@authly/sdk 1.1.1 → 1.1.2

package/dist/globals/clients/AuthlyClient.d.ts

@@ -1,92 +1,49 @@
-import type { Claims } from "../../models/Claims";
+import type { IAuthlyClientOptions } from "../../models/globals/clients/interfaces/IAuthlyClientOptions";
+import type { IAuthorizeUrlOptions } from "../../models/globals/clients/interfaces/IAuthorizeUrlOptions";
+import type { IDecodedTokenClaim } from "../../models/globals/clients/interfaces/IDecodedTokenClaim";
 /**
- * Options for initializing the AuthlyClient.
- */
-export interface AuthlyClientOptions {
-    /**
-     * The base URL of the identity provider (e.g., "https://auth.example.com").
-     */
-    issuer: string;
-    /**
-     * The expected audience claim (aud) in the token.
-     */
-    audience: string;
-    /**
-     * The ID of the service in Authly.
-     */
-    serviceId: string;
-    /**
-     * The path to the JWKS endpoint relative to the issuer. Defaults to "/.well-known/jwks.json".
-     */
-    jwksPath?: string;
-    /**
-     * The path to the authorize endpoint relative to the issuer. Defaults to "/v1/oauth/authorize".
-     */
-    authorizePath?: string;
-    /**
-     * A list of allowed signing algorithms. If omitted, defaults to ["RS256"].
-     */
-    algorithms?: string[];
-}
-/**
- * Options for generating an authorization URL.
+ * @summary A client for interacting with Authly.
+ * @description This client handles the validation of tokens against a specific issuer and audience,
+ * fetching the public keys (JWKS) automatically, and provides utilities for
+ * starting the OAuth2 flow.
  */
-export interface AuthorizeUrlOptions {
-    /**
-     * The URI to redirect back to after authentication.
-     */
-    redirectUri: string;
+declare class AuthlyClient {
     /**
-     * A unique state string to prevent CSRF.
+     * @summary The JWT verifier for the client.
      */
-    state: string;
+    private readonly verifier;
     /**
-     * The PKCE code challenge.
+     * @summary The service ID of the client.
      */
-    codeChallenge: string;
+    private readonly serviceId;
     /**
-     * The PKCE code challenge method. Defaults to "S256".
+     * @summary The issuer of the client.
      */
-    codeChallengeMethod?: "S256" | "plain";
+    private readonly issuer;
     /**
-     * The requested scopes. Defaults to "openid profile email".
+     * @summary The authorize path of the client.
      */
-    scope?: string;
+    private readonly authorizePath;
     /**
-     * The OAuth2 response type. Defaults to "code".
+     * @summary Constructs a new AuthlyClient.
+     * @param options - The options for the client.
      */
-    responseType?: string;
-}
-/**
- * A client for interacting with Authly.
- *
- * This client handles the validation of tokens against a specific issuer and audience,
- * fetching the public keys (JWKS) automatically, and provides utilities for
- * starting the OAuth2 flow.
- */
-export declare class AuthlyClient {
-    private readonly verifier;
-    private readonly serviceId;
-    private readonly issuer;
-    private readonly authorizePath;
-    constructor(options: AuthlyClientOptions);
+    constructor(options: IAuthlyClientOptions);
     /**
-     * Generate the authorization URL to redirect the user to.
-     *
+     * @summary Generate the authorization URL to redirect the user to.
      * @param options - Options for generating the URL.
      * @returns The full authorization URL.
      */
-    getAuthorizeUrl(options: AuthorizeUrlOptions): string;
+    getAuthorizeUrl(options: IAuthorizeUrlOptions): string;
     /**
-     * Verify a JWT token and return its decoded claims.
-     *
-     * This method verifies the token's signature using the provider's JWKS,
+     * @summary Verify a JWT token and return its decoded claims.
+     * @description This method verifies the token's signature using the provider's JWKS,
      * and validates standard claims like expiration, issuer, and audience.
-     *
      * @param token - The encoded JWT token string.
      * @returns A promise that resolves to the token claims (e.g., sub, iss, aud).
-     * @throws {TokenExpiredError} If the token has expired.
-     * @throws {TokenInvalidError} If the token is invalid (e.g., bad signature, invalid audience).
+     * @throws {AuthlyTokenExpiredError} If the token has expired.
+     * @throws {AuthlyTokenInvalidError} If the token is invalid (e.g., bad signature, invalid audience).
      */
-    verify(token: string): Promise<Claims>;
+    verify(token: string): Promise<IDecodedTokenClaim>;
 }
+export { AuthlyClient };

package/dist/globals/clients/AuthlyClient.js

@@ -1,35 +1,48 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthlyClient = void 0;
-const config_1 = require("../../config");
-const JWTVerifier_1 = require("./internal/JWTVerifier");
+const JWTVerifier_1 = require("../internal/JWTVerifier");
+const AuthlyConfiguration_1 = require("../configuration/AuthlyConfiguration");
 /**
- * A client for interacting with Authly.
- *
- * This client handles the validation of tokens against a specific issuer and audience,
+ * @summary A client for interacting with Authly.
+ * @description This client handles the validation of tokens against a specific issuer and audience,
  * fetching the public keys (JWKS) automatically, and provides utilities for
  * starting the OAuth2 flow.
  */
 class AuthlyClient {
+    /**
+     * @summary The JWT verifier for the client.
+     */
     verifier;
+    /**
+     * @summary The service ID of the client.
+     */
     serviceId;
+    /**
+     * @summary The issuer of the client.
+     */
     issuer;
+    /**
+     * @summary The authorize path of the client.
+     */
     authorizePath;
+    /**
+     * @summary Constructs a new AuthlyClient.
+     * @param options - The options for the client.
+     */
     constructor(options) {
         this.issuer = options.issuer.replace(/\/$/, "");
         this.serviceId = options.serviceId;
-        const jwksPath = options.jwksPath || config_1.DEFAULT_JWKS_PATH;
-        this.authorizePath = options.authorizePath || config_1.DEFAULT_AUTHORIZE_PATH;
+        this.authorizePath = options.authorizePath || AuthlyConfiguration_1.AuthlyConfiguration.DEFAULT_AUTHORIZE_PATH;
         this.verifier = new JWTVerifier_1.JWTVerifier({
             issuer: this.issuer,
             audience: options.audience,
-            jwksUrl: `${this.issuer}${jwksPath}`,
+            jwksUrl: `${this.issuer}${options.jwksPath || AuthlyConfiguration_1.AuthlyConfiguration.DEFAULT_JWKS_PATH}`,
             algorithms: options.algorithms,
         });
     }
     /**
-     * Generate the authorization URL to redirect the user to.
-     *
+     * @summary Generate the authorization URL to redirect the user to.
      * @param options - Options for generating the URL.
      * @returns The full authorization URL.
      */
@@ -41,19 +54,17 @@ class AuthlyClient {
         url.searchParams.set("scope", options.scope || "openid profile email");
         url.searchParams.set("state", options.state);
         url.searchParams.set("code_challenge", options.codeChallenge);
-        url.searchParams.set("code_challenge_method", options.codeChallengeMethod || "S256");
+        url.searchParams.set("code_challenge_method", options.codeChallengeMethod || "s256");
         return url.toString();
     }
     /**
-     * Verify a JWT token and return its decoded claims.
-     *
-     * This method verifies the token's signature using the provider's JWKS,
+     * @summary Verify a JWT token and return its decoded claims.
+     * @description This method verifies the token's signature using the provider's JWKS,
      * and validates standard claims like expiration, issuer, and audience.
-     *
      * @param token - The encoded JWT token string.
      * @returns A promise that resolves to the token claims (e.g., sub, iss, aud).
-     * @throws {TokenExpiredError} If the token has expired.
-     * @throws {TokenInvalidError} If the token is invalid (e.g., bad signature, invalid audience).
+     * @throws {AuthlyTokenExpiredError} If the token has expired.
+     * @throws {AuthlyTokenInvalidError} If the token is invalid (e.g., bad signature, invalid audience).
      */
     async verify(token) {
         return this.verifier.verify(token);

package/dist/globals/configuration/AuthlyConfiguration.d.ts

@@ -0,0 +1,28 @@
+/**
+ * @summary Configuration for the Authly library.
+ */
+declare class AuthlyConfiguration {
+    /**
+     * @summary Private constructor to prevent instantiation.
+     */
+    private constructor();
+    /**
+     * @summary The default JWKS path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/.well-known/jwks.json"
+     */
+    static readonly DEFAULT_JWKS_PATH: string;
+    /**
+     * @summary The default authorize path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/authorize"
+     */
+    static readonly DEFAULT_AUTHORIZE_PATH: string;
+    /**
+     * @summary The default algorithms.
+     * @readonly This property is readonly and cannot be changed.
+     * @default ["RS256"]
+     */
+    static readonly DEFAULT_ALGORITHMS: readonly string[];
+}
+export { AuthlyConfiguration };

package/dist/globals/configuration/AuthlyConfiguration.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyConfiguration = void 0;
+/**
+ * @summary Configuration for the Authly library.
+ */
+class AuthlyConfiguration {
+    /**
+     * @summary Private constructor to prevent instantiation.
+     */
+    constructor() { }
+    /**
+     * @summary The default JWKS path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/.well-known/jwks.json"
+     */
+    static DEFAULT_JWKS_PATH = "/.well-known/jwks.json";
+    /**
+     * @summary The default authorize path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/authorize"
+     */
+    static DEFAULT_AUTHORIZE_PATH = "/authorize";
+    /**
+     * @summary The default algorithms.
+     * @readonly This property is readonly and cannot be changed.
+     * @default ["RS256"]
+     */
+    static DEFAULT_ALGORITHMS = ["RS256"];
+}
+exports.AuthlyConfiguration = AuthlyConfiguration;

package/dist/globals/{clients → internal}/HttpClient.d.ts

@@ -1,46 +1,46 @@
 import type { IRequestResponseClient } from "../../models/globals/clients/interfaces/IRequestResponseClient";
 /**
- * A class that provides a static method for making HTTP requests.
+ * @summary A class that provides a static method for making HTTP requests.
  */
 declare class HttpClient {
     private constructor();
     /**
-     * Makes an HTTP request to the specified URL.
+     * @summary Makes an HTTP request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
      */
     private static request;
     /**
-     * Makes a GET request to the specified URL.
+     * @summary Makes a GET request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
      */
     static get<D>(url: string, options?: Omit<RequestInit, "method">): Promise<IRequestResponseClient<D>>;
     /**
-     * Makes a POST request to the specified URL.
+     * @summary Makes a POST request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
      */
     static post<D>(url: string, options?: Omit<RequestInit, "method">): Promise<IRequestResponseClient<D>>;
     /**
-     * Makes a PUT request to the specified URL.
+     * @summary Makes a PUT request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
      */
     static put<D>(url: string, options?: Omit<RequestInit, "method">): Promise<IRequestResponseClient<D>>;
     /**
-     * Makes a PATCH request to the specified URL.
+     * @summary Makes a PATCH request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
      */
     static patch<D>(url: string, options?: Omit<RequestInit, "method">): Promise<IRequestResponseClient<D>>;
     /**
-     * Makes a DELETE request to the specified URL.
+     * @summary Makes a DELETE request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.

package/dist/globals/{clients → internal}/HttpClient.js

@@ -2,12 +2,12 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.HttpClient = void 0;
 /**
- * A class that provides a static method for making HTTP requests.
+ * @summary A class that provides a static method for making HTTP requests.
  */
 class HttpClient {
     constructor() { }
     /**
-     * Makes an HTTP request to the specified URL.
+     * @summary Makes an HTTP request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
@@ -35,7 +35,7 @@ class HttpClient {
         }
     }
     /**
-     * Makes a GET request to the specified URL.
+     * @summary Makes a GET request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
@@ -47,7 +47,7 @@ class HttpClient {
         });
     }
     /**
-     * Makes a POST request to the specified URL.
+     * @summary Makes a POST request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
@@ -59,7 +59,7 @@ class HttpClient {
         });
     }
     /**
-     * Makes a PUT request to the specified URL.
+     * @summary Makes a PUT request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
@@ -71,7 +71,7 @@ class HttpClient {
         });
     }
     /**
-     * Makes a PATCH request to the specified URL.
+     * @summary Makes a PATCH request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.
@@ -83,7 +83,7 @@ class HttpClient {
         });
     }
     /**
-     * Makes a DELETE request to the specified URL.
+     * @summary Makes a DELETE request to the specified URL.
      * @param url - The URL to make the request to.
      * @param options - The options for the request.
      * @returns A promise that resolves to the response data.

package/dist/globals/internal/JWTVerifier.d.ts

@@ -0,0 +1,37 @@
+import type { IDecodedTokenClaim } from "../../models/globals/clients/interfaces/IDecodedTokenClaim";
+import type { IJWTVerifierOptions } from "../../models/globals/clients/internal/interfaces/IJWTVerifierOptions";
+/**
+ * @summary Internal class for verifying JWT tokens using jose.
+ */
+declare class JWTVerifier {
+    /**
+     * @summary The issuer of the token.
+     */
+    private readonly issuer;
+    /**
+     * @summary The audience of the token.
+     */
+    private readonly audience;
+    /**
+     * @summary The algorithms to use for the token.
+     */
+    private readonly algorithms;
+    /**
+     * @summary The JWKS to use for the token.
+     */
+    private readonly JWKS;
+    /**
+     * @summary Constructs a new JWTVerifier.
+     * @param params - The options for the JWTVerifier.
+     */
+    constructor(params: IJWTVerifierOptions);
+    /**
+     * @summary Verify the JWT token and return its claims.
+     * @param token - The encoded JWT token string.
+     * @returns The decoded claims from the token.
+     * @throws {AuthlyTokenExpiredError} If the token's exp claim is in the past.
+     * @throws {AuthlyTokenInvalidError} If the token is otherwise invalid.
+     */
+    verify(token: string): Promise<IDecodedTokenClaim>;
+}
+export { JWTVerifier };

package/dist/globals/internal/JWTVerifier.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTVerifier = void 0;
+const jose_1 = require("jose");
+const AuthlyTokenExpiredError_1 = require("../../models/builders/process-errors/tokens/AuthlyTokenExpiredError");
+const AuthlyTokenInvalidError_1 = require("../../models/builders/process-errors/tokens/AuthlyTokenInvalidError");
+const AuthlyConfiguration_1 = require("../configuration/AuthlyConfiguration");
+/**
+ * @summary Internal class for verifying JWT tokens using jose.
+ */
+class JWTVerifier {
+    /**
+     * @summary The issuer of the token.
+     */
+    issuer;
+    /**
+     * @summary The audience of the token.
+     */
+    audience;
+    /**
+     * @summary The algorithms to use for the token.
+     */
+    algorithms;
+    /**
+     * @summary The JWKS to use for the token.
+     */
+    JWKS;
+    /**
+     * @summary Constructs a new JWTVerifier.
+     * @param params - The options for the JWTVerifier.
+     */
+    constructor(params) {
+        this.issuer = params.issuer;
+        this.audience = params.audience;
+        this.algorithms = params.algorithms || AuthlyConfiguration_1.AuthlyConfiguration.DEFAULT_ALGORITHMS;
+        this.JWKS = params.jwks || (0, jose_1.createRemoteJWKSet)(new URL(params.jwksUrl));
+    }
+    /**
+     * @summary Verify the JWT token and return its claims.
+     * @param token - The encoded JWT token string.
+     * @returns The decoded claims from the token.
+     * @throws {AuthlyTokenExpiredError} If the token's exp claim is in the past.
+     * @throws {AuthlyTokenInvalidError} If the token is otherwise invalid.
+     */
+    async verify(token) {
+        try {
+            const { payload } = await (0, jose_1.jwtVerify)(token, this.JWKS, {
+                issuer: this.issuer,
+                audience: this.audience,
+                algorithms: this.algorithms,
+            });
+            return payload;
+        }
+        catch (error) {
+            if (error instanceof Error) {
+                const code = error.code;
+                if (code === "ERR_JWT_EXPIRED") {
+                    throw new AuthlyTokenExpiredError_1.AuthlyTokenExpiredError("Token has expired");
+                }
+                if (code === "ERR_JWT_CLAIM_VALIDATION_FAILED" ||
+                    code === "ERR_JWS_SIGNATURE_VERIFICATION_FAILED" ||
+                    code === "ERR_JWS_INVALID" ||
+                    code === "ERR_JWT_INVALID") {
+                    throw new AuthlyTokenInvalidError_1.AuthlyTokenInvalidError(error.message ?? "Token validation failed");
+                }
+            }
+            throw new AuthlyTokenInvalidError_1.AuthlyTokenInvalidError("Invalid token");
+        }
+    }
+}
+exports.JWTVerifier = JWTVerifier;

package/dist/index.d.ts

@@ -1,3 +1,23 @@
-export * from "./models/Claims";
-export * from "./exceptions";
+/**
+ * @authly/sdk
+ *
+ * A library for building authentication systems using Authly.
+ *
+ * @author Anvoria
+ * @license MIT
+ */
+/**
+ * Clients.
+ */
 export * from "./globals/clients/AuthlyClient";
+export * from "./globals/configuration/AuthlyConfiguration";
+/**
+ * Models.
+ */
+export * from "./models/builders/process-errors/base/AuthlyError";
+export * from "./models/builders/process-errors/base/AuthlyTokenError";
+export * from "./models/builders/process-errors/tokens/AuthlyTokenExpiredError";
+export * from "./models/builders/process-errors/tokens/AuthlyTokenInvalidError";
+export * from "./models/globals/clients/interfaces/IAuthlyClientOptions";
+export * from "./models/globals/clients/interfaces/IAuthorizeUrlOptions";
+export * from "./models/globals/clients/interfaces/IDecodedTokenClaim";

package/dist/index.js

@@ -1,4 +1,12 @@
 "use strict";
+/**
+ * @authly/sdk
+ *
+ * A library for building authentication systems using Authly.
+ *
+ * @author Anvoria
+ * @license MIT
+ */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -14,6 +22,18 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./models/Claims"), exports);
-__exportStar(require("./exceptions"), exports);
+/**
+ * Clients.
+ */
 __exportStar(require("./globals/clients/AuthlyClient"), exports);
+__exportStar(require("./globals/configuration/AuthlyConfiguration"), exports);
+/**
+ * Models.
+ */
+__exportStar(require("./models/builders/process-errors/base/AuthlyError"), exports);
+__exportStar(require("./models/builders/process-errors/base/AuthlyTokenError"), exports);
+__exportStar(require("./models/builders/process-errors/tokens/AuthlyTokenExpiredError"), exports);
+__exportStar(require("./models/builders/process-errors/tokens/AuthlyTokenInvalidError"), exports);
+__exportStar(require("./models/globals/clients/interfaces/IAuthlyClientOptions"), exports);
+__exportStar(require("./models/globals/clients/interfaces/IAuthorizeUrlOptions"), exports);
+__exportStar(require("./models/globals/clients/interfaces/IDecodedTokenClaim"), exports);

package/dist/models/builders/process-errors/base/AuthlyError.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @summary Base exception for all Authly errors.
+ */
+declare abstract class AuthlyError extends Error {
+    /**
+     * @summary Constructs a new AuthlyError.
+     * @param message - The error message.
+     */
+    constructor(message: string);
+}
+export { AuthlyError };

package/dist/models/builders/process-errors/base/AuthlyError.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyError = void 0;
+/**
+ * @summary Base exception for all Authly errors.
+ */
+class AuthlyError extends Error {
+    /**
+     * @summary Constructs a new AuthlyError.
+     * @param message - The error message.
+     */
+    constructor(message) {
+        super(message);
+        this.name = "AuthlyError";
+        Object.setPrototypeOf(this, AuthlyError.prototype);
+    }
+}
+exports.AuthlyError = AuthlyError;

package/dist/models/builders/process-errors/base/AuthlyTokenError.d.ts

@@ -0,0 +1,12 @@
+import { AuthlyError } from "./AuthlyError";
+/**
+ * @summary Base exception for all Authly token errors.
+ */
+declare abstract class AuthlyTokenError extends AuthlyError {
+    /**
+     * @summary Constructs a new AuthlyTokenError.
+     * @param message - The error message.
+     */
+    constructor(message: string);
+}
+export { AuthlyTokenError };

package/dist/models/builders/process-errors/base/AuthlyTokenError.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyTokenError = void 0;
+const AuthlyError_1 = require("./AuthlyError");
+/**
+ * @summary Base exception for all Authly token errors.
+ */
+class AuthlyTokenError extends AuthlyError_1.AuthlyError {
+    /**
+     * @summary Constructs a new AuthlyTokenError.
+     * @param message - The error message.
+     */
+    constructor(message) {
+        super(message);
+        this.name = "AuthlyTokenError";
+        Object.setPrototypeOf(this, AuthlyTokenError.prototype);
+    }
+}
+exports.AuthlyTokenError = AuthlyTokenError;

package/dist/models/builders/process-errors/tokens/AuthlyTokenExpiredError.d.ts

@@ -0,0 +1,13 @@
+import { AuthlyTokenError } from "../base/AuthlyTokenError";
+/**
+ * @summary Exception raised when a token is expired.
+ * @throws This error is thrown when the token's expiration time is in the past.
+ */
+declare class AuthlyTokenExpiredError extends AuthlyTokenError {
+    /**
+     * @summary Constructs a new AuthlyTokenExpiredError.
+     * @param message - The error message.
+     */
+    constructor(message: string);
+}
+export { AuthlyTokenExpiredError };

package/dist/models/builders/process-errors/tokens/AuthlyTokenExpiredError.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyTokenExpiredError = void 0;
+const AuthlyTokenError_1 = require("../base/AuthlyTokenError");
+/**
+ * @summary Exception raised when a token is expired.
+ * @throws This error is thrown when the token's expiration time is in the past.
+ */
+class AuthlyTokenExpiredError extends AuthlyTokenError_1.AuthlyTokenError {
+    /**
+     * @summary Constructs a new AuthlyTokenExpiredError.
+     * @param message - The error message.
+     */
+    constructor(message) {
+        super(message);
+        this.name = "AuthlyTokenExpiredError";
+        Object.setPrototypeOf(this, AuthlyTokenExpiredError.prototype);
+    }
+}
+exports.AuthlyTokenExpiredError = AuthlyTokenExpiredError;

package/dist/models/builders/process-errors/tokens/AuthlyTokenInvalidError.d.ts

@@ -0,0 +1,16 @@
+import { AuthlyTokenError } from "../base/AuthlyTokenError";
+/**
+ * @summary Exception raised when a token is invalid.
+ * @throws This error is thrown when:
+ * - The token has an invalid signature.
+ * - The token has an invalid format.
+ * - The token has an invalid issuer or audience.
+ */
+declare class AuthlyTokenInvalidError extends AuthlyTokenError {
+    /**
+     * @summary Constructs a new AuthlyTokenInvalidError.
+     * @param message - The error message.
+     */
+    constructor(message: string);
+}
+export { AuthlyTokenInvalidError };

package/dist/models/builders/process-errors/tokens/AuthlyTokenInvalidError.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyTokenInvalidError = void 0;
+const AuthlyTokenError_1 = require("../base/AuthlyTokenError");
+/**
+ * @summary Exception raised when a token is invalid.
+ * @throws This error is thrown when:
+ * - The token has an invalid signature.
+ * - The token has an invalid format.
+ * - The token has an invalid issuer or audience.
+ */
+class AuthlyTokenInvalidError extends AuthlyTokenError_1.AuthlyTokenError {
+    /**
+     * @summary Constructs a new AuthlyTokenInvalidError.
+     * @param message - The error message.
+     */
+    constructor(message) {
+        super(message);
+        this.name = "AuthlyTokenInvalidError";
+        Object.setPrototypeOf(this, AuthlyTokenInvalidError.prototype);
+    }
+}
+exports.AuthlyTokenInvalidError = AuthlyTokenInvalidError;

package/dist/models/globals/clients/interfaces/IAuthlyClientOptions.d.ts

@@ -0,0 +1,39 @@
+/**
+ * @summary Options for initializing the AuthlyClient.
+ */
+interface IAuthlyClientOptions {
+    /**
+     * @summary The base URL of the identity provider.
+     * @example "https://auth.example.com"
+     */
+    readonly issuer: string;
+    /**
+     * @summary The expected audience claim (aud) in the token.
+     * @example "https://app.example.com"
+     */
+    readonly audience: string;
+    /**
+     * @summary The ID of the service in Authly.
+     * @example "1234567890"
+     */
+    readonly serviceId: string;
+    /**
+     * @summary The path to the JWKS endpoint relative to the issuer.
+     * @example "/.well-known/jwks.json"
+     * @default "/.well-known/jwks.json"
+     */
+    readonly jwksPath?: string;
+    /**
+     * @summary The path to the authorize endpoint relative to the issuer.
+     * @example "/v1/oauth/authorize"
+     * @default "/authorize"
+     */
+    readonly authorizePath?: string;
+    /**
+     * @summary A list of allowed signing algorithms.
+     * @example ["RS256"]
+     * @default ["RS256"]
+     */
+    readonly algorithms?: string[];
+}
+export type { IAuthlyClientOptions };

package/dist/models/globals/clients/interfaces/IAuthorizeUrlOptions.d.ts

@@ -0,0 +1,36 @@
+/**
+ * @summary Options for generating an authorization URL.
+ */
+interface IAuthorizeUrlOptions {
+    /**
+     * @summary The URI to redirect back to after authentication.
+     * @example "https://app.example.com/callback"
+     */
+    readonly redirectUri: string;
+    /**
+     * @summary A unique state string to prevent CSRF.
+     * @example "1234567890"
+     */
+    readonly state: string;
+    /**
+     * @summary The PKCE code challenge.
+     * @example "1234567890"
+     */
+    readonly codeChallenge: string;
+    /**
+     * @summary The PKCE code challenge method.
+     * @example "S256"
+     */
+    readonly codeChallengeMethod?: "S256" | "plain";
+    /**
+     * @summary The requested scopes.
+     * @example "openid profile email"
+     */
+    readonly scope?: string;
+    /**
+     * @summary The OAuth2 response type.
+     * @example "code"
+     */
+    readonly responseType?: string;
+}
+export type { IAuthorizeUrlOptions };

package/dist/models/globals/clients/interfaces/IAuthorizeUrlOptions.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/models/globals/clients/interfaces/IDecodedTokenClaim.d.ts

@@ -0,0 +1,68 @@
+/**
+ * @summary Interface for decoded token claims.
+ */
+interface IDecodedTokenClaim {
+    /**
+     * @summary Subject identifier - the unique ID of the user.
+     * @example "1234567890"
+     */
+    readonly sub: string;
+    /**
+     * @summary Issuer identifier - the URL of the identity provider.
+     * @example "https://auth.example.com"
+     */
+    readonly iss: string;
+    /**
+     * @summary Audience(s) for which the token is intended.
+     * @example "https://app.example.com"
+     * @example ["https://app.example.com", "https://app.example.com/api"]
+     */
+    readonly aud: string | string[];
+    /**
+     * @summary Expiration time (Unix timestamp).
+     * @example 1715145600
+     */
+    readonly exp: number;
+    /**
+     * @summary Issued at time (Unix timestamp).
+     * @example 1715145600
+     */
+    readonly iat: number;
+    /**
+     * @summary Session ID identifier.
+     * @example "1234567890"
+     */
+    readonly sid: string;
+    /**
+     * @summary Dictionary of permissions granted to the user, where keys are resource names and values are permission levels.
+     * @example
+     * ```json
+     * {
+     *     "read": 1,
+     *     "write": 0
+     * }
+     * ```
+     */
+    readonly permissions: Record<string, number>;
+    /**
+     * @summary Permission version.
+     * @example 1
+     */
+    readonly pver?: number;
+    /**
+     * @summary Space-separated list of scopes.
+     * @example "openid profile email"
+     */
+    readonly scope?: string;
+    /**
+     * @summary Allow additional claims.
+     * @example
+     * ```json
+     * {
+     *     "custom": "custom-value"
+     * }
+     * ```
+     */
+    readonly [key: string]: unknown;
+}
+export type { IDecodedTokenClaim };

package/dist/models/globals/clients/interfaces/IDecodedTokenClaim.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/models/globals/clients/internal/interfaces/IJWTVerifierOptions.d.ts

@@ -0,0 +1,33 @@
+import type { JWTVerifyGetKey } from "jose";
+/**
+ * @summary Options for the JWTVerifier class.
+ */
+interface IJWTVerifierOptions {
+    /**
+     * @summary The issuer of the token.
+     * @example "https://auth.example.com"
+     */
+    readonly issuer: string;
+    /**
+     * @summary The audience of the token.
+     * @example "https://app.example.com"
+     */
+    readonly audience: string;
+    /**
+     * @summary The URL of the JWKS endpoint.
+     * @example "https://auth.example.com/.well-known/jwks.json"
+     */
+    readonly jwksUrl: string;
+    /**
+     * @summary The algorithms to use for the token.
+     * @example ["RS256", "ES256"]
+     * @default ["RS256"]
+     */
+    readonly algorithms?: string[];
+    /**
+     * @summary The JWKS to use for the token.
+     * @example async () => publicKey
+     */
+    readonly jwks?: JWTVerifyGetKey;
+}
+export type { IJWTVerifierOptions };

package/dist/models/globals/clients/internal/interfaces/IJWTVerifierOptions.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@authly/sdk",
     "description": "A library for building authentication systems using Authly.",
-    "version": "1.1.1",
+    "version": "1.1.2",
     "author": {
         "name": "Anvoria",
         "url": "https://github.com/Anvoria"
@@ -59,7 +59,7 @@
         "@types/bun": "^1.3.4",
         "@types/node": "^25.0.3",
         "eslint": "^9.39.2",
-        "globals": "^16.5.0",
+        "globals": "^17.0.0",
         "husky": "^9.1.7",
         "jiti": "^2.6.1",
         "lint-staged": "^16.2.7",
@@ -71,4 +71,4 @@
     "dependencies": {
         "jose": "^6.1.3"
     }
-}
+}

package/dist/config.d.ts

@@ -1,3 +0,0 @@
-export declare const DEFAULT_JWKS_PATH = "/.well-known/jwks.json";
-export declare const DEFAULT_AUTHORIZE_PATH = "/authorize";
-export declare const DEFAULT_ALGORITHMS: string[];

package/dist/config.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_ALGORITHMS = exports.DEFAULT_AUTHORIZE_PATH = exports.DEFAULT_JWKS_PATH = void 0;
-exports.DEFAULT_JWKS_PATH = "/.well-known/jwks.json";
-exports.DEFAULT_AUTHORIZE_PATH = "/authorize";
-exports.DEFAULT_ALGORITHMS = ["RS256"];

package/dist/exceptions/index.d.ts

@@ -1,27 +0,0 @@
-/**
- * Base exception for all Authly errors.
- */
-export declare class AuthlyError extends Error {
-    constructor(message: string);
-}
-/**
- * Base exception for all token errors.
- */
-export declare class TokenError extends AuthlyError {
-    constructor(message: string);
-}
-/**
- * Exception raised when a token is invalid:
- * - bad signature
- * - bad format
- * - bad iss / aud
- */
-export declare class TokenInvalidError extends TokenError {
-    constructor(message: string);
-}
-/**
- * Exception raised when a token is expired.
- */
-export declare class TokenExpiredError extends TokenError {
-    constructor(message: string);
-}

package/dist/exceptions/index.js

@@ -1,46 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenExpiredError = exports.TokenInvalidError = exports.TokenError = exports.AuthlyError = void 0;
-/**
- * Base exception for all Authly errors.
- */
-class AuthlyError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "AuthlyError";
-    }
-}
-exports.AuthlyError = AuthlyError;
-/**
- * Base exception for all token errors.
- */
-class TokenError extends AuthlyError {
-    constructor(message) {
-        super(message);
-        this.name = "TokenError";
-    }
-}
-exports.TokenError = TokenError;
-/**
- * Exception raised when a token is invalid:
- * - bad signature
- * - bad format
- * - bad iss / aud
- */
-class TokenInvalidError extends TokenError {
-    constructor(message) {
-        super(message);
-        this.name = "TokenInvalidError";
-    }
-}
-exports.TokenInvalidError = TokenInvalidError;
-/**
- * Exception raised when a token is expired.
- */
-class TokenExpiredError extends TokenError {
-    constructor(message) {
-        super(message);
-        this.name = "TokenExpiredError";
-    }
-}
-exports.TokenExpiredError = TokenExpiredError;

package/dist/globals/clients/internal/JWTVerifier.d.ts

@@ -1,26 +0,0 @@
-import type { JWTVerifyGetKey } from "jose";
-import type { Claims } from "../../../models/Claims";
-/**
- * Internal class for verifying JWT tokens using jose.
- */
-export declare class JWTVerifier {
-    private readonly issuer;
-    private readonly audience;
-    private readonly algorithms;
-    private readonly JWKS;
-    constructor(params: {
-        issuer: string;
-        audience: string;
-        jwksUrl: string;
-        algorithms?: string[];
-        jwks?: JWTVerifyGetKey;
-    });
-    /**
-     * Verify the JWT token and return its claims.
-     * @param token - The encoded JWT token string.
-     * @returns The decoded claims from the token.
-     * @throws {TokenExpiredError} If the token's exp claim is in the past.
-     * @throws {TokenInvalidError} If the token is otherwise invalid.
-     */
-    verify(token: string): Promise<Claims>;
-}

package/dist/globals/clients/internal/JWTVerifier.js

@@ -1,55 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.JWTVerifier = void 0;
-const jose_1 = require("jose");
-const config_1 = require("../../../config");
-const exceptions_1 = require("../../../exceptions");
-/**
- * Internal class for verifying JWT tokens using jose.
- */
-class JWTVerifier {
-    issuer;
-    audience;
-    algorithms;
-    JWKS;
-    constructor(params) {
-        this.issuer = params.issuer;
-        this.audience = params.audience;
-        this.algorithms = params.algorithms || config_1.DEFAULT_ALGORITHMS;
-        this.JWKS = params.jwks || (0, jose_1.createRemoteJWKSet)(new URL(params.jwksUrl));
-    }
-    /**
-     * Verify the JWT token and return its claims.
-     * @param token - The encoded JWT token string.
-     * @returns The decoded claims from the token.
-     * @throws {TokenExpiredError} If the token's exp claim is in the past.
-     * @throws {TokenInvalidError} If the token is otherwise invalid.
-     */
-    async verify(token) {
-        try {
-            const options = {
-                issuer: this.issuer,
-                audience: this.audience,
-                algorithms: this.algorithms,
-            };
-            const { payload } = await (0, jose_1.jwtVerify)(token, this.JWKS, options);
-            return payload;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                const code = error.code;
-                if (code === "ERR_JWT_EXPIRED") {
-                    throw new exceptions_1.TokenExpiredError("Token has expired");
-                }
-                if (code === "ERR_JWT_CLAIM_VALIDATION_FAILED" ||
-                    code === "ERR_JWS_SIGNATURE_VERIFICATION_FAILED" ||
-                    code === "ERR_JWS_INVALID" ||
-                    code === "ERR_JWT_INVALID") {
-                    throw new exceptions_1.TokenInvalidError(error.message || "Token validation failed");
-                }
-            }
-            throw new exceptions_1.TokenInvalidError("Invalid token");
-        }
-    }
-}
-exports.JWTVerifier = JWTVerifier;

package/dist/models/Claims.d.ts

@@ -1,48 +0,0 @@
-/**
- * Decoded JWT claims found in an Authly token.
- *
- * This interface contains both standard OIDC claims and Authly-specific claims
- * like session ID (sid) and permissions.
- */
-export interface Claims {
-    /**
-     * Subject identifier - the unique ID of the user.
-     */
-    sub: string;
-    /**
-     * Issuer identifier - the URL of the identity provider.
-     */
-    iss: string;
-    /**
-     * Audience(s) for which the token is intended.
-     */
-    aud: string | string[];
-    /**
-     * Expiration time (Unix timestamp).
-     */
-    exp: number;
-    /**
-     * Issued at time (Unix timestamp).
-     */
-    iat: number;
-    /**
-     * Session ID identifier.
-     */
-    sid: string;
-    /**
-     * Dictionary of permissions granted to the user, where keys are resource names and values are permission levels.
-     */
-    permissions: Record<string, number>;
-    /**
-     * Permission version.
-     */
-    pver?: number;
-    /**
-     * Space-separated list of scopes.
-     */
-    scope?: string;
-    /**
-     * Allow additional claims.
-     */
-    [key: string]: unknown;
-}