while-basic
diff --git a/‎.vscode/settings.json‎
Lines changed: 3 additions & 1 deletion b/‎.vscode/settings.json‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎apps/backend/.env‎
Lines changed: 1 addition & 0 deletions b/‎apps/backend/.env‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎apps/backend/.env.development‎
Lines changed: 1 addition & 2 deletions b/‎apps/backend/.env.development‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎apps/backend/package.json‎
Lines changed: 0 additions & 1 deletion b/‎apps/backend/package.json‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎apps/backend/src/app/api/[...notFoundPath]/route.ts‎
Lines changed: 35 additions & 0 deletions b/‎apps/backend/src/app/api/[...notFoundPath]/route.ts‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎apps/backend/src/app/api/v1/auth/oauth/authorize/[provider]/route.tsx‎
Lines changed: 13 additions & 13 deletions b/‎apps/backend/src/app/api/v1/auth/oauth/authorize/[provider]/route.tsx‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎apps/backend/src/app/api/v1/auth/oauth/callback/[provider]/route.tsx‎
Lines changed: 14 additions & 17 deletions b/‎apps/backend/src/app/api/v1/auth/oauth/callback/[provider]/route.tsx‎
Lines changed: 14 additions & 17 deletions
diff --git a/‎…counts/access-token/[provider]/route.tsx‎ ‎…counts/[provider]/access-token/route.tsx‎apps/backend/src/app/api/v1/auth/oauth/connected-accounts/access-token/[provider]/route.tsx renamed to apps/backend/src/app/api/v1/auth/oauth/connected-accounts/[provider]/access-token/route.tsx b/‎…counts/access-token/[provider]/route.tsx‎ ‎…counts/[provider]/access-token/route.tsx‎apps/backend/src/app/api/v1/auth/oauth/connected-accounts/access-token/[provider]/route.tsx renamed to apps/backend/src/app/api/v1/auth/oauth/connected-accounts/[provider]/access-token/route.tsx
diff --git a/‎apps/backend/src/app/api/v1/auth/oauth/token/route.tsx‎
Lines changed: 19 additions & 28 deletions b/‎apps/backend/src/app/api/v1/auth/oauth/token/route.tsx‎
Lines changed: 19 additions & 28 deletions
diff --git a/‎apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx‎
Lines changed: 2 additions & 2 deletions b/‎apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx‎
Lines changed: 2 additions & 2 deletions
@@ -25,6 +25,7 @@
     "nicify",
     "openapi",
     "Proxied",
+    "reqs",
     "stackframe",
     "typehack",
     "Uncapitalize",
@@ -35,5 +36,6 @@
       "editor.codeActionsOnSave": {
           "source.organizeImports": "explicit"
       }
-  }
+  },
+  "terminal.integrated.wordSeparators": " (){}',\"`─‘’“”|"
 }
@@ -1,4 +1,5 @@
 # Basic
+STACK_BASE_URL=# enter the URL of the backend here. For local development, use `http://localhost:8102`.
 STACK_SERVER_SECRET=# enter a secret key generated by `pnpm generate-keys` here. This is used to sign the JWT tokens.
 
 # OAuth shared keys
 
@@ -1,7 +1,6 @@
+STACK_BASE_URL=http://localhost:8102
 STACK_SERVER_SECRET=23-wuNpik0gIW4mruTz25rbIvhuuvZFrLOLtL7J4tyo
 
-NEXT_PUBLIC_STACK_BACKEND_URL=http://localhost:8102
-
 STACK_DATABASE_CONNECTION_STRING=postgres://postgres:password@localhost:5432/stackframe
 STACK_DIRECT_DATABASE_CONNECTION_STRING=postgres://postgres:password@localhost:5432/stackframe
 
 
@@ -35,7 +35,6 @@
     "@stackframe/stack-emails": "workspace:*",
     "@vercel/analytics": "^1.2.2",
     "bcrypt": "^5.1.1",
-    "date-fns": "^3.6.0",
     "dotenv-cli": "^7.3.0",
     "handlebars": "^4.7.8",
     "jose": "^5.2.2",
 
@@ -0,0 +1,35 @@
+import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
+import { yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+import { deindent } from "@stackframe/stack-shared/dist/utils/strings";
+
+const handler = createSmartRouteHandler({
+  request: yupObject({
+    url: yupString().required(),
+  }),
+  response: yupObject({
+    statusCode: yupNumber().oneOf([404]).required(),
+    bodyType: yupString().oneOf(["text"]).required(),
+    body: yupString().required(),
+  }),
+  handler: async (req, fullReq) => {
+    return {
+      statusCode: 404,
+      bodyType: "text",
+      body: deindent`
+        404 — this page does not exist in Stack Auth's API.
+        
+        Did you mean to visit https://app.stack-auth.com?
+
+        URL: ${req.url}
+      `,
+    };
+  },
+});
+
+export const GET = handler;
+export const POST = handler;
+export const PUT = handler;
+export const DELETE = handler;
+export const PATCH = handler;
+export const OPTIONS = handler;
+export const HEAD = handler;
@@ -1,18 +1,18 @@
-import * as yup from "yup";
+import { checkApiKeySet } from "@/lib/api-keys";
+import { getProject } from "@/lib/projects";
+import { decodeAccessToken, oauthCookieSchema } from "@/lib/tokens";
+import { getProvider } from "@/oauth";
 import { prismaClient } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
-import { StatusError } from "@stackframe/stack-shared/dist/utils/errors";
+import { sharedProviders } from "@stackframe/stack-shared/dist/interface/clientInterface";
 import { KnownErrors } from "@stackframe/stack-shared/dist/known-errors";
 import { yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
-import { sharedProviders } from "@stackframe/stack-shared/dist/interface/clientInterface";
-import { generators } from "openid-client";
-import { getProvider } from "@/oauth";
-import { decodeAccessToken, oauthCookieSchema } from "@/lib/tokens";
+import { getNodeEnvironment } from "@stackframe/stack-shared/dist/utils/env";
+import { StatusError } from "@stackframe/stack-shared/dist/utils/errors";
 import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
-import { getNodeEnvironment } from "@stackframe/stack-shared/dist/utils/env";
-import { getProject } from "@/lib/projects";
-import { checkApiKeySet } from "@/lib/api-keys";
+import { generators } from "openid-client";
+import * as yup from "yup";
 
 const outerOAuthFlowExpirationInMinutes = 10;
 
@@ -53,14 +53,14 @@ export const GET = createSmartRouteHandler({
     const project = await getProject(query.client_id);
 
     if (!project) {
-      throw new KnownErrors.ProjectNotFound();
+      throw new KnownErrors.InvalidOAuthClientIdOrSecret(query.client_id);
     }
 
     if (!await checkApiKeySet(query.client_id, { publishableClientKey: query.client_secret })) {
       throw new KnownErrors.ApiKeyNotFound();
     }
 
-    const provider = project.evaluatedConfig.oauthProviders.find((p) => p.id === params.provider);
+    const provider = project.config.oauth_providers.find((p) => p.id === params.provider);
     if (!provider || !provider.enabled) {
       throw new KnownErrors.OAuthProviderNotFoundOrNotEnabled();
     }
@@ -89,7 +89,7 @@ export const GET = createSmartRouteHandler({
       extraScope: query.provider_scope,
     });
 
-    const outerInfo = await prismaClient.oAuthOuterInfo.create({
+    await prismaClient.oAuthOuterInfo.create({
       data: {
         innerState,
         info: {
@@ -115,7 +115,7 @@ export const GET = createSmartRouteHandler({
     // prevent CSRF by keeping track of the inner state in cookies
     // the callback route must ensure that the inner state cookie is set
     cookies().set(
-      "stack-oauth-inner-state-" + innerState,
+      "stack-oauth-" + innerState,
       "true",
       {
         httpOnly: true,
 
@@ -1,24 +1,21 @@
-import * as yup from "yup";
+import { usersCrudHandlers } from "@/app/api/v1/users/crud";
+import { getProject } from "@/lib/projects";
+import { validateRedirectUrl } from "@/lib/redirect-urls";
+import { oauthCookieSchema } from "@/lib/tokens";
+import { getProvider, oauthServer } from "@/oauth";
 import { prismaClient } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
 import { InvalidClientError, Request as OAuthRequest, Response as OAuthResponse } from "@node-oauth/oauth2-server";
-import { sendEmailFromTemplate } from "@/lib/emails";
+import { KnownError, KnownErrors } from "@stackframe/stack-shared";
+import { ProjectsCrud } from "@stackframe/stack-shared/dist/interface/crud/projects";
+import { yupMixed, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StackAssertionError, StatusError } from "@stackframe/stack-shared/dist/utils/errors";
-import { KnownError, KnownErrors, ProjectJson } from "@stackframe/stack-shared";
-import { yupObject, yupString, yupNumber, yupBoolean, yupArray, yupMixed } from "@stackframe/stack-shared/dist/schema-fields";
-import { sharedProviders } from "@stackframe/stack-shared/dist/interface/clientInterface";
-import { generators } from "openid-client";
-import { getProvider, oauthServer } from "@/oauth";
-import { decodeAccessToken, oauthCookieSchema } from "@/lib/tokens";
+import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
 import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
-import { getProject } from "@/lib/projects";
-import { validateRedirectUrl } from "@/lib/redirect-urls";
-import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
-import { usersCrudHandlers } from "@/app/api/v1/users/crud";
 
-const redirectOrThrowError = (error: KnownError, project: ProjectJson, errorRedirectUrl?: string) => {
-  if (!errorRedirectUrl || !validateRedirectUrl(errorRedirectUrl, project.evaluatedConfig.domains, project.evaluatedConfig.allowLocalhost)) {
+const redirectOrThrowError = (error: KnownError, project: ProjectsCrud["Admin"]["Read"], errorRedirectUrl?: string) => {
+  if (!errorRedirectUrl || !validateRedirectUrl(errorRedirectUrl, project.config.domains, project.config.allow_localhost)) {
     throw error;
   }
 
@@ -89,7 +86,7 @@ export const GET = createSmartRouteHandler({
       redirectOrThrowError(new KnownErrors.OuterOAuthTimeout(), project, errorRedirectUrl);
     }
 
-    const provider = project.evaluatedConfig.oauthProviders.find((p) => p.id === params.provider);
+    const provider = project.config.oauth_providers.find((p) => p.id === params.provider);
     if (!provider || !provider.enabled) {
       throw new KnownErrors.OAuthProviderNotFoundOrNotEnabled();
     }
@@ -203,7 +200,7 @@ export const GET = createSmartRouteHandler({
                       providerConfig: {
                         connect: {
                           projectConfigId_id: {
-                            projectConfigId: project.evaluatedConfig.id,
+                            projectConfigId: project.config.id,
                             id: provider.id,
                           },
                         },
@@ -251,7 +248,7 @@ export const GET = createSmartRouteHandler({
                   primary_email_verified: false, // TODO: check if email is verified with the provider
                   primary_email_auth_enabled: false,
                   oauth_providers: [{
-                    provider_id: provider.id,
+                    id: provider.id,
                     account_id: userInfo.accountId,
                     email: userInfo.email,
                   }],
 
@@ -10,51 +10,42 @@ export const POST = createSmartRouteHandler({
     description: "This endpoint is used to exchange an authorization code or refresh token for an access token.",
     tags: ["Oauth"]
   },
-  request: yupObject({
-    body: yupObject({
-      grant_type: yupString().oneOf(["refresh_token", "authorization_code"]).required(),
-      code: yupString(),
-      code_verifier: yupString(),
-      redirect_uri: yupString(),
-      refresh_token: yupString(),
-    }).required(),
-  }),
+  request: yupObject({}),
   response: yupObject({
     statusCode: yupNumber().required(),
     bodyType: yupString().oneOf(["json"]).required(),
     body: yupMixed().required(),
     headers: yupMixed().required(),
   }),
-  async handler({ body }, fullReq) {
-    if (body.redirect_uri) {
-      body.redirect_uri = body.redirect_uri.split('#')[0]; // remove hash
-    }
-
+  async handler({}, fullReq) {
     const oauthRequest = new OAuthRequest({
-      headers: fullReq.headers,
-      query: Object.fromEntries(new URL(fullReq.url).searchParams.entries()),
-      method: "POST",
-      body: body,
+      headers: {
+        ...fullReq.headers,
+        "content-type": "application/x-www-form-urlencoded",
+      },
+      method: fullReq.method,
+      body: fullReq.body,
+      query: fullReq.query,
     });
 
 
     const oauthResponse = new OAuthResponse();
     try {
       await oauthServer.token(
-      oauthRequest,
-      oauthResponse,
-      {
-        // note the `accessTokenLifetime` won't have any effect here because we set it in the `generateAccessToken` function
-        refreshTokenLifetime: 60 * 60 * 24 * 365, // 1 year
-        alwaysIssueNewRefreshToken: false, // add token rotation later
-      }
-    );
+        oauthRequest,
+        oauthResponse,
+        {
+          // note the `accessTokenLifetime` won't have any effect here because we set it in the `generateAccessToken` function
+          refreshTokenLifetime: 60 * 60 * 24 * 365, // 1 year
+          alwaysIssueNewRefreshToken: false, // add token rotation later
+        }
+      );
     } catch (e) {
       if (e instanceof InvalidGrantError) {
-        throw new KnownErrors.RefreshTokenExpired();
+        throw new KnownErrors.RefreshTokenNotFoundOrExpired();
       }
       if (e instanceof InvalidClientError) {
-        throw new KnownErrors.ProjectNotFound();
+        throw new KnownErrors.InvalidOAuthClientIdOrSecret();
       }
       throw e;
     }
 
@@ -27,7 +27,7 @@ export const POST = createSmartRouteHandler({
     bodyType: yupString().oneOf(["success"]).required(),
   }),
   async handler({ auth: { project }, body: { email, callback_url: callbackUrl } }, fullReq) {
-    if (!project.evaluatedConfig.magicLinkEnabled) {
+    if (!project.config.magic_link_enabled) {
       throw new StatusError(StatusError.Forbidden, "Magic link is not enabled for this project");
     }
 
@@ -78,7 +78,7 @@ export const POST = createSmartRouteHandler({
       // TODO fill user object instead of specifying the extra variables below manually (sIVCH.sendCode would do this already)
       user: null,
       email,
-      templateId: "MAGIC_LINK",
+      templateType: "magic_link",
       extraVariables: {
         userDisplayName: userObj.displayName,
         userPrimaryEmail: userObj.primaryEmail,
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# Basic`
	`2`	+STACK_BASE_URL=# enter the URL of the backend here. For local development, use `http://localhost:8102`.
`2`	`3`	STACK_SERVER_SECRET=# enter a secret key generated by `pnpm generate-keys` here. This is used to sign the JWT tokens.
`3`	`4`
`4`	`5`	`# OAuth shared keys`