alepha 0.13.1 → 0.13.2

package/dist/server-auth/index.d.ts

@@ -1,616 +1,106 @@
-import * as alepha254 from "alepha";
-import { Alepha, Async, Descriptor, KIND, Static, TSchema } from "alepha";
-import * as alepha_server6 from "alepha/server";
-import { ActionDescriptor, ClientRequestEntry, ClientRequestOptions, ClientRequestResponse, FetchOptions, FetchResponse, HttpClient, RequestConfigSchema, ServerHandler, ServerRequest, ServerRequestConfigEntry, ServerResponseBody, ServerRouterProvider, ServerTimingProvider } from "alepha/server";
-import { DateTimeProvider, DurationLike } from "alepha/datetime";
+import * as alepha198 from "alepha";
+import { Alepha, Async, KIND, Primitive, Static } from "alepha";
+import * as alepha_server_cookies0 from "alepha/server/cookies";
+import { Cookies, ServerCookiesProvider } from "alepha/server/cookies";
+import { DateTimeProvider } from "alepha/datetime";
+import { AccessTokenResponse, RealmPrimitive, SecurityProvider, UserAccount } from "alepha/security";
 import * as alepha_logger0 from "alepha/logger";
-import { AccessTokenResponse, JwtProvider, RealmDescriptor, SecurityProvider, ServiceAccountDescriptor, UserAccount, UserAccountToken } from "alepha/security";
-import * as alepha_retry0 from "alepha/retry";
+import * as alepha_server0 from "alepha/server";
+import { ServerLinksProvider } from "alepha/server/links";
 import { Configuration } from "openid-client";
 
-//#region src/server-cookies/services/CookieParser.d.ts
-declare class CookieParser {
-  parseRequestCookies(header: string): Record<string, string>;
-  serializeResponseCookies(cookies: Record<string, Cookie | null>, isHttps: boolean): string[];
-  cookieToString(name: string, cookie: Cookie, isHttps?: boolean): string;
-}
-//#endregion
-//#region src/server-cookies/providers/ServerCookiesProvider.d.ts
-declare class ServerCookiesProvider {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly cookieParser: CookieParser;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly env: {
-    APP_SECRET: string;
-  };
-  protected readonly ALGORITHM = "aes-256-gcm";
-  protected readonly IV_LENGTH = 16;
-  protected readonly AUTH_TAG_LENGTH = 16;
-  protected readonly SIGNATURE_LENGTH = 32;
-  readonly onRequest: alepha254.HookDescriptor<"server:onRequest">;
-  readonly onAction: alepha254.HookDescriptor<"action:onRequest">;
-  readonly onSend: alepha254.HookDescriptor<"server:onSend">;
-  protected getCookiesFromContext(cookies?: Cookies): Cookies;
-  getCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, contextCookies?: Cookies): Static<T> | undefined;
-  setCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, data: Static<T>, contextCookies?: Cookies): void;
-  deleteCookie<T extends TSchema>(name: string, contextCookies?: Cookies): void;
-  protected encrypt(text: string): string;
-  protected decrypt(encryptedText: string): string;
-  secretKey(): string;
-  protected sign(data: string): string;
-}
-//#endregion
-//#region src/server-cookies/descriptors/$cookie.d.ts
-interface CookieDescriptorOptions<T extends TSchema> {
-  /** The schema for the cookie's value, used for validation and type safety. */
-  schema: T;
-  /** The name of the cookie. */
-  name?: string;
-  /** The cookie's path. Defaults to "/". */
-  path?: string;
-  /** Time-to-live for the cookie. Maps to `Max-Age`. */
-  ttl?: DurationLike;
-  /** If true, the cookie is only sent over HTTPS. Defaults to true in production. */
-  secure?: boolean;
-  /** If true, the cookie cannot be accessed by client-side scripts. */
-  httpOnly?: boolean;
-  /** SameSite policy for the cookie. Defaults to "lax". */
-  sameSite?: "strict" | "lax" | "none";
-  /** The domain for the cookie. */
-  domain?: string;
-  /** If true, the cookie value will be compressed using zlib. */
-  compress?: boolean;
-  /** If true, the cookie value will be encrypted. Requires `COOKIE_SECRET` env var. */
-  encrypt?: boolean;
-  /** If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var. */
-  sign?: boolean;
-}
-interface AbstractCookieDescriptor<T extends TSchema> {
-  readonly name: string;
-  readonly options: CookieDescriptorOptions<T>;
-  set(value: Static<T>, options?: {
-    cookies?: Cookies;
-    ttl?: DurationLike;
-  }): void;
-  get(options?: {
-    cookies?: Cookies;
-  }): Static<T> | undefined;
-  del(options?: {
-    cookies?: Cookies;
-  }): void;
-}
-interface Cookies {
-  req: Record<string, string>;
-  res: Record<string, Cookie | null>;
-}
-interface Cookie {
-  value: string;
-  path?: string;
-  maxAge?: number;
-  secure?: boolean;
-  httpOnly?: boolean;
-  sameSite?: "strict" | "lax" | "none";
-  domain?: string;
-}
-//#endregion
-//#region src/server-cookies/index.d.ts
-declare module "alepha/server" {
-  interface ServerRequest {
-    cookies: Cookies;
-  }
-}
-/**
- * Provides HTTP cookie management capabilities for server requests and responses with type-safe cookie descriptors.
- *
- * The server-cookies module enables declarative cookie handling using the `$cookie` descriptor on class properties.
- * It offers automatic cookie parsing, secure cookie configuration, and seamless integration with server routes
- * for managing user sessions, preferences, and authentication tokens.
- *
- * @see {@link $cookie}
- * @module alepha.server.cookies
- */
-//#endregion
-//#region src/server-security/providers/ServerBasicAuthProvider.d.ts
-interface BasicAuthOptions {
-  username: string;
-  password: string;
-}
-//#endregion
-//#region src/server-security/providers/ServerSecurityProvider.d.ts
-type ServerRouteSecure = {
-  realm?: string;
-  basic?: BasicAuthOptions;
+//#region src/server-auth/constants/routes.d.ts
+declare const alephaServerAuthRoutes: {
+  login: string;
+  callback: string;
+  logout: string;
+  token: string;
+  refresh: string;
+  userinfo: string;
 };
 //#endregion
-//#region src/server-security/index.d.ts
-declare module "alepha" {
-  interface State {
-    /**
-     * Real (or fake) user account, used for internal actions.
-     *
-     * If you define this, you assume that all actions are executed by this user by default.
-     * > To force a different user, you need to pass it explicitly in the options.
-     */
-    "alepha.server.security.system.user"?: UserAccountToken;
-    /**
-     * The authenticated user account attached to the server request state.
-     *
-     * @internal
-     */
-    "alepha.server.request.user"?: UserAccount;
-  }
-}
-declare module "alepha/server" {
-  interface ServerRequest<TConfig> {
-    user?: UserAccountToken;
-  }
-  interface ServerActionRequest<TConfig> {
-    user: UserAccountToken;
-  }
-  interface ServerRoute {
-    /**
-     * If true, the route will be protected by the security provider.
-     * All actions are secure by default, but you can disable it for specific actions.
-     */
-    secure?: boolean | ServerRouteSecure;
-  }
-  interface ClientRequestOptions extends FetchOptions {
-    /**
-     * Forward user from the previous request.
-     * If "system", use system user. @see {ServerSecurityProvider.localSystemUser}
-     * If "context", use the user from the current context (e.g. request).
-     *
-     * @default "system" if provided, else "context" if available.
-     */
-    user?: UserAccountToken | "system" | "context";
-  }
-}
-/**
- * Plugin for Alepha Server that provides security features. Based on the Alepha Security module.
- *
- * By default, all $action will be guarded by a permission check.
- *
- * @see {@link ServerSecurityProvider}
- * @module alepha.server.security
- */
-//#endregion
-//#region src/server-links/schemas/apiLinksResponseSchema.d.ts
-declare const apiLinkSchema: alepha254.TObject<{
-  name: alepha254.TString;
-  group: alepha254.TOptional<alepha254.TString>;
-  path: alepha254.TString;
-  method: alepha254.TOptional<alepha254.TString>;
-  requestBodyType: alepha254.TOptional<alepha254.TString>;
-  service: alepha254.TOptional<alepha254.TString>;
-}>;
-declare const apiLinksResponseSchema: alepha254.TObject<{
-  prefix: alepha254.TOptional<alepha254.TString>;
-  links: alepha254.TArray<alepha254.TObject<{
-    name: alepha254.TString;
-    group: alepha254.TOptional<alepha254.TString>;
-    path: alepha254.TString;
-    method: alepha254.TOptional<alepha254.TString>;
-    requestBodyType: alepha254.TOptional<alepha254.TString>;
-    service: alepha254.TOptional<alepha254.TString>;
-  }>>;
+//#region src/server-auth/schemas/authenticationProviderSchema.d.ts
+declare const authenticationProviderSchema: alepha198.TObject<{
+  name: alepha198.TString;
+  type: alepha198.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
 }>;
-type ApiLinksResponse = Static<typeof apiLinksResponseSchema>;
-type ApiLink = Static<typeof apiLinkSchema>;
-//#endregion
-//#region src/server-links/providers/LinkProvider.d.ts
-/**
- * Browser, SSR friendly, service to handle links.
- */
-declare class LinkProvider {
-  static path: {
-    apiLinks: string;
-    apiSchema: string;
-  };
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly alepha: Alepha;
-  protected readonly httpClient: HttpClient;
-  protected serverLinks: Array<HttpClientLink>;
-  /**
-   * Get applicative links registered on the server.
-   * This does not include lazy-loaded remote links.
-   */
-  getServerLinks(): HttpClientLink[];
-  /**
-   * Register a new link for the application.
-   */
-  registerLink(link: HttpClientLink): void;
-  get links(): HttpClientLink[];
-  /**
-   * Force browser to refresh links from the server.
-   */
-  fetchLinks(): Promise<HttpClientLink[]>;
-  /**
-   * Create a virtual client that can be used to call actions.
-   *
-   * Use js Proxy under the hood.
-   */
-  client<T extends object>(scope?: ClientScope): HttpVirtualClient<T>;
-  /**
-   * Check if a link with the given name exists.
-   * @param name
-   */
-  can(name: string): boolean;
-  /**
-   * Resolve a link by its name and call it.
-   * - If link is local, it will call the local handler.
-   * - If link is remote, it will make a fetch request to the remote server.
-   */
-  follow(name: string, config?: Partial<ServerRequestConfigEntry>, options?: ClientRequestOptions & ClientScope): Promise<any>;
-  protected createVirtualAction<T extends RequestConfigSchema>(name: string, scope?: ClientScope): VirtualAction<T>;
-  protected followRemote(link: HttpClientLink, config?: Partial<ServerRequestConfigEntry>, options?: ClientRequestOptions): Promise<FetchResponse>;
-  protected getLinkByName(name: string, options?: ClientScope): Promise<HttpClientLink>;
-}
-interface HttpClientLink extends ApiLink {
-  secured?: boolean | ServerRouteSecure;
-  prefix?: string;
-  host?: string;
-  service?: string;
-  schema?: RequestConfigSchema;
-  handler?: (request: ServerRequest, options: ClientRequestOptions) => Async<ServerResponseBody>;
-}
-interface ClientScope {
-  group?: string;
-  service?: string;
-  hostname?: string;
-}
-type HttpVirtualClient<T> = { [K in keyof T as T[K] extends ActionDescriptor<RequestConfigSchema> ? K : never]: T[K] extends ActionDescriptor<infer Schema> ? VirtualAction<Schema> : never };
-interface VirtualAction<T extends RequestConfigSchema> extends Pick<ActionDescriptor<T>, "name" | "run" | "fetch"> {
-  (config?: ClientRequestEntry<T>, opts?: ClientRequestOptions): Promise<ClientRequestResponse<T>>;
-  can: () => boolean;
-}
-//#endregion
-//#region src/server-proxy/descriptors/$proxy.d.ts
-type ProxyDescriptorOptions = {
-  /**
-   * Path pattern to match for proxying requests.
-   *
-   * Supports wildcards and path parameters:
-   * - `/api/*` - Matches all paths starting with `/api/`
-   * - `/api/v1/*` - Matches all paths starting with `/api/v1/`
-   * - `/users/:id` - Matches `/users/123`, `/users/abc`, etc.
-   *
-   * @example "/api/*"
-   * @example "/secure/admin/*"
-   * @example "/users/:id/posts"
-   */
-  path: string;
-  /**
-   * Target URL to which matching requests should be forwarded.
-   *
-   * Can be either:
-   * - **Static string**: A fixed URL like `"https://api.example.com"`
-   * - **Dynamic function**: A function that returns the URL, enabling runtime target resolution
-   *
-   * The target URL will be combined with the remaining path from the original request.
-   *
-   * @example "https://api.example.com"
-   * @example () => process.env.API_URL || "http://localhost:3001"
-   */
-  target: string | (() => string);
-  /**
-   * Whether this proxy is disabled.
-   *
-   * When `true`, requests matching the path will not be proxied and will be handled
-   * by other routes or return 404. Useful for feature toggles or conditional proxying.
-   *
-   * @default false
-   * @example !process.env.ENABLE_PROXY
-   */
-  disabled?: boolean;
-  /**
-   * Hook called before forwarding the request to the target server.
-   *
-   * Use this to:
-   * - Add authentication headers
-   * - Modify request headers or body
-   * - Add request tracking/logging
-   * - Transform the request before forwarding
-   *
-   * @param request - The original incoming server request
-   * @param proxyRequest - The request that will be sent to the target (modifiable)
-   *
-   * @example
-   * ```ts
-   * beforeRequest: async (request, proxyRequest) => {
-   *   proxyRequest.headers = {
-   *     ...proxyRequest.headers,
-   *     'Authorization': `Bearer ${await getToken()}`,
-   *     'X-Request-ID': generateRequestId()
-   *   };
-   * }
-   * ```
-   */
-  beforeRequest?: (request: ServerRequest, proxyRequest: RequestInit) => Async<void>;
-  /**
-   * Hook called after receiving the response from the target server.
-   *
-   * Use this to:
-   * - Log response details for monitoring
-   * - Add custom headers to the response
-   * - Transform response data
-   * - Handle error responses
-   *
-   * @param request - The original incoming server request
-   * @param proxyResponse - The response received from the target server
-   *
-   * @example
-   * ```ts
-   * afterResponse: async (request, proxyResponse) => {
-   *   console.log(`Proxy ${request.method} ${request.url} -> ${proxyResponse.status}`);
-   *
-   *   if (!proxyResponse.ok) {
-   *     await logError(`Proxy error: ${proxyResponse.status}`, { request, response: proxyResponse });
-   *   }
-   * }
-   * ```
-   */
-  afterResponse?: (request: ServerRequest, proxyResponse: Response) => Async<void>;
-  /**
-   * Function to rewrite the URL before sending to the target server.
-   *
-   * Use this to:
-   * - Remove or add path prefixes
-   * - Transform path parameters
-   * - Modify query parameters
-   * - Change the URL structure entirely
-   *
-   * The function receives a mutable URL object and should modify it in-place.
-   *
-   * @param url - The URL object to modify (mutable)
-   *
-   * @example
-   * ```ts
-   * // Remove /api prefix when forwarding
-   * rewrite: (url) => {
-   *   url.pathname = url.pathname.replace('/api', '');
-   * }
-   * ```
-   *
-   * @example
-   * ```ts
-   * // Add version prefix
-   * rewrite: (url) => {
-   *   url.pathname = `/v2${url.pathname}`;
-   * }
-   * ```
-   */
-  rewrite?: (url: URL) => void;
-};
-//#endregion
-//#region src/server-proxy/providers/ServerProxyProvider.d.ts
-declare class ServerProxyProvider {
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly routerProvider: ServerRouterProvider;
-  protected readonly alepha: Alepha;
-  protected readonly configure: alepha254.HookDescriptor<"configure">;
-  createProxy(options: ProxyDescriptorOptions): void;
-  createProxyHandler(target: string, options: Omit<ProxyDescriptorOptions, "path">): ServerHandler;
-  private getRawRequestBody;
-}
-//#endregion
-//#region src/server-links/descriptors/$remote.d.ts
-interface RemoteDescriptorOptions {
-  /**
-   * The URL of the remote service.
-   * You can use a function to generate the URL dynamically.
-   * You probably should use $env(env) to get the URL from the environment.
-   *
-   * @example
-   * ```ts
-   * import { $remote } from "alepha/server";
-   * import { $inject, t } from "alepha";
-   *
-   * class App {
-   *   env = $env(t.object({
-   *     REMOTE_URL: t.text({default: "http://localhost:3000"}),
-   *   }));
-   *   remote = $remote({
-   *     url: this.env.REMOTE_URL,
-   *   });
-   * }
-   * ```
-   */
-  url: string | (() => string);
-  /**
-   * The name of the remote service.
-   *
-   * @default Member of the class containing the remote service.
-   */
-  name?: string;
-  /**
-   * If true, all methods of the remote service will be exposed as actions in this context.
-   * > Note: Proxy will never use the service account, it just... proxies the request.
-   */
-  proxy?: boolean | Partial<ProxyDescriptorOptions & {
-    /**
-     * If true, the remote service won't be available internally, only through the proxy.
-     */
-    noInternal: boolean;
-  }>;
-  /**
-   * For communication between the server and the remote service with a security layer.
-   * This will be used for internal communication and will not be exposed to the client.
-   */
-  serviceAccount?: ServiceAccountDescriptor;
-}
-declare class RemoteDescriptor extends Descriptor<RemoteDescriptorOptions> {
-  get name(): string;
-}
-//#endregion
-//#region src/server-links/providers/RemoteDescriptorProvider.d.ts
-declare class RemoteDescriptorProvider {
-  protected readonly env: {
-    SERVER_API_PREFIX: string;
-  };
-  protected readonly alepha: Alepha;
-  protected readonly proxyProvider: ServerProxyProvider;
-  protected readonly linkProvider: LinkProvider;
-  protected readonly remotes: Array<ServerRemote>;
-  protected readonly log: alepha_logger0.Logger;
-  getRemotes(): ServerRemote[];
-  readonly configure: alepha254.HookDescriptor<"configure">;
-  readonly start: alepha254.HookDescriptor<"start">;
-  registerRemote(value: RemoteDescriptor): Promise<void>;
-  protected readonly fetchLinks: alepha_retry0.RetryDescriptorFn<(opts: FetchLinksOptions) => Promise<ApiLinksResponse>>;
-}
-interface FetchLinksOptions {
-  /**
-   * Name of the remote service.
-   */
-  service: string;
-  /**
-   * URL to fetch links from.
-   */
-  url: string;
-  /**
-   * Authorization header containing access token.
-   */
-  authorization?: string;
-}
-interface ServerRemote {
-  /**
-   * URL of the remote service.
-   */
-  url: string;
-  /**
-   * Name of the remote service.
-   */
-  name: string;
-  /**
-   * Expose links as endpoint. It's not only internal.
-   */
-  proxy: boolean;
-  /**
-   * It's only used inside the application.
-   */
-  internal: boolean;
-  /**
-   * Links fetcher.
-   */
-  links: (args: {
-    authorization?: string;
-  }) => Promise<ApiLinksResponse>;
-  /**
-   * Fetches schema for the remote service.
-   */
-  schema: (args: {
-    name: string;
-    authorization?: string;
-  }) => Promise<any>;
-  /**
-   * Force a default access token provider when not provided.
-   */
-  serviceAccount?: ServiceAccountDescriptor;
-  /**
-   * Prefix for the remote service links.
-   */
-  prefix: string;
-}
+type AuthenticationProvider = Static<typeof authenticationProviderSchema>;
 //#endregion
-//#region src/server-links/providers/ServerLinksProvider.d.ts
-declare class ServerLinksProvider {
-  protected readonly env: {
-    SERVER_API_PREFIX: string;
-  };
-  protected readonly alepha: Alepha;
-  protected readonly linkProvider: LinkProvider;
-  protected readonly remoteProvider: RemoteDescriptorProvider;
-  protected readonly serverTimingProvider: ServerTimingProvider;
-  get prefix(): string;
-  readonly onRoute: alepha254.HookDescriptor<"configure">;
-  /**
-   * First API - Get all API links for the user.
-   *
-   * This is based on the user's permissions.
-   */
-  readonly links: alepha_server6.RouteDescriptor<{
-    response: alepha254.TObject<{
-      prefix: alepha254.TOptional<alepha254.TString>;
-      links: alepha254.TArray<alepha254.TObject<{
-        name: alepha254.TString;
-        group: alepha254.TOptional<alepha254.TString>;
-        path: alepha254.TString;
-        method: alepha254.TOptional<alepha254.TString>;
-        requestBodyType: alepha254.TOptional<alepha254.TString>;
-        service: alepha254.TOptional<alepha254.TString>;
-      }>>;
-    }>;
+//#region src/server-auth/schemas/tokenResponseSchema.d.ts
+declare const tokenResponseSchema: alepha198.TObject<{
+  provider: alepha198.TString;
+  access_token: alepha198.TString;
+  issued_at: alepha198.TNumber;
+  expires_in: alepha198.TOptional<alepha198.TNumber>;
+  refresh_token: alepha198.TOptional<alepha198.TString>;
+  refresh_token_expires_in: alepha198.TOptional<alepha198.TNumber>;
+  refresh_expires_in: alepha198.TOptional<alepha198.TNumber>;
+  id_token: alepha198.TOptional<alepha198.TString>;
+  scope: alepha198.TOptional<alepha198.TString>;
+  user: alepha198.TObject<{
+    id: alepha198.TString;
+    name: alepha198.TOptional<alepha198.TString>;
+    email: alepha198.TOptional<alepha198.TString>;
+    username: alepha198.TOptional<alepha198.TString>;
+    picture: alepha198.TOptional<alepha198.TString>;
+    sessionId: alepha198.TOptional<alepha198.TString>;
+    organizations: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
+    roles: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
   }>;
-  /**
-   * Second API - Get schema for a specific API link.
-   *
-   * Note: Body/Response schema are not included in `links` API because it's TOO BIG.
-   * I mean for 150+ links, you got 50ms of serialization time.
-   */
-  readonly schema: alepha_server6.RouteDescriptor<{
-    params: alepha254.TObject<{
-      name: alepha254.TString;
-    }>;
-    response: alepha254.TRecord<string, alepha254.TAny>;
+  api: alepha198.TObject<{
+    prefix: alepha198.TOptional<alepha198.TString>;
+    links: alepha198.TArray<alepha198.TObject<{
+      name: alepha198.TString;
+      group: alepha198.TOptional<alepha198.TString>;
+      path: alepha198.TString;
+      method: alepha198.TOptional<alepha198.TString>;
+      requestBodyType: alepha198.TOptional<alepha198.TString>;
+      service: alepha198.TOptional<alepha198.TString>;
+    }>>;
   }>;
-  getSchemaByName(name: string, options?: GetApiLinksOptions): Promise<RequestConfigSchema>;
-  /**
-   * Retrieves API links for the user based on their permissions.
-   * Will check on local links and remote links.
-   */
-  getUserApiLinks(options: GetApiLinksOptions): Promise<ApiLinksResponse>;
-}
-interface GetApiLinksOptions {
-  user?: UserAccountToken;
-  authorization?: string;
-}
-//#endregion
-//#region src/server-links/index.d.ts
-declare module "alepha" {
-  interface State {
-    /**
-     * API links attached to the server request state.
-     *
-     * @see {@link ApiLinksResponse}
-     * @internal
-     */
-    "alepha.server.request.apiLinks"?: ApiLinksResponse;
-  }
-}
-/**
- * Provides server-side link management and remote capabilities for client-server interactions.
- *
- * The server-links module enables declarative link definitions using `$remote` and `$client` descriptors,
- * facilitating seamless API endpoint management and client-server communication. It integrates with server
- * security features to ensure safe and controlled access to resources.
- *
- * @see {@link $remote}
- * @see {@link $client}
- * @module alepha.server.links
- */
-//#endregion
-//#region src/server-auth/schemas/authenticationProviderSchema.d.ts
-declare const authenticationProviderSchema: alepha254.TObject<{
-  name: alepha254.TString;
-  type: alepha254.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
 }>;
-type AuthenticationProvider = Static<typeof authenticationProviderSchema>;
+type TokenResponse = Static<typeof tokenResponseSchema>;
 //#endregion
 //#region src/server-auth/schemas/tokensSchema.d.ts
-declare const tokensSchema: alepha254.TObject<{
-  provider: alepha254.TString;
-  access_token: alepha254.TString;
-  issued_at: alepha254.TNumber;
-  expires_in: alepha254.TOptional<alepha254.TNumber>;
-  refresh_token: alepha254.TOptional<alepha254.TString>;
-  refresh_token_expires_in: alepha254.TOptional<alepha254.TNumber>;
-  refresh_expires_in: alepha254.TOptional<alepha254.TNumber>;
-  id_token: alepha254.TOptional<alepha254.TString>;
-  scope: alepha254.TOptional<alepha254.TString>;
+declare const tokensSchema: alepha198.TObject<{
+  provider: alepha198.TString;
+  access_token: alepha198.TString;
+  issued_at: alepha198.TNumber;
+  expires_in: alepha198.TOptional<alepha198.TNumber>;
+  refresh_token: alepha198.TOptional<alepha198.TString>;
+  refresh_token_expires_in: alepha198.TOptional<alepha198.TNumber>;
+  refresh_expires_in: alepha198.TOptional<alepha198.TNumber>;
+  id_token: alepha198.TOptional<alepha198.TString>;
+  scope: alepha198.TOptional<alepha198.TString>;
 }>;
 type Tokens = Static<typeof tokensSchema>;
 //#endregion
+//#region src/server-auth/schemas/userinfoResponseSchema.d.ts
+declare const userinfoResponseSchema: alepha198.TObject<{
+  user: alepha198.TOptional<alepha198.TObject<{
+    id: alepha198.TString;
+    name: alepha198.TOptional<alepha198.TString>;
+    email: alepha198.TOptional<alepha198.TString>;
+    username: alepha198.TOptional<alepha198.TString>;
+    picture: alepha198.TOptional<alepha198.TString>;
+    sessionId: alepha198.TOptional<alepha198.TString>;
+    organizations: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
+    roles: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
+  }>>;
+  api: alepha198.TObject<{
+    prefix: alepha198.TOptional<alepha198.TString>;
+    links: alepha198.TArray<alepha198.TObject<{
+      name: alepha198.TString;
+      group: alepha198.TOptional<alepha198.TString>;
+      path: alepha198.TString;
+      method: alepha198.TOptional<alepha198.TString>;
+      requestBodyType: alepha198.TOptional<alepha198.TString>;
+      service: alepha198.TOptional<alepha198.TString>;
+    }>>;
+  }>;
+}>;
+type UserinfoResponse = Static<typeof userinfoResponseSchema>;
+//#endregion
 //#region src/server-auth/providers/ServerAuthProvider.d.ts
 declare class ServerAuthProvider {
   protected readonly log: alepha_logger0.Logger;
@@ -618,34 +108,34 @@ declare class ServerAuthProvider {
   protected readonly serverCookiesProvider: ServerCookiesProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly serverLinksProvider: ServerLinksProvider;
-  protected readonly authorizationCode: AbstractCookieDescriptor<alepha254.TObject<{
-    provider: alepha254.TString;
-    codeVerifier: alepha254.TOptional<alepha254.TString>;
-    redirectUri: alepha254.TOptional<alepha254.TString>;
-    state: alepha254.TOptional<alepha254.TString>;
-    nonce: alepha254.TOptional<alepha254.TString>;
+  protected readonly authorizationCode: alepha_server_cookies0.AbstractCookiePrimitive<alepha198.TObject<{
+    provider: alepha198.TString;
+    codeVerifier: alepha198.TOptional<alepha198.TString>;
+    redirectUri: alepha198.TOptional<alepha198.TString>;
+    state: alepha198.TOptional<alepha198.TString>;
+    nonce: alepha198.TOptional<alepha198.TString>;
   }>>;
-  readonly tokens: AbstractCookieDescriptor<alepha254.TObject<{
-    provider: alepha254.TString;
-    access_token: alepha254.TString;
-    issued_at: alepha254.TNumber;
-    expires_in: alepha254.TOptional<alepha254.TNumber>;
-    refresh_token: alepha254.TOptional<alepha254.TString>;
-    refresh_token_expires_in: alepha254.TOptional<alepha254.TNumber>;
-    refresh_expires_in: alepha254.TOptional<alepha254.TNumber>;
-    id_token: alepha254.TOptional<alepha254.TString>;
-    scope: alepha254.TOptional<alepha254.TString>;
+  readonly tokens: alepha_server_cookies0.AbstractCookiePrimitive<alepha198.TObject<{
+    provider: alepha198.TString;
+    access_token: alepha198.TString;
+    issued_at: alepha198.TNumber;
+    expires_in: alepha198.TOptional<alepha198.TNumber>;
+    refresh_token: alepha198.TOptional<alepha198.TString>;
+    refresh_token_expires_in: alepha198.TOptional<alepha198.TNumber>;
+    refresh_expires_in: alepha198.TOptional<alepha198.TNumber>;
+    id_token: alepha198.TOptional<alepha198.TString>;
+    scope: alepha198.TOptional<alepha198.TString>;
   }>>;
-  get identities(): Array<AuthDescriptor>;
+  get identities(): Array<AuthPrimitive>;
   getAuthenticationProviders(filters?: {
     realmName?: string;
   }): AuthenticationProvider[];
-  protected readonly configure: alepha254.HookDescriptor<"configure">;
+  protected readonly configure: alepha198.HookPrimitive<"configure">;
   protected getAccessTokens(tokens: Tokens): string | undefined;
   /**
    * Fill request headers with access token from cookies or fallback to provider's fallback function.
    */
-  protected readonly onRequest: alepha254.HookDescriptor<"server:onRequest">;
+  protected readonly onRequest: alepha198.HookPrimitive<"server:onRequest">;
   /**
    * Convert cookies to tokens.
    * If the tokens are expired, try to refresh them using the refresh token.
@@ -655,27 +145,27 @@ declare class ServerAuthProvider {
   /**
    * Get user information.
    */
-  readonly userinfo: alepha_server6.RouteDescriptor<{
-    response: alepha254.TObject<{
-      user: alepha254.TOptional<alepha254.TObject<{
-        id: alepha254.TString;
-        name: alepha254.TOptional<alepha254.TString>;
-        email: alepha254.TOptional<alepha254.TString>;
-        username: alepha254.TOptional<alepha254.TString>;
-        picture: alepha254.TOptional<alepha254.TString>;
-        sessionId: alepha254.TOptional<alepha254.TString>;
-        organizations: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
-        roles: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
+  readonly userinfo: alepha_server0.RoutePrimitive<{
+    response: alepha198.TObject<{
+      user: alepha198.TOptional<alepha198.TObject<{
+        id: alepha198.TString;
+        name: alepha198.TOptional<alepha198.TString>;
+        email: alepha198.TOptional<alepha198.TString>;
+        username: alepha198.TOptional<alepha198.TString>;
+        picture: alepha198.TOptional<alepha198.TString>;
+        sessionId: alepha198.TOptional<alepha198.TString>;
+        organizations: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
+        roles: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
       }>>;
-      api: alepha254.TObject<{
-        prefix: alepha254.TOptional<alepha254.TString>;
-        links: alepha254.TArray<alepha254.TObject<{
-          name: alepha254.TString;
-          group: alepha254.TOptional<alepha254.TString>;
-          path: alepha254.TString;
-          method: alepha254.TOptional<alepha254.TString>;
-          requestBodyType: alepha254.TOptional<alepha254.TString>;
-          service: alepha254.TOptional<alepha254.TString>;
+      api: alepha198.TObject<{
+        prefix: alepha198.TOptional<alepha198.TString>;
+        links: alepha198.TArray<alepha198.TObject<{
+          name: alepha198.TString;
+          group: alepha198.TOptional<alepha198.TString>;
+          path: alepha198.TString;
+          method: alepha198.TOptional<alepha198.TString>;
+          requestBodyType: alepha198.TOptional<alepha198.TString>;
+          service: alepha198.TOptional<alepha198.TString>;
         }>>;
       }>;
     }>;
@@ -683,66 +173,66 @@ declare class ServerAuthProvider {
   /**
    * Refresh a token for internal providers.
    */
-  readonly refresh: alepha_server6.RouteDescriptor<{
-    query: alepha254.TObject<{
-      provider: alepha254.TString;
+  readonly refresh: alepha_server0.RoutePrimitive<{
+    query: alepha198.TObject<{
+      provider: alepha198.TString;
     }>;
-    body: alepha254.TObject<{
-      refresh_token: alepha254.TString;
-      access_token: alepha254.TOptional<alepha254.TString>;
+    body: alepha198.TObject<{
+      refresh_token: alepha198.TString;
+      access_token: alepha198.TOptional<alepha198.TString>;
     }>;
-    response: alepha254.TObject<{
-      provider: alepha254.TString;
-      access_token: alepha254.TString;
-      issued_at: alepha254.TNumber;
-      expires_in: alepha254.TOptional<alepha254.TNumber>;
-      refresh_token: alepha254.TOptional<alepha254.TString>;
-      refresh_token_expires_in: alepha254.TOptional<alepha254.TNumber>;
-      refresh_expires_in: alepha254.TOptional<alepha254.TNumber>;
-      id_token: alepha254.TOptional<alepha254.TString>;
-      scope: alepha254.TOptional<alepha254.TString>;
+    response: alepha198.TObject<{
+      provider: alepha198.TString;
+      access_token: alepha198.TString;
+      issued_at: alepha198.TNumber;
+      expires_in: alepha198.TOptional<alepha198.TNumber>;
+      refresh_token: alepha198.TOptional<alepha198.TString>;
+      refresh_token_expires_in: alepha198.TOptional<alepha198.TNumber>;
+      refresh_expires_in: alepha198.TOptional<alepha198.TNumber>;
+      id_token: alepha198.TOptional<alepha198.TString>;
+      scope: alepha198.TOptional<alepha198.TString>;
     }>;
   }>;
   /**
    * Login for local password-based authentication.
    */
-  readonly token: alepha_server6.RouteDescriptor<{
-    query: alepha254.TObject<{
-      provider: alepha254.TString;
+  readonly token: alepha_server0.RoutePrimitive<{
+    query: alepha198.TObject<{
+      provider: alepha198.TString;
     }>;
-    body: alepha254.TObject<{
-      username: alepha254.TString;
-      password: alepha254.TString;
+    body: alepha198.TObject<{
+      username: alepha198.TString;
+      password: alepha198.TString;
     }>;
-    response: alepha254.TObject<{
-      provider: alepha254.TString;
-      access_token: alepha254.TString;
-      issued_at: alepha254.TNumber;
-      expires_in: alepha254.TOptional<alepha254.TNumber>;
-      refresh_token: alepha254.TOptional<alepha254.TString>;
-      refresh_token_expires_in: alepha254.TOptional<alepha254.TNumber>;
-      refresh_expires_in: alepha254.TOptional<alepha254.TNumber>;
-      id_token: alepha254.TOptional<alepha254.TString>;
-      scope: alepha254.TOptional<alepha254.TString>;
-      user: alepha254.TObject<{
-        id: alepha254.TString;
-        name: alepha254.TOptional<alepha254.TString>;
-        email: alepha254.TOptional<alepha254.TString>;
-        username: alepha254.TOptional<alepha254.TString>;
-        picture: alepha254.TOptional<alepha254.TString>;
-        sessionId: alepha254.TOptional<alepha254.TString>;
-        organizations: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
-        roles: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
+    response: alepha198.TObject<{
+      provider: alepha198.TString;
+      access_token: alepha198.TString;
+      issued_at: alepha198.TNumber;
+      expires_in: alepha198.TOptional<alepha198.TNumber>;
+      refresh_token: alepha198.TOptional<alepha198.TString>;
+      refresh_token_expires_in: alepha198.TOptional<alepha198.TNumber>;
+      refresh_expires_in: alepha198.TOptional<alepha198.TNumber>;
+      id_token: alepha198.TOptional<alepha198.TString>;
+      scope: alepha198.TOptional<alepha198.TString>;
+      user: alepha198.TObject<{
+        id: alepha198.TString;
+        name: alepha198.TOptional<alepha198.TString>;
+        email: alepha198.TOptional<alepha198.TString>;
+        username: alepha198.TOptional<alepha198.TString>;
+        picture: alepha198.TOptional<alepha198.TString>;
+        sessionId: alepha198.TOptional<alepha198.TString>;
+        organizations: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
+        roles: alepha198.TOptional<alepha198.TArray<alepha198.TString>>;
       }>;
-      api: alepha254.TObject<{
-        prefix: alepha254.TOptional<alepha254.TString>;
-        links: alepha254.TArray<alepha254.TObject<{
-          name: alepha254.TString;
-          group: alepha254.TOptional<alepha254.TString>;
-          path: alepha254.TString;
-          method: alepha254.TOptional<alepha254.TString>;
-          requestBodyType: alepha254.TOptional<alepha254.TString>;
-          service: alepha254.TOptional<alepha254.TString>;
+      api: alepha198.TObject<{
+        prefix: alepha198.TOptional<alepha198.TString>;
+        links: alepha198.TArray<alepha198.TObject<{
+          name: alepha198.TString;
+          group: alepha198.TOptional<alepha198.TString>;
+          path: alepha198.TString;
+          method: alepha198.TOptional<alepha198.TString>;
+          requestBodyType: alepha198.TOptional<alepha198.TString>;
+          service: alepha198.TOptional<alepha198.TString>;
         }>>;
       }>;
     }>;
@@ -750,28 +240,28 @@ declare class ServerAuthProvider {
   /**
    * Oauth2/OIDC login route.
    */
-  readonly login: alepha_server6.RouteDescriptor<{
-    query: alepha254.TObject<{
-      provider: alepha254.TString;
-      redirect_uri: alepha254.TOptional<alepha254.TString>;
+  readonly login: alepha_server0.RoutePrimitive<{
+    query: alepha198.TObject<{
+      provider: alepha198.TString;
+      redirect_uri: alepha198.TOptional<alepha198.TString>;
     }>;
   }>;
   /**
    * Callback for OAuth2/OIDC providers.
    * It handles the authorization code flow and retrieves the access token.
    */
-  readonly callback: alepha_server6.RouteDescriptor<alepha_server6.RequestConfigSchema>;
+  readonly callback: alepha_server0.RoutePrimitive<alepha_server0.RequestConfigSchema>;
   /**
    * Logout route for OAuth2/OIDC providers.
    */
-  readonly logout: alepha_server6.RouteDescriptor<{
-    query: alepha254.TObject<{
-      post_logout_redirect_uri: alepha254.TOptional<alepha254.TString>;
+  readonly logout: alepha_server0.RoutePrimitive<{
+    query: alepha198.TObject<{
+      post_logout_redirect_uri: alepha198.TOptional<alepha198.TString>;
     }>;
   }>;
   protected provider(opts: string | {
     provider: string;
-  }): AuthDescriptor;
+  }): AuthPrimitive;
   protected setTokens(tokens: Tokens, cookies?: Cookies): void;
 }
 interface OAuth2Profile {
@@ -805,9 +295,9 @@ interface OAuth2Profile {
   [key: string]: unknown;
 }
 //#endregion
-//#region src/server-auth/descriptors/$auth.d.ts
+//#region src/server-auth/primitives/$auth.d.ts
 /**
- * Creates an authentication provider descriptor for handling user login flows.
+ * Creates an authentication provider primitive for handling user login flows.
  *
  * Supports multiple authentication strategies: credentials (username/password), OAuth2,
  * and OIDC (OpenID Connect). Handles token management, user profile retrieval, and
@@ -841,10 +331,10 @@ interface OAuth2Profile {
  * ```
  */
 declare const $auth: {
-  (options: AuthDescriptorOptions): AuthDescriptor;
-  [KIND]: typeof AuthDescriptor;
+  (options: AuthPrimitiveOptions): AuthPrimitive;
+  [KIND]: typeof AuthPrimitive;
 };
-type AuthDescriptorOptions = {
+type AuthPrimitiveOptions = {
   /**
    * Name of the identity provider.
    * If not provided, it will be derived from the property key.
@@ -885,7 +375,7 @@ type AuthExternal = {
  * This relies on the `realm`, which is used to create/verify the access token.
  */
 type AuthInternal = {
-  realm: RealmDescriptor;
+  realm: RealmPrimitive;
 } & ({
   /**
    * The common username/password authentication.
@@ -998,7 +488,7 @@ interface OAuth2Options {
    */
   scope?: string;
 }
-declare class AuthDescriptor extends Descriptor<AuthDescriptorOptions> {
+declare class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
   protected readonly securityProvider: SecurityProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   oauth?: Configuration;
@@ -1029,17 +519,17 @@ interface WithLoginFn {
   login?: (provider: string) => (creds: Credentials) => Async<UserAccount | undefined>;
 }
 //#endregion
-//#region src/server-auth/descriptors/$authCredentials.d.ts
+//#region src/server-auth/primitives/$authCredentials.d.ts
 /**
- * Already configured Credentials authentication descriptor.
+ * Already configured Credentials authentication primitive.
  *
  * Uses username and password to authenticate users.
  */
-declare const $authCredentials: (realm: RealmDescriptor & WithLoginFn, options?: Partial<CredentialsOptions>) => AuthDescriptor;
+declare const $authCredentials: (realm: RealmPrimitive & WithLoginFn, options?: Partial<CredentialsOptions>) => AuthPrimitive;
 //#endregion
-//#region src/server-auth/descriptors/$authGithub.d.ts
+//#region src/server-auth/primitives/$authGithub.d.ts
 /**
- * Already configured GitHub authentication descriptor.
+ * Already configured GitHub authentication primitive.
  *
  * Uses OAuth2 to authenticate users via their GitHub accounts.
  * Upon successful authentication, it links the GitHub account to a user session.
@@ -1048,11 +538,11 @@ declare const $authCredentials: (realm: RealmDescriptor & WithLoginFn, options?:
  * - `GITHUB_CLIENT_ID`: The client ID obtained from the GitHub Developer Settings.
  * - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.
  */
-declare const $authGithub: (realm: RealmDescriptor & WithLinkFn, options?: Partial<OidcOptions>) => AuthDescriptor;
+declare const $authGithub: (realm: RealmPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
 //#endregion
-//#region src/server-auth/descriptors/$authGoogle.d.ts
+//#region src/server-auth/primitives/$authGoogle.d.ts
 /**
- * Already configured Google authentication descriptor.
+ * Already configured Google authentication primitive.
  *
  * Uses OpenID Connect (OIDC) to authenticate users via their Google accounts.
  * Upon successful authentication, it links the Google account to a user session.
@@ -1061,78 +551,7 @@ declare const $authGithub: (realm: RealmDescriptor & WithLinkFn, options?: Parti
  * - `GOOGLE_CLIENT_ID`: The client ID obtained from the Google Developer Console.
  * - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.
  */
-declare const $authGoogle: (realm: RealmDescriptor & WithLinkFn, options?: Partial<OidcOptions>) => AuthDescriptor;
-//#endregion
-//#region src/server-auth/constants/routes.d.ts
-declare const alephaServerAuthRoutes: {
-  login: string;
-  callback: string;
-  logout: string;
-  token: string;
-  refresh: string;
-  userinfo: string;
-};
-//#endregion
-//#region src/server-auth/schemas/tokenResponseSchema.d.ts
-declare const tokenResponseSchema: alepha254.TObject<{
-  provider: alepha254.TString;
-  access_token: alepha254.TString;
-  issued_at: alepha254.TNumber;
-  expires_in: alepha254.TOptional<alepha254.TNumber>;
-  refresh_token: alepha254.TOptional<alepha254.TString>;
-  refresh_token_expires_in: alepha254.TOptional<alepha254.TNumber>;
-  refresh_expires_in: alepha254.TOptional<alepha254.TNumber>;
-  id_token: alepha254.TOptional<alepha254.TString>;
-  scope: alepha254.TOptional<alepha254.TString>;
-  user: alepha254.TObject<{
-    id: alepha254.TString;
-    name: alepha254.TOptional<alepha254.TString>;
-    email: alepha254.TOptional<alepha254.TString>;
-    username: alepha254.TOptional<alepha254.TString>;
-    picture: alepha254.TOptional<alepha254.TString>;
-    sessionId: alepha254.TOptional<alepha254.TString>;
-    organizations: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
-    roles: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
-  }>;
-  api: alepha254.TObject<{
-    prefix: alepha254.TOptional<alepha254.TString>;
-    links: alepha254.TArray<alepha254.TObject<{
-      name: alepha254.TString;
-      group: alepha254.TOptional<alepha254.TString>;
-      path: alepha254.TString;
-      method: alepha254.TOptional<alepha254.TString>;
-      requestBodyType: alepha254.TOptional<alepha254.TString>;
-      service: alepha254.TOptional<alepha254.TString>;
-    }>>;
-  }>;
-}>;
-type TokenResponse = Static<typeof tokenResponseSchema>;
-//#endregion
-//#region src/server-auth/schemas/userinfoResponseSchema.d.ts
-declare const userinfoResponseSchema: alepha254.TObject<{
-  user: alepha254.TOptional<alepha254.TObject<{
-    id: alepha254.TString;
-    name: alepha254.TOptional<alepha254.TString>;
-    email: alepha254.TOptional<alepha254.TString>;
-    username: alepha254.TOptional<alepha254.TString>;
-    picture: alepha254.TOptional<alepha254.TString>;
-    sessionId: alepha254.TOptional<alepha254.TString>;
-    organizations: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
-    roles: alepha254.TOptional<alepha254.TArray<alepha254.TString>>;
-  }>>;
-  api: alepha254.TObject<{
-    prefix: alepha254.TOptional<alepha254.TString>;
-    links: alepha254.TArray<alepha254.TObject<{
-      name: alepha254.TString;
-      group: alepha254.TOptional<alepha254.TString>;
-      path: alepha254.TString;
-      method: alepha254.TOptional<alepha254.TString>;
-      requestBodyType: alepha254.TOptional<alepha254.TString>;
-      service: alepha254.TOptional<alepha254.TString>;
-    }>>;
-  }>;
-}>;
-type UserinfoResponse = Static<typeof userinfoResponseSchema>;
+declare const $authGoogle: (realm: RealmPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
 //#endregion
 //#region src/server-auth/index.d.ts
 declare module "alepha" {
@@ -1158,7 +577,7 @@ declare module "alepha" {
  * @see {@link ServerAuthProvider}
  * @module alepha.server.auth
  */
-declare const AlephaServerAuth: alepha254.Service<alepha254.Module>;
+declare const AlephaServerAuth: alepha198.Service<alepha198.Module>;
 //#endregion
-export { $auth, $authCredentials, $authGithub, $authGoogle, AccessToken, AlephaServerAuth, AuthDescriptor, AuthDescriptorOptions, AuthExternal, AuthInternal, AuthenticationProvider, Credentials, CredentialsFn, CredentialsOptions, LinkAccountFn, LinkAccountOptions, OAuth2Options, OAuth2Profile, OidcOptions, ServerAuthProvider, TokenResponse, Tokens, UserinfoResponse, WithLinkFn, WithLoginFn, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
+export { $auth, $authCredentials, $authGithub, $authGoogle, AccessToken, AlephaServerAuth, AuthExternal, AuthInternal, AuthPrimitive, AuthPrimitiveOptions, AuthenticationProvider, Credentials, CredentialsFn, CredentialsOptions, LinkAccountFn, LinkAccountOptions, OAuth2Options, OAuth2Profile, OidcOptions, ServerAuthProvider, TokenResponse, Tokens, UserinfoResponse, WithLinkFn, WithLoginFn, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
 //# sourceMappingURL=index.d.ts.map