@0xmonaco/core 0.6.1 → 0.6.3

package/README.md

@@ -125,7 +125,7 @@ async function authExample() {
   console.log("Authenticated:", authState.user);
   console.log("Tokens:", {
     accessToken: authState.accessToken,
-    refreshToken: authState.refreshToken, // Use this for revokeToken()
+    refreshToken: authState.refreshToken,
   });
   
   // Authenticated WebSocket channels are now connected - start receiving real-time updates
@@ -141,8 +141,7 @@ async function authExample() {
   await monaco.logout();
   
   // Or manually revoke the token
-  // ✅ CORRECT: Use authState.refreshToken
-  await monaco.auth.revokeToken(authState.refreshToken);
+  await monaco.auth.revokeToken();
 }
 
 // Market Data
@@ -277,11 +276,9 @@ interface AuthState {
 }
 ```
 
-**⚠️ Important:** The authentication response contains `refreshToken`, NOT `revokeToken`.
-
 ```typescript
-// ✅ CORRECT: Revoke using refreshToken
-await sdk.auth.revokeToken(authState.refreshToken);
+// Revoke the current session's token
+await sdk.auth.revokeToken();
 
 // 💡 TIP: Use the built-in logout method
 await sdk.logout(); // Automatically calls revokeToken internally

package/dist/api/auth/api.d.ts

@@ -182,14 +182,15 @@ export declare class AuthAPIImpl extends BaseAPI implements AuthAPI {
      */
     refreshToken(refreshToken: string): Promise<TokenRefreshResponse>;
     /**
-     * Revokes a refresh token.
+     * Revokes the current session's refresh token.
      *
-     * Invalidates a refresh token, preventing it from being used to obtain
-     * new access tokens. This is useful for logout functionality or when
-     * a token has been compromised.
+     * Invalidates the refresh token associated with the current access token,
+     * preventing it from being used to obtain new access tokens. This is useful
+     * for logout functionality or when a token has been compromised.
+     *
+     * The server identifies the token to revoke from the access token in the
+     * Authorization header — no request body is needed.
      *
-     * **Important:** Pass the `refreshToken` from the authentication response.
-     * @param refreshToken - The refresh token to revoke (from authResult.refreshToken)
      * @returns Promise resolving when the token is revoked
      * @throws {APIError} When token revocation fails
      *
@@ -197,9 +198,9 @@ export declare class AuthAPIImpl extends BaseAPI implements AuthAPI {
      * ```typescript
      * // After authentication
      * const authResult = await authAPI.authenticate(clientId);
-     * await authAPI.revokeToken(authResult.refreshToken);
+     * await authAPI.revokeToken();
      * console.log("Token revoked successfully");
      * ```
      */
-    revokeToken(refreshToken: string): Promise<void>;
+    revokeToken(): Promise<void>;
 }

package/dist/api/auth/api.js

@@ -277,14 +277,15 @@ export class AuthAPIImpl extends BaseAPI {
         };
     }
     /**
-     * Revokes a refresh token.
+     * Revokes the current session's refresh token.
      *
-     * Invalidates a refresh token, preventing it from being used to obtain
-     * new access tokens. This is useful for logout functionality or when
-     * a token has been compromised.
+     * Invalidates the refresh token associated with the current access token,
+     * preventing it from being used to obtain new access tokens. This is useful
+     * for logout functionality or when a token has been compromised.
+     *
+     * The server identifies the token to revoke from the access token in the
+     * Authorization header — no request body is needed.
      *
-     * **Important:** Pass the `refreshToken` from the authentication response.
-     * @param refreshToken - The refresh token to revoke (from authResult.refreshToken)
      * @returns Promise resolving when the token is revoked
      * @throws {APIError} When token revocation fails
      *
@@ -292,16 +293,13 @@ export class AuthAPIImpl extends BaseAPI {
      * ```typescript
      * // After authentication
      * const authResult = await authAPI.authenticate(clientId);
-     * await authAPI.revokeToken(authResult.refreshToken);
+     * await authAPI.revokeToken();
      * console.log("Token revoked successfully");
      * ```
      */
-    async revokeToken(refreshToken) {
+    async revokeToken() {
         await this.makeAuthenticatedRequest("/api/v1/auth/revoke", {
             method: "POST",
-            body: JSON.stringify({
-                refresh_token: refreshToken,
-            }),
         });
     }
 }

package/dist/sdk.d.ts

@@ -31,8 +31,8 @@ export declare class MonacoSDKImpl implements MonacoSDK {
      * - `expiresAt`: When the access token expires
      * - `user`: User information
      *
-     * Note: There is NO separate `revokeToken` property. Use `authState.refreshToken`
-     * when calling `auth.revokeToken()` or just call `sdk.logout()`.
+     * Note: Use `sdk.logout()` to revoke the token and clean up, or call
+     * `sdk.auth.revokeToken()` directly to just revoke.
      *
      * @param clientId - The client ID for authentication
      * @param options - Optional configuration
@@ -50,7 +50,7 @@ export declare class MonacoSDKImpl implements MonacoSDK {
      * await sdk.ws.connect();
      *
      * // Later, to revoke:
-     * await sdk.auth.revokeToken(authState.refreshToken); // ✅
+     * await sdk.auth.revokeToken(); // ✅
      * // Or revoke and disconnect WebSocket:
      * await sdk.logout(); // ✅ Calls revokeToken internally and disconnects WebSocket
      * ```
@@ -76,7 +76,7 @@ export declare class MonacoSDKImpl implements MonacoSDK {
      *
      * This method revokes the refresh token (if available), disconnects all authenticated
      * WebSocket channels, and clears the local auth state.
-     * It internally calls `auth.revokeToken(refreshToken)` to invalidate the token on the server.
+     * It internally calls `auth.revokeToken()` to invalidate the token on the server.
      *
      * @example
      * ```typescript

package/dist/sdk.js

@@ -99,8 +99,8 @@ export class MonacoSDKImpl {
      * - `expiresAt`: When the access token expires
      * - `user`: User information
      *
-     * Note: There is NO separate `revokeToken` property. Use `authState.refreshToken`
-     * when calling `auth.revokeToken()` or just call `sdk.logout()`.
+     * Note: Use `sdk.logout()` to revoke the token and clean up, or call
+     * `sdk.auth.revokeToken()` directly to just revoke.
      *
      * @param clientId - The client ID for authentication
      * @param options - Optional configuration
@@ -118,7 +118,7 @@ export class MonacoSDKImpl {
      * await sdk.ws.connect();
      *
      * // Later, to revoke:
-     * await sdk.auth.revokeToken(authState.refreshToken); // ✅
+     * await sdk.auth.revokeToken(); // ✅
      * // Or revoke and disconnect WebSocket:
      * await sdk.logout(); // ✅ Calls revokeToken internally and disconnects WebSocket
      * ```
@@ -161,7 +161,7 @@ export class MonacoSDKImpl {
      *
      * This method revokes the refresh token (if available), disconnects all authenticated
      * WebSocket channels, and clears the local auth state.
-     * It internally calls `auth.revokeToken(refreshToken)` to invalidate the token on the server.
+     * It internally calls `auth.revokeToken()` to invalidate the token on the server.
      *
      * @example
      * ```typescript
@@ -172,7 +172,7 @@ export class MonacoSDKImpl {
     async logout() {
         if (this.authState?.refreshToken) {
             try {
-                await this.auth.revokeToken(this.authState.refreshToken);
+                await this.auth.revokeToken();
             }
             catch (error) {
                 // Log but don't throw - we want to clear the local state regardless

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@0xmonaco/core",
-	"version": "0.6.1",
+	"version": "0.6.3",
 	"type": "module",
 	"repository": {
 		"type": "git",