@bagelink/auth 1.9.61 → 1.9.65

package/dist/useAuth.d.ts

@@ -37,7 +37,8 @@ export declare function useAuth(): {
         display_name: string;
         is_active: boolean;
         is_verified: boolean;
-        last_login?: string | null | undefined;
+        last_login?: string | undefined;
+        roles: string[];
         authentication_methods: {
             id: string;
             type: string;
@@ -45,7 +46,7 @@ export declare function useAuth(): {
             is_verified: boolean;
             last_used?: string | undefined;
             use_count: number;
-            provider?: SSOProvider | undefined;
+            provider?: string | undefined;
             provider_user_id?: string | undefined;
         }[];
         person?: {
@@ -53,17 +54,18 @@ export declare function useAuth(): {
             name: string;
             first_name: string;
             last_name: string;
-            email?: string | null | undefined;
-            phone_number?: string | null | undefined;
-            roles: string[];
-        } | null | undefined;
+            email?: string | undefined;
+            phone_number?: string | undefined;
+            tags: string[];
+        } | undefined;
     } | null, AccountInfo | {
         id: string;
         account_type: string;
         display_name: string;
         is_active: boolean;
         is_verified: boolean;
-        last_login?: string | null | undefined;
+        last_login?: string | undefined;
+        roles: string[];
         authentication_methods: {
             id: string;
             type: string;
@@ -71,7 +73,7 @@ export declare function useAuth(): {
             is_verified: boolean;
             last_used?: string | undefined;
             use_count: number;
-            provider?: SSOProvider | undefined;
+            provider?: string | undefined;
             provider_user_id?: string | undefined;
         }[];
         person?: {
@@ -79,10 +81,10 @@ export declare function useAuth(): {
             name: string;
             first_name: string;
             last_name: string;
-            email?: string | null | undefined;
-            phone_number?: string | null | undefined;
-            roles: string[];
-        } | null | undefined;
+            email?: string | undefined;
+            phone_number?: string | undefined;
+            tags: string[];
+        } | undefined;
     } | null>;
     sso: import('./sso').SSOObject;
     tenants: import('vue').Ref<{
@@ -169,9 +171,9 @@ export declare function useAuth(): {
     signup: (newUser: NewUser) => Promise<import('./types').AuthenticationResponse>;
     checkAuth: () => Promise<boolean>;
     refreshSession: () => Promise<void>;
-    initiateSSO: (params: SSOInitiateRequest) => Promise<string>;
-    loginWithSSO: (params: SSOCallbackRequest) => Promise<import('./types').AuthenticationResponse>;
-    linkSSOProvider: (params: SSOLinkRequest) => Promise<void>;
+    initiateSSO: (provider: SSOProvider, params: SSOInitiateRequest) => Promise<string>;
+    loginWithSSO: (provider: SSOProvider, params: SSOCallbackRequest) => Promise<import('./types').SSOCallbackResponse>;
+    linkSSOProvider: (provider: SSOProvider, params: SSOLinkRequest) => Promise<void>;
     unlinkSSOProvider: (provider: SSOProvider) => Promise<void>;
     updateProfile: (updates: UpdateAccountRequest) => Promise<void>;
     deleteCurrentUser: () => Promise<void>;
@@ -181,12 +183,9 @@ export declare function useAuth(): {
     resetPassword: (token: string, newPassword: string) => Promise<void>;
     sendVerification: (email?: string) => Promise<void>;
     verifyEmail: (token: string) => Promise<void>;
-    activateAccount: (accountId: string) => Promise<void>;
-    deactivateAccount: (accountId: string) => Promise<void>;
-    deleteAccount: (accountId: string) => Promise<void>;
-    getSessions: (accountId?: string) => Promise<import('./types').GetSessionsResponse>;
+    getSessions: () => Promise<import('./types').GetSessionsResponse>;
     revokeSession: (sessionToken: string) => Promise<void>;
-    revokeAllSessions: (accountId?: string) => Promise<void>;
+    revokeAllSessions: () => Promise<void>;
     loadTenants: () => Promise<TenantInfo[]>;
     setTenant: (tenantId: string | null) => void;
     switchTenant: (tenantId: string) => void;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@bagelink/auth",
   "type": "module",
-  "version": "1.9.61",
+  "version": "1.9.65",
   "description": "Bagelink auth package",
   "author": {
     "name": "Bagel Studio",

package/src/api.ts

@@ -3,20 +3,23 @@ import type {
 	RegisterRequest,
 	UpdateAccountRequest,
 	ChangePasswordRequest,
+	ForgotPasswordRequest,
 	ResetPasswordRequest,
 	SendVerificationRequest,
+	VerifyEmailRequest,
 	AuthenticationAccount,
+	PasswordLoginRequest,
+	EmailTokenSendRequest,
+	EmailTokenVerifyRequest,
+	OTPSendRequest,
+	OTPVerifyRequest,
+	SSOLoginRequest,
 	LoginResponse,
 	RegisterResponse,
 	LogoutResponse,
 	GetMeResponse,
 	UpdateMeResponse,
 	DeleteMeResponse,
-	GetAccountResponse,
-	UpdateAccountResponse,
-	DeleteAccountResponse,
-	ActivateAccountResponse,
-	DeactivateAccountResponse,
 	ChangePasswordResponse,
 	ForgotPasswordResponse,
 	ResetPasswordResponse,
@@ -29,14 +32,20 @@ import type {
 	DeleteAllSessionsResponse,
 	CleanupSessionsResponse,
 	GetMethodsResponse,
+	GetAuthStatusResponse,
+	SendEmailTokenResponse,
+	VerifyEmailTokenResponse,
+	SendOTPResponse,
+	VerifyOTPResponse,
+	LegacySSOLoginResponse,
 	SSOProvider,
 	SSOInitiateRequest,
 	SSOCallbackRequest,
 	SSOLinkRequest,
-	SSOInitiateResponse,
-	SSOCallbackResponse,
-	SSOLinkResponse,
-	SSOUnlinkResponse,
+	InitiateSSOResponse,
+	CallbackSSOResponse,
+	LinkSSOResponse,
+	UnlinkSSOResponse,
 	GetTenantsResponse,
 } from './types'
 import { createAxiosInstance } from './utils'
@@ -86,6 +95,13 @@ export class AuthApi {
 	// Authentication Methods
 	// ============================================
 
+	/**
+	 * Get authentication status
+	 */
+	async getAuthStatus(): Promise<GetAuthStatusResponse> {
+		return this.api.get('authentication/status')
+	}
+
 	/**
 	 * Get available authentication methods
 	 */
@@ -106,13 +122,48 @@ export class AuthApi {
 	/**
 	 * Login with password
 	 */
-	async login(email: string, password: string): Promise<LoginResponse> {
+	async login(data: PasswordLoginRequest): Promise<LoginResponse> {
 		return this.api.post('authentication/login/password', {
-			email: email.toLowerCase(),
-			password,
+			...data,
+			email: data.email.toLowerCase(),
 		})
 	}
 
+	/**
+	 * Send email token to user
+	 */
+	async sendEmailToken(data: EmailTokenSendRequest): Promise<SendEmailTokenResponse> {
+		return this.api.post('authentication/login/email-token/send', data)
+	}
+
+	/**
+	 * Verify email token and login
+	 */
+	async verifyEmailToken(data: EmailTokenVerifyRequest): Promise<VerifyEmailTokenResponse> {
+		return this.api.post('authentication/login/email-token/verify', data)
+	}
+
+	/**
+	 * Send OTP code to phone number
+	 */
+	async sendOTP(data: OTPSendRequest): Promise<SendOTPResponse> {
+		return this.api.post('authentication/login/otp/send', data)
+	}
+
+	/**
+	 * Verify OTP code and login
+	 */
+	async verifyOTP(data: OTPVerifyRequest): Promise<VerifyOTPResponse> {
+		return this.api.post('authentication/login/otp/verify', data)
+	}
+
+	/**
+	 * Login with SSO provider (legacy endpoint without PKCE)
+	 */
+	async loginWithSSO(provider: SSOProvider, data: SSOLoginRequest): Promise<LegacySSOLoginResponse> {
+		return this.api.post(`authentication/login/sso/${provider}`, data)
+	}
+
 	/**
 	 * Logout and clear session
 	 */
@@ -135,37 +186,28 @@ export class AuthApi {
 	 * Initiate SSO login flow
 	 * Returns authorization URL to redirect user to
 	 */
-	async initiateSSO(data: SSOInitiateRequest): Promise<SSOInitiateResponse> {
-		return this.api.post(`authentication/sso/${data.provider}/initiate`, {
-			redirect_uri: data.redirect_uri,
-			state: data.state,
-		})
+	async initiateSSO(provider: SSOProvider, data: SSOInitiateRequest): Promise<InitiateSSOResponse> {
+		return this.api.post(`authentication/sso/${provider}/initiate`, data)
 	}
 
 	/**
 	 * Complete SSO login after callback from provider
 	 */
-	async ssoCallback(data: SSOCallbackRequest): Promise<SSOCallbackResponse> {
-		return this.api.post(`authentication/sso/${data.provider}/callback`, {
-			code: data.code,
-			state: data.state,
-		})
+	async ssoCallback(provider: SSOProvider, data: SSOCallbackRequest): Promise<CallbackSSOResponse> {
+		return this.api.post(`authentication/sso/${provider}/callback`, data)
 	}
 
 	/**
 	 * Link an SSO provider to existing account
 	 */
-	async linkSSOProvider(data: SSOLinkRequest): Promise<SSOLinkResponse> {
-		return this.api.post(`authentication/sso/${data.provider}/link`, {
-			code: data.code,
-			state: data.state,
-		})
+	async linkSSOProvider(provider: SSOProvider, data: SSOLinkRequest): Promise<LinkSSOResponse> {
+		return this.api.post(`authentication/sso/${provider}/link`, data)
 	}
 
 	/**
 	 * Unlink an SSO provider from account
 	 */
-	async unlinkSSOProvider(provider: SSOProvider): Promise<SSOUnlinkResponse> {
+	async unlinkSSOProvider(provider: SSOProvider): Promise<UnlinkSSOResponse> {
 		return this.api.delete(`authentication/sso/${provider}/unlink`)
 	}
 
@@ -194,50 +236,6 @@ export class AuthApi {
 		return this.api.delete('authentication/me')
 	}
 
-	// ============================================
-	// Account Management (Admin)
-	// ============================================
-
-	/**
-	 * Get account information by ID
-	 */
-	async getAccount(accountId: string): Promise<GetAccountResponse> {
-		return this.api.get(`authentication/account/${accountId}`)
-	}
-
-	/**
-	 * Update account by ID
-	 */
-	async updateAccount(
-		accountId: string,
-		data: UpdateAccountRequest
-	): Promise<UpdateAccountResponse> {
-		return this.api.patch(`authentication/account/${accountId}`, data)
-	}
-
-	/**
-	 * Delete account by ID
-	 */
-	async deleteAccount(accountId: string): Promise<DeleteAccountResponse> {
-		return this.api.delete(`authentication/account/${accountId}`)
-	}
-
-	/**
-	 * Activate account by ID
-	 */
-	async activateAccount(accountId: string): Promise<ActivateAccountResponse> {
-		return this.api.post(`authentication/account/${accountId}/activate`, {})
-	}
-
-	/**
-	 * Deactivate account by ID
-	 */
-	async deactivateAccount(
-		accountId: string
-	): Promise<DeactivateAccountResponse> {
-		return this.api.post(`authentication/account/${accountId}/deactivate`, {})
-	}
-
 	// ============================================
 	// Password Management
 	// ============================================
@@ -252,9 +250,10 @@ export class AuthApi {
 	/**
 	 * Initiate forgot password flow
 	 */
-	async forgotPassword(email: string): Promise<ForgotPasswordResponse> {
+	async forgotPassword(data: ForgotPasswordRequest): Promise<ForgotPasswordResponse> {
 		return this.api.post('authentication/password/forgot', {
-			email: email.toLowerCase(),
+			...data,
+			email: data.email.toLowerCase(),
 		})
 	}
 
@@ -291,8 +290,8 @@ export class AuthApi {
 	/**
 	 * Verify email with token
 	 */
-	async verifyEmail(token: string): Promise<VerifyEmailResponse> {
-		return this.api.post('authentication/verify/email', { token })
+	async verifyEmail(data: VerifyEmailRequest): Promise<VerifyEmailResponse> {
+		return this.api.post('authentication/verify/email', data)
 	}
 
 	// ============================================
@@ -300,10 +299,10 @@ export class AuthApi {
 	// ============================================
 
 	/**
-	 * Get sessions for an account
+	 * Get active sessions for current identity
 	 */
-	async getSessions(accountId: string): Promise<GetSessionsResponse> {
-		return this.api.get(`authentication/sessions/${accountId}`)
+	async getSessions(): Promise<GetSessionsResponse> {
+		return this.api.get('authentication/sessions')
 	}
 
 	/**
@@ -314,10 +313,10 @@ export class AuthApi {
 	}
 
 	/**
-	 * Revoke all sessions for an account
+	 * Revoke all sessions for current identity
 	 */
-	async revokeAllSessions(accountId: string): Promise<DeleteAllSessionsResponse> {
-		return this.api.delete(`authentication/sessions/account/${accountId}`)
+	async revokeAllSessions(): Promise<DeleteAllSessionsResponse> {
+		return this.api.delete('authentication/sessions')
 	}
 
 	/**

package/src/sso.ts

@@ -132,13 +132,13 @@ export interface SSOProviderInstance extends SSOProviderConfig {
 	 * Complete OAuth flow after callback
 	 * Call this on your callback page
 	 */
-	callback: (code: string, state?: string) => Promise<AuthenticationResponse>
+	callback: (code: string, state: string) => Promise<AuthenticationResponse>
 
 	/**
 	 * Link this provider to the current logged-in user
 	 * Call this after OAuth redirect completes on link callback page
 	 */
-	link: (code: string, state?: string) => Promise<void>
+	link: (code: string, state: string) => Promise<void>
 
 	/**
 	 * Unlink this provider from the current user
@@ -334,8 +334,7 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 				sessionStorage.setItem(`oauth_provider:${state}`, config.id)
 			}
 
-			const authUrl = await auth.initiateSSO({
-				provider: config.id,
+			const authUrl = await auth.initiateSSO(config.id, {
 				redirect_uri: redirectUri,
 				state,
 				scopes: options.scopes ?? config.defaultScopes,
@@ -368,8 +367,7 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 				sessionStorage.setItem(`oauth_provider:${state}`, config.id)
 			}
 
-			const authUrl = await auth.initiateSSO({
-				provider: config.id,
+			const authUrl = await auth.initiateSSO(config.id, {
 				redirect_uri: redirectUri,
 				state,
 				scopes: options.scopes ?? config.defaultScopes,
@@ -385,21 +383,19 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 
 			const result = await waitForPopupCallback(popupWindow, config.id, timeout)
 
-			return auth.loginWithSSO({
-				provider: config.id,
+			return auth.loginWithSSO(config.id, {
 				code: result.code,
-				state: result.state,
+				state: result.state ?? generateState(),
 			})
 		},
 
-		async callback(code: string, state?: string) {
+		async callback(code: string, state: string) {
 			const auth = getAuthApi()
 
 			// Verify state if it was stored (per-provider key)
-			if (typeof sessionStorage !== 'undefined' && state !== undefined && state !== '') {
+			if (typeof sessionStorage !== 'undefined') {
 				const storedState = sessionStorage.getItem(getStateKey())
 				sessionStorage.removeItem(getStateKey())
-				// Clean up provider mapping
 				sessionStorage.removeItem(`oauth_provider:${state}`)
 
 				if (storedState !== null && storedState !== state) {
@@ -407,21 +403,19 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 				}
 			}
 
-			return auth.loginWithSSO({
-				provider: config.id,
+			return auth.loginWithSSO(config.id, {
 				code,
-				state,
+				state: state ?? generateState(),
 			})
 		},
 
-		async link(code: string, state?: string) {
+		async link(code: string, state: string) {
 			const auth = getAuthApi()
 
 			// Verify state if it was stored (per-provider key)
-			if (typeof sessionStorage !== 'undefined' && state !== undefined && state !== '') {
+			if (typeof sessionStorage !== 'undefined') {
 				const storedState = sessionStorage.getItem(getStateKey())
 				sessionStorage.removeItem(getStateKey())
-				// Clean up provider mapping
 				sessionStorage.removeItem(`oauth_provider:${state}`)
 
 				if (storedState !== null && storedState !== state) {
@@ -429,10 +423,9 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 				}
 			}
 
-			await auth.linkSSOProvider({
-				provider: config.id,
+			await auth.linkSSOProvider(config.id, {
 				code,
-				state,
+				state: state ?? generateState(),
 			})
 		},
 
@@ -446,8 +439,7 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 			const redirectUri = options.redirectUri ?? getDefaultRedirectUri()
 			const state = options.state ?? generateState()
 
-			return auth.initiateSSO({
-				provider: config.id,
+			return auth.initiateSSO(config.id, {
 				redirect_uri: redirectUri,
 				state,
 				scopes: options.scopes ?? config.defaultScopes,
@@ -462,7 +454,7 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 /**
  * SSO Provider Implementations with global helpers
  */
-const ssoProviders = {
+const ssoProviders: Record<SSOProvider, SSOProviderInstance> = {
 	/**
 	 * Google OAuth Provider
 	 * https://developers.google.com/identity/protocols/oauth2
@@ -565,6 +557,16 @@ const ssoProviders = {
 			buttonText: 'Continue with Facebook',
 		},
 	}),
+	custom: createSSOProvider({
+		id: 'custom',
+		name: 'Custom',
+		color: '#000000',
+		icon: 'custom',
+		defaultScopes: [],
+		metadata: {
+			buttonText: 'Continue with Custom',
+		},
+	}),
 }
 
 /**

package/src/types.ts

@@ -62,7 +62,7 @@ export type AuthenticationMethodType
 		| 'sso'
 		| 'otp'
 
-export type SSOProvider = 'google' | 'microsoft' | 'github' | 'okta' | 'apple' | 'facebook'
+export type SSOProvider = 'google' | 'microsoft' | 'github' | 'okta' | 'apple' | 'facebook' | 'custom'
 
 export interface AuthenticationAccount {
 	created_at?: string
@@ -85,9 +85,9 @@ export interface PersonInfo {
 	name: string
 	first_name: string
 	last_name: string
-	email?: string | null
-	phone_number?: string | null
-	roles: string[]
+	email?: string
+	phone_number?: string
+	tags: string[]
 }
 
 export interface AuthMethodInfo {
@@ -97,7 +97,7 @@ export interface AuthMethodInfo {
 	is_verified: boolean
 	last_used?: string
 	use_count: number
-	provider?: SSOProvider
+	provider?: string
 	provider_user_id?: string
 }
 
@@ -107,9 +107,10 @@ export interface AccountInfo {
 	display_name: string
 	is_active: boolean
 	is_verified: boolean
-	last_login?: string | null
+	last_login?: string
+	roles: string[]
 	authentication_methods: AuthMethodInfo[]
-	person?: PersonInfo | null
+	person?: PersonInfo
 }
 
 // Note: EntityInfo kept for backward compatibility
@@ -209,6 +210,34 @@ export interface VerifyEmailRequest {
 	token: string
 }
 
+export interface EmailTokenSendRequest {
+	email: string
+}
+
+export interface EmailTokenVerifyRequest {
+	email: string
+	token: string
+}
+
+export interface OTPSendRequest {
+	phone_number: string
+}
+
+export interface OTPVerifyRequest {
+	phone_number: string
+	otp_code: string
+	nonce: string
+	verification_hash: string
+	timestamp: number
+}
+
+export interface SSOLoginRequest {
+	provider: SSOProvider
+	authorization_code?: string
+	id_token?: string
+	access_token?: string
+}
+
 // Client-side helper types
 export interface NewUser extends RegisterRequest {
 	confirmPassword: string
@@ -244,37 +273,28 @@ export interface OTPMetadata {
 }
 
 export interface SSOMetadata {
-	provider: SSOProvider
+	provider: string
 	sso_user_info: { [key: string]: any }
 	can_create_account?: boolean
 }
 
 export interface SSOInitiateRequest {
-	provider: SSOProvider
 	redirect_uri?: string
-	state?: string
+	state: string
 	scopes?: string[]
-	params?: Record<string, string> // Additional OAuth params (prompt, login_hint, hd, etc.)
-	code_challenge?: string // For PKCE flow
-	code_challenge_method?: 'S256' | 'plain'
+	params?: { [key: string]: any }
 }
 
 export interface SSOCallbackRequest {
-	provider: SSOProvider
 	code: string
-	state?: string
+	state: string
 }
 
 export interface SSOLinkRequest {
-	provider: SSOProvider
 	code: string
 	state: string
 }
 
-export interface SSOUnlinkRequest {
-	provider: SSOProvider
-}
-
 export interface AuthenticationResponse {
 	success: boolean
 	account_id?: string
@@ -317,11 +337,39 @@ export type DeleteSessionResponse = AxiosResponse<MessageResponse>
 export type DeleteAllSessionsResponse = AxiosResponse<MessageResponse>
 export type CleanupSessionsResponse = AxiosResponse<MessageResponse>
 export type GetMethodsResponse = AxiosResponse<AvailableMethodsResponse>
-export type SSOInitiateResponse = AxiosResponse<{ authorization_url: string }>
-export type SSOCallbackResponse = AxiosResponse<AuthenticationResponse>
-export type SSOLinkResponse = AxiosResponse<MessageResponse>
-export type SSOUnlinkResponse = AxiosResponse<MessageResponse>
+export interface SSOInitiateResponse {
+	authorization_url: string
+}
+export interface SSOCallbackResponse {
+	success: boolean
+	account_id?: string
+	session_token?: string
+	requires_verification?: boolean
+	metadata?: { [key: string]: any }
+	message?: string
+}
+export interface SSOLinkResponse {
+	success?: boolean
+	message?: string
+	provider?: string
+	provider_user_id?: string
+	email?: string
+}
+export interface SSOUnlinkResponse {
+	success?: boolean
+	message?: string
+}
+export type InitiateSSOResponse = AxiosResponse<SSOInitiateResponse>
+export type CallbackSSOResponse = AxiosResponse<SSOCallbackResponse>
+export type LinkSSOResponse = AxiosResponse<SSOLinkResponse>
+export type UnlinkSSOResponse = AxiosResponse<SSOUnlinkResponse>
 export type GetTenantsResponse = AxiosResponse<TenantInfo[]>
+export type GetAuthStatusResponse = AxiosResponse<AuthStatusResponse>
+export type SendEmailTokenResponse = AxiosResponse<AuthenticationResponse>
+export type VerifyEmailTokenResponse = AxiosResponse<AuthenticationResponse>
+export type SendOTPResponse = AxiosResponse<AuthenticationResponse>
+export type VerifyOTPResponse = AxiosResponse<AuthenticationResponse>
+export type LegacySSOLoginResponse = AxiosResponse<AuthenticationResponse>
 
 // ============================================
 // Helper Functions (exported for convenience)
@@ -342,13 +390,13 @@ export function accountToUser(account: AccountInfo | null): User | null {
 			id: account.person!.id,
 			accountId: account.id,
 			name: account.person!.name,
-			email: account.person!.email ?? undefined,
+			email: account.person!.email,
 			type: account.account_type as AuthenticationAccountType,
-			roles: account.person!.roles,
+			roles: account.roles,
 			isActive: account.is_active,
 			isVerified: account.is_verified,
 			person: account.person!,
-			lastLogin: account.last_login ?? undefined,
+			lastLogin: account.last_login,
 			hasPersonLinked: true,
 		}
 	}
@@ -364,9 +412,10 @@ export function accountToUser(account: AccountInfo | null): User | null {
 		name: account.display_name,
 		email: emailMethod?.identifier,
 		type: account.account_type as AuthenticationAccountType,
+		roles: account.roles,
 		isActive: account.is_active,
 		isVerified: account.is_verified,
-		lastLogin: account.last_login ?? undefined,
+		lastLogin: account.last_login,
 		hasPersonLinked: false,
 	}
 }