alepha 0.9.3 → 0.9.4

package/queue/redis.d.ts

@@ -24,8 +24,6 @@ declare class RedisQueueProvider implements QueueProvider {
  * @module alepha.queue.redis
  */
 declare const AlephaQueueRedis: _alepha_core0.Service<_alepha_core0.Module>;
-//# sourceMappingURL=index.d.ts.map
-
 //#endregion
 export { AlephaQueueRedis, RedisQueueProvider };
 //# sourceMappingURL=index.d.ts.map

package/queue.d.ts

@@ -1,8 +1,6 @@
-import * as _alepha_core2 from "alepha";
-import * as _alepha_core3 from "alepha";
 import * as _alepha_core1 from "alepha";
-import * as _alepha_core0 from "alepha";
 import { Alepha, Descriptor, KIND, Service, Static, TSchema } from "alepha";
+import * as _alepha_logger0 from "alepha/logger";
 import { DateTimeProvider } from "alepha/datetime";
 
 //#region src/providers/QueueProvider.d.ts
@@ -28,38 +26,36 @@ declare abstract class QueueProvider {
    */
   abstract pop(queue: string): Promise<string | undefined>;
 }
-//# sourceMappingURL=QueueProvider.d.ts.map
 //#endregion
 //#region src/providers/MemoryQueueProvider.d.ts
 declare class MemoryQueueProvider implements QueueProvider {
-  protected readonly log: _alepha_core2.Logger;
+  protected readonly log: _alepha_logger0.Logger;
   protected queueList: Record<string, string[]>;
   push(queue: string, ...messages: string[]): Promise<void>;
   pop(queue: string): Promise<string | undefined>;
 }
-//# sourceMappingURL=MemoryQueueProvider.d.ts.map
 //#endregion
 //#region src/providers/WorkerProvider.d.ts
-declare const envSchema: _alepha_core3.TObject<{
+declare const envSchema: _alepha_core1.TObject<{
   /**
    * The interval in milliseconds to wait before checking for new messages.
    */
-  QUEUE_WORKER_INTERVAL: _alepha_core3.TNumber;
+  QUEUE_WORKER_INTERVAL: _alepha_core1.TNumber;
   /**
    * The maximum interval in milliseconds to wait before checking for new messages.
    */
-  QUEUE_WORKER_MAX_INTERVAL: _alepha_core3.TNumber;
+  QUEUE_WORKER_MAX_INTERVAL: _alepha_core1.TNumber;
   /**
    * The number of workers to run concurrently. Defaults to 1.
    * Useful only if you are doing a lot of I/O.
    */
-  QUEUE_WORKER_CONCURRENCY: _alepha_core3.TNumber;
+  QUEUE_WORKER_CONCURRENCY: _alepha_core1.TNumber;
 }>;
 declare module "alepha" {
   interface Env extends Partial<Static<typeof envSchema>> {}
 }
 declare class WorkerProvider {
-  protected readonly log: _alepha_core3.Logger;
+  protected readonly log: _alepha_logger0.Logger;
   protected readonly env: {
     QUEUE_WORKER_INTERVAL: number;
     QUEUE_WORKER_MAX_INTERVAL: number;
@@ -73,13 +69,13 @@ declare class WorkerProvider {
   protected abortController: AbortController;
   protected workerIntervals: Record<number, number>;
   protected consumers: Array<Consumer>;
-  protected readonly start: _alepha_core3.HookDescriptor<"start">;
+  protected readonly start: _alepha_core1.HookDescriptor<"start">;
   /**
    * Start the workers.
    * This method will create an endless loop that will check for new messages!
    */
   protected startWorkers(): void;
-  protected readonly stop: _alepha_core3.HookDescriptor<"stop">;
+  protected readonly stop: _alepha_core1.HookDescriptor<"stop">;
   /**
    * Wait for the next message, where `n` is the worker number.
    *
@@ -133,7 +129,7 @@ interface QueueDescriptorOptions<T extends TSchema> {
   handler?: (message: QueueMessage<T>) => Promise<void>;
 }
 declare class QueueDescriptor<T extends TSchema> extends Descriptor<QueueDescriptorOptions<T>> {
-  protected readonly log: _alepha_core1.Logger;
+  protected readonly log: _alepha_logger0.Logger;
   protected readonly workerProvider: WorkerProvider;
   readonly provider: QueueProvider | MemoryQueueProvider;
   push(...payloads: Array<Static<T>>): Promise<void>;
@@ -146,7 +142,6 @@ interface QueueMessageSchema {
 interface QueueMessage<T extends TSchema> {
   payload: Static<T>;
 }
-//# sourceMappingURL=$queue.d.ts.map
 //#endregion
 //#region src/descriptors/$consumer.d.ts
 /**
@@ -163,7 +158,6 @@ interface ConsumerDescriptorOptions<T extends TSchema> {
   }) => Promise<void>;
 }
 declare class ConsumerDescriptor<T extends TSchema> extends Descriptor<ConsumerDescriptorOptions<T>> {}
-//# sourceMappingURL=$consumer.d.ts.map
 //#endregion
 //#region src/index.d.ts
 /**
@@ -177,9 +171,7 @@ declare class ConsumerDescriptor<T extends TSchema> extends Descriptor<ConsumerD
  * @see {@link $consumer}
  * @module alepha.queue
  */
-declare const AlephaQueue: _alepha_core0.Service<_alepha_core0.Module>;
-//# sourceMappingURL=index.d.ts.map
-
+declare const AlephaQueue: _alepha_core1.Service<_alepha_core1.Module>;
 //#endregion
 export { $consumer, $queue, AlephaQueue, ConsumerDescriptor, ConsumerDescriptorOptions, MemoryQueueProvider, QueueDescriptor, QueueDescriptorOptions, QueueMessage, QueueMessageSchema, QueueProvider };
 //# sourceMappingURL=index.d.ts.map

package/react/auth.d.ts

@@ -1,123 +1,222 @@
-import * as _alepha_core1 from "alepha";
-import * as _alepha_core5 from "alepha";
-import * as _alepha_core0 from "alepha";
-import { Alepha, Async, Descriptor, KIND, Static } from "alepha";
-import * as _alepha_server_cookies0 from "alepha/server/cookies";
+import * as _alepha_core4 from "alepha";
+import { Alepha, AlephaError, Async, Descriptor, KIND, Static } from "alepha";
+import * as _alepha_server_cookies1 from "alepha/server/cookies";
 import { Cookies, ServerCookiesProvider } from "alepha/server/cookies";
 import { DateTimeProvider } from "alepha/datetime";
-import { AccessTokenResponse, RealmDescriptor, SecurityProvider, UserAccountInfo, UserAccountToken } from "alepha/security";
+import { AccessTokenResponse, RealmDescriptor, SecurityProvider, UserAccount, UserAccountToken } from "alepha/security";
 import { Configuration } from "openid-client";
+import * as _alepha_logger0 from "alepha/logger";
 import * as _alepha_server0 from "alepha/server";
 import { HttpClient } from "alepha/server";
-import * as _alepha_server_links0 from "alepha/server/links";
 import { HttpVirtualClient, LinkProvider, ServerLinksProvider } from "alepha/server/links";
-import * as _sinclair_typebox92 from "@sinclair/typebox";
-import * as _sinclair_typebox0 from "@sinclair/typebox";
+import * as _sinclair_typebox156 from "@sinclair/typebox";
 
 //#region src/schemas/tokensSchema.d.ts
-declare const tokensSchema: _sinclair_typebox92.TObject<{
-  provider: _sinclair_typebox92.TString;
-  access_token: _sinclair_typebox92.TString;
-  issued_at: _sinclair_typebox92.TNumber;
-  expires_in: _sinclair_typebox92.TOptional<_sinclair_typebox92.TNumber>;
-  refresh_token: _sinclair_typebox92.TOptional<_sinclair_typebox92.TString>;
-  refresh_token_expires_in: _sinclair_typebox92.TOptional<_sinclair_typebox92.TNumber>;
-  id_token: _sinclair_typebox92.TOptional<_sinclair_typebox92.TString>;
-  scope: _sinclair_typebox92.TOptional<_sinclair_typebox92.TString>;
+declare const tokensSchema: _sinclair_typebox156.TObject<{
+  provider: _sinclair_typebox156.TString;
+  access_token: _sinclair_typebox156.TString;
+  issued_at: _sinclair_typebox156.TNumber;
+  expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+  refresh_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+  refresh_token_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+  refresh_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+  id_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+  scope: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+  token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+  realm: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
 }>;
 type Tokens = Static<typeof tokensSchema>;
-//# sourceMappingURL=tokensSchema.d.ts.map
+//#endregion
+//#region src/services/ReactAuth.d.ts
+/**
+ * Browser, SSR friendly, service to handle authentication.
+ */
+declare class ReactAuth {
+  protected readonly log: _alepha_logger0.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly linkProvider: LinkProvider;
+  protected readonly httpClient: HttpClient;
+  static path: {
+    login: string;
+    callback: string;
+    logout: string;
+    token: string;
+    refresh: string;
+    userinfo: string;
+  };
+  protected readonly onBeginTransition: _alepha_core4.HookDescriptor<"react:transition:begin">;
+  csrfCookie: _alepha_server_cookies1.AbstractCookieDescriptor<_sinclair_typebox156.TString>;
+  protected readonly onFetchRequest: _alepha_core4.HookDescriptor<"client:onRequest">;
+  get user(): UserAccountToken | undefined;
+  ping(): Promise<{
+    name?: string | undefined;
+    email?: string | undefined;
+    username?: string | undefined;
+    picture?: string | undefined;
+    sessionId?: string | undefined;
+    organizations?: string[] | undefined;
+    roles?: string[] | undefined;
+    id: string;
+  } | undefined>;
+  login(provider: string, options: {
+    hostname?: string;
+    username?: string;
+    password?: string;
+    redirect?: string;
+    [extra: string]: any;
+  }): Promise<Tokens>;
+  logout(): void;
+}
 //#endregion
 //#region src/providers/ReactAuthProvider.d.ts
 declare class ReactAuthProvider {
-  protected readonly log: _alepha_core1.Logger;
+  protected readonly log: _alepha_logger0.Logger;
   protected readonly alepha: Alepha;
   protected readonly serverCookiesProvider: ServerCookiesProvider;
-  protected readonly securityProvider: SecurityProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly serverLinksProvider: ServerLinksProvider;
-  protected readonly authorizationCode: _alepha_server_cookies0.AbstractCookieDescriptor<_sinclair_typebox0.TObject<{
-    provider: _sinclair_typebox0.TString;
-    codeVerifier: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    redirectUri: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    state: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    nonce: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  protected readonly reactAuth: ReactAuth;
+  protected readonly authorizationCode: _alepha_server_cookies1.AbstractCookieDescriptor<_sinclair_typebox156.TObject<{
+    provider: _sinclair_typebox156.TString;
+    codeVerifier: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    redirectUri: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    state: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    nonce: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
   }>>;
-  readonly tokens: _alepha_server_cookies0.AbstractCookieDescriptor<_sinclair_typebox0.TObject<{
-    provider: _sinclair_typebox0.TString;
-    access_token: _sinclair_typebox0.TString;
-    issued_at: _sinclair_typebox0.TNumber;
-    expires_in: _sinclair_typebox0.TOptional<_sinclair_typebox0.TNumber>;
-    refresh_token: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    refresh_token_expires_in: _sinclair_typebox0.TOptional<_sinclair_typebox0.TNumber>;
-    id_token: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    scope: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  readonly tokens: _alepha_server_cookies1.AbstractCookieDescriptor<_sinclair_typebox156.TObject<{
+    provider: _sinclair_typebox156.TString;
+    access_token: _sinclair_typebox156.TString;
+    issued_at: _sinclair_typebox156.TNumber;
+    expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+    refresh_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    refresh_token_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+    refresh_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+    id_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    scope: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    realm: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
   }>>;
-  readonly onRender: _alepha_core1.HookDescriptor<"react:server:render:begin">;
+  readonly onRender: _alepha_core4.HookDescriptor<"react:server:render:begin">;
   get identities(): Array<AuthDescriptor>;
-  protected readonly configure: _alepha_core1.HookDescriptor<"configure">;
+  protected readonly configure: _alepha_core4.HookDescriptor<"configure">;
   protected getAccessTokens(tokens: Tokens): string | undefined;
   /**
    * Fill request headers with access token from cookies or fallback to provider's fallback function.
    */
-  protected readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
+  protected readonly onRequest: _alepha_core4.HookDescriptor<"server:onRequest">;
   /**
    * Convert cookies to tokens.
    * If the tokens are expired, try to refresh them using the refresh token.
    */
   protected cookiesToTokens(cookies: Cookies): Promise<Tokens | undefined>;
-  readonly userinfo: _alepha_server0.ActionDescriptor<{
-    response: _sinclair_typebox0.TObject<{
-      id: _sinclair_typebox0.TString;
-      name: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-      email: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-      picture: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-      organizations: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-      roles: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+  protected checkCsrf(cookies: Cookies, csrfHeader: string): Promise<void>;
+  protected refreshTokens(tokens: Tokens): Promise<Tokens | undefined>;
+  /**
+   * Get user information.
+   */
+  readonly userinfo: _alepha_server0.RouteDescriptor<{
+    response: _sinclair_typebox156.TObject<{
+      user: _sinclair_typebox156.TOptional<_sinclair_typebox156.TObject<{
+        id: _sinclair_typebox156.TString;
+        name: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        email: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        username: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        picture: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        sessionId: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        organizations: _sinclair_typebox156.TOptional<_sinclair_typebox156.TArray<_sinclair_typebox156.TString>>;
+        roles: _sinclair_typebox156.TOptional<_sinclair_typebox156.TArray<_sinclair_typebox156.TString>>;
+      }>>;
+      api: _sinclair_typebox156.TObject<{
+        prefix: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        links: _sinclair_typebox156.TArray<_sinclair_typebox156.TObject<{
+          name: _sinclair_typebox156.TString;
+          group: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+          path: _sinclair_typebox156.TString;
+          method: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+          requestBodyType: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+          service: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        }>>;
+      }>;
+    }>;
+  }>;
+  /**
+   * Refresh a token for internal providers.
+   */
+  readonly refresh: _alepha_server0.RouteDescriptor<{
+    query: _sinclair_typebox156.TObject<{
+      provider: _sinclair_typebox156.TString;
+    }>;
+    body: _sinclair_typebox156.TObject<{
+      refresh_token: _sinclair_typebox156.TString;
+      access_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+    }>;
+    response: _sinclair_typebox156.TObject<{
+      provider: _sinclair_typebox156.TString;
+      access_token: _sinclair_typebox156.TString;
+      issued_at: _sinclair_typebox156.TNumber;
+      expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+      refresh_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      refresh_token_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+      refresh_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+      id_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      scope: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      realm: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
     }>;
   }>;
+  /**
+   * Login for local password-based authentication.
+   */
   readonly token: _alepha_server0.RouteDescriptor<{
-    query: _sinclair_typebox0.TObject<{
-      provider: _sinclair_typebox0.TString;
+    query: _sinclair_typebox156.TObject<{
+      provider: _sinclair_typebox156.TString;
     }>;
-    body: _sinclair_typebox0.TObject<{
-      username: _sinclair_typebox0.TString;
-      password: _sinclair_typebox0.TString;
+    body: _sinclair_typebox156.TObject<{
+      username: _sinclair_typebox156.TString;
+      password: _sinclair_typebox156.TString;
     }>;
-    response: _sinclair_typebox0.TObject<{
-      provider: _sinclair_typebox0.TString;
-      access_token: _sinclair_typebox0.TString;
-      issued_at: _sinclair_typebox0.TNumber;
-      expires_in: _sinclair_typebox0.TOptional<_sinclair_typebox0.TNumber>;
-      refresh_token: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-      refresh_token_expires_in: _sinclair_typebox0.TOptional<_sinclair_typebox0.TNumber>;
-      id_token: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-      scope: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-      user: _sinclair_typebox0.TObject<{
-        id: _sinclair_typebox0.TString;
-        name: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-        email: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-        picture: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-        organizations: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-        roles: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+    response: _sinclair_typebox156.TObject<{
+      provider: _sinclair_typebox156.TString;
+      access_token: _sinclair_typebox156.TString;
+      issued_at: _sinclair_typebox156.TNumber;
+      expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+      refresh_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      refresh_token_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+      refresh_expires_in: _sinclair_typebox156.TOptional<_sinclair_typebox156.TNumber>;
+      id_token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      scope: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      token: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      realm: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+      user: _sinclair_typebox156.TObject<{
+        id: _sinclair_typebox156.TString;
+        name: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        email: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        username: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        picture: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        sessionId: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        organizations: _sinclair_typebox156.TOptional<_sinclair_typebox156.TArray<_sinclair_typebox156.TString>>;
+        roles: _sinclair_typebox156.TOptional<_sinclair_typebox156.TArray<_sinclair_typebox156.TString>>;
       }>;
-      links: _sinclair_typebox0.TObject<{
-        prefix: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-        links: _sinclair_typebox0.TArray<_sinclair_typebox0.TObject<{
-          name: _sinclair_typebox0.TString;
-          path: _sinclair_typebox0.TString;
-          method: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-          group: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-          requestBodyType: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-          service: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+      api: _sinclair_typebox156.TObject<{
+        prefix: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+        links: _sinclair_typebox156.TArray<_sinclair_typebox156.TObject<{
+          name: _sinclair_typebox156.TString;
+          group: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+          path: _sinclair_typebox156.TString;
+          method: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+          requestBodyType: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
+          service: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
         }>>;
       }>;
     }>;
   }>;
+  /**
+   * Oauth2/OIDC login route.
+   */
   readonly login: _alepha_server0.RouteDescriptor<{
-    query: _sinclair_typebox0.TObject<{
-      provider: _sinclair_typebox0.TString;
-      redirect_uri: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+    query: _sinclair_typebox156.TObject<{
+      provider: _sinclair_typebox156.TString;
+      redirect_uri: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
     }>;
   }>;
   /**
@@ -125,9 +224,12 @@ declare class ReactAuthProvider {
    * It handles the authorization code flow and retrieves the access token.
    */
   readonly callback: _alepha_server0.RouteDescriptor<_alepha_server0.RequestConfigSchema>;
+  /**
+   * Logout route for OAuth2/OIDC providers.
+   */
   readonly logout: _alepha_server0.RouteDescriptor<{
-    query: _sinclair_typebox0.TObject<{
-      post_logout_redirect_uri: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+    query: _sinclair_typebox156.TObject<{
+      post_logout_redirect_uri: _sinclair_typebox156.TOptional<_sinclair_typebox156.TString>;
     }>;
   }>;
   protected provider(opts: string | {
@@ -135,8 +237,9 @@ declare class ReactAuthProvider {
   }): AuthDescriptor;
   protected setTokens(tokens: Tokens, cookies?: Cookies): void;
 }
-interface OAuth2UserInfo {
+interface OAuth2Profile {
   sub: string;
+  email?: string;
   name?: string;
   given_name?: string;
   family_name?: string;
@@ -146,7 +249,6 @@ interface OAuth2UserInfo {
   profile?: string;
   picture?: string;
   website?: string;
-  email?: string;
   email_verified?: boolean;
   gender?: string;
   birthdate?: string;
@@ -165,7 +267,6 @@ interface OAuth2UserInfo {
   updated_at?: number;
   [key: string]: unknown;
 }
-//# sourceMappingURL=ReactAuthProvider.d.ts.map
 //#endregion
 //#region src/descriptors/$auth.d.ts
 declare const $auth: {
@@ -245,10 +346,10 @@ type AuthInternal = {
   oidc: OidcOptions;
 });
 type CredentialsOptions = {
-  user: (entry: {
+  account: (credentials: {
     username: string;
     password: string;
-  }) => Async<UserAccountInfo>;
+  }) => Async<UserAccount>;
 };
 interface OidcOptions {
   /**
@@ -283,13 +384,13 @@ interface OidcOptions {
    * @default "openid profile email".
    */
   scope?: string;
-  user?: (tokens: {
-    id_token?: string;
+  account?: (tokens: {
     access_token: string;
+    user: OAuth2Profile;
+    id_token?: string;
     expires_in?: number;
     scope?: string;
-    user: OAuth2UserInfo;
-  }) => Async<UserAccountInfo>;
+  }) => Async<UserAccount>;
 }
 interface OAuth2Options {
   /**
@@ -311,7 +412,14 @@ interface OAuth2Options {
   /**
    * Function to retrieve user profile information from the OAuth2 tokens.
    */
-  user: (tokens: Tokens) => Async<UserAccountInfo>;
+  userinfo: (tokens: Tokens) => Async<OAuth2Profile>;
+  account?: (tokens: {
+    access_token: string;
+    user: OAuth2Profile;
+    id_token?: string;
+    expires_in?: number;
+    scope?: string;
+  }) => Async<UserAccount>;
   /**
    * URL of the OAuth2 authorization endpoint.
    */
@@ -331,27 +439,35 @@ declare class AuthDescriptor extends Descriptor<AuthDescriptorOptions> {
   get redirect_uri(): string | undefined;
   /**
    * Refreshes the access token using the refresh token.
+   * Can be used on oauth2, oidc or credentials auth providers.
    */
-  refresh(tokens: Tokens): Promise<AccessTokenResponse>;
+  refresh(refreshToken: string, accessToken?: string): Promise<AccessTokenResponse>;
   /**
    * Extracts user information from the access token.
    * This is used to create a user account from the access token.
    */
-  user(tokens: Tokens): Promise<UserAccountInfo>;
-  protected getUserFromIdToken(idToken: string): OAuth2UserInfo;
+  user(tokens: Tokens): Promise<UserAccount>;
+  protected getUserFromIdToken(idToken: string): OAuth2Profile;
   prepare(): Promise<void>;
 }
 type AccessToken = string | {
   token: () => Async<string>;
 };
-//# sourceMappingURL=$auth.d.ts.map
+//#endregion
+//#region src/errors/SessionExpiredError.d.ts
+declare class SessionExpiredError extends AlephaError {
+  readonly name = "SessionExpiredError";
+  readonly status = 401;
+}
 //#endregion
 //#region src/hooks/useAuth.d.ts
 declare const useAuth: <T extends object = any>() => {
   user: {
     name?: string | undefined;
     email?: string | undefined;
+    username?: string | undefined;
     picture?: string | undefined;
+    sessionId?: string | undefined;
     organizations?: string[] | undefined;
     roles?: string[] | undefined;
     id: string;
@@ -365,47 +481,16 @@ declare const useAuth: <T extends object = any>() => {
   }) => Promise<void>;
   can: <Api extends object = any>(name: keyof HttpVirtualClient<Api>) => boolean;
 };
-//# sourceMappingURL=useAuth.d.ts.map
-//#endregion
-//#region src/services/ReactAuth.d.ts
-declare class ReactAuth {
-  protected readonly log: _alepha_core5.Logger;
-  protected readonly alepha: Alepha;
-  protected readonly auth: _alepha_server_links0.HttpVirtualClient<ReactAuthProvider>;
-  protected readonly client: HttpClient;
-  protected readonly linkProvider: LinkProvider;
-  static path: {
-    login: string;
-    callback: string;
-    logout: string;
-    token: string;
-    userinfo: string;
-  };
-  protected readonly onFetchRequest: _alepha_core5.HookDescriptor<"client:onRequest">;
-  readonly onRender: _alepha_core5.HookDescriptor<"react:transition:begin">;
-  get user(): UserAccountToken | undefined;
-  login(provider: string, options: {
-    username?: string;
-    password?: string;
-    redirect?: string;
-    [extra: string]: any;
-  }): Promise<void>;
-  logout(): void;
-}
-//# sourceMappingURL=ReactAuth.d.ts.map
 //#endregion
 //#region src/index.d.ts
 declare module "alepha" {
   interface State {
-    user?: UserAccountInfo;
+    user?: UserAccount;
   }
 }
 declare module "alepha/react" {
-  interface PageReactContext {
-    user?: UserAccountInfo;
-  }
-  interface ReactHydrationState {
-    user?: UserAccountInfo;
+  interface ReactRouterState {
+    user?: UserAccount;
   }
 }
 /**
@@ -414,9 +499,7 @@ declare module "alepha/react" {
  * @see {@link ReactAuthProvider}
  * @module alepha.react.auth
  */
-declare const AlephaReactAuth: _alepha_core0.Service<_alepha_core0.Module>;
-//# sourceMappingURL=index.d.ts.map
-
+declare const AlephaReactAuth: _alepha_core4.Service<_alepha_core4.Module>;
 //#endregion
-export { $auth, AccessToken, AlephaReactAuth, AuthDescriptor, AuthDescriptorOptions, AuthExternal, AuthInternal, CredentialsOptions, OAuth2Options, OAuth2UserInfo, OidcOptions, ReactAuth, ReactAuthProvider, useAuth };
+export { $auth, AccessToken, AlephaReactAuth, AuthDescriptor, AuthDescriptorOptions, AuthExternal, AuthInternal, CredentialsOptions, OAuth2Options, OAuth2Profile, OidcOptions, ReactAuth, ReactAuthProvider, SessionExpiredError, useAuth };
 //# sourceMappingURL=index.d.ts.map