@corvushold/guard-sdk 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +42 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +25 -1
- package/dist/index.d.ts +25 -1
- package/dist/index.js +42 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -1045,6 +1045,16 @@ interface GuardClientOptions {
|
|
|
1045
1045
|
defaultHeaders?: Record<string, string>;
|
|
1046
1046
|
authMode?: 'bearer' | 'cookie';
|
|
1047
1047
|
}
|
|
1048
|
+
interface OAuth2TokenExchangeInput {
|
|
1049
|
+
code: string;
|
|
1050
|
+
client_id: string;
|
|
1051
|
+
redirect_uri: string;
|
|
1052
|
+
code_verifier: string;
|
|
1053
|
+
}
|
|
1054
|
+
interface OAuth2RevokeInput {
|
|
1055
|
+
token: string;
|
|
1056
|
+
token_type_hint?: 'refresh_token' | 'access_token';
|
|
1057
|
+
}
|
|
1048
1058
|
interface OAuth2AuthorizeParams {
|
|
1049
1059
|
client_id: string;
|
|
1050
1060
|
redirect_uri: string;
|
|
@@ -1061,6 +1071,10 @@ interface OAuth2AuthorizeParams {
|
|
|
1061
1071
|
type TokensResp = {
|
|
1062
1072
|
access_token?: string | null;
|
|
1063
1073
|
refresh_token?: string | null;
|
|
1074
|
+
id_token?: string | null;
|
|
1075
|
+
token_type?: string | null;
|
|
1076
|
+
expires_in?: number;
|
|
1077
|
+
scope?: string | null;
|
|
1064
1078
|
success?: boolean;
|
|
1065
1079
|
};
|
|
1066
1080
|
type MfaChallengeResp = components['schemas']['controller.mfaChallengeResp'];
|
|
@@ -1831,6 +1845,16 @@ declare class GuardClient {
|
|
|
1831
1845
|
* This endpoint is public and does not require authentication.
|
|
1832
1846
|
*/
|
|
1833
1847
|
getOAuth2Metadata(): Promise<ResponseWrapper<OAuth2MetadataResp>>;
|
|
1848
|
+
/**
|
|
1849
|
+
* Exchange an OAuth2 authorization code for tokens (Authorization Code + PKCE).
|
|
1850
|
+
*/
|
|
1851
|
+
exchangeOAuth2Code(input: OAuth2TokenExchangeInput): Promise<ResponseWrapper<TokensResp>>;
|
|
1852
|
+
/**
|
|
1853
|
+
* Revoke an OAuth2 token (RFC7009). Server returns 200 for unknown tokens as well.
|
|
1854
|
+
*/
|
|
1855
|
+
revokeOAuth2Token(input: OAuth2RevokeInput): Promise<ResponseWrapper<{
|
|
1856
|
+
status?: string;
|
|
1857
|
+
}>>;
|
|
1834
1858
|
/**
|
|
1835
1859
|
* Static helper to discover OAuth2 metadata from any Guard API base URL.
|
|
1836
1860
|
* Useful for auto-configuration before creating a GuardClient instance.
|
|
@@ -1853,4 +1877,4 @@ declare class GuardClient {
|
|
|
1853
1877
|
|
|
1854
1878
|
declare function generateTOTPCode(base32Secret: string): string;
|
|
1855
1879
|
|
|
1856
|
-
export { type AcceptInvitationReq, type AdminCreateUserReq, type AdminCreateUserResp, type AdminUser, type AdminUsersResp, ApiError, type AsyncStorageLike, type AuthMethod, type CreateOAuthClientReq, type CreateOAuthClientResp, type CreateSsoProviderReq, type DiscoverTenantsResp, type FetchLike, type FgaAclTuple, type FgaGroup, type FgaGroupsResp, GuardClient, type GuardClientOptions, type HeadersMap, HttpClient, InMemoryStorage, type Interceptors, type Invitation, type InvitationStatus, type InvitationsListResp, type InviteUserReq, type InviteUserResp, type LoginOptionsResp, type Meta, type OAuth2AuthorizeParams, type OAuthClientItem, RateLimitError, type RequestInterceptor, type ResponseInterceptor, type ResponseWrapper, type SessionItem, type SessionsListResp, type SsoLinkingPolicy, type SsoPortalContext, type SsoPortalSessionResp, type SsoProvider, type SsoProviderItem, type SsoProviderOption, type SsoProviderSlug, type SsoProviderType, type SsoProvidersListResp, type SsoSPInfoResp, type SsoTestProviderResp, type TenantId, type TenantOption, type TenantSelectionRequiredResp, type TenantSettingsPutRequest, type TenantSettingsResponse, type TenantSummary, type TokenProvider, type TokenStorage, type TransportOptions, type UpdateOAuthClientReq, type UpdateSsoProviderReq, WebLocalStorage, applyRequestInterceptors, applyResponseInterceptors, buildRateLimitError, generateTOTPCode, isApiError, isMfaChallengeResp, isRateLimitError, isTenantSelectionRequired, isTokensResp, noopStorage, parseRetryAfter, reactNativeStorageAdapter, toHeadersMap };
|
|
1880
|
+
export { type AcceptInvitationReq, type AdminCreateUserReq, type AdminCreateUserResp, type AdminUser, type AdminUsersResp, ApiError, type AsyncStorageLike, type AuthMethod, type CreateOAuthClientReq, type CreateOAuthClientResp, type CreateSsoProviderReq, type DiscoverTenantsResp, type FetchLike, type FgaAclTuple, type FgaGroup, type FgaGroupsResp, GuardClient, type GuardClientOptions, type HeadersMap, HttpClient, InMemoryStorage, type Interceptors, type Invitation, type InvitationStatus, type InvitationsListResp, type InviteUserReq, type InviteUserResp, type LoginOptionsResp, type Meta, type OAuth2AuthorizeParams, type OAuth2RevokeInput, type OAuth2TokenExchangeInput, type OAuthClientItem, RateLimitError, type RequestInterceptor, type ResponseInterceptor, type ResponseWrapper, type SessionItem, type SessionsListResp, type SsoLinkingPolicy, type SsoPortalContext, type SsoPortalSessionResp, type SsoProvider, type SsoProviderItem, type SsoProviderOption, type SsoProviderSlug, type SsoProviderType, type SsoProvidersListResp, type SsoSPInfoResp, type SsoTestProviderResp, type TenantId, type TenantOption, type TenantSelectionRequiredResp, type TenantSettingsPutRequest, type TenantSettingsResponse, type TenantSummary, type TokenProvider, type TokenStorage, type TransportOptions, type UpdateOAuthClientReq, type UpdateSsoProviderReq, WebLocalStorage, applyRequestInterceptors, applyResponseInterceptors, buildRateLimitError, generateTOTPCode, isApiError, isMfaChallengeResp, isRateLimitError, isTenantSelectionRequired, isTokensResp, noopStorage, parseRetryAfter, reactNativeStorageAdapter, toHeadersMap };
|
package/dist/index.d.ts
CHANGED
|
@@ -1045,6 +1045,16 @@ interface GuardClientOptions {
|
|
|
1045
1045
|
defaultHeaders?: Record<string, string>;
|
|
1046
1046
|
authMode?: 'bearer' | 'cookie';
|
|
1047
1047
|
}
|
|
1048
|
+
interface OAuth2TokenExchangeInput {
|
|
1049
|
+
code: string;
|
|
1050
|
+
client_id: string;
|
|
1051
|
+
redirect_uri: string;
|
|
1052
|
+
code_verifier: string;
|
|
1053
|
+
}
|
|
1054
|
+
interface OAuth2RevokeInput {
|
|
1055
|
+
token: string;
|
|
1056
|
+
token_type_hint?: 'refresh_token' | 'access_token';
|
|
1057
|
+
}
|
|
1048
1058
|
interface OAuth2AuthorizeParams {
|
|
1049
1059
|
client_id: string;
|
|
1050
1060
|
redirect_uri: string;
|
|
@@ -1061,6 +1071,10 @@ interface OAuth2AuthorizeParams {
|
|
|
1061
1071
|
type TokensResp = {
|
|
1062
1072
|
access_token?: string | null;
|
|
1063
1073
|
refresh_token?: string | null;
|
|
1074
|
+
id_token?: string | null;
|
|
1075
|
+
token_type?: string | null;
|
|
1076
|
+
expires_in?: number;
|
|
1077
|
+
scope?: string | null;
|
|
1064
1078
|
success?: boolean;
|
|
1065
1079
|
};
|
|
1066
1080
|
type MfaChallengeResp = components['schemas']['controller.mfaChallengeResp'];
|
|
@@ -1831,6 +1845,16 @@ declare class GuardClient {
|
|
|
1831
1845
|
* This endpoint is public and does not require authentication.
|
|
1832
1846
|
*/
|
|
1833
1847
|
getOAuth2Metadata(): Promise<ResponseWrapper<OAuth2MetadataResp>>;
|
|
1848
|
+
/**
|
|
1849
|
+
* Exchange an OAuth2 authorization code for tokens (Authorization Code + PKCE).
|
|
1850
|
+
*/
|
|
1851
|
+
exchangeOAuth2Code(input: OAuth2TokenExchangeInput): Promise<ResponseWrapper<TokensResp>>;
|
|
1852
|
+
/**
|
|
1853
|
+
* Revoke an OAuth2 token (RFC7009). Server returns 200 for unknown tokens as well.
|
|
1854
|
+
*/
|
|
1855
|
+
revokeOAuth2Token(input: OAuth2RevokeInput): Promise<ResponseWrapper<{
|
|
1856
|
+
status?: string;
|
|
1857
|
+
}>>;
|
|
1834
1858
|
/**
|
|
1835
1859
|
* Static helper to discover OAuth2 metadata from any Guard API base URL.
|
|
1836
1860
|
* Useful for auto-configuration before creating a GuardClient instance.
|
|
@@ -1853,4 +1877,4 @@ declare class GuardClient {
|
|
|
1853
1877
|
|
|
1854
1878
|
declare function generateTOTPCode(base32Secret: string): string;
|
|
1855
1879
|
|
|
1856
|
-
export { type AcceptInvitationReq, type AdminCreateUserReq, type AdminCreateUserResp, type AdminUser, type AdminUsersResp, ApiError, type AsyncStorageLike, type AuthMethod, type CreateOAuthClientReq, type CreateOAuthClientResp, type CreateSsoProviderReq, type DiscoverTenantsResp, type FetchLike, type FgaAclTuple, type FgaGroup, type FgaGroupsResp, GuardClient, type GuardClientOptions, type HeadersMap, HttpClient, InMemoryStorage, type Interceptors, type Invitation, type InvitationStatus, type InvitationsListResp, type InviteUserReq, type InviteUserResp, type LoginOptionsResp, type Meta, type OAuth2AuthorizeParams, type OAuthClientItem, RateLimitError, type RequestInterceptor, type ResponseInterceptor, type ResponseWrapper, type SessionItem, type SessionsListResp, type SsoLinkingPolicy, type SsoPortalContext, type SsoPortalSessionResp, type SsoProvider, type SsoProviderItem, type SsoProviderOption, type SsoProviderSlug, type SsoProviderType, type SsoProvidersListResp, type SsoSPInfoResp, type SsoTestProviderResp, type TenantId, type TenantOption, type TenantSelectionRequiredResp, type TenantSettingsPutRequest, type TenantSettingsResponse, type TenantSummary, type TokenProvider, type TokenStorage, type TransportOptions, type UpdateOAuthClientReq, type UpdateSsoProviderReq, WebLocalStorage, applyRequestInterceptors, applyResponseInterceptors, buildRateLimitError, generateTOTPCode, isApiError, isMfaChallengeResp, isRateLimitError, isTenantSelectionRequired, isTokensResp, noopStorage, parseRetryAfter, reactNativeStorageAdapter, toHeadersMap };
|
|
1880
|
+
export { type AcceptInvitationReq, type AdminCreateUserReq, type AdminCreateUserResp, type AdminUser, type AdminUsersResp, ApiError, type AsyncStorageLike, type AuthMethod, type CreateOAuthClientReq, type CreateOAuthClientResp, type CreateSsoProviderReq, type DiscoverTenantsResp, type FetchLike, type FgaAclTuple, type FgaGroup, type FgaGroupsResp, GuardClient, type GuardClientOptions, type HeadersMap, HttpClient, InMemoryStorage, type Interceptors, type Invitation, type InvitationStatus, type InvitationsListResp, type InviteUserReq, type InviteUserResp, type LoginOptionsResp, type Meta, type OAuth2AuthorizeParams, type OAuth2RevokeInput, type OAuth2TokenExchangeInput, type OAuthClientItem, RateLimitError, type RequestInterceptor, type ResponseInterceptor, type ResponseWrapper, type SessionItem, type SessionsListResp, type SsoLinkingPolicy, type SsoPortalContext, type SsoPortalSessionResp, type SsoProvider, type SsoProviderItem, type SsoProviderOption, type SsoProviderSlug, type SsoProviderType, type SsoProvidersListResp, type SsoSPInfoResp, type SsoTestProviderResp, type TenantId, type TenantOption, type TenantSelectionRequiredResp, type TenantSettingsPutRequest, type TenantSettingsResponse, type TenantSummary, type TokenProvider, type TokenStorage, type TransportOptions, type UpdateOAuthClientReq, type UpdateSsoProviderReq, WebLocalStorage, applyRequestInterceptors, applyResponseInterceptors, buildRateLimitError, generateTOTPCode, isApiError, isMfaChallengeResp, isRateLimitError, isTenantSelectionRequired, isTokensResp, noopStorage, parseRetryAfter, reactNativeStorageAdapter, toHeadersMap };
|
package/dist/index.js
CHANGED
|
@@ -277,7 +277,7 @@ var HttpClient = class {
|
|
|
277
277
|
|
|
278
278
|
// package.json
|
|
279
279
|
var package_default = {
|
|
280
|
-
version: "0.
|
|
280
|
+
version: "0.17.0"};
|
|
281
281
|
|
|
282
282
|
// src/client.ts
|
|
283
283
|
function isTenantSelectionRequired(data) {
|
|
@@ -1101,6 +1101,47 @@ var GuardClient = class {
|
|
|
1101
1101
|
async getOAuth2Metadata() {
|
|
1102
1102
|
return this.request("/.well-known/oauth-authorization-server", { method: "GET" });
|
|
1103
1103
|
}
|
|
1104
|
+
/**
|
|
1105
|
+
* Exchange an OAuth2 authorization code for tokens (Authorization Code + PKCE).
|
|
1106
|
+
*/
|
|
1107
|
+
async exchangeOAuth2Code(input) {
|
|
1108
|
+
const code = input.code?.trim();
|
|
1109
|
+
const clientID = input.client_id?.trim();
|
|
1110
|
+
const redirectURI = input.redirect_uri?.trim();
|
|
1111
|
+
const codeVerifier = input.code_verifier?.trim();
|
|
1112
|
+
if (!code) throw new Error("code is required");
|
|
1113
|
+
if (!clientID) throw new Error("client_id is required");
|
|
1114
|
+
if (!redirectURI) throw new Error("redirect_uri is required");
|
|
1115
|
+
if (!codeVerifier) throw new Error("code_verifier is required");
|
|
1116
|
+
const body = new URLSearchParams();
|
|
1117
|
+
body.set("grant_type", "authorization_code");
|
|
1118
|
+
body.set("code", code);
|
|
1119
|
+
body.set("client_id", clientID);
|
|
1120
|
+
body.set("redirect_uri", redirectURI);
|
|
1121
|
+
body.set("code_verifier", codeVerifier);
|
|
1122
|
+
const res = await this.request("/oauth/token", {
|
|
1123
|
+
method: "POST",
|
|
1124
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
1125
|
+
body: body.toString()
|
|
1126
|
+
});
|
|
1127
|
+
if (res.meta.status >= 200 && res.meta.status < 300) this.persistTokensFrom(res.data);
|
|
1128
|
+
return res;
|
|
1129
|
+
}
|
|
1130
|
+
/**
|
|
1131
|
+
* Revoke an OAuth2 token (RFC7009). Server returns 200 for unknown tokens as well.
|
|
1132
|
+
*/
|
|
1133
|
+
async revokeOAuth2Token(input) {
|
|
1134
|
+
const token = input.token?.trim();
|
|
1135
|
+
if (!token) throw new Error("token is required");
|
|
1136
|
+
const body = new URLSearchParams();
|
|
1137
|
+
body.set("token", token);
|
|
1138
|
+
if (input.token_type_hint) body.set("token_type_hint", input.token_type_hint);
|
|
1139
|
+
return this.request("/oauth/revoke", {
|
|
1140
|
+
method: "POST",
|
|
1141
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
1142
|
+
body: body.toString()
|
|
1143
|
+
});
|
|
1144
|
+
}
|
|
1104
1145
|
/**
|
|
1105
1146
|
* Static helper to discover OAuth2 metadata from any Guard API base URL.
|
|
1106
1147
|
* Useful for auto-configuration before creating a GuardClient instance.
|