npm - @authticon/client - Versions diffs - 0.0.0-beta9 → 0.0.4 - Mend

@authticon/client 0.0.0-beta9 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (248) hide show

package/README.md +418 -0
package/dist/authticon.d.ts +147 -0
package/dist/authticon.d.ts.map +1 -0
package/dist/authticon.js +24 -0
package/dist/authticon.js.map +1 -0
package/dist/browser.d.ts +153 -0
package/dist/browser.d.ts.map +1 -0
package/dist/browser.js +14 -0
package/dist/browser.js.map +1 -0
package/dist/clients/admin.d.ts +107 -0
package/dist/clients/admin.d.ts.map +1 -0
package/dist/clients/admin.js +133 -0
package/dist/clients/admin.js.map +1 -0
package/dist/clients/auth.d.ts +43 -0
package/dist/clients/auth.d.ts.map +1 -0
package/dist/clients/auth.js +83 -0
package/dist/clients/auth.js.map +1 -0
package/dist/clients/base.d.ts +8 -0
package/dist/clients/base.d.ts.map +1 -0
package/dist/clients/base.js +18 -0
package/dist/clients/base.js.map +1 -0
package/dist/clients/generated/client/client.gen.d.ts.map +1 -0
package/dist/clients/generated/client/client.gen.js +236 -0
package/dist/clients/generated/client/client.gen.js.map +1 -0
package/dist/{generated → clients/generated}/client/index.d.ts +2 -2
package/dist/clients/generated/client/index.d.ts.map +1 -0
package/dist/{generated → clients/generated}/client/index.js +1 -1
package/dist/clients/generated/client/index.js.map +1 -0
package/dist/clients/generated/client/types.gen.d.ts +118 -0
package/dist/clients/generated/client/types.gen.d.ts.map +1 -0
package/dist/clients/generated/client/types.gen.js.map +1 -0
package/dist/clients/generated/client/utils.gen.d.ts +34 -0
package/dist/clients/generated/client/utils.gen.d.ts.map +1 -0
package/dist/{generated → clients/generated}/client/utils.gen.js +117 -57
package/dist/clients/generated/client/utils.gen.js.map +1 -0
package/dist/clients/generated/client.gen.d.ts.map +1 -0
package/dist/{generated → clients/generated}/client.gen.js +1 -1
package/dist/clients/generated/client.gen.js.map +1 -0
package/dist/clients/generated/core/auth.gen.d.ts.map +1 -0
package/dist/clients/generated/core/auth.gen.js.map +1 -0
package/dist/clients/generated/core/bodySerializer.gen.d.ts.map +1 -0
package/dist/clients/generated/core/bodySerializer.gen.js.map +1 -0
package/dist/clients/generated/core/params.gen.d.ts.map +1 -0
package/dist/clients/generated/core/params.gen.js.map +1 -0
package/dist/clients/generated/core/pathSerializer.gen.d.ts.map +1 -0
package/dist/clients/generated/core/pathSerializer.gen.js.map +1 -0
package/dist/clients/generated/core/queryKeySerializer.gen.d.ts.map +1 -0
package/dist/clients/generated/core/queryKeySerializer.gen.js.map +1 -0
package/dist/clients/generated/core/serverSentEvents.gen.d.ts.map +1 -0
package/dist/clients/generated/core/serverSentEvents.gen.js.map +1 -0
package/dist/clients/generated/core/types.gen.d.ts.map +1 -0
package/dist/clients/generated/core/types.gen.js.map +1 -0
package/dist/clients/generated/core/utils.gen.d.ts.map +1 -0
package/dist/clients/generated/core/utils.gen.js.map +1 -0
package/dist/clients/generated/index.d.ts +3 -0
package/dist/clients/generated/index.d.ts.map +1 -0
package/dist/clients/generated/index.js +3 -0
package/dist/clients/generated/index.js.map +1 -0
package/dist/clients/generated/sdk.gen.d.ts +202 -0
package/dist/clients/generated/sdk.gen.d.ts.map +1 -0
package/dist/clients/generated/sdk.gen.js +510 -0
package/dist/clients/generated/sdk.gen.js.map +1 -0
package/dist/clients/generated/types.gen.d.ts +1541 -0
package/dist/clients/generated/types.gen.d.ts.map +1 -0
package/dist/clients/generated/types.gen.js.map +1 -0
package/dist/clients/user.d.ts +86 -0
package/dist/clients/user.d.ts.map +1 -0
package/dist/clients/user.js +96 -0
package/dist/clients/user.js.map +1 -0
package/dist/cookies/browser.d.ts +3 -0
package/dist/cookies/browser.d.ts.map +1 -0
package/dist/cookies/browser.js +31 -0
package/dist/cookies/browser.js.map +1 -0
package/dist/cookies/node.d.ts +8 -0
package/dist/cookies/node.d.ts.map +1 -0
package/dist/cookies/node.js +49 -0
package/dist/cookies/node.js.map +1 -0
package/dist/errors.d.ts +22 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +40 -0
package/dist/errors.js.map +1 -0
package/dist/node.d.ts +172 -0
package/dist/node.d.ts.map +1 -0
package/dist/node.js +46 -0
package/dist/node.js.map +1 -0
package/dist/password.d.ts +8 -0
package/dist/password.d.ts.map +1 -0
package/dist/password.js +23 -0
package/dist/password.js.map +1 -0
package/dist/session.d.ts +115 -0
package/dist/session.d.ts.map +1 -0
package/dist/session.js +240 -0
package/dist/session.js.map +1 -0
package/dist/tokens.d.ts +27 -0
package/dist/tokens.d.ts.map +1 -0
package/dist/tokens.js +212 -0
package/dist/tokens.js.map +1 -0
package/dist/types.d.ts +48 -6
package/dist/types.d.ts.map +1 -1
package/package.json +23 -8
package/dist/Acccount.d.ts +0 -9
package/dist/Acccount.d.ts.map +0 -1
package/dist/Acccount.js +0 -22
package/dist/Acccount.js.map +0 -1
package/dist/Auth.d.ts +0 -25
package/dist/Auth.d.ts.map +0 -1
package/dist/Auth.js +0 -43
package/dist/Auth.js.map +0 -1
package/dist/Authticon.d.ts +0 -87
package/dist/Authticon.d.ts.map +0 -1
package/dist/Authticon.js +0 -74
package/dist/Authticon.js.map +0 -1
package/dist/BrowserCookieAdapter.d.ts +0 -13
package/dist/BrowserCookieAdapter.d.ts.map +0 -1
package/dist/BrowserCookieAdapter.js +0 -18
package/dist/BrowserCookieAdapter.js.map +0 -1
package/dist/BrowserCookieAdapter.test.d.ts +0 -2
package/dist/BrowserCookieAdapter.test.d.ts.map +0 -1
package/dist/BrowserCookieAdapter.test.js +0 -145
package/dist/BrowserCookieAdapter.test.js.map +0 -1
package/dist/Challange.d.ts +0 -8
package/dist/Challange.d.ts.map +0 -1
package/dist/Challange.js +0 -24
package/dist/Challange.js.map +0 -1
package/dist/CookieStorageAdapter.d.ts +0 -14
package/dist/CookieStorageAdapter.d.ts.map +0 -1
package/dist/CookieStorageAdapter.js +0 -42
package/dist/CookieStorageAdapter.js.map +0 -1
package/dist/CookieStorageAdapter.test.d.ts +0 -2
package/dist/CookieStorageAdapter.test.d.ts.map +0 -1
package/dist/CookieStorageAdapter.test.js +0 -130
package/dist/CookieStorageAdapter.test.js.map +0 -1
package/dist/RemixCookieAdapter.d.ts +0 -12
package/dist/RemixCookieAdapter.d.ts.map +0 -1
package/dist/RemixCookieAdapter.js +0 -25
package/dist/RemixCookieAdapter.js.map +0 -1
package/dist/RemixCookieAdapter.test.d.ts +0 -2
package/dist/RemixCookieAdapter.test.d.ts.map +0 -1
package/dist/RemixCookieAdapter.test.js +0 -136
package/dist/RemixCookieAdapter.test.js.map +0 -1
package/dist/TokenManager.d.ts +0 -24
package/dist/TokenManager.d.ts.map +0 -1
package/dist/TokenManager.js +0 -53
package/dist/TokenManager.js.map +0 -1
package/dist/TokenManager.test.d.ts +0 -2
package/dist/TokenManager.test.d.ts.map +0 -1
package/dist/TokenManager.test.js +0 -118
package/dist/TokenManager.test.js.map +0 -1
package/dist/TokenStorage.d.ts +0 -18
package/dist/TokenStorage.d.ts.map +0 -1
package/dist/TokenStorage.js +0 -69
package/dist/TokenStorage.js.map +0 -1
package/dist/TokenStorage.test.d.ts +0 -2
package/dist/TokenStorage.test.d.ts.map +0 -1
package/dist/TokenStorage.test.js +0 -179
package/dist/TokenStorage.test.js.map +0 -1
package/dist/TokenVerifier.d.ts +0 -13
package/dist/TokenVerifier.d.ts.map +0 -1
package/dist/TokenVerifier.js +0 -61
package/dist/TokenVerifier.js.map +0 -1
package/dist/TokenVerifier.test.d.ts +0 -2
package/dist/TokenVerifier.test.d.ts.map +0 -1
package/dist/TokenVerifier.test.js +0 -117
package/dist/TokenVerifier.test.js.map +0 -1
package/dist/TwoFa.d.ts +0 -26
package/dist/TwoFa.d.ts.map +0 -1
package/dist/TwoFa.js +0 -55
package/dist/TwoFa.js.map +0 -1
package/dist/User.d.ts +0 -25
package/dist/User.d.ts.map +0 -1
package/dist/User.js +0 -27
package/dist/User.js.map +0 -1
package/dist/Users.d.ts +0 -57
package/dist/Users.d.ts.map +0 -1
package/dist/Users.js +0 -55
package/dist/Users.js.map +0 -1
package/dist/cookie-utils.d.ts +0 -5
package/dist/cookie-utils.d.ts.map +0 -1
package/dist/cookie-utils.js +0 -33
package/dist/cookie-utils.js.map +0 -1
package/dist/generated/client/client.gen.d.ts.map +0 -1
package/dist/generated/client/client.gen.js +0 -135
package/dist/generated/client/client.gen.js.map +0 -1
package/dist/generated/client/index.d.ts.map +0 -1
package/dist/generated/client/index.js.map +0 -1
package/dist/generated/client/types.gen.d.ts +0 -89
package/dist/generated/client/types.gen.d.ts.map +0 -1
package/dist/generated/client/types.gen.js.map +0 -1
package/dist/generated/client/utils.gen.d.ts +0 -15
package/dist/generated/client/utils.gen.d.ts.map +0 -1
package/dist/generated/client/utils.gen.js.map +0 -1
package/dist/generated/client.gen.d.ts.map +0 -1
package/dist/generated/client.gen.js.map +0 -1
package/dist/generated/core/auth.gen.d.ts.map +0 -1
package/dist/generated/core/auth.gen.js.map +0 -1
package/dist/generated/core/bodySerializer.gen.d.ts.map +0 -1
package/dist/generated/core/bodySerializer.gen.js.map +0 -1
package/dist/generated/core/params.gen.d.ts.map +0 -1
package/dist/generated/core/params.gen.js.map +0 -1
package/dist/generated/core/pathSerializer.gen.d.ts.map +0 -1
package/dist/generated/core/pathSerializer.gen.js.map +0 -1
package/dist/generated/core/queryKeySerializer.gen.d.ts.map +0 -1
package/dist/generated/core/queryKeySerializer.gen.js.map +0 -1
package/dist/generated/core/serverSentEvents.gen.d.ts.map +0 -1
package/dist/generated/core/serverSentEvents.gen.js.map +0 -1
package/dist/generated/core/types.gen.d.ts.map +0 -1
package/dist/generated/core/types.gen.js.map +0 -1
package/dist/generated/core/utils.gen.d.ts.map +0 -1
package/dist/generated/core/utils.gen.js.map +0 -1
package/dist/generated/index.d.ts +0 -3
package/dist/generated/index.d.ts.map +0 -1
package/dist/generated/index.js +0 -3
package/dist/generated/index.js.map +0 -1
package/dist/generated/sdk.gen.d.ts +0 -58
package/dist/generated/sdk.gen.d.ts.map +0 -1
package/dist/generated/sdk.gen.js +0 -337
package/dist/generated/sdk.gen.js.map +0 -1
package/dist/generated/types.gen.d.ts +0 -1344
package/dist/generated/types.gen.d.ts.map +0 -1
package/dist/generated/types.gen.js.map +0 -1
package/dist/index.d.ts +0 -10
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -8
package/dist/index.js.map +0 -1
package/dist/user.d.ts +0 -50
package/dist/user.d.ts.map +0 -1
package/dist/user.js +0 -35
package/dist/user.js.map +0 -1
/package/dist/{generated → clients/generated}/client/client.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/client/types.gen.js +0 -0
/package/dist/{generated → clients/generated}/client.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/auth.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/auth.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/bodySerializer.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/bodySerializer.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/params.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/params.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/pathSerializer.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/pathSerializer.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/queryKeySerializer.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/queryKeySerializer.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/serverSentEvents.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/serverSentEvents.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/types.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/types.gen.js +0 -0
/package/dist/{generated → clients/generated}/core/utils.gen.d.ts +0 -0
/package/dist/{generated → clients/generated}/core/utils.gen.js +0 -0
/package/dist/{generated → clients/generated}/types.gen.js +0 -0

package/README.md ADDED Viewed

@@ -0,0 +1,418 @@
+# @authticon/client
+Oficjalny klient JavaScript/TypeScript dla [Authticon](https://authticon.com) — usługi uwierzytelniania. Biblioteka wspiera zarówno środowisko **Node.js** (SSR, API routes), jak i **przeglądarkę** (SPA, client-side).
+## Instalacja
+```bash
+npm install @authticon/client
+```
+**Wymagania:** Node.js >= 18
+## Dwa entry pointy
+Biblioteka dostarcza dwa osobne moduły z odrębnymi implementacjami cookie i sesji:
+| Import                                           | Środowisko         | Cookie adapter                                                                                                             |
+| ------------------------------------------------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------- |
+| `@authticon/client` lub `@authticon/client/node` | Node.js / SSR      | Parsuje cookies z obiektu `Request`, zwraca `CookieStorageAdapter` z metodami `applyToResponse()`, `stringifySetCookies()` |
+| `@authticon/client/browser`                      | Przeglądarka / SPA | Używa `document.cookie`                                                                                                    |
+## Szybki start
+### Node.js (np. Next.js, Express, Hono)
+```typescript
+import { createAuthticon } from "@authticon/client/node";
+const authticon = createAuthticon({
+  projectId: "your-project-id",
+});
+// W handlerze HTTP:
+async function handler(request: Request) {
+  const { getUser, login, logout, cookies } = await authticon.session({
+    request,
+  });
+  const user = getUser(); // SessionUser | null
+  // cookies.applyToResponse(response) — ustawia Set-Cookie na odpowiedzi
+}
+```
+### Przeglądarka
+```typescript
+import { createAuthticon } from "@authticon/client/browser";
+const authticon = createAuthticon({
+  projectId: "your-project-id",
+});
+const session = await authticon.session({});
+const user = session.getUser();
+await session.login({ email: "user@example.com", password: "secret" });
+```
+## Konfiguracja
+```typescript
+type AuthticonOptions = {
+  projectId: string; // ID projektu w Authticon (wymagane)
+  baseUrl?: string; // URL API (domyślnie: "https://authticon.com")
+  jwksUrl?: string; // URL do JWKS (domyślnie: {baseUrl}/.well-known/jwks.json)
+  jwksCacheTtlMs?: number; // TTL cache kluczy JWKS (domyślnie: 1h)
+  cache?: CacheAdapter; // Zewnętrzny adapter cache (domyślnie: in-memory)
+  logger?: Logger; // Instancja pino logger
+};
+```
+## Session (API stanowe)
+`session()` to główny sposób interakcji z biblioteką. Tworzy **stanowy obiekt sesji**, który:
+1. Przy tworzeniu automatycznie odczytuje tokeny z cookies
+2. Weryfikuje access token za pomocą JWKS
+3. Jeśli token wygasł — automatycznie odświeża go za pomocą refresh tokena
+4. Cache'uje obiekt `SessionUser` w pamięci na czas życia sesji
+5. Operacje takie jak `login()`, `logout()`, `createGuest()` automatycznie aktualizują wewnętrzny stan sesji i zapisują nowe tokeny w cookies
+### Tworzenie sesji
+#### Node.js — z obiektu `Request`
+```typescript
+const session = await authticon.session({ request });
+// session.cookies — CookieStorageAdapter z metodami applyToResponse(), stringifySetCookies()
+```
+#### Node.js — z własnym `CookieAdapter`
+```typescript
+const session = await authticon.session({ cookies: myCookieAdapter });
+```
+#### Przeglądarka
+```typescript
+const session = await authticon.session({});
+// Automatycznie używa document.cookie
+```
+Opcjonalnie można przekazać `tokenStorage` do nadpisania nazw cookies i ich parametrów:
+```typescript
+const session = await authticon.session({
+  request,
+  tokenStorage: {
+    accessTokenName: "my_access_token",
+    refreshTokenName: "my_refresh_token",
+    secure: true,
+    sameSite: "Strict",
+    domain: ".example.com",
+  },
+});
+```
+### Metody sesji
+#### Autentykacja
+| Metoda                       | Opis                                                                      |
+| ---------------------------- | ------------------------------------------------------------------------- |
+| `login(params)`              | Logowanie (email/password). Zwraca `SessionUser`.                         |
+| `register(params)`           | Rejestracja. Zwraca dane rejestracji (tokeny nie są jeszcze zapisywane).  |
+| `loginByMagicLink(params)`   | Loguje użytkownika przez magic link (z `deviceId`). Zwraca `SessionUser`. |
+| `forgotPassword(params)`     | Inicjuje reset hasła.                                                     |
+| `verifyEmail(params)`        | Weryfikuje email.                                                         |
+| `createGuest(params)`        | Tworzy użytkownika-gościa. Zwraca `SessionUser`.                          |
+| `acceptInvitation(params)`   | Akceptuje zaproszenie. Zwraca `SessionUser`.                              |
+| `resendConfirmation(params)` | Ponownie wysyła email potwierdzający.                                     |
+| `logout()`                   | Wylogowuje (server-side + czyści cookies).                                |
+| `refresh()`                  | Wymusza odświeżenie tokenów.                                              |
+#### Stan użytkownika
+| Metoda                | Opis                                                                              |
+| --------------------- | --------------------------------------------------------------------------------- |
+| `getUser()`           | Zwraca `SessionUser \| null`.                                                     |
+| `requireUser()`       | Zwraca `SessionUser` lub rzuca `AuthticonError`.                                  |
+| `isLoggedIn()`        | Zwraca `boolean` — czy istnieje refresh token (sesja aktywna).                    |
+| `isLoggedInByAdmin()` | Zwraca `boolean` — czy istnieje admin refresh token (logowanie jako użytkownik).  |
+| `getFirstChallenge()` | Zwraca pierwszy challenge (np. `"verifyTwoFa"`, `"setPassword"`) lub `undefined`. |
+#### Profil użytkownika
+| Metoda             | Opis                                         |
+| ------------------ | -------------------------------------------- |
+| `getMe()`          | Pobiera dane zalogowanego użytkownika z API. |
+| `updateMe(params)` | Aktualizuje dane zalogowanego użytkownika.   |
+#### Zarządzanie kontem
+| Metoda                   | Opis                               |
+| ------------------------ | ---------------------------------- |
+| `changeEmail(params)`    | Zmiana emaila.                     |
+| `changePassword(params)` | Zmiana hasła.                      |
+| `setPassword(params)`    | Ustawienie hasła (np. po resecie). |
+| `changePhone(params)`    | Zmiana numeru telefonu.            |
+| `verifyPhone(params)`    | Weryfikacja numeru telefonu.       |
+#### Dwuskładnikowe uwierzytelnianie (2FA)
+| Metoda                             | Opis                                                          |
+| ---------------------------------- | ------------------------------------------------------------- |
+| `getTwoFaSecret()`                 | Pobiera sekret 2FA (do wyświetlenia QR code).                 |
+| `enableTwoFa(params)`              | Włącza 2FA.                                                   |
+| `disableTwoFa(params)`             | Wyłącza 2FA.                                                  |
+| `sendTwoFaCode(params)`            | Wysyła kod 2FA.                                               |
+| `verifyTwoFaCode(code, remember?)` | Weryfikuje kod 2FA i aktualizuje sesję. Zwraca `SessionUser`. |
+#### Social OAuth (Google, Facebook, GitHub)
+Logowanie i linkowanie kont przez zewnętrznych dostawców OAuth. Session automatycznie wybiera odpowiedni flow:
+- **Niezalogowany** — `socialAuthorize` / `socialExchange` inicjuje logowanie/rejestrację
+- **Zalogowany** — te same metody linkują konto social do istniejącego użytkownika
+```typescript
+// 1. Pobierz URL autoryzacji i przekieruj użytkownika
+const { authorizationUrl } = await session.socialAuthorize("google", "https://app.example.com/callback");
+// redirect(authorizationUrl)
+// 2. Po powrocie z providera (w callback route) — wymień code na sesję
+const user = await session.socialExchange("google", code, state);
+// user jest zalogowany (lub konto zostało zlinkowane)
+```
+| Metoda                                      | Opis                                                                       |
+| ------------------------------------------- | -------------------------------------------------------------------------- |
+| `socialAuthorize(provider, redirectUri)`     | Generuje URL autoryzacji OAuth. Zalogowany? Linkuje. Niezalogowany? Loguje.|
+| `socialExchange(provider, code, state)`      | Wymienia code+state na sesję. Zalogowany? Linkuje. Niezalogowany? Loguje.  |
+| `getSocialAccounts()`                        | Lista powiązanych kont social (wymaga zalogowania).                        |
+| `socialUnlink(provider)`                     | Odłącza konto social (wymaga zalogowania).                                 |
+#### Zaproszenia
+| Metoda                     | Opis                |
+| -------------------------- | ------------------- |
+| `createInvitation(params)` | Tworzy zaproszenie. |
+| `deleteInvitation(params)` | Usuwa zaproszenie.  |
+#### Tokeny
+Obiekt `session.tokens` daje bezpośredni dostęp do tokenów:
+```typescript
+session.tokens.getAccessToken(); // string | null
+session.tokens.getRefreshToken(); // string | null
+session.tokens.verify(); // weryfikuje aktualny access token
+session.tokens.verify(customToken); // weryfikuje dowolny token
+session.tokens.clear(); // czyści tokeny z cookies i resetuje stan sesji
+```
+### SessionUser
+```typescript
+type SessionUser<Payload> = {
+  id: string; // ID użytkownika
+  sessionId: string; // ID sesji
+  projectId: string; // ID projektu
+  role: "guest" | "user";
+  isGuest: boolean;
+  challenges: Challenge[]; // np. ["verifyTwoFa", "setPassword"]
+  payload: Payload; // custom claims z tokena
+  raw: AccessTokenPayload; // surowy payload JWT
+};
+```
+## Low-level API
+Oprócz stanowej sesji, `createAuthticon()` udostępnia niskopoziomowe klienty API, które nie zarządzają stanem ani cookies.
+### `authticon.auth()` — klient publiczny (bez autoryzacji)
+Bezstanowy klient do endpointów niewymagających tokenu:
+```typescript
+const auth = authticon.auth();
+await auth.login({ email: "user@example.com", password: "secret" });
+await auth.register({ email: "user@example.com", password: "secret" });
+await auth.forgotPassword({ email: "user@example.com" });
+await auth.loginByMagicLink({ token: "..." });
+await auth.verifyEmail({ token: "..." });
+await auth.createGuestUser({ ... });
+await auth.acceptInvitation({ token: "...", password: "..." });
+await auth.resendConfirmation({ email: "..." });
+// Social OAuth
+await auth.socialAuthorize("google", { redirectUri: "https://app.example.com/callback" });
+await auth.socialExchange("google", { code: "...", state: "..." });
+```
+> **Uwaga:** Te metody zwracają surowe dane z API (np. tokeny). Zarządzanie cookies/stanem leży po stronie wywołującego.
+### `authticon.admin(options)` — klient administracyjny (tylko Node.js)
+Wymaga klucza API. Służy do operacji administracyjnych:
+```typescript
+const admin = authticon.admin({ apiKey: "your-api-key" });
+await admin.listUsers({ page: 1 });
+await admin.createUser({ email: "new@example.com", password: "..." });
+await admin.getUser("user-id");
+await admin.updateUser("user-id", { ... });
+await admin.deleteUser("user-id");
+await admin.loginAs({ userId: "user-id" });
+await admin.sendMagicLink({ email: "user@example.com", url: "https://example.com/login" });
+// Role
+await admin.createUserRole("user-id", { ... });
+await admin.listUserRoles("user-id");
+await admin.updateUserRole("user-id", "role-id", { ... });
+await admin.deleteUserRole("user-id", "role-id");
+// Magic link
+await admin.sendMagicLink({ email: "user@example.com" });
+// SMS
+await admin.sendSmsCode("user-id");
+await admin.verifySms("user-id", { code: "123456" });
+// Dostępność
+await admin.isEmailAvailable("user@example.com");  // boolean
+await admin.isPhoneAvailable("+48123456789");       // boolean
+// Test email
+await admin.testEmail({ ... });
+```
+### `authticon.tokens` (tylko Node.js)
+Bezpośredni dostęp do weryfikatora tokenów na poziomie instancji:
+```typescript
+const payload = await authticon.tokens.verify(accessToken);
+authticon.tokens.clearKeyCache(); // czyści cache kluczy JWKS
+```
+## Cookie adaptery
+### Node.js — `createNodeCookieStorageAdapter`
+Parsuje cookies z `Request`, buforuje zmiany i pozwala je aplikować do `Response`:
+```typescript
+import { createNodeCookieStorageAdapter } from "@authticon/client/node";
+const cookies = createNodeCookieStorageAdapter(request);
+// Po operacjach sesji:
+cookies.applyToResponse(response);
+// lub:
+const setCookieHeaders = cookies.stringifySetCookies(); // string[]
+```
+### Przeglądarka — `createBrowserCookieAdapter`
+Operuje bezpośrednio na `document.cookie`:
+```typescript
+import { createBrowserCookieAdapter } from "@authticon/client/browser";
+const cookies = createBrowserCookieAdapter();
+```
+### Własny adapter
+Możesz zaimplementować interfejs `CookieAdapter`:
+```typescript
+interface CookieAdapter {
+  get(name: string): string | null;
+  set(name: string, value: string, options: CookieSetOptions): void;
+  remove(name: string, options: CookieRemoveOptions): void;
+}
+```
+## Token storage — konfiguracja cookies
+```typescript
+type TokenStorageOptions = {
+  accessTokenName?: string; // domyślnie: "access_token"
+  refreshTokenName?: string; // domyślnie: "refresh_token"
+  deviceIdName?: string; // domyślnie: "device_id"
+  adminRefreshTokenName?: string; // domyślnie: "admin_refresh_token"
+  path?: string; // domyślnie: "/"
+  domain?: string;
+  secure?: boolean; // domyślnie: true
+  sameSite?: "Strict" | "Lax" | "None"; // domyślnie: "Lax"
+  accessTokenMaxAge?: number; // domyślnie: 900 (15 min)
+  refreshTokenMaxAge?: number; // domyślnie: 2592000 (30 dni)
+};
+```
+## Obsługa błędów
+Biblioteka definiuje dedykowaną hierarchię błędów:
+```typescript
+import {
+  AuthticonError,
+  AuthticonApiError,
+  AuthticonTokenError,
+  isAuthticonError,
+  isAuthticonApiError,
+  isAuthticonTokenError,
+} from "@authticon/client";
+```
+| Klasa                 | Opis                                                           |
+| --------------------- | -------------------------------------------------------------- |
+| `AuthticonError`      | Bazowy błąd (np. brak tokenu, użytkownik niezalogowany)        |
+| `AuthticonApiError`   | Błąd odpowiedzi API (zawiera `statusCode` i `response`)        |
+| `AuthticonTokenError` | Błąd weryfikacji JWT (zawiera `code` i oryginalny `joseError`) |
+```typescript
+try {
+  const user = session.requireUser();
+} catch (error) {
+  if (isAuthticonApiError(error)) {
+    console.log(error.statusCode); // np. 401
+  }
+  if (isAuthticonTokenError(error, "ERR_JWT_EXPIRED")) {
+    // Token wygasł
+  }
+}
+```
+## Typowanie custom payloadu
+Biblioteka wspiera generyczne typowanie payloadu JWT:
+```typescript
+type MyPayload = {
+  organizationId: string;
+  permissions: string[];
+};
+const authticon = createAuthticon<MyPayload>({
+  projectId: "...",
+});
+const session = await authticon.session({ request });
+const user = session.getUser();
+user?.payload.organizationId; // string
+user?.payload.permissions; // string[]
+```
+## Licencja
+MIT

package/dist/authticon.d.ts ADDED Viewed

@@ -0,0 +1,147 @@
+import type { AuthticonOptions, CookieAdapter, DefaultAccessTokenPayload, TokenStorageOptions } from "./types.js";
+export type CookieAdapterFactory<SessionOpts> = (options: SessionOpts) => CookieAdapter;
+export declare const createBaseAuthticon: <Payload extends Record<string, any> = DefaultAccessTokenPayload, SessionOpts extends {
+    tokenStorage?: TokenStorageOptions;
+} = {
+    tokenStorage?: TokenStorageOptions;
+}>(options: AuthticonOptions, buildCookieAdapter: CookieAdapterFactory<SessionOpts>) => {
+    session: (sessionOptions: SessionOpts) => Promise<{
+        login: (params: import("./clients/generated/types.gen.js").LoginData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        loginByMagicLink: (params: import("./clients/generated/types.gen.js").LoginByMagicLinkData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        loginAs: (admin: import("./clients/admin.js").AdminClient, targetUserId: string) => Promise<import("./types.js").SessionUser<Payload> | null>;
+        backToAdmin: () => Promise<import("./types.js").SessionUser<Payload> | null>;
+        register: (params: import("./clients/generated/types.gen.js").RegisterData["body"]) => Promise<{
+            userId: string;
+        }>;
+        forgotPassword: (params: import("./clients/generated/types.gen.js").ForgotPasswordData["body"]) => Promise<null>;
+        verifyEmail: (token: string) => Promise<void>;
+        createGuest: (params: import("./clients/generated/types.gen.js").CreateGuestUserData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        acceptInvitation: (params: import("./clients/generated/types.gen.js").AcceptInvitationData["body"]) => Promise<import("./types.js").SessionUser<Payload>>;
+        resendConfirmation: (params: import("./clients/generated/types.gen.js").ResendEmailConfirmationData["body"]) => Promise<null>;
+        getMe: () => Promise<{
+            id: string;
+            email: string;
+            firstName: string | null;
+            lastName: string | null;
+            isGuest: boolean;
+            claims: unknown;
+            phone: string | null;
+            locale: string;
+            passwordUpdatedAt: string | null;
+            hasPassword: boolean;
+            twoFaEnabled: boolean;
+            twoFaType: "APP" | "EMAIL" | "PHONE";
+            isBlocked: boolean;
+            isBlockedUntil: string | null;
+            phoneVerified: boolean;
+            emailVerified: boolean;
+            roles: Array<{
+                id: string;
+                role: string;
+                group: string;
+            }>;
+            metadata: {
+                [key: string]: unknown;
+            };
+        }>;
+        updateUser: (params: import("./clients/generated/types.gen.js").UpdateMeData["body"]) => Promise<{
+            id: string;
+        }>;
+        updateMe: (params: import("./clients/generated/types.gen.js").UpdateMeData["body"]) => Promise<{
+            id: string;
+        }>;
+        getUser: () => import("./types.js").SessionUser<Payload> | null;
+        requireUser: () => import("./types.js").SessionUser<Payload>;
+        getFirstChallenge: () => import("./types.js").Challenge | undefined;
+        isLoggedIn: () => boolean;
+        isLoggedInByAdmin: () => boolean;
+        logout: () => Promise<void>;
+        refresh: () => Promise<void>;
+        getDeviceId: () => string | null;
+        changeEmail: (params: import("./clients/generated/types.gen.js").ChangeEmailData["body"]) => Promise<null>;
+        changePassword: (params: import("./clients/generated/types.gen.js").ChangePasswordData["body"]) => Promise<null>;
+        setPassword: (params: import("./clients/generated/types.gen.js").SetPasswordData["body"]) => Promise<null>;
+        changePhone: (params: import("./clients/generated/types.gen.js").ChangePhoneData["body"]) => Promise<null>;
+        verifyPhone: (params: import("./clients/generated/types.gen.js").VerifyPhoneData["body"]) => Promise<null>;
+        getTwoFaSecret: () => Promise<{
+            secret: string;
+            uri: string;
+        }>;
+        enableTwoFa: (params: import("./clients/generated/types.gen.js").EnableTwoFaData["body"]) => Promise<void>;
+        disableTwoFa: (params: import("./clients/generated/types.gen.js").DisableTwoFaData["body"]) => Promise<void>;
+        sendTwoFaCode: (params: import("./clients/generated/types.gen.js").SendTwoFaCodeData["body"]) => Promise<void>;
+        verifyTwoFaCode: (code: string, remember?: boolean) => Promise<import("./types.js").SessionUser<Payload>>;
+        createInvitation: (params: import("./clients/generated/types.gen.js").CreateInvitationData["body"]) => Promise<{
+            id: string;
+            email: string;
+            token: string;
+            validTo: string;
+            role: string | null;
+            group: string | null;
+            returnUrl: string | null;
+        }>;
+        deleteInvitation: (params: import("./clients/generated/types.gen.js").DeleteInvitationData["path"]) => Promise<{
+            id: string;
+        }>;
+        socialAuthorize: (provider: "google" | "facebook" | "github", redirectUri: string) => Promise<{
+            authorizationUrl: string;
+        }>;
+        socialExchange: (provider: "google" | "facebook" | "github", code: string, state: string) => Promise<{
+            provider: string;
+            providerUserId: string;
+        } | import("./types.js").SessionUser<Payload>>;
+        getSocialAccounts: () => Promise<{
+            id: string;
+            provider: string;
+            providerUserId: string;
+            createdAt: string;
+        }[]>;
+        socialUnlink: (provider: "google" | "facebook" | "github") => Promise<{
+            success: boolean;
+        }>;
+        tokens: {
+            getAccessToken: () => string | null;
+            getRefreshToken: () => string | null;
+            verify: (token?: string) => Promise<import("./types.js").AccessTokenPayload<Payload>>;
+            clear: () => void;
+        };
+        cookies: CookieAdapter;
+    }>;
+    auth: () => {
+        login: (params: import("./clients/generated/types.gen.js").LoginData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+        loginByMagicLink: (params: import("./clients/generated/types.gen.js").LoginByMagicLinkData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+        register: (params: import("./clients/generated/types.gen.js").RegisterData["body"]) => Promise<{
+            userId: string;
+        }>;
+        forgotPassword: (params: import("./clients/generated/types.gen.js").ForgotPasswordData["body"]) => Promise<null>;
+        createGuestUser: (params: import("./clients/generated/types.gen.js").CreateGuestUserData["body"]) => Promise<{
+            token: string;
+        }>;
+        acceptInvitation: (params: import("./clients/generated/types.gen.js").AcceptInvitationData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+        }>;
+        verifyEmail: (params: import("./clients/generated/types.gen.js").VerifyEmailData["body"]) => Promise<void>;
+        resendConfirmation: (params: import("./clients/generated/types.gen.js").ResendEmailConfirmationData["body"]) => Promise<null>;
+        socialAuthorize: (provider: import("./clients/generated/types.gen.js").SocialAuthorizeData["path"]["provider"], params: import("./clients/generated/types.gen.js").SocialAuthorizeData["body"]) => Promise<{
+            authorizationUrl: string;
+        }>;
+        socialExchange: (provider: import("./clients/generated/types.gen.js").SocialExchangeData["path"]["provider"], params: import("./clients/generated/types.gen.js").SocialExchangeData["body"]) => Promise<{
+            accessToken: string;
+            refreshToken: string;
+            deviceId: string;
+            sessionId: string;
+        }>;
+    };
+};
+//# sourceMappingURL=authticon.d.ts.map

package/dist/authticon.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authticon.d.ts","sourceRoot":"","sources":["../src/authticon.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,aAAa,EACb,yBAAyB,EACzB,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAIpB,MAAM,MAAM,oBAAoB,CAAC,WAAW,IAAI,CAC9C,OAAO,EAAE,WAAW,KACjB,aAAa,CAAC;AAEnB,eAAO,MAAM,mBAAmB,GAC9B,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,yBAAyB,EAC/D,WAAW,SAAS;IAAE,YAAY,CAAC,EAAE,mBAAmB,CAAA;CAAE,GAAG;IAC3D,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC,EAED,SAAS,gBAAgB,EACzB,oBAAoB,oBAAoB,CAAC,WAAW,CAAC;8BAoBzB,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oCAeowB,sEAA4B;;;mCAAoQ,qEAA2B;;;;;;;CADvmC,CAAC"}

package/dist/authticon.js ADDED Viewed

@@ -0,0 +1,24 @@
+import { createAuthClient } from "./clients/auth.js";
+import { createSession } from "./session.js";
+import { createTokenVerifier } from "./tokens.js";
+const DEFAULT_BASE_URL = "https://authticon.com";
+export const createBaseAuthticon = (options, buildCookieAdapter) => {
+    const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+    const jwksUrl = options.jwksUrl ?? `${baseUrl}/.well-known/jwks.json`;
+    const verifier = createTokenVerifier(jwksUrl, options.jwksCacheTtlMs, options.logger?.child({ authticon: "token-verifier" }), options.cache);
+    const deps = {
+        projectId: options.projectId,
+        baseUrl,
+        verifier,
+        logger: options.logger,
+    };
+    return {
+        session: (sessionOptions) => createSession(deps, buildCookieAdapter(sessionOptions), sessionOptions.tokenStorage),
+        auth: () => createAuthClient({
+            projectId: options.projectId,
+            baseUrl,
+            logger: options.logger,
+        }),
+    };
+};
+//# sourceMappingURL=authticon.js.map

package/dist/authticon.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authticon.js","sourceRoot":"","sources":["../src/authticon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAA0B,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAQlD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAMjD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAMjC,OAAyB,EACzB,kBAAqD,EACrD,EAAE;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,gBAAgB,CAAC;IACpD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,GAAG,OAAO,wBAAwB,CAAC;IAEtE,MAAM,QAAQ,GAAG,mBAAmB,CAClC,OAAO,EACP,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,EACtD,OAAO,CAAC,KAAK,CACd,CAAC;IAEF,MAAM,IAAI,GAAsB;QAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO;QACP,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC,cAA2B,EAAE,EAAE,CACvC,aAAa,CACX,IAAI,EACJ,kBAAkB,CAAC,cAAc,CAAC,EAClC,cAAc,CAAC,YAAY,CAC5B;QAEH,IAAI,EAAE,GAAG,EAAE,CACT,gBAAgB,CAAC;YACf,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO;YACP,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;KACL,CAAC;AACJ,CAAC,CAAC"}