@authticon/client 0.0.0-beta37 → 0.0.0-beta39

package/dist/{TokenManager.d.ts → tokens.d.ts}

@@ -1,32 +1,27 @@
 import type { Logger } from "pino";
-import type { Client } from "./generated/client/index.js";
-import type { AccessTokenPayload, TokenManagerOptions, TokenPair } from "./types.js";
-export declare class TokenManager<Payload extends Record<string, any> = Record<string, any>> {
-    private readonly client;
-    private readonly verifier;
-    private readonly storage;
-    constructor(client: Client, options: TokenManagerOptions, logger?: Logger);
-    private requireStorage;
-    readonly verifyToken: (token?: string) => Promise<AccessTokenPayload<Payload>>;
-    readonly clearKeyCache: () => void;
+import type { AccessTokenPayload, CacheAdapter, CookieAdapter, TokenPair, TokenStorageOptions } from "./types.js";
+export declare const createInMemoryCacheAdapter: () => CacheAdapter;
+export type TokenStorage = {
     readonly save: (tokens: TokenPair) => void;
-    readonly setAccessToken: (accessToken: string) => void;
-    readonly setRefreshToken: (refreshToken: string) => void;
-    readonly setRememberToken: (rememberToken: string) => void;
-    readonly setAdminRefreshToken: (adminRefreshToken: string) => void;
+    readonly clear: () => void;
     readonly getAccessToken: () => string | null;
     readonly getRefreshToken: () => string | null;
-    readonly getRememberToken: () => string | null;
-    readonly getAdminRefreshToken: () => string | null;
     readonly getDeviceId: () => string | null;
+    readonly getAdminRefreshToken: () => string | null;
+    readonly setAccessToken: (accessToken: string) => void;
+    readonly setRefreshToken: (refreshToken: string) => void;
+    readonly setAdminRefreshToken: (adminRefreshToken: string) => void;
     readonly setDeviceId: (deviceId: string) => void;
-    readonly getAll: () => TokenPair | null;
-    readonly clear: () => void;
     readonly clearAccessToken: () => void;
     readonly clearRefreshToken: () => void;
     readonly clearDeviceId: () => void;
-    readonly clearRememberToken: () => void;
     readonly clearAdminRefreshToken: () => void;
-    readonly hasStorage: () => boolean;
-}
-//# sourceMappingURL=TokenManager.d.ts.map
+    readonly getAll: () => TokenPair | null;
+};
+export declare const createTokenStorage: (cookies: CookieAdapter, options?: TokenStorageOptions, logger?: Logger) => TokenStorage;
+export type TokenVerifier<Payload extends Record<string, any>> = {
+    readonly verifyToken: (token: string) => Promise<AccessTokenPayload<Payload>>;
+    readonly clearKeyCache: () => void;
+};
+export declare const createTokenVerifier: <Payload extends Record<string, any> = Record<string, any>>(jwksUrl: string, cacheTtlMs?: number, logger?: Logger, externalCache?: CacheAdapter) => TokenVerifier<Payload>;
+//# sourceMappingURL=tokens.d.ts.map

package/dist/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,OAAO,KAAK,EACV,kBAAkB,EAClB,YAAY,EACZ,aAAa,EAGb,SAAS,EACT,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAIpB,eAAO,MAAM,0BAA0B,QAAO,YAY7C,CAAC;AAYF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,IAAI,CAAC;IAC3C,QAAQ,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC;IAC3B,QAAQ,CAAC,cAAc,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IACnD,QAAQ,CAAC,cAAc,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,IAAI,CAAC;IACvD,QAAQ,CAAC,eAAe,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,IAAI,CAAC;IACzD,QAAQ,CAAC,oBAAoB,EAAE,CAAC,iBAAiB,EAAE,MAAM,KAAK,IAAI,CAAC;IACnE,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACjD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;IACtC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC;IACnC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,IAAI,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,SAAS,GAAG,IAAI,CAAC;CACzC,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,SAAS,aAAa,EACtB,UAAS,mBAAwB,EACjC,SAAS,MAAM,KACd,YAuGF,CAAC;AAoCF,MAAM,MAAM,aAAa,CAAC,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI;IAC/D,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9E,QAAQ,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC;CACpC,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAEzD,SAAS,MAAM,EACf,aAAY,MAA6B,EACzC,SAAS,MAAM,EACf,gBAAgB,YAAY,KAC3B,aAAa,CAAC,OAAO,CA4DvB,CAAC"}

package/dist/tokens.js

@@ -0,0 +1,188 @@
+import * as jose from "jose";
+import { decodeProtectedHeader, importJWK, jwtVerify, } from "jose";
+import { AuthticonError, AuthticonTokenError } from "./errors.js";
+// --- In-memory cache ---
+export const createInMemoryCacheAdapter = () => {
+    const store = new Map();
+    return {
+        get: (key) => store.get(key),
+        set: (key, value) => {
+            store.set(key, value);
+        },
+        delete: (key) => {
+            store.delete(key);
+        },
+    };
+};
+// --- Token storage ---
+const DEFAULT_ACCESS_TOKEN_NAME = "access_token";
+const DEFAULT_REFRESH_TOKEN_NAME = "refresh_token";
+const DEFAULT_DEVICE_ID_NAME = "device_id";
+const DEFAULT_ADMIN_REFRESH_TOKEN_NAME = "admin_refresh_token";
+const DEFAULT_ACCESS_TOKEN_MAX_AGE = 900;
+const DEFAULT_REFRESH_TOKEN_MAX_AGE = 2_592_000;
+const DEFAULT_ADMIN_REFRESH_TOKEN_MAX_AGE = 2_592_000;
+export const createTokenStorage = (cookies, options = {}, logger) => {
+    const accessName = options.accessTokenName ?? DEFAULT_ACCESS_TOKEN_NAME;
+    const refreshName = options.refreshTokenName ?? DEFAULT_REFRESH_TOKEN_NAME;
+    const deviceIdName = options.deviceIdName ?? DEFAULT_DEVICE_ID_NAME;
+    const adminRefreshName = options.adminRefreshTokenName ?? DEFAULT_ADMIN_REFRESH_TOKEN_NAME;
+    const path = options.path ?? "/";
+    const domain = options.domain;
+    const secure = options.secure ?? true;
+    const sameSite = options.sameSite ?? "Lax";
+    const setOpts = {
+        access: { path, domain, secure, sameSite, maxAge: options.accessTokenMaxAge ?? DEFAULT_ACCESS_TOKEN_MAX_AGE },
+        refresh: { path, domain, secure, sameSite, maxAge: options.refreshTokenMaxAge ?? DEFAULT_REFRESH_TOKEN_MAX_AGE },
+        deviceId: { path, domain, secure, sameSite, maxAge: options.refreshTokenMaxAge ?? DEFAULT_REFRESH_TOKEN_MAX_AGE },
+        adminRefresh: { path, domain, secure, sameSite, maxAge: options.adminRefreshTokenMaxAge ?? DEFAULT_ADMIN_REFRESH_TOKEN_MAX_AGE },
+    };
+    const removeOpts = { path, domain };
+    const setAccessToken = (accessToken) => {
+        logger?.debug({ accessToken: accessToken.slice(0, 10) + "..." }, "Setting access token");
+        cookies.set(accessName, accessToken, setOpts.access);
+    };
+    const setRefreshToken = (refreshToken) => {
+        logger?.debug({ refreshToken: refreshToken.slice(0, 10) + "..." }, "Setting refresh token");
+        cookies.set(refreshName, refreshToken, setOpts.refresh);
+    };
+    const setAdminRefreshToken = (adminRefreshToken) => {
+        logger?.debug({ adminRefreshToken: adminRefreshToken.slice(0, 10) + "..." }, "Setting admin refresh token");
+        cookies.set(adminRefreshName, adminRefreshToken, setOpts.adminRefresh);
+    };
+    const setDeviceId = (deviceId) => {
+        logger?.debug({ deviceId }, "Setting device id");
+        cookies.set(deviceIdName, deviceId, setOpts.deviceId);
+    };
+    const clearAccessToken = () => {
+        logger?.debug("Clearing access token");
+        cookies.remove(accessName, removeOpts);
+    };
+    const clearRefreshToken = () => {
+        logger?.debug("Clearing refresh token");
+        cookies.remove(refreshName, removeOpts);
+    };
+    const clearDeviceId = () => {
+        logger?.debug("Clearing device id");
+        cookies.remove(deviceIdName, removeOpts);
+    };
+    const clearAdminRefreshToken = () => {
+        logger?.debug("Clearing admin refresh token");
+        cookies.remove(adminRefreshName, removeOpts);
+    };
+    const getAccessToken = () => cookies.get(accessName);
+    const getRefreshToken = () => cookies.get(refreshName);
+    const getDeviceId = () => cookies.get(deviceIdName);
+    const getAdminRefreshToken = () => cookies.get(adminRefreshName);
+    return {
+        save: (tokens) => {
+            setAccessToken(tokens.accessToken);
+            setRefreshToken(tokens.refreshToken);
+            if (tokens.deviceId)
+                setDeviceId(tokens.deviceId);
+            if (tokens.adminRefreshToken)
+                setAdminRefreshToken(tokens.adminRefreshToken);
+        },
+        clear: () => {
+            clearAccessToken();
+            clearRefreshToken();
+            clearDeviceId();
+            clearAdminRefreshToken();
+        },
+        getAccessToken,
+        getRefreshToken,
+        getDeviceId,
+        getAdminRefreshToken,
+        setAccessToken,
+        setRefreshToken,
+        setAdminRefreshToken,
+        setDeviceId,
+        clearAccessToken,
+        clearRefreshToken,
+        clearDeviceId,
+        clearAdminRefreshToken,
+        getAll: () => {
+            const accessToken = getAccessToken();
+            const refreshToken = getRefreshToken();
+            if (!accessToken || !refreshToken)
+                return null;
+            return {
+                accessToken,
+                refreshToken,
+                deviceId: getDeviceId() ?? undefined,
+                adminRefreshToken: getAdminRefreshToken() ?? undefined,
+            };
+        },
+    };
+};
+const DEFAULT_CACHE_TTL_MS = 3_600_000;
+const JWKS_CACHE_KEY = "authticon:jwks";
+const importKeysFromJwks = async (jwks) => {
+    const keysWithKid = jwks.filter((jwk) => typeof jwk.kid === "string");
+    const entries = await Promise.all(keysWithKid.map(async (jwk) => {
+        const imported = await importJWK(jwk);
+        if (imported instanceof Uint8Array) {
+            throw new Error(`Symmetric key (kid: ${jwk.kid}) is not supported`);
+        }
+        return [jwk.kid, imported];
+    }));
+    return new Map(entries);
+};
+export const createTokenVerifier = (jwksUrl, cacheTtlMs = DEFAULT_CACHE_TTL_MS, logger, externalCache) => {
+    const cache = externalCache ?? createInMemoryCacheAdapter();
+    const fetchJwks = async () => {
+        const response = await fetch(jwksUrl);
+        if (!response.ok) {
+            throw new AuthticonError(`Failed to fetch JWKS: ${response.status}`);
+        }
+        const data = await response.json();
+        const keys = await importKeysFromJwks(data.keys);
+        cache.set(JWKS_CACHE_KEY, { keys, fetchedAt: Date.now() });
+        logger?.debug({ jwksUrl }, "JWKS fetched");
+        return keys;
+    };
+    const getCachedOrFetch = async () => {
+        const cached = cache.get(JWKS_CACHE_KEY);
+        if (cached && Date.now() - cached.fetchedAt < cacheTtlMs) {
+            return cached.keys;
+        }
+        return fetchJwks();
+    };
+    const resolveKey = async (kid) => {
+        const keys = await getCachedOrFetch();
+        const key = keys.get(kid);
+        if (key)
+            return key;
+        cache.delete(JWKS_CACHE_KEY);
+        const freshKeys = await fetchJwks();
+        const freshKey = freshKeys.get(kid);
+        if (!freshKey) {
+            throw new AuthticonError(`Key with kid "${kid}" not found in JWKS`);
+        }
+        return freshKey;
+    };
+    return {
+        verifyToken: async (token) => {
+            try {
+                const header = decodeProtectedHeader(token);
+                if (!header.kid) {
+                    throw new AuthticonError("Token header is missing 'kid' claim");
+                }
+                const key = await resolveKey(header.kid);
+                const { payload } = await jwtVerify(token, key);
+                return payload;
+            }
+            catch (error) {
+                if (error instanceof jose.errors.JOSEError) {
+                    throw new AuthticonTokenError(error.message, error.code, error);
+                }
+                throw error;
+            }
+        },
+        clearKeyCache: () => {
+            cache.delete(JWKS_CACHE_KEY);
+            logger?.debug("Key cache cleared");
+        },
+    };
+};
+//# sourceMappingURL=tokens.js.map

package/dist/tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EACL,qBAAqB,EACrB,SAAS,EACT,SAAS,GAGV,MAAM,MAAM,CAAC;AAEd,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAWlE,0BAA0B;AAE1B,MAAM,CAAC,MAAM,0BAA0B,GAAG,GAAiB,EAAE;IAC3D,MAAM,KAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;IAEzC,OAAO;QACL,GAAG,EAAE,CAAI,GAAW,EAAiB,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAkB;QACvE,GAAG,EAAE,CAAI,GAAW,EAAE,KAAQ,EAAQ,EAAE;YACtC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACxB,CAAC;QACD,MAAM,EAAE,CAAC,GAAW,EAAQ,EAAE;YAC5B,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,wBAAwB;AAExB,MAAM,yBAAyB,GAAG,cAAc,CAAC;AACjD,MAAM,0BAA0B,GAAG,eAAe,CAAC;AACnD,MAAM,sBAAsB,GAAG,WAAW,CAAC;AAC3C,MAAM,gCAAgC,GAAG,qBAAqB,CAAC;AAC/D,MAAM,4BAA4B,GAAG,GAAG,CAAC;AACzC,MAAM,6BAA6B,GAAG,SAAS,CAAC;AAChD,MAAM,mCAAmC,GAAG,SAAS,CAAC;AAoBtD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAsB,EACtB,UAA+B,EAAE,EACjC,MAAe,EACD,EAAE;IAChB,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,IAAI,yBAAyB,CAAC;IACxE,MAAM,WAAW,GAAG,OAAO,CAAC,gBAAgB,IAAI,0BAA0B,CAAC;IAC3E,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,sBAAsB,CAAC;IACpE,MAAM,gBAAgB,GACpB,OAAO,CAAC,qBAAqB,IAAI,gCAAgC,CAAC;IAEpE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,GAAG,CAAC;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAE3C,MAAM,OAAO,GAAqC;QAChD,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,iBAAiB,IAAI,4BAA4B,EAAE;QAC7G,OAAO,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,kBAAkB,IAAI,6BAA6B,EAAE;QAChH,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,kBAAkB,IAAI,6BAA6B,EAAE;QACjH,YAAY,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,uBAAuB,IAAI,mCAAmC,EAAE;KACjI,CAAC;IAEF,MAAM,UAAU,GAAwB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAEzD,MAAM,cAAc,GAAG,CAAC,WAAmB,EAAQ,EAAE;QACnD,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,sBAAsB,CAAC,CAAC;QACzF,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC,MAAO,CAAC,CAAC;IACxD,CAAC,CAAC;IAEF,MAAM,eAAe,GAAG,CAAC,YAAoB,EAAQ,EAAE;QACrD,MAAM,EAAE,KAAK,CAAC,EAAE,YAAY,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC5F,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,OAAQ,CAAC,CAAC;IAC3D,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,CAAC,iBAAyB,EAAQ,EAAE;QAC/D,MAAM,EAAE,KAAK,CAAC,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,6BAA6B,CAAC,CAAC;QAC5G,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,OAAO,CAAC,YAAa,CAAC,CAAC;IAC1E,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAQ,EAAE;QAC7C,MAAM,EAAE,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,mBAAmB,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAS,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,GAAS,EAAE;QAClC,MAAM,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACzC,CAAC,CAAC;IAEF,MAAM,iBAAiB,GAAG,GAAS,EAAE;QACnC,MAAM,EAAE,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,GAAS,EAAE;QAC/B,MAAM,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACpC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,sBAAsB,GAAG,GAAS,EAAE;QACxC,MAAM,EAAE,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,oBAAoB,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAEjE,OAAO;QACL,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE;YACf,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACnC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACrC,IAAI,MAAM,CAAC,QAAQ;gBAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClD,IAAI,MAAM,CAAC,iBAAiB;gBAAE,oBAAoB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC/E,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,gBAAgB,EAAE,CAAC;YACnB,iBAAiB,EAAE,CAAC;YACpB,aAAa,EAAE,CAAC;YAChB,sBAAsB,EAAE,CAAC;QAC3B,CAAC;QACD,cAAc;QACd,eAAe;QACf,WAAW;QACX,oBAAoB;QACpB,cAAc;QACd,eAAe;QACf,oBAAoB;QACpB,WAAW;QACX,gBAAgB;QAChB,iBAAiB;QACjB,aAAa;QACb,sBAAsB;QACtB,MAAM,EAAE,GAAG,EAAE;YACX,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;YACrC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;YACvC,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;gBAAE,OAAO,IAAI,CAAC;YAC/C,OAAO;gBACL,WAAW;gBACX,YAAY;gBACZ,QAAQ,EAAE,WAAW,EAAE,IAAI,SAAS;gBACpC,iBAAiB,EAAE,oBAAoB,EAAE,IAAI,SAAS;aACvD,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAaF,MAAM,oBAAoB,GAAG,SAAS,CAAC;AACvC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAExC,MAAM,kBAAkB,GAAG,KAAK,EAC9B,IAAoB,EACyB,EAAE;IAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAC7B,CAAC,GAAG,EAAyC,EAAE,CAAC,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAC5E,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5B,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,QAAQ,YAAY,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,CAAC,GAAG,oBAAoB,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAU,CAAC;IACtC,CAAC,CAAC,CACH,CAAC;IAEF,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;AAC1B,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAGjC,OAAe,EACf,aAAqB,oBAAoB,EACzC,MAAe,EACf,aAA4B,EACJ,EAAE;IAC1B,MAAM,KAAK,GAAG,aAAa,IAAI,0BAA0B,EAAE,CAAC;IAE5D,MAAM,SAAS,GAAG,KAAK,IAAiD,EAAE;QACxE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,cAAc,CAAC,yBAAyB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,IAAI,GAAiB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,KAAK,CAAC,GAAG,CAAa,cAAc,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,KAAK,IAAiD,EAAE;QAC/E,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAa,cAAc,CAAC,CAAC;QACrD,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,UAAU,EAAE,CAAC;YACzD,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC;QACD,OAAO,SAAS,EAAE,CAAC;IACrB,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,KAAK,EAAE,GAAW,EAA0B,EAAE;QAC/D,MAAM,IAAI,GAAG,MAAM,gBAAgB,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;QAEpB,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAG,MAAM,SAAS,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,cAAc,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YAC3B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;gBAC5C,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;oBAChB,MAAM,IAAI,cAAc,CAAC,qCAAqC,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACzC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAA8B,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC7E,OAAO,OAAO,CAAC;YACjB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;oBAC3C,MAAM,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,aAAa,EAAE,GAAG,EAAE;YAClB,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YAC7B,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}

package/dist/types.d.ts

@@ -1,5 +1,5 @@
 import type { JWTPayload } from "jose";
-import type { PostApiV1AuthLoginResponses } from "./generated/index.js";
+import type { Logger } from "pino";
 export type { JWTPayload } from "jose";
 export interface CacheAdapter {
     readonly get: <T>(key: string) => T | undefined;
@@ -10,7 +10,6 @@ export type TokenPair = {
     readonly accessToken: string;
     readonly refreshToken: string;
     readonly deviceId?: string;
-    readonly rememberToken?: string;
     readonly adminRefreshToken?: string;
 };
 export type CookieSetOptions = {
@@ -51,15 +50,42 @@ export type TokenManagerOptions = {
     readonly storage?: TokenStorageOptions | undefined;
     readonly cache?: CacheAdapter | undefined;
 };
+export type Challenge = "verifyTwoFa" | "setTwoFa" | "resetPassword" | "setPassword";
+/** @deprecated Use Challenge instead */
+export type Challange = Challenge;
 export type AccessTokenPayload<Payload extends Record<string, any>> = JWTPayload & Payload & {
     authticon: {
         sessionId: string;
         userId: string;
         projectId: string;
         role: "guest" | "user";
-        challanges: Challange[];
-        isLoggedByAdmin: boolean;
+        challenges: Challenge[];
+        loggedByAdminId?: string;
     };
 };
-export type Challange = PostApiV1AuthLoginResponses["200"]["challanges"][number];
+export type SessionUser<Payload extends Record<string, any> = Record<string, any>> = {
+    readonly id: string;
+    readonly sessionId: string;
+    readonly projectId: string;
+    readonly role: "guest" | "user";
+    readonly isGuest: boolean;
+    readonly challenges: Challenge[];
+    readonly payload: Payload;
+    readonly raw: AccessTokenPayload<Payload>;
+};
+export type AuthticonOptions = {
+    readonly projectId: string;
+    readonly baseUrl?: string;
+    readonly jwksUrl?: string;
+    readonly jwksCacheTtlMs?: number;
+    readonly cache?: CacheAdapter;
+    readonly logger?: Logger;
+};
+export type SessionOptions = {
+    request: Request;
+    tokenStorage?: TokenStorageOptions;
+} | {
+    cookies: CookieAdapter;
+    tokenStorage?: TokenStorageOptions;
+};
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AAExE,YAAY,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAIvC,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC,GAAG,SAAS,CAAC;IAChD,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IACjD,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC;AAID,MAAM,MAAM,SAAS,GAAG;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC7C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACtC,CAAC;AAEF,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,GAAG,EAAE,CACZ,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,gBAAgB,KACtB,IAAI,CAAC;IACV,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,KAAK,IAAI,CAAC;CACvE;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC9C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAIF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7C,QAAQ,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,SAAS,CAAC;IAC7C,QAAQ,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACnD,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,GAAG,SAAS,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,kBAAkB,CAAC,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAChE,UAAU,GACR,OAAO,GAAG;IACR,SAAS,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,OAAO,GAAG,MAAM,CAAC;QACvB,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH,CAAC;AAEN,MAAM,MAAM,SAAS,GACnB,2BAA2B,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,YAAY,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAIvC,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC,GAAG,SAAS,CAAC;IAChD,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IACjD,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC;AAID,MAAM,MAAM,SAAS,GAAG;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC7C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACtC,CAAC;AAEF,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,GAAG,EAAE,CACZ,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,gBAAgB,KACtB,IAAI,CAAC;IACV,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,KAAK,IAAI,CAAC;CACvE;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC9C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAIF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7C,QAAQ,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,SAAS,CAAC;IAC7C,QAAQ,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACnD,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,GAAG,SAAS,CAAC;CAC3C,CAAC;AAIF,MAAM,MAAM,SAAS,GACjB,aAAa,GACb,UAAU,GACV,eAAe,GACf,aAAa,CAAC;AAElB,wCAAwC;AACxC,MAAM,MAAM,SAAS,GAAG,SAAS,CAAC;AAIlC,MAAM,MAAM,kBAAkB,CAAC,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAChE,UAAU,GACR,OAAO,GAAG;IACR,SAAS,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,OAAO,GAAG,MAAM,CAAC;QACvB,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH,CAAC;AAIN,MAAM,MAAM,WAAW,CACrB,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IACvD;IACF,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,SAAS,EAAE,CAAC;IACjC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,GAAG,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;CAC3C,CAAC;AAIF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAIF,MAAM,MAAM,cAAc,GACtB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,mBAAmB,CAAA;CAAE,GACxD;IAAE,OAAO,EAAE,aAAa,CAAC;IAAC,YAAY,CAAC,EAAE,mBAAmB,CAAA;CAAE,CAAC"}

package/dist/userClient.d.ts

@@ -0,0 +1,41 @@
+import { type ApiClientOptions } from "./apiClient.js";
+import type { ChangeEmailData, ChangePasswordData, ChangePhoneData, CreateInvitationData, DeleteInvitationData, DisableTwoFaData, EnableTwoFaData, SendTwoFaCodeData, SetPasswordData, VerifyPhoneData, VerifyTwoFaData } from "./generated/types.gen.js";
+type UserClientOptions = ApiClientOptions & {
+    accessToken: string;
+};
+export declare const createUserClient: (options: UserClientOptions) => {
+    changePhone: (params: ChangePhoneData["body"]) => Promise<null>;
+    verifyPhone: (params: VerifyPhoneData["body"]) => Promise<null>;
+    changeEmail: (params: ChangeEmailData["body"]) => Promise<null>;
+    changePassword: (params: ChangePasswordData["body"]) => Promise<null>;
+    setPassword: (params: SetPasswordData["body"]) => Promise<null>;
+    logout: (refreshToken: string) => Promise<void>;
+    refresh: (refreshToken: string) => Promise<{
+        accessToken: string;
+        refreshToken: string;
+    }>;
+    enableTwoFa: (params: EnableTwoFaData["body"]) => Promise<void>;
+    disableTwoFa: (params: DisableTwoFaData["body"]) => Promise<void>;
+    sendTwoFaCode: (params: SendTwoFaCodeData["body"]) => Promise<void>;
+    getTwoFaSecret: () => Promise<{
+        secret: string;
+        uri: string;
+    }>;
+    verifyTwoFa: (params: VerifyTwoFaData["body"]) => Promise<{
+        [key: string]: never;
+    }>;
+    createInvitation: (params: CreateInvitationData["body"]) => Promise<{
+        id: string;
+        email: string;
+        token: string;
+        validTo: string;
+        role: string | null;
+        group: string | null;
+        returnUrl: string | null;
+    }>;
+    deleteInvitation: (params: DeleteInvitationData["path"]) => Promise<{
+        id: string;
+    }>;
+};
+export {};
+//# sourceMappingURL=userClient.d.ts.map

package/dist/userClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userClient.d.ts","sourceRoot":"","sources":["../src/userClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAiBxE,OAAO,KAAK,EACV,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAElC,KAAK,iBAAiB,GAAG,gBAAgB,GAAG;IAC1C,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,SAAS,iBAAiB;0BAQ3B,eAAe,CAAC,MAAM,CAAC;0BAIvB,eAAe,CAAC,MAAM,CAAC;0BAIvB,eAAe,CAAC,MAAM,CAAC;6BAIpB,kBAAkB,CAAC,MAAM,CAAC;0BAI7B,eAAe,CAAC,MAAM,CAAC;2BAItB,MAAM;4BAGL,MAAM;;;;0BAIR,eAAe,CAAC,MAAM,CAAC;2BAGtB,gBAAgB,CAAC,MAAM,CAAC;4BAGvB,iBAAiB,CAAC,MAAM,CAAC;;;;;0BAO3B,eAAe,CAAC,MAAM,CAAC;;;+BAIlB,oBAAoB,CAAC,MAAM,CAAC;;;;;;;;;+BAI5B,oBAAoB,CAAC,MAAM,CAAC;;;CAKhE,CAAC"}

package/dist/userClient.js

@@ -0,0 +1,64 @@
+import { createApiClient } from "./apiClient.js";
+import { changeEmail, changePassword, changePhone, createInvitation, deleteInvitation, disableTwoFa, enableTwoFa, getTwoFaSecret, logout, refresh, sendTwoFaCode, setPassword, verifyPhone, verifyTwoFa, } from "./generated/sdk.gen.js";
+export const createUserClient = (options) => {
+    options.headers = {
+        ...(options.headers ?? {}),
+        Authorization: `Bearer ${options.accessToken}`,
+    };
+    const client = createApiClient(options);
+    return {
+        changePhone: async (params) => {
+            const { data } = await changePhone({ client, body: params });
+            return data;
+        },
+        verifyPhone: async (params) => {
+            const { data } = await verifyPhone({ client, body: params });
+            return data;
+        },
+        changeEmail: async (params) => {
+            const { data } = await changeEmail({ client, body: params });
+            return data;
+        },
+        changePassword: async (params) => {
+            const { data } = await changePassword({ client, body: params });
+            return data;
+        },
+        setPassword: async (params) => {
+            const { data } = await setPassword({ client, body: params });
+            return data;
+        },
+        logout: async (refreshToken) => {
+            await logout({ client, body: { refreshToken } });
+        },
+        refresh: async (refreshToken) => {
+            const { data } = await refresh({ client, body: { refreshToken } });
+            return data;
+        },
+        enableTwoFa: async (params) => {
+            await enableTwoFa({ client, body: params });
+        },
+        disableTwoFa: async (params) => {
+            await disableTwoFa({ client, body: params });
+        },
+        sendTwoFaCode: async (params) => {
+            await sendTwoFaCode({ client, body: params });
+        },
+        getTwoFaSecret: async () => {
+            const { data } = await getTwoFaSecret({ client });
+            return data;
+        },
+        verifyTwoFa: async (params) => {
+            const { data } = await verifyTwoFa({ client, body: params });
+            return data;
+        },
+        createInvitation: async (params) => {
+            const { data } = await createInvitation({ client, body: params });
+            return data;
+        },
+        deleteInvitation: async (params) => {
+            const { data } = await deleteInvitation({ client, path: params });
+            return data;
+        },
+    };
+};
+//# sourceMappingURL=userClient.js.map

package/dist/userClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userClient.js","sourceRoot":"","sources":["../src/userClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AACxE,OAAO,EACL,WAAW,EACX,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,cAAc,EACd,MAAM,EACN,OAAO,EACP,aAAa,EACb,WAAW,EACX,WAAW,EACX,WAAW,GACZ,MAAM,wBAAwB,CAAC;AAmBhC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAA0B,EAAE,EAAE;IAC7D,OAAO,CAAC,OAAO,GAAG;QAChB,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAC1B,aAAa,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE;KAC/C,CAAC;IACF,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO;QACL,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;YACrD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;YACrD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;YACrD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,cAAc,EAAE,KAAK,EAAE,MAAkC,EAAE,EAAE;YAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,cAAc,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;YACrD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,EAAE,KAAK,EAAE,YAAoB,EAAE,EAAE;YACrC,MAAM,MAAM,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,YAAoB,EAAE,EAAE;YACtC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;YACrD,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,YAAY,EAAE,KAAK,EAAE,MAAgC,EAAE,EAAE;YACvD,MAAM,YAAY,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/C,CAAC;QACD,aAAa,EAAE,KAAK,EAAE,MAAiC,EAAE,EAAE;YACzD,MAAM,aAAa,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,cAAc,EAAE,KAAK,IAAI,EAAE;YACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;YACrD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,gBAAgB,EAAE,KAAK,EAAE,MAAoC,EAAE,EAAE;YAC/D,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,gBAAgB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,gBAAgB,EAAE,KAAK,EAAE,MAAoC,EAAE,EAAE;YAC/D,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,gBAAgB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}

package/package.json

@@ -1,15 +1,29 @@
 {
   "name": "@authticon/client",
-  "version": "0.0.0-beta37",
+  "version": "0.0.0-beta39",
   "description": "Official Authticon API client for Node.js",
   "license": "MIT",
   "type": "module",
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
+  "main": "./dist/node.js",
+  "types": "./dist/node.d.ts",
   "exports": {
     ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
+      "browser": {
+        "types": "./dist/browser.d.ts",
+        "import": "./dist/browser.js"
+      },
+      "default": {
+        "types": "./dist/node.d.ts",
+        "import": "./dist/node.js"
+      }
+    },
+    "./browser": {
+      "types": "./dist/browser.d.ts",
+      "import": "./dist/browser.js"
+    },
+    "./node": {
+      "types": "./dist/node.d.ts",
+      "import": "./dist/node.js"
     }
   },
   "files": [
@@ -35,20 +49,20 @@
     "registry": "https://registry.npmjs.org/"
   },
   "scripts": {
-    "codegen:auto": "wget http://authticon-krs.dev.kubeticon.com/documentation/yaml -O openapi.yaml && npm run codegen && rm openapi.yaml",
+    "codegen:auto": "wget http://authticon-krs.dev.kubeticon.com/documentation/yaml -O openapi.yaml && npm run codegen ",
     "codegen": "openapi-ts",
     "build": "tsc",
+    "dev": "tsc --watch",
     "test": "vitest",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
     "@types/pino": "^7.0.5",
-    "axios": "^1.13.6",
     "cookie": "^1.1.1",
     "jose": "^6.2.0"
   },
   "devDependencies": {
-    "@hey-api/client-axios": "^0.9.1",
+    "@hey-api/client-fetch": "^0.9.0",
     "@hey-api/openapi-ts": "0.94.1",
     "@types/node": "^25.5.0",
     "dotenv": "^17.3.1",

package/dist/Acccount.d.ts

@@ -1,9 +0,0 @@
-import type { Client } from "./generated/client/index.js";
-import { type PostApiV1AuthEmailChangeData, type PostApiV1AuthPasswordChangeData } from "./generated/index.js";
-export declare class Account {
-    private readonly client;
-    constructor(client: Client);
-    changeEmail(params: PostApiV1AuthEmailChangeData['body']): Promise<null>;
-    changePassword(params: PostApiV1AuthPasswordChangeData['body']): Promise<null>;
-}
-//# sourceMappingURL=Acccount.d.ts.map

package/dist/Acccount.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"Acccount.d.ts","sourceRoot":"","sources":["../src/Acccount.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAyD,KAAK,4BAA4B,EAAE,KAAK,+BAA+B,EAAE,MAAM,sBAAsB,CAAC;AAEtK,qBAAa,OAAO;IACJ,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,WAAW,CAAC,MAAM,EAAE,4BAA4B,CAAC,MAAM,CAAC;IAQxD,cAAc,CAAC,MAAM,EAAE,+BAA+B,CAAC,MAAM,CAAC;CAOvE"}

package/dist/Acccount.js

@@ -1,22 +0,0 @@
-import { postApiV1AuthEmailChange, postApiV1AuthPasswordChange } from "./generated/index.js";
-export class Account {
-    client;
-    constructor(client) {
-        this.client = client;
-    }
-    async changeEmail(params) {
-        const { data } = await postApiV1AuthEmailChange({
-            client: this.client,
-            body: params
-        });
-        return data;
-    }
-    async changePassword(params) {
-        const { data } = await postApiV1AuthPasswordChange({
-            client: this.client,
-            body: params
-        });
-        return data;
-    }
-}
-//# sourceMappingURL=Acccount.js.map

package/dist/Acccount.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"Acccount.js","sourceRoot":"","sources":["../src/Acccount.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,2BAA2B,EAA2E,MAAM,sBAAsB,CAAC;AAEtK,MAAM,OAAO,OAAO;IACa;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,WAAW,CAAC,MAA4C;QAC1D,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,wBAAwB,CAAC;YAC5C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;SACf,CAAC,CAAA;QACF,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAA+C;QAChE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,2BAA2B,CAAC;YAC/C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;SACf,CAAC,CAAA;QACF,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ"}

package/dist/Auth.d.ts

@@ -1,29 +0,0 @@
-import type { Client } from "./generated/client/index.js";
-import type { PostApiV1AuthLoginAsData, PostApiV1AuthLoginData, PostApiV1AuthRegisterData } from "./generated/types.gen.js";
-export declare class Auth {
-    private readonly client;
-    constructor(client: Client);
-    login(params: PostApiV1AuthLoginData["body"]): Promise<{
-        accessToken: string;
-        refreshToken: string;
-        deviceId: string;
-        challanges: Array<"verifyTwoFa" | "setTwoFa" | "resetPassword" | "setPassword">;
-        sessionId: string;
-    }>;
-    register(params: PostApiV1AuthRegisterData["body"]): Promise<{
-        userId: string;
-    }>;
-    logout(refreshToken: string): Promise<{
-        success: boolean;
-    }>;
-    refresh(refreshToken: string): Promise<{
-        accessToken: string;
-    }>;
-    loginAs(params: PostApiV1AuthLoginAsData["body"]): Promise<{
-        accessToken: string;
-        refreshToken: string;
-        deviceId: string;
-        sessionId: string;
-    }>;
-}
-//# sourceMappingURL=Auth.d.ts.map

package/dist/Auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"Auth.d.ts","sourceRoot":"","sources":["../src/Auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAC;AAQ1D,OAAO,KAAK,EACV,wBAAwB,EACxB,sBAAsB,EACtB,yBAAyB,EAC1B,MAAM,0BAA0B,CAAC;AAElC,qBAAa,IAAI;IACH,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,KAAK,CAAC,MAAM,EAAE,sBAAsB,CAAC,MAAM,CAAC;;;;;;;IAQ5C,QAAQ,CAAC,MAAM,EAAE,yBAAyB,CAAC,MAAM,CAAC;;;IAQlD,MAAM,CAAC,YAAY,EAAE,MAAM;;;IAU3B,OAAO,CAAC,YAAY,EAAE,MAAM;;;IAU5B,OAAO,CAAC,MAAM,EAAE,wBAAwB,CAAC,MAAM,CAAC;;;;;;CAOvD"}

package/dist/Auth.js

@@ -1,47 +0,0 @@
-import { postApiV1AuthLogin, postApiV1AuthLoginAs, postApiV1AuthLogout, postApiV1AuthRegister, postApiV1AuthTokenRefresh, } from "./generated/sdk.gen.js";
-export class Auth {
-    client;
-    constructor(client) {
-        this.client = client;
-    }
-    async login(params) {
-        const { data } = await postApiV1AuthLogin({
-            client: this.client,
-            body: params,
-        });
-        return data;
-    }
-    async register(params) {
-        const { data } = await postApiV1AuthRegister({
-            client: this.client,
-            body: params,
-        });
-        return data;
-    }
-    async logout(refreshToken) {
-        const { data } = await postApiV1AuthLogout({
-            client: this.client,
-            body: {
-                refreshToken,
-            },
-        });
-        return data;
-    }
-    async refresh(refreshToken) {
-        const { data } = await postApiV1AuthTokenRefresh({
-            client: this.client,
-            body: {
-                refreshToken,
-            },
-        });
-        return data;
-    }
-    async loginAs(params) {
-        const { data } = await postApiV1AuthLoginAs({
-            client: this.client,
-            body: params,
-        });
-        return data;
-    }
-}
-//# sourceMappingURL=Auth.js.map

package/dist/Auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"Auth.js","sourceRoot":"","sources":["../src/Auth.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC;AAOhC,MAAM,OAAO,IAAI;IACc;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,KAAK,CAAC,MAAsC;QAChD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC;YACxC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAyC;QACtD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,qBAAqB,CAAC;YAC3C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB;QAC/B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,mBAAmB,CAAC;YACzC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE;gBACJ,YAAY;aACb;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,yBAAyB,CAAC;YAC/C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE;gBACJ,YAAY;aACb;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAwC;QACpD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,oBAAoB,CAAC;YAC1C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}