@stackframe/stack 2.4.21 → 2.4.23

package/dist/index.d.mts

@@ -7,7 +7,7 @@ export { default as SignUp } from './components-page/sign-up.mjs';
 export { default as EmailVerification } from './components-page/email-verification.mjs';
 export { default as PasswordReset } from './components-page/password-reset.mjs';
 export { default as ForgotPassword } from './components-page/forgot-password.mjs';
-export { default as MessageCard } from './components/message-card.mjs';
+export { default as MessageCard } from './components/message-cards/message-card.mjs';
 export { default as CredentialSignIn } from './components/credential-sign-in.mjs';
 export { default as CredentialSignUp } from './components/credential-sign-up.mjs';
 export { default as OAuthButton } from './components/oauth-button.mjs';

package/dist/index.d.ts

@@ -7,7 +7,7 @@ export { default as SignUp } from './components-page/sign-up.js';
 export { default as EmailVerification } from './components-page/email-verification.js';
 export { default as PasswordReset } from './components-page/password-reset.js';
 export { default as ForgotPassword } from './components-page/forgot-password.js';
-export { default as MessageCard } from './components/message-card.js';
+export { default as MessageCard } from './components/message-cards/message-card.js';
 export { default as CredentialSignIn } from './components/credential-sign-in.js';
 export { default as CredentialSignUp } from './components/credential-sign-up.js';
 export { default as OAuthButton } from './components/oauth-button.js';

package/dist/index.js

@@ -66,7 +66,7 @@ var import_sign_up = __toESM(require("./components-page/sign-up"));
 var import_email_verification = __toESM(require("./components-page/email-verification"));
 var import_password_reset = __toESM(require("./components-page/password-reset"));
 var import_forgot_password = __toESM(require("./components-page/forgot-password"));
-var import_message_card = __toESM(require("./components/message-card"));
+var import_message_card = __toESM(require("./components/message-cards/message-card"));
 var import_credential_sign_in = __toESM(require("./components/credential-sign-in"));
 var import_credential_sign_up = __toESM(require("./components/credential-sign-up"));
 var import_oauth_button = __toESM(require("./components/oauth-button"));

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.tsx"],"sourcesContent":["export { default as StackProvider } from \"./providers/stack-provider\";\n\nexport { useUser, useStackApp } from \"./lib/hooks\";\nexport { StackClientApp, StackServerApp, StackAdminApp } from \"./lib/stack-app\";\n\nexport { default as StackHandler } from \"./components-page/stack-handler\";\nexport { default as SignIn } from \"./components-page/sign-in\";\nexport { default as SignUp } from \"./components-page/sign-up\";\nexport { default as EmailVerification } from \"./components-page/email-verification\";\nexport { default as PasswordReset } from \"./components-page/password-reset\";\nexport { default as ForgotPassword } from \"./components-page/forgot-password\";\nexport { default as MessageCard } from \"./components/message-card\";\n\nexport { default as CredentialSignIn } from \"./components/credential-sign-in\";\nexport { default as CredentialSignUp } from \"./components/credential-sign-up\";\nexport { default as OAuthButton } from \"./components/oauth-button\";\nexport { default as OAuthGroup } from \"./components/oauth-group\";\nexport { default as PasswordField } from \"./components/password-field\";\nexport { default as UserButton } from \"./components/user-button\";\nexport { default as AccountSettings } from \"./components-page/account-settings\";\nexport { default as AuthPage } from \"./components-page/auth-page\";\n\nexport { useDesign } from './providers/design-provider';\nexport type { ColorPalette } from './providers/design-provider';\nexport { useComponents } from './providers/component-provider';\nexport { StackTheme } from './providers/theme-provider';\nexport type { ThemeConfig } from './providers/theme-provider';\n\nexport type { \n  CurrentUser, \n  Project, \n  ServerUser as ServerUser, \n  ApiKeySetFirstView, \n  ApiKeySet, \n  ServerTeam, \n  Team, \n  TeamMember,\n  ServerTeamMember,\n  ServerPermission as Permission,\n  ServerPermission,\n} from './lib/stack-app';\n\nexport * from './components-core';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAyC;AAEzC,mBAAqC;AACrC,uBAA8D;AAE9D,2BAAwC;AACxC,qBAAkC;AAClC,qBAAkC;AAClC,gCAA6C;AAC7C,4BAAyC;AACzC,6BAA0C;AAC1C,0BAAuC;AAEvC,gCAA4C;AAC5C,gCAA4C;AAC5C,0BAAuC;AACvC,yBAAsC;AACtC,4BAAyC;AACzC,yBAAsC;AACtC,8BAA2C;AAC3C,uBAAoC;AAEpC,6BAA0B;AAE1B,gCAA8B;AAC9B,4BAA2B;AAiB3B,wBAAc,8BA1Cd;","names":[]}
+{"version":3,"sources":["../src/index.tsx"],"sourcesContent":["export { default as StackProvider } from \"./providers/stack-provider\";\n\nexport { useUser, useStackApp } from \"./lib/hooks\";\nexport { StackClientApp, StackServerApp, StackAdminApp } from \"./lib/stack-app\";\n\nexport { default as StackHandler } from \"./components-page/stack-handler\";\nexport { default as SignIn } from \"./components-page/sign-in\";\nexport { default as SignUp } from \"./components-page/sign-up\";\nexport { default as EmailVerification } from \"./components-page/email-verification\";\nexport { default as PasswordReset } from \"./components-page/password-reset\";\nexport { default as ForgotPassword } from \"./components-page/forgot-password\";\nexport { default as MessageCard } from \"./components/message-cards/message-card\";\n\nexport { default as CredentialSignIn } from \"./components/credential-sign-in\";\nexport { default as CredentialSignUp } from \"./components/credential-sign-up\";\nexport { default as OAuthButton } from \"./components/oauth-button\";\nexport { default as OAuthGroup } from \"./components/oauth-group\";\nexport { default as PasswordField } from \"./components/password-field\";\nexport { default as UserButton } from \"./components/user-button\";\nexport { default as AccountSettings } from \"./components-page/account-settings\";\nexport { default as AuthPage } from \"./components-page/auth-page\";\n\nexport { useDesign } from './providers/design-provider';\nexport type { ColorPalette } from './providers/design-provider';\nexport { useComponents } from './providers/component-provider';\nexport { StackTheme } from './providers/theme-provider';\nexport type { ThemeConfig } from './providers/theme-provider';\n\nexport type { \n  CurrentUser, \n  Project, \n  ServerUser as ServerUser, \n  ApiKeySetFirstView, \n  ApiKeySet, \n  ServerTeam, \n  Team, \n  TeamMember,\n  ServerTeamMember,\n  ServerPermission as Permission,\n  ServerPermission,\n} from './lib/stack-app';\n\nexport * from './components-core';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAyC;AAEzC,mBAAqC;AACrC,uBAA8D;AAE9D,2BAAwC;AACxC,qBAAkC;AAClC,qBAAkC;AAClC,gCAA6C;AAC7C,4BAAyC;AACzC,6BAA0C;AAC1C,0BAAuC;AAEvC,gCAA4C;AAC5C,gCAA4C;AAC5C,0BAAuC;AACvC,yBAAsC;AACtC,4BAAyC;AACzC,yBAAsC;AACtC,8BAA2C;AAC3C,uBAAoC;AAEpC,6BAA0B;AAE1B,gCAA8B;AAC9B,4BAA2B;AAiB3B,wBAAc,8BA1Cd;","names":[]}

package/dist/lib/auth.d.mts

@@ -1,13 +1,23 @@
 import { StackClientInterface } from '@stackframe/stack-shared';
+import { InternalSession } from '@stackframe/stack-shared/dist/sessions';
 
-declare function signInWithOAuth(iface: StackClientInterface, { provider, redirectUrl, }: {
+declare function signInWithOAuth(iface: StackClientInterface, options: {
     provider: string;
-    redirectUrl?: string;
+    redirectUrl: string;
+    errorRedirectUrl: string;
+    providerScope?: string;
 }): Promise<void>;
+declare function addNewOAuthProviderOrScope(iface: StackClientInterface, options: {
+    provider: string;
+    redirectUrl: string;
+    errorRedirectUrl: string;
+    providerScope?: string;
+}, session: InternalSession): Promise<void>;
 declare function callOAuthCallback(iface: StackClientInterface, redirectUrl: string): Promise<{
     newUser: boolean;
+    afterCallbackRedirectUrl?: string | undefined;
     accessToken: string;
     refreshToken: string;
 } | null>;
 
-export { callOAuthCallback, signInWithOAuth };
+export { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth };

package/dist/lib/auth.d.ts

@@ -1,13 +1,23 @@
 import { StackClientInterface } from '@stackframe/stack-shared';
+import { InternalSession } from '@stackframe/stack-shared/dist/sessions';
 
-declare function signInWithOAuth(iface: StackClientInterface, { provider, redirectUrl, }: {
+declare function signInWithOAuth(iface: StackClientInterface, options: {
     provider: string;
-    redirectUrl?: string;
+    redirectUrl: string;
+    errorRedirectUrl: string;
+    providerScope?: string;
 }): Promise<void>;
+declare function addNewOAuthProviderOrScope(iface: StackClientInterface, options: {
+    provider: string;
+    redirectUrl: string;
+    errorRedirectUrl: string;
+    providerScope?: string;
+}, session: InternalSession): Promise<void>;
 declare function callOAuthCallback(iface: StackClientInterface, redirectUrl: string): Promise<{
     newUser: boolean;
+    afterCallbackRedirectUrl?: string | undefined;
     accessToken: string;
     refreshToken: string;
 } | null>;
 
-export { callOAuthCallback, signInWithOAuth };
+export { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth };

package/dist/lib/auth.js

@@ -20,6 +20,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/lib/auth.ts
 var auth_exports = {};
 __export(auth_exports, {
+  addNewOAuthProviderOrScope: () => addNewOAuthProviderOrScope,
   callOAuthCallback: () => callOAuthCallback,
   signInWithOAuth: () => signInWithOAuth
 });
@@ -28,18 +29,33 @@ var import_cookie = require("./cookie");
 var import_url = require("../utils/url");
 var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
 var import_errors = require("@stackframe/stack-shared/dist/utils/errors");
-async function signInWithOAuth(iface, {
-  provider,
-  redirectUrl
-}) {
-  redirectUrl = (0, import_url.constructRedirectUrl)(redirectUrl);
+async function signInWithOAuth(iface, options) {
   const { codeChallenge, state } = await (0, import_cookie.saveVerifierAndState)();
-  const location = await iface.getOAuthUrl(
-    provider,
-    redirectUrl,
+  const location = await iface.getOAuthUrl({
+    provider: options.provider,
+    redirectUrl: (0, import_url.constructRedirectUrl)(options.redirectUrl),
+    errorRedirectUrl: (0, import_url.constructRedirectUrl)(options.errorRedirectUrl),
     codeChallenge,
-    state
-  );
+    state,
+    type: "authenticate",
+    providerScope: options.providerScope
+  });
+  window.location.assign(location);
+  await (0, import_promises.neverResolve)();
+}
+async function addNewOAuthProviderOrScope(iface, options, session) {
+  const { codeChallenge, state } = await (0, import_cookie.saveVerifierAndState)();
+  const location = await iface.getOAuthUrl({
+    provider: options.provider,
+    redirectUrl: (0, import_url.constructRedirectUrl)(options.redirectUrl),
+    errorRedirectUrl: (0, import_url.constructRedirectUrl)(options.errorRedirectUrl),
+    afterCallbackRedirectUrl: (0, import_url.constructRedirectUrl)(window.location.href),
+    codeChallenge,
+    state,
+    type: "link",
+    session,
+    providerScope: options.providerScope
+  });
   window.location.assign(location);
   await (0, import_promises.neverResolve)();
 }
@@ -70,18 +86,19 @@ async function callOAuthCallback(iface, redirectUrl) {
   if (!originalUrl)
     return null;
   try {
-    return await iface.callOAuthCallback(
-      originalUrl.searchParams,
-      (0, import_url.constructRedirectUrl)(redirectUrl),
+    return await iface.callOAuthCallback({
+      oauthParams: originalUrl.searchParams,
+      redirectUri: (0, import_url.constructRedirectUrl)(redirectUrl),
       codeVerifier,
       state
-    );
+    });
   } catch (e) {
     throw new import_errors.StackAssertionError("Error signing in during OAuth callback. Please try again.", { cause: e });
   }
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  addNewOAuthProviderOrScope,
   callOAuthCallback,
   signInWithOAuth
 });

package/dist/lib/auth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/lib/auth.ts"],"sourcesContent":["import { StackClientInterface } from \"@stackframe/stack-shared\";\nimport { saveVerifierAndState, getVerifierAndState } from \"./cookie\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { neverResolve, wait } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { StackAssertionError } from \"@stackframe/stack-shared/dist/utils/errors\";\n\nexport async function signInWithOAuth(\n  iface: StackClientInterface,\n  {\n    provider,\n    redirectUrl,\n  } : { \n    provider: string,\n    redirectUrl?: string,\n  }\n) {\n  redirectUrl = constructRedirectUrl(redirectUrl);\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl(\n    provider,\n    redirectUrl,\n    codeChallenge,\n    state,\n  );\n  window.location.assign(location);\n  await neverResolve();\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n * \n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\nfunction consumeOAuthCallbackQueryParams(expectedState: string): null | URL {\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      return null;\n    }\n  }\n\n  if (expectedState !== originalUrl.searchParams.get(\"state\")) {\n    // If the state doesn't match, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return originalUrl; \n}\n\nexport async function callOAuthCallback(\n  iface: StackClientInterface,\n  redirectUrl: string,\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const { codeVerifier, state } = getVerifierAndState();\n  if (!codeVerifier || !state) {\n    throw new Error(\"Invalid OAuth callback URL parameters. It seems like the OAuth flow was interrupted, so please try again.\");\n  }\n  const originalUrl = consumeOAuthCallbackQueryParams(state);\n  if (!originalUrl) return null;\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback)\n  try {\n    return await iface.callOAuthCallback(\n      originalUrl.searchParams,\n      constructRedirectUrl(redirectUrl),\n      codeVerifier,\n      state,\n    );\n  } catch (e) {\n    throw new StackAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,oBAA0D;AAC1D,iBAAqC;AACrC,sBAAmC;AACnC,oBAAoC;AAEpC,eAAsB,gBACpB,OACA;AAAA,EACE;AAAA,EACA;AACF,GAIA;AACA,oBAAc,iCAAqB,WAAW;AAC9C,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAOA,SAAS,gCAAgC,eAAmC;AAC1E,QAAM,iBAAiB,CAAC,QAAQ,OAAO;AACvC,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,IAAI;AAChD,aAAW,SAAS,gBAAgB;AAClC,QAAI,CAAC,YAAY,aAAa,IAAI,KAAK,GAAG;AACxC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,kBAAkB,YAAY,aAAa,IAAI,OAAO,GAAG;AAG3D,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,IAAI,IAAI,WAAW;AAClC,aAAW,SAAS,gBAAgB;AAClC,WAAO,aAAa,OAAO,KAAK;AAAA,EAClC;AAQA,SAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,OAAO,SAAS,CAAC;AAErD,SAAO;AACT;AAEA,eAAsB,kBACpB,OACA,aACA;AAIA,QAAM,EAAE,cAAc,MAAM,QAAI,mCAAoB;AACpD,MAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,UAAM,IAAI,MAAM,2GAA2G;AAAA,EAC7H;AACA,QAAM,cAAc,gCAAgC,KAAK;AACzD,MAAI,CAAC;AAAa,WAAO;AAIzB,MAAI;AACF,WAAO,MAAM,MAAM;AAAA,MACjB,YAAY;AAAA,UACZ,iCAAqB,WAAW;AAAA,MAChC;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,GAAG;AACV,UAAM,IAAI,kCAAoB,6DAA6D,EAAE,OAAO,EAAE,CAAC;AAAA,EACzG;AACF;","names":[]}
+{"version":3,"sources":["../../src/lib/auth.ts"],"sourcesContent":["import { StackClientInterface } from \"@stackframe/stack-shared\";\nimport { saveVerifierAndState, getVerifierAndState } from \"./cookie\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { neverResolve } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { StackAssertionError } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\n\nexport async function signInWithOAuth(\n  iface: StackClientInterface,\n  options: { \n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  }\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl),\n    codeChallenge,\n    state,\n    type: \"authenticate\",\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\nexport async function addNewOAuthProviderOrScope(\n  iface: StackClientInterface,\n  options: { \n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n * \n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\nfunction consumeOAuthCallbackQueryParams(expectedState: string): null | URL {\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      return null;\n    }\n  }\n\n  if (expectedState !== originalUrl.searchParams.get(\"state\")) {\n    // If the state doesn't match, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return originalUrl; \n}\n\nexport async function callOAuthCallback(\n  iface: StackClientInterface,\n  redirectUrl: string,\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const { codeVerifier, state } = getVerifierAndState();\n  if (!codeVerifier || !state) {\n    throw new Error(\"Invalid OAuth callback URL parameters. It seems like the OAuth flow was interrupted, so please try again.\");\n  }\n  const originalUrl = consumeOAuthCallbackQueryParams(state);\n  if (!originalUrl) return null;\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback)\n  try {\n    return await iface.callOAuthCallback({\n      oauthParams: originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl),\n      codeVerifier,\n      state,\n    });\n  } catch (e) {\n    throw new StackAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,oBAA0D;AAC1D,iBAAqC;AACrC,sBAA6B;AAC7B,oBAAoC;AAGpC,eAAsB,gBACpB,OACA,SAMA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,WAAW;AAAA,IACrD,sBAAkB,iCAAqB,QAAQ,gBAAgB;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAEA,eAAsB,2BACpB,OACA,SAMA,SACA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,WAAW;AAAA,IACrD,sBAAkB,iCAAqB,QAAQ,gBAAgB;AAAA,IAC/D,8BAA0B,iCAAqB,OAAO,SAAS,IAAI;AAAA,IACnE;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAOA,SAAS,gCAAgC,eAAmC;AAC1E,QAAM,iBAAiB,CAAC,QAAQ,OAAO;AACvC,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,IAAI;AAChD,aAAW,SAAS,gBAAgB;AAClC,QAAI,CAAC,YAAY,aAAa,IAAI,KAAK,GAAG;AACxC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,kBAAkB,YAAY,aAAa,IAAI,OAAO,GAAG;AAG3D,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,IAAI,IAAI,WAAW;AAClC,aAAW,SAAS,gBAAgB;AAClC,WAAO,aAAa,OAAO,KAAK;AAAA,EAClC;AAQA,SAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,OAAO,SAAS,CAAC;AAErD,SAAO;AACT;AAEA,eAAsB,kBACpB,OACA,aACA;AAIA,QAAM,EAAE,cAAc,MAAM,QAAI,mCAAoB;AACpD,MAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,UAAM,IAAI,MAAM,2GAA2G;AAAA,EAC7H;AACA,QAAM,cAAc,gCAAgC,KAAK;AACzD,MAAI,CAAC;AAAa,WAAO;AAIzB,MAAI;AACF,WAAO,MAAM,MAAM,kBAAkB;AAAA,MACnC,aAAa,YAAY;AAAA,MACzB,iBAAa,iCAAqB,WAAW;AAAA,MAC7C;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,SAAS,GAAG;AACV,UAAM,IAAI,kCAAoB,6DAA6D,EAAE,OAAO,EAAE,CAAC;AAAA,EACzG;AACF;","names":[]}

package/dist/lib/stack-app.d.mts

@@ -1,5 +1,5 @@
 import { ServerUserJson, OAuthProviderConfigJson, KnownErrors } from '@stackframe/stack-shared';
-import { UserJson, UserUpdateJson, ProjectJson, ProductionModeError, TeamJson, EmailConfigJson, DomainConfigJson, ClientProjectJson } from '@stackframe/stack-shared/dist/interface/clientInterface';
+import { StandardProvider, UserJson, UserUpdateJson, ProjectJson, ProductionModeError, TeamJson, EmailConfigJson, DomainConfigJson, ClientProjectJson } from '@stackframe/stack-shared/dist/interface/clientInterface';
 import { ReadonlyJson } from '@stackframe/stack-shared/dist/utils/json';
 import { ProjectUpdateOptions, ApiKeySetCreateOptions } from '@stackframe/stack-shared/dist/interface/adminInterface';
 import { ServerUserUpdateJson, ServerTeamCustomizableJson, ServerPermissionDefinitionCustomizableJson, ServerPermissionDefinitionJson, EmailTemplateType } from '@stackframe/stack-shared/dist/interface/serverInterface';
@@ -30,6 +30,10 @@ type HandlerUrls = {
     oauthCallback: string;
     magicLinkCallback: string;
     accountSettings: string;
+    error: string;
+};
+type OAuthScopesOnSignIn = {
+    [key in StandardProvider]: string[];
 };
 type ProjectCurrentUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalUser : CurrentUser;
 type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = {
@@ -37,6 +41,7 @@ type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId e
     projectId?: ProjectId;
     publishableClientKey?: string;
     urls?: Partial<HandlerUrls>;
+    oauthScopesOnSignIn?: Partial<OAuthScopesOnSignIn>;
     tokenStore: TokenStoreInit<HasTokenStore>;
 };
 type StackServerAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & {
@@ -67,6 +72,77 @@ type Auth<T, C> = {
     readonly _internalSession: InternalSession;
     readonly currentSession: Session;
     signOut(this: T): Promise<void>;
+    /**
+     * Returns headers for sending authenticated HTTP requests to external servers. Most commonly used in cross-origin
+     * requests. Similar to `getAuthJson`, but specifically for HTTP requests.
+     *
+     * If you are using `tokenStore: "cookie"`, you don't need this for same-origin requests. However, most
+     * browsers now disable third-party cookies by default, so we must pass authentication tokens by header instead
+     * if the client and server are on different hostnames.
+     *
+     * This function returns a header object that can be used with `fetch` or other HTTP request libraries to send
+     * authenticated requests.
+     *
+     * On the server, you can then pass in the `Request` object to the `tokenStore` option
+     * of your Stack app. Please note that CORS does not allow most headers by default, so you
+     * must include `x-stack-auth` in the [`Access-Control-Allow-Headers` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers)
+     * of the CORS preflight response.
+     *
+     * If you are not using HTTP (and hence cannot set headers), you will need to use the `getAuthJson()` function
+     * instead.
+     *
+     * Example:
+     *
+     * ```ts
+     * // client
+     * const res = await fetch("https://api.example.com", {
+     *   headers: {
+     *     ...await stackApp.getAuthHeaders()
+     *     // you can also add your own headers here
+     *   },
+     * });
+     *
+     * // server
+     * function handleRequest(req: Request) {
+     *   const user = await stackServerApp.getUser({ tokenStore: req });
+     *   return new Response("Welcome, " + user.displayName);
+     * }
+     * ```
+     */
+    getAuthHeaders(): Promise<{
+        "x-stack-auth": string;
+    }>;
+    /**
+     * Creates a JSON-serializable object containing the information to authenticate a user on an external server.
+     * Similar to `getAuthHeaders`, but returns an object that can be sent over any protocol instead of just
+     * HTTP headers.
+     *
+     * While `getAuthHeaders` is the recommended way to send authentication tokens over HTTP, your app may use
+     * a different protocol, for example WebSockets or gRPC. This function returns a token object that can be JSON-serialized and sent to the server in any way you like.
+     *
+     * On the server, you can pass in this token object into the `tokenStore` option to fetch user details.
+     *
+     * Example:
+     *
+     * ```ts
+     * // client
+     * const res = await rpcCall(rpcEndpoint, {
+     *   data: {
+     *     auth: await stackApp.getAuthJson(),
+     *   },
+     * });
+     *
+     * // server
+     * function handleRequest(data) {
+     *   const user = await stackServerApp.getUser({ tokenStore: data.auth });
+     *   return new Response("Welcome, " + user.displayName);
+     * }
+     * ```
+     */
+    getAuthJson(): Promise<{
+        accessToken: string | null;
+        refreshToken: string | null;
+    }>;
     update(this: T, user: C): Promise<void>;
     updateSelectedTeam(this: T, team: Team | null): Promise<void>;
     sendVerificationEmail(this: T): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
@@ -104,6 +180,28 @@ type User = ({
     hasPermission(this: CurrentUser, scope: Team, permissionId: string): Promise<boolean>;
     getSelectedTeam(this: CurrentUser): Promise<Team | null>;
     useSelectedTeam(this: CurrentUser): Team | null;
+    getConnection(id: StandardProvider, options?: {
+        scopes?: string[];
+    }): Promise<OAuthConnection | null>;
+    getConnection(id: StandardProvider, options: {
+        or: 'redirect';
+        scopes?: string[];
+    }): Promise<OAuthConnection>;
+    getConnection(id: StandardProvider, options?: {
+        or?: 'redirect';
+        scopes?: string[];
+    }): Promise<OAuthConnection | null>;
+    useConnection(id: StandardProvider, options?: {
+        scopes?: string[];
+    }): OAuthConnection | null;
+    useConnection(id: StandardProvider, options: {
+        or: 'redirect';
+        scopes?: string[];
+    }): OAuthConnection;
+    useConnection(id: StandardProvider, options?: {
+        or?: 'redirect';
+        scopes?: string[];
+    }): OAuthConnection | null;
     toJson(this: CurrentUser): UserJson;
 } & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & Omit<AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     direct?: boolean;
@@ -193,6 +291,17 @@ type ServerPermission = Permission & {
     readonly description?: string;
     readonly containPermissionIds: string[];
 };
+type Connection = {
+    id: string;
+};
+type OAuthConnection = Connection & {
+    getAccessToken(): Promise<{
+        accessToken: string;
+    }>;
+    useAccessToken(): {
+        accessToken: string;
+    };
+};
 type ApiKeySetBase = {
     id: string;
     description: string;
@@ -262,69 +371,6 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
     verifyPasswordResetCode(code: string): Promise<KnownErrors["PasswordResetCodeError"] | void>;
     verifyEmail(code: string): Promise<KnownErrors["EmailVerificationError"] | void>;
     signInWithMagicLink(code: string): Promise<KnownErrors["MagicLinkError"] | void>;
-    /**
-     * With most browsers now disabling third-party cookies by default, the best way to send authenticated requests
-     * across different origins is to pass the tokens in a header.
-     *
-     * This function returns a header object that can be used with `fetch` or other HTTP request libraries to send
-     * authenticated requests.
-     *
-     * On the server, you can then pass in the `Request` object to the `tokenStore` option
-     * on your Stack app to fetch user details. Please note that CORS by default does not allow custom headers, so you
-     * must set the [`Access-Control-Allow-Headers` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers)
-     * to include `x-stack-auth` in the CORS preflight response.
-     *
-     * Example:
-     *
-     * ```ts
-     * // client
-     * const res = await fetch("https://api.example.com", {
-     *   headers: {
-     *     ...await stackApp.getCrossOriginHeaders()
-     *     // you can also add your own headers here
-     *   },
-     * });
-     *
-     * // server
-     * function handleRequest(req: Request) {
-     *   const user = await stackServerApp.getUser({ tokenStore: req });
-     *   return new Response("Welcome, " + user.displayName);
-     * }
-     * ```
-     */
-    getCrossOriginHeaders(): Promise<{
-        "x-stack-auth": string;
-    }>;
-    /**
-     * With most browsers now disabling third-party cookies by default, there need to be new ways to send authenticated
-     * requests across different origins. While `getCrossOriginHeaders` is the recommended way to do this, there
-     * are some cases where you might want to send the tokens differently, for example when you are using WebSockets
-     * or non-HTTP protocols.
-     *
-     * This function returns a token object that can be JSON-serialized and sent to the server in any way you like.
-     * There, you can use the `tokenStore` option on your Stack app to fetch user details.
-     *
-     * Example:
-     *
-     * ```ts
-     * // client
-     * const res = await rpcCall(rpcEndpoint, {
-     *   data: {
-     *     auth: await stackApp.getCrossOriginTokenObject(),
-     *   },
-     * });
-     *
-     * // server
-     * function handleRequest(data) {
-     *   const user = await stackServerApp.getUser({ tokenStore: data.auth });
-     *   return new Response("Welcome, " + user.displayName);
-     * }
-     * ```
-     */
-    getCrossOriginTokenObject(): Promise<{
-        accessToken: string | null;
-        refreshToken: string | null;
-    }>;
     [stackAppInternalsSymbol]: {
         toClientJson(): StackClientAppJson<HasTokenStore, ProjectId>;
         setCurrentUser(userJsonPromise: Promise<UserJson | null>): void;
@@ -376,4 +422,4 @@ type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends st
 });
 declare const StackAdminApp: StackAdminAppConstructor;
 
-export { type ApiKeySet, type ApiKeySetBase, type ApiKeySetFirstView, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type DomainConfig, type EmailConfig, type GetUserOptions, type HandlerUrls, type OAuthProviderConfig, type Permission, type Project, type ServerPermission, type ServerTeam, type ServerTeamMember, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamMember, type TokenStoreInit, type User, stackAppInternalsSymbol };
+export { type ApiKeySet, type ApiKeySetBase, type ApiKeySetFirstView, type Connection, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type DomainConfig, type EmailConfig, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Permission, type Project, type ServerPermission, type ServerTeam, type ServerTeamMember, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamMember, type TokenStoreInit, type User, stackAppInternalsSymbol };

package/dist/lib/stack-app.d.ts

@@ -1,5 +1,5 @@
 import { ServerUserJson, OAuthProviderConfigJson, KnownErrors } from '@stackframe/stack-shared';
-import { UserJson, UserUpdateJson, ProjectJson, ProductionModeError, TeamJson, EmailConfigJson, DomainConfigJson, ClientProjectJson } from '@stackframe/stack-shared/dist/interface/clientInterface';
+import { StandardProvider, UserJson, UserUpdateJson, ProjectJson, ProductionModeError, TeamJson, EmailConfigJson, DomainConfigJson, ClientProjectJson } from '@stackframe/stack-shared/dist/interface/clientInterface';
 import { ReadonlyJson } from '@stackframe/stack-shared/dist/utils/json';
 import { ProjectUpdateOptions, ApiKeySetCreateOptions } from '@stackframe/stack-shared/dist/interface/adminInterface';
 import { ServerUserUpdateJson, ServerTeamCustomizableJson, ServerPermissionDefinitionCustomizableJson, ServerPermissionDefinitionJson, EmailTemplateType } from '@stackframe/stack-shared/dist/interface/serverInterface';
@@ -30,6 +30,10 @@ type HandlerUrls = {
     oauthCallback: string;
     magicLinkCallback: string;
     accountSettings: string;
+    error: string;
+};
+type OAuthScopesOnSignIn = {
+    [key in StandardProvider]: string[];
 };
 type ProjectCurrentUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalUser : CurrentUser;
 type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = {
@@ -37,6 +41,7 @@ type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId e
     projectId?: ProjectId;
     publishableClientKey?: string;
     urls?: Partial<HandlerUrls>;
+    oauthScopesOnSignIn?: Partial<OAuthScopesOnSignIn>;
     tokenStore: TokenStoreInit<HasTokenStore>;
 };
 type StackServerAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & {
@@ -67,6 +72,77 @@ type Auth<T, C> = {
     readonly _internalSession: InternalSession;
     readonly currentSession: Session;
     signOut(this: T): Promise<void>;
+    /**
+     * Returns headers for sending authenticated HTTP requests to external servers. Most commonly used in cross-origin
+     * requests. Similar to `getAuthJson`, but specifically for HTTP requests.
+     *
+     * If you are using `tokenStore: "cookie"`, you don't need this for same-origin requests. However, most
+     * browsers now disable third-party cookies by default, so we must pass authentication tokens by header instead
+     * if the client and server are on different hostnames.
+     *
+     * This function returns a header object that can be used with `fetch` or other HTTP request libraries to send
+     * authenticated requests.
+     *
+     * On the server, you can then pass in the `Request` object to the `tokenStore` option
+     * of your Stack app. Please note that CORS does not allow most headers by default, so you
+     * must include `x-stack-auth` in the [`Access-Control-Allow-Headers` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers)
+     * of the CORS preflight response.
+     *
+     * If you are not using HTTP (and hence cannot set headers), you will need to use the `getAuthJson()` function
+     * instead.
+     *
+     * Example:
+     *
+     * ```ts
+     * // client
+     * const res = await fetch("https://api.example.com", {
+     *   headers: {
+     *     ...await stackApp.getAuthHeaders()
+     *     // you can also add your own headers here
+     *   },
+     * });
+     *
+     * // server
+     * function handleRequest(req: Request) {
+     *   const user = await stackServerApp.getUser({ tokenStore: req });
+     *   return new Response("Welcome, " + user.displayName);
+     * }
+     * ```
+     */
+    getAuthHeaders(): Promise<{
+        "x-stack-auth": string;
+    }>;
+    /**
+     * Creates a JSON-serializable object containing the information to authenticate a user on an external server.
+     * Similar to `getAuthHeaders`, but returns an object that can be sent over any protocol instead of just
+     * HTTP headers.
+     *
+     * While `getAuthHeaders` is the recommended way to send authentication tokens over HTTP, your app may use
+     * a different protocol, for example WebSockets or gRPC. This function returns a token object that can be JSON-serialized and sent to the server in any way you like.
+     *
+     * On the server, you can pass in this token object into the `tokenStore` option to fetch user details.
+     *
+     * Example:
+     *
+     * ```ts
+     * // client
+     * const res = await rpcCall(rpcEndpoint, {
+     *   data: {
+     *     auth: await stackApp.getAuthJson(),
+     *   },
+     * });
+     *
+     * // server
+     * function handleRequest(data) {
+     *   const user = await stackServerApp.getUser({ tokenStore: data.auth });
+     *   return new Response("Welcome, " + user.displayName);
+     * }
+     * ```
+     */
+    getAuthJson(): Promise<{
+        accessToken: string | null;
+        refreshToken: string | null;
+    }>;
     update(this: T, user: C): Promise<void>;
     updateSelectedTeam(this: T, team: Team | null): Promise<void>;
     sendVerificationEmail(this: T): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
@@ -104,6 +180,28 @@ type User = ({
     hasPermission(this: CurrentUser, scope: Team, permissionId: string): Promise<boolean>;
     getSelectedTeam(this: CurrentUser): Promise<Team | null>;
     useSelectedTeam(this: CurrentUser): Team | null;
+    getConnection(id: StandardProvider, options?: {
+        scopes?: string[];
+    }): Promise<OAuthConnection | null>;
+    getConnection(id: StandardProvider, options: {
+        or: 'redirect';
+        scopes?: string[];
+    }): Promise<OAuthConnection>;
+    getConnection(id: StandardProvider, options?: {
+        or?: 'redirect';
+        scopes?: string[];
+    }): Promise<OAuthConnection | null>;
+    useConnection(id: StandardProvider, options?: {
+        scopes?: string[];
+    }): OAuthConnection | null;
+    useConnection(id: StandardProvider, options: {
+        or: 'redirect';
+        scopes?: string[];
+    }): OAuthConnection;
+    useConnection(id: StandardProvider, options?: {
+        or?: 'redirect';
+        scopes?: string[];
+    }): OAuthConnection | null;
     toJson(this: CurrentUser): UserJson;
 } & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & Omit<AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     direct?: boolean;
@@ -193,6 +291,17 @@ type ServerPermission = Permission & {
     readonly description?: string;
     readonly containPermissionIds: string[];
 };
+type Connection = {
+    id: string;
+};
+type OAuthConnection = Connection & {
+    getAccessToken(): Promise<{
+        accessToken: string;
+    }>;
+    useAccessToken(): {
+        accessToken: string;
+    };
+};
 type ApiKeySetBase = {
     id: string;
     description: string;
@@ -262,69 +371,6 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
     verifyPasswordResetCode(code: string): Promise<KnownErrors["PasswordResetCodeError"] | void>;
     verifyEmail(code: string): Promise<KnownErrors["EmailVerificationError"] | void>;
     signInWithMagicLink(code: string): Promise<KnownErrors["MagicLinkError"] | void>;
-    /**
-     * With most browsers now disabling third-party cookies by default, the best way to send authenticated requests
-     * across different origins is to pass the tokens in a header.
-     *
-     * This function returns a header object that can be used with `fetch` or other HTTP request libraries to send
-     * authenticated requests.
-     *
-     * On the server, you can then pass in the `Request` object to the `tokenStore` option
-     * on your Stack app to fetch user details. Please note that CORS by default does not allow custom headers, so you
-     * must set the [`Access-Control-Allow-Headers` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers)
-     * to include `x-stack-auth` in the CORS preflight response.
-     *
-     * Example:
-     *
-     * ```ts
-     * // client
-     * const res = await fetch("https://api.example.com", {
-     *   headers: {
-     *     ...await stackApp.getCrossOriginHeaders()
-     *     // you can also add your own headers here
-     *   },
-     * });
-     *
-     * // server
-     * function handleRequest(req: Request) {
-     *   const user = await stackServerApp.getUser({ tokenStore: req });
-     *   return new Response("Welcome, " + user.displayName);
-     * }
-     * ```
-     */
-    getCrossOriginHeaders(): Promise<{
-        "x-stack-auth": string;
-    }>;
-    /**
-     * With most browsers now disabling third-party cookies by default, there need to be new ways to send authenticated
-     * requests across different origins. While `getCrossOriginHeaders` is the recommended way to do this, there
-     * are some cases where you might want to send the tokens differently, for example when you are using WebSockets
-     * or non-HTTP protocols.
-     *
-     * This function returns a token object that can be JSON-serialized and sent to the server in any way you like.
-     * There, you can use the `tokenStore` option on your Stack app to fetch user details.
-     *
-     * Example:
-     *
-     * ```ts
-     * // client
-     * const res = await rpcCall(rpcEndpoint, {
-     *   data: {
-     *     auth: await stackApp.getCrossOriginTokenObject(),
-     *   },
-     * });
-     *
-     * // server
-     * function handleRequest(data) {
-     *   const user = await stackServerApp.getUser({ tokenStore: data.auth });
-     *   return new Response("Welcome, " + user.displayName);
-     * }
-     * ```
-     */
-    getCrossOriginTokenObject(): Promise<{
-        accessToken: string | null;
-        refreshToken: string | null;
-    }>;
     [stackAppInternalsSymbol]: {
         toClientJson(): StackClientAppJson<HasTokenStore, ProjectId>;
         setCurrentUser(userJsonPromise: Promise<UserJson | null>): void;
@@ -376,4 +422,4 @@ type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends st
 });
 declare const StackAdminApp: StackAdminAppConstructor;
 
-export { type ApiKeySet, type ApiKeySetBase, type ApiKeySetFirstView, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type DomainConfig, type EmailConfig, type GetUserOptions, type HandlerUrls, type OAuthProviderConfig, type Permission, type Project, type ServerPermission, type ServerTeam, type ServerTeamMember, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamMember, type TokenStoreInit, type User, stackAppInternalsSymbol };
+export { type ApiKeySet, type ApiKeySetBase, type ApiKeySetFirstView, type Connection, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type DomainConfig, type EmailConfig, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Permission, type Project, type ServerPermission, type ServerTeam, type ServerTeamMember, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamMember, type TokenStoreInit, type User, stackAppInternalsSymbol };