npm - alepha - Versions diffs - 0.14.4 → 0.15.1 - Mend

alepha 0.14.4 → 0.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (322) hide show

package/README.md +44 -102
package/dist/api/audits/index.d.ts +331 -443
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +2 -2
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.d.ts +0 -113
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +2 -3
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +151 -262
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/notifications/index.browser.js +4 -4
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +164 -276
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/notifications/index.js +4 -4
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.d.ts +265 -377
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/users/index.browser.js +1 -2
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +195 -301
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +203 -184
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/batch/index.d.ts.map +1 -1
package/dist/batch/index.js +1 -2
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts.map +1 -1
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/redis/index.d.ts.map +1 -1
package/dist/cache/redis/index.js +2 -2
package/dist/cache/redis/index.js.map +1 -1
package/dist/cli/index.d.ts +5900 -165
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +1481 -639
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +8 -4
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +29 -25
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +563 -54
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +175 -8
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +564 -54
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +563 -54
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +4 -4
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +89 -42
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +129 -33
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +7969 -2
package/dist/fake/index.d.ts.map +1 -1
package/dist/fake/index.js +22 -22
package/dist/fake/index.js.map +1 -1
package/dist/file/index.d.ts +134 -1
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +253 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/redis/index.d.ts.map +1 -1
package/dist/logger/index.d.ts +1 -2
package/dist/logger/index.d.ts.map +1 -1
package/dist/logger/index.js +1 -5
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +19 -1
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +28 -4
package/dist/mcp/index.js.map +1 -1
package/dist/orm/chunk-DH6iiROE.js +38 -0
package/dist/orm/index.browser.js +9 -9
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.bun.js +2821 -0
package/dist/orm/index.bun.js.map +1 -0
package/dist/orm/index.d.ts +318 -169
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +2086 -1776
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +4 -4
package/dist/queue/core/index.d.ts.map +1 -1
package/dist/queue/redis/index.d.ts.map +1 -1
package/dist/redis/index.bun.js +285 -0
package/dist/redis/index.bun.js.map +1 -0
package/dist/redis/index.d.ts +13 -31
package/dist/redis/index.d.ts.map +1 -1
package/dist/redis/index.js +18 -38
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts.map +1 -1
package/dist/router/index.d.ts.map +1 -1
package/dist/scheduler/index.d.ts +83 -1
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/scheduler/index.js +393 -1
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.browser.js +5 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts +598 -112
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +1808 -97
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +1200 -175
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +1268 -37
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +6 -3
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +1 -1
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.d.ts +115 -13
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +321 -139
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +0 -1
package/dist/server/cors/index.d.ts.map +1 -1
package/dist/server/health/index.d.ts +0 -1
package/dist/server/health/index.d.ts.map +1 -1
package/dist/server/helmet/index.d.ts.map +1 -1
package/dist/server/links/index.browser.js +9 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +1 -2
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +14 -7
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts +514 -1
package/dist/server/metrics/index.d.ts.map +1 -1
package/dist/server/metrics/index.js +4462 -4
package/dist/server/metrics/index.js.map +1 -1
package/dist/server/multipart/index.d.ts.map +1 -1
package/dist/server/proxy/index.d.ts +0 -1
package/dist/server/proxy/index.d.ts.map +1 -1
package/dist/server/rate-limit/index.d.ts.map +1 -1
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/swagger/index.d.ts +1 -2
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +1 -2
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +3 -1
package/dist/sms/index.d.ts.map +1 -1
package/dist/sms/index.js +10 -10
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +0 -1
package/dist/thread/index.d.ts.map +1 -1
package/dist/thread/index.js +2 -2
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.d.ts.map +1 -1
package/dist/topic/redis/index.d.ts.map +1 -1
package/dist/vite/index.d.ts +6315 -149
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +140 -469
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +9 -9
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +28 -28
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +9 -9
package/dist/websocket/index.js.map +1 -1
package/package.json +13 -18
package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
package/src/api/users/entities/users.ts +1 -1
package/src/api/users/index.ts +8 -8
package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
package/src/api/users/services/CredentialService.ts +7 -7
package/src/api/users/services/IdentityService.ts +4 -4
package/src/api/users/services/RegistrationService.spec.ts +25 -27
package/src/api/users/services/RegistrationService.ts +38 -27
package/src/api/users/services/SessionCrudService.ts +3 -3
package/src/api/users/services/SessionService.spec.ts +3 -3
package/src/api/users/services/SessionService.ts +27 -18
package/src/api/users/services/UserService.ts +7 -7
package/src/batch/providers/BatchProvider.ts +1 -2
package/src/cli/apps/AlephaCli.ts +2 -2
package/src/cli/apps/AlephaPackageBuilderCli.ts +47 -20
package/src/cli/assets/apiHelloControllerTs.ts +19 -0
package/src/cli/assets/apiIndexTs.ts +16 -0
package/src/cli/assets/biomeJson.ts +2 -1
package/src/cli/assets/claudeMd.ts +308 -0
package/src/cli/assets/dummySpecTs.ts +2 -1
package/src/cli/assets/editorconfig.ts +2 -1
package/src/cli/assets/mainBrowserTs.ts +4 -3
package/src/cli/assets/mainCss.ts +24 -0
package/src/cli/assets/mainServerTs.ts +24 -0
package/src/cli/assets/tsconfigJson.ts +2 -1
package/src/cli/assets/webAppRouterTs.ts +16 -0
package/src/cli/assets/webHelloComponentTsx.ts +20 -0
package/src/cli/assets/webIndexTs.ts +16 -0
package/src/cli/atoms/appEntryOptions.ts +13 -0
package/src/cli/atoms/buildOptions.ts +1 -1
package/src/cli/atoms/changelogOptions.ts +1 -1
package/src/cli/commands/build.ts +97 -61
package/src/cli/commands/db.ts +21 -18
package/src/cli/commands/deploy.ts +17 -5
package/src/cli/commands/dev.ts +26 -47
package/src/cli/commands/gen/env.ts +1 -1
package/src/cli/commands/init.ts +79 -25
package/src/cli/commands/lint.ts +9 -3
package/src/cli/commands/test.ts +8 -2
package/src/cli/commands/typecheck.ts +5 -1
package/src/cli/commands/verify.ts +4 -2
package/src/cli/defineConfig.ts +9 -0
package/src/cli/index.ts +2 -1
package/src/cli/providers/AppEntryProvider.ts +131 -0
package/src/cli/providers/ViteBuildProvider.ts +82 -0
package/src/cli/providers/ViteDevServerProvider.ts +350 -0
package/src/cli/providers/ViteTemplateProvider.ts +27 -0
package/src/cli/services/AlephaCliUtils.ts +72 -602
package/src/cli/services/PackageManagerUtils.ts +308 -0
package/src/cli/services/ProjectScaffolder.ts +329 -0
package/src/command/helpers/Runner.ts +15 -3
package/src/core/Alepha.ts +2 -8
package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
package/src/core/index.shared.ts +1 -0
package/src/core/index.ts +2 -0
package/src/core/primitives/$hook.ts +6 -2
package/src/core/primitives/$module.spec.ts +4 -0
package/src/core/primitives/$module.ts +12 -0
package/src/core/providers/AlsProvider.ts +1 -1
package/src/core/providers/CodecManager.spec.ts +12 -6
package/src/core/providers/CodecManager.ts +26 -6
package/src/core/providers/EventManager.ts +169 -13
package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +878 -0
package/src/core/providers/KeylessJsonSchemaCodec.ts +789 -0
package/src/core/providers/SchemaValidator.spec.ts +236 -0
package/src/core/providers/StateManager.spec.ts +27 -16
package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
package/src/email/providers/LocalEmailProvider.ts +52 -15
package/src/email/providers/NodemailerEmailProvider.ts +167 -56
package/src/file/errors/FileError.ts +7 -0
package/src/file/index.ts +9 -1
package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
package/src/logger/providers/PrettyFormatterProvider.ts +0 -9
package/src/mcp/errors/McpError.ts +30 -0
package/src/mcp/index.ts +3 -0
package/src/mcp/transports/SseMcpTransport.ts +16 -6
package/src/orm/index.browser.ts +1 -19
package/src/orm/index.bun.ts +77 -0
package/src/orm/index.shared-server.ts +22 -0
package/src/orm/index.shared.ts +15 -0
package/src/orm/index.ts +19 -39
package/src/orm/providers/DrizzleKitProvider.ts +3 -5
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
package/src/orm/services/Repository.ts +19 -0
package/src/redis/index.bun.ts +35 -0
package/src/redis/providers/BunRedisProvider.ts +12 -43
package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
package/src/redis/providers/NodeRedisProvider.ts +16 -34
package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
package/src/security/index.browser.ts +5 -0
package/src/security/index.ts +90 -7
package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
package/src/security/primitives/$role.ts +5 -5
package/src/security/primitives/$serviceAccount.spec.ts +5 -5
package/src/security/primitives/$serviceAccount.ts +3 -3
package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
package/src/server/auth/primitives/$auth.ts +10 -10
package/src/server/auth/primitives/$authCredentials.ts +3 -3
package/src/server/auth/primitives/$authGithub.ts +3 -3
package/src/server/auth/primitives/$authGoogle.ts +3 -3
package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
package/src/server/cache/providers/ServerCacheProvider.ts +1 -1
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
package/src/server/core/index.ts +1 -1
package/src/server/core/providers/BunHttpServerProvider.ts +1 -1
package/src/server/core/providers/NodeHttpServerProvider.spec.ts +125 -0
package/src/server/core/providers/NodeHttpServerProvider.ts +92 -24
package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
package/src/server/core/providers/ServerProvider.ts +144 -24
package/src/server/core/providers/ServerRouterProvider.ts +259 -115
package/src/server/core/providers/ServerTimingProvider.ts +2 -2
package/src/server/links/atoms/apiLinksAtom.ts +7 -0
package/src/server/links/index.browser.ts +2 -0
package/src/server/links/index.ts +3 -1
package/src/server/links/providers/LinkProvider.ts +1 -1
package/src/server/swagger/index.ts +1 -1
package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
package/src/sms/providers/LocalSmsProvider.ts +8 -7
package/src/vite/index.ts +3 -2
package/src/vite/tasks/buildClient.ts +0 -1
package/src/vite/tasks/buildServer.ts +80 -22
package/src/vite/tasks/copyAssets.ts +5 -4
package/src/vite/tasks/generateCloudflare.ts +7 -0
package/src/vite/tasks/generateSitemap.ts +64 -23
package/src/vite/tasks/index.ts +0 -2
package/src/vite/tasks/prerenderPages.ts +49 -24
package/dist/server/security/index.browser.js +0 -13
package/dist/server/security/index.browser.js.map +0 -1
package/dist/server/security/index.d.ts +0 -173
package/dist/server/security/index.d.ts.map +0 -1
package/dist/server/security/index.js +0 -311
package/dist/server/security/index.js.map +0 -1
package/src/cli/assets/appRouterTs.ts +0 -9
package/src/cli/assets/indexHtml.ts +0 -15
package/src/cli/assets/mainTs.ts +0 -13
package/src/cli/commands/format.ts +0 -17
package/src/server/security/index.browser.ts +0 -10
package/src/server/security/index.ts +0 -94
package/src/vite/helpers/boot.ts +0 -106
package/src/vite/plugins/viteAlephaDev.ts +0 -177
package/src/vite/tasks/devServer.ts +0 -69
package/src/vite/tasks/runAlepha.ts +0 -270
/package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
/package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0

package/dist/server/auth/index.d.ts CHANGED Viewed

@@ -1,10 +1,9 @@
-import * as alepha165 from "alepha";
+import * as alepha206 from "alepha";
 import { Alepha, Async, KIND, Primitive, Static } from "alepha";
 import * as alepha_server_cookies0 from "alepha/server/cookies";
 import { Cookies, ServerCookiesProvider } from "alepha/server/cookies";
 import { DateTimeProvider } from "alepha/datetime";
-import { AccessTokenResponse, RealmPrimitive, SecurityProvider, UserAccount } from "alepha/security";
-import { Configuration } from "openid-client";
+import { AccessTokenResponse, IssuerPrimitive, SecurityProvider, UserAccount } from "alepha/security";
 import * as alepha_logger0 from "alepha/logger";
 import * as alepha_server0 from "alepha/server";
 import { ServerLinksProvider } from "alepha/server/links";
@@ -20,45 +19,45 @@ declare const alephaServerAuthRoutes: {
 };
 //#endregion
 //#region ../../src/server/auth/schemas/authenticationProviderSchema.d.ts
-declare const authenticationProviderSchema: alepha165.TObject<{
-  name: alepha165.TString;
-  type: alepha165.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
+declare const authenticationProviderSchema: alepha206.TObject<{
+  name: alepha206.TString;
+  type: alepha206.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
 }>;
 type AuthenticationProvider = Static<typeof authenticationProviderSchema>;
 //#endregion
 //#region ../../src/server/auth/schemas/tokenResponseSchema.d.ts
-declare const tokenResponseSchema: alepha165.TObject<{
-  provider: alepha165.TString;
-  access_token: alepha165.TString;
-  issued_at: alepha165.TNumber;
-  expires_in: alepha165.TOptional<alepha165.TNumber>;
-  refresh_token: alepha165.TOptional<alepha165.TString>;
-  refresh_token_expires_in: alepha165.TOptional<alepha165.TNumber>;
-  refresh_expires_in: alepha165.TOptional<alepha165.TNumber>;
-  id_token: alepha165.TOptional<alepha165.TString>;
-  scope: alepha165.TOptional<alepha165.TString>;
-  user: alepha165.TObject<{
-    id: alepha165.TString;
-    name: alepha165.TOptional<alepha165.TString>;
-    email: alepha165.TOptional<alepha165.TString>;
-    username: alepha165.TOptional<alepha165.TString>;
-    picture: alepha165.TOptional<alepha165.TString>;
-    sessionId: alepha165.TOptional<alepha165.TString>;
-    organizations: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
-    roles: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
+declare const tokenResponseSchema: alepha206.TObject<{
+  provider: alepha206.TString;
+  access_token: alepha206.TString;
+  issued_at: alepha206.TNumber;
+  expires_in: alepha206.TOptional<alepha206.TNumber>;
+  refresh_token: alepha206.TOptional<alepha206.TString>;
+  refresh_token_expires_in: alepha206.TOptional<alepha206.TNumber>;
+  refresh_expires_in: alepha206.TOptional<alepha206.TNumber>;
+  id_token: alepha206.TOptional<alepha206.TString>;
+  scope: alepha206.TOptional<alepha206.TString>;
+  user: alepha206.TObject<{
+    id: alepha206.TString;
+    name: alepha206.TOptional<alepha206.TString>;
+    email: alepha206.TOptional<alepha206.TString>;
+    username: alepha206.TOptional<alepha206.TString>;
+    picture: alepha206.TOptional<alepha206.TString>;
+    sessionId: alepha206.TOptional<alepha206.TString>;
+    organizations: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
+    roles: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
   }>;
-  api: alepha165.TObject<{
-    prefix: alepha165.TOptional<alepha165.TString>;
-    links: alepha165.TArray<alepha165.TObject<{
-      name: alepha165.TString;
-      group: alepha165.TOptional<alepha165.TString>;
-      path: alepha165.TString;
-      method: alepha165.TOptional<alepha165.TString>;
-      requestBodyType: alepha165.TOptional<alepha165.TString>;
-      service: alepha165.TOptional<alepha165.TString>;
-      rawSchema: alepha165.TOptional<alepha165.TObject<{
-        body: alepha165.TOptional<alepha165.TString>;
-        response: alepha165.TOptional<alepha165.TString>;
+  api: alepha206.TObject<{
+    prefix: alepha206.TOptional<alepha206.TString>;
+    links: alepha206.TArray<alepha206.TObject<{
+      name: alepha206.TString;
+      group: alepha206.TOptional<alepha206.TString>;
+      path: alepha206.TString;
+      method: alepha206.TOptional<alepha206.TString>;
+      requestBodyType: alepha206.TOptional<alepha206.TString>;
+      service: alepha206.TOptional<alepha206.TString>;
+      rawSchema: alepha206.TOptional<alepha206.TObject<{
+        body: alepha206.TOptional<alepha206.TString>;
+        response: alepha206.TOptional<alepha206.TString>;
       }>>;
     }>>;
   }>;
@@ -66,49 +65,1075 @@ declare const tokenResponseSchema: alepha165.TObject<{
 type TokenResponse = Static<typeof tokenResponseSchema>;
 //#endregion
 //#region ../../src/server/auth/schemas/tokensSchema.d.ts
-declare const tokensSchema: alepha165.TObject<{
-  provider: alepha165.TString;
-  access_token: alepha165.TString;
-  issued_at: alepha165.TNumber;
-  expires_in: alepha165.TOptional<alepha165.TNumber>;
-  refresh_token: alepha165.TOptional<alepha165.TString>;
-  refresh_token_expires_in: alepha165.TOptional<alepha165.TNumber>;
-  refresh_expires_in: alepha165.TOptional<alepha165.TNumber>;
-  id_token: alepha165.TOptional<alepha165.TString>;
-  scope: alepha165.TOptional<alepha165.TString>;
+declare const tokensSchema: alepha206.TObject<{
+  provider: alepha206.TString;
+  access_token: alepha206.TString;
+  issued_at: alepha206.TNumber;
+  expires_in: alepha206.TOptional<alepha206.TNumber>;
+  refresh_token: alepha206.TOptional<alepha206.TString>;
+  refresh_token_expires_in: alepha206.TOptional<alepha206.TNumber>;
+  refresh_expires_in: alepha206.TOptional<alepha206.TNumber>;
+  id_token: alepha206.TOptional<alepha206.TString>;
+  scope: alepha206.TOptional<alepha206.TString>;
 }>;
 type Tokens = Static<typeof tokensSchema>;
 //#endregion
 //#region ../../src/server/auth/schemas/userinfoResponseSchema.d.ts
-declare const userinfoResponseSchema: alepha165.TObject<{
-  user: alepha165.TOptional<alepha165.TObject<{
-    id: alepha165.TString;
-    name: alepha165.TOptional<alepha165.TString>;
-    email: alepha165.TOptional<alepha165.TString>;
-    username: alepha165.TOptional<alepha165.TString>;
-    picture: alepha165.TOptional<alepha165.TString>;
-    sessionId: alepha165.TOptional<alepha165.TString>;
-    organizations: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
-    roles: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
+declare const userinfoResponseSchema: alepha206.TObject<{
+  user: alepha206.TOptional<alepha206.TObject<{
+    id: alepha206.TString;
+    name: alepha206.TOptional<alepha206.TString>;
+    email: alepha206.TOptional<alepha206.TString>;
+    username: alepha206.TOptional<alepha206.TString>;
+    picture: alepha206.TOptional<alepha206.TString>;
+    sessionId: alepha206.TOptional<alepha206.TString>;
+    organizations: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
+    roles: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
   }>>;
-  api: alepha165.TObject<{
-    prefix: alepha165.TOptional<alepha165.TString>;
-    links: alepha165.TArray<alepha165.TObject<{
-      name: alepha165.TString;
-      group: alepha165.TOptional<alepha165.TString>;
-      path: alepha165.TString;
-      method: alepha165.TOptional<alepha165.TString>;
-      requestBodyType: alepha165.TOptional<alepha165.TString>;
-      service: alepha165.TOptional<alepha165.TString>;
-      rawSchema: alepha165.TOptional<alepha165.TObject<{
-        body: alepha165.TOptional<alepha165.TString>;
-        response: alepha165.TOptional<alepha165.TString>;
+  api: alepha206.TObject<{
+    prefix: alepha206.TOptional<alepha206.TString>;
+    links: alepha206.TArray<alepha206.TObject<{
+      name: alepha206.TString;
+      group: alepha206.TOptional<alepha206.TString>;
+      path: alepha206.TString;
+      method: alepha206.TOptional<alepha206.TString>;
+      requestBodyType: alepha206.TOptional<alepha206.TString>;
+      service: alepha206.TOptional<alepha206.TString>;
+      rawSchema: alepha206.TOptional<alepha206.TObject<{
+        body: alepha206.TOptional<alepha206.TString>;
+        response: alepha206.TOptional<alepha206.TString>;
       }>>;
     }>>;
   }>;
 }>;
 type UserinfoResponse = Static<typeof userinfoResponseSchema>;
 //#endregion
+//#region ../../../../node_modules/oauth4webapi/build/index.d.ts
+/**
+ * JSON Object
+ */
+type JsonObject = { [Key in string]?: JsonValue };
+/**
+ * JSON Array
+ */
+type JsonArray = JsonValue[];
+/**
+ * JSON Primitives
+ */
+type JsonPrimitive = string | number | boolean | null;
+/**
+ * JSON Values
+ */
+type JsonValue = JsonPrimitive | JsonObject | JsonArray;
+/**
+ * Use to adjust the assumed current time. Positive and negative finite values representing seconds
+ * are allowed. Default is `0` (Date.now() + 0 seconds is used).
+ *
+ * @example
+ *
+ * When the local clock is mistakenly 1 hour in the past
+ *
+ * ```ts
+ * let client: oauth.Client = {
+ *   client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428',
+ *   // ... other metadata
+ *   [oauth.clockSkew]: +(60 * 60),
+ * }
+ * ```
+ *
+ * @example
+ *
+ * When the local clock is mistakenly 1 hour in the future
+ *
+ * ```ts
+ * let client: oauth.Client = {
+ *   client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428',
+ *   // ... other metadata
+ *   [oauth.clockSkew]: -(60 * 60),
+ * }
+ * ```
+ */
+declare const clockSkew: unique symbol;
+/**
+ * Use to set allowed clock tolerance when checking DateTime JWT Claims. Only positive finite values
+ * representing seconds are allowed. Default is `30` (30 seconds).
+ *
+ * @example
+ *
+ * Tolerate 30 seconds clock skew when validating JWT claims like exp or nbf.
+ *
+ * ```ts
+ * let client: oauth.Client = {
+ *   client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428',
+ *   // ... other metadata
+ *   [oauth.clockTolerance]: 30,
+ * }
+ * ```
+ */
+declare const clockTolerance: unique symbol;
+/**
+ * When configured on an interface that extends {@link HttpRequestOptions}, this applies to `options`
+ * parameter for functions that may trigger HTTP requests, this replaces the use of global fetch. As
+ * a fetch replacement the arguments and expected return are the same as fetch.
+ *
+ * In theory any module that claims to be compatible with the Fetch API can be used but your mileage
+ * may vary. No workarounds to allow use of non-conform {@link !Response}s will be considered.
+ *
+ * If you only need to update the {@link !Request} properties you do not need to use a Fetch API
+ * module, just change what you need and pass it to globalThis.fetch just like this module would
+ * normally do.
+ *
+ * Its intended use cases are:
+ *
+ * - {@link !Request}/{@link !Response} tracing and logging
+ * - Custom caching strategies for responses of Authorization Server Metadata and JSON Web Key Set
+ *   (JWKS) endpoints
+ * - Changing the {@link !Request} properties like headers, body, credentials, mode before it is passed
+ *   to fetch
+ *
+ * Known caveats:
+ *
+ * - Expect Type-related issues when passing the inputs through to fetch-like modules, they hardly
+ *   ever get their typings inline with actual fetch, you should `@ts-expect-error` them.
+ *
+ * @example
+ *
+ * Using [sindresorhus/ky](https://github.com/sindresorhus/ky) for retries and its hooks feature for
+ * logging outgoing requests and their responses.
+ *
+ * ```js
+ * import ky from 'ky'
+ *
+ * // example use
+ * await oauth.discoveryRequest(new URL('https://as.example.com'), {
+ *   [oauth.customFetch]: (...args) =>
+ *     ky(args[0], {
+ *       ...args[1],
+ *       hooks: {
+ *         beforeRequest: [
+ *           (request) => {
+ *             logRequest(request)
+ *           },
+ *         ],
+ *         beforeRetry: [
+ *           ({ request, error, retryCount }) => {
+ *             logRetry(request, error, retryCount)
+ *           },
+ *         ],
+ *         afterResponse: [
+ *           (request, _, response) => {
+ *             logResponse(request, response)
+ *           },
+ *         ],
+ *       },
+ *     }),
+ * })
+ * ```
+ *
+ * @example
+ *
+ * Using [nodejs/undici](https://github.com/nodejs/undici) to detect and use HTTP proxies.
+ *
+ * ```ts
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/EnvHttpProxyAgent
+ * let envHttpProxyAgent = new undici.EnvHttpProxyAgent()
+ *
+ * // example use
+ * await oauth.discoveryRequest(new URL('https://as.example.com'), {
+ *   // @ts-ignore
+ *   [oauth.customFetch](...args) {
+ *     return undici.fetch(args[0], { ...args[1], dispatcher: envHttpProxyAgent }) // prettier-ignore
+ *   },
+ * })
+ * ```
+ *
+ * @example
+ *
+ * Using [nodejs/undici](https://github.com/nodejs/undici) to automatically retry network errors.
+ *
+ * ```ts
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/RetryAgent
+ * let retryAgent = new undici.RetryAgent(new undici.Agent(), {
+ *   statusCodes: [],
+ *   errorCodes: [
+ *     'ECONNRESET',
+ *     'ECONNREFUSED',
+ *     'ENOTFOUND',
+ *     'ENETDOWN',
+ *     'ENETUNREACH',
+ *     'EHOSTDOWN',
+ *     'UND_ERR_SOCKET',
+ *   ],
+ * })
+ *
+ * // example use
+ * await oauth.discoveryRequest(new URL('https://as.example.com'), {
+ *   // @ts-ignore
+ *   [oauth.customFetch](...args) {
+ *     return undici.fetch(args[0], { ...args[1], dispatcher: retryAgent }) // prettier-ignore
+ *   },
+ * })
+ * ```
+ *
+ * @example
+ *
+ * Using [nodejs/undici](https://github.com/nodejs/undici) to mock responses in tests.
+ *
+ * ```ts
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/MockAgent
+ * let mockAgent = new undici.MockAgent()
+ * mockAgent.disableNetConnect()
+ *
+ * // example use
+ * await oauth.discoveryRequest(new URL('https://as.example.com'), {
+ *   // @ts-ignore
+ *   [oauth.customFetch](...args) {
+ *     return undici.fetch(args[0], { ...args[1], dispatcher: mockAgent }) // prettier-ignore
+ *   },
+ * })
+ * ```
+ */
+declare const customFetch$1: unique symbol;
+/**
+ * Authorization Server Metadata
+ *
+ * @group Authorization Server Metadata
+ *
+ * @see [IANA OAuth Authorization Server Metadata registry](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata)
+ */
+interface AuthorizationServer {
+  /**
+   * Authorization server's Issuer Identifier URL.
+   */
+  readonly issuer: string;
+  /**
+   * URL of the authorization server's authorization endpoint.
+   */
+  readonly authorization_endpoint?: string;
+  /**
+   * URL of the authorization server's token endpoint.
+   */
+  readonly token_endpoint?: string;
+  /**
+   * URL of the authorization server's JWK Set document.
+   */
+  readonly jwks_uri?: string;
+  /**
+   * URL of the authorization server's Dynamic Client Registration Endpoint.
+   */
+  readonly registration_endpoint?: string;
+  /**
+   * JSON array containing a list of the `scope` values that this authorization server supports.
+   */
+  readonly scopes_supported?: string[];
+  /**
+   * JSON array containing a list of the `response_type` values that this authorization server
+   * supports.
+   */
+  readonly response_types_supported?: string[];
+  /**
+   * JSON array containing a list of the `response_mode` values that this authorization server
+   * supports.
+   */
+  readonly response_modes_supported?: string[];
+  /**
+   * JSON array containing a list of the `grant_type` values that this authorization server
+   * supports.
+   */
+  readonly grant_types_supported?: string[];
+  /**
+   * JSON array containing a list of client authentication methods supported by this token endpoint.
+   */
+  readonly token_endpoint_auth_methods_supported?: string[];
+  /**
+   * JSON array containing a list of the JWS signing algorithms supported by the token endpoint for
+   * the signature on the JWT used to authenticate the client at the token endpoint.
+   */
+  readonly token_endpoint_auth_signing_alg_values_supported?: string[];
+  /**
+   * URL of a page containing human-readable information that developers might want or need to know
+   * when using the authorization server.
+   */
+  readonly service_documentation?: string;
+  /**
+   * Languages and scripts supported for the user interface, represented as a JSON array of language
+   * tag values from RFC 5646.
+   */
+  readonly ui_locales_supported?: string[];
+  /**
+   * URL that the authorization server provides to the person registering the client to read about
+   * the authorization server's requirements on how the client can use the data provided by the
+   * authorization server.
+   */
+  readonly op_policy_uri?: string;
+  /**
+   * URL that the authorization server provides to the person registering the client to read about
+   * the authorization server's terms of service.
+   */
+  readonly op_tos_uri?: string;
+  /**
+   * URL of the authorization server's revocation endpoint.
+   */
+  readonly revocation_endpoint?: string;
+  /**
+   * JSON array containing a list of client authentication methods supported by this revocation
+   * endpoint.
+   */
+  readonly revocation_endpoint_auth_methods_supported?: string[];
+  /**
+   * JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint
+   * for the signature on the JWT used to authenticate the client at the revocation endpoint.
+   */
+  readonly revocation_endpoint_auth_signing_alg_values_supported?: string[];
+  /**
+   * URL of the authorization server's introspection endpoint.
+   */
+  readonly introspection_endpoint?: string;
+  /**
+   * JSON array containing a list of client authentication methods supported by this introspection
+   * endpoint.
+   */
+  readonly introspection_endpoint_auth_methods_supported?: string[];
+  /**
+   * JSON array containing a list of the JWS signing algorithms supported by the introspection
+   * endpoint for the signature on the JWT used to authenticate the client at the introspection
+   * endpoint.
+   */
+  readonly introspection_endpoint_auth_signing_alg_values_supported?: string[];
+  /**
+   * PKCE code challenge methods supported by this authorization server.
+   */
+  readonly code_challenge_methods_supported?: string[];
+  /**
+   * Signed JWT containing metadata values about the authorization server as claims.
+   */
+  readonly signed_metadata?: string;
+  /**
+   * URL of the authorization server's device authorization endpoint.
+   */
+  readonly device_authorization_endpoint?: string;
+  /**
+   * Indicates authorization server support for mutual-TLS client certificate-bound access tokens.
+   */
+  readonly tls_client_certificate_bound_access_tokens?: boolean;
+  /**
+   * JSON object containing alternative authorization server endpoints, which a client intending to
+   * do mutual TLS will use in preference to the conventional endpoints.
+   */
+  readonly mtls_endpoint_aliases?: MTLSEndpointAliases;
+  /**
+   * URL of the authorization server's UserInfo Endpoint.
+   */
+  readonly userinfo_endpoint?: string;
+  /**
+   * JSON array containing a list of the Authentication Context Class References that this
+   * authorization server supports.
+   */
+  readonly acr_values_supported?: string[];
+  /**
+   * JSON array containing a list of the Subject Identifier types that this authorization server
+   * supports.
+   */
+  readonly subject_types_supported?: string[];
+  /**
+   * JSON array containing a list of the JWS `alg` values supported by the authorization server for
+   * the ID Token.
+   */
+  readonly id_token_signing_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWE `alg` values supported by the authorization server for
+   * the ID Token.
+   */
+  readonly id_token_encryption_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWE `enc` values supported by the authorization server for
+   * the ID Token.
+   */
+  readonly id_token_encryption_enc_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWS `alg` values supported by the UserInfo Endpoint.
+   */
+  readonly userinfo_signing_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWE `alg` values supported by the UserInfo Endpoint.
+   */
+  readonly userinfo_encryption_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWE `enc` values supported by the UserInfo Endpoint.
+   */
+  readonly userinfo_encryption_enc_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWS `alg` values supported by the authorization server for
+   * Request Objects.
+   */
+  readonly request_object_signing_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWE `alg` values supported by the authorization server for
+   * Request Objects.
+   */
+  readonly request_object_encryption_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of the JWE `enc` values supported by the authorization server for
+   * Request Objects.
+   */
+  readonly request_object_encryption_enc_values_supported?: string[];
+  /**
+   * JSON array containing a list of the `display` parameter values that the authorization server
+   * supports.
+   */
+  readonly display_values_supported?: string[];
+  /**
+   * JSON array containing a list of the Claim Types that the authorization server supports.
+   */
+  readonly claim_types_supported?: string[];
+  /**
+   * JSON array containing a list of the Claim Names of the Claims that the authorization server MAY
+   * be able to supply values for.
+   */
+  readonly claims_supported?: string[];
+  /**
+   * Languages and scripts supported for values in Claims being returned, represented as a JSON
+   * array of RFC 5646 language tag values.
+   */
+  readonly claims_locales_supported?: string[];
+  /**
+   * Boolean value specifying whether the authorization server supports use of the `claims`
+   * parameter.
+   */
+  readonly claims_parameter_supported?: boolean;
+  /**
+   * Boolean value specifying whether the authorization server supports use of the `request`
+   * parameter.
+   */
+  readonly request_parameter_supported?: boolean;
+  /**
+   * Boolean value specifying whether the authorization server supports use of the `request_uri`
+   * parameter.
+   */
+  readonly request_uri_parameter_supported?: boolean;
+  /**
+   * Boolean value specifying whether the authorization server requires any `request_uri` values
+   * used to be pre-registered.
+   */
+  readonly require_request_uri_registration?: boolean;
+  /**
+   * Indicates where authorization request needs to be protected as Request Object and provided
+   * through either `request` or `request_uri` parameter.
+   */
+  readonly require_signed_request_object?: boolean;
+  /**
+   * URL of the authorization server's pushed authorization request endpoint.
+   */
+  readonly pushed_authorization_request_endpoint?: string;
+  /**
+   * Indicates whether the authorization server accepts authorization requests only via PAR.
+   */
+  readonly require_pushed_authorization_requests?: boolean;
+  /**
+   * JSON array containing a list of algorithms supported by the authorization server for
+   * introspection response signing.
+   */
+  readonly introspection_signing_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of algorithms supported by the authorization server for
+   * introspection response content key encryption (`alg` value).
+   */
+  readonly introspection_encryption_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of algorithms supported by the authorization server for
+   * introspection response content encryption (`enc` value).
+   */
+  readonly introspection_encryption_enc_values_supported?: string[];
+  /**
+   * Boolean value indicating whether the authorization server provides the `iss` parameter in the
+   * authorization response.
+   */
+  readonly authorization_response_iss_parameter_supported?: boolean;
+  /**
+   * JSON array containing a list of algorithms supported by the authorization server for
+   * introspection response signing.
+   */
+  readonly authorization_signing_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of algorithms supported by the authorization server for
+   * introspection response encryption (`alg` value).
+   */
+  readonly authorization_encryption_alg_values_supported?: string[];
+  /**
+   * JSON array containing a list of algorithms supported by the authorization server for
+   * introspection response encryption (`enc` value).
+   */
+  readonly authorization_encryption_enc_values_supported?: string[];
+  /**
+   * CIBA Backchannel Authentication Endpoint.
+   */
+  readonly backchannel_authentication_endpoint?: string;
+  /**
+   * JSON array containing a list of the JWS signing algorithms supported for validation of signed
+   * CIBA authentication requests.
+   */
+  readonly backchannel_authentication_request_signing_alg_values_supported?: string[];
+  /**
+   * Supported CIBA authentication result delivery modes.
+   */
+  readonly backchannel_token_delivery_modes_supported?: string[];
+  /**
+   * Indicates whether the authorization server supports the use of the CIBA `user_code` parameter.
+   */
+  readonly backchannel_user_code_parameter_supported?: boolean;
+  /**
+   * URL of an authorization server iframe that supports cross-origin communications for session
+   * state information with the RP Client, using the HTML5 postMessage API.
+   */
+  readonly check_session_iframe?: string;
+  /**
+   * JSON array containing a list of the JWS algorithms supported for DPoP Proof JWTs.
+   */
+  readonly dpop_signing_alg_values_supported?: string[];
+  /**
+   * URL at the authorization server to which an RP can perform a redirect to request that the
+   * End-User be logged out at the authorization server.
+   */
+  readonly end_session_endpoint?: string;
+  /**
+   * Boolean value specifying whether the authorization server can pass `iss` (issuer) and `sid`
+   * (session ID) query parameters to identify the RP session with the authorization server when the
+   * `frontchannel_logout_uri` is used.
+   */
+  readonly frontchannel_logout_session_supported?: boolean;
+  /**
+   * Boolean value specifying whether the authorization server supports HTTP-based logout.
+   */
+  readonly frontchannel_logout_supported?: boolean;
+  /**
+   * Boolean value specifying whether the authorization server can pass a `sid` (session ID) Claim
+   * in the Logout Token to identify the RP session with the OP.
+   */
+  readonly backchannel_logout_session_supported?: boolean;
+  /**
+   * Boolean value specifying whether the authorization server supports back-channel logout.
+   */
+  readonly backchannel_logout_supported?: boolean;
+  /**
+   * JSON array containing a list of resource identifiers for OAuth protected resources.
+   */
+  readonly protected_resources?: string[];
+  readonly [metadata: string]: JsonValue | undefined;
+}
+interface MTLSEndpointAliases extends Pick<AuthorizationServer, 'backchannel_authentication_endpoint' | 'device_authorization_endpoint' | 'introspection_endpoint' | 'pushed_authorization_request_endpoint' | 'revocation_endpoint' | 'token_endpoint' | 'userinfo_endpoint'> {
+  readonly [metadata: string]: string | undefined;
+}
+/**
+ * Recognized Client Metadata that have an effect on the exposed functionality.
+ *
+ * @see [IANA OAuth Client Registration Metadata registry](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata)
+ */
+interface Client {
+  /**
+   * Client identifier.
+   */
+  client_id: string;
+  /**
+   * JWS `alg` algorithm required for signing the ID Token issued to this Client. When not
+   * configured the default is to allow only algorithms listed in
+   * {@link AuthorizationServer.id_token_signing_alg_values_supported `as.id_token_signing_alg_values_supported`}
+   * and fall back to `RS256` when the authorization server metadata is not set.
+   */
+  id_token_signed_response_alg?: string;
+  /**
+   * JWS `alg` algorithm required for signing authorization responses. When not configured the
+   * default is to allow only algorithms listed in
+   * {@link AuthorizationServer.authorization_signing_alg_values_supported `as.authorization_signing_alg_values_supported`}
+   * and fall back to `RS256` when the authorization server metadata is not set.
+   */
+  authorization_signed_response_alg?: string;
+  /**
+   * Boolean value specifying whether the {@link IDToken.auth_time `auth_time`} Claim in the ID Token
+   * is REQUIRED. Default is `false`.
+   */
+  require_auth_time?: boolean;
+  /**
+   * JWS `alg` algorithm REQUIRED for signing UserInfo Responses. When not configured the default is
+   * to allow only algorithms listed in
+   * {@link AuthorizationServer.userinfo_signing_alg_values_supported `as.userinfo_signing_alg_values_supported`}
+   * and fail otherwise.
+   */
+  userinfo_signed_response_alg?: string;
+  /**
+   * JWS `alg` algorithm REQUIRED for signed introspection responses. When not configured the
+   * default is to allow only algorithms listed in
+   * {@link AuthorizationServer.introspection_signing_alg_values_supported `as.introspection_signing_alg_values_supported`}
+   * and fall back to `RS256` when the authorization server metadata is not set.
+   */
+  introspection_signed_response_alg?: string;
+  /**
+   * Default Maximum Authentication Age.
+   */
+  default_max_age?: number;
+  /**
+   * Indicates the requirement for a client to use mutual TLS endpoint aliases defined by the AS
+   * where present. Default is `false`.
+   *
+   * When combined with {@link customFetch} (to use a Fetch API implementation that supports client
+   * certificates) this can be used to target security profiles that utilize Mutual-TLS for either
+   * client authentication or sender constraining.
+   *
+   * @example
+   *
+   * (Node.js) Using [nodejs/undici](https://github.com/nodejs/undici) for Mutual-TLS Client
+   * Authentication and Certificate-Bound Access Tokens support.
+   *
+   * ```ts
+   * import * as undici from 'undici'
+   *
+   * let as!: oauth.AuthorizationServer
+   * let client!: oauth.Client & { use_mtls_endpoint_aliases: true }
+   * let params!: URLSearchParams
+   * let key!: string // PEM-encoded key
+   * let cert!: string // PEM-encoded certificate
+   *
+   * let clientAuth = oauth.TlsClientAuth()
+   * let agent = new undici.Agent({ connect: { key, cert } })
+   *
+   * let response = await oauth.pushedAuthorizationRequest(as, client, clientAuth, params, {
+   *   // @ts-ignore
+   *   [oauth.customFetch]: (...args) =>
+   *     undici.fetch(args[0], { ...args[1], dispatcher: agent }),
+   * })
+   * ```
+   *
+   * @example
+   *
+   * (Deno) Using Deno.createHttpClient API for Mutual-TLS Client Authentication and
+   * Certificate-Bound Access Tokens support.
+   *
+   * ```ts
+   * let as!: oauth.AuthorizationServer
+   * let client!: oauth.Client & { use_mtls_endpoint_aliases: true }
+   * let params!: URLSearchParams
+   * let key!: string // PEM-encoded key
+   * let cert!: string // PEM-encoded certificate
+   *
+   * let clientAuth = oauth.TlsClientAuth()
+   * // @ts-ignore
+   * let agent = Deno.createHttpClient({ key, cert })
+   *
+   * let response = await oauth.pushedAuthorizationRequest(as, client, clientAuth, params, {
+   *   // @ts-ignore
+   *   [oauth.customFetch]: (...args) => fetch(args[0], { ...args[1], client: agent }),
+   * })
+   * ```
+   *
+   * @see [RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://www.rfc-editor.org/rfc/rfc8705.html)
+   */
+  use_mtls_endpoint_aliases?: boolean;
+  /**
+   * See {@link clockSkew}.
+   */
+  [clockSkew]?: number;
+  /**
+   * See {@link clockTolerance}.
+   */
+  [clockTolerance]?: number;
+  [metadata: string]: JsonValue | undefined;
+}
+/**
+ * Removes all Symbol properties from a type
+ */
+type OmitSymbolProperties<T> = { [K in keyof T as K extends symbol ? never : K]: T[K] };
+//#endregion
+//#region ../../../../node_modules/openid-client/build/index.d.ts
+/**
+ * Implementation of the Client's Authentication Method at the Authorization
+ * Server.
+ *
+ * The default is {@link ClientSecretPost} if {@link ClientMetadata.client_secret}
+ * is present, {@link None} otherwise.
+ *
+ * Other Client Authentication Methods must be provided explicitly and their
+ * implementations are linked below.
+ *
+ * @see {@link ClientSecretBasic}
+ * @see {@link ClientSecretJwt}
+ * @see {@link ClientSecretPost}
+ * @see {@link None}
+ * @see {@link PrivateKeyJwt}
+ * @see {@link TlsClientAuth}
+ */
+type ClientAuth = (as: ServerMetadata, client: ClientMetadata, body: URLSearchParams, headers: Headers) => void;
+/**
+ * When set on a {@link Configuration}, this replaces the use of global fetch. As
+ * a fetch replacement the arguments and expected return are the same as fetch.
+ *
+ * In theory any module that claims to be compatible with the
+ * {@link !fetch Fetch API} can be used but your mileage may vary. No workarounds
+ * to allow use of non-conform {@link !Response} instances will be considered.
+ *
+ * If you only need to update the {@link !Request} properties you do not need to
+ * use a {@link !fetch Fetch API} module, just change what you need and pass it
+ * to globalThis.fetch just like this module would normally do.
+ *
+ * Its intended use cases are:
+ *
+ * - {@link !Request}/{@link !Response} tracing and logging
+ * - Custom caching strategies
+ * - Changing the {@link !Request} properties like headers, body, credentials, mode
+ *   before it is passed to fetch
+ *
+ * Known caveats:
+ *
+ * - Expect Type-related issues when passing the inputs through to fetch-like
+ *   modules, they hardly ever get their typings inline with actual fetch, you
+ *   should `@ts-expect-error` them.
+ *
+ * @example
+ *
+ * Using [sindresorhus/ky](https://github.com/sindresorhus/ky) for retries and
+ * its hooks feature for logging outgoing requests and their responses.
+ *
+ * ```ts
+ * import ky from 'ky'
+ *
+ * let config!: client.Configuration
+ * let logRequest!: (request: Request) => void
+ * let logResponse!: (request: Request, response: Response) => void
+ * let logRetry!: (
+ *   request: Request,
+ *   error: Error,
+ *   retryCount: number,
+ * ) => void
+ *
+ * config[client.customFetch] = (...args) =>
+ *   // @ts-expect-error
+ *   ky(args[0], {
+ *     ...args[1],
+ *     hooks: {
+ *       beforeRequest: [
+ *         (request) => {
+ *           logRequest(request)
+ *         },
+ *       ],
+ *       beforeRetry: [
+ *         ({ request, error, retryCount }) => {
+ *           logRetry(request, error, retryCount)
+ *         },
+ *       ],
+ *       afterResponse: [
+ *         (request, _, response) => {
+ *           logResponse(request, response)
+ *         },
+ *       ],
+ *     },
+ *   })
+ * ```
+ *
+ * @example
+ *
+ * Using [nodejs/undici](https://github.com/nodejs/undici) to detect and use
+ * HTTP proxies.
+ *
+ * ```ts
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/EnvHttpProxyAgent
+ * let envHttpProxyAgent = new undici.EnvHttpProxyAgent()
+ *
+ * let config!: client.Configuration
+ *
+ * // @ts-ignore
+ * config[client.customFetch] = (...args) => {
+ *   // @ts-ignore
+ *   return undici.fetch(args[0], { ...args[1], dispatcher: envHttpProxyAgent }) // prettier-ignore
+ * }
+ * ```
+ *
+ * @example
+ *
+ * Using [nodejs/undici](https://github.com/nodejs/undici) to automatically
+ * retry network errors.
+ *
+ * ```ts
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/RetryAgent
+ * let retryAgent = new undici.RetryAgent(new undici.Agent(), {
+ *   statusCodes: [],
+ *   errorCodes: [
+ *     'ECONNRESET',
+ *     'ECONNREFUSED',
+ *     'ENOTFOUND',
+ *     'ENETDOWN',
+ *     'ENETUNREACH',
+ *     'EHOSTDOWN',
+ *     'UND_ERR_SOCKET',
+ *   ],
+ * })
+ *
+ * let config!: client.Configuration
+ *
+ * // @ts-ignore
+ * config[client.customFetch] = (...args) => {
+ *   // @ts-ignore
+ *   return undici.fetch(args[0], { ...args[1], dispatcher: retryAgent }) // prettier-ignore
+ * }
+ * ```
+ *
+ * @example
+ *
+ * Using [nodejs/undici](https://github.com/nodejs/undici) to mock responses in
+ * tests.
+ *
+ * ```ts
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/MockAgent
+ * let mockAgent = new undici.MockAgent()
+ * mockAgent.disableNetConnect()
+ *
+ * let config!: client.Configuration
+ *
+ * // @ts-ignore
+ * config[client.customFetch] = (...args) => {
+ *   // @ts-ignore
+ *   return undici.fetch(args[0], { ...args[1], dispatcher: mockAgent }) // prettier-ignore
+ * }
+ * ```
+ */
+declare const customFetch: typeof customFetch$1;
+type FetchBody = ArrayBuffer | null | ReadableStream | string | Uint8Array | undefined | URLSearchParams;
+/**
+ * A subset of the [IANA OAuth Client Metadata
+ * registry](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata)
+ * that has an effect on how the Client functions
+ *
+ * @group You are probably looking for this
+ */
+interface ClientMetadata extends Client {
+  /**
+   * Client secret.
+   */
+  client_secret?: string;
+  /**
+   * Indicates the requirement for a client to use mutual TLS endpoint aliases
+   * indicated by the
+   * {@link ServerMetadata.mtls_endpoint_aliases Authorization Server Metadata}.
+   * Default is `false`.
+   *
+   * When combined with {@link customFetch} (to use a {@link !fetch Fetch API}
+   * implementation that supports client certificates) this can be used to
+   * target security profiles that utilize Mutual-TLS for either client
+   * authentication or sender constraining.
+   *
+   * @example
+   *
+   * (Node.js) Using [nodejs/undici](https://github.com/nodejs/undici) for
+   * Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
+   * support.
+   *
+   * ```ts
+   * import * as undici from 'undici'
+   *
+   * let config!: client.Configuration
+   * let key!: string // PEM-encoded key
+   * let cert!: string // PEM-encoded certificate
+   *
+   * let agent = new undici.Agent({ connect: { key, cert } })
+   *
+   * config[client.customFetch] = (...args) =>
+   *   // @ts-expect-error
+   *   undici.fetch(args[0], { ...args[1], dispatcher: agent })
+   * ```
+   *
+   * @example
+   *
+   * (Deno) Using Deno.createHttpClient API for Mutual-TLS Client Authentication
+   * and Certificate-Bound Access Tokens support.
+   *
+   * ```ts
+   * let config!: client.Configuration
+   * let key!: string // PEM-encoded key
+   * let cert!: string // PEM-encoded certificate
+   *
+   * // @ts-expect-error
+   * let agent = Deno.createHttpClient({ key, cert })
+   *
+   * config[client.customFetch] = (...args) =>
+   *   // @ts-expect-error
+   *   fetch(args[0], { ...args[1], client: agent })
+   * ```
+   *
+   * @see [RFC 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://www.rfc-editor.org/rfc/rfc8705.html)
+   */
+  use_mtls_endpoint_aliases?: boolean;
+}
+/**
+ * Authorization Server Metadata
+ *
+ * @group You are probably looking for this
+ *
+ * @see [IANA OAuth Authorization Server Metadata registry](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata)
+ */
+interface ServerMetadata extends AuthorizationServer {}
+interface ServerMetadataHelpers {
+  /**
+   * Determines whether the Authorization Server supports a given Code Challenge
+   * Method
+   *
+   * @param method Code Challenge Method. Default is `S256`
+   */
+  supportsPKCE(method?: string): boolean;
+}
+/**
+ * Public methods available on a {@link Configuration} instance
+ */
+interface ConfigurationMethods {
+  /**
+   * Used to retrieve the Authorization Server Metadata
+   */
+  serverMetadata(): Readonly<ServerMetadata> & ServerMetadataHelpers;
+  /**
+   * Used to retrieve the Client Metadata
+   */
+  clientMetadata(): Readonly<OmitSymbolProperties<ClientMetadata>>;
+}
+interface CustomFetchOptions {
+  /**
+   * The request body content to send to the server
+   */
+  body: FetchBody;
+  /**
+   * HTTP Headers
+   */
+  headers: Record<string, string>;
+  /**
+   * The
+   * {@link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods request method}
+   */
+  method: string;
+  /**
+   * See {@link !Request.redirect}
+   */
+  redirect: 'manual';
+  /**
+   * An AbortSignal configured as per the {@link ConfigurationProperties.timeout}
+   * value
+   */
+  signal?: AbortSignal;
+}
+/**
+ * @see {@link customFetch}
+ */
+type CustomFetch = (
+/**
+ * URL the request is being made sent to {@link !fetch} as the `resource`
+ * argument
+ */
+url: string,
+/**
+ * Options otherwise sent to {@link !fetch} as the `options` argument
+ */
+options: CustomFetchOptions) => Promise<Response>;
+/**
+ * Public properties available on a {@link Configuration} instance
+ */
+interface ConfigurationProperties {
+  /**
+   * Custom {@link !fetch Fetch API} implementation to use for the HTTP Requests
+   * the client will be making.
+   *
+   * @see {@link customFetch}
+   */
+  [customFetch]?: CustomFetch;
+  /**
+   * Timeout (in seconds) for the HTTP Requests the client will be making.
+   * Default is `30` (seconds)
+   */
+  timeout?: number;
+}
+/**
+ * Configuration is an abstraction over the
+ * {@link ServerMetadata OAuth 2.0 Authorization Server metadata} and
+ * {@link ClientMetadata OAuth 2.0 Client metadata}
+ *
+ * Configuration instances are obtained either through
+ *
+ * - (RECOMMENDED) the {@link discovery} function that discovers the
+ *   {@link ServerMetadata OAuth 2.0 Authorization Server metadata} using the
+ *   Authorization Server's Issuer Identifier, or
+ * - The {@link Configuration} constructor if the
+ *   {@link ServerMetadata OAuth 2.0 Authorization Server metadata} is known
+ *   upfront
+ *
+ * @example
+ *
+ * (RECOMMENDED) Setting up a Configuration with a Server Metadata discovery
+ * step
+ *
+ * ```ts
+ * let server!: URL
+ * let clientId!: string
+ * let clientSecret!: string | undefined
+ *
+ * let config = await client.discovery(server, clientId, clientSecret)
+ * ```
+ *
+ * @example
+ *
+ * Setting up a Configuration with a constructor
+ *
+ * ```ts
+ * let server!: client.ServerMetadata
+ * let clientId!: string
+ * let clientSecret!: string | undefined
+ *
+ * let config = new client.Configuration(server, clientId, clientSecret)
+ * ```
+ *
+ * @group Configuration
+ */
+declare class Configuration implements ConfigurationMethods, ConfigurationProperties {
+  /**
+   * @param server Authorization Server Metadata
+   * @param clientId Client Identifier at the Authorization Server
+   * @param metadata Client Metadata, when a string is passed it is a shorthand
+   *   for passing just {@link ClientMetadata.client_secret}.
+   * @param clientAuthentication Implementation of the Client's Authentication
+   *   Method at the Authorization Server. Default is {@link ClientSecretPost}
+   *   using the {@link ClientMetadata.client_secret}.
+   */
+  constructor(server: ServerMetadata, clientId: string, metadata?: Partial<ClientMetadata> | string, clientAuthentication?: ClientAuth);
+  /**
+   * @ignore
+   */
+  serverMetadata(): Readonly<ServerMetadata> & ServerMetadataHelpers;
+  /**
+   * @ignore
+   */
+  clientMetadata(): Readonly<OmitSymbolProperties<ClientMetadata>>;
+  /**
+   * @ignore
+   */
+  get timeout(): number | undefined;
+  /**
+   * @ignore
+   */
+  set timeout(value: number | undefined);
+  /**
+   * @ignore
+   */
+  get [customFetch](): CustomFetch | undefined;
+  /**
+   * @ignore
+   */
+  set [customFetch](value: CustomFetch);
+}
+//#endregion
 //#region ../../src/server/auth/providers/ServerAuthProvider.d.ts
 declare class ServerAuthProvider {
   protected readonly log: alepha_logger0.Logger;
@@ -116,35 +1141,35 @@ declare class ServerAuthProvider {
   protected readonly serverCookiesProvider: ServerCookiesProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly serverLinksProvider: ServerLinksProvider;
-  protected readonly authorizationCode: alepha_server_cookies0.AbstractCookiePrimitive<alepha165.TObject<{
-    provider: alepha165.TString;
-    realm: alepha165.TOptional<alepha165.TString>;
-    codeVerifier: alepha165.TOptional<alepha165.TString>;
-    redirectUri: alepha165.TOptional<alepha165.TString>;
-    state: alepha165.TOptional<alepha165.TString>;
-    nonce: alepha165.TOptional<alepha165.TString>;
+  protected readonly authorizationCode: alepha_server_cookies0.AbstractCookiePrimitive<alepha206.TObject<{
+    provider: alepha206.TString;
+    realm: alepha206.TOptional<alepha206.TString>;
+    codeVerifier: alepha206.TOptional<alepha206.TString>;
+    redirectUri: alepha206.TOptional<alepha206.TString>;
+    state: alepha206.TOptional<alepha206.TString>;
+    nonce: alepha206.TOptional<alepha206.TString>;
   }>>;
-  readonly tokens: alepha_server_cookies0.AbstractCookiePrimitive<alepha165.TObject<{
-    provider: alepha165.TString;
-    access_token: alepha165.TString;
-    issued_at: alepha165.TNumber;
-    expires_in: alepha165.TOptional<alepha165.TNumber>;
-    refresh_token: alepha165.TOptional<alepha165.TString>;
-    refresh_token_expires_in: alepha165.TOptional<alepha165.TNumber>;
-    refresh_expires_in: alepha165.TOptional<alepha165.TNumber>;
-    id_token: alepha165.TOptional<alepha165.TString>;
-    scope: alepha165.TOptional<alepha165.TString>;
+  readonly tokens: alepha_server_cookies0.AbstractCookiePrimitive<alepha206.TObject<{
+    provider: alepha206.TString;
+    access_token: alepha206.TString;
+    issued_at: alepha206.TNumber;
+    expires_in: alepha206.TOptional<alepha206.TNumber>;
+    refresh_token: alepha206.TOptional<alepha206.TString>;
+    refresh_token_expires_in: alepha206.TOptional<alepha206.TNumber>;
+    refresh_expires_in: alepha206.TOptional<alepha206.TNumber>;
+    id_token: alepha206.TOptional<alepha206.TString>;
+    scope: alepha206.TOptional<alepha206.TString>;
   }>>;
   get identities(): Array<AuthPrimitive>;
   getAuthenticationProviders(filters?: {
     realmName?: string;
   }): AuthenticationProvider[];
-  protected readonly configure: alepha165.HookPrimitive<"configure">;
+  protected readonly configure: alepha206.HookPrimitive<"configure">;
   protected getAccessTokens(tokens: Tokens): string | undefined;
   /**
    * Fill request headers with access token from cookies or fallback to provider's fallback function.
    */
-  protected readonly onRequest: alepha165.HookPrimitive<"server:onRequest">;
+  protected readonly onRequest: alepha206.HookPrimitive<"server:onRequest">;
   /**
    * Convert cookies to tokens.
    * If the tokens are expired, try to refresh them using the refresh token.
@@ -155,29 +1180,29 @@ declare class ServerAuthProvider {
    * Get user information.
    */
   readonly userinfo: alepha_server0.RoutePrimitive<{
-    response: alepha165.TObject<{
-      user: alepha165.TOptional<alepha165.TObject<{
-        id: alepha165.TString;
-        name: alepha165.TOptional<alepha165.TString>;
-        email: alepha165.TOptional<alepha165.TString>;
-        username: alepha165.TOptional<alepha165.TString>;
-        picture: alepha165.TOptional<alepha165.TString>;
-        sessionId: alepha165.TOptional<alepha165.TString>;
-        organizations: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
-        roles: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
+    response: alepha206.TObject<{
+      user: alepha206.TOptional<alepha206.TObject<{
+        id: alepha206.TString;
+        name: alepha206.TOptional<alepha206.TString>;
+        email: alepha206.TOptional<alepha206.TString>;
+        username: alepha206.TOptional<alepha206.TString>;
+        picture: alepha206.TOptional<alepha206.TString>;
+        sessionId: alepha206.TOptional<alepha206.TString>;
+        organizations: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
+        roles: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
       }>>;
-      api: alepha165.TObject<{
-        prefix: alepha165.TOptional<alepha165.TString>;
-        links: alepha165.TArray<alepha165.TObject<{
-          name: alepha165.TString;
-          group: alepha165.TOptional<alepha165.TString>;
-          path: alepha165.TString;
-          method: alepha165.TOptional<alepha165.TString>;
-          requestBodyType: alepha165.TOptional<alepha165.TString>;
-          service: alepha165.TOptional<alepha165.TString>;
-          rawSchema: alepha165.TOptional<alepha165.TObject<{
-            body: alepha165.TOptional<alepha165.TString>;
-            response: alepha165.TOptional<alepha165.TString>;
+      api: alepha206.TObject<{
+        prefix: alepha206.TOptional<alepha206.TString>;
+        links: alepha206.TArray<alepha206.TObject<{
+          name: alepha206.TString;
+          group: alepha206.TOptional<alepha206.TString>;
+          path: alepha206.TString;
+          method: alepha206.TOptional<alepha206.TString>;
+          requestBodyType: alepha206.TOptional<alepha206.TString>;
+          service: alepha206.TOptional<alepha206.TString>;
+          rawSchema: alepha206.TOptional<alepha206.TObject<{
+            body: alepha206.TOptional<alepha206.TString>;
+            response: alepha206.TOptional<alepha206.TString>;
           }>>;
         }>>;
       }>;
@@ -187,69 +1212,69 @@ declare class ServerAuthProvider {
    * Refresh a token for internal providers.
    */
   readonly refresh: alepha_server0.RoutePrimitive<{
-    query: alepha165.TObject<{
-      provider: alepha165.TString;
+    query: alepha206.TObject<{
+      provider: alepha206.TString;
     }>;
-    body: alepha165.TObject<{
-      refresh_token: alepha165.TString;
-      access_token: alepha165.TOptional<alepha165.TString>;
+    body: alepha206.TObject<{
+      refresh_token: alepha206.TString;
+      access_token: alepha206.TOptional<alepha206.TString>;
     }>;
-    response: alepha165.TObject<{
-      provider: alepha165.TString;
-      access_token: alepha165.TString;
-      issued_at: alepha165.TNumber;
-      expires_in: alepha165.TOptional<alepha165.TNumber>;
-      refresh_token: alepha165.TOptional<alepha165.TString>;
-      refresh_token_expires_in: alepha165.TOptional<alepha165.TNumber>;
-      refresh_expires_in: alepha165.TOptional<alepha165.TNumber>;
-      id_token: alepha165.TOptional<alepha165.TString>;
-      scope: alepha165.TOptional<alepha165.TString>;
+    response: alepha206.TObject<{
+      provider: alepha206.TString;
+      access_token: alepha206.TString;
+      issued_at: alepha206.TNumber;
+      expires_in: alepha206.TOptional<alepha206.TNumber>;
+      refresh_token: alepha206.TOptional<alepha206.TString>;
+      refresh_token_expires_in: alepha206.TOptional<alepha206.TNumber>;
+      refresh_expires_in: alepha206.TOptional<alepha206.TNumber>;
+      id_token: alepha206.TOptional<alepha206.TString>;
+      scope: alepha206.TOptional<alepha206.TString>;
     }>;
   }>;
   /**
    * Login for local password-based authentication.
    */
   readonly token: alepha_server0.RoutePrimitive<{
-    query: alepha165.TObject<{
-      provider: alepha165.TString;
-      realm: alepha165.TOptional<alepha165.TString>;
+    query: alepha206.TObject<{
+      provider: alepha206.TString;
+      realm: alepha206.TOptional<alepha206.TString>;
     }>;
-    body: alepha165.TObject<{
-      username: alepha165.TString;
-      password: alepha165.TString;
+    body: alepha206.TObject<{
+      username: alepha206.TString;
+      password: alepha206.TString;
     }>;
-    response: alepha165.TObject<{
-      provider: alepha165.TString;
-      access_token: alepha165.TString;
-      issued_at: alepha165.TNumber;
-      expires_in: alepha165.TOptional<alepha165.TNumber>;
-      refresh_token: alepha165.TOptional<alepha165.TString>;
-      refresh_token_expires_in: alepha165.TOptional<alepha165.TNumber>;
-      refresh_expires_in: alepha165.TOptional<alepha165.TNumber>;
-      id_token: alepha165.TOptional<alepha165.TString>;
-      scope: alepha165.TOptional<alepha165.TString>;
-      user: alepha165.TObject<{
-        id: alepha165.TString;
-        name: alepha165.TOptional<alepha165.TString>;
-        email: alepha165.TOptional<alepha165.TString>;
-        username: alepha165.TOptional<alepha165.TString>;
-        picture: alepha165.TOptional<alepha165.TString>;
-        sessionId: alepha165.TOptional<alepha165.TString>;
-        organizations: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
-        roles: alepha165.TOptional<alepha165.TArray<alepha165.TString>>;
+    response: alepha206.TObject<{
+      provider: alepha206.TString;
+      access_token: alepha206.TString;
+      issued_at: alepha206.TNumber;
+      expires_in: alepha206.TOptional<alepha206.TNumber>;
+      refresh_token: alepha206.TOptional<alepha206.TString>;
+      refresh_token_expires_in: alepha206.TOptional<alepha206.TNumber>;
+      refresh_expires_in: alepha206.TOptional<alepha206.TNumber>;
+      id_token: alepha206.TOptional<alepha206.TString>;
+      scope: alepha206.TOptional<alepha206.TString>;
+      user: alepha206.TObject<{
+        id: alepha206.TString;
+        name: alepha206.TOptional<alepha206.TString>;
+        email: alepha206.TOptional<alepha206.TString>;
+        username: alepha206.TOptional<alepha206.TString>;
+        picture: alepha206.TOptional<alepha206.TString>;
+        sessionId: alepha206.TOptional<alepha206.TString>;
+        organizations: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
+        roles: alepha206.TOptional<alepha206.TArray<alepha206.TString>>;
       }>;
-      api: alepha165.TObject<{
-        prefix: alepha165.TOptional<alepha165.TString>;
-        links: alepha165.TArray<alepha165.TObject<{
-          name: alepha165.TString;
-          group: alepha165.TOptional<alepha165.TString>;
-          path: alepha165.TString;
-          method: alepha165.TOptional<alepha165.TString>;
-          requestBodyType: alepha165.TOptional<alepha165.TString>;
-          service: alepha165.TOptional<alepha165.TString>;
-          rawSchema: alepha165.TOptional<alepha165.TObject<{
-            body: alepha165.TOptional<alepha165.TString>;
-            response: alepha165.TOptional<alepha165.TString>;
+      api: alepha206.TObject<{
+        prefix: alepha206.TOptional<alepha206.TString>;
+        links: alepha206.TArray<alepha206.TObject<{
+          name: alepha206.TString;
+          group: alepha206.TOptional<alepha206.TString>;
+          path: alepha206.TString;
+          method: alepha206.TOptional<alepha206.TString>;
+          requestBodyType: alepha206.TOptional<alepha206.TString>;
+          service: alepha206.TOptional<alepha206.TString>;
+          rawSchema: alepha206.TOptional<alepha206.TObject<{
+            body: alepha206.TOptional<alepha206.TString>;
+            response: alepha206.TOptional<alepha206.TString>;
           }>>;
         }>>;
       }>;
@@ -259,10 +1284,10 @@ declare class ServerAuthProvider {
    * Oauth2/OIDC login route.
    */
   readonly login: alepha_server0.RoutePrimitive<{
-    query: alepha165.TObject<{
-      provider: alepha165.TString;
-      realm: alepha165.TOptional<alepha165.TString>;
-      redirect_uri: alepha165.TOptional<alepha165.TString>;
+    query: alepha206.TObject<{
+      provider: alepha206.TString;
+      realm: alepha206.TOptional<alepha206.TString>;
+      redirect_uri: alepha206.TOptional<alepha206.TString>;
     }>;
   }>;
   /**
@@ -274,8 +1299,8 @@ declare class ServerAuthProvider {
    * Logout route for OAuth2/OIDC providers.
    */
   readonly logout: alepha_server0.RoutePrimitive<{
-    query: alepha165.TObject<{
-      post_logout_redirect_uri: alepha165.TOptional<alepha165.TString>;
+    query: alepha206.TObject<{
+      post_logout_redirect_uri: alepha206.TOptional<alepha206.TString>;
     }>;
   }>;
   /**
@@ -398,10 +1423,10 @@ type AuthExternal = {
  * When using your own authentication system, e.g. using a database to store user accounts.
  * This is usually used with a custom login form.
  *
- * This relies on the `realm`, which is used to create/verify the access token.
+ * This relies on the `issuer`, which is used to create/verify the access token.
  */
 type AuthInternal = {
-  realm: RealmPrimitive;
+  issuer: IssuerPrimitive;
 } & ({
   /**
    * The common username/password authentication.
@@ -519,7 +1544,7 @@ declare class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
   protected readonly dateTimeProvider: DateTimeProvider;
   oauth?: Configuration;
   get name(): string;
-  get realm(): RealmPrimitive | undefined;
+  get issuer(): IssuerPrimitive | undefined;
   get jwks_uri(): string;
   get scope(): string | undefined;
   get redirect_uri(): string | undefined;
@@ -552,7 +1577,7 @@ interface WithLoginFn {
  *
  * Uses username and password to authenticate users.
  */
-declare const $authCredentials: (realm: RealmPrimitive & WithLoginFn, options?: Partial<CredentialsOptions>) => AuthPrimitive;
+declare const $authCredentials: (realm: IssuerPrimitive & WithLoginFn, options?: Partial<CredentialsOptions>) => AuthPrimitive;
 //#endregion
 //#region ../../src/server/auth/primitives/$authGithub.d.ts
 /**
@@ -565,7 +1590,7 @@ declare const $authCredentials: (realm: RealmPrimitive & WithLoginFn, options?:
  * - `GITHUB_CLIENT_ID`: The client ID obtained from the GitHub Developer Settings.
  * - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.
  */
-declare const $authGithub: (realm: RealmPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
+declare const $authGithub: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
 //#endregion
 //#region ../../src/server/auth/primitives/$authGoogle.d.ts
 /**
@@ -578,7 +1603,7 @@ declare const $authGithub: (realm: RealmPrimitive & WithLinkFn, options?: Partia
  * - `GOOGLE_CLIENT_ID`: The client ID obtained from the Google Developer Console.
  * - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.
  */
-declare const $authGoogle: (realm: RealmPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
+declare const $authGoogle: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
 //#endregion
 //#region ../../src/server/auth/index.d.ts
 declare module "alepha" {
@@ -604,7 +1629,7 @@ declare module "alepha" {
  * @see {@link ServerAuthProvider}
  * @module alepha.server.auth
  */
-declare const AlephaServerAuth: alepha165.Service<alepha165.Module>;
+declare const AlephaServerAuth: alepha206.Service<alepha206.Module>;
 //#endregion
 export { $auth, $authCredentials, $authGithub, $authGoogle, AccessToken, AlephaServerAuth, AuthExternal, AuthInternal, AuthPrimitive, AuthPrimitiveOptions, AuthenticationProvider, Credentials, CredentialsFn, CredentialsOptions, LinkAccountFn, LinkAccountOptions, OAuth2Options, OAuth2Profile, OidcOptions, ServerAuthProvider, TokenResponse, Tokens, UserinfoResponse, WithLinkFn, WithLoginFn, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
 //# sourceMappingURL=index.d.ts.map