@authticon/client 0.0.0-beta8 → 0.0.3

package/README.md

@@ -0,0 +1,390 @@
+# @authticon/client
+
+Oficjalny klient JavaScript/TypeScript dla [Authticon](https://authticon.com) — usługi uwierzytelniania. Biblioteka wspiera zarówno środowisko **Node.js** (SSR, API routes), jak i **przeglądarkę** (SPA, client-side).
+
+## Instalacja
+
+```bash
+npm install @authticon/client
+```
+
+**Wymagania:** Node.js >= 18
+
+## Dwa entry pointy
+
+Biblioteka dostarcza dwa osobne moduły z odrębnymi implementacjami cookie i sesji:
+
+| Import                                           | Środowisko         | Cookie adapter                                                                                                             |
+| ------------------------------------------------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------- |
+| `@authticon/client` lub `@authticon/client/node` | Node.js / SSR      | Parsuje cookies z obiektu `Request`, zwraca `CookieStorageAdapter` z metodami `applyToResponse()`, `stringifySetCookies()` |
+| `@authticon/client/browser`                      | Przeglądarka / SPA | Używa `document.cookie`                                                                                                    |
+
+## Szybki start
+
+### Node.js (np. Next.js, Express, Hono)
+
+```typescript
+import { createAuthticon } from "@authticon/client/node";
+
+const authticon = createAuthticon({
+  projectId: "your-project-id",
+});
+
+// W handlerze HTTP:
+async function handler(request: Request) {
+  const { getUser, login, logout, cookies } = await authticon.session({
+    request,
+  });
+
+  const user = getUser(); // SessionUser | null
+
+  // cookies.applyToResponse(response) — ustawia Set-Cookie na odpowiedzi
+}
+```
+
+### Przeglądarka
+
+```typescript
+import { createAuthticon } from "@authticon/client/browser";
+
+const authticon = createAuthticon({
+  projectId: "your-project-id",
+});
+
+const session = await authticon.session({});
+
+const user = session.getUser();
+await session.login({ email: "user@example.com", password: "secret" });
+```
+
+## Konfiguracja
+
+```typescript
+type AuthticonOptions = {
+  projectId: string; // ID projektu w Authticon (wymagane)
+  baseUrl?: string; // URL API (domyślnie: "https://authticon.com")
+  jwksUrl?: string; // URL do JWKS (domyślnie: {baseUrl}/.well-known/jwks.json)
+  jwksCacheTtlMs?: number; // TTL cache kluczy JWKS (domyślnie: 1h)
+  cache?: CacheAdapter; // Zewnętrzny adapter cache (domyślnie: in-memory)
+  logger?: Logger; // Instancja pino logger
+};
+```
+
+## Session (API stanowe)
+
+`session()` to główny sposób interakcji z biblioteką. Tworzy **stanowy obiekt sesji**, który:
+
+1. Przy tworzeniu automatycznie odczytuje tokeny z cookies
+2. Weryfikuje access token za pomocą JWKS
+3. Jeśli token wygasł — automatycznie odświeża go za pomocą refresh tokena
+4. Cache'uje obiekt `SessionUser` w pamięci na czas życia sesji
+5. Operacje takie jak `login()`, `logout()`, `createGuest()` automatycznie aktualizują wewnętrzny stan sesji i zapisują nowe tokeny w cookies
+
+### Tworzenie sesji
+
+#### Node.js — z obiektu `Request`
+
+```typescript
+const session = await authticon.session({ request });
+// session.cookies — CookieStorageAdapter z metodami applyToResponse(), stringifySetCookies()
+```
+
+#### Node.js — z własnym `CookieAdapter`
+
+```typescript
+const session = await authticon.session({ cookies: myCookieAdapter });
+```
+
+#### Przeglądarka
+
+```typescript
+const session = await authticon.session({});
+// Automatycznie używa document.cookie
+```
+
+Opcjonalnie można przekazać `tokenStorage` do nadpisania nazw cookies i ich parametrów:
+
+```typescript
+const session = await authticon.session({
+  request,
+  tokenStorage: {
+    accessTokenName: "my_access_token",
+    refreshTokenName: "my_refresh_token",
+    secure: true,
+    sameSite: "Strict",
+    domain: ".example.com",
+  },
+});
+```
+
+### Metody sesji
+
+#### Autentykacja
+
+| Metoda                       | Opis                                                                      |
+| ---------------------------- | ------------------------------------------------------------------------- |
+| `login(params)`              | Logowanie (email/password). Zwraca `SessionUser`.                         |
+| `register(params)`           | Rejestracja. Zwraca dane rejestracji (tokeny nie są jeszcze zapisywane).  |
+| `loginByMagicLink(params)`   | Loguje użytkownika przez magic link (z `deviceId`). Zwraca `SessionUser`. |
+| `forgotPassword(params)`     | Inicjuje reset hasła.                                                     |
+| `verifyEmail(params)`        | Weryfikuje email.                                                         |
+| `createGuest(params)`        | Tworzy użytkownika-gościa. Zwraca `SessionUser`.                          |
+| `acceptInvitation(params)`   | Akceptuje zaproszenie. Zwraca `SessionUser`.                              |
+| `resendConfirmation(params)` | Ponownie wysyła email potwierdzający.                                     |
+| `logout()`                   | Wylogowuje (server-side + czyści cookies).                                |
+| `refresh()`                  | Wymusza odświeżenie tokenów.                                              |
+
+#### Stan użytkownika
+
+| Metoda                | Opis                                                                              |
+| --------------------- | --------------------------------------------------------------------------------- |
+| `getUser()`           | Zwraca `SessionUser \| null`.                                                     |
+| `requireUser()`       | Zwraca `SessionUser` lub rzuca `AuthticonError`.                                  |
+| `isLoggedIn()`        | Zwraca `boolean` — czy istnieje access token.                                     |
+| `isLoggedInByAdmin()` | Zwraca `boolean` — czy istnieje admin refresh token (logowanie jako użytkownik).  |
+| `getFirstChallenge()` | Zwraca pierwszy challenge (np. `"verifyTwoFa"`, `"setPassword"`) lub `undefined`. |
+
+#### Profil użytkownika
+
+| Metoda             | Opis                                         |
+| ------------------ | -------------------------------------------- |
+| `getMe()`          | Pobiera dane zalogowanego użytkownika z API. |
+| `updateMe(params)` | Aktualizuje dane zalogowanego użytkownika.   |
+
+#### Zarządzanie kontem
+
+| Metoda                   | Opis                               |
+| ------------------------ | ---------------------------------- |
+| `changeEmail(params)`    | Zmiana emaila.                     |
+| `changePassword(params)` | Zmiana hasła.                      |
+| `setPassword(params)`    | Ustawienie hasła (np. po resecie). |
+| `changePhone(params)`    | Zmiana numeru telefonu.            |
+| `verifyPhone(params)`    | Weryfikacja numeru telefonu.       |
+
+#### Dwuskładnikowe uwierzytelnianie (2FA)
+
+| Metoda                             | Opis                                                          |
+| ---------------------------------- | ------------------------------------------------------------- |
+| `getTwoFaSecret()`                 | Pobiera sekret 2FA (do wyświetlenia QR code).                 |
+| `enableTwoFa(params)`              | Włącza 2FA.                                                   |
+| `disableTwoFa(params)`             | Wyłącza 2FA.                                                  |
+| `sendTwoFaCode(params)`            | Wysyła kod 2FA.                                               |
+| `verifyTwoFaCode(code, remember?)` | Weryfikuje kod 2FA i aktualizuje sesję. Zwraca `SessionUser`. |
+
+#### Zaproszenia
+
+| Metoda                     | Opis                |
+| -------------------------- | ------------------- |
+| `createInvitation(params)` | Tworzy zaproszenie. |
+| `deleteInvitation(params)` | Usuwa zaproszenie.  |
+
+#### Tokeny
+
+Obiekt `session.tokens` daje bezpośredni dostęp do tokenów:
+
+```typescript
+session.tokens.getAccessToken(); // string | null
+session.tokens.getRefreshToken(); // string | null
+session.tokens.verify(); // weryfikuje aktualny access token
+session.tokens.verify(customToken); // weryfikuje dowolny token
+session.tokens.clear(); // czyści tokeny z cookies i resetuje stan sesji
+```
+
+### SessionUser
+
+```typescript
+type SessionUser<Payload> = {
+  id: string; // ID użytkownika
+  sessionId: string; // ID sesji
+  projectId: string; // ID projektu
+  role: "guest" | "user";
+  isGuest: boolean;
+  challenges: Challenge[]; // np. ["verifyTwoFa", "setPassword"]
+  payload: Payload; // custom claims z tokena
+  raw: AccessTokenPayload; // surowy payload JWT
+};
+```
+
+## Low-level API
+
+Oprócz stanowej sesji, `createAuthticon()` udostępnia niskopoziomowe klienty API, które nie zarządzają stanem ani cookies.
+
+### `authticon.auth()` — klient publiczny (bez autoryzacji)
+
+Bezstanowy klient do endpointów niewymagających tokenu:
+
+```typescript
+const auth = authticon.auth();
+
+await auth.login({ email: "user@example.com", password: "secret" });
+await auth.register({ email: "user@example.com", password: "secret" });
+await auth.forgotPassword({ email: "user@example.com" });
+await auth.loginByMagicLink({ token: "..." });
+await auth.verifyEmail({ token: "..." });
+await auth.createGuestUser({ ... });
+await auth.acceptInvitation({ token: "...", password: "..." });
+await auth.resendConfirmation({ email: "..." });
+```
+
+> **Uwaga:** Te metody zwracają surowe dane z API (np. tokeny). Zarządzanie cookies/stanem leży po stronie wywołującego.
+
+### `authticon.admin(options)` — klient administracyjny (tylko Node.js)
+
+Wymaga klucza API. Służy do operacji administracyjnych:
+
+```typescript
+const admin = authticon.admin({ apiKey: "your-api-key" });
+
+await admin.listUsers({ page: 1 });
+await admin.createUser({ email: "new@example.com", password: "..." });
+await admin.getUser("user-id");
+await admin.updateUser("user-id", { ... });
+await admin.deleteUser("user-id");
+await admin.loginAs({ userId: "user-id" });
+await admin.sendMagicLink({ email: "user@example.com", url: "https://example.com/login" });
+
+
+// Role
+await admin.createUserRole("user-id", { ... });
+await admin.listUserRoles("user-id");
+await admin.updateUserRole("user-id", "role-id", { ... });
+await admin.deleteUserRole("user-id", "role-id");
+
+// Magic link
+await admin.sendMagicLink({ email: "user@example.com" });
+
+// SMS
+await admin.sendSmsCode("user-id");
+await admin.verifySms("user-id", { code: "123456" });
+
+// Dostępność
+await admin.isEmailAvailable("user@example.com");  // boolean
+await admin.isPhoneAvailable("+48123456789");       // boolean
+
+// Test email
+await admin.testEmail({ ... });
+```
+
+### `authticon.tokens` (tylko Node.js)
+
+Bezpośredni dostęp do weryfikatora tokenów na poziomie instancji:
+
+```typescript
+const payload = await authticon.tokens.verify(accessToken);
+authticon.tokens.clearKeyCache(); // czyści cache kluczy JWKS
+```
+
+## Cookie adaptery
+
+### Node.js — `createNodeCookieStorageAdapter`
+
+Parsuje cookies z `Request`, buforuje zmiany i pozwala je aplikować do `Response`:
+
+```typescript
+import { createNodeCookieStorageAdapter } from "@authticon/client/node";
+
+const cookies = createNodeCookieStorageAdapter(request);
+
+// Po operacjach sesji:
+cookies.applyToResponse(response);
+// lub:
+const setCookieHeaders = cookies.stringifySetCookies(); // string[]
+```
+
+### Przeglądarka — `createBrowserCookieAdapter`
+
+Operuje bezpośrednio na `document.cookie`:
+
+```typescript
+import { createBrowserCookieAdapter } from "@authticon/client/browser";
+
+const cookies = createBrowserCookieAdapter();
+```
+
+### Własny adapter
+
+Możesz zaimplementować interfejs `CookieAdapter`:
+
+```typescript
+interface CookieAdapter {
+  get(name: string): string | null;
+  set(name: string, value: string, options: CookieSetOptions): void;
+  remove(name: string, options: CookieRemoveOptions): void;
+}
+```
+
+## Token storage — konfiguracja cookies
+
+```typescript
+type TokenStorageOptions = {
+  accessTokenName?: string; // domyślnie: "access_token"
+  refreshTokenName?: string; // domyślnie: "refresh_token"
+  deviceIdName?: string; // domyślnie: "device_id"
+  adminRefreshTokenName?: string; // domyślnie: "admin_refresh_token"
+  path?: string; // domyślnie: "/"
+  domain?: string;
+  secure?: boolean; // domyślnie: true
+  sameSite?: "Strict" | "Lax" | "None"; // domyślnie: "Lax"
+  accessTokenMaxAge?: number; // domyślnie: 900 (15 min)
+  refreshTokenMaxAge?: number; // domyślnie: 2592000 (30 dni)
+};
+```
+
+## Obsługa błędów
+
+Biblioteka definiuje dedykowaną hierarchię błędów:
+
+```typescript
+import {
+  AuthticonError,
+  AuthticonApiError,
+  AuthticonTokenError,
+  isAuthticonError,
+  isAuthticonApiError,
+  isAuthticonTokenError,
+} from "@authticon/client";
+```
+
+| Klasa                 | Opis                                                           |
+| --------------------- | -------------------------------------------------------------- |
+| `AuthticonError`      | Bazowy błąd (np. brak tokenu, użytkownik niezalogowany)        |
+| `AuthticonApiError`   | Błąd odpowiedzi API (zawiera `statusCode` i `response`)        |
+| `AuthticonTokenError` | Błąd weryfikacji JWT (zawiera `code` i oryginalny `joseError`) |
+
+```typescript
+try {
+  const user = session.requireUser();
+} catch (error) {
+  if (isAuthticonApiError(error)) {
+    console.log(error.statusCode); // np. 401
+  }
+  if (isAuthticonTokenError(error, "ERR_JWT_EXPIRED")) {
+    // Token wygasł
+  }
+}
+```
+
+## Typowanie custom payloadu
+
+Biblioteka wspiera generyczne typowanie payloadu JWT:
+
+```typescript
+type MyPayload = {
+  organizationId: string;
+  permissions: string[];
+};
+
+const authticon = createAuthticon<MyPayload>({
+  projectId: "...",
+});
+
+const session = await authticon.session({ request });
+const user = session.getUser();
+
+user?.payload.organizationId; // string
+user?.payload.permissions; // string[]
+```
+
+## Licencja
+
+MIT

package/dist/authticon.d.ts

@@ -0,0 +1,122 @@
+import type { AuthticonOptions, CookieAdapter, DefaultAccessTokenPayload, TokenStorageOptions } from "./types.js";
+export type CookieAdapterFactory<SessionOpts> = (options: SessionOpts) => CookieAdapter;
+export declare const createBaseAuthticon: <Payload extends Record<string, any> = DefaultAccessTokenPayload, SessionOpts extends {
+    tokenStorage?: TokenStorageOptions;
+} = {
+    tokenStorage?: TokenStorageOptions;
+}>(options: AuthticonOptions, buildCookieAdapter: CookieAdapterFactory<SessionOpts>) => {
+    session: (sessionOptions: SessionOpts) => Promise<{
+        login: (params: import("./clients/generated/types.gen.js").LoginData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        loginByMagicLink: (params: import("./clients/generated/types.gen.js").LoginByMagicLinkData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        loginAs: (admin: import("./clients/admin.js").AdminClient, targetUserId: string) => Promise<import("./types.js").SessionUser<Payload> | null>;
+        backToAdmin: () => Promise<import("./types.js").SessionUser<Payload> | null>;
+        register: (params: import("./clients/generated/types.gen.js").RegisterData["body"]) => Promise<{
+            userId: string;
+        }>;
+        forgotPassword: (params: import("./clients/generated/types.gen.js").ForgotPasswordData["body"]) => Promise<null>;
+        verifyEmail: (token: string) => Promise<void>;
+        createGuest: (params: import("./clients/generated/types.gen.js").CreateGuestUserData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        acceptInvitation: (params: import("./clients/generated/types.gen.js").AcceptInvitationData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        resendConfirmation: (params: import("./clients/generated/types.gen.js").ResendEmailConfirmationData["body"]) => Promise<null>;
+        getMe: () => Promise<{
+            id: string;
+            email: string;
+            firstName: string | null;
+            lastName: string | null;
+            isGuest: boolean;
+            claims: unknown;
+            phone: string | null;
+            locale: string;
+            passwordUpdatedAt: string | null;
+            hasPassword: boolean;
+            twoFaEnabled: boolean;
+            twoFaType: "APP" | "EMAIL" | "PHONE";
+            isBlocked: boolean;
+            isBlockedUntil: string | null;
+            phoneVerified: boolean;
+            emailVerified: boolean;
+            roles: Array<{
+                id: string;
+                role: string;
+                group: string;
+            }>;
+            metadata: {
+                [key: string]: unknown;
+            };
+        }>;
+        updateUser: (params: import("./clients/generated/types.gen.js").UpdateMeData["body"]) => Promise<{
+            id: string;
+        }>;
+        updateMe: (params: import("./clients/generated/types.gen.js").UpdateMeData["body"]) => Promise<{
+            id: string;
+        }>;
+        getUser: () => import("./types.js").SessionUser<Payload> | null;
+        requireUser: () => import("./types.js").SessionUser<Payload>;
+        getFirstChallenge: () => import("./types.js").Challenge | undefined;
+        isLoggedIn: () => boolean;
+        isLoggedInByAdmin: () => boolean;
+        logout: () => Promise<void>;
+        refresh: () => Promise<void>;
+        getDeviceId: () => string | null;
+        changeEmail: (params: import("./clients/generated/types.gen.js").ChangeEmailData["body"]) => Promise<null>;
+        changePassword: (params: import("./clients/generated/types.gen.js").ChangePasswordData["body"]) => Promise<null>;
+        setPassword: (params: import("./clients/generated/types.gen.js").SetPasswordData["body"]) => Promise<null>;
+        changePhone: (params: import("./clients/generated/types.gen.js").ChangePhoneData["body"]) => Promise<null>;
+        verifyPhone: (params: import("./clients/generated/types.gen.js").VerifyPhoneData["body"]) => Promise<null>;
+        getTwoFaSecret: () => Promise<{
+            secret: string;
+            uri: string;
+        }>;
+        enableTwoFa: (params: import("./clients/generated/types.gen.js").EnableTwoFaData["body"]) => Promise<void>;
+        disableTwoFa: (params: import("./clients/generated/types.gen.js").DisableTwoFaData["body"]) => Promise<void>;
+        sendTwoFaCode: (params: import("./clients/generated/types.gen.js").SendTwoFaCodeData["body"]) => Promise<void>;
+        verifyTwoFaCode: (code: string, remember?: boolean) => Promise<import("./types.js").SessionUser<Payload>>;
+        createInvitation: (params: import("./clients/generated/types.gen.js").CreateInvitationData["body"]) => Promise<{
+            id: string;
+            email: string;
+            token: string;
+            validTo: string;
+            role: string | null;
+            group: string | null;
+            returnUrl: string | null;
+        }>;
+        deleteInvitation: (params: import("./clients/generated/types.gen.js").DeleteInvitationData["path"]) => Promise<{
+            id: string;
+        }>;
+        tokens: {
+            getAccessToken: () => string | null;
+            getRefreshToken: () => string | null;
+            verify: (token?: string) => Promise<import("./types.js").AccessTokenPayload<Payload>>;
+            clear: () => void;
+        };
+        cookies: CookieAdapter;
+    }>;
+    auth: () => {
+        login: (params: import("./clients/generated/types.gen.js").LoginData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+        loginByMagicLink: (params: import("./clients/generated/types.gen.js").LoginByMagicLinkData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+        register: (params: import("./clients/generated/types.gen.js").RegisterData["body"]) => Promise<{
+            userId: string;
+        }>;
+        forgotPassword: (params: import("./clients/generated/types.gen.js").ForgotPasswordData["body"]) => Promise<null>;
+        createGuestUser: (params: import("./clients/generated/types.gen.js").CreateGuestUserData["body"]) => Promise<{
+            token: string;
+        }>;
+        acceptInvitation: (params: import("./clients/generated/types.gen.js").AcceptInvitationData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+        }>;
+        verifyEmail: (params: import("./clients/generated/types.gen.js").VerifyEmailData["body"]) => Promise<void>;
+        resendConfirmation: (params: import("./clients/generated/types.gen.js").ResendEmailConfirmationData["body"]) => Promise<null>;
+    };
+};
+//# sourceMappingURL=authticon.d.ts.map

package/dist/authticon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authticon.d.ts","sourceRoot":"","sources":["../src/authticon.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,aAAa,EACb,yBAAyB,EACzB,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAIpB,MAAM,MAAM,oBAAoB,CAAC,WAAW,IAAI,CAC9C,OAAO,EAAE,WAAW,KACjB,aAAa,CAAC;AAEnB,eAAO,MAAM,mBAAmB,GAC9B,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,yBAAyB,EAC/D,WAAW,SAAS;IAAE,YAAY,CAAC,EAAE,mBAAmB,CAAA;CAAE,GAAG;IAC3D,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC,EAED,SAAS,gBAAgB,EACzB,oBAAoB,oBAAoB,CAAC,WAAW,CAAC;8BAoBzB,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAcxC,CAAC"}

package/dist/authticon.js

@@ -0,0 +1,24 @@
+import { createAuthClient } from "./clients/auth.js";
+import { createSession } from "./session.js";
+import { createTokenVerifier } from "./tokens.js";
+const DEFAULT_BASE_URL = "https://authticon.com";
+export const createBaseAuthticon = (options, buildCookieAdapter) => {
+    const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+    const jwksUrl = options.jwksUrl ?? `${baseUrl}/.well-known/jwks.json`;
+    const verifier = createTokenVerifier(jwksUrl, options.jwksCacheTtlMs, options.logger?.child({ authticon: "token-verifier" }), options.cache);
+    const deps = {
+        projectId: options.projectId,
+        baseUrl,
+        verifier,
+        logger: options.logger,
+    };
+    return {
+        session: (sessionOptions) => createSession(deps, buildCookieAdapter(sessionOptions), sessionOptions.tokenStorage),
+        auth: () => createAuthClient({
+            projectId: options.projectId,
+            baseUrl,
+            logger: options.logger,
+        }),
+    };
+};
+//# sourceMappingURL=authticon.js.map

package/dist/authticon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authticon.js","sourceRoot":"","sources":["../src/authticon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAA0B,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAQlD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAMjD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAMjC,OAAyB,EACzB,kBAAqD,EACrD,EAAE;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,gBAAgB,CAAC;IACpD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,GAAG,OAAO,wBAAwB,CAAC;IAEtE,MAAM,QAAQ,GAAG,mBAAmB,CAClC,OAAO,EACP,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,EACtD,OAAO,CAAC,KAAK,CACd,CAAC;IAEF,MAAM,IAAI,GAAsB;QAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO;QACP,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC,cAA2B,EAAE,EAAE,CACvC,aAAa,CACX,IAAI,EACJ,kBAAkB,CAAC,cAAc,CAAC,EAClC,cAAc,CAAC,YAAY,CAC5B;QAEH,IAAI,EAAE,GAAG,EAAE,CACT,gBAAgB,CAAC;YACf,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO;YACP,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;KACL,CAAC;AACJ,CAAC,CAAC"}

package/dist/browser.d.ts

@@ -0,0 +1,128 @@
+import type { AuthticonOptions, CookieAdapter, DefaultAccessTokenPayload, TokenStorageOptions } from "./types.js";
+export type BrowserSessionOptions = {
+    readonly cookies?: CookieAdapter;
+    readonly tokenStorage?: TokenStorageOptions;
+};
+export declare const createAuthticon: <Payload extends Record<string, any> = DefaultAccessTokenPayload>(options: AuthticonOptions) => {
+    password: {
+        encrypt: (password: string) => Promise<string>;
+    };
+    session: (sessionOptions: BrowserSessionOptions) => Promise<{
+        login: (params: import("./clients/generated/types.gen.js").LoginData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        loginByMagicLink: (params: import("./clients/generated/types.gen.js").LoginByMagicLinkData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        loginAs: (admin: import("./clients/admin.js").AdminClient, targetUserId: string) => Promise<import("./types.js").SessionUser<Payload> | null>;
+        backToAdmin: () => Promise<import("./types.js").SessionUser<Payload> | null>;
+        register: (params: import("./clients/generated/types.gen.js").RegisterData["body"]) => Promise<{
+            userId: string;
+        }>;
+        forgotPassword: (params: import("./clients/generated/types.gen.js").ForgotPasswordData["body"]) => Promise<null>;
+        verifyEmail: (token: string) => Promise<void>;
+        createGuest: (params: import("./clients/generated/types.gen.js").CreateGuestUserData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        acceptInvitation: (params: import("./clients/generated/types.gen.js").AcceptInvitationData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        resendConfirmation: (params: import("./clients/generated/types.gen.js").ResendEmailConfirmationData["body"]) => Promise<null>;
+        getMe: () => Promise<{
+            id: string;
+            email: string;
+            firstName: string | null;
+            lastName: string | null;
+            isGuest: boolean;
+            claims: unknown;
+            phone: string | null;
+            locale: string;
+            passwordUpdatedAt: string | null;
+            hasPassword: boolean;
+            twoFaEnabled: boolean;
+            twoFaType: "APP" | "EMAIL" | "PHONE";
+            isBlocked: boolean;
+            isBlockedUntil: string | null;
+            phoneVerified: boolean;
+            emailVerified: boolean;
+            roles: Array<{
+                id: string;
+                role: string;
+                group: string;
+            }>;
+            metadata: {
+                [key: string]: unknown;
+            };
+        }>;
+        updateUser: (params: import("./clients/generated/types.gen.js").UpdateMeData["body"]) => Promise<{
+            id: string;
+        }>;
+        updateMe: (params: import("./clients/generated/types.gen.js").UpdateMeData["body"]) => Promise<{
+            id: string;
+        }>;
+        getUser: () => import("./types.js").SessionUser<Payload> | null;
+        requireUser: () => import("./types.js").SessionUser<Payload>;
+        getFirstChallenge: () => import("./types.js").Challenge | undefined;
+        isLoggedIn: () => boolean;
+        isLoggedInByAdmin: () => boolean;
+        logout: () => Promise<void>;
+        refresh: () => Promise<void>;
+        getDeviceId: () => string | null;
+        changeEmail: (params: import("./clients/generated/types.gen.js").ChangeEmailData["body"]) => Promise<null>;
+        changePassword: (params: import("./clients/generated/types.gen.js").ChangePasswordData["body"]) => Promise<null>;
+        setPassword: (params: import("./clients/generated/types.gen.js").SetPasswordData["body"]) => Promise<null>;
+        changePhone: (params: import("./clients/generated/types.gen.js").ChangePhoneData["body"]) => Promise<null>;
+        verifyPhone: (params: import("./clients/generated/types.gen.js").VerifyPhoneData["body"]) => Promise<null>;
+        getTwoFaSecret: () => Promise<{
+            secret: string;
+            uri: string;
+        }>;
+        enableTwoFa: (params: import("./clients/generated/types.gen.js").EnableTwoFaData["body"]) => Promise<void>;
+        disableTwoFa: (params: import("./clients/generated/types.gen.js").DisableTwoFaData["body"]) => Promise<void>;
+        sendTwoFaCode: (params: import("./clients/generated/types.gen.js").SendTwoFaCodeData["body"]) => Promise<void>;
+        verifyTwoFaCode: (code: string, remember?: boolean) => Promise<import("./types.js").SessionUser<Payload>>;
+        createInvitation: (params: import("./clients/generated/types.gen.js").CreateInvitationData["body"]) => Promise<{
+            id: string;
+            email: string;
+            token: string;
+            validTo: string;
+            role: string | null;
+            group: string | null;
+            returnUrl: string | null;
+        }>;
+        deleteInvitation: (params: import("./clients/generated/types.gen.js").DeleteInvitationData["path"]) => Promise<{
+            id: string;
+        }>;
+        tokens: {
+            getAccessToken: () => string | null;
+            getRefreshToken: () => string | null;
+            verify: (token?: string) => Promise<import("./types.js").AccessTokenPayload<Payload>>;
+            clear: () => void;
+        };
+        cookies: CookieAdapter;
+    }>;
+    auth: () => {
+        login: (params: import("./clients/generated/types.gen.js").LoginData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+        loginByMagicLink: (params: import("./clients/generated/types.gen.js").LoginByMagicLinkData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+        register: (params: import("./clients/generated/types.gen.js").RegisterData["body"]) => Promise<{
+            userId: string;
+        }>;
+        forgotPassword: (params: import("./clients/generated/types.gen.js").ForgotPasswordData["body"]) => Promise<null>;
+        createGuestUser: (params: import("./clients/generated/types.gen.js").CreateGuestUserData["body"]) => Promise<{
+            token: string;
+        }>;
+        acceptInvitation: (params: import("./clients/generated/types.gen.js").AcceptInvitationData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+        }>;
+        verifyEmail: (params: import("./clients/generated/types.gen.js").VerifyEmailData["body"]) => Promise<void>;
+        resendConfirmation: (params: import("./clients/generated/types.gen.js").ResendEmailConfirmationData["body"]) => Promise<null>;
+    };
+};
+export { createBrowserCookieAdapter } from "./cookies/browser.js";
+export * from "./errors.js";
+export { createInMemoryCacheAdapter, createTokenStorage, createTokenVerifier, } from "./tokens.js";
+export type * from "./types.js";
+//# sourceMappingURL=browser.d.ts.map