@bagelink/auth 1.7.92 → 1.7.96

package/dist/api.d.ts

@@ -1,7 +1,16 @@
-import { RegisterRequest, UpdateAccountRequest, ChangePasswordRequest, ResetPasswordRequest, SendVerificationRequest, AuthenticationAccount, LoginResponse, RegisterResponse, LogoutResponse, GetMeResponse, UpdateMeResponse, DeleteMeResponse, GetAccountResponse, UpdateAccountResponse, DeleteAccountResponse, ActivateAccountResponse, DeactivateAccountResponse, ChangePasswordResponse, ForgotPasswordResponse, ResetPasswordResponse, VerifyResetTokenResponse, SendVerificationResponse, VerifyEmailResponse, RefreshSessionResponse, GetSessionsResponse, DeleteSessionResponse, DeleteAllSessionsResponse, CleanupSessionsResponse, GetMethodsResponse, SSOProvider, SSOInitiateRequest, SSOCallbackRequest, SSOLinkRequest, SSOInitiateResponse, SSOCallbackResponse, SSOLinkResponse, SSOUnlinkResponse } from './types';
+import { RegisterRequest, UpdateAccountRequest, ChangePasswordRequest, ResetPasswordRequest, SendVerificationRequest, AuthenticationAccount, LoginResponse, RegisterResponse, LogoutResponse, GetMeResponse, UpdateMeResponse, DeleteMeResponse, GetAccountResponse, UpdateAccountResponse, DeleteAccountResponse, ActivateAccountResponse, DeactivateAccountResponse, ChangePasswordResponse, ForgotPasswordResponse, ResetPasswordResponse, VerifyResetTokenResponse, SendVerificationResponse, VerifyEmailResponse, RefreshSessionResponse, GetSessionsResponse, DeleteSessionResponse, DeleteAllSessionsResponse, CleanupSessionsResponse, GetMethodsResponse, SSOProvider, SSOInitiateRequest, SSOCallbackRequest, SSOLinkRequest, SSOInitiateResponse, SSOCallbackResponse, SSOLinkResponse, SSOUnlinkResponse, GetTenantsResponse } from './types';
 export declare class AuthApi {
     private api;
+    private currentTenantId;
     constructor(baseURL?: string);
+    /**
+     * Set the current tenant ID for multi-tenant requests
+     */
+    setTenantId(tenantId: string | null): void;
+    /**
+     * Get the current tenant ID
+     */
+    getTenantId(): string | null;
     private setupInterceptors;
     /**
      * Get available authentication methods
@@ -112,4 +121,8 @@ export declare class AuthApi {
      * Cleanup expired sessions (admin)
      */
     cleanupSessions(): Promise<CleanupSessionsResponse>;
+    /**
+     * Get list of tenants the authenticated user belongs to
+     */
+    getTenants(): Promise<GetTenantsResponse>;
 }

package/dist/index.cjs

@@ -65,9 +65,22 @@ function queryParams() {
 class AuthApi {
   constructor(baseURL = "") {
     __publicField(this, "api");
+    __publicField(this, "currentTenantId", null);
     this.api = createAxiosInstance(baseURL);
     this.setupInterceptors();
   }
+  /**
+   * Set the current tenant ID for multi-tenant requests
+   */
+  setTenantId(tenantId) {
+    this.currentTenantId = tenantId;
+  }
+  /**
+   * Get the current tenant ID
+   */
+  getTenantId() {
+    return this.currentTenantId;
+  }
   setupInterceptors() {
     this.api.interceptors.request.use((config) => {
       const urlParams = new URLSearchParams(window.location.search);
@@ -75,6 +88,9 @@ class AuthApi {
       if (resetToken !== null) {
         config.headers["X-Reset-Token"] = resetToken;
       }
+      if (this.currentTenantId !== null) {
+        config.headers["X-Tenant-ID"] = this.currentTenantId;
+      }
       return config;
     });
   }
@@ -281,6 +297,15 @@ class AuthApi {
   async cleanupSessions() {
     return this.api.post("/authentication/cleanup-sessions", {});
   }
+  // ============================================
+  // Multi-Tenancy Methods
+  // ============================================
+  /**
+   * Get list of tenants the authenticated user belongs to
+   */
+  async getTenants() {
+    return this.api.get("/tenants");
+  }
 }
 const _hoisted_1$8 = { class: "txt20 bold mb-1" };
 const _hoisted_2$4 = { class: "txt-center opacity-7" };
@@ -1902,35 +1927,24 @@ function accountToUser(account) {
   if (account === null) {
     return null;
   }
-  if (account.person !== void 0) {
+  const hasPersonLinked = account.person !== void 0 && account.person !== null;
+  if (hasPersonLinked) {
     return {
       id: account.person.id,
       accountId: account.id,
       name: account.person.name,
-      email: account.person.email,
+      email: account.person.email ?? void 0,
       type: account.account_type,
       roles: account.person.roles,
       isActive: account.is_active,
       isVerified: account.is_verified,
       person: account.person,
-      lastLogin: account.last_login
-    };
-  }
-  if (account.entity !== void 0) {
-    return {
-      id: account.entity.id,
-      accountId: account.id,
-      name: account.entity.name,
-      type: account.account_type,
-      isActive: account.is_active,
-      isVerified: account.is_verified,
-      lastLogin: account.last_login,
-      entityType: account.entity.type,
-      metadata: account.entity.metadata
+      lastLogin: account.last_login ?? void 0,
+      hasPersonLinked: true
     };
   }
   const emailMethod = account.authentication_methods.find(
-    (m) => m.type === "password" || m.type === "email_token"
+    (m) => m.type === "password" || m.type === "email_token" || m.type === "sso"
   );
   return {
     id: account.id,
@@ -1940,7 +1954,8 @@ function accountToUser(account) {
     type: account.account_type,
     isActive: account.is_active,
     isVerified: account.is_verified,
-    lastLogin: account.last_login
+    lastLogin: account.last_login ?? void 0,
+    hasPersonLinked: false
   };
 }
 const DEFAULT_REDIRECT_CONFIG = {
@@ -1965,6 +1980,8 @@ let redirectConfig = null;
 let autoRedirectRouter = null;
 let cachedAuthGuard = null;
 const accountInfo = vue.ref(null);
+const tenants = vue.ref([]);
+const currentTenant = vue.ref(null);
 function getRedirectConfig() {
   if (!redirectConfig) {
     throw new Error("Redirect config not initialized. Did you call createAuth with redirect config?");
@@ -2135,15 +2152,11 @@ function useAuth() {
   };
   const getAccountType = () => {
     var _a;
-    return ((_a = user.value) == null ? void 0 : _a.type) ?? "person";
+    return ((_a = user.value) == null ? void 0 : _a.type) ?? "identity";
   };
   const isPersonAccount = () => {
     var _a;
-    return ((_a = user.value) == null ? void 0 : _a.type) === "person";
-  };
-  const isEntityAccount = () => {
-    var _a;
-    return ((_a = user.value) == null ? void 0 : _a.type) === "entity";
+    return ((_a = user.value) == null ? void 0 : _a.hasPersonLinked) === true;
   };
   async function logout() {
     const logoutPromise = api.logout();
@@ -2176,6 +2189,45 @@ function useAuth() {
       return false;
     }
   }
+  async function loadTenants() {
+    try {
+      const { data } = await api.getTenants();
+      tenants.value = data;
+      if (currentTenant.value === null && tenants.value.length > 0) {
+        const firstActiveTenant = tenants.value.find((t) => t.status === "active");
+        if (firstActiveTenant !== void 0) {
+          setTenant(firstActiveTenant.id);
+        }
+      }
+      return tenants.value;
+    } catch {
+      tenants.value = [];
+      return [];
+    }
+  }
+  function setTenant(tenantId) {
+    if (tenantId === null) {
+      currentTenant.value = null;
+      api.setTenantId(null);
+      return;
+    }
+    const tenant = tenants.value.find((t) => t.id === tenantId);
+    if (tenant !== void 0) {
+      currentTenant.value = tenant;
+      api.setTenantId(tenantId);
+    } else {
+      throw new Error(`Tenant with ID ${tenantId} not found`);
+    }
+  }
+  function switchTenant(tenantId) {
+    setTenant(tenantId);
+  }
+  function getTenants() {
+    return tenants.value;
+  }
+  function getCurrentTenant() {
+    return currentTenant.value;
+  }
   async function signup(newUser) {
     const hasPassword = newUser.password !== void 0 && newUser.password.length > 0;
     if (hasPassword && newUser.password !== newUser.confirmPassword) {
@@ -2290,6 +2342,9 @@ function useAuth() {
     accountInfo,
     // SSO Providers (ready to use!)
     sso,
+    // Multi-Tenancy State
+    tenants,
+    currentTenant,
     // Getters
     getFullName,
     getIsLoggedIn,
@@ -2297,7 +2352,8 @@ function useAuth() {
     getRoles,
     getAccountType,
     isPersonAccount,
-    isEntityAccount,
+    getTenants,
+    getCurrentTenant,
     // Authentication Actions
     login,
     logout,
@@ -2327,7 +2383,11 @@ function useAuth() {
     // Session Management
     getSessions,
     revokeSession,
-    revokeAllSessions
+    revokeAllSessions,
+    // Multi-Tenancy Actions
+    loadTenants,
+    setTenant,
+    switchTenant
   };
 }
 const useAuth$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({

package/dist/index.mjs

@@ -63,9 +63,22 @@ function queryParams() {
 class AuthApi {
   constructor(baseURL = "") {
     __publicField(this, "api");
+    __publicField(this, "currentTenantId", null);
     this.api = createAxiosInstance(baseURL);
     this.setupInterceptors();
   }
+  /**
+   * Set the current tenant ID for multi-tenant requests
+   */
+  setTenantId(tenantId) {
+    this.currentTenantId = tenantId;
+  }
+  /**
+   * Get the current tenant ID
+   */
+  getTenantId() {
+    return this.currentTenantId;
+  }
   setupInterceptors() {
     this.api.interceptors.request.use((config) => {
       const urlParams = new URLSearchParams(window.location.search);
@@ -73,6 +86,9 @@ class AuthApi {
       if (resetToken !== null) {
         config.headers["X-Reset-Token"] = resetToken;
       }
+      if (this.currentTenantId !== null) {
+        config.headers["X-Tenant-ID"] = this.currentTenantId;
+      }
       return config;
     });
   }
@@ -279,6 +295,15 @@ class AuthApi {
   async cleanupSessions() {
     return this.api.post("/authentication/cleanup-sessions", {});
   }
+  // ============================================
+  // Multi-Tenancy Methods
+  // ============================================
+  /**
+   * Get list of tenants the authenticated user belongs to
+   */
+  async getTenants() {
+    return this.api.get("/tenants");
+  }
 }
 const _hoisted_1$8 = { class: "txt20 bold mb-1" };
 const _hoisted_2$4 = { class: "txt-center opacity-7" };
@@ -1900,35 +1925,24 @@ function accountToUser(account) {
   if (account === null) {
     return null;
   }
-  if (account.person !== void 0) {
+  const hasPersonLinked = account.person !== void 0 && account.person !== null;
+  if (hasPersonLinked) {
     return {
       id: account.person.id,
       accountId: account.id,
       name: account.person.name,
-      email: account.person.email,
+      email: account.person.email ?? void 0,
       type: account.account_type,
       roles: account.person.roles,
       isActive: account.is_active,
       isVerified: account.is_verified,
       person: account.person,
-      lastLogin: account.last_login
-    };
-  }
-  if (account.entity !== void 0) {
-    return {
-      id: account.entity.id,
-      accountId: account.id,
-      name: account.entity.name,
-      type: account.account_type,
-      isActive: account.is_active,
-      isVerified: account.is_verified,
-      lastLogin: account.last_login,
-      entityType: account.entity.type,
-      metadata: account.entity.metadata
+      lastLogin: account.last_login ?? void 0,
+      hasPersonLinked: true
     };
   }
   const emailMethod = account.authentication_methods.find(
-    (m) => m.type === "password" || m.type === "email_token"
+    (m) => m.type === "password" || m.type === "email_token" || m.type === "sso"
   );
   return {
     id: account.id,
@@ -1938,7 +1952,8 @@ function accountToUser(account) {
     type: account.account_type,
     isActive: account.is_active,
     isVerified: account.is_verified,
-    lastLogin: account.last_login
+    lastLogin: account.last_login ?? void 0,
+    hasPersonLinked: false
   };
 }
 const DEFAULT_REDIRECT_CONFIG = {
@@ -1963,6 +1978,8 @@ let redirectConfig = null;
 let autoRedirectRouter = null;
 let cachedAuthGuard = null;
 const accountInfo = ref(null);
+const tenants = ref([]);
+const currentTenant = ref(null);
 function getRedirectConfig() {
   if (!redirectConfig) {
     throw new Error("Redirect config not initialized. Did you call createAuth with redirect config?");
@@ -2133,15 +2150,11 @@ function useAuth() {
   };
   const getAccountType = () => {
     var _a;
-    return ((_a = user.value) == null ? void 0 : _a.type) ?? "person";
+    return ((_a = user.value) == null ? void 0 : _a.type) ?? "identity";
   };
   const isPersonAccount = () => {
     var _a;
-    return ((_a = user.value) == null ? void 0 : _a.type) === "person";
-  };
-  const isEntityAccount = () => {
-    var _a;
-    return ((_a = user.value) == null ? void 0 : _a.type) === "entity";
+    return ((_a = user.value) == null ? void 0 : _a.hasPersonLinked) === true;
   };
   async function logout() {
     const logoutPromise = api.logout();
@@ -2174,6 +2187,45 @@ function useAuth() {
       return false;
     }
   }
+  async function loadTenants() {
+    try {
+      const { data } = await api.getTenants();
+      tenants.value = data;
+      if (currentTenant.value === null && tenants.value.length > 0) {
+        const firstActiveTenant = tenants.value.find((t) => t.status === "active");
+        if (firstActiveTenant !== void 0) {
+          setTenant(firstActiveTenant.id);
+        }
+      }
+      return tenants.value;
+    } catch {
+      tenants.value = [];
+      return [];
+    }
+  }
+  function setTenant(tenantId) {
+    if (tenantId === null) {
+      currentTenant.value = null;
+      api.setTenantId(null);
+      return;
+    }
+    const tenant = tenants.value.find((t) => t.id === tenantId);
+    if (tenant !== void 0) {
+      currentTenant.value = tenant;
+      api.setTenantId(tenantId);
+    } else {
+      throw new Error(`Tenant with ID ${tenantId} not found`);
+    }
+  }
+  function switchTenant(tenantId) {
+    setTenant(tenantId);
+  }
+  function getTenants() {
+    return tenants.value;
+  }
+  function getCurrentTenant() {
+    return currentTenant.value;
+  }
   async function signup(newUser) {
     const hasPassword = newUser.password !== void 0 && newUser.password.length > 0;
     if (hasPassword && newUser.password !== newUser.confirmPassword) {
@@ -2288,6 +2340,9 @@ function useAuth() {
     accountInfo,
     // SSO Providers (ready to use!)
     sso,
+    // Multi-Tenancy State
+    tenants,
+    currentTenant,
     // Getters
     getFullName,
     getIsLoggedIn,
@@ -2295,7 +2350,8 @@ function useAuth() {
     getRoles,
     getAccountType,
     isPersonAccount,
-    isEntityAccount,
+    getTenants,
+    getCurrentTenant,
     // Authentication Actions
     login,
     logout,
@@ -2325,7 +2381,11 @@ function useAuth() {
     // Session Management
     getSessions,
     revokeSession,
-    revokeAllSessions
+    revokeAllSessions,
+    // Multi-Tenancy Actions
+    loadTenants,
+    setTenant,
+    switchTenant
   };
 }
 const useAuth$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({

package/dist/types.d.ts

@@ -22,7 +22,20 @@ export interface AuthEventMap {
     [AuthState.EMAIL_VERIFIED]: AuthEventHandler;
     [AuthState.SESSION_REFRESH]: AuthEventHandler;
 }
-export type AuthenticationAccountType = 'person' | 'entity' | 'service';
+export type AuthenticationAccountType = 'identity' | string;
+export type TenantStatus = 'active' | 'suspended' | 'archived';
+export interface TenantInfo {
+    id: string;
+    name: string;
+    slug: string;
+    parent_id: string | null;
+    settings: Record<string, any> | null;
+    status: TenantStatus;
+    suspended_at: string | null;
+    suspended_reason: string | null;
+    created_at: string;
+    updated_at: string;
+}
 export type AuthenticationMethodType = 'password' | 'email_token' | 'sso' | 'otp';
 export type SSOProvider = 'google' | 'microsoft' | 'github' | 'okta' | 'apple' | 'facebook';
 export interface AuthenticationAccount {
@@ -43,11 +56,11 @@ export interface AuthenticationAccount {
 export interface PersonInfo {
     id: string;
     name: string;
-    email?: string;
-    phone?: string;
-    roles: string[];
     first_name: string;
     last_name: string;
+    email?: string | null;
+    phone_number?: string | null;
+    roles: string[];
 }
 export interface AuthMethodInfo {
     id: string;
@@ -65,10 +78,9 @@ export interface AccountInfo {
     display_name: string;
     is_active: boolean;
     is_verified: boolean;
-    last_login?: string;
+    last_login?: string | null;
     authentication_methods: AuthMethodInfo[];
-    person?: PersonInfo;
-    entity?: EntityInfo;
+    person?: PersonInfo | null;
 }
 export interface EntityInfo {
     id: string;
@@ -85,21 +97,21 @@ export interface SessionInfo {
     is_current?: boolean;
 }
 /**
- * Unified user representation that works for both person and entity accounts
- * This is the primary interface for accessing user data in the application
+ * Unified user representation
+ * All accounts are "identity" accounts that may be linked to a person
  */
 export interface User {
-    /** Unique identifier (person_id or entity_id) */
+    /** Unique identifier (person_id if linked, otherwise identity_id) */
     id: string;
-    /** Account ID */
+    /** Identity/Account ID */
     accountId: string;
     /** Display name */
     name: string;
     /** Email address (from person or authentication methods) */
     email?: string;
-    /** Account type: 'person', 'entity', or 'service' */
+    /** Account type (always 'identity') */
     type: AuthenticationAccountType;
-    /** User roles (only for person accounts) */
+    /** User roles (only when linked to person) */
     roles?: string[];
     /** Is the account active */
     isActive: boolean;
@@ -107,12 +119,10 @@ export interface User {
     isVerified: boolean;
     /** Last login timestamp */
     lastLogin?: string;
-    /** Entity-specific info (only for entity accounts) */
-    entityType?: string;
-    /** Additional metadata */
-    metadata?: Record<string, any>;
-    /** Person-specific info (only for person accounts) */
+    /** Person info (if identity is linked to a person) */
     person?: PersonInfo;
+    /** Whether identity is linked to a person */
+    hasPersonLinked: boolean;
 }
 export interface RegisterRequest {
     email: string;
@@ -248,7 +258,9 @@ export type SSOInitiateResponse = AxiosResponse<{
 export type SSOCallbackResponse = AxiosResponse<AuthenticationResponse>;
 export type SSOLinkResponse = AxiosResponse<MessageResponse>;
 export type SSOUnlinkResponse = AxiosResponse<MessageResponse>;
+export type GetTenantsResponse = AxiosResponse<TenantInfo[]>;
 /**
  * Extract unified user from account info
+ * All accounts are identities that may be linked to a person
  */
 export declare function accountToUser(account: AccountInfo | null): User | null;

package/dist/useAuth.d.ts

@@ -1,5 +1,5 @@
 import { App, ObjectPlugin } from 'vue';
-import { AccountInfo, User, NewUser, UpdatePasswordForm, UpdateAccountRequest, AuthEventMap, SSOProvider, SSOInitiateRequest, SSOCallbackRequest, SSOLinkRequest, AuthState } from './types';
+import { AccountInfo, User, NewUser, UpdatePasswordForm, UpdateAccountRequest, AuthEventMap, SSOProvider, SSOInitiateRequest, SSOCallbackRequest, SSOLinkRequest, TenantInfo, AuthState } from './types';
 import { RedirectConfig, NormalizedRedirectConfig } from './types/redirect';
 interface InitParams {
     baseURL: string;
@@ -37,7 +37,7 @@ export declare function useAuth(): {
         display_name: string;
         is_active: boolean;
         is_verified: boolean;
-        last_login?: string | undefined;
+        last_login?: string | null | undefined;
         authentication_methods: {
             id: string;
             type: string;
@@ -51,25 +51,19 @@ export declare function useAuth(): {
         person?: {
             id: string;
             name: string;
-            email?: string | undefined;
-            phone?: string | undefined;
-            roles: string[];
             first_name: string;
             last_name: string;
-        } | undefined;
-        entity?: {
-            id: string;
-            name: string;
-            type?: string | undefined;
-            metadata?: Record<string, any> | undefined;
-        } | undefined;
+            email?: string | null | undefined;
+            phone_number?: string | null | undefined;
+            roles: string[];
+        } | null | undefined;
     } | null, AccountInfo | {
         id: string;
         account_type: string;
         display_name: string;
         is_active: boolean;
         is_verified: boolean;
-        last_login?: string | undefined;
+        last_login?: string | null | undefined;
         authentication_methods: {
             id: string;
             type: string;
@@ -83,27 +77,90 @@ export declare function useAuth(): {
         person?: {
             id: string;
             name: string;
-            email?: string | undefined;
-            phone?: string | undefined;
-            roles: string[];
             first_name: string;
             last_name: string;
-        } | undefined;
-        entity?: {
-            id: string;
-            name: string;
-            type?: string | undefined;
-            metadata?: Record<string, any> | undefined;
-        } | undefined;
+            email?: string | null | undefined;
+            phone_number?: string | null | undefined;
+            roles: string[];
+        } | null | undefined;
     } | null>;
     sso: import('./sso').SSOObject;
+    tenants: import('vue').Ref<{
+        id: string;
+        name: string;
+        slug: string;
+        parent_id: string | null;
+        settings: Record<string, any> | null;
+        status: import('./types').TenantStatus;
+        suspended_at: string | null;
+        suspended_reason: string | null;
+        created_at: string;
+        updated_at: string;
+    }[], TenantInfo[] | {
+        id: string;
+        name: string;
+        slug: string;
+        parent_id: string | null;
+        settings: Record<string, any> | null;
+        status: import('./types').TenantStatus;
+        suspended_at: string | null;
+        suspended_reason: string | null;
+        created_at: string;
+        updated_at: string;
+    }[]>;
+    currentTenant: import('vue').Ref<{
+        id: string;
+        name: string;
+        slug: string;
+        parent_id: string | null;
+        settings: Record<string, any> | null;
+        status: import('./types').TenantStatus;
+        suspended_at: string | null;
+        suspended_reason: string | null;
+        created_at: string;
+        updated_at: string;
+    } | null, TenantInfo | {
+        id: string;
+        name: string;
+        slug: string;
+        parent_id: string | null;
+        settings: Record<string, any> | null;
+        status: import('./types').TenantStatus;
+        suspended_at: string | null;
+        suspended_reason: string | null;
+        created_at: string;
+        updated_at: string;
+    } | null>;
     getFullName: () => string;
     getIsLoggedIn: () => boolean;
     getEmail: () => string;
     getRoles: () => string[];
-    getAccountType: () => import('./types').AuthenticationAccountType;
+    getAccountType: () => string;
     isPersonAccount: () => boolean;
-    isEntityAccount: () => boolean;
+    getTenants: () => {
+        id: string;
+        name: string;
+        slug: string;
+        parent_id: string | null;
+        settings: Record<string, any> | null;
+        status: import('./types').TenantStatus;
+        suspended_at: string | null;
+        suspended_reason: string | null;
+        created_at: string;
+        updated_at: string;
+    }[];
+    getCurrentTenant: () => {
+        id: string;
+        name: string;
+        slug: string;
+        parent_id: string | null;
+        settings: Record<string, any> | null;
+        status: import('./types').TenantStatus;
+        suspended_at: string | null;
+        suspended_reason: string | null;
+        created_at: string;
+        updated_at: string;
+    } | null;
     login: (credentials: {
         email: string;
         password: string;
@@ -130,5 +187,8 @@ export declare function useAuth(): {
     getSessions: (accountId?: string) => Promise<import('./types').GetSessionsResponse>;
     revokeSession: (sessionToken: string) => Promise<void>;
     revokeAllSessions: (accountId?: string) => Promise<void>;
+    loadTenants: () => Promise<TenantInfo[]>;
+    setTenant: (tenantId: string | null) => void;
+    switchTenant: (tenantId: string) => void;
 };
 export {};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@bagelink/auth",
   "type": "module",
-  "version": "1.7.92",
+  "version": "1.7.96",
   "description": "Bagelink auth package",
   "author": {
     "name": "Bagel Studio",

package/src/api.ts

@@ -37,17 +37,33 @@ import type {
 	SSOCallbackResponse,
 	SSOLinkResponse,
 	SSOUnlinkResponse,
+	GetTenantsResponse,
 } from './types'
 import { createAxiosInstance } from './utils'
 
 export class AuthApi {
 	private api: AxiosInstance
+	private currentTenantId: string | null = null
 
 	constructor(baseURL: string = '') {
 		this.api = createAxiosInstance(baseURL)
 		this.setupInterceptors()
 	}
 
+	/**
+	 * Set the current tenant ID for multi-tenant requests
+	 */
+	setTenantId(tenantId: string | null) {
+		this.currentTenantId = tenantId
+	}
+
+	/**
+	 * Get the current tenant ID
+	 */
+	getTenantId(): string | null {
+		return this.currentTenantId
+	}
+
 	private setupInterceptors() {
 		this.api.interceptors.request.use((config: InternalAxiosRequestConfig) => {
 			// Handle password reset token from URL
@@ -56,6 +72,12 @@ export class AuthApi {
 			if (resetToken !== null) {
 				config.headers['X-Reset-Token'] = resetToken
 			}
+
+			// Add tenant ID header if set
+			if (this.currentTenantId !== null) {
+				config.headers['X-Tenant-ID'] = this.currentTenantId
+			}
+
 			return config
 		})
 	}
@@ -304,4 +326,15 @@ export class AuthApi {
 	async cleanupSessions(): Promise<CleanupSessionsResponse> {
 		return this.api.post('/authentication/cleanup-sessions', {})
 	}
+
+	// ============================================
+	// Multi-Tenancy Methods
+	// ============================================
+
+	/**
+	 * Get list of tenants the authenticated user belongs to
+	 */
+	async getTenants(): Promise<GetTenantsResponse> {
+		return this.api.get('/tenants')
+	}
 }

package/src/types.ts

@@ -34,13 +34,33 @@ export interface AuthEventMap {
 // Core Types
 // ============================================
 
-export type AuthenticationAccountType = 'person' | 'entity' | 'service'
+// Note: All accounts are "identity" accounts. An identity may be linked to a person or not.
+export type AuthenticationAccountType = 'identity' | string
 
-export type AuthenticationMethodType =
-	| 'password'
-	| 'email_token'
-	| 'sso'
-	| 'otp'
+// ============================================
+// Multi-Tenancy Types
+// ============================================
+
+export type TenantStatus = 'active' | 'suspended' | 'archived'
+
+export interface TenantInfo {
+	id: string
+	name: string
+	slug: string
+	parent_id: string | null
+	settings: Record<string, any> | null
+	status: TenantStatus
+	suspended_at: string | null
+	suspended_reason: string | null
+	created_at: string
+	updated_at: string
+}
+
+export type AuthenticationMethodType
+	= | 'password'
+		| 'email_token'
+		| 'sso'
+		| 'otp'
 
 export type SSOProvider = 'google' | 'microsoft' | 'github' | 'okta' | 'apple' | 'facebook'
 
@@ -63,11 +83,11 @@ export interface AuthenticationAccount {
 export interface PersonInfo {
 	id: string
 	name: string
-	email?: string
-	phone?: string
-	roles: string[]
 	first_name: string
 	last_name: string
+	email?: string | null
+	phone_number?: string | null
+	roles: string[]
 }
 
 export interface AuthMethodInfo {
@@ -87,12 +107,13 @@ export interface AccountInfo {
 	display_name: string
 	is_active: boolean
 	is_verified: boolean
-	last_login?: string
+	last_login?: string | null
 	authentication_methods: AuthMethodInfo[]
-	person?: PersonInfo
-	entity?: EntityInfo
+	person?: PersonInfo | null
 }
 
+// Note: EntityInfo kept for backward compatibility
+// Current API no longer returns entity in AccountInfo
 export interface EntityInfo {
 	id: string
 	name: string
@@ -114,21 +135,21 @@ export interface SessionInfo {
 // ============================================
 
 /**
- * Unified user representation that works for both person and entity accounts
- * This is the primary interface for accessing user data in the application
+ * Unified user representation
+ * All accounts are "identity" accounts that may be linked to a person
  */
 export interface User {
-	/** Unique identifier (person_id or entity_id) */
+	/** Unique identifier (person_id if linked, otherwise identity_id) */
 	id: string
-	/** Account ID */
+	/** Identity/Account ID */
 	accountId: string
 	/** Display name */
 	name: string
 	/** Email address (from person or authentication methods) */
 	email?: string
-	/** Account type: 'person', 'entity', or 'service' */
+	/** Account type (always 'identity') */
 	type: AuthenticationAccountType
-	/** User roles (only for person accounts) */
+	/** User roles (only when linked to person) */
 	roles?: string[]
 	/** Is the account active */
 	isActive: boolean
@@ -136,12 +157,10 @@ export interface User {
 	isVerified: boolean
 	/** Last login timestamp */
 	lastLogin?: string
-	/** Entity-specific info (only for entity accounts) */
-	entityType?: string
-	/** Additional metadata */
-	metadata?: Record<string, any>
-	/** Person-specific info (only for person accounts) */
+	/** Person info (if identity is linked to a person) */
 	person?: PersonInfo
+	/** Whether identity is linked to a person */
+	hasPersonLinked: boolean
 }
 
 // ============================================
@@ -302,6 +321,7 @@ export type SSOInitiateResponse = AxiosResponse<{ authorization_url: string }>
 export type SSOCallbackResponse = AxiosResponse<AuthenticationResponse>
 export type SSOLinkResponse = AxiosResponse<MessageResponse>
 export type SSOUnlinkResponse = AxiosResponse<MessageResponse>
+export type GetTenantsResponse = AxiosResponse<TenantInfo[]>
 
 // ============================================
 // Helper Functions (exported for convenience)
@@ -309,45 +329,33 @@ export type SSOUnlinkResponse = AxiosResponse<MessageResponse>
 
 /**
  * Extract unified user from account info
+ * All accounts are identities that may be linked to a person
  */
 export function accountToUser(account: AccountInfo | null): User | null {
 	if (account === null) { return null }
 
-	// Person account - most common case
-	if (account.person !== undefined) {
-		return {
-			id: account.person.id,
-			accountId: account.id,
-			name: account.person.name,
-			email: account.person.email,
-			type: account.account_type as AuthenticationAccountType,
-			roles: account.person.roles,
-			isActive: account.is_active,
-			isVerified: account.is_verified,
-			person: account.person,
-			lastLogin: account.last_login,
-		}
-	}
+	const hasPersonLinked = account.person !== undefined && account.person !== null
 
-	// Entity account
-	if (account.entity !== undefined) {
+	// Identity linked to person - use person data
+	if (hasPersonLinked) {
 		return {
-			id: account.entity.id,
+			id: account.person!.id,
 			accountId: account.id,
-			name: account.entity.name,
+			name: account.person!.name,
+			email: account.person!.email ?? undefined,
 			type: account.account_type as AuthenticationAccountType,
+			roles: account.person!.roles,
 			isActive: account.is_active,
 			isVerified: account.is_verified,
-			lastLogin: account.last_login,
-			entityType: account.entity.type,
-			metadata: account.entity.metadata,
+			person: account.person!,
+			lastLogin: account.last_login ?? undefined,
+			hasPersonLinked: true,
 		}
 	}
 
-	// Fallback - use account info directly
-	// Extract email from authentication methods
+	// Identity without person link - extract data from authentication methods
 	const emailMethod = account.authentication_methods.find(
-		m => m.type === 'password' || m.type === 'email_token',
+		m => m.type === 'password' || m.type === 'email_token' || m.type === 'sso',
 	)
 
 	return {
@@ -358,6 +366,7 @@ export function accountToUser(account: AccountInfo | null): User | null {
 		type: account.account_type as AuthenticationAccountType,
 		isActive: account.is_active,
 		isVerified: account.is_verified,
-		lastLogin: account.last_login,
+		lastLogin: account.last_login ?? undefined,
+		hasPersonLinked: false,
 	}
 }

package/src/useAuth.ts

@@ -10,6 +10,7 @@ import type {
 	SSOInitiateRequest,
 	SSOCallbackRequest,
 	SSOLinkRequest,
+	TenantInfo,
 } from './types'
 import type { RedirectConfig, NormalizedRedirectConfig } from './types/redirect'
 import { ref, computed } from 'vue'
@@ -26,6 +27,8 @@ let redirectConfig: NormalizedRedirectConfig | null = null
 let autoRedirectRouter: any = null // Router instance for auto-redirect
 let cachedAuthGuard: any = null // Cached router guard
 const accountInfo = ref<AccountInfo | null>(null)
+const tenants = ref<TenantInfo[]>([])
+const currentTenant = ref<TenantInfo | null>(null)
 
 interface InitParams {
 	baseURL: string
@@ -262,17 +265,16 @@ export function useAuth() {
 	}
 
 	const getAccountType = () => {
-		return user.value?.type ?? 'person'
+		return user.value?.type ?? 'identity'
 	}
 
+	/**
+	 * Check if identity is linked to a person
+	 * @returns true if the identity has a person linked
+	 */
 	const isPersonAccount = () => {
-		return user.value?.type === 'person'
-	}
-
-	const isEntityAccount = () => {
-		return user.value?.type === 'entity'
+		return user.value?.hasPersonLinked === true
 	}
-
 	// Actions
 	async function logout() {
 		// Call logout API
@@ -315,6 +317,55 @@ export function useAuth() {
 		}
 	}
 
+	async function loadTenants(): Promise<TenantInfo[]> {
+		try {
+			const { data } = await api.getTenants()
+			tenants.value = data
+
+			// Auto-select first tenant if none selected and tenants available
+			if (currentTenant.value === null && tenants.value.length > 0) {
+				const firstActiveTenant = tenants.value.find(t => t.status === 'active')
+				if (firstActiveTenant !== undefined) {
+					setTenant(firstActiveTenant.id)
+				}
+			}
+
+			return tenants.value
+		} catch {
+			// If 404 or other error, assume multi-tenancy not supported
+			tenants.value = []
+			return []
+		}
+	}
+
+	function setTenant(tenantId: string | null) {
+		if (tenantId === null) {
+			currentTenant.value = null
+			api.setTenantId(null)
+			return
+		}
+
+		const tenant = tenants.value.find(t => t.id === tenantId)
+		if (tenant !== undefined) {
+			currentTenant.value = tenant
+			api.setTenantId(tenantId)
+		} else {
+			throw new Error(`Tenant with ID ${tenantId} not found`)
+		}
+	}
+
+	function switchTenant(tenantId: string): void {
+		setTenant(tenantId)
+	}
+
+	function getTenants() {
+		return tenants.value
+	}
+
+	function getCurrentTenant() {
+		return currentTenant.value
+	}
+
 	async function signup(newUser: NewUser) {
 		// Check password match if password is provided
 		const hasPassword = newUser.password !== undefined && newUser.password.length > 0
@@ -478,6 +529,10 @@ export function useAuth() {
 		// SSO Providers (ready to use!)
 		sso,
 
+		// Multi-Tenancy State
+		tenants,
+		currentTenant,
+
 		// Getters
 		getFullName,
 		getIsLoggedIn,
@@ -485,7 +540,8 @@ export function useAuth() {
 		getRoles,
 		getAccountType,
 		isPersonAccount,
-		isEntityAccount,
+		getTenants,
+		getCurrentTenant,
 
 		// Authentication Actions
 		login,
@@ -523,5 +579,10 @@ export function useAuth() {
 		getSessions,
 		revokeSession,
 		revokeAllSessions,
+
+		// Multi-Tenancy Actions
+		loadTenants,
+		setTenant,
+		switchTenant,
 	}
 }