Mike/FrenoCorp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FRE-651: CEO coordination notes for founder bio/headshot assets

Browse Source
This commit is contained in:
Michael Freno
2026-04-26 07:41:45 -04:00
parent 3d5ff8650c
commit 5f4eb60a98
476 changed files with 67971 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
node_modules/@clerk/backend/dist/tokens/__tests__/getAuth.test-d.d.ts generated vendored Normal file
View File

@@ -0,0 +1,2 @@
export {};
//# sourceMappingURL=getAuth.test-d.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/__tests__/getAuth.test-d.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"getAuth.test-d.d.ts","sourceRoot":"","sources":["../../../src/tokens/__tests__/getAuth.test-d.ts"],"names":[],"mappings":""}

2
node_modules/@clerk/backend/dist/tokens/__tests__/request.test-d.d.ts generated vendored Normal file
View File

@@ -0,0 +1,2 @@
export {};
//# sourceMappingURL=request.test-d.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/__tests__/request.test-d.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"request.test-d.d.ts","sourceRoot":"","sources":["../../../src/tokens/__tests__/request.test-d.ts"],"names":[],"mappings":""}

193
node_modules/@clerk/backend/dist/tokens/authObjects.d.ts generated vendored Normal file
View File

@@ -0,0 +1,193 @@
import type { CheckAuthorizationFromSessionClaims, Jwt, JwtPayload, PendingSessionOptions, ServerGetToken, SessionStatusClaim, SharedSignedInAuthObjectProperties } from '@clerk/shared/types';
import type { CreateBackendApiOptions } from '../api';
import type { AuthenticateContext } from './authenticateContext';
import type { MachineTokenType, SessionTokenType } from './tokenTypes';
import type { AuthenticateRequestOptions, MachineAuthType } from './types';
/**
* @inline
*/
type AuthObjectDebugData = Record<string, any>;
/**
* @inline
*/
type AuthObjectDebug = () => AuthObjectDebugData;
type Claims = Record<string, any>;
/**
* @internal
*/
export type SignedInAuthObjectOptions = CreateBackendApiOptions & {
token: string;
};
/**
* @internal
*/
export type SignedInAuthObject = SharedSignedInAuthObjectProperties & {
/**
* The allowed token type.
*/
tokenType: SessionTokenType;
/**
* A function that gets the current user's [session token](https://clerk.com/docs/guides/sessions/session-tokens) or a [custom JWT template](https://clerk.com/docs/guides/sessions/jwt-templates).
*/
getToken: ServerGetToken;
/**
* A function that checks if the user has an Organization Role or Custom Permission.
*/
has: CheckAuthorizationFromSessionClaims;
/**
* Used to help debug issues when using Clerk in development.
*/
debug: AuthObjectDebug;
isAuthenticated: true;
};
/**
* @internal
*/
export type SignedOutAuthObject = {
sessionClaims: null;
sessionId: null;
sessionStatus: SessionStatusClaim | null;
actor: null;
tokenType: SessionTokenType;
userId: null;
orgId: null;
orgRole: null;
orgSlug: null;
orgPermissions: null;
factorVerificationAge: null;
getToken: ServerGetToken;
has: CheckAuthorizationFromSessionClaims;
debug: AuthObjectDebug;
isAuthenticated: false;
};
/**
* Extended properties specific to each machine token type.
* While all machine token types share common properties (id, name, subject, etc),
* this type defines the additional properties that are unique to each token type.
*
* @template TAuthenticated - Whether the machine object is authenticated or not
*/
type MachineObjectExtendedProperties<TAuthenticated extends boolean> = {
api_key: TAuthenticated extends true ? {
name: string;
claims: Claims | null;
userId: string;
orgId: null;
} | {
name: string;
claims: Claims | null;
userId: null;
orgId: string;
} : {
name: null;
claims: null;
userId: null;
orgId: null;
};
m2m_token: {
claims: TAuthenticated extends true ? Claims | null : null;
machineId: TAuthenticated extends true ? string : null;
};
oauth_token: {
userId: TAuthenticated extends true ? string : null;
clientId: TAuthenticated extends true ? string : null;
};
};
/**
* @internal
*
* Uses `T extends any` to create a distributive conditional type.
* This ensures that union types like `'api_key' | 'oauth_token'` are processed
* individually, creating proper discriminated unions where each token type
* gets its own distinct properties (e.g., oauth_token won't have claims).
*/
export type AuthenticatedMachineObject<T extends MachineTokenType = MachineTokenType> = T extends any ? {
id: string;
subject: string;
scopes: string[];
getToken: () => Promise<string>;
has: CheckAuthorizationFromSessionClaims;
debug: AuthObjectDebug;
tokenType: T;
isAuthenticated: true;
} & MachineObjectExtendedProperties<true>[T] : never;
/**
* @internal
*
* Uses `T extends any` to create a distributive conditional type.
* This ensures that union types like `'api_key' | 'oauth_token'` are processed
* individually, creating proper discriminated unions where each token type
* gets its own distinct properties (e.g., oauth_token won't have claims).
*/
export type UnauthenticatedMachineObject<T extends MachineTokenType = MachineTokenType> = T extends any ? {
id: null;
subject: null;
scopes: null;
getToken: () => Promise<null>;
has: CheckAuthorizationFromSessionClaims;
debug: AuthObjectDebug;
tokenType: T;
isAuthenticated: false;
} & MachineObjectExtendedProperties<false>[T] : never;
export type InvalidTokenAuthObject = {
isAuthenticated: false;
tokenType: null;
getToken: () => Promise<null>;
has: () => false;
debug: AuthObjectDebug;
};
/**
* @interface
*/
export type AuthObject = SignedInAuthObject | SignedOutAuthObject | AuthenticatedMachineObject | UnauthenticatedMachineObject | InvalidTokenAuthObject;
/**
* @internal
*/
export declare function signedInAuthObject(authenticateContext: Partial<AuthenticateContext>, sessionToken: string, sessionClaims: JwtPayload): SignedInAuthObject;
/**
* @internal
*/
export declare function signedOutAuthObject(debugData?: AuthObjectDebugData, initialSessionStatus?: SessionStatusClaim): SignedOutAuthObject;
/**
* @internal
*/
export declare function authenticatedMachineObject<T extends MachineTokenType>(tokenType: T, token: string, verificationResult: MachineAuthType, debugData?: AuthObjectDebugData): AuthenticatedMachineObject<T>;
/**
* @internal
*/
export declare function unauthenticatedMachineObject<T extends MachineTokenType>(tokenType: T, debugData?: AuthObjectDebugData): UnauthenticatedMachineObject<T>;
/**
* @internal
*/
export declare function invalidTokenAuthObject(): InvalidTokenAuthObject;
/**
* Auth objects moving through the server -> client boundary need to be serializable
* as we need to ensure that they can be transferred via the network as pure strings.
* Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply
* ignoring any non-serializable keys, however Nextjs /app directory is stricter and
* throws an error if a non-serializable value is found.
*
* @internal
*/
export declare const makeAuthObjectSerializable: <T extends Record<string, unknown>>(obj: T) => T;
/**
* @internal
*/
export declare const getAuthObjectFromJwt: (jwt: Jwt, { treatPendingAsSignedOut, ...options }: PendingSessionOptions & Partial<AuthenticateContext>) => SignedInAuthObject | SignedOutAuthObject;
/**
* @internal
* Returns an auth object matching the requested token type(s).
*
* If the parsed token type does not match any in acceptsToken, returns:
* - an invalid token auth object if the token is not in the accepted array
* - an unauthenticated machine object for machine tokens, or
* - a signed-out session object otherwise.
*
* This ensures the returned object always matches the developer's intent.
*/
export declare const getAuthObjectForAcceptedToken: ({ authObject, acceptsToken, }: {
authObject: AuthObject;
acceptsToken: AuthenticateRequestOptions["acceptsToken"];
}) => AuthObject;
export {};
//# sourceMappingURL=authObjects.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/authObjects.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"authObjects.d.ts","sourceRoot":"","sources":["../../src/tokens/authObjects.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,mCAAmC,EACnC,GAAG,EACH,UAAU,EACV,qBAAqB,EACrB,cAAc,EAEd,kBAAkB,EAClB,kCAAkC,EACnC,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAU,uBAAuB,EAAiC,MAAM,QAAQ,CAAC;AAG7F,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEvE,OAAO,KAAK,EAAE,0BAA0B,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE3E;;GAEG;AACH,KAAK,mBAAmB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC/C;;GAEG;AACH,KAAK,eAAe,GAAG,MAAM,mBAAmB,CAAC;AAEjD,KAAK,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAElC;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG,uBAAuB,GAAG;IAChE,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,kCAAkC,GAAG;IACpE;;OAEG;IACH,SAAS,EAAE,gBAAgB,CAAC;IAC5B;;OAEG;IACH,QAAQ,EAAE,cAAc,CAAC;IACzB;;OAEG;IACH,GAAG,EAAE,mCAAmC,CAAC;IACzC;;OAEG;IACH,KAAK,EAAE,eAAe,CAAC;IACvB,eAAe,EAAE,IAAI,CAAC;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,aAAa,EAAE,IAAI,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC;IAChB,aAAa,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACzC,KAAK,EAAE,IAAI,CAAC;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,IAAI,CAAC;IACZ,OAAO,EAAE,IAAI,CAAC;IACd,OAAO,EAAE,IAAI,CAAC;IACd,cAAc,EAAE,IAAI,CAAC;IACrB,qBAAqB,EAAE,IAAI,CAAC;IAC5B,QAAQ,EAAE,cAAc,CAAC;IACzB,GAAG,EAAE,mCAAmC,CAAC;IACzC,KAAK,EAAE,eAAe,CAAC;IACvB,eAAe,EAAE,KAAK,CAAC;CACxB,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,+BAA+B,CAAC,cAAc,SAAS,OAAO,IAAI;IACrE,OAAO,EAAE,cAAc,SAAS,IAAI,GAE5B;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,IAAI,CAAA;KAAE,GACpE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,MAAM,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GACxE;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,IAAI,CAAA;KAAE,CAAC;IAC5D,SAAS,EAAE;QACT,MAAM,EAAE,cAAc,SAAS,IAAI,GAAG,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC;QAC3D,SAAS,EAAE,cAAc,SAAS,IAAI,GAAG,MAAM,GAAG,IAAI,CAAC;KACxD,CAAC;IACF,WAAW,EAAE;QACX,MAAM,EAAE,cAAc,SAAS,IAAI,GAAG,MAAM,GAAG,IAAI,CAAC;QACpD,QAAQ,EAAE,cAAc,SAAS,IAAI,GAAG,MAAM,GAAG,IAAI,CAAC;KACvD,CAAC;CACH,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,0BAA0B,CAAC,CAAC,SAAS,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,SAAS,GAAG,GACjG;IACE,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,GAAG,EAAE,mCAAmC,CAAC;IACzC,KAAK,EAAE,eAAe,CAAC;IACvB,SAAS,EAAE,CAAC,CAAC;IACb,eAAe,EAAE,IAAI,CAAC;CACvB,GAAG,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAC5C,KAAK,CAAC;AAEV;;;;;;;GAOG;AACH,MAAM,MAAM,4BAA4B,CAAC,CAAC,SAAS,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,SAAS,GAAG,GACnG;IACE,EAAE,EAAE,IAAI,CAAC;IACT,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,EAAE,IAAI,CAAC;IACb,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,GAAG,EAAE,mCAAmC,CAAC;IACzC,KAAK,EAAE,eAAe,CAAC;IACvB,SAAS,EAAE,CAAC,CAAC;IACb,eAAe,EAAE,KAAK,CAAC;CACxB,GAAG,+BAA+B,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAC7C,KAAK,CAAC;AAEV,MAAM,MAAM,sBAAsB,GAAG;IACnC,eAAe,EAAE,KAAK,CAAC;IACvB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,GAAG,EAAE,MAAM,KAAK,CAAC;IACjB,KAAK,EAAE,eAAe,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,kBAAkB,GAClB,mBAAmB,GACnB,0BAA0B,GAC1B,4BAA4B,GAC5B,sBAAsB,CAAC;AAW3B;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,CAAC,EACjD,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,UAAU,GACxB,kBAAkB,CAmCpB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,CAAC,EAAE,mBAAmB,EAC/B,oBAAoB,CAAC,EAAE,kBAAkB,GACxC,mBAAmB,CAkBrB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,CAAC,SAAS,gBAAgB,EACnE,SAAS,EAAE,CAAC,EACZ,KAAK,EAAE,MAAM,EACb,kBAAkB,EAAE,eAAe,EACnC,SAAS,CAAC,EAAE,mBAAmB,GAC9B,0BAA0B,CAAC,CAAC,CAAC,CAkD/B;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,CAAC,SAAS,gBAAgB,EACrE,SAAS,EAAE,CAAC,EACZ,SAAS,CAAC,EAAE,mBAAmB,GAC9B,4BAA4B,CAAC,CAAC,CAAC,CA4CjC;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,sBAAsB,CAQ/D;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,GAAI,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,CAAC,KAAG,CAKtF,CAAC;AAiDF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAC/B,KAAK,GAAG,EACR,yCAAgD,qBAAqB,GAAG,OAAO,CAAC,mBAAmB,CAAC,6CASrG,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,6BAA6B,GAAI,+BAG3C;IACD,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,0BAA0B,CAAC,cAAc,CAAC,CAAC;CAC1D,KAAG,UAwBH,CAAC"}

144
node_modules/@clerk/backend/dist/tokens/authStatus.d.ts generated vendored Normal file
View File

@@ -0,0 +1,144 @@
import type { JwtPayload, PendingSessionOptions } from '@clerk/shared/types';
import type { TokenVerificationErrorReason } from '../errors';
import type { AuthenticateContext } from './authenticateContext';
import type { AuthenticatedMachineObject, InvalidTokenAuthObject, SignedInAuthObject, SignedOutAuthObject, UnauthenticatedMachineObject } from './authObjects';
import type { MachineTokenType, SessionTokenType } from './tokenTypes';
import { TokenType } from './tokenTypes';
import type { MachineAuthType } from './types';
export declare const AuthStatus: {
readonly SignedIn: "signed-in";
readonly SignedOut: "signed-out";
readonly Handshake: "handshake";
};
export type AuthStatus = (typeof AuthStatus)[keyof typeof AuthStatus];
type ToAuth<T extends TokenType | null, Authenticated extends boolean> = T extends null ? () => InvalidTokenAuthObject : T extends SessionTokenType ? Authenticated extends true ? (opts?: PendingSessionOptions) => SignedInAuthObject : () => SignedOutAuthObject : Authenticated extends true ? () => AuthenticatedMachineObject<Exclude<T, SessionTokenType | null>> : () => UnauthenticatedMachineObject<Exclude<T, SessionTokenType | null>>;
export type AuthenticatedState<T extends TokenType = SessionTokenType> = {
status: typeof AuthStatus.SignedIn;
reason: null;
message: null;
proxyUrl?: string;
publishableKey: string;
isSatellite: boolean;
domain: string;
signInUrl: string;
signUpUrl: string;
afterSignInUrl: string;
afterSignUpUrl: string;
/**
* @deprecated Use `isAuthenticated` instead.
*/
isSignedIn: true;
isAuthenticated: true;
headers: Headers;
token: string;
tokenType: T;
toAuth: ToAuth<T, true>;
};
export type UnauthenticatedState<T extends TokenType | null = SessionTokenType> = {
status: typeof AuthStatus.SignedOut;
reason: AuthReason;
message: string;
proxyUrl?: string;
publishableKey: string;
isSatellite: boolean;
domain: string;
signInUrl: string;
signUpUrl: string;
afterSignInUrl: string;
afterSignUpUrl: string;
/**
* @deprecated Use `isAuthenticated` instead.
*/
isSignedIn: false;
isAuthenticated: false;
tokenType: T;
headers: Headers;
token: null;
toAuth: ToAuth<T, false>;
};
export type HandshakeState = Omit<UnauthenticatedState<SessionTokenType>, 'status' | 'toAuth' | 'tokenType'> & {
tokenType: SessionTokenType;
status: typeof AuthStatus.Handshake;
headers: Headers;
toAuth: () => null;
};
/**
* @deprecated Use AuthenticatedState instead
*/
export type SignedInState = AuthenticatedState<SessionTokenType>;
/**
* @deprecated Use UnauthenticatedState instead
*/
export type SignedOutState = UnauthenticatedState<SessionTokenType>;
export declare const AuthErrorReason: {
readonly ClientUATWithoutSessionToken: "client-uat-but-no-session-token";
readonly DevBrowserMissing: "dev-browser-missing";
readonly DevBrowserSync: "dev-browser-sync";
readonly PrimaryRespondsToSyncing: "primary-responds-to-syncing";
readonly PrimaryDomainCrossOriginSync: "primary-domain-cross-origin-sync";
readonly SatelliteCookieNeedsSyncing: "satellite-needs-syncing";
readonly SessionTokenAndUATMissing: "session-token-and-uat-missing";
readonly SessionTokenMissing: "session-token-missing";
readonly SessionTokenExpired: "session-token-expired";
readonly SessionTokenIATBeforeClientUAT: "session-token-iat-before-client-uat";
readonly SessionTokenNBF: "session-token-nbf";
readonly SessionTokenIatInTheFuture: "session-token-iat-in-the-future";
readonly SessionTokenWithoutClientUAT: "session-token-but-no-client-uat";
readonly ActiveOrganizationMismatch: "active-organization-mismatch";
readonly TokenTypeMismatch: "token-type-mismatch";
readonly UnexpectedError: "unexpected-error";
};
export type AuthErrorReason = (typeof AuthErrorReason)[keyof typeof AuthErrorReason];
export type AuthReason = AuthErrorReason | TokenVerificationErrorReason;
export type RequestState<T extends TokenType | null = SessionTokenType> = AuthenticatedState<T extends null ? never : T> | UnauthenticatedState<T> | (T extends SessionTokenType ? HandshakeState : never);
type BaseSignedInParams = {
authenticateContext: AuthenticateContext;
headers?: Headers;
token: string;
tokenType: TokenType;
};
type SignedInParams = (BaseSignedInParams & {
tokenType: SessionTokenType;
sessionClaims: JwtPayload;
}) | (BaseSignedInParams & {
tokenType: MachineTokenType;
machineData: MachineAuthType;
});
export declare function signedIn<T extends TokenType>(params: SignedInParams & {
tokenType: T;
}): AuthenticatedState<T>;
type SignedOutParams = Omit<BaseSignedInParams, 'token'> & {
reason: AuthReason;
message?: string;
};
export declare function signedOut<T extends TokenType>(params: SignedOutParams & {
tokenType: T;
}): UnauthenticatedState<T>;
export declare function handshake(authenticateContext: AuthenticateContext, reason: AuthReason, message: string | undefined, headers: Headers): HandshakeState;
export declare function signedOutInvalidToken(): UnauthenticatedState<null>;
type BootstrapSignedOutParams = {
signInUrl?: string;
signUpUrl?: string;
isSatellite?: boolean;
domain?: string;
proxyUrl?: string;
reason?: AuthReason;
message?: string;
headers?: Headers;
};
/**
* Returns a synthetic `UnauthenticatedState` without requiring a publishable key or an
* `AuthenticateContext`. Intended for framework integrations that need to run
* authorization logic for a request that arrived before real Clerk keys are available
* (e.g. the Next.js keyless bootstrap window). The returned state has
* `status: 'signed-out'` and `toAuth()` returns a standard signed-out session auth object.
*
* `signInUrl` / `signUpUrl` are carried through so that `redirectToSignIn` /
* `redirectToSignUp` can resolve to the application's own routes during bootstrap.
* `isSatellite` / `domain` / `proxyUrl` are carried through so that cross-origin
* satellite redirects produced by `createRedirect` include the `__clerk_status=needs-sync`
* marker required for the return-trip handshake.
*/
export declare function createBootstrapSignedOutState({ signInUrl, signUpUrl, isSatellite, domain, proxyUrl, reason, message, headers, }?: BootstrapSignedOutParams): UnauthenticatedState<SessionTokenType>;
export {};
//# sourceMappingURL=authStatus.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/authStatus.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"authStatus.d.ts","sourceRoot":"","sources":["../../src/tokens/authStatus.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAG7E,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,WAAW,CAAC;AAC9D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,KAAK,EACV,0BAA0B,EAC1B,sBAAsB,EACtB,kBAAkB,EAClB,mBAAmB,EACnB,4BAA4B,EAC7B,MAAM,eAAe,CAAC;AAQvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/C,eAAO,MAAM,UAAU;;;;CAIb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEtE,KAAK,MAAM,CAAC,CAAC,SAAS,SAAS,GAAG,IAAI,EAAE,aAAa,SAAS,OAAO,IAAI,CAAC,SAAS,IAAI,GACnF,MAAM,sBAAsB,GAC5B,CAAC,SAAS,gBAAgB,GACxB,aAAa,SAAS,IAAI,GACxB,CAAC,IAAI,CAAC,EAAE,qBAAqB,KAAK,kBAAkB,GACpD,MAAM,mBAAmB,GAC3B,aAAa,SAAS,IAAI,GACxB,MAAM,0BAA0B,CAAC,OAAO,CAAC,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAAC,CAAC,GACrE,MAAM,4BAA4B,CAAC,OAAO,CAAC,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAAC,CAAC,CAAC;AAEhF,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,SAAS,GAAG,gBAAgB,IAAI;IACvE,MAAM,EAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IACnC,MAAM,EAAE,IAAI,CAAC;IACb,OAAO,EAAE,IAAI,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,UAAU,EAAE,IAAI,CAAC;IACjB,eAAe,EAAE,IAAI,CAAC;IACtB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,CAAC,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,oBAAoB,CAAC,CAAC,SAAS,SAAS,GAAG,IAAI,GAAG,gBAAgB,IAAI;IAChF,MAAM,EAAE,OAAO,UAAU,CAAC,SAAS,CAAC;IACpC,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,UAAU,EAAE,KAAK,CAAC;IAClB,eAAe,EAAE,KAAK,CAAC;IACvB,SAAS,EAAE,CAAC,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,IAAI,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC,GAAG;IAC7G,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,OAAO,UAAU,CAAC,SAAS,CAAC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,IAAI,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;AAEjE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;AAEpE,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;CAiBlB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,OAAO,eAAe,CAAC,CAAC;AAErF,MAAM,MAAM,UAAU,GAAG,eAAe,GAAG,4BAA4B,CAAC;AAExE,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,SAAS,GAAG,IAAI,GAAG,gBAAgB,IAClE,kBAAkB,CAAC,CAAC,SAAS,IAAI,GAAG,KAAK,GAAG,CAAC,CAAC,GAC9C,oBAAoB,CAAC,CAAC,CAAC,GACvB,CAAC,CAAC,SAAS,gBAAgB,GAAG,cAAc,GAAG,KAAK,CAAC,CAAC;AAE1D,KAAK,kBAAkB,GAAG;IACxB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC;AAEF,KAAK,cAAc,GACf,CAAC,kBAAkB,GAAG;IAAE,SAAS,EAAE,gBAAgB,CAAC;IAAC,aAAa,EAAE,UAAU,CAAA;CAAE,CAAC,GACjF,CAAC,kBAAkB,GAAG;IAAE,SAAS,EAAE,gBAAgB,CAAC;IAAC,WAAW,EAAE,eAAe,CAAA;CAAE,CAAC,CAAC;AAEzF,wBAAgB,QAAQ,CAAC,CAAC,SAAS,SAAS,EAAE,MAAM,EAAE,cAAc,GAAG;IAAE,SAAS,EAAE,CAAC,CAAA;CAAE,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAsC9G;AAED,KAAK,eAAe,GAAG,IAAI,CAAC,kBAAkB,EAAE,OAAO,CAAC,GAAG;IACzD,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,wBAAgB,SAAS,CAAC,CAAC,SAAS,SAAS,EAAE,MAAM,EAAE,eAAe,GAAG;IAAE,SAAS,EAAE,CAAC,CAAA;CAAE,GAAG,oBAAoB,CAAC,CAAC,CAAC,CA8BlH;AAED,wBAAgB,SAAS,CACvB,mBAAmB,EAAE,mBAAmB,EACxC,MAAM,EAAE,UAAU,EAClB,OAAO,oBAAK,EACZ,OAAO,EAAE,OAAO,GACf,cAAc,CAoBhB;AAED,wBAAgB,qBAAqB,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAqBlE;AAED,KAAK,wBAAwB,GAAG;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,wBAAgB,6BAA6B,CAAC,EAC5C,SAAc,EACd,SAAc,EACd,WAAmB,EACnB,MAAW,EACX,QAAa,EACb,MAAkD,EAClD,OAAY,EACZ,OAAuB,GACxB,GAAE,wBAA6B,GAAG,oBAAoB,CAAC,gBAAgB,CAAC,CAoBxE"}

79
node_modules/@clerk/backend/dist/tokens/authenticateContext.d.ts generated vendored Normal file
View File

@@ -0,0 +1,79 @@
import type { ClerkRequest } from './clerkRequest';
import type { AuthenticateRequestOptions } from './types';
interface AuthenticateContext extends AuthenticateRequestOptions {
accept: string | undefined;
forwardedHost: string | undefined;
forwardedProto: string | undefined;
host: string | undefined;
method: string;
origin: string | undefined;
referrer: string | undefined;
secFetchDest: string | undefined;
tokenInHeader: string | undefined;
userAgent: string | undefined;
clientUat: number;
refreshTokenInCookie: string | undefined;
sessionTokenInCookie: string | undefined;
devBrowserToken: string | undefined;
handshakeNonce: string | undefined;
handshakeRedirectLoopCounter: number;
handshakeToken: string | undefined;
clerkUrl: URL;
frontendApi: string;
instanceType: string;
publishableKey: string;
}
/**
* All data required to authenticate a request.
* This is the data we use to decide whether a request
* is in a signed in or signed out state or if we need
* to perform a handshake.
*/
declare class AuthenticateContext implements AuthenticateContext {
private cookieSuffix;
private clerkRequest;
/**
* The original Clerk frontend API URL, extracted from publishable key before proxy URL override.
* Used for backend operations like token validation and issuer checking.
*/
private originalFrontendApi;
/**
* Retrieves the session token from either the cookie or the header.
*
* @returns {string | undefined} The session token if available, otherwise undefined.
*/
get sessionToken(): string | undefined;
constructor(cookieSuffix: string, clerkRequest: ClerkRequest, options: AuthenticateRequestOptions);
usesSuffixedCookies(): boolean;
/**
* Determines if the request came from a different origin based on the referrer header.
* Used for cross-origin detection in multi-domain authentication flows.
*
* @returns {boolean} True if referrer exists and is from a different origin, false otherwise.
*/
isCrossOriginReferrer(): boolean;
/**
* Determines if the referrer URL is from a Clerk domain (accounts portal or FAPI).
* This includes both development and production account portal domains, as well as FAPI domains
* used for redirect-based authentication flows.
*
* @returns {boolean} True if the referrer is from a Clerk accounts portal or FAPI domain, false otherwise
*/
isKnownClerkReferrer(): boolean;
private initPublishableKeyValues;
private initHeaderValues;
private initCookieValues;
private initHandshakeValues;
private getQueryParam;
private getHeader;
private getCookie;
private getSuffixedCookie;
private getSuffixedOrUnSuffixedCookie;
private parseAuthorizationHeader;
private tokenHasIssuer;
private tokenBelongsToInstance;
private sessionExpired;
}
export type { AuthenticateContext };
export declare const createAuthenticateContext: (clerkRequest: ClerkRequest, options: AuthenticateRequestOptions) => Promise<AuthenticateContext>;
//# sourceMappingURL=authenticateContext.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/authenticateContext.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"authenticateContext.d.ts","sourceRoot":"","sources":["../../src/tokens/authenticateContext.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,SAAS,CAAC;AAE1D,UAAU,mBAAoB,SAAQ,0BAA0B;IAE9D,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,YAAY,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAG9B,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB,EAAE,MAAM,GAAG,SAAS,CAAC;IACzC,oBAAoB,EAAE,MAAM,GAAG,SAAS,CAAC;IAGzC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,4BAA4B,EAAE,MAAM,CAAC;IACrC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IAGnC,QAAQ,EAAE,GAAG,CAAC;IAEd,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;;;;GAKG;AACH,cAAM,mBAAoB,YAAW,mBAAmB;IAiBpD,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,YAAY;IAjBtB;;;OAGG;IACH,OAAO,CAAC,mBAAmB,CAAc;IAEzC;;;;OAIG;IACH,IAAW,YAAY,IAAI,MAAM,GAAG,SAAS,CAE5C;gBAGS,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,YAAY,EAClC,OAAO,EAAE,0BAA0B;IAyB9B,mBAAmB,IAAI,OAAO;IAyFrC;;;;;OAKG;IACI,qBAAqB,IAAI,OAAO;IAcvC;;;;;;OAMG;IACI,oBAAoB,IAAI,OAAO;IA2CtC,OAAO,CAAC,wBAAwB;IA6BhC,OAAO,CAAC,gBAAgB;IAcxB,OAAO,CAAC,gBAAgB;IAOxB,OAAO,CAAC,mBAAmB;IAY3B,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,6BAA6B;IAOrC,OAAO,CAAC,wBAAwB;IAoBhC,OAAO,CAAC,cAAc;IAQtB,OAAO,CAAC,sBAAsB;IAc9B,OAAO,CAAC,cAAc;CAGvB;AAED,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAEpC,eAAO,MAAM,yBAAyB,GACpC,cAAc,YAAY,EAC1B,SAAS,0BAA0B,KAClC,OAAO,CAAC,mBAAmB,CAK7B,CAAC"}

29
node_modules/@clerk/backend/dist/tokens/clerkRequest.d.ts generated vendored Normal file
View File

@@ -0,0 +1,29 @@
import type { ClerkUrl } from './clerkUrl';
/**
* A class that extends the native Request class,
* adds cookies helpers and a normalised clerkUrl that is constructed by using the values found
* in req.headers so it is able to work reliably when the app is running behind a proxy server.
*/
declare class ClerkRequest extends Request {
readonly clerkUrl: ClerkUrl;
readonly cookies: Map<string, string | undefined>;
constructor(input: ClerkRequest | Request | RequestInfo, init?: RequestInit);
toJSON(): {
url: string;
method: string;
headers: string;
clerkUrl: string;
cookies: string;
};
/**
* Used to fix request.url using the x-forwarded-* headers
* TODO add detailed description of the issues this solves
*/
private deriveUrlFromHeaders;
private getFirstValueFromHeader;
private parseCookies;
private decodeCookieValue;
}
export declare const createClerkRequest: (...args: ConstructorParameters<typeof ClerkRequest>) => ClerkRequest;
export type { ClerkRequest };
//# sourceMappingURL=clerkRequest.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/clerkRequest.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"clerkRequest.d.ts","sourceRoot":"","sources":["../../src/tokens/clerkRequest.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAG3C;;;;GAIG;AACH,cAAM,YAAa,SAAQ,OAAO;IAChC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;gBAE/B,KAAK,EAAE,YAAY,GAAG,OAAO,GAAG,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW;IAkB3E,MAAM;;;;;;;IAUb;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B,OAAO,CAAC,uBAAuB;IAI/B,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,iBAAiB;CAG1B;AAED,eAAO,MAAM,kBAAkB,GAAI,GAAG,MAAM,qBAAqB,CAAC,OAAO,YAAY,CAAC,KAAG,YAOxF,CAAC;AAEF,YAAY,EAAE,YAAY,EAAE,CAAC"}

18
node_modules/@clerk/backend/dist/tokens/clerkUrl.d.ts generated vendored Normal file
View File

@@ -0,0 +1,18 @@
declare class ClerkUrl extends URL {
isCrossOrigin(other: URL | string): boolean;
}
export type WithClerkUrl<T> = T & {
/**
* When a NextJs app is hosted on a platform different from Vercel
* or inside a container (Netlify, Fly.io, AWS Amplify, docker etc),
* req.url is always set to `localhost:3000` instead of the actual host of the app.
*
* The `authMiddleware` uses the value of the available req.headers in order to construct
* and use the correct url internally. This url is then exposed as `experimental_clerkUrl`,
* intended to be used within `beforeAuth` and `afterAuth` if needed.
*/
clerkUrl: ClerkUrl;
};
export declare const createClerkUrl: (...args: ConstructorParameters<typeof ClerkUrl>) => ClerkUrl;
export type { ClerkUrl };
//# sourceMappingURL=clerkUrl.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/clerkUrl.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"clerkUrl.d.ts","sourceRoot":"","sources":["../../src/tokens/clerkUrl.ts"],"names":[],"mappings":"AAAA,cAAM,QAAS,SAAQ,GAAG;IACjB,aAAa,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM;CAGzC;AAED,MAAM,MAAM,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG;IAChC;;;;;;;;OAQG;IACH,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,GAAG,MAAM,qBAAqB,CAAC,OAAO,QAAQ,CAAC,KAAG,QAEhF,CAAC;AAEF,YAAY,EAAE,QAAQ,EAAE,CAAC"}

3
node_modules/@clerk/backend/dist/tokens/cookie.d.ts generated vendored Normal file
View File

@@ -0,0 +1,3 @@
export declare const getCookieName: (cookieDirective: string) => string;
export declare const getCookieValue: (cookieDirective: string) => string;
//# sourceMappingURL=cookie.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/cookie.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"cookie.d.ts","sourceRoot":"","sources":["../../src/tokens/cookie.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa,GAAI,iBAAiB,MAAM,KAAG,MAEvD,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,iBAAiB,MAAM,KAAG,MAExD,CAAC"}

29
node_modules/@clerk/backend/dist/tokens/factory.d.ts generated vendored Normal file
View File

@@ -0,0 +1,29 @@
import type { ApiClient } from '../api';
import type { AuthenticateRequest } from './request';
import type { AuthenticateRequestOptions } from './types';
type BuildTimeOptions = Partial<Pick<AuthenticateRequestOptions, 'apiUrl' | 'apiVersion' | 'audience' | 'domain' | 'isSatellite' | 'jwtKey' | 'proxyUrl' | 'publishableKey' | 'secretKey' | 'machineSecretKey'>>;
/**
* @internal
*/
export type CreateAuthenticateRequestOptions = {
options: BuildTimeOptions;
apiClient: ApiClient;
};
/**
* @internal
*/
export declare function createAuthenticateRequest(params: CreateAuthenticateRequestOptions): {
authenticateRequest: AuthenticateRequest;
debugRequestState: (params: import("./authStatus").RequestState) => {
isSignedIn: boolean;
isAuthenticated: boolean;
proxyUrl: string | undefined;
reason: string | null;
message: string | null;
publishableKey: string;
isSatellite: boolean;
domain: string;
};
};
export {};
//# sourceMappingURL=factory.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/factory.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/tokens/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAExC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,SAAS,CAAC;AAG1D,KAAK,gBAAgB,GAAG,OAAO,CAC7B,IAAI,CACF,0BAA0B,EACxB,QAAQ,GACR,YAAY,GACZ,UAAU,GACV,QAAQ,GACR,aAAa,GACb,QAAQ,GACR,UAAU,GACV,gBAAgB,GAChB,WAAW,GACX,kBAAkB,CACrB,CACF,CAAC;AAeF;;GAEG;AACH,MAAM,MAAM,gCAAgC,GAAG;IAC7C,OAAO,EAAE,gBAAgB,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC;AAEF;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,gCAAgC;;;;;;;;;;;;EAsBjF"}

64
node_modules/@clerk/backend/dist/tokens/handshake.d.ts generated vendored Normal file
View File

@@ -0,0 +1,64 @@
import { TokenVerificationError } from '../errors';
import type { AuthenticateContext } from './authenticateContext';
import type { SignedInState, SignedOutState } from './authStatus';
import type { OrganizationMatcher } from './organizationMatcher';
import type { OrganizationSyncOptions } from './types';
import type { VerifyTokenOptions } from './verify';
/**
* Similar to our verifyToken flow for Clerk-issued JWTs, but this verification flow is for our signed handshake payload.
* The handshake payload requires fewer verification steps.
*/
export declare function verifyHandshakeToken(token: string, options: VerifyTokenOptions): Promise<{
handshake: string[];
}>;
export declare class HandshakeService {
private readonly authenticateContext;
private readonly organizationMatcher;
private readonly options;
constructor(authenticateContext: AuthenticateContext, options: {
organizationSyncOptions?: OrganizationSyncOptions;
}, organizationMatcher: OrganizationMatcher);
/**
* Determines if a request is eligible for handshake based on its headers
*
* Currently, a request is only eligible for a handshake if we can say it's *probably* a request for a document, not a fetch or some other exotic request.
* This heuristic should give us a reliable enough signal for browsers that support `Sec-Fetch-Dest` and for those that don't.
*
* @returns boolean indicating if the request is eligible for handshake
*/
isRequestEligibleForHandshake(): boolean;
/**
* Builds the redirect headers for a handshake request
* @param reason - The reason for the handshake (e.g. 'session-token-expired')
* @returns Headers object containing the Location header for redirect
* @throws Error if clerkUrl is missing in authenticateContext
*/
buildRedirectToHandshake(reason: string): Headers;
/**
* Gets cookies from either a handshake nonce or a handshake token
* @returns Promise resolving to string array of cookie directives
*/
getCookiesFromHandshake(): Promise<string[]>;
/**
* Resolves a handshake request by verifying the handshake token and setting appropriate cookies
* @returns Promise resolving to either a SignedInState or SignedOutState
* @throws Error if handshake verification fails or if there are issues with the session token
*/
resolveHandshake(): Promise<SignedInState | SignedOutState>;
/**
* Handles handshake token verification errors in development mode
* @param error - The TokenVerificationError that occurred
* @throws Error with a descriptive message about the verification failure
*/
handleTokenVerificationErrorInDevelopment(error: TokenVerificationError): void;
/**
* Checks if a redirect loop is detected and sets headers to track redirect count
* @param headers - The Headers object to modify
* @returns boolean indicating if a redirect loop was detected (true) or if the request can proceed (false)
*/
checkAndTrackRedirectLoop(headers: Headers): boolean;
private removeDevBrowserFromURL;
private getOrganizationSyncTarget;
private getOrganizationSyncQueryParams;
}
//# sourceMappingURL=handshake.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/handshake.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../../src/tokens/handshake.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAA8D,MAAM,WAAW,CAAC;AAI/G,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAIlE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,OAAO,KAAK,EAAE,uBAAuB,EAA0B,MAAM,SAAS,CAAC;AAC/E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAmCnD;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA0BlC;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAsB;IAC1D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAwD;gBAG9E,mBAAmB,EAAE,mBAAmB,EACxC,OAAO,EAAE;QAAE,uBAAuB,CAAC,EAAE,uBAAuB,CAAA;KAAE,EAC9D,mBAAmB,EAAE,mBAAmB;IAO1C;;;;;;;OAOG;IACH,6BAA6B,IAAI,OAAO;IAuBxC;;;;;OAKG;IACH,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IA0CjD;;;OAGG;IACU,uBAAuB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IA2BzD;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;IA4FjE;;;;OAIG;IACH,yCAAyC,CAAC,KAAK,EAAE,sBAAsB,GAAG,IAAI;IAc9E;;;;OAIG;IACH,yBAAyB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO;IAWpD,OAAO,CAAC,uBAAuB;IAO/B,OAAO,CAAC,yBAAyB;IAIjC,OAAO,CAAC,8BAA8B;CAevC"}

54
node_modules/@clerk/backend/dist/tokens/keys.d.ts generated vendored Normal file
View File

@@ -0,0 +1,54 @@
type LoadClerkJwkFromPemOptions = {
kid: string;
pem?: string;
};
/**
* Loads a local PEM key usually from process.env and transform it to JsonWebKey format.
* The result is cached on the module level to avoid unnecessary computations in subsequent invocations.
*/
export declare function loadClerkJwkFromPem(params: LoadClerkJwkFromPemOptions): JsonWebKey;
/**
* @internal
*/
export type LoadClerkJWKFromRemoteOptions = {
/**
* @internal
*/
kid: string;
/**
* @deprecated This cache TTL will be removed in the next major version. Specifying a cache TTL is a no-op.
*/
jwksCacheTtlInMs?: number;
/**
* A flag to ignore the JWKS cache and always fetch JWKS before each JWT verification.
*/
skipJwksCache?: boolean;
/**
* The Clerk Secret Key from the [**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page in the Clerk Dashboard.
*/
secretKey?: string;
/**
* The [Clerk Backend API](https://clerk.com/docs/reference/backend-api){{ target: '_blank' }} endpoint.
* @default 'https://api.clerk.com'
*/
apiUrl?: string;
/**
* The version passed to the Clerk API.
* @default 'v1'
*/
apiVersion?: string;
};
/**
*
* Loads a key from JWKS retrieved from the well-known Frontend API endpoint of the issuer.
* The result is also cached on the module level to avoid network requests in subsequent invocations.
* The cache lasts up to 5 minutes.
*
* @param {Object} options
* @param {string} options.kid - The id of the key that the JWT was signed with
* @param {string} options.alg - The algorithm of the JWT
* @returns {JsonWebKey} key
*/
export declare function loadClerkJWKFromRemote(params: LoadClerkJWKFromRemoteOptions): Promise<JsonWebKey>;
export {};
//# sourceMappingURL=keys.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/keys.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/tokens/keys.ts"],"names":[],"mappings":"AA0CA,KAAK,0BAA0B,GAAG;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,0BAA0B,GAAG,UAAU,CAkClF;AAED;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;OAEG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE,6BAA6B,GAAG,OAAO,CAAC,UAAU,CAAC,CA0CvG"}

85
node_modules/@clerk/backend/dist/tokens/machine.d.ts generated vendored Normal file
View File

@@ -0,0 +1,85 @@
import type { AuthenticateRequestOptions } from '../tokens/types';
import type { MachineTokenType } from './tokenTypes';
import { TokenType } from './tokenTypes';
export declare const M2M_TOKEN_PREFIX = "mt_";
export declare const M2M_SUBJECT_PREFIX = "mch_";
export declare const OAUTH_TOKEN_PREFIX = "oat_";
export declare const API_KEY_PREFIX = "ak_";
export declare const JwtFormatRegExp: RegExp;
export declare function isJwtFormat(token: string): boolean;
/**
* Valid OAuth 2.0 JWT access token type values per RFC 9068.
* @see https://www.rfc-editor.org/rfc/rfc9068.html#section-2.1
*/
export declare const OAUTH_ACCESS_TOKEN_TYPES: string[];
/**
* Checks if a token is an OAuth 2.0 JWT access token.
* Validates the JWT format and verifies the header 'typ' field matches RFC 9068 values.
*
* @param token - The token string to check
* @returns true if the token is a valid OAuth JWT access token
* @see https://www.rfc-editor.org/rfc/rfc9068.html#section-2.1
*/
export declare function isOAuthJwt(token: string): boolean;
/**
* Checks if a token is an M2M JWT token.
* Validates the JWT format and verifies the payload 'sub' field starts with 'mch_'.
*
* @param token - The token string to check
* @returns true if the token is a valid M2M JWT token
*/
export declare function isM2MJwt(token: string): boolean;
/**
* Checks if a token is a machine JWT (OAuth JWT or M2M JWT).
* Useful for rejecting machine JWTs when expecting session tokens.
*
* @param token - The token string to check
* @returns true if the token is an OAuth or M2M JWT
*/
export declare function isMachineJwt(token: string): boolean;
/**
* Checks if a token is a machine token by looking at its prefix.
*
* @remarks
* In the future, this will support custom prefixes that can be prepended to the base prefixes
* (e.g. "org_a_m2m_", "org_a_oauth_access_", "org_a_api_key_")
*
* @param token - The token string to check
* @returns true if the token starts with a recognized machine token prefix
*/
export declare function isMachineTokenByPrefix(token: string): boolean;
/**
* Checks if a token is a machine token by looking at its prefix or if it's an OAuth/M2M JWT.
*
* @param token - The token string to check
* @returns true if the token is a machine token
*/
export declare function isMachineToken(token: string): boolean;
/**
* Gets the specific type of machine token based on its prefix or JWT claims.
*
* @remarks
* In the future, this will support custom prefixes that can be prepended to the base prefixes
* (e.g. "org_a_m2m_", "org_a_oauth_access_", "org_a_api_key_")
*
* @param token - The token string to check
* @returns The specific MachineTokenType
* @throws Error if the token doesn't match any known machine token type
*/
export declare function getMachineTokenType(token: string): MachineTokenType;
/**
* Check if a token type is accepted given a requested token type or list of token types.
*
* @param tokenType - The token type to check (can be null if the token is invalid)
* @param acceptsToken - The requested token type or list of token types
* @returns true if the token type is accepted
*/
export declare const isTokenTypeAccepted: (tokenType: TokenType | null, acceptsToken: NonNullable<AuthenticateRequestOptions["acceptsToken"]>) => boolean;
/**
* Checks if a token type string is a machine token type (api_key, m2m_token, or oauth_token).
*
* @param type - The token type string to check
* @returns true if the type is a machine token type
*/
export declare function isMachineTokenType(type: string): type is MachineTokenType;
//# sourceMappingURL=machine.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/machine.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"machine.d.ts","sourceRoot":"","sources":["../../src/tokens/machine.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,eAAO,MAAM,gBAAgB,QAAQ,CAAC;AACtC,eAAO,MAAM,kBAAkB,SAAS,CAAC;AACzC,eAAO,MAAM,kBAAkB,SAAS,CAAC;AACzC,eAAO,MAAM,cAAc,QAAQ,CAAC;AAIpC,eAAO,MAAM,eAAe,QAAwD,CAAC;AAErF,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAElD;AAED;;;GAGG;AACH,eAAO,MAAM,wBAAwB,UAAmC,CAAC;AAEzE;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAcjD;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAU/C;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAErD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,CAgBnE;AAED;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,GAC9B,WAAW,SAAS,GAAG,IAAI,EAC3B,cAAc,WAAW,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,KACpE,OAWF,CAAC;AAIF;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,IAAI,gBAAgB,CAEzE"}

11
node_modules/@clerk/backend/dist/tokens/organizationMatcher.d.ts generated vendored Normal file
View File

@@ -0,0 +1,11 @@
import type { OrganizationSyncOptions, OrganizationSyncTarget } from './types';
export declare class OrganizationMatcher {
private readonly organizationPattern;
private readonly personalAccountPattern;
constructor(options?: OrganizationSyncOptions);
private createMatcher;
findTarget(url: URL): OrganizationSyncTarget | null;
private findOrganizationTarget;
private findPersonalAccountTarget;
}
//# sourceMappingURL=organizationMatcher.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/organizationMatcher.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"organizationMatcher.d.ts","sourceRoot":"","sources":["../../src/tokens/organizationMatcher.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAE/E,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAuB;IAC3D,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAuB;gBAElD,OAAO,CAAC,EAAE,uBAAuB;IAK7C,OAAO,CAAC,aAAa;IAWrB,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,sBAAsB,GAAG,IAAI;IASnD,OAAO,CAAC,sBAAsB;IA0B9B,OAAO,CAAC,yBAAyB;CAalC"}

60
node_modules/@clerk/backend/dist/tokens/request.d.ts generated vendored Normal file
View File

@@ -0,0 +1,60 @@
import type { RequestState } from './authStatus';
import type { SessionTokenType } from './tokenTypes';
import { TokenType } from './tokenTypes';
import type { AuthenticateRequestOptions } from './types';
export declare const RefreshTokenErrorReason: {
readonly NonEligibleNoCookie: "non-eligible-no-refresh-cookie";
readonly NonEligibleNonGet: "non-eligible-non-get";
readonly InvalidSessionToken: "invalid-session-token";
readonly MissingApiClient: "missing-api-client";
readonly MissingSessionToken: "missing-session-token";
readonly MissingRefreshToken: "missing-refresh-token";
readonly ExpiredSessionTokenDecodeFailed: "expired-session-token-decode-failed";
readonly ExpiredSessionTokenMissingSidClaim: "expired-session-token-missing-sid-claim";
readonly FetchError: "fetch-error";
readonly UnexpectedSDKError: "unexpected-sdk-error";
readonly UnexpectedBAPIError: "unexpected-bapi-error";
};
export interface AuthenticateRequest {
/**
* @example
* clerkClient.authenticateRequest(request, { acceptsToken: ['session_token', 'api_key'] });
*/
<T extends readonly TokenType[]>(request: Request, options: AuthenticateRequestOptions & {
acceptsToken: T;
}): Promise<RequestState<T[number] | null>>;
/**
* @example
* clerkClient.authenticateRequest(request, { acceptsToken: 'session_token' });
*/
<T extends TokenType>(request: Request, options: AuthenticateRequestOptions & {
acceptsToken: T;
}): Promise<RequestState<T>>;
/**
* @example
* clerkClient.authenticateRequest(request, { acceptsToken: 'any' });
*/
(request: Request, options: AuthenticateRequestOptions & {
acceptsToken: 'any';
}): Promise<RequestState<TokenType>>;
/**
* @example
* clerkClient.authenticateRequest(request);
*/
(request: Request, options?: AuthenticateRequestOptions): Promise<RequestState<SessionTokenType>>;
}
export declare const authenticateRequest: AuthenticateRequest;
/**
* @internal
*/
export declare const debugRequestState: (params: RequestState) => {
isSignedIn: boolean;
isAuthenticated: boolean;
proxyUrl: string | undefined;
reason: string | null;
message: string | null;
publishableKey: string;
isSatellite: boolean;
domain: string;
};
//# sourceMappingURL=request.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/request.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/tokens/request.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAkB,YAAY,EAAuD,MAAM,cAAc,CAAC;AAOtH,OAAO,KAAK,EAAoB,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,SAAS,CAAC;AAG1D,eAAO,MAAM,uBAAuB;;;;;;;;;;;;CAY1B,CAAC;AA+EX,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,CAAC,CAAC,SAAS,SAAS,SAAS,EAAE,EAC7B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,0BAA0B,GAAG;QAAE,YAAY,EAAE,CAAC,CAAA;KAAE,GACxD,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3C;;;OAGG;IACH,CAAC,CAAC,SAAS,SAAS,EAClB,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,0BAA0B,GAAG;QAAE,YAAY,EAAE,CAAC,CAAA;KAAE,GACxD,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5B;;;OAGG;IACH,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,0BAA0B,GAAG;QAAE,YAAY,EAAE,KAAK,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;IAEpH;;;OAGG;IACH,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,0BAA0B,GAAG,OAAO,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC;CACnG;AAED,eAAO,MAAM,mBAAmB,EAAE,mBAiuBT,CAAC;AAE1B;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,QAAQ,YAAY;;;;;;;;;CAGrD,CAAC"}

19
node_modules/@clerk/backend/dist/tokens/tokenTypes.d.ts generated vendored Normal file
View File

@@ -0,0 +1,19 @@
export declare const TokenType: {
readonly SessionToken: "session_token";
readonly ApiKey: "api_key";
readonly M2MToken: "m2m_token";
readonly OAuthToken: "oauth_token";
};
/**
* @inline
*/
export type TokenType = (typeof TokenType)[keyof typeof TokenType];
/**
* @inline
*/
export type SessionTokenType = typeof TokenType.SessionToken;
/**
* @inline
*/
export type MachineTokenType = Exclude<TokenType, SessionTokenType>;
//# sourceMappingURL=tokenTypes.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/tokenTypes.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"tokenTypes.d.ts","sourceRoot":"","sources":["../../src/tokens/tokenTypes.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS;;;;;CAKZ,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEnE;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC;AAC7D;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC"}

253
node_modules/@clerk/backend/dist/tokens/types.d.ts generated vendored Normal file
View File

@@ -0,0 +1,253 @@
import type { MatchFunction } from '@clerk/shared/pathToRegexp';
import type { PendingSessionOptions } from '@clerk/shared/types';
import type { ApiClient, APIKey, IdPOAuthAccessToken, M2MToken } from '../api';
import type { AuthenticatedMachineObject, AuthObject, InvalidTokenAuthObject, SignedInAuthObject, SignedOutAuthObject, UnauthenticatedMachineObject } from './authObjects';
import type { SessionTokenType, TokenType } from './tokenTypes';
import type { VerifyTokenOptions } from './verify';
/**
* @interface
*/
export type AuthenticateRequestOptions = {
/**
* The Clerk Publishable Key from the [**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page in the Clerk Dashboard.
*/
publishableKey?: string;
/**
* The domain of a [satellite application](https://clerk.com/docs/guides/dashboard/dns-domains/satellite-domains) in a multi-domain setup.
*/
domain?: string;
/**
* Whether the instance is a satellite domain in a multi-domain setup.
* @default false
*/
isSatellite?: boolean;
/**
* The proxy URL from a multi-domain setup.
*/
proxyUrl?: string;
/**
* The sign-in URL from a multi-domain setup.
*/
signInUrl?: string;
/**
* The sign-up URL from a multi-domain setup.
*/
signUpUrl?: string;
/**
* Full URL or path to navigate to after successful sign in.
* @default '/'
*/
afterSignInUrl?: string;
/**
* Full URL or path to navigate to after successful sign up.
* @default '/'
*/
afterSignUpUrl?: string;
/**
* Used to activate a specific [Organization](https://clerk.com/docs/guides/organizations/overview) or [Personal Account](https://clerk.com/docs/guides/dashboard/overview) based on URL path parameters. If there's a mismatch between the Active Organization in the session (e.g., as reported by `auth()`) and the Organization indicated by the URL, an attempt to activate the Organization specified in the URL will be made.
*
* If the activation can't be performed, either because an Organization doesn't exist or the user lacks access, the Active Organization in the session won't be changed. Ultimately, it's the responsibility of the page to verify that the resources are appropriate to render given the URL and handle mismatches appropriately (e.g., by returning a 404).
*/
organizationSyncOptions?: OrganizationSyncOptions;
/**
* @internal
*/
apiClient?: ApiClient;
/**
* The type of token to accept.
* @default 'session_token'
*/
acceptsToken?: TokenType | TokenType[] | 'any';
/**
* The machine secret key to use when verifying machine-to-machine tokens.
* This will override the Clerk secret key.
*/
machineSecretKey?: string;
/**
* Controls whether satellite apps automatically sync with the primary domain on initial page load.
*
* When `false` (default), satellite apps will skip the automatic handshake if no session cookies exist,
* and only trigger the handshake after an explicit sign-in action. This provides the best performance
* by showing the satellite app immediately without attempting to sync state first.
*
* When `true`, satellite apps will automatically trigger a handshake redirect to sync authentication
* state with the primary domain on first load, even if no session cookies exist. Use this if you want
* users who are already signed in on the primary domain to be automatically recognized on the satellite.
*
* @default false
*/
satelliteAutoSync?: boolean;
} & VerifyTokenOptions;
/**
* @inline
*/
export type OrganizationSyncOptions = {
/**
* Specifies URL patterns that are Organization-specific, containing an Organization ID or slug as a path parameter. If a request matches this path, the Organization identifier will be used to set that Organization as active.
*
* If the route also matches the `personalAccountPatterns` prop, this prop takes precedence.
*
* Patterns must have a path parameter named either `:id` (to match a Clerk Organization ID) or `:slug` (to match a Clerk Organization slug).
*
* If the Organization can't be activated—either because it doesn't exist or the user lacks access—the previously active Organization will remain unchanged. Components must detect this case and provide an appropriate error and/or resolution pathway, such as calling `notFound()` or displaying an [`<OrganizationSwitcher />`](https://clerk.com/docs/reference/components/organization/organization-switcher).
*
* @example
* ["/orgs/:slug", "/orgs/:slug/(.*)"]
* @example
* ["/orgs/:id", "/orgs/:id/(.*)"]
* @example
* ["/app/:any/orgs/:slug", "/app/:any/orgs/:slug/(.*)"]
*/
organizationPatterns?: Pattern[];
/**
* URL patterns for resources that exist within the context of a [Clerk Personal Account](https://clerk.com/docs/guides/dashboard/overview) (user-specific, outside any Organization).
*
* If the route also matches the `organizationPattern` prop, the `organizationPattern` prop takes precedence.
*
* @example
* ["/user", "/user/(.*)"]
* @example
* ["/user/:any", "/user/:any/(.*)"]
*/
personalAccountPatterns?: Pattern[];
};
/**
* A `Pattern` is a `string` that represents the structure of a URL path. In addition to any valid URL, it may include:
* - Named path parameters prefixed with a colon (e.g., `:id`, `:slug`, `:any`).
* - Wildcard token, `(.*)`, which matches the remainder of the path.
*
* @example
* /orgs/:slug
*
* ```ts
* '/orgs/acmecorp' // matches (`:slug` value: acmecorp)
* '/orgs' // does not match
* '/orgs/acmecorp/settings' // does not match
* ```
*
* @example
* /app/:any/orgs/:id
*
* ```ts
* '/app/petstore/orgs/org_123' // matches (`:id` value: org_123)
* '/app/dogstore/v2/orgs/org_123' // does not match
* ```
*
* @example
* /personal-account/(.*)
*
* ```ts
* '/personal-account/settings' // matches
* '/personal-account' // does not match
* ```
*/
type Pattern = string;
export type MachineAuthType = M2MToken | APIKey | IdPOAuthAccessToken;
export type OrganizationSyncTargetMatchers = {
OrganizationMatcher: MatchFunction<Partial<Record<string, string | string[]>>> | null;
PersonalAccountMatcher: MatchFunction<Partial<Record<string, string | string[]>>> | null;
};
/**
* Represents an Organization or a Personal Account - e.g. an
* entity that can be activated by the handshake API.
*/
export type OrganizationSyncTarget = {
type: 'personalAccount';
} | {
type: 'organization';
organizationId?: string;
organizationSlug?: string;
};
/**
* Infers auth object type from an array of token types.
* - Session token only -> SessionType
* - Mixed tokens -> SessionType | MachineType
* - Machine tokens only -> MachineType
*/
export type InferAuthObjectFromTokenArray<T extends readonly TokenType[], SessionType extends AuthObject, MachineType extends AuthObject> = SessionTokenType extends T[number] ? T[number] extends SessionTokenType ? SessionType : SessionType | (MachineType & {
tokenType: Exclude<T[number], SessionTokenType>;
}) : MachineType & {
tokenType: Exclude<T[number], SessionTokenType>;
};
/**
* Infers auth object type from a single token type.
* Returns SessionType for session tokens, or MachineType for machine tokens.
*/
export type InferAuthObjectFromToken<T extends TokenType, SessionType extends AuthObject, MachineType extends AuthObject> = T extends SessionTokenType ? SessionType : MachineType & {
tokenType: Exclude<T, SessionTokenType>;
};
export type SessionAuthObject = SignedInAuthObject | SignedOutAuthObject;
export type MachineAuthObject<T extends Exclude<TokenType, SessionTokenType>> = T extends any ? AuthenticatedMachineObject<T> | UnauthenticatedMachineObject<T> : never;
export type AuthOptions = PendingSessionOptions & {
acceptsToken?: AuthenticateRequestOptions['acceptsToken'];
};
type MaybePromise<T, IsPromise extends boolean> = IsPromise extends true ? Promise<T> : T;
/**
* Shared generic overload type for getAuth() helpers across SDKs.
*
* - Handles different accepted token types and their corresponding return types.
*/
export interface GetAuthFn<RequestType, ReturnsPromise extends boolean = false> {
/**
* @example
* const auth = await getAuth(req, { acceptsToken: ['session_token', 'api_key'] })
*/
<T extends TokenType[]>(req: RequestType, options: AuthOptions & {
acceptsToken: T;
}): MaybePromise<InferAuthObjectFromTokenArray<T, SessionAuthObject, MachineAuthObject<Exclude<T[number], SessionTokenType>>> | InvalidTokenAuthObject, ReturnsPromise>;
/**
* @example
* const auth = await getAuth(req, { acceptsToken: 'session_token' })
*/
<T extends TokenType>(req: RequestType, options: AuthOptions & {
acceptsToken: T;
}): MaybePromise<InferAuthObjectFromToken<T, SessionAuthObject, MachineAuthObject<Exclude<T, SessionTokenType>>>, ReturnsPromise>;
/**
* @example
* const auth = await getAuth(req, { acceptsToken: 'any' })
*/
(req: RequestType, options: AuthOptions & {
acceptsToken: 'any';
}): MaybePromise<AuthObject, ReturnsPromise>;
/**
* @example
* const auth = await getAuth(req)
*/
(req: RequestType, options?: PendingSessionOptions): MaybePromise<SessionAuthObject, ReturnsPromise>;
}
/**
* Shared generic overload type for auth() or getAuth() helpers that don't require a request parameter.
*
* - Handles different accepted token types and their corresponding return types.
* - The SessionAuthType parameter allows frameworks to extend the base SessionAuthObject with additional properties like redirect methods.
*/
export interface GetAuthFnNoRequest<SessionAuthType extends SessionAuthObject = SessionAuthObject, ReturnsPromise extends boolean = false> {
/**
* @example
* const authObject = await auth({ acceptsToken: ['session_token', 'api_key'] })
*/
<T extends TokenType[]>(options: AuthOptions & {
acceptsToken: T;
}): MaybePromise<InferAuthObjectFromTokenArray<T, SessionAuthType, MachineAuthObject<Exclude<T[number], SessionTokenType>>> | InvalidTokenAuthObject, ReturnsPromise>;
/**
* @example
* const authObject = await auth({ acceptsToken: 'session_token' })
*/
<T extends TokenType>(options: AuthOptions & {
acceptsToken: T;
}): MaybePromise<InferAuthObjectFromToken<T, SessionAuthType, MachineAuthObject<Exclude<T, SessionTokenType>>>, ReturnsPromise>;
/**
* @example
* const authObject = await auth({ acceptsToken: 'any' })
*/
(options: AuthOptions & {
acceptsToken: 'any';
}): MaybePromise<Exclude<AuthObject, SessionAuthObject> | SessionAuthType, ReturnsPromise>;
/**
* @example
* const authObject = await auth()
*/
(options?: PendingSessionOptions): MaybePromise<SessionAuthType, ReturnsPromise>;
}
export {};
//# sourceMappingURL=types.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/types.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tokens/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAC/E,OAAO,KAAK,EACV,0BAA0B,EAC1B,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,mBAAmB,EACnB,4BAA4B,EAC7B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAEnD;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAAG;IACvC;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD;;OAEG;IACH,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB;;;OAGG;IACH,YAAY,CAAC,EAAE,SAAS,GAAG,SAAS,EAAE,GAAG,KAAK,CAAC;IAC/C;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;;;;;OAYG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,GAAG,kBAAkB,CAAC;AAEvB;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;;;;;;;;;;;;;OAeG;IACH,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC;IAEjC;;;;;;;;;OASG;IACH,uBAAuB,CAAC,EAAE,OAAO,EAAE,CAAC;CACrC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,KAAK,OAAO,GAAG,MAAM,CAAC;AAEtB,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,MAAM,GAAG,mBAAmB,CAAC;AAEtE,MAAM,MAAM,8BAA8B,GAAG;IAC3C,mBAAmB,EAAE,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACtF,sBAAsB,EAAE,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;CAC1F,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAC9B;IAAE,IAAI,EAAE,iBAAiB,CAAA;CAAE,GAC3B;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjF;;;;;GAKG;AACH,MAAM,MAAM,6BAA6B,CACvC,CAAC,SAAS,SAAS,SAAS,EAAE,EAC9B,WAAW,SAAS,UAAU,EAC9B,WAAW,SAAS,UAAU,IAC5B,gBAAgB,SAAS,CAAC,CAAC,MAAM,CAAC,GAClC,CAAC,CAAC,MAAM,CAAC,SAAS,gBAAgB,GAChC,WAAW,GACX,WAAW,GAAG,CAAC,WAAW,GAAG;IAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAA;CAAE,CAAC,GACnF,WAAW,GAAG;IAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAA;CAAE,CAAC;AAEtE;;;GAGG;AACH,MAAM,MAAM,wBAAwB,CAClC,CAAC,SAAS,SAAS,EACnB,WAAW,SAAS,UAAU,EAC9B,WAAW,SAAS,UAAU,IAC5B,CAAC,SAAS,gBAAgB,GAAG,WAAW,GAAG,WAAW,GAAG;IAAE,SAAS,EAAE,OAAO,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAA;CAAE,CAAC;AAEzG,MAAM,MAAM,iBAAiB,GAAG,kBAAkB,GAAG,mBAAmB,CAAC;AACzE,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,OAAO,CAAC,SAAS,EAAE,gBAAgB,CAAC,IAAI,CAAC,SAAS,GAAG,GACzF,0BAA0B,CAAC,CAAC,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,GAC/D,KAAK,CAAC;AAEV,MAAM,MAAM,WAAW,GAAG,qBAAqB,GAAG;IAAE,YAAY,CAAC,EAAE,0BAA0B,CAAC,cAAc,CAAC,CAAA;CAAE,CAAC;AAEhH,KAAK,YAAY,CAAC,CAAC,EAAE,SAAS,SAAS,OAAO,IAAI,SAAS,SAAS,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AAE1F;;;;GAIG;AACH,MAAM,WAAW,SAAS,CAAC,WAAW,EAAE,cAAc,SAAS,OAAO,GAAG,KAAK;IAC5E;;;OAGG;IACH,CAAC,CAAC,SAAS,SAAS,EAAE,EACpB,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,WAAW,GAAG;QAAE,YAAY,EAAE,CAAC,CAAA;KAAE,GACzC,YAAY,CACX,6BAA6B,CAAC,CAAC,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAC5G,sBAAsB,EACxB,cAAc,CACf,CAAC;IAEF;;;OAGG;IACH,CAAC,CAAC,SAAS,SAAS,EAClB,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,WAAW,GAAG;QAAE,YAAY,EAAE,CAAC,CAAA;KAAE,GACzC,YAAY,CACb,wBAAwB,CAAC,CAAC,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC/F,cAAc,CACf,CAAC;IAEF;;;OAGG;IACH,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,GAAG;QAAE,YAAY,EAAE,KAAK,CAAA;KAAE,GAAG,YAAY,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAE7G;;;OAGG;IACH,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,YAAY,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;CACtG;AAED;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB,CACjC,eAAe,SAAS,iBAAiB,GAAG,iBAAiB,EAC7D,cAAc,SAAS,OAAO,GAAG,KAAK;IAEtC;;;OAGG;IACH,CAAC,CAAC,SAAS,SAAS,EAAE,EACpB,OAAO,EAAE,WAAW,GAAG;QAAE,YAAY,EAAE,CAAC,CAAA;KAAE,GACzC,YAAY,CACX,6BAA6B,CAAC,CAAC,EAAE,eAAe,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAC1G,sBAAsB,EACxB,cAAc,CACf,CAAC;IAEF;;;OAGG;IACH,CAAC,CAAC,SAAS,SAAS,EAClB,OAAO,EAAE,WAAW,GAAG;QAAE,YAAY,EAAE,CAAC,CAAA;KAAE,GACzC,YAAY,CACb,wBAAwB,CAAC,CAAC,EAAE,eAAe,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC7F,cAAc,CACf,CAAC;IAEF;;;OAGG;IACH,CACE,OAAO,EAAE,WAAW,GAAG;QAAE,YAAY,EAAE,KAAK,CAAA;KAAE,GAC7C,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,iBAAiB,CAAC,GAAG,eAAe,EAAE,cAAc,CAAC,CAAC;IAE1F;;;OAGG;IACH,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,YAAY,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;CAClF"}

109
node_modules/@clerk/backend/dist/tokens/verify.d.ts generated vendored Normal file
View File

@@ -0,0 +1,109 @@
import type { JwtPayload, Simplify } from '@clerk/shared/types';
import type { APIKey, IdPOAuthAccessToken, M2MToken } from '../api';
import { MachineTokenVerificationError, TokenVerificationError } from '../errors';
import type { VerifyJwtOptions } from '../jwt';
import type { JwtReturnType } from '../jwt/types';
import type { LoadClerkJWKFromRemoteOptions } from './keys';
import type { MachineTokenType } from './tokenTypes';
/**
* @interface
*/
export type VerifyTokenOptions = Simplify<Omit<VerifyJwtOptions, 'key'> & Omit<LoadClerkJWKFromRemoteOptions, 'kid'> & {
/**
* Used to verify the session token in a networkless manner. Supply the PEM public key from the **[**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page -> Show JWT public key -> PEM Public Key** section in the Clerk Dashboard. **It's recommended to use [the environment variable](https://clerk.com/docs/guides/development/clerk-environment-variables) instead.** For more information, refer to [Manual JWT verification](https://clerk.com/docs/guides/sessions/manual-jwt-verification).
*/
jwtKey?: string;
}>;
/**
* > [!WARNING]
* > This is a lower-level method intended for more advanced use-cases. It's recommended to use [`authenticateRequest()`](https://clerk.com/docs/reference/backend/authenticate-request), which fully authenticates a token passed from the `request` object.
*
* Verifies a Clerk-generated token signature. Networkless if the `jwtKey` is provided. Otherwise, performs a network call to retrieve the JWKS from the [Backend API](https://clerk.com/docs/reference/backend-api/tag/JWKS#operation/GetJWKS){{ target: '_blank' }}.
*
* @param token - The token to verify.
* @param options - Options for verifying the token. It is recommended to set these options as [environment variables](/docs/guides/development/clerk-environment-variables#api-and-sdk-configuration) where possible, and then pass them to the function. For example, you can set the `secretKey` option using the `CLERK_SECRET_KEY` environment variable, and then pass it to the function like this: `verifyToken(token, { secretKey: process.env.CLERK_SECRET_KEY })`.
*
* @displayFunctionSignature
* @hideReturns
*
* @example
*
* The following example demonstrates how to use the [JavaScript Backend SDK](https://clerk.com/docs/reference/backend/overview) to verify the token signature.
*
* In the following example:
*
* 1. The **JWKS Public Key** from the Clerk Dashboard is set in the environment variable `CLERK_JWT_KEY`.
* 1. The session token is retrieved from the `__session` cookie or the Authorization header.
* 1. The token is verified in a networkless manner by passing the `jwtKey` prop.
* 1. The `authorizedParties` prop is passed to verify that the session token is generated from the expected frontend application.
* 1. If the token is valid, the response contains the verified token.
*
* ```ts
* import { verifyToken } from '@clerk/backend'
* import { cookies } from 'next/headers'
*
* export async function GET(request: Request) {
* const cookieStore = cookies()
* const sessToken = cookieStore.get('__session')?.value
* const bearerToken = request.headers.get('Authorization')?.replace('Bearer ', '')
* const token = sessToken || bearerToken
*
* if (!token) {
* return Response.json({ error: 'Token not found. User must sign in.' }, { status: 401 })
* }
*
* try {
* const verifiedToken = await verifyToken(token, {
* jwtKey: process.env.CLERK_JWT_KEY,
* authorizedParties: ['http://localhost:3001', 'api.example.com'], // Replace with your authorized parties
* })
*
* return Response.json({ verifiedToken })
* } catch (error) {
* return Response.json({ error: 'Token not verified.' }, { status: 401 })
* }
* }
* ```
*
* If the token is valid, the response will contain a JSON object that looks something like this:
*
* ```json
* {
* "verifiedToken": {
* "azp": "http://localhost:3000",
* "exp": 1687906422,
* "iat": 1687906362,
* "iss": "https://magical-marmoset-51.clerk.accounts.dev",
* "nbf": 1687906352,
* "sid": "sess_2Ro7e2IxrffdqBboq8KfB6eGbIy",
* "sub": "user_2RfWKJREkjKbHZy0Wqa5qrHeAnb"
* }
* }
* ```
*/
export declare function verifyToken(token: string, options: VerifyTokenOptions): Promise<JwtReturnType<JwtPayload, TokenVerificationError>>;
/**
* Verifies any type of machine token by detecting its type from the prefix or JWT claims.
* For JWTs, decodes once and routes based on claims to avoid redundant decoding.
*
* @param token - The token to verify (e.g. starts with "mt_", "oat_", "ak_", or a JWT)
* @param options - Options including secretKey for BAPI authorization
*/
export declare function verifyMachineAuthToken(token: string, options: VerifyTokenOptions): Promise<{
data?: undefined;
tokenType: MachineTokenType;
errors: [MachineTokenVerificationError];
} | {
data: M2MToken;
tokenType: MachineTokenType;
errors?: undefined;
} | {
data: IdPOAuthAccessToken;
tokenType: MachineTokenType;
errors?: undefined;
} | {
data: APIKey;
tokenType: MachineTokenType;
errors?: undefined;
}>;
//# sourceMappingURL=verify.d.ts.map

1
node_modules/@clerk/backend/dist/tokens/verify.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/tokens/verify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAO,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAErE,OAAO,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAEpE,OAAO,EACL,6BAA6B,EAE7B,sBAAsB,EAGvB,MAAM,WAAW,CAAC;AACnB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC/C,OAAO,KAAK,EAAE,aAAa,EAA0B,MAAM,cAAc,CAAC;AAG1E,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,QAAQ,CAAC;AAU5D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CACvC,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,GAC3B,IAAI,CAAC,6BAA6B,EAAE,KAAK,CAAC,GAAG;IAC3C;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CACJ,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkEG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC,CAgC5D;AA0FD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB;;;;;;;;;;;;;;;;GAuDtF"}