npm - @classic-homes/auth - Versions diffs - 0.1.23 → 0.1.24 - Mend

@classic-homes/auth 0.1.23 → 0.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +486 -81
package/dist/config-C-iBNu07.d.ts +86 -0
package/dist/core/index.d.ts +72 -94
package/dist/core/index.js +822 -430
package/dist/index.d.ts +3 -2
package/dist/index.js +867 -718
package/dist/svelte/index.d.ts +12 -1
package/dist/svelte/index.js +840 -193
package/dist/testing/index.d.ts +1082 -0
package/dist/testing/index.js +2033 -0
package/dist/{types-exFUQyBX.d.ts → types-DGN45Uih.d.ts} +9 -1
package/package.json +5 -1

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,14 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 // src/core/config.ts
-var config = null;
 function initAuth(options) {
   config = {
     ...options,
@@ -44,10 +53,714 @@ function getFetch() {
   const cfg = getConfig();
   return cfg.fetch ?? fetch;
 }
+var config;
+var init_config = __esm({
+  "src/core/config.ts"() {
+    config = null;
+  }
+});
+// src/core/jwt.ts
+function decodeJWT(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      return null;
+    }
+    const payload = parts[1];
+    const decoded = atob(payload.replace(/-/g, "+").replace(/_/g, "/"));
+    return JSON.parse(decoded);
+  } catch {
+    return null;
+  }
+}
+function isTokenExpired(token) {
+  const payload = decodeJWT(token);
+  if (!payload || !payload.exp) {
+    return true;
+  }
+  return payload.exp * 1e3 < Date.now();
+}
+function getTokenRemainingTime(token) {
+  const payload = decodeJWT(token);
+  if (!payload || !payload.exp) {
+    return 0;
+  }
+  const remainingMs = payload.exp * 1e3 - Date.now();
+  return Math.max(0, remainingMs);
+}
+function getTokenExpiration(token) {
+  const payload = decodeJWT(token);
+  if (!payload || !payload.exp) {
+    return null;
+  }
+  return new Date(payload.exp * 1e3);
+}
+function extractClaims(token, claims) {
+  const payload = decodeJWT(token);
+  if (!payload) {
+    return null;
+  }
+  const result = {};
+  for (const claim of claims) {
+    if (claim in payload) {
+      result[claim] = payload[claim];
+    }
+  }
+  return result;
+}
+var init_jwt = __esm({
+  "src/core/jwt.ts"() {
+  }
+});
+// src/core/api.ts
+var authApi;
+var init_api = __esm({
+  "src/core/api.ts"() {
+    init_client();
+    init_config();
+    authApi = {
+      // ============================================================================
+      // Authentication
+      // ============================================================================
+      /**
+       * Login with username and password.
+       */
+      async login(credentials) {
+        const response = await api.post("/auth/login", credentials);
+        return extractData(response);
+      },
+      /**
+       * Logout the current user.
+       * Returns SSO logout URL if applicable for SSO users.
+       */
+      async logout() {
+        try {
+          const response = await api.post("/auth/logout", {}, true);
+          return extractData(response);
+        } catch {
+          return { success: true };
+        }
+      },
+      /**
+       * Register a new user.
+       */
+      async register(data) {
+        const response = await api.post("/auth/register", data);
+        return extractData(response);
+      },
+      /**
+       * Request a password reset email.
+       */
+      async forgotPassword(email) {
+        await api.post("/auth/forgot-password", { email });
+      },
+      /**
+       * Reset password with a token.
+       */
+      async resetPassword(token, newPassword) {
+        await api.post("/auth/reset-password", { token, newPassword });
+      },
+      /**
+       * Refresh the access token.
+       */
+      async refreshToken(refreshToken) {
+        const response = await api.post("/auth/refresh", { refreshToken });
+        return extractData(response);
+      },
+      /**
+       * Initiate SSO login by redirecting to the SSO provider.
+       * @param options.callbackUrl - The URL where the SSO provider should redirect after auth
+       * @param options.redirectUrl - The final URL to redirect to after processing the callback
+       */
+      initiateSSOLogin(options) {
+        if (typeof window === "undefined") return;
+        const config2 = getConfig();
+        const authorizeUrl = config2.sso?.authorizeUrl ?? `${config2.baseUrl}/auth/sso/authorize`;
+        const params = new URLSearchParams();
+        if (options?.callbackUrl) {
+          params.set("callback", options.callbackUrl);
+        }
+        if (options?.redirectUrl) {
+          params.set("redirect", options.redirectUrl);
+        }
+        const url = params.toString() ? `${authorizeUrl}?${params}` : authorizeUrl;
+        window.location.href = url;
+      },
+      // ============================================================================
+      // Profile
+      // ============================================================================
+      /**
+       * Get the current user's profile.
+       */
+      async getProfile(customFetch) {
+        const response = await api.get("/auth/profile", true, customFetch);
+        return response;
+      },
+      /**
+       * Update the current user's profile.
+       */
+      async updateProfile(data) {
+        const response = await api.put("/auth/profile", data, true);
+        return extractData(response);
+      },
+      /**
+       * Change the current user's password.
+       */
+      async changePassword(data) {
+        await api.put("/auth/change-password", data, true);
+      },
+      // ============================================================================
+      // Email Verification
+      // ============================================================================
+      /**
+       * Resend email verification.
+       */
+      async resendVerification() {
+        await api.post("/auth/resend-verification", {}, true);
+      },
+      /**
+       * Verify email with a token.
+       */
+      async verifyEmail(token) {
+        const response = await api.post("/auth/verify-email", {
+          token
+        });
+        return extractData(response);
+      },
+      // ============================================================================
+      // Session Management
+      // ============================================================================
+      /**
+       * Get all active sessions.
+       */
+      async getSessions(customFetch) {
+        const response = await api.get(
+          "/auth/sessions",
+          true,
+          customFetch
+        );
+        return response;
+      },
+      /**
+       * Revoke a specific session.
+       */
+      async revokeSession(sessionId) {
+        await api.delete(`/auth/sessions/${sessionId}`, true);
+      },
+      /**
+       * Revoke all sessions except the current one.
+       */
+      async revokeAllSessions() {
+        await api.delete("/auth/sessions", true);
+      },
+      // ============================================================================
+      // API Key Management
+      // ============================================================================
+      /**
+       * Get all API keys.
+       */
+      async getApiKeys(customFetch) {
+        const response = await api.get("/auth/api-keys", true, customFetch);
+        return response;
+      },
+      /**
+       * Create a new API key.
+       */
+      async createApiKey(data) {
+        const response = await api.post("/auth/api-keys", data, true);
+        return extractData(response);
+      },
+      /**
+       * Revoke an API key.
+       */
+      async revokeApiKey(keyId) {
+        await api.delete(`/auth/api-keys/${keyId}`, true);
+      },
+      /**
+       * Update an API key's name.
+       */
+      async updateApiKey(keyId, data) {
+        await api.put(`/auth/api-keys/${keyId}`, data, true);
+      },
+      // ============================================================================
+      // MFA Management
+      // ============================================================================
+      /**
+       * Get MFA status for the current user.
+       */
+      async getMFAStatus() {
+        const response = await api.get("/auth/mfa/status", true);
+        return response;
+      },
+      /**
+       * Setup MFA (get QR code and backup codes).
+       */
+      async setupMFA() {
+        const response = await api.post("/auth/mfa-setup", {}, true);
+        return extractData(response);
+      },
+      /**
+       * Verify MFA setup with a code.
+       */
+      async verifyMFASetup(code) {
+        await api.post("/auth/mfa/verify", { code }, true);
+      },
+      /**
+       * Disable MFA.
+       */
+      async disableMFA(password) {
+        await api.delete("/auth/mfa", true, void 0, { password });
+      },
+      /**
+       * Regenerate MFA backup codes.
+       */
+      async regenerateBackupCodes(password) {
+        const response = await api.post(
+          "/auth/mfa/regenerate-backup-codes",
+          { password },
+          true
+        );
+        return extractData(response);
+      },
+      /**
+       * Verify MFA challenge during login.
+       */
+      async verifyMFAChallenge(data) {
+        const config2 = getConfig();
+        const fetchFn = config2.fetch ?? fetch;
+        const requestBody = {
+          code: data.code,
+          type: data.method === "backup" ? "backup" : "totp",
+          trustDevice: data.trustDevice
+        };
+        const response = await fetchFn(`${config2.baseUrl}/auth/mfa/challenge`, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${data.mfaToken}`
+          },
+          body: JSON.stringify(requestBody)
+        });
+        if (!response.ok) {
+          const error = await response.json().catch(() => ({ message: "Verification failed" }));
+          throw new Error(error.error?.message || error.message || "Invalid verification code");
+        }
+        const result = await response.json();
+        return extractData(result);
+      },
+      // ============================================================================
+      // Device Management
+      // ============================================================================
+      /**
+       * Get all devices.
+       */
+      async getDevices(customFetch) {
+        const response = await api.get(
+          "/auth/devices",
+          true,
+          customFetch
+        );
+        return response;
+      },
+      /**
+       * Trust a device.
+       */
+      async trustDevice(deviceId) {
+        await api.put(`/auth/devices/${deviceId}/trust`, {}, true);
+      },
+      /**
+       * Revoke device trust.
+       */
+      async revokeDevice(deviceId) {
+        await api.delete(`/auth/devices/${deviceId}/revoke`, true);
+      },
+      /**
+       * Remove a device completely.
+       */
+      async removeDevice(deviceId) {
+        await api.delete(`/auth/devices/${deviceId}`, true);
+      },
+      /**
+       * Approve a device with a token.
+       */
+      async approveDevice(token) {
+        const response = await api.post("/auth/device/approve", {
+          token
+        });
+        return extractData(response);
+      },
+      /**
+       * Block a device with a token.
+       */
+      async blockDevice(token) {
+        const response = await api.post("/auth/device/block", {
+          token
+        });
+        return extractData(response);
+      },
+      // ============================================================================
+      // Preferences
+      // ============================================================================
+      /**
+       * Get user preferences.
+       */
+      async getPreferences(customFetch) {
+        const response = await api.get(
+          "/auth/preferences",
+          true,
+          customFetch
+        );
+        if (response && typeof response === "object" && "preferences" in response) {
+          return response.preferences;
+        }
+        return response ?? {};
+      },
+      /**
+       * Update user preferences.
+       */
+      async updatePreferences(data) {
+        await api.put("/auth/preferences", data, true);
+      },
+      // ============================================================================
+      // SSO / Linked Accounts
+      // ============================================================================
+      /**
+       * Get SSO linked accounts.
+       */
+      async getSSOAccounts(customFetch) {
+        const response = await api.get(
+          "/auth/sso/accounts",
+          true,
+          customFetch
+        );
+        if (response && typeof response === "object" && "accounts" in response) {
+          return response.accounts;
+        }
+        return Array.isArray(response) ? response : [];
+      },
+      /**
+       * Unlink an SSO account.
+       */
+      async unlinkSSOAccount(provider, password) {
+        await api.delete("/auth/sso/unlink", true, void 0, { provider, password });
+      },
+      /**
+       * Link an SSO account (redirects to SSO provider).
+       */
+      async linkSSOAccount(provider = "authentik") {
+        if (typeof window === "undefined") return;
+        const accessToken = getAccessToken();
+        if (!accessToken) {
+          throw new Error("Not authenticated");
+        }
+        const config2 = getConfig();
+        const params = new URLSearchParams({
+          token: accessToken,
+          provider
+        });
+        window.location.href = `${config2.baseUrl}/auth/sso/link?${params.toString()}`;
+      },
+      // ============================================================================
+      // Security Events
+      // ============================================================================
+      /**
+       * Get security event history.
+       */
+      async getSecurityEvents(params, customFetch) {
+        const queryParams = new URLSearchParams();
+        if (params?.page) queryParams.append("page", params.page.toString());
+        if (params?.limit) queryParams.append("limit", params.limit.toString());
+        if (params?.type) queryParams.append("type", params.type);
+        const response = await api.get(`/auth/security/events?${queryParams.toString()}`, true, customFetch);
+        return extractData(response);
+      }
+    };
+  }
+});
+// src/svelte/stores/auth.svelte.ts
+var auth_svelte_exports = {};
+__export(auth_svelte_exports, {
+  authActions: () => authActions,
+  authStore: () => authStore,
+  currentUser: () => currentUser,
+  isAuthenticated: () => isAuthenticated
+});
+function getStorageKey() {
+  return isInitialized() ? getConfig().storageKey ?? "classic_auth" : "classic_auth";
+}
+function getStorageAdapter() {
+  return isInitialized() ? getStorage() : getDefaultStorage();
+}
+function loadAuthFromStorage() {
+  try {
+    const storage = getStorageAdapter();
+    const data = storage.getItem(getStorageKey());
+    if (!data) {
+      return {
+        accessToken: null,
+        refreshToken: null,
+        user: null,
+        isAuthenticated: false
+      };
+    }
+    const parsed = JSON.parse(data);
+    return {
+      accessToken: parsed.accessToken ?? null,
+      refreshToken: parsed.refreshToken ?? null,
+      user: parsed.user ?? null,
+      isAuthenticated: !!parsed.accessToken && !!parsed.user
+    };
+  } catch {
+    return {
+      accessToken: null,
+      refreshToken: null,
+      user: null,
+      isAuthenticated: false
+    };
+  }
+}
+function saveAuthToStorage(state) {
+  try {
+    const storage = getStorageAdapter();
+    const key = getStorageKey();
+    if (!state.accessToken) {
+      storage.removeItem(key);
+    } else {
+      storage.setItem(key, JSON.stringify(state));
+    }
+  } catch {
+  }
+}
+var AuthStore, authStore, authActions, isAuthenticated, currentUser;
+var init_auth_svelte = __esm({
+  "src/svelte/stores/auth.svelte.ts"() {
+    init_config();
+    init_jwt();
+    init_api();
+    AuthStore = class {
+      constructor() {
+        this.subscribers = /* @__PURE__ */ new Set();
+        this.state = loadAuthFromStorage();
+      }
+      /**
+       * Subscribe to state changes (Svelte store contract).
+       */
+      subscribe(subscriber) {
+        this.subscribers.add(subscriber);
+        subscriber(this.state);
+        return () => this.subscribers.delete(subscriber);
+      }
+      notify() {
+        this.subscribers.forEach((sub) => sub(this.state));
+      }
+      // Getters for direct access
+      get accessToken() {
+        return this.state.accessToken;
+      }
+      get refreshToken() {
+        return this.state.refreshToken;
+      }
+      get user() {
+        return this.state.user;
+      }
+      get isAuthenticated() {
+        return this.state.isAuthenticated;
+      }
+      /**
+       * Get the current auth state snapshot.
+       */
+      getState() {
+        return { ...this.state };
+      }
+      /**
+       * Set auth data after successful login.
+       */
+      setAuth(accessToken, refreshToken, user, sessionToken) {
+        const jwtPayload = decodeJWT(accessToken);
+        const userWithPermissions = {
+          ...user,
+          permissions: user.permissions || jwtPayload?.permissions || [],
+          roles: user.roles || jwtPayload?.roles || (user.role ? [user.role] : [])
+        };
+        this.state = {
+          accessToken,
+          refreshToken,
+          user: userWithPermissions,
+          isAuthenticated: true
+        };
+        saveAuthToStorage(this.state);
+        if (sessionToken && typeof window !== "undefined") {
+          getStorageAdapter().setItem("sessionToken", sessionToken);
+        }
+        if (typeof window !== "undefined") {
+          window.dispatchEvent(
+            new CustomEvent("auth:login", {
+              detail: { user: userWithPermissions }
+            })
+          );
+        }
+        this.notify();
+      }
+      /**
+       * Update tokens (e.g., after refresh).
+       */
+      updateTokens(accessToken, refreshToken) {
+        const jwtPayload = decodeJWT(accessToken);
+        const updatedUser = this.state.user ? {
+          ...this.state.user,
+          permissions: jwtPayload?.permissions || this.state.user.permissions || [],
+          roles: jwtPayload?.roles || this.state.user.roles || (this.state.user.role ? [this.state.user.role] : [])
+        } : null;
+        this.state = {
+          ...this.state,
+          accessToken,
+          refreshToken,
+          user: updatedUser
+        };
+        saveAuthToStorage(this.state);
+        if (typeof window !== "undefined") {
+          window.dispatchEvent(new CustomEvent("auth:token-refresh"));
+        }
+        this.notify();
+      }
+      /**
+       * Update user data (e.g., after profile update).
+       */
+      updateUser(user) {
+        const jwtPayload = this.state.accessToken ? decodeJWT(this.state.accessToken) : null;
+        const updatedUser = {
+          ...user,
+          permissions: user.permissions || jwtPayload?.permissions || [],
+          roles: user.roles || jwtPayload?.roles || (user.role ? [user.role] : [])
+        };
+        this.state = {
+          ...this.state,
+          user: updatedUser
+        };
+        saveAuthToStorage(this.state);
+        if (typeof window !== "undefined") {
+          window.dispatchEvent(
+            new CustomEvent("auth:profile-update", {
+              detail: { user: updatedUser }
+            })
+          );
+        }
+        this.notify();
+      }
+      /**
+       * Clear auth state (logout).
+       */
+      logout() {
+        this.state = {
+          accessToken: null,
+          refreshToken: null,
+          user: null,
+          isAuthenticated: false
+        };
+        const storage = getStorageAdapter();
+        storage.removeItem(getStorageKey());
+        storage.removeItem("sessionToken");
+        if (typeof window !== "undefined") {
+          window.dispatchEvent(new CustomEvent("auth:logout"));
+        }
+        if (isInitialized()) {
+          getConfig().onLogout?.();
+        }
+        this.notify();
+      }
+      /**
+       * Logout with SSO support.
+       * Calls the logout API and returns the SSO logout URL if applicable.
+       * Clears local state regardless of API response.
+       */
+      async logoutWithSSO() {
+        try {
+          const response = await authApi.logout();
+          this.logout();
+          if (response?.ssoLogout && response?.logoutUrl) {
+            return { ssoLogoutUrl: response.logoutUrl };
+          }
+        } catch {
+          this.logout();
+        }
+        return {};
+      }
+      /**
+       * Check if user has a specific permission.
+       */
+      hasPermission(permission) {
+        return this.state.user?.permissions?.includes(permission) ?? false;
+      }
+      /**
+       * Check if user has a specific role.
+       */
+      hasRole(role) {
+        return this.state.user?.roles?.includes(role) ?? false;
+      }
+      /**
+       * Check if user has any of the specified roles.
+       */
+      hasAnyRole(roles) {
+        return roles.some((role) => this.state.user?.roles?.includes(role)) ?? false;
+      }
+      /**
+       * Check if user has all of the specified roles.
+       */
+      hasAllRoles(roles) {
+        return roles.every((role) => this.state.user?.roles?.includes(role)) ?? false;
+      }
+      /**
+       * Check if user has any of the specified permissions.
+       */
+      hasAnyPermission(permissions) {
+        return permissions.some((perm) => this.state.user?.permissions?.includes(perm)) ?? false;
+      }
+      /**
+       * Check if user has all of the specified permissions.
+       */
+      hasAllPermissions(permissions) {
+        return permissions.every((perm) => this.state.user?.permissions?.includes(perm)) ?? false;
+      }
+      /**
+       * Re-hydrate state from storage (useful after config changes).
+       */
+      rehydrate() {
+        this.state = loadAuthFromStorage();
+        this.notify();
+      }
+    };
+    authStore = new AuthStore();
+    authActions = {
+      setAuth: (accessToken, refreshToken, user, sessionToken) => authStore.setAuth(accessToken, refreshToken, user, sessionToken),
+      updateTokens: (accessToken, refreshToken) => authStore.updateTokens(accessToken, refreshToken),
+      updateUser: (user) => authStore.updateUser(user),
+      logout: () => authStore.logout(),
+      logoutWithSSO: () => authStore.logoutWithSSO(),
+      hasPermission: (permission) => authStore.hasPermission(permission),
+      hasRole: (role) => authStore.hasRole(role),
+      hasAnyRole: (roles) => authStore.hasAnyRole(roles),
+      hasAllRoles: (roles) => authStore.hasAllRoles(roles),
+      hasAnyPermission: (permissions) => authStore.hasAnyPermission(permissions),
+      hasAllPermissions: (permissions) => authStore.hasAllPermissions(permissions),
+      rehydrate: () => authStore.rehydrate()
+    };
+    isAuthenticated = {
+      subscribe: (subscriber) => {
+        return authStore.subscribe((state) => subscriber(state.isAuthenticated));
+      }
+    };
+    currentUser = {
+      subscribe: (subscriber) => {
+        return authStore.subscribe((state) => subscriber(state.user));
+      }
+    };
+  }
+});
 // src/core/client.ts
-var isRefreshing = false;
-var refreshSubscribers = [];
 function subscribeTokenRefresh(cb) {
   refreshSubscribers.push(cb);
 }
@@ -98,6 +811,10 @@ function updateStoredTokens(accessToken, refreshToken) {
   parsed.accessToken = accessToken;
   parsed.refreshToken = refreshToken;
   storage.setItem(storageKey, JSON.stringify(parsed));
+  Promise.resolve().then(() => (init_auth_svelte(), auth_svelte_exports)).then(({ authStore: authStore2 }) => {
+    authStore2.updateTokens(accessToken, refreshToken);
+  }).catch(() => {
+  });
   config2.onTokenRefresh?.({ accessToken, refreshToken });
 }
 function clearStoredAuth() {
@@ -209,87 +926,136 @@ async function apiRequest(endpoint, options = {}) {
     throw new Error("API request failed");
   }
 }
-var api = {
-  get: (endpoint, authenticated = false, customFetch) => apiRequest(endpoint, { method: "GET", authenticated, customFetch }),
-  post: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
-    method: "POST",
-    body,
-    authenticated,
-    customFetch
-  }),
-  put: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
-    method: "PUT",
-    body,
-    authenticated,
-    customFetch
-  }),
-  patch: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
-    method: "PATCH",
-    body,
-    authenticated,
-    customFetch
-  }),
-  delete: (endpoint, authenticated = false, customFetch, body) => apiRequest(endpoint, {
-    method: "DELETE",
-    body,
-    authenticated,
-    customFetch
-  })
-};
+var isRefreshing, refreshSubscribers, api;
+var init_client = __esm({
+  "src/core/client.ts"() {
+    init_config();
+    isRefreshing = false;
+    refreshSubscribers = [];
+    api = {
+      get: (endpoint, authenticated = false, customFetch) => apiRequest(endpoint, { method: "GET", authenticated, customFetch }),
+      post: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
+        method: "POST",
+        body,
+        authenticated,
+        customFetch
+      }),
+      put: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
+        method: "PUT",
+        body,
+        authenticated,
+        customFetch
+      }),
+      patch: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
+        method: "PATCH",
+        body,
+        authenticated,
+        customFetch
+      }),
+      delete: (endpoint, authenticated = false, customFetch, body) => apiRequest(endpoint, {
+        method: "DELETE",
+        body,
+        authenticated,
+        customFetch
+      })
+    };
+  }
+});
-// src/core/api.ts
-var authApi = {
+// src/core/index.ts
+init_config();
+init_client();
+init_api();
+// src/core/service.ts
+init_api();
+// src/core/guards.ts
+function isMfaChallengeResponse(response) {
+  return "requiresMFA" in response && response.requiresMFA === true || "mfaRequired" in response && response.mfaRequired === true;
+}
+function isLoginSuccessResponse(response) {
+  return "accessToken" in response && "user" in response && !isMfaChallengeResponse(response);
+}
+function getMfaToken(response) {
+  return response.mfaToken ?? response.mfaChallengeToken;
+}
+function getAvailableMethods(response) {
+  return response.availableMethods ?? ["totp"];
+}
+// src/core/service.ts
+var AuthService = class {
   // ============================================================================
   // Authentication
   // ============================================================================
   /**
    * Login with username and password.
-   */
-  async login(credentials) {
-    const response = await api.post("/auth/login", credentials);
-    return extractData(response);
-  },
+   * By default, automatically sets the auth state on successful login (unless MFA is required).
+   * @param credentials - Username and password
+   * @param options - Optional settings for login behavior
+   */
+  async login(credentials, options) {
+    const response = await authApi.login(credentials);
+    if (options?.autoSetAuth !== false && !isMfaChallengeResponse(response)) {
+      try {
+        const { authStore: authStore2 } = await Promise.resolve().then(() => (init_auth_svelte(), auth_svelte_exports));
+        authStore2.setAuth(
+          response.accessToken,
+          response.refreshToken,
+          response.user,
+          response.sessionToken
+        );
+      } catch {
+      }
+    }
+    return response;
+  }
   /**
    * Logout the current user.
+   * Returns SSO logout URL if applicable for SSO users.
    */
   async logout() {
-    await api.post("/auth/logout", {}, true);
-  },
+    return await authApi.logout();
+  }
   /**
    * Register a new user.
    */
   async register(data) {
-    const response = await api.post("/auth/register", data);
-    return extractData(response);
-  },
+    return await authApi.register(data);
+  }
   /**
    * Request a password reset email.
    */
   async forgotPassword(email) {
-    await api.post("/auth/forgot-password", { email });
-  },
+    await authApi.forgotPassword(email);
+  }
   /**
    * Reset password with a token.
    */
   async resetPassword(token, newPassword) {
-    await api.post("/auth/reset-password", { token, newPassword });
-  },
+    await authApi.resetPassword(token, newPassword);
+  }
+  /**
+   * Change the current user's password.
+   */
+  async changePassword(currentPassword, newPassword) {
+    await authApi.changePassword({ currentPassword, newPassword });
+  }
   /**
    * Refresh the access token.
    */
   async refreshToken(refreshToken) {
-    const response = await api.post("/auth/refresh", { refreshToken });
-    return extractData(response);
-  },
+    return await authApi.refreshToken(refreshToken);
+  }
   /**
-   * Initiate SSO login by redirecting to the SSO provider.
+   * Initiate SSO login (redirects to SSO provider).
+   * @param options.callbackUrl - The URL where the SSO provider should redirect after auth
+   * @param options.redirectUrl - The final URL to redirect to after processing the callback
    */
-  initiateSSOLogin() {
-    if (typeof window === "undefined") return;
-    const config2 = getConfig();
-    const authorizeUrl = config2.sso?.authorizeUrl ?? `${config2.baseUrl}/auth/sso/authorize`;
-    window.location.href = authorizeUrl;
-  },
+  initiateSSOLogin(options) {
+    authApi.initiateSSOLogin(options);
+  }
   // ============================================================================
   // Profile
   // ============================================================================
@@ -297,40 +1063,26 @@ var authApi = {
    * Get the current user's profile.
    */
   async getProfile(customFetch) {
-    const response = await api.get("/auth/profile", true, customFetch);
-    return response;
-  },
+    return await authApi.getProfile(customFetch);
+  }
   /**
    * Update the current user's profile.
    */
   async updateProfile(data) {
-    const response = await api.put("/auth/profile", data, true);
-    return extractData(response);
-  },
-  /**
-   * Change the current user's password.
-   */
-  async changePassword(data) {
-    await api.put("/auth/change-password", data, true);
-  },
-  // ============================================================================
-  // Email Verification
-  // ============================================================================
+    return await authApi.updateProfile(data);
+  }
   /**
    * Resend email verification.
    */
   async resendVerification() {
-    await api.post("/auth/resend-verification", {}, true);
-  },
+    await authApi.resendVerification();
+  }
   /**
    * Verify email with a token.
    */
   async verifyEmail(token) {
-    const response = await api.post("/auth/verify-email", {
-      token
-    });
-    return extractData(response);
-  },
+    return await authApi.verifyEmail(token);
+  }
   // ============================================================================
   // Session Management
   // ============================================================================
@@ -338,25 +1090,20 @@ var authApi = {
    * Get all active sessions.
    */
   async getSessions(customFetch) {
-    const response = await api.get(
-      "/auth/sessions",
-      true,
-      customFetch
-    );
-    return response;
-  },
+    return await authApi.getSessions(customFetch);
+  }
   /**
    * Revoke a specific session.
    */
   async revokeSession(sessionId) {
-    await api.delete(`/auth/sessions/${sessionId}`, true);
-  },
+    await authApi.revokeSession(sessionId);
+  }
   /**
    * Revoke all sessions except the current one.
    */
   async revokeAllSessions() {
-    await api.delete("/auth/sessions", true);
-  },
+    await authApi.revokeAllSessions();
+  }
   // ============================================================================
   // API Key Management
   // ============================================================================
@@ -364,344 +1111,20 @@ var authApi = {
    * Get all API keys.
    */
   async getApiKeys(customFetch) {
-    const response = await api.get("/auth/api-keys", true, customFetch);
-    return response;
-  },
+    return await authApi.getApiKeys(customFetch);
+  }
   /**
    * Create a new API key.
    */
   async createApiKey(data) {
-    const response = await api.post("/auth/api-keys", data, true);
-    return extractData(response);
-  },
+    return await authApi.createApiKey(data);
+  }
   /**
    * Revoke an API key.
    */
   async revokeApiKey(keyId) {
-    await api.delete(`/auth/api-keys/${keyId}`, true);
-  },
-  /**
-   * Update an API key's name.
-   */
-  async updateApiKey(keyId, data) {
-    await api.put(`/auth/api-keys/${keyId}`, data, true);
-  },
-  // ============================================================================
-  // MFA Management
-  // ============================================================================
-  /**
-   * Get MFA status for the current user.
-   */
-  async getMFAStatus() {
-    const response = await api.get("/auth/mfa/status", true);
-    return response;
-  },
-  /**
-   * Setup MFA (get QR code and backup codes).
-   */
-  async setupMFA() {
-    const response = await api.post("/auth/mfa-setup", {}, true);
-    return extractData(response);
-  },
-  /**
-   * Verify MFA setup with a code.
-   */
-  async verifyMFASetup(code) {
-    await api.post("/auth/mfa/verify", { code }, true);
-  },
-  /**
-   * Disable MFA.
-   */
-  async disableMFA(password) {
-    await api.delete("/auth/mfa", true, void 0, { password });
-  },
-  /**
-   * Regenerate MFA backup codes.
-   */
-  async regenerateBackupCodes(password) {
-    const response = await api.post(
-      "/auth/mfa/regenerate-backup-codes",
-      { password },
-      true
-    );
-    return extractData(response);
-  },
-  /**
-   * Verify MFA challenge during login.
-   */
-  async verifyMFAChallenge(data) {
-    const config2 = getConfig();
-    const fetchFn = config2.fetch ?? fetch;
-    const requestBody = {
-      code: data.code,
-      type: data.method === "backup" ? "backup" : "totp",
-      trustDevice: data.trustDevice
-    };
-    const response = await fetchFn(`${config2.baseUrl}/auth/mfa/challenge`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${data.mfaToken}`
-      },
-      body: JSON.stringify(requestBody)
-    });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ message: "Verification failed" }));
-      throw new Error(error.error?.message || error.message || "Invalid verification code");
-    }
-    const result = await response.json();
-    return extractData(result);
-  },
-  // ============================================================================
-  // Device Management
-  // ============================================================================
-  /**
-   * Get all devices.
-   */
-  async getDevices(customFetch) {
-    const response = await api.get(
-      "/auth/devices",
-      true,
-      customFetch
-    );
-    return response;
-  },
-  /**
-   * Trust a device.
-   */
-  async trustDevice(deviceId) {
-    await api.put(`/auth/devices/${deviceId}/trust`, {}, true);
-  },
-  /**
-   * Revoke device trust.
-   */
-  async revokeDevice(deviceId) {
-    await api.delete(`/auth/devices/${deviceId}/revoke`, true);
-  },
-  /**
-   * Remove a device completely.
-   */
-  async removeDevice(deviceId) {
-    await api.delete(`/auth/devices/${deviceId}`, true);
-  },
-  /**
-   * Approve a device with a token.
-   */
-  async approveDevice(token) {
-    const response = await api.post("/auth/device/approve", {
-      token
-    });
-    return extractData(response);
-  },
-  /**
-   * Block a device with a token.
-   */
-  async blockDevice(token) {
-    const response = await api.post("/auth/device/block", {
-      token
-    });
-    return extractData(response);
-  },
-  // ============================================================================
-  // Preferences
-  // ============================================================================
-  /**
-   * Get user preferences.
-   */
-  async getPreferences(customFetch) {
-    const response = await api.get(
-      "/auth/preferences",
-      true,
-      customFetch
-    );
-    if (response && typeof response === "object" && "preferences" in response) {
-      return response.preferences;
-    }
-    return response ?? {};
-  },
-  /**
-   * Update user preferences.
-   */
-  async updatePreferences(data) {
-    await api.put("/auth/preferences", data, true);
-  },
-  // ============================================================================
-  // SSO / Linked Accounts
-  // ============================================================================
-  /**
-   * Get SSO linked accounts.
-   */
-  async getSSOAccounts(customFetch) {
-    const response = await api.get(
-      "/auth/sso/accounts",
-      true,
-      customFetch
-    );
-    if (response && typeof response === "object" && "accounts" in response) {
-      return response.accounts;
-    }
-    return Array.isArray(response) ? response : [];
-  },
-  /**
-   * Unlink an SSO account.
-   */
-  async unlinkSSOAccount(provider, password) {
-    await api.delete("/auth/sso/unlink", true, void 0, { provider, password });
-  },
-  /**
-   * Link an SSO account (redirects to SSO provider).
-   */
-  async linkSSOAccount(provider = "authentik") {
-    if (typeof window === "undefined") return;
-    const accessToken = getAccessToken();
-    if (!accessToken) {
-      throw new Error("Not authenticated");
-    }
-    const config2 = getConfig();
-    const params = new URLSearchParams({
-      token: accessToken,
-      provider
-    });
-    window.location.href = `${config2.baseUrl}/auth/sso/link?${params.toString()}`;
-  },
-  // ============================================================================
-  // Security Events
-  // ============================================================================
-  /**
-   * Get security event history.
-   */
-  async getSecurityEvents(params, customFetch) {
-    const queryParams = new URLSearchParams();
-    if (params?.page) queryParams.append("page", params.page.toString());
-    if (params?.limit) queryParams.append("limit", params.limit.toString());
-    if (params?.type) queryParams.append("type", params.type);
-    const response = await api.get(`/auth/security/events?${queryParams.toString()}`, true, customFetch);
-    return extractData(response);
-  }
-};
-// src/core/service.ts
-var AuthService = class {
-  // ============================================================================
-  // Authentication
-  // ============================================================================
-  /**
-   * Login with username and password.
-   */
-  async login(credentials) {
-    return await authApi.login(credentials);
-  }
-  /**
-   * Logout the current user.
-   */
-  async logout() {
-    await authApi.logout();
-  }
-  /**
-   * Register a new user.
-   */
-  async register(data) {
-    return await authApi.register(data);
-  }
-  /**
-   * Request a password reset email.
-   */
-  async forgotPassword(email) {
-    await authApi.forgotPassword(email);
-  }
-  /**
-   * Reset password with a token.
-   */
-  async resetPassword(token, newPassword) {
-    await authApi.resetPassword(token, newPassword);
-  }
-  /**
-   * Change the current user's password.
-   */
-  async changePassword(currentPassword, newPassword) {
-    await authApi.changePassword({ currentPassword, newPassword });
-  }
-  /**
-   * Refresh the access token.
-   */
-  async refreshToken(refreshToken) {
-    return await authApi.refreshToken(refreshToken);
-  }
-  /**
-   * Initiate SSO login (redirects to SSO provider).
-   */
-  initiateSSOLogin() {
-    authApi.initiateSSOLogin();
-  }
-  // ============================================================================
-  // Profile
-  // ============================================================================
-  /**
-   * Get the current user's profile.
-   */
-  async getProfile(customFetch) {
-    return await authApi.getProfile(customFetch);
-  }
-  /**
-   * Update the current user's profile.
-   */
-  async updateProfile(data) {
-    return await authApi.updateProfile(data);
-  }
-  /**
-   * Resend email verification.
-   */
-  async resendVerification() {
-    await authApi.resendVerification();
-  }
-  /**
-   * Verify email with a token.
-   */
-  async verifyEmail(token) {
-    return await authApi.verifyEmail(token);
-  }
-  // ============================================================================
-  // Session Management
-  // ============================================================================
-  /**
-   * Get all active sessions.
-   */
-  async getSessions(customFetch) {
-    return await authApi.getSessions(customFetch);
-  }
-  /**
-   * Revoke a specific session.
-   */
-  async revokeSession(sessionId) {
-    await authApi.revokeSession(sessionId);
-  }
-  /**
-   * Revoke all sessions except the current one.
-   */
-  async revokeAllSessions() {
-    await authApi.revokeAllSessions();
-  }
-  // ============================================================================
-  // API Key Management
-  // ============================================================================
-  /**
-   * Get all API keys.
-   */
-  async getApiKeys(customFetch) {
-    return await authApi.getApiKeys(customFetch);
-  }
-  /**
-   * Create a new API key.
-   */
-  async createApiKey(data) {
-    return await authApi.createApiKey(data);
-  }
-  /**
-   * Revoke an API key.
-   */
-  async revokeApiKey(keyId) {
-    await authApi.revokeApiKey(keyId);
-  }
+    await authApi.revokeApiKey(keyId);
+  }
   /**
    * Update an API key's name.
    */
@@ -743,9 +1166,25 @@ var AuthService = class {
   }
   /**
    * Verify MFA challenge during login.
-   */
-  async verifyMFAChallenge(data) {
-    return await authApi.verifyMFAChallenge(data);
+   * By default, automatically sets the auth state on successful verification.
+   * @param data - MFA challenge data including token and code
+   * @param options - Optional settings for verification behavior
+   */
+  async verifyMFAChallenge(data, options) {
+    const response = await authApi.verifyMFAChallenge(data);
+    if (options?.autoSetAuth !== false) {
+      try {
+        const { authStore: authStore2 } = await Promise.resolve().then(() => (init_auth_svelte(), auth_svelte_exports));
+        authStore2.setAuth(
+          response.accessToken,
+          response.refreshToken,
+          response.user,
+          response.sessionToken
+        );
+      } catch {
+      }
+    }
+    return response;
   }
   // ============================================================================
   // Device Management
@@ -834,304 +1273,14 @@ var AuthService = class {
 };
 var authService = new AuthService();
-// src/core/jwt.ts
-function decodeJWT(token) {
-  try {
-    const parts = token.split(".");
-    if (parts.length !== 3) {
-      return null;
-    }
-    const payload = parts[1];
-    const decoded = atob(payload.replace(/-/g, "+").replace(/_/g, "/"));
-    return JSON.parse(decoded);
-  } catch {
-    return null;
-  }
-}
-function isTokenExpired(token) {
-  const payload = decodeJWT(token);
-  if (!payload || !payload.exp) {
-    return true;
-  }
-  return payload.exp * 1e3 < Date.now();
-}
-function getTokenRemainingTime(token) {
-  const payload = decodeJWT(token);
-  if (!payload || !payload.exp) {
-    return 0;
-  }
-  const remainingMs = payload.exp * 1e3 - Date.now();
-  return Math.max(0, remainingMs);
-}
-function getTokenExpiration(token) {
-  const payload = decodeJWT(token);
-  if (!payload || !payload.exp) {
-    return null;
-  }
-  return new Date(payload.exp * 1e3);
-}
-function extractClaims(token, claims) {
-  const payload = decodeJWT(token);
-  if (!payload) {
-    return null;
-  }
-  const result = {};
-  for (const claim of claims) {
-    if (claim in payload) {
-      result[claim] = payload[claim];
-    }
-  }
-  return result;
-}
+// src/core/index.ts
+init_jwt();
-// src/svelte/stores/auth.svelte.ts
-function getStorageKey() {
-  return isInitialized() ? getConfig().storageKey ?? "classic_auth" : "classic_auth";
-}
-function getStorageAdapter() {
-  return isInitialized() ? getStorage() : getDefaultStorage();
-}
-function loadAuthFromStorage() {
-  try {
-    const storage = getStorageAdapter();
-    const data = storage.getItem(getStorageKey());
-    if (!data) {
-      return {
-        accessToken: null,
-        refreshToken: null,
-        user: null,
-        isAuthenticated: false
-      };
-    }
-    const parsed = JSON.parse(data);
-    return {
-      accessToken: parsed.accessToken ?? null,
-      refreshToken: parsed.refreshToken ?? null,
-      user: parsed.user ?? null,
-      isAuthenticated: !!parsed.accessToken && !!parsed.user
-    };
-  } catch {
-    return {
-      accessToken: null,
-      refreshToken: null,
-      user: null,
-      isAuthenticated: false
-    };
-  }
-}
-function saveAuthToStorage(state) {
-  try {
-    const storage = getStorageAdapter();
-    const key = getStorageKey();
-    if (!state.accessToken) {
-      storage.removeItem(key);
-    } else {
-      storage.setItem(key, JSON.stringify(state));
-    }
-  } catch {
-  }
-}
-var AuthStore = class {
-  constructor() {
-    this.subscribers = /* @__PURE__ */ new Set();
-    this.state = loadAuthFromStorage();
-  }
-  /**
-   * Subscribe to state changes (Svelte store contract).
-   */
-  subscribe(subscriber) {
-    this.subscribers.add(subscriber);
-    subscriber(this.state);
-    return () => this.subscribers.delete(subscriber);
-  }
-  notify() {
-    this.subscribers.forEach((sub) => sub(this.state));
-  }
-  // Getters for direct access
-  get accessToken() {
-    return this.state.accessToken;
-  }
-  get refreshToken() {
-    return this.state.refreshToken;
-  }
-  get user() {
-    return this.state.user;
-  }
-  get isAuthenticated() {
-    return this.state.isAuthenticated;
-  }
-  /**
-   * Get the current auth state snapshot.
-   */
-  getState() {
-    return { ...this.state };
-  }
-  /**
-   * Set auth data after successful login.
-   */
-  setAuth(accessToken, refreshToken, user, sessionToken) {
-    const jwtPayload = decodeJWT(accessToken);
-    const userWithPermissions = {
-      ...user,
-      permissions: user.permissions || jwtPayload?.permissions || [],
-      roles: user.roles || jwtPayload?.roles || (user.role ? [user.role] : [])
-    };
-    this.state = {
-      accessToken,
-      refreshToken,
-      user: userWithPermissions,
-      isAuthenticated: true
-    };
-    saveAuthToStorage(this.state);
-    if (sessionToken && typeof window !== "undefined") {
-      getStorageAdapter().setItem("sessionToken", sessionToken);
-    }
-    if (typeof window !== "undefined") {
-      window.dispatchEvent(
-        new CustomEvent("auth:login", {
-          detail: { user: userWithPermissions }
-        })
-      );
-    }
-    this.notify();
-  }
-  /**
-   * Update tokens (e.g., after refresh).
-   */
-  updateTokens(accessToken, refreshToken) {
-    const jwtPayload = decodeJWT(accessToken);
-    const updatedUser = this.state.user ? {
-      ...this.state.user,
-      permissions: jwtPayload?.permissions || this.state.user.permissions || [],
-      roles: jwtPayload?.roles || this.state.user.roles || (this.state.user.role ? [this.state.user.role] : [])
-    } : null;
-    this.state = {
-      ...this.state,
-      accessToken,
-      refreshToken,
-      user: updatedUser
-    };
-    saveAuthToStorage(this.state);
-    if (typeof window !== "undefined") {
-      window.dispatchEvent(new CustomEvent("auth:token-refresh"));
-    }
-    this.notify();
-  }
-  /**
-   * Update user data (e.g., after profile update).
-   */
-  updateUser(user) {
-    const jwtPayload = this.state.accessToken ? decodeJWT(this.state.accessToken) : null;
-    const updatedUser = {
-      ...user,
-      permissions: user.permissions || jwtPayload?.permissions || [],
-      roles: user.roles || jwtPayload?.roles || (user.role ? [user.role] : [])
-    };
-    this.state = {
-      ...this.state,
-      user: updatedUser
-    };
-    saveAuthToStorage(this.state);
-    if (typeof window !== "undefined") {
-      window.dispatchEvent(
-        new CustomEvent("auth:profile-update", {
-          detail: { user: updatedUser }
-        })
-      );
-    }
-    this.notify();
-  }
-  /**
-   * Clear auth state (logout).
-   */
-  logout() {
-    this.state = {
-      accessToken: null,
-      refreshToken: null,
-      user: null,
-      isAuthenticated: false
-    };
-    const storage = getStorageAdapter();
-    storage.removeItem(getStorageKey());
-    storage.removeItem("sessionToken");
-    if (typeof window !== "undefined") {
-      window.dispatchEvent(new CustomEvent("auth:logout"));
-    }
-    if (isInitialized()) {
-      getConfig().onLogout?.();
-    }
-    this.notify();
-  }
-  /**
-   * Check if user has a specific permission.
-   */
-  hasPermission(permission) {
-    return this.state.user?.permissions?.includes(permission) ?? false;
-  }
-  /**
-   * Check if user has a specific role.
-   */
-  hasRole(role) {
-    return this.state.user?.roles?.includes(role) ?? false;
-  }
-  /**
-   * Check if user has any of the specified roles.
-   */
-  hasAnyRole(roles) {
-    return roles.some((role) => this.state.user?.roles?.includes(role)) ?? false;
-  }
-  /**
-   * Check if user has all of the specified roles.
-   */
-  hasAllRoles(roles) {
-    return roles.every((role) => this.state.user?.roles?.includes(role)) ?? false;
-  }
-  /**
-   * Check if user has any of the specified permissions.
-   */
-  hasAnyPermission(permissions) {
-    return permissions.some((perm) => this.state.user?.permissions?.includes(perm)) ?? false;
-  }
-  /**
-   * Check if user has all of the specified permissions.
-   */
-  hasAllPermissions(permissions) {
-    return permissions.every((perm) => this.state.user?.permissions?.includes(perm)) ?? false;
-  }
-  /**
-   * Re-hydrate state from storage (useful after config changes).
-   */
-  rehydrate() {
-    this.state = loadAuthFromStorage();
-    this.notify();
-  }
-};
-var authStore = new AuthStore();
-var authActions = {
-  setAuth: (accessToken, refreshToken, user, sessionToken) => authStore.setAuth(accessToken, refreshToken, user, sessionToken),
-  updateTokens: (accessToken, refreshToken) => authStore.updateTokens(accessToken, refreshToken),
-  updateUser: (user) => authStore.updateUser(user),
-  logout: () => authStore.logout(),
-  hasPermission: (permission) => authStore.hasPermission(permission),
-  hasRole: (role) => authStore.hasRole(role),
-  hasAnyRole: (roles) => authStore.hasAnyRole(roles),
-  hasAllRoles: (roles) => authStore.hasAllRoles(roles),
-  hasAnyPermission: (permissions) => authStore.hasAnyPermission(permissions),
-  hasAllPermissions: (permissions) => authStore.hasAllPermissions(permissions),
-  rehydrate: () => authStore.rehydrate()
-};
-var isAuthenticated = {
-  subscribe: (subscriber) => {
-    return authStore.subscribe((state) => subscriber(state.isAuthenticated));
-  }
-};
-var currentUser = {
-  subscribe: (subscriber) => {
-    return authStore.subscribe((state) => subscriber(state.user));
-  }
-};
+// src/svelte/index.ts
+init_auth_svelte();
 // src/svelte/guards/auth-guard.ts
+init_auth_svelte();
 function checkAuth(options = {}) {
   const { roles, permissions, requireAllRoles, requireAllPermissions } = options;
   if (!authStore.isAuthenticated) {
@@ -1194,4 +1343,4 @@ function protectedLoad(options, loadFn) {
   };
 }
-export { AuthService, api, apiRequest, authActions, authApi, authService, authStore, checkAuth, clearStoredAuth, createAuthGuard, currentUser, decodeJWT, extractClaims, extractData, getAccessToken, getConfig, getDefaultStorage, getFetch, getRefreshToken, getSessionToken, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isAuthenticated, isInitialized, isTokenExpired, protectedLoad, requireAuth, requirePermission, requireRole, resetConfig, updateStoredTokens };
+export { AuthService, api, apiRequest, authActions, authApi, authService, authStore, checkAuth, clearStoredAuth, createAuthGuard, currentUser, decodeJWT, extractClaims, extractData, getAccessToken, getAvailableMethods, getConfig, getDefaultStorage, getFetch, getMfaToken, getRefreshToken, getSessionToken, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isAuthenticated, isInitialized, isLoginSuccessResponse, isMfaChallengeResponse, isTokenExpired, protectedLoad, requireAuth, requirePermission, requireRole, resetConfig, updateStoredTokens };