@draftlab/auth 0.15.0 → 0.15.1

package/dist/provider/linkedin.d.mts

@@ -2,66 +2,65 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/linkedin.d.ts
-
 /**
  * Configuration options for LinkedIn OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with LinkedIn-specific documentation.
  */
 interface LinkedInConfig extends Oauth2WrappedConfig {
   /**
-   * LinkedIn OAuth 2.0 client ID from LinkedIn Developer Console.
-   * Found in your LinkedIn app settings.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "78abc123456789"
-   * }
-   * ```
-   */
+       * LinkedIn OAuth 2.0 client ID from LinkedIn Developer Console.
+       * Found in your LinkedIn app settings.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "78abc123456789"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * LinkedIn OAuth 2.0 client secret from LinkedIn Developer Console.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * LinkedIn OAuth 2.0 client secret from LinkedIn Developer Console.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.LINKEDIN_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * LinkedIn OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "r_liteprofile",    // Basic profile information
-   *     "r_emailaddress",   // Email address
-   *     "w_member_social",  // Share content on behalf of user
-   *     "r_organization_social" // Organization content access
-   *   ]
-   * }
-   * ```
-   */
+       * LinkedIn OAuth scopes to request access for.
+       * Determines what data and actions your app can access.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "r_liteprofile",    // Basic profile information
+       *     "r_emailaddress",   // Email address
+       *     "w_member_social",  // Share content on behalf of user
+       *     "r_organization_social" // Organization content access
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
   /**
-   * Additional query parameters for LinkedIn OAuth authorization.
-   * Useful for LinkedIn-specific options.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     state: "custom-state-value" // Custom state parameter
-   *   }
-   * }
-   * ```
-   */
+       * Additional query parameters for LinkedIn OAuth authorization.
+       * Useful for LinkedIn-specific options.
+       *
+       * @example
+       * ```ts
+       * {
+       *   query: {
+       *     state: "custom-state-value" // Custom state parameter
+       *   }
+       * }
+       * ```
+       */
   readonly query?: Record<string, string>;
 }
 /**

package/dist/provider/magiclink.d.mts

@@ -1,7 +1,6 @@
 import { Provider } from "./provider.mjs";
 
 //#region src/provider/magiclink.d.ts
-
 /**
  * Configuration options for the Magic Link authentication provider.
  *
@@ -9,31 +8,31 @@ import { Provider } from "./provider.mjs";
  */
 interface MagicLinkConfig<Claims extends Record<string, string> = Record<string, string>> {
   /**
-   * Token expiration time in seconds.
-   * After this time, the magic link becomes invalid.
-   *
-   * @default 900 (15 minutes)
-   */
+       * Token expiration time in seconds.
+       * After this time, the magic link becomes invalid.
+       *
+       * @default 900 (15 minutes)
+       */
   readonly expiry?: number;
   /**
-   * Request handler for rendering the magic link UI.
-   * Handles both the initial claim collection and "check your email" screens.
-   *
-   * @param req - The HTTP request object
-   * @param state - Current authentication state
-   * @param form - Form data from POST requests (if any)
-   * @param error - Authentication error to display (if any)
-   * @returns Promise resolving to the authentication page response
-   */
+       * Request handler for rendering the magic link UI.
+       * Handles both the initial claim collection and "check your email" screens.
+       *
+       * @param req - The HTTP request object
+       * @param state - Current authentication state
+       * @param form - Form data from POST requests (if any)
+       * @param error - Authentication error to display (if any)
+       * @returns Promise resolving to the authentication page response
+       */
   request: (req: Request, state: MagicLinkState, form?: FormData, error?: MagicLinkError) => Promise<Response>;
   /**
-   * Callback for sending magic links to users.
-   * Should handle delivery via email, SMS, or other communication channels.
-   *
-   * @param claims - User claims containing contact information
-   * @param magicUrl - The magic link URL to send
-   * @returns Promise resolving to undefined on success, or error object on failure
-   */
+       * Callback for sending magic links to users.
+       * Should handle delivery via email, SMS, or other communication channels.
+       *
+       * @param claims - User claims containing contact information
+       * @param magicUrl - The magic link URL to send
+       * @returns Promise resolving to undefined on success, or error object on failure
+       */
   sendLink: (claims: Claims, magicUrl: string) => Promise<MagicLinkError | undefined>;
 }
 /**
@@ -41,30 +40,21 @@ interface MagicLinkConfig<Claims extends Record<string, string> = Record<string,
  * The provider transitions between these states during authentication.
  */
 type MagicLinkState = {
-  /** Initial state: user enters their claims (email, phone, etc.) */
-  readonly type: "start";
+  /** Initial state: user enters their claims (email, phone, etc.) */readonly type: "start";
 } | {
-  /** Link sent state: user checks their email/phone */
-  readonly type: "sent";
-  /** Whether this is a resend request */
-  readonly resend?: boolean;
-  /** The secure token for verification */
-  readonly token: string;
-  /** User claims collected during the start phase */
+  /** Link sent state: user checks their email/phone */readonly type: "sent"; /** Whether this is a resend request */
+  readonly resend?: boolean; /** The secure token for verification */
+  readonly token: string; /** User claims collected during the start phase */
   readonly claims: Record<string, string>;
 };
 /**
  * Possible errors during magic link authentication.
  */
 type MagicLinkError = {
-  /** The magic link is invalid or expired */
-  readonly type: "invalid_link";
+  /** The magic link is invalid or expired */readonly type: "invalid_link";
 } | {
-  /** A user claim is invalid or missing */
-  readonly type: "invalid_claim";
-  /** The claim field that failed validation */
-  readonly key: string;
-  /** The invalid value or error description */
+  /** A user claim is invalid or missing */readonly type: "invalid_claim"; /** The claim field that failed validation */
+  readonly key: string; /** The invalid value or error description */
   readonly value: string;
 };
 /**

package/dist/provider/microsoft.d.mts

@@ -2,88 +2,87 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/microsoft.d.ts
-
 /**
  * Configuration options for Microsoft OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with Microsoft-specific documentation.
  */
 interface MicrosoftConfig extends Oauth2WrappedConfig {
   /**
-   * Microsoft Azure AD tenant ID or tenant type.
-   * Determines which types of accounts can sign in.
-   *
-   * @example
-   * ```ts
-   * {
-   *   tenant: "common"        // Personal + work/school accounts
-   *   // or
-   *   tenant: "organizations" // Work/school accounts only
-   *   // or
-   *   tenant: "consumers"     // Personal accounts only
-   *   // or
-   *   tenant: "12345678-1234-1234-1234-123456789012" // Specific tenant
-   * }
-   * ```
-   */
+       * Microsoft Azure AD tenant ID or tenant type.
+       * Determines which types of accounts can sign in.
+       *
+       * @example
+       * ```ts
+       * {
+       *   tenant: "common"        // Personal + work/school accounts
+       *   // or
+       *   tenant: "organizations" // Work/school accounts only
+       *   // or
+       *   tenant: "consumers"     // Personal accounts only
+       *   // or
+       *   tenant: "12345678-1234-1234-1234-123456789012" // Specific tenant
+       * }
+       * ```
+       */
   readonly tenant: string;
   /**
-   * Microsoft OAuth 2.0 client ID from Azure App Registration.
-   * Found in your Azure portal app registration.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "12345678-1234-1234-1234-123456789012"
-   * }
-   * ```
-   */
+       * Microsoft OAuth 2.0 client ID from Azure App Registration.
+       * Found in your Azure portal app registration.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "12345678-1234-1234-1234-123456789012"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Microsoft OAuth 2.0 client secret from Azure App Registration.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Microsoft OAuth 2.0 client secret from Azure App Registration.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.MICROSOFT_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * Microsoft OAuth scopes to request access for.
-   * Determines what data and actions your app can access via Microsoft Graph.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "openid",           // OpenID Connect sign-in
-   *     "profile",          // Basic profile
-   *     "email",            // Email address
-   *     "User.Read",        // Read user profile
-   *     "Mail.Read",        // Read user mail
-   *     "Calendars.Read"    // Read user calendars
-   *   ]
-   * }
-   * ```
-   */
+       * Microsoft OAuth scopes to request access for.
+       * Determines what data and actions your app can access via Microsoft Graph.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "openid",           // OpenID Connect sign-in
+       *     "profile",          // Basic profile
+       *     "email",            // Email address
+       *     "User.Read",        // Read user profile
+       *     "Mail.Read",        // Read user mail
+       *     "Calendars.Read"    // Read user calendars
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
   /**
-   * Additional query parameters for Microsoft OAuth authorization.
-   * Useful for Microsoft-specific options like domain hints.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     domain_hint: "contoso.com",    // Pre-fill domain
-   *     login_hint: "user@contoso.com", // Pre-fill username
-   *     prompt: "consent"              // Force consent screen
-   *   }
-   * }
-   * ```
-   */
+       * Additional query parameters for Microsoft OAuth authorization.
+       * Useful for Microsoft-specific options like domain hints.
+       *
+       * @example
+       * ```ts
+       * {
+       *   query: {
+       *     domain_hint: "contoso.com",    // Pre-fill domain
+       *     login_hint: "user@contoso.com", // Pre-fill username
+       *     prompt: "consent"              // Force consent screen
+       *   }
+       * }
+       * ```
+       */
   readonly query?: Record<string, string>;
 }
 /**

package/dist/provider/oauth2.d.mts

@@ -1,106 +1,105 @@
 import { Provider } from "./provider.mjs";
 
 //#region src/provider/oauth2.d.ts
-
 /**
  * Configuration options for the OAuth 2.0 provider.
  */
 interface Oauth2Config {
   /**
-   * Provider type identifier for internal use.
-   * @internal
-   * @default "oauth2"
-   */
+       * Provider type identifier for internal use.
+       * @internal
+       * @default "oauth2"
+       */
   readonly type?: string;
   /**
-   * The client ID registered with the OAuth 2.0 provider.
-   * This public identifier is used in authorization requests.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "github-app-12345"
-   * }
-   * ```
-   */
+       * The client ID registered with the OAuth 2.0 provider.
+       * This public identifier is used in authorization requests.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "github-app-12345"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * The client secret for authenticating with the OAuth 2.0 provider.
-   * This private credential must be kept secure and not exposed to clients.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.OAUTH_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * The client secret for authenticating with the OAuth 2.0 provider.
+       * This private credential must be kept secure and not exposed to clients.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.OAUTH_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * OAuth 2.0 endpoint URLs for the authorization and token flows.
-   */
+       * OAuth 2.0 endpoint URLs for the authorization and token flows.
+       */
   readonly endpoint: {
     /**
-     * The authorization endpoint where users are redirected for authentication.
-     *
-     * @example "https://github.com/login/oauth/authorize"
-     */
+             * The authorization endpoint where users are redirected for authentication.
+             *
+             * @example "https://github.com/login/oauth/authorize"
+             */
     readonly authorization: string;
     /**
-     * The token endpoint for exchanging authorization codes for access tokens.
-     *
-     * @example "https://github.com/login/oauth/access_token"
-     */
+             * The token endpoint for exchanging authorization codes for access tokens.
+             *
+             * @example "https://github.com/login/oauth/access_token"
+             */
     readonly token: string;
     /**
-     * Optional JWKS endpoint for verifying ID tokens.
-     * Required only if the provider returns ID tokens that need verification.
-     *
-     * @example "https://provider.com/.well-known/jwks.json"
-     */
+             * Optional JWKS endpoint for verifying ID tokens.
+             * Required only if the provider returns ID tokens that need verification.
+             *
+             * @example "https://provider.com/.well-known/jwks.json"
+             */
     readonly jwks?: string;
   };
   /**
-   * OAuth 2.0 scopes to request during authorization.
-   * Scopes define the level of access being requested.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: ["user:email", "read:user", "repo"]
-   * }
-   * ```
-   */
+       * OAuth 2.0 scopes to request during authorization.
+       * Scopes define the level of access being requested.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: ["user:email", "read:user", "repo"]
+       * }
+       * ```
+       */
   readonly scopes: string[];
   /**
-   * Whether to use PKCE (Proof Key for Code Exchange) for enhanced security.
-   * Recommended for public clients and required by some providers.
-   *
-   * @default false
-   *
-   * @example
-   * ```ts
-   * {
-   *   pkce: true // Required for Twitter/X, recommended for mobile apps
-   * }
-   * ```
-   */
+       * Whether to use PKCE (Proof Key for Code Exchange) for enhanced security.
+       * Recommended for public clients and required by some providers.
+       *
+       * @default false
+       *
+       * @example
+       * ```ts
+       * {
+       *   pkce: true // Required for Twitter/X, recommended for mobile apps
+       * }
+       * ```
+       */
   readonly pkce?: boolean;
   /**
-   * Additional query parameters to include in the authorization request.
-   * Useful for provider-specific parameters or customizing the auth flow.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     access_type: "offline",    // Request refresh token
-   *     prompt: "consent",         // Force consent screen
-   *     hd: "mycompany.com"       // Google Workspace domain
-   *   }
-   * }
-   * ```
-   */
+       * Additional query parameters to include in the authorization request.
+       * Useful for provider-specific parameters or customizing the auth flow.
+       *
+       * @example
+       * ```ts
+       * {
+       *   query: {
+       *     access_type: "offline",    // Request refresh token
+       *     prompt: "consent",         // Force consent screen
+       *     hd: "mycompany.com"       // Google Workspace domain
+       *   }
+       * }
+       * ```
+       */
   readonly query?: Record<string, string>;
 }
 /**

package/dist/provider/passkey.d.mts

@@ -2,7 +2,6 @@ import { Provider } from "./provider.mjs";
 import { AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, CredentialDeviceType } from "@simplewebauthn/server";
 
 //#region src/provider/passkey.d.ts
-
 /**
  * User model for passkey authentication.
  * Contains the core user data needed for WebAuthn operations.
@@ -41,44 +40,44 @@ declare const DEFAULT_COPY: {
  */
 interface PasskeyProviderConfig {
   /**
-   * Custom authorization handler that generates the UI for authorization.
-   */
+       * Custom authorization handler that generates the UI for authorization.
+       */
   authorize: (req: Request) => Promise<Response>;
   /**
-   * Custom registration handler that generates the UI for registration.
-   */
+       * Custom registration handler that generates the UI for registration.
+       */
   register: (req: Request) => Promise<Response>;
   /**
-   * The human-readable name of the relying party (your application).
-   */
+       * The human-readable name of the relying party (your application).
+       */
   rpName: string;
   /**
-   * The ID of the relying party, typically the domain name without protocol.
-   */
+       * The ID of the relying party, typically the domain name without protocol.
+       */
   rpID?: string;
   /**
-   * The origin URL(s) that are allowed to initiate WebAuthn ceremonies.
-   */
+       * The origin URL(s) that are allowed to initiate WebAuthn ceremonies.
+       */
   origin?: string | string[];
   /**
-   * Optional function to check if a user is allowed to register a passkey.
-   */
+       * Optional function to check if a user is allowed to register a passkey.
+       */
   userCanRegisterPasskey?: (userId: string, req: Request) => Promise<boolean>;
   /**
-   * Optional WebAuthn authenticator selection criteria.
-   */
+       * Optional WebAuthn authenticator selection criteria.
+       */
   authenticatorSelection?: AuthenticatorSelectionCriteria;
   /**
-   * Optional attestation type.
-   */
+       * Optional attestation type.
+       */
   attestationType?: "none" | "direct" | "enterprise";
   /**
-   * Optional timeout for challenges in milliseconds.
-   */
+       * Optional timeout for challenges in milliseconds.
+       */
   timeout?: number;
   /**
-   * Custom copy texts for error messages and UI elements.
-   */
+       * Custom copy texts for error messages and UI elements.
+       */
   copy?: Partial<typeof DEFAULT_COPY>;
 }
 /**