@bagelink/auth 1.9.59 → 1.9.63

package/dist/index.mjs

@@ -95,6 +95,12 @@ class AuthApi {
   // ============================================
   // Authentication Methods
   // ============================================
+  /**
+   * Get authentication status
+   */
+  async getAuthStatus() {
+    return this.api.get("authentication/status");
+  }
   /**
    * Get available authentication methods
    */
@@ -113,12 +119,42 @@ class AuthApi {
   /**
    * Login with password
    */
-  async login(email, password) {
+  async login(data) {
     return this.api.post("authentication/login/password", {
-      email: email.toLowerCase(),
-      password
+      ...data,
+      email: data.email.toLowerCase()
     });
   }
+  /**
+   * Send email token to user
+   */
+  async sendEmailToken(data) {
+    return this.api.post("authentication/login/email-token/send", data);
+  }
+  /**
+   * Verify email token and login
+   */
+  async verifyEmailToken(data) {
+    return this.api.post("authentication/login/email-token/verify", data);
+  }
+  /**
+   * Send OTP code to phone number
+   */
+  async sendOTP(data) {
+    return this.api.post("authentication/login/otp/send", data);
+  }
+  /**
+   * Verify OTP code and login
+   */
+  async verifyOTP(data) {
+    return this.api.post("authentication/login/otp/verify", data);
+  }
+  /**
+   * Login with SSO provider (legacy endpoint without PKCE)
+   */
+  async loginWithSSO(provider, data) {
+    return this.api.post(`authentication/login/sso/${provider}`, data);
+  }
   /**
    * Logout and clear session
    */
@@ -138,29 +174,20 @@ class AuthApi {
    * Initiate SSO login flow
    * Returns authorization URL to redirect user to
    */
-  async initiateSSO(data) {
-    return this.api.post(`authentication/sso/${data.provider}/initiate`, {
-      redirect_uri: data.redirect_uri,
-      state: data.state
-    });
+  async initiateSSO(provider, data) {
+    return this.api.post(`authentication/sso/${provider}/initiate`, data);
   }
   /**
    * Complete SSO login after callback from provider
    */
-  async ssoCallback(data) {
-    return this.api.post(`authentication/sso/${data.provider}/callback`, {
-      code: data.code,
-      state: data.state
-    });
+  async ssoCallback(provider, data) {
+    return this.api.post(`authentication/sso/${provider}/callback`, data);
   }
   /**
    * Link an SSO provider to existing account
    */
-  async linkSSOProvider(data) {
-    return this.api.post(`authentication/sso/${data.provider}/link`, {
-      code: data.code,
-      state: data.state
-    });
+  async linkSSOProvider(provider, data) {
+    return this.api.post(`authentication/sso/${provider}/link`, data);
   }
   /**
    * Unlink an SSO provider from account
@@ -190,39 +217,6 @@ class AuthApi {
     return this.api.delete("authentication/me");
   }
   // ============================================
-  // Account Management (Admin)
-  // ============================================
-  /**
-   * Get account information by ID
-   */
-  async getAccount(accountId) {
-    return this.api.get(`authentication/account/${accountId}`);
-  }
-  /**
-   * Update account by ID
-   */
-  async updateAccount(accountId, data) {
-    return this.api.patch(`authentication/account/${accountId}`, data);
-  }
-  /**
-   * Delete account by ID
-   */
-  async deleteAccount(accountId) {
-    return this.api.delete(`authentication/account/${accountId}`);
-  }
-  /**
-   * Activate account by ID
-   */
-  async activateAccount(accountId) {
-    return this.api.post(`authentication/account/${accountId}/activate`, {});
-  }
-  /**
-   * Deactivate account by ID
-   */
-  async deactivateAccount(accountId) {
-    return this.api.post(`authentication/account/${accountId}/deactivate`, {});
-  }
-  // ============================================
   // Password Management
   // ============================================
   /**
@@ -234,9 +228,10 @@ class AuthApi {
   /**
    * Initiate forgot password flow
    */
-  async forgotPassword(email) {
+  async forgotPassword(data) {
     return this.api.post("authentication/password/forgot", {
-      email: email.toLowerCase()
+      ...data,
+      email: data.email.toLowerCase()
     });
   }
   /**
@@ -265,17 +260,17 @@ class AuthApi {
   /**
    * Verify email with token
    */
-  async verifyEmail(token) {
-    return this.api.post("authentication/verify/email", { token });
+  async verifyEmail(data) {
+    return this.api.post("authentication/verify/email", data);
   }
   // ============================================
   // Session Management
   // ============================================
   /**
-   * Get sessions for an account
+   * Get active sessions for current identity
    */
-  async getSessions(accountId) {
-    return this.api.get(`authentication/sessions/${accountId}`);
+  async getSessions() {
+    return this.api.get("authentication/sessions");
   }
   /**
    * Revoke a specific session
@@ -284,10 +279,10 @@ class AuthApi {
     return this.api.delete(`authentication/sessions/${sessionToken}`);
   }
   /**
-   * Revoke all sessions for an account
+   * Revoke all sessions for current identity
    */
-  async revokeAllSessions(accountId) {
-    return this.api.delete(`authentication/sessions/account/${accountId}`);
+  async revokeAllSessions() {
+    return this.api.delete("authentication/sessions");
   }
   /**
    * Cleanup expired sessions (admin)
@@ -1636,8 +1631,7 @@ function createSSOProvider(config) {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
       }
-      const authUrl = await auth.initiateSSO({
-        provider: config.id,
+      const authUrl = await auth.initiateSSO(config.id, {
         redirect_uri: redirectUri,
         state,
         scopes: options.scopes ?? config.defaultScopes,
@@ -1661,8 +1655,7 @@ function createSSOProvider(config) {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
       }
-      const authUrl = await auth.initiateSSO({
-        provider: config.id,
+      const authUrl = await auth.initiateSSO(config.id, {
         redirect_uri: redirectUri,
         state,
         scopes: options.scopes ?? config.defaultScopes,
@@ -1674,15 +1667,14 @@ function createSSOProvider(config) {
         throw new PopupBlockedError();
       }
       const result = await waitForPopupCallback(popupWindow, config.id, timeout2);
-      return auth.loginWithSSO({
-        provider: config.id,
+      return auth.loginWithSSO(config.id, {
         code: result.code,
-        state: result.state
+        state: result.state ?? generateState()
       });
     },
     async callback(code, state) {
       const auth = getAuthApi();
-      if (typeof sessionStorage !== "undefined" && state !== void 0 && state !== "") {
+      if (typeof sessionStorage !== "undefined") {
         const storedState = sessionStorage.getItem(getStateKey());
         sessionStorage.removeItem(getStateKey());
         sessionStorage.removeItem(`oauth_provider:${state}`);
@@ -1690,15 +1682,14 @@ function createSSOProvider(config) {
           throw new StateMismatchError();
         }
       }
-      return auth.loginWithSSO({
-        provider: config.id,
+      return auth.loginWithSSO(config.id, {
         code,
-        state
+        state: state ?? generateState()
       });
     },
     async link(code, state) {
       const auth = getAuthApi();
-      if (typeof sessionStorage !== "undefined" && state !== void 0 && state !== "") {
+      if (typeof sessionStorage !== "undefined") {
         const storedState = sessionStorage.getItem(getStateKey());
         sessionStorage.removeItem(getStateKey());
         sessionStorage.removeItem(`oauth_provider:${state}`);
@@ -1706,10 +1697,9 @@ function createSSOProvider(config) {
           throw new StateMismatchError();
         }
       }
-      await auth.linkSSOProvider({
-        provider: config.id,
+      await auth.linkSSOProvider(config.id, {
         code,
-        state
+        state: state ?? generateState()
       });
     },
     async unlink() {
@@ -1720,8 +1710,7 @@ function createSSOProvider(config) {
       const auth = getAuthApi();
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
-      return auth.initiateSSO({
-        provider: config.id,
+      return auth.initiateSSO(config.id, {
         redirect_uri: redirectUri,
         state,
         scopes: options.scopes ?? config.defaultScopes,
@@ -1830,6 +1819,16 @@ const ssoProviders = {
       authDomain: "www.facebook.com",
       buttonText: "Continue with Facebook"
     }
+  }),
+  custom: createSSOProvider({
+    id: "custom",
+    name: "Custom",
+    color: "#000000",
+    icon: "custom",
+    defaultScopes: [],
+    metadata: {
+      buttonText: "Continue with Custom"
+    }
   })
 };
 const sso = {
@@ -1931,13 +1930,13 @@ function accountToUser(account) {
       id: account.person.id,
       accountId: account.id,
       name: account.person.name,
-      email: account.person.email ?? void 0,
+      email: account.person.email,
       type: account.account_type,
-      roles: account.person.roles,
+      roles: account.roles,
       isActive: account.is_active,
       isVerified: account.is_verified,
       person: account.person,
-      lastLogin: account.last_login ?? void 0,
+      lastLogin: account.last_login,
       hasPersonLinked: true
     };
   }
@@ -1950,9 +1949,10 @@ function accountToUser(account) {
     name: account.display_name,
     email: emailMethod == null ? void 0 : emailMethod.identifier,
     type: account.account_type,
+    roles: account.roles,
     isActive: account.is_active,
     isVerified: account.is_verified,
-    lastLogin: account.last_login ?? void 0,
+    lastLogin: account.last_login,
     hasPersonLinked: false
   };
 }
@@ -2110,20 +2110,20 @@ function useAuth() {
   const api = authApi;
   const emitter = eventEmitter;
   const authMethods = {
-    initiateSSO: async (params) => {
-      const { data } = await api.initiateSSO(params);
+    initiateSSO: async (provider, params) => {
+      const { data } = await api.initiateSSO(provider, params);
       return data.authorization_url;
     },
-    loginWithSSO: async (params) => {
-      const { data } = await api.ssoCallback(params);
+    loginWithSSO: async (provider, params) => {
+      const { data } = await api.ssoCallback(provider, params);
       if (data.success === true && data.requires_verification !== true) {
         await checkAuth();
       }
       emitter.emit(AuthState.LOGIN);
       return data;
     },
-    linkSSOProvider: async (params) => {
-      await api.linkSSOProvider(params);
+    linkSSOProvider: async (provider, params) => {
+      await api.linkSSOProvider(provider, params);
       await checkAuth();
     },
     unlinkSSOProvider: async (provider) => {
@@ -2167,10 +2167,7 @@ function useAuth() {
     emitter.emit(AuthState.LOGOUT);
   }
   async function login(credentials) {
-    const { data } = await api.login(
-      credentials.email.toLowerCase(),
-      credentials.password
-    );
+    const { data } = await api.login(credentials);
     if (data.success === true && data.requires_verification !== true) {
       await checkAuth();
     }
@@ -2253,7 +2250,7 @@ function useAuth() {
     return data;
   }
   async function forgotPassword(email) {
-    await api.forgotPassword(email);
+    await api.forgotPassword({ email });
   }
   async function verifyResetToken(token) {
     await api.verifyResetToken(token);
@@ -2277,15 +2274,6 @@ function useAuth() {
     accountInfo.value = data;
     emitter.emit(AuthState.PROFILE_UPDATE);
   }
-  async function activateAccount(accountId) {
-    await api.activateAccount(accountId);
-  }
-  async function deactivateAccount(accountId) {
-    await api.deactivateAccount(accountId);
-  }
-  async function deleteAccount(accountId) {
-    await api.deleteAccount(accountId);
-  }
   async function deleteCurrentUser() {
     await api.deleteCurrentUser();
     accountInfo.value = null;
@@ -2294,7 +2282,7 @@ function useAuth() {
     await api.sendVerification({ email });
   }
   async function verifyEmail(token) {
-    await api.verifyEmail(token);
+    await api.verifyEmail({ token });
     await checkAuth();
     emitter.emit(AuthState.EMAIL_VERIFIED);
   }
@@ -2302,39 +2290,29 @@ function useAuth() {
     await api.refreshSession();
     emitter.emit(AuthState.SESSION_REFRESH);
   }
-  async function getSessions(accountId) {
-    var _a;
-    const id = accountId ?? ((_a = user.value) == null ? void 0 : _a.accountId);
-    if (id === void 0 || id === "") {
-      throw new Error("No account ID available");
-    }
-    return api.getSessions(id);
+  async function getSessions() {
+    return api.getSessions();
   }
   async function revokeSession(sessionToken) {
     await api.revokeSession(sessionToken);
   }
-  async function revokeAllSessions(accountId) {
-    var _a;
-    const id = accountId ?? ((_a = user.value) == null ? void 0 : _a.accountId);
-    if (id === void 0 || id === "") {
-      throw new Error("No account ID available");
-    }
-    await api.revokeAllSessions(id);
+  async function revokeAllSessions() {
+    await api.revokeAllSessions();
   }
-  async function initiateSSO(params) {
-    const { data } = await api.initiateSSO(params);
+  async function initiateSSO(provider, params) {
+    const { data } = await api.initiateSSO(provider, params);
     return data.authorization_url;
   }
-  async function loginWithSSO(params) {
-    const { data } = await api.ssoCallback(params);
+  async function loginWithSSO(provider, params) {
+    const { data } = await api.ssoCallback(provider, params);
     if (data.success === true && data.requires_verification !== true) {
       await checkAuth();
     }
     emitter.emit(AuthState.LOGIN);
     return data;
   }
-  async function linkSSOProvider(params) {
-    await api.linkSSOProvider(params);
+  async function linkSSOProvider(provider, params) {
+    await api.linkSSOProvider(provider, params);
     await checkAuth();
   }
   async function unlinkSSOProvider(provider) {
@@ -2382,10 +2360,6 @@ function useAuth() {
     // Email Verification Actions
     sendVerification,
     verifyEmail,
-    // Admin Actions
-    activateAccount,
-    deactivateAccount,
-    deleteAccount,
     // Session Management
     getSessions,
     revokeSession,

package/dist/sso.d.ts

@@ -90,12 +90,12 @@ export interface SSOProviderInstance extends SSOProviderConfig {
      * Complete OAuth flow after callback
      * Call this on your callback page
      */
-    callback: (code: string, state?: string) => Promise<AuthenticationResponse>;
+    callback: (code: string, state: string) => Promise<AuthenticationResponse>;
     /**
      * Link this provider to the current logged-in user
      * Call this after OAuth redirect completes on link callback page
      */
-    link: (code: string, state?: string) => Promise<void>;
+    link: (code: string, state: string) => Promise<void>;
     /**
      * Unlink this provider from the current user
      */

package/dist/types.d.ts

@@ -37,7 +37,7 @@ export interface TenantInfo {
     updated_at: string;
 }
 export type AuthenticationMethodType = 'password' | 'email_token' | 'sso' | 'otp';
-export type SSOProvider = 'google' | 'microsoft' | 'github' | 'okta' | 'apple' | 'facebook';
+export type SSOProvider = 'google' | 'microsoft' | 'github' | 'okta' | 'apple' | 'facebook' | 'custom';
 export interface AuthenticationAccount {
     created_at?: string;
     updated_at?: string;
@@ -58,9 +58,9 @@ export interface PersonInfo {
     name: string;
     first_name: string;
     last_name: string;
-    email?: string | null;
-    phone_number?: string | null;
-    roles: string[];
+    email?: string;
+    phone_number?: string;
+    tags: string[];
 }
 export interface AuthMethodInfo {
     id: string;
@@ -69,7 +69,7 @@ export interface AuthMethodInfo {
     is_verified: boolean;
     last_used?: string;
     use_count: number;
-    provider?: SSOProvider;
+    provider?: string;
     provider_user_id?: string;
 }
 export interface AccountInfo {
@@ -78,9 +78,10 @@ export interface AccountInfo {
     display_name: string;
     is_active: boolean;
     is_verified: boolean;
-    last_login?: string | null;
+    last_login?: string;
+    roles: string[];
     authentication_methods: AuthMethodInfo[];
-    person?: PersonInfo | null;
+    person?: PersonInfo;
 }
 export interface EntityInfo {
     id: string;
@@ -158,6 +159,29 @@ export interface SendVerificationRequest {
 export interface VerifyEmailRequest {
     token: string;
 }
+export interface EmailTokenSendRequest {
+    email: string;
+}
+export interface EmailTokenVerifyRequest {
+    email: string;
+    token: string;
+}
+export interface OTPSendRequest {
+    phone_number: string;
+}
+export interface OTPVerifyRequest {
+    phone_number: string;
+    otp_code: string;
+    nonce: string;
+    verification_hash: string;
+    timestamp: number;
+}
+export interface SSOLoginRequest {
+    provider: SSOProvider;
+    authorization_code?: string;
+    id_token?: string;
+    access_token?: string;
+}
 export interface NewUser extends RegisterRequest {
     confirmPassword: string;
 }
@@ -186,34 +210,28 @@ export interface OTPMetadata {
     };
 }
 export interface SSOMetadata {
-    provider: SSOProvider;
+    provider: string;
     sso_user_info: {
         [key: string]: any;
     };
     can_create_account?: boolean;
 }
 export interface SSOInitiateRequest {
-    provider: SSOProvider;
     redirect_uri?: string;
-    state?: string;
+    state: string;
     scopes?: string[];
-    params?: Record<string, string>;
-    code_challenge?: string;
-    code_challenge_method?: 'S256' | 'plain';
+    params?: {
+        [key: string]: any;
+    };
 }
 export interface SSOCallbackRequest {
-    provider: SSOProvider;
     code: string;
-    state?: string;
+    state: string;
 }
 export interface SSOLinkRequest {
-    provider: SSOProvider;
     code: string;
     state: string;
 }
-export interface SSOUnlinkRequest {
-    provider: SSOProvider;
-}
 export interface AuthenticationResponse {
     success: boolean;
     account_id?: string;
@@ -252,13 +270,41 @@ export type DeleteSessionResponse = AxiosResponse<MessageResponse>;
 export type DeleteAllSessionsResponse = AxiosResponse<MessageResponse>;
 export type CleanupSessionsResponse = AxiosResponse<MessageResponse>;
 export type GetMethodsResponse = AxiosResponse<AvailableMethodsResponse>;
-export type SSOInitiateResponse = AxiosResponse<{
+export interface SSOInitiateResponse {
     authorization_url: string;
-}>;
-export type SSOCallbackResponse = AxiosResponse<AuthenticationResponse>;
-export type SSOLinkResponse = AxiosResponse<MessageResponse>;
-export type SSOUnlinkResponse = AxiosResponse<MessageResponse>;
+}
+export interface SSOCallbackResponse {
+    success: boolean;
+    account_id?: string;
+    session_token?: string;
+    requires_verification?: boolean;
+    metadata?: {
+        [key: string]: any;
+    };
+    message?: string;
+}
+export interface SSOLinkResponse {
+    success?: boolean;
+    message?: string;
+    provider?: string;
+    provider_user_id?: string;
+    email?: string;
+}
+export interface SSOUnlinkResponse {
+    success?: boolean;
+    message?: string;
+}
+export type InitiateSSOResponse = AxiosResponse<SSOInitiateResponse>;
+export type CallbackSSOResponse = AxiosResponse<SSOCallbackResponse>;
+export type LinkSSOResponse = AxiosResponse<SSOLinkResponse>;
+export type UnlinkSSOResponse = AxiosResponse<SSOUnlinkResponse>;
 export type GetTenantsResponse = AxiosResponse<TenantInfo[]>;
+export type GetAuthStatusResponse = AxiosResponse<AuthStatusResponse>;
+export type SendEmailTokenResponse = AxiosResponse<AuthenticationResponse>;
+export type VerifyEmailTokenResponse = AxiosResponse<AuthenticationResponse>;
+export type SendOTPResponse = AxiosResponse<AuthenticationResponse>;
+export type VerifyOTPResponse = AxiosResponse<AuthenticationResponse>;
+export type LegacySSOLoginResponse = AxiosResponse<AuthenticationResponse>;
 /**
  * Extract unified user from account info
  * All accounts are identities that may be linked to a person