@authticon/client 0.0.0-beta37 → 0.0.0-beta39

package/README.md

@@ -0,0 +1,375 @@
+# @authticon/client
+
+Oficjalny klient JavaScript/TypeScript dla [Authticon](https://authticon.com) — usługi uwierzytelniania. Biblioteka wspiera zarówno środowisko **Node.js** (SSR, API routes), jak i **przeglądarkę** (SPA, client-side).
+
+## Instalacja
+
+```bash
+npm install @authticon/client
+```
+
+**Wymagania:** Node.js >= 18
+
+## Dwa entry pointy
+
+Biblioteka dostarcza dwa osobne moduły z odrębnymi implementacjami cookie i sesji:
+
+| Import | Środowisko | Cookie adapter |
+|---|---|---|
+| `@authticon/client` lub `@authticon/client/node` | Node.js / SSR | Parsuje cookies z obiektu `Request`, zwraca `CookieStorageAdapter` z metodami `applyToResponse()`, `stringifySetCookies()` |
+| `@authticon/client/browser` | Przeglądarka / SPA | Używa `document.cookie` |
+
+## Szybki start
+
+### Node.js (np. Next.js, Express, Hono)
+
+```typescript
+import { createAuthticon } from "@authticon/client/node";
+
+const authticon = createAuthticon({
+  projectId: "your-project-id",
+});
+
+// W handlerze HTTP:
+async function handler(request: Request) {
+  const { getUser, login, logout, cookies } = await authticon.session({
+    request,
+  });
+
+  const user = getUser(); // SessionUser | null
+
+  // cookies.applyToResponse(response) — ustawia Set-Cookie na odpowiedzi
+}
+```
+
+### Przeglądarka
+
+```typescript
+import { createAuthticon } from "@authticon/client/browser";
+
+const authticon = createAuthticon({
+  projectId: "your-project-id",
+});
+
+const session = await authticon.session({});
+
+const user = session.getUser();
+await session.login({ email: "user@example.com", password: "secret" });
+```
+
+## Konfiguracja
+
+```typescript
+type AuthticonOptions = {
+  projectId: string;        // ID projektu w Authticon (wymagane)
+  baseUrl?: string;          // URL API (domyślnie: "https://authticon.com")
+  jwksUrl?: string;          // URL do JWKS (domyślnie: {baseUrl}/.well-known/jwks.json)
+  jwksCacheTtlMs?: number;   // TTL cache kluczy JWKS (domyślnie: 1h)
+  cache?: CacheAdapter;      // Zewnętrzny adapter cache (domyślnie: in-memory)
+  logger?: Logger;           // Instancja pino logger
+};
+```
+
+## Session (API stanowe)
+
+`session()` to główny sposób interakcji z biblioteką. Tworzy **stanowy obiekt sesji**, który:
+
+1. Przy tworzeniu automatycznie odczytuje tokeny z cookies
+2. Weryfikuje access token za pomocą JWKS
+3. Jeśli token wygasł — automatycznie odświeża go za pomocą refresh tokena
+4. Cache'uje obiekt `SessionUser` w pamięci na czas życia sesji
+5. Operacje takie jak `login()`, `logout()`, `createGuest()` automatycznie aktualizują wewnętrzny stan sesji i zapisują nowe tokeny w cookies
+
+### Tworzenie sesji
+
+#### Node.js — z obiektu `Request`
+
+```typescript
+const session = await authticon.session({ request });
+// session.cookies — CookieStorageAdapter z metodami applyToResponse(), stringifySetCookies()
+```
+
+#### Node.js — z własnym `CookieAdapter`
+
+```typescript
+const session = await authticon.session({ cookies: myCookieAdapter });
+```
+
+#### Przeglądarka
+
+```typescript
+const session = await authticon.session({});
+// Automatycznie używa document.cookie
+```
+
+Opcjonalnie można przekazać `tokenStorage` do nadpisania nazw cookies i ich parametrów:
+
+```typescript
+const session = await authticon.session({
+  request,
+  tokenStorage: {
+    accessTokenName: "my_access_token",
+    refreshTokenName: "my_refresh_token",
+    secure: true,
+    sameSite: "Strict",
+    domain: ".example.com",
+  },
+});
+```
+
+### Metody sesji
+
+#### Autentykacja
+
+| Metoda | Opis |
+|---|---|
+| `login(params)` | Logowanie (email/password). Zwraca `SessionUser`. |
+| `register(params)` | Rejestracja. Zwraca dane rejestracji (tokeny nie są jeszcze zapisywane). |
+| `sendMagicLink(params)` | Wysyła magic link na email. |
+| `loginWithMagicLink(params)` | Weryfikuje magic link i loguje użytkownika. Zwraca `SessionUser`. |
+| `forgotPassword(params)` | Inicjuje reset hasła. |
+| `verifyEmail(params)` | Weryfikuje email. |
+| `createGuest(params)` | Tworzy użytkownika-gościa. Zwraca `SessionUser`. |
+| `acceptInvitation(params)` | Akceptuje zaproszenie. Zwraca `SessionUser`. |
+| `resendConfirmation(params)` | Ponownie wysyła email potwierdzający. |
+| `logout()` | Wylogowuje (server-side + czyści cookies). |
+| `refresh()` | Wymusza odświeżenie tokenów. |
+
+#### Stan użytkownika
+
+| Metoda | Opis |
+|---|---|
+| `getUser()` | Zwraca `SessionUser \| null`. |
+| `requireUser()` | Zwraca `SessionUser` lub rzuca `AuthticonError`. |
+| `hasSession()` | Zwraca `boolean` — czy istnieje access token. |
+| `getFirstChallenge()` | Zwraca pierwszy challenge (np. `"verifyTwoFa"`, `"setPassword"`) lub `undefined`. |
+
+#### Zarządzanie kontem
+
+| Metoda | Opis |
+|---|---|
+| `changeEmail(params)` | Zmiana emaila. |
+| `changePassword(params)` | Zmiana hasła. |
+| `setPassword(params)` | Ustawienie hasła (np. po resecie). |
+| `changePhone(params)` | Zmiana numeru telefonu. |
+| `verifyPhone(params)` | Weryfikacja numeru telefonu. |
+
+#### Dwuskładnikowe uwierzytelnianie (2FA)
+
+| Metoda | Opis |
+|---|---|
+| `getTwoFaSecret()` | Pobiera sekret 2FA (do wyświetlenia QR code). |
+| `enableTwoFa(params)` | Włącza 2FA. |
+| `disableTwoFa(params)` | Wyłącza 2FA. |
+| `sendTwoFaCode(params)` | Wysyła kod 2FA. |
+| `completeTwoFaChallenge(code, remember?)` | Weryfikuje kod 2FA i aktualizuje sesję. |
+
+#### Zaproszenia
+
+| Metoda | Opis |
+|---|---|
+| `createInvitation(params)` | Tworzy zaproszenie. |
+| `deleteInvitation(params)` | Usuwa zaproszenie. |
+
+#### Tokeny
+
+Obiekt `session.tokens` daje bezpośredni dostęp do tokenów:
+
+```typescript
+session.tokens.getAccessToken();   // string | null
+session.tokens.getRefreshToken();  // string | null
+session.tokens.verify();           // weryfikuje aktualny access token
+session.tokens.verify(customToken); // weryfikuje dowolny token
+session.tokens.clear();            // czyści tokeny z cookies i resetuje stan sesji
+```
+
+### SessionUser
+
+```typescript
+type SessionUser<Payload> = {
+  id: string;           // ID użytkownika
+  sessionId: string;    // ID sesji
+  projectId: string;    // ID projektu
+  role: "guest" | "user";
+  isGuest: boolean;
+  challenges: Challenge[];  // np. ["verifyTwoFa", "setPassword"]
+  payload: Payload;         // custom claims z tokena
+  raw: AccessTokenPayload;  // surowy payload JWT
+};
+```
+
+## Low-level API
+
+Oprócz stanowej sesji, `createAuthticon()` udostępnia niskopoziomowe klienty API, które nie zarządzają stanem ani cookies.
+
+### `authticon.auth()` — klient publiczny (bez autoryzacji)
+
+Bezstanowy klient do endpointów niewymagających tokenu:
+
+```typescript
+const auth = authticon.auth();
+
+await auth.login({ email: "user@example.com", password: "secret" });
+await auth.register({ email: "user@example.com", password: "secret" });
+await auth.forgotPassword({ email: "user@example.com" });
+await auth.sendMagicLink({ email: "user@example.com" });
+await auth.verifyMagicLink({ token: "..." });
+await auth.verifyEmail({ token: "..." });
+await auth.createGuestUser({ ... });
+await auth.acceptInvitation({ token: "...", password: "..." });
+await auth.resendConfirmation({ email: "..." });
+```
+
+> **Uwaga:** Te metody zwracają surowe dane z API (np. tokeny). Zarządzanie cookies/stanem leży po stronie wywołującego.
+
+### `authticon.admin(options)` — klient administracyjny (tylko Node.js)
+
+Wymaga klucza API. Służy do operacji administracyjnych:
+
+```typescript
+const admin = authticon.admin({ apiKey: "your-api-key" });
+
+await admin.listUsers({ page: 1 });
+await admin.createUser({ email: "new@example.com", password: "..." });
+await admin.getUser("user-id");
+await admin.updateUser("user-id", { ... });
+await admin.deleteUser("user-id");
+await admin.loginAs({ userId: "user-id" });
+
+// Role
+await admin.createUserRole("user-id", { ... });
+await admin.listUserRoles("user-id");
+await admin.updateUserRole("user-id", "role-id", { ... });
+await admin.deleteUserRole("user-id", "role-id");
+
+// SMS
+await admin.sendSmsCode("user-id");
+await admin.verifySms("user-id", { code: "123456" });
+
+// Test email
+await admin.testEmail({ ... });
+```
+
+### `authticon.tokens` (tylko Node.js)
+
+Bezpośredni dostęp do weryfikatora tokenów na poziomie instancji:
+
+```typescript
+const payload = await authticon.tokens.verify(accessToken);
+authticon.tokens.clearKeyCache(); // czyści cache kluczy JWKS
+```
+
+## Cookie adaptery
+
+### Node.js — `createNodeCookieStorageAdapter`
+
+Parsuje cookies z `Request`, buforuje zmiany i pozwala je aplikować do `Response`:
+
+```typescript
+import { createNodeCookieStorageAdapter } from "@authticon/client/node";
+
+const cookies = createNodeCookieStorageAdapter(request);
+
+// Po operacjach sesji:
+cookies.applyToResponse(response);
+// lub:
+const setCookieHeaders = cookies.stringifySetCookies(); // string[]
+```
+
+### Przeglądarka — `createBrowserCookieAdapter`
+
+Operuje bezpośrednio na `document.cookie`:
+
+```typescript
+import { createBrowserCookieAdapter } from "@authticon/client/browser";
+
+const cookies = createBrowserCookieAdapter();
+```
+
+### Własny adapter
+
+Możesz zaimplementować interfejs `CookieAdapter`:
+
+```typescript
+interface CookieAdapter {
+  get(name: string): string | null;
+  set(name: string, value: string, options: CookieSetOptions): void;
+  remove(name: string, options: CookieRemoveOptions): void;
+}
+```
+
+## Token storage — konfiguracja cookies
+
+```typescript
+type TokenStorageOptions = {
+  accessTokenName?: string;        // domyślnie: "access_token"
+  refreshTokenName?: string;       // domyślnie: "refresh_token"
+  deviceIdName?: string;           // domyślnie: "device_id"
+  adminRefreshTokenName?: string;  // domyślnie: "admin_refresh_token"
+  path?: string;                   // domyślnie: "/"
+  domain?: string;
+  secure?: boolean;                // domyślnie: true
+  sameSite?: "Strict" | "Lax" | "None"; // domyślnie: "Lax"
+  accessTokenMaxAge?: number;      // domyślnie: 900 (15 min)
+  refreshTokenMaxAge?: number;     // domyślnie: 2592000 (30 dni)
+};
+```
+
+## Obsługa błędów
+
+Biblioteka definiuje dedykowaną hierarchię błędów:
+
+```typescript
+import {
+  AuthticonError,
+  AuthticonApiError,
+  AuthticonTokenError,
+  isAuthticonError,
+  isAuthticonApiError,
+  isAuthticonTokenError,
+} from "@authticon/client";
+```
+
+| Klasa | Opis |
+|---|---|
+| `AuthticonError` | Bazowy błąd (np. brak tokenu, użytkownik niezalogowany) |
+| `AuthticonApiError` | Błąd odpowiedzi API (zawiera `statusCode` i `response`) |
+| `AuthticonTokenError` | Błąd weryfikacji JWT (zawiera `code` i oryginalny `joseError`) |
+
+```typescript
+try {
+  const user = session.requireUser();
+} catch (error) {
+  if (isAuthticonApiError(error)) {
+    console.log(error.statusCode); // np. 401
+  }
+  if (isAuthticonTokenError(error, "ERR_JWT_EXPIRED")) {
+    // Token wygasł
+  }
+}
+```
+
+## Typowanie custom payloadu
+
+Biblioteka wspiera generyczne typowanie payloadu JWT:
+
+```typescript
+type MyPayload = {
+  organizationId: string;
+  permissions: string[];
+};
+
+const authticon = createAuthticon<MyPayload>({
+  projectId: "...",
+});
+
+const session = await authticon.session({ request });
+const user = session.getUser();
+
+user?.payload.organizationId;  // string
+user?.payload.permissions;     // string[]
+```
+
+## Licencja
+
+MIT

package/dist/TokenStorage.d.ts

@@ -1,33 +1,21 @@
 import type { Logger } from "pino";
 import type { CookieAdapter, TokenPair, TokenStorageOptions } from "./types.js";
-export declare class TokenStorage {
-    private readonly cookies;
-    private readonly logger?;
-    private readonly accessName;
-    private readonly refreshName;
-    private readonly deviceIdName;
-    private readonly rememberName;
-    private readonly adminRefreshName;
-    private readonly setOptions;
-    private readonly removeOptions;
-    constructor(cookies: CookieAdapter, options?: TokenStorageOptions, logger?: Logger | undefined);
+export type TokenStorage = {
     readonly save: (tokens: TokenPair) => void;
     readonly clear: () => void;
     readonly getAccessToken: () => string | null;
     readonly getRefreshToken: () => string | null;
     readonly getDeviceId: () => string | null;
-    readonly getRememberToken: () => string | null;
     readonly getAdminRefreshToken: () => string | null;
     readonly setAccessToken: (accessToken: string) => void;
-    readonly setRememberToken: (rememberToken: string) => void;
     readonly setRefreshToken: (refreshToken: string) => void;
     readonly setAdminRefreshToken: (adminRefreshToken: string) => void;
     readonly setDeviceId: (deviceId: string) => void;
-    readonly clearAdminRefreshToken: () => void;
-    readonly clearDeviceId: () => void;
-    readonly clearRememberToken: () => void;
-    readonly clearRefreshToken: () => void;
     readonly clearAccessToken: () => void;
+    readonly clearRefreshToken: () => void;
+    readonly clearDeviceId: () => void;
+    readonly clearAdminRefreshToken: () => void;
     readonly getAll: () => TokenPair | null;
-}
+};
+export declare const createTokenStorage: (cookies: CookieAdapter, options?: TokenStorageOptions, logger?: Logger) => TokenStorage;
 //# sourceMappingURL=TokenStorage.d.ts.map

package/dist/TokenStorage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TokenStorage.d.ts","sourceRoot":"","sources":["../src/TokenStorage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EACV,aAAa,EAGb,SAAS,EACT,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAYpB,qBAAa,YAAY;IAgBrB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAExB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IAjB1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAMzB;IACF,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAsB;gBAGjC,OAAO,EAAE,aAAa,EACvC,OAAO,GAAE,mBAAwB,EAChB,MAAM,CAAC,EAAE,MAAM,YAAA;IA0DlC,QAAQ,CAAC,IAAI,GAAI,QAAQ,SAAS,KAAG,IAAI,CAYvC;IAEF,QAAQ,CAAC,KAAK,QAAO,IAAI,CAMvB;IAEF,QAAQ,CAAC,cAAc,sBAA2C;IAElE,QAAQ,CAAC,eAAe,sBAA4C;IAEpE,QAAQ,CAAC,WAAW,sBAA6C;IAEjE,QAAQ,CAAC,gBAAgB,sBAA6C;IAEtE,QAAQ,CAAC,oBAAoB,sBACa;IAE1C,QAAQ,CAAC,cAAc,GAAI,aAAa,MAAM,KAAG,IAAI,CAMnD;IAEF,QAAQ,CAAC,gBAAgB,GAAI,eAAe,MAAM,KAAG,IAAI,CAUvD;IAEF,QAAQ,CAAC,eAAe,GAAI,cAAc,MAAM,KAAG,IAAI,CAMrD;IAEF,QAAQ,CAAC,oBAAoB,GAAI,mBAAmB,MAAM,KAAG,IAAI,CAU/D;IAEF,QAAQ,CAAC,WAAW,GAAI,UAAU,MAAM,KAAG,IAAI,CAG7C;IAEF,QAAQ,CAAC,sBAAsB,QAAO,IAAI,CAGxC;IAEF,QAAQ,CAAC,aAAa,QAAO,IAAI,CAG/B;IAEF,QAAQ,CAAC,kBAAkB,QAAO,IAAI,CAGpC;IAEF,QAAQ,CAAC,iBAAiB,QAAO,IAAI,CAGnC;IAEF,QAAQ,CAAC,gBAAgB,QAAO,IAAI,CAGlC;IAEF,QAAQ,CAAC,MAAM,QAAO,SAAS,GAAG,IAAI,CAWpC;CACH"}
+{"version":3,"file":"TokenStorage.d.ts","sourceRoot":"","sources":["../src/TokenStorage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EACV,aAAa,EAGb,SAAS,EACT,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAUpB,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,IAAI,CAAC;IAC3C,QAAQ,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC;IAC3B,QAAQ,CAAC,cAAc,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IACnD,QAAQ,CAAC,cAAc,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,IAAI,CAAC;IACvD,QAAQ,CAAC,eAAe,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,IAAI,CAAC;IACzD,QAAQ,CAAC,oBAAoB,EAAE,CAAC,iBAAiB,EAAE,MAAM,KAAK,IAAI,CAAC;IACnE,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACjD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;IACtC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC;IACnC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,IAAI,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,SAAS,GAAG,IAAI,CAAC;CACzC,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,SAAS,aAAa,EACtB,UAAS,mBAAwB,EACjC,SAAS,MAAM,KACd,YAuGF,CAAC"}

package/dist/TokenStorage.js

@@ -1,153 +1,101 @@
 const DEFAULT_ACCESS_TOKEN_NAME = "access_token";
 const DEFAULT_REFRESH_TOKEN_NAME = "refresh_token";
 const DEFAULT_DEVICE_ID_NAME = "device_id";
-const DEFAULT_REMEMBER_TOKEN_NAME = "remember_token";
 const DEFAULT_ADMIN_REFRESH_TOKEN_NAME = "admin_refresh_token";
 const DEFAULT_ACCESS_TOKEN_MAX_AGE = 900;
 const DEFAULT_REFRESH_TOKEN_MAX_AGE = 2_592_000;
-const DEFAULT_REMEMBER_TOKEN_MAX_AGE = 7_776_000;
 const DEFAULT_ADMIN_REFRESH_TOKEN_MAX_AGE = 2_592_000;
-export class TokenStorage {
-    cookies;
-    logger;
-    accessName;
-    refreshName;
-    deviceIdName;
-    rememberName;
-    adminRefreshName;
-    setOptions;
-    removeOptions;
-    constructor(cookies, options = {}, logger) {
-        this.cookies = cookies;
-        this.logger = logger;
-        this.accessName = options.accessTokenName ?? DEFAULT_ACCESS_TOKEN_NAME;
-        this.refreshName = options.refreshTokenName ?? DEFAULT_REFRESH_TOKEN_NAME;
-        this.deviceIdName = options.deviceIdName ?? DEFAULT_DEVICE_ID_NAME;
-        this.rememberName =
-            options.rememberTokenName ?? DEFAULT_REMEMBER_TOKEN_NAME;
-        this.adminRefreshName =
-            options.adminRefreshTokenName ?? DEFAULT_ADMIN_REFRESH_TOKEN_NAME;
-        const path = options.path ?? "/";
-        const domain = options.domain;
-        const secure = options.secure ?? true;
-        const sameSite = options.sameSite ?? "Lax";
-        this.setOptions = {
-            access: {
-                path,
-                domain,
-                secure,
-                sameSite,
-                maxAge: options.accessTokenMaxAge ?? DEFAULT_ACCESS_TOKEN_MAX_AGE,
-            },
-            refresh: {
-                path,
-                domain,
-                secure,
-                sameSite,
-                maxAge: options.refreshTokenMaxAge ?? DEFAULT_REFRESH_TOKEN_MAX_AGE,
-            },
-            deviceId: {
-                path,
-                domain,
-                secure,
-                sameSite,
-                maxAge: options.refreshTokenMaxAge ?? DEFAULT_REFRESH_TOKEN_MAX_AGE,
-            },
-            remember: {
-                path,
-                domain,
-                secure,
-                sameSite,
-                maxAge: options.rememberTokenMaxAge ?? DEFAULT_REMEMBER_TOKEN_MAX_AGE,
-            },
-            adminRefresh: {
-                path,
-                domain,
-                secure,
-                sameSite,
-                maxAge: options.adminRefreshTokenMaxAge ??
-                    DEFAULT_ADMIN_REFRESH_TOKEN_MAX_AGE,
-            },
-        };
-        this.removeOptions = { path, domain };
-    }
-    save = (tokens) => {
-        this.setAccessToken(tokens.accessToken);
-        this.setRefreshToken(tokens.refreshToken);
-        if (tokens.deviceId) {
-            this.setDeviceId(tokens.deviceId);
-        }
-        if (tokens.rememberToken) {
-            this.setRememberToken(tokens.rememberToken);
-        }
-        if (tokens.adminRefreshToken) {
-            this.setAdminRefreshToken(tokens.adminRefreshToken);
-        }
+export const createTokenStorage = (cookies, options = {}, logger) => {
+    const accessName = options.accessTokenName ?? DEFAULT_ACCESS_TOKEN_NAME;
+    const refreshName = options.refreshTokenName ?? DEFAULT_REFRESH_TOKEN_NAME;
+    const deviceIdName = options.deviceIdName ?? DEFAULT_DEVICE_ID_NAME;
+    const adminRefreshName = options.adminRefreshTokenName ?? DEFAULT_ADMIN_REFRESH_TOKEN_NAME;
+    const path = options.path ?? "/";
+    const domain = options.domain;
+    const secure = options.secure ?? true;
+    const sameSite = options.sameSite ?? "Lax";
+    const setOpts = {
+        access: { path, domain, secure, sameSite, maxAge: options.accessTokenMaxAge ?? DEFAULT_ACCESS_TOKEN_MAX_AGE },
+        refresh: { path, domain, secure, sameSite, maxAge: options.refreshTokenMaxAge ?? DEFAULT_REFRESH_TOKEN_MAX_AGE },
+        deviceId: { path, domain, secure, sameSite, maxAge: options.refreshTokenMaxAge ?? DEFAULT_REFRESH_TOKEN_MAX_AGE },
+        adminRefresh: { path, domain, secure, sameSite, maxAge: options.adminRefreshTokenMaxAge ?? DEFAULT_ADMIN_REFRESH_TOKEN_MAX_AGE },
     };
-    clear = () => {
-        this.clearAccessToken();
-        this.clearRefreshToken();
-        this.clearDeviceId();
-        this.clearRememberToken();
-        this.clearAdminRefreshToken();
+    const removeOpts = { path, domain };
+    const setAccessToken = (accessToken) => {
+        logger?.debug({ accessToken: accessToken.slice(0, 10) + "..." }, "Setting access token");
+        cookies.set(accessName, accessToken, setOpts.access);
     };
-    getAccessToken = () => this.cookies.get(this.accessName);
-    getRefreshToken = () => this.cookies.get(this.refreshName);
-    getDeviceId = () => this.cookies.get(this.deviceIdName);
-    getRememberToken = () => this.cookies.get(this.rememberName);
-    getAdminRefreshToken = () => this.cookies.get(this.adminRefreshName);
-    setAccessToken = (accessToken) => {
-        this.logger?.debug({ accessToken: accessToken.slice(0, 10) + "..." }, "Setting access token");
-        this.cookies.set(this.accessName, accessToken, this.setOptions.access);
+    const setRefreshToken = (refreshToken) => {
+        logger?.debug({ refreshToken: refreshToken.slice(0, 10) + "..." }, "Setting refresh token");
+        cookies.set(refreshName, refreshToken, setOpts.refresh);
     };
-    setRememberToken = (rememberToken) => {
-        this.logger?.debug({ rememberToken: rememberToken.slice(0, 10) + "..." }, "Setting remember token");
-        this.cookies.set(this.rememberName, rememberToken, this.setOptions.remember);
+    const setAdminRefreshToken = (adminRefreshToken) => {
+        logger?.debug({ adminRefreshToken: adminRefreshToken.slice(0, 10) + "..." }, "Setting admin refresh token");
+        cookies.set(adminRefreshName, adminRefreshToken, setOpts.adminRefresh);
     };
-    setRefreshToken = (refreshToken) => {
-        this.logger?.debug({ refreshToken: refreshToken.slice(0, 10) + "..." }, "Setting refresh token");
-        this.cookies.set(this.refreshName, refreshToken, this.setOptions.refresh);
+    const setDeviceId = (deviceId) => {
+        logger?.debug({ deviceId }, "Setting device id");
+        cookies.set(deviceIdName, deviceId, setOpts.deviceId);
     };
-    setAdminRefreshToken = (adminRefreshToken) => {
-        this.logger?.debug({ adminRefreshToken: adminRefreshToken.slice(0, 10) + "..." }, "Setting admin refresh token");
-        this.cookies.set(this.adminRefreshName, adminRefreshToken, this.setOptions.adminRefresh);
+    const clearAccessToken = () => {
+        logger?.debug("Clearing access token");
+        cookies.remove(accessName, removeOpts);
     };
-    setDeviceId = (deviceId) => {
-        this.logger?.debug({ deviceId }, "Setting device id");
-        this.cookies.set(this.deviceIdName, deviceId, this.setOptions.deviceId);
+    const clearRefreshToken = () => {
+        logger?.debug("Clearing refresh token");
+        cookies.remove(refreshName, removeOpts);
     };
-    clearAdminRefreshToken = () => {
-        this.logger?.debug("Clearing admin refresh token");
-        this.cookies.remove(this.adminRefreshName, this.removeOptions);
+    const clearDeviceId = () => {
+        logger?.debug("Clearing device id");
+        cookies.remove(deviceIdName, removeOpts);
     };
-    clearDeviceId = () => {
-        this.logger?.debug("Clearing device id");
-        this.cookies.remove(this.deviceIdName, this.removeOptions);
+    const clearAdminRefreshToken = () => {
+        logger?.debug("Clearing admin refresh token");
+        cookies.remove(adminRefreshName, removeOpts);
     };
-    clearRememberToken = () => {
-        this.logger?.debug("Clearing remember token");
-        this.cookies.remove(this.rememberName, this.removeOptions);
+    const getAccessToken = () => cookies.get(accessName);
+    const getRefreshToken = () => cookies.get(refreshName);
+    const getDeviceId = () => cookies.get(deviceIdName);
+    const getAdminRefreshToken = () => cookies.get(adminRefreshName);
+    return {
+        save: (tokens) => {
+            setAccessToken(tokens.accessToken);
+            setRefreshToken(tokens.refreshToken);
+            if (tokens.deviceId)
+                setDeviceId(tokens.deviceId);
+            if (tokens.adminRefreshToken)
+                setAdminRefreshToken(tokens.adminRefreshToken);
+        },
+        clear: () => {
+            clearAccessToken();
+            clearRefreshToken();
+            clearDeviceId();
+            clearAdminRefreshToken();
+        },
+        getAccessToken,
+        getRefreshToken,
+        getDeviceId,
+        getAdminRefreshToken,
+        setAccessToken,
+        setRefreshToken,
+        setAdminRefreshToken,
+        setDeviceId,
+        clearAccessToken,
+        clearRefreshToken,
+        clearDeviceId,
+        clearAdminRefreshToken,
+        getAll: () => {
+            const accessToken = getAccessToken();
+            const refreshToken = getRefreshToken();
+            if (!accessToken || !refreshToken)
+                return null;
+            return {
+                accessToken,
+                refreshToken,
+                deviceId: getDeviceId() ?? undefined,
+                adminRefreshToken: getAdminRefreshToken() ?? undefined,
+            };
+        },
     };
-    clearRefreshToken = () => {
-        this.logger?.debug("Clearing refresh token");
-        this.cookies.remove(this.refreshName, this.removeOptions);
-    };
-    clearAccessToken = () => {
-        this.logger?.debug("Clearing access token");
-        this.cookies.remove(this.accessName, this.removeOptions);
-    };
-    getAll = () => {
-        const accessToken = this.getAccessToken();
-        const refreshToken = this.getRefreshToken();
-        if (!accessToken || !refreshToken)
-            return null;
-        return {
-            accessToken,
-            refreshToken,
-            deviceId: this.getDeviceId() ?? undefined,
-            rememberToken: this.getRememberToken() ?? undefined,
-            adminRefreshToken: this.getAdminRefreshToken() ?? undefined,
-        };
-    };
-}
+};
 //# sourceMappingURL=TokenStorage.js.map