@aneuhold/core-ts-api-lib 3.0.26 → 3.0.28

package/CHANGELOG.md

@@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 🔖 [3.0.28] (2026-03-15)
+
+### ✅ Added
+
+- Added `AuthRefreshToken` types (`AuthRefreshTokenInput`, `AuthRefreshTokenOutput`) for the token refresh endpoint.
+- Added `APIService.logout()` to delete the current session's refresh token server-side.
+- Added `APIService.setAccessToken()`, `APIService.setRefreshTokenString()`, and `APIService.setOnTokensRefreshed()` for JWT token management.
+- `GCloudAPIService` now automatically retries requests after refreshing tokens on 401 responses.
+- `GCloudAPIService` attaches a `Bearer` `Authorization` header to all requests when an access token is set.
+
+### 🏗️ Changed
+
+- `AuthValidateUserInput` now accepts an optional `googleCredentialToken` for Google sign-in, with `userName` and `password` made optional to support both auth flows.
+- `AuthValidateUserOutput` now includes optional `accessToken` and `refreshTokenString` fields.
+
+## 🔖 [3.0.27] (2026-03-13)
+
+### 🏗️ Changed
+
+- Updated dependencies: now requires `@aneuhold/core-ts-db-lib@^5.0.0` and `@aneuhold/core-ts-lib@^2.4.2`.
+
 ## 🔖 [3.0.26] (2026-03-12)
 
 ### 🏗️ Changed
@@ -323,6 +344,8 @@ No direct code changes; version bump for compatibility.
 
 <!-- Link References -->
 
+[3.0.28]: https://github.com/aneuhold/ts-libs/compare/core-ts-api-lib-v3.0.27...core-ts-api-lib-v3.0.28
+[3.0.27]: https://github.com/aneuhold/ts-libs/compare/core-ts-api-lib-v3.0.26...core-ts-api-lib-v3.0.27
 [3.0.26]: https://github.com/aneuhold/ts-libs/compare/core-ts-api-lib-v3.0.25...core-ts-api-lib-v3.0.26
 [3.0.25]: https://github.com/aneuhold/ts-libs/compare/core-ts-api-lib-v3.0.24...core-ts-api-lib-v3.0.25
 [3.0.24]: https://github.com/aneuhold/ts-libs/compare/core-ts-api-lib-v3.0.23...core-ts-api-lib-v3.0.24

package/lib/index.d.ts

@@ -1,2 +1,3 @@
 export * from './browser.js';
+export type { AuthRefreshTokenInput, AuthRefreshTokenOutput } from './types/AuthRefreshToken.js';
 //# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,YAAY,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC"}

package/lib/index.ts

@@ -1,3 +1,6 @@
 // Export all browser-safe exports from browser.ts
 // Since all exports in this library are browser-compatible, we simply re-export everything
 export * from './browser.js';
+
+// Export types only needed by backend consumers
+export type { AuthRefreshTokenInput, AuthRefreshTokenOutput } from './types/AuthRefreshToken.js';

package/lib/services/APIService/APIService.d.ts

@@ -8,26 +8,47 @@ import type { ProjectWorkoutPrimaryInput, ProjectWorkoutPrimaryOutput } from '..
  */
 export default class APIService {
     /**
-     * Validates the provided username and password against the database and
-     * returns the user's information if successful.
+     * Validates the provided credentials against the database and returns the
+     * user's information if successful. Supports both password and Google
+     * sign-in flows.
      *
-     * @param input - The input containing username and password.
-     * @returns A promise that resolves to the user's information if validation is successful.
+     * @param input - The input containing credentials (username/password or Google credential token).
      */
     static validateUser(input: AuthValidateUserInput): Promise<APIResponse<AuthValidateUserOutput>>;
     /**
-     * Calls the dashboard API and returns the result. This will fail if the
-     * dashboard API URL has not been set. See {@link setDashboardAPIUrl}.
+     * Logs out the current session by deleting the stored refresh token
+     * server-side.
+     */
+    static logout(): Promise<APIResponse<undefined>>;
+    /**
+     * Sets the JWT access token to attach to all API requests.
+     *
+     * @param token - The access token.
+     */
+    static setAccessToken(token: string): void;
+    /**
+     * Sets the refresh token string used for automatic token refresh on 401.
+     *
+     * @param token - The refresh token string.
+     */
+    static setRefreshTokenString(token: string): void;
+    /**
+     * Registers a callback that is invoked after tokens are automatically
+     * refreshed (e.g. to persist new tokens to localStorage).
+     *
+     * @param callback - The callback receiving the new accessToken and refreshTokenString.
+     */
+    static setOnTokensRefreshed(callback: ((accessToken: string, refreshTokenString: string) => void) | null): void;
+    /**
+     * Calls the dashboard API and returns the result.
      *
      * @param input - The input for the dashboard API call.
-     * @returns A promise that resolves to the result of the dashboard API call.
      */
     static callDashboardAPI(input: ProjectDashboardInput): Promise<APIResponse<ProjectDashboardOutput>>;
     /**
      * Calls the workout API and returns the result.
      *
      * @param input - The input for the workout API call.
-     * @returns A promise that resolves to the result of the workout API call.
      */
     static callWorkoutAPI(input: ProjectWorkoutPrimaryInput): Promise<APIResponse<ProjectWorkoutPrimaryOutput>>;
     /**

package/lib/services/APIService/APIService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"APIService.d.ts","sourceRoot":"","sources":["../../../src/services/APIService/APIService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EACV,0BAA0B,EAC1B,2BAA2B,EAC5B,MAAM,+CAA+C,CAAC;AAGvD;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IAC7B;;;;;;OAMG;WACU,YAAY,CACvB,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;;;;OAMG;WACU,gBAAgB,CAC3B,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;;;OAKG;WACU,cAAc,CACzB,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;IAIpD;;OAEG;IACH,MAAM,CAAC,gBAAgB,IAAI,MAAM;IAIjC;;;;OAIG;IACH,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAInC;;OAEG;IACH,MAAM,CAAC,gBAAgB,IAAI,MAAM;CAGlC"}
+{"version":3,"file":"APIService.d.ts","sourceRoot":"","sources":["../../../src/services/APIService/APIService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EACV,0BAA0B,EAC1B,2BAA2B,EAC5B,MAAM,+CAA+C,CAAC;AAGvD;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IAC7B;;;;;;OAMG;WACU,YAAY,CACvB,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;OAGG;WACU,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAItD;;;;OAIG;IACH,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI1C;;;;OAIG;IACH,MAAM,CAAC,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIjD;;;;;OAKG;IACH,MAAM,CAAC,oBAAoB,CACzB,QAAQ,EAAE,CAAC,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,KAAK,IAAI,CAAC,GAAG,IAAI,GAC3E,IAAI;IAIP;;;;OAIG;WACU,gBAAgB,CAC3B,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;;OAIG;WACU,cAAc,CACzB,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;IAIpD;;OAEG;IACH,MAAM,CAAC,gBAAgB,IAAI,MAAM;IAIjC;;;;OAIG;IACH,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAInC;;OAEG;IACH,MAAM,CAAC,gBAAgB,IAAI,MAAM;CAGlC"}

package/lib/services/APIService/APIService.js

@@ -5,21 +5,51 @@ import GCloudAPIService from '../GCloudAPIService/GCloudAPIService.js';
  */
 export default class APIService {
     /**
-     * Validates the provided username and password against the database and
-     * returns the user's information if successful.
+     * Validates the provided credentials against the database and returns the
+     * user's information if successful. Supports both password and Google
+     * sign-in flows.
      *
-     * @param input - The input containing username and password.
-     * @returns A promise that resolves to the user's information if validation is successful.
+     * @param input - The input containing credentials (username/password or Google credential token).
      */
     static async validateUser(input) {
-        return await GCloudAPIService.authValidateUser(input);
+        return GCloudAPIService.authValidateUser(input);
     }
     /**
-     * Calls the dashboard API and returns the result. This will fail if the
-     * dashboard API URL has not been set. See {@link setDashboardAPIUrl}.
+     * Logs out the current session by deleting the stored refresh token
+     * server-side.
+     */
+    static async logout() {
+        return GCloudAPIService.authLogout();
+    }
+    /**
+     * Sets the JWT access token to attach to all API requests.
+     *
+     * @param token - The access token.
+     */
+    static setAccessToken(token) {
+        GCloudAPIService.setAccessToken(token);
+    }
+    /**
+     * Sets the refresh token string used for automatic token refresh on 401.
+     *
+     * @param token - The refresh token string.
+     */
+    static setRefreshTokenString(token) {
+        GCloudAPIService.setRefreshTokenString(token);
+    }
+    /**
+     * Registers a callback that is invoked after tokens are automatically
+     * refreshed (e.g. to persist new tokens to localStorage).
+     *
+     * @param callback - The callback receiving the new accessToken and refreshTokenString.
+     */
+    static setOnTokensRefreshed(callback) {
+        GCloudAPIService.setOnTokensRefreshed(callback);
+    }
+    /**
+     * Calls the dashboard API and returns the result.
      *
      * @param input - The input for the dashboard API call.
-     * @returns A promise that resolves to the result of the dashboard API call.
      */
     static async callDashboardAPI(input) {
         return GCloudAPIService.projectDashboard(input);
@@ -28,7 +58,6 @@ export default class APIService {
      * Calls the workout API and returns the result.
      *
      * @param input - The input for the workout API call.
-     * @returns A promise that resolves to the result of the workout API call.
      */
     static async callWorkoutAPI(input) {
         return GCloudAPIService.projectWorkout(input);

package/lib/services/APIService/APIService.js.map

@@ -1 +1 @@
-{"version":3,"file":"APIService.js","sourceRoot":"","sources":["../../../src/services/APIService/APIService.ts"],"names":[],"mappings":"AAaA,OAAO,gBAAgB,MAAM,yCAAyC,CAAC;AAEvE;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IAC7B;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,KAA4B;QAE5B,OAAO,MAAM,gBAAgB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAC3B,KAA4B;QAE5B,OAAO,gBAAgB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CACzB,KAAiC;QAEjC,OAAO,gBAAgB,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACrB,OAAO,gBAAgB,CAAC,MAAM,EAAE,CAAC;IACnC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,SAAS,CAAC,GAAW;QAC1B,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACrB,OAAO,gBAAgB,CAAC,UAAU,CAAC;IACrC,CAAC;CACF"}
+{"version":3,"file":"APIService.js","sourceRoot":"","sources":["../../../src/services/APIService/APIService.ts"],"names":[],"mappings":"AAaA,OAAO,gBAAgB,MAAM,yCAAyC,CAAC;AAEvE;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IAC7B;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,KAA4B;QAE5B,OAAO,gBAAgB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM;QACjB,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,cAAc,CAAC,KAAa;QACjC,gBAAgB,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,qBAAqB,CAAC,KAAa;QACxC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,oBAAoB,CACzB,QAA4E;QAE5E,gBAAgB,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAC3B,KAA4B;QAE5B,OAAO,gBAAgB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CACzB,KAAiC;QAEjC,OAAO,gBAAgB,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACrB,OAAO,gBAAgB,CAAC,MAAM,EAAE,CAAC;IACnC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,SAAS,CAAC,GAAW;QAC1B,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACrB,OAAO,gBAAgB,CAAC,UAAU,CAAC;IACrC,CAAC;CACF"}

package/lib/services/APIService/APIService.ts

@@ -19,24 +19,60 @@ import GCloudAPIService from '../GCloudAPIService/GCloudAPIService.js';
  */
 export default class APIService {
   /**
-   * Validates the provided username and password against the database and
-   * returns the user's information if successful.
+   * Validates the provided credentials against the database and returns the
+   * user's information if successful. Supports both password and Google
+   * sign-in flows.
    *
-   * @param input - The input containing username and password.
-   * @returns A promise that resolves to the user's information if validation is successful.
+   * @param input - The input containing credentials (username/password or Google credential token).
    */
   static async validateUser(
     input: AuthValidateUserInput
   ): Promise<APIResponse<AuthValidateUserOutput>> {
-    return await GCloudAPIService.authValidateUser(input);
+    return GCloudAPIService.authValidateUser(input);
   }
 
   /**
-   * Calls the dashboard API and returns the result. This will fail if the
-   * dashboard API URL has not been set. See {@link setDashboardAPIUrl}.
+   * Logs out the current session by deleting the stored refresh token
+   * server-side.
+   */
+  static async logout(): Promise<APIResponse<undefined>> {
+    return GCloudAPIService.authLogout();
+  }
+
+  /**
+   * Sets the JWT access token to attach to all API requests.
+   *
+   * @param token - The access token.
+   */
+  static setAccessToken(token: string): void {
+    GCloudAPIService.setAccessToken(token);
+  }
+
+  /**
+   * Sets the refresh token string used for automatic token refresh on 401.
+   *
+   * @param token - The refresh token string.
+   */
+  static setRefreshTokenString(token: string): void {
+    GCloudAPIService.setRefreshTokenString(token);
+  }
+
+  /**
+   * Registers a callback that is invoked after tokens are automatically
+   * refreshed (e.g. to persist new tokens to localStorage).
+   *
+   * @param callback - The callback receiving the new accessToken and refreshTokenString.
+   */
+  static setOnTokensRefreshed(
+    callback: ((accessToken: string, refreshTokenString: string) => void) | null
+  ): void {
+    GCloudAPIService.setOnTokensRefreshed(callback);
+  }
+
+  /**
+   * Calls the dashboard API and returns the result.
    *
    * @param input - The input for the dashboard API call.
-   * @returns A promise that resolves to the result of the dashboard API call.
    */
   static async callDashboardAPI(
     input: ProjectDashboardInput
@@ -48,7 +84,6 @@ export default class APIService {
    * Calls the workout API and returns the result.
    *
    * @param input - The input for the workout API call.
-   * @returns A promise that resolves to the result of the workout API call.
    */
   static async callWorkoutAPI(
     input: ProjectWorkoutPrimaryInput

package/lib/services/GCloudAPIService/GCloudAPIService.d.ts

@@ -2,6 +2,11 @@ import type { APIResponse } from '../../types/APIResponse.js';
 import type { AuthValidateUserInput, AuthValidateUserOutput } from '../../types/AuthValidateUser.js';
 import type { ProjectDashboardInput, ProjectDashboardOutput } from '../../types/project/dashboard/ProjectDashboard.js';
 import type { ProjectWorkoutPrimaryInput, ProjectWorkoutPrimaryOutput } from '../../types/project/workout/ProjectWorkout.js';
+/**
+ * Callback invoked after tokens are successfully refreshed. The frontend
+ * should use this to persist the new tokens (e.g. to localStorage).
+ */
+type OnTokensRefreshedCallback = (accessToken: string, refreshTokenString: string) => void;
 /**
  * A service for interacting with the Google Cloud API service for personal projects.
  */
@@ -21,11 +26,37 @@ export default class GCloudAPIService {
      */
     static setUrl(url: string): void;
     /**
-     * Calls the project dashboard endpoint to get, insert, update, or delete dashboard data.
+     * Sets the JWT access token to attach to all API requests.
      *
-     * @param input - The input for the project dashboard function.
+     * @param token - The access token.
+     */
+    static setAccessToken(token: string): void;
+    /**
+     * Sets the refresh token string used for automatic token refresh on 401
+     * responses.
+     *
+     * @param token - The refresh token string.
+     */
+    static setRefreshTokenString(token: string): void;
+    /**
+     * Registers a callback that is invoked after tokens are automatically
+     * refreshed. Use this to persist the new tokens to storage (e.g.
+     * localStorage).
+     *
+     * @param callback - The callback receiving the new accessToken and refreshTokenString.
+     */
+    static setOnTokensRefreshed(callback: OnTokensRefreshedCallback | null): void;
+    /**
+     * Calls the auth validateUser endpoint.
+     *
+     * @param input - The input for the validateUser endpoint.
      */
     static authValidateUser(input: AuthValidateUserInput): Promise<APIResponse<AuthValidateUserOutput>>;
+    /**
+     * Calls the auth logout endpoint to delete the current refresh token
+     * server-side using the stored refresh token string.
+     */
+    static authLogout(): Promise<APIResponse<undefined>>;
     /**
      * Calls the project dashboard endpoint to get, insert, update, or delete dashboard data.
      *
@@ -39,19 +70,33 @@ export default class GCloudAPIService {
      */
     static projectWorkout(input: ProjectWorkoutPrimaryInput): Promise<APIResponse<ProjectWorkoutPrimaryOutput>>;
     /**
-     * Makes a call to the Google Cloud API.
+     * Makes a call to the API. On a 401 response, automatically attempts to
+     * refresh the access token using the stored refresh token. If refresh
+     * succeeds, the original request is retried once.
      *
      * @param urlPath - The path to the endpoint.
      * @param input - The input to the endpoint.
-     * @throws {Error} Will throw an error if the URL is not set.
      */
     private static call;
     /**
-     * Decodes the response from the Google Cloud API.
+     * Attempts to refresh the access token using the stored refresh token.
+     * On success, updates the stored tokens and notifies via the
+     * {@link #onTokensRefreshed} callback.
+     */
+    private static tryRefreshTokens;
+    /**
+     * Performs a POST request and decodes the JSON response.
+     *
+     * @param urlPath - The path to the endpoint.
+     * @param input - The input to the endpoint.
+     */
+    private static fetchAndDecode;
+    /**
+     * Decodes a fetch Response into an APIResponse.
      *
-     * @param response - The response to decode.
-     * @returns The decoded output.
+     * @param response - The fetch response to decode.
      */
     private static decodeResponse;
 }
+export {};
 //# sourceMappingURL=GCloudAPIService.d.ts.map

package/lib/services/GCloudAPIService/GCloudAPIService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"GCloudAPIService.d.ts","sourceRoot":"","sources":["../../../src/services/GCloudAPIService/GCloudAPIService.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EACV,0BAA0B,EAC1B,2BAA2B,EAC5B,MAAM,+CAA+C,CAAC;AAEvD;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,gBAAgB;;IACnC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAmC;IAQrE;;;;OAIG;IACH,MAAM,CAAC,MAAM,IAAI,MAAM;IAIvB;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAIhC;;;;OAIG;WACU,gBAAgB,CAC3B,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;;OAIG;WACU,gBAAgB,CAC3B,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;;OAIG;WACU,cAAc,CACzB,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;IAOpD;;;;;;OAMG;mBACkB,IAAI;IAiBzB;;;;;OAKG;mBACkB,cAAc;CAYpC"}
+{"version":3,"file":"GCloudAPIService.d.ts","sourceRoot":"","sources":["../../../src/services/GCloudAPIService/GCloudAPIService.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAE9D,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EACV,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EACV,0BAA0B,EAC1B,2BAA2B,EAC5B,MAAM,+CAA+C,CAAC;AAEvD;;;GAGG;AACH,KAAK,yBAAyB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,KAAK,IAAI,CAAC;AAE3F;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,gBAAgB;;IACnC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAmC;IAcrE;;;;OAIG;IACH,MAAM,CAAC,MAAM,IAAI,MAAM;IAIvB;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAIhC;;;;OAIG;IACH,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI1C;;;;;OAKG;IACH,MAAM,CAAC,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIjD;;;;;;OAMG;IACH,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,yBAAyB,GAAG,IAAI,GAAG,IAAI;IAI7E;;;;OAIG;WACU,gBAAgB,CAC3B,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;OAGG;WACU,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAU1D;;;;OAIG;WACU,gBAAgB,CAC3B,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAI/C;;;;OAIG;WACU,cAAc,CACzB,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;IAIpD;;;;;;;OAOG;mBACkB,IAAI;IAiBzB;;;;OAIG;mBACkB,gBAAgB;IAuBrC;;;;;OAKG;mBACkB,cAAc;IAuBnC;;;;OAIG;mBACkB,cAAc;CAYpC"}

package/lib/services/GCloudAPIService/GCloudAPIService.js

@@ -9,6 +9,9 @@ export default class GCloudAPIService {
      * the trailing slash.
      */
     static #baseUrl = this.defaultUrl;
+    static #accessToken;
+    static #refreshTokenString;
+    static #onTokensRefreshed = null;
     /**
      * Gets the current URL of the Google Cloud API.
      *
@@ -26,13 +29,53 @@ export default class GCloudAPIService {
         this.#baseUrl = url;
     }
     /**
-     * Calls the project dashboard endpoint to get, insert, update, or delete dashboard data.
+     * Sets the JWT access token to attach to all API requests.
      *
-     * @param input - The input for the project dashboard function.
+     * @param token - The access token.
+     */
+    static setAccessToken(token) {
+        this.#accessToken = token;
+    }
+    /**
+     * Sets the refresh token string used for automatic token refresh on 401
+     * responses.
+     *
+     * @param token - The refresh token string.
+     */
+    static setRefreshTokenString(token) {
+        this.#refreshTokenString = token;
+    }
+    /**
+     * Registers a callback that is invoked after tokens are automatically
+     * refreshed. Use this to persist the new tokens to storage (e.g.
+     * localStorage).
+     *
+     * @param callback - The callback receiving the new accessToken and refreshTokenString.
+     */
+    static setOnTokensRefreshed(callback) {
+        this.#onTokensRefreshed = callback;
+    }
+    /**
+     * Calls the auth validateUser endpoint.
+     *
+     * @param input - The input for the validateUser endpoint.
      */
     static async authValidateUser(input) {
         return this.call('auth/validateUser', input);
     }
+    /**
+     * Calls the auth logout endpoint to delete the current refresh token
+     * server-side using the stored refresh token string.
+     */
+    static async authLogout() {
+        if (!this.#refreshTokenString) {
+            return { success: true, errors: [], data: undefined };
+        }
+        const { decoded } = await this.fetchAndDecode('auth/logout', {
+            refreshTokenString: this.#refreshTokenString
+        });
+        return decoded;
+    }
     /**
      * Calls the project dashboard endpoint to get, insert, update, or delete dashboard data.
      *
@@ -50,30 +93,73 @@ export default class GCloudAPIService {
         return this.call('project/workout', input);
     }
     /**
-     * Makes a call to the Google Cloud API.
+     * Makes a call to the API. On a 401 response, automatically attempts to
+     * refresh the access token using the stored refresh token. If refresh
+     * succeeds, the original request is retried once.
      *
      * @param urlPath - The path to the endpoint.
      * @param input - The input to the endpoint.
-     * @throws {Error} Will throw an error if the URL is not set.
      */
     static async call(urlPath, input) {
+        const { response, decoded } = await this.fetchAndDecode(urlPath, input);
+        if (response.status === 401 && this.#refreshTokenString) {
+            const refreshed = await this.tryRefreshTokens();
+            if (refreshed) {
+                const retry = await this.fetchAndDecode(urlPath, input);
+                return retry.decoded;
+            }
+        }
+        return decoded;
+    }
+    /**
+     * Attempts to refresh the access token using the stored refresh token.
+     * On success, updates the stored tokens and notifies via the
+     * {@link #onTokensRefreshed} callback.
+     */
+    static async tryRefreshTokens() {
+        if (!this.#refreshTokenString) {
+            return false;
+        }
+        const { decoded } = await this.fetchAndDecode('auth/refresh', {
+            refreshTokenString: this.#refreshTokenString
+        });
+        if (!decoded.success) {
+            return false;
+        }
+        this.#accessToken = decoded.data.accessToken;
+        this.#refreshTokenString = decoded.data.refreshTokenString;
+        if (this.#onTokensRefreshed) {
+            this.#onTokensRefreshed(decoded.data.accessToken, decoded.data.refreshTokenString);
+        }
+        return true;
+    }
+    /**
+     * Performs a POST request and decodes the JSON response.
+     *
+     * @param urlPath - The path to the endpoint.
+     * @param input - The input to the endpoint.
+     */
+    static async fetchAndDecode(urlPath, input) {
+        const headers = new Headers({
+            Connection: 'keep-alive',
+            'Content-Type': 'application/json',
+            Accept: 'application/json'
+        });
+        if (this.#accessToken) {
+            headers.set('Authorization', `Bearer ${this.#accessToken}`);
+        }
         const response = await fetch(this.#baseUrl + urlPath, {
             method: 'POST',
-            headers: {
-                Connection: 'keep-alive',
-                'Content-Type': 'application/json',
-                Accept: 'application/json'
-            },
+            headers,
             body: JSON.stringify(input)
         });
-        const decodedResponse = await this.decodeResponse(response);
-        return decodedResponse;
+        const decoded = await this.decodeResponse(response);
+        return { response, decoded };
     }
     /**
-     * Decodes the response from the Google Cloud API.
+     * Decodes a fetch Response into an APIResponse.
      *
-     * @param response - The response to decode.
-     * @returns The decoded output.
+     * @param response - The fetch response to decode.
      */
     static async decodeResponse(response) {
         try {

package/lib/services/GCloudAPIService/GCloudAPIService.js.map

@@ -1 +1 @@
-{"version":3,"file":"GCloudAPIService.js","sourceRoot":"","sources":["../../../src/services/GCloudAPIService/GCloudAPIService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAehE;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,gBAAgB;IACnC,MAAM,CAAU,UAAU,GAAW,+BAA+B,CAAC;IAErE;;;OAGG;IACH,MAAM,CAAC,QAAQ,GAAW,IAAI,CAAC,UAAU,CAAC;IAE1C;;;;OAIG;IACH,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,GAAW;QACvB,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAC3B,KAA4B;QAE5B,OAAO,IAAI,CAAC,IAAI,CAAgD,mBAAmB,EAAE,KAAK,CAAC,CAAC;IAC9F,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAC3B,KAA4B;QAE5B,OAAO,IAAI,CAAC,IAAI,CAAgD,mBAAmB,EAAE,KAAK,CAAC,CAAC;IAC9F,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CACzB,KAAiC;QAEjC,OAAO,IAAI,CAAC,IAAI,CACd,iBAAiB,EACjB,KAAK,CACN,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,KAAK,CAAC,IAAI,CACvB,OAAe,EACf,KAAa;QAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,UAAU,EAAE,YAAY;gBACxB,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,CAAU,QAAQ,CAAC,CAAC;QACrE,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,cAAc,CAAU,QAAkB;QAC7D,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,WAAW,CAAyB,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,CAAC,0BAA0B,EAAE,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtE,IAAI,EAAE,EAAa;aACpB,CAAC;QACJ,CAAC;IACH,CAAC"}
+{"version":3,"file":"GCloudAPIService.js","sourceRoot":"","sources":["../../../src/services/GCloudAPIService/GCloudAPIService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAsBhE;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,gBAAgB;IACnC,MAAM,CAAU,UAAU,GAAW,+BAA+B,CAAC;IAErE;;;OAGG;IACH,MAAM,CAAC,QAAQ,GAAW,IAAI,CAAC,UAAU,CAAC;IAE1C,MAAM,CAAC,YAAY,CAAqB;IAExC,MAAM,CAAC,mBAAmB,CAAqB;IAE/C,MAAM,CAAC,kBAAkB,GAAqC,IAAI,CAAC;IAEnE;;;;OAIG;IACH,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,GAAW;QACvB,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,cAAc,CAAC,KAAa;QACjC,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,qBAAqB,CAAC,KAAa;QACxC,IAAI,CAAC,mBAAmB,GAAG,KAAK,CAAC;IACnC,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,oBAAoB,CAAC,QAA0C;QACpE,IAAI,CAAC,kBAAkB,GAAG,QAAQ,CAAC;IACrC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAC3B,KAA4B;QAE5B,OAAO,IAAI,CAAC,IAAI,CAAyB,mBAAmB,EAAE,KAAK,CAAC,CAAC;IACvE,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU;QACrB,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxD,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAY,aAAa,EAAE;YACtE,kBAAkB,EAAE,IAAI,CAAC,mBAAmB;SAC7C,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAC3B,KAA4B;QAE5B,OAAO,IAAI,CAAC,IAAI,CAAyB,mBAAmB,EAAE,KAAK,CAAC,CAAC;IACvE,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CACzB,KAAiC;QAEjC,OAAO,IAAI,CAAC,IAAI,CAA8B,iBAAiB,EAAE,KAAK,CAAC,CAAC;IAC1E,CAAC;IAED;;;;;;;OAOG;IACK,MAAM,CAAC,KAAK,CAAC,IAAI,CACvB,OAAe,EACf,KAAa;QAEb,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAU,OAAO,EAAE,KAAK,CAAC,CAAC;QAEjF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAChD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAU,OAAO,EAAE,KAAK,CAAC,CAAC;gBACjE,OAAO,KAAK,CAAC,OAAO,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,KAAK,CAAC,gBAAgB;QACnC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAyB,cAAc,EAAE;YACpF,kBAAkB,EAAE,IAAI,CAAC,mBAAmB;SAC7C,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC;QAE3D,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,cAAc,CACjC,OAAe,EACf,KAAa;QAEb,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;YAC1B,UAAU,EAAE,YAAY;YACxB,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,kBAAkB;SAC3B,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAU,QAAQ,CAAC,CAAC;QAC7D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,KAAK,CAAC,cAAc,CAAU,QAAkB;QAC7D,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,WAAW,CAAyB,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,CAAC,0BAA0B,EAAE,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtE,IAAI,EAAE,EAAa;aACpB,CAAC;QACJ,CAAC;IACH,CAAC"}

package/lib/services/GCloudAPIService/GCloudAPIService.ts

@@ -1,5 +1,6 @@
 import { DateService, ErrorUtils } from '@aneuhold/core-ts-lib';
 import type { APIResponse } from '../../types/APIResponse.js';
+import type { AuthRefreshTokenOutput } from '../../types/AuthRefreshToken.js';
 import type {
   AuthValidateUserInput,
   AuthValidateUserOutput
@@ -13,6 +14,12 @@ import type {
   ProjectWorkoutPrimaryOutput
 } from '../../types/project/workout/ProjectWorkout.js';
 
+/**
+ * Callback invoked after tokens are successfully refreshed. The frontend
+ * should use this to persist the new tokens (e.g. to localStorage).
+ */
+type OnTokensRefreshedCallback = (accessToken: string, refreshTokenString: string) => void;
+
 /**
  * A service for interacting with the Google Cloud API service for personal projects.
  */
@@ -25,6 +32,12 @@ export default class GCloudAPIService {
    */
   static #baseUrl: string = this.defaultUrl;
 
+  static #accessToken: string | undefined;
+
+  static #refreshTokenString: string | undefined;
+
+  static #onTokensRefreshed: OnTokensRefreshedCallback | null = null;
+
   /**
    * Gets the current URL of the Google Cloud API.
    *
@@ -44,14 +57,58 @@ export default class GCloudAPIService {
   }
 
   /**
-   * Calls the project dashboard endpoint to get, insert, update, or delete dashboard data.
+   * Sets the JWT access token to attach to all API requests.
    *
-   * @param input - The input for the project dashboard function.
+   * @param token - The access token.
+   */
+  static setAccessToken(token: string): void {
+    this.#accessToken = token;
+  }
+
+  /**
+   * Sets the refresh token string used for automatic token refresh on 401
+   * responses.
+   *
+   * @param token - The refresh token string.
+   */
+  static setRefreshTokenString(token: string): void {
+    this.#refreshTokenString = token;
+  }
+
+  /**
+   * Registers a callback that is invoked after tokens are automatically
+   * refreshed. Use this to persist the new tokens to storage (e.g.
+   * localStorage).
+   *
+   * @param callback - The callback receiving the new accessToken and refreshTokenString.
+   */
+  static setOnTokensRefreshed(callback: OnTokensRefreshedCallback | null): void {
+    this.#onTokensRefreshed = callback;
+  }
+
+  /**
+   * Calls the auth validateUser endpoint.
+   *
+   * @param input - The input for the validateUser endpoint.
    */
   static async authValidateUser(
     input: AuthValidateUserInput
   ): Promise<APIResponse<AuthValidateUserOutput>> {
-    return this.call<AuthValidateUserInput, AuthValidateUserOutput>('auth/validateUser', input);
+    return this.call<AuthValidateUserOutput>('auth/validateUser', input);
+  }
+
+  /**
+   * Calls the auth logout endpoint to delete the current refresh token
+   * server-side using the stored refresh token string.
+   */
+  static async authLogout(): Promise<APIResponse<undefined>> {
+    if (!this.#refreshTokenString) {
+      return { success: true, errors: [], data: undefined };
+    }
+    const { decoded } = await this.fetchAndDecode<undefined>('auth/logout', {
+      refreshTokenString: this.#refreshTokenString
+    });
+    return decoded;
   }
 
   /**
@@ -62,7 +119,7 @@ export default class GCloudAPIService {
   static async projectDashboard(
     input: ProjectDashboardInput
   ): Promise<APIResponse<ProjectDashboardOutput>> {
-    return this.call<ProjectDashboardInput, ProjectDashboardOutput>('project/dashboard', input);
+    return this.call<ProjectDashboardOutput>('project/dashboard', input);
   }
 
   /**
@@ -73,41 +130,95 @@ export default class GCloudAPIService {
   static async projectWorkout(
     input: ProjectWorkoutPrimaryInput
   ): Promise<APIResponse<ProjectWorkoutPrimaryOutput>> {
-    return this.call<ProjectWorkoutPrimaryInput, ProjectWorkoutPrimaryOutput>(
-      'project/workout',
-      input
-    );
+    return this.call<ProjectWorkoutPrimaryOutput>('project/workout', input);
   }
 
   /**
-   * Makes a call to the Google Cloud API.
+   * Makes a call to the API. On a 401 response, automatically attempts to
+   * refresh the access token using the stored refresh token. If refresh
+   * succeeds, the original request is retried once.
    *
    * @param urlPath - The path to the endpoint.
    * @param input - The input to the endpoint.
-   * @throws {Error} Will throw an error if the URL is not set.
    */
-  private static async call<TInput extends object, TOutput>(
+  private static async call<TOutput>(
     urlPath: string,
-    input: TInput
+    input: object
   ): Promise<APIResponse<TOutput>> {
+    const { response, decoded } = await this.fetchAndDecode<TOutput>(urlPath, input);
+
+    if (response.status === 401 && this.#refreshTokenString) {
+      const refreshed = await this.tryRefreshTokens();
+      if (refreshed) {
+        const retry = await this.fetchAndDecode<TOutput>(urlPath, input);
+        return retry.decoded;
+      }
+    }
+
+    return decoded;
+  }
+
+  /**
+   * Attempts to refresh the access token using the stored refresh token.
+   * On success, updates the stored tokens and notifies via the
+   * {@link #onTokensRefreshed} callback.
+   */
+  private static async tryRefreshTokens(): Promise<boolean> {
+    if (!this.#refreshTokenString) {
+      return false;
+    }
+
+    const { decoded } = await this.fetchAndDecode<AuthRefreshTokenOutput>('auth/refresh', {
+      refreshTokenString: this.#refreshTokenString
+    });
+
+    if (!decoded.success) {
+      return false;
+    }
+
+    this.#accessToken = decoded.data.accessToken;
+    this.#refreshTokenString = decoded.data.refreshTokenString;
+
+    if (this.#onTokensRefreshed) {
+      this.#onTokensRefreshed(decoded.data.accessToken, decoded.data.refreshTokenString);
+    }
+
+    return true;
+  }
+
+  /**
+   * Performs a POST request and decodes the JSON response.
+   *
+   * @param urlPath - The path to the endpoint.
+   * @param input - The input to the endpoint.
+   */
+  private static async fetchAndDecode<TOutput>(
+    urlPath: string,
+    input: object
+  ): Promise<{ response: Response; decoded: APIResponse<TOutput> }> {
+    const headers = new Headers({
+      Connection: 'keep-alive',
+      'Content-Type': 'application/json',
+      Accept: 'application/json'
+    });
+
+    if (this.#accessToken) {
+      headers.set('Authorization', `Bearer ${this.#accessToken}`);
+    }
+
     const response = await fetch(this.#baseUrl + urlPath, {
       method: 'POST',
-      headers: {
-        Connection: 'keep-alive',
-        'Content-Type': 'application/json',
-        Accept: 'application/json'
-      },
+      headers,
       body: JSON.stringify(input)
     });
-    const decodedResponse = await this.decodeResponse<TOutput>(response);
-    return decodedResponse;
+    const decoded = await this.decodeResponse<TOutput>(response);
+    return { response, decoded };
   }
 
   /**
-   * Decodes the response from the Google Cloud API.
+   * Decodes a fetch Response into an APIResponse.
    *
-   * @param response - The response to decode.
-   * @returns The decoded output.
+   * @param response - The fetch response to decode.
    */
   private static async decodeResponse<TOutput>(response: Response): Promise<APIResponse<TOutput>> {
     try {

package/lib/types/AuthRefreshToken.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Interface representing the input to the auth refresh token endpoint.
+ */
+export interface AuthRefreshTokenInput {
+    /** The raw refresh token string to exchange for new tokens. */
+    refreshTokenString: string;
+}
+/**
+ * Interface representing the output of the auth refresh token endpoint.
+ */
+export interface AuthRefreshTokenOutput {
+    /** New JWT access token. */
+    accessToken: string;
+    /** New raw refresh token string (rotation — old one is deleted). */
+    refreshTokenString: string;
+}
+//# sourceMappingURL=AuthRefreshToken.d.ts.map

package/lib/types/AuthRefreshToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthRefreshToken.d.ts","sourceRoot":"","sources":["../../src/types/AuthRefreshToken.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,+DAA+D;IAC/D,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,kBAAkB,EAAE,MAAM,CAAC;CAC5B"}

package/lib/types/AuthRefreshToken.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=AuthRefreshToken.js.map

package/lib/types/AuthRefreshToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthRefreshToken.js","sourceRoot":"","sources":["../../src/types/AuthRefreshToken.ts"],"names":[],"mappings":""}

package/lib/types/AuthRefreshToken.ts

@@ -0,0 +1,17 @@
+/**
+ * Interface representing the input to the auth refresh token endpoint.
+ */
+export interface AuthRefreshTokenInput {
+  /** The raw refresh token string to exchange for new tokens. */
+  refreshTokenString: string;
+}
+
+/**
+ * Interface representing the output of the auth refresh token endpoint.
+ */
+export interface AuthRefreshTokenOutput {
+  /** New JWT access token. */
+  accessToken: string;
+  /** New raw refresh token string (rotation — old one is deleted). */
+  refreshTokenString: string;
+}

package/lib/types/AuthValidateUser.d.ts

@@ -4,14 +4,12 @@ import type { DashboardConfig } from './project/dashboard/DashboardConfig.js';
  * Interface representing the input to the AuthValidateUser endpoint.
  */
 export interface AuthValidateUserInput {
-    /**
-     * The username of the user to be validated.
-     */
-    userName: string;
-    /**
-     * The password of the user to be validated.
-     */
-    password: string;
+    /** The username of the user to be validated (password flow). */
+    userName?: string;
+    /** The password of the user to be validated (password flow). */
+    password?: string;
+    /** Google ID token received from Google Identity Services (Google flow). */
+    googleCredentialToken?: string;
 }
 /**
  * Interface representing the output of the AuthValidateUser endpoint.
@@ -24,6 +22,10 @@ export interface AuthValidateUserOutput {
         user: User;
         apiKey: ApiKey;
     };
+    /** JWT access token for authenticating API requests. */
+    accessToken?: string;
+    /** Raw refresh token string for obtaining new access tokens. */
+    refreshTokenString?: string;
     /**
      * Basic configuration for the projects that the user has access to.
      */

package/lib/types/AuthValidateUser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthValidateUser.d.ts","sourceRoot":"","sources":["../../src/types/AuthValidateUser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AAE9E;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,IAAI,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE;QACP,SAAS,CAAC,EAAE,eAAe,CAAC;KAC7B,CAAC;CACH"}
+{"version":3,"file":"AuthValidateUser.d.ts","sourceRoot":"","sources":["../../src/types/AuthValidateUser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AAE9E;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4EAA4E;IAC5E,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,IAAI,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,wDAAwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,MAAM,CAAC,EAAE;QACP,SAAS,CAAC,EAAE,eAAe,CAAC;KAC7B,CAAC;CACH"}

package/lib/types/AuthValidateUser.ts

@@ -5,14 +5,12 @@ import type { DashboardConfig } from './project/dashboard/DashboardConfig.js';
  * Interface representing the input to the AuthValidateUser endpoint.
  */
 export interface AuthValidateUserInput {
-  /**
-   * The username of the user to be validated.
-   */
-  userName: string;
-  /**
-   * The password of the user to be validated.
-   */
-  password: string;
+  /** The username of the user to be validated (password flow). */
+  userName?: string;
+  /** The password of the user to be validated (password flow). */
+  password?: string;
+  /** Google ID token received from Google Identity Services (Google flow). */
+  googleCredentialToken?: string;
 }
 
 /**
@@ -26,6 +24,10 @@ export interface AuthValidateUserOutput {
     user: User;
     apiKey: ApiKey;
   };
+  /** JWT access token for authenticating API requests. */
+  accessToken?: string;
+  /** Raw refresh token string for obtaining new access tokens. */
+  refreshTokenString?: string;
   /**
    * Basic configuration for the projects that the user has access to.
    */

package/lib/types/WebSocket.d.ts

@@ -7,13 +7,16 @@ import type { ProjectWorkoutPrimaryOutput } from './project/workout/ProjectWorko
  * ```
    const socket = io('http://localhost:8080', {
     auth: {
-      apiKey: 'your-api-key' // Replace with your actual API key
+      accessToken: 'your-jwt-token'
     }
   });
  * ```
  */
 export type WebSocketHandshakeAuth = {
+    /** @deprecated Use accessToken instead. Kept for backward compatibility. */
     apiKey?: UUID;
+    /** JWT access token for authenticating the WebSocket connection. */
+    accessToken?: string;
 };
 /**
  * Nothing for now, except a test event if wanted.

package/lib/types/WebSocket.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"WebSocket.d.ts","sourceRoot":"","sources":["../../src/types/WebSocket.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AACnC,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAEvF;;;;;;;;;;GAUG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,MAAM,CAAC,EAAE,IAAI,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,cAAc,EAAE,CAAC,IAAI,EAAE,sBAAsB,KAAK,IAAI,CAAC;CACxD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,cAAc,EAAE,CAAC,IAAI,EAAE,2BAA2B,KAAK,IAAI,CAAC;CAC7D,CAAC"}
+{"version":3,"file":"WebSocket.d.ts","sourceRoot":"","sources":["../../src/types/WebSocket.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AACnC,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAEvF;;;;;;;;;;GAUG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,4EAA4E;IAC5E,MAAM,CAAC,EAAE,IAAI,CAAC;IACd,oEAAoE;IACpE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,cAAc,EAAE,CAAC,IAAI,EAAE,sBAAsB,KAAK,IAAI,CAAC;CACxD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,cAAc,EAAE,CAAC,IAAI,EAAE,2BAA2B,KAAK,IAAI,CAAC;CAC7D,CAAC"}

package/lib/types/WebSocket.ts

@@ -4,17 +4,20 @@ import type { ProjectWorkoutPrimaryOutput } from './project/workout/ProjectWorko
 
 /**
  * The data each client is expected to send over with a request. For example on the client side:
- * 
+ *
  * ```
    const socket = io('http://localhost:8080', {
     auth: {
-      apiKey: 'your-api-key' // Replace with your actual API key
+      accessToken: 'your-jwt-token'
     }
   });
  * ```
  */
 export type WebSocketHandshakeAuth = {
+  /** @deprecated Use accessToken instead. Kept for backward compatibility. */
   apiKey?: UUID;
+  /** JWT access token for authenticating the WebSocket connection. */
+  accessToken?: string;
 };
 
 /**

package/package.json

@@ -2,7 +2,7 @@
   "name": "@aneuhold/core-ts-api-lib",
   "author": "Anton G. Neuhold Jr.",
   "license": "MIT",
-  "version": "3.0.26",
+  "version": "3.0.28",
   "description": "A library for interacting with the backend and defining the backend API for personal projects.",
   "packageManager": "pnpm@10.25.0",
   "type": "module",
@@ -72,12 +72,12 @@
     "TypeScript"
   ],
   "dependencies": {
-    "@aneuhold/core-ts-db-lib": "^4.1.15",
-    "@aneuhold/core-ts-lib": "^2.4.1",
+    "@aneuhold/core-ts-db-lib": "^5.0.1",
+    "@aneuhold/core-ts-lib": "^2.4.3",
     "bson": "^7.0.0"
   },
   "devDependencies": {
-    "@aneuhold/local-npm-registry": "^0.2.28",
+    "@aneuhold/local-npm-registry": "^0.2.30",
     "@aneuhold/main-scripts": "^2.8.3",
     "@types/node": "^25.0.2",
     "eslint": "^9.39.2",