@stackframe/stack 2.5.18 → 2.5.20

package/dist/lib/stack-app.d.mts

@@ -239,6 +239,9 @@ type UserExtra = {
     hasPermission(scope: Team, permissionId: string): Promise<boolean>;
     setSelectedTeam(team: Team | null): Promise<void>;
     createTeam(data: TeamCreateOptions): Promise<Team>;
+    leaveTeam(team: Team): Promise<void>;
+    getTeamProfile(team: Team): Promise<EditableTeamMemberProfile>;
+    useTeamProfile(team: Team): EditableTeamMemberProfile;
 } & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     recursive?: boolean;
 }], TeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
@@ -318,6 +321,7 @@ type AdminProject = {
     readonly isProductionMode: boolean;
     readonly config: AdminProjectConfig;
     update(this: AdminProject, update: AdminProjectUpdateOptions): Promise<void>;
+    delete(this: AdminProject): Promise<void>;
     getProductionModeErrors(this: AdminProject): Promise<ProductionModeError[]>;
     useProductionModeErrors(this: AdminProject): ProductionModeError[];
 } & Project;
@@ -337,15 +341,18 @@ type ProjectConfig = {
     readonly signUpEnabled: boolean;
     readonly credentialEnabled: boolean;
     readonly magicLinkEnabled: boolean;
+    readonly clientTeamCreationEnabled: boolean;
     readonly oauthProviders: OAuthProviderConfig[];
 };
 type OAuthProviderConfig = {
     readonly id: string;
 };
 type AdminProjectConfig = {
+    readonly id: string;
     readonly signUpEnabled: boolean;
     readonly credentialEnabled: boolean;
     readonly magicLinkEnabled: boolean;
+    readonly clientTeamCreationEnabled: boolean;
     readonly allowLocalhost: boolean;
     readonly oauthProviders: AdminOAuthProviderConfig[];
     readonly emailConfig?: AdminEmailConfig;
@@ -353,7 +360,7 @@ type AdminProjectConfig = {
     readonly createTeamOnSignUp: boolean;
     readonly teamCreatorDefaultPermissions: AdminTeamPermission[];
     readonly teamMemberDefaultPermissions: AdminTeamPermission[];
-} & OAuthProviderConfig;
+};
 type AdminEmailConfig = ({
     type: "standard";
     senderName: string;
@@ -389,6 +396,7 @@ type AdminProjectConfigUpdateOptions = {
     signUpEnabled?: boolean;
     credentialEnabled?: boolean;
     magicLinkEnabled?: boolean;
+    clientTeamCreationEnabled?: boolean;
     allowLocalhost?: boolean;
     createTeamOnSignUp?: boolean;
     emailConfig?: AdminEmailConfig;
@@ -433,6 +441,21 @@ type ApiKeyCreateOptions = {
     hasSecretServerKey: boolean;
     hasSuperSecretAdminKey: boolean;
 };
+type TeamMemberProfile = {
+    displayName: string | null;
+    profileImageUrl: string | null;
+};
+type TeamMemberProfileUpdateOptions = {
+    displayName?: string;
+    profileImageUrl?: string | null;
+};
+type EditableTeamMemberProfile = TeamMemberProfile & {
+    update(update: TeamMemberProfileUpdateOptions): Promise<void>;
+};
+type TeamUser = {
+    id: string;
+    teamProfile: TeamMemberProfile;
+};
 type Team = {
     id: string;
     displayName: string;
@@ -440,14 +463,25 @@ type Team = {
     inviteUser(options: {
         email: string;
     }): Promise<Result<undefined, KnownErrors["TeamPermissionRequired"]>>;
+    listUsers(): Promise<TeamUser[]>;
+    useUsers(): TeamUser[];
+    update(update: TeamUpdateOptions): Promise<void>;
+};
+type TeamUpdateOptions = {
+    displayName?: string;
+    profileImageUrl?: string | null;
 };
 type TeamCreateOptions = {
     displayName: string;
     profileImageUrl?: string;
 };
+type ServerTeamMemberProfile = TeamMemberProfile;
+type ServerTeamUser = ServerUser & {
+    teamProfile: ServerTeamMemberProfile;
+};
 type ServerTeam = {
     createdAt: Date;
-    listUsers(): Promise<ServerUser[]>;
+    listUsers(): Promise<ServerTeamUser[]>;
     useUsers(): ServerUser[];
     update(update: ServerTeamUpdateOptions): Promise<void>;
     delete(): Promise<void>;
@@ -510,7 +544,7 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
     signInWithCredential(options: {
         email: string;
         password: string;
-    }): Promise<KnownErrors["EmailPasswordMismatch"] | void>;
+    }): Promise<KnownErrors["EmailPasswordMismatch"] | KnownErrors["InvalidTotpCode"] | void>;
     signUpWithCredential(options: {
         email: string;
         password: string;
@@ -529,7 +563,7 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
         teamDisplayName: string;
     }, KnownErrors["VerificationCodeError"]>>;
     verifyEmail(code: string): Promise<KnownErrors["VerificationCodeError"] | void>;
-    signInWithMagicLink(code: string): Promise<KnownErrors["VerificationCodeError"] | void>;
+    signInWithMagicLink(code: string): Promise<KnownErrors["VerificationCodeError"] | KnownErrors["InvalidTotpCode"] | void>;
     redirectToOAuthCallback(): Promise<void>;
     useUser(options: GetUserOptions<HasTokenStore> & {
         or: 'redirect';
@@ -616,4 +650,4 @@ type AsyncStoreProperty<Name extends string, Args extends any[], Value, IsMultip
     [key in `use${Capitalize<Name>}`]: (...args: Args) => Value;
 };
 
-export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectUpdateOptions, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Connection, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamUpdateOptions, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamPermission, type TokenStoreInit, type User, serverTeamPermissionDefinitionCreateOptionsToCrud, serverTeamPermissionDefinitionUpdateOptionsToCrud, stackAppInternalsSymbol };
+export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectUpdateOptions, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Connection, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamMemberProfile, type TeamPermission, type TeamUpdateOptions, type TeamUser, type TokenStoreInit, type User, serverTeamPermissionDefinitionCreateOptionsToCrud, serverTeamPermissionDefinitionUpdateOptionsToCrud, stackAppInternalsSymbol };

package/dist/lib/stack-app.d.ts

@@ -239,6 +239,9 @@ type UserExtra = {
     hasPermission(scope: Team, permissionId: string): Promise<boolean>;
     setSelectedTeam(team: Team | null): Promise<void>;
     createTeam(data: TeamCreateOptions): Promise<Team>;
+    leaveTeam(team: Team): Promise<void>;
+    getTeamProfile(team: Team): Promise<EditableTeamMemberProfile>;
+    useTeamProfile(team: Team): EditableTeamMemberProfile;
 } & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     recursive?: boolean;
 }], TeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
@@ -318,6 +321,7 @@ type AdminProject = {
     readonly isProductionMode: boolean;
     readonly config: AdminProjectConfig;
     update(this: AdminProject, update: AdminProjectUpdateOptions): Promise<void>;
+    delete(this: AdminProject): Promise<void>;
     getProductionModeErrors(this: AdminProject): Promise<ProductionModeError[]>;
     useProductionModeErrors(this: AdminProject): ProductionModeError[];
 } & Project;
@@ -337,15 +341,18 @@ type ProjectConfig = {
     readonly signUpEnabled: boolean;
     readonly credentialEnabled: boolean;
     readonly magicLinkEnabled: boolean;
+    readonly clientTeamCreationEnabled: boolean;
     readonly oauthProviders: OAuthProviderConfig[];
 };
 type OAuthProviderConfig = {
     readonly id: string;
 };
 type AdminProjectConfig = {
+    readonly id: string;
     readonly signUpEnabled: boolean;
     readonly credentialEnabled: boolean;
     readonly magicLinkEnabled: boolean;
+    readonly clientTeamCreationEnabled: boolean;
     readonly allowLocalhost: boolean;
     readonly oauthProviders: AdminOAuthProviderConfig[];
     readonly emailConfig?: AdminEmailConfig;
@@ -353,7 +360,7 @@ type AdminProjectConfig = {
     readonly createTeamOnSignUp: boolean;
     readonly teamCreatorDefaultPermissions: AdminTeamPermission[];
     readonly teamMemberDefaultPermissions: AdminTeamPermission[];
-} & OAuthProviderConfig;
+};
 type AdminEmailConfig = ({
     type: "standard";
     senderName: string;
@@ -389,6 +396,7 @@ type AdminProjectConfigUpdateOptions = {
     signUpEnabled?: boolean;
     credentialEnabled?: boolean;
     magicLinkEnabled?: boolean;
+    clientTeamCreationEnabled?: boolean;
     allowLocalhost?: boolean;
     createTeamOnSignUp?: boolean;
     emailConfig?: AdminEmailConfig;
@@ -433,6 +441,21 @@ type ApiKeyCreateOptions = {
     hasSecretServerKey: boolean;
     hasSuperSecretAdminKey: boolean;
 };
+type TeamMemberProfile = {
+    displayName: string | null;
+    profileImageUrl: string | null;
+};
+type TeamMemberProfileUpdateOptions = {
+    displayName?: string;
+    profileImageUrl?: string | null;
+};
+type EditableTeamMemberProfile = TeamMemberProfile & {
+    update(update: TeamMemberProfileUpdateOptions): Promise<void>;
+};
+type TeamUser = {
+    id: string;
+    teamProfile: TeamMemberProfile;
+};
 type Team = {
     id: string;
     displayName: string;
@@ -440,14 +463,25 @@ type Team = {
     inviteUser(options: {
         email: string;
     }): Promise<Result<undefined, KnownErrors["TeamPermissionRequired"]>>;
+    listUsers(): Promise<TeamUser[]>;
+    useUsers(): TeamUser[];
+    update(update: TeamUpdateOptions): Promise<void>;
+};
+type TeamUpdateOptions = {
+    displayName?: string;
+    profileImageUrl?: string | null;
 };
 type TeamCreateOptions = {
     displayName: string;
     profileImageUrl?: string;
 };
+type ServerTeamMemberProfile = TeamMemberProfile;
+type ServerTeamUser = ServerUser & {
+    teamProfile: ServerTeamMemberProfile;
+};
 type ServerTeam = {
     createdAt: Date;
-    listUsers(): Promise<ServerUser[]>;
+    listUsers(): Promise<ServerTeamUser[]>;
     useUsers(): ServerUser[];
     update(update: ServerTeamUpdateOptions): Promise<void>;
     delete(): Promise<void>;
@@ -510,7 +544,7 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
     signInWithCredential(options: {
         email: string;
         password: string;
-    }): Promise<KnownErrors["EmailPasswordMismatch"] | void>;
+    }): Promise<KnownErrors["EmailPasswordMismatch"] | KnownErrors["InvalidTotpCode"] | void>;
     signUpWithCredential(options: {
         email: string;
         password: string;
@@ -529,7 +563,7 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
         teamDisplayName: string;
     }, KnownErrors["VerificationCodeError"]>>;
     verifyEmail(code: string): Promise<KnownErrors["VerificationCodeError"] | void>;
-    signInWithMagicLink(code: string): Promise<KnownErrors["VerificationCodeError"] | void>;
+    signInWithMagicLink(code: string): Promise<KnownErrors["VerificationCodeError"] | KnownErrors["InvalidTotpCode"] | void>;
     redirectToOAuthCallback(): Promise<void>;
     useUser(options: GetUserOptions<HasTokenStore> & {
         or: 'redirect';
@@ -616,4 +650,4 @@ type AsyncStoreProperty<Name extends string, Args extends any[], Value, IsMultip
     [key in `use${Capitalize<Name>}`]: (...args: Args) => Value;
 };
 
-export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectUpdateOptions, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Connection, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamUpdateOptions, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamPermission, type TokenStoreInit, type User, serverTeamPermissionDefinitionCreateOptionsToCrud, serverTeamPermissionDefinitionUpdateOptionsToCrud, stackAppInternalsSymbol };
+export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectUpdateOptions, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Connection, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamMemberProfile, type TeamPermission, type TeamUpdateOptions, type TeamUser, type TokenStoreInit, type User, serverTeamPermissionDefinitionCreateOptionsToCrud, serverTeamPermissionDefinitionUpdateOptionsToCrud, stackAppInternalsSymbol };

package/dist/lib/stack-app.js

@@ -63,7 +63,7 @@ var import_url = require("../utils/url");
 var import_auth = require("./auth");
 var import_cookie = require("./cookie");
 var NextNavigation = (0, import_compile_time.scrambleDuringCompileTime)(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.5.18";
+var clientVersion = "js @stackframe/stack@2.5.20";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   const home = partial.home ?? "/";
@@ -216,6 +216,16 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         });
       }
     );
+    this._teamMemberProfilesCache = createCacheBySession(
+      async (session, [teamId]) => {
+        return await this._interface.listTeamMemberProfiles({ teamId }, session);
+      }
+    );
+    this._currentUserTeamProfileCache = createCacheBySession(
+      async (session, [teamId]) => {
+        return await this._interface.getTeamMemberProfile({ teamId, userId: "me" }, session);
+      }
+    );
     this._memoryTokenStore = createEmptyTokenStore();
     this._requestTokenStores = /* @__PURE__ */ new WeakMap();
     this._storedCookieTokenStore = null;
@@ -497,6 +507,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     return import_react2.default.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);
   }
   async _signInToAccountWithTokens(tokens) {
+    if (!("accessToken" in tokens) || !("refreshToken" in tokens)) {
+      throw new import_errors.StackAssertionError("Invalid tokens object; can't sign in with this", { tokens });
+    }
     const tokenStore = this._getOrCreateTokenStore();
     tokenStore.set(tokens);
   }
@@ -524,6 +537,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         signUpEnabled: crud.config.sign_up_enabled,
         credentialEnabled: crud.config.credential_enabled,
         magicLinkEnabled: crud.config.magic_link_enabled,
+        clientTeamCreationEnabled: crud.config.client_team_creation_enabled,
         oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({
           id: p.id
         }))
@@ -535,6 +549,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       id: crud.id
     };
   }
+  _clientTeamUserFromCrud(crud) {
+    return {
+      id: crud.user_id,
+      teamProfile: {
+        displayName: crud.display_name,
+        profileImageUrl: crud.profile_image_url
+      }
+    };
+  }
   _clientTeamFromCrud(crud) {
     const app = this;
     return {
@@ -548,6 +571,18 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           session: app._getSession(),
           callbackUrl: (0, import_url.constructRedirectUrl)(app.urls.teamInvitation)
         });
+      },
+      async listUsers() {
+        const result = await app._teamMemberProfilesCache.getOrWait([app._getSession(), crud.id], "write-only");
+        return result.map((crud2) => app._clientTeamUserFromCrud(crud2));
+      },
+      useUsers() {
+        const result = useAsyncCache(app._teamMemberProfilesCache, [app._getSession(), crud.id], "team.useUsers()");
+        return result.map((crud2) => app._clientTeamUserFromCrud(crud2));
+      },
+      async update(data) {
+        await app._interface.updateTeam({ data: teamUpdateOptionsToCrud(data), teamId: crud.id }, app._getSession());
+        await app._currentUserTeamsCache.refresh([app._getSession()]);
       }
     };
   }
@@ -600,6 +635,24 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     };
   }
+  _editableTeamProfileFromCrud(crud) {
+    const app = this;
+    return {
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url,
+      async update(update) {
+        await app._interface.updateTeamMemberProfile({
+          teamId: crud.team_id,
+          userId: crud.user_id,
+          profile: {
+            display_name: update.displayName,
+            profile_image_url: update.profileImageUrl
+          }
+        }, app._getSession());
+        await app._currentUserTeamProfileCache.refresh([app._getSession(), crud.team_id]);
+      }
+    };
+  }
   _createUserExtra(crud, session) {
     const app = this;
     async function getConnectedAccount(id, options) {
@@ -645,6 +698,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         await app._currentUserTeamsCache.refresh([session]);
         return app._clientTeamFromCrud(crud2);
       },
+      async leaveTeam(team) {
+        await app._interface.leaveTeam(team.id, session);
+      },
       async listPermissions(scope, options) {
         const recursive = options?.recursive ?? true;
         const permissions = await app._currentUserPermissionsCache.getOrWait([session, scope.id, recursive], "write-only");
@@ -677,6 +733,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       },
       async updatePassword(options) {
         return await app._updatePassword(options, session);
+      },
+      async getTeamProfile(team) {
+        const result = await app._currentUserTeamProfileCache.getOrWait([session, team.id], "write-only");
+        return app._editableTeamProfileFromCrud(result);
+      },
+      useTeamProfile(team) {
+        const result = useAsyncCache(app._currentUserTeamProfileCache, [session, team.id], "user.useTeamProfile()");
+        return app._editableTeamProfileFromCrud(result);
       }
     };
   }
@@ -930,33 +994,48 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     );
   }
+  /**
+   * @deprecated
+   * TODO remove
+   */
+  async _experimentalMfa(error, session) {
+    const otp = prompt("Please enter the six-digit TOTP code from your authenticator app.");
+    if (!otp) {
+      throw new import_stack_shared.KnownErrors.InvalidTotpCode();
+    }
+    return await this._interface.totpMfa(
+      error.details?.attempt_code ?? (0, import_errors.throwErr)("attempt code missing"),
+      otp,
+      session
+    );
+  }
+  /**
+   * @deprecated
+   * TODO remove
+   */
+  async _catchMfaRequiredError(callback) {
+    try {
+      return await callback();
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.MultiFactorAuthenticationRequired) {
+        return await this._experimentalMfa(e, this._getSession());
+      }
+      throw e;
+    }
+  }
   async signInWithCredential(options) {
     this._ensurePersistentTokenStore();
     const session = this._getSession();
     let result;
     try {
-      result = await this._interface.signInWithCredential(options.email, options.password, session);
+      result = await this._catchMfaRequiredError(async () => {
+        return await this._interface.signInWithCredential(options.email, options.password, session);
+      });
     } catch (e) {
-      if (options.__experimental_mfa && e instanceof import_stack_shared.KnownErrors.MultiFactorAuthenticationRequired) {
-        const otp = prompt("Please enter the six-digit TOTP code from your authenticator app.");
-        try {
-          if (!otp) {
-            throw new import_stack_shared.KnownErrors.InvalidTotpCode();
-          }
-          result = await this._interface.totpMfa(
-            e.details?.attempt_code ?? (0, import_errors.throwErr)("attempt code missing"),
-            otp,
-            session
-          );
-        } catch (e2) {
-          if (e2 instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
-            return e2;
-          }
-          throw e2;
-        }
-      } else {
-        throw e;
+      if (e instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
+        return e;
       }
+      throw e;
     }
     if (!(result instanceof import_stack_shared.KnownError)) {
       await this._signInToAccountWithTokens(result);
@@ -982,7 +1061,17 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   async signInWithMagicLink(code) {
     this._ensurePersistentTokenStore();
-    const result = await this._interface.signInWithMagicLink(code);
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        return await this._interface.signInWithMagicLink(code);
+      });
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
+        return e;
+      }
+      throw e;
+    }
     if (result instanceof import_stack_shared.KnownError) {
       return result;
     }
@@ -995,10 +1084,21 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   async callOAuthCallback() {
     this._ensurePersistentTokenStore();
-    const result = await (0, import_auth.callOAuthCallback)(this._interface, this.urls.oauthCallback);
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        return await (0, import_auth.callOAuthCallback)(this._interface, this.urls.oauthCallback);
+      });
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
+        alert("Invalid TOTP code. Please try signing in again.");
+      }
+      throw e;
+    }
     if (result) {
+      console.log("OAuth callback result", result);
       await this._signInToAccountWithTokens(result);
-      if (result.afterCallbackRedirectUrl) {
+      if ("afterCallbackRedirectUrl" in result && result.afterCallbackRedirectUrl) {
         await _redirectTo(result.afterCallbackRedirectUrl, { replace: true });
         return true;
       } else if (result.newUser) {
@@ -1152,9 +1252,6 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     this._serverTeamsCache = createCache(async ([userId]) => {
       return await this._interface.listServerTeams({ userId });
     });
-    this._serverTeamUsersCache = createCache(async ([teamId]) => {
-      return await this._interface.listServerTeamUsers(teamId);
-    });
     this._serverTeamUserPermissionsCache = createCache(async ([teamId, userId, recursive]) => {
       return await this._interface.listServerTeamPermissions({ teamId, userId, recursive }, null);
     });
@@ -1184,12 +1281,33 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         });
       }
     );
+    this._serverTeamMemberProfilesCache = createCache(
+      async ([teamId]) => {
+        return await this._interface.listServerTeamMemberProfiles({ teamId });
+      }
+    );
+    this._serverUserTeamProfileCache = createCache(
+      async ([teamId, userId]) => {
+        return await this._interface.getServerTeamMemberProfile({ teamId, userId });
+      }
+    );
   }
   async _updateServerUser(userId, update) {
     const result = await this._interface.updateServerUser(userId, serverUserUpdateOptionsToCrud(update));
     await this._refreshUsers();
     return result;
   }
+  _serverEditableTeamProfileFromCrud(crud) {
+    const app = this;
+    const clientProfile = this._editableTeamProfileFromCrud(crud);
+    return {
+      ...clientProfile,
+      async update(update) {
+        await clientProfile.update(update);
+        await app._serverUserTeamProfileCache.refresh([crud.team_id, crud.user_id]);
+      }
+    };
+  }
   _serverUserFromCrud(crud) {
     const app = this;
     async function getConnectedAccount(id, options) {
@@ -1268,6 +1386,9 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         await app._serverTeamsCache.refresh([void 0]);
         return app._serverTeamFromCrud(team);
       },
+      leaveTeam: async (team) => {
+        await app._interface.leaveServerTeam({ teamId: team.id, userId: crud.id });
+      },
       async listPermissions(scope, options) {
         const recursive = options?.recursive ?? true;
         const permissions = await app._serverTeamUserPermissionsCache.getOrWait([scope.id, crud.id, recursive], "write-only");
@@ -1297,6 +1418,23 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       },
       async updatePassword(options) {
         return await app._checkFeatureSupport("updatePassword() on ServerUser", {});
+      },
+      async getTeamProfile(team) {
+        const result = await app._serverUserTeamProfileCache.getOrWait([team.id, crud.id], "write-only");
+        return app._serverEditableTeamProfileFromCrud(result);
+      },
+      useTeamProfile(team) {
+        const result = useAsyncCache(app._serverUserTeamProfileCache, [team.id, crud.id], "user.useTeamProfile()");
+        return (0, import_react2.useMemo)(() => app._serverEditableTeamProfileFromCrud(result), [result]);
+      }
+    };
+  }
+  _serverTeamUserFromCrud(crud) {
+    return {
+      ...this._serverUserFromCrud(crud.user),
+      teamProfile: {
+        displayName: crud.display_name,
+        profileImageUrl: crud.profile_image_url
       }
     };
   }
@@ -1317,9 +1455,6 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       displayName: crud.display_name,
       profileImageUrl: crud.profile_image_url,
       createdAt: new Date(crud.created_at_millis),
-      async listUsers() {
-        return (await app._interface.listServerTeamUsers(crud.id)).map((u) => app._serverUserFromCrud(u));
-      },
       async update(update) {
         await app._interface.updateServerTeam(crud.id, serverTeamUpdateOptionsToCrud(update));
         await app._serverTeamsCache.refresh([void 0]);
@@ -1328,23 +1463,27 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         await app._interface.deleteServerTeam(crud.id);
         await app._serverTeamsCache.refresh([void 0]);
       },
+      async listUsers() {
+        const result = await app._serverTeamMemberProfilesCache.getOrWait([crud.id], "write-only");
+        return result.map((u) => app._serverTeamUserFromCrud(u));
+      },
       useUsers() {
-        const result = useAsyncCache(app._serverTeamUsersCache, [crud.id], "team.useUsers()");
-        return (0, import_react2.useMemo)(() => result.map((u) => app._serverUserFromCrud(u)), [result]);
+        const result = useAsyncCache(app._serverTeamMemberProfilesCache, [crud.id], "team.useUsers()");
+        return (0, import_react2.useMemo)(() => result.map((u) => app._serverTeamUserFromCrud(u)), [result]);
       },
       async addUser(userId) {
         await app._interface.addServerUserToTeam({
           teamId: crud.id,
           userId
         });
-        await app._serverTeamUsersCache.refresh([crud.id]);
+        await app._serverTeamMemberProfilesCache.refresh([crud.id]);
       },
       async removeUser(userId) {
         await app._interface.removeServerUserFromTeam({
           teamId: crud.id,
           userId
         });
-        await app._serverTeamUsersCache.refresh([crud.id]);
+        await app._serverTeamMemberProfilesCache.refresh([crud.id]);
       },
       async inviteUser(options) {
         return await app._interface.sendTeamInvitation({
@@ -1541,6 +1680,7 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         signUpEnabled: data.config.sign_up_enabled,
         credentialEnabled: data.config.credential_enabled,
         magicLinkEnabled: data.config.magic_link_enabled,
+        clientTeamCreationEnabled: data.config.client_team_creation_enabled,
         allowLocalhost: data.config.allow_localhost,
         oauthProviders: data.config.oauth_providers.map((p) => p.type === "shared" ? {
           id: p.id,
@@ -1577,6 +1717,9 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));
         await onRefresh();
       },
+      async delete() {
+        await app._interface.deleteProject();
+      },
       async getProductionModeErrors() {
         return (0, import_production_mode.getProductionModeErrors)(data);
       },
@@ -1781,6 +1924,7 @@ function adminProjectUpdateOptionsToCrud(options) {
       magic_link_enabled: options.config?.magicLinkEnabled,
       allow_localhost: options.config?.allowLocalhost,
       create_team_on_sign_up: options.config?.createTeamOnSignUp,
+      client_team_creation_enabled: options.config?.clientTeamCreationEnabled,
       team_creator_default_permissions: options.config?.teamCreatorDefaultPermissions,
       team_member_default_permissions: options.config?.teamMemberDefaultPermissions
     }
@@ -1801,6 +1945,12 @@ function apiKeyCreateOptionsToCrud(options) {
     has_super_secret_admin_key: options.hasSuperSecretAdminKey
   };
 }
+function teamUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl
+  };
+}
 function teamCreateOptionsToCrud(options) {
   return {
     display_name: options.displayName,