@aacigroup/aaci_shared 5.3.1 → 5.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -20,8 +20,9 @@ React Context-based tracking and magic-link library for frontend and backend pro
|
|
|
20
20
|
## Features
|
|
21
21
|
|
|
22
22
|
### 🔐 Magic Links & Authentication
|
|
23
|
-
- **V2 Magic Links** with built-in 2FA support (
|
|
23
|
+
- **V2 Magic Links** with built-in 2FA and PIN security support (basic/pin_light/pin_strict/2fa_light/2fa_strict modes)
|
|
24
24
|
- **Email & SMS** 2FA delivery
|
|
25
|
+
- **PIN-based authentication** for enhanced security
|
|
25
26
|
- **Token validation** with URL pattern matching
|
|
26
27
|
- **Admin tokens** for privileged access
|
|
27
28
|
- Full TypeScript support with comprehensive types
|
|
@@ -689,14 +690,16 @@ function MagicLinkExample() {
|
|
|
689
690
|
token,
|
|
690
691
|
current_url: currentUrl,
|
|
691
692
|
mode: 'customer' // or 'admin' for admin access
|
|
693
|
+
// pin: '1234' // Include PIN if security_mode requires it
|
|
692
694
|
});
|
|
693
695
|
|
|
694
696
|
if (result.valid) {
|
|
695
697
|
console.log('Valid! User ID:', result.person_profile_id);
|
|
696
698
|
console.log('Link data:', result.data); // Data stored in magic link data
|
|
699
|
+
console.log('Security mode:', result.security_mode); // 'basic', 'pin_light', etc.
|
|
697
700
|
// Render personalized content
|
|
698
701
|
} else {
|
|
699
|
-
console.log('Invalid:', result.reason); // 'expired', 'revoked', 'url_mismatch', 'not_found'
|
|
702
|
+
console.log('Invalid:', result.reason); // 'expired', 'revoked', 'url_mismatch', 'not_found', 'pin_required', 'pin_invalid'
|
|
700
703
|
}
|
|
701
704
|
};
|
|
702
705
|
|
|
@@ -724,6 +727,7 @@ interface CreateMagicLinkParams {
|
|
|
724
727
|
expires_at?: string; // Optional ISO timestamp
|
|
725
728
|
extra_data?: Record<string, any>; // Optional – stored in magic link data
|
|
726
729
|
session_data?: SessionData; // Optional – auto-populated if not provided
|
|
730
|
+
temp_security_mode?: SecurityMode; // Optional – temporary override for security_mode
|
|
727
731
|
}
|
|
728
732
|
```
|
|
729
733
|
|
|
@@ -742,6 +746,8 @@ interface CreateMagicLinkResponse {
|
|
|
742
746
|
url?: string; // Resolved customer URL
|
|
743
747
|
admin_url?: string; // Resolved admin URL (if admin_url_pattern provided)
|
|
744
748
|
expires_at?: string; // Expiration timestamp (if set)
|
|
749
|
+
security_mode?: SecurityMode; // Security mode applied to this magic link
|
|
750
|
+
pin_code?: string; // PIN code (only returned if security_mode is pin_light or pin_strict)
|
|
745
751
|
message?: string;
|
|
746
752
|
errors?: Array<{ field: string; message: string }>;
|
|
747
753
|
}
|
|
@@ -755,6 +761,7 @@ interface ValidateMagicLinkParams {
|
|
|
755
761
|
token: string; // The token from URL
|
|
756
762
|
current_url: string; // Full URL being accessed
|
|
757
763
|
mode?: 'customer' | 'admin'; // Default: 'customer'
|
|
764
|
+
pin?: string; // PIN code (required if security_mode is pin_light or pin_strict)
|
|
758
765
|
session_data?: SessionData; // Optional – auto-populated if not provided
|
|
759
766
|
}
|
|
760
767
|
```
|
|
@@ -774,11 +781,17 @@ interface ValidateMagicLinkResponse {
|
|
|
774
781
|
magic_link_token_id?: string;
|
|
775
782
|
person_profile_id?: string;
|
|
776
783
|
data?: Record<string, any>; // Data stored in magic link data
|
|
784
|
+
security_mode?: SecurityMode; // Security mode of the magic link
|
|
777
785
|
message?: string;
|
|
778
|
-
reason?: 'expired' | 'revoked' | 'url_mismatch' | 'not_found'; // if invalid
|
|
786
|
+
reason?: 'expired' | 'revoked' | 'url_mismatch' | 'not_found' | 'pin_required' | 'pin_invalid'; // if invalid
|
|
779
787
|
}
|
|
780
788
|
```
|
|
781
789
|
|
|
790
|
+
**SecurityMode Type:**
|
|
791
|
+
```javascript
|
|
792
|
+
type SecurityMode = 'basic' | 'pin_light' | 'pin_strict' | '2fa_light' | '2fa_strict';
|
|
793
|
+
```
|
|
794
|
+
|
|
782
795
|
### Full Page Access Example
|
|
783
796
|
|
|
784
797
|
```javascript
|
|
@@ -855,6 +868,8 @@ function ProtectedSessionPage() {
|
|
|
855
868
|
- **Projects must NOT store tokens** - Only store `magic_link_token_id` in your database entities
|
|
856
869
|
- **Tokens are URL-bound** - A token is only valid when accessed via its designated URL pattern
|
|
857
870
|
- **Tokens are strong** - 32-64 character alphanumeric strings
|
|
871
|
+
- **PIN Security Modes** - When `security_mode` is `pin_light` or `pin_strict`, include the `pin` parameter in validation requests
|
|
872
|
+
- **2FA Security Modes** - When `security_mode` is `2fa_light` or `2fa_strict`, 2FA verification is required before access
|
|
858
873
|
- Your backend should be the single source of truth for token storage and validation
|
|
859
874
|
|
|
860
875
|
## Non-React and Backend Usage
|