@authticon/client 0.0.0-beta9 → 0.0.4

package/dist/node.js

@@ -0,0 +1,46 @@
+import { createAdminClient } from "./clients/admin.js";
+import { createAuthClient } from "./clients/auth.js";
+import { createNodeCookieStorageAdapter, } from "./cookies/node.js";
+import { createSession, } from "./session.js";
+import { createTokenVerifier } from "./tokens.js";
+const DEFAULT_BASE_URL = "https://authticon.com";
+export const createAuthticon = (options) => {
+    const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+    const jwksUrl = options.jwksUrl ?? `${baseUrl}/.well-known/jwks.json`;
+    const verifier = createTokenVerifier(jwksUrl, options.jwksCacheTtlMs, options.logger?.child({ authticon: "token-verifier" }), options.cache);
+    const deps = {
+        projectId: options.projectId,
+        baseUrl,
+        verifier,
+        logger: options.logger,
+    };
+    const session = async (sessionOptions) => {
+        const cookies = "request" in sessionOptions
+            ? createNodeCookieStorageAdapter(sessionOptions.request)
+            : sessionOptions.cookies;
+        const client = await createSession(deps, cookies, sessionOptions.tokenStorage);
+        return { ...client, cookies };
+    };
+    return {
+        session,
+        tokens: {
+            verify: verifier.verifyToken,
+            clearKeyCache: verifier.clearKeyCache,
+        },
+        auth: () => createAuthClient({
+            projectId: options.projectId,
+            baseUrl,
+            logger: options.logger,
+        }),
+        admin: (adminOptions) => createAdminClient({
+            apiKey: (adminOptions?.apiKey ?? options.apiKey),
+            baseUrl,
+            logger: options.logger,
+        }),
+    };
+};
+export { createAdminClient } from "./clients/admin.js";
+export { createNodeCookieStorageAdapter, } from "./cookies/node.js";
+export * from "./errors.js";
+export { createInMemoryCacheAdapter, createTokenStorage, createTokenVerifier, } from "./tokens.js";
+//# sourceMappingURL=node.js.map

package/dist/node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.js","sourceRoot":"","sources":["../src/node.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EACL,8BAA8B,GAE/B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,aAAa,GAGd,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AASlD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAajD,MAAM,CAAC,MAAM,eAAe,GAAG,CAG7B,OAAwD,EACxD,EAAE;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,gBAAgB,CAAC;IACpD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,GAAG,OAAO,wBAAwB,CAAC;IAEtE,MAAM,QAAQ,GAAG,mBAAmB,CAClC,OAAO,EACP,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,EACtD,OAAO,CAAC,KAAK,CACd,CAAC;IAEF,MAAM,IAAI,GAAsB;QAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO;QACP,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC;IAEF,MAAM,OAAO,GAA2B,KAAK,EAAE,cAAc,EAAE,EAAE;QAC/D,MAAM,OAAO,GACX,SAAS,IAAI,cAAc;YACzB,CAAC,CAAC,8BAA8B,CAAC,cAAc,CAAC,OAAO,CAAC;YACxD,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC,IAAI,EACJ,OAAO,EACP,cAAc,CAAC,YAAY,CAC5B,CAAC;QAEF,OAAO,EAAE,GAAG,MAAM,EAAE,OAAO,EAAS,CAAC;IACvC,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QAEP,MAAM,EAAE;YACN,MAAM,EAAE,QAAQ,CAAC,WAAW;YAC5B,aAAa,EAAE,QAAQ,CAAC,aAAa;SACtC;QAED,IAAI,EAAE,GAAG,EAAE,CACT,gBAAgB,CAAC;YACf,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO;YACP,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;QAEJ,KAAK,EAAE,CAAC,YAAiC,EAAE,EAAE,CAC3C,iBAAiB,CAAC;YAChB,MAAM,EAAE,CAAC,YAAY,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,CAAE;YACjD,OAAO;YACP,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;KACL,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,8BAA8B,GAE/B,MAAM,mBAAmB,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,aAAa,CAAC"}

package/dist/password.d.ts

@@ -0,0 +1,8 @@
+type PasswordOptions = {
+    baseUrl?: string;
+};
+export declare const createPassword: ({ baseUrl }: PasswordOptions) => {
+    encrypt: (password: string) => Promise<string>;
+};
+export {};
+//# sourceMappingURL=password.d.ts.map

package/dist/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../src/password.ts"],"names":[],"mappings":"AAAA,KAAK,eAAe,GAAG;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,aAAa,eAAe;wBAuB7B,MAAM;CAWnC,CAAC"}

package/dist/password.js

@@ -0,0 +1,23 @@
+export const createPassword = ({ baseUrl }) => {
+    baseUrl = baseUrl ?? "https://authticon.com";
+    const importPublicKey = async () => {
+        const response = await fetch(`${baseUrl}/.well-known/encryption-key.pem`);
+        const pem = await response.text();
+        const pemContents = pem
+            .replace(/-----BEGIN PUBLIC KEY-----/, "")
+            .replace(/-----END PUBLIC KEY-----/, "")
+            .replace(/\s/g, "");
+        const binaryDer = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
+        const publicKey = await window.crypto.subtle.importKey("spki", binaryDer.buffer, { name: "RSA-OAEP", hash: "SHA-256" }, false, ["encrypt"]);
+        return publicKey;
+    };
+    return {
+        encrypt: async (password) => {
+            const publicKey = await importPublicKey();
+            const encoded = new TextEncoder().encode(password);
+            const encrypted = await window.crypto.subtle.encrypt({ name: "RSA-OAEP" }, publicKey, encoded);
+            return btoa(String.fromCharCode(...new Uint8Array(encrypted)));
+        },
+    };
+};
+//# sourceMappingURL=password.js.map

package/dist/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../src/password.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,EAAE,OAAO,EAAmB,EAAE,EAAE;IAC7D,OAAO,GAAG,OAAO,IAAI,uBAAuB,CAAC;IAC7C,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;QACjC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,iCAAiC,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,GAAG;aACpB,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC;aACzC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC;aACvC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACtB,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CACzD,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAChB,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CACpD,MAAM,EACN,SAAS,CAAC,MAAM,EAChB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,EACrC,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,KAAK,EAAE,QAAgB,EAAE,EAAE;YAClC,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAClD,EAAE,IAAI,EAAE,UAAU,EAAE,EACpB,SAAS,EACT,OAAO,CACR,CAAC;YACF,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,115 @@
+import type { Logger } from "pino";
+import type { AdminClient } from "./clients/admin.js";
+import type { AcceptInvitationData, ChangeEmailData, ChangePasswordData, ChangePhoneData, CreateGuestUserData, CreateInvitationData, DeleteInvitationData, DisableTwoFaData, EnableTwoFaData, ForgotPasswordData, LoginByMagicLinkData, LoginData, RegisterData, ResendEmailConfirmationData, SendTwoFaCodeData, SetPasswordData, UpdateMeData, VerifyPhoneData } from "./clients/generated/types.gen.js";
+import { type TokenVerifier } from "./tokens.js";
+import type { AccessTokenPayload, Challenge, CookieAdapter, DefaultAccessTokenPayload, SessionUser, TokenStorageOptions } from "./types.js";
+export type SessionClientDeps = {
+    readonly projectId: string;
+    readonly baseUrl: string;
+    readonly verifier: TokenVerifier<any>;
+    readonly logger?: Logger;
+};
+export type Session<Payload extends Record<string, any> = DefaultAccessTokenPayload> = Awaited<ReturnType<typeof createSession<Payload>>>;
+export declare const createSession: <Payload extends Record<string, any> = Record<string, any>>(deps: SessionClientDeps, cookies: CookieAdapter, tokenStorageOptions?: TokenStorageOptions) => Promise<{
+    login: (params: LoginData["body"]) => Promise<SessionUser<Payload>>;
+    loginByMagicLink: (params: LoginByMagicLinkData["body"]) => Promise<SessionUser<Payload>>;
+    loginAs: (admin: AdminClient, targetUserId: string) => Promise<SessionUser<Payload> | null>;
+    backToAdmin: () => Promise<SessionUser<Payload> | null>;
+    register: (params: RegisterData["body"]) => Promise<{
+        userId: string;
+    }>;
+    forgotPassword: (params: ForgotPasswordData["body"]) => Promise<null>;
+    verifyEmail: (token: string) => Promise<void>;
+    createGuest: (params: CreateGuestUserData["body"]) => Promise<SessionUser<Payload>>;
+    acceptInvitation: (params: AcceptInvitationData["body"]) => Promise<SessionUser<Payload>>;
+    resendConfirmation: (params: ResendEmailConfirmationData["body"]) => Promise<null>;
+    getMe: () => Promise<{
+        id: string;
+        email: string;
+        firstName: string | null;
+        lastName: string | null;
+        isGuest: boolean;
+        claims: unknown;
+        phone: string | null;
+        locale: string;
+        passwordUpdatedAt: string | null;
+        hasPassword: boolean;
+        twoFaEnabled: boolean;
+        twoFaType: "APP" | "EMAIL" | "PHONE";
+        isBlocked: boolean;
+        isBlockedUntil: string | null;
+        phoneVerified: boolean;
+        emailVerified: boolean;
+        roles: Array<{
+            id: string;
+            role: string;
+            group: string;
+        }>;
+        metadata: {
+            [key: string]: unknown;
+        };
+    }>;
+    updateUser: (params: UpdateMeData["body"]) => Promise<{
+        id: string;
+    }>;
+    updateMe: (params: UpdateMeData["body"]) => Promise<{
+        id: string;
+    }>;
+    getUser: () => SessionUser<Payload> | null;
+    requireUser: () => SessionUser<Payload>;
+    getFirstChallenge: () => Challenge | undefined;
+    isLoggedIn: () => boolean;
+    isLoggedInByAdmin: () => boolean;
+    logout: () => Promise<void>;
+    refresh: () => Promise<void>;
+    getDeviceId: () => string | null;
+    changeEmail: (params: ChangeEmailData["body"]) => Promise<null>;
+    changePassword: (params: ChangePasswordData["body"]) => Promise<null>;
+    setPassword: (params: SetPasswordData["body"]) => Promise<null>;
+    changePhone: (params: ChangePhoneData["body"]) => Promise<null>;
+    verifyPhone: (params: VerifyPhoneData["body"]) => Promise<null>;
+    getTwoFaSecret: () => Promise<{
+        secret: string;
+        uri: string;
+    }>;
+    enableTwoFa: (params: EnableTwoFaData["body"]) => Promise<void>;
+    disableTwoFa: (params: DisableTwoFaData["body"]) => Promise<void>;
+    sendTwoFaCode: (params: SendTwoFaCodeData["body"]) => Promise<void>;
+    verifyTwoFaCode: (code: string, remember?: boolean) => Promise<SessionUser<Payload>>;
+    createInvitation: (params: CreateInvitationData["body"]) => Promise<{
+        id: string;
+        email: string;
+        token: string;
+        validTo: string;
+        role: string | null;
+        group: string | null;
+        returnUrl: string | null;
+    }>;
+    deleteInvitation: (params: DeleteInvitationData["path"]) => Promise<{
+        id: string;
+    }>;
+    socialAuthorize: (provider: "google" | "facebook" | "github", redirectUri: string) => Promise<{
+        authorizationUrl: string;
+    }>;
+    socialExchange: (provider: "google" | "facebook" | "github", code: string, state: string) => Promise<{
+        provider: string;
+        providerUserId: string;
+    } | SessionUser<Payload>>;
+    getSocialAccounts: () => Promise<{
+        id: string;
+        provider: string;
+        providerUserId: string;
+        createdAt: string;
+    }[]>;
+    socialUnlink: (provider: "google" | "facebook" | "github") => Promise<{
+        success: boolean;
+    }>;
+    tokens: {
+        getAccessToken: () => string | null;
+        getRefreshToken: () => string | null;
+        verify: (token?: string) => Promise<AccessTokenPayload<Payload>>;
+        clear: () => void;
+    };
+    cookies: CookieAdapter;
+}>;
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,KAAK,EACV,oBAAoB,EACpB,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,YAAY,EACZ,2BAA2B,EAC3B,iBAAiB,EACjB,eAAe,EACf,YAAY,EACZ,eAAe,EAChB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,KAAK,EACV,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,yBAAyB,EACzB,WAAW,EACX,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,OAAO,CACjB,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,yBAAyB,IAC7D,OAAO,CAAC,UAAU,CAAC,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAEvD,eAAO,MAAM,aAAa,GACxB,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAEzD,MAAM,iBAAiB,EACvB,SAAS,aAAa,EACtB,sBAAsB,mBAAmB;oBAuGvB,SAAS,CAAC,MAAM,CAAC;+BAYA,oBAAoB,CAAC,MAAM,CAAC;qBAYtC,WAAW,gBAAgB,MAAM;;uBAyB/B,YAAY,CAAC,MAAM,CAAC;;;6BAMpB,kBAAkB,CAAC,MAAM,CAAC;yBAG9B,MAAM;0BAEC,mBAAmB,CAAC,MAAM,CAAC;+BAQ5B,oBAAoB,CAAC,MAAM,CAAC;iCAM1B,2BAA2B,CAAC,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAKrC,YAAY,CAAC,MAAM,CAAC;;;uBAGtB,YAAY,CAAC,MAAM,CAAC;;;mBAGhC,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI;uBAEvB,WAAW,CAAC,OAAO,CAAC;6BAKd,SAAS,GAAG,SAAS;;;;;;0BAgChB,eAAe,CAAC,MAAM,CAAC;6BAGpB,kBAAkB,CAAC,MAAM,CAAC;0BAG7B,eAAe,CAAC,MAAM,CAAC;0BAGvB,eAAe,CAAC,MAAM,CAAC;0BAGvB,eAAe,CAAC,MAAM,CAAC;;;;;0BASvB,eAAe,CAAC,MAAM,CAAC;2BAGtB,gBAAgB,CAAC,MAAM,CAAC;4BAGvB,iBAAiB,CAAC,MAAM,CAAC;4BAGzB,MAAM;+BAQH,oBAAoB,CAAC,MAAM,CAAC;;;;;;;;;+BAG5B,oBAAoB,CAAC,MAAM,CAAC;;;gCAG3B,QAAQ,GAAG,UAAU,GAAG,QAAQ,eAAe,MAAM;;;+BAUtD,QAAQ,GAAG,UAAU,GAAG,QAAQ,QAAQ,MAAM,SAAS,MAAM;;;;;;;;;;6BAY/D,QAAQ,GAAG,UAAU,GAAG,QAAQ;;;;;;yBAMtC,MAAM;;;;EAelC,CAAC"}

package/dist/session.js

@@ -0,0 +1,240 @@
+import { createAuthClient } from "./clients/auth.js";
+import { createUserClient } from "./clients/user.js";
+import { AuthticonError } from "./errors.js";
+import { createTokenStorage } from "./tokens.js";
+export const createSession = async (deps, cookies, tokenStorageOptions) => {
+    const storage = createTokenStorage(cookies, tokenStorageOptions, deps.logger?.child({ authticon: "token-storage" }));
+    const { projectId, baseUrl, verifier, logger } = deps;
+    const authApi = createAuthClient({ projectId, baseUrl, logger });
+    const toSessionUser = (raw) => {
+        const { authticon, ...payload } = raw;
+        return {
+            ...payload,
+            sessionId: authticon.sessionId,
+            projectId: authticon.projectId,
+            challenges: authticon.challenges,
+            raw,
+        };
+    };
+    let cachedUser = null;
+    const buildUserApi = () => {
+        const accessToken = storage.getAccessToken();
+        if (!accessToken)
+            throw new AuthticonError("No access token available");
+        return createUserClient({ accessToken, baseUrl, logger });
+    };
+    const saveTokens = (tokens) => {
+        storage.setAccessToken(tokens.accessToken);
+        storage.setRefreshToken(tokens.refreshToken);
+        if (tokens.deviceId)
+            storage.setDeviceId(tokens.deviceId);
+    };
+    const verifyAndBuildUser = async (token) => {
+        const accessToken = token ?? storage.getAccessToken();
+        if (!accessToken)
+            throw new AuthticonError("No access token found");
+        const payload = (await verifier.verifyToken(accessToken));
+        return toSessionUser(payload);
+    };
+    const tryRefresh = async () => {
+        const refreshToken = storage.getRefreshToken();
+        if (!refreshToken)
+            return null;
+        try {
+            const result = await buildUserApi().refresh(refreshToken);
+            if (!result)
+                return null;
+            storage.setAccessToken(result.accessToken);
+            storage.setRefreshToken(result.refreshToken);
+            return result.accessToken;
+        }
+        catch {
+            storage.clear();
+            return null;
+        }
+    };
+    const resolveUser = async () => {
+        const accessToken = storage.getAccessToken();
+        if (!accessToken)
+            return null;
+        try {
+            return await verifyAndBuildUser(accessToken);
+        }
+        catch {
+            const newToken = await tryRefresh();
+            return newToken ? verifyAndBuildUser(newToken) : null;
+        }
+    };
+    const authenticateWith = async (apiCall, errorMsg) => {
+        const result = await apiCall();
+        if (!result)
+            throw new AuthticonError(errorMsg);
+        saveTokens(result);
+        cachedUser = await verifyAndBuildUser(result.accessToken);
+        return cachedUser;
+    };
+    const refreshAfterCall = async (apiCall) => {
+        const result = await apiCall();
+        await tryRefresh();
+        cachedUser = await resolveUser();
+        if (!cachedUser)
+            throw new AuthticonError("User is not authenticated");
+        return result;
+    };
+    cachedUser = await resolveUser();
+    return {
+        login: (params) => {
+            const deviceId = storage.getDeviceId() || undefined;
+            return authenticateWith(() => authApi.login({
+                ...params,
+                deviceId,
+            }), "Login failed");
+        },
+        loginByMagicLink: async (params) => {
+            const deviceId = storage.getDeviceId() || undefined;
+            return authenticateWith(() => authApi.loginByMagicLink({
+                ...params,
+                deviceId,
+            }), "Login by magic link failed");
+        },
+        loginAs: async (admin, targetUserId) => {
+            if (!cachedUser)
+                throw new AuthticonError("User is not authenticated");
+            const deviceId = storage.getDeviceId() || undefined;
+            if (!deviceId)
+                throw new AuthticonError("Device ID is not set");
+            const result = await admin.loginAs({
+                userId: cachedUser.id,
+                deviceId,
+                targetUserId,
+            });
+            storage.setAdminRefreshToken(storage.getRefreshToken());
+            storage.setRefreshToken(result.refreshToken);
+            storage.setAccessToken(result.accessToken);
+            return resolveUser();
+        },
+        backToAdmin: async () => {
+            const adminRefreshToken = storage.getAdminRefreshToken();
+            if (!adminRefreshToken)
+                throw new AuthticonError("Admin refresh token is not set");
+            storage.clearAdminRefreshToken();
+            storage.setRefreshToken(adminRefreshToken);
+            await tryRefresh();
+            return resolveUser();
+        },
+        register: async (params) => {
+            const result = await authApi.register(params);
+            if (!result)
+                throw new AuthticonError("Register failed");
+            return result;
+        },
+        forgotPassword: (params) => authApi.forgotPassword(params),
+        verifyEmail: (token) => authApi.verifyEmail({ token }),
+        createGuest: async (params) => {
+            const result = await authApi.createGuestUser(params);
+            if (!result)
+                throw new AuthticonError("Guest creation failed");
+            storage.setAccessToken(result.token);
+            cachedUser = await verifyAndBuildUser(result.token);
+            return cachedUser;
+        },
+        acceptInvitation: (params) => authenticateWith(() => authApi.acceptInvitation(params), "Invitation acceptance failed"),
+        resendConfirmation: (params) => authApi.resendConfirmation(params),
+        getMe: async () => buildUserApi().getMe(),
+        updateUser: async (params) => buildUserApi().updateMe(params),
+        updateMe: async (params) => buildUserApi().updateMe(params),
+        getUser: () => cachedUser,
+        requireUser: () => {
+            if (!cachedUser)
+                throw new AuthticonError("User is not authenticated");
+            return cachedUser;
+        },
+        getFirstChallenge: () => {
+            if (!cachedUser)
+                throw new AuthticonError("User is not authenticated");
+            return cachedUser.challenges[0];
+        },
+        isLoggedIn: () => storage.getRefreshToken() !== null,
+        isLoggedInByAdmin: () => storage.getAdminRefreshToken() !== null,
+        logout: async () => {
+            try {
+                if (storage.getAccessToken()) {
+                    await buildUserApi().logout();
+                }
+            }
+            catch (error) {
+                logger?.warn({ error }, "Server logout failed");
+            }
+            finally {
+                storage.clearAccessToken();
+                storage.clearRefreshToken();
+                storage.clearAdminRefreshToken();
+                cachedUser = null;
+            }
+        },
+        refresh: async () => {
+            const newToken = await tryRefresh();
+            if (!newToken)
+                throw new AuthticonError("Token refresh failed");
+            cachedUser = await verifyAndBuildUser(newToken);
+        },
+        getDeviceId: () => storage.getDeviceId(),
+        changeEmail: async (params) => buildUserApi().changeEmail(params),
+        changePassword: async (params) => buildUserApi().changePassword(params),
+        setPassword: async (params) => buildUserApi().setPassword(params),
+        changePhone: async (params) => buildUserApi().changePhone(params),
+        verifyPhone: async (params) => buildUserApi().verifyPhone(params),
+        getTwoFaSecret: async () => {
+            const result = await buildUserApi().getTwoFaSecret();
+            if (!result)
+                throw new AuthticonError("Failed to get 2FA secret");
+            return result;
+        },
+        enableTwoFa: async (params) => refreshAfterCall(() => buildUserApi().enableTwoFa(params)),
+        disableTwoFa: async (params) => refreshAfterCall(() => buildUserApi().disableTwoFa(params)),
+        sendTwoFaCode: async (params) => buildUserApi().sendTwoFaCode(params),
+        verifyTwoFaCode: async (code, remember = false) => {
+            await buildUserApi().verifyTwoFa({ code, remember });
+            await tryRefresh();
+            cachedUser = await resolveUser();
+            if (!cachedUser)
+                throw new AuthticonError("User is not authenticated");
+            return cachedUser;
+        },
+        createInvitation: async (params) => buildUserApi().createInvitation(params),
+        deleteInvitation: async (params) => buildUserApi().deleteInvitation(params),
+        socialAuthorize: async (provider, redirectUri) => {
+            if (cachedUser) {
+                return buildUserApi().socialLink(provider, { redirectUri });
+            }
+            return authApi.socialAuthorize(provider, {
+                redirectUri,
+                deviceId: storage.getDeviceId() || undefined,
+            });
+        },
+        socialExchange: async (provider, code, state) => {
+            if (cachedUser) {
+                return buildUserApi().socialLinkExchange(provider, { code, state });
+            }
+            return authenticateWith(() => authApi.socialExchange(provider, { code, state }), "Social login failed");
+        },
+        getSocialAccounts: async () => buildUserApi().getSocialAccounts(),
+        socialUnlink: async (provider) => buildUserApi().socialUnlink(provider),
+        tokens: {
+            getAccessToken: () => storage.getAccessToken(),
+            getRefreshToken: () => storage.getRefreshToken(),
+            verify: async (token) => {
+                const accessToken = token ?? storage.getAccessToken();
+                if (!accessToken)
+                    throw new AuthticonError("No access token found");
+                return verifier.verifyToken(accessToken);
+            },
+            clear: () => {
+                storage.clear();
+                cachedUser = null;
+            },
+        },
+        cookies,
+    };
+};
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAqBrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAsB,MAAM,aAAa,CAAC;AAqBrE,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAGhC,IAAuB,EACvB,OAAsB,EACtB,mBAAyC,EACzC,EAAE;IACF,MAAM,OAAO,GAAG,kBAAkB,CAChC,OAAO,EACP,mBAAmB,EACnB,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,EAAE,eAAe,EAAE,CAAC,CACnD,CAAC;IACF,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACtD,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAEjE,MAAM,aAAa,GAAG,CACpB,GAAgC,EACV,EAAE;QACxB,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,GAAG,GAAG,CAAC;QACtC,OAAO;YACL,GAAI,OAAmB;YACvB,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC;IAEF,IAAI,UAAU,GAAgC,IAAI,CAAC;IAEnD,MAAM,YAAY,GAAG,GAAG,EAAE;QACxB,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,cAAc,CAAC,2BAA2B,CAAC,CAAC;QACxE,OAAO,gBAAgB,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,CAAC,MAInB,EAAQ,EAAE;QACT,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC3C,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,QAAQ;YAAE,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5D,CAAC,CAAC;IAEF,MAAM,kBAAkB,GAAG,KAAK,EAC9B,KAAc,EACiB,EAAE;QACjC,MAAM,WAAW,GAAG,KAAK,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,cAAc,CAAC,uBAAuB,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,WAAW,CACzC,WAAW,CACZ,CAAgC,CAAC;QAClC,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,KAAK,IAA4B,EAAE;QACpD,MAAM,YAAY,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC/C,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC3C,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC7C,OAAO,MAAM,CAAC,WAAW,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,IAA0C,EAAE;QACnE,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,CAAC;YACH,OAAO,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,QAAQ,GAAG,MAAM,UAAU,EAAE,CAAC;YACpC,OAAO,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACxD,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,KAAK,EAC5B,OAGC,EACD,QAAgB,EAChB,EAAE;QACF,MAAM,MAAM,GAAG,MAAM,OAAO,EAAE,CAAC;QAC/B,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;QAChD,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,UAAU,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC;IACpB,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,KAAK,EAAK,OAAyB,EAAE,EAAE;QAC9D,MAAM,MAAM,GAAG,MAAM,OAAO,EAAE,CAAC;QAC/B,MAAM,UAAU,EAAE,CAAC;QACnB,UAAU,GAAG,MAAM,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,cAAc,CAAC,2BAA2B,CAAC,CAAC;QACvE,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,UAAU,GAAG,MAAM,WAAW,EAAE,CAAC;IAEjC,OAAO;QACL,KAAK,EAAE,CAAC,MAAyB,EAAE,EAAE;YACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC;YACpD,OAAO,gBAAgB,CACrB,GAAG,EAAE,CACH,OAAO,CAAC,KAAK,CAAC;gBACZ,GAAG,MAAM;gBACT,QAAQ;aACT,CAAC,EACJ,cAAc,CACf,CAAC;QACJ,CAAC;QAED,gBAAgB,EAAE,KAAK,EAAE,MAAoC,EAAE,EAAE;YAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC;YACpD,OAAO,gBAAgB,CACrB,GAAG,EAAE,CACH,OAAO,CAAC,gBAAgB,CAAC;gBACvB,GAAG,MAAM;gBACT,QAAQ;aACT,CAAC,EACJ,4BAA4B,CAC7B,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,KAAkB,EAAE,YAAoB,EAAE,EAAE;YAC1D,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,cAAc,CAAC,2BAA2B,CAAC,CAAC;YACvE,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC;YACpD,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,cAAc,CAAC,sBAAsB,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC;gBACjC,MAAM,EAAE,UAAU,CAAC,EAAE;gBACrB,QAAQ;gBACR,YAAY;aACb,CAAC,CAAC;YACH,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC,eAAe,EAAG,CAAC,CAAC;YACzD,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC7C,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC3C,OAAO,WAAW,EAAE,CAAC;QACvB,CAAC;QAED,WAAW,EAAE,KAAK,IAAI,EAAE;YACtB,MAAM,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;YACzD,IAAI,CAAC,iBAAiB;gBACpB,MAAM,IAAI,cAAc,CAAC,gCAAgC,CAAC,CAAC;YAC7D,OAAO,CAAC,sBAAsB,EAAE,CAAC;YACjC,OAAO,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;YAC3C,MAAM,UAAU,EAAE,CAAC;YACnB,OAAO,WAAW,EAAE,CAAC;QACvB,CAAC;QAED,QAAQ,EAAE,KAAK,EAAE,MAA4B,EAAE,EAAE;YAC/C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,cAAc,CAAC,iBAAiB,CAAC,CAAC;YACzD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,cAAc,EAAE,CAAC,MAAkC,EAAE,EAAE,CACrD,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;QAEhC,WAAW,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,CAAC;QAE9D,WAAW,EAAE,KAAK,EAAE,MAAmC,EAAE,EAAE;YACzD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,cAAc,CAAC,uBAAuB,CAAC,CAAC;YAC/D,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACrC,UAAU,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpD,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gBAAgB,EAAE,CAAC,MAAoC,EAAE,EAAE,CACzD,gBAAgB,CACd,GAAG,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,EACtC,8BAA8B,CAC/B;QAEH,kBAAkB,EAAE,CAAC,MAA2C,EAAE,EAAE,CAClE,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC;QAEpC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE;QAEzC,UAAU,EAAE,KAAK,EAAE,MAA4B,EAAE,EAAE,CACjD,YAAY,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAEjC,QAAQ,EAAE,KAAK,EAAE,MAA4B,EAAE,EAAE,CAC/C,YAAY,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAEjC,OAAO,EAAE,GAAgC,EAAE,CAAC,UAAU;QAEtD,WAAW,EAAE,GAAyB,EAAE;YACtC,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,cAAc,CAAC,2BAA2B,CAAC,CAAC;YACvE,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,iBAAiB,EAAE,GAA0B,EAAE;YAC7C,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,cAAc,CAAC,2BAA2B,CAAC,CAAC;YACvE,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QAED,UAAU,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,IAAI;QAEpD,iBAAiB,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,IAAI;QAEhE,MAAM,EAAE,KAAK,IAAI,EAAE;YACjB,IAAI,CAAC;gBACH,IAAI,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;oBAC7B,MAAM,YAAY,EAAE,CAAC,MAAM,EAAE,CAAC;gBAChC,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,EAAE,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,sBAAsB,CAAC,CAAC;YAClD,CAAC;oBAAS,CAAC;gBACT,OAAO,CAAC,gBAAgB,EAAE,CAAC;gBAC3B,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBAC5B,OAAO,CAAC,sBAAsB,EAAE,CAAC;gBACjC,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,MAAM,QAAQ,GAAG,MAAM,UAAU,EAAE,CAAC;YACpC,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,cAAc,CAAC,sBAAsB,CAAC,CAAC;YAChE,UAAU,GAAG,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC;QAED,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE;QAExC,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE,CACrD,YAAY,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;QAEpC,cAAc,EAAE,KAAK,EAAE,MAAkC,EAAE,EAAE,CAC3D,YAAY,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC;QAEvC,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE,CACrD,YAAY,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;QAEpC,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE,CACrD,YAAY,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;QAEpC,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE,CACrD,YAAY,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;QAEpC,cAAc,EAAE,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC,cAAc,EAAE,CAAC;YACrD,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,cAAc,CAAC,0BAA0B,CAAC,CAAC;YAClE,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,WAAW,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE,CACrD,gBAAgB,CAAC,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAE5D,YAAY,EAAE,KAAK,EAAE,MAAgC,EAAE,EAAE,CACvD,gBAAgB,CAAC,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAE7D,aAAa,EAAE,KAAK,EAAE,MAAiC,EAAE,EAAE,CACzD,YAAY,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;QAEtC,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,QAAQ,GAAG,KAAK,EAAE,EAAE;YACxD,MAAM,YAAY,EAAE,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,EAAE,CAAC;YACnB,UAAU,GAAG,MAAM,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,cAAc,CAAC,2BAA2B,CAAC,CAAC;YACvE,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gBAAgB,EAAE,KAAK,EAAE,MAAoC,EAAE,EAAE,CAC/D,YAAY,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAEzC,gBAAgB,EAAE,KAAK,EAAE,MAAoC,EAAE,EAAE,CAC/D,YAAY,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAEzC,eAAe,EAAE,KAAK,EAAE,QAA0C,EAAE,WAAmB,EAAE,EAAE;YACzF,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,YAAY,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,OAAO,CAAC,eAAe,CAAC,QAAQ,EAAE;gBACvC,WAAW;gBACX,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE,IAAI,SAAS;aAC7C,CAAC,CAAC;QACL,CAAC;QAED,cAAc,EAAE,KAAK,EAAE,QAA0C,EAAE,IAAY,EAAE,KAAa,EAAE,EAAE;YAChG,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,YAAY,EAAE,CAAC,kBAAkB,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACtE,CAAC;YACD,OAAO,gBAAgB,CACrB,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EACvD,qBAAqB,CACtB,CAAC;QACJ,CAAC;QAED,iBAAiB,EAAE,KAAK,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC,iBAAiB,EAAE;QAEjE,YAAY,EAAE,KAAK,EAAE,QAA0C,EAAE,EAAE,CACjE,YAAY,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;QAEvC,MAAM,EAAE;YACN,cAAc,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE;YAC9C,eAAe,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE;YAChD,MAAM,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;gBAC/B,MAAM,WAAW,GAAG,KAAK,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACtD,IAAI,CAAC,WAAW;oBAAE,MAAM,IAAI,cAAc,CAAC,uBAAuB,CAAC,CAAC;gBACpE,OAAO,QAAQ,CAAC,WAAW,CAAC,WAAW,CAEtC,CAAC;YACJ,CAAC;YACD,KAAK,EAAE,GAAG,EAAE;gBACV,OAAO,CAAC,KAAK,EAAE,CAAC;gBAChB,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;SACF;QAED,OAAO;KACR,CAAC;AACJ,CAAC,CAAC"}

package/dist/tokens.d.ts

@@ -0,0 +1,27 @@
+import type { Logger } from "pino";
+import type { AccessTokenPayload, CacheAdapter, CookieAdapter, TokenPair, TokenStorageOptions } from "./types.js";
+export declare const createInMemoryCacheAdapter: () => CacheAdapter;
+export type TokenStorage = {
+    readonly save: (tokens: TokenPair) => void;
+    readonly clear: () => void;
+    readonly getAccessToken: () => string | null;
+    readonly getRefreshToken: () => string | null;
+    readonly getDeviceId: () => string | null;
+    readonly getAdminRefreshToken: () => string | null;
+    readonly setAccessToken: (accessToken: string) => void;
+    readonly setRefreshToken: (refreshToken: string) => void;
+    readonly setAdminRefreshToken: (adminRefreshToken: string) => void;
+    readonly setDeviceId: (deviceId: string) => void;
+    readonly clearAccessToken: () => void;
+    readonly clearRefreshToken: () => void;
+    readonly clearDeviceId: () => void;
+    readonly clearAdminRefreshToken: () => void;
+    readonly getAll: () => TokenPair | null;
+};
+export declare const createTokenStorage: (cookies: CookieAdapter, options?: TokenStorageOptions, logger?: Logger) => TokenStorage;
+export type TokenVerifier<Payload extends Record<string, any>> = {
+    readonly verifyToken: (token: string) => Promise<AccessTokenPayload<Payload>>;
+    readonly clearKeyCache: () => void;
+};
+export declare const createTokenVerifier: <Payload extends Record<string, any> = Record<string, any>>(jwksUrl: string, cacheTtlMs?: number, logger?: Logger, externalCache?: CacheAdapter) => TokenVerifier<Payload>;
+//# sourceMappingURL=tokens.d.ts.map

package/dist/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,OAAO,KAAK,EACV,kBAAkB,EAClB,YAAY,EACZ,aAAa,EAGb,SAAS,EACT,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAIpB,eAAO,MAAM,0BAA0B,QAAO,YAY7C,CAAC;AAYF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,IAAI,CAAC;IAC3C,QAAQ,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC;IAC3B,QAAQ,CAAC,cAAc,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IACnD,QAAQ,CAAC,cAAc,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,IAAI,CAAC;IACvD,QAAQ,CAAC,eAAe,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,IAAI,CAAC;IACzD,QAAQ,CAAC,oBAAoB,EAAE,CAAC,iBAAiB,EAAE,MAAM,KAAK,IAAI,CAAC;IACnE,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACjD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;IACtC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC;IACnC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,IAAI,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,SAAS,GAAG,IAAI,CAAC;CACzC,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,SAAS,aAAa,EACtB,UAAS,mBAAwB,EACjC,SAAS,MAAM,KACd,YA0IF,CAAC;AAoCF,MAAM,MAAM,aAAa,CAAC,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI;IAC/D,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9E,QAAQ,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC;CACpC,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC9B,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAEzD,SAAS,MAAM,EACf,aAAY,MAA6B,EACzC,SAAS,MAAM,EACf,gBAAgB,YAAY,KAC3B,aAAa,CAAC,OAAO,CAiEvB,CAAC"}