@edcalderon/auth 1.0.2 → 1.1.0

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [1.0.3] - 2026-03-01
+
+### Fixed
+
+- 🐛 Updated import from `@ed/auth` (old internal alias) to `@edcalderon/auth` in dashboard consumer
+- 📝 Added `update-readme` script — uses `versioning update-readme` to keep README in sync with CHANGELOG
+- 🔄 Versioning package used as dev dependency for README maintenance
+
 ## [1.0.2] - 2026-03-01
 
 ### Fixed

package/README.md

@@ -8,15 +8,13 @@ A universal, **provider-agnostic** authentication orchestration package for Reac
 
 ---
 
-## 📋 Latest Changes (v1.0.0)
+## 📋 Latest Changes (v1.0.3)
 
-### Initial Release
+### Fixed
 
-- ✨ Provider-agnostic `AuthClient` interface
-- 🔌 Built-in adapters: **Supabase**, **Firebase**, **Hybrid** (Firebase→Supabase)
-- ⚛️ React `AuthProvider` context and `useAuth` hook
-- 🛡️ Unified `User` type across all providers
-- 🔑 Session token access via `getSessionToken()`
+- 🐛 Updated import from `@ed/auth` (old internal alias) to `@edcalderon/auth` in dashboard consumer
+- 📝 Added `update-readme` script — uses `versioning update-readme` to keep README in sync with CHANGELOG
+- 🔄 Versioning package used as dev dependency for README maintenance
 
 For full version history, see [CHANGELOG.md](./CHANGELOG.md) and [GitHub releases](https://github.com/edcalderon/my-second-brain/releases)
 
@@ -30,20 +28,15 @@ The package follows a **Single Source of Truth** model with a **Federated OAuth
 - **OAuth / Identity Providers**: External services (Firebase, Directus, native Google OAuth, Auth0, etc.) handle frontend login bridges or federated SSO flows.
 - **The Orchestrator (`@edcalderon/auth`)**: A thin bridge layer that exposes generic interfaces (`User`, `AuthClient`). Applications consume a unified context without coupling to any specific vendor.
 
-```mermaid
-graph TD
-    UI[Frontend Applications] -->|useAuth| EdAuth["@edcalderon/auth"]
-    EdAuth -->|Direct Session| Supabase(Supabase)
-    EdAuth -->|Federated Bridge| Firebase(Firebase OAuth)
-    EdAuth -->|Custom Adapter| Directus(Directus SSO)
-    EdAuth -->|Custom Adapter| Custom(Auth0 / Custom)
-
-    Firebase -->|Sync Session| Supabase
-    Directus -->|Sync Session| Supabase
-
-    Supabase -->|Roles & Scopes| DB[(PostgreSQL)]
-```
+**Architecture Flow:**
 
+1. **Frontend Applications** `=>` consume **`@edcalderon/auth`** via `useAuth()`
+2. **`@edcalderon/auth`** orchestrates the adapters:
+   - `=>` **Supabase Adapter** (Direct Session)
+   - `=>` **Hybrid Bridge** (Firebase OAuth + Supabase Session)
+   - `=>` **Custom Adapters** (e.g. Directus SSO, Auth0)
+3. **Identity Providers** (Firebase/Directus) `=>` Sync Session to **Supabase**
+4. **Supabase** `=>` Manages Roles & Scopes in the **PostgreSQL** Database
 ---
 
 ## Features

package/dist/AuthProvider.d.ts

@@ -6,7 +6,9 @@ interface AuthContextValue {
     error: string | null;
     client: AuthClient;
     signInWithEmail: (email: string, password: string) => Promise<User>;
+    /** @deprecated Use signIn instead */
     signInWithGoogle: (redirectTo?: string) => Promise<void>;
+    signIn: (options: import('./types').SignInOptions) => Promise<void>;
     signOutUser: () => Promise<void>;
 }
 export declare function AuthProvider({ client, children }: {

package/dist/AuthProvider.js

@@ -60,6 +60,16 @@ export function AuthProvider({ client, children }) {
                 throw err;
             }
         },
+        signIn: async (options) => {
+            setError(null);
+            try {
+                await client.signIn(options);
+            }
+            catch (err) {
+                setError(err.message);
+                throw err;
+            }
+        },
         signOutUser: async () => {
             setError(null);
             try {

package/dist/index.d.ts

@@ -1,5 +1,7 @@
 export * from "./types";
-export * from "./providers/SupabaseClient";
-export * from "./providers/FirebaseClient";
-export * from "./providers/HybridClient";
 export * from "./AuthProvider";
+export * from "./providers/SupabaseClient";
+export * from "./providers/FirebaseWebClient";
+export { FirebaseWebClient as FirebaseClient } from "./providers/FirebaseWebClient";
+export * from "./providers/HybridWebClient";
+export { HybridWebClient as HybridClient } from "./providers/HybridWebClient";

package/dist/index.js

@@ -1,6 +1,10 @@
 export * from "./types";
-export * from "./providers/SupabaseClient";
-export * from "./providers/FirebaseClient";
-export * from "./providers/HybridClient";
 export * from "./AuthProvider";
+// Core exports the types and provider. Provider implementations are loaded from subpaths.
+// Maintain backwards compatibility exports for v1.1.x
+export * from "./providers/SupabaseClient";
+export * from "./providers/FirebaseWebClient";
+export { FirebaseWebClient as FirebaseClient } from "./providers/FirebaseWebClient";
+export * from "./providers/HybridWebClient";
+export { HybridWebClient as HybridClient } from "./providers/HybridWebClient";
 //# sourceMappingURL=index.js.map

package/dist/providers/FirebaseClient.d.ts

@@ -1,22 +1,2 @@
-import type { Auth } from "firebase/auth";
-import type { GoogleAuthProvider as GoogleAuthProviderType } from "firebase/auth";
-import { AuthClient, User } from "../types";
-export interface FirebaseMethods {
-    signInWithEmailAndPassword: any;
-    signInWithPopup: any;
-    signOut: any;
-    onAuthStateChanged: any;
-}
-export declare class FirebaseClient implements AuthClient {
-    private auth;
-    private methods;
-    private googleProvider;
-    constructor(auth: Auth, methods: FirebaseMethods, googleProvider: GoogleAuthProviderType);
-    private mapUser;
-    getUser(): Promise<User | null>;
-    signInWithEmail(email: string, password: string): Promise<User>;
-    signInWithGoogle(redirectTo?: string): Promise<void>;
-    signOut(): Promise<void>;
-    onAuthStateChange(callback: (user: User | null) => void): () => void;
-    getSessionToken(): Promise<string | null>;
-}
+export * from "./FirebaseWebClient";
+export { FirebaseWebClient as FirebaseClient } from "./FirebaseWebClient";

package/dist/providers/FirebaseClient.js

@@ -1,57 +1,4 @@
-export class FirebaseClient {
-    auth;
-    methods;
-    googleProvider;
-    constructor(auth, methods, googleProvider) {
-        this.auth = auth;
-        this.methods = methods;
-        this.googleProvider = googleProvider;
-    }
-    mapUser(user) {
-        if (!user)
-            return null;
-        return {
-            id: user.uid,
-            email: user.email || undefined,
-            avatarUrl: user.photoURL || undefined,
-            metadata: { displayName: user.displayName },
-        };
-    }
-    async getUser() {
-        if (this.auth.currentUser)
-            return this.mapUser(this.auth.currentUser);
-        return new Promise((resolve) => {
-            const unsubscribe = this.methods.onAuthStateChanged(this.auth, (user) => {
-                unsubscribe();
-                resolve(this.mapUser(user));
-            });
-        });
-    }
-    async signInWithEmail(email, password) {
-        const userCredential = await this.methods.signInWithEmailAndPassword(this.auth, email, password);
-        return this.mapUser(userCredential.user);
-    }
-    async signInWithGoogle(redirectTo) {
-        await this.methods.signInWithPopup(this.auth, this.googleProvider);
-    }
-    async signOut() {
-        await this.methods.signOut(this.auth);
-    }
-    onAuthStateChange(callback) {
-        const unsubscribe = this.methods.onAuthStateChanged(this.auth, (user) => {
-            callback(this.mapUser(user));
-        });
-        return () => unsubscribe();
-    }
-    async getSessionToken() {
-        if (!this.auth.currentUser)
-            return null;
-        try {
-            return await this.auth.currentUser.getIdToken();
-        }
-        catch {
-            return null;
-        }
-    }
-}
+// Backwards compatibility for v1.1
+export * from "./FirebaseWebClient";
+export { FirebaseWebClient as FirebaseClient } from "./FirebaseWebClient";
 //# sourceMappingURL=FirebaseClient.js.map

package/dist/providers/FirebaseNativeClient.d.ts

@@ -0,0 +1,36 @@
+import type { Auth, AuthCredential } from "firebase/auth";
+import { AuthClient, User, AuthRuntime, SignInOptions, AuthCapabilities } from "../types";
+export interface FirebaseNativeMethods {
+    signInWithEmailAndPassword: any;
+    signInWithCredential: any;
+    signOut: any;
+    onAuthStateChanged: any;
+}
+export interface FirebaseNativeClientOptions {
+    auth: Auth;
+    methods: FirebaseNativeMethods;
+    /**
+     * Callbacks that resolve an AuthCredential natively from a provider like Google or Apple
+     * e.g {"google": async (opts) => GoogleAuthProvider.credential(idToken)}
+     */
+    oauthHandlers?: Record<string, (options: SignInOptions) => Promise<AuthCredential>>;
+}
+export declare class FirebaseNativeClient implements AuthClient {
+    runtime: AuthRuntime;
+    private auth;
+    private methods;
+    private oauthHandlers;
+    constructor(options: FirebaseNativeClientOptions);
+    capabilities(): AuthCapabilities;
+    private mapUser;
+    getUser(): Promise<User | null>;
+    signInWithEmail(email: string, password: string): Promise<User>;
+    signIn(options: SignInOptions): Promise<void>;
+    /**
+     * @deprecated Config driven approach overrides this natively
+     */
+    signInWithGoogle(redirectTo?: string): Promise<void>;
+    signOut(): Promise<void>;
+    onAuthStateChange(callback: (user: User | null) => void): () => void;
+    getSessionToken(): Promise<string | null>;
+}

package/dist/providers/FirebaseNativeClient.js

@@ -0,0 +1,88 @@
+export class FirebaseNativeClient {
+    runtime = "native";
+    auth;
+    methods;
+    oauthHandlers;
+    constructor(options) {
+        this.auth = options.auth;
+        this.methods = options.methods;
+        this.oauthHandlers = options.oauthHandlers || {};
+    }
+    capabilities() {
+        return {
+            runtime: this.runtime,
+            supportedFlows: ["native"],
+        };
+    }
+    mapUser(user) {
+        if (!user)
+            return null;
+        return {
+            id: user.uid,
+            email: user.email || undefined,
+            avatarUrl: user.photoURL || undefined,
+            providerUserId: user.uid,
+            metadata: { displayName: user.displayName },
+        };
+    }
+    async getUser() {
+        if (this.auth.currentUser)
+            return this.mapUser(this.auth.currentUser);
+        return new Promise((resolve) => {
+            const unsubscribe = this.methods.onAuthStateChanged(this.auth, (user) => {
+                unsubscribe();
+                resolve(this.mapUser(user));
+            });
+        });
+    }
+    async signInWithEmail(email, password) {
+        try {
+            const userCredential = await this.methods.signInWithEmailAndPassword(this.auth, email, password);
+            return this.mapUser(userCredential.user);
+        }
+        catch (error) {
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        }
+    }
+    async signIn(options) {
+        const provider = options.provider || "google";
+        if (!this.oauthHandlers[provider]) {
+            throw new Error(`CONFIG_ERROR: No oauthHandler defined for provider '${provider}' on FirebaseNativeClient`);
+        }
+        try {
+            // Native specific handling
+            const credential = await this.oauthHandlers[provider](options);
+            await this.methods.signInWithCredential(this.auth, credential);
+        }
+        catch (error) {
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        }
+    }
+    /**
+     * @deprecated Config driven approach overrides this natively
+     */
+    async signInWithGoogle(redirectTo) {
+        console.warn("signInWithGoogle is deprecated in favor of the unified signIn(...) API.");
+        return this.signIn({ provider: "google", flow: "native" });
+    }
+    async signOut() {
+        await this.methods.signOut(this.auth);
+    }
+    onAuthStateChange(callback) {
+        const unsubscribe = this.methods.onAuthStateChanged(this.auth, (user) => {
+            callback(this.mapUser(user));
+        });
+        return () => unsubscribe();
+    }
+    async getSessionToken() {
+        if (!this.auth.currentUser)
+            return null;
+        try {
+            return await this.auth.currentUser.getIdToken();
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=FirebaseNativeClient.js.map

package/dist/providers/FirebaseWebClient.d.ts

@@ -0,0 +1,29 @@
+import type { Auth } from "firebase/auth";
+import type { GoogleAuthProvider as GoogleAuthProviderType } from "firebase/auth";
+import { AuthClient, User, AuthRuntime, SignInOptions, AuthCapabilities } from "../types";
+export interface FirebaseWebMethods {
+    signInWithEmailAndPassword: any;
+    signInWithPopup: any;
+    signInWithRedirect?: any;
+    signOut: any;
+    onAuthStateChanged: any;
+}
+export declare class FirebaseWebClient implements AuthClient {
+    private auth;
+    private methods;
+    private googleProvider;
+    runtime: AuthRuntime;
+    constructor(auth: Auth, methods: FirebaseWebMethods, googleProvider: GoogleAuthProviderType);
+    capabilities(): AuthCapabilities;
+    private mapUser;
+    getUser(): Promise<User | null>;
+    signInWithEmail(email: string, password: string): Promise<User>;
+    signIn(options: SignInOptions): Promise<void>;
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "popup" })` instead
+     */
+    signInWithGoogle(redirectTo?: string): Promise<void>;
+    signOut(): Promise<void>;
+    onAuthStateChange(callback: (user: User | null) => void): () => void;
+    getSessionToken(): Promise<string | null>;
+}

package/dist/providers/FirebaseWebClient.js

@@ -0,0 +1,90 @@
+export class FirebaseWebClient {
+    auth;
+    methods;
+    googleProvider;
+    runtime = "web";
+    constructor(auth, methods, googleProvider) {
+        this.auth = auth;
+        this.methods = methods;
+        this.googleProvider = googleProvider;
+    }
+    capabilities() {
+        return {
+            runtime: this.runtime,
+            supportedFlows: ["popup", "redirect"],
+        };
+    }
+    mapUser(user) {
+        if (!user)
+            return null;
+        return {
+            id: user.uid,
+            email: user.email || undefined,
+            avatarUrl: user.photoURL || undefined,
+            providerUserId: user.uid,
+            metadata: { displayName: user.displayName },
+        };
+    }
+    async getUser() {
+        if (this.auth.currentUser)
+            return this.mapUser(this.auth.currentUser);
+        return new Promise((resolve) => {
+            const unsubscribe = this.methods.onAuthStateChanged(this.auth, (user) => {
+                unsubscribe();
+                resolve(this.mapUser(user));
+            });
+        });
+    }
+    async signInWithEmail(email, password) {
+        try {
+            const userCredential = await this.methods.signInWithEmailAndPassword(this.auth, email, password);
+            return this.mapUser(userCredential.user);
+        }
+        catch (error) {
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        }
+    }
+    async signIn(options) {
+        if (options.provider !== "google") {
+            throw new Error("CONFIG_ERROR: Currently only Google is implemented natively in this web adapter example");
+        }
+        try {
+            if (options.flow === "redirect") {
+                await this.methods.signInWithRedirect(this.auth, this.googleProvider);
+            }
+            else {
+                await this.methods.signInWithPopup(this.auth, this.googleProvider);
+            }
+        }
+        catch (error) {
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        }
+    }
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "popup" })` instead
+     */
+    async signInWithGoogle(redirectTo) {
+        console.warn("signInWithGoogle is deprecated in favor of the unified signIn(...) API.");
+        return this.signIn({ provider: "google", flow: redirectTo ? "redirect" : "popup" });
+    }
+    async signOut() {
+        await this.methods.signOut(this.auth);
+    }
+    onAuthStateChange(callback) {
+        const unsubscribe = this.methods.onAuthStateChanged(this.auth, (user) => {
+            callback(this.mapUser(user));
+        });
+        return () => unsubscribe();
+    }
+    async getSessionToken() {
+        if (!this.auth.currentUser)
+            return null;
+        try {
+            return await this.auth.currentUser.getIdToken();
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=FirebaseWebClient.js.map

package/dist/providers/HybridClient.d.ts

@@ -1,29 +1,2 @@
-import type { SupabaseClient as SupabaseClientType } from "@supabase/supabase-js";
-import type { Auth } from "firebase/auth";
-import type { GoogleAuthProvider as GoogleAuthProviderType } from "firebase/auth";
-import { AuthClient, User } from "../types";
-export interface HybridFirebaseMethods {
-    signInWithPopup: any;
-    signOut: any;
-    credentialFromResult: any;
-}
-export interface HybridClientOptions {
-    supabase: SupabaseClientType;
-    firebaseAuth: Auth | null;
-    firebaseMethods: HybridFirebaseMethods | null;
-    googleProvider: GoogleAuthProviderType | null;
-}
-export declare class HybridClient implements AuthClient {
-    private supabase;
-    private firebaseAuth;
-    private methods;
-    private googleProvider;
-    constructor(options: HybridClientOptions);
-    private mapUser;
-    getUser(): Promise<User | null>;
-    signInWithEmail(email: string, password: string): Promise<User>;
-    signInWithGoogle(redirectTo?: string): Promise<void>;
-    signOut(): Promise<void>;
-    onAuthStateChange(callback: (user: User | null) => void): () => void;
-    getSessionToken(): Promise<string | null>;
-}
+export * from "./HybridWebClient";
+export { HybridWebClient as HybridClient } from "./HybridWebClient";

package/dist/providers/HybridClient.js

@@ -1,108 +1,4 @@
-export class HybridClient {
-    supabase;
-    firebaseAuth;
-    methods;
-    googleProvider;
-    constructor(options) {
-        this.supabase = options.supabase;
-        this.firebaseAuth = options.firebaseAuth;
-        this.methods = options.firebaseMethods;
-        this.googleProvider = options.googleProvider;
-    }
-    mapUser(user) {
-        if (!user)
-            return null;
-        return {
-            id: user.id,
-            email: user.email,
-            avatarUrl: user.user_metadata?.avatar_url || user.user_metadata?.picture,
-            provider: user.app_metadata?.provider || 'supabase',
-            metadata: user.user_metadata,
-        };
-    }
-    async getUser() {
-        const { data: { user }, error } = await this.supabase.auth.getUser();
-        if (error && error.message.includes("session"))
-            return null; // Safe fallback for unauthenticated
-        if (error)
-            throw error;
-        return this.mapUser(user);
-    }
-    async signInWithEmail(email, password) {
-        const { data, error } = await this.supabase.auth.signInWithPassword({
-            email,
-            password,
-        });
-        if (error)
-            throw error;
-        if (!data.user)
-            throw new Error("No user returned");
-        return this.mapUser(data.user);
-    }
-    async signInWithGoogle(redirectTo) {
-        if (!this.firebaseAuth || !this.methods || !this.googleProvider) {
-            console.warn("Firebase not configured, falling back to Supabase native OAuth");
-            const { error } = await this.supabase.auth.signInWithOAuth({
-                provider: "google",
-                options: {
-                    redirectTo: redirectTo || (typeof window !== "undefined" ? window.location.origin : undefined),
-                },
-            });
-            if (error)
-                throw error;
-            return;
-        }
-        try {
-            // Firebase Google Popup
-            const userCredential = await this.methods.signInWithPopup(this.firebaseAuth, this.googleProvider);
-            // Generate Google OIDC ID token
-            const credential = this.methods.credentialFromResult(userCredential);
-            const idToken = credential?.idToken;
-            if (!idToken)
-                throw new Error("No Google ID Token found in credential");
-            // Pass parallel ID Token directly into Supabase
-            const { error: supaError } = await this.supabase.auth.signInWithIdToken({
-                provider: 'google',
-                token: idToken,
-            });
-            if (supaError)
-                throw supaError;
-        }
-        catch (error) {
-            // Ensure if anything fails, we clean up the floating firebase session
-            if (this.firebaseAuth && this.methods) {
-                await this.methods.signOut(this.firebaseAuth).catch(() => { });
-            }
-            throw error;
-        }
-    }
-    async signOut() {
-        // Break both sessions parallel safely
-        if (this.firebaseAuth && this.methods) {
-            try {
-                await this.methods.signOut(this.firebaseAuth);
-            }
-            catch (e) {
-                console.error("Firebase signout error:", e);
-            }
-        }
-        const { error } = await this.supabase.auth.signOut();
-        if (error)
-            throw error;
-    }
-    onAuthStateChange(callback) {
-        const { data: { subscription } } = this.supabase.auth.onAuthStateChange((_event, session) => {
-            callback(this.mapUser(session?.user));
-        });
-        return () => {
-            subscription.unsubscribe();
-        };
-    }
-    async getSessionToken() {
-        const { data: { session }, error } = await this.supabase.auth.getSession();
-        if (error || !session)
-            return null;
-        return session.access_token;
-    }
-}
+// Backwards compatibility for v1.1
+export * from "./HybridWebClient";
+export { HybridWebClient as HybridClient } from "./HybridWebClient";
 //# sourceMappingURL=HybridClient.js.map

package/dist/providers/HybridNativeClient.d.ts

@@ -0,0 +1,40 @@
+import type { SupabaseClient as SupabaseClientType } from "@supabase/supabase-js";
+import type { Auth, AuthCredential } from "firebase/auth";
+import { AuthClient, User, AuthRuntime, SignInOptions, AuthCapabilities } from "../types";
+export interface HybridNativeFirebaseMethods {
+    signInWithCredential: any;
+    signOut: any;
+}
+export interface HybridNativeClientOptions {
+    supabase: SupabaseClientType;
+    firebaseAuth: Auth | null;
+    firebaseMethods: HybridNativeFirebaseMethods | null;
+    /**
+     * Handlers for launching native OAuth flows using expo-auth-session or similar.
+     * Takes SignInOptions and returns a Firebase AuthCredential AND the raw idToken
+     */
+    oauthHandlers?: Record<string, (options: SignInOptions) => Promise<{
+        credential: AuthCredential;
+        idToken: string;
+    }>>;
+}
+export declare class HybridNativeClient implements AuthClient {
+    runtime: AuthRuntime;
+    private supabase;
+    private firebaseAuth;
+    private methods;
+    private oauthHandlers;
+    constructor(options: HybridNativeClientOptions);
+    capabilities(): AuthCapabilities;
+    private mapUser;
+    getUser(): Promise<User | null>;
+    signInWithEmail(email: string, password: string): Promise<User>;
+    signIn(options: SignInOptions): Promise<void>;
+    /**
+     * @deprecated Config driven approach overrides this natively
+     */
+    signInWithGoogle(redirectTo?: string): Promise<void>;
+    signOut(): Promise<void>;
+    onAuthStateChange(callback: (user: User | null) => void): () => void;
+    getSessionToken(): Promise<string | null>;
+}

package/dist/providers/HybridNativeClient.js

@@ -0,0 +1,119 @@
+export class HybridNativeClient {
+    runtime = "native";
+    supabase;
+    firebaseAuth;
+    methods;
+    oauthHandlers;
+    constructor(options) {
+        this.supabase = options.supabase;
+        this.firebaseAuth = options.firebaseAuth;
+        this.methods = options.firebaseMethods;
+        this.oauthHandlers = options.oauthHandlers || {};
+    }
+    capabilities() {
+        return {
+            runtime: this.runtime,
+            supportedFlows: ["native"],
+        };
+    }
+    mapUser(user) {
+        if (!user)
+            return null;
+        return {
+            id: user.id,
+            email: user.email,
+            avatarUrl: user.user_metadata?.avatar_url || user.user_metadata?.picture,
+            provider: user.app_metadata?.provider || 'supabase',
+            metadata: user.user_metadata,
+        };
+    }
+    async getUser() {
+        const { data: { user }, error } = await this.supabase.auth.getUser();
+        if (error && error.message.includes("session"))
+            return null;
+        if (error)
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        return this.mapUser(user);
+    }
+    async signInWithEmail(email, password) {
+        const { data, error } = await this.supabase.auth.signInWithPassword({
+            email,
+            password,
+        });
+        if (error)
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        if (!data.user)
+            throw new Error("SESSION_ERROR: No user returned");
+        return this.mapUser(data.user);
+    }
+    async signIn(options) {
+        const provider = options.provider || "google";
+        // Pure Supabase route
+        if (!this.firebaseAuth || !this.methods || !this.oauthHandlers[provider]) {
+            console.warn(`Native OAuth via Hybrid fallback for '${provider}' targeting Supabase purely`);
+            const { error } = await this.supabase.auth.signInWithOAuth({
+                provider: provider,
+                options: {
+                    redirectTo: options.redirectUri,
+                    skipBrowserRedirect: options.flow === "native",
+                },
+            });
+            if (error)
+                throw new Error(`PROVIDER_ERROR: ${error.message}`);
+            return;
+        }
+        try {
+            // Firebase route for generation -> Sync to Supabase
+            const { credential, idToken } = await this.oauthHandlers[provider](options);
+            // Setup Firebase
+            await this.methods.signInWithCredential(this.firebaseAuth, credential);
+            if (!idToken)
+                throw new Error("SESSION_ERROR: No ID Token found to sync to Supabase");
+            const { error: supaError } = await this.supabase.auth.signInWithIdToken({
+                provider: provider,
+                token: idToken,
+            });
+            if (supaError)
+                throw new Error(`PROVIDER_ERROR: ${supaError.message}`);
+        }
+        catch (error) {
+            if (this.firebaseAuth && this.methods) {
+                await this.methods.signOut(this.firebaseAuth).catch(() => { });
+            }
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        }
+    }
+    /**
+     * @deprecated Config driven approach overrides this natively
+     */
+    async signInWithGoogle(redirectTo) {
+        console.warn("signInWithGoogle is deprecated in favor of the unified signIn(...) API.");
+        return this.signIn({ provider: "google", flow: "native", redirectUri: redirectTo });
+    }
+    async signOut() {
+        if (this.firebaseAuth && this.methods) {
+            try {
+                await this.methods.signOut(this.firebaseAuth);
+            }
+            catch (e) {
+                console.error("Firebase signout error:", e);
+            }
+        }
+        const { error } = await this.supabase.auth.signOut();
+        if (error)
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+    }
+    onAuthStateChange(callback) {
+        const { data: { subscription } } = this.supabase.auth.onAuthStateChange((_event, session) => {
+            callback(this.mapUser(session?.user));
+        });
+        return () => subscription.unsubscribe();
+    }
+    async getSessionToken() {
+        const { data: { session }, error } = await this.supabase.auth.getSession();
+        if (error || !session)
+            return null;
+        return session.access_token;
+    }
+}
+//# sourceMappingURL=HybridNativeClient.js.map

package/dist/providers/HybridWebClient.d.ts

@@ -0,0 +1,36 @@
+import type { SupabaseClient as SupabaseClientType } from "@supabase/supabase-js";
+import type { Auth } from "firebase/auth";
+import type { GoogleAuthProvider as GoogleAuthProviderType } from "firebase/auth";
+import { AuthClient, User, AuthRuntime, SignInOptions, AuthCapabilities } from "../types";
+export interface HybridWebFirebaseMethods {
+    signInWithPopup: any;
+    signInWithRedirect?: any;
+    signOut: any;
+    credentialFromResult: any;
+}
+export interface HybridWebClientOptions {
+    supabase: SupabaseClientType;
+    firebaseAuth: Auth | null;
+    firebaseMethods: HybridWebFirebaseMethods | null;
+    googleProvider: GoogleAuthProviderType | null;
+}
+export declare class HybridWebClient implements AuthClient {
+    runtime: AuthRuntime;
+    private supabase;
+    private firebaseAuth;
+    private methods;
+    private googleProvider;
+    constructor(options: HybridWebClientOptions);
+    capabilities(): AuthCapabilities;
+    private mapUser;
+    getUser(): Promise<User | null>;
+    signInWithEmail(email: string, password: string): Promise<User>;
+    signIn(options: SignInOptions): Promise<void>;
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "popup" })` instead
+     */
+    signInWithGoogle(redirectTo?: string): Promise<void>;
+    signOut(): Promise<void>;
+    onAuthStateChange(callback: (user: User | null) => void): () => void;
+    getSessionToken(): Promise<string | null>;
+}

package/dist/providers/HybridWebClient.js

@@ -0,0 +1,124 @@
+export class HybridWebClient {
+    runtime = "web";
+    supabase;
+    firebaseAuth;
+    methods;
+    googleProvider;
+    constructor(options) {
+        this.supabase = options.supabase;
+        this.firebaseAuth = options.firebaseAuth;
+        this.methods = options.firebaseMethods;
+        this.googleProvider = options.googleProvider;
+    }
+    capabilities() {
+        return {
+            runtime: this.runtime,
+            supportedFlows: ["popup", "redirect"],
+        };
+    }
+    mapUser(user) {
+        if (!user)
+            return null;
+        return {
+            id: user.id,
+            email: user.email,
+            avatarUrl: user.user_metadata?.avatar_url || user.user_metadata?.picture,
+            provider: user.app_metadata?.provider || 'supabase',
+            metadata: user.user_metadata,
+        };
+    }
+    async getUser() {
+        const { data: { user }, error } = await this.supabase.auth.getUser();
+        if (error && error.message.includes("session"))
+            return null;
+        if (error)
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        return this.mapUser(user);
+    }
+    async signInWithEmail(email, password) {
+        const { data, error } = await this.supabase.auth.signInWithPassword({
+            email,
+            password,
+        });
+        if (error)
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        if (!data.user)
+            throw new Error("SESSION_ERROR: No user returned");
+        return this.mapUser(data.user);
+    }
+    async signIn(options) {
+        const provider = options.provider || "google";
+        if (!this.firebaseAuth || !this.methods || !this.googleProvider) {
+            console.warn("Firebase not configured on Hybrid fallback, using Supabase pure auth");
+            const { error } = await this.supabase.auth.signInWithOAuth({
+                provider: provider,
+                options: {
+                    redirectTo: options.redirectUri || (typeof window !== "undefined" ? window.location.origin : undefined),
+                },
+            });
+            if (error)
+                throw new Error(`PROVIDER_ERROR: ${error.message}`);
+            return;
+        }
+        try {
+            let userCredential;
+            if (options.flow === "redirect") {
+                await this.methods.signInWithRedirect(this.firebaseAuth, this.googleProvider);
+                // In redirect flow, this acts differently (callback needs handling). Assuming popup for main.
+                return;
+            }
+            else {
+                userCredential = await this.methods.signInWithPopup(this.firebaseAuth, this.googleProvider);
+            }
+            const credential = this.methods.credentialFromResult(userCredential);
+            const idToken = credential?.idToken;
+            if (!idToken)
+                throw new Error("SESSION_ERROR: No Google ID Token found in credential");
+            const { error: supaError } = await this.supabase.auth.signInWithIdToken({
+                provider: provider,
+                token: idToken,
+            });
+            if (supaError)
+                throw new Error(`PROVIDER_ERROR: ${supaError.message}`);
+        }
+        catch (error) {
+            if (this.firebaseAuth && this.methods) {
+                await this.methods.signOut(this.firebaseAuth).catch(() => { });
+            }
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        }
+    }
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "popup" })` instead
+     */
+    async signInWithGoogle(redirectTo) {
+        console.warn("signInWithGoogle is deprecated in favor of the unified signIn(...) API.");
+        return this.signIn({ provider: "google", flow: redirectTo ? "redirect" : "popup", redirectUri: redirectTo });
+    }
+    async signOut() {
+        if (this.firebaseAuth && this.methods) {
+            try {
+                await this.methods.signOut(this.firebaseAuth);
+            }
+            catch (e) {
+                console.error("Firebase signout error:", e);
+            }
+        }
+        const { error } = await this.supabase.auth.signOut();
+        if (error)
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+    }
+    onAuthStateChange(callback) {
+        const { data: { subscription } } = this.supabase.auth.onAuthStateChange((_event, session) => {
+            callback(this.mapUser(session?.user));
+        });
+        return () => subscription.unsubscribe();
+    }
+    async getSessionToken() {
+        const { data: { session }, error } = await this.supabase.auth.getSession();
+        if (error || !session)
+            return null;
+        return session.access_token;
+    }
+}
+//# sourceMappingURL=HybridWebClient.js.map

package/dist/providers/SupabaseClient.d.ts

@@ -1,11 +1,21 @@
 import type { SupabaseClient as SupabaseClientType } from "@supabase/supabase-js";
-import { AuthClient, User } from "../types";
+import { AuthClient, User, AuthRuntime, SignInOptions, AuthCapabilities } from "../types";
+export interface SupabaseClientOptions {
+    supabase: SupabaseClientType;
+    runtime?: AuthRuntime;
+}
 export declare class SupabaseClient implements AuthClient {
+    runtime: AuthRuntime;
     private supabase;
-    constructor(supabase: SupabaseClientType);
+    constructor(options: SupabaseClientOptions | SupabaseClientType);
+    capabilities(): AuthCapabilities;
     private mapUser;
     getUser(): Promise<User | null>;
     signInWithEmail(email: string, password: string): Promise<User>;
+    signIn(options: SignInOptions): Promise<void>;
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "redirect", redirectUri })` instead
+     */
     signInWithGoogle(redirectTo?: string): Promise<void>;
     signOut(): Promise<void>;
     onAuthStateChange(callback: (user: User | null) => void): () => void;

package/dist/providers/SupabaseClient.js

@@ -1,7 +1,23 @@
 export class SupabaseClient {
+    runtime;
     supabase;
-    constructor(supabase) {
-        this.supabase = supabase;
+    constructor(options) {
+        // Handle backwards compatibility where just the client was passed
+        if ('auth' in options && !('supabase' in options)) {
+            this.supabase = options;
+            this.runtime = typeof window !== "undefined" ? "web" : "native"; // Best guess
+        }
+        else {
+            const opts = options;
+            this.supabase = opts.supabase;
+            this.runtime = opts.runtime || (typeof window !== "undefined" ? "web" : "native");
+        }
+    }
+    capabilities() {
+        return {
+            runtime: this.runtime,
+            supportedFlows: this.runtime === "web" ? ["redirect"] : ["native", "redirect"],
+        };
     }
     mapUser(user) {
         if (!user)
@@ -11,13 +27,14 @@ export class SupabaseClient {
             email: user.email,
             avatarUrl: user.user_metadata?.avatar_url,
             provider: user.app_metadata?.provider,
+            providerUserId: user.app_metadata?.provider_id || user.user_metadata?.provider_id,
             metadata: user.user_metadata,
         };
     }
     async getUser() {
         const { data: { user }, error } = await this.supabase.auth.getUser();
         if (error)
-            throw error;
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
         return this.mapUser(user);
     }
     async signInWithEmail(email, password) {
@@ -26,25 +43,43 @@ export class SupabaseClient {
             password,
         });
         if (error)
-            throw error;
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
         if (!data.user)
-            throw new Error("No user returned");
+            throw new Error("SESSION_ERROR: No user returned");
         return this.mapUser(data.user);
     }
-    async signInWithGoogle(redirectTo) {
-        const { error } = await this.supabase.auth.signInWithOAuth({
-            provider: "google",
+    async signIn(options) {
+        if (!options.provider) {
+            throw new Error("CONFIG_ERROR: options.provider is required for Supabase OAuth");
+        }
+        let redirectTo = options.redirectUri;
+        // Apply web assumption ONLY if strictly web
+        if (!redirectTo && this.runtime === "web" && typeof window !== "undefined") {
+            redirectTo = window.location.origin;
+        }
+        const { data, error } = await this.supabase.auth.signInWithOAuth({
+            provider: options.provider,
             options: {
-                redirectTo: redirectTo || (typeof window !== "undefined" ? window.location.origin : undefined),
+                redirectTo,
+                skipBrowserRedirect: options.flow === "native",
             },
         });
         if (error)
-            throw error;
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
+        // Return native callback URLs if strictly native flow without skipBrowserRedirect etc...
+        // For Expo users relying on deep-links, `skipBrowserRedirect` makes it return the URL to launch instead of redirecting the page.
+    }
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "redirect", redirectUri })` instead
+     */
+    async signInWithGoogle(redirectTo) {
+        console.warn("signInWithGoogle is deprecated in favor of the unified signIn(...) API.");
+        return this.signIn({ provider: "google", flow: "redirect", redirectUri: redirectTo });
     }
     async signOut() {
         const { error } = await this.supabase.auth.signOut();
         if (error)
-            throw error;
+            throw new Error(`PROVIDER_ERROR: ${error.message}`);
     }
     onAuthStateChange(callback) {
         const { data: { subscription } } = this.supabase.auth.onAuthStateChange((_event, session) => {

package/dist/types.d.ts

@@ -1,15 +1,35 @@
+export type AuthRuntime = "web" | "native" | "server";
+export type OAuthFlow = "popup" | "redirect" | "native";
+export interface SignInOptions {
+    provider?: "google" | "apple" | "github" | string;
+    flow?: OAuthFlow;
+    redirectUri?: string;
+}
+export type AuthErrorCode = "CONFIG_ERROR" | "UNSUPPORTED_FLOW" | "NETWORK_ERROR" | "PROVIDER_ERROR" | "SESSION_ERROR";
 export interface User {
     id: string;
     email?: string;
     avatarUrl?: string;
     provider?: string;
+    providerUserId?: string;
+    roles?: string[];
     metadata?: Record<string, any>;
 }
+export interface AuthCapabilities {
+    runtime: AuthRuntime;
+    supportedFlows: OAuthFlow[];
+}
 export interface AuthClient {
+    runtime: AuthRuntime;
     getUser(): Promise<User | null>;
     signInWithEmail(email: string, password: string): Promise<User>;
+    /**
+     * @deprecated Use `signIn({ provider: "google", flow: "popup" | "redirect" })` instead
+     */
     signInWithGoogle(redirectTo?: string): Promise<void>;
+    signIn(options: SignInOptions): Promise<void>;
     signOut(): Promise<void>;
     onAuthStateChange(callback: (user: User | null) => void): () => void;
     getSessionToken(): Promise<string | null>;
+    capabilities(): AuthCapabilities;
 }

package/package.json

@@ -1,13 +1,49 @@
 {
   "name": "@edcalderon/auth",
-  "version": "1.0.2",
-  "description": "A universal, provider-agnostic authentication orchestration package with extensible adapters for Supabase, Firebase, Directus, and custom OAuth providers",
+  "version": "1.1.0",
+  "description": "A universal, provider-agnostic authentication package (Web + Next.js + Expo/React Native)",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js",
+      "react-native": "./dist/index.js"
+    },
+    "./supabase": {
+      "types": "./dist/providers/SupabaseClient.d.ts",
+      "import": "./dist/providers/SupabaseClient.js",
+      "require": "./dist/providers/SupabaseClient.js",
+      "react-native": "./dist/providers/SupabaseClient.js"
+    },
+    "./firebase-web": {
+      "types": "./dist/providers/FirebaseWebClient.d.ts",
+      "import": "./dist/providers/FirebaseWebClient.js",
+      "require": "./dist/providers/FirebaseWebClient.js"
+    },
+    "./firebase-native": {
+      "types": "./dist/providers/FirebaseNativeClient.d.ts",
+      "import": "./dist/providers/FirebaseNativeClient.js",
+      "react-native": "./dist/providers/FirebaseNativeClient.js"
+    },
+    "./hybrid-web": {
+      "types": "./dist/providers/HybridWebClient.d.ts",
+      "import": "./dist/providers/HybridWebClient.js",
+      "require": "./dist/providers/HybridWebClient.js"
+    },
+    "./hybrid-native": {
+      "types": "./dist/providers/HybridNativeClient.d.ts",
+      "import": "./dist/providers/HybridNativeClient.js",
+      "react-native": "./dist/providers/HybridNativeClient.js"
+    }
+  },
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "sideEffects": false,
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "update-readme": "versioning update-readme"
   },
   "keywords": [
     "auth",
@@ -18,7 +54,9 @@
     "directus",
     "provider-agnostic",
     "react",
-    "sso"
+    "sso",
+    "expo",
+    "react-native"
   ],
   "author": "Edward",
   "license": "MIT",
@@ -34,7 +72,8 @@
     "@supabase/supabase-js": "^2.0.0",
     "firebase": "^10.0.0 || ^11.0.0 || ^12.0.0",
     "react": "^18.0.0 || ^19.0.0",
-    "react-dom": "^18.0.0 || ^19.0.0"
+    "react-dom": "^18.0.0 || ^19.0.0",
+    "react-native": "*"
   },
   "peerDependenciesMeta": {
     "@supabase/supabase-js": {
@@ -42,6 +81,12 @@
     },
     "firebase": {
       "optional": true
+    },
+    "react-dom": {
+      "optional": true
+    },
+    "react-native": {
+      "optional": true
     }
   },
   "devDependencies": {