@authly/sdk 1.1.2 → 1.2.0

package/dist/globals/clients/AuthlyClient.d.ts

@@ -1,6 +1,8 @@
 import type { IAuthlyClientOptions } from "../../models/globals/clients/interfaces/IAuthlyClientOptions";
 import type { IAuthorizeUrlOptions } from "../../models/globals/clients/interfaces/IAuthorizeUrlOptions";
 import type { IDecodedTokenClaim } from "../../models/globals/clients/interfaces/IDecodedTokenClaim";
+import type { ITokenResponse } from "../../models/globals/clients/interfaces/ITokenResponse";
+import type { IUserProfile } from "../../models/globals/clients/interfaces/IUserProfile";
 /**
  * @summary A client for interacting with Authly.
  * @description This client handles the validation of tokens against a specific issuer and audience,
@@ -8,6 +10,7 @@ import type { IDecodedTokenClaim } from "../../models/globals/clients/interfaces
  * starting the OAuth2 flow.
  */
 declare class AuthlyClient {
+    private static readonly ACCESS_TOKEN_KEY;
     /**
      * @summary The JWT verifier for the client.
      */
@@ -24,17 +27,90 @@ declare class AuthlyClient {
      * @summary The authorize path of the client.
      */
     private readonly authorizePath;
+    /**
+     * @summary The token path of the client.
+     */
+    private readonly tokenPath;
+    /**
+     * @summary The user info path of the client.
+     */
+    private readonly userInfoPath;
+    /**
+     * @summary The redirect URI for the client.
+     */
+    private readonly redirectUri?;
+    /**
+     * @summary The storage implementation.
+     */
+    private readonly storage?;
+    /**
+     * @summary Memory cache for the access token.
+     */
+    private accessToken;
     /**
      * @summary Constructs a new AuthlyClient.
      * @param options - The options for the client.
      */
     constructor(options: IAuthlyClientOptions);
+    /**
+     * @summary Prepares the authorization request, stores PKCE state, and returns the URL.
+     * @param options - Optional overrides for the authorization request.
+     * @returns A promise that resolves to the authorization URL.
+     */
+    authorize(options?: Partial<IAuthorizeUrlOptions>): Promise<string>;
     /**
      * @summary Generate the authorization URL to redirect the user to.
      * @param options - Options for generating the URL.
      * @returns The full authorization URL.
      */
     getAuthorizeUrl(options: IAuthorizeUrlOptions): string;
+    /**
+     * @summary Exchanges the authorization code for tokens using PKCE flow and state validation.
+     * @param urlParams - The URLSearchParams containing 'code' and 'state'.
+     * @returns A promise that resolves to the token response.
+     */
+    exchangeToken(urlParams: URLSearchParams): Promise<ITokenResponse>;
+    /**
+     * @summary Set the current session.
+     * @param response - The token response from Authly.
+     */
+    setSession(response: ITokenResponse): Promise<void>;
+    /**
+     * @summary Get the current access token.
+     * @returns The access token or null if not found.
+     */
+    getAccessToken(): Promise<string | null>;
+    /**
+     * @summary Refreshes the access token using the refresh_token grant.
+     * @description In the browser, this relies on the 'session' cookie if no explicit refresh token is provided.
+     * @param refreshToken - Optional explicit refresh token.
+     * @returns A promise that resolves to the new access token.
+     */
+    refreshToken(refreshToken?: string): Promise<string | null>;
+    /**
+     * @summary Fetches the user profile from the userinfo endpoint.
+     * @description Automatically handles token expiration by attempting to refresh the token once.
+     * @returns A promise that resolves to the user profile or null if not authenticated.
+     */
+    getUser(): Promise<IUserProfile | null>;
+    /**
+     * @summary Synchronously check if the user is authenticated based on token presence and expiration.
+     * @description This only checks the token locally and does not perform a network request.
+     * @returns True if a valid token exists and is not expired.
+     */
+    isAuthenticated(): Promise<boolean>;
+    /**
+     * @summary Logs out the user by clearing the session from storage and memory.
+     */
+    logout(): Promise<void>;
+    /**
+     * @summary Exchange the authorization code for an access token.
+     * @param code - The authorization code received from the callback.
+     * @param redirectUri - The redirect URI used in the authorize request.
+     * @param codeVerifier - The PKCE code verifier (required if used in authorize).
+     * @returns A promise that resolves to the token response.
+     */
+    exchangeCodeForToken(code: string, redirectUri: string, codeVerifier?: string): Promise<ITokenResponse>;
     /**
      * @summary Verify a JWT token and return its decoded claims.
      * @description This method verifies the token's signature using the provider's JWKS,

package/dist/globals/clients/AuthlyClient.js

@@ -1,7 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthlyClient = void 0;
+const jose_1 = require("jose");
 const JWTVerifier_1 = require("../internal/JWTVerifier");
+const HttpClient_1 = require("../internal/HttpClient");
+const PKCEUtils_1 = require("../internal/PKCEUtils");
 const AuthlyConfiguration_1 = require("../configuration/AuthlyConfiguration");
 /**
  * @summary A client for interacting with Authly.
@@ -10,6 +13,7 @@ const AuthlyConfiguration_1 = require("../configuration/AuthlyConfiguration");
  * starting the OAuth2 flow.
  */
 class AuthlyClient {
+    static ACCESS_TOKEN_KEY = "authly_access_token";
     /**
      * @summary The JWT verifier for the client.
      */
@@ -26,6 +30,26 @@ class AuthlyClient {
      * @summary The authorize path of the client.
      */
     authorizePath;
+    /**
+     * @summary The token path of the client.
+     */
+    tokenPath;
+    /**
+     * @summary The user info path of the client.
+     */
+    userInfoPath;
+    /**
+     * @summary The redirect URI for the client.
+     */
+    redirectUri;
+    /**
+     * @summary The storage implementation.
+     */
+    storage;
+    /**
+     * @summary Memory cache for the access token.
+     */
+    accessToken = null;
     /**
      * @summary Constructs a new AuthlyClient.
      * @param options - The options for the client.
@@ -34,6 +58,13 @@ class AuthlyClient {
         this.issuer = options.issuer.replace(/\/$/, "");
         this.serviceId = options.serviceId;
         this.authorizePath = options.authorizePath || AuthlyConfiguration_1.AuthlyConfiguration.DEFAULT_AUTHORIZE_PATH;
+        this.tokenPath = options.tokenPath || AuthlyConfiguration_1.AuthlyConfiguration.DEFAULT_TOKEN_PATH;
+        this.userInfoPath = options.userInfoPath || AuthlyConfiguration_1.AuthlyConfiguration.DEFAULT_USER_INFO_PATH;
+        this.redirectUri = options.redirectUri;
+        this.storage = options.storage;
+        if (!this.storage && typeof window !== "undefined" && window.sessionStorage) {
+            this.storage = window.sessionStorage;
+        }
         this.verifier = new JWTVerifier_1.JWTVerifier({
             issuer: this.issuer,
             audience: options.audience,
@@ -41,6 +72,31 @@ class AuthlyClient {
             algorithms: options.algorithms,
         });
     }
+    /**
+     * @summary Prepares the authorization request, stores PKCE state, and returns the URL.
+     * @param options - Optional overrides for the authorization request.
+     * @returns A promise that resolves to the authorization URL.
+     */
+    async authorize(options) {
+        if (!this.storage) {
+            throw new Error("Storage is not configured. Cannot save state and code verifier.");
+        }
+        if (!this.redirectUri && !options?.redirectUri) {
+            throw new Error("Redirect URI is required but not configured.");
+        }
+        const state = options?.state || PKCEUtils_1.PKCEUtils.generateRandomString();
+        const codeVerifier = PKCEUtils_1.PKCEUtils.generateRandomString();
+        const codeChallenge = await PKCEUtils_1.PKCEUtils.generateCodeChallenge(codeVerifier);
+        await this.storage.setItem("pkce_state", state);
+        await this.storage.setItem("pkce_verifier", codeVerifier);
+        return this.getAuthorizeUrl({
+            redirectUri: (options?.redirectUri || this.redirectUri),
+            ...options,
+            state,
+            codeChallenge,
+            codeChallengeMethod: "S256",
+        });
+    }
     /**
      * @summary Generate the authorization URL to redirect the user to.
      * @param options - Options for generating the URL.
@@ -57,6 +113,177 @@ class AuthlyClient {
         url.searchParams.set("code_challenge_method", options.codeChallengeMethod || "s256");
         return url.toString();
     }
+    /**
+     * @summary Exchanges the authorization code for tokens using PKCE flow and state validation.
+     * @param urlParams - The URLSearchParams containing 'code' and 'state'.
+     * @returns A promise that resolves to the token response.
+     */
+    async exchangeToken(urlParams) {
+        const code = urlParams.get("code");
+        const state = urlParams.get("state");
+        if (!code) {
+            throw new Error("No authorization code found in URL parameters.");
+        }
+        if (!this.storage) {
+            throw new Error("Storage is not configured. Cannot retrieve state and code verifier.");
+        }
+        const storedState = await this.storage.getItem("pkce_state");
+        if (!state || state !== storedState) {
+            throw new Error("Invalid state. Possible CSRF attack.");
+        }
+        const codeVerifier = await this.storage.getItem("pkce_verifier");
+        if (!codeVerifier) {
+            throw new Error("No code verifier found in storage.");
+        }
+        if (!this.redirectUri) {
+            throw new Error("Redirect URI is not configured in AuthlyClient options.");
+        }
+        const tokenResponse = await this.exchangeCodeForToken(code, this.redirectUri, codeVerifier);
+        await this.setSession(tokenResponse);
+        // Clear temporary storage
+        await this.storage.removeItem("pkce_state");
+        await this.storage.removeItem("pkce_verifier");
+        return tokenResponse;
+    }
+    /**
+     * @summary Set the current session.
+     * @param response - The token response from Authly.
+     */
+    async setSession(response) {
+        this.accessToken = response.access_token;
+        if (this.storage) {
+            await this.storage.setItem(AuthlyClient.ACCESS_TOKEN_KEY, response.access_token);
+        }
+    }
+    /**
+     * @summary Get the current access token.
+     * @returns The access token or null if not found.
+     */
+    async getAccessToken() {
+        if (this.accessToken)
+            return this.accessToken;
+        if (this.storage) {
+            this.accessToken = await this.storage.getItem(AuthlyClient.ACCESS_TOKEN_KEY);
+        }
+        return this.accessToken;
+    }
+    /**
+     * @summary Refreshes the access token using the refresh_token grant.
+     * @description In the browser, this relies on the 'session' cookie if no explicit refresh token is provided.
+     * @param refreshToken - Optional explicit refresh token.
+     * @returns A promise that resolves to the new access token.
+     */
+    async refreshToken(refreshToken) {
+        const url = `${this.issuer}${this.tokenPath}`;
+        const body = {
+            grant_type: "refresh_token",
+            client_id: this.serviceId,
+        };
+        if (refreshToken) {
+            body.refresh_token = refreshToken;
+        }
+        const response = await HttpClient_1.HttpClient.post(url, {
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams(body).toString(),
+        });
+        if (!response.success) {
+            return null;
+        }
+        await this.setSession(response.data);
+        return response.data.access_token;
+    }
+    /**
+     * @summary Fetches the user profile from the userinfo endpoint.
+     * @description Automatically handles token expiration by attempting to refresh the token once.
+     * @returns A promise that resolves to the user profile or null if not authenticated.
+     */
+    async getUser() {
+        let token = await this.getAccessToken();
+        if (!token)
+            return null;
+        const fetchInfo = async (currentBuffer) => {
+            return HttpClient_1.HttpClient.get(`${this.issuer}${this.userInfoPath}`, {
+                headers: {
+                    Authorization: `Bearer ${currentBuffer}`,
+                },
+            });
+        };
+        let response = await fetchInfo(token);
+        // If unauthorized (401), try to refresh token once
+        if (!response.success && response.error?.code === "UNAUTHORIZED") {
+            token = await this.refreshToken();
+            if (token) {
+                response = await fetchInfo(token);
+            }
+        }
+        if (!response.success) {
+            if (response.error?.code === "UNAUTHORIZED") {
+                await this.logout();
+            }
+            return null;
+        }
+        return response.data;
+    }
+    /**
+     * @summary Synchronously check if the user is authenticated based on token presence and expiration.
+     * @description This only checks the token locally and does not perform a network request.
+     * @returns True if a valid token exists and is not expired.
+     */
+    async isAuthenticated() {
+        const token = await this.getAccessToken();
+        if (!token)
+            return false;
+        try {
+            const decoded = (0, jose_1.decodeJwt)(token);
+            if (!decoded.exp)
+                return true;
+            const now = Math.floor(Date.now() / 1000);
+            return decoded.exp > now + 10;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * @summary Logs out the user by clearing the session from storage and memory.
+     */
+    async logout() {
+        this.accessToken = null;
+        if (this.storage) {
+            await this.storage.removeItem(AuthlyClient.ACCESS_TOKEN_KEY);
+        }
+    }
+    /**
+     * @summary Exchange the authorization code for an access token.
+     * @param code - The authorization code received from the callback.
+     * @param redirectUri - The redirect URI used in the authorize request.
+     * @param codeVerifier - The PKCE code verifier (required if used in authorize).
+     * @returns A promise that resolves to the token response.
+     */
+    async exchangeCodeForToken(code, redirectUri, codeVerifier) {
+        const url = `${this.issuer}${this.tokenPath}`;
+        const body = {
+            grant_type: "authorization_code",
+            client_id: this.serviceId,
+            code,
+            redirect_uri: redirectUri,
+        };
+        if (codeVerifier) {
+            body.code_verifier = codeVerifier;
+        }
+        const response = await HttpClient_1.HttpClient.post(url, {
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams(body).toString(),
+        });
+        if (!response.success) {
+            throw new Error(response.error?.message || "Failed to exchange code for token");
+        }
+        return response.data;
+    }
     /**
      * @summary Verify a JWT token and return its decoded claims.
      * @description This method verifies the token's signature using the provider's JWKS,

package/dist/globals/configuration/AuthlyConfiguration.d.ts

@@ -18,6 +18,18 @@ declare class AuthlyConfiguration {
      * @default "/authorize"
      */
     static readonly DEFAULT_AUTHORIZE_PATH: string;
+    /**
+     * @summary The default token path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/oauth/token"
+     */
+    static readonly DEFAULT_TOKEN_PATH: string;
+    /**
+     * @summary The default user info path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/v1/oauth/userinfo"
+     */
+    static readonly DEFAULT_USER_INFO_PATH: string;
     /**
      * @summary The default algorithms.
      * @readonly This property is readonly and cannot be changed.

package/dist/globals/configuration/AuthlyConfiguration.js

@@ -21,6 +21,18 @@ class AuthlyConfiguration {
      * @default "/authorize"
      */
     static DEFAULT_AUTHORIZE_PATH = "/authorize";
+    /**
+     * @summary The default token path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/oauth/token"
+     */
+    static DEFAULT_TOKEN_PATH = "/oauth/token";
+    /**
+     * @summary The default user info path.
+     * @readonly This property is readonly and cannot be changed.
+     * @default "/v1/oauth/userinfo"
+     */
+    static DEFAULT_USER_INFO_PATH = "/v1/oauth/userinfo";
     /**
      * @summary The default algorithms.
      * @readonly This property is readonly and cannot be changed.

package/dist/globals/internal/PKCEUtils.d.ts

@@ -0,0 +1,23 @@
+/**
+ * @summary Utilities for PKCE (Proof Key for Code Exchange).
+ */
+export declare class PKCEUtils {
+    /**
+     * @summary Generate a random string for state or code verifier.
+     * @param length - The length of the string.
+     * @returns The generated string.
+     */
+    static generateRandomString(length?: number): string;
+    /**
+     * @summary Generate the code challenge from the code verifier.
+     * @param codeVerifier - The code verifier.
+     * @returns A promise that resolves to the code challenge.
+     */
+    static generateCodeChallenge(codeVerifier: string): Promise<string>;
+    /**
+     * @summary Base64 URL encode a buffer.
+     * @param buffer - The buffer to encode.
+     * @returns The base64 URL encoded string.
+     */
+    private static base64URLEncode;
+}

package/dist/globals/internal/PKCEUtils.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PKCEUtils = void 0;
+/**
+ * @summary Utilities for PKCE (Proof Key for Code Exchange).
+ */
+class PKCEUtils {
+    /**
+     * @summary Generate a random string for state or code verifier.
+     * @param length - The length of the string.
+     * @returns The generated string.
+     */
+    static generateRandomString(length = 43) {
+        const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+        let result = "";
+        const randomValues = new Uint8Array(length);
+        if (typeof window !== "undefined" && window.crypto) {
+            window.crypto.getRandomValues(randomValues);
+        }
+        else {
+            for (let i = 0; i < length; i++) {
+                randomValues[i] = Math.floor(Math.random() * 256);
+            }
+        }
+        for (let i = 0; i < length; i++) {
+            result += charset[randomValues[i] % charset.length];
+        }
+        return result;
+    }
+    /**
+     * @summary Generate the code challenge from the code verifier.
+     * @param codeVerifier - The code verifier.
+     * @returns A promise that resolves to the code challenge.
+     */
+    static async generateCodeChallenge(codeVerifier) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(codeVerifier);
+        if (typeof window !== "undefined" && window.crypto && window.crypto.subtle) {
+            const hashBuffer = await window.crypto.subtle.digest("SHA-256", data);
+            return this.base64URLEncode(hashBuffer);
+        }
+        // TODO: Add a fallback for non-browser environments. (crypto module)
+        throw new Error("Crypto API is not available in this environment.");
+    }
+    /**
+     * @summary Base64 URL encode a buffer.
+     * @param buffer - The buffer to encode.
+     * @returns The base64 URL encoded string.
+     */
+    static base64URLEncode(buffer) {
+        const bytes = new Uint8Array(buffer);
+        let binary = "";
+        for (let i = 0; i < bytes.byteLength; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    }
+}
+exports.PKCEUtils = PKCEUtils;

package/dist/index.d.ts

@@ -21,3 +21,6 @@ export * from "./models/builders/process-errors/tokens/AuthlyTokenInvalidError";
 export * from "./models/globals/clients/interfaces/IAuthlyClientOptions";
 export * from "./models/globals/clients/interfaces/IAuthorizeUrlOptions";
 export * from "./models/globals/clients/interfaces/IDecodedTokenClaim";
+export * from "./models/globals/clients/interfaces/ITokenResponse";
+export * from "./models/globals/clients/interfaces/IAuthlyStorage";
+export * from "./models/globals/clients/interfaces/IUserProfile";

package/dist/index.js

@@ -37,3 +37,6 @@ __exportStar(require("./models/builders/process-errors/tokens/AuthlyTokenInvalid
 __exportStar(require("./models/globals/clients/interfaces/IAuthlyClientOptions"), exports);
 __exportStar(require("./models/globals/clients/interfaces/IAuthorizeUrlOptions"), exports);
 __exportStar(require("./models/globals/clients/interfaces/IDecodedTokenClaim"), exports);
+__exportStar(require("./models/globals/clients/interfaces/ITokenResponse"), exports);
+__exportStar(require("./models/globals/clients/interfaces/IAuthlyStorage"), exports);
+__exportStar(require("./models/globals/clients/interfaces/IUserProfile"), exports);

package/dist/models/globals/clients/interfaces/IAuthlyClientOptions.d.ts

@@ -1,3 +1,4 @@
+import type { IAuthlyStorage } from "./IAuthlyStorage";
 /**
  * @summary Options for initializing the AuthlyClient.
  */
@@ -17,6 +18,16 @@ interface IAuthlyClientOptions {
      * @example "1234567890"
      */
     readonly serviceId: string;
+    /**
+     * @summary The redirect URI to use for the authorization flow.
+     * @example "https://app.example.com/api/auth/callback"
+     */
+    readonly redirectUri?: string;
+    /**
+     * @summary The storage implementation to use for PKCE state and verifier.
+     * @default localStorage (in browser)
+     */
+    readonly storage?: IAuthlyStorage;
     /**
      * @summary The path to the JWKS endpoint relative to the issuer.
      * @example "/.well-known/jwks.json"
@@ -29,6 +40,18 @@ interface IAuthlyClientOptions {
      * @default "/authorize"
      */
     readonly authorizePath?: string;
+    /**
+     * @summary The path to the token endpoint relative to the issuer.
+     * @example "/v1/oauth/token"
+     * @default "/oauth/token"
+     */
+    readonly tokenPath?: string;
+    /**
+     * @summary The path to the user info endpoint relative to the issuer.
+     * @example "/v1/oauth/userinfo"
+     * @default "/v1/oauth/userinfo"
+     */
+    readonly userInfoPath?: string;
     /**
      * @summary A list of allowed signing algorithms.
      * @example ["RS256"]

package/dist/models/globals/clients/interfaces/IAuthlyStorage.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @summary Interface for storage used by AuthlyClient.
+ */
+export interface IAuthlyStorage {
+    /**
+     * @summary Retrieve an item from storage.
+     * @param _key - The key of the item to retrieve.
+     * @returns The value of the item, or null if not found.
+     */
+    getItem(_key: string): string | null | Promise<string | null>;
+    /**
+     * @summary Add key and value to storage.
+     * @param _key - The key of the item to add.
+     * @param _value - The value of the item to add.
+     */
+    setItem(_key: string, _value: string): void | Promise<void>;
+    /**
+     * @summary Remove an item from storage.
+     * @param _key - The key of the item to remove.
+     */
+    removeItem(_key: string): void | Promise<void>;
+}

package/dist/models/globals/clients/interfaces/IAuthlyStorage.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/models/globals/clients/interfaces/ITokenResponse.d.ts

@@ -0,0 +1,29 @@
+/**
+ * @summary Interface for the token response.
+ */
+export interface ITokenResponse {
+    /**
+     * @summary The access token.
+     */
+    access_token: string;
+    /**
+     * @summary The token type.
+     */
+    token_type: string;
+    /**
+     * @summary The expiration time in seconds.
+     */
+    expires_in: number;
+    /**
+     * @summary The refresh token.
+     */
+    refresh_token?: string;
+    /**
+     * @summary The ID token.
+     */
+    id_token?: string;
+    /**
+     * @summary The scope of the token.
+     */
+    scope?: string;
+}

package/dist/models/globals/clients/interfaces/ITokenResponse.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/models/globals/clients/interfaces/IUserProfile.d.ts

@@ -0,0 +1,42 @@
+/**
+ * @summary Represents the user profile information returned by Authly.
+ */
+export interface IUserProfile {
+    /**
+     * @summary The unique identifier for the user.
+     */
+    sub: string;
+    /**
+     * @summary The user's email address.
+     */
+    email?: string;
+    /**
+     * @summary Whether the user's email address has been verified.
+     */
+    email_verified?: boolean;
+    /**
+     * @summary The user's full name.
+     */
+    name?: string;
+    /**
+     * @summary The user's given (first) name.
+     */
+    given_name?: string;
+    /**
+     * @summary The user's family (last) name.
+     */
+    family_name?: string;
+    /**
+     * @summary The user's preferred username.
+     */
+    preferred_username?: string;
+    /**
+     * @summary The user's permissions in Authly.
+     * @description A record where keys are resource names and values are bitmask integers.
+     */
+    permissions?: Record<string, number>;
+    /**
+     * @summary Additional custom claims.
+     */
+    [key: string]: unknown;
+}

package/dist/models/globals/clients/interfaces/IUserProfile.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/react/AuthlyCallback.d.ts

@@ -0,0 +1,20 @@
+import React from "react";
+interface AuthlyCallbackProps {
+    /**
+     * @summary The URL to redirect to after successful login.
+     * @default "/"
+     */
+    onSuccess?: string;
+    /**
+     * @summary The URL to redirect to after failed login.
+     * @default "/login"
+     */
+    onFailure?: string;
+    /**
+     * @summary Optional custom navigation function (e.g. router.push from Next.js or navigate from React Router).
+     * @description If not provided, window.location.href will be used.
+     */
+    navigate?: (path: string) => void;
+}
+export declare const AuthlyCallback: React.FC<AuthlyCallbackProps>;
+export {};

package/dist/react/AuthlyCallback.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyCallback = void 0;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const react_1 = require("react");
+const AuthlyContext_1 = require("./AuthlyContext");
+const AuthlyCallback = ({ onSuccess = "/", onFailure = "/login", navigate }) => {
+    const { client, refresh } = (0, AuthlyContext_1.useAuthly)();
+    const processedRef = (0, react_1.useRef)(false);
+    (0, react_1.useEffect)(() => {
+        const handleCallback = async () => {
+            if (processedRef.current)
+                return;
+            processedRef.current = true;
+            const params = new URLSearchParams(window.location.search);
+            const code = params.get("code");
+            const state = params.get("state");
+            if (!code || !state) {
+                return;
+            }
+            try {
+                await client.exchangeToken(params);
+                await refresh();
+                if (navigate) {
+                    navigate(onSuccess);
+                }
+                else {
+                    window.location.href = onSuccess;
+                }
+            }
+            catch (error) {
+                console.error("Authly callback failed:", error);
+                if (navigate) {
+                    navigate(onFailure);
+                }
+                else {
+                    window.location.href = onFailure;
+                }
+            }
+        };
+        handleCallback();
+    }, [client, onSuccess, onFailure, navigate, refresh]);
+    return ((0, jsx_runtime_1.jsx)("div", { style: { display: "flex", justifyContent: "center", alignItems: "center", height: "100vh" }, children: (0, jsx_runtime_1.jsx)("p", { children: "Authenticating..." }) }));
+};
+exports.AuthlyCallback = AuthlyCallback;

package/dist/react/AuthlyContext.d.ts

@@ -0,0 +1,16 @@
+import type { AuthlyClient } from "../globals/clients/AuthlyClient";
+import type { IUserProfile } from "../models/globals/clients/interfaces/IUserProfile";
+export interface IAuthlyContext {
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    user: IUserProfile | null;
+    login: (options?: Parameters<AuthlyClient["authorize"]>[0]) => Promise<void>;
+    logout: () => Promise<void>;
+    /**
+     * @summary Manually refresh the session state (e.g. after callback).
+     */
+    refresh: () => Promise<void>;
+    client: AuthlyClient;
+}
+export declare const AuthlyContext: import("react").Context<IAuthlyContext | undefined>;
+export declare const useAuthly: () => IAuthlyContext;

package/dist/react/AuthlyContext.js

@@ -0,0 +1,14 @@
+"use strict";
+"use client";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useAuthly = exports.AuthlyContext = void 0;
+const react_1 = require("react");
+exports.AuthlyContext = (0, react_1.createContext)(undefined);
+const useAuthly = () => {
+    const context = (0, react_1.useContext)(exports.AuthlyContext);
+    if (!context) {
+        throw new Error("useAuthly must be used within an AuthlyProvider");
+    }
+    return context;
+};
+exports.useAuthly = useAuthly;

package/dist/react/AuthlyProvider.d.ts

@@ -0,0 +1,8 @@
+import React, { ReactNode } from "react";
+import type { AuthlyClient } from "../globals/clients/AuthlyClient";
+interface AuthlyProviderProps {
+    client: AuthlyClient;
+    children: ReactNode;
+}
+export declare const AuthlyProvider: React.FC<AuthlyProviderProps>;
+export {};

package/dist/react/AuthlyProvider.js

@@ -0,0 +1,54 @@
+"use strict";
+"use client";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthlyProvider = void 0;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const react_1 = require("react");
+const AuthlyContext_1 = require("./AuthlyContext");
+const AuthlyProvider = ({ client, children }) => {
+    const [isAuthenticated, setIsAuthenticated] = (0, react_1.useState)(false);
+    const [isLoading, setIsLoading] = (0, react_1.useState)(true);
+    const [user, setUser] = (0, react_1.useState)(null);
+    const checkSession = (0, react_1.useCallback)(async () => {
+        try {
+            const authenticated = await client.isAuthenticated();
+            setIsAuthenticated(authenticated);
+            if (authenticated) {
+                const profile = await client.getUser();
+                setUser(profile);
+                if (!profile) {
+                    setIsAuthenticated(false);
+                }
+            }
+            else {
+                setUser(null);
+            }
+        }
+        catch (error) {
+            console.error("Authly session check failed:", error);
+            setIsAuthenticated(false);
+            setUser(null);
+        }
+        finally {
+            setIsLoading(false);
+        }
+    }, [client]);
+    (0, react_1.useEffect)(() => {
+        checkSession();
+    }, [checkSession]);
+    const login = (0, react_1.useCallback)(async (options) => {
+        const url = await client.authorize(options);
+        if (typeof window !== "undefined") {
+            window.location.href = url;
+        }
+    }, [client]);
+    const logout = (0, react_1.useCallback)(async () => {
+        await client.logout();
+        setIsAuthenticated(false);
+        setUser(null);
+        if (typeof window !== "undefined") {
+        }
+    }, [client]);
+    return ((0, jsx_runtime_1.jsx)(AuthlyContext_1.AuthlyContext.Provider, { value: { isAuthenticated, isLoading, user, login, logout, refresh: checkSession, client }, children: children }));
+};
+exports.AuthlyProvider = AuthlyProvider;

package/dist/react/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./AuthlyContext";
+export * from "./AuthlyProvider";
+export * from "./AuthlyCallback";

package/dist/react/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./AuthlyContext"), exports);
+__exportStar(require("./AuthlyProvider"), exports);
+__exportStar(require("./AuthlyCallback"), exports);

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@authly/sdk",
     "description": "A library for building authentication systems using Authly.",
-    "version": "1.1.2",
+    "version": "1.2.0",
     "author": {
         "name": "Anvoria",
         "url": "https://github.com/Anvoria"
@@ -27,6 +27,16 @@
     },
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "default": "./dist/index.js"
+        },
+        "./react": {
+            "types": "./dist/react/index.d.ts",
+            "default": "./dist/react/index.js"
+        }
+    },
     "files": [
         "dist"
     ],
@@ -57,18 +67,31 @@
         "@eslint/json": "^0.14.0",
         "@eslint/markdown": "^7.5.1",
         "@types/bun": "^1.3.4",
-        "@types/node": "^25.0.3",
+        "@types/node": "^25.0.9",
+        "@types/react": "^19.2.8",
         "eslint": "^9.39.2",
         "globals": "^17.0.0",
         "husky": "^9.1.7",
         "jiti": "^2.6.1",
         "lint-staged": "^16.2.7",
         "prettier": "^3.7.4",
+        "react-dom": "^19.2.3",
         "tsx": "^4.21.0",
         "typescript": "^5.9.3",
         "typescript-eslint": "^8.50.0"
     },
     "dependencies": {
         "jose": "^6.1.3"
+    },
+    "peerDependencies": {
+        "react": ""
+    },
+    "peerDependenciesMeta": {
+        "react": {
+            "optional": true
+        },
+        "next": {
+            "optional": true
+        }
     }
 }