@djangocfg/api 2.1.455 → 2.1.456

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/dist/auth.cjs +2654 -2920
  2. package/dist/auth.cjs.map +1 -1
  3. package/dist/auth.d.cts +18 -82
  4. package/dist/auth.d.ts +18 -82
  5. package/dist/auth.mjs +385 -2861
  6. package/dist/auth.mjs.map +1 -1
  7. package/dist/chunk-2G67QRNU.mjs +2096 -0
  8. package/dist/chunk-2G67QRNU.mjs.map +1 -0
  9. package/dist/chunk-32SRQGAC.mjs +2109 -0
  10. package/dist/chunk-32SRQGAC.mjs.map +1 -0
  11. package/dist/chunk-4BPRCONN.mjs +2098 -0
  12. package/dist/chunk-4BPRCONN.mjs.map +1 -0
  13. package/dist/chunk-5UZ2Z323.mjs +2021 -0
  14. package/dist/chunk-5UZ2Z323.mjs.map +1 -0
  15. package/dist/chunk-7KFTJXNM.mjs +2097 -0
  16. package/dist/chunk-7KFTJXNM.mjs.map +1 -0
  17. package/dist/chunk-BK4K5CVT.mjs +2019 -0
  18. package/dist/chunk-BK4K5CVT.mjs.map +1 -0
  19. package/dist/chunk-JLPJZ6WB.mjs +2020 -0
  20. package/dist/chunk-JLPJZ6WB.mjs.map +1 -0
  21. package/dist/chunk-TVU6PYJH.mjs +2032 -0
  22. package/dist/chunk-TVU6PYJH.mjs.map +1 -0
  23. package/dist/clients.cjs +2210 -1847
  24. package/dist/clients.cjs.map +1 -1
  25. package/dist/clients.d.cts +23 -0
  26. package/dist/clients.d.ts +23 -0
  27. package/dist/clients.mjs +14 -1845
  28. package/dist/clients.mjs.map +1 -1
  29. package/dist/hooks.cjs +1776 -962
  30. package/dist/hooks.cjs.map +1 -1
  31. package/dist/hooks.mjs +4 -1375
  32. package/dist/hooks.mjs.map +1 -1
  33. package/dist/index.cjs +2245 -1877
  34. package/dist/index.cjs.map +1 -1
  35. package/dist/index.d.cts +81 -4
  36. package/dist/index.d.ts +81 -4
  37. package/dist/index.mjs +20 -1860
  38. package/dist/index.mjs.map +1 -1
  39. package/dist/sdk.gen-2SQOPTWJ.mjs +26 -0
  40. package/dist/sdk.gen-2SQOPTWJ.mjs.map +1 -0
  41. package/dist/sdk.gen-HSGK4C5S.mjs +26 -0
  42. package/dist/sdk.gen-HSGK4C5S.mjs.map +1 -0
  43. package/dist/sdk.gen-NUK2VGHO.mjs +25 -0
  44. package/dist/sdk.gen-NUK2VGHO.mjs.map +1 -0
  45. package/dist/sdk.gen-O4KAQUZB.mjs +26 -0
  46. package/dist/sdk.gen-O4KAQUZB.mjs.map +1 -0
  47. package/dist/sdk.gen-PPAVSBNT.mjs +26 -0
  48. package/dist/sdk.gen-PPAVSBNT.mjs.map +1 -0
  49. package/dist/sdk.gen-XLHLOCJ2.mjs +25 -0
  50. package/dist/sdk.gen-XLHLOCJ2.mjs.map +1 -0
  51. package/dist/sdk.gen-ZOE6NQAL.mjs +26 -0
  52. package/dist/sdk.gen-ZOE6NQAL.mjs.map +1 -0
  53. package/dist/sdk.gen-ZT7LGJVO.mjs +26 -0
  54. package/dist/sdk.gen-ZT7LGJVO.mjs.map +1 -0
  55. package/package.json +2 -2
  56. package/src/_api/generated/_cfg_accounts/hooks/index.ts +1 -0
  57. package/src/_api/generated/_cfg_accounts/hooks/useCfgAccountsTokenBlacklistCreate.ts +28 -0
  58. package/src/_api/generated/_cfg_accounts/openapi.json +99 -0
  59. package/src/_api/generated/_cfg_accounts/schemas/TokenBlacklistRequest.ts +11 -0
  60. package/src/_api/generated/_cfg_accounts/schemas/index.ts +1 -0
  61. package/src/_api/generated/_cfg_centrifugo/openapi.json +9 -0
  62. package/src/_api/generated/_cfg_totp/openapi.json +33 -0
  63. package/src/_api/generated/helpers/auth.ts +276 -31
  64. package/src/_api/generated/openapi.json +129 -0
  65. package/src/_api/generated/sdk.gen.ts +94 -16
  66. package/src/_api/generated/types.gen.ts +18 -0
  67. package/src/auth/__tests__/guard.test.ts +0 -31
  68. package/src/auth/constants.ts +6 -0
  69. package/src/auth/context/AccountsContext.tsx +14 -24
  70. package/src/auth/context/AuthContext.tsx +226 -609
  71. package/src/auth/hooks/index.ts +3 -4
  72. package/src/auth/hooks/useGithubAuth.ts +3 -3
  73. package/src/auth/hooks/useSession.ts +22 -0
  74. package/src/auth/hooks/useTwoFactor.ts +4 -4
  75. package/src/auth/middlewares/index.ts +5 -6
  76. package/src/auth/utils/guard.ts +0 -22
  77. package/src/auth/utils/index.ts +0 -2
  78. package/src/_api/generated/_cfg_accounts/events.ts +0 -198
  79. package/src/_api/generated/_cfg_centrifugo/events.ts +0 -198
  80. package/src/_api/generated/_cfg_totp/events.ts +0 -198
  81. package/src/auth/__tests__/jwt.test.ts +0 -119
  82. package/src/auth/__tests__/sessionBootstrap.test.ts +0 -111
  83. package/src/auth/__tests__/useTokenRefresh.dom.test.tsx +0 -167
  84. package/src/auth/hooks/useAuthGuard.ts +0 -35
  85. package/src/auth/hooks/useTokenRefresh.ts +0 -131
  86. package/src/auth/refreshHandler.ts +0 -79
  87. package/src/auth/utils/jwt.ts +0 -66
@@ -2,7 +2,7 @@
2
2
 
3
3
  import { type Client, type ClientMeta, formDataBodySerializer, type Options as Options2, type RequestResult, type TDataShape } from './client';
4
4
  import { client } from './client.gen';
5
- import type { CfgAccountsApiKeyRegenerateCreateData, CfgAccountsApiKeyRegenerateCreateErrors, CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRetrieveData, CfgAccountsApiKeyRetrieveErrors, CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRevealCreateData, CfgAccountsApiKeyRevealCreateErrors, CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyTestCreateData, CfgAccountsApiKeyTestCreateResponses, CfgAccountsOauthConnectionsListData, CfgAccountsOauthConnectionsListResponses, CfgAccountsOauthDisconnectCreateData, CfgAccountsOauthDisconnectCreateErrors, CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthGithubAuthorizeCreateData, CfgAccountsOauthGithubAuthorizeCreateErrors, CfgAccountsOauthGithubAuthorizeCreateResponses, CfgAccountsOauthGithubCallbackCreateData, CfgAccountsOauthGithubCallbackCreateErrors, CfgAccountsOauthGithubCallbackCreateResponses, CfgAccountsOauthProvidersRetrieveData, CfgAccountsOauthProvidersRetrieveResponses, CfgAccountsOtpRequestCreateData, CfgAccountsOtpRequestCreateErrors, CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpVerifyCreateData, CfgAccountsOtpVerifyCreateErrors, CfgAccountsOtpVerifyCreateResponses, CfgAccountsProfileAvatarCreateData, CfgAccountsProfileAvatarCreateErrors, CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileDeleteCreateData, CfgAccountsProfileDeleteCreateErrors, CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfilePartialPartialUpdateData, CfgAccountsProfilePartialPartialUpdateErrors, CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialUpdateData, CfgAccountsProfilePartialUpdateErrors, CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfileRetrieveData, CfgAccountsProfileRetrieveErrors, CfgAccountsProfileRetrieveResponses, CfgAccountsProfileUpdatePartialUpdateData, CfgAccountsProfileUpdatePartialUpdateErrors, CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdateUpdateData, CfgAccountsProfileUpdateUpdateErrors, CfgAccountsProfileUpdateUpdateResponses, CfgAccountsTokenRefreshCreateData, CfgAccountsTokenRefreshCreateResponses, CfgCentrifugoAuthTokenRetrieveData, CfgCentrifugoAuthTokenRetrieveErrors, CfgCentrifugoAuthTokenRetrieveResponses, CfgTotpBackupCodesRegenerateCreateData, CfgTotpBackupCodesRegenerateCreateErrors, CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRetrieveData, CfgTotpBackupCodesRetrieveResponses, CfgTotpDevicesDestroyData, CfgTotpDevicesDestroyResponses, CfgTotpDevicesRetrieveData, CfgTotpDevicesRetrieveResponses, CfgTotpDisableCreateData, CfgTotpDisableCreateErrors, CfgTotpDisableCreateResponses, CfgTotpSetupConfirmCreateData, CfgTotpSetupConfirmCreateErrors, CfgTotpSetupConfirmCreateResponses, CfgTotpSetupCreateData, CfgTotpSetupCreateErrors, CfgTotpSetupCreateResponses, CfgTotpVerifyBackupCreateData, CfgTotpVerifyBackupCreateErrors, CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyCreateData, CfgTotpVerifyCreateErrors, CfgTotpVerifyCreateResponses } from './types.gen';
5
+ import type { CfgAccountsApiKeyRegenerateCreateData, CfgAccountsApiKeyRegenerateCreateErrors, CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRetrieveData, CfgAccountsApiKeyRetrieveErrors, CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRevealCreateData, CfgAccountsApiKeyRevealCreateErrors, CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyTestCreateData, CfgAccountsApiKeyTestCreateResponses, CfgAccountsOauthConnectionsListData, CfgAccountsOauthConnectionsListResponses, CfgAccountsOauthDisconnectCreateData, CfgAccountsOauthDisconnectCreateErrors, CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthGithubAuthorizeCreateData, CfgAccountsOauthGithubAuthorizeCreateErrors, CfgAccountsOauthGithubAuthorizeCreateResponses, CfgAccountsOauthGithubCallbackCreateData, CfgAccountsOauthGithubCallbackCreateErrors, CfgAccountsOauthGithubCallbackCreateResponses, CfgAccountsOauthProvidersRetrieveData, CfgAccountsOauthProvidersRetrieveResponses, CfgAccountsOtpRequestCreateData, CfgAccountsOtpRequestCreateErrors, CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpVerifyCreateData, CfgAccountsOtpVerifyCreateErrors, CfgAccountsOtpVerifyCreateResponses, CfgAccountsProfileAvatarCreateData, CfgAccountsProfileAvatarCreateErrors, CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileDeleteCreateData, CfgAccountsProfileDeleteCreateErrors, CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfilePartialPartialUpdateData, CfgAccountsProfilePartialPartialUpdateErrors, CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialUpdateData, CfgAccountsProfilePartialUpdateErrors, CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfileRetrieveData, CfgAccountsProfileRetrieveErrors, CfgAccountsProfileRetrieveResponses, CfgAccountsProfileUpdatePartialUpdateData, CfgAccountsProfileUpdatePartialUpdateErrors, CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdateUpdateData, CfgAccountsProfileUpdateUpdateErrors, CfgAccountsProfileUpdateUpdateResponses, CfgAccountsTokenBlacklistCreateData, CfgAccountsTokenBlacklistCreateResponses, CfgAccountsTokenRefreshCreateData, CfgAccountsTokenRefreshCreateResponses, CfgCentrifugoAuthTokenRetrieveData, CfgCentrifugoAuthTokenRetrieveErrors, CfgCentrifugoAuthTokenRetrieveResponses, CfgTotpBackupCodesRegenerateCreateData, CfgTotpBackupCodesRegenerateCreateErrors, CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRetrieveData, CfgTotpBackupCodesRetrieveResponses, CfgTotpDevicesDestroyData, CfgTotpDevicesDestroyResponses, CfgTotpDevicesRetrieveData, CfgTotpDevicesRetrieveResponses, CfgTotpDisableCreateData, CfgTotpDisableCreateErrors, CfgTotpDisableCreateResponses, CfgTotpSetupConfirmCreateData, CfgTotpSetupConfirmCreateErrors, CfgTotpSetupConfirmCreateResponses, CfgTotpSetupCreateData, CfgTotpSetupCreateErrors, CfgTotpSetupCreateResponses, CfgTotpVerifyBackupCreateData, CfgTotpVerifyBackupCreateErrors, CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyCreateData, CfgTotpVerifyCreateErrors, CfgTotpVerifyCreateResponses } from './types.gen';
6
6
 
7
7
  export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean, TResponse = unknown> = Options2<TData, ThrowOnError, TResponse> & {
8
8
  /**
@@ -124,7 +124,11 @@ export class CfgAccountsOauth {
124
124
  */
125
125
  public static cfgAccountsOauthConnectionsList<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsOauthConnectionsListData, ThrowOnError>): RequestResult<CfgAccountsOauthConnectionsListResponses, unknown, ThrowOnError> {
126
126
  return (options?.client ?? client).get<CfgAccountsOauthConnectionsListResponses, unknown, ThrowOnError>({
127
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
127
+ security: [
128
+ { name: 'X-API-Key', type: 'apiKey' },
129
+ { scheme: 'bearer', type: 'http' },
130
+ { name: 'Authorization', type: 'apiKey' }
131
+ ],
128
132
  url: '/cfg/accounts/oauth/connections/',
129
133
  ...options
130
134
  });
@@ -137,7 +141,11 @@ export class CfgAccountsOauth {
137
141
  */
138
142
  public static cfgAccountsOauthDisconnectCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOauthDisconnectCreateData, ThrowOnError>): RequestResult<CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthDisconnectCreateErrors, ThrowOnError> {
139
143
  return (options.client ?? client).post<CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthDisconnectCreateErrors, ThrowOnError>({
140
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
144
+ security: [
145
+ { name: 'X-API-Key', type: 'apiKey' },
146
+ { scheme: 'bearer', type: 'http' },
147
+ { name: 'Authorization', type: 'apiKey' }
148
+ ],
141
149
  url: '/cfg/accounts/oauth/disconnect/',
142
150
  ...options,
143
151
  headers: {
@@ -195,7 +203,11 @@ export class CfgAccounts {
195
203
  */
196
204
  public static cfgAccountsOtpRequestCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOtpRequestCreateData, ThrowOnError>): RequestResult<CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpRequestCreateErrors, ThrowOnError> {
197
205
  return (options.client ?? client).post<CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpRequestCreateErrors, ThrowOnError>({
198
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
206
+ security: [
207
+ { name: 'X-API-Key', type: 'apiKey' },
208
+ { scheme: 'bearer', type: 'http' },
209
+ { name: 'Authorization', type: 'apiKey' }
210
+ ],
199
211
  url: '/cfg/accounts/otp/request/',
200
212
  ...options,
201
213
  headers: {
@@ -217,7 +229,11 @@ export class CfgAccounts {
217
229
  */
218
230
  public static cfgAccountsOtpVerifyCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOtpVerifyCreateData, ThrowOnError>): RequestResult<CfgAccountsOtpVerifyCreateResponses, CfgAccountsOtpVerifyCreateErrors, ThrowOnError> {
219
231
  return (options.client ?? client).post<CfgAccountsOtpVerifyCreateResponses, CfgAccountsOtpVerifyCreateErrors, ThrowOnError>({
220
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
232
+ security: [
233
+ { name: 'X-API-Key', type: 'apiKey' },
234
+ { scheme: 'bearer', type: 'http' },
235
+ { name: 'Authorization', type: 'apiKey' }
236
+ ],
221
237
  url: '/cfg/accounts/otp/verify/',
222
238
  ...options,
223
239
  headers: {
@@ -254,7 +270,11 @@ export class CfgAccountsProfile {
254
270
  public static cfgAccountsProfileAvatarCreate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileAvatarCreateData, ThrowOnError>): RequestResult<CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileAvatarCreateErrors, ThrowOnError> {
255
271
  return (options?.client ?? client).post<CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileAvatarCreateErrors, ThrowOnError>({
256
272
  ...formDataBodySerializer,
257
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
273
+ security: [
274
+ { name: 'X-API-Key', type: 'apiKey' },
275
+ { scheme: 'bearer', type: 'http' },
276
+ { name: 'Authorization', type: 'apiKey' }
277
+ ],
258
278
  url: '/cfg/accounts/profile/avatar/',
259
279
  ...options,
260
280
  headers: {
@@ -377,6 +397,24 @@ export class CfgAccountsProfile {
377
397
  }
378
398
 
379
399
  export class CfgAccountsAuth {
400
+ /**
401
+ * Revoke a refresh token (logout).
402
+ *
403
+ * Blacklists the posted refresh token so it can never mint another access
404
+ * token. Called best-effort by the client's logout — without it, "logout"
405
+ * is purely client-side and a stolen refresh token survives until expiry.
406
+ */
407
+ public static cfgAccountsTokenBlacklistCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsTokenBlacklistCreateData, ThrowOnError>): RequestResult<CfgAccountsTokenBlacklistCreateResponses, unknown, ThrowOnError> {
408
+ return (options.client ?? client).post<CfgAccountsTokenBlacklistCreateResponses, unknown, ThrowOnError>({
409
+ url: '/cfg/accounts/token/blacklist/',
410
+ ...options,
411
+ headers: {
412
+ 'Content-Type': 'application/json',
413
+ ...options.headers
414
+ }
415
+ });
416
+ }
417
+
380
418
  /**
381
419
  * Refresh JWT token.
382
420
  *
@@ -406,7 +444,11 @@ export class CfgCentrifugo {
406
444
  */
407
445
  public static cfgCentrifugoAuthTokenRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgCentrifugoAuthTokenRetrieveData, ThrowOnError>): RequestResult<CfgCentrifugoAuthTokenRetrieveResponses, CfgCentrifugoAuthTokenRetrieveErrors, ThrowOnError> {
408
446
  return (options?.client ?? client).get<CfgCentrifugoAuthTokenRetrieveResponses, CfgCentrifugoAuthTokenRetrieveErrors, ThrowOnError>({
409
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
447
+ security: [
448
+ { name: 'X-API-Key', type: 'apiKey' },
449
+ { scheme: 'bearer', type: 'http' },
450
+ { name: 'Authorization', type: 'apiKey' }
451
+ ],
410
452
  url: '/cfg/centrifugo/auth/token/',
411
453
  ...options
412
454
  });
@@ -419,7 +461,11 @@ export class CfgTotpBackupCodes {
419
461
  */
420
462
  public static cfgTotpBackupCodesRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgTotpBackupCodesRetrieveData, ThrowOnError>): RequestResult<CfgTotpBackupCodesRetrieveResponses, unknown, ThrowOnError> {
421
463
  return (options?.client ?? client).get<CfgTotpBackupCodesRetrieveResponses, unknown, ThrowOnError>({
422
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
464
+ security: [
465
+ { name: 'X-API-Key', type: 'apiKey' },
466
+ { scheme: 'bearer', type: 'http' },
467
+ { name: 'Authorization', type: 'apiKey' }
468
+ ],
423
469
  url: '/cfg/totp/backup-codes/',
424
470
  ...options
425
471
  });
@@ -433,7 +479,11 @@ export class CfgTotpBackupCodes {
433
479
  */
434
480
  public static cfgTotpBackupCodesRegenerateCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpBackupCodesRegenerateCreateData, ThrowOnError>): RequestResult<CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRegenerateCreateErrors, ThrowOnError> {
435
481
  return (options.client ?? client).post<CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRegenerateCreateErrors, ThrowOnError>({
436
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
482
+ security: [
483
+ { name: 'X-API-Key', type: 'apiKey' },
484
+ { scheme: 'bearer', type: 'http' },
485
+ { name: 'Authorization', type: 'apiKey' }
486
+ ],
437
487
  url: '/cfg/totp/backup-codes/regenerate/',
438
488
  ...options,
439
489
  headers: {
@@ -450,7 +500,11 @@ export class CfgTotp {
450
500
  */
451
501
  public static cfgTotpDevicesRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgTotpDevicesRetrieveData, ThrowOnError>): RequestResult<CfgTotpDevicesRetrieveResponses, unknown, ThrowOnError> {
452
502
  return (options?.client ?? client).get<CfgTotpDevicesRetrieveResponses, unknown, ThrowOnError>({
453
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
503
+ security: [
504
+ { name: 'X-API-Key', type: 'apiKey' },
505
+ { scheme: 'bearer', type: 'http' },
506
+ { name: 'Authorization', type: 'apiKey' }
507
+ ],
454
508
  url: '/cfg/totp/devices/',
455
509
  ...options
456
510
  });
@@ -463,7 +517,11 @@ export class CfgTotp {
463
517
  */
464
518
  public static cfgTotpDevicesDestroy<ThrowOnError extends boolean = false>(options: Options<CfgTotpDevicesDestroyData, ThrowOnError>): RequestResult<CfgTotpDevicesDestroyResponses, unknown, ThrowOnError> {
465
519
  return (options.client ?? client).delete<CfgTotpDevicesDestroyResponses, unknown, ThrowOnError>({
466
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
520
+ security: [
521
+ { name: 'X-API-Key', type: 'apiKey' },
522
+ { scheme: 'bearer', type: 'http' },
523
+ { name: 'Authorization', type: 'apiKey' }
524
+ ],
467
525
  url: '/cfg/totp/devices/{id}/',
468
526
  ...options
469
527
  });
@@ -476,7 +534,11 @@ export class CfgTotp {
476
534
  */
477
535
  public static cfgTotpDisableCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpDisableCreateData, ThrowOnError>): RequestResult<CfgTotpDisableCreateResponses, CfgTotpDisableCreateErrors, ThrowOnError> {
478
536
  return (options.client ?? client).post<CfgTotpDisableCreateResponses, CfgTotpDisableCreateErrors, ThrowOnError>({
479
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
537
+ security: [
538
+ { name: 'X-API-Key', type: 'apiKey' },
539
+ { scheme: 'bearer', type: 'http' },
540
+ { name: 'Authorization', type: 'apiKey' }
541
+ ],
480
542
  url: '/cfg/totp/disable/',
481
543
  ...options,
482
544
  headers: {
@@ -495,7 +557,11 @@ export class CfgTotpSetup {
495
557
  */
496
558
  public static cfgTotpSetupCreate<ThrowOnError extends boolean = false>(options?: Options<CfgTotpSetupCreateData, ThrowOnError>): RequestResult<CfgTotpSetupCreateResponses, CfgTotpSetupCreateErrors, ThrowOnError> {
497
559
  return (options?.client ?? client).post<CfgTotpSetupCreateResponses, CfgTotpSetupCreateErrors, ThrowOnError>({
498
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
560
+ security: [
561
+ { name: 'X-API-Key', type: 'apiKey' },
562
+ { scheme: 'bearer', type: 'http' },
563
+ { name: 'Authorization', type: 'apiKey' }
564
+ ],
499
565
  url: '/cfg/totp/setup/',
500
566
  ...options,
501
567
  headers: {
@@ -512,7 +578,11 @@ export class CfgTotpSetup {
512
578
  */
513
579
  public static cfgTotpSetupConfirmCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpSetupConfirmCreateData, ThrowOnError>): RequestResult<CfgTotpSetupConfirmCreateResponses, CfgTotpSetupConfirmCreateErrors, ThrowOnError> {
514
580
  return (options.client ?? client).post<CfgTotpSetupConfirmCreateResponses, CfgTotpSetupConfirmCreateErrors, ThrowOnError>({
515
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
581
+ security: [
582
+ { name: 'X-API-Key', type: 'apiKey' },
583
+ { scheme: 'bearer', type: 'http' },
584
+ { name: 'Authorization', type: 'apiKey' }
585
+ ],
516
586
  url: '/cfg/totp/setup/confirm/',
517
587
  ...options,
518
588
  headers: {
@@ -531,7 +601,11 @@ export class CfgTotpVerify {
531
601
  */
532
602
  public static cfgTotpVerifyCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpVerifyCreateData, ThrowOnError>): RequestResult<CfgTotpVerifyCreateResponses, CfgTotpVerifyCreateErrors, ThrowOnError> {
533
603
  return (options.client ?? client).post<CfgTotpVerifyCreateResponses, CfgTotpVerifyCreateErrors, ThrowOnError>({
534
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
604
+ security: [
605
+ { name: 'X-API-Key', type: 'apiKey' },
606
+ { scheme: 'bearer', type: 'http' },
607
+ { name: 'Authorization', type: 'apiKey' }
608
+ ],
535
609
  url: '/cfg/totp/verify/',
536
610
  ...options,
537
611
  headers: {
@@ -548,7 +622,11 @@ export class CfgTotpVerify {
548
622
  */
549
623
  public static cfgTotpVerifyBackupCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpVerifyBackupCreateData, ThrowOnError>): RequestResult<CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyBackupCreateErrors, ThrowOnError> {
550
624
  return (options.client ?? client).post<CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyBackupCreateErrors, ThrowOnError>({
551
- security: [{ name: 'X-API-Key', type: 'apiKey' }, { scheme: 'bearer', type: 'http' }],
625
+ security: [
626
+ { name: 'X-API-Key', type: 'apiKey' },
627
+ { scheme: 'bearer', type: 'http' },
628
+ { name: 'Authorization', type: 'apiKey' }
629
+ ],
552
630
  url: '/cfg/totp/verify/backup/',
553
631
  ...options,
554
632
  headers: {
@@ -643,6 +643,10 @@ export type SetupResponse = {
643
643
  expires_in: number;
644
644
  };
645
645
 
646
+ export type TokenBlacklistRequest = {
647
+ refresh: string;
648
+ };
649
+
646
650
  export type TokenRefresh = {
647
651
  readonly access: string;
648
652
  refresh: string;
@@ -1404,6 +1408,20 @@ export type CfgAccountsProfileUpdateUpdateResponses = {
1404
1408
 
1405
1409
  export type CfgAccountsProfileUpdateUpdateResponse = CfgAccountsProfileUpdateUpdateResponses[keyof CfgAccountsProfileUpdateUpdateResponses];
1406
1410
 
1411
+ export type CfgAccountsTokenBlacklistCreateData = {
1412
+ body: TokenBlacklistRequest;
1413
+ path?: never;
1414
+ query?: never;
1415
+ url: '/cfg/accounts/token/blacklist/';
1416
+ };
1417
+
1418
+ export type CfgAccountsTokenBlacklistCreateResponses = {
1419
+ /**
1420
+ * No response body
1421
+ */
1422
+ 200: unknown;
1423
+ };
1424
+
1407
1425
  export type CfgAccountsTokenRefreshCreateData = {
1408
1426
  body: TokenRefreshRequest;
1409
1427
  path?: never;
@@ -15,7 +15,6 @@ import {
15
15
  resolveGuardIsLoading,
16
16
  resolveGuardIsAuthenticated,
17
17
  shouldRedirectToAuth,
18
- nextAuthEvaluationDelay,
19
18
  type GuardInput,
20
19
  } from '../utils/guard';
21
20
 
@@ -112,33 +111,3 @@ describe('resolveGuardIsAuthenticated', () => {
112
111
  });
113
112
  });
114
113
 
115
- describe('nextAuthEvaluationDelay (time-driven re-check scheduling)', () => {
116
- const NOW = 1_800_000_000_000;
117
-
118
- it('schedules on the SOONEST future expiry + 1s cushion', () => {
119
- const access = NOW + 5 * 60_000; // 5 min
120
- const refresh = NOW + 60 * 60_000; // 60 min
121
- expect(nextAuthEvaluationDelay(access, refresh, NOW)).toBe(5 * 60_000 + 1000);
122
- });
123
-
124
- it('uses refresh expiry when access is already past', () => {
125
- const access = NOW - 1000; // already expired → ignored
126
- const refresh = NOW + 10 * 60_000;
127
- expect(nextAuthEvaluationDelay(access, refresh, NOW)).toBe(10 * 60_000 + 1000);
128
- });
129
-
130
- it('returns null when nothing live remains (no timer to arm)', () => {
131
- expect(nextAuthEvaluationDelay(NOW - 1, NOW - 2, NOW)).toBeNull();
132
- expect(nextAuthEvaluationDelay(null, null, NOW)).toBeNull();
133
- });
134
-
135
- it('handles a single live token (other absent)', () => {
136
- expect(nextAuthEvaluationDelay(NOW + 30_000, null, NOW)).toBe(31_000);
137
- expect(nextAuthEvaluationDelay(null, NOW + 30_000, NOW)).toBe(31_000);
138
- });
139
-
140
- it('never returns a negative delay', () => {
141
- const d = nextAuthEvaluationDelay(NOW + 1, NOW + 1, NOW);
142
- expect(d).toBeGreaterThan(0);
143
- });
144
- });
@@ -11,3 +11,9 @@ export const AUTH_CONSTANTS = {
11
11
  /** Backup code max length. */
12
12
  BACKUP_CODE_MAX_LENGTH: 12,
13
13
  } as const;
14
+
15
+ /** Default route for the sign-in page. Override per app via AuthConfig.routes. */
16
+ export const DEFAULT_AUTH_PATH = '/auth';
17
+
18
+ /** Default post-login destination. Override per app via AuthConfig.routes. */
19
+ export const DEFAULT_CALLBACK_PATH = '/dashboard';
@@ -17,15 +17,14 @@ import {
17
17
  createContext, memo, ReactNode, useCallback, useContext, useEffect, useMemo, useRef, useState
18
18
  } from 'react';
19
19
 
20
- import { CfgAccountsApi } from '../../';
21
- import { CfgAccountsProfile } from '../../_api/generated/_cfg_accounts/sdk.gen';
20
+ import { auth } from '../../_api/generated/helpers/auth';
21
+ import { CfgAccountsAuth, CfgAccountsProfile } from '../../_api/generated/_cfg_accounts/sdk.gen';
22
22
  import {
23
23
  useCfgAccountsOtpRequestCreate,
24
24
  useCfgAccountsOtpVerifyCreate,
25
25
  useCfgAccountsProfileAvatarCreate,
26
26
  useCfgAccountsProfilePartialUpdate,
27
27
  useCfgAccountsProfileUpdateUpdate,
28
- useCfgAccountsTokenRefreshCreate,
29
28
  } from '../../_api/generated/_cfg_accounts/hooks';
30
29
  import { PatchedCfgUserUpdateRequestSchema } from '../../_api/generated/_cfg_accounts/schemas';
31
30
  import { clearProfileCache, getCachedProfile, setCachedProfile } from '../hooks/useProfileCache';
@@ -39,8 +38,6 @@ import type {
39
38
  OtpVerifyRequest,
40
39
  OtpRequestResponse,
41
40
  OtpVerifyResponse,
42
- TokenRefresh,
43
- TokenRefreshRequest,
44
41
  } from '../../_api/generated/_cfg_accounts/types.gen';
45
42
 
46
43
  export { PatchedCfgUserUpdateRequestSchema };
@@ -62,7 +59,6 @@ export interface AccountsContextValue {
62
59
 
63
60
  requestOTP: (data: OtpRequestRequest) => Promise<OtpRequestResponse>;
64
61
  verifyOTP: (data: OtpVerifyRequest) => Promise<OtpVerifyResponse>;
65
- refreshToken: (refresh: string) => Promise<TokenRefresh>;
66
62
  logout: () => void;
67
63
  }
68
64
 
@@ -96,7 +92,6 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
96
92
  const { trigger: triggerAvatar } = useCfgAccountsProfileAvatarCreate();
97
93
  const { trigger: triggerOtpRequest } = useCfgAccountsOtpRequestCreate();
98
94
  const { trigger: triggerOtpVerify } = useCfgAccountsOtpVerifyCreate();
99
- const { trigger: triggerTokenRefresh } = useCfgAccountsTokenRefreshCreate();
100
95
 
101
96
  const refreshProfile = useCallback(async (options?: { callerId?: string; force?: boolean }): Promise<User | undefined> => {
102
97
  const { callerId, force } = options || {};
@@ -159,8 +154,8 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
159
154
  }
160
155
 
161
156
  if (result.access && result.refresh) {
162
- CfgAccountsApi.setToken(result.access);
163
- CfgAccountsApi.setRefreshToken(result.refresh);
157
+ // The ONE write path — atomic pair, notifies every session subscriber.
158
+ auth.setSession({ access: result.access, refresh: result.refresh });
164
159
  try {
165
160
  await refreshProfile({ callerId: 'verifyOTP', force: true });
166
161
  } catch (profileError) {
@@ -171,20 +166,17 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
171
166
  return result;
172
167
  };
173
168
 
174
- const refreshToken = async (refresh: string): Promise<TokenRefresh> => {
175
- const body: TokenRefreshRequest = { refresh };
176
- const result = (await triggerTokenRefresh({ body })) as TokenRefresh;
177
-
178
- if (result.access) {
179
- CfgAccountsApi.setToken(result.access);
180
- CfgAccountsApi.setRefreshToken(refresh);
181
- }
182
-
183
- return result;
184
- };
185
-
186
169
  const logout = useCallback(() => {
187
- CfgAccountsApi.clearToken();
170
+ // Best-effort server-side revocation: without blacklisting, a stolen
171
+ // refresh token survives "logout" until it expires. Fire-and-forget —
172
+ // local logout must never block on the network.
173
+ const refresh = auth.getRefreshToken();
174
+ if (refresh) {
175
+ CfgAccountsAuth.cfgAccountsTokenBlacklistCreate({ body: { refresh } }).catch(() => {
176
+ authLogger.warn('Refresh-token blacklist failed (logged out locally anyway)');
177
+ });
178
+ }
179
+ auth.clearSession();
188
180
  setProfile(undefined);
189
181
  setProfileError(null);
190
182
  clearProfileCache();
@@ -200,7 +192,6 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
200
192
  refreshProfile,
201
193
  requestOTP,
202
194
  verifyOTP,
203
- refreshToken,
204
195
  logout,
205
196
  }), [
206
197
  profile,
@@ -212,7 +203,6 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
212
203
  refreshProfile,
213
204
  requestOTP,
214
205
  verifyOTP,
215
- refreshToken,
216
206
  logout,
217
207
  ]);
218
208