npm - @authon/js - Versions diffs - 0.2.1 → 0.3.1 - Mend

@authon/js 0.2.1 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.ko.md ADDED Viewed

@@ -0,0 +1,99 @@
+[English](./README.md) | **한국어**
+# @authon/js
+> 브라우저 인증 SDK -- 셀프 호스팅 Clerk 대안, Auth0 대안, 오픈소스 인증
+## 설치
+```bash
+npm install @authon/js
+```
+## 빠른 시작
+```html
+<!DOCTYPE html>
+<html>
+<head><title>My App</title></head>
+<body>
+  <button id="sign-in-btn">로그인</button>
+  <div id="user-info"></div>
+  <script type="module">
+    import { Authon } from '@authon/js';
+    const authon = new Authon('pk_live_YOUR_PUBLISHABLE_KEY', {
+      apiUrl: 'https://your-authon-server.com',
+    });
+    document.getElementById('sign-in-btn').addEventListener('click', () => {
+      authon.openSignIn();
+    });
+    authon.on('signedIn', (user) => {
+      document.getElementById('user-info').textContent = `안녕하세요, ${user.email}`;
+    });
+  </script>
+</body>
+</html>
+```
+## 주요 작업
+### Google OAuth 로그인 추가
+```ts
+await authon.signInWithOAuth('google');
+// 지원 프로바이더: google, apple, github, discord, facebook,
+// microsoft, kakao, naver, line, x
+```
+### 이메일/비밀번호 인증
+```ts
+const user = await authon.signUpWithEmail('user@example.com', 'MyP@ssw0rd', { displayName: 'Alice' });
+const user = await authon.signInWithEmail('user@example.com', 'MyP@ssw0rd');
+```
+### 현재 사용자 가져오기
+```ts
+const user = authon.getUser();
+const token = authon.getToken();
+```
+### 로그인 모달 열기
+```ts
+await authon.openSignIn();
+await authon.openSignUp();
+```
+### 로그아웃
+```ts
+await authon.signOut();
+```
+## 환경 변수
+| 변수 | 필수 | 설명 |
+|------|------|------|
+| `AUTHON_API_URL` | Yes | Authon 서버 URL |
+| `AUTHON_PUBLISHABLE_KEY` | Yes | 프로젝트 퍼블리셔블 키 |
+## 비교
+| 기능 | Authon | Clerk | Auth.js |
+|------|--------|-------|---------|
+| 셀프 호스팅 | Yes | No | 부분적 |
+| 가격 | 무료 | $25/월+ | 무료 |
+| OAuth 프로바이더 | 10+ | 20+ | 80+ |
+| ShadowDOM 모달 | Yes | No | No |
+| MFA/패스키 | Yes | Yes | 플러그인 |
+| Web3 인증 | Yes | No | No |
+## 라이선스
+MIT

package/README.md CHANGED Viewed

@@ -1,103 +1,293 @@
+**English** | [한국어](./README.ko.md)
 # @authon/js
-Core browser SDK for [Authon](https://authon.dev) — ShadowDOM login modal, OAuth flows, and session management.
+> Drop-in browser authentication SDK — self-hosted Clerk alternative, Auth0 alternative, open-source auth
+[![npm version](https://img.shields.io/npm/v/@authon/js?color=6d28d9)](https://www.npmjs.com/package/@authon/js)
+[![License](https://img.shields.io/badge/license-MIT-blue)](../../LICENSE)
+## Prerequisites
+Before installing the SDK, create an Authon project and get your API keys:
+1. **Create a project** at [Authon Dashboard](https://authon.dev/dashboard/overview)
+   - Click "Create Project" and enter your app name
+   - Select the authentication methods you want (Email/Password, OAuth providers, etc.)
+2. **Get your API keys** from Project Settings → API Keys
+   - **Publishable Key** (`pk_live_...` or `pk_test_...`) — safe to use in client-side code
+   - **Secret Key** (`sk_live_...` or `sk_test_...`) — server-side only, never expose to clients
+3. **Configure OAuth providers** (optional) in Project Settings → OAuth
+   - Add Google, Apple, GitHub, etc. with their respective Client ID and Secret
+   - Set the redirect URL to `https://api.authon.dev/v1/auth/oauth/redirect`
+> **Test vs Live keys:** Use `pk_test_...` during development. Switch to `pk_live_...` before deploying to production. Test keys use a sandbox environment with no rate limits.
 ## Install
 ```bash
 npm install @authon/js
-# or
-pnpm add @authon/js
 ```
 ## Quick Start
+```html
+<!-- index.html -->
+<!DOCTYPE html>
+<html>
+<head><title>My App</title></head>
+<body>
+  <button id="sign-in-btn">Sign In</button>
+  <div id="user-info"></div>
+  <script type="module">
+    import { Authon } from '@authon/js';
+    const authon = new Authon('pk_live_YOUR_PUBLISHABLE_KEY', {
+      apiUrl: 'https://your-authon-server.com',
+    });
+    document.getElementById('sign-in-btn').addEventListener('click', () => {
+      authon.openSignIn();
+    });
+    authon.on('signedIn', (user) => {
+      document.getElementById('user-info').textContent = `Hello, ${user.email}`;
+      document.getElementById('sign-in-btn').style.display = 'none';
+    });
+  </script>
+</body>
+</html>
+```
+## Common Tasks
+### Add Google OAuth Login
 ```ts
 import { Authon } from '@authon/js';
-const authon = new Authon('pk_live_...');
+const authon = new Authon('pk_live_YOUR_PUBLISHABLE_KEY', {
+  apiUrl: 'https://your-authon-server.com',
+});
-// Open the sign-in modal
-await authon.openSignIn();
+// Opens popup, falls back to redirect if blocked
+await authon.signInWithOAuth('google');
+// Force redirect mode
+await authon.signInWithOAuth('google', { flowMode: 'redirect' });
+// Supported providers: google, apple, github, discord, facebook,
+// microsoft, kakao, naver, line, x
+```
+### Add Email/Password Auth
+```ts
+import { Authon } from '@authon/js';
-// Listen for auth events
-authon.on('signedIn', (user) => {
-  console.log('Signed in:', user.email);
+const authon = new Authon('pk_live_YOUR_PUBLISHABLE_KEY', {
+  apiUrl: 'https://your-authon-server.com',
 });
-authon.on('signedOut', () => {
-  console.log('Signed out');
+// Sign up
+const user = await authon.signUpWithEmail('user@example.com', 'MyP@ssw0rd', {
+  displayName: 'Alice',
 });
-// Email/password sign-in
-const user = await authon.signInWithEmail('user@example.com', 'password');
+// Sign in
+const user = await authon.signInWithEmail('user@example.com', 'MyP@ssw0rd');
+```
-// OAuth sign-in (uses dashboard default flow: auto | popup | redirect)
-await authon.signInWithOAuth('google');
+### Get Current User
-// Optional runtime override
-await authon.signInWithOAuth('google', { flowMode: 'redirect' });
+```ts
+// Synchronous — no network request
+const user = authon.getUser();
+// { id, email, displayName, avatarUrl, emailVerified, ... }
-// Get current user and token
-const currentUser = authon.getUser();
 const token = authon.getToken();
+// Use token for authenticated API calls
+```
+### Open Built-in Sign-In Modal
+```ts
+// ShadowDOM modal — no CSS conflicts with your app
+await authon.openSignIn();
+await authon.openSignUp();
+```
+### Handle Sign Out
-// Sign out
+```ts
 await authon.signOut();
 ```
-## Configuration
+### Add Passkey (WebAuthn) Login
 ```ts
-const authon = new Authon('pk_live_...', {
-  apiUrl: 'https://api.authon.dev',  // Custom API URL
-  mode: 'popup',                      // 'popup' | 'embedded'
-  theme: 'auto',                      // 'light' | 'dark' | 'auto'
-  locale: 'en',                       // Locale for the modal UI
-  containerId: 'auth-container',      // Container element ID (embedded mode)
-  appearance: {                        // Custom branding overrides
-    primaryColorStart: '#7c3aed',
-    primaryColorEnd: '#4f46e5',
-    borderRadius: 12,
-    brandName: 'My App',
-  },
+// Register passkey (user must be signed in)
+const credential = await authon.registerPasskey('My MacBook');
+// Sign in with passkey
+const user = await authon.authenticateWithPasskey();
+```
+### Add Web3 Wallet Login (MetaMask)
+```ts
+const { message } = await authon.web3GetNonce('0xAbc...', 'evm', 'metamask', 1);
+const signature = await window.ethereum.request({
+  method: 'personal_sign',
+  params: [message, '0xAbc...'],
 });
+const user = await authon.web3Verify(message, signature, '0xAbc...', 'evm', 'metamask');
+```
+### Add MFA (TOTP)
+```ts
+import { Authon, AuthonMfaRequiredError } from '@authon/js';
+// Setup MFA (user must be signed in)
+const setup = await authon.setupMfa();
+document.getElementById('qr').innerHTML = setup.qrCodeSvg;
+await authon.verifyMfaSetup('123456'); // code from authenticator app
+// Sign in with MFA
+try {
+  await authon.signInWithEmail('user@example.com', 'password');
+} catch (err) {
+  if (err instanceof AuthonMfaRequiredError) {
+    const user = await authon.verifyMfa(err.mfaToken, '123456');
+  }
+}
+```
+### Listen to Auth Events
+```ts
+authon.on('signedIn', (user) => console.log('Signed in:', user.email));
+authon.on('signedOut', () => console.log('Signed out'));
+authon.on('error', (err) => console.error(err.message));
+authon.on('mfaRequired', (mfaToken) => { /* show MFA dialog */ });
+authon.on('tokenRefreshed', (token) => { /* update API client */ });
 ```
+## Environment Variables
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `AUTHON_API_URL` | Yes | Your Authon server URL (e.g. `https://your-authon-server.com`) |
+| `AUTHON_PUBLISHABLE_KEY` | Yes | Project publishable key (`pk_live_...` or `pk_test_...`) |
 ## API Reference
-### `Authon` class
-| Method | Returns | Description |
-|--------|---------|-------------|
-| `openSignIn()` | `Promise<void>` | Open the sign-in modal |
-| `openSignUp()` | `Promise<void>` | Open the sign-up modal |
-| `signInWithEmail(email, password)` | `Promise<AuthonUser>` | Sign in with email/password |
-| `signUpWithEmail(email, password, meta?)` | `Promise<AuthonUser>` | Register with email/password |
-| `signInWithOAuth(provider, options?)` | `Promise<void>` | Start OAuth flow (`auto`, `popup`, `redirect`) |
-| `signOut()` | `Promise<void>` | Sign out and clear session |
-| `getUser()` | `AuthonUser \| null` | Get current user |
-| `getToken()` | `string \| null` | Get current access token |
-| `on(event, listener)` | `() => void` | Subscribe to events (returns unsubscribe fn) |
-| `destroy()` | `void` | Clean up resources |
+### Constructor
-### Events
+```ts
+new Authon(publishableKey: string, config?: AuthonConfig)
+```
+| Config Option | Type | Default | Description |
+|--------------|------|---------|-------------|
+| `apiUrl` | `string` | `https://api.authon.dev` | API base URL |
+| `mode` | `'popup' \| 'embedded'` | `'popup'` | Modal display mode |
+| `theme` | `'light' \| 'dark' \| 'auto'` | `'auto'` | UI theme |
+| `locale` | `string` | `'en'` | UI locale |
+| `containerId` | `string` | -- | Element ID for embedded mode |
+| `appearance` | `Partial<BrandingConfig>` | -- | Override branding |
+### Auth Methods
+| Method | Returns |
+|--------|---------|
+| `openSignIn()` | `Promise<void>` |
+| `openSignUp()` | `Promise<void>` |
+| `signInWithEmail(email, password)` | `Promise<AuthonUser>` |
+| `signUpWithEmail(email, password, meta?)` | `Promise<AuthonUser>` |
+| `signInWithOAuth(provider, options?)` | `Promise<void>` |
+| `signOut()` | `Promise<void>` |
+| `getUser()` | `AuthonUser \| null` |
+| `getToken()` | `string \| null` |
+### Passwordless
-| Event | Payload | Description |
-|-------|---------|-------------|
-| `signedIn` | `AuthonUser` | User signed in |
-| `signedOut` | none | User signed out |
-| `tokenRefreshed` | `string` | Access token was refreshed |
-| `error` | `Error` | An error occurred |
+| Method | Returns |
+|--------|---------|
+| `sendMagicLink(email)` | `Promise<void>` |
+| `sendEmailOtp(email)` | `Promise<void>` |
+| `verifyPasswordless({ token?, email?, code? })` | `Promise<AuthonUser>` |
-## ShadowDOM Modal
+### Passkeys (WebAuthn)
+| Method | Returns |
+|--------|---------|
+| `registerPasskey(name?)` | `Promise<PasskeyCredential>` |
+| `authenticateWithPasskey(email?)` | `Promise<AuthonUser>` |
+| `listPasskeys()` | `Promise<PasskeyCredential[]>` |
+| `renamePasskey(id, name)` | `Promise<PasskeyCredential>` |
+| `revokePasskey(id)` | `Promise<void>` |
+### Web3
+| Method | Returns |
+|--------|---------|
+| `web3GetNonce(address, chain, walletType, chainId?)` | `Promise<Web3NonceResponse>` |
+| `web3Verify(message, signature, address, chain, walletType)` | `Promise<AuthonUser>` |
+| `listWallets()` | `Promise<Web3Wallet[]>` |
+| `linkWallet(params)` | `Promise<Web3Wallet>` |
+| `unlinkWallet(walletId)` | `Promise<void>` |
+### MFA
+| Method | Returns |
+|--------|---------|
+| `setupMfa()` | `Promise<MfaSetupResponse & { qrCodeSvg }>` |
+| `verifyMfaSetup(code)` | `Promise<void>` |
+| `verifyMfa(mfaToken, code)` | `Promise<AuthonUser>` |
+| `getMfaStatus()` | `Promise<MfaStatus>` |
+| `disableMfa(code)` | `Promise<void>` |
+| `regenerateBackupCodes(code)` | `Promise<string[]>` |
+### Organizations
+| Method | Returns |
+|--------|---------|
+| `organizations.list()` | `Promise<OrganizationListResponse>` |
+| `organizations.create(params)` | `Promise<AuthonOrganization>` |
+| `organizations.get(orgId)` | `Promise<AuthonOrganization>` |
+| `organizations.update(orgId, params)` | `Promise<AuthonOrganization>` |
+| `organizations.delete(orgId)` | `Promise<void>` |
+| `organizations.invite(orgId, params)` | `Promise<OrganizationInvitation>` |
+### Events
-The login modal renders inside a ShadowRoot, preventing CSS conflicts with your application. Branding (colors, logo, border radius, custom CSS) is fetched from your Authon project settings and can be overridden via the `appearance` config.
+| Event | Payload |
+|-------|---------|
+| `signedIn` | `AuthonUser` |
+| `signedOut` | -- |
+| `tokenRefreshed` | `string` |
+| `mfaRequired` | `string` (mfaToken) |
+| `passkeyRegistered` | `PasskeyCredential` |
+| `web3Connected` | `Web3Wallet` |
+| `error` | `Error` |
-## Documentation
+## Comparison
-[authon.dev/docs](https://authon.dev/docs)
+| Feature | Authon | Clerk | Auth.js |
+|---------|--------|-------|---------|
+| Self-hosted | Yes | No | Partial |
+| Pricing | Free | $25/mo+ | Free |
+| OAuth providers | 10+ | 20+ | 80+ |
+| ShadowDOM modal | Yes | No | No |
+| MFA/Passkeys | Yes | Yes | Plugin |
+| Web3 auth | Yes | No | No |
+| Organizations | Yes | Yes | No |
 ## License
-[MIT](../../LICENSE)
+MIT