@drmhse/sso-sdk 0.2.9 → 0.3.1

package/dist/index.js

@@ -147,7 +147,7 @@ var HttpClient = class {
         signal: controller.signal
       });
       clearTimeout(timeoutId);
-      if (response.status === 401 && this.sessionManager && !options._retry && !path.includes("/auth/login")) {
+      if (response.status === 401 && this.sessionManager && !options._retry && !path.includes("/auth/login") && !path.includes("/auth/refresh")) {
         try {
           const newToken = await this.sessionManager.refreshSession();
           return this.request(path, {
@@ -731,6 +731,23 @@ var AuthModule = class {
     const response = await this.http.post("/api/auth/register", payload);
     return response.data;
   }
+  /**
+   * Verify an email address using the token from the verification email.
+   *
+   * @param token Verification token
+   * @returns HTML success page string
+   *
+   * @example
+   * ```typescript
+   * const html = await sso.auth.verifyEmail('token-from-email');
+   * ```
+   */
+  async verifyEmail(token) {
+    const response = await this.http.get("/auth/verify-email", {
+      params: { token }
+    });
+    return response.data;
+  }
   /**
    * Login with email and password.
    * Automatically persists the session and configures the client.
@@ -1490,6 +1507,43 @@ var WebhooksModule = class {
 var OrganizationsModule = class {
   constructor(http) {
     this.http = http;
+    /**
+     * SCIM token management methods
+     */
+    this.scim = {
+      /**
+       * Create a new SCIM token.
+       * The token is only returned once upon creation.
+       */
+      createToken: async (orgSlug, payload) => {
+        const response = await this.http.post(
+          `/api/organizations/${orgSlug}/scim-tokens`,
+          payload
+        );
+        return response.data;
+      },
+      /**
+       * List all SCIM tokens.
+       */
+      listTokens: async (orgSlug) => {
+        const response = await this.http.get(
+          `/api/organizations/${orgSlug}/scim-tokens`
+        );
+        return response.data;
+      },
+      /**
+       * Revoke a SCIM token.
+       */
+      revokeToken: async (orgSlug, tokenId) => {
+        await this.http.post(`/api/organizations/${orgSlug}/scim-tokens/${tokenId}/revoke`);
+      },
+      /**
+       * Delete a SCIM token.
+       */
+      deleteToken: async (orgSlug, tokenId) => {
+        await this.http.delete(`/api/organizations/${orgSlug}/scim-tokens/${tokenId}`);
+      }
+    };
     /**
      * Member management methods
      */
@@ -1513,6 +1567,24 @@ var OrganizationsModule = class {
         );
         return response.data;
       },
+      /**
+       * Add a member to the organization (Invite + Accept).
+       * This is a convenience method that creates an invitation and immediately accepts it.
+       * Useful for testing and admin operations.
+       *
+       * @param orgSlug Organization slug
+       * @param payload Member details (email, role)
+       * @returns The created invitation
+       */
+      add: async (orgSlug, payload) => {
+        const response = await this.http.post(
+          `/api/organizations/${orgSlug}/invitations`,
+          payload
+        );
+        const invitation = response.data;
+        await this.http.post("/api/invitations/accept", { token: invitation.token });
+        return invitation;
+      },
       /**
        * Update a member's role.
        * Requires 'owner' role.
@@ -2554,6 +2626,26 @@ var ServicesModule = class {
         );
         return response.data;
       },
+      /**
+       * Initiate an IdP-initiated SAML login.
+       * Returns an HTML page with an auto-submitting form that POSTs the SAML assertion to the Service Provider.
+       *
+       * @param orgSlug Organization slug
+       * @param serviceSlug Service slug
+       * @returns HTML page with auto-submitting form
+       *
+       * @example
+       * ```typescript
+       * const html = await sso.services.saml.initiateLogin('acme-corp', 'salesforce');
+       * document.body.innerHTML = html; // Auto-submits
+       * ```
+       */
+      initiateLogin: async (orgSlug, serviceSlug) => {
+        const response = await this.http.get(
+          `/api/organizations/${orgSlug}/services/${serviceSlug}/saml/login`
+        );
+        return response.data;
+      },
       /**
        * Generate a new SAML signing certificate for the IdP.
        * Requires 'owner' or 'admin' role.
@@ -2807,7 +2899,7 @@ var InvitationsModule = class {
    * @example
    * ```typescript
    * const invitation = await sso.invitations.create('acme-corp', {
-   *   invitee_email: 'newuser@example.com',
+   *   email: 'newuser@example.com',
    *   role: 'member'
    * });
    * ```
@@ -3343,6 +3435,78 @@ var ServiceApiModule = class {
   constructor(http) {
     this.http = http;
   }
+  /**
+   * List all users for the service
+   * Requires 'read:users' permission on the API key
+   *
+   * @param params Optional pagination parameters
+   * @returns List of users with total count
+   */
+  async listUsers(params) {
+    const queryParams = new URLSearchParams();
+    if (params?.limit) queryParams.set("limit", params.limit.toString());
+    if (params?.offset) queryParams.set("offset", params.offset.toString());
+    const query = queryParams.toString() ? `?${queryParams.toString()}` : "";
+    const response = await this.http.get(`/api/service/users${query}`);
+    return response.data;
+  }
+  /**
+   * Get a specific user by ID
+   * Requires 'read:users' permission on the API key
+   *
+   * @param userId User ID to retrieve
+   * @returns User details
+   */
+  async getUser(userId) {
+    const response = await this.http.get(`/api/service/users/${userId}`);
+    return response.data;
+  }
+  /**
+   * List all subscriptions for the service
+   * Requires 'read:subscriptions' permission on the API key
+   *
+   * @param params Optional pagination parameters
+   * @returns List of subscriptions with total count
+   */
+  async listSubscriptions(params) {
+    const queryParams = new URLSearchParams();
+    if (params?.limit) queryParams.set("limit", params.limit.toString());
+    if (params?.offset) queryParams.set("offset", params.offset.toString());
+    const query = queryParams.toString() ? `?${queryParams.toString()}` : "";
+    const response = await this.http.get(`/api/service/subscriptions${query}`);
+    return response.data;
+  }
+  /**
+   * Get subscription for a specific user
+   * Requires 'read:subscriptions' permission on the API key
+   *
+   * @param userId User ID whose subscription to retrieve
+   * @returns User's subscription
+   */
+  async getSubscription(userId) {
+    const response = await this.http.get(`/api/service/subscriptions/${userId}`);
+    return response.data;
+  }
+  /**
+   * Get analytics for the service
+   * Requires 'read:analytics' permission on the API key
+   *
+   * @returns Service analytics data
+   */
+  async getAnalytics() {
+    const response = await this.http.get("/api/service/analytics");
+    return response.data;
+  }
+  /**
+   * Get service information
+   * Requires 'read:service' permission on the API key
+   *
+   * @returns Service information
+   */
+  async getServiceInfo() {
+    const response = await this.http.get("/api/service/info");
+    return response.data;
+  }
   /**
    * Create a new user
    * Requires 'write:users' permission on the API key
@@ -3766,15 +3930,40 @@ var PasskeysModule = class {
    * }
    * ```
    */
+  /**
+   * Start the passkey registration ceremony.
+   * returns the options required to create credentials in the browser.
+   */
+  async registerStart(displayName) {
+    const response = await this.http.post(
+      "/api/auth/passkeys/register/start",
+      { name: displayName }
+    );
+    return response.data;
+  }
+  /**
+   * Finish the passkey registration ceremony.
+   * Verifies the credential created by the browser.
+   */
+  async registerFinish(challengeId, credential) {
+    const response = await this.http.post(
+      "/api/auth/passkeys/register/finish",
+      {
+        challenge_id: challengeId,
+        credential
+      }
+    );
+    return response.data;
+  }
+  /**
+   * Register a new passkey for the authenticated user
+   * ...
+   */
   async register(displayName) {
     if (!this.isSupported()) {
       throw new Error("WebAuthn is not supported in this browser");
     }
-    const startResponse = await this.http.post(
-      "/auth/passkeys/register/start",
-      { name: displayName }
-    );
-    const startData = startResponse.data;
+    const startData = await this.registerStart(displayName);
     const createOptions = {
       publicKey: {
         ...startData.options,
@@ -3808,14 +3997,8 @@ var PasskeysModule = class {
       clientExtensionResults: credential.getClientExtensionResults(),
       type: credential.type
     };
-    const finishResponse = await this.http.post(
-      "/auth/passkeys/register/finish",
-      {
-        challenge_id: startData.challenge_id,
-        credential: credentialJSON
-      }
-    );
-    return finishResponse.data.passkey_id;
+    const finishResponse = await this.registerFinish(startData.challenge_id, credentialJSON);
+    return finishResponse.passkey_id;
   }
   /**
    * Authenticate with a passkey and obtain a JWT token
@@ -3839,16 +4022,40 @@ var PasskeysModule = class {
    * }
    * ```
    */
+  /**
+   * Start the passkey authentication ceremony.
+   * Returns the options required to get credentials from the browser.
+   */
+  async authenticateStart(email) {
+    const response = await this.http.post(
+      "/api/auth/passkeys/authenticate/start",
+      { email }
+    );
+    return response.data;
+  }
+  /**
+   * Finish the passkey authentication ceremony.
+   * Verifies the assertion returned by the browser.
+   */
+  async authenticateFinish(challengeId, credential) {
+    const response = await this.http.post(
+      "/api/auth/passkeys/authenticate/finish",
+      {
+        challenge_id: challengeId,
+        credential
+      }
+    );
+    return response.data;
+  }
+  /**
+   * Authenticate with a passkey and obtain a JWT token
+   * ...
+   */
   async login(email) {
     if (!this.isSupported()) {
       throw new Error("WebAuthn is not supported in this browser");
     }
-    const startRequest = { email };
-    const startResponse = await this.http.post(
-      "/auth/passkeys/authenticate/start",
-      startRequest
-    );
-    const startData = startResponse.data;
+    const startData = await this.authenticateStart(email);
     const getOptions = {
       publicKey: {
         ...startData.options,
@@ -3879,14 +4086,7 @@ var PasskeysModule = class {
       clientExtensionResults: credential.getClientExtensionResults(),
       type: credential.type
     };
-    const finishResponse = await this.http.post(
-      "/auth/passkeys/authenticate/finish",
-      {
-        challenge_id: startData.challenge_id,
-        credential: credentialJSON
-      }
-    );
-    return finishResponse.data;
+    return this.authenticateFinish(startData.challenge_id, credentialJSON);
   }
   /**
    * Convert Base64URL string to Uint8Array
@@ -4059,6 +4259,10 @@ var SsoClient = class {
    * Sets the JWT for all subsequent authenticated requests.
    * Pass null to clear the token.
    *
+   * NOTE: For OAuth callback flows, prefer using setSession() which properly
+   * updates the SessionManager. This method updates both the HTTP headers
+   * AND the SessionManager for backward compatibility.
+   *
    * @param token The JWT string, or null to clear
    *
    * @example
@@ -4073,10 +4277,30 @@ var SsoClient = class {
   setAuthToken(token) {
     if (token) {
       this.http.defaults.headers.common["Authorization"] = `Bearer ${token}`;
+      this.session.setSession({ access_token: token });
     } else {
       delete this.http.defaults.headers.common["Authorization"];
+      this.session.clearSession();
     }
   }
+  /**
+   * Sets the session tokens for OAuth callback flows.
+   * This properly updates the SessionManager and persists tokens to storage.
+   *
+   * @param tokens Object containing access_token and optionally refresh_token
+   *
+   * @example
+   * ```typescript
+   * // After OAuth callback
+   * await sso.setSession({
+   *   access_token: accessToken,
+   *   refresh_token: refreshToken
+   * });
+   * ```
+   */
+  async setSession(tokens) {
+    await this.session.setSession(tokens);
+  }
   /**
    * Sets the API key for service-to-service authentication.
    * Pass null to clear the API key.