npm - @drmhse/sso-sdk - Versions diffs - 0.4.0 → 0.5.0 - Mend

@drmhse/sso-sdk 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -519,6 +519,54 @@ interface Identity {
 interface StartLinkResponse {
     authorization_url: string;
 }
+interface ProviderDefinition {
+    provider: string;
+    display_name: string;
+    provider_type: string;
+    scopes: string[];
+    connect_supported: boolean;
+}
+interface LinkedAccountGrant {
+    id: string;
+    service_id: string;
+    scopes: string[];
+    granted_at: string;
+    last_used_at?: string;
+}
+interface LinkedAccount {
+    id: string;
+    provider: string;
+    provider_user_id: string;
+    email?: string;
+    display_name?: string;
+    scopes: string[];
+    expires_at?: string;
+    status: string;
+    grants: LinkedAccountGrant[];
+}
+interface LinkedAccountsResponse {
+    accounts: LinkedAccount[];
+    available_providers: ProviderDefinition[];
+}
+interface GrantLinkedAccountRequest {
+    service_id?: string;
+    scopes: string[];
+}
+interface ProviderTokenRequestDetails {
+    state: string;
+    provider: string;
+    requested_scopes: string[];
+    service_id: string;
+    service_name: string;
+    expires_at: string;
+    accounts: LinkedAccount[];
+}
+interface CompleteProviderTokenRequestPayload {
+    connected_account_id?: string;
+}
+interface CompleteProviderTokenRequestResponse {
+    redirect_url: string;
+}
 /**
  * Change password request payload
  */
@@ -1987,7 +2035,7 @@ interface UpdateRoleRequest {
 /**
  * Upstream Provider (Enterprise SSO) types
  */
-type UpstreamProviderType = 'oidc' | 'saml';
+type UpstreamProviderType = 'oidc' | 'oauth2' | 'saml';
 interface UpstreamProvider {
     id: string;
     org_id: string;
@@ -2637,6 +2685,18 @@ declare class IdentitiesModule {
      */
     unlink(provider: string): Promise<void>;
 }
+declare class LinkedAccountsModule {
+    private http;
+    constructor(http: HttpClient);
+    list(): Promise<LinkedAccountsResponse>;
+    startLink(provider: string): Promise<StartLinkResponse>;
+    grant(accountId: string, payload: GrantLinkedAccountRequest): Promise<LinkedAccountGrant>;
+    revokeGrant(accountId: string, serviceId: string): Promise<void>;
+    unlink(accountId: string): Promise<void>;
+    getProviderTokenRequest(state: string): Promise<ProviderTokenRequestDetails>;
+    completeProviderTokenRequest(state: string, payload?: CompleteProviderTokenRequestPayload): Promise<CompleteProviderTokenRequestResponse>;
+    startProviderTokenRequestLink(state: string): Promise<StartLinkResponse>;
+}
 /**
  * Multi-Factor Authentication (MFA) methods
  */
@@ -2809,6 +2869,7 @@ declare class DevicesModule {
 declare class UserModule {
     private http;
     readonly identities: IdentitiesModule;
+    readonly linkedAccounts: LinkedAccountsModule;
     readonly mfa: MfaModule;
     readonly devices: DevicesModule;
     constructor(http: HttpClient);
@@ -5065,6 +5126,33 @@ interface ServiceAnalytics {
     active_subscriptions: number;
     [key: string]: any;
 }
+interface ProviderTokenRequest {
+    user_id: string;
+    provider: string;
+    scopes?: string[];
+    redirect_uri?: string;
+    state?: string;
+}
+interface ProviderTokenAccount {
+    id: string;
+    provider_user_id: string;
+    email?: string;
+    display_name?: string;
+}
+type ProviderTokenResult = {
+    status: 'ok';
+    access_token: string;
+    expires_at?: string;
+    scopes: string[];
+    provider: string;
+    account: ProviderTokenAccount;
+} | {
+    status: 'action_required';
+    code: 'PROVIDER_LINK_REQUIRED' | 'PROVIDER_GRANT_REQUIRED' | 'PROVIDER_SCOPE_CONSENT_REQUIRED' | 'PROVIDER_REAUTH_REQUIRED' | string;
+    reauth_url: string;
+    missing_scopes: string[];
+    provider: string;
+};
 /**
  * Service API module for API key-based service-to-service operations.
  * Provides operations for managing users, subscriptions, and service configuration.
@@ -5148,6 +5236,11 @@ declare class ServiceApiModule {
      * @returns Service information
      */
     getServiceInfo(): Promise<ServiceApiInfo>;
+    /**
+     * Request a backend-only third-party provider access token for an AuthOS user.
+     * Requires `read:provider_tokens` or `read:provider_tokens:{provider}` on the API key.
+     */
+    requestProviderToken(request: ProviderTokenRequest): Promise<ProviderTokenResult>;
     /**
      * Create a new user
      * Requires 'write:users' permission on the API key
@@ -5994,4 +6087,4 @@ declare class SsoApiError extends Error {
     isNotFound(): boolean;
 }
-export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, type AuthContextRequest, type AuthContextResponse, AuthErrorCodes, AuthModule, type AuthOrganizationContext, type AuthServiceContext, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateRoleRequest, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateUpstreamProviderPayload, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserLoginEvent, type EndUserSession, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserRequest, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeoLocation, type GetAuditLogParams, type GetRiskSettingsResponse, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type MemberServiceAccess, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyActionResponse, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PlatformUser, type PlatformUserListResponse, type PromotePlatformOwnerPayload, type ProviderToken, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, type RiskAction, type RiskAssessment, type RiskEventResponse, type RiskEventsQuery, type RoleResponse, type RotateServiceSecretResponse, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type SelectOrganizationResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateMemberServiceAccessPayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateRoleRequest, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUpstreamProviderPayload, type UpdateUserProfilePayload, type UpdateWebhookRequest, type UpstreamProvider, type UpstreamProviderType, type User, type UserDevice, UserModule, type UserPasskey, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };
+export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, type AuthContextRequest, type AuthContextResponse, AuthErrorCodes, AuthModule, type AuthOrganizationContext, type AuthServiceContext, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type CompleteProviderTokenRequestPayload, type CompleteProviderTokenRequestResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateRoleRequest, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateUpstreamProviderPayload, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserLoginEvent, type EndUserSession, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserRequest, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeoLocation, type GetAuditLogParams, type GetRiskSettingsResponse, type GrantLinkedAccountRequest, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type LinkedAccount, type LinkedAccountGrant, type LinkedAccountsResponse, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type MemberServiceAccess, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyActionResponse, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PlatformUser, type PlatformUserListResponse, type PromotePlatformOwnerPayload, type ProviderDefinition, type ProviderToken, type ProviderTokenRequestDetails, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, type RiskAction, type RiskAssessment, type RiskEventResponse, type RiskEventsQuery, type RoleResponse, type RotateServiceSecretResponse, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type SelectOrganizationResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateMemberServiceAccessPayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateRoleRequest, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUpstreamProviderPayload, type UpdateUserProfilePayload, type UpdateWebhookRequest, type UpstreamProvider, type UpstreamProviderType, type User, type UserDevice, UserModule, type UserPasskey, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };

package/dist/index.d.ts CHANGED Viewed

@@ -519,6 +519,54 @@ interface Identity {
 interface StartLinkResponse {
     authorization_url: string;
 }
+interface ProviderDefinition {
+    provider: string;
+    display_name: string;
+    provider_type: string;
+    scopes: string[];
+    connect_supported: boolean;
+}
+interface LinkedAccountGrant {
+    id: string;
+    service_id: string;
+    scopes: string[];
+    granted_at: string;
+    last_used_at?: string;
+}
+interface LinkedAccount {
+    id: string;
+    provider: string;
+    provider_user_id: string;
+    email?: string;
+    display_name?: string;
+    scopes: string[];
+    expires_at?: string;
+    status: string;
+    grants: LinkedAccountGrant[];
+}
+interface LinkedAccountsResponse {
+    accounts: LinkedAccount[];
+    available_providers: ProviderDefinition[];
+}
+interface GrantLinkedAccountRequest {
+    service_id?: string;
+    scopes: string[];
+}
+interface ProviderTokenRequestDetails {
+    state: string;
+    provider: string;
+    requested_scopes: string[];
+    service_id: string;
+    service_name: string;
+    expires_at: string;
+    accounts: LinkedAccount[];
+}
+interface CompleteProviderTokenRequestPayload {
+    connected_account_id?: string;
+}
+interface CompleteProviderTokenRequestResponse {
+    redirect_url: string;
+}
 /**
  * Change password request payload
  */
@@ -1987,7 +2035,7 @@ interface UpdateRoleRequest {
 /**
  * Upstream Provider (Enterprise SSO) types
  */
-type UpstreamProviderType = 'oidc' | 'saml';
+type UpstreamProviderType = 'oidc' | 'oauth2' | 'saml';
 interface UpstreamProvider {
     id: string;
     org_id: string;
@@ -2637,6 +2685,18 @@ declare class IdentitiesModule {
      */
     unlink(provider: string): Promise<void>;
 }
+declare class LinkedAccountsModule {
+    private http;
+    constructor(http: HttpClient);
+    list(): Promise<LinkedAccountsResponse>;
+    startLink(provider: string): Promise<StartLinkResponse>;
+    grant(accountId: string, payload: GrantLinkedAccountRequest): Promise<LinkedAccountGrant>;
+    revokeGrant(accountId: string, serviceId: string): Promise<void>;
+    unlink(accountId: string): Promise<void>;
+    getProviderTokenRequest(state: string): Promise<ProviderTokenRequestDetails>;
+    completeProviderTokenRequest(state: string, payload?: CompleteProviderTokenRequestPayload): Promise<CompleteProviderTokenRequestResponse>;
+    startProviderTokenRequestLink(state: string): Promise<StartLinkResponse>;
+}
 /**
  * Multi-Factor Authentication (MFA) methods
  */
@@ -2809,6 +2869,7 @@ declare class DevicesModule {
 declare class UserModule {
     private http;
     readonly identities: IdentitiesModule;
+    readonly linkedAccounts: LinkedAccountsModule;
     readonly mfa: MfaModule;
     readonly devices: DevicesModule;
     constructor(http: HttpClient);
@@ -5065,6 +5126,33 @@ interface ServiceAnalytics {
     active_subscriptions: number;
     [key: string]: any;
 }
+interface ProviderTokenRequest {
+    user_id: string;
+    provider: string;
+    scopes?: string[];
+    redirect_uri?: string;
+    state?: string;
+}
+interface ProviderTokenAccount {
+    id: string;
+    provider_user_id: string;
+    email?: string;
+    display_name?: string;
+}
+type ProviderTokenResult = {
+    status: 'ok';
+    access_token: string;
+    expires_at?: string;
+    scopes: string[];
+    provider: string;
+    account: ProviderTokenAccount;
+} | {
+    status: 'action_required';
+    code: 'PROVIDER_LINK_REQUIRED' | 'PROVIDER_GRANT_REQUIRED' | 'PROVIDER_SCOPE_CONSENT_REQUIRED' | 'PROVIDER_REAUTH_REQUIRED' | string;
+    reauth_url: string;
+    missing_scopes: string[];
+    provider: string;
+};
 /**
  * Service API module for API key-based service-to-service operations.
  * Provides operations for managing users, subscriptions, and service configuration.
@@ -5148,6 +5236,11 @@ declare class ServiceApiModule {
      * @returns Service information
      */
     getServiceInfo(): Promise<ServiceApiInfo>;
+    /**
+     * Request a backend-only third-party provider access token for an AuthOS user.
+     * Requires `read:provider_tokens` or `read:provider_tokens:{provider}` on the API key.
+     */
+    requestProviderToken(request: ProviderTokenRequest): Promise<ProviderTokenResult>;
     /**
      * Create a new user
      * Requires 'write:users' permission on the API key
@@ -5994,4 +6087,4 @@ declare class SsoApiError extends Error {
     isNotFound(): boolean;
 }
-export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, type AuthContextRequest, type AuthContextResponse, AuthErrorCodes, AuthModule, type AuthOrganizationContext, type AuthServiceContext, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateRoleRequest, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateUpstreamProviderPayload, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserLoginEvent, type EndUserSession, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserRequest, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeoLocation, type GetAuditLogParams, type GetRiskSettingsResponse, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type MemberServiceAccess, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyActionResponse, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PlatformUser, type PlatformUserListResponse, type PromotePlatformOwnerPayload, type ProviderToken, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, type RiskAction, type RiskAssessment, type RiskEventResponse, type RiskEventsQuery, type RoleResponse, type RotateServiceSecretResponse, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type SelectOrganizationResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateMemberServiceAccessPayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateRoleRequest, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUpstreamProviderPayload, type UpdateUserProfilePayload, type UpdateWebhookRequest, type UpstreamProvider, type UpstreamProviderType, type User, type UserDevice, UserModule, type UserPasskey, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };
+export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, type AuthContextRequest, type AuthContextResponse, AuthErrorCodes, AuthModule, type AuthOrganizationContext, type AuthServiceContext, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type CompleteProviderTokenRequestPayload, type CompleteProviderTokenRequestResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateRoleRequest, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateUpstreamProviderPayload, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserLoginEvent, type EndUserSession, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserRequest, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeoLocation, type GetAuditLogParams, type GetRiskSettingsResponse, type GrantLinkedAccountRequest, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type LinkedAccount, type LinkedAccountGrant, type LinkedAccountsResponse, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type MemberServiceAccess, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyActionResponse, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PlatformUser, type PlatformUserListResponse, type PromotePlatformOwnerPayload, type ProviderDefinition, type ProviderToken, type ProviderTokenRequestDetails, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, type RiskAction, type RiskAssessment, type RiskEventResponse, type RiskEventsQuery, type RoleResponse, type RotateServiceSecretResponse, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type SelectOrganizationResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateMemberServiceAccessPayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateRoleRequest, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUpstreamProviderPayload, type UpdateUserProfilePayload, type UpdateWebhookRequest, type UpstreamProvider, type UpstreamProviderType, type User, type UserDevice, UserModule, type UserPasskey, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };

package/dist/index.js CHANGED Viewed

@@ -1092,6 +1092,41 @@ var IdentitiesModule = class {
     await this.http.delete(`/api/user/identities/${provider}`);
   }
 };
+var LinkedAccountsModule = class {
+  constructor(http) {
+    this.http = http;
+  }
+  async list() {
+    const response = await this.http.get("/api/user/linked-accounts");
+    return response.data;
+  }
+  async startLink(provider) {
+    const response = await this.http.post(`/api/user/linked-accounts/${provider}/link`, {});
+    return response.data;
+  }
+  async grant(accountId, payload) {
+    const response = await this.http.post(`/api/user/linked-accounts/${accountId}/grants`, payload);
+    return response.data;
+  }
+  async revokeGrant(accountId, serviceId) {
+    await this.http.delete(`/api/user/linked-accounts/${accountId}/grants/${serviceId}`);
+  }
+  async unlink(accountId) {
+    await this.http.delete(`/api/user/linked-accounts/${accountId}`);
+  }
+  async getProviderTokenRequest(state) {
+    const response = await this.http.get(`/api/user/provider-token-requests/${state}`);
+    return response.data;
+  }
+  async completeProviderTokenRequest(state, payload = {}) {
+    const response = await this.http.post(`/api/user/provider-token-requests/${state}/complete`, payload);
+    return response.data;
+  }
+  async startProviderTokenRequestLink(state) {
+    const response = await this.http.post(`/api/user/provider-token-requests/${state}/link`, {});
+    return response.data;
+  }
+};
 var MfaModule = class {
   constructor(http) {
     this.http = http;
@@ -1293,6 +1328,7 @@ var UserModule = class {
   constructor(http) {
     this.http = http;
     this.identities = new IdentitiesModule(http);
+    this.linkedAccounts = new LinkedAccountsModule(http);
     this.mfa = new MfaModule(http);
     this.devices = new DevicesModule(http);
   }
@@ -4063,6 +4099,17 @@ var ServiceApiModule = class {
     const response = await this.http.get("/api/service/info");
     return response.data;
   }
+  /**
+   * Request a backend-only third-party provider access token for an AuthOS user.
+   * Requires `read:provider_tokens` or `read:provider_tokens:{provider}` on the API key.
+   */
+  async requestProviderToken(request) {
+    const response = await this.http.post("/api/service/provider-tokens", {
+      ...request,
+      scopes: request.scopes ?? []
+    });
+    return response.data;
+  }
   /**
    * Create a new user
    * Requires 'write:users' permission on the API key

package/dist/index.mjs CHANGED Viewed

@@ -1051,6 +1051,41 @@ var IdentitiesModule = class {
     await this.http.delete(`/api/user/identities/${provider}`);
   }
 };
+var LinkedAccountsModule = class {
+  constructor(http) {
+    this.http = http;
+  }
+  async list() {
+    const response = await this.http.get("/api/user/linked-accounts");
+    return response.data;
+  }
+  async startLink(provider) {
+    const response = await this.http.post(`/api/user/linked-accounts/${provider}/link`, {});
+    return response.data;
+  }
+  async grant(accountId, payload) {
+    const response = await this.http.post(`/api/user/linked-accounts/${accountId}/grants`, payload);
+    return response.data;
+  }
+  async revokeGrant(accountId, serviceId) {
+    await this.http.delete(`/api/user/linked-accounts/${accountId}/grants/${serviceId}`);
+  }
+  async unlink(accountId) {
+    await this.http.delete(`/api/user/linked-accounts/${accountId}`);
+  }
+  async getProviderTokenRequest(state) {
+    const response = await this.http.get(`/api/user/provider-token-requests/${state}`);
+    return response.data;
+  }
+  async completeProviderTokenRequest(state, payload = {}) {
+    const response = await this.http.post(`/api/user/provider-token-requests/${state}/complete`, payload);
+    return response.data;
+  }
+  async startProviderTokenRequestLink(state) {
+    const response = await this.http.post(`/api/user/provider-token-requests/${state}/link`, {});
+    return response.data;
+  }
+};
 var MfaModule = class {
   constructor(http) {
     this.http = http;
@@ -1252,6 +1287,7 @@ var UserModule = class {
   constructor(http) {
     this.http = http;
     this.identities = new IdentitiesModule(http);
+    this.linkedAccounts = new LinkedAccountsModule(http);
     this.mfa = new MfaModule(http);
     this.devices = new DevicesModule(http);
   }
@@ -4022,6 +4058,17 @@ var ServiceApiModule = class {
     const response = await this.http.get("/api/service/info");
     return response.data;
   }
+  /**
+   * Request a backend-only third-party provider access token for an AuthOS user.
+   * Requires `read:provider_tokens` or `read:provider_tokens:{provider}` on the API key.
+   */
+  async requestProviderToken(request) {
+    const response = await this.http.post("/api/service/provider-tokens", {
+      ...request,
+      scopes: request.scopes ?? []
+    });
+    return response.data;
+  }
   /**
    * Create a new user
    * Requires 'write:users' permission on the API key

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@drmhse/sso-sdk",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "Zero-dependency TypeScript SDK for AuthOS, the multi-tenant authentication platform",
   "main": "dist/index.js",
   "module": "dist/index.mjs",