npm - @draftlab/auth - Versions diffs - 0.15.0 → 0.16.0 - Mend

@draftlab/auth 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/dist/esm/allow.js +26 -0
package/dist/esm/client.js +254 -0
package/dist/esm/core.js +597 -0
package/dist/esm/css.d.js +0 -0
package/dist/esm/error.js +88 -0
package/dist/esm/index.js +5 -0
package/dist/esm/keys.js +126 -0
package/dist/esm/mutex.js +53 -0
package/dist/esm/pkce.js +87 -0
package/dist/esm/provider/apple.js +15 -0
package/dist/esm/provider/code.js +62 -0
package/dist/esm/provider/discord.js +15 -0
package/dist/esm/provider/facebook.js +15 -0
package/dist/esm/provider/github.js +15 -0
package/dist/esm/provider/gitlab.js +15 -0
package/dist/esm/provider/google.js +16 -0
package/dist/esm/provider/linkedin.js +15 -0
package/dist/esm/provider/magiclink.js +83 -0
package/dist/esm/provider/microsoft.js +15 -0
package/dist/esm/provider/oauth2.js +130 -0
package/dist/esm/provider/password.js +331 -0
package/dist/esm/provider/provider.js +18 -0
package/dist/esm/provider/reddit.js +15 -0
package/dist/esm/provider/slack.js +15 -0
package/dist/esm/provider/spotify.js +15 -0
package/dist/esm/provider/twitch.js +15 -0
package/dist/esm/provider/vercel.js +17 -0
package/dist/esm/random.js +40 -0
package/dist/esm/revocation.js +27 -0
package/dist/esm/storage/memory.js +110 -0
package/dist/esm/storage/storage.js +56 -0
package/dist/esm/storage/turso.js +93 -0
package/dist/esm/storage/unstorage.js +78 -0
package/dist/esm/subject.js +7 -0
package/dist/esm/themes/theme.js +115 -0
package/dist/esm/toolkit/client.js +119 -0
package/dist/esm/toolkit/index.js +25 -0
package/dist/esm/toolkit/providers/facebook.js +11 -0
package/dist/esm/toolkit/providers/github.js +11 -0
package/dist/esm/toolkit/providers/google.js +11 -0
package/dist/esm/toolkit/providers/strategy.js +0 -0
package/dist/esm/toolkit/storage.js +81 -0
package/dist/esm/toolkit/utils.js +18 -0
package/dist/esm/types.js +0 -0
package/dist/esm/ui/base.js +478 -0
package/dist/esm/ui/code.js +186 -0
package/dist/esm/ui/form.js +46 -0
package/dist/esm/ui/icon.js +242 -0
package/dist/esm/ui/magiclink.js +158 -0
package/dist/esm/ui/password.js +435 -0
package/dist/esm/ui/select.js +102 -0
package/dist/esm/util.js +59 -0
package/dist/{allow.d.mts → types/allow.d.ts} +9 -11
package/dist/types/allow.d.ts.map +1 -0
package/dist/types/client.d.ts +462 -0
package/dist/types/client.d.ts.map +1 -0
package/dist/types/core.d.ts +113 -0
package/dist/types/core.d.ts.map +1 -0
package/dist/{error.d.mts → types/error.d.ts} +95 -97
package/dist/types/error.d.ts.map +1 -0
package/dist/types/index.d.ts +2 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/{keys.d.mts → types/keys.d.ts} +20 -24
package/dist/types/keys.d.ts.map +1 -0
package/dist/types/mutex.d.ts +42 -0
package/dist/types/mutex.d.ts.map +1 -0
package/dist/{pkce.d.mts → types/pkce.d.ts} +10 -11
package/dist/types/pkce.d.ts.map +1 -0
package/dist/types/provider/apple.d.ts +197 -0
package/dist/types/provider/apple.d.ts.map +1 -0
package/dist/types/provider/code.d.ts +288 -0
package/dist/types/provider/code.d.ts.map +1 -0
package/dist/types/provider/discord.d.ts +206 -0
package/dist/types/provider/discord.d.ts.map +1 -0
package/dist/types/provider/facebook.d.ts +200 -0
package/dist/types/provider/facebook.d.ts.map +1 -0
package/dist/types/provider/github.d.ts +220 -0
package/dist/types/provider/github.d.ts.map +1 -0
package/dist/types/provider/gitlab.d.ts +180 -0
package/dist/types/provider/gitlab.d.ts.map +1 -0
package/dist/types/provider/google.d.ts +158 -0
package/dist/types/provider/google.d.ts.map +1 -0
package/dist/types/provider/linkedin.d.ts +190 -0
package/dist/types/provider/linkedin.d.ts.map +1 -0
package/dist/types/provider/magiclink.d.ts +141 -0
package/dist/types/provider/magiclink.d.ts.map +1 -0
package/dist/types/provider/microsoft.d.ts +247 -0
package/dist/types/provider/microsoft.d.ts.map +1 -0
package/dist/types/provider/oauth2.d.ts +229 -0
package/dist/types/provider/oauth2.d.ts.map +1 -0
package/dist/types/provider/password.d.ts +408 -0
package/dist/types/provider/password.d.ts.map +1 -0
package/dist/types/provider/provider.d.ts +226 -0
package/dist/types/provider/provider.d.ts.map +1 -0
package/dist/types/provider/reddit.d.ts +159 -0
package/dist/types/provider/reddit.d.ts.map +1 -0
package/dist/types/provider/slack.d.ts +171 -0
package/dist/types/provider/slack.d.ts.map +1 -0
package/dist/types/provider/spotify.d.ts +168 -0
package/dist/types/provider/spotify.d.ts.map +1 -0
package/dist/types/provider/twitch.d.ts +163 -0
package/dist/types/provider/twitch.d.ts.map +1 -0
package/dist/types/provider/vercel.d.ts +294 -0
package/dist/types/provider/vercel.d.ts.map +1 -0
package/dist/{random.d.mts → types/random.d.ts} +4 -6
package/dist/types/random.d.ts.map +1 -0
package/dist/types/revocation.d.ts +76 -0
package/dist/types/revocation.d.ts.map +1 -0
package/dist/{storage/memory.d.mts → types/storage/memory.d.ts} +17 -21
package/dist/types/storage/memory.d.ts.map +1 -0
package/dist/types/storage/storage.d.ts +177 -0
package/dist/types/storage/storage.d.ts.map +1 -0
package/dist/{storage/turso.d.mts → types/storage/turso.d.ts} +4 -8
package/dist/types/storage/turso.d.ts.map +1 -0
package/dist/{storage/unstorage.d.mts → types/storage/unstorage.d.ts} +12 -11
package/dist/types/storage/unstorage.d.ts.map +1 -0
package/dist/types/subject.d.ts +115 -0
package/dist/types/subject.d.ts.map +1 -0
package/dist/types/themes/theme.d.ts +207 -0
package/dist/types/themes/theme.d.ts.map +1 -0
package/dist/types/toolkit/client.d.ts +235 -0
package/dist/types/toolkit/client.d.ts.map +1 -0
package/dist/types/toolkit/index.d.ts +45 -0
package/dist/types/toolkit/index.d.ts.map +1 -0
package/dist/types/toolkit/providers/facebook.d.ts +8 -0
package/dist/types/toolkit/providers/facebook.d.ts.map +1 -0
package/dist/types/toolkit/providers/github.d.ts +8 -0
package/dist/types/toolkit/providers/github.d.ts.map +1 -0
package/dist/types/toolkit/providers/google.d.ts +8 -0
package/dist/types/toolkit/providers/google.d.ts.map +1 -0
package/dist/types/toolkit/providers/strategy.d.ts +38 -0
package/dist/types/toolkit/providers/strategy.d.ts.map +1 -0
package/dist/{toolkit/storage.d.mts → types/toolkit/storage.d.ts} +37 -39
package/dist/types/toolkit/storage.d.ts.map +1 -0
package/dist/{toolkit/utils.d.mts → types/toolkit/utils.d.ts} +2 -4
package/dist/types/toolkit/utils.d.ts.map +1 -0
package/dist/types/types.d.ts +92 -0
package/dist/types/types.d.ts.map +1 -0
package/dist/types/ui/base.d.ts +18 -0
package/dist/types/ui/base.d.ts.map +1 -0
package/dist/types/ui/code.d.ts +43 -0
package/dist/types/ui/code.d.ts.map +1 -0
package/dist/types/ui/form.d.ts +24 -0
package/dist/types/ui/form.d.ts.map +1 -0
package/dist/types/ui/icon.d.ts +60 -0
package/dist/types/ui/icon.d.ts.map +1 -0
package/dist/types/ui/magiclink.d.ts +41 -0
package/dist/types/ui/magiclink.d.ts.map +1 -0
package/dist/types/ui/password.d.ts +43 -0
package/dist/types/ui/password.d.ts.map +1 -0
package/dist/types/ui/select.d.ts +33 -0
package/dist/types/ui/select.d.ts.map +1 -0
package/dist/{util.d.mts → types/util.d.ts} +11 -13
package/dist/types/util.d.ts.map +1 -0
package/package.json +10 -16
package/dist/adapters/node.d.mts +0 -18
package/dist/adapters/node.mjs +0 -69
package/dist/allow.mjs +0 -63
package/dist/client.d.mts +0 -456
package/dist/client.mjs +0 -283
package/dist/core.d.mts +0 -110
package/dist/core.mjs +0 -595
package/dist/error.mjs +0 -237
package/dist/index.d.mts +0 -2
package/dist/index.mjs +0 -3
package/dist/keys.mjs +0 -146
package/dist/mutex.d.mts +0 -44
package/dist/mutex.mjs +0 -110
package/dist/pkce.mjs +0 -157
package/dist/provider/apple.d.mts +0 -111
package/dist/provider/apple.mjs +0 -164
package/dist/provider/code.d.mts +0 -228
package/dist/provider/code.mjs +0 -246
package/dist/provider/discord.d.mts +0 -146
package/dist/provider/discord.mjs +0 -156
package/dist/provider/facebook.d.mts +0 -142
package/dist/provider/facebook.mjs +0 -150
package/dist/provider/github.d.mts +0 -140
package/dist/provider/github.mjs +0 -169
package/dist/provider/gitlab.d.mts +0 -106
package/dist/provider/gitlab.mjs +0 -147
package/dist/provider/google.d.mts +0 -112
package/dist/provider/google.mjs +0 -109
package/dist/provider/linkedin.d.mts +0 -132
package/dist/provider/linkedin.mjs +0 -142
package/dist/provider/magiclink.d.mts +0 -89
package/dist/provider/magiclink.mjs +0 -143
package/dist/provider/microsoft.d.mts +0 -178
package/dist/provider/microsoft.mjs +0 -177
package/dist/provider/oauth2.d.mts +0 -176
package/dist/provider/oauth2.mjs +0 -222
package/dist/provider/passkey.d.mts +0 -104
package/dist/provider/passkey.mjs +0 -320
package/dist/provider/password.d.mts +0 -412
package/dist/provider/password.mjs +0 -363
package/dist/provider/provider.d.mts +0 -227
package/dist/provider/provider.mjs +0 -44
package/dist/provider/reddit.d.mts +0 -107
package/dist/provider/reddit.mjs +0 -127
package/dist/provider/slack.d.mts +0 -114
package/dist/provider/slack.mjs +0 -138
package/dist/provider/spotify.d.mts +0 -113
package/dist/provider/spotify.mjs +0 -135
package/dist/provider/totp.d.mts +0 -112
package/dist/provider/totp.mjs +0 -191
package/dist/provider/twitch.d.mts +0 -108
package/dist/provider/twitch.mjs +0 -131
package/dist/provider/vercel.d.mts +0 -177
package/dist/provider/vercel.mjs +0 -230
package/dist/random.mjs +0 -86
package/dist/revocation.d.mts +0 -55
package/dist/revocation.mjs +0 -63
package/dist/router/context.d.mts +0 -21
package/dist/router/context.mjs +0 -193
package/dist/router/cookies.d.mts +0 -8
package/dist/router/cookies.mjs +0 -13
package/dist/router/index.d.mts +0 -21
package/dist/router/index.mjs +0 -107
package/dist/router/matcher.d.mts +0 -15
package/dist/router/matcher.mjs +0 -76
package/dist/router/middleware/cors.d.mts +0 -15
package/dist/router/middleware/cors.mjs +0 -114
package/dist/router/safe-request.d.mts +0 -52
package/dist/router/safe-request.mjs +0 -160
package/dist/router/types.d.mts +0 -67
package/dist/router/types.mjs +0 -1
package/dist/router/variables.d.mts +0 -12
package/dist/router/variables.mjs +0 -20
package/dist/storage/memory.mjs +0 -125
package/dist/storage/storage.d.mts +0 -179
package/dist/storage/storage.mjs +0 -104
package/dist/storage/turso.mjs +0 -117
package/dist/storage/unstorage.mjs +0 -103
package/dist/subject.d.mts +0 -62
package/dist/subject.mjs +0 -36
package/dist/themes/theme.d.mts +0 -209
package/dist/themes/theme.mjs +0 -120
package/dist/toolkit/client.d.mts +0 -169
package/dist/toolkit/client.mjs +0 -209
package/dist/toolkit/index.d.mts +0 -9
package/dist/toolkit/index.mjs +0 -9
package/dist/toolkit/providers/facebook.d.mts +0 -12
package/dist/toolkit/providers/facebook.mjs +0 -16
package/dist/toolkit/providers/github.d.mts +0 -12
package/dist/toolkit/providers/github.mjs +0 -16
package/dist/toolkit/providers/google.d.mts +0 -12
package/dist/toolkit/providers/google.mjs +0 -20
package/dist/toolkit/providers/strategy.d.mts +0 -40
package/dist/toolkit/providers/strategy.mjs +0 -1
package/dist/toolkit/storage.mjs +0 -157
package/dist/toolkit/utils.mjs +0 -30
package/dist/types.d.mts +0 -94
package/dist/types.mjs +0 -1
package/dist/ui/base.d.mts +0 -30
package/dist/ui/base.mjs +0 -407
package/dist/ui/code.d.mts +0 -43
package/dist/ui/code.mjs +0 -173
package/dist/ui/form.d.mts +0 -32
package/dist/ui/form.mjs +0 -49
package/dist/ui/icon.d.mts +0 -58
package/dist/ui/icon.mjs +0 -247
package/dist/ui/magiclink.d.mts +0 -41
package/dist/ui/magiclink.mjs +0 -152
package/dist/ui/passkey.d.mts +0 -27
package/dist/ui/passkey.mjs +0 -323
package/dist/ui/password.d.mts +0 -42
package/dist/ui/password.mjs +0 -402
package/dist/ui/select.d.mts +0 -34
package/dist/ui/select.mjs +0 -98
package/dist/ui/totp.d.mts +0 -34
package/dist/ui/totp.mjs +0 -270
package/dist/util.mjs +0 -128

package/dist/types/client.d.ts ADDED Viewed

@@ -0,0 +1,462 @@
+import type { StandardSchemaV1 } from "@standard-schema/spec";
+import { InvalidAccessTokenError, InvalidAuthorizationCodeError, InvalidRefreshTokenError, InvalidSubjectError } from "./error";
+import type { SubjectSchema } from "./subject";
+/**
+ * Result type for operations that can succeed or fail.
+ *
+ * @template T - The success data type
+ * @template E - The error type
+ *
+ * @example
+ * ```ts
+ * const result = await client.exchange(code, redirectUri)
+ * if (result.success) {
+ *   // Access token available: result.data.access
+ * } else {
+ *   // Handle error: result.error.message
+ * }
+ * ```
+ */
+export type Result<T, E = Error> = {
+    success: true;
+    data: T;
+} | {
+    success: false;
+    error: E;
+};
+interface FetchResponse {
+    ok: boolean;
+    text(): Promise<string>;
+    json(): Promise<unknown>;
+}
+type FetchLike = (url: string, init?: RequestInit) => Promise<FetchResponse>;
+/**
+ * Authorization server metadata from well-known endpoints.
+ */
+export interface WellKnown {
+    /**
+     * URI to the JWKS endpoint for token verification.
+     */
+    jwks_uri: string;
+    /**
+     * URI to the token endpoint for authorization code exchange.
+     */
+    token_endpoint: string;
+    /**
+     * URI to the authorization endpoint for starting flows.
+     */
+    authorization_endpoint: string;
+}
+/**
+ * Tokens returned by the authorization server.
+ */
+export interface Tokens {
+    /**
+     * Access token for making authenticated API requests.
+     */
+    access: string;
+    /**
+     * Refresh token for obtaining new access tokens.
+     */
+    refresh: string;
+    /**
+     * Number of seconds until the access token expires.
+     */
+    expiresIn: number;
+}
+/**
+ * Challenge data for PKCE flows.
+ */
+export type Challenge = {
+    /**
+     * State parameter for CSRF protection.
+     */
+    state: string;
+    /**
+     * PKCE code verifier for token exchange.
+     */
+    verifier?: string;
+};
+/**
+ * Client configuration options.
+ */
+export interface ClientInput {
+    /**
+     * Client ID that identifies your application.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "my-web-app"
+     * }
+     * ```
+     */
+    clientID: string;
+    /**
+     * Base URL of your Draft Auth server.
+     *
+     * @example
+     * ```ts
+     * {
+     *   issuer: "https://auth.myserver.com"
+     * }
+     * ```
+     */
+    issuer: string;
+    /**
+     * Optionally, override the internally used fetch function.
+     *
+     * @example
+     * ```ts
+     * {
+     *   fetch: customFetch
+     * }
+     * ```
+     */
+    fetch?: FetchLike;
+}
+/**
+ * Options for starting an authorization flow.
+ */
+export interface AuthorizeOptions {
+    /**
+     * Enable PKCE flow for enhanced security.
+     *
+     * Recommended for single-page applications and mobile apps.
+     *
+     * @default false
+     * @example
+     * ```ts
+     * {
+     *   pkce: true
+     * }
+     * ```
+     */
+    pkce?: boolean;
+    /**
+     * Specific authentication provider to use.
+     *
+     * If not specified, users see a provider selection screen
+     * or are redirected to the single configured provider.
+     *
+     * @example
+     * ```ts
+     * {
+     *   provider: "google"
+     * }
+     * ```
+     */
+    provider?: string;
+}
+/**
+ * Result of starting an authorization flow.
+ */
+export interface AuthorizeResult {
+    /**
+     * Challenge data needed for PKCE flows.
+     *
+     * Store this securely and use when exchanging the code.
+     *
+     * @example
+     * ```ts
+     * sessionStorage.setItem("challenge", JSON.stringify(challenge))
+     * ```
+     */
+    challenge: Challenge;
+    /**
+     * Authorization URL to redirect the user to.
+     *
+     * @example
+     * ```ts
+     * window.location.href = url
+     * ```
+     */
+    url: string;
+}
+/**
+ * Options for token refresh operations.
+ */
+export interface RefreshOptions {
+    /**
+     * Current access token to check before refreshing.
+     *
+     * Helps avoid unnecessary refresh requests.
+     *
+     * @example
+     * ```ts
+     * {
+     *   access: currentAccessToken
+     * }
+     * ```
+     */
+    access?: string;
+}
+/**
+ * Options for token verification.
+ */
+export interface VerifyOptions {
+    /**
+     * Refresh token for automatic refresh if access token is expired.
+     *
+     * If passed in, this will automatically refresh the access token if it has expired.
+     *
+     * @example
+     * ```ts
+     * {
+     *   refresh: refreshToken
+     * }
+     * ```
+     */
+    refresh?: string;
+    /**
+     * Expected issuer for validation.
+     * @internal
+     */
+    issuer?: string;
+    /**
+     * Expected audience for validation.
+     * Defaults to clientID for security. Override only if you know what you're doing.
+     * @internal
+     */
+    audience?: string;
+    /**
+     * Custom fetch for HTTP requests.
+     *
+     * Optionally, override the internally used fetch function.
+     */
+    fetch?: FetchLike;
+}
+/**
+ * Result of successful token verification.
+ */
+export interface VerifyResult<T extends SubjectSchema> {
+    /**
+     * New tokens if access token was refreshed during verification.
+     */
+    tokens?: Tokens;
+    /**
+     * Audience (client ID) the token was issued for.
+     * @internal
+     */
+    aud: string;
+    /**
+     * Unique subject identifier.
+     *
+     * This is a stable, consistent identifier derived from the subject type and properties.
+     * Format: `{type}:{hash}` (e.g., `user:30e16a2659c8bbb2`)
+     */
+    sub: string;
+    /**
+     * Decoded subject information from the access token.
+     *
+     * Contains user data that was encoded when the token was issued.
+     */
+    subject: {
+        [K in keyof T]: {
+            type: K;
+            properties: StandardSchemaV1.InferOutput<T[K]>;
+        };
+    }[keyof T];
+}
+/**
+ * Options for token revocation.
+ */
+export interface RevokeOptions {
+    /**
+     * Optional hint about the token type.
+     * Can be "access_token" or "refresh_token".
+     *
+     * Helps the server optimize token lookup.
+     *
+     * @example
+     * ```ts
+     * {
+     *   tokenTypeHint: "refresh_token"
+     * }
+     * ```
+     */
+    tokenTypeHint?: "access_token" | "refresh_token";
+}
+/**
+ * Draft Auth client with OAuth 2.0 operations.
+ */
+export interface Client {
+    /**
+     * Start an OAuth authorization flow.
+     *
+     * @param redirectURI - Where users will be sent after authorization
+     * @param response - Response type ("code" or "token")
+     * @param opts - Additional authorization options
+     * @returns Authorization URL and challenge data
+     *
+     * @example Basic flow
+     * ```ts
+     * const result = await client.authorize(
+     *   "https://myapp.com/callback",
+     *   "code"
+     * )
+     * if (result.success) {
+     *   window.location.href = result.data.url
+     * }
+     * ```
+     *
+     * @example PKCE flow
+     * ```ts
+     * const result = await client.authorize(
+     *   "https://spa.example.com/callback",
+     *   "code",
+     *   { pkce: true, scopes: ["read", "write"] }
+     * )
+     * if (result.success) {
+     *   sessionStorage.setItem("challenge", JSON.stringify(result.data.challenge))
+     *   window.location.href = result.data.url
+     * }
+     * ```
+     */
+    authorize(redirectURI: string, response: "code" | "token", opts?: AuthorizeOptions): Promise<Result<AuthorizeResult>>;
+    /**
+     * Exchange authorization code for tokens.
+     *
+     * @param code - Authorization code from the callback
+     * @param redirectURI - Same redirect URI used in authorization
+     * @param verifier - PKCE code verifier (required for PKCE flows)
+     * @returns Access tokens and metadata
+     *
+     * @example Basic exchange
+     * ```ts
+     * const urlParams = new URLSearchParams(window.location.search)
+     * const code = urlParams.get('code')
+     *
+     * if (code) {
+     *   const result = await client.exchange(code, "https://myapp.com/callback")
+     *   if (result.success) {
+     *     const { access, refresh } = result.data
+     *     // Store tokens securely
+     *   }
+     * }
+     * ```
+     *
+     * @example PKCE exchange
+     * ```ts
+     * const challenge = JSON.parse(sessionStorage.getItem("challenge") || "{}")
+     * const code = new URLSearchParams(window.location.search).get('code')
+     *
+     * if (code && challenge.verifier) {
+     *   const result = await client.exchange(
+     *     code,
+     *     "https://spa.example.com/callback",
+     *     challenge.verifier
+     *   )
+     *   if (result.success) {
+     *     sessionStorage.removeItem("challenge")
+     *     // Handle tokens
+     *   }
+     * }
+     * ```
+     */
+    exchange(code: string, redirectURI: string, verifier?: string): Promise<Result<Tokens, InvalidAuthorizationCodeError>>;
+    /**
+     * Refresh an access token using a refresh token.
+     *
+     * @param refresh - Refresh token to use
+     * @param opts - Additional refresh options
+     * @returns New tokens if refresh was needed
+     *
+     * @example Basic refresh
+     * ```ts
+     * const result = await client.refresh(storedRefreshToken)
+     *
+     * if (result.success && result.data.tokens) {
+     *   const { access, refresh: newRefresh } = result.data.tokens
+     *   updateStoredTokens(access, newRefresh)
+     * } else if (result.success) {
+     *   // Token still valid
+     * } else {
+     *   redirectToLogin()
+     * }
+     * ```
+     */
+    refresh(refresh: string, opts?: RefreshOptions): Promise<Result<{
+        tokens?: Tokens;
+    }, InvalidRefreshTokenError | InvalidAccessTokenError>>;
+    /**
+     * Verify and decode an access token.
+     *
+     * @param subjects - Subject schema used when creating the issuer
+     * @param token - Access token to verify
+     * @param options - Additional verification options
+     * @returns Decoded token data and user information
+     *
+     * @example Basic verification
+     * ```ts
+     * const result = await client.verify(subjects, accessToken)
+     *
+     * if (result.success) {
+     *   const { subject, scopes } = result.data
+     *   // Access user ID: subject.properties.userID
+     *   // Access scopes: scopes?.join(', ')
+     * }
+     * ```
+     *
+     * @example With automatic refresh
+     * ```ts
+     * const result = await client.verify(subjects, accessToken, {
+     *   refresh: refreshToken
+     * })
+     *
+     * if (result.success) {
+     *   if (result.data.tokens) {
+     *     // Tokens were refreshed
+     *     updateStoredTokens(result.data.tokens.access, result.data.tokens.refresh)
+     *   }
+     *   // Use verified subject data
+     *   const user = result.data.subject.properties
+     * }
+     * ```
+     */
+    verify<T extends SubjectSchema>(subjects: T, token: string, options?: VerifyOptions): Promise<Result<VerifyResult<T>, InvalidRefreshTokenError | InvalidAccessTokenError | InvalidSubjectError>>;
+    /**
+     * Revoke a token (access or refresh token).
+     *
+     * Once revoked, the token cannot be used to access resources or refresh.
+     * Useful for implementing logout functionality.
+     *
+     * @param token - The token to revoke
+     * @param opts - Additional revocation options
+     * @returns Empty result on success
+     *
+     * @example Logout with refresh token revocation
+     * ```ts
+     * const result = await client.revoke(refreshToken, {
+     *   tokenTypeHint: "refresh_token"
+     * })
+     *
+     * if (result.success) {
+     *   // Token revoked successfully, user is logged out
+     *   clearStoredTokens()
+     *   redirectToHome()
+     * } else {
+     *   // Revocation failed, but still clear tokens on client
+     *   clearStoredTokens()
+     * }
+     * ```
+     */
+    revoke(token: string, opts?: RevokeOptions): Promise<Result<void>>;
+}
+/**
+ * Create a Draft Auth client.
+ *
+ * @param input - Client configuration
+ * @returns Configured client instance
+ *
+ * @example Basic setup
+ * ```ts
+ * const client = createClient({
+ *   clientID: "my-web-app",
+ *   issuer: "https://auth.mycompany.com"
+ * })
+ * ```
+ */
+export declare const createClient: (input: ClientInput) => Client;
+export {};
+//# sourceMappingURL=client.d.ts.map

package/dist/types/client.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAmD7D,OAAO,EACN,uBAAuB,EACvB,6BAA6B,EAC7B,wBAAwB,EACxB,mBAAmB,EACnB,MAAM,SAAS,CAAA;AAEhB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAE9C;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,MAAM,CAAC,CAAC,EAAE,CAAC,GAAG,KAAK,IAAI;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,CAAC,CAAA;CAAE,CAAA;AAQ5F,UAAU,aAAa;IACtB,EAAE,EAAE,OAAO,CAAA;IACX,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IACvB,IAAI,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;CACxB;AAED,KAAK,SAAS,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,aAAa,CAAC,CAAA;AAE5E;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,cAAc,EAAE,MAAM,CAAA;IACtB;;OAEG;IACH,sBAAsB,EAAE,MAAM,CAAA;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACtB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IACf;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACvB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B;;;;;;;;;OASG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;;;;;;;;OASG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;;;;;;;;OASG;IACH,KAAK,CAAC,EAAE,SAAS,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC;;;;;;;;;;;;OAYG;IACH,IAAI,CAAC,EAAE,OAAO,CAAA;IACd;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B;;;;;;;;;OASG;IACH,SAAS,EAAE,SAAS,CAAA;IACpB;;;;;;;OAOG;IACH,GAAG,EAAE,MAAM,CAAA;CACX;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC7B;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;OAIG;IACH,KAAK,CAAC,EAAE,SAAS,CAAA;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,CAAC,SAAS,aAAa;IACpD;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;;;OAKG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;;OAIG;IACH,OAAO,EAAE;SACP,CAAC,IAAI,MAAM,CAAC,GAAG;YACf,IAAI,EAAE,CAAC,CAAA;YACP,UAAU,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;SAC9C;KACD,CAAC,MAAM,CAAC,CAAC,CAAA;CACV;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC7B;;;;;;;;;;;;OAYG;IACH,aAAa,CAAC,EAAE,cAAc,GAAG,eAAe,CAAA;CAChD;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACtB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,SAAS,CACR,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GAAG,OAAO,EAC1B,IAAI,CAAC,EAAE,gBAAgB,GACrB,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAA;IAEnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACH,QAAQ,CACP,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,QAAQ,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,6BAA6B,CAAC,CAAC,CAAA;IAEzD;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,OAAO,CACN,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,cAAc,GACnB,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,wBAAwB,GAAG,uBAAuB,CAAC,CAAC,CAAA;IAE3F;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACH,MAAM,CAAC,CAAC,SAAS,aAAa,EAC7B,QAAQ,EAAE,CAAC,EACX,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,aAAa,GACrB,OAAO,CACT,MAAM,CACL,YAAY,CAAC,CAAC,CAAC,EACf,wBAAwB,GAAG,uBAAuB,GAAG,mBAAmB,CACxE,CACD,CAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;CAClE;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,YAAY,GAAI,OAAO,WAAW,KAAG,MAuRjD,CAAA"}

package/dist/types/core.d.ts ADDED Viewed

@@ -0,0 +1,113 @@
+/**
+ * Core issuer implementation using Hono.
+ */
+import { Hono } from "hono";
+import { type AllowCheckInput } from "./allow";
+import { UnknownStateError } from "./error";
+import type { Provider } from "./provider/provider";
+import { type StorageAdapter } from "./storage/storage";
+import type { SubjectPayload, SubjectSchema } from "./subject";
+import { type Theme } from "./themes/theme";
+import type { AuthorizationState } from "./types";
+import { type Prettify } from "./util";
+/**
+ * Sets the subject payload in the JWT token and returns the response.
+ */
+export interface OnSuccessResponder<T extends {
+    type: string;
+    properties: unknown;
+}> {
+    subject<Type extends T["type"]>(type: Type, properties: Extract<T, {
+        type: Type;
+    }>["properties"], opts?: {
+        ttl?: {
+            access?: number;
+            refresh?: number;
+        };
+        subject?: string;
+    }): Promise<Response>;
+}
+/**
+ * Main issuer input configuration interface.
+ */
+interface IssuerInput<Providers extends Record<string, Provider<unknown>>, Subjects extends SubjectSchema, Result = {
+    [Key in keyof Providers]: Prettify<{
+        provider: Key;
+    } & (Providers[Key] extends Provider<infer T> ? T : Record<string, unknown>)>;
+}[keyof Providers]> {
+    /** The storage adapter for persisting tokens and sessions */
+    storage: StorageAdapter;
+    /** Auth providers configuration */
+    providers: Providers;
+    /** Subject schemas for token validation */
+    subjects: Subjects;
+    /** Base path for embedded scenarios (e.g., "/auth" or "/api/auth") */
+    basePath?: string;
+    /** Success callback for completed authentication */
+    success(response: OnSuccessResponder<SubjectPayload<Subjects>>, input: Result, req: Request, clientID: string): Promise<Response>;
+    /** Theme configuration for UI */
+    theme?: Theme;
+    /** TTL configuration for tokens and sessions */
+    ttl?: {
+        access?: number;
+        refresh?: number;
+        reuse?: number;
+        retention?: number;
+    };
+    /** Provider selection UI function */
+    select?(providers: Record<string, string>, req: Request): Promise<Response>;
+    /** Optional start callback */
+    start?(req: Request): Promise<void>;
+    /** Error handling callback */
+    error?(error: UnknownStateError, req: Request): Promise<Response>;
+    /** Client authorization check function */
+    allow?(input: AllowCheckInput, req: Request): Promise<boolean>;
+    /**
+     * Refresh callback for updating user claims.
+     *
+     * @example
+     * ```typescript
+     * refresh: async (payload, req) => {
+     *   const user = await getUserBySubject(payload.subject)
+     *   if (!user || !user.active) {
+     *     return undefined // Revoke the token
+     *   }
+     *
+     *   return {
+     *     type: payload.type,
+     *     properties: {
+     *       userID: user.id,
+     *       role: user.role,
+     *       permissions: user.permissions,
+     *       lastLogin: new Date().toISOString()
+     *     }
+     *   }
+     * }
+     * ```
+     */
+    refresh?(payload: {
+        type: SubjectPayload<Subjects>["type"];
+        properties: SubjectPayload<Subjects>["properties"];
+        subject: string;
+        clientID: string;
+        scopes?: string[];
+    }, req: Request): Promise<{
+        type: SubjectPayload<Subjects>["type"];
+        properties: SubjectPayload<Subjects>["properties"];
+        subject?: string;
+        scopes?: string[];
+    } | undefined>;
+}
+/**
+ * Create a Draft Auth server, a Hono app that handles OAuth 2.0 flows.
+ */
+export declare const issuer: <Providers extends Record<string, Provider<unknown>>, Subjects extends SubjectSchema, Result = { [key in keyof Providers]: {
+    provider: key;
+} & (Providers[key] extends Provider<infer T> ? T : Record<string, unknown>); }[keyof Providers]>(input: IssuerInput<Providers, Subjects, Result>) => Hono<{
+    Variables: {
+        authorization: AuthorizationState;
+        provider: string;
+    };
+}>;
+export {};
+//# sourceMappingURL=core.d.ts.map

package/dist/types/core.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../src/core.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAI3B,OAAO,EAAE,KAAK,eAAe,EAAqB,MAAM,SAAS,CAAA;AACjE,OAAO,EAIN,iBAAiB,EACjB,MAAM,SAAS,CAAA;AAGhB,OAAO,KAAK,EAAE,QAAQ,EAAmB,MAAM,qBAAqB,CAAA;AAGpE,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAChE,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAC9D,OAAO,EAAY,KAAK,KAAK,EAAE,MAAM,gBAAgB,CAAA;AACrD,OAAO,KAAK,EACX,kBAAkB,EAIlB,MAAM,SAAS,CAAA;AAEhB,OAAO,EAAwB,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAA;AAqC5D;;GAEG;AACH,MAAM,WAAW,kBAAkB,CAAC,CAAC,SAAS;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,OAAO,CAAA;CAAE;IAClF,OAAO,CAAC,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,EAC7B,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,OAAO,CAAC,CAAC,EAAE;QAAE,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC,YAAY,CAAC,EACpD,IAAI,CAAC,EAAE;QACN,GAAG,CAAC,EAAE;YACL,MAAM,CAAC,EAAE,MAAM,CAAA;YACf,OAAO,CAAC,EAAE,MAAM,CAAA;SAChB,CAAA;QACD,OAAO,CAAC,EAAE,MAAM,CAAA;KAChB,GACC,OAAO,CAAC,QAAQ,CAAC,CAAA;CACpB;AAED;;GAEG;AACH,UAAU,WAAW,CACpB,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,EACnD,QAAQ,SAAS,aAAa,EAC9B,MAAM,GAAG;KACP,GAAG,IAAI,MAAM,SAAS,GAAG,QAAQ,CACjC;QACC,QAAQ,EAAE,GAAG,CAAA;KACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAC5E;CACD,CAAC,MAAM,SAAS,CAAC;IAElB,6DAA6D;IAC7D,OAAO,EAAE,cAAc,CAAA;IACvB,mCAAmC;IACnC,SAAS,EAAE,SAAS,CAAA;IACpB,2CAA2C;IAC3C,QAAQ,EAAE,QAAQ,CAAA;IAClB,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,oDAAoD;IACpD,OAAO,CACN,QAAQ,EAAE,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,EACtD,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,QAAQ,CAAC,CAAA;IACpB,iCAAiC;IACjC,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,gDAAgD;IAChD,GAAG,CAAC,EAAE;QACL,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KAClB,CAAA;IACD,qCAAqC;IACrC,MAAM,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC3E,8BAA8B;IAC9B,KAAK,CAAC,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACnC,8BAA8B;IAC9B,KAAK,CAAC,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IACjE,0CAA0C;IAC1C,KAAK,CAAC,CAAC,KAAK,EAAE,eAAe,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAC9D;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,OAAO,CAAC,CACP,OAAO,EAAE;QACR,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAA;QACtC,UAAU,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAA;QAClD,OAAO,EAAE,MAAM,CAAA;QACf,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KACjB,EACD,GAAG,EAAE,OAAO,GACV,OAAO,CACP;QACA,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAA;QACtC,UAAU,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAA;QAClD,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAChB,GACD,SAAS,CACX,CAAA;CACD;AAcD;;GAEG;AACH,eAAO,MAAM,MAAM,GAClB,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,EACnD,QAAQ,SAAS,aAAa,EAC9B,MAAM,GAAG,GACP,GAAG,IAAI,MAAM,SAAS,GAAG;IACzB,QAAQ,EAAE,GAAG,CAAA;CACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAC5E,CAAC,MAAM,SAAS,CAAC,EAElB,OAAO,WAAW,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,KAC7C,IAAI,CAAC;IAAE,SAAS,EAAE;QAAE,aAAa,EAAE,kBAAkB,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAuyB7E,CAAA"}