@stackframe/stack 2.8.54 → 2.8.58

package/dist/index.d.ts

@@ -42,6 +42,15 @@ type RedirectMethod = "window" | "nextjs" | "none" | {
 };
 type GetCurrentUserOptions<HasTokenStore> = {
     or?: 'redirect' | 'throw' | 'return-null' | 'anonymous' | /** @deprecated */ 'anonymous-if-exists[deprecated]';
+    /**
+     * Whether to include restricted users (users who haven't completed onboarding requirements like email verification).
+     * By default, restricted users are filtered out (treated similar to anonymous users).
+     *
+     * Note: This option cannot be set to false when `or: 'anonymous'` is used, as all anonymous users are also restricted.
+     *
+     * @default false
+     */
+    includeRestricted?: boolean;
     tokenStore?: TokenStoreInit;
 } & (HasTokenStore extends false ? {
     tokenStore: TokenStoreInit;
@@ -89,6 +98,7 @@ type HandlerUrls = {
     teamInvitation: string;
     mfa: string;
     error: string;
+    onboarding: string;
 };
 type OAuthScopesOnSignIn = {
     [key in ProviderType]: string[];
@@ -104,6 +114,22 @@ type AuthLike<ExtraOptions = {}> = {
     signOut(options?: {
         redirectUrl?: URL | string;
     }): Promise<void>;
+    /**
+     * Returns the current access token, or null if the user is not signed in.
+     *
+     * The access token is a short-lived JWT that can be used to authenticate requests to external servers.
+     * It will be automatically refreshed when it expires.
+     */
+    getAccessToken(options?: {} & ExtraOptions): Promise<string | null>;
+    useAccessToken(options?: {} & ExtraOptions): string | null;
+    /**
+     * Returns the current refresh token, or null if the user is not signed in.
+     *
+     * The refresh token is a long-lived token that can be used to obtain new access tokens.
+     * It should be kept secret and never exposed to the client.
+     */
+    getRefreshToken(options?: {} & ExtraOptions): Promise<string | null>;
+    useRefreshToken(options?: {} & ExtraOptions): string | null;
     /**
      * Returns headers for sending authenticated HTTP requests to external servers. Most commonly used in cross-origin
      * requests. Similar to `getAuthJson`, but specifically for HTTP requests.
@@ -120,8 +146,8 @@ type AuthLike<ExtraOptions = {}> = {
      * must include `x-stack-auth` in the [`Access-Control-Allow-Headers` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers)
      * of the CORS preflight response.
      *
-     * If you are not using HTTP (and hence cannot set headers), you will need to use the `getAuthJson()` function
-     * instead.
+     * If you are not using HTTP (and hence cannot set headers), you will need to use the `getAccessToken()` and
+     * `getRefreshToken()` functions instead.
      *
      * Example:
      *
@@ -144,7 +170,12 @@ type AuthLike<ExtraOptions = {}> = {
     getAuthHeaders(options?: {} & ExtraOptions): Promise<{
         "x-stack-auth": string;
     }>;
+    useAuthHeaders(options?: {} & ExtraOptions): {
+        "x-stack-auth": string;
+    };
     /**
+     * @deprecated Use `getAccessToken()` and `getRefreshToken()` instead.
+     *
      * Creates a JSON-serializable object containing the information to authenticate a user on an external server.
      * Similar to `getAuthHeaders`, but returns an object that can be sent over any protocol instead of just
      * HTTP headers.
@@ -175,6 +206,11 @@ type AuthLike<ExtraOptions = {}> = {
         accessToken: string | null;
         refreshToken: string | null;
     }>;
+    /** @deprecated Use `useAccessToken()` and `useRefreshToken()` instead. */
+    useAuthJson(options?: {} & ExtraOptions): {
+        accessToken: string | null;
+        refreshToken: string | null;
+    };
 };
 /** @internal */
 declare const stackAppInternalsSymbol: unique symbol;
@@ -259,6 +295,137 @@ type AdminSentEmail = {
     sentAt: Date;
     error?: unknown;
 };
+type AdminEmailOutboxRecipient = {
+    type: "user-primary-email";
+    userId: string;
+} | {
+    type: "user-custom-emails";
+    userId: string;
+    emails: string[];
+} | {
+    type: "custom-emails";
+    emails: string[];
+};
+type AdminEmailOutboxStatus = "paused" | "preparing" | "rendering" | "render-error" | "scheduled" | "queued" | "sending" | "server-error" | "skipped" | "bounced" | "delivery-delayed" | "sent" | "opened" | "clicked" | "marked-as-spam";
+type AdminEmailOutboxSimpleStatus = "in-progress" | "ok" | "error";
+type AdminEmailOutboxBase = {
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    to: AdminEmailOutboxRecipient;
+    scheduledAt: Date;
+    isPaused: false;
+    hasRendered: false;
+    hasDelivered: false;
+};
+type AdminEmailOutboxRenderedFields = Omit<AdminEmailOutboxBase, "hasRendered"> & {
+    hasRendered: true;
+    startedRenderingAt: Date;
+    renderedAt: Date;
+    subject: string;
+    html: string | null;
+    text: string | null;
+    isTransactional: boolean;
+    isHighPriority: boolean;
+    notificationCategoryId: string | null;
+};
+type AdminEmailOutboxStartedSendingFields = AdminEmailOutboxRenderedFields & {
+    startedSendingAt: Date;
+};
+type AdminEmailOutboxFinishedDeliveringFields = Omit<AdminEmailOutboxStartedSendingFields, "hasDelivered"> & {
+    hasDelivered: true;
+    deliveredAt: Date;
+};
+type AdminEmailOutboxPaused = Omit<AdminEmailOutboxBase, "isPaused"> & {
+    status: "paused";
+    simpleStatus: "in-progress";
+    isPaused: true;
+};
+type AdminEmailOutboxPreparing = AdminEmailOutboxBase & {
+    status: "preparing";
+    simpleStatus: "in-progress";
+};
+type AdminEmailOutboxRendering = AdminEmailOutboxBase & {
+    status: "rendering";
+    simpleStatus: "in-progress";
+    startedRenderingAt: Date;
+};
+type AdminEmailOutboxRenderError = AdminEmailOutboxBase & {
+    status: "render-error";
+    simpleStatus: "error";
+    startedRenderingAt: Date;
+    renderedAt: Date;
+    renderError: string;
+};
+type AdminEmailOutboxScheduled = AdminEmailOutboxRenderedFields & {
+    status: "scheduled";
+    simpleStatus: "in-progress";
+};
+type AdminEmailOutboxQueued = AdminEmailOutboxRenderedFields & {
+    status: "queued";
+    simpleStatus: "in-progress";
+};
+type AdminEmailOutboxSending = AdminEmailOutboxStartedSendingFields & {
+    status: "sending";
+    simpleStatus: "in-progress";
+};
+type AdminEmailOutboxServerError = AdminEmailOutboxStartedSendingFields & {
+    status: "server-error";
+    simpleStatus: "error";
+    errorAt: Date;
+    serverError: string;
+};
+type AdminEmailOutboxSkipped = Omit<AdminEmailOutboxBase, "hasRendered"> & {
+    status: "skipped";
+    simpleStatus: "ok";
+    hasRendered: boolean;
+    skippedAt: Date;
+    skippedReason: string;
+    skippedDetails: Record<string, unknown>;
+    startedRenderingAt?: Date;
+    renderedAt?: Date;
+    subject?: string;
+    html?: string | null;
+    text?: string | null;
+    isTransactional?: boolean;
+    isHighPriority?: boolean;
+    notificationCategoryId?: string | null;
+    startedSendingAt?: Date;
+};
+type AdminEmailOutboxBounced = AdminEmailOutboxStartedSendingFields & {
+    status: "bounced";
+    simpleStatus: "error";
+    bouncedAt: Date;
+};
+type AdminEmailOutboxDeliveryDelayed = AdminEmailOutboxStartedSendingFields & {
+    status: "delivery-delayed";
+    simpleStatus: "ok";
+    deliveryDelayedAt: Date;
+};
+type AdminEmailOutboxSent = AdminEmailOutboxFinishedDeliveringFields & {
+    status: "sent";
+    simpleStatus: "ok";
+    canHaveDeliveryInfo: boolean;
+};
+type AdminEmailOutboxOpened = AdminEmailOutboxFinishedDeliveringFields & {
+    status: "opened";
+    simpleStatus: "ok";
+    openedAt: Date;
+    canHaveDeliveryInfo: true;
+};
+type AdminEmailOutboxClicked = AdminEmailOutboxFinishedDeliveringFields & {
+    status: "clicked";
+    simpleStatus: "ok";
+    clickedAt: Date;
+    canHaveDeliveryInfo: true;
+};
+type AdminEmailOutboxMarkedAsSpam = AdminEmailOutboxFinishedDeliveringFields & {
+    status: "marked-as-spam";
+    simpleStatus: "ok";
+    markedAsSpamAt: Date;
+    canHaveDeliveryInfo: true;
+};
+type AdminEmailOutbox = AdminEmailOutboxPaused | AdminEmailOutboxPreparing | AdminEmailOutboxRendering | AdminEmailOutboxRenderError | AdminEmailOutboxScheduled | AdminEmailOutboxQueued | AdminEmailOutboxSending | AdminEmailOutboxServerError | AdminEmailOutboxSkipped | AdminEmailOutboxBounced | AdminEmailOutboxDeliveryDelayed | AdminEmailOutboxSent | AdminEmailOutboxOpened | AdminEmailOutboxClicked | AdminEmailOutboxMarkedAsSpam;
 type SendEmailOptionsBase = {
     themeId?: string | null | false;
     subject?: string;
@@ -283,6 +450,25 @@ type SendEmailOptions = SendEmailOptionsBase & XOR<[
         draftId: string;
     }
 ]>;
+type EmailDeliveryWindowStats = {
+    sent: number;
+    bounced: number;
+    marked_as_spam: number;
+};
+type EmailDeliveryStats = {
+    hour: EmailDeliveryWindowStats;
+    day: EmailDeliveryWindowStats;
+    week: EmailDeliveryWindowStats;
+    month: EmailDeliveryWindowStats;
+};
+type EmailDeliveryCapacity = {
+    rate_per_second: number;
+    penalty_factor: number;
+};
+type EmailDeliveryInfo = {
+    stats: EmailDeliveryStats;
+    capacity: EmailDeliveryCapacity;
+};
 
 type InternalApiKeyBase = {
     id: string;
@@ -485,18 +671,21 @@ type ServerOAuthProvider = {
     }): Promise<Result<void, InstanceType<typeof KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn>>>;
     delete(): Promise<void>;
 };
-type Session = {
-    getTokens(): Promise<{
-        accessToken: string | null;
-        refreshToken: string | null;
-    }>;
-};
 /**
  * Contains everything related to the current user session.
  */
 type Auth = AuthLike<{}> & {
     readonly _internalSession: InternalSession;
-    readonly currentSession: Session;
+    readonly currentSession: {
+        getTokens(): Promise<{
+            accessToken: string | null;
+            refreshToken: string | null;
+        }>;
+        useTokens(): {
+            accessToken: string | null;
+            refreshToken: string | null;
+        };
+    };
 };
 /**
  * ```
@@ -542,6 +731,18 @@ type BaseUser = {
     readonly passkeyAuthEnabled: boolean;
     readonly isMultiFactorRequired: boolean;
     readonly isAnonymous: boolean;
+    /**
+     * Whether the user is in restricted state (signed up but hasn't completed onboarding requirements).
+     * For example, if email verification is required but the user hasn't verified their email yet.
+     */
+    readonly isRestricted: boolean;
+    /**
+     * The reason why the user is restricted, e.g., { type: "email_not_verified" } or { type: "anonymous" }.
+     * Null if the user is not restricted.
+     */
+    readonly restrictedReason: {
+        type: "anonymous" | "email_not_verified";
+    } | null;
     toClientJson(): CurrentUserCrud["Client"]["Read"];
     /**
      * @deprecated, use contact channel's usedForAuth instead
@@ -555,7 +756,7 @@ type BaseUser = {
     }[];
 };
 type UserExtra = {
-    setDisplayName(displayName: string): Promise<void>;
+    setDisplayName(displayName: string | null): Promise<void>;
     /** @deprecated Use contact channel's sendVerificationEmail instead */
     sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
     setClientMetadata(metadata: any): Promise<void>;
@@ -611,7 +812,7 @@ type UserExtra = {
     usePermission(scope: Team, permissionId: string): TeamPermission | null;
     usePermission(permissionId: string): TeamPermission | null;
     readonly selectedTeam: Team | null;
-    setSelectedTeam(team: Team | null): Promise<void>;
+    setSelectedTeam(teamOrId: string | Team | null): Promise<void>;
     createTeam(data: TeamCreateOptions): Promise<Team>;
     leaveTeam(team: Team): Promise<void>;
     getActiveSessions(): Promise<ActiveSession[]>;
@@ -639,8 +840,8 @@ type User = BaseUser;
 type CurrentUser = BaseUser & Auth & UserExtra & Customer;
 type CurrentInternalUser = CurrentUser & InternalUserExtra;
 type ProjectCurrentUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalUser : CurrentUser;
-type TokenPartialUser = Pick<User, "id" | "displayName" | "primaryEmail" | "primaryEmailVerified" | "isAnonymous">;
-type SyncedPartialUser = TokenPartialUser & Pick<User, "id" | "displayName" | "primaryEmail" | "primaryEmailVerified" | "profileImageUrl" | "signedUpAt" | "clientMetadata" | "clientReadOnlyMetadata" | "isAnonymous" | "hasPassword">;
+type TokenPartialUser = Pick<User, "id" | "displayName" | "primaryEmail" | "primaryEmailVerified" | "isAnonymous" | "isRestricted" | "restrictedReason">;
+type SyncedPartialUser = TokenPartialUser & Pick<User, "id" | "displayName" | "primaryEmail" | "primaryEmailVerified" | "profileImageUrl" | "signedUpAt" | "clientMetadata" | "clientReadOnlyMetadata" | "isAnonymous" | "hasPassword" | "isRestricted" | "restrictedReason">;
 type ActiveSession = {
     id: string;
     userId: string;
@@ -651,13 +852,14 @@ type ActiveSession = {
     geoInfo?: GeoInfo;
 };
 type UserUpdateOptions = {
-    displayName?: string;
+    displayName?: string | null;
     clientMetadata?: ReadonlyJson;
     selectedTeamId?: string | null;
     totpMultiFactorSecret?: Uint8Array | null;
     profileImageUrl?: string | null;
     otpAuthEnabled?: boolean;
     passkeyAuthEnabled?: boolean;
+    primaryEmail?: string | null;
 };
 type ServerBaseUser = {
     setPrimaryEmail(email: string | null, options?: {
@@ -704,7 +906,12 @@ type ServerBaseUser = {
     createSession(options?: {
         expiresInMillis?: number;
         isImpersonation?: boolean;
-    }): Promise<Session>;
+    }): Promise<{
+        getTokens(): Promise<{
+            accessToken: string | null;
+            refreshToken: string | null;
+        }>;
+    }>;
 } & AsyncStoreProperty<"team", [id: string], ServerTeam | null, false> & AsyncStoreProperty<"teams", [], ServerTeam[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     direct?: boolean;
 }], AdminTeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
@@ -811,6 +1018,15 @@ type ServerListUsersOptions = {
     orderBy?: 'signedUpAt';
     desc?: boolean;
     query?: string;
+    /**
+     * Whether to include restricted users (users who haven't completed onboarding requirements).
+     * Defaults to false.
+     */
+    includeRestricted?: boolean;
+    /**
+     * Whether to include anonymous users (and restricted users).
+     * Defaults to false.
+     */
     includeAnonymous?: boolean;
 };
 type ServerTeamCreateOptions = TeamCreateOptions & {
@@ -925,6 +1141,8 @@ type StackServerApp<HasTokenStore extends boolean = boolean, ProjectId extends s
         allowConnectedAccounts: boolean;
     }): Promise<Result<ServerOAuthProvider, InstanceType<typeof KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn>>>;
     sendEmail(options: SendEmailOptions): Promise<void>;
+    getEmailDeliveryStats(): Promise<EmailDeliveryInfo>;
+    useEmailDeliveryStats(): EmailDeliveryInfo;
 } & AsyncStoreProperty<"user", [id: string], ServerUser | null, false> & Omit<AsyncStoreProperty<"users", [], ServerUser[], true>, "listUsers" | "useUsers"> & AsyncStoreProperty<"teams", [], ServerTeam[], true> & AsyncStoreProperty<"dataVaultStore", [id: string], DataVaultStore, false> & AsyncStoreProperty<"item", [
     {
         itemId: string;
@@ -941,6 +1159,21 @@ type StackServerApp<HasTokenStore extends boolean = boolean, ProjectId extends s
 ], CustomerProductsList, true> & StackClientApp<HasTokenStore, ProjectId>);
 declare const StackServerApp: StackServerAppConstructor;
 
+type EmailOutboxListOptions = {
+    status?: string;
+    simpleStatus?: string;
+    limit?: number;
+    cursor?: string;
+};
+type EmailOutboxListResult = {
+    items: AdminEmailOutbox[];
+    nextCursor: string | null;
+};
+type EmailOutboxUpdateOptions = {
+    isPaused?: boolean;
+    scheduledAtMillis?: number;
+    cancel?: boolean;
+};
 type StackAdminAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = (StackServerAppConstructorOptions<HasTokenStore, ProjectId> & {
     superSecretAdminKey?: string;
     projectOwnerSession?: InternalSession;
@@ -1073,6 +1306,12 @@ type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends st
         type: "subscription" | "one-time-purchase";
         id: string;
     }): Promise<void>;
+    listOutboxEmails(options?: EmailOutboxListOptions): Promise<EmailOutboxListResult>;
+    getOutboxEmail(id: string): Promise<AdminEmailOutbox>;
+    updateOutboxEmail(id: string, options: EmailOutboxUpdateOptions): Promise<AdminEmailOutbox>;
+    pauseOutboxEmail(id: string): Promise<AdminEmailOutbox>;
+    unpauseOutboxEmail(id: string): Promise<AdminEmailOutbox>;
+    cancelOutboxEmail(id: string): Promise<AdminEmailOutbox>;
 } & StackServerApp<HasTokenStore, ProjectId>);
 declare const StackAdminApp: StackAdminAppConstructor;
 
@@ -1090,6 +1329,9 @@ type ProjectConfig = {
 type OAuthProviderConfig = {
     readonly id: string;
 };
+/**
+ * @deprecated This type is deprecated. Use the new config override setup instead.
+ */
 type AdminProjectConfig = {
     readonly signUpEnabled: boolean;
     readonly credentialEnabled: boolean;
@@ -1335,6 +1577,12 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
         or: 'anonymous';
     }): Promise<ProjectCurrentUser<ProjectId>>;
     getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> | null>;
+    cancelSubscription(options: {
+        productId: string;
+    } | {
+        productId: string;
+        teamId: string;
+    }): Promise<void>;
     getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & {
         from: 'token';
     }): Promise<TokenPartialUser | null>;
@@ -1462,6 +1710,10 @@ declare function OAuthCallback({ fullPage }: {
     fullPage?: boolean;
 }): react_jsx_runtime.JSX.Element;
 
+declare function Onboarding(props: {
+    fullPage?: boolean;
+}): react_jsx_runtime.JSX.Element | null;
+
 declare function PasswordReset({ searchParams, fullPage, }: {
     searchParams: Record<string, string>;
     fullPage?: boolean;
@@ -1490,6 +1742,7 @@ type Components = {
     AccountSettings: typeof AccountSettings;
     CliAuthConfirmation: typeof CliAuthConfirmation;
     MFA: typeof MFA;
+    Onboarding: typeof Onboarding;
 };
 type BaseHandlerProps = {
     fullPage: boolean;
@@ -1761,4 +2014,4 @@ type UserButtonProps = {
 };
 declare function UserButton(props: UserButtonProps): react_jsx_runtime.JSX.Element;
 
-export { AccountSettings, type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectPermission, type AdminProjectPermissionDefinition, type AdminProjectPermissionDefinitionCreateOptions, type AdminProjectPermissionDefinitionUpdateOptions, type AdminProjectUpdateOptions, type AdminSentEmail, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type Auth, AuthPage, CliAuthConfirmation, type Connection, type ContactChannel, CredentialSignIn, CredentialSignUp, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, EmailVerification, ForgotPassword, type GetCurrentUserOptions, type GetCurrentUserOptions as GetUserOptions, type HandlerUrls, type InternalApiKey, type InternalApiKeyBase, type InternalApiKeyBaseCrudRead, type InternalApiKeyCreateOptions, type InternalApiKeyFirstView, MagicLinkSignIn, MessageCard, OAuthButton, OAuthButtonGroup, type OAuthConnection, type OAuthProvider, type OAuthProviderConfig, type OAuthScopesOnSignIn, PasswordReset, type Project, type ProjectConfig, SelectedTeamSwitcher, type ServerContactChannel, type ServerListUsersOptions, type ServerOAuthProvider, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, type Session, SignIn, SignUp, StackAdminApp, type StackAdminAppConstructor, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructor, type StackClientAppConstructorOptions, type StackClientAppJson, StackHandler, NextStackProvider as StackProvider, StackServerApp, type StackServerAppConstructor, type StackServerAppConstructorOptions, StackTheme, type Team, type TeamCreateOptions, type TeamInvitation$1 as TeamInvitation, type TeamMemberProfile, TeamSwitcher, type TeamUpdateOptions, type TeamUser, type User, UserAvatar, UserButton, stackAppInternalsSymbol, useStackApp, useUser };
+export { AccountSettings, type AdminDomainConfig, type AdminEmailConfig, type AdminEmailOutbox, type AdminEmailOutboxRecipient, type AdminEmailOutboxSimpleStatus, type AdminEmailOutboxStatus, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectPermission, type AdminProjectPermissionDefinition, type AdminProjectPermissionDefinitionCreateOptions, type AdminProjectPermissionDefinitionUpdateOptions, type AdminProjectUpdateOptions, type AdminSentEmail, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type Auth, AuthPage, CliAuthConfirmation, type Connection, type ContactChannel, CredentialSignIn, CredentialSignUp, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type EmailOutboxListOptions, type EmailOutboxListResult, type EmailOutboxUpdateOptions, EmailVerification, ForgotPassword, type GetCurrentUserOptions, type GetCurrentUserOptions as GetUserOptions, type HandlerUrls, type InternalApiKey, type InternalApiKeyBase, type InternalApiKeyBaseCrudRead, type InternalApiKeyCreateOptions, type InternalApiKeyFirstView, MagicLinkSignIn, MessageCard, OAuthButton, OAuthButtonGroup, type OAuthConnection, type OAuthProvider, type OAuthProviderConfig, type OAuthScopesOnSignIn, PasswordReset, type Project, type ProjectConfig, SelectedTeamSwitcher, type ServerContactChannel, type ServerListUsersOptions, type ServerOAuthProvider, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, SignIn, SignUp, StackAdminApp, type StackAdminAppConstructor, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructor, type StackClientAppConstructorOptions, type StackClientAppJson, StackHandler, NextStackProvider as StackProvider, StackServerApp, type StackServerAppConstructor, type StackServerAppConstructorOptions, StackTheme, type Team, type TeamCreateOptions, type TeamInvitation$1 as TeamInvitation, type TeamMemberProfile, TeamSwitcher, type TeamUpdateOptions, type TeamUser, type User, UserAvatar, UserButton, stackAppInternalsSymbol, useStackApp, useUser };

package/dist/lib/cookie.js

@@ -106,7 +106,7 @@ function createNextCookieHelper(rscCookiesAwaited, rscHeadersAwaited) {
     },
     getAll: () => {
       try {
-        rscCookiesAwaited.set("stack-is-https", "true", { secure: true });
+        rscCookiesAwaited.set("stack-is-https", "true", { secure: true, expires: new Date(Date.now() + 1e3 * 60 * 60 * 24 * 365) });
       } catch (e) {
         if (typeof e === "object" && e !== null && "message" in e && typeof e.message === "string" && e.message.includes("Cookies can only be modified in a Server Action or Route Handler")) {
         } else {
@@ -124,21 +124,22 @@ function createNextCookieHelper(rscCookiesAwaited, rscHeadersAwaited) {
       try {
         rscCookiesAwaited.set(name, value, {
           secure: isSecureCookie,
-          maxAge: options.maxAge,
-          domain: options.domain
+          maxAge: options.maxAge === "session" ? void 0 : options.maxAge,
+          domain: options.domain,
+          sameSite: "lax"
         });
       } catch (e) {
         handleCookieError(e, options);
       }
     },
-    setOrDelete(name, value, options = {}) {
+    setOrDelete(name, value, options) {
       if (value === null) {
         this.delete(name, options);
       } else {
         this.set(name, value, options);
       }
     },
-    delete(name, options = {}) {
+    delete(name, options) {
       try {
         if (options.domain !== void 0) {
           rscCookiesAwaited.delete({ name, domain: options.domain });
@@ -158,7 +159,7 @@ function getCookieClient(name) {
 }
 function getAllCookiesClient() {
   ensureClient();
-  import_js_cookie.default.set("stack-is-https", "true", { secure: true });
+  import_js_cookie.default.set("stack-is-https", "true", { secure: true, expires: new Date(Date.now() + 1e3 * 60 * 60 * 24 * 365) });
   return import_js_cookie.default.get();
 }
 async function getCookie(name) {
@@ -178,21 +179,56 @@ function determineSecureFromClientContext() {
 function determineSecureFromServerContext(cookies, headers) {
   return cookies.has("stack-is-https") || headers.get("x-forwarded-proto") === "https";
 }
-function setCookieClientInternal(name, value, options = {}) {
+var _shouldSetPartitionedClientCache = void 0;
+function shouldSetPartitionedClient() {
+  return _shouldSetPartitionedClientCache ??= _internalShouldSetPartitionedClient();
+}
+function _internalShouldSetPartitionedClient() {
+  ensureClient();
+  if (!determineSecureFromClientContext()) {
+    return false;
+  }
+  const cookie1Name = "__Host-stack-temporary-chips-test-" + Math.random().toString(36).substring(2, 15);
+  document.cookie = `${cookie1Name}=value1; Secure; path=/`;
+  const cookies1 = document.cookie.split("; ");
+  document.cookie = `${cookie1Name}=delete1; Secure; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC;`;
+  if (cookies1.some((c) => c.startsWith(cookie1Name + "="))) {
+    return false;
+  }
+  const cookie2Name = "__Host-stack-temporary-chips-test-" + Math.random().toString(36).substring(2, 15);
+  document.cookie = `${cookie2Name}=delete1; Secure; SameSite=None; Partitioned; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;
+  document.cookie = `${cookie2Name}=delete2; Secure; SameSite=None; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;
+  document.cookie = `${cookie2Name}=set1; Secure; SameSite=None; Partitioned; path=/`;
+  document.cookie = `${cookie2Name}=set2; Secure; SameSite=None; path=/`;
+  const cookies2 = document.cookie.split("; ");
+  const numberOfCookiesWithThisName = cookies2.filter((c) => c.startsWith(cookie2Name + "=")).length;
+  document.cookie = `${cookie2Name}=delete3; Secure; SameSite=None; Partitioned; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;
+  document.cookie = `${cookie2Name}=delete4; Secure; SameSite=None; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;
+  return numberOfCookiesWithThisName === 2;
+}
+function setCookieClientInternal(name, value, options) {
   const secure = options.secure ?? determineSecureFromClientContext();
+  const partitioned = shouldSetPartitionedClient();
   import_js_cookie.default.set(name, value, {
-    expires: options.maxAge === void 0 ? void 0 : new Date(Date.now() + options.maxAge * 1e3),
+    expires: options.maxAge === "session" ? void 0 : new Date(Date.now() + options.maxAge * 1e3),
     domain: options.domain,
-    secure
+    secure,
+    sameSite: "Lax",
+    ...partitioned ? {
+      partitioned,
+      sameSite: "None"
+    } : {}
   });
 }
-function deleteCookieClientInternal(name, options = {}) {
-  if (options.domain !== void 0) {
-    import_js_cookie.default.remove(name, { domain: options.domain, secure: determineSecureFromClientContext() });
+function deleteCookieClientInternal(name, options) {
+  for (const partitioned of [true, false]) {
+    if (options.domain !== void 0) {
+      import_js_cookie.default.remove(name, { domain: options.domain, secure: determineSecureFromClientContext(), partitioned });
+    }
+    import_js_cookie.default.remove(name, { secure: determineSecureFromClientContext(), partitioned });
   }
-  import_js_cookie.default.remove(name, { secure: determineSecureFromClientContext() });
 }
-function setOrDeleteCookieClient(name, value, options = {}) {
+function setOrDeleteCookieClient(name, value, options) {
   ensureClient();
   if (value === null) {
     deleteCookieClientInternal(name, options);
@@ -200,23 +236,23 @@ function setOrDeleteCookieClient(name, value, options = {}) {
     setCookieClientInternal(name, value, options);
   }
 }
-async function setOrDeleteCookie(name, value, options = {}) {
+async function setOrDeleteCookie(name, value, options) {
   const cookieHelper = await createCookieHelper();
   cookieHelper.setOrDelete(name, value, options);
 }
-function deleteCookieClient(name, options = {}) {
+function deleteCookieClient(name, options) {
   ensureClient();
   deleteCookieClientInternal(name, options);
 }
-async function deleteCookie(name, options = {}) {
+async function deleteCookie(name, options) {
   const cookieHelper = await createCookieHelper();
   cookieHelper.delete(name, options);
 }
-function setCookieClient(name, value, options = {}) {
+function setCookieClient(name, value, options) {
   ensureClient();
   setCookieClientInternal(name, value, options);
 }
-async function setCookie(name, value, options = {}) {
+async function setCookie(name, value, options) {
   const cookieHelper = await createCookieHelper();
   cookieHelper.set(name, value, options);
 }
@@ -237,7 +273,7 @@ function consumeVerifierAndStateCookie(state) {
   if (!codeVerifier) {
     return null;
   }
-  deleteCookieClient(cookieName);
+  deleteCookieClient(cookieName, {});
   return {
     codeVerifier
   };