
  client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.required(),
48
50
  oauth_providers: yupArray(oauthProviderSchema.required()).required(),
@@ -76,6 +78,7 @@ export const projectsCrudAdminUpdateSchema = yupObject({
76
78
  magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.optional(),
77
79
  client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.optional(),
78
80
  client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.optional(),
81
+ legacy_global_jwt_signing: schemaFields.yupBoolean().isFalse().optional(),
79
82
  allow_localhost: schemaFields.projectAllowLocalhostSchema.optional(),
80
83
  email_config: emailConfigSchema.optional().default(undefined),
81
84
  domains: yupArray(domainSchema.required()).optional().default(undefined),
package/dist/interface/crud/team-member-profiles.d.ts CHANGED
@@ -42,34 +42,9 @@ export declare const teamMemberProfilesCrudServerReadSchema: import("yup").Objec
42
42
  } | null;
43
43
  signed_up_at_millis: number;
44
44
  has_password: NonNullable<boolean | undefined>;
45
+ last_active_at_millis: number;
45
46
  auth_with_email: NonNullable<boolean | undefined>;
46
47
  requires_totp_mfa: NonNullable<boolean | undefined>;
47
- auth_methods: ({
48
- type: "password";
49
- identifier: string;
50
- } | {
51
- type: "otp";
52
- contact_channel: {
53
- type: "email";
54
- email: string;
55
- };
56
- } | {
57
- type: "oauth";
58
- provider: {
59
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
60
- id: string;
61
- provider_user_id: string;
62
- };
63
- })[];
64
- connected_accounts: {
65
- type: "oauth";
66
- provider: {
67
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
68
- id: string;
69
- provider_user_id: string;
70
- };
71
- }[];
72
- last_active_at_millis: number;
73
48
  };
74
49
  }>, import("yup").AnyObject, {
75
50
  team_id: undefined;
@@ -94,15 +69,13 @@ export declare const teamMemberProfilesCrudServerReadSchema: import("yup").Objec
94
69
  profile_image_url: undefined;
95
70
  signed_up_at_millis: undefined;
96
71
  has_password: undefined;
97
- auth_with_email: undefined;
98
- requires_totp_mfa: undefined;
99
- oauth_providers: undefined;
100
- auth_methods: undefined;
101
- connected_accounts: undefined;
102
72
  client_metadata: undefined;
103
73
  client_read_only_metadata: undefined;
104
74
  server_metadata: undefined;
105
75
  last_active_at_millis: undefined;
76
+ oauth_providers: undefined;
77
+ auth_with_email: undefined;
78
+ requires_totp_mfa: undefined;
106
79
  };
107
80
  }, "">;
108
81
  export declare const teamMemberProfilesCrudClientUpdateSchema: import("yup").ObjectSchema<{
@@ -156,34 +129,9 @@ export declare const teamMemberProfilesCrud: import("../../crud").CrudSchemaFrom
156
129
  } | null;
157
130
  signed_up_at_millis: number;
158
131
  has_password: NonNullable<boolean | undefined>;
132
+ last_active_at_millis: number;
159
133
  auth_with_email: NonNullable<boolean | undefined>;
160
134
  requires_totp_mfa: NonNullable<boolean | undefined>;
161
- auth_methods: ({
162
- type: "password";
163
- identifier: string;
164
- } | {
165
- type: "otp";
166
- contact_channel: {
167
- type: "email";
168
- email: string;
169
- };
170
- } | {
171
- type: "oauth";
172
- provider: {
173
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
174
- id: string;
175
- provider_user_id: string;
176
- };
177
- })[];
178
- connected_accounts: {
179
- type: "oauth";
180
- provider: {
181
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
182
- id: string;
183
- provider_user_id: string;
184
- };
185
- }[];
186
- last_active_at_millis: number;
187
135
  };
188
136
  }>, import("yup").AnyObject, {
189
137
  team_id: undefined;
@@ -208,15 +156,13 @@ export declare const teamMemberProfilesCrud: import("../../crud").CrudSchemaFrom
208
156
  profile_image_url: undefined;
209
157
  signed_up_at_millis: undefined;
210
158
  has_password: undefined;
211
- auth_with_email: undefined;
212
- requires_totp_mfa: undefined;
213
- oauth_providers: undefined;
214
- auth_methods: undefined;
215
- connected_accounts: undefined;
216
159
  client_metadata: undefined;
217
160
  client_read_only_metadata: undefined;
218
161
  server_metadata: undefined;
219
162
  last_active_at_millis: undefined;
163
+ oauth_providers: undefined;
164
+ auth_with_email: undefined;
165
+ requires_totp_mfa: undefined;
220
166
  };
221
167
  }, "">;
222
168
  clientUpdateSchema: import("yup").ObjectSchema<{
package/dist/interface/crud/teams.d.ts CHANGED
@@ -59,10 +59,12 @@ export declare const teamsCrudClientCreateSchema: import("yup").ObjectSchema<{
59
59
  client_metadata: {} | null | undefined;
60
60
  } & {
61
61
  display_name: string;
62
+ creator_user_id: string | undefined;
62
63
  }, import("yup").AnyObject, {
63
64
  display_name: undefined;
64
65
  profile_image_url: undefined;
65
66
  client_metadata: undefined;
67
+ creator_user_id: undefined;
66
68
  }, "">;
67
69
  export declare const teamsCrudServerCreateSchema: import("yup").ObjectSchema<{
68
70
  display_name: string;
@@ -72,12 +74,14 @@ export declare const teamsCrudServerCreateSchema: import("yup").ObjectSchema<{
72
74
  server_metadata: {} | null | undefined;
73
75
  } & {
74
76
  display_name: string;
77
+ creator_user_id: string | undefined;
75
78
  }, import("yup").AnyObject, {
76
79
  display_name: undefined;
77
80
  profile_image_url: undefined;
78
81
  client_metadata: undefined;
79
82
  client_read_only_metadata: undefined;
80
83
  server_metadata: undefined;
84
+ creator_user_id: undefined;
81
85
  }, "">;
82
86
  export declare const teamsCrudClientDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
83
87
  export declare const teamsCrudServerDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
@@ -110,10 +114,12 @@ export declare const teamsCrud: import("../../crud").CrudSchemaFromOptions<{
110
114
  client_metadata: {} | null | undefined;
111
115
  } & {
112
116
  display_name: string;
117
+ creator_user_id: string | undefined;
113
118
  }, import("yup").AnyObject, {
114
119
  display_name: undefined;
115
120
  profile_image_url: undefined;
116
121
  client_metadata: undefined;
122
+ creator_user_id: undefined;
117
123
  }, "">;
118
124
  clientDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
119
125
  serverReadSchema: import("yup").ObjectSchema<{
@@ -156,12 +162,14 @@ export declare const teamsCrud: import("../../crud").CrudSchemaFromOptions<{
156
162
  server_metadata: {} | null | undefined;
157
163
  } & {
158
164
  display_name: string;
165
+ creator_user_id: string | undefined;
159
166
  }, import("yup").AnyObject, {
160
167
  display_name: undefined;
161
168
  profile_image_url: undefined;
162
169
  client_metadata: undefined;
163
170
  client_read_only_metadata: undefined;
164
171
  server_metadata: undefined;
172
+ creator_user_id: undefined;
165
173
  }, "">;
166
174
  serverDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
167
175
  docs: {
package/dist/interface/crud/teams.js CHANGED
@@ -26,9 +26,11 @@ export const teamsCrudServerUpdateSchema = teamsCrudClientUpdateSchema.concat(yu
26
26
  // Create
27
27
  export const teamsCrudClientCreateSchema = teamsCrudClientUpdateSchema.concat(yupObject({
28
28
  display_name: fieldSchema.teamDisplayNameSchema.required(),
29
+ creator_user_id: fieldSchema.teamCreatorUserIdSchema.optional(),
29
30
  }).required());
30
31
  export const teamsCrudServerCreateSchema = teamsCrudServerUpdateSchema.concat(yupObject({
31
32
  display_name: fieldSchema.teamDisplayNameSchema.required(),
33
+ creator_user_id: fieldSchema.teamCreatorUserIdSchema.optional(),
32
34
  }).required());
33
35
  // Delete
34
36
  export const teamsCrudClientDeleteSchema = fieldSchema.yupMixed();
package/dist/interface/crud/users.d.ts CHANGED
@@ -42,42 +42,17 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
42
42
  profile_image_url: string | null;
43
43
  signed_up_at_millis: number;
44
44
  has_password: NonNullable<boolean | undefined>;
45
- auth_with_email: NonNullable<boolean | undefined>;
46
- requires_totp_mfa: NonNullable<boolean | undefined>;
45
+ client_metadata: {} | null;
46
+ client_read_only_metadata: {} | null;
47
+ server_metadata: {} | null;
48
+ last_active_at_millis: number;
47
49
  oauth_providers: {
48
50
  email?: string | null | undefined;
49
51
  id: string;
50
52
  account_id: string;
51
53
  }[];
52
- auth_methods: ({
53
- type: "password";
54
- identifier: string;
55
- } | {
56
- type: "otp";
57
- contact_channel: {
58
- type: "email";
59
- email: string;
60
- };
61
- } | {
62
- type: "oauth";
63
- provider: {
64
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
65
- id: string;
66
- provider_user_id: string;
67
- };
68
- })[];
69
- connected_accounts: {
70
- type: "oauth";
71
- provider: {
72
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
73
- id: string;
74
- provider_user_id: string;
75
- };
76
- }[];
77
- client_metadata: {} | null;
78
- client_read_only_metadata: {} | null;
79
- server_metadata: {} | null;
80
- last_active_at_millis: number;
54
+ auth_with_email: NonNullable<boolean | undefined>;
55
+ requires_totp_mfa: NonNullable<boolean | undefined>;
81
56
  }, import("yup").AnyObject, {
82
57
  id: undefined;
83
58
  primary_email: undefined;
@@ -96,15 +71,13 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
96
71
  profile_image_url: undefined;
97
72
  signed_up_at_millis: undefined;
98
73
  has_password: undefined;
99
- auth_with_email: undefined;
100
- requires_totp_mfa: undefined;
101
- oauth_providers: undefined;
102
- auth_methods: undefined;
103
- connected_accounts: undefined;
104
74
  client_metadata: undefined;
105
75
  client_read_only_metadata: undefined;
106
76
  server_metadata: undefined;
107
77
  last_active_at_millis: undefined;
78
+ oauth_providers: undefined;
79
+ auth_with_email: undefined;
80
+ requires_totp_mfa: undefined;
108
81
  }, "">;
109
82
  export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
110
83
  primary_email: string | null | undefined;
@@ -157,42 +130,17 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
157
130
  profile_image_url: string | null;
158
131
  signed_up_at_millis: number;
159
132
  has_password: NonNullable<boolean | undefined>;
160
- auth_with_email: NonNullable<boolean | undefined>;
161
- requires_totp_mfa: NonNullable<boolean | undefined>;
133
+ client_metadata: {} | null;
134
+ client_read_only_metadata: {} | null;
135
+ server_metadata: {} | null;
136
+ last_active_at_millis: number;
162
137
  oauth_providers: {
163
138
  email?: string | null | undefined;
164
139
  id: string;
165
140
  account_id: string;
166
141
  }[];
167
- auth_methods: ({
168
- type: "password";
169
- identifier: string;
170
- } | {
171
- type: "otp";
172
- contact_channel: {
173
- type: "email";
174
- email: string;
175
- };
176
- } | {
177
- type: "oauth";
178
- provider: {
179
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
180
- id: string;
181
- provider_user_id: string;
182
- };
183
- })[];
184
- connected_accounts: {
185
- type: "oauth";
186
- provider: {
187
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
188
- id: string;
189
- provider_user_id: string;
190
- };
191
- }[];
192
- client_metadata: {} | null;
193
- client_read_only_metadata: {} | null;
194
- server_metadata: {} | null;
195
- last_active_at_millis: number;
142
+ auth_with_email: NonNullable<boolean | undefined>;
143
+ requires_totp_mfa: NonNullable<boolean | undefined>;
196
144
  }, import("yup").AnyObject, {
197
145
  id: undefined;
198
146
  primary_email: undefined;
@@ -211,15 +159,13 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
211
159
  profile_image_url: undefined;
212
160
  signed_up_at_millis: undefined;
213
161
  has_password: undefined;
214
- auth_with_email: undefined;
215
- requires_totp_mfa: undefined;
216
- oauth_providers: undefined;
217
- auth_methods: undefined;
218
- connected_accounts: undefined;
219
162
  client_metadata: undefined;
220
163
  client_read_only_metadata: undefined;
221
164
  server_metadata: undefined;
222
165
  last_active_at_millis: undefined;
166
+ oauth_providers: undefined;
167
+ auth_with_email: undefined;
168
+ requires_totp_mfa: undefined;
223
169
  }, "">;
224
170
  serverUpdateSchema: import("yup").ObjectSchema<{
225
171
  display_name: string | null | undefined;
@@ -327,42 +273,17 @@ export declare const userCreatedWebhookEvent: {
327
273
  profile_image_url: string | null;
328
274
  signed_up_at_millis: number;
329
275
  has_password: NonNullable<boolean | undefined>;
330
- auth_with_email: NonNullable<boolean | undefined>;
331
- requires_totp_mfa: NonNullable<boolean | undefined>;
276
+ client_metadata: {} | null;
277
+ client_read_only_metadata: {} | null;
278
+ server_metadata: {} | null;
279
+ last_active_at_millis: number;
332
280
  oauth_providers: {
333
281
  email?: string | null | undefined;
334
282
  id: string;
335
283
  account_id: string;
336
284
  }[];
337
- auth_methods: ({
338
- type: "password";
339
- identifier: string;
340
- } | {
341
- type: "otp";
342
- contact_channel: {
343
- type: "email";
344
- email: string;
345
- };
346
- } | {
347
- type: "oauth";
348
- provider: {
349
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
350
- id: string;
351
- provider_user_id: string;
352
- };
353
- })[];
354
- connected_accounts: {
355
- type: "oauth";
356
- provider: {
357
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
358
- id: string;
359
- provider_user_id: string;
360
- };
361
- }[];
362
- client_metadata: {} | null;
363
- client_read_only_metadata: {} | null;
364
- server_metadata: {} | null;
365
- last_active_at_millis: number;
285
+ auth_with_email: NonNullable<boolean | undefined>;
286
+ requires_totp_mfa: NonNullable<boolean | undefined>;
366
287
  }, import("yup").AnyObject, {
367
288
  id: undefined;
368
289
  primary_email: undefined;
@@ -381,15 +302,13 @@ export declare const userCreatedWebhookEvent: {
381
302
  profile_image_url: undefined;
382
303
  signed_up_at_millis: undefined;
383
304
  has_password: undefined;
384
- auth_with_email: undefined;
385
- requires_totp_mfa: undefined;
386
- oauth_providers: undefined;
387
- auth_methods: undefined;
388
- connected_accounts: undefined;
389
305
  client_metadata: undefined;
390
306
  client_read_only_metadata: undefined;
391
307
  server_metadata: undefined;
392
308
  last_active_at_millis: undefined;
309
+ oauth_providers: undefined;
310
+ auth_with_email: undefined;
311
+ requires_totp_mfa: undefined;
393
312
  }, "">;
394
313
  metadata: {
395
314
  summary: string;
@@ -417,42 +336,17 @@ export declare const userUpdatedWebhookEvent: {
417
336
  profile_image_url: string | null;
418
337
  signed_up_at_millis: number;
419
338
  has_password: NonNullable<boolean | undefined>;
420
- auth_with_email: NonNullable<boolean | undefined>;
421
- requires_totp_mfa: NonNullable<boolean | undefined>;
339
+ client_metadata: {} | null;
340
+ client_read_only_metadata: {} | null;
341
+ server_metadata: {} | null;
342
+ last_active_at_millis: number;
422
343
  oauth_providers: {
423
344
  email?: string | null | undefined;
424
345
  id: string;
425
346
  account_id: string;
426
347
  }[];
427
- auth_methods: ({
428
- type: "password";
429
- identifier: string;
430
- } | {
431
- type: "otp";
432
- contact_channel: {
433
- type: "email";
434
- email: string;
435
- };
436
- } | {
437
- type: "oauth";
438
- provider: {
439
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
440
- id: string;
441
- provider_user_id: string;
442
- };
443
- })[];
444
- connected_accounts: {
445
- type: "oauth";
446
- provider: {
447
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
448
- id: string;
449
- provider_user_id: string;
450
- };
451
- }[];
452
- client_metadata: {} | null;
453
- client_read_only_metadata: {} | null;
454
- server_metadata: {} | null;
455
- last_active_at_millis: number;
348
+ auth_with_email: NonNullable<boolean | undefined>;
349
+ requires_totp_mfa: NonNullable<boolean | undefined>;
456
350
  }, import("yup").AnyObject, {
457
351
  id: undefined;
458
352
  primary_email: undefined;
@@ -471,15 +365,13 @@ export declare const userUpdatedWebhookEvent: {
471
365
  profile_image_url: undefined;
472
366
  signed_up_at_millis: undefined;
473
367
  has_password: undefined;
474
- auth_with_email: undefined;
475
- requires_totp_mfa: undefined;
476
- oauth_providers: undefined;
477
- auth_methods: undefined;
478
- connected_accounts: undefined;
479
368
  client_metadata: undefined;
480
369
  client_read_only_metadata: undefined;
481
370
  server_metadata: undefined;
482
371
  last_active_at_millis: undefined;
372
+ oauth_providers: undefined;
373
+ auth_with_email: undefined;
374
+ requires_totp_mfa: undefined;
483
375
  }, "">;
484
376
  metadata: {
485
377
  summary: string;
package/dist/interface/crud/users.js CHANGED
@@ -24,6 +24,15 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
24
24
  profile_image_url: fieldSchema.profileImageUrlSchema.nullable().defined(),
25
25
  signed_up_at_millis: fieldSchema.signedUpAtMillisSchema.required(),
26
26
  has_password: fieldSchema.yupBoolean().required().meta({ openapiField: { description: 'Whether the user has a password associated with their account', exampleValue: true } }),
27
+ client_metadata: fieldSchema.userClientMetadataSchema,
28
+ client_read_only_metadata: fieldSchema.userClientReadOnlyMetadataSchema,
29
+ server_metadata: fieldSchema.userServerMetadataSchema,
30
+ last_active_at_millis: fieldSchema.userLastActiveAtMillisSchema.required(),
31
+ oauth_providers: fieldSchema.yupArray(fieldSchema.yupObject({
32
+ id: fieldSchema.yupString().required(),
33
+ account_id: fieldSchema.yupString().required(),
34
+ email: fieldSchema.yupString().nullable(),
35
+ }).required()).required().meta({ openapiField: { hidden: true, description: 'A list of OAuth providers connected to this account', exampleValue: [{ id: 'google', account_id: '12345', email: 'john.doe@gmail.com' }] } }),
27
36
  /**
28
37
  * @deprecated
29
38
  */
@@ -32,35 +41,6 @@ export const usersCrudServerReadSchema = fieldSchema.yupObject({
32
41
  * @deprecated
33
42
  */
34
43
  requires_totp_mfa: fieldSchema.yupBoolean().required().meta({ openapiField: { hidden: true, description: 'Whether the user is required to use TOTP MFA to sign in', exampleValue: false } }),
35
- /**
36
- * @deprecated
37
- */
38
- oauth_providers: fieldSchema.yupArray(fieldSchema.yupObject({
39
- id: fieldSchema.yupString().required(),
40
- account_id: fieldSchema.yupString().required(),
41
- email: fieldSchema.yupString().nullable(),
42
- }).required()).required().meta({ openapiField: { hidden: true, description: 'A list of OAuth providers connected to this account', exampleValue: [{ id: 'google', account_id: '12345', email: 'john.doe@gmail.com' }] } }),
43
- auth_methods: fieldSchema.yupArray(fieldSchema.yupUnion(fieldSchema.yupObject({
44
- type: fieldSchema.yupString().oneOf(['password']).required(),
45
- identifier: fieldSchema.yupString().required(),
46
- }).required(), fieldSchema.yupObject({
47
- type: fieldSchema.yupString().oneOf(['otp']).required(),
48
- contact_channel: fieldSchema.yupObject({
49
- type: fieldSchema.yupString().oneOf(['email']).required(),
50
- email: fieldSchema.yupString().required(),
51
- }).required(),
52
- }).required(), fieldSchema.yupObject({
53
- type: fieldSchema.yupString().oneOf(['oauth']).required(),
54
- provider: fieldSchema.userOAuthProviderSchema.required(),
55
- }).required())).required().meta({ openapiField: { hidden: true, description: 'A list of authentication methods available for this user to sign in with', exampleValue: [{ "contact_channel": { "email": "john.doe@gmail.com", "type": "email", }, "type": "otp", }] } }),
56
- connected_accounts: fieldSchema.yupArray(fieldSchema.yupUnion(fieldSchema.yupObject({
57
- type: fieldSchema.yupString().oneOf(['oauth']).required(),
58
- provider: fieldSchema.userOAuthProviderSchema.required(),
59
- }).required())).required().meta({ openapiField: { hidden: true, description: 'A list of connected accounts to this user', exampleValue: [{ "provider": { "provider_user_id": "12345", "type": "google", }, "type": "oauth", }] } }),
60
- client_metadata: fieldSchema.userClientMetadataSchema,
61
- client_read_only_metadata: fieldSchema.userClientReadOnlyMetadataSchema,
62
- server_metadata: fieldSchema.userServerMetadataSchema,
63
- last_active_at_millis: fieldSchema.userLastActiveAtMillisSchema.required(),
64
44
  }).required();
65
45
  export const usersCrudServerCreateSchema = usersCrudServerUpdateSchema.omit(['selected_team_id']).concat(fieldSchema.yupObject({
66
46
  oauth_providers: fieldSchema.yupArray(fieldSchema.yupObject({
package/dist/interface/serverInterface.d.ts CHANGED
@@ -49,7 +49,7 @@ export declare class StackServerInterface extends StackClientInterface {
49
49
  userId?: string;
50
50
  }): Promise<TeamsCrud['Server']['Read'][]>;
51
51
  listServerTeamUsers(teamId: string): Promise<UsersCrud['Server']['Read'][]>;
52
- createServerTeam(data: TeamsCrud['Server']['Create'], session?: InternalSession): Promise<TeamsCrud['Server']['Read']>;
52
+ createServerTeam(data: TeamsCrud['Server']['Create']): Promise<TeamsCrud['Server']['Read']>;
53
53
  updateServerTeam(teamId: string, data: TeamsCrud['Server']['Update']): Promise<TeamsCrud['Server']['Read']>;
54
54
  deleteServerTeam(teamId: string): Promise<void>;
55
55
  addServerUserToTeam(options: {
package/dist/interface/serverInterface.js CHANGED
@@ -99,14 +99,14 @@ export class StackServerInterface extends StackClientInterface {
99
99
  return result.items;
100
100
  }
101
101
  /* when passing a session, the user will be added to the team */
102
- async createServerTeam(data, session) {
102
+ async createServerTeam(data) {
103
103
  const response = await this.sendServerRequest("/teams", {
104
104
  method: "POST",
105
105
  headers: {
106
106
  "content-type": "application/json",
107
107
  },
108
108
  body: JSON.stringify(data),
109
- }, session || null);
109
+ }, null);
110
110
  return await response.json();
111
111
  }
112
112
  async updateServerTeam(teamId, data) {
package/dist/interface/webhooks.d.ts CHANGED
@@ -28,42 +28,17 @@ export declare const webhookEvents: readonly [{
28
28
  profile_image_url: string | null;
29
29
  signed_up_at_millis: number;
30
30
  has_password: NonNullable<boolean | undefined>;
31
- auth_with_email: NonNullable<boolean | undefined>;
32
- requires_totp_mfa: NonNullable<boolean | undefined>;
31
+ client_metadata: {} | null;
32
+ client_read_only_metadata: {} | null;
33
+ server_metadata: {} | null;
34
+ last_active_at_millis: number;
33
35
  oauth_providers: {
34
36
  email?: string | null | undefined;
35
37
  id: string;
36
38
  account_id: string;
37
39
  }[];
38
- auth_methods: ({
39
- type: "password";
40
- identifier: string;
41
- } | {
42
- type: "otp";
43
- contact_channel: {
44
- type: "email";
45
- email: string;
46
- };
47
- } | {
48
- type: "oauth";
49
- provider: {
50
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
51
- id: string;
52
- provider_user_id: string;
53
- };
54
- })[];
55
- connected_accounts: {
56
- type: "oauth";
57
- provider: {
58
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
59
- id: string;
60
- provider_user_id: string;
61
- };
62
- }[];
63
- client_metadata: {} | null;
64
- client_read_only_metadata: {} | null;
65
- server_metadata: {} | null;
66
- last_active_at_millis: number;
40
+ auth_with_email: NonNullable<boolean | undefined>;
41
+ requires_totp_mfa: NonNullable<boolean | undefined>;
67
42
  }, yup.AnyObject, {
68
43
  id: undefined;
69
44
  primary_email: undefined;
@@ -82,15 +57,13 @@ export declare const webhookEvents: readonly [{
82
57
  profile_image_url: undefined;
83
58
  signed_up_at_millis: undefined;
84
59
  has_password: undefined;
85
- auth_with_email: undefined;
86
- requires_totp_mfa: undefined;
87
- oauth_providers: undefined;
88
- auth_methods: undefined;
89
- connected_accounts: undefined;
90
60
  client_metadata: undefined;
91
61
  client_read_only_metadata: undefined;
92
62
  server_metadata: undefined;
93
63
  last_active_at_millis: undefined;
64
+ oauth_providers: undefined;
65
+ auth_with_email: undefined;
66
+ requires_totp_mfa: undefined;
94
67
  }, "">;
95
68
  metadata: {
96
69
  summary: string;
@@ -117,42 +90,17 @@ export declare const webhookEvents: readonly [{
117
90
  profile_image_url: string | null;
118
91
  signed_up_at_millis: number;
119
92
  has_password: NonNullable<boolean | undefined>;
120
- auth_with_email: NonNullable<boolean | undefined>;
121
- requires_totp_mfa: NonNullable<boolean | undefined>;
93
+ client_metadata: {} | null;
94
+ client_read_only_metadata: {} | null;
95
+ server_metadata: {} | null;
96
+ last_active_at_millis: number;
122
97
  oauth_providers: {
123
98
  email?: string | null | undefined;
124
99
  id: string;
125
100
  account_id: string;
126
101
  }[];
127
- auth_methods: ({
128
- type: "password";
129
- identifier: string;
130
- } | {
131
- type: "otp";
132
- contact_channel: {
133
- type: "email";
134
- email: string;
135
- };
136
- } | {
137
- type: "oauth";
138
- provider: {
139
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
140
- id: string;
141
- provider_user_id: string;
142
- };
143
- })[];
144
- connected_accounts: {
145
- type: "oauth";
146
- provider: {
147
- type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
148
- id: string;
149
- provider_user_id: string;
150
- };
151
- }[];
152
- client_metadata: {} | null;
153
- client_read_only_metadata: {} | null;
154
- server_metadata: {} | null;
155
- last_active_at_millis: number;
102
+ auth_with_email: NonNullable<boolean | undefined>;
103
+ requires_totp_mfa: NonNullable<boolean | undefined>;
156
104
  }, yup.AnyObject, {
157
105
  id: undefined;
158
106
  primary_email: undefined;
@@ -171,15 +119,13 @@ export declare const webhookEvents: readonly [{
171
119
  profile_image_url: undefined;
172
120
  signed_up_at_millis: undefined;
173
121
  has_password: undefined;
174
- auth_with_email: undefined;
175
- requires_totp_mfa: undefined;
176
- oauth_providers: undefined;
177
- auth_methods: undefined;
178
- connected_accounts: undefined;
179
122
  client_metadata: undefined;
180
123
  client_read_only_metadata: undefined;
181
124
  server_metadata: undefined;
182
125
  last_active_at_millis: undefined;
126
+ oauth_providers: undefined;
127
+ auth_with_email: undefined;
128
+ requires_totp_mfa: undefined;
183
129
  }, "">;
184
130
  metadata: {
185
131
  summary: string;
package/dist/schema-fields.d.ts CHANGED
@@ -112,6 +112,7 @@ export declare const teamServerMetadataSchema: yup.MixedSchema<{} | null, yup.An
112
112
  export declare const teamCreatedAtMillisSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
113
113
  export declare const teamInvitationEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
114
114
  export declare const teamInvitationCallbackUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
115
+ export declare const teamCreatorUserIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
115
116
  export declare const teamMemberDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
116
117
  export declare const teamMemberProfileImageUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
117
118
  export declare function yupRequiredWhen<S extends yup.AnyObject>(schema: S, triggerName: string, isValue: any): S;
package/dist/schema-fields.js CHANGED
@@ -308,6 +308,7 @@ export const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { descri
308
308
  export const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });
309
309
  export const teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: 'The email of the user to invite.', exampleValue: 'johndoe@example.com' } });
310
310
  export const teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct an invite link with. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/team-invitations/accept` endpoint.', exampleValue: 'https://example.com/handler/team-invitation' } });
311
+ export const teamCreatorUserIdSchema = userIdOrMeSchema.meta({ openapiField: { description: 'The ID of the creator of the team. If not specified, the user will not be added to the team. Can be either "me" or the ID of the user. Only used on the client side.', exampleValue: 'me' } });
311
312
  // Team member profiles
312
313
  export const teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team member') + ' Note that this is separate from the display_name of the user.', exampleValue: 'John Doe' } });
313
314
  export const teamMemberProfileImageUrlSchema = urlSchema.max(1000000).meta({ openapiField: { description: _profileImageUrlDescription('team member'), exampleValue: 'https://example.com/image.jpg' } });
package/dist/utils/jwt.d.ts CHANGED
@@ -1,21 +1,36 @@
1
1
  import * as jose from "jose";
2
- export declare function signJWT(issuer: string, payload: any, expirationTime?: string): Promise<string>;
3
- export declare function verifyJWT(issuer: string, jwt: string): Promise<jose.JWTPayload>;
4
- export declare function getPrivateJwk(): Promise<{
2
+ export declare function legacySignGlobalJWT(issuer: string, payload: any, expirationTime?: string): Promise<string>;
3
+ export declare function legacyVerifyGlobalJWT(issuer: string, jwt: string): Promise<jose.JWTPayload>;
4
+ export declare function signJWT(options: {
5
+ issuer: string;
6
+ audience: string;
7
+ payload: any;
8
+ expirationTime?: string;
9
+ }): Promise<string>;
10
+ export declare function verifyJWT(options: {
11
+ issuer: string;
12
+ jwt: string;
13
+ }): Promise<jose.JWTPayload>;
14
+ export declare function getPrivateJwk(secret: string): Promise<{
5
15
  kty: string;
6
16
  crv: string;
7
17
  d: string;
8
18
  x: string;
9
19
  y: string;
10
20
  }>;
11
- export declare function getPublicJwkSet(): Promise<{
12
- keys: Pick<{
21
+ export declare function getPublicJwkSet(secret: string): Promise<{
22
+ keys: {
23
+ kid: string;
24
+ x: string;
13
25
  kty: string;
14
26
  crv: string;
15
- d: string;
16
- x: string;
17
27
  y: string;
18
- }, "x" | "kty" | "crv" | "y">[];
28
+ }[];
19
29
  }>;
20
- export declare function encryptJWE(payload: any, expirationTime?: string): Promise<string>;
21
- export declare function decryptJWE(jwt: string): Promise<jose.JWTPayload>;
30
+ export declare function getPerAudienceSecret(options: {
31
+ audience: string;
32
+ secret: string;
33
+ }): string;
34
+ export declare function getKid(options: {
35
+ secret: string;
36
+ }): string;
package/dist/utils/jwt.js CHANGED
@@ -4,9 +4,18 @@ import { encodeBase64 } from "./bytes";
4
4
  import { getEnvVariable } from "./env";
5
5
  import { globalVar } from "./globals";
6
6
  import { pick } from "./objects";
7
- const STACK_SERVER_SECRET = jose.base64url.decode(getEnvVariable("STACK_SERVER_SECRET"));
8
- export async function signJWT(issuer, payload, expirationTime = "5m") {
9
- const privateJwk = await jose.importJWK(await getPrivateJwk());
7
+ import crypto from "crypto";
8
+ import { JOSEError } from "jose/errors";
9
+ const STACK_SERVER_SECRET = getEnvVariable("STACK_SERVER_SECRET");
10
+ try {
11
+ jose.base64url.decode(STACK_SERVER_SECRET);
12
+ }
13
+ catch (e) {
14
+ throw new Error("STACK_SERVER_SECRET is not valid. Please use the generateKeys script to generate a new secret.");
15
+ }
16
+ // TODO: remove this after moving everyone to project specific JWTs
17
+ export async function legacySignGlobalJWT(issuer, payload, expirationTime = "5m") {
18
+ const privateJwk = await jose.importJWK(await getPrivateJwk(STACK_SERVER_SECRET));
10
19
  return await new jose.SignJWT(payload)
11
20
  .setProtectedHeader({ alg: "ES256" })
12
21
  .setIssuer(issuer)
@@ -14,15 +23,36 @@ export async function signJWT(issuer, payload, expirationTime = "5m") {
14
23
  .setExpirationTime(expirationTime)
15
24
  .sign(privateJwk);
16
25
  }
17
- export async function verifyJWT(issuer, jwt) {
18
- const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet());
19
- const verified = await jose.jwtVerify(jwt, jwkSet, {
20
- issuer,
21
- });
26
+ // TODO: remove this after moving everyone to project specific JWTs
27
+ export async function legacyVerifyGlobalJWT(issuer, jwt) {
28
+ const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(STACK_SERVER_SECRET));
29
+ const verified = await jose.jwtVerify(jwt, jwkSet, { issuer });
22
30
  return verified.payload;
23
31
  }
24
- export async function getPrivateJwk() {
25
- const secretHash = await globalVar.crypto.subtle.digest("SHA-256", STACK_SERVER_SECRET);
32
+ export async function signJWT(options) {
33
+ const secret = getPerAudienceSecret({ audience: options.audience, secret: STACK_SERVER_SECRET });
34
+ const kid = getKid({ secret });
35
+ const privateJwk = await jose.importJWK(await getPrivateJwk(secret));
36
+ return await new jose.SignJWT(options.payload)
37
+ .setProtectedHeader({ alg: "ES256", kid })
38
+ .setIssuer(options.issuer)
39
+ .setIssuedAt()
40
+ .setAudience(options.audience)
41
+ .setExpirationTime(options.expirationTime || "5m")
42
+ .sign(privateJwk);
43
+ }
44
+ export async function verifyJWT(options) {
45
+ const audience = jose.decodeJwt(options.jwt).aud;
46
+ if (!audience || typeof audience !== "string") {
47
+ throw new JOSEError("Invalid JWT audience");
48
+ }
49
+ const secret = getPerAudienceSecret({ audience, secret: STACK_SERVER_SECRET });
50
+ const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(secret));
51
+ const verified = await jose.jwtVerify(options.jwt, jwkSet, { issuer: options.issuer });
52
+ return verified.payload;
53
+ }
54
+ export async function getPrivateJwk(secret) {
55
+ const secretHash = await globalVar.crypto.subtle.digest("SHA-256", jose.base64url.decode(secret));
26
56
  const priv = new Uint8Array(secretHash);
27
57
  const ec = new elliptic.ec('p256');
28
58
  const key = ec.keyFromPrivate(priv);
@@ -35,24 +65,23 @@ export async function getPrivateJwk() {
35
65
  y: encodeBase64(publicKey.getY().toBuffer()),
36
66
  };
37
67
  }
38
- export async function getPublicJwkSet() {
39
- const privateJwk = await getPrivateJwk();
68
+ export async function getPublicJwkSet(secret) {
69
+ const privateJwk = await getPrivateJwk(secret);
40
70
  const jwk = pick(privateJwk, ["kty", "crv", "x", "y"]);
41
71
  return {
42
- keys: [jwk]
72
+ keys: [{ ...jwk, kid: getKid({ secret }) }],
43
73
  };
44
74
  }
45
- export async function encryptJWE(payload, expirationTime = "5m") {
46
- return await new jose.EncryptJWT(payload)
47
- .setProtectedHeader({ alg: "dir", enc: "A128CBC-HS256" })
48
- .setIssuer("stack")
49
- .setIssuedAt()
50
- .setExpirationTime(expirationTime)
51
- .encrypt(STACK_SERVER_SECRET);
75
+ export function getPerAudienceSecret(options) {
76
+ return jose.base64url.encode(crypto
77
+ .createHash('sha256')
78
+ .update(JSON.stringify([options.secret, options.audience]))
79
+ .digest());
52
80
  }
53
- export async function decryptJWE(jwt) {
54
- if (!jwt) {
55
- throw new Error("Provided JWT is empty");
56
- }
57
- return (await jose.jwtDecrypt(jwt, STACK_SERVER_SECRET)).payload;
81
+ ;
82
+ export function getKid(options) {
83
+ return jose.base64url.encode(crypto
84
+ .createHash('sha256')
85
+ .update(JSON.stringify([options.secret, "kid"]))
86
+ .digest()).slice(0, 12);
58
87
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@stackframe/stack-shared",
3
- "version": "2.6.1",
3
+ "version": "2.6.3",
4
4
  "main": "./dist/index.js",
5
5
  "types": "./dist/index.d.ts",
6
6
  "files": [
@@ -38,7 +38,7 @@
38
38
  "oauth4webapi": "^2.10.3",
39
39
  "semver": "^7.6.3",
40
40
  "uuid": "^9.0.1",
41
- "@stackframe/stack-sc": "2.6.1"
41
+ "@stackframe/stack-sc": "2.6.3"
42
42
  },
43
43
  "devDependencies": {
44
44
  "@types/bcrypt": "^5.0.2",