@auth-gate/react-native 0.7.1

package/dist/index.cjs

@@ -0,0 +1,403 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AuthGateError: () => import_core2.AuthGateError,
+  AuthGateNativeClient: () => AuthGateNativeClient,
+  AuthGuard: () => AuthGuard,
+  AuthProvider: () => AuthProvider,
+  ConfigurationError: () => import_core2.ConfigurationError,
+  STORAGE_KEYS: () => STORAGE_KEYS,
+  SUPPORTED_PROVIDERS: () => import_core2.SUPPORTED_PROVIDERS,
+  TokenVerificationError: () => import_core2.TokenVerificationError,
+  useAuth: () => useAuth,
+  useSession: () => useSession
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/provider.tsx
+var import_react = require("react");
+
+// src/client.ts
+var import_core = require("@auth-gate/core");
+
+// src/storage.ts
+var SecureStore = __toESM(require("expo-secure-store"), 1);
+
+// src/types.ts
+var STORAGE_KEYS = {
+  ACCESS_TOKEN: "authgate_access_token",
+  REFRESH_TOKEN: "authgate_refresh_token",
+  USER: "authgate_user"
+};
+
+// src/storage.ts
+async function saveAccessToken(token) {
+  await SecureStore.setItemAsync(STORAGE_KEYS.ACCESS_TOKEN, token);
+}
+async function getAccessToken() {
+  return SecureStore.getItemAsync(STORAGE_KEYS.ACCESS_TOKEN);
+}
+async function saveRefreshToken(token) {
+  await SecureStore.setItemAsync(STORAGE_KEYS.REFRESH_TOKEN, token);
+}
+async function getRefreshToken() {
+  return SecureStore.getItemAsync(STORAGE_KEYS.REFRESH_TOKEN);
+}
+async function saveUser(user) {
+  await SecureStore.setItemAsync(STORAGE_KEYS.USER, JSON.stringify(user));
+}
+async function clearStorage() {
+  await Promise.all([
+    SecureStore.deleteItemAsync(STORAGE_KEYS.ACCESS_TOKEN),
+    SecureStore.deleteItemAsync(STORAGE_KEYS.REFRESH_TOKEN),
+    SecureStore.deleteItemAsync(STORAGE_KEYS.USER)
+  ]);
+}
+
+// src/oauth.ts
+var WebBrowser = __toESM(require("expo-web-browser"), 1);
+async function openOAuthFlow(client, provider, scheme, callbackPath) {
+  const callbackUrl = `${scheme}://${callbackPath}`;
+  const authUrl = await client.getOAuthUrl(provider, callbackUrl);
+  const result = await WebBrowser.openAuthSessionAsync(authUrl, callbackUrl);
+  if (result.type !== "success" || !result.url) {
+    throw new Error(`OAuth flow cancelled or failed: ${result.type}`);
+  }
+  const url = new URL(result.url);
+  const token = url.searchParams.get("token");
+  const refreshToken = url.searchParams.get("refresh_token");
+  if (!token) {
+    const error = url.searchParams.get("error");
+    throw new Error(error || "No token received from OAuth callback");
+  }
+  return { token, refreshToken: refreshToken != null ? refreshToken : void 0 };
+}
+
+// src/client.ts
+var AuthGateNativeClient = class {
+  constructor(config) {
+    this.refreshTimer = null;
+    this.onSessionChange = null;
+    var _a;
+    this.core = (0, import_core.createAuthGateClient)({
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl,
+      sessionMaxAge: config.sessionMaxAge
+    });
+    this.scheme = config.scheme;
+    this.callbackPath = (_a = config.callbackPath) != null ? _a : "auth/callback";
+  }
+  /** Register a callback to be notified when the session changes. */
+  setSessionChangeListener(listener) {
+    this.onSessionChange = listener;
+  }
+  /**
+   * Restore session from secure storage on app launch.
+   * Verifies the stored token is still valid.
+   */
+  async restoreSession() {
+    const token = await getAccessToken();
+    if (!token) return null;
+    const result = await this.core.verifyToken(token);
+    if (result.valid && result.user) {
+      await saveUser(result.user);
+      this.scheduleRefresh(result.expiresAt);
+      return result.user;
+    }
+    return this.tryRefresh();
+  }
+  /** Start an OAuth flow in the system browser. */
+  async loginWithOAuth(provider) {
+    const result = await openOAuthFlow(
+      this.core,
+      provider,
+      this.scheme,
+      this.callbackPath
+    );
+    await this.handleAuthResult(result);
+  }
+  /** Sign in with email and password. May return MFA challenge. */
+  async loginWithEmail(email, password) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.emailSignin({
+      email,
+      password,
+      callbackUrl
+    });
+    const data = await response.json();
+    if (data.mfa_required) {
+      return {
+        mfaRequired: true,
+        challenge: data.mfa_challenge,
+        methods: data.mfa_methods
+      };
+    }
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `Sign in failed: ${response.status}`);
+    }
+  }
+  /** Sign up with email and password. */
+  async signUp(email, password, name) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.emailSignup({
+      email,
+      password,
+      name,
+      callbackUrl
+    });
+    const data = await response.json();
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `Sign up failed: ${response.status}`);
+    }
+  }
+  /** Send a magic link email. */
+  async sendMagicLink(email) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.magicLinkSend({ email, callbackUrl });
+    if (!response.ok) {
+      const data = await response.json().catch(() => ({}));
+      throw new Error(data.error || `Magic link failed: ${response.status}`);
+    }
+  }
+  /** Send an SMS verification code. */
+  async sendSmsCode(phone) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.smsSendCode({ phone, callbackUrl });
+    if (!response.ok) {
+      const data = await response.json().catch(() => ({}));
+      throw new Error(data.error || `SMS send failed: ${response.status}`);
+    }
+  }
+  /** Verify an SMS code and complete authentication. */
+  async verifySmsCode(phone, code) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.smsVerifyCode({
+      phone,
+      code,
+      callbackUrl
+    });
+    const data = await response.json();
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `SMS verify failed: ${response.status}`);
+    }
+  }
+  /** Verify MFA code to complete authentication after email sign-in. */
+  async verifyMfa(challenge, code, method) {
+    const response = await this.core.mfaVerify({ challenge, code, method });
+    const data = await response.json();
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `MFA verify failed: ${response.status}`);
+    }
+  }
+  /** Sign out: revoke session and clear storage. */
+  async logout() {
+    var _a;
+    this.cancelRefresh();
+    const refreshToken = await getRefreshToken();
+    if (refreshToken) {
+      await this.core.revokeSession(refreshToken).catch(() => {
+      });
+    }
+    await clearStorage();
+    (_a = this.onSessionChange) == null ? void 0 : _a.call(this, null);
+  }
+  /** Manually refresh the session using the stored refresh token. */
+  async refresh() {
+    return this.tryRefresh();
+  }
+  // ── Internal ─────────────────────────────────────────────────────
+  async handleAuthResult(result) {
+    var _a;
+    const verified = await this.core.verifyToken(result.token);
+    if (!verified.valid || !verified.user) {
+      throw new Error(verified.error || "Token verification failed");
+    }
+    await saveAccessToken(result.token);
+    if (result.refreshToken) {
+      await saveRefreshToken(result.refreshToken);
+    }
+    await saveUser(verified.user);
+    this.scheduleRefresh(verified.expiresAt);
+    (_a = this.onSessionChange) == null ? void 0 : _a.call(this, verified.user);
+  }
+  async tryRefresh() {
+    var _a, _b, _c;
+    const refreshToken = await getRefreshToken();
+    if (!refreshToken) {
+      await clearStorage();
+      return null;
+    }
+    const result = await this.core.refreshToken(refreshToken);
+    if (!result) {
+      await clearStorage();
+      (_a = this.onSessionChange) == null ? void 0 : _a.call(this, null);
+      return null;
+    }
+    await saveAccessToken(result.token);
+    const verified = await this.core.verifyToken(result.token);
+    if (verified.valid && verified.user) {
+      await saveUser(verified.user);
+      this.scheduleRefresh(verified.expiresAt);
+      (_b = this.onSessionChange) == null ? void 0 : _b.call(this, verified.user);
+      return verified.user;
+    }
+    await clearStorage();
+    (_c = this.onSessionChange) == null ? void 0 : _c.call(this, null);
+    return null;
+  }
+  scheduleRefresh(expiresAt) {
+    this.cancelRefresh();
+    if (!expiresAt) return;
+    const expiresMs = new Date(expiresAt).getTime();
+    const refreshIn = Math.max(expiresMs - Date.now() - 6e4, 1e4);
+    this.refreshTimer = setTimeout(() => {
+      this.tryRefresh();
+    }, refreshIn);
+  }
+  cancelRefresh() {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+  }
+};
+
+// src/provider.tsx
+var import_jsx_runtime = require("react/jsx-runtime");
+var AuthContext = (0, import_react.createContext)(null);
+function AuthProvider({ children, config }) {
+  const [user, setUser] = (0, import_react.useState)(null);
+  const [loading, setLoading] = (0, import_react.useState)(true);
+  const clientRef = (0, import_react.useRef)(null);
+  if (!clientRef.current) {
+    clientRef.current = new AuthGateNativeClient(config);
+  }
+  const client = clientRef.current;
+  (0, import_react.useEffect)(() => {
+    client.setSessionChangeListener(setUser);
+    return () => client.setSessionChangeListener(() => {
+    });
+  }, [client]);
+  (0, import_react.useEffect)(() => {
+    client.restoreSession().then((restored) => setUser(restored)).finally(() => setLoading(false));
+  }, [client]);
+  const refresh = (0, import_react.useCallback)(async () => {
+    const refreshed = await client.refresh();
+    setUser(refreshed);
+  }, [client]);
+  const logout = (0, import_react.useCallback)(async () => {
+    await client.logout();
+    setUser(null);
+  }, [client]);
+  const login = (0, import_react.useMemo)(
+    () => ({
+      withOAuth: (provider) => client.loginWithOAuth(provider),
+      withEmail: (email, password) => client.loginWithEmail(email, password),
+      withMagicLink: (email) => client.sendMagicLink(email),
+      signUp: (email, password, name) => client.signUp(email, password, name),
+      withSms: (phone) => client.sendSmsCode(phone),
+      verifySmsCode: (phone, code) => client.verifySmsCode(phone, code),
+      verifyMfa: (challenge, code, method) => client.verifyMfa(challenge, code, method)
+    }),
+    [client]
+  );
+  const value = (0, import_react.useMemo)(
+    () => ({ user, loading, login, logout, refresh }),
+    [user, loading, login, logout, refresh]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(AuthContext, { value, children });
+}
+function useAuthContext() {
+  const context = (0, import_react.useContext)(AuthContext);
+  if (!context) {
+    throw new Error("useAuth must be used within an AuthProvider");
+  }
+  return context;
+}
+
+// src/hooks.ts
+function useAuth() {
+  return useAuthContext();
+}
+function useSession() {
+  const { user } = useAuthContext();
+  return user;
+}
+
+// src/guard.tsx
+var import_jsx_runtime2 = require("react/jsx-runtime");
+function AuthGuard({ children, fallback, loading }) {
+  const { user, loading: isLoading } = useAuthContext();
+  if (isLoading) {
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children: loading != null ? loading : null });
+  }
+  if (!user) {
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children: fallback });
+  }
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children });
+}
+
+// src/index.ts
+var import_core2 = require("@auth-gate/core");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthGateError,
+  AuthGateNativeClient,
+  AuthGuard,
+  AuthProvider,
+  ConfigurationError,
+  STORAGE_KEYS,
+  SUPPORTED_PROVIDERS,
+  TokenVerificationError,
+  useAuth,
+  useSession
+});

package/dist/index.d.cts

@@ -0,0 +1,128 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+import { AuthGateUser, OAuthProvider, AuthGateClient } from '@auth-gate/core';
+export { AuthGateError, AuthGateUser, BackupCodesResponse, ConfigurationError, MfaChallengeResponse, MfaStatus, OAuthProvider, SUPPORTED_PROVIDERS, TokenVerificationError, TotpSetupResponse } from '@auth-gate/core';
+
+/** Configuration for the React Native AuthGate SDK. */
+interface AuthGateNativeConfig {
+    /** Server-side API key for your AuthGate project. */
+    apiKey: string;
+    /** Base URL of the AuthGate service. */
+    baseUrl: string;
+    /** Deep link scheme for OAuth callbacks (e.g. "myapp"). */
+    scheme: string;
+    /**
+     * Session lifetime in seconds.
+     * @defaultValue 604800 (7 days)
+     */
+    sessionMaxAge?: number;
+    /** Custom callback path fragment appended to the deep link scheme. @defaultValue "auth/callback" */
+    callbackPath?: string;
+}
+/** Login methods exposed via the useAuth hook. */
+interface LoginMethods {
+    /** Start an OAuth flow in the system browser. */
+    withOAuth: (provider: OAuthProvider) => Promise<void>;
+    /** Sign in with email and password. Returns MFA challenge if required. */
+    withEmail: (email: string, password: string) => Promise<MfaChallengeResult | void>;
+    /** Send a magic link to the given email. */
+    withMagicLink: (email: string) => Promise<void>;
+    /** Sign up with email, password, and optional name. */
+    signUp: (email: string, password: string, name?: string) => Promise<void>;
+    /** Send an SMS verification code. */
+    withSms: (phone: string) => Promise<void>;
+    /** Verify an SMS code. */
+    verifySmsCode: (phone: string, code: string) => Promise<void>;
+    /** Complete MFA verification. */
+    verifyMfa: (challenge: string, code: string, method: "totp" | "sms" | "backup_code") => Promise<void>;
+}
+/** Value returned by useAuth(). */
+interface AuthContextValue {
+    user: AuthGateUser | null;
+    loading: boolean;
+    login: LoginMethods;
+    logout: () => Promise<void>;
+    refresh: () => Promise<void>;
+}
+/** Returned when MFA is required after email sign-in. */
+interface MfaChallengeResult {
+    mfaRequired: true;
+    challenge: string;
+    methods: string[];
+}
+/** Keys used for secure storage. */
+declare const STORAGE_KEYS: {
+    readonly ACCESS_TOKEN: "authgate_access_token";
+    readonly REFRESH_TOKEN: "authgate_refresh_token";
+    readonly USER: "authgate_user";
+};
+
+interface AuthProviderProps {
+    children: ReactNode;
+    /** AuthGate configuration including API key, base URL, and deep link scheme. */
+    config: AuthGateNativeConfig;
+}
+declare function AuthProvider({ children, config }: AuthProviderProps): react_jsx_runtime.JSX.Element;
+
+/** Access the full auth context: user, loading, login methods, logout, refresh. */
+declare function useAuth(): AuthContextValue;
+/** Shorthand hook that returns just the current user (or null). */
+declare function useSession(): AuthGateUser | null;
+
+interface AuthGuardProps {
+    children: ReactNode;
+    /** Content to render when the user is not authenticated. */
+    fallback: ReactNode;
+    /** Content to render while the session is loading. */
+    loading?: ReactNode;
+}
+/**
+ * Renders children when authenticated, fallback when not.
+ * Unlike the web AuthGuard, this doesn't redirect — it renders the fallback component
+ * (typically a login screen) since mobile navigation works differently.
+ */
+declare function AuthGuard({ children, fallback, loading }: AuthGuardProps): react_jsx_runtime.JSX.Element;
+
+/**
+ * Native client that wraps core AuthGateClient with mobile-specific
+ * storage and OAuth flows. Manages tokens in secure storage instead of cookies.
+ */
+declare class AuthGateNativeClient {
+    readonly core: AuthGateClient;
+    private readonly scheme;
+    private readonly callbackPath;
+    private refreshTimer;
+    private onSessionChange;
+    constructor(config: AuthGateNativeConfig);
+    /** Register a callback to be notified when the session changes. */
+    setSessionChangeListener(listener: (user: AuthGateUser | null) => void): void;
+    /**
+     * Restore session from secure storage on app launch.
+     * Verifies the stored token is still valid.
+     */
+    restoreSession(): Promise<AuthGateUser | null>;
+    /** Start an OAuth flow in the system browser. */
+    loginWithOAuth(provider: OAuthProvider): Promise<void>;
+    /** Sign in with email and password. May return MFA challenge. */
+    loginWithEmail(email: string, password: string): Promise<MfaChallengeResult | void>;
+    /** Sign up with email and password. */
+    signUp(email: string, password: string, name?: string): Promise<void>;
+    /** Send a magic link email. */
+    sendMagicLink(email: string): Promise<void>;
+    /** Send an SMS verification code. */
+    sendSmsCode(phone: string): Promise<void>;
+    /** Verify an SMS code and complete authentication. */
+    verifySmsCode(phone: string, code: string): Promise<void>;
+    /** Verify MFA code to complete authentication after email sign-in. */
+    verifyMfa(challenge: string, code: string, method: "totp" | "sms" | "backup_code"): Promise<void>;
+    /** Sign out: revoke session and clear storage. */
+    logout(): Promise<void>;
+    /** Manually refresh the session using the stored refresh token. */
+    refresh(): Promise<AuthGateUser | null>;
+    private handleAuthResult;
+    private tryRefresh;
+    private scheduleRefresh;
+    private cancelRefresh;
+}
+
+export { type AuthContextValue, AuthGateNativeClient, type AuthGateNativeConfig, AuthGuard, type AuthGuardProps, AuthProvider, type AuthProviderProps, type LoginMethods, type MfaChallengeResult, STORAGE_KEYS, useAuth, useSession };

package/dist/index.d.ts

@@ -0,0 +1,128 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+import { AuthGateUser, OAuthProvider, AuthGateClient } from '@auth-gate/core';
+export { AuthGateError, AuthGateUser, BackupCodesResponse, ConfigurationError, MfaChallengeResponse, MfaStatus, OAuthProvider, SUPPORTED_PROVIDERS, TokenVerificationError, TotpSetupResponse } from '@auth-gate/core';
+
+/** Configuration for the React Native AuthGate SDK. */
+interface AuthGateNativeConfig {
+    /** Server-side API key for your AuthGate project. */
+    apiKey: string;
+    /** Base URL of the AuthGate service. */
+    baseUrl: string;
+    /** Deep link scheme for OAuth callbacks (e.g. "myapp"). */
+    scheme: string;
+    /**
+     * Session lifetime in seconds.
+     * @defaultValue 604800 (7 days)
+     */
+    sessionMaxAge?: number;
+    /** Custom callback path fragment appended to the deep link scheme. @defaultValue "auth/callback" */
+    callbackPath?: string;
+}
+/** Login methods exposed via the useAuth hook. */
+interface LoginMethods {
+    /** Start an OAuth flow in the system browser. */
+    withOAuth: (provider: OAuthProvider) => Promise<void>;
+    /** Sign in with email and password. Returns MFA challenge if required. */
+    withEmail: (email: string, password: string) => Promise<MfaChallengeResult | void>;
+    /** Send a magic link to the given email. */
+    withMagicLink: (email: string) => Promise<void>;
+    /** Sign up with email, password, and optional name. */
+    signUp: (email: string, password: string, name?: string) => Promise<void>;
+    /** Send an SMS verification code. */
+    withSms: (phone: string) => Promise<void>;
+    /** Verify an SMS code. */
+    verifySmsCode: (phone: string, code: string) => Promise<void>;
+    /** Complete MFA verification. */
+    verifyMfa: (challenge: string, code: string, method: "totp" | "sms" | "backup_code") => Promise<void>;
+}
+/** Value returned by useAuth(). */
+interface AuthContextValue {
+    user: AuthGateUser | null;
+    loading: boolean;
+    login: LoginMethods;
+    logout: () => Promise<void>;
+    refresh: () => Promise<void>;
+}
+/** Returned when MFA is required after email sign-in. */
+interface MfaChallengeResult {
+    mfaRequired: true;
+    challenge: string;
+    methods: string[];
+}
+/** Keys used for secure storage. */
+declare const STORAGE_KEYS: {
+    readonly ACCESS_TOKEN: "authgate_access_token";
+    readonly REFRESH_TOKEN: "authgate_refresh_token";
+    readonly USER: "authgate_user";
+};
+
+interface AuthProviderProps {
+    children: ReactNode;
+    /** AuthGate configuration including API key, base URL, and deep link scheme. */
+    config: AuthGateNativeConfig;
+}
+declare function AuthProvider({ children, config }: AuthProviderProps): react_jsx_runtime.JSX.Element;
+
+/** Access the full auth context: user, loading, login methods, logout, refresh. */
+declare function useAuth(): AuthContextValue;
+/** Shorthand hook that returns just the current user (or null). */
+declare function useSession(): AuthGateUser | null;
+
+interface AuthGuardProps {
+    children: ReactNode;
+    /** Content to render when the user is not authenticated. */
+    fallback: ReactNode;
+    /** Content to render while the session is loading. */
+    loading?: ReactNode;
+}
+/**
+ * Renders children when authenticated, fallback when not.
+ * Unlike the web AuthGuard, this doesn't redirect — it renders the fallback component
+ * (typically a login screen) since mobile navigation works differently.
+ */
+declare function AuthGuard({ children, fallback, loading }: AuthGuardProps): react_jsx_runtime.JSX.Element;
+
+/**
+ * Native client that wraps core AuthGateClient with mobile-specific
+ * storage and OAuth flows. Manages tokens in secure storage instead of cookies.
+ */
+declare class AuthGateNativeClient {
+    readonly core: AuthGateClient;
+    private readonly scheme;
+    private readonly callbackPath;
+    private refreshTimer;
+    private onSessionChange;
+    constructor(config: AuthGateNativeConfig);
+    /** Register a callback to be notified when the session changes. */
+    setSessionChangeListener(listener: (user: AuthGateUser | null) => void): void;
+    /**
+     * Restore session from secure storage on app launch.
+     * Verifies the stored token is still valid.
+     */
+    restoreSession(): Promise<AuthGateUser | null>;
+    /** Start an OAuth flow in the system browser. */
+    loginWithOAuth(provider: OAuthProvider): Promise<void>;
+    /** Sign in with email and password. May return MFA challenge. */
+    loginWithEmail(email: string, password: string): Promise<MfaChallengeResult | void>;
+    /** Sign up with email and password. */
+    signUp(email: string, password: string, name?: string): Promise<void>;
+    /** Send a magic link email. */
+    sendMagicLink(email: string): Promise<void>;
+    /** Send an SMS verification code. */
+    sendSmsCode(phone: string): Promise<void>;
+    /** Verify an SMS code and complete authentication. */
+    verifySmsCode(phone: string, code: string): Promise<void>;
+    /** Verify MFA code to complete authentication after email sign-in. */
+    verifyMfa(challenge: string, code: string, method: "totp" | "sms" | "backup_code"): Promise<void>;
+    /** Sign out: revoke session and clear storage. */
+    logout(): Promise<void>;
+    /** Manually refresh the session using the stored refresh token. */
+    refresh(): Promise<AuthGateUser | null>;
+    private handleAuthResult;
+    private tryRefresh;
+    private scheduleRefresh;
+    private cancelRefresh;
+}
+
+export { type AuthContextValue, AuthGateNativeClient, type AuthGateNativeConfig, AuthGuard, type AuthGuardProps, AuthProvider, type AuthProviderProps, type LoginMethods, type MfaChallengeResult, STORAGE_KEYS, useAuth, useSession };

package/dist/index.mjs

@@ -0,0 +1,372 @@
+// src/provider.tsx
+import {
+  createContext,
+  useContext,
+  useState,
+  useEffect,
+  useCallback,
+  useRef,
+  useMemo
+} from "react";
+
+// src/client.ts
+import {
+  createAuthGateClient
+} from "@auth-gate/core";
+
+// src/storage.ts
+import * as SecureStore from "expo-secure-store";
+
+// src/types.ts
+var STORAGE_KEYS = {
+  ACCESS_TOKEN: "authgate_access_token",
+  REFRESH_TOKEN: "authgate_refresh_token",
+  USER: "authgate_user"
+};
+
+// src/storage.ts
+async function saveAccessToken(token) {
+  await SecureStore.setItemAsync(STORAGE_KEYS.ACCESS_TOKEN, token);
+}
+async function getAccessToken() {
+  return SecureStore.getItemAsync(STORAGE_KEYS.ACCESS_TOKEN);
+}
+async function saveRefreshToken(token) {
+  await SecureStore.setItemAsync(STORAGE_KEYS.REFRESH_TOKEN, token);
+}
+async function getRefreshToken() {
+  return SecureStore.getItemAsync(STORAGE_KEYS.REFRESH_TOKEN);
+}
+async function saveUser(user) {
+  await SecureStore.setItemAsync(STORAGE_KEYS.USER, JSON.stringify(user));
+}
+async function clearStorage() {
+  await Promise.all([
+    SecureStore.deleteItemAsync(STORAGE_KEYS.ACCESS_TOKEN),
+    SecureStore.deleteItemAsync(STORAGE_KEYS.REFRESH_TOKEN),
+    SecureStore.deleteItemAsync(STORAGE_KEYS.USER)
+  ]);
+}
+
+// src/oauth.ts
+import * as WebBrowser from "expo-web-browser";
+async function openOAuthFlow(client, provider, scheme, callbackPath) {
+  const callbackUrl = `${scheme}://${callbackPath}`;
+  const authUrl = await client.getOAuthUrl(provider, callbackUrl);
+  const result = await WebBrowser.openAuthSessionAsync(authUrl, callbackUrl);
+  if (result.type !== "success" || !result.url) {
+    throw new Error(`OAuth flow cancelled or failed: ${result.type}`);
+  }
+  const url = new URL(result.url);
+  const token = url.searchParams.get("token");
+  const refreshToken = url.searchParams.get("refresh_token");
+  if (!token) {
+    const error = url.searchParams.get("error");
+    throw new Error(error || "No token received from OAuth callback");
+  }
+  return { token, refreshToken: refreshToken != null ? refreshToken : void 0 };
+}
+
+// src/client.ts
+var AuthGateNativeClient = class {
+  constructor(config) {
+    this.refreshTimer = null;
+    this.onSessionChange = null;
+    var _a;
+    this.core = createAuthGateClient({
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl,
+      sessionMaxAge: config.sessionMaxAge
+    });
+    this.scheme = config.scheme;
+    this.callbackPath = (_a = config.callbackPath) != null ? _a : "auth/callback";
+  }
+  /** Register a callback to be notified when the session changes. */
+  setSessionChangeListener(listener) {
+    this.onSessionChange = listener;
+  }
+  /**
+   * Restore session from secure storage on app launch.
+   * Verifies the stored token is still valid.
+   */
+  async restoreSession() {
+    const token = await getAccessToken();
+    if (!token) return null;
+    const result = await this.core.verifyToken(token);
+    if (result.valid && result.user) {
+      await saveUser(result.user);
+      this.scheduleRefresh(result.expiresAt);
+      return result.user;
+    }
+    return this.tryRefresh();
+  }
+  /** Start an OAuth flow in the system browser. */
+  async loginWithOAuth(provider) {
+    const result = await openOAuthFlow(
+      this.core,
+      provider,
+      this.scheme,
+      this.callbackPath
+    );
+    await this.handleAuthResult(result);
+  }
+  /** Sign in with email and password. May return MFA challenge. */
+  async loginWithEmail(email, password) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.emailSignin({
+      email,
+      password,
+      callbackUrl
+    });
+    const data = await response.json();
+    if (data.mfa_required) {
+      return {
+        mfaRequired: true,
+        challenge: data.mfa_challenge,
+        methods: data.mfa_methods
+      };
+    }
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `Sign in failed: ${response.status}`);
+    }
+  }
+  /** Sign up with email and password. */
+  async signUp(email, password, name) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.emailSignup({
+      email,
+      password,
+      name,
+      callbackUrl
+    });
+    const data = await response.json();
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `Sign up failed: ${response.status}`);
+    }
+  }
+  /** Send a magic link email. */
+  async sendMagicLink(email) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.magicLinkSend({ email, callbackUrl });
+    if (!response.ok) {
+      const data = await response.json().catch(() => ({}));
+      throw new Error(data.error || `Magic link failed: ${response.status}`);
+    }
+  }
+  /** Send an SMS verification code. */
+  async sendSmsCode(phone) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.smsSendCode({ phone, callbackUrl });
+    if (!response.ok) {
+      const data = await response.json().catch(() => ({}));
+      throw new Error(data.error || `SMS send failed: ${response.status}`);
+    }
+  }
+  /** Verify an SMS code and complete authentication. */
+  async verifySmsCode(phone, code) {
+    const callbackUrl = `${this.scheme}://${this.callbackPath}`;
+    const response = await this.core.smsVerifyCode({
+      phone,
+      code,
+      callbackUrl
+    });
+    const data = await response.json();
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `SMS verify failed: ${response.status}`);
+    }
+  }
+  /** Verify MFA code to complete authentication after email sign-in. */
+  async verifyMfa(challenge, code, method) {
+    const response = await this.core.mfaVerify({ challenge, code, method });
+    const data = await response.json();
+    if (data.token) {
+      await this.handleAuthResult({
+        token: data.token,
+        refreshToken: data.refresh_token
+      });
+    } else if (!response.ok) {
+      throw new Error(data.error || `MFA verify failed: ${response.status}`);
+    }
+  }
+  /** Sign out: revoke session and clear storage. */
+  async logout() {
+    var _a;
+    this.cancelRefresh();
+    const refreshToken = await getRefreshToken();
+    if (refreshToken) {
+      await this.core.revokeSession(refreshToken).catch(() => {
+      });
+    }
+    await clearStorage();
+    (_a = this.onSessionChange) == null ? void 0 : _a.call(this, null);
+  }
+  /** Manually refresh the session using the stored refresh token. */
+  async refresh() {
+    return this.tryRefresh();
+  }
+  // ── Internal ─────────────────────────────────────────────────────
+  async handleAuthResult(result) {
+    var _a;
+    const verified = await this.core.verifyToken(result.token);
+    if (!verified.valid || !verified.user) {
+      throw new Error(verified.error || "Token verification failed");
+    }
+    await saveAccessToken(result.token);
+    if (result.refreshToken) {
+      await saveRefreshToken(result.refreshToken);
+    }
+    await saveUser(verified.user);
+    this.scheduleRefresh(verified.expiresAt);
+    (_a = this.onSessionChange) == null ? void 0 : _a.call(this, verified.user);
+  }
+  async tryRefresh() {
+    var _a, _b, _c;
+    const refreshToken = await getRefreshToken();
+    if (!refreshToken) {
+      await clearStorage();
+      return null;
+    }
+    const result = await this.core.refreshToken(refreshToken);
+    if (!result) {
+      await clearStorage();
+      (_a = this.onSessionChange) == null ? void 0 : _a.call(this, null);
+      return null;
+    }
+    await saveAccessToken(result.token);
+    const verified = await this.core.verifyToken(result.token);
+    if (verified.valid && verified.user) {
+      await saveUser(verified.user);
+      this.scheduleRefresh(verified.expiresAt);
+      (_b = this.onSessionChange) == null ? void 0 : _b.call(this, verified.user);
+      return verified.user;
+    }
+    await clearStorage();
+    (_c = this.onSessionChange) == null ? void 0 : _c.call(this, null);
+    return null;
+  }
+  scheduleRefresh(expiresAt) {
+    this.cancelRefresh();
+    if (!expiresAt) return;
+    const expiresMs = new Date(expiresAt).getTime();
+    const refreshIn = Math.max(expiresMs - Date.now() - 6e4, 1e4);
+    this.refreshTimer = setTimeout(() => {
+      this.tryRefresh();
+    }, refreshIn);
+  }
+  cancelRefresh() {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+  }
+};
+
+// src/provider.tsx
+import { jsx } from "react/jsx-runtime";
+var AuthContext = createContext(null);
+function AuthProvider({ children, config }) {
+  const [user, setUser] = useState(null);
+  const [loading, setLoading] = useState(true);
+  const clientRef = useRef(null);
+  if (!clientRef.current) {
+    clientRef.current = new AuthGateNativeClient(config);
+  }
+  const client = clientRef.current;
+  useEffect(() => {
+    client.setSessionChangeListener(setUser);
+    return () => client.setSessionChangeListener(() => {
+    });
+  }, [client]);
+  useEffect(() => {
+    client.restoreSession().then((restored) => setUser(restored)).finally(() => setLoading(false));
+  }, [client]);
+  const refresh = useCallback(async () => {
+    const refreshed = await client.refresh();
+    setUser(refreshed);
+  }, [client]);
+  const logout = useCallback(async () => {
+    await client.logout();
+    setUser(null);
+  }, [client]);
+  const login = useMemo(
+    () => ({
+      withOAuth: (provider) => client.loginWithOAuth(provider),
+      withEmail: (email, password) => client.loginWithEmail(email, password),
+      withMagicLink: (email) => client.sendMagicLink(email),
+      signUp: (email, password, name) => client.signUp(email, password, name),
+      withSms: (phone) => client.sendSmsCode(phone),
+      verifySmsCode: (phone, code) => client.verifySmsCode(phone, code),
+      verifyMfa: (challenge, code, method) => client.verifyMfa(challenge, code, method)
+    }),
+    [client]
+  );
+  const value = useMemo(
+    () => ({ user, loading, login, logout, refresh }),
+    [user, loading, login, logout, refresh]
+  );
+  return /* @__PURE__ */ jsx(AuthContext, { value, children });
+}
+function useAuthContext() {
+  const context = useContext(AuthContext);
+  if (!context) {
+    throw new Error("useAuth must be used within an AuthProvider");
+  }
+  return context;
+}
+
+// src/hooks.ts
+function useAuth() {
+  return useAuthContext();
+}
+function useSession() {
+  const { user } = useAuthContext();
+  return user;
+}
+
+// src/guard.tsx
+import { Fragment, jsx as jsx2 } from "react/jsx-runtime";
+function AuthGuard({ children, fallback, loading }) {
+  const { user, loading: isLoading } = useAuthContext();
+  if (isLoading) {
+    return /* @__PURE__ */ jsx2(Fragment, { children: loading != null ? loading : null });
+  }
+  if (!user) {
+    return /* @__PURE__ */ jsx2(Fragment, { children: fallback });
+  }
+  return /* @__PURE__ */ jsx2(Fragment, { children });
+}
+
+// src/index.ts
+import {
+  AuthGateError,
+  TokenVerificationError,
+  ConfigurationError,
+  SUPPORTED_PROVIDERS
+} from "@auth-gate/core";
+export {
+  AuthGateError,
+  AuthGateNativeClient,
+  AuthGuard,
+  AuthProvider,
+  ConfigurationError,
+  STORAGE_KEYS,
+  SUPPORTED_PROVIDERS,
+  TokenVerificationError,
+  useAuth,
+  useSession
+};

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@auth-gate/react-native",
+  "version": "0.7.1",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@auth-gate/core": "0.7.1"
+  },
+  "peerDependencies": {
+    "react": ">=18",
+    "react-native": ">=0.72",
+    "expo-secure-store": ">=13",
+    "expo-web-browser": ">=13",
+    "expo-linking": ">=6"
+  },
+  "devDependencies": {
+    "react": "^19.0.0",
+    "react-native": "^0.76.0",
+    "@types/react": "^19",
+    "expo-secure-store": "^14.0.0",
+    "expo-web-browser": "^14.0.0",
+    "expo-linking": "^7.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5"
+  },
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit"
+  }
+}