@23blocks/block-authentication 6.1.0 → 6.3.0

package/dist/index.esm.js

@@ -1563,6 +1563,57 @@ const subscriptionMapper = {
     };
 }
 
+/**
+ * Create the permissions service
+ */ function createPermissionsService(transport, _config) {
+    return {
+        async list (params) {
+            const queryParams = {};
+            if (params == null ? void 0 : params.page) queryParams['page[number]'] = params.page;
+            if (params == null ? void 0 : params.perPage) queryParams['page[size]'] = params.perPage;
+            if (params == null ? void 0 : params.include) queryParams['include'] = params.include.join(',');
+            const response = await transport.get('/permissions', {
+                params: queryParams
+            });
+            return decodePageResult(response, permissionMapper);
+        },
+        async get (id) {
+            const response = await transport.get(`/permissions/${id}`);
+            return decodeOne(response, permissionMapper);
+        },
+        async create (request) {
+            const response = await transport.post('/permissions', {
+                permission: {
+                    name: request.name,
+                    level: request.level,
+                    parent_id: request.parentId,
+                    description: request.description,
+                    category: request.category,
+                    risk_level: request.riskLevel
+                }
+            });
+            return decodeOne(response, permissionMapper);
+        },
+        async update (id, request) {
+            const response = await transport.put(`/permissions/${id}`, {
+                permission: {
+                    name: request.name,
+                    level: request.level,
+                    parent_id: request.parentId,
+                    description: request.description,
+                    status: request.status,
+                    category: request.category,
+                    risk_level: request.riskLevel
+                }
+            });
+            return decodeOne(response, permissionMapper);
+        },
+        async delete (id) {
+            await transport.delete(`/permissions/${id}`);
+        }
+    };
+}
+
 /**
  * Create the API keys service
  */ function createApiKeysService(transport, _config) {
@@ -2762,6 +2813,255 @@ const tenantUserMapper = {
     };
 }
 
+/**
+ * Create the JWKS service
+ */ function createJwksService(transport) {
+    return {
+        async getJwks () {
+            const response = await transport.get('/.well-known/jwks.json');
+            return {
+                keys: response.keys.map((key)=>({
+                        kty: key.kty,
+                        use: key.use,
+                        key_ops: key.key_ops,
+                        alg: key.alg,
+                        kid: key.kid,
+                        x5u: key.x5u,
+                        x5c: key.x5c,
+                        x5t: key.x5t,
+                        'x5t#S256': key['x5t#S256'],
+                        n: key.n,
+                        e: key.e,
+                        crv: key.crv,
+                        x: key.x,
+                        y: key.y
+                    }))
+            };
+        },
+        async getKey (kid) {
+            const jwks = await this.getJwks();
+            var _jwks_keys_find;
+            return (_jwks_keys_find = jwks.keys.find((key)=>key.kid === kid)) != null ? _jwks_keys_find : null;
+        }
+    };
+}
+/**
+ * Create the Admin RSA Keys service
+ */ function createAdminRsaKeysService(transport) {
+    return {
+        async list () {
+            const response = await transport.get('/admin/rsa_keys');
+            return response.data.map((item)=>({
+                    id: item.id,
+                    kid: item.attributes.kid,
+                    algorithm: item.attributes.algorithm,
+                    createdAt: new Date(item.attributes.created_at),
+                    expiresAt: item.attributes.expires_at ? new Date(item.attributes.expires_at) : undefined,
+                    isActive: item.attributes.is_active,
+                    publicKey: item.attributes.public_key
+                }));
+        },
+        async get (keyId) {
+            const response = await transport.get(`/admin/rsa_keys/${keyId}`);
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async create (request) {
+            const response = await transport.post('/admin/rsa_keys', {
+                rsa_key: {
+                    algorithm: request.algorithm,
+                    expires_at: request.expiresAt
+                }
+            });
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async rotate (request) {
+            const response = await transport.post('/admin/rsa_keys/rotate', {
+                rsa_key: {
+                    algorithm: request.algorithm,
+                    expires_at: request.expiresAt
+                }
+            });
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async deactivate (keyId) {
+            const response = await transport.put(`/admin/rsa_keys/${keyId}/deactivate`, {});
+            return {
+                id: response.data.id,
+                kid: response.data.attributes.kid,
+                algorithm: response.data.attributes.algorithm,
+                createdAt: new Date(response.data.attributes.created_at),
+                expiresAt: response.data.attributes.expires_at ? new Date(response.data.attributes.expires_at) : undefined,
+                isActive: response.data.attributes.is_active,
+                publicKey: response.data.attributes.public_key
+            };
+        },
+        async delete (keyId) {
+            await transport.delete(`/admin/rsa_keys/${keyId}`);
+        },
+        async getActive () {
+            const keys = await this.list();
+            var _keys_find;
+            return (_keys_find = keys.find((key)=>key.isActive)) != null ? _keys_find : null;
+        }
+    };
+}
+
+/**
+ * Create the OIDC service
+ */ function createOidcService(transport, baseUrl) {
+    return {
+        async getDiscovery () {
+            const response = await transport.get('/.well-known/openid-configuration');
+            return {
+                issuer: response.issuer,
+                authorization_endpoint: response.authorization_endpoint,
+                token_endpoint: response.token_endpoint,
+                userinfo_endpoint: response.userinfo_endpoint,
+                jwks_uri: response.jwks_uri,
+                registration_endpoint: response.registration_endpoint,
+                scopes_supported: response.scopes_supported,
+                response_types_supported: response.response_types_supported,
+                response_modes_supported: response.response_modes_supported,
+                grant_types_supported: response.grant_types_supported,
+                subject_types_supported: response.subject_types_supported,
+                id_token_signing_alg_values_supported: response.id_token_signing_alg_values_supported,
+                claims_supported: response.claims_supported,
+                token_endpoint_auth_methods_supported: response.token_endpoint_auth_methods_supported
+            };
+        },
+        buildAuthorizeUrl (request) {
+            const params = new URLSearchParams();
+            params.set('response_type', request.responseType);
+            params.set('client_id', request.clientId);
+            params.set('redirect_uri', request.redirectUri);
+            params.set('scope', request.scope);
+            if (request.state) params.set('state', request.state);
+            if (request.nonce) params.set('nonce', request.nonce);
+            if (request.codeChallenge) params.set('code_challenge', request.codeChallenge);
+            if (request.codeChallengeMethod) params.set('code_challenge_method', request.codeChallengeMethod);
+            if (request.prompt) params.set('prompt', request.prompt);
+            if (request.maxAge !== undefined) params.set('max_age', String(request.maxAge));
+            if (request.uiLocales) params.set('ui_locales', request.uiLocales);
+            if (request.loginHint) params.set('login_hint', request.loginHint);
+            if (request.acrValues) params.set('acr_values', request.acrValues);
+            const base = '';
+            return `${base}/oauth/authorize?${params.toString()}`;
+        },
+        async exchangeCode (request) {
+            const body = {
+                grant_type: request.grantType,
+                client_id: request.clientId
+            };
+            if (request.code) body.code = request.code;
+            if (request.redirectUri) body.redirect_uri = request.redirectUri;
+            if (request.clientSecret) body.client_secret = request.clientSecret;
+            if (request.refreshToken) body.refresh_token = request.refreshToken;
+            if (request.codeVerifier) body.code_verifier = request.codeVerifier;
+            if (request.scope) body.scope = request.scope;
+            const response = await transport.post('/oauth/token', body);
+            return {
+                access_token: response.access_token,
+                token_type: response.token_type,
+                expires_in: response.expires_in,
+                refresh_token: response.refresh_token,
+                id_token: response.id_token,
+                scope: response.scope
+            };
+        },
+        async refreshToken (refreshToken, clientId) {
+            return this.exchangeCode({
+                grantType: 'refresh_token',
+                refreshToken,
+                clientId
+            });
+        },
+        async getUserInfo (accessToken) {
+            const response = await transport.get('/oauth/userinfo');
+            return {
+                sub: response.sub,
+                name: response.name,
+                given_name: response.given_name,
+                family_name: response.family_name,
+                middle_name: response.middle_name,
+                nickname: response.nickname,
+                preferred_username: response.preferred_username,
+                profile: response.profile,
+                picture: response.picture,
+                website: response.website,
+                email: response.email,
+                email_verified: response.email_verified,
+                gender: response.gender,
+                birthdate: response.birthdate,
+                zoneinfo: response.zoneinfo,
+                locale: response.locale,
+                phone_number: response.phone_number,
+                phone_number_verified: response.phone_number_verified,
+                address: response.address,
+                updated_at: response.updated_at
+            };
+        },
+        async introspect (token) {
+            const response = await transport.post('/oauth/introspect', {
+                token
+            });
+            return {
+                active: response.active,
+                scope: response.scope,
+                clientId: response.client_id,
+                username: response.username,
+                tokenType: response.token_type,
+                exp: response.exp,
+                iat: response.iat,
+                nbf: response.nbf,
+                sub: response.sub,
+                aud: response.aud,
+                iss: response.iss,
+                jti: response.jti
+            };
+        },
+        async revoke (token, tokenTypeHint) {
+            const body = {
+                token
+            };
+            if (tokenTypeHint) body.token_type_hint = tokenTypeHint;
+            await transport.post('/oauth/revoke', body);
+        },
+        endSession (idToken, postLogoutRedirectUri, state) {
+            const params = new URLSearchParams();
+            if (idToken) params.set('id_token_hint', idToken);
+            if (postLogoutRedirectUri) params.set('post_logout_redirect_uri', postLogoutRedirectUri);
+            if (state) params.set('state', state);
+            const base = '';
+            const query = params.toString();
+            return query ? `${base}/oauth/logout?${query}` : `${base}/oauth/logout`;
+        }
+    };
+}
+
 /**
  * Create the Authentication block
  *
@@ -2797,6 +3097,7 @@ const tenantUserMapper = {
         auth: createAuthService(transport),
         users: createUsersService(transport),
         roles: createRolesService(transport),
+        permissions: createPermissionsService(transport),
         apiKeys: createApiKeysService(transport),
         mfa: createMfaService(transport),
         oauth: createOAuthService(transport),
@@ -2818,7 +3119,10 @@ const tenantUserMapper = {
         refreshTokens: createRefreshTokensService(transport),
         userDevices: createUserDevicesService(transport),
         tenantUsers: createTenantUsersService(transport),
-        mailTemplates: createMailTemplatesService(transport)
+        mailTemplates: createMailTemplatesService(transport),
+        jwks: createJwksService(transport),
+        adminRsaKeys: createAdminRsaKeysService(transport),
+        oidc: createOidcService(transport)
     };
 }
 /**
@@ -2855,7 +3159,9 @@ const tenantUserMapper = {
         'RefreshToken',
         'UserDevice',
         'TenantUser',
-        'MailTemplate'
+        'MailTemplate',
+        'RsaKey',
+        'JsonWebKey'
     ]
 };
 

package/dist/src/lib/authentication.block.d.ts

@@ -2,6 +2,7 @@ import type { Transport, BlockConfig } from '@23blocks/contracts';
 import { type AuthService } from './services/auth.service.js';
 import { type UsersService } from './services/users.service.js';
 import { type RolesService } from './services/roles.service.js';
+import { type PermissionsService } from './services/permissions.service.js';
 import { type ApiKeysService } from './services/api-keys.service.js';
 import { type AppsService, type BlocksService, type ServicesRegistryService } from './services/apps.service.js';
 import { type SubscriptionModelsService, type UserSubscriptionsService, type CompanySubscriptionsService } from './services/subscriptions.service.js';
@@ -11,6 +12,8 @@ import { type MfaService } from './services/mfa.service.js';
 import { type OAuthService } from './services/oauth.service.js';
 import { type AvatarsService } from './services/avatars.service.js';
 import { type TenantsService } from './services/tenants.service.js';
+import { type JwksService, type AdminRsaKeysService } from './services/jwks.service.js';
+import { type OidcService } from './services/oidc.service.js';
 /**
  * Configuration for the Authentication block
  */
@@ -33,9 +36,13 @@ export interface AuthenticationBlock {
      */
     users: UsersService;
     /**
-     * Role and permission management
+     * Role management
      */
     roles: RolesService;
+    /**
+     * Permission management
+     */
+    permissions: PermissionsService;
     /**
      * API key management
      */
@@ -124,6 +131,18 @@ export interface AuthenticationBlock {
      * Mail template management
      */
     mailTemplates: MailTemplatesService;
+    /**
+     * JWKS (JSON Web Key Set) operations
+     */
+    jwks: JwksService;
+    /**
+     * Admin RSA key management
+     */
+    adminRsaKeys: AdminRsaKeysService;
+    /**
+     * OpenID Connect operations
+     */
+    oidc: OidcService;
 }
 /**
  * Create the Authentication block

package/dist/src/lib/authentication.block.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authentication.block.d.ts","sourceRoot":"","sources":["../../../src/lib/authentication.block.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACjF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC3F,OAAO,EAIL,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAIL,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EACjC,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAML,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAOL,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EAC1B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAE1F;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,WAAW;IAC5D,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,GAAG,EAAE,UAAU,CAAC;IAEhB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,uBAAuB,CAAC;IAElC;;OAEG;IACH,kBAAkB,EAAE,yBAAyB,CAAC;IAE9C;;OAEG;IACH,iBAAiB,EAAE,wBAAwB,CAAC;IAE5C;;OAEG;IACH,oBAAoB,EAAE,2BAA2B,CAAC;IAElD;;OAEG;IACH,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,eAAe,CAAC;IAE1B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;CACrC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,yBAAyB,GAChC,mBAAmB,CA4BrB;AAED;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;CAYvC,CAAC"}
+{"version":3,"file":"authentication.block.d.ts","sourceRoot":"","sources":["../../../src/lib/authentication.block.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACjF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA4B,KAAK,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACtG,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC3F,OAAO,EAIL,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAIL,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EACjC,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAML,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAOL,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EAC1B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC1F,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,WAAW;IAC5D,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,GAAG,EAAE,UAAU,CAAC;IAEhB;;OAEG;IACH,KAAK,EAAE,YAAY,CAAC;IAEpB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,uBAAuB,CAAC;IAElC;;OAEG;IACH,kBAAkB,EAAE,yBAAyB,CAAC;IAE9C;;OAEG;IACH,iBAAiB,EAAE,wBAAwB,CAAC;IAE5C;;OAEG;IACH,oBAAoB,EAAE,2BAA2B,CAAC;IAElD;;OAEG;IACH,SAAS,EAAE,gBAAgB,CAAC;IAE5B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,eAAe,CAAC;IAE1B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,MAAM,EAAE,aAAa,CAAC;IAEtB;;OAEG;IACH,UAAU,EAAE,iBAAiB,CAAC;IAE9B;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;IAEhC;;OAEG;IACH,aAAa,EAAE,oBAAoB,CAAC;IAEpC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;IAElB;;OAEG;IACH,YAAY,EAAE,mBAAmB,CAAC;IAElC;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,yBAAyB,GAChC,mBAAmB,CAgCrB;AAED;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;CAavC,CAAC"}

package/dist/src/lib/services/index.d.ts

@@ -1,6 +1,7 @@
 export { createAuthService, type AuthService } from './auth.service.js';
 export { createUsersService, type UsersService, type UpdateUserRequest, type UpdateProfileRequest } from './users.service.js';
 export { createRolesService, type RolesService, type CreateRoleRequest, type UpdateRoleRequest } from './roles.service.js';
+export { createPermissionsService, type PermissionsService, type CreatePermissionRequest, type UpdatePermissionRequest } from './permissions.service.js';
 export { createApiKeysService, type ApiKeysService, type ApiKeyUsageStats } from './api-keys.service.js';
 export { createAppsService, createBlocksService, createServicesRegistryService, type AppsService, type BlocksService, type ServicesRegistryService, } from './apps.service.js';
 export { createSubscriptionModelsService, createUserSubscriptionsService, createCompanySubscriptionsService, type SubscriptionModelsService, type UserSubscriptionsService, type CompanySubscriptionsService, type SubscribeRequest, } from './subscriptions.service.js';
@@ -10,4 +11,6 @@ export { createMfaService, type MfaService } from './mfa.service.js';
 export { createOAuthService, type OAuthService } from './oauth.service.js';
 export { createAvatarsService, type AvatarsService } from './avatars.service.js';
 export { createTenantsService, type TenantsService } from './tenants.service.js';
+export { createJwksService, createAdminRsaKeysService, type JwksService, type AdminRsaKeysService, } from './jwks.service.js';
+export { createOidcService, type OidcService } from './oidc.service.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/lib/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9H,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC3H,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzG,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,GAC7B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,EAC9B,iCAAiC,EACjC,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EAChC,KAAK,gBAAgB,GACtB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGjF,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9H,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC3H,OAAO,EAAE,wBAAwB,EAAE,KAAK,kBAAkB,EAAE,KAAK,uBAAuB,EAAE,KAAK,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACzJ,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzG,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,uBAAuB,GAC7B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,EAC9B,iCAAiC,EACjC,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EAChC,KAAK,gBAAgB,GACtB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGrE,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGjF,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGjF,OAAO,EACL,iBAAiB,EACjB,yBAAyB,EACzB,KAAK,WAAW,EAChB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/src/lib/services/jwks.service.d.ts

@@ -0,0 +1,58 @@
+import type { Transport } from '@23blocks/contracts';
+import type { JsonWebKey, JwksResponse, RsaKey, CreateRsaKeyRequest, RotateRsaKeyRequest } from '../types/jwks.js';
+/**
+ * JWKS Service Interface - JSON Web Key Set operations
+ */
+export interface JwksService {
+    /**
+     * Get the public JWKS (JSON Web Key Set)
+     * Typically accessed at /.well-known/jwks.json
+     */
+    getJwks(): Promise<JwksResponse>;
+    /**
+     * Get a specific JSON Web Key by key ID
+     */
+    getKey(kid: string): Promise<JsonWebKey | null>;
+}
+/**
+ * Admin RSA Keys Service Interface - Key management for administrators
+ */
+export interface AdminRsaKeysService {
+    /**
+     * List all RSA keys
+     */
+    list(): Promise<RsaKey[]>;
+    /**
+     * Get a specific RSA key by ID
+     */
+    get(keyId: string): Promise<RsaKey>;
+    /**
+     * Create a new RSA key
+     */
+    create(request: CreateRsaKeyRequest): Promise<RsaKey>;
+    /**
+     * Rotate RSA keys (create new key and deactivate old ones)
+     */
+    rotate(request: RotateRsaKeyRequest): Promise<RsaKey>;
+    /**
+     * Deactivate an RSA key
+     */
+    deactivate(keyId: string): Promise<RsaKey>;
+    /**
+     * Delete an RSA key
+     */
+    delete(keyId: string): Promise<void>;
+    /**
+     * Get the currently active RSA key
+     */
+    getActive(): Promise<RsaKey | null>;
+}
+/**
+ * Create the JWKS service
+ */
+export declare function createJwksService(transport: Transport): JwksService;
+/**
+ * Create the Admin RSA Keys service
+ */
+export declare function createAdminRsaKeysService(transport: Transport): AdminRsaKeysService;
+//# sourceMappingURL=jwks.service.d.ts.map

package/dist/src/lib/services/jwks.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwks.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/jwks.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,KAAK,EACV,UAAU,EACV,YAAY,EACZ,MAAM,EACN,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,kBAAkB,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,OAAO,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IAEjC;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACjD;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE1B;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEpC;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEtD;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEtD;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE3C;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErC;;OAEG;IACH,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,SAAS,GAAG,WAAW,CA+CnE;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,SAAS,GAAG,mBAAmB,CAoKnF"}

package/dist/src/lib/services/oidc.service.d.ts

@@ -0,0 +1,58 @@
+import type { Transport } from '@23blocks/contracts';
+import type { OidcDiscovery, OidcAuthorizeRequest, OidcTokenRequest, OidcTokenResponse, OidcUserInfo } from '../types/oidc.js';
+/**
+ * OIDC Service Interface - OpenID Connect operations
+ */
+export interface OidcService {
+    /**
+     * Get the OpenID Connect discovery document
+     * Typically accessed at /.well-known/openid-configuration
+     */
+    getDiscovery(): Promise<OidcDiscovery>;
+    /**
+     * Build the authorization URL for redirect-based authentication
+     */
+    buildAuthorizeUrl(request: OidcAuthorizeRequest): string;
+    /**
+     * Exchange authorization code for tokens
+     */
+    exchangeCode(request: OidcTokenRequest): Promise<OidcTokenResponse>;
+    /**
+     * Refresh an access token using a refresh token
+     */
+    refreshToken(refreshToken: string, clientId: string): Promise<OidcTokenResponse>;
+    /**
+     * Get user info from the userinfo endpoint
+     */
+    getUserInfo(accessToken?: string): Promise<OidcUserInfo>;
+    /**
+     * Introspect a token (check if valid and get claims)
+     */
+    introspect(token: string): Promise<{
+        active: boolean;
+        scope?: string;
+        clientId?: string;
+        username?: string;
+        tokenType?: string;
+        exp?: number;
+        iat?: number;
+        nbf?: number;
+        sub?: string;
+        aud?: string | string[];
+        iss?: string;
+        jti?: string;
+    }>;
+    /**
+     * Revoke a token
+     */
+    revoke(token: string, tokenTypeHint?: 'access_token' | 'refresh_token'): Promise<void>;
+    /**
+     * End the session (logout)
+     */
+    endSession(idToken?: string, postLogoutRedirectUri?: string, state?: string): string;
+}
+/**
+ * Create the OIDC service
+ */
+export declare function createOidcService(transport: Transport, baseUrl?: string): OidcService;
+//# sourceMappingURL=oidc.service.d.ts.map

package/dist/src/lib/services/oidc.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/oidc.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,KAAK,EACV,aAAa,EACb,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACb,MAAM,kBAAkB,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IAEvC;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,oBAAoB,GAAG,MAAM,CAAC;IAEzD;;OAEG;IACH,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEpE;;OAEG;IACH,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEjF;;OAEG;IACH,WAAW,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzD;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QACjC,MAAM,EAAE,OAAO,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACxB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,cAAc,GAAG,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvF;;OAEG;IACH,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,qBAAqB,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACtF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,WAAW,CA6NrF"}

package/dist/src/lib/services/permissions.service.d.ts

@@ -0,0 +1,56 @@
+import type { Transport, PageResult, ListParams } from '@23blocks/contracts';
+import type { Permission } from '../types/index.js';
+import type { AuthenticationBlockConfig } from '../authentication.block.js';
+/**
+ * Create permission request
+ */
+export interface CreatePermissionRequest {
+    name: string;
+    level?: number;
+    parentId?: string;
+    description?: string;
+    category?: string;
+    riskLevel?: string;
+}
+/**
+ * Update permission request
+ */
+export interface UpdatePermissionRequest {
+    name?: string;
+    level?: number;
+    parentId?: string;
+    description?: string;
+    status?: string;
+    category?: string;
+    riskLevel?: string;
+}
+/**
+ * Permissions service for managing standalone permissions
+ */
+export interface PermissionsService {
+    /**
+     * List all permissions
+     */
+    list(params?: ListParams): Promise<PageResult<Permission>>;
+    /**
+     * Get a permission by ID
+     */
+    get(id: string): Promise<Permission>;
+    /**
+     * Create a new permission
+     */
+    create(request: CreatePermissionRequest): Promise<Permission>;
+    /**
+     * Update a permission
+     */
+    update(id: string, request: UpdatePermissionRequest): Promise<Permission>;
+    /**
+     * Delete a permission
+     */
+    delete(id: string): Promise<void>;
+}
+/**
+ * Create the permissions service
+ */
+export declare function createPermissionsService(transport: Transport, _config: AuthenticationBlockConfig): PermissionsService;
+//# sourceMappingURL=permissions.service.d.ts.map

package/dist/src/lib/services/permissions.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/services/permissions.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAE5E;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,IAAI,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IAE3D;;OAEG;IACH,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAErC;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE9D;;OAEG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE1E;;OAEG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,yBAAyB,GACjC,kBAAkB,CA8DpB"}

package/dist/src/lib/types/index.d.ts

@@ -10,4 +10,6 @@ export { type MfaSetupResponse as MfaSetupResponseFull, type MfaEnableRequest, t
 export { type OAuthSocialLoginRequest, type TenantLoginRequest, type TokenIntrospectionResponse, type TokenRevokeRequest, type TokenRevokeAllRequest, type TokenRevokeResponse, type TenantContextCreateRequest, type TenantInfo, type TenantContextResponse, type TenantContextRevokeRequest, type TenantContextAuditEntry, } from './oauth.js';
 export { type UserProfile as UserProfileFull, type ProfileRequest, type UpdateEmailRequest, type UserDevice as UserDeviceFull, type AddDeviceRequest, type UserSearchRequest, type AddUserSubscriptionRequest, type AccountRecoveryRequest, type AccountRecoveryResponse, type CompleteRecoveryRequest, type UserAvatar as UserAvatarFull, type CreateAvatarRequest, type AvatarPresignResponse, type MultipartPresignRequest, type MultipartPresignResponse, type MultipartCompleteRequest, type MultipartCompleteResponse, } from './user-extended.js';
 export { type TenantUser as TenantUserFull, type CreateTenantUserRequest, type ValidateTenantCodeRequest, type ValidateTenantCodeResponse, type SearchTenantRequest, type UpdateTenantUserOnboardingRequest, type UpdateTenantUserSalesRequest, type ResendInvitationRequest, } from './tenant.js';
+export { type JsonWebKey, type JwksResponse, type RsaKey, type CreateRsaKeyRequest, type RotateRsaKeyRequest, } from './jwks.js';
+export { type OidcDiscovery, type OidcAuthorizeRequest, type OidcTokenRequest, type OidcTokenResponse, type OidcUserInfo, } from './oidc.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/lib/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,MAAM,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,GAAG,EACR,KAAK,KAAK,EACV,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,MAAM,EACX,KAAK,IAAI,EACT,KAAK,QAAQ,GACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,KAAK,qBAAqB,GAC3B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,GAC7B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,WAAW,IAAI,eAAe,EACnC,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EACjC,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,IAAI,EACT,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,MAAM,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,KAAK,GAAG,EACR,KAAK,KAAK,EACV,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,MAAM,EACX,KAAK,IAAI,EACT,KAAK,QAAQ,GACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,KAAK,qBAAqB,GAC3B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,GAC7B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,KAAK,WAAW,IAAI,eAAe,EACnC,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC/B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,KAAK,UAAU,IAAI,cAAc,EACjC,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EACjC,KAAK,uBAAuB,GAC7B,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,MAAM,EACX,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,YAAY,GAClB,MAAM,WAAW,CAAC"}

package/dist/src/lib/types/jwks.d.ts

@@ -0,0 +1,46 @@
+/**
+ * JSON Web Key (JWK) representation
+ */
+export interface JsonWebKey {
+    kty: string;
+    use?: string;
+    key_ops?: string[];
+    alg?: string;
+    kid?: string;
+    x5u?: string;
+    x5c?: string[];
+    x5t?: string;
+    'x5t#S256'?: string;
+    n?: string;
+    e?: string;
+    crv?: string;
+    x?: string;
+    y?: string;
+}
+/**
+ * JSON Web Key Set (JWKS) response
+ */
+export interface JwksResponse {
+    keys: JsonWebKey[];
+}
+/**
+ * RSA Key for admin management
+ */
+export interface RsaKey {
+    id: string;
+    kid: string;
+    algorithm: string;
+    createdAt: Date;
+    expiresAt?: Date;
+    isActive: boolean;
+    publicKey: string;
+}
+export interface CreateRsaKeyRequest {
+    algorithm?: string;
+    expiresAt?: string;
+}
+export interface RotateRsaKeyRequest {
+    algorithm?: string;
+    expiresAt?: string;
+}
+//# sourceMappingURL=jwks.d.ts.map

package/dist/src/lib/types/jwks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwks.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/jwks.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IAEX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,UAAU,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}

package/dist/src/lib/types/oidc.d.ts

@@ -0,0 +1,94 @@
+/**
+ * OpenID Connect Discovery document
+ */
+export interface OidcDiscovery {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    userinfo_endpoint: string;
+    jwks_uri: string;
+    registration_endpoint?: string;
+    scopes_supported: string[];
+    response_types_supported: string[];
+    response_modes_supported?: string[];
+    grant_types_supported?: string[];
+    subject_types_supported: string[];
+    id_token_signing_alg_values_supported: string[];
+    claims_supported?: string[];
+    token_endpoint_auth_methods_supported?: string[];
+}
+/**
+ * OIDC Authorization request parameters
+ */
+export interface OidcAuthorizeRequest {
+    responseType: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state?: string;
+    nonce?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: string;
+    prompt?: 'none' | 'login' | 'consent' | 'select_account';
+    maxAge?: number;
+    uiLocales?: string;
+    loginHint?: string;
+    acrValues?: string;
+}
+/**
+ * OIDC Token request
+ */
+export interface OidcTokenRequest {
+    grantType: 'authorization_code' | 'refresh_token' | 'client_credentials';
+    code?: string;
+    redirectUri?: string;
+    clientId: string;
+    clientSecret?: string;
+    refreshToken?: string;
+    codeVerifier?: string;
+    scope?: string;
+}
+/**
+ * OIDC Token response
+ */
+export interface OidcTokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token?: string;
+    id_token?: string;
+    scope?: string;
+}
+/**
+ * OIDC UserInfo response
+ */
+export interface OidcUserInfo {
+    sub: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    middle_name?: string;
+    nickname?: string;
+    preferred_username?: string;
+    profile?: string;
+    picture?: string;
+    website?: string;
+    email?: string;
+    email_verified?: boolean;
+    gender?: string;
+    birthdate?: string;
+    zoneinfo?: string;
+    locale?: string;
+    phone_number?: string;
+    phone_number_verified?: boolean;
+    address?: {
+        formatted?: string;
+        street_address?: string;
+        locality?: string;
+        region?: string;
+        postal_code?: string;
+        country?: string;
+    };
+    updated_at?: number;
+}
+//# sourceMappingURL=oidc.d.ts.map

package/dist/src/lib/types/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../../src/lib/types/oidc.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAC;CAClD;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,gBAAgB,CAAC;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,oBAAoB,GAAG,eAAe,GAAG,oBAAoB,CAAC;IACzE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@23blocks/block-authentication",
-  "version": "6.1.0",
+  "version": "6.3.0",
   "description": "Authentication block for 23blocks SDK - users, roles, API keys, subscriptions",
   "license": "MIT",
   "author": "23blocks <hello@23blocks.com>",
@@ -15,12 +15,22 @@
   },
   "keywords": [
     "23blocks",
-    "sdk",
     "authentication",
     "auth",
-    "users",
+    "authentication-sdk",
+    "user-management",
     "roles",
-    "api-keys"
+    "api-keys",
+    "oauth",
+    "mfa",
+    "multi-factor-auth",
+    "jwt",
+    "token-auth",
+    "login",
+    "signup",
+    "password-reset",
+    "session-management",
+    "typescript"
   ],
   "type": "module",
   "main": "./dist/index.esm.js",