@corvushold/guard-sdk 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +126 -0
  2. package/dist/index.cjs +1010 -0
  3. package/dist/index.cjs.map +1 -0
  4. package/dist/index.d.cts +1157 -0
  5. package/dist/index.d.ts +1157 -0
  6. package/dist/index.js +990 -0
  7. package/dist/index.js.map +1 -0
  8. package/package.json +78 -0
package/README.md ADDED
@@ -0,0 +1,126 @@
1
+ # TypeScript SDK (Reference)
2
+
3
+ Reference SDK for Guard CAS targeting Node.js, browsers, and React Native.
4
+
5
+ This SDK uses a spec‑first approach. Core auth flows implemented:
6
+
7
+ - Password login (MFA challenge aware)
8
+ - MFA verify (TOTP / backup)
9
+ - Refresh tokens
10
+ - Logout (revoke refresh)
11
+ - Current user profile (`me`)
12
+ - Token introspection
13
+ - Magic link: send + verify
14
+
15
+ ## WorkOS Organization Portal Link
16
+
17
+ Generate a WorkOS Admin Portal link for an organization (server enforces admin-only RBAC):
18
+
19
+ ```ts
20
+ import { GuardClient } from '@corvushold/guard-sdk';
21
+
22
+ const client = new GuardClient({
23
+ baseUrl: 'https://guard.example.com',
24
+ tenantId: '00000000-0000-4000-8000-000000000000',
25
+ });
26
+
27
+ // Provide an admin access token in storage or via default headers
28
+ await client['storage'].setAccessToken('ADMIN_ACCESS_TOKEN');
29
+
30
+ const { data } = await client.getSsoOrganizationPortalLink('workos', {
31
+ organization_id: 'org_01H...',
32
+ intent: 'sso', // optional. allowed: sso, dsync, audit_logs, log_streams, domain_verification, certificate_renewal, user_management
33
+ });
34
+
35
+ console.log(data.link); // e.g., https://dashboard.workos.com/organizations/.../portal
36
+ ```
37
+
38
+ Notes:
39
+
40
+ - `tenant_id` is required; if omitted in params, the client instance `tenantId` is used.
41
+ - `organization_id` is required.
42
+ - `intent` is optional; unsupported values are rejected by the server.
43
+
44
+ Explicit configuration is required for `baseUrl`. The `X-Guard-Client` header is set automatically as `ts-sdk/<package.version>`.
45
+
46
+ ## Install
47
+
48
+ ```bash
49
+ npm install @corvushold/guard-sdk
50
+ ```
51
+
52
+ ## Node (>=18)
53
+
54
+ ```ts
55
+ import { GuardClient, InMemoryStorage, isTokensResp, isMfaChallengeResp } from '@corvushold/guard-sdk';
56
+
57
+ const client = new GuardClient({
58
+ baseUrl: 'https://guard.example.com', // required
59
+ storage: new InMemoryStorage(),
60
+ // fetchImpl: global fetch in Node 18+; inject a polyfill if needed
61
+ });
62
+
63
+ // Password login returns a union: Tokens or MFA Challenge
64
+ const login = await client.passwordLogin({ email: 'a@example.com', password: 'pw', tenant_id: 'tenant_123' });
65
+ if (login.meta.status === 200 && isTokensResp(login.data)) {
66
+ // access/refresh tokens persisted into storage
67
+ } else if (login.meta.status === 202 && isMfaChallengeResp(login.data)) {
68
+ // MFA challenge flow
69
+ const verify = await client.mfaVerify({ challenge_token: login.data.challenge_token, method: 'totp', code: '123456' });
70
+ }
71
+
72
+ // Me (Authorization header auto‑injected from storage)
73
+ const me = await client.me();
74
+
75
+ // Refresh
76
+ const refreshed = await client.refresh(); // uses stored refresh token if omitted
77
+
78
+ // Logout
79
+ await client.logout(); // clears stored refresh on 204
80
+
81
+ // Introspect
82
+ const info = await client.introspect();
83
+
84
+ // Magic link
85
+ await client.magicSend({ tenant_id: 'tenant_123', email: 'a@example.com', redirect_url: 'https://app.example.com/callback' });
86
+ const verified = await client.magicVerify({ token: 'magic_token_from_email' });
87
+ ```
88
+
89
+ ## Browser
90
+
91
+ ```ts
92
+ import { GuardClient, WebLocalStorage } from '@corvushold/guard-sdk';
93
+
94
+ const client = new GuardClient({
95
+ baseUrl: 'https://guard.example.com',
96
+ storage: new WebLocalStorage('myapp'), // persists in localStorage
97
+ });
98
+
99
+ // Then same as Node usage above
100
+ ```
101
+
102
+ ## React Native
103
+
104
+ ```ts
105
+ import { GuardClient, reactNativeStorageAdapter } from '@corvushold/guard-sdk';
106
+ import AsyncStorage from '@react-native-async-storage/async-storage';
107
+
108
+ const client = new GuardClient({
109
+ baseUrl: 'https://guard.example.com',
110
+ storage: reactNativeStorageAdapter(AsyncStorage, 'myapp'),
111
+ // fetchImpl: RN provides global fetch; inject custom fetch if desired
112
+ });
113
+ ```
114
+
115
+ ## Errors and rate limits
116
+
117
+ - Non‑2xx responses throw `ApiError` with fields: `status`, `message`, `code?`, `requestId?`, `headers?`, `raw?`.
118
+ - 429 responses throw `RateLimitError` and parse `Retry-After` into `retryAfter` seconds and `nextRetryAt: Date`.
119
+
120
+ ## Notes
121
+
122
+ - `baseUrl` must be provided explicitly.
123
+ - `Authorization: Bearer <access_token>` is injected automatically from the configured storage, when present.
124
+ - `X-Guard-Client` is sent as `ts-sdk/<pkg.version>`.
125
+ - `passwordLogin()` returns a union of tokens or MFA challenge. Use the exported type guards `isTokensResp()` and `isMfaChallengeResp()` to narrow.
126
+ - The SDK uses generated DTOs; see `src/generated/openapi.d.ts` for types.