@djangocfg/api 2.1.227 → 2.1.228

package/src/auth/hooks/useAuthForm.ts

@@ -9,7 +9,7 @@ import { useAuthValidation } from './useAuthValidation';
 import { useAutoAuth } from './useAutoAuth';
 import { useTwoFactor } from './useTwoFactor';
 
-import type { AuthChannel, AuthFormReturn, UseAuthFormOptions } from '../types';
+import type { AuthFormReturn, UseAuthFormOptions } from '../types';
 /**
  * Complete auth form hook.
  * Composes smaller hooks for state, validation, and submission.
@@ -39,16 +39,11 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     verifyOTP,
     getSavedEmail,
     saveEmail,
-    clearSavedEmail,
-    getSavedPhone,
-    savePhone,
-    clearSavedPhone,
   } = useAuth();
 
   // Destructure for convenience
   const {
     identifier,
-    channel,
     otp,
     isLoading,
     acceptedTerms,
@@ -56,7 +51,6 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     twoFactorCode,
     useBackupCode,
     setIdentifier,
-    setChannel,
     setOtp,
     setStep,
     setError,
@@ -66,6 +60,7 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     setShouldPrompt2FA,
     setTwoFactorCode,
     setUseBackupCode,
+    startRateLimitCountdown,
   } = formState;
 
   // 2FA verification hook - skip redirect so we can show success screen
@@ -83,21 +78,15 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     skipRedirect: true, // We handle navigation via success step
   });
 
-  const { detectChannelFromIdentifier, validateIdentifier } = validation;
+  const { validateIdentifier } = validation;
 
   // ─────────────────────────────────────────────────────────────────────────
   // Storage Helper
   // ─────────────────────────────────────────────────────────────────────────
 
-  const saveIdentifierToStorage = useCallback((id: string, ch: AuthChannel) => {
-    if (ch === 'email') {
-      saveEmail(id);
-      clearSavedPhone();
-    } else {
-      savePhone(id);
-      clearSavedEmail();
-    }
-  }, [saveEmail, savePhone, clearSavedEmail, clearSavedPhone]);
+  const saveIdentifierToStorage = useCallback((id: string) => {
+    saveEmail(id);
+  }, [saveEmail]);
 
   // ─────────────────────────────────────────────────────────────────────────
   // Effects
@@ -105,28 +94,12 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
 
   // Load saved identifier on mount
   useEffect(() => {
-    const savedPhone = getSavedPhone();
     const savedEmail = getSavedEmail();
-
-    // Prioritize phone over email
-    if (savedPhone) {
-      setIdentifier(savedPhone);
-      setChannel('phone');
-    } else if (savedEmail) {
+    if (savedEmail) {
       setIdentifier(savedEmail);
-      setChannel('email');
     }
-  }, [getSavedEmail, getSavedPhone, setIdentifier, setChannel]);
-
-  // Auto-detect channel when identifier changes
-  useEffect(() => {
-    if (identifier) {
-      const detected = detectChannelFromIdentifier(identifier);
-      if (detected && detected !== channel) {
-        setChannel(detected);
-      }
-    }
-  }, [identifier, channel, detectChannelFromIdentifier, setChannel]);
+  // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, []);
 
   // ─────────────────────────────────────────────────────────────────────────
   // Submit Handlers
@@ -136,18 +109,14 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     e.preventDefault();
 
     if (!identifier) {
-      const msg = channel === 'phone'
-        ? 'Please enter your phone number'
-        : 'Please enter your email address';
+      const msg = 'Please enter your email address';
       setError(msg);
       onError?.(msg);
       return;
     }
 
-    if (!validateIdentifier(identifier, channel)) {
-      const msg = channel === 'phone'
-        ? 'Please enter a valid phone number (e.g., +1234567890)'
-        : 'Please enter a valid email address';
+    if (!validateIdentifier(identifier)) {
+      const msg = 'Please enter a valid email address';
       setError(msg);
       onError?.(msg);
       return;
@@ -164,15 +133,20 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     clearError();
 
     try {
-      const result = await requestOTP(identifier, channel, sourceUrl);
+      const result = await requestOTP(identifier, sourceUrl);
 
       if (result.success) {
-        saveIdentifierToStorage(identifier, channel);
+        saveIdentifierToStorage(identifier);
         setStep('otp');
-        onIdentifierSuccess?.(identifier, channel);
+        onIdentifierSuccess?.(identifier);
       } else {
-        setError(result.message);
-        onError?.(result.message);
+        if (result.retryAfter) {
+          startRateLimitCountdown(result.retryAfter);
+          clearError();
+        } else {
+          setError(result.message);
+          onError?.(result.message);
+        }
       }
     } catch {
       const msg = 'An unexpected error occurred';
@@ -182,17 +156,16 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
       setIsLoading(false);
     }
   }, [
-    identifier, channel, acceptedTerms, requireTermsAcceptance,
+    identifier, acceptedTerms, requireTermsAcceptance,
     validateIdentifier, requestOTP, saveIdentifierToStorage,
     setError, setIsLoading, setStep, clearError,
-    onIdentifierSuccess, onError, sourceUrl,
+    startRateLimitCountdown, onIdentifierSuccess, onError, sourceUrl,
   ]);
 
   // Core OTP submit - accepts explicit values to avoid stale closures
   const submitOTP = useCallback(async (
     submitIdentifier: string,
     submitOtp: string,
-    submitChannel: AuthChannel
   ): Promise<boolean> => {
     if (!submitOtp || submitOtp.length < 6) {
       const msg = 'Please enter the 6-digit verification code';
@@ -206,7 +179,7 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
 
     try {
       // Skip redirect - we'll show success screen first
-      const result = await verifyOTP(submitIdentifier, submitOtp, submitChannel, sourceUrl, redirectUrl, true);
+      const result = await verifyOTP(submitIdentifier, submitOtp, sourceUrl, redirectUrl, true);
 
       // Check if 2FA is required (user has TOTP device)
       if (result.requires_2fa && result.session_id) {
@@ -214,12 +187,12 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
         setTwoFactorSessionId(result.session_id);
         setShouldPrompt2FA(result.should_prompt_2fa || false);
         setStep('2fa');
-        saveIdentifierToStorage(submitIdentifier, submitChannel);
+        saveIdentifierToStorage(submitIdentifier);
         return true; // OTP was successful, now need 2FA
       }
 
       if (result.success) {
-        saveIdentifierToStorage(submitIdentifier, submitChannel);
+        saveIdentifierToStorage(submitIdentifier);
 
         // Check if user should be prompted to set up 2FA
         // Only show 2FA setup prompt if enable2FASetup is true (default)
@@ -257,22 +230,27 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
 
   const handleOTPSubmit = useCallback(async (e: React.FormEvent) => {
     e.preventDefault();
-    await submitOTP(identifier, otp, channel);
-  }, [identifier, otp, channel, submitOTP]);
+    await submitOTP(identifier, otp);
+  }, [identifier, otp, submitOTP]);
 
   const handleResendOTP = useCallback(async () => {
     setIsLoading(true);
     clearError();
 
     try {
-      const result = await requestOTP(identifier, channel, sourceUrl);
+      const result = await requestOTP(identifier, sourceUrl);
 
       if (result.success) {
-        saveIdentifierToStorage(identifier, channel);
+        saveIdentifierToStorage(identifier);
         setOtp('');
       } else {
-        setError(result.message);
-        onError?.(result.message);
+        if (result.retryAfter) {
+          startRateLimitCountdown(result.retryAfter);
+          clearError(); // countdown in rateLimitLabel is enough feedback
+        } else {
+          setError(result.message);
+          onError?.(result.message);
+        }
       }
     } catch {
       const msg = 'Failed to resend verification code';
@@ -281,7 +259,7 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     } finally {
       setIsLoading(false);
     }
-  }, [identifier, channel, requestOTP, saveIdentifierToStorage, setOtp, setError, setIsLoading, clearError, onError, sourceUrl]);
+  }, [identifier, requestOTP, saveIdentifierToStorage, setOtp, setError, setIsLoading, clearError, startRateLimitCountdown, onError, sourceUrl]);
 
   const handleBackToIdentifier = useCallback(() => {
     setStep('identifier');
@@ -338,19 +316,8 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
 
       authLogger.info('OTP detected from URL, auto-submitting');
 
-      const savedPhone = getSavedPhone();
       const savedEmail = getSavedEmail();
-
-      let autoIdentifier = '';
-      let autoChannel: AuthChannel = 'email';
-
-      if (savedPhone) {
-        autoIdentifier = savedPhone;
-        autoChannel = 'phone';
-      } else if (savedEmail) {
-        autoIdentifier = savedEmail;
-        autoChannel = 'email';
-      }
+      const autoIdentifier = savedEmail || '';
 
       if (!autoIdentifier) {
         authLogger.warn('No saved identifier found for auto-submit');
@@ -360,14 +327,13 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
 
       // Update UI state
       setIdentifier(autoIdentifier);
-      setChannel(autoChannel);
       setOtp(detectedOtp);
       setStep('otp');
 
       // Submit with explicit values
       setTimeout(async () => {
         try {
-          await submitOTP(autoIdentifier, detectedOtp, autoChannel);
+          await submitOTP(autoIdentifier, detectedOtp);
         } finally {
           isAutoSubmitFromUrlRef.current = false;
         }
@@ -405,6 +371,7 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormReturn => {
     // 2FA state from hook (for loading indicator)
     is2FALoading: twoFactor.isLoading,
     twoFactorWarning: twoFactor.warning,
+    twoFactorAttemptsRemaining: twoFactor.attemptsRemaining,
   };
 };
 

package/src/auth/hooks/useAuthFormState.ts

@@ -1,8 +1,14 @@
 "use client"
 
-import { useCallback, useState } from 'react';
+import { useCallback, useEffect, useRef, useState } from 'react';
 
-import type { AuthChannel, AuthFormState, AuthFormStateHandlers, AuthStep } from '../types';
+import type { AuthFormState, AuthFormStateHandlers, AuthStep } from '../types';
+
+const formatCountdown = (s: number): string => {
+  if (s <= 0) return '';
+  const m = Math.floor(s / 60);
+  return m > 0 ? `${m}:${String(s % 60).padStart(2, '0')}` : `${s}s`;
+};
 
 export interface UseAuthFormStateReturn extends AuthFormState, AuthFormStateHandlers {}
 
@@ -12,10 +18,8 @@ export interface UseAuthFormStateReturn extends AuthFormState, AuthFormStateHand
  */
 export const useAuthFormState = (
   initialIdentifier = '',
-  initialChannel: AuthChannel = 'email'
 ): UseAuthFormStateReturn => {
   const [identifier, setIdentifier] = useState(initialIdentifier);
-  const [channel, setChannel] = useState<AuthChannel>(initialChannel);
   const [otp, setOtp] = useState('');
   const [isLoading, setIsLoading] = useState(false);
   const [acceptedTerms, setAcceptedTerms] = useState(true);
@@ -28,12 +32,34 @@ export const useAuthFormState = (
   const [twoFactorCode, setTwoFactorCode] = useState('');
   const [useBackupCode, setUseBackupCode] = useState(false);
 
+  // Rate limit countdown
+  const [rateLimitSeconds, setRateLimitSeconds] = useState(0);
+  const rateLimitTimerRef = useRef<ReturnType<typeof setInterval> | null>(null);
+
+  const startRateLimitCountdown = useCallback((seconds: number) => {
+    if (rateLimitTimerRef.current) clearInterval(rateLimitTimerRef.current);
+    setRateLimitSeconds(seconds);
+    rateLimitTimerRef.current = setInterval(() => {
+      setRateLimitSeconds((prev) => {
+        if (prev <= 1) {
+          clearInterval(rateLimitTimerRef.current!);
+          rateLimitTimerRef.current = null;
+          return 0;
+        }
+        return prev - 1;
+      });
+    }, 1000);
+  }, []);
+
+  useEffect(() => () => {
+    if (rateLimitTimerRef.current) clearInterval(rateLimitTimerRef.current);
+  }, []);
+
   const clearError = useCallback(() => setError(''), []);
 
   return {
     // State
     identifier,
-    channel,
     otp,
     isLoading,
     acceptedTerms,
@@ -43,9 +69,11 @@ export const useAuthFormState = (
     shouldPrompt2FA,
     twoFactorCode,
     useBackupCode,
+    rateLimitSeconds,
+    isRateLimited: rateLimitSeconds > 0,
+    rateLimitLabel: formatCountdown(rateLimitSeconds),
     // Handlers
     setIdentifier,
-    setChannel,
     setOtp,
     setAcceptedTerms,
     setError,
@@ -56,5 +84,6 @@ export const useAuthFormState = (
     setShouldPrompt2FA,
     setTwoFactorCode,
     setUseBackupCode,
+    startRateLimitCountdown,
   };
 };

package/src/auth/hooks/useAuthValidation.ts

@@ -2,76 +2,16 @@
 
 import { useCallback } from 'react';
 
-import type { AuthChannel, AuthFormValidation } from '../types';
+import type { AuthFormValidation } from '../types';
 
-// Email regex - RFC 5322 simplified
 const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 
-// Phone regex - E.164 format (+[country][number], 7-15 digits)
-const PHONE_REGEX = /^\+[1-9]\d{6,14}$/;
-
-/**
- * Hook for auth identifier validation.
- * Pure functions - no state, no side effects.
- */
 export const useAuthValidation = (): AuthFormValidation => {
-  /**
-   * Detect channel type from identifier string.
-   * Returns 'email' if contains @, 'phone' if starts with + and matches E.164.
-   */
-  const detectChannelFromIdentifier = useCallback((id: string): AuthChannel | null => {
-    if (!id) return null;
-
-    // Email detection - contains @
-    if (id.includes('@')) {
-      return 'email';
-    }
-
-    // Phone detection - starts with + and matches E.164 format
-    if (id.startsWith('+') && PHONE_REGEX.test(id)) {
-      return 'phone';
-    }
-
-    return null;
+  const validateIdentifier = useCallback((id: string): boolean => {
+    return EMAIL_REGEX.test(id);
   }, []);
 
-  /**
-   * Validate identifier format based on channel type.
-   */
-  const validateIdentifier = useCallback((id: string, channelType?: AuthChannel): boolean => {
-    if (!id) return false;
-
-    const channel = channelType || detectChannelFromIdentifier(id);
-
-    if (channel === 'email') {
-      return EMAIL_REGEX.test(id);
-    }
-
-    if (channel === 'phone') {
-      return PHONE_REGEX.test(id);
-    }
-
-    return false;
-  }, [detectChannelFromIdentifier]);
-
-  return {
-    detectChannelFromIdentifier,
-    validateIdentifier,
-  };
+  return { validateIdentifier };
 };
 
-// Export standalone functions for use outside React
-export const detectChannelFromIdentifier = (id: string): AuthChannel | null => {
-  if (!id) return null;
-  if (id.includes('@')) return 'email';
-  if (id.startsWith('+') && PHONE_REGEX.test(id)) return 'phone';
-  return null;
-};
-
-export const validateIdentifier = (id: string, channelType?: AuthChannel): boolean => {
-  if (!id) return false;
-  const channel = channelType || detectChannelFromIdentifier(id);
-  if (channel === 'email') return EMAIL_REGEX.test(id);
-  if (channel === 'phone') return PHONE_REGEX.test(id);
-  return false;
-};
+export const validateIdentifier = (id: string): boolean => EMAIL_REGEX.test(id);

package/src/auth/hooks/useTwoFactor.ts

@@ -3,6 +3,7 @@
 import { useCallback, useState } from 'react';
 
 import { apiAccounts, apiTotp } from '../../clients';
+import { APIError } from '../../_api/generated/cfg_totp/errors';
 import { Analytics, AnalyticsCategory, AnalyticsEvent } from '../utils/analytics';
 import { authLogger } from '../utils/logger';
 import { useCfgRouter } from './useCfgRouter';
@@ -27,6 +28,8 @@ export interface UseTwoFactorReturn {
   warning: string | null;
   /** Remaining backup codes (if backup code was used) */
   remainingBackupCodes: number | null;
+  /** Remaining verification attempts before lockout */
+  attemptsRemaining: number | null;
   /** Verify TOTP code */
   verifyTOTP: (sessionId: string, code: string) => Promise<boolean>;
   /** Verify backup code */
@@ -68,6 +71,7 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
   const [error, setError] = useState<string | null>(null);
   const [warning, setWarning] = useState<string | null>(null);
   const [remainingBackupCodes, setRemainingBackupCodes] = useState<number | null>(null);
+  const [attemptsRemaining, setAttemptsRemaining] = useState<number | null>(null);
 
   const clearError = useCallback(() => {
     setError(null);
@@ -155,8 +159,13 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
       return true;
 
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : 'Invalid verification code';
       authLogger.error('2FA TOTP verification error:', err);
+      const errorMessage = err instanceof APIError
+        ? (err.response?.error || err.response?.detail || err.response?.message || err.errorMessage)
+        : (err instanceof Error ? err.message : 'Invalid verification code');
+      if (err instanceof APIError && typeof err.response?.attempts_remaining === 'number') {
+        setAttemptsRemaining(err.response.attempts_remaining);
+      }
       setError(errorMessage);
       onError?.(errorMessage);
 
@@ -209,8 +218,13 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
       return true;
 
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : 'Invalid backup code';
       authLogger.error('2FA backup code verification error:', err);
+      const errorMessage = err instanceof APIError
+        ? (err.response?.error || err.response?.detail || err.response?.message || err.errorMessage)
+        : (err instanceof Error ? err.message : 'Invalid backup code');
+      if (err instanceof APIError && typeof err.response?.attempts_remaining === 'number') {
+        setAttemptsRemaining(err.response.attempts_remaining);
+      }
       setError(errorMessage);
       onError?.(errorMessage);
 
@@ -231,6 +245,7 @@ export const useTwoFactor = (options: UseTwoFactorOptions = {}): UseTwoFactorRet
     error,
     warning,
     remainingBackupCodes,
+    attemptsRemaining,
     verifyTOTP,
     verifyBackupCode,
     clearError,

package/src/auth/types/form.ts

@@ -8,21 +8,29 @@
 import type { MutableRefObject } from 'react';
 
 // ─────────────────────────────────────────────────────────────────────────────
-// Channel & Step Types
+// Step Types
 // ─────────────────────────────────────────────────────────────────────────────
 
-export type AuthChannel = 'email' | 'phone';
 export type AuthStep = 'identifier' | 'otp' | '2fa' | '2fa-setup' | 'success';
 
+// ─────────────────────────────────────────────────────────────────────────────
+// OTP Result Types
+// ─────────────────────────────────────────────────────────────────────────────
+
+export interface OTPRequestResult {
+  success: boolean;
+  message: string;
+  statusCode?: number;
+  retryAfter?: number;
+}
+
 // ─────────────────────────────────────────────────────────────────────────────
 // Form State
 // ─────────────────────────────────────────────────────────────────────────────
 
 export interface AuthFormState {
-  /** Email or phone number */
+  /** Email address */
   identifier: string;
-  /** Current auth channel */
-  channel: AuthChannel;
   /** OTP code input */
   otp: string;
   /** Loading state */
@@ -41,6 +49,12 @@ export interface AuthFormState {
   twoFactorCode: string;
   /** Using backup code instead of TOTP */
   useBackupCode: boolean;
+  /** Seconds remaining until rate limit lifts (0 = not rate limited) */
+  rateLimitSeconds: number;
+  /** True when rateLimitSeconds > 0 — submit should be disabled */
+  isRateLimited: boolean;
+  /** Formatted countdown label, e.g. "19:00" or "42s" */
+  rateLimitLabel: string;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -49,7 +63,6 @@ export interface AuthFormState {
 
 export interface AuthFormStateHandlers {
   setIdentifier: (identifier: string) => void;
-  setChannel: (channel: AuthChannel) => void;
   setOtp: (otp: string) => void;
   setAcceptedTerms: (accepted: boolean) => void;
   setError: (error: string) => void;
@@ -60,6 +73,8 @@ export interface AuthFormStateHandlers {
   setShouldPrompt2FA: (prompt: boolean) => void;
   setTwoFactorCode: (code: string) => void;
   setUseBackupCode: (useBackup: boolean) => void;
+  /** Start a countdown timer that disables submit for `seconds` seconds */
+  startRateLimitCountdown: (seconds: number) => void;
 }
 
 export interface AuthFormSubmitHandlers {
@@ -81,10 +96,8 @@ export interface AuthFormSubmitHandlers {
 // ─────────────────────────────────────────────────────────────────────────────
 
 export interface AuthFormValidation {
-  /** Detect channel from identifier string */
-  detectChannelFromIdentifier: (identifier: string) => AuthChannel | null;
   /** Validate identifier format */
-  validateIdentifier: (identifier: string, channel?: AuthChannel) => boolean;
+  validateIdentifier: (identifier: string) => boolean;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -105,6 +118,8 @@ export interface AuthForm2FAState {
   is2FALoading: boolean;
   /** Warning message from 2FA (e.g., low backup codes) */
   twoFactorWarning: string | null;
+  /** Remaining attempts before 2FA lockout (null = unknown) */
+  twoFactorAttemptsRemaining: number | null;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -125,7 +140,7 @@ export interface AuthFormReturn extends
 
 export interface UseAuthFormOptions {
   /** Callback when identifier step succeeds */
-  onIdentifierSuccess?: (identifier: string, channel: AuthChannel) => void;
+  onIdentifierSuccess?: (identifier: string) => void;
   /** Callback when OTP verification succeeds */
   onOTPSuccess?: () => void;
   /** Callback on any error */
@@ -147,63 +162,3 @@ export interface UseAuthFormOptions {
   enable2FASetup?: boolean;
 }
 
-// ─────────────────────────────────────────────────────────────────────────────
-// Layout Context (UI-specific additions)
-// ─────────────────────────────────────────────────────────────────────────────
-
-export interface AuthLayoutConfig {
-  /** Support page URL */
-  supportUrl?: string;
-  /** Terms of service URL */
-  termsUrl?: string;
-  /** Privacy policy URL */
-  privacyUrl?: string;
-  /** Source URL for tracking */
-  sourceUrl: string;
-  /** Enable phone authentication tab */
-  enablePhoneAuth?: boolean;
-  /** Enable GitHub OAuth button */
-  enableGithubAuth?: boolean;
-  /** Logo URL for success screen (SVG recommended) */
-  logoUrl?: string;
-  /** URL to redirect after successful auth (default: /dashboard) */
-  redirectUrl?: string;
-  /**
-   * Enable 2FA setup prompt after successful authentication.
-   * When true (default), users without 2FA will see a setup prompt after login.
-   * When false, users go directly to success without 2FA setup prompt.
-   * Note: This only affects the setup prompt - existing 2FA verification still works.
-   * @default true
-   */
-  enable2FASetup?: boolean;
-}
-
-export interface AuthFormContextType extends AuthFormReturn, AuthLayoutConfig {}
-
-// ─────────────────────────────────────────────────────────────────────────────
-// Layout Props
-// ─────────────────────────────────────────────────────────────────────────────
-
-export interface AuthLayoutProps extends AuthLayoutConfig {
-  children?: React.ReactNode;
-  className?: string;
-  /** URL to redirect after successful auth (default: /dashboard) */
-  redirectUrl?: string;
-  /** Callback when identifier step succeeds */
-  onIdentifierSuccess?: (identifier: string, channel: AuthChannel) => void;
-  /** Callback when OTP verification succeeds */
-  onOTPSuccess?: () => void;
-  /** Callback when OAuth succeeds */
-  onOAuthSuccess?: (user: any, isNewUser: boolean, provider: string) => void;
-  /** Callback on any error */
-  onError?: (message: string) => void;
-}
-
-// ─────────────────────────────────────────────────────────────────────────────
-// Help Component Props
-// ─────────────────────────────────────────────────────────────────────────────
-
-export interface AuthHelpProps {
-  className?: string;
-  variant?: 'default' | 'compact';
-}

package/src/auth/types/index.ts

@@ -2,9 +2,8 @@
  * Auth Types - Single source of truth
  */
 
-// Form types (for auth forms and layouts)
+// Form types (auth logic only)
 export type {
-  AuthChannel,
   AuthStep,
   AuthFormState,
   AuthFormStateHandlers,
@@ -13,10 +12,7 @@ export type {
   AuthFormAutoSubmit,
   AuthFormReturn,
   UseAuthFormOptions,
-  AuthLayoutConfig,
-  AuthFormContextType,
-  AuthLayoutProps,
-  AuthHelpProps,
+  OTPRequestResult,
 } from './form';
 
 // Re-export context types